Chapter 8, Chapter 7, Windows Server 2019 study guide
Which of the following RAID volume types provide fault tolerance in the event of a single storage device failure? (Choose all that apply.)
striping with parity & mirroring
You have recently installed a new windows server 2016 system. To ensure the accuracy of the system time, you have loaded an application that synchronized the hardware clock on the server with an external time source on the internet. Now, you must configure the firewall on your network to allow time synchronization traffic through. which of the following ports are you most likely to open on the firewall? -110 -80 -123 -119
-123 (TCP/IP port 123 is assigned to the network time protocol (NTP). NTP is used to communicate time synchronization info between systems on a network HTTP uses 80, for requests to a web server and retrieving web pages from a web server. 119 is used by the network news transfer protocol (NTTP) which accesses and retrieves messages from newsgroups. 110 is used by the post office protocol version 3 (POP3) to download email from mail servers)
You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable? -21 -80 -443 -42 -53
-53 (DNS uses port 53)
Haley configures a Web site using Windows 2016 default values. What are the HTTP port and SSL port settings? -80 for HTTP; 443 for SSL -440 for HTTP; 160 for SSL -160 for HTTP; 440 for SSL -443 for HTTP; 80 for SSL
-80 for HTTP; 443 for SSL (The default TCP port setting for HTTP is 80. You can change that setting to another TCP setting that is not in use, but users will have to know they must request the non-default setting, or they will be unable to connect. The SSL port number is 443 and is only used with secure socket layers for encryption)
You connect your computer to a wireless network available at the local library. You find that you can access all Web sites you want on the Internet except for two. What might be causing the problem? -A proxy server is blocking access to websites -Port triggering is redirecting traffic to the wrong IP address -A firewall is blocking ports 80 and 443 -The router has not been configured to perform port forwarding
-A proxy server is blocking access to websites (a proxy server can be configured to block internet access based on website or URL. Many schools and public networks use proxy servers to prevent access to websites with objectionable content. Ports 80 and 443 are used by HTTP to retrieve all web content. if a firewall were blocking these ports, access would be denied to all websites. Port forwarding directs incoming connections to a host on the private network. Port triggering dynamically opens firewall ports based on applications that initiate contact from the private network.)
An all-in-one security appliance is best suited for which type of implementation? -A remote office with no on-site technician. -A company that transmits large amounts of time-sensitive data -A credit card company that stores customer data. -An office with a dedicated network closet
-A remote office with no on-site technician. (all in one security appliances are best suited for small offices with limited space or remote offices without a technician to manage the individual security components. a company with a dedicated network closet would have the space necessary for multiple network devices. and a company that handles large amounts of data should use dedicated devices to maintain optimal performance.)
which of the following features are common functions of an all in one security appliance? (select 2) -quality of service -bandwidth shaping -content caching -password complexity -Spam filtering
-A remote office with no on-site technician. -Spam filtering (security functions in an all in one appliance include -spam filtering -url filter -web content filter -malware inspection -intrusion detection system in addition they can include -network switch -router -firewall -TX uplink (integrated CSU/DSU) -bandwidth shaping)
Which of the following is a characteristic of static routing when compared to dynamic routing? -Routers send packets for destination networks to the next hop router. -All routes must be manually updated on the router. -Routers use the hop count to identify the distance to a destination network. -Routers can only use static routing when not connected to the internet.
-All routes must be manually updated on the router. (static routing requires that entries in the routing table are configured manually. Network entries remain in the routing table until manually removed. WHen changes to the network occur, static entries must be added or removed. The next hop router is used with most routes to identify the next router in the path to the destination, regardless of whether the route is a static or dynamically-learned route. The hop count can be used by static or dynamic routes, depending on the routing protocol used. static routing can be used for private and public networks whether they are connected to the internet or not)
Which of the following describes how access lists can be used to improve network security? -An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers -an access list looks for patterns of traffic between multiple packets and takes action to stop detected attacks -an access list identifies traffic that must use authentication or encryption. -An access list filters traffic based on the frame header such as a source or destination MAC address
-An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers (access lists filter traffic based on the IP header information such as source or destination IP address, Protocol, or socket numbers. Access lists are configured on routers and operate on layer 3 information.)
Which of the following routing protocols is used by routers on the internet for learning and sharing routes? -EIGRP -BGP -OSPF -IS-IS -RIP
-BGP (BGP (border gateway protocol) is the protocol used on the internet. ISPs use BGP to identify routes between ASs. Very large networks can use BGP internally, but typically only share routes on the internet if the AS has two (or more) connection to the internet through different ISPs. RIP is used on small private networks, while OSPF and EIGRP are used on larger private networks. IS-IS is used on very large private networks and within the internet service provider (ISP) network.
