2.1 Compare and contrast various devices, their features, and their appropriate placement on the network.
HVAC systems can use the Internet of Things (IoT) to monitor which of the following? (Choose all that apply.) a. Temperature b. Pressure c. Humidity d. Printers e. Occupancy f. Cameras g. Door locks
A, B, C, E. HVAC sensors can measure temperatures and humidity in climate-controlled areas, such as datacenters; atmospheric pressure in devices like boilers and compressors; and occupancy, to control conditions based on the presence of people. Printers, cameras, door locks, and other physical access control devices are not part of an HVAC system.
Which of the following statements about the Open Shortest Path First (OSPF) routing protocol are true? (Choose all that apply.) a. OSPF is an interior gateway protocol. b. OSPF is a link state routing protocol. c. OSPF does not support Classless Inter-Domain Routing (CIDR). d. OSPF shares routes within an autonomous system.
A, B, D. OSPF does support CIDR. All of the other options contain true statements.
What must you do to configure a firewall to admit File Transfer Protocol (FTP) traffic to the internal network using its default port settings? (Choose all that apply.) a. Open port 20 b. Open port 21 c. Open port 22 d. Open port 23 e. Open port 24
A, B. The FTP protocol uses two well-known ports: 20 and 21. A firewall must have both of these ports open to admit FTP traffic. FTP does not require ports 22, 23, or 24.
Which of the following TCP/IP routing protocols measures the efficiency of routes by the number of hops between the source and the destination? a. Routing Internet Protocol (RIP) b. Open Shortest Path First (OSPF) c. Border Gateway Protocol (BGP) d. Intermediate System to Intermediate System (IS-IS)
A. RIP is a distance vector protocol, which uses hop counts to measure the efficiency of routes. OSPF, BGP, and IS-IS are all link state protocols, which do not rely on hop counts.
A multilayer switch can operate at which layers of the Open Systems Interconnection (OSI) model? (Choose all that apply.) a. Physical b. Data link c. Network d. Transport e. Session f. Presentation g. Application
B, C, D. A multilayer switch typically operates at the data link, and network layers, assuming the functions of a switch and a router by using Media Access Control (MAC) addresses at the data link layer (layer 2) and IP addresses at the network layer (layer 3) to forward packets to their appropriate destinations. Some switches also function at the transport layer (layer 4) by distinguishing between User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) traffic and using port numbers to forward packets.
Which of the following statements about proxy servers and NAT servers are true? (Choose all that apply.) a. NAT servers and proxy servers can both provide Internet access to clients running any application. b. NAT servers and proxy servers both use public IP addresses. c. NAT servers and proxy servers both access Internet servers and relay the responses to network clients. d. Both NAT servers and proxy servers cache web data for later use.
B, C. To provide clients with Internet access, a NAT or proxy server must have direct access to the Internet, which requires using a registered, or public, IP address. Both NAT and proxy servers function as the middleman in transactions between the client computers on a private network and Internet servers. The NAT or proxy server transmits the client's service request to the Internet server as though it was its own and, after receiving the reply, relays the response back to the client. Because NAT servers function at the network layer, clients can use any application to access the Internet through the server. Proxy servers, however, operate at the application layer and can provide Internet access only to certain types of client applications. Proxy servers are capable of caching web data for later use, because they are application layer devices that read the application layer protocol data in the message packets they receive. NAT servers are network layer processes that forward packets with no knowledge of the application layer information in their contents.
Which of the following are techniques used in traffic shaping to prevent networks from being overwhelmed by data transmissions? (Choose all that apply.) a. Bandwidth throttling b. Rate limiting c. Broadcast storming d. Network Address Translation (NAT)
A, B. Bandwidth throttling is a traffic shaping technique that prevents specified data streams from transmitting too many packets. Rate limiting is a traffic shaping technique that controls the transmission rate of sending systems. A broadcast storm is a type of network switching loop. NAT is a method by which private networks can share registered IP addresses. Neither of these last two is a traffic shaping technique.
