Chapter3 Flashcards

Question 1

Q

Which of the following is the term usually applied to a representation of network devices, automatically compiled, and containing information such as IP addresses and connection speeds?
Network map
Network diagram
Cable diagram
Management information base

Answer

A

A. A network map is a depiction of network devices, not drawn to scale, with additional information added, such as IP addresses and link speeds. In most cases, network maps are automatically created by a software product, such as Nmap, that scans the network and creates a display from the information it discovers. The term network diagram is most often used to refer to a manually created document containing pictograms of network devices, with lines representing the connections between them. The diagram might be roughly similar to the actual layout of the site, but it is usually not drawn to scale. A cable diagram is a precise depiction of the cable runs installed in a site. Often drawn on an architect’s plan or blueprint, the cable diagram enables network administrators to locate specific cables and troubleshoot connectivity problems. A management information base (MIB) is a component of an SNMP-based network management system that contains information about only one device; it does not depict all of the devices on the network.

Question 2

Q

Which of the following types of network documentation is often overlaid on an architectural drawing or blueprint?
Network map
Network diagram
Cable diagram
Management information base

Answer

A

C. A cable diagram is a precise depiction of the cable runs installed in a site. Often drawn on an architect’s plan or blueprint, the cable diagram enables network administrators to locate specific cables and troubleshoot connectivity problems. A network map is a depiction of network devices, not drawn to scale, with additional information added, such as IP addresses and link speeds. In most cases, network maps are automatically created by a software product, such as Nmap, that scans the network and creates a display from the information it discovers. The term network diagram is most often used to refer to a manually created document containing pictograms of network devices, with lines representing the connections between them. The diagram might be roughly similar to the actual layout of the site, but it is usually not drawn to scale. A management information base (MIB) is a component of an SNMP-based network management system that contains information about only one device; it does not depict all of the devices on the network.

Question 3

Q

Which of the following is not one of the typical heights for devices mounted in IT equipment racks?
1 unit
2 units
3 units
4 units

Answer

A

C. Devices designed to fit into IT equipment racks typically have heights measured in units. One unit equals 1.75 inches. Most rack-mounted devices are one (1U), two (2U), or four units (4U) tall.

Question 4

Q

The cable plant for your company network was installed several years ago by an outside contractor. Now, some of the paper labels have fallen off your patch panels, and you do not know which wall plate is connected to each port. Assuming that you are working on a properly maintained and documented network installation, which of the following is the easiest way to determine which port is connected to which wall plate?
Consult the cable diagram provided by the cabling contractor at the time of the installation.
Call the cable installation contractor and see if he or she can remember which ports go with which wall plates.
Attach a tone generator to a patch panel port and then test each wall plate with a locator until you find the correct one. Repeat for each port that needs labeling.
Use a cable certifier to locate the patch panel port associated with each wall plate port.

Answer

A

A. A reputable cable installer should supply a cable diagram that indicates the locations of all the cable runs on a plan or blueprint of the site. You should be able to use this to determine which ports go with which wall plates. A busy cable installer is unlikely to remember specific details about an installation performed years ago. Using a tone generator and locator is an effective way to associate ports and wall plates, but it can be incredibly time-consuming and is certainly not the easiest method. A cable certifier can test the cable run for faults, measure its length, and perform other tests, but it cannot specify which wall plate goes with which port, unless you entered that information yourself earlier.

Question 5

Q

Which of the following IT asset management documents published by the International Organization for Standardization (ISO) defines a standard for software identification tags (SWIDs) containing inventory information about the software running on a computer or other device?
ISO 19770-1
ISO 19770-2
ISO 19770-3
ISO 19770-4
ISO 19770-5

Answer

A

B. ISO 19770 is a family of IT asset management (ITAM) standards that defines procedures and technology for the management of software and related assets in a corporate infrastructure. ISO 19770-2 defines the creation and use of SWID tags, which are XML files containing management and identification information about a specific software product. The other standards define other ITAM elements, such as compliance with corporate governance (ISO 19770-1) and resource utilization measurement (ISO 19770-4).

Question 6

Q

Which of the following are places where network wiring connections are found? (Choose all correct answers.)
MDF
MTBF
IDF
RDP

Answer

A

A and C. A large enterprise network will—at minimum—have demarcation points for telephone services and a connection to an Internet service provider’s network. In many cases, these services will enter the building in the same equipment room that houses the backbone switch. This room is then called the main distribution frame (MDF). An intermediate distribution frame (IDF) is the location of localized telecommunications equipment such as the interface between the horizontal cabling and the backbone. Mean Time Between Failures (MTBF) and Remote Desktop Protocol (RDP) are not locations of network wiring.

Question 7

Q

A rack diagram is typically ruled vertically using which of the following measurements?
Inches
Centimeters
Units
Grids

Answer

A

C. Rack diagrams use vertical measurement called units, each of which is 1.75 inches. Most rack-mounted devices are one (1U), two (2U), or four units (4U) tall.

Question 8

Q

In a standard Cisco network diagram, what component does the symbol in the figure represent?
Diagram shows three-dimensional square box on which four arrows are drawn in red. Each pair of these four arrows points towards opposite direction.
A switch
A router
A hub
A gateway

Answer

A

A. The diagram symbol shown in the figure represents a network switch. It is not a router, a hub, or a gateway.

Question 9

Q

Which of the following statements about the differences between a diagram of a patch panel installation organized physically and one that is organized logically are true? (Choose all correct answers.)
A physical diagram is organized according to the floors and rooms where the cable drops are located.
A physical diagram is precisely scaled to represent the actual patch panel hardware.
A logical diagram is organized according to the divisions within the company, such as departments and workgroups.
A logical diagram uses an organization that represents company divisions but does not physically resemble the actual patch panels.

Answer

A

A and C. A physical diagram, in this case, represents the actual physical locations of the cable drops connected to the patch panels. A logical diagram uses artificial division that corresponds to the organization of the company.

Question 10

Q

A diagram of a telecommunications room or intermediate distribution frame (IDF) for an office building is typically based on which of the following?
A hand-drawn sketch
A series of photographs
An architect’s plan
A 3D model

Answer

A

C. IDF diagrams should be based on an architect’s plan whenever possible so that actual lengths and locations of cable runs can be documented. In situations where an architect’s plan is not available, a detailed sketch, drawn to scale, can be acceptable. Photographs and models are impractical for this purpose.

Question 11

Q

The documentation for main distribution frames (MDFs) and intermediate distribution frames (IDFs) should incorporate details on which of the following elements? (Choose all correct answers.)
Power
Environment
Distances
Costs

Answer

A

A, B, and C. MDF and IDF documentation should take into account the power sources available at the locations, the environmental equipment needed to keep the temperature and humidity levels under control, and the distances that the cable runs must span. This type of documentation is typically used for installation and troubleshooting purposes, so the costs of components and services are unnecessary and can be dealt with elsewhere.

Question 12

Q

Which of the following, originally created for the UNIX sendmail program, is now a standard for message logging that enables tools that generate, store, and analyze log information to work together?
Syslog
Netmon
Netstat
Top

Answer

A

A. Syslog is a standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail SMTP server, across an IP network to a message collector, called a syslog server. Network Monitor (Netmon) is a protocol analyzer. Netstat is a program that displays status information about a system’s network connections. Top is a utility to display system processes. None of these provide logging services.

Question 13

Q

At what point in the installation process should patch panel ports and wall plates be labeled?
When the patch panels and wall plates are installed
When a length of cable is cut from the spool
When the cables are attached to the connectors
When the cable runs are tested, immediately after their installation

Answer

A

C. Patch panel ports and wall plates should be labeled when the cable runs are attached to them. Labeling them at any earlier time can result in cable runs being connected incorrectly.

Question 14

Q

Which of the following is the term used to describe a wiring nexus that typically the termination point for incoming telephone and wide area network (WAN) services?
MDF
MTBF
IDF
RDP

Answer

A

A. A large enterprise network will—at minimum—have demarcation points for telephone services and a connection to an Internet service provider’s network. In many cases, these services will enter the building in the same equipment room that houses the backbone switch. This room is then called the main distribution frame (MDF). An intermediate distribution frame (IDF) is the location of localized telecommunications equipment such as the interface between the horizontal cabling and the backbone. Mean Time Between Failures (MTBF) and Remote Desktop Protocol (RDP) are not locations of network wiring.

Question 15

Q

our department is experiencing frequent delays as users wait for images to render using their outdated graphics software package. As a result, you are planning to submit a change request for a new software product at the monthly meeting of the company’s change management team. Which of the following types of information are likely to be included in your request? (Choose all correct answers.)
The possibility of rolling back to the previous software, if necessary
The procedure for installing and configuring the new software
An estimate of the productivity increase realizable with the new software
A list of software and hardware upgrades or modifications needed to run the new software

Answer

A

A, B, C, and D. A change management team typically requires thorough documentation for all requested changes, specifying exactly what is needed; how the change will affect the current workflow, both to the direct recipients of the change and the rest of the organization; and what ramifications might come from the change.

Question 16

Q

A rack diagram is typically ruled into vertical rack units, which are standard-sized divisions that hardware manufacturers use when manufacturing rack-mountable components. Which of the following is the standard vertical height of a single rack unit?
1.721 inches
1.75 inches
40 mm
3.5 inches

Answer

A

B. A single rack unit is 1.75 inches, or 44.5 mm. Option A, 1.721 inches, is the height used for many components that are one rack unit tall, leaving a small space between components for easy insertion and removal.

