Infrastructure (5) Flashcards
Which of the following technologies can maintain an account database that multiple remote access servers can employ to authenticate remote users?
RADIUS
IDS
NGFW
RADIUS
A Remote Authentication Dial-In User Service (RADIUS) server can provide authentication, authorization, and accounting services for remote access servers. Intrusion detection systems (IDSs), Next Generation Firewalls (NGFWs), and network attached storage (NAS) devices do not provide authentication services
Which of the following is a feature that is not found in a traditional firewall product, but which might be found in a Next Generation Firewall (NGFW)?
Stateful packet inspection
Deep packet inspection
Network Address Translation
Deep packet inspection
Deep packet inspection (DPI) is a firewall technique that examines the data carried in packets and not just the protocol headers. While traditional firewalls typically do not support DPI, Next Generation Firewalls (NGFWs) often do. Stateful packet inspection, Network Address Translation (NAT), and virtual private network (VPN) support are all features that are commonly supported by traditional firewall products
Which of the following services are provided by an AAA server? (Choose all correct answers.)
Authentication
Authorization
Accounting
Assistance
Attenuation
Authentication
Authorization
Accounting
An AAA server, such as Remote Authentication Dial-In User Service (RADIUS), provides authentication, authorization, and accounting services. Assistance and attenuation are not functions provided by AAA servers
Which of the following statements about content filtering is true?
Content filters examine the source IP addresses of packets to locate potential threats.
Content filters enable switches to direct packets out through the correct port.
Content filters examine the data carried within packets for potentially objectionable materials
Content filters examine the data carried within packets for potentially objectionable materials
Content filters are a firewall feature that examines the data inside packets, rather than their origin, to locate objectionable material such as pornography. They do not scan IP addresses, nor do they detect typical types of malware. Content filters are not implemented in switches
Which of the following is not one of the criteria typically used by load balancers to direct incoming traffic to one of a group of servers?
Which server has the fastest response time
Which server is next in an even rotation
Which server has the fastest processor
Which server has the fastest processor
In most cases, a load balancing router works by processing incoming traffic based on rules set by the administrator. The rules can distribute traffic among a group of servers using various criteria, such as each server’s current load or response time or which server is next in a given rotation. Load balancers typically do not use the hardware configuration of the servers to direct traffic, since this is a factor that does not change
Which of the following devices enables you to use a standard analog telephone to place calls using the Internet instead of the Public Switched Telephone Network (PSTN)?
Proxy server
VPN concentrator
VoIP gateway
VoIP gateway
A VoIP gateway is a device that provides a conduit between an IP network and the Public Switched Telephone Network (PSTN). The gateway enables standard telephones connected to the PSTN to place calls using VoIP services on the Internet. A proxy server is an application layer device that provides web browsers and other client programs to access the Internet. A virtual private network (VPN) concentrator is a type of router that enables multiple client systems to access a network from remote locations. A unified threat management (UTM) appliance typically performs VPN, firewall, and antivirus functions
Which of the following devices enable users on private networks to access the Internet by substituting a registered IP address for their private addresses? (Choose all correct answers.)
NAT router
RADIUS server
Proxy server
UTM appliance
NAT router
Proxy server
Network address translation (NAT) is a network layer device that converts the private IP addresses is all of a client’s transmissions to registered IP address. NAT therefore works for all applications. A proxy server is an application layer device that performs the same type of conversion, but only for specific applications. A Remote Authentication Dial-In User Service (RADIUS) server can provide authentication, authorization, and accounting services for remote access servers. It does not convert IP addresses. A unified threat management (UTM) appliance typically performs VPN, firewall, and antivirus functions. It too does not convert IP addresses
A VPN concentrator is an advanced type of which of the following devices?
Switch
Router
Gateway
Router
A virtual private network (VPN) concentrator is a type of router that enables multiple client systems to access a network from remote locations. Because the device provides an interface between networks, it is considered to be a type of router, not a switch, a gateway, or a bridge
Which of the following technologies is typically associated with virtual PBX services?
Quality of service
Voice over IP
CARP
Voice over IP
A virtual PBX is an arrangement in which a telephone company provides the PBX services to a customer but maintains the actual hardware at their own facility. The recent emphasis on cloud computing has led to a number of hosted PBX solutions that use Voice over IP (VoIP) to provide services to customers. Quality of service (QoS) is a technique for prioritizing traffic by tagging packets based on their content. It is not a virtual PBX technique. The Cache Array Routing Protocol (CARP) enables proxy servers to exchange information; it does not provide virtual PBX services. In round-robin DNS, a DNS server contains multiple resource records for the same server name, each with a different IP address representing one of the computers running the server application. When a client resolves the server name, the DNS server accesses each of the resource records in turn so that each address theoretically receives the same number of visitors. This is not a virtual PBX technology
Ralph, the administrator of a 500-node private internetwork, is devising a plan to connect the network to the Internet. The primary objective of the project is to provide all of the network users with access to web and email services while keeping the client computers safe from unauthorized users on the Internet. The secondary objectives of the project are to avoid having to manually configure IP addresses on each one of the client computers individually and to provide a means of monitoring and regulating the users’ access to the Internet. Ralph submits a proposal calling for the use of private IP addresses on the client computers and a series of proxy servers with public, registered IP addresses, connected to the Internet using multiple T-1 lines. Which of the following statements about Ralph’s proposed Internet access solution is true?
The proposal fails to satisfy both the primary and secondary objectives.
The proposal satisfies the primary objective but neither of the secondary objectives.
The proposal satisfies the primary objective and one of the secondary objectives.
The proposal satisfies the primary objective and one of the secondary objectives.
Proxy servers provide network users with access to Internet services, and the unregistered IP addresses on the client computers protect them from unauthorized access by users on the Internet, which satisfies the first objective. The proxy servers also make it possible for network administrators to regulate users’ access to the Internet, which satisfies one of the two secondary objectives. However, the proxy servers cannot assign IP addresses to the client computers, and the plan makes no mention of DHCP or another automatic TCP/IP configuration mechanism. Therefore, the plan does not satisfy the other secondary objective
Which of the following protocols can be used by wireless controllers to communicate with the access points on a wireless local area network (WLAN)? (Choose all correct answers.)
CAPWAP
LWAPP
LDAP
PPTP
CAPWAP
LWAPP
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol and the Lightweight Access Point Protocol (LWAPP) are both protocols that enable wireless controllers to manage and control Thin access points. Lightweight Directory Access Protocol (LDAP) is used by directory services, and Point-to-Point Tunneling Protocol (PPTP) is used for virtual private networking
Which of the following devices enables administrators of enterprise wireless networks to manage multiple access points from a central location?
Hypervisor
Wireless controller
Wireless endpoint
Wireless controller
In many enterprise wireless networks, the access points do not run a full operating system and are called Thin or lightweight APs. The network also has a device called a wireless controller that performs some of the required tasks and manages the APs. A wireless endpoint is another term for a computer or other device that is a client on the wireless network. Hypervisors and demarcation points have nothing to do with wireless networking. A hypervisor creates and manages virtual machines on a host server, and a demarcation point is the interface between a private network and an outside telecommunications service
Which of the following devices can administrators used to create multiple virtual local area networks (VLANs) and forward traffic between them?
Multilayer switch
Virtual router
Load balancer
Multilayer switch
A multilayer switch is a network connectivity device that function at both layer 2 and layer 3 of the OSI model. At layer 2, the device functions like a normal switch, providing individual collision domains to each connected node and enabling administrators to create multiple VLANs. At layer 3, the device also provides routing capabilities by forwarding packets between the VLANs. Virtual routers, load balancers, and broadband routers are strictly layer 3 devices that can route traffic but cannot create VLANs
Which of the following is not a mechanism for distributing incoming network traffic among multiple servers?
Round-robin DNS
NLB cluster
VPN concentrator
VPN concentrator
A virtual private network (VPN) concentrator is a type of router that enables multiple client systems to access a network from remote locations. It does not distribute traffic among servers. A load balancer is a type of router that forwards traffic with a single IP address to multiple servers in turn. Round-robin DNS is a technique in which a DNS server resolves a name into several IP addresses, each in turn. A Network Load Balancing (NLB) cluster is a group of servers, all running the same application, that distribute incoming traffic among themselves
A load balancer is a type of which of the following devices?
Switch
Router
Gateway
Router
A load balancer is a type of router that forwards traffic with a single IP address to multiple servers in turn. In most cases, a load balancing router works by processing incoming traffic based on rules set by the administrator. Because a load balancer works with IP addresses, it is a network layer device. Load balancers are not switches, gateways, or firewalls