Which of the following hub types are supported by the 100Base-TX physical layer specification? (Choose all that apply.) a. Class I b. Class II c. Class III d. Class IV
A, B. The 100Base-TX specification specifies two hub types: Class I and II. Class I hubs perform signal translation; Class II hubs do not. A network can have only one Class I hub per collision domain; a network can have two Class II hubs per collision domain. The other options do not exist.
Which of the following protocols can be used by wireless controllers to communicate with the Access Points (APs) on a Wireless Local Area Network (WLAN)? Choose all that apply. a. CAPWAP b. LWAPP c. LDAP d. PPTP
A, B. The Control and Provisioning of Wireless Access Points (CAPWAP) protocol and the Lightweight Access Point Protocol (LWAPP) are both protocols that enable wireless controllers to manage and control Access Points (APs). Lightweight Directory Access Protocol (LDAP) is used by directory services, and Point-to-Point Tunneling Protocol (PPTP) is used for virtual private networking.
Which of the following devices enable users on private networks to access the Internet by substituting a registered IP address for their private addresses? (Choose all that apply.) a. NAT router b. RADIUS server c. Proxy server d. UTM appliance
A, C. Network Address Translation (NAT) is a network layer device that converts the private IP addresses of all of a client's transmissions to registered IP address. NAT therefore works for all applications. A proxy server is an application layer device that performs the same type of conversion, but only for specific applications. A Remote Authentication Dial-In User Service (RADIUS) server can provide Authentication, Authorization, Accounting, Auditing (AAAA) services for remote access servers. It does not convert IP addresses. A unified threat management (UTM) appliance typically performs VPN, firewall, and antivirus functions. It too does not convert IP addresses.
Which of the following routing protocols can you use on a TCP/IP internetwork with segments running at different speeds, making hop counts an inaccurate measure of route efficiency? (Choose all that apply.) a. Enhanced Interior Gateway Routing Protocol (EIGRP) b. Routing Information Protocol (RIP) c. Open Shortest Path First (OSPF) d. Border Gateway Protocol (BGP)
A, C. OSPF is a link state routing protocol, which means that it does not rely solely on hop counts to measure the relative efficiency of a route. EIGRP is a hybrid protocol that can use link state routing. RIP is a distance vector routing protocol, meaning that it uses hop counts to measure route efficiency. BGP is an exterior gateway protocol that exchanges routing information among autonomous systems using path vectors or distance vectors.
Which of the following statements about routers are true? (Choose all that apply.) a. Routers are network layer devices that use IP addresses to forward frames. b. Routers are data link layer devices that use Media Access Control (MAC) addresses to forward frames. c. Routers build their internal tables based on destination MAC addresses and forward frames based on source MAC addresses. d. Routers must support the network layer protocol implemented on the Local Area Network (LAN). e. Each port on a router defines a separate broadcast domain.
A, D, E. Routers are network layer devices that use IP addresses to forward frames, not MAC addresses. Routers are protocol dependent. They must support the network layer protocol being routed. As a network layer device, a router defines networks (or LANs) that represent a separate broadcast domain. Routers do not build their routing tables or forward frames using MAC addresses.
Which of the following statements about Routing Information Protocol version 1 (RIPv1) is true? (Choose all that apply.) a. RIPv1 broadcasts the entire contents of the routing table every 30 seconds. b. RIPv1 advertises the subnet mask along with the destination network. c. RIPv1 broadcasts only the elements in the routing table that have changed every 60 seconds. d. RIPv1 does not include the subnet mask in its network advertisements.
A, D. Routers that are running the RIPv1 routing protocol broadcast their entire routing tables every 30 seconds, regardless of whether there has been a change in the network. RIPv1 does not include the subnet mask in its updates, so it does not support subnetting.
Which of the following command-line tools can you use to create and modify static routes on a Unix or Linux system? (Choose all that apply.) a. route b. ifconfig c. traceroute d. ip
A, D. The `route` command was originally created to display a Unix or Linux system's routing table and modify its contents by adding, changing, and deleting static routes. The `ip` command is part of the `iproute2` command-line utility package, which has replaced `route` in many Unix and Linux distributions. Running `ip` with the `route` parameter can manipulate the routing table. The `traceroute` and `ifconfig` tools are not commands for manipulating the routing table.
Which of the following statements about static routing are true? (Choose all that apply.) a. Static routes are manually configured routes that administrators must add, modify, or delete when a change in the network occurs. b. Static routes are automatically added to the routing table by routing protocols when a new network path becomes available. c. Static routes adapt to changes in the network infrastructure automatically. d. Static routes are a recommended solution for large internetworks with redundant paths to each destination network. e. Static routes are a recommended solution for small internetworks with a single path to each destination network.
A, E. Administrators must manually add, modify, or delete static routes when a change in a network occurs. For this reason, static routes are not recommended for use in large internetworks where there are multiple paths to each destination network. Static routes are not automatically added by routing protocols and do not adapt to changes in a network.
Which of the following devices can administrators use to create multiple Virtual Local Area Networks (VLANs) and forward traffic between them? a. Multilayer switch b. Virtual router c. Load balancer d. Broadband router
A. A multilayer switch is a network connectivity device that functions at both layer 2 and layer 3 of the OSI model. At layer 2, the device functions like a normal switch, providing individual collision domains to each connected node and enabling administrators to create multiple VLANs. At layer 3, the device also provides routing capabilities by forwarding packets between the VLANs. Virtual routers, load balancers, and broadband routers are strictly layer 3 devices that can route traffic but cannot create VLANs.
Which of the following is a device that switches calls between endpoints on the local IP network and provides access to external Internet lines? a. VoIP PBX b. VoIP gateway c. VoIP endpoint d. Multilayer switch
A. A private branch exchange (PBX) switches internal calls and provides access to external lines. A VoIP PBX performs the same tasks as a traditional PBX. A VoIP gateway is the device that provides the conduit between an IP network and the Public Switched Telephone Network (PSTN). A VoIP endpoint is a device that makes use of the VoIP system, such as a computer or handset. A multilayer switch is a data networking device that includes both switching and routing capabilities.
Which of the following statements about Internet access through a proxy server accounts for the security against outside intrusion that a proxy provides? a. The proxy server uses a public IP address, and the client computers use private addresses. b. The proxy server uses a private IP address, and the client computers use public addresses. c. Both the proxy server and the client computers use private IP addresses. d. Both the proxy server and the client computers use public IP addresses.
A. Because the client computers use private IP addresses, they are invisible to the Internet, so users outside the private network cannot see or access them. The proxy server has a public IP address so it can participate in service transactions with Internet servers. If the proxy server used a private IP address, it would not be able to access the Internet directly. If the clients used public IP addresses, they would be visible to the Internet and vulnerable to intrusion.
What is the term for the process by which dynamic routing protocols update other routers with routing table information? a. Convergence b. Distance vectoring c. Redistribution d. Dissemination
A. Convergence is the term for the process by which routers propagate information from their routing tables to other routers on the network using dynamic routing protocols. Distance vectoring, redistribution, and dissemination do not describe this process.
Which of the following mechanisms for prioritizing network traffic uses a 6-bit classification identifier in the Internet Protocol (IP) header? a. Diffserv b. CoS c. Traffic shaping d. QoS e. Administrative distance
A. Differentiated services (Diffserv) is a mechanism that provides Quality of Service (QoS) on a network by classifying traffic types using a 6-bit value in the differentiated services (DS) field of the IP header. Class of Service (CoS) is a similar mechanism that operates at the data link layer by adding a 3-bit Priority Code Point (PCP) value to the Ethernet frame. Traffic shaping is a means of prioritizing network traffic that typically works by delaying packets at the application layer. Quality of Service (QoS) is an umbrella term that encompasses a variety of network traffic prioritization mechanisms. Administrative distance is a value that routers use to select the most efficient route to a destination.
Which of the following devices can an administrator use to monitor a network for abnormal or malicious traffic? a. IDS b. UPS c. RADIUS d. DoS e. RAS
A. Intrusion Detection Systems (IDSs) are designed to monitor network traffic for anomalies and send notifications to administrators. Uninterruptible power supplies (UPSs), Remote Authentication Dial-In User Service (RADIUS) servers, Denial-of-Service (DoS) attacks, and Remote Access Service (RAS) servers all have nothing to do with network monitoring.
Which of the following statements about the Enhanced Interior Gateway Routing Protocol (EIGRP) is not true? a. EIGRP does not support classless IPv4 addresses. b. EIGRP is a hybrid routing protocol. c. EIGRP can only transmit incremental routing table updates. d. EIGRP shares routes within an autonomous system.
A. EIGRP can support classless IPv4 addresses. It was designed to replace the Interior Gateway Routing Protocol (IGRP), which could not support classless addresses. All of the other options contain true statements.
Which of the following types of routing protocols route datagrams between autonomous systems? a. EGP b. RIP c. IGP d. OSPF
A. Exterior Gateway Protocol (EGP) routes datagrams between autonomous systems. Interior Gateway Protocol (IGP) routes datagrams within an autonomous system. Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) are examples of interior gateway protocols.
Which of the following TCP/IP routing protocols does not include the subnet mask within its route update messages, preventing it from supporting subnetting? a. Routing Information Protocol, version 1 (RIPv1) b. Routing Information Protocol, version 2 (RIPv2) c. Border Gateway Protocol (BGP) d. Open Shortest Path First (OSPF)
A. RIPv1 does not include the subnet mask in its updates. RIPv2 supports subnetting and includes the subnet mask of each network address in its updates. OSPF and BGP both include the subnet mask within their updates.
Routers that use the Open Shortest Path First (OSPF) routing protocol calculate the relative costs of routes through the network by exchanging which of the following specifications for each interface with other routers? a. Transmission speed b. Data link layer protocol c. Network medium d. IP address
A. Routers that use OSPF transmit the speed of each network interface with the other OSPF routers in the network. This enables the routers to evaluate the cost of various routes through the network and transmit packets using the route with the smallest cost value. The routers do not need to share information about the data link layer protocols or network media they use or their IP addresses.
. In an IPv4 routing table, what is the network destination address for the host system's default route? a. 0.0.0.0 b. 127.0.0.0 c. 127.255.255.255 d. 255.255.255.255
A. The default route in an IPv4 routing table always has a destination address of 0.0.0.0. The other destinations are found in a routing table, but they are not the default route destination.
A VPN headend is an advanced type of which of the following devices? a. Switch b. Router c. Gateway d. Bridge
B. A Virtual Private Network (VPN) headend is a type of router that enables multiple client systems to access a network from remote locations. Because the device provides an interface between networks, it is considered to be a type of router, not a switch, a gateway, or a bridge.
A load balancer is a type of which of the following devices? a. Switch b. Router c. Gateway d. Firewall
B. A load balancer is a type of router that forwards traffic with a single IP address to multiple servers in turn. In most cases, a load balancing router works by processing incoming traffic based on rules set by the administrator. Because a load balancer works with IP addresses, it is a network layer device. Load balancers are not switches, gateways, or firewalls.
What is the maximum number of routes that can be included in a single RIP broadcast packet? a. 20 b. 25 c. 32 d. Unlimited
B. A single RIP broadcast packet can include up to 25 routes. If there are more than 25 routes in the computer's routing table, then RIP must generate additional packets.
Which of the following technologies is typically associated with virtual PBX services? a. Quality of Service (QoS) b. Voice over IP c. CARP d. Round-robin DNS
B. A virtual PBX is an arrangement in which a telephone company provides the PBX services to a customer but maintains the actual hardware at their own facility. The recent emphasis on cloud computing has led to a number of hosted PBX solutions that use Voice over IP (VoIP) to provide services to customers. QoS is a technique for prioritizing traffic by tagging packets based on their content. It is not a virtual PBX technique. The Cache Array Routing Protocol (CARP) enables proxy servers to exchange information; it does not provide virtual PBX services. In round-robin DNS, a DNS server contains multiple resource records for the same server name, each with a different IP address representing one of the computers running the server application. When a client resolves the server name, the DNS server accesses each of the resource records in turn so that each address theoretically receives the same number of visitors. This is not a virtual PBX technology.
Which of the following network devices does not employ Access Control Lists (ACLs) to restrict access? a. Routers b. Hubs c. Switches d. Wireless Access Points (WAPs)
B. ACLs restrict access to network devices by filtering usernames, MAC addresses, IP addresses, or other criteria. Routers, switches, and WAPs all use ACLs to control access to them. Hubs are purely physical layer devices that relay electrical or optical signals. They have no way of controlling access to them.
Which of the following statements about the Border Gateway Protocol (BGP) is not true? a. BGP is an exterior gateway protocol. b. BGP is a link state routing protocol. c. BGP supports Classless Inter-Domain Routing (CIDR). d. BGP shares routes among autonomous systems.
B. BGP is a path vector routing protocol, not a link state routing protocol. All of the other options contain true statements.
Which of the following is a feature that is not found in a traditional firewall product, but which might be found in a Next-Generation Firewall (NGFW)? a. Stateful packet inspection b. Deep Packet Inspection (DPI) c. Network Address Translation (NAT) d. Virtual Private Network (VPN) support
B. DPI is a firewall technique that examines the data carried in packets and not just the protocol headers. While traditional firewalls typically do not support DPI, NGFWs often do. Stateful packet inspection, NAT, and VPN support are all features that are commonly supported by traditional firewall products.
Which of the following devices enables administrators of enterprise wireless networks to manage multiple Access Points (APs) from a central location? a. Hypervisor b. Wireless controller c. Wireless endpoint d. Demarcation point
B. In many enterprise wireless networks, the Access Points (APs) do not run a full operating system and are called thin or lightweight APs. The network also has a device called a wireless controller that performs some of the required tasks and manages the APs. A wireless endpoint is another term for a computer or other device that is a client on the wireless network. Hypervisors and demarcation points have nothing to do with wireless networking. A hypervisor creates and manages Virtual Machines (VMs) on a host server, and a demarcation point is the interface between a private network and an outside telecommunications service.
Which of the following features enables an Intrusion Detection System (IDS) to monitor all of the traffic on a switched network? a. Stateful packet inspection b. Port mirroring c. Trunking d. Service-dependent filtering
B. Port mirroring is a feature found in some switches that takes the form of a special port that runs in promiscuous mode. This means that the switch copies all incoming traffic to that port, as well as to the dedicated destination ports. By connecting an IDS or protocol analyzer to this port, an administrator can access all of the network's traffic. Stateful packet inspection is a firewall feature that enables the device to examine network and transport layer header fields, looking for patterns that indicate damaging behaviors, such as IP spoofing, SYN floods, and teardrop attacks. Trunking is a switch feature that enables administrators to create VLANs that span multiple switches. Service-dependent filtering is a firewall feature that blocks traffic based on transport layer port numbers.
Which of the following TCP/IP parameters, configured on an end system, specifies the Internet Protocol (IP) address of a router on the local network that provides access to other networks? a. WINS Server Addresses b. Default Gateway c. DNS Server Addresses d. Subnet Gateway
B. The Default Gateway parameter specifies the address of the local router that the end system should use to access other networks. The WINS Server Addresses and DNS Server Addresses parameters are used to resolve names to IP addresses. There is no such parameter as Subnet Gateway.
Which of the following devices enables you to use a standard analog telephone to place calls using the Internet instead of the Public Switched Telephone Network (PSTN)? a. Proxy server b. VPN headend c. VoIP gateway d. UTM appliance
C. A VoIP gateway is a device that provides a conduit between an IP network and the Public Switched Telephone Network (PSTN). The gateway enables standard telephones connected to the PSTN to place calls using VoIP services on the Internet. A proxy server is an application layer device that provides web browsers and other client programs to access the Internet. A Virtual Private Network (VPN) headend enables multiple client systems to access a network from remote locations. A unified threat management (UTM) appliance typically performs VPN, firewall, and antivirus functions.
