Network Operations (5)

Question 1

Which of the following statements best describes a baseline?

A baseline is an estimation of expected performance levels, based on manufacturers’ specifications.

A baseline is a record of performance levels captured under actual workload conditions.

A baseline is a record of performance levels captured under simulated workload conditions.

Answer 1

A baseline is a record of performance levels captured under actual workload conditions.

A baseline is a record of a system’s performance under real-world operating conditions, captured for later comparison as conditions change. The workload during a baseline capture should be genuine, not simulated or estimated

Question 2

Programs such as FTP and Telnet are widely criticized because they transmit all data as clear text, including usernames and passwords. Which of the following types of tools might unscrupulous individuals use to read those passwords?

Packet sniffer

Terminal emulator

Packet analyzer

Answer 2

Packet analyzer

A packet analyzer is capable of looking at the data inside packets, which in the case of packets generated by Telnet and FTP, can contain passwords in clear text. Packet sniffers analyzer traffic patterns, and vulnerability scanners search for open ports. Telnet is itself a terminal emulator and does not display packet contents

Question 3

When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem?

Add memory to the system

Install a second network adapter

Update the network adapter’s firmware

Answer 3

Install a second network adapter

If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet. The other solutions could conceivably address the problem, but their success is less likely

Question 4

Which of the following best states the potential security threat inherent in running a protocol analyzer?

A protocol analyzer can display the application data in packets captured from the network.

A protocol analyzer can display the IP addresses of the systems on the network.

A protocol analyzer can decrypt protected information in packets captured from the network.

Answer 4

A protocol analyzer can display the application data in packets captured from the network.

Protocol analyzers capture packets from the network and interpret their contents, which includes displaying the application layer payload, which can include confidential information. Protocol analyzers can display the IP addresses of systems on the network, but this is not a great security threat. Protocol analyzers cannot decrypt the protected information it finds in captured packets. Vulnerability scanners detect open ports and launch attacks against them; protocol analyzers do not do this

Question 5

Which of the following syslog message severity levels indicates that a system is unusable?

0

1

2

Answer 5

0

Every syslog message includes a single-digit severity code. The code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 1 is an alert message, indicating that immediate action is needed. Severity code 2 is a critical condition message, and code 3 is an error condition. Code 4 is a warning message

Question 6

Which of the following syslog message severity levels indicates that the message is purely informational?

2

4

6

Answer 6

6

Every syslog message includes a single-digit severity code. The code 6 indicates that the message is purely informational. The code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 2 is a critical condition message, and code 4 is a warning message. Code 7 is used strictly for debugging

Question 7

A Simple Network Management Protocol (SNMP) console can inform administrators when a managed device requires attention. For this to occur, the agent in the device first has to send a message to the console. What is the term used for a message sent by an SNMP agent to the central console?

Ping

Alert

Trap

Answer 7

Trap

Messages that SNMP agents send to consoles when an event needing attention occurs are called traps. Alerts and notifications are terms for the messages that the console sends to administrators. A ping is an ICMP echo request message sent from one TCP/IP computer to another

Question 8

Which of the following metrics would you typically not find displayed by an interface monitor?

Error rate

Packet drops

Rollbacks

Answer 8

Rollbacks

The term rollback refers to the process of uninstalling or downgrading an update patch; it has nothing to do with monitoring a network interface. An interface monitor does typically display the number of transmission errors that occur on an interface, the amount of the available bandwidth that the interface is using, and the number of packets that have been dropped due to errors or discards

Question 9

Which of the following are reasons contributing to the number of packet drops displayed by an interface monitor? (Choose all correct answers.)

Resets

Discards

Errors

Overflows

Answer 9

Discards

Errors

The packet drops displayed by an interface monitor are caused by errors, such as malformed or unreadable packets, or discards, packets that are dropped because they are destined for another interface. Resets and overflows are not reasons for packet drops

Question 10

Which of the following is not a statistic that you would typically find in a server performance baseline?

CPU utilization

Disk transfer rate

OS update history

Answer 10

OS update history

Performance baselines characterize hardware performance, so the OS update history would be of little or no use for future comparisons. A baseline typically consists of CPU, memory, disk, and network performance statistics

Question 11

Log management typically consists of which of the following tasks? (Choose all correct answers.)

Rollback

Utilization

Security

Cycling

Answer 11

Security

Cycling

Logs frequently contain sensitive information, so securing them with the appropriate permissions is an essential part of log management. Logs also can grow to overwhelm the storage medium on which they are stored, so cycling is a technique for managing log size by configuring them to delete the oldest record each time a new one is added. Rollback and utilization are not log management tasks

Question 12

Which of the following is not a tool that provides vulnerability scanning capabilities?

Nessus

MAP Toolkit

Nmap

Answer 12

MAP Toolkit

Microsoft Assessment and Planning Toolkit (MAP Toolkit) is a free application that performs an agentless inventory of a network and uses the information to create reports on specific scenarios, such as whether computers are prepared for an operating system upgrade. Nessus, Nmap, and Microsoft Baseline Security Analyzer (MBSA) are all tools that include vulnerability scanning but that have other capabilities as well

Question 13

Which of the following is a function typically classified as vulnerability scanning?

Remediation

Penetration testing

Port scanning

Answer 13

Port scanning

Port scanning, the process of looking for open TCP and UDP ports that are exploitable by attackers, is one of the many functions that qualifies as a type of vulnerability scanning. Network mapping, the remediation of vulnerabilities, and penetration testing, which is the process of deliberately performing a planned attack, are not considered vulnerability scanning techniques

Question 14

Which of the following Security Information and Event Management (SIEM) processes performs searches for specific criteria, during specific time frames, in logs located on different computers?

Data aggregation

Forensic analysis

Correlation

Answer 14

Forensic analysis

In SIEM, forensic analysis is a process of searching logs on multiple computers for specific information based on set criteria and time periods. Data aggregation is a process of consolidating log information from multiple sources. Correlation is the process of linking logged events with common attributes together. Retention is the long-term storage of log data

Question 15

Which of the following virtual private networking protocols is generally considered to be obsolete?

IPsec

L2TP

PPTP

Answer 15

PPTP

Point-to-Point Tunneling Protocol (PPTP) is considered to be obsolete for VPN use because of several serious security vulnerabilities that have been found in it. IPsec, Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer/Transport Layer Security (SSL/TLS) are all still in use

Question 16

Which of the following virtual private networking (VPN) protocols does not provide encryption within the tunnel?

PPTP

IPsec

L2TP

Answer 16

L2TP

Layer 2 Tunneling Protocol (L2TP) is used to create the tunnel forming a VPN connection, but it does not encrypt the traffic passing through the tunnel. To do this, it requires a separate protocol that provides encryption, such as IPsec. Point-to-Point Tunneling Protocol (PPTP) and Secure Sockets Layer (SSL) are both capable of encrypting tunneled traffic

Question 17

Which of the following elements must be identical in both the client and server computers to establish a remote wide area network (WAN) connection? (Choose all correct answers.)

The WAN type

The data link layer protocol

The authentication method

The operating system

Answer 17

The WAN type

The data link layer protocol

The authentication method

Although the computers don’t have to use hardware made by the same manufacturer, both must use the same basic type of wide area network connection, such as a leased line, a modem and PSTN line, or an Internet connection. Both of the computers must also use the same data link layer protocol, such as PPP, to establish a remote network connection. Most remote network connections use some form of authentication mechanism, even if it is nothing more than the exchange of a user name and clear text password. To establish the remote network connection, both computers must be configured to use the same type of authentication, even if it is no authentication at all. As long as all of the other elements are in place, such as the physical layer connection and the protocols, there is no need for both of the computers involved in a remote network connection to be running the same operating system

Question 18

Which of the following is not a protocol that is typically used to secure communication between web servers and web browsers?

SSL

TLS

SSH

Answer 18

SSH

Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. Transport Layer Security (TLS) is an updated security protocol that is designed to replace SSL. Datagram Transport Layer Security (DTLS) is a security protocol that provides the same basic functions as TLS, but for User Datagram Protocol traffic

Question 19

Which of the following is a security protocol that is specifically designed to protect UDP traffic exchanged by web browsers and servers?

TLS

SSH

DTLS

Answer 19

DTLS

Datagram Transport Layer Security (DTLS) is a protocol that provides the same encryption and other web server/browser security functions as Transport Layer Security (TLS), but for User Datagram Protocol (UDP) traffic. Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security

Question 20

Which of the following security protocols used to protect traffic exchanged by web browsers and servers was created first?

SSL

TLS

SSH

Answer 20

SSL

Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS. Datagram Transport Layer Security (DTLS) is a protocol that provides the same encryption and other web server/browser security functions as Transport Layer Security (TLS), but for User Datagram Protocol (UDP) traffic. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security

Question 21

Which of the following web server/browser security protocols was deprecated in 2015 in favor of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)?

SSH

SSL

RDP

Answer 21

SSL

Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS. It was deprecated in 2015. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security like TLS and DTLS. IPsec is a set of security protocols that provide digital signing, encryption, and other services for network transmissions. It is not specifically designed for web security. Remote Desktop Protocol (RDP) is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP is not a web security protocol

Question 22

Which of the following types of virtual private networking (VPN) connection is the best solution for allowing clients limited access to your corporate network?

Site-to-site

Host-to-host

Extranet

Answer 22

Extranet

An extranet VPN is designed to provide clients, vendors, and other outside partners with the ability to connect to your corporate network with limited access. A host-to-site VPN is a remote access solution, enabling users to access the corporate network from home or while traveling. A site-to-site VPN enables a branch office to connect to the home office using the Internet rather a more expensive wide area network (WAN) connection. A host-to-host VPN enables two individual users to establish a protected connection to each other

Question 23

Which of the following protocols does IPsec use to digitally sign packets before transmitting them over the network?

ESP

SSL

AH

Answer 23

AH

Authentication Header (AH) is a protocol in the TCP/IP suite that provides digital integrity services, in the form of a digital signature, which ensures that an incoming packet actually originated from its stated source. Encapsulating Security Protocol (ESP) provides encryption services for IPsec. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. MSCHAP is an authentication protocol used by remote access services

Question 24

Which of the following protocols is not used for remote control of computers?

RDP

TFTP

SSH

Answer 24

TFTP

Trivial File Transfer Protocol (TFTP) is typically used to download boot image files to computers performing a Preboot Execution Environment (PXE) startup. It is not used for remote control. Remote Desktop Protocol (RDP) is used by Remote Desktop Services in Windows to provide clients with graphical control over servers at remote locations. Secure Shell (SSH) and Telnet are both character-based tools that enable users to execute commands on remote computers

Question 25

Which of the following services is provided by the Remote Desktop Protocol (RDP)?

Thin client computing

Virtual private networking

Encrypted tunneling

Answer 25

Thin client computing

RDP is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP does not carry actual application data; it just transfers keystrokes, mouse movements, and graphic display information. Because the client program does not participate in the application computing on the server, it is known as a Thin client. RDP does not provide virtual private networking, encrypted tunneling, or unauthenticated file transfers