Which of the following routing protocols uses paths, rules, and policies instead of a metric for making routing decisions? -IS-IS -OSPF -RIP -EIGRP -BGP
-BGP (BGP is an advanced distance vector protocol (also called a path vector protocol) that uses paths, rules, and policies to make routing decisions.)
You have a network configured to use the OSPF routing protocol. Which of the following describes the state when all OSPF routers have learned about all other routes in the network? -VLSM -Convergence -Classful -Link state -Distance vector
-Convergence (the term convergence is used to describe the condition when all routers have the same (or correct) routing information. Convergence requires some time, but once it is reached, it means that any router has learned about all other networks that are being advertised (or shared) on the network. Link-state and distance vector describe general methods that routers use to share routes with other routers. Classful describes a routing protocol that assumes the subnet mask based on the address class of the network. Variable length subnet masks (VLSM) lets you use custom subnet masks for subnetting or supernetting.)
A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. There is no default route configured on the router. The router receive a packet addressed to network 10.1.0.0/16. What will the router do with the packet? -Hold the packet in cache until a matching route is learned or configured. -send the packet to both networks 192.168.3.0 and 192.168.4.0 and to the next hop router. -send the packet out both of its directly-connected networks as a broadcast frame. -drop the packet
-Drop the packet (if a packet does not match any route in a routing table, the router drops the packet. In this example, the router does not know about the destination network, and it is not configured with a default route. With a default route, the router will forward the packet to the next hop router specified by the default route.)
Which of the following routing protocols is classified as a hybrid routing protocol? -IS-IS -EIGRP -RIP -OSPF
-EIGRP (EIGRP is a hybrid routing protocol developed by cisco for routing within an AS. RIP is a ditance vector protocol, while OSPF and IS-IS are link state protocols.
You want to allow your users to download files from a server running the TCP/IP protocol. You want to require user authentication to gain access to specific directories on the server. What TCP/IP protocol should you implement to provide this capability? -FTP -IP -TFTP -TCP -HTTP -HTML
-FTP (FTP enables file trasnfers and supports user authentication. the trvial file transfer protocol enables file transfer but doesnt support user authentication)
A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The router is also configured with a static route of 0.0.0.0 with a mask of 0.0.0.0. The router receives a packet addressed to the network 10.1.0.0/16. what will the router so with the packet? -Forward the packet to the next hop router specified by the route to the network 0.0.0.0. -drop the packet -send the packet out both of its directly connected networks to the next hop router. -send the packet out both of its directly connected networks as a broadcast frame.
-Forward the packet to the next hop router specified by the route to the network 0.0.0.0. (a route of 0.0.0.0 with a mask of 0.0.0.0 identifies a default route. The default route is used when no other route is a better match. Packets that match no other networks are sent to the next hop router specified by the default route.)
Which of the following are true about reverse proxy? (select two) -Handles requests from the internet to a server in a private network. -Can perform load balancing, authentication, and caching. -Clients always know they are using reverse proxy. -Handles requests from inside a private network out to the internet. -Sits between a client computer and the internet.
-Handles requests from the internet to a server in a private network. -Can perform load balancing, authentication, and caching. (A reverse proxy server handles requests from the internet to a server located inside a private network. Reverse proxies can perform load balancing, authentication, and caching. Reverse proxies often work transparently, meaning clients don't know they are connected to a reverse proxy.)
Which of the following are true about reverse proxy? (select 2) -Handles requests from the internet to a server in a private network. -sits between a client computer and the internet. -can perform load balancing, authentication, and caching. -clients always know they are using reverse proxy -handles requests from inside a private network out to the internet.
-Handles requests from the internet to a server in a private network. -can perform load balancing, authentication, and caching. (a reverse proxy server handles requests from the internet to a server located inside a private network. reverse proxies can perform load balancing, authentication, and caching. reverse proxies often work transparently, meaning clients don't know they are connected to a reverse proxy)
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use? -Host based firewall -Proxy server -VPN concentrator -network based firewall
-Host based firewall (a host based firewall inspects traffic recieved by a host. use a host based firewall to protect you computer from attacks when there is no network based firewall, such as when you connect to the internet in a public location)
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? -MAC address -Username and Password -IP address -session ID
-IP address (A router acting as a firewall at layer 3 is capable of making forwarding decisions based on the IP address The MAC addy is associated with OSI model layer 2. switches and wireless access points use MAC addy's to control access. The session ID is used by a circuit level gateway, and username and password are used by application layer firewalls)
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? -Mac addy -session ID -IP addy -user and pass
-IP addy (a router acting as a firewall on layer 3 is capable of making forwarding decisions based on the ip address. MAC addy is layer 2, session ID is used by circuit level gateways and user/pass is used by application layer)
Under which of the following circumstances might you implement BGP on your company network and share routes with internet routers. -If the network is connected to the internet using public addressing. -If the network has over 15 areas and uses IPv6. -If the network has over 15 hops. -If the network is connected to the internet using multiple ISP's.