Which of the following statements about content filtering in firewalls is true? a. Content filters examine the source IP addresses of packets to locate potential threats. b. Content filters enable switches to direct packets out through the correct port. c. Content filters examine the data carried within packets for potentially objectionable materials. d. Content filters use frequently updated signatures to locate packets containing malware.
C. Content filters are a firewall feature that examines the data inside packets, rather than their origin, to locate objectionable material. They do not scan IP addresses, nor do they detect typical types of malware. Content filters are not implemented in switches.
Which of the following devices expands on the capabilities of the traditional firewall by adding features like Deep Packet Inspection (DPI) and an Intrusion Prevention System (IPS)? a. RADIUS server b. CSU/DSU c. NGFW d. Proxy server
C. Next-Generation Firewalls (NGFWs) expand on the packet filtering capabilities of traditional firewalls by adding features such as DPI and IPSs, as well as inspection of encrypted traffic and antivirus scanning. Remote Authentication Dial-In User Service (RADIUS) servers can provide centralized Authentication, Authorization, Accounting, Auditing (AAAA) services. A CSU/DSU is a device that provides a router on a private network with access to a leased line. A proxy server is an application layer service that receives Internet service requests from client computers, reads the application layer protocol data in each request, and then generates its own request for the same service and transmits it to the Internet server the client specifies.
Which of the following is not a function that is typically provided by a unified threat management (UTM) appliance? a. Virtual private networking b. Network firewall c. Packet forwarding d. Antivirus protection
C. Packet forwarding is a function typically associated with routers and is not a normal function of a UTM appliance. UTM appliances do typically perform VPN, firewall, and antivirus functions.
Ralph, the administrator of a 500-node private internetwork, is devising a plan to connect the network to the Internet. The primary objective of the project is to provide all of the network users with access to web and email services while keeping the client computers safe from unauthorized users on the Internet. The secondary objectives of the project are to avoid having to manually configure IP addresses on each one of the client computers individually and to provide a means of monitoring and regulating the users' access to the Internet. Ralph submits a proposal calling for the use of private IP addresses on the client computers and a series of proxy servers with public, registered IP addresses, connected to the Internet using multiple T-1 lines. Which of the following statements about Ralph's proposed Internet access solution is true? a. The proposal fails to satisfy both the primary and secondary objectives. b. The proposal satisfies the primary objective but neither of the secondary objectives. c. The proposal satisfies the primary objective and one of the secondary objectives. d. The proposal satisfies the primary objective and both of the secondary objectives.
C. Proxy servers provide network users with access to Internet services, and the unregistered IP addresses on the client computers protect them from unauthorized access by users on the Internet, which satisfies the first objective. The proxy servers also make it possible for network administrators to regulate users' access to the Internet, which satisfies one of the two secondary objectives. However, the proxy servers cannot assign IP addresses to the client computers, and the plan makes no mention of DHCP or another automatic TCP/IP configuration mechanism. Therefore, the plan does not satisfy the other secondary objective.
Which of the following statements about routers is not true? a. Routers can connect two or more networks with dissimilar data link layer protocols and media. b. Routers can connect two or more networks with the same data link layer protocols and media. c. Routers store and maintain route information in a local text file. d. Servers with multiple network interfaces can be configured to function as software routers. e. Routers can learn and populate their routing tables through static and dynamic routing.
C. Routers store and maintain route information in a routing table that is stored in memory, not in a local text file. All of the other statements about routers are true.
Which of the following is not a mechanism for distributing incoming network traffic among multiple servers? a. Load balancer b. Round-robin DNS c. NLB cluster d. VPN headend
D. A Virtual Private Network (VPN) headend is a type of router that enables multiple client systems to access a network from remote locations. It does not distribute traffic among servers. A load balancer is a type of router that forwards traffic with a single IP address to multiple servers in turn. Round-robin DNS is a technique in which a DNS server resolves a name into several IP addresses, each in turn. A Network Load Balancing (NLB) cluster is a group of servers, all running the same application, that distribute incoming traffic among themselves.
