5.5 Part 2 Networking+
You're unable to SSH into your web server. What rule on the host firewall is the likely culprit?
-A INPUT -o eth0 -p tcp --dport 22 -j DENY
NTP clients on your network are not able to access time servers. Which of the following iptables rules is the cause?
-A OUTPUT -o eth0 -p udp --dport 123 -j DENY
How do hardware failures in star-wired topologies manifest?
A failure will either manifest as a single client being unable to connect, which points to a failure in the link between that client and the switch, or all clients being unable to connect, which points to a network backbone issue.
Why might reducing the DHCP lease time help avoid DHCP scope exhaustion?
A shorter lease time allows IP addresses that are no longer in use to return to the DHCP pool more quickly.
You implement an inbound default deny firewall policy on all hosts, but now users are reporting that they can't download files from the company's internal FTP server. What is the problem?
Active FTP requires the client to provide the FTP server with a port number for the FTP server to connect to on the client. The host firewall is blocking the FTP server from connecting to the client.
What term describes when a DHCP server has no more addresses available?
Exhausted DHCP scope
An entire floor of the office is reporting loss of internet connectivity, but they can still print on the floor printer. What is a possible cause?
Failure of the cable connecting the floor's switch to the office gateway
A user reports that Firefox doesn't trust your company's self-signed certificate. You've verified that the certificate is in the Windows certificate store and Internet Explorer trusts the certificate. What might be the issue?
Firefox maintains its own certificate store, which may not contain the certificate.
Application errors reporting an "invalid token" may be a sign of what issue?
Incorrect host time
Why are issues related to incorrect host time difficult to diagnose?
Incorrect time often manifests as generic "failed" or "invalid token" type messages.
Your company web server was subject to a distributed denial of service attack. What can you do to mitigate the risk of future attacks?
Place your web servers behind a cloud-based content delivery network with DDoS protection
Which of the following is NOT a test for a suspected cable fault affecting a single host?
Restart the host with connectivity issues
You've setup a host firewall on all systems and configured it with default deny inbound and outbound rulesets. You receive a trouble ticket reporting widespread issues checking email. What port(s) did you neglect to open?
TCP ports 587 and 993
Users are unable to download files from a remote FTP server. You've verified that the firewall allows TCP port 21 outbound. You also need to check that the firewall allows inbound traffic from what port?
TCP source port 20
A new tech on your team reports that they can't SSH into the web server. You verify that you can. What should you check next?
That the tech's public key is in the authorized_keys file on the web server
A host is experiencing connectivity problems, and your investigation reveals the host IP address is set to 169.254.37.44. What might be the issue?
The DHCP pool was exhausted and the host couldn't get an IP address.
Windows systems in your company are configured to use the Windows Defender Firewall with Advanced Security as the host-based firewall. What is NOT true about implementing a default deny outbound policy with application-based exceptions?
The Windows Defender Firewall with Advanced Security does not support per-program rules.
After a power outage, a host is unable to authenticate with network resources. The user is receiving an "invalid token" error. What is the problem?
The host's CMOS battery may have died resulting in the host "forgetting" the correct time, meaning that services that rely on time, such as authentication, may not work.
Your company recently merged with another, doubling the number of workers that need to access the internal timecard service. The server is overloaded and keeps crashing. New hardware won't be available for another month. What can you do?
Throttle client connections
A small business you support reports that a new employee cannot connect to their wireless access point. They've verified the employee is entering the SSID, encryption type, and password type correctly. What should you check for next?
To see if the access point is using a MAC address whitelist
When might it be ok to trust an expired certificate?
When managing a legacy appliance that you know hasn't been tampered with
Users in your organization use mail clients configured to use IMAP and SMTP to send and receive email. To improve security, you want to implement firewall rules so that the mail clients can only connect via the secure versions of the protocols (i.e. IMAPS and SMTPS). However, after you update the mail client configurations and the firewall, all users are reporting that they are unable to send and receive email. What ports did you block on the firewall and what ports should you have blocked?
You blocked TCP ports 993 and 587 but should have blocked TCP ports 143 and 25.
Users are reporting issues sending email and delays receiving email. You suspect the issue is network congestion. What tool could you use to test that hypothesis?
pathping