-If the network is connected to the internet using multiple ISP's. (very large networks can use BGP internally, but typically only share routes on the internet if the AS has two (or more) connections to the internet through different ISPs If your network has over 15 hops, use a routing protocol other than RIP. Use OSPF or IS-IS to divide your network into areas. Private networks that use public IP addresses do not need to share routes with internet routers; it is typically the responsibility of the ISP to configure routes into the private network, even when public addressing is being used. A single route out of the private network is all that is required if the network has a single connection to the internet.)
You would like to control internet access based on users, time of day, and websites visited. How can you do this? -Configure internet zones using internet options. -Configure a packet filtering firewall. Add internet access only through the proxy server. -Install a proxy server. Allow internet access only through the proxy server. -Enable windows firewall on each system. Add or remove exceptions to control access. -Configure the local security policy of each system to add internet restrictions.
-Install a proxy server. Allow internet access only through the proxy server. You can configure rules on a proxy server based on users, time of day, and websites visited. all intenet acces requests are routed through the proxy server. Use a packet filtering firewall, such as windows firewall, to allow or deny individual packets based on characteristics such as source or destination address and port number. Configure internet zones to identify trusted or restricted websites and control the types of actions that can be performed when visiting those sites.
When multiple routes to a destination exist, what is used to select the best possible route? -Distance vector -Metric -Autonomous system number -Exterior gateway protocol
-Metric (Routers use metric values to identify the distance, or cost, to a destination network. The metric is used by the routing protocol to identify and select the best route to the destination when multiple routes exists. The metric can be calculated based on hop count, bandwidth, or link cost. The exterior gateway protocol is a routing protocol that routes traffic between autonomous systems. The distance vector is a routing protocol that defines how routers update and share routing information. An autonomous system number is a unique number used to identify an autonomous system.)
Which of the following routing protocols divides the network into areas, with all networks required to have an area 0 (area 0 identifying the backbone area)? -EIGRP -RIP -IS-IS -OSPF
-OSPF OSPF divides a large network into areas. Each autonomous system requires an area 0 that identifies the network backbone. All areas are connected to area 0, either directly or indirectly through another area. Routes between areas must pass through area 0. IS-IS uses areas, but does not have an area 0 requirement. Neither RIP nor EIGRP use area.
Which of the following routing protocols uses relative link cost as the metric? -BGP -RIP -OSPF -EIGRP
-OSPF OSPF is a link-state routing protocol used for routing within an OSPF uses relative link cost for the metric.
Which of the following best describes OSPF? -OSPF is a classful distance vector routing protocol. -OSPF is classless link state routing protocol. -OSPF is a classful link state routing protocol. -OSPF is a classless distance vector routing protocol
-OSPF is classless link state routing protocol. RIP version 1 and IGRP are both classful distance vector routing protocols that supports classless addressing.
What are the main differences between the OSPF and IS-IS routing protocols? -OSPF is an IGP routing protocol, while IS-IS is a BGP routing protocol. -OSPF requires an area 0, while IS-IS does not. -OSPF is a classful protocol, while IS-IS is a classless protocol. -OSPF is a link state protocol, while IS-IS is not.
-OSPF requires an area 0, while IS-IS does not. (Like OSPF, IS-IS uses areas when designing the network. However, IS-IS does not require an area 0 like OSPF does. Because IS-IS was originally designed for non-IP protocols, it can more easily support IPv6 routing. Both OSPF and IS-IS have the following characteristics: -both are link state protocols. -both are classless protocols, supporting CIDR and VLSM. -Both are interior Gateway Protocols (IGPs) that are used within an AS)
Which of the following is a firewall function? -Encrypting -Frame filtering -Packet filtering -FTP hosting -Protocol conversion
-Packet filtering (Firewalls open filter packets by checking each packet against a set of administrator-defined criteria. If the packet is not accepted, it is simply dropped)
Which of the following is a firewall function? -encrypting -protocol conversion -frame filtering -FTP hosting -packet filtering
-Packet filtering (firewalls often filter packets by checking each packet against a set of administrator-defined criteria. If the packet is not accepted, it is simply dropped)
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must comunicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? ( select 2) -Put the web server inside the DMZ -Put the web server on the private network -Put the database server on the private network -Put the database server inside the DMZ
-Put the web server inside the DMZ -Put the database server on the private network (publicly accessible servers are placed inside the DMZ, protected servers should be within the protected zone of the private network)
Which of the following protocols has a limit of 15 hops between any two networks? -RIP -BGP -IS-IS -EIGRP -OSPF
-RIP (RIP networks are limited in size to a maximum of 15 hops between any two networks. A networks with a hop count of 16 indicates an unreachable network. The other routing protocols do not use the hop count as the metric. EIