Domain 3: Network Operations Flashcards

Question 1

Q

Which of the following is the term usually applied to a representation of network devices, automatically compiled, and containing information such as IP addresses and connection speeds?

A. Network map

B. Network diagram

C. Cable diagram

D. Management information base

Answer

A

A. Network map

A network map is a depiction of network devices, not drawn to scale, with additional information added, such as IP addresses and link speeds. In most cases, network maps are automatically created by a software product, such as Nmap, that scans the network and creates a display from the information it discovers.

Question 2

Q

Which of the following types of network documentation is often overlaid on an architectural drawing or blueprint?

A. Network map

B. Network diagram

C. Cable diagram

D. Management information base

Answer

A

C. Cable diagram

A cable diagram is a precise depiction of the cable runs installed in a site. Often drawn on an architect’s plan or blueprint, the cable diagram enables network administrators to locate specific cables and troubleshoot connectivity problems.

Question 3

Q

Which of the following is not one of the typical heights for devices mounted in IT equipment racks?

A. 1 unit

B. 2 units

C. 3 units

D. 4 units

Answer

A

C. 3 units

Devices designed to fit into IT equipment racks typically have heights measured in units. One unit equals 1.75 inches. Most rack-mounted devices are one (1U), two (2U), or four units (4U) tall.

Question 4

Q

The cable plant for your company network was installed several years ago by an outside contractor. Now, some of the paper labels have fallen off your patch panels, and you do not know which wall plate is connected to each port. Assuming that you are working on a properly maintained and documented network installation, which of the following is the easiest way to determine which port is connected to which wall plate?

A. Consult the cable diagram provided by the cabling contractor at the time of the installation.

B. Call the cable installation contractor and see if he or she can remember which ports go with which wall plates.

C. Attach a tone generator to a patch panel port and then test each wall plate with a locator until you find the correct one. Repeat for each port that needs labeling.

D. Use a cable certifier to locate the patch panel port associated with each wall plate port.

Answer

A

A. Consult the cable diagram provided by the cabling contractor at the time of the installation.

A reputable cable installer should supply a cable diagram that indicates the locations of all the cable runs on a plan or blueprint of the site. You should be able to use this to determine which ports go with which wall plates. A busy cable installer is unlikely to remember specific details about an installation performed years ago.

Question 5

Q

Which of the following IT asset management documents published by the International Organization for Standardization (ISO) defines a standard for software identification tags (SWIDs) containing inventory information about the software running on a computer or other device?

A. ISO 19770-1

B. ISO 19770-2

C. ISO 19770-3

D. ISO 19770-4

E. ISO 19770-5

Answer

A

B. ISO 19770-2

ISO 19770 is a family of IT asset management (ITAM) standards that defines procedures and technology for the management of software and related assets in a corporate infrastructure. ISO 19770-2 defines the creation and use of SWID tags, which are XML files containing management and identification information about a specific software product. The other standards define other ITAM elements, such as compliance with corporate governance (ISO 19770-1) and resource utilization measurement (ISO 19770-4).

Question 6

Q

A rack diagram is typically ruled vertically using which of the following measurements?

A. Inches

B. Centimeters

C. Units

D. Grids

Answer

A

C. Units

Rack diagrams use vertical measurement called units, each of which is 1.75 inches. Most rack-mounted devices are one (1U), two (2U), or four units (4U) tall.

Question 7

Q

In a standard Cisco network diagram, what component does the symbol in the figure represent?

A. A switch

B. A router

C. A hub

D. A gateway

Answer

A

A. A switch

The diagram symbol shown in the figure represents a network switch. It is not a router, a hub, or a gateway.

Question 8

Q

A diagram of a telecommunications room or intermediate distribution frame (IDF) for an office building is typically based on which of the following?

A. A hand-drawn sketch

B. A series of photographs

C. An architect’s plan

D. A 3D model

Answer

A

C. An architect’s plan

IDF diagrams should be based on an architect’s plan whenever possible so that actual lengths and locations of cable runs can be documented. In situations where an architect’s plan is not available, a detailed sketch, drawn to scale, can be acceptable. Photographs and models are impractical for this purpose.

Question 9

Q

Which of the following, originally created for the UNIX sendmail program, is now a standard for message logging that enables tools that generate, store, and analyze log information to work together?

A. Syslog

B. Netmon

C. Netstat

D. Top

Answer

A

A. Syslog

Syslog is a standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail SMTP server, across an IP network to a message collector, called a syslog server.

Question 10

Q

At what point in the installation process should patch panel ports and wall plates be labeled?

A. When the patch panels and wall plates are installed

B. When a length of cable is cut from the spool

C. When the cables are attached to the connectors

D. When the cable runs are tested, immediately after their installation

Answer

A

C. When the cables are attached to the connectors

Patch panel ports and wall plates should be labeled when the cable runs are attached to them. Labeling them at any earlier time can result in cable runs being connected incorrectly.

Question 11

Q

Which of the following is the term used to describe a wiring nexus that typically is the termination point for incoming telephone and wide area network (WAN) services?

A. MDF

B. MTBF

C. IDF

D. RDP

Answer

A

A. MDF

A large enterprise network will—at minimum—have demarcation points for telephone services and a connection to an Internet service provider’s network. In many cases, these services will enter the building in the same equipment room that houses the backbone switch. This room is then called the main distribution frame (MDF).

Question 12

Q

A rack diagram is typically ruled into vertical rack units, which are standard-sized divisions that hardware manufacturers use when manufacturing rack-mountable components. Which of the following is the standard vertical height of a single rack unit?

A. 1.721 inches

B. 1.75 inches

C. 40 mm

D. 3.5 inches

Answer

A

B. 1.75 inches

A single rack unit is 1.75 inches, or 44.5 mm. Option A, 1.721 inches, is the height used for many components that are one rack unit tall, leaving a small space between components for easy insertion and removal.

Question 13

Q

Which of the following log types is the first place that an administrator should look for information about a server’s activities?

A. System log

B. Setup log

C. Application log

D. Security log

Answer

A

A. System log

System logs document the server’s startup activities and the ongoing status of its services and device drivers and services. When a problem occurs or the server’s status changes, the system logs can provide information about what happened and when.

Question 14

Q

Which of the following Windows applications would you most likely use to create a baseline of system or network performance?

A. Performance Monitor

B. Event Viewer

C. Syslog

D. Network Monitor

Answer

A

A. Performance Monitor

Performance Monitor is a Windows application that can create logs of specific system and network performance statistics over extended periods. Such a log created on a new computer can function as a baseline for future troubleshooting.

Question 15

Q

Which of the following IT asset management documents published by the International Organization for Standardization (ISO) provides an overview of the ITAM concepts discussed in the ISO 19770 family of standards?

A. ISO 19770-1

B. ISO 19770-2

C. ISO 19770-3

D. ISO 19770-4

E. ISO 19770-5

Answer

A

E. ISO 19770-5

ISO 19770 is a family of IT asset management (ITAM) standards that defines procedures and technology for the management of software and related assets in a corporate infrastructure. ISO 19770-5 provides a general overview of the functions provided by the standards and their benefits to an IT infrastructure.

The other standards define other ITAM elements, such as compliance with corporate governance (ISO 19770-1), creation and use of software ID (SWID) tags (ISO 19770-2), and resource utilization measurement (ISO 19770-4).

Question 16

Q

A rack-mounted device that is four units tall will be approximately what height in inches?

A. 1.75

B. 3.5

C. 4

D. 7

Answer

A

D. 7

The standard unit height for IT equipment racks is 1.75 inches, which is the equivalent of one unit. Four units would therefore be 7 inches.

Question 17

Q

Which of the following types of documentation should indicate the complete route of every internal cable run from wall plate to patch panel?

A. Physical network diagram

B. Asset management

C. Logical network diagram

D. Wiring schematic

Answer

A

D. Wiring schematic

The main purpose of a wiring schematic is to indicate where cables are located in walls and ceilings. A physical network diagram identifies all of the physical devices and how they connect together. Asset management is the identification, documentation, and tracking of all network assets, including computers, routers, switches, and so on. A logical network diagram contains addresses, firewall configurations, access control lists, and other logical elements of the network configuration.

Question 18

Q

In a standard Cisco network diagram, what component does the symbol in the figure represent?

A. A switch

B. A router

C. A hub

D. A gateway

Answer

A

B. A router

The diagram symbol shown in the figure represents a network router. It is not a switch, a hub, or a gateway.

Question 19

Q

Which of the following is the term used to describe a wiring nexus—typically housed in a closet—where horizontal networks meet the backbone?

A. MDF

B. MTBF

C. IDF

D. SLA

Answer

A

C. IDF

An intermediate distribution frame (IDF) is the location of localized telecommunications equipment such as the interface between a horizontal network, which connects to workstations and other user devices, and the network backbone.

Question 20

Q

Which of the following event logs on a Windows server can record information about both successful and failed access attempts?

A. System

B. Application

C. Security

D. Setup

Answer

A

C. Security

When you enable audit policies on Windows systems, you can specify whether to audit successful or failed events (or both), including access attempts. This audit information is recorded in the Security event log. The System, Application, and Setup events logs typically do not record both successful and failed access attempts.

Question 21

Q

What is the width of a standard equipment rack in a datacenter?

A. 12 inches

B. 16 inches

C. 19 inches

D. 24 inches

Answer

A

C. 19 inches

The standard width of an equipment rack in a data center is 19 inches. Network hardware manufacturers use this width when designing rack-mountable components.

Question 22

Q

When a service fails to start on a Windows server, an entry is typically created in which of the following event logs?

A. Application

B. Security

C. Setup

D. System

Answer

A

D. System

On a Windows system, information about services, including successful service starts and failures, is recorded in the System event log. The Application, Security, and Setup logs typically do not contain this type of information.

Question 23

Q

In a standard Cisco network diagram, what component does the symbol in the figure represent?

A. A switch

B. A router

C. A hub

D. A gateway

Answer

A

C. A hub

The diagram symbol shown in the figure represents a network hub. It is not a switch, a router, or a gateway.

Question 24

Q

The precise locations of devices in a datacenter are typically documented in which of the following documents?

A. Rack diagram

B. Network map

C. Wiring schematic

D. Logical diagram

Answer

A

A. Rack diagram

Datacenters typically mount components in racks, 19-inch-wide and approximately 6-foot-tall frameworks in which many networking components are specifically designed to fit. A rack diagram is a depiction of one or more racks, ruled out in standardized 1.752-inch rack units, and showing the exact location of each piece of equipment mounted in the rack. Network maps, wiring schematics, and logical diagrams are documents that document the relationships between components, not their precise locations.

Question 25

Q

Which of the following statements about network maps is true?

A. Network maps are typically drawn to scale.

B. Network maps typically contain more information than network diagrams.

C. Network maps must be read/write accessible to all personnel working on the network.

D. Network maps diagram only the locations of cable runs and endpoints.

Answer

A

B. Network maps typically contain more information than network diagrams.

Network diagrams typically specify device types and connections, but network maps can also include IP addresses, link speeds, and other information. Network maps diagram the relationships between devices, and provide information about the links that connect them, but they are not drawn to scale and usually do not indicate the exact location of each device. Although universal accessibility would be desirable, there are individuals who should not have access to network maps and other documentation, including temporary employees and computer users not involved in IT work. A network maps include all networking devices, not just cable runs and endpoints.

Question 26

Q

Which of the following RAID levels uses disk striping with distributed parity?

A. RAID 0

B. RAID 1

C. RAID 5

D. RAID 10

Answer

A

C. RAID 5

Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 5 combines disk striping (blocks written to each disk in turn) with distributed storage of parity information, for fault tolerance. RAID 0 provides data striping only. RAID 1 provides disk mirroring. RAID 10 creates mirrored stripe sets.

Question 27

Q

While negotiating a new contract with a service provider, you have reached a disagreement over the contracted reliability of the service. The provider is willing to guarantee that the service will be available 99 percent, but you have been told to require 99.9 percent. When you finally reach an agreement, the negotiated language will be included in which of the following documents?

A. SLA

B. AUP

C. NDA

D. BYOD

Answer

A

A. SLA

A service level agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available.

Question 28

Q

A server with dual power supplies must be running in which of the following modes for the system to be fault tolerant?

A. Combined mode

B. Redundant mode

C. Individual mode

D. Hot backup mode

Answer

A

B. Redundant mode

A server with dual power supplies can run in one of two modes: redundant or combined. In redundant mode, both power supplies are capable of providing 100 percent of the power needed by the server. Therefore, the server can continue to run if one power supply fails, making it fault tolerant. In combined mode, both power supplies are needed to provide the server’s needs, so a failure of one power supply will bring the server down. Individual mode and hot backup mode are not terms used for this purpose.

Question 29

Q

Redundant power circuits can enable a server to continue running in spite of which of the following events?

A. A citywide power outage

B. A server power supply failure

C. An uncorrected building circuit failure

D. A failure of the server’s uninterruptable power supply

Answer

A

C. An uncorrected building circuit failure

If a server is connected to two building circuits, it can continue to function if the breaker for one circuit trips and remains uncorrected. All of the other scenarios will bring the server down, unless additional redundancies are in place.

Question 30

Q

Installing an electrical generator for your datacenter is an example of which of the following fault tolerance concepts?

A. Uninterruptible power supply (UPS)

B. Power redundancy

C. Dual power supplies

D. Redundant circuits

Answer

A

B. Power redundancy

Power redundancy is a general term describing any fault tolerance mechanism that enables equipment to continue functioning when one source of power fails. A UPS is a device that uses battery power, not a generator. The term dual power supplies refers to the power supply units inside a computer, not a separate generator. The term redundant circuits refers to multiple connections to the building’s main power, not to a generator.

Question 31

Q

Which of the following is not a fault tolerance mechanism?

A. Port aggregation

B. Clustering

C. MTBF

D. UPS

Answer

A

C. MTBF

Mean Time Between Failures (MTBF) is a hardware specification used to predict the approximate lifetime of a component. It does not refer to any type of fault tolerance mechanism. Port aggregation, clustering, and uninterruptible power supplies (UPSs) are all mechanisms that provide fault tolerance in the event of network adapter, server, and power failures, respectively.

Question 32

Q

Which of the following backup job types does not reset the archive bits of the files it backs up?

A. Full

B. Incremental

C. Differential

D. Supplemental

Answer

A

C. Differential

Differential backups use the archive bit to determine which target files to back up. However, a differential backup does not reset the archive bit. Full backups do not pay attention to the archive bit because they back up all of the files. A full backup, however, does clear the archive bit after the job is completed. Incremental backups also use the archive bit to determine which files have changed since the previous backup job. The primary difference between an incremental and a differential job, however, is that incremental backups clear the archive bit so that unchanged files are not backed up. There is no such thing as a supplemental backup job.

Question 33

Q

Which of the following RAID levels does not provide fault tolerance?

A. RAID 0

B. RAID 1

C. RAID 5

D. RAID 10

Answer

A

A. RAID 0

Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 0 uses data striping only (blocks written to each disk in turn), which does not provide any form of fault tolerance.

Question 34

Q

Which of the following is the criterion most commonly used to filter files for backup jobs?

A. Filename

B. File extension

C. File attributes

D. File size

Answer

A

C. File attributes

The archive bit that backup software uses to perform incremental and differential jobs is a file attribute, so this is the most commonly used filter type. It is possible to filter files based on their names, their extensions, and their size, but these are not used as often as the archive file attribute.

Question 35

Q

What are the three elements in the Grandfather-Father-Son media rotation system?

A. Hard disk drives, optical drives, and magnetic tape drives

B. Incremental, differential, and full backup jobs

C. Monthly, weekly, and daily backup jobs

D. QIC, DAT, and DLT tape drives

Answer

A

C. Monthly, weekly, and daily backup jobs

The generational media rotation system uses the terms grandfather, father, and son to refer to backup jobs that are run monthly, weekly, and daily. The jobs can be full, incremental, or differential, and the terms have nothing to do with whether the backup medium is a hard disk, optical, or any type of tape drive.

Question 36

Q

You are installing a new Windows server with two hard disk drives in it, and you want to use RAID to create a fault-tolerant storage system. Which of the following RAID levels can you configure the server to use?

A. RAID 0

B. RAID 1

C. RAID 5

D. RAID 10

Answer

A

B. RAID 1

RAID 1 provides disk mirroring for fault tolerance and requires two or more disk drives. RAID 0 provides data striping only, with no fault tolerance. RAID 5 combines disk striping (blocks written to each disk in turn) with distributed storage of parity information for fault tolerance, but it requires a minimum of three disk drives. RAID 10 creates mirrored stripe sets and requires at least four disk drives.

Question 37

Q

Which of the following media types is Windows Server Backup unable to use to store backed-up data?

A. Local hard disks

B. Local optical disks

C. Magnetic tape drives

D. Remote shared folders

Answer

A

C. Magnetic tape drives

Windows Server Backup cannot back up data to magnetic tape drives. However, it can back up to local hard disks, optical disks, and remote shares.

Question 38

Q

Which of the following is not a type of server load balancing mechanism?

A. DNS round-robin

B. Network address translation

C. Content switching

D. Multilayer switching

Answer

A

B. Network address translation

Load balancing is a method of distributing incoming traffic among multiple servers. Network address translation (NAT) is a routing mechanism that enables computers on a private network to share one or more public IP addresses. It is therefore not a load balancing method. DNS round-robin, multilayer switching, and content switching are all mechanisms that enable a server cluster to share client traffic.

Question 39

Q

Which of the following mechanisms for load balancing web servers is able to read the incoming HTTP and HTTPS requests and perform advanced functions based on the information they contain?

A. Content switches

B. Multilayer switches

C. Failover clustering

D. DNS round-robin

Answer

A

A. Content switches

A content switch is an application layer device, which is what renders it capable of reading the incoming Hypertext Transfer Protocol (HTTP/HTTPS) messages. HTTP is an application layer protocol. Multilayer switches do not operate above the transport layer. Failover clustering and DNS round-robin are both techniques for distributing incoming traffic with actually processing it.

Question 40

Q

Why does performing incremental backups to a hard drive, rather than a tape drive, make it possible to restore a server with a single job, rather than multiple jobs?

A. Because hard drives hold more data than tape drives

B. Because hard drives can transfer data faster than tape drives

C. Because hard drives are random access devices and tape drives are not

D. Because hard drives use a different block size than tape drives

Answer

A

C. Because hard drives are random access devices and tape drives are not

Data is stored on tape drives in a linear fashion. Once you write backup data to a tape, you cannot selectively replace individual files. When you perform a restore job, you might have to restore the most recent full backup, followed by incremental backups, which overwrite some of the full backup files with newer ones. Hard disk drives are random access devices, meaning that individual files can be written to and read from any location on the disk. When you perform incremental backup jobs to a hard disk, the software can restore data using any version of each file that is available. Data capacity, transfer speed, and block size are not relevant.

Question 41

Q

Which of the following are valid reasons why online uninterruptible power supplies (UPSs) are more expensive than standby UPSs?

A. Online UPSs enable devices to run longer when a main power failure occurs.

B. Online UPSs enable devices to run continuously when a main power failure occurs.

C. Online UPSs are managed devices that can generate alerts.

D. Online UPSs provide greater protection against power spikes and sags.

Answer

A

B. Online UPSs enable devices to run continuously when a main power failure occurs.

Online UPSs run devices from the battery all the time, while simultaneously keeping the battery charged. There is therefore no switchover gap when a power failure occurs. Online UPSs do not necessarily run longer than standby UPSs, nor do they provide more protection again power spikes and sags. Both online and standby UPSs can be managed devices.

Question 42

Q

Which of the following statements best describes the difference between the fault tolerance mechanisms disk mirroring and disk duplexing?

A. Disk mirroring enables a server to survive the failure of a disk drive.

B. Disk duplexing enables a server to survive the failure of a disk controller.

C. Disk duplexing enables a server to survive a failure of a disk drive or a disk controller.

D. Disk duplexing enables a server to survive a failure of a disk drive or a disk controller.

Answer

A

C. Disk duplexing enables a server to survive a failure of a disk drive or a disk controller.

As with disk mirroring, disk duplexing uses multiple hard disk drives to store duplicate copies of all data. However, disk duplexing calls for each disk to be connected to a separate controller so that the data remains available despite a disk failure or a controller failure.

Question 43

Q

A network load balancing cluster is made up of multiple computers that function as a single entity. Which of the following terms is used to describe an individual computer in a load balancing cluster?

A. Node

B. Host

C. Server

D. Box

Answer

A

A. Node

In a network load balancing cluster, each computer is referred to as a host. Other types of clusters use other terms. For example, in a failover cluster, each computer is called a node.

Question 44

Q

If you back up your network by performing a full backup every Wednesday at 6:00 p.m. and differential backups in the evening on the other six days of the week, how many jobs would be needed to completely restore a computer with a hard drive that failed on a Tuesday at noon?

A. One

B. Two

C. Six

D. Seven

Answer

A

B. Two

A differential backup is a job that backs up all the files that have changed since the last full backup. Therefore, to restore a system that failed on Tuesday at noon, you would have to restore the most recent full backup from the previous Wednesday and the most recent differential from Monday.

Question 45

Q

Which of the following is an element of high availability systems that enables them to automatically detect problems and react to them?

A. Backups

B. Snapshots

C. Failover

D. Cold sites

Answer

A

C. Failover

Highly available systems often have redundant components that enable them to continue operating even after a failure of a hard disk, server, or other component. Backups, snapshots, and cold sites can all contribute to a system’s high availability, but they do not function automatically.

Question 46

Q

Which of the following disaster recovery mechanisms can be made operational in the least amount of time?

A. A cold site

B. A warm site

C. A hot site

D. All of the options are the same.

Answer

A

C. A hot site

Cold, warm, and hot backup sites differ in the hardware and software they have installed. A cold site is just a space at a remote location. The hardware and software must be procured and installed before the network can be restored. It is therefore the least expensive and takes the most time. A warm site has hardware in place that must be installed and configured. A hot site has all of the necessary hardware installed and configured. A warm site is more expensive than a cold site, and a hot site is the most expensive and takes the least amount of time to be made operational.

Question 47

Q

Which of the following terms defines how long it will take to restore a server from backups if a complete system failure occurs?

A. RPO

B. RTO

C. BCP

D. MIB

Answer

A

B. RTO

The recovery time objective (RTO) specifies the amount of time needed to restore a server from the most recent backup if it should fail. This time interval depends on the amount of data involved and the speed of the backup medium.

Question 48

Q

If you back up your network by performing a full backup every Wednesday at 6:00 p.m. and incremental backups in the evening of the other days of the week, how many jobs would be needed to completely restore a computer with a hard drive that failed on a Monday at noon?

A. One

B. Two

C. Five

D. Six

Answer

A

C. Five

An incremental backup is a job that backs up all of the files that have changed since the last backup of any kind. Therefore, to restore a system that failed on Monday at noon, you would have to restore the most recent full backup from the previous Wednesday and the incrementals from Thursday, Friday, Saturday, and Sunday.

Question 49

Q

Which of the following elements would you typically not expect to find in a service level agreement (SLA) between an Internet service provider (ISP) and a subscriber?

A. A definition of the services to be provided by the ISP

B. A list of specifications for the equipment to be provided by the ISP

C. The types and schedule for the technical support to be provided by the ISP

D. The types of applications that the subscriber will use when accessing the ISP’s services

Answer

A

D. The types of applications that the subscriber will use when accessing the ISP’s services

An ISP provides subscribers with access to the Internet. The applications that the subscriber uses on the Internet are typically not part of the SLA. An SLA does typically specify exactly what services the ISP will supply, what equipment the ISP will provide, and the technical support services the ISP will furnish as part of the agreement.

Question 50

Q

How does an autochanger increase the overall storage capacity of a backup solution?

A. By compressing data before it is stored on the medium

B. By automatically inserting media into and removing it from a drive

C. By running a tape drive at half its normal speed

D. By writing two tracks at once onto a magnetic tape

Answer

A

B. By automatically inserting media into and removing it from a drive

An autochanger is a robotic device containing one or more removable media drives, such as magnetic tape or optical disk drives. The robotic mechanism inserts and removes media cartridges automatically so that a backup job can span multiple cartridges, increasing its overall capacity.

Question 51

Q

For a complete restore of a computer that failed at noon on Tuesday, how many jobs would be needed if you performed full backups to tape at 6:00 a.m. every Wednesday and Saturday and incremental backups to tape at 6:00 a.m. every other day?

A. One

B. Two

C. Three

D. Four

Answer

A

D. Four

An incremental backup is a job that backs up all of the files that have changed since the last backup of any kind. Therefore, to restore a system that failed on Tuesday at noon, you would have to restore the most recent full backup from the previous Saturday and the incrementals from Sunday, Monday, and Tuesday morning.

Question 52

Q

You have just completed negotiating an annual contract with a provider to furnish your company with cloud services. As part of the contract, the provider has agreed to guarantee that the services will be available 99.9 percent of the time, around the clock, seven days per week. If the services are unavailable more than 0.1 percent of the time, your company is due a price adjustment. Which of the following terms describes this clause of the contract?

A. SLA

B. MTBF

C. AUP

D. MTTR

Answer

A

A. SLA

A service level agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available.

Question 53

Q

Which of the following disaster recovery mechanisms is the least expensive to implement?

A. A cold site.

B. A warm site.

C. A hot site.

D. All of the options cost the same.

Answer

A

A. A cold site.

Cold, warm, and hot backup sites differ in the hardware and software they have installed. A cold site is just a space at a remote location. The hardware and software must be procured and installed before the network can be restored. It is therefore the least expensive.

Question 54

Q

Which of the following statements about port aggregation is not true?

A. All of the aggregated ports use the same MAC address.

B. Port aggregation can be a fault tolerance mechanism.

C. Aggregating ports increases network throughput.

D. Port aggregation provides load balancing.

Answer

A

D. Port aggregation provides load balancing.

Load balancing refers to the distribution of traffic between two or more channels. Port aggregation combines ports into a single logical channel with a single MAC address and provides greater throughput. Port aggregation also provides fault tolerance in the event of a port failure.

Question 55

Q

Which of the following can be provided by clustering servers?

A. Fault tolerance

B. Load balancing

C. Failover

D. All of the above

Answer

A

D. All of the above

A cluster is a group of computers configured with the same application that function as a single unit. The cluster can function as a fault tolerance mechanism by failing over from one server to the next, when necessary, or provide load balancing by distributing traffic among the servers.

Question 56

Q

Which of the following specifications would you most want to examine when comparing hard disk models for your new RAID array?

A. MTBF

B. SLA

C. AUP

D. MTTR

Answer

A

A. MTBF

Mean Time Between Failures (MTBF) specifies how long you can expect a device to run before it malfunctions. For a hard disk, this specification indicates the life expectancy of the device.

Question 57

Q

When you configure NIC teaming on a server with two network adapters in an active/passive configuration, which of the following services is provided?

A. Load balancing

B. Fault tolerance

C. Server clustering

D. Traffic shaping

Answer

A

B. Fault tolerance

NIC teaming enables you to combine the functionality of two network interface cards (NIC) in one connection. However, when you configure a NIC team to use an active/passive configuration, one of the network adapters remains idle and functions as a fault tolerance mechanism. If the other NIC should fail, the passive NIC becomes active. In this configuration, NIC teaming does not provide load balancing, server clustering, or traffic shaping.

Question 58

Q

Which of the following is not a load balancing mechanism?

A. NIC teaming

B. Server clustering

C. DNS round robin

D. RAID 1

Answer

A

D. RAID 1

Redundant Array of Independent Disks (RAID) level 1 is a fault tolerance mechanism that is also known as disk mirroring. A storage subsystem writes data to two or more disks at the same time so that if a disk fails, the data remains available. Because data is written to the disks at the same time, this RAID level does not provide load balancing.

Question 59

Q

Which of the following describes the difference between cold, warm, and hot backup sites?

A. Whether the backup site is owned, borrowed, or rented

B. The age of the most recent backup stored at the site

C. The cost of the hardware used at the site

D. The time needed to get the site up and running

Answer

A

D. The time needed to get the site up and running

The temperature refers to the sites readiness to assume the role of the network. A cold site is just a space at a remote location. The hardware and software must be procured and installed before the network can be restored. A warm site has hardware in place that must be installed and configured. It takes less time to restore the network than at a cold site, but more than at a hot site. A hot site has all of the necessary hardware installed and configured. The network can go live as soon as the most recent data is restored.

Question 60

Q

Which of the following storage techniques prevents version skew from occurring during a system backup?

A. Incrementals

B. Differentials

C. Iterations

D. Snapshots

Answer

A

D. Snapshots

Version skew can occur when a data set changes while a system backup is running. A file written to a directory that has already been backed up will not appear on the backup media, even though the job might still be running. This can result in unprotected files, or worse, data corruption. A snapshot is a read-only copy of a data set taken at a specific moment in time. By creating a snapshot and then backing it up, you can be sure that no data corruption has occurred due to version skew. Incrementals and differentials are types of backup jobs, and iteration is not a specific storage technology.

Question 61

Q

Which of the following is a term for a read-only copy of a data set made at a specific moment in time?

A. Snapshot

B. Incremental

C. Hot site

D. Differential

Answer

A

A. Snapshot

A snapshot is a read-only copy of a data set taken at a specific moment in time. By creating a snapshot and then backing it up, you can be sure that no data corruption has occurred due to version skew. A hot site is an alternative network location in which all hardware and software is installed and ready. Incrementals and differentials are types of backup jobs.

Question 62

Q

Which of the following processes scans multiple computers on a network for a particular open TCP or UDP port?

A. Port scanning

B. War driving

C. Port sweeping

D. Bluejacking

Answer

A

C. Port sweeping

Port scanning identifies open ports on a single computer, whereas port sweeping scans multiple computers for a single open port. War driving and bluejacking are methods of attacking wireless networks.

Question 63

Q

Which of the following statements best explains the difference between a protocol analyzer and a sniffer?

A. Analyzers examine the contents of packets, whereas sniffers analyze traffic trends.

B. Analyzers are software products, whereas sniffers are hardware products.

C. Analyzers connect to wired networks, whereas sniffers analyze wireless traffic.

D. There is no difference between analyzers and sniffers.

Answer

A

A. Analyzers examine the contents of packets, whereas sniffers analyze traffic trends.

The difference between analyzers and sniffers is that analyzers read the internal contents of the packets they capture, parse the individual data units, and display information about each of the protocols involved in the creation of the packet. Sniffers look for trends and patterns in the network traffic without examining the contents of each packet. Both analyzers and sniffers can be implemented as hardware or software. Analyzers and sniffers are available for wired and wireless networks.

Question 64

Q

Which of the following software releases is a fix designed to address one specific issue?

A. A patch

B. An update

C. An upgrade

D. A service pack

Answer

A

A. A patch

A patch is a relatively small update that is designed to address a specific issue, often a security exploit or vulnerability. Patches do not add features or new capabilities; they are fixes targeted at a specific area of the operating system. Updates, upgrades, and service packs are larger packages that might include new features and/or many different fixes.

Answer 65

A

D. All Windows operating systems include a protocol analyzer.

Answer 66

A

B. top

The top utility displays performance information about the currently running processes on a Unix/Linux system. Netstat is a tool that enables you to view active network connections and TCP/IP traffic statistics. It does not measure system performance. There are no Unix/Linux tools called monitor or cpustat.

Answer 67

A

A. Firmware updates

Firmware is a type of software permanently written to the memory built into a hardware device. A firmware overrides the read-only nature of this memory to update the software. Driver updates, feature updates, and vulnerability patches are typically applied to software products, such as applications and operating systems.

Answer 68

A

B. Monthly, on the second Tuesday of the month

For Windows users, the second Tuesday of every month is “Patch Tuesday,” when Microsoft releases the latest operating system patches for automatic download.

Answer 69

A

C. Rolling back

Rolling back, the process of uninstalling a patch to revert to the previous version of the software, is not part of the patch evaluation process. The evaluation process for new patches in a corporate environment usually consists of a research stage, in which you examine the need and purpose for the patch, a testing stage, in which you install the patch on a lab machine, and a backup of the production systems to which you will apply the patch.

Answer 70

A

A. Vulnerability patch

Vulnerability patches are usually updates that address severe issues that have been recently discovered. When the vulnerability is severe, the software manufacturer might release a patch as soon as it is available, rather than wait for the next scheduled release. Feature changes, driver updates, and firmware updates are usually not time sensitive and are released on schedule.

Answer 71

A

B. Driver update

If a device driver is functioning properly, many administrators would prefer not to update it, believing that “if it ain’t broke, don’t fix it.” Unless a device driver update addresses a specific bug or an incompatibility that the system is experiencing, there might be no need to install it. Feature changes, operating system updates, and especially vulnerability patches are more likely to be recommended installs.

Answer 72

A

D. Rollback

Rollback is a term used in change management to describe the process of reversing a change that has been made, to restore the original configuration. In the case of patch management, a rollback is the process of uninstalling a recently installed software update. The terms backslide, downgrade, and reset are not used to describe this procedure.

Answer 73

A

C. Event Viewer

The utility shown in the figure is the Windows Event Viewer, which displays the contents of the system, application, setup, and security logs, as well as others.

Answer 74

A

A. syslog

Syslog is a standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail SMTP server, across an IP network to a message collector, called a syslog server.

Answer 75

A

A. Implement traffic shaping.

Traffic shaping is a technique for prioritizing packets by buffering packets that are not time sensitive for later transmission. You can use this technique to give VoIP packets priority over other types of traffic.

Answer 76

A

A. Simple Network Management Protocol (SNMP) management

The best solution is to implement SNMP. This includes a management console, agents, and management information bases (MIBs). SNMP allows you to track statistical network information (historical and current) and produce reports for baseline analysis and troubleshooting. Some SNMP products also allow you to track software distribution and metering.

Answer 77

A

B. Only 1500 frames have passed the capture filter and are currently being held in the buffer.

Protocol analyzers report the total number of frames seen compared to the number of frames that were accepted. If a capture filter has been configured, there will be a discrepancy between these two values. Only frames that meet the capture criteria will be accepted by the analyzer and placed in the buffer for later display. Protocol analyzers place good and bad frames into the buffer as long as they meet the capture criteria. If only good frames were placed in the buffer, there would be no way to identify problems.

Answer 78

A

C. MIB

A management information base (MIB) is the database on an SNMP console where all of the counters and associated object identifiers (OIDs) are referenced.

Answer 79

A

A. Configure a display filter.

Once the frames are in the buffer, you can configure a display filter to block the unwanted frames from view. This doesn’t delete them from the buffer. Since the capture was already performed, there is no need to restart the capture. Also, configuring a capture filter will not meet the requirements, since the filter will eliminate the other frames completely from the buffer. You can’t delete frames from an analyzer buffer.

Answer 80

A

B. A list of open ports through which the system can be accessed

A port scanner examines a system for open endpoints, accessible using the TCP or UDP protocols, which intruders can conceivably use to gain access to the system from the network.

Answer 81

A

B. Transport

A port is a numbered service endpoint identifying an application running on a TCP/IP system. A port scanner examines a system for open endpoints, accessible using the TCP or UDP protocols at the transport layer, which intruders can conceivably use to gain access to the system from the network.

Answer 82

A

A. SIEM

Security Information and Event Management (SIEM) is a product that combines two technologies: security event management (SEM) and security information management (SIM). Together, the two provide a combined solution for gathering and analyzing information about a network’s security events.

Answer 83

A

B. A port scanner examines a computer for TCP and UDP endpoints that are accessible from the network.

The ports that a port scanner examines are the system endpoints identified by port numbers in TCP and UDP protocol headers. An open port provides network access to an application running on the computer, which can conceivably exploited by an intruder.

Answer 84

A

D. To interpret web server logs, you use a protocol analyzer.

A protocol analyzer provides information about network traffic; it does not interpret web server logs.

Answer 85

A

B. A baseline is a record of performance levels captured under actual workload conditions.

A baseline is a record of a system’s performance under real-world operating conditions, captured for later comparison as conditions change. The workload during a baseline capture should be genuine, not simulated or estimated.

Answer 86

A

C. Packet analyzer

A packet analyzer is capable of looking at the data inside packets, which in the case of packets generated by Telnet and FTP, can contain passwords in clear text. Packet sniffers analyzer traffic patterns, and vulnerability scanners search for open ports. Telnet is itself a terminal emulator and does not display packet contents.

Answer 87

A

B. Install a second network adapter

If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet. The other solutions could conceivably address the problem, but their success is less likely.

Answer 88

A

A. A protocol analyzer can display the application data in packets captured from the network.

Protocol analyzers capture packets from the network and interpret their contents, which includes displaying the application layer payload, which can include confidential information. Protocol analyzers can display the IP addresses of systems on the network, but this is not a great security threat. Protocol analyzers cannot decrypt the protected information it finds in captured packets. Vulnerability scanners detect open ports and launch attacks against them; protocol analyzers do not do this.

Answer 89

A

A. 0

Every syslog message includes a single-digit severity code. The code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 1 is an alert message, indicating that immediate action is needed. Severity code 2 is a critical condition message, and code 3 is an error condition. Code 4 is a warning message.

Answer 90

A

D. 6

Every syslog message includes a single-digit severity code. The code 6 indicates that the message is purely informational. The code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 2 is a critical condition message, and code 4 is a warning message. Code 7 is used strictly for debugging.

Answer 91

A

D. Trap

Messages that SNMP agents send to consoles when an event needing attention occurs are called traps. Alerts and notifications are terms for the messages that the console sends to administrators. A ping is an ICMP echo request message sent from one TCP/IP computer to another.

Answer 92

A

D. Rollbacks

The term rollback refers to the process of uninstalling or downgrading an update patch; it has nothing to do with monitoring a network interface. An interface monitor does typically display the number of transmission errors that occur on an interface, the amount of the available bandwidth that the interface is using, and the number of packets that have been dropped due to errors or discards.

Answer 93

A

D. OS update history

Performance baselines characterize hardware performance, so the OS update history would be of little or no use for future comparisons. A baseline typically consists of CPU, memory, disk, and network performance statistics.

Answer 94

A

B. MAP Toolkit

Microsoft Assessment and Planning Toolkit (MAP Toolkit) is a free application that performs an agentless inventory of a network and uses the information to create reports on specific scenarios, such as whether computers are prepared for an operating system upgrade. Nessus, Nmap, and Microsoft Baseline Security Analyzer (MBSA) are all tools that include vulnerability scanning but that have other capabilities as well.

Answer 95

A

D. Port scanning

Port scanning, the process of looking for open TCP and UDP ports that are exploitable by attackers, is one of the many functions that qualifies as a type of vulnerability scanning. Network mapping, the remediation of vulnerabilities, and penetration testing, which is the process of deliberately performing a planned attack, are not considered vulnerability scanning techniques.

Answer 96

A

B. Forensic analysis

In SIEM, forensic analysis is a process of searching logs on multiple computers for specific information based on set criteria and time periods. Data aggregation is a process of consolidating log information from multiple sources. Correlation is the process of linking logged events with common attributes together. Retention is the long-term storage of log data.

Answer 97

A

C. PPTP

Point-to-Point Tunneling Protocol (PPTP) is considered to be obsolete for VPN use because of several serious security vulnerabilities that have been found in it. IPsec, Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer/Transport Layer Security (SSL/TLS) are all still in use.

Answer 98

A

C. L2TP

Layer 2 Tunneling Protocol (L2TP) is used to create the tunnel forming a VPN connection, but it does not encrypt the traffic passing through the tunnel. To do this, it requires a separate protocol that provides encryption, such as IPsec. Point-to-Point Tunneling Protocol (PPTP) and Secure Sockets Layer (SSL) are both capable of encrypting tunneled traffic.

Answer 99

A

C. SSH

Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security.

Answer 100

A

D. DTLS

Datagram Transport Layer Security (DTLS) is a protocol that provides the same encryption and other web server/browser security functions as Transport Layer Security (TLS), but for User Datagram Protocol (UDP) traffic.

Answer 101

A

A. SSL

Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS.

Answer 102

A

B. SSL

Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS. It was deprecated in 2015.

Answer 103

A

D. Extranet

An extranet VPN is designed to provide clients, vendors, and other outside partners with the ability to connect to your corporate network with limited access.

Answer 104

A

C. AH

Authentication Header (AH) is a protocol in the TCP/IP suite that provides digital integrity services, in the form of a digital signature, which ensures that an incoming packet actually originated from its stated source.

Answer 105

A

B. TFTP

Trivial File Transfer Protocol (TFTP) is typically used to download boot image files to computers performing a Preboot Execution Environment (PXE) startup. It is not used for remote control. Remote Desktop Protocol (RDP) is used by Remote Desktop Services in Windows to provide clients with graphical control over servers at remote locations. Secure Shell (SSH) and Telnet are both character-based tools that enable users to execute commands on remote computers.

Answer 106

A

A. Thin client computing

RDP is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP does not carry actual application data; it just transfers keystrokes, mouse movements, and graphic display information. Because the client program does not participate in the application computing on the server, it is known as a thin client. RDP does not provide virtual private networking, encrypted tunneling, or unauthenticated file transfers.

Answer 107

A

C. SNMP

Simple Network Monitoring Protocol (SNMP) is a means of tracking the performance and functionality of network components. Software or firmware components called agents are embedded in network devices and communicate with a central monitoring console. SNMP does not provide fault tolerance.

Answer 108

A

B. Site-to-site

A site-to-site VPN enables one network to connect to another, enabling users on both networks to access resources on the other one. This is usually a more economical solution for branch office connections than a wide area network (WAN) link.

Answer 109

A

C. Extensible Authentication Protocol (EAP)

EAP is the only authentication protocol included with Windows 10 that supports hardware-based authentication, so this is the only viable option.

Answer 110

A

A. Lack of security

FTP does provide authentication capabilities, but passwords are transmitted over the network in clear text, which is an unacceptable security condition. FTPS adds security in the form of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. SFTP adds Secure Shell (SSH) security. File transfer speed and size limitations are not an issue.

Answer 111

A

A. FTP

FTP provides authentication capabilities, but it transmits passwords over the network in clear text, which is an unacceptable security condition.

Answer 112

A

D. TFTP

Trivial File Transfer Protocol (TFTP) is a simplified version of FTP that does not authenticate clients, so systems booting with PXE can download boot images invisibly after being directed to a TFTP server by the Dynamic Host Configuration Protocol (DHCP).

Answer 113

A

C. Out-of-band management is a method for accessing network devices using a connection to the system other than the production network to which the device is connected.

Out-of-band management refers to the use of an alternative channel to a network device. The channel can be a modem connection, a direct cable connection, a wireless or cellular connection, or a dedicated Ethernet connection.

Answer 114

A

A. ESP

Encapsulating Security Protocol (ESP) is a protocol in the TCP/IP suite that is capable of providing encryption services for IPsec.

Answer 115

A

B. Network

IPsec functions at the network layer of the OSI model, even though it frequently provides encryption for the Layer 2 Tunneling Protocol (L2TP), which operates at the data link layer.

Answer 116

A

B. The browser is using the remote network’s Internet connection.

When you connect to a remote network using VPN, you become a participant on that network, which includes using the remote network’s Internet connection. Therefore, when you open a browser, the application passes your requests through the VPN tunnel to the remote server, which uses the default gateway and Internet connection at the remote site to connect you. This is inherently slower than connecting the browser directly to the Internet from your client computer.

Answer 117

A

D. Two VPN concentrators

A site-to-site VPN connection connects two remote local area networks (LANs) together, enabling users on either network to access the other one. The typical configuration would consist of two VPN concentrators, one at each site, functioning as the endpoints of the connection.

Answer 118

A

C. A workstation and a VPN concentrator

A client-to-site VPN connection connects a single workstation to a remote local area network (LAN), enabling the workstation user to access the remote network’s resources. The typical configuration would consist of a standalone workstation and a VPN concentrator at the network site functioning as the endpoints of the connection.

Answer 119

A

A. Two workstations

A host-to-host VPN connection connects two individual workstations at different locations, enabling the users on each workstation to access the other one through a secure tunnel. The typical configuration would consist of two workstations, one at each site, functioning as the endpoints of the connection.

Answer 120

A

C. SSL tunnel

The two most common types of SSL VPN connection are SSL portals, which provide users with access to selected remote network resources through a standard website, and SSL tunnels, which require the client web browser to run an active control, typically using Java or Flash. An SSL tunnel connection provides more complete access to the remote network. SSL client and SSL gateway are not common SSL VPN connections.

Answer 121

A

A. Out-of-band

The term out-of-band is used to describe any type of management access to a device that does not go through the production network. Plugging a laptop into the console port avoids the network, so it is considered to be an example of out-of-band management. In-band management describes an access method that does through the production network. Client-to-site is a type of VPN connection, and Bring Your Own Device (BYOD) is a policy defining whether and how users are permitted to connect their personal devices to the network.

Answer 122

A

C. FTPS

File Transfer Protocol Secure (FTPS) is a variant on FTP that adds security in the form of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. However, it is not used to secure VPN connections. Point-to-Point Tunneling Protocol (PPTP), IPsec, and Layer 2 Tunneling Protocol (L2TP) are all protocols that provide security for VPN connections.

Answer 123

A

D. https://www.adatum.com:12354

Because the administrative site is encrypted, you must use the HTTPS:// prefix to access it. Because the administrative site uses the nondefault port number 12354, you must append that number to the server name with a colon.

Answer 124

A

C. VNC runs faster than the competition.

VNC supports many operating systems, can run through a web browser, and is free. However, it is not any faster than the competing products.

Answer 125

A

A. Telnet

Telnet (TELetype NETwork) was the first TCP/IP terminal emulation program, but it is rarely used today because of its limitations. It is character-based only, and it transmits all data as clear text, which is insecure.

Answer 126

A

B. HTTPS://

No matter what protocol is used to encrypt a website, you must use the HTTPS:// prefix to access it. HTTP:// is for unencrypted sites, and TLS:// and HTLS:// are nonexistent prefixes.

Answer 127

A

C. SSH encrypts passwords and data.

Telnet transmits keystrokes in clear text, including usernames and passwords. It is therefore insecure. Secure Shell (SSH) improves on the performance of Telnet by encrypting the passwords and other data it transmits over the network. Like Telnet, SSH is free and does not support graphical terminal emulation. SSH is also no faster than Telnet.

Answer 128

A

A. Windows Terminal Services

RDP is the client/server protocol created for use with Windows Terminal Services, now known as Remote Desktop Services. It is not used with VNC, Citrix products, or Telnet.

Answer 129

A

B. MSDS

A material safety data sheet (MSDS) is a document created by manufacturers of chemical, electrical, and mechanical products, specifying the potential dangers and risks associated with them, particularly in regard to exposure or fire. A properly documented network should have MSDS documents on file for all of the chemical and hardware products used to build and maintain it. MSDSs can be obtained from the manufacturer or the Environmental Protection Agency (EPA).

Answer 130

A

D. Privileged user agreement

A privileged user agreement specifies the abilities and limitations of users with respect to the administrative accounts and other privileges they have been granted. Remote access policies specify when and how users are permitted to access the company network from remote locations.

Answer 131

A

A. Remote access policies

Remote access policies specify when and how users are permitted to access the company network from remote locations.

Answer 132

A

B. Below 50 percent

Humidity prevents the buildup of static electricity that can cause discharges that damage equipment. Humidity levels of 50 percent or lower can cause equipment to be susceptible to electrostatic shock.

Answer 133

A

B. AUP

Acceptable use policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. AUPs typically specify what personal work employees can perform, what hardware and software they can install, and what levels of privacy they are permitted when using company equipment.

Answer 134

A

D. BYOD

A Bring Your Own Device (BYOD) policy specifies the personal electronics that employees are permitted to use on the company network and documents the procedures for connecting and securing them.

Answer 135

A

C. NDA

A nondisclosure agreement (NDA) specifies what company information employees are permitted to discuss outside the company.

Answer 136

A

B. By preventing users from entering incorrect passwords more than a specified number of times

Account lockouts limit the number of incorrect passwords that a user can enter. This prevents intruders from trying to crack an account by trying password after password. After a specified number of incorrect tries, the account is locked for a specified length of time or until an administrator unlocks it.

Answer 137

A

C. Data in-motion

Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions, and data at-rest describes data storage. Data-in-transit is not one of the standard data loss prevention terms.

Answer 138

A

A. Data in-use

Data in-use is the data loss prevention term used to describe endpoint access. Data in-motion is the term used to describe network traffic. Data at-rest describes data storage. Data in-process is not one of the standard data loss prevention terms.

Answer 139

A

B. Data at-rest

Data at-rest describes data that is currently in storage while not in use. Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions, and data on-disk is not one of the standard data loss prevention terms.

Answer 140

A

A. Data on-line

Data on-line is not one of the standard data loss prevention terms. Data at-rest is a data loss prevention term that describes data that is currently in storage while not in use. Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions.

Answer 141

A

D. Identity management

On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. This grants new users the privileges they need to use the network, modifies their privileges if they change positions, and revokes privileges when they leave the company. On-boarding and off-boarding are not data loss prevention, incident response, or inventory management processes.

Answer 142

A

C. Revoking a user’s network privileges

On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. Off-boarding revokes a user’s privileges when he or she leaves the company. The term off-boarding does not refer to cluster management, disconnecting a switch, or retiring workstations.

Answer 143

A

A. Documentation

After a change is requested, approved, scheduled, and performed, everyone involved should be notified, and finally the entire process documented for future reference.

Answer 144

A

B. To prevent an incident from occurring again

While incident response policies might include the process of responding to an incident and identifying and documenting its cause, the primary function of incident response policies is to ensure that the same incident does not happen again.

Answer 145

A

D. MSDS

Material safety data sheets (MSDSs) are documents created by manufacturers of chemical, electrical, and mechanical products, which specify the potential risks and dangers associated with them, particularly in regard to flammability and the possibility of toxic outgassing. A properly documented network should have MSDS documents on file for all of the chemical and hardware products used to build and maintain it. MSDSs can be obtained from manufacturer or the Environmental Protection Agency (EPA).

Answer 146

A

D. Upgrades

Software and hardware upgrades are typically not part of an AUP because they are handled by the company’s IP personnel. An AUP for a company typically includes a clause indicating that users have no right to privacy for anything they do using the company’s computers, including email and data storage. An AUP usually specifies that the company is the sole owner of the computer equipment and any proprietary company information stored on it or available through it. The AUP prohibits the use of its computers or network for any illegal practices, typically including spamming, hacking, or malware introduction or development.

Answer 147

A

D. Rebuilding an infrastructure destroyed by an incident

Once a network infrastructure has been partially or completely destroyed, it is no longer a matter of incident response; it passes over into disaster recovery, which requires a different set of policies. Stopping, containing, and remediating an incident are all considered incident response policies.

Answer 148

A

B. On-boarding

The process of adding a user’s personal device and allowing it to access the company network is called on-boarding. Removing the personal device from the network would be called off-boarding. In-band and out-of-band are terms defining methods for gaining administrative access to a managed network device.

Answer 149

A

C. All doors that are normally open should lock themselves.

A fail closed policy for the datacenter specifies that any open doors should lock themselves in the event of an emergency. To support this policy, the datacenter will have to have a self-contained fire suppression system, which uses devices such fire detectors and oxygen-displacing gas systems.

Answer 150

A

A. Passwords that contain mixed upper- and lowercase letters numbers, and symbols

Although all of the options are characteristics of a strong password, the definition of a complex password is one that expands the available character set by using a mixture of upper- and lowercase letters, numerals, and symbols. The larger the character set used to create passwords, the more difficult they are to guess.

Answer 151

A

A. Users cannot reuse recent passwords.

A history requirement in a password policy prevents users from specifying any one of their most recently used passwords. Although creating passwords using the names of relatives and historical figures is not recommended, it is not something that is easy to prevent. Each user maintains his or her own password history; there is no conflict with the passwords of other users.

Answer 152

A

C. Brute force

A brute-force password attack is one in which the perpetrator tries as many passwords as possible in an effort to guess or deduce the right one. Account lockout policies are intended to prevent this type of attack by limiting the number of incorrect password attempts.

Answer 153

A

C. Data preservation

An IT asset disposal policy typically includes procedures to be performed on assets that have reached the end of their useful lives and that are ready for final processing. This includes the wiping of all data, the completion of inventory records, and the possible recycling of the asset. The policy assumes that all data requiring preservation has already been preserved before the asset is submitted for disposal. Therefore, data preservation procedures are not needed at this phase.

Brainscape's Knowledge GenomeTM

Domain 3: Network Operations Flashcards

Brainscape's Knowledge Genome^TM