Question 17

Q

The change request for new graphics software that you submitted to your company’s change management team has been approved. Now it is time to implement the change. Which of the following administrative tasks will most likely be the change management team’s responsibility during the implementation process? (Choose all correct answers.)
Authorizing downtime
Notifying users
Designating a maintenance window
Documenting all modifications made

Answer

A

A and C. The change management team is usually not responsible for tasks directly involved in the implementation of the changes they approve. Therefore, they would not be the ones to notify users exactly when the change will take place or document the procedure afterward. They would, however, be responsible for providing a maintenance window, during which the change must occur, and authorizing any downtime that would be needed.

Question 18

Q

Which of the following log types is the first place that an administrator should look for information about a server’s activities?
System log
Setup log
Application log
Security log

Answer

A

A. System logs document the server’s startup activities and the ongoing status of its services and device drivers and services. When a problem occurs or the server’s status changes, the system logs can provide information about what happened and when.

Question 19

Q

Which of the following Windows applications would you most likely use to create a baseline of system or network performance?
Performance Monitor
Event Viewer
Syslog
Network Monitor

Answer

A

A. Performance Monitor is a Windows application that can create logs of specific system and network performance statistics over extended periods. Such a log created on a new computer can function as a baseline for future troubleshooting. Event Viewer is a Windows application for displaying system log files; it cannot create a performance baseline. Syslog is a log compilation program originally created for Unix systems; it does not create performance baselines. Network Monitor is a protocol analyzer. Although it can capture a traffic sample that can function as a reference for future troubleshooting efforts, this ability cannot be called a performance baseline.

Question 20

Q

Which of the following IT asset management documents published by the International Organization for Standardization (ISO) provides an overview of the ITAM concepts discussed in the ISO 19770 family of standards?
ISO 19770-1
ISO 19770-2
ISO 19770-3
ISO 19770-4
ISO 19770-5

Answer

A

E. ISO 19770 is a family of IT asset management (ITAM) standards that defines procedures and technology for the management of software and related assets in a corporate infrastructure. ISO 19770-5 provides a general overview of the functions provided by the standards and their benefits to an IT infrastructure.
The other standards define other ITAM elements, such as compliance with corporate governance (ISO 19770-1), creation and use of software ID (SWID) tags (ISO 19770-2), and resource utilization measurement (ISO 19770-4).

Question 21

Q

A rack-mounted device that is four units tall will be approximately what height in inches?
1.75
3.5
4
7

Answer

A

D. The standard unit height for IT equipment racks is 1.75 inches, which is the equivalent of one unit. Four units would therefore be 7 inches.

Question 22

Q

Which of the following types of documentation should indicate the complete route of every internal cable run from wall plate to patch panel?
Physical network diagram
Asset management
Logical network diagram
Wiring schematic

Answer

A

D. The main purpose of a wiring schematic is to indicate where cables are located in walls and ceilings. A physical network diagram identifies all of the physical devices and how they connect together. Asset management is the identification, documentation, and tracking of all network assets, including computers, routers, switches, and so on. A logical network diagram contains addresses, firewall configurations, access control lists, and other logical elements of the network configuration.

Question 23

Q

Which of the following statements about physical network diagrams and logical network diagrams are true? (Choose all correct answers.)
A physical network diagram is created automatically, and a logical network diagram is created manually.
A physical network diagram depicts hardware devices and the connections between them.
A logical network diagram contains all of the information you would need to rebuild your network from scratch.
A logical network diagram typically contains the IP addresses of network devices.

Answer

A

B and D. A physical network diagram identifies all of the physical devices and how they connect together. A logical network diagram contains IP addresses, firewall configurations, access control lists, and other logical elements of the network configuration. Both physical and logical network diagrams can be created automatically or manually. It is the physical network diagram that contains the information needed to rebuild the network from scratch.

Question 24

Q

In a standard Cisco network diagram, what component does the symbol in the figure represent?
Diagram shows three-dimensional circle box on which four arrows are drawn in red. Two arrows points towards center from outside while two other arrows points towards outside from center.
A switch
A router
A hub
A gateway
https://www.google.com/imgres?imgurl=https%3A%2F%2Fwww.clipartmax.com%2Fpng%2Fmiddle%2F44-447054_router-visio-cisco-router-icon.png&imgrefurl=https%3A%2F%2Fwww.clipartmax.com%2Fmiddle%2Fm2i8H7i8m2A0b1d3_router-visio-cisco-router-icon%2F&tbnid=TxLdvorvyJvR2M&vet=12ahUKEwjv3ZCNv830AhUS76wKHbxBDXcQMygTegUIARCHAg..i&docid=uIFZVsfU-hTdFM&w=840&h=407&q=router%20icon&client=safari&ved=2ahUKEwjv3ZCNv830AhUS76wKHbxBDXcQMygTegUIARCHAg

Answer

A

B. The diagram symbol shown in the figure represents a network router. It is not a switch, a hub, or a gateway.

Question 25

Q

Which of the following is the term used to describe a wiring nexus—typically housed in a closet—where horizontal networks meet the backbone?
MDF
MTBF
IDF
SLA

Answer

A

C. An intermediate distribution frame (IDF) is the location of localized telecommunications equipment such as the interface between a horizontal network, which connects to workstations and other user devices, and the network backbone. A large enterprise network will typically have demarcation points for telephone services and a connection to an Internet service provider’s network. In many cases, these services will enter the building in the same equipment room that houses the backbone switch. This room is then called the main distribution frame (MDF). Mean Time Between Failures (MTBF) and service level agreements (SLAs) are not locations of network wiring.

Question 26

Q

Which of the following event logs on a Windows server can record information about both successful and failed access attempts?
System
Application
Security
Setup

Answer

A

C. When you enable audit policies on Windows systems, you can specify whether to audit successful or failed events (or both), including access attempts. This audit information is recorded in the Security event log. The System, Application, and Setup events logs typically do not record both successful and failed access attempts.

Question 27

Q

What is the width of a standard equipment rack in a datacenter?
12 inches
16 inches
19 inches
24 inches

Answer

A

C. The standard width of an equipment rack in a data center is 19 inches. Network hardware manufacturers use this width when designing rack-mountable components.

Question 28

Q

When a service fails to start on a Windows server, an entry is typically created in which of the following event logs?
Application
Security
Setup
System

Answer

A

D. On a Windows system, information about services, including successful service starts and failures, is recorded in the System event log. The Application, Security, and Setup logs typically do not contain this type of information.

Question 29

Q

In a standard Cisco network diagram, what component does the symbol in the figure represent?
Diagram shows three-dimensional square box on which one double-headed arrow is drawn in red. One side of box has six small boxes shaded in red.
A switch
A router
A hub
A gateway

Answer

A

C. The diagram symbol shown in the figure represents a network hub. It is not a switch, a router, or a gateway.

Question 30

Q

The precise locations of devices in a datacenter are typically documented in which of the following documents?
Rack diagram
Network map
Wiring schematic
Logical diagram

Answer

A

A. Datacenters typically mount components in racks, 19-inch-wide and approximately 6-foot-tall frameworks in which many networking components are specifically designed to fit. A rack diagram is a depiction of one or more racks, ruled out in standardized 1.752-inch rack units, and showing the exact location of each piece of equipment mounted in the rack. Network maps, wiring schematics, and logical diagrams are documents that document the relationships between components, not their precise locations.

Question 31

Q

Which of the following statements about network maps is true?
Network maps are typically drawn to scale.
Network maps typically contain more information than network diagrams.
Network maps must be read/write accessible to all personnel working on the network.
Network maps diagram only the locations of cable runs and endpoints.

Answer

A

B. Network diagrams typically specify device types and connections, but network maps can also include IP addresses, link speeds, and other information. Network maps diagram the relationships between devices, and provide information about the links that connect them, but they are not drawn to scale and usually do not indicate the exact location of each device. Although universal accessibility would be desirable, there are individuals who should not have access to network maps and other documentation, including temporary employees and computer users not involved in IT work. A network maps include all networking devices, not just cable runs and endpoints.

Question 32

Q

Which of the following RAID levels uses disk striping with distributed parity?
RAID 0
RAID 1
RAID 5
RAID 10

Answer

A

C. Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 5 combines disk striping (blocks written to each disk in turn) with distributed storage of parity information, for fault tolerance. RAID 0 provides data striping only. RAID 1 provides disk mirroring. RAID 10 creates mirrored stripe sets.

Question 33

Q

While negotiating a new contract with a service provider, you have reached a disagreement over the contracted reliability of the service. The provider is willing to guarantee that the service will be available 99 percent, but you have been told to require 99.9 percent. When you finally reach an agreement, the negotiated language will be included in which of the following documents?
SLA
AUP
NDA
BYOD

Answer

A

A. A service level agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available. Acceptable use policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. A nondisclosure agreement (NDA) specifies what company information employees are permitted to discuss outside the company. A Bring Your Own Device (BYOD) policy specifies the personal electronics that employees are permitted to use on the company network and documents the procedures for connecting and securing them.

Question 34

Q

A server with dual power supplies must be running in which of the following modes for the system to be fault tolerant?
Combined mode
Redundant mode
Individual mode
Hot backup mode

Answer

A

B. A server with dual power supplies can run in one of two modes: redundant or combined. In redundant mode, both power supplies are capable of providing 100 percent of the power needed by the server. Therefore, the server can continue to run if one power supply fails, making it fault tolerant. In combined mode, both power supplies are needed to provide the server’s needs, so a failure of one power supply will bring the server down. Individual mode and hot backup mode are not terms used for this purpose.

Question 35

Q

Redundant power circuits can enable a server to continue running in spite of which of the following events?
A citywide power outage
A server power supply failure
An uncorrected building circuit failure
A failure of the server’s uninterruptable power supply

Answer

A

C. If a server is connected to two building circuits, it can continue to function if the breaker for one circuit trips and remains uncorrected. All of the other scenarios will bring the server down, unless additional redundancies are in place.

Question 36

Q

Installing an electrical generator for your datacenter is an example of which of the following fault tolerance concepts?
Uninterruptible power supply (UPS)
Power redundancy
Dual power supplies
Redundant circuits

Answer

A

B. Power redundancy is a general term describing any fault tolerance mechanism that enables equipment to continue functioning when one source of power fails. A UPS is a device that uses battery power, not a generator. The term dual power supplies refers to the power supply units inside a computer, not a separate generator. The term redundant circuits refers to multiple connections to the building’s main power, not to a generator.

Question 37

Q

Which of the following Redundant Array of Independent Disks (RAID) levels provides fault tolerance by storing parity information on the disks, in addition to the data? (Choose all correct answers.)
RAID 0
RAID 1
RAID 5
RAID 10

Answer

A

C. Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 5 combines disk striping with distributed storage of parity information, which provides fault tolerance. The parity information enables the array to rebuild a disk whose data has been lost. RAID 0 uses data striping only (blocks written to each disk in turn), which does not provide any form of fault tolerance. RAID 1 provides fault tolerance through disk mirroring. RAID 10 creates fault-tolerant mirrored stripe sets.

Question 38

Q

Which of the following RAID levels provide fault tolerance without using parity data? (Choose all correct answers.)
RAID 0
RAID 1
RAID 5
RAID 10

Answer

A

B and D. Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 1 and RAID 10 both use disk mirroring to provide fault tolerance, which does not require parity data. RAID 0 uses data striping only (blocks written to each disk in turn), which does not provide any form of fault tolerance. RAID 5 combines disk striping with distributed storage of parity information.

Question 39

Q

Which of the following is not a fault tolerance mechanism?
Port aggregation
Clustering
MTBF
UPS

Answer

A

C. Mean Time Between Failures (MTBF) is a hardware specification used to predict the approximate lifetime of a component. It does not refer to any type of fault tolerance mechanism. Port aggregation, clustering, and uninterruptible power supplies (UPSs) are all mechanisms that provide fault tolerance in the event of network adapter, server, and power failures, respectively.

Question 40

Q

Which of the following backup job types does not reset the archive bits of the files it backs up?
Full
Incremental
Differential
Supplemental

Answer

A

C. Differential backups use the archive bit to determine which target files to back up. However, a differential backup does not reset the archive bit. Full backups do not pay attention to the archive bit because they back up all of the files. A full backup, however, does clear the archive bit after the job is completed. Incremental backups also use the archive bit to determine which files have changed since the previous backup job. The primary difference between an incremental and a differential job, however, is that incremental backups clear the archive bit so that unchanged files are not backed up. There is no such thing as a supplemental backup job.

Question 41

Q

Which of the following RAID levels does not provide fault tolerance?
RAID 0
RAID 1
RAID 5
RAID 10

Answer

A

A. Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 0 uses data striping only (blocks written to each disk in turn), which does not provide any form of fault tolerance. RAID 1 provides disk mirroring. RAID 5 combines disk striping with distributed storage of parity information. RAID 10 creates mirrored stripe sets. These three levels all provide fault tolerance.

Question 42

Q

Which of the following is the criterion most commonly used to filter files for backup jobs?
Filename
File extension
File attributes
File size

Answer

A

C. The archive bit that backup software uses to perform incremental and differential jobs is a file attribute, so this is the most commonly used filter type. It is possible to filter files based on their names, their extensions, and their size, but these are not used as often as the archive file attribute.

Question 43

Q

What are the three elements in the Grandfather-Father-Son media rotation system?
Hard disk drives, optical drives, and magnetic tape drives
Incremental, differential, and full backup jobs
Monthly, weekly, and daily backup jobs
QIC, DAT, and DLT tape drives

Answer

A

C. The generational media rotation system uses the terms grandfather, father, and son to refer to backup jobs that are run monthly, weekly, and daily. The jobs can be full, incremental, or differential, and the terms have nothing to do with whether the backup medium is a hard disk, optical, or any type of tape drive.

Question 44

Q

You are installing a new Windows server with two hard disk drives in it, and you want to use RAID to create a fault-tolerant storage system. Which of the following RAID levels can you configure the server to use?
RAID 0
RAID 1
RAID 5
RAID 10

Answer

A

B. Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 1 provides disk mirroring for fault tolerance and requires two or more disk drives. RAID 0 provides data striping only, with no fault tolerance. RAID 5 combines disk striping (blocks written to each disk in turn) with distributed storage of parity information for fault tolerance, but it requires a minimum of three disk drives. RAID 10 creates mirrored stripe sets and requires at least four disk drives.

Question 45

Q

Which of the following types of backup jobs are supported by the Windows Server Backup program? (Choose all correct answers.)
Incremental
Differential
Full
Supplemental

Answer

A

A and C. Windows Server Backup can perform full backups and incremental backups. It does not support differential backups, and there is no backup job called a supplemental.

Question 46

Q

Which of the following media types is Windows Server Backup unable to use to store backed-up data?
Local hard disks
Local optical disks
Magnetic tape drives
Remote shared folders

Answer

A

C. Windows Server Backup cannot back up data to magnetic tape drives. However, it can back up to local hard disks, optical disks, and remote shares.

Question 47

Q

Which of the following is not a type of server load balancing mechanism?
DNS round-robin
Network address translation
Content switching
Multilayer switching

Answer

A

B. Load balancing is a method of distributing incoming traffic among multiple servers. Network address translation (NAT) is a routing mechanism that enables computers on a private network to share one or more public IP addresses. It is therefore not a load balancing method. DNS round-robin, multilayer switching, and content switching are all mechanisms that enable a server cluster to share client traffic.

Question 48

Q

Which of the following mechanisms for load balancing web servers is able to read the incoming HTTP and HTTPS requests and perform advanced functions based on the information they contain?
Content switches
Multilayer switches
Failover clustering
DNS round-robin

Answer

A

A. A content switch is an application layer device, which is what renders it capable of reading the incoming Hypertext Transfer Protocol (HTTP/HTTPS) messages. HTTP is an application layer protocol. Multilayer switches do not operate above the transport layer. Failover clustering and DNS round-robin are both techniques for distributing incoming traffic with actually processing it.

Question 49

Q

Why does performing incremental backups to a hard drive, rather than a tape drive, make it possible to restore a server with a single job, rather than multiple jobs?
Because hard drives hold more data than tape drives
Because hard drives can transfer data faster than tape drives
Because hard drives are random access devices and tape drives are not
Because hard drives use a different block size than tape drives

Answer

A

C. Data is stored on tape drives in a linear fashion. Once you write backup data to a tape, you cannot selectively replace individual files. When you perform a restore job, you might have to restore the most recent full backup, followed by incremental backups, which overwrite some of the full backup files with newer ones. Hard disk drives are random access devices, meaning that individual files can be written to and read from any location on the disk. When you perform incremental backup jobs to a hard disk, the software can restore data using any version of each file that is available. Data capacity, transfer speed, and block size are not relevant.

Question 50

Q

Which of the following statements about the differences between online and standby uninterruptible power supplies (UPSs) are correct? (Choose all correct answers.)
A standby UPS runs devices using battery power all the time.
An online UPS provides no gap in the power supplied to the devices during a main power failure.
An online UPS switches devices to battery power only during a main power failure.
A standby UPS provides only enough power for an orderly shutdown of the devices.

Answer

A

B and D. It is an online UPS that runs devices using battery power all the time so that there is no gap to the power supplied to devices during a failure. It is a standby UPS that switches devices to battery power during a main power failure. Both online and standby UPSs provide only enough power for an orderly shutdown of the devices.

Question 51

Q

Which of the following are valid reasons why online uninterruptible power supplies (UPSs) are more expensive than standby UPSs?
Online UPSs enable devices to run longer when a main power failure occurs.
Online UPSs enable devices to run continuously when a main power failure occurs.
Online UPSs are managed devices that can generate alerts.
Online UPSs provide greater protection against power spikes and sags.

Answer

A

B. Online UPSs run devices from the battery all the time, while simultaneously keeping the battery charged. There is therefore no switchover gap when a power failure occurs. Online UPSs do not necessarily run longer than standby UPSs, nor do they provide more protection again power spikes and sags. Both online and standby UPSs can be managed devices.

Question 52

Q

Which of the following are equivalent terms for the process of combining the bandwidth of two or more network adapters to increase the overall speed of the connection and provide fault tolerance? (Choose all correct answers.)
Bonding
Link aggregation
Clustering
Port aggregation
NIC teaming

Answer

A

A, B, D, and E. Bonding, link aggregation, port aggregation, and NIC teaming are all terms for the same basic technology, in which the bandwidth of multiple network adapter connections is joined to speed up transmissions. The technology also enables the network communication to continue if one of the adapters should be disconnected. Clustering refers to combining servers into a single unit, not network adapters.

Question 53

Q

Which of the following statements best describes the difference between the fault tolerance mechanisms disk mirroring and disk duplexing?
Disk mirroring enables a server to survive the failure of a disk drive.
Disk duplexing enables a server to survive the failure of a disk controller.
Disk duplexing enables a server to survive a failure of a disk drive or a disk controller.
Disk duplexing enables a server to survive a failure of a disk drive or a disk controller.

Answer

A

C. As with disk mirroring, disk duplexing uses multiple hard disk drives to store duplicate copies of all data. However, disk duplexing calls for each disk to be connected to a separate controller so that the data remains available despite a disk failure or a controller failure.

Question 54

Q

A network load balancing cluster is made up of multiple computers that function as a single entity. Which of the following terms is used to describe an individual computer in a load balancing cluster?
Node
Host
Server
Box

Answer

A

A. In a network load balancing cluster, each computer is referred to as a host. Other types of clusters use other terms. For example, in a failover cluster, each computer is called a node.

Question 55

Q

If you back up your network by performing a full backup every Wednesday at 6 p.m. and differential backups in the evening on the other six days of the week, how many jobs would be needed to completely restore a computer with a hard drive that failed on a Tuesday at noon?
One
Two
Six
Seven

Answer

A

B. A differential backup is a job that backs up all the files that have changed since the last full backup. Therefore, to restore a system that failed on Tuesday at noon, you would have to restore the most recent full backup from the previous Wednesday and the most recent differential from Monday.

Question 56

Q

Which of the following is an element of high availability systems that enables them to automatically detect problems and react to them?
Backups
Snapshots
Failover
Cold sites

Answer

A

C. Highly available systems often have redundant components that enable them to continue operating even after a failure of a hard disk, server, or other component. Backups, snapshots, and cold sites can all contribute to a system’s high availability, but they do not function automatically.

Question 57

Q

Which of the following networking concepts frequently use virtual IP addresses to provide high availability? (Choose all correct answers.)
Clustering
Load balancing
Network address translation (NAT)
NIC teaming

Answer

A

A and B. A high availability virtual IP address implementation is when multiple servers are identified by a single address, enabling all of the servers to receive incoming client traffic. In the case of server clustering and network load balancing arrangements, the cluster itself has a unique name and IP address, separate from those of the individual servers. Clients address themselves to the cluster, not to one of the servers in the cluster. NAT is not a high availability technology, and NIC teaming does not use virtual IP addresses.

Question 58

Q

Which of the following disaster recovery mechanisms can be made operational in the least amount of time?
A cold site
A warm site
A hot site
All of the options are the same.

Answer

A

C. Cold, warm, and hot backup sites differ in the hardware and software they have installed. A cold site is just a space at a remote location. The hardware and software must be procured and installed before the network can be restored. It is therefore the least expensive and takes the most time. A warm site has hardware in place that must be installed and configured. A hot site has all of the necessary hardware installed and configured. A warm site is more expensive than a cold site, and a hot site is the most expensive and takes the least amount of time to be made operational.

Question 59

Q

Which of the following terms defines how long it will take to restore a server from backups if a complete system failure occurs?
RPO
RTO
BCP
MIB

Answer

A

B. The recovery time objective (RTO) specifies the amount of time needed to restore a server from the most recent backup if it should fail. This time interval depends on the amount of data involved and the speed of the backup medium. A recovery point objective (RPO) specifies how much data is likely to be lost if a restore from backups should be necessary. This figure is based on the frequency of the backups and the amount of new data generated by the system. Business contingency planning (BCP) is an umbrella term for procedures enacted to keep the organization functioning in the event of a disaster. A management information base (MIB) is a database used by Simple Network Management Protocol (SNMP) systems.

Question 60

Q

If you back up your network by performing a full backup every Wednesday at 6 p.m. and incremental backups in the evening of the other days of the week, how many jobs would be needed to completely restore a computer with a hard drive that failed on a Monday at noon?
One
Two
Five
Six

Answer

A

C. An incremental backup is a job that backs up all of the files that have changed since the last backup of any kind. Therefore, to restore a system that failed on Monday at noon, you would have to restore the most recent full backup from the previous Wednesday and the incrementals from Thursday, Friday, Saturday, and Sunday.

Question 61

Q

Which of the following elements would you typically not expect to find in a service level agreement (SLA) between an Internet service provider (ISP) and a subscriber?
A definition of the services to be provided by the ISP
A list of specifications for the equipment to be provided by the ISP
The types and schedule for the technical support to be provided by the ISP
The types of applications that the subscriber will use when accessing the ISP’s services

Answer

A

D. An ISP provides subscribers with access to the Internet. The applications that the subscriber uses on the Internet are typically not part of the SLA. An SLA does typically specify exactly what services the ISP will supply, what equipment the ISP will provide, and the technical support services the ISP will furnish as part of the agreement.

Question 62

Q

How does an autochanger increase the overall storage capacity of a backup solution?
By compressing data before it is stored on the medium
By automatically inserting media into and removing it from a drive
By running a tape drive at half its normal speed
By writing two tracks at once onto a magnetic tape

Answer

A

B. An autochanger is a robotic device containing one or more removable media drives, such as magnetic tape or optical disk drives. The robotic mechanism inserts and removes media cartridges automatically so that a backup job can span multiple cartridges, increasing its overall capacity.

Question 63

Q

For a complete restore of a computer that failed at noon on Tuesday, how many jobs would be needed if you performed full backups to tape at 6 a.m. every Wednesday and Saturday and incremental backups to tape at 6 a.m. every other day?
One
Two
Three
Four

Answer

A

D. An incremental backup is a job that backs up all of the files that have changed since the last backup of any kind. Therefore, to restore a system that failed on Tuesday at noon, you would have to restore the most recent full backup from the previous Saturday and the incrementals from Sunday, Monday, and Tuesday morning.

Question 64

Q

If you have a server with dual power supplies, both of which are connected to a single UPS, with a building power circuit connected to a backup generator, which of the following failures can the server survive and keep running indefinitely? (Choose all correct answers.)
Failure of one server power supply
Failure of the UPS
Failure of the building power circuit
Failure of the building backup generator

Answer

A

A and D. If one of the server’s power supplies fails, the other will continue to function. If the building’s backup generator fails, the server will continue to run as long as the building still has outside power. If the UPS fails, the server will go down. If the breaker for the building power circuit trips, the server will run only as long as the UPS battery holds out.

Answer 65

A

A, B, and D. If one of the server’s power supplies fails, the other will continue to function. If the UPS fails, the server will continue to using the power supply plugged into the wall socket. If the building’s backup generator fails, the server will continue to run as long as the building still has outside power. If the breaker for the building power circuit trips, the server will run only as long as the UPS battery holds out.

Answer 66

A

A, B, C, and D. If one of the server’s power supplies fails, the other will continue to function. If one of the UPSs fails, the server will continue to run using the other. If one of the building power circuit breakers trips, the server will continue to run using the other one. If the building’s backup generator fails, the server will continue to run as long as the building still has outside power.

Answer 67

A

A. A service level agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available. Mean Time Between Failures (MTBF) is a hardware specification that estimates how long a particular component can be expected to function. Acceptable use policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. Mean Time To Repair (MTTR) specifies the average time it will take to repair a specific hardware company when it malfunctions.

Answer 68

A

A. Cold, warm, and hot backup sites differ in the hardware and software they have installed. A cold site is just a space at a remote location. The hardware and software must be procured and installed before the network can be restored. It is therefore the least expensive. A warm site has hardware in place that must be installed and configured. A hot site has all of the necessary hardware installed and configured. A warm site is more expensive than a cold site, and a hot site is the most expensive.

Answer 69

A

A, B, and D. The technical support clause of an SLA typically defines the type of support that the provider will furnish, the time service for support, and the amount of support that is included in the contract, as well as the cost for additional support. An SLA will typically guarantee service ability in the form of a percentage, but this refers to problems at the provider’s end and is not a customer technical support matter.

Answer 70

A

D. Load balancing refers to the distribution of traffic between two or more channels. Port aggregation combines ports into a single logical channel with a single MAC address and provides greater throughput. Port aggregation also provides fault tolerance in the event of a port failure.

Answer 71

A

D. A cluster is a group of computers configured with the same application that function as a single unit. The cluster can function as a fault tolerance mechanism by failing over from one server to the next, when necessary, or provide load balancing by distributing traffic among the servers.

Answer 72

A

B and D. Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 1 provides disk mirroring, and RAID 10 creates mirrored stripe sets. Both provide fault tolerance by maintaining two copies of every stored file, for a usable disk space percentage of 50 percent. Some mirroring configurations store more than two copies of each file, for even less usable space. RAID 0 provides data striping only, with no fault tolerance. RAID 5 combines disk striping (blocks written to each disk in turn) with distributed storage of parity information, for fault tolerance with a usable disk space percentage of at least 66 percent.

Answer 73

A

A. Mean Time Between Failures (MTBF) specifies how long you can expect a device to run before it malfunctions. For a hard disk, this specification indicates the life expectancy of the device. A service level agreement (SLA) and an accepted use policy (AUP) are not specifications associated with hard disk drives. Mean Time To Repair (MTTP) can conceivably be specified for a hard disk, but hard disk drives in a RAID array are typically replaced, not repaired.

Answer 74

A

B. NIC teaming enables you to combine the functionality of two network interface cards (NIC) in one connection. However, when you configure a NIC team to use an active/passive configuration, one of the network adapters remains idle and functions as a fault tolerance mechanism. If the other NIC should fail, the passive NIC becomes active. In this configuration, NIC teaming does not provide load balancing, server clustering, or traffic shaping.

Answer 75

A

D. Redundant Array of Independent Disks (RAID) level 1 is a fault tolerance mechanism that is also known as disk mirroring. A storage subsystem writes data to two or more disks at the same time so that if a disk fails, the data remains available. Because data is written to the disks at the same time, this RAID level does not provide load balancing. NIC teaming balances a network traffic load among two or more NICs, whereas server clustering and DNS round-robin balance a traffic load among multiple servers.

Answer 76

A

D. Cold, warm, and hot backup sites are a disaster recovery mechanism that enables a network to be activated at a remote location when a catastrophe occurs. The temperature refers to the sites readiness to assume the role of the network. A cold site is just a space at a remote location. The hardware and software must be procured and installed before the network can be restored. A warm site has hardware in place that must be installed and configured. It takes less time to restore the network than at a cold site, but more than at a hot site. A hot site has all of the necessary hardware installed and configured. The network can go live as soon as the most recent data is restored.

Answer 77

A

D. Version skew can occur when a data set changes while a system backup is running. A file written to a directory that has already been backed up will not appear on the backup media, even though the job might still be running. This can result in unprotected files, or worse, data corruption. A snapshot is a read-only copy of a data set taken at a specific moment in time. By creating a snapshot and then backing it up, you can be sure that no data corruption has occurred due to version skew. Incrementals and differentials are types of backup jobs, and iteration is not a specific storage technology.

Answer 78

A

A. A snapshot is a read-only copy of a data set taken at a specific moment in time. By creating a snapshot and then backing it up, you can be sure that no data corruption has occurred due to version skew. A hot site is an alternative network location in which all hardware and software is installed and ready. Incrementals and differentials are types of backup jobs.

Answer 79

A

C. Port scanning identifies open ports on a single computer, whereas port sweeping scans multiple computers for a single open port. War driving and bluejacking are methods of attacking wireless networks.

Answer 80

A

A. The difference between analyzers and sniffers is that analyzers read the internal contents of the packets they capture, parse the individual data units, and display information about each of the protocols involved in the creation of the packet. Sniffers look for trends and patterns in the network traffic without examining the contents of each packet. Both analyzers and sniffers can be implemented as hardware or software. Analyzers and sniffers are available for wired and wireless networks.

Answer 81

A

A and E. An SNMP-based network management system consists of three components: a management console software product installed on a network computer, agents installed on the devices you want to manage, and MIBs for each of the agents. Because the switches support SNMP management and already have agents, they have MIBs also. Therefore, all you have to do is purchase the network management software and install the console on a network computer.

Answer 82

A

A. A patch is a relatively small update that is designed to address a specific issue, often a security exploit or vulnerability. Patches do not add features or new capabilities; they are fixes targeted at a specific area of the operating system. Updates, upgrades, and service packs are larger packages that might include new features and/or many different fixes.

Answer 83

A

D. A protocol analyzer captures frames and displays their contents, including the header fields created by the protocols at the various OSI model layers. To interpret the exchanges between the computers on the network, you must be familiar with the protocols and how they operate. Protocol analyzers are useful tools in the hands of experienced network administrators, but they can also be used for malicious purposes, such as displaying unencrypted passwords and other confidential information in the captured packets. The difference between analyzers and sniffers is that analyzers read the internal contents of the packets they capture, parse the individual data units, and display information about each of the protocols involved in the creation of the packet. Sniffers look for trends and patterns in the network traffic without examining the contents of each packet.

Answer 84

A

B. The top utility displays performance information about the currently running processes on a Unix/Linux system. Netstat is a tool that enables you to view active network connections and TCP/IP traffic statistics. It does not measure system performance. There are no Unix/Linux tools called monitor or cpustat.

Answer 85

A

A and C. SNMP version 1, the original version, used an unencrypted community string. SNMPv2 added better security, but it was not backward compatible with the version 1 community string. A revised version, SNMP2c, added backward compatibility. SNMPv3, the one most often seen today, includes more advanced security and does not use a community string.

Answer 86

A

A. Firmware is a type of software permanently written to the memory built into a hardware device. A firmware overrides the read-only nature of this memory to update the software. Driver updates, feature updates, and vulnerability patches are typically applied to software products, such as applications and operating systems.

Answer 87

A

B. For Windows users, the second Tuesday of every month is “Patch Tuesday,” when Microsoft releases the latest operating system patches for automatic download.

Answer 88

A

C. Rolling back, the process of uninstalling a patch to revert to the previous version of the software, is not part of the patch evaluation process. The evaluation process for new patches in a corporate environment usually consists of a research stage, in which you examine the need and purpose for the patch, a testing stage, in which you install the patch on a lab machine, and a backup of the production systems to which you will apply the patch.

Answer 89

A

A. Vulnerability patches are usually updates that address severe issues that have been recently discovered. When the vulnerability is severe, the software manufacturer might release a patch as soon as it is available, rather than wait for the next scheduled release. Feature changes, driver updates, and firmware updates are usually not time sensitive and are released on schedule.

Answer 90

A

B. If a device driver is functioning properly, many administrators would prefer not to update it, believing that “if it ain’t broke, don’t fix it.” Unless a device driver update addresses a specific bug or an incompatibility that the system is experiencing, there might be no need to install it. Feature changes, operating system updates, and especially vulnerability patches are more likely to be recommended installs.

Answer 91

A

B and C. SNMP is not the name of a network management product; it is just the name of the protocol that provides a framework for the interaction of the various components in a network management product. SNMPv1 uses a community string, but SNMPv2 does not. The interim version SNMPv2c retains the community string from version 1 in place of the new version 2 security system. When you see a network interface adapter, switch, router, access point, or other device that purports to be managed or that claims to have network management capabilities, this usually means that the device includes an SNMP agent. Most of today’s network management products do support SNMPv3. In addition, many network management products that implement SNMPv3 also include support for the earlier, unprotected versions, such as SNMPv1 and SNMPv2c.

Answer 92

A

D. Rollback is a term used in change management to describe the process of reversing a change that has been made, to restore the original configuration. In the case of patch management, a rollback is the process of uninstalling a recently installed software update. The terms backslide, downgrade, and reset are not used to describe this procedure.

Answer 93

A

C. The utility shown in the figure is the Windows Event Viewer, which displays the contents of the system, application, setup, and security logs, as well as others.

Answer 94

A

A. Syslog is a standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail SMTP server, across an IP network to a message collector, called a syslog server. Netstat is a program that displays status information about a system’s network connections; it does not provide logging services. SNMP is a protocol that carries network management information from agents to a central console; it was not created specifically for sendmail. The Cache Array Routing Protocol (CARP) enables proxy servers to exchange information; it does not provide logging services.

Answer 95

A

A. Traffic shaping is a technique for prioritizing packets by buffering packets that are not time sensitive for later transmission. You can use this technique to give VoIP packets priority over other types of traffic. Load balancing can conceivably improve the performance of a server, but it cannot help to relieve traffic congestion on the Internet link. The traffic congestion is on the Internet connection, not the LAN, so upgrading to Gigabit Ethernet will not help. SNMP is a protocol used by network management products; it will not relieve the traffic congestion problem.

Answer 96

A

A. The best solution is to implement SNMP. This includes a management console, agents, and management information bases (MIBs). SNMP allows you to track statistical network information (historical and current) and produce reports for baseline analysis and troubleshooting. Some SNMP products also allow you to track software distribution and metering. Protocol analyzers are best used for troubleshooting problems in real time and are not used for software distribution and metering. Performance Monitor is a tool that allows you to track performance statistics for one system at a time and does not include software distribution and metering. There is no such product as a network traffic monitor.

Answer 97

A

B. Protocol analyzers report the total number of frames seen compared to the number of frames that were accepted. If a capture filter has been configured, there will be a discrepancy between these two values. Only frames that meet the capture criteria will be accepted by the analyzer and placed in the buffer for later display. Protocol analyzers place good and bad frames into the buffer as long as they meet the capture criteria. If only good frames were placed in the buffer, there would be no way to identify problems.

Answer 98

A

C. A management information base (MIB) is the database on an SNMP console where all of the counters and associated object identifiers (OIDs) are referenced. A trap is an alert message that SNMP agents send to the network management console. Syslog is a standard for message logging components. Security information and event management (SIEM) is a combination tool that uses information gathered from logs and network devices to provide a real-time analysis of the network’s security condition.

Answer 99

A

A. Once the frames are in the buffer, you can configure a display filter to block the unwanted frames from view. This doesn’t delete them from the buffer. Since the capture was already performed, there is no need to restart the capture. Also, configuring a capture filter will not meet the requirements, since the filter will eliminate the other frames completely from the buffer. You can’t delete frames from an analyzer buffer.

Answer 100

A

A and B. Nmap is command-line utility that scans a range of IP addresses, runs a series of scripts against each device it finds, and displays a list of the open ports it finds on each one. Nessus is similar to Nmap in that it also scans a range of IP addresses to find open ports, but it then proceeds to mount attacks against those ports, to ascertain their vulnerability. Network Monitor is a protocol analyzer or packet sniffer, which is a program that captures network traffic samples and analyzes them. It is not a port scanner. Performance Monitor is a program that displays statistics for specific system and network performance criteria. It is not a port scanner.

Answer 101

A

B. A port scanner examines a system for open endpoints, accessible using the TCP or UDP protocols, which intruders can conceivably use to gain access to the system from the network.

Answer 102

A

B. A port is a numbered service endpoint identifying an application running on a TCP/IP system. A port scanner examines a system for open endpoints, accessible using the TCP or UDP protocols at the transport layer, which intruders can conceivably use to gain access to the system from the network.

Answer 103

A

A. Security Information and Event Management (SIEM) is a product that combines two technologies: security event management (SEM) and security information management (SIM). Together, the two provide a combined solution for gathering and analyzing information about a network’s security events. Simple Network Management Protocol (SNMP) is a technology that gathers information about managed devices.

Answer 104

A

B. The ports that a port scanner examines are the system endpoints identified by port numbers in TCP and UDP protocol headers. An open port provides network access to an application running on the computer, which can conceivably exploited by an intruder.

Answer 105

A

D. A protocol analyzer provides information about network traffic; it does not interpret web server logs. Most web servers maintain logs that track the IP addresses and other information about all hits and visits. The logs are stored as text files and contain a great deal of information, but in their raw form, they are difficult to interpret. Therefore, it is common practice to use a traffic analysis application that reads the log files and displays their contents in a more user-friendly form, such as tables and graphs.

Answer 106

A

B. A baseline is a record of a system’s performance under real-world operating conditions, captured for later comparison as conditions change. The workload during a baseline capture should be genuine, not simulated or estimated.

Answer 107

A

C. A packet analyzer is capable of looking at the data inside packets, which in the case of packets generated by Telnet and FTP, can contain passwords in clear text. Packet sniffers analyzer traffic patterns, and vulnerability scanners search for open ports. Telnet is itself a terminal emulator and does not display packet contents.

Answer 108

A

B. If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet. The other solutions could conceivably address the problem, but their success is less likely.

Answer 109

A

A. Protocol analyzers capture packets from the network and interpret their contents, which includes displaying the application layer payload, which can include confidential information. Protocol analyzers can display the IP addresses of systems on the network, but this is not a great security threat. Protocol analyzers cannot decrypt the protected information it finds in captured packets. Vulnerability scanners detect open ports and launch attacks against them; protocol analyzers do not do this.

Answer 110

A

A. Every syslog message includes a single-digit severity code. The code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 1 is an alert message, indicating that immediate action is needed. Severity code 2 is a critical condition message, and code 3 is an error condition. Code 4 is a warning message.

Answer 111

A

D. Every syslog message includes a single-digit severity code. The code 6 indicates that the message is purely informational. The code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 2 is a critical condition message, and code 4 is a warning message. Code 7 is used strictly for debugging.

Answer 112

A

D. Messages that SNMP agents send to consoles when an event needing attention occurs are called traps. Alerts and notifications are terms for the messages that the console sends to administrators. A ping is an ICMP echo request message sent from one TCP/IP computer to another.

Answer 113

A

D. The term rollback refers to the process of uninstalling or downgrading an update patch; it has nothing to do with monitoring a network interface. An interface monitor does typically display the number of transmission errors that occur on an interface, the amount of the available bandwidth that the interface is using, and the number of packets that have been dropped due to errors or discards.

Answer 114

A

B and C. The packet drops displayed by an interface monitor are caused by errors, such as malformed or unreadable packets, or discards, packets that are dropped because they are destined for another interface. Resets and overflows are not reasons for packet drops.

Answer 115

A

D. Performance baselines characterize hardware performance, so the OS update history would be of little or no use for future comparisons. A baseline typically consists of CPU, memory, disk, and network performance statistics.

Answer 116

A

C and D. Logs frequently contain sensitive information, so securing them with the appropriate permissions is an essential part of log management. Logs also can grow to overwhelm the storage medium on which they are stored, so cycling is a technique for managing log size by configuring them to delete the oldest record each time a new one is added. Rollback and utilization are not log management tasks.

Answer 117

A

B. Microsoft Assessment and Planning Toolkit (MAP Toolkit) is a free application that performs an agentless inventory of a network and uses the information to create reports on specific scenarios, such as whether computers are prepared for an operating system upgrade. Nessus, Nmap, and Microsoft Baseline Security Analyzer (MBSA) are all tools that include vulnerability scanning but that have other capabilities as well.

Answer 118

A

D. Port scanning, the process of looking for open TCP and UDP ports that are exploitable by attackers, is one of the many functions that qualifies as a type of vulnerability scanning. Network mapping, the remediation of vulnerabilities, and penetration testing, which is the process of deliberately performing a planned attack, are not considered vulnerability scanning techniques.

Answer 119

A

B. In SIEM, forensic analysis is a process of searching logs on multiple computers for specific information based on set criteria and time periods. Data aggregation is a process of consolidating log information from multiple sources. Correlation is the process of linking logged events with common attributes together. Retention is the long-term storage of log data.

Answer 120

A

C. Point-to-Point Tunneling Protocol (PPTP) is considered to be obsolete for VPN use because of several serious security vulnerabilities that have been found in it. IPsec, Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer/Transport Layer Security (SSL/TLS) are all still in use.

Answer 121

A

C. Layer 2 Tunneling Protocol (L2TP) is used to create the tunnel forming a VPN connection, but it does not encrypt the traffic passing through the tunnel. To do this, it requires a separate protocol that provides encryption, such as IPsec. Point-to-Point Tunneling Protocol (PPTP) and Secure Sockets Layer (SSL) are both capable of encrypting tunneled traffic.

Answer 122

A

, B, and C. Although the computers don’t have to use hardware made by the same manufacturer, both must use the same basic type of wide area network connection, such as a leased line, a modem and PSTN line, or an Internet connection. Both of the computers must also use the same data link layer protocol, such as PPP, to establish a remote network connection. Most remote network connections use some form of authentication mechanism, even if it is nothing more than the exchange of a user name and clear text password. To establish the remote network connection, both computers must be configured to use the same type of authentication, even if it is no authentication at all. As long as all of the other elements are in place, such as the physical layer connection and the protocols, there is no need for both of the computers involved in a remote network connection to be running the same operating system.

Answer 123

A

C. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. Transport Layer Security (TLS) is an updated security protocol that is designed to replace SSL. Datagram Transport Layer Security (DTLS) is a security protocol that provides the same basic functions as TLS, but for User Datagram Protocol traffic.

Answer 124

A

D. Datagram Transport Layer Security (DTLS) is a protocol that provides the same encryption and other web server/browser security functions as Transport Layer Security (TLS), but for User Datagram Protocol (UDP) traffic. Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security.

Answer 125

A

A. Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS. Datagram Transport Layer Security (DTLS) is a protocol that provides the same encryption and other web server/browser security functions as Transport Layer Security (TLS), but for User Datagram Protocol (UDP) traffic. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security.

Answer 126

A

B. Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS. It was deprecated in 2015. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security like TLS and DTLS. IPsec is a set of security protocols that provide digital signing, encryption, and other services for network transmissions. It is not specifically designed for web security. Remote Desktop Protocol (RDP) is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP is not a web security protocol.

Answer 127

A

D. An extranet VPN is designed to provide clients, vendors, and other outside partners with the ability to connect to your corporate network with limited access. A host-to-site VPN is a remote access solution, enabling users to access the corporate network from home or while traveling. A site-to-site VPN enables a branch office to connect to the home office using the Internet rather a more expensive wide area network (WAN) connection. A host-to-host VPN enables two individual users to establish a protected connection to each other.

Answer 128

A

C. Authentication Header (AH) is a protocol in the TCP/IP suite that provides digital integrity services, in the form of a digital signature, which ensures that an incoming packet actually originated from its stated source. Encapsulating Security Protocol (ESP) provides encryption services for IPsec. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. MSCHAP is an authentication protocol used by remote access services.

Answer 129

A

B. Trivial File Transfer Protocol (TFTP) is typically used to download boot image files to computers performing a Preboot Execution Environment (PXE) startup. It is not used for remote control. Remote Desktop Protocol (RDP) is used by Remote Desktop Services in Windows to provide clients with graphical control over servers at remote locations. Secure Shell (SSH) and Telnet are both character-based tools that enable users to execute commands on remote computers.

Answer 130

A

A. RDP is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP does not carry actual application data; it just transfers keystrokes, mouse movements, and graphic display information. Because the client program does not participate in the application computing on the server, it is known as a Thin client. RDP does not provide virtual private networking, encrypted tunneling, or unauthenticated file transfers.

Answer 131

A

C. Simple Network Monitoring Protocol (SNMP) is a means of tracking the performance and functionality of network components. Software or firmware components called agents are embedded in network devices and communicate with a central monitoring console. SNMP does not provide fault tolerance. A uninterruptible power supply (UPS) is a battery backup device that enables a computer to continue functioning in the event of a power failure. Redundant Array of Independent Disks (RAID) level 1 is a disk mirroring mechanism that provides fault tolerance by maintaining duplicate copies of all stored data. Clustering is a mechanism by which multiple servers function as a single unit, running the same application, so that if a server should fail, the others continue to function.

Answer 132

A

B. A site-to-site VPN enables one network to connect to another, enabling users on both networks to access resources on the other one. This is usually a more economical solution for branch office connections than a wide area network (WAN) link. A host-to-site VPN is a remote access solution, enabling users to access the corporate network from home or while traveling. A host-to-host VPN enables two individual users to establish a protected connection to each other. An extranet VPN is designed to provide clients, vendors, and other outside partners with the ability to connect to your corporate network with limited access.

Answer 133

A

C. EAP is the only authentication protocol included with Windows 10 that supports hardware-based authentication, so this is the only viable option. PAP transmits passwords in clear text and is therefore not a viable option, as is CHAP, because it must store passwords using reversible encryption. MSCHAPv2 provides sufficient password protection but does not support hardware-based authentication.

Answer 134

A

B and C. RDP is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP does not carry actual application data; it just transfers keystrokes, mouse movements, and graphic display information. Virtual Network Computing (VNC) is a similar desktop sharing system that is platform independent and open source. Secure Shell (SSH) and Telnet are character-based remote control solutions.

Answer 135

A

A, B, and C. RDP is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP does not carry actual application data; it just transfers keystrokes, mouse movements, and graphic display information.

Answer 136

A

A, B, and C. VNC is a graphical desktop sharing system that uses a protocol called Remote Frame Buffer (RFB) to connect a client to a server and control it remotely. VNC does not transmit actual application data; it just transfers keystrokes, mouse movements, and graphic display information.

Answer 137

A

A and C. Telnet is a character-based remote control protocol and application that is available on virtually all computing platforms. Because it is strictly character based, Telnet clients transmit only keystrokes and receive only character-based display information from the server.

Answer 138

A

A. FTP does provide authentication capabilities, but passwords are transmitted over the network in clear text, which is an unacceptable security condition. FTPS adds security in the form of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. SFTP adds Secure Shell (SSH) security. File transfer speed and size limitations are not an issue.

Answer 139

A

A. FTP provides authentication capabilities, but it transmits passwords over the network in clear text, which is an unacceptable security condition. FTPS adds security in the form of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. SFTP adds Secure Shell (SSH) security. Both of these encrypt authentication passwords before transmitting them. Trivial File Transfer Protocol (TFTP) does not authenticate clients, so it does not transmit passwords at all.

Answer 140

A

D. Trivial File Transfer Protocol (TFTP) is a simplified version of FTP that does not authenticate clients, so systems booting with PXE can download boot images invisibly after being directed to a TFTP server by the Dynamic Host Configuration Protocol (DHCP). FTP, FTPS, and SFTP all require authentication and other interaction, which would be impractical for use with PXE.

Answer 141

A

B and C. Out-of-band management uses a dedicated channel to devices on the network. This means that the device to be managed does not require an IP address. The channel provides access to the BIOS or UEFI firmware and makes it possible to reinstall the operating system on a remote computer. Telnet, SSH, and VNC are not out-of-band management tools.

Answer 142

A

C. Out-of-band management refers to the use of an alternative channel to a network device. The channel can be a modem connection, a direct cable connection, a wireless or cellular connection, or a dedicated Ethernet connection.

Answer 143

A

B and C. Authentication Header (AH) is an IPsec protocol that provides authentication and digital integrity services. Encapsulating Security Protocol (ESP) provides encryption services for IPsec. Secure Shell (SSH) is a remote administration tool, and Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers.

Answer 144

A

A, C, D, and F. A computer requires four components to establish a remote connection. First, a physical-layer wide area network (WAN) connection is needed. Second, two systems must share common protocols from the data link layer and above. Third, if TCP/IP is being used to establish a remote session, then TCP/IP parameters must be configured on the systems. Fourth, host and remote software are needed. The remote client must have software that enables it to establish a remote session, and the server must have software that allows it to receive and grant remote sessions. Microsoft RAS supports both client and server remote access software. However, this is not a required component since other types of software can be used. PPTP is a tunneling protocol and is not a required component for establishing a remote session.

Answer 145

A

A. Encapsulating Security Protocol (ESP) is a protocol in the TCP/IP suite that is capable of providing encryption services for IPsec. Authentication Header (AH) provides digital integrity services for IPsec, in the form of a digital signature. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. MSCHAP is an authentication protocol used by remote access services.

Answer 146

A

A and B. Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) both operate at the data link layer. IPsec operates at the network layer, and Secure Sockets Layer and Transport Layer Security have functions that fall into the session and presentation layers.

Answer 147

A

B. IPsec functions at the network layer of the OSI model, even though it frequently provides encryption for the Layer 2 Tunneling Protocol (L2TP), which operates at the data link layer.

Answer 148

A

B. When you connect to a remote network using VPN, you become a participant on that network, which includes using the remote network’s Internet connection. Therefore, when you open a browser, the application passes your requests through the VPN tunnel to the remote server, which uses the default gateway and Internet connection at the remote site to connect you. This is inherently slower than connecting the browser directly to the Internet from your client computer.

Answer 149

A

D. A site-to-site VPN connection connects two remote local area networks (LANs) together, enabling users on either network to access the other one. The typical configuration would consist of two VPN concentrators, one at each site, functioning as the endpoints of the connection.

Answer 150

A

C. A client-to-site VPN connection connects a single workstation to a remote local area network (LAN), enabling the workstation user to access the remote network’s resources. The typical configuration would consist of a standalone workstation and a VPN concentrator at the network site functioning as the endpoints of the connection.

Answer 151

A

B and C. The two most common types of SSL VPN connection are SSL portals, which provide users with access to selected remote network resources through a standard website, and SSL tunnels, which require the client web browser to run an active control, typically using Java or Flash. SSL client and SSL gateway are not common SSL VPN connections.

Answer 152

A

A. A host-to-host VPN connection connects two individual workstations at different locations, enabling the users on each workstation to access the other one through a secure tunnel. The typical configuration would consist of two workstations, one at each site, functioning as the endpoints of the connection.

Answer 153

A

C. The two most common types of SSL VPN connection are SSL portals, which provide users with access to selected remote network resources through a standard website, and SSL tunnels, which require the client web browser to run an active control, typically using Java or Flash. An SSL tunnel connection provides more complete access to the remote network. SSL client and SSL gateway are not common SSL VPN connections.

Answer 154

A

A. The term out-of-band is used to describe any type of management access to a device that does not go through the production network. Plugging a laptop into the console port avoids the network, so it is considered to be an example of out-of-band management. In-band management describes an access method that does through the production network. Client-to-site is a type of VPN connection, and Bring Your Own Device (BYOD) is a policy defining whether and how users are permitted to connect their personal devices to the network.

Answer 155

A

A and B. Because the two endpoints of a VPN are connecting to local Internet service providers (ISPs), the ongoing connection costs are typically much less than a long distance WAN connection. However, in most cases, a VPN is slower because it is affected by Internet bandwidth use and other factors. VPN connections are not inherently less secure than WANs, and they are not necessarily more difficult to maintain.

Answer 156

A

B, C, and D. Any method of connecting to a router, switch, or other managed device that does not use the production network is considered to be out-of-band management. This includes connecting a computer or terminal directly to the device, using a point-to-point modem connection, or consolidating dedicated ports on all of the devices by connecting them to an isolated switch. Logging on remotely using a workstation on the production network would be considered in-band management.

Answer 157

A

A and B. Two main VPN tunneling protocols are used to create a secure virtual pipe through the Internet: the PPTP and the L2TP. PPTP is a Microsoft tunneling protocol. L2TP is a Cisco Systems tunneling protocol. SLIP and PPP are not tunneling protocols.

Answer 158

A

C. File Transfer Protocol Secure (FTPS) is a variant on FTP that adds security in the form of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. However, it is not used to secure VPN connections. Point-to-Point Tunneling Protocol (PPTP), IPsec, and Layer 2 Tunneling Protocol (L2TP) are all protocols that provide security for VPN connections.

Answer 159

A

A and B. Using the prefix HTTPS:// causes a web browser to use a different port number to establish a secure connection to the web server. Security is provided by encrypting all data using Secure Sockets Layer (SSL) or Transport Layer Security (TLS). However, SSL and TLS do not replace HTTP; they just augment it. The HTTPS:// prefix does not affect the IP address used to connect to the server.

Answer 160

A

D. Because the administrative site is encrypted, you must use the HTTPS:// prefix to access it. Because the administrative site uses the nondefault port number 12354, you must append that number to the server name with a colon.

Answer 161

A

C. VNC supports many operating systems, can run through a web browser, and is free. However, it is not any faster than the competing products.

Answer 162

A

A. Telnet (TELetype NETwork) was the first TCP/IP terminal emulation program, but it is rarely used today because of its limitations. It is character-based only, and it transmits all data as clear text, which is insecure. Secure Shell (SSH) addresses the security problem, but it too is character-based. Windows Terminal Services and Virtual Network Computing (VNC) were both created to provide graphical terminal emulation.

Answer 163

A

B and D. Telnet (TELetype NETwork) was the first TCP/IP terminal emulation program, but it is rarely used today because it does not support graphical terminal emulation and because it transmits all data as clear text, which is insecure. Telnet is not appreciably slower than other character-based applications, and it is free.

Answer 164

A

B. No matter what protocol is used to encrypt a website, you must use the HTTPS:// prefix to access it. HTTP:// is for unencrypted sites, and TLS:// and HTLS:// are nonexistent prefixes.

Answer 165

A

A, C, and D. Tunneling is the process of encapsulating a data packet within another packet. The outer packet then encrypts the entire data packet. Message integrity enables the recipient to detect any data tampering. Authentication ensures that only the intended recipient can access the data. There is no applicable technique called socketing.

Answer 166

A

C. Telnet transmits keystrokes in clear text, including usernames and passwords. It is therefore insecure. Secure Shell (SSH) improves on the performance of Telnet by encrypting the passwords and other data it transmits over the network. Like Telnet, SSH is free and does not support graphical terminal emulation. SSH is also no faster than Telnet.

Answer 167

A

RDP is the client/server protocol created for use with Windows Terminal Services, now known as Remote Desktop Services. It is not used with VNC, Citrix products, or Telnet.

Answer 168

A

B and C. I

n this scenario each user wants the fastest service available to connect to the corporate network over a VPN connection.

Of all the services listed here, the only ones that will meet this requirement are DSL and CATV Internet. CATV and DSL Internet connections support high data rates and can be used to connect using a VPN tunnel, so they meet the speed requirement. Each user can use his or her existing CATV connection or use an existing telephone line to install DSL. Once the line is installed, each user needs to install and configure a VPN client on his or her computer and configure it to use L2TP and IPsec. Modem connections are slow—the maximum upstream speed is 33.6 Kbps, and the downstream is 56 Kbps. ISDN’s maximum transfer rate for Basic Rate Interface (BRI) is 128 Kbps.

Answer 169

A

B. A material safety data sheet (MSDS) is a document created by manufacturers of chemical, electrical, and mechanical products, specifying the potential dangers and risks associated with them, particularly in regard to exposure or fire. A properly documented network should have MSDS documents on file for all of the chemical and hardware products used to build and maintain it. MSDSs can be obtained from the manufacturer or the Environmental Protection Agency (EPA). Electrostatic discharges (ESDs), nondisclosure agreements (NDAs), and Bring Your Own Device (BYOD) policies are not concerned with cleaning compounds.

Answer 170

A

D. A privileged user agreement specifies the abilities and limitations of users with respect to the administrative accounts and other privileges they have been granted. Remote access policies specify when and how users are permitted to access the company network from remote locations. A service level agreement (SLA) is a contract between a provider and a subscriber specifying the guaranteed availability of the service. Acceptable use policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources.

Answer 171

A

A. Remote access policies specify when and how users are permitted to access the company network from remote locations. A service level agreement (SLA) is a contract between a provider and a subscriber specifying the guaranteed availability of the service. Acceptable use policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. A privileged user agreement specifies the abilities and limitations of users with respect to the administrative accounts and other privileges they have been granted.

Answer 172

A

B. Humidity prevents the buildup of static electricity that can cause discharges that damage equipment. Humidity levels of 50 percent or lower can cause equipment to be susceptible to electrostatic shock.

Answer 173

A

B. Acceptable use policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. AUPs typically specify what personal work employees can perform, what hardware and software they can install, and what levels of privacy they are permitted when using company equipment. A service level agreement (SLA) is a contract between a provider and a subscriber. A nondisclosure agreement (NDA) specifies what company information employees are permitted to discuss outside the company. Bring Your Own Device is a policy that specifies how employees can connect their personal devices to the company network.

Answer 174

A

D. A Bring Your Own Device (BYOD) policy specifies the personal electronics that employees are permitted to use on the company network and documents the procedures for connecting and securing them. A service level agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available. Acceptable use policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. A nondisclosure agreement (NDA) specifies what company information employees are permitted to discuss outside the company.

Answer 175

A

C. A nondisclosure agreement (NDA) specifies what company information employees are permitted to discuss outside the company. A service level agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available. Acceptable use policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. A Bring Your Own Device (BYOD) policy specifies the personal electronics that employees are permitted to use on the company network and documents the procedures for connecting and securing them.

Answer 176

A

A, B, C, and D. The longer the password, the more difficult it is to guess. Corporate policies typically require passwords of a minimum length. A larger character set also makes a password more difficult to guess, so requiring upper- and lowercase, numeric, and special characters is common. Changing passwords forces the cracking process to start over, so policies typically require frequent password changes and prevent passwords from being reused.

Answer 177

A

A, C, and D. Account lockout threshold specifies the number of incorrect logon attempts that are allowed before the account is locked out. Account lockout duration is the amount of time that an account remains locked out. Reset account lockout threshold counter specifies the amount of time before the number of incorrect attempts is reset to zero. Account lockout policies typically do not include a setting that regulates the amount of time allowed between logon attempts.

Answer 178

A

B. Account lockouts limit the number of incorrect passwords that a user can enter. This prevents intruders from trying to crack an account by trying password after password. After a specified number of incorrect tries, the account is locked for a specified length of time or until an administrator unlocks it.

Answer 179

A

C. Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions, and data at-rest describes data storage. Data-in-transit is not one of the standard data loss prevention terms.

Answer 180

A

A. Data in-use is the data loss prevention term used to describe endpoint access. Data in-motion is the term used to describe network traffic. Data at-rest describes data storage. Data in-process is not one of the standard data loss prevention terms.

Answer 181

A

B. Data at-rest describes data that is currently in storage while not in use. Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions, and data on-disk is not one of the standard data loss prevention terms.

Answer 182

A

A. Data on-line is not one of the standard data loss prevention terms. Data at-rest is a data loss prevention term that describes data that is currently in storage while not in use. Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions.

Answer 183

A

D. On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. This grants new users the privileges they need to use the network, modifies their privileges if they change positions, and revokes privileges when they leave the company. On-boarding and off-boarding are not data loss prevention, incident response, or inventory management processes.

Answer 184

A

C. On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. Off-boarding revokes a user’s privileges when he or she leaves the company. The term off-boarding does not refer to cluster management, disconnecting a switch, or retiring workstations.

Answer 185

A

A. After a change is requested, approved, scheduled, and performed, everyone involved should be notified, and finally the entire process documented for future reference.

Answer 186

A

B, C, and D. The U.S. government controls exports of sensitive software and other technology as a means to maintain national security interests and foreign policy agreements. Three U.S. agencies have the authority to issue export licenses: the Department of State, the Department of Commerce, and the Department of the Treasury. Individual software developers do not have the authority to impose their own export controls.

Answer 187

A

B. While incident response policies might include the process of responding to an incident and identifying and documenting its cause, the primary function of incident response policies is to ensure that the same incident does not happen again.

Answer 188

A

D. Material safety data sheets (MSDSs) are documents created by manufacturers of chemical, electrical, and mechanical products, which specify the potential risks and dangers associated with them, particularly in regard to flammability and the possibility of toxic outgassing. A properly documented network should have MSDS documents on file for all of the chemical and hardware products used to build and maintain it. MSDSs can be obtained from manufacturer or the Environmental Protection Agency (EPA). Electrostatic discharges (ESDs), nondisclosure agreements (NDAs), and Bring Your Own Device (BYOD) policies are not concerned with the dangers inherent in building contents.

Answer 189

A

D. Software and hardware upgrades are typically not part of an AUP because they are handled by the company’s IP personnel. An AUP for a company typically includes a clause indicating that users have no right to privacy for anything they do using the company’s computers, including email and data storage. An AUP usually specifies that the company is the sole owner of the computer equipment and any proprietary company information stored on it or available through it. The AUP prohibits the use of its computers or network for any illegal practices, typically including spamming, hacking, or malware introduction or development.

Answer 190

A

A and B. Clauses regarding company property, including the copyrights and patents for the work performed for the company, typically do appear in an AUP but not in the privacy clause. This information would be more likely to appear in an ownership clause. The privacy clause commonly explains that the company has the right to access and monitor anything stored on its computers.

Answer 191

A

D. Once a network infrastructure has been partially or completely destroyed, it is no longer a matter of incident response; it passes over into disaster recovery, which requires a different set of policies. Stopping, containing, and remediating an incident are all considered incident response policies.

Answer 192

A

A, B, and D. Attacks, hardware failures, and crashes are all events that can be addressed by incident response policies that define what is to be done to analyze and remediate the problem. An electrical fire is typically not something that would be addressed by an IT department’s incident response team; it is a job for trained firefighters. Once the fire is out, the company’s response falls under the heading of disaster recovery.

Answer 193

A

B. The process of adding a user’s personal device and allowing it to access the company network is called on-boarding. Removing the personal device from the network would be called off-boarding. In-band and out-of-band are terms defining methods for gaining administrative access to a managed network device.

Answer 194

A

C. A fail closed policy for the datacenter specifies that any open doors should lock themselves in the event of an emergency. To support this policy, the datacenter will have to have a self-contained fire suppression system, which uses devices such fire detectors and oxygen-displacing gas systems.

Answer 195

A

B, C, D, and E. While securing the area to prevent contamination of evidence, documenting the scene with photographs or video, collecting any evidence that might be visible, and cooperating with the authorities are tasks that are likely to be in the company’s incident response policy, turning off the server most certainly would not, because this could disturb or delete evidence of the crime.

Answer 196

A

A. Although all of the options are characteristics of a strong password, the definition of a complex password is one that expands the available character set by using a mixture of upper- and lowercase letters, numerals, and symbols. The larger the character set used to create passwords, the more difficult they are to guess.

Answer 197

A

A. A history requirement in a password policy prevents users from specifying any one of their most recently used passwords. Although creating passwords using the names of relatives and historical figures is not recommended, it is not something that is easy to prevent. Each user maintains his or her own password history; there is no conflict with the passwords of other users.

Answer 198

A

C. A brute-force password attack is one in which the perpetrator tries as many passwords as possible in an effort to guess or deduce the right one. Account lockout policies are intended to prevent this type of attack by limiting the number of incorrect password attempts.

Answer 199

A

A, B, and D. A brute-force password attack is one in which the perpetrator tries as many passwords as possible in an effort to guess or deduce the right one. Password length and complexity policies produce passwords that are harder to guess, making the attack statistically less likely to succeed. Account lockout policies are intended to prevent brute-force attacks by limiting the number of incorrect password attempts. Password history policies do not help to prevent brute-force attacks.

Answer 200

A

C. An IT asset disposal policy typically includes procedures to be performed on assets that have reached the end of their useful lives and that are ready for final processing. This includes the wiping of all data, the completion of inventory records, and the possible recycling of the asset. The policy assumes that all data requiring preservation has already been preserved before the asset is submitted for disposal. Therefore, data preservation procedures are not needed at this phase.

Brainscape's Knowledge GenomeTM

Chapter3 Flashcards

Brainscape's Knowledge Genome^TM