Which of the following prevents packets on a TCP/IP internetwork from being transmitted endlessly from router to router? a. Open Shortest Path First (OSPF) b. Maximum Transmission Unit (MTU) c. Administrative distance d. Time to Live (TTL)
D. TTL is a value included in the IPv4 header that specifies the maximum number of hops the packet is allowed on the network. Each router processing the packet reduces the TTL value by one and discards the packet when the value reaches zero. OSPF is a routing protocol. MTU specifies the maximum size of a frame. Administrative distance is a value that routers use to select the most efficient route to a destination.
Proxy servers operate at which layer of the OSI reference model? a. Data link b. Network c. Transport d. Application
D. A proxy server is an application layer service, because it receives Internet service requests from client computers, reads the application layer protocol data in each request, and then generates its own request for the same service and transmits it to the Internet server the client specifies. Only an application layer service can read and process the application layer data in network packets. A proxy server cannot be a data link layer device, because it can provide Internet access to an entire internetwork, while the data link layer is concerned with communications on a single subnet. Proxy servers cannot be network layer devices, because the network layer handles all internetwork packets indiscriminately and is unaware of what application generated the data carried inside the packets. The transport layer is not involved in processing application data, so proxy servers cannot be said to function at the transport layer.
Which of the following terms refers to a routing protocol that does not rely on hop counts to measure the efficiency of routes? a. Interior gateway protocol b. Edge gateway protocol c. Distance vector protocol d. Link state protocol
D. Distance vector protocols rely on hop counts to evaluate the efficiency of routes. Link state protocols use a different type of calculation, usually based on Dijkstra's algorithm. The terms _interior gateway protocol_ and _edge gateway protocol_ do not refer to the method of calculating routing efficiency.
Which of the following is not one of the criteria typically used by load balancers to direct incoming traffic to one of a group of servers? a. Which server has the lightest load b. Which server has the fastest response time c. Which server is next in an even rotation d. Which server has the fastest processor
D. In most cases, a load balancing router works by processing incoming traffic based on rules set by the administrator. The rules can distribute traffic among a group of servers using various criteria, such as each server's current load or response time, or which server is next in a given rotation. Load balancers typically do not use the hardware configuration of the servers to direct traffic since this is a factor that does not change.
Which of the following terms refers to methods by which network traffic is prioritized to prevent applications from suffering faults due to network congestion? a. Port forwarding b. Dynamic routing c. VLANs d. QoS
D. Quality of Service (QoS) is a general term that refers to various mechanisms for prioritizing network traffic so that applications or data streams requiring a certain level of performance are not negatively affected by lower-priority transmissions. Port forwarding is a routing method that redirects traffic intended for one IP address and port number to another. Dynamic routing is a method by which routing tables are automatically updated with new information as the routing fabric of an internetwork changes. Virtual Local Area Networks (VLANs) are a means for partitioning a broadcast domain into discrete units that are functionally equivalent to physical LANs.
The network administrator for a small business is installing a computer to function as a firewall protecting their internetwork from Internet intrusion. At which of the following locations should the administrator install the firewall system? a. Anywhere on the private internetwork, as long as the Internet is accessible b. Between the Internet access router and the Internet Service Provider's (ISP's) network c. At the ISP's network site d. Between the Internet access router and the rest of the private internetwork
D. The firewall is a conduit between the private network and the ISP's network (which provides access to the Internet), through which all traffic must pass. This ensures that the firewall has the opportunity to examine every packet that passes between the private network and the Internet and filter out those that are not authorized. If the firewall was located in the midst of the private internetwork, it would be possible for Internet computers to bypass the firewall and communicate directly with the private systems. Placing the firewall on the far side of the router would put it on the ISP's network, causing it to filter all of the ISP's traffic and not just that destined for the private network. Installing the firewall at the ISP's site would have the same effect as installing it on the far side of the router at the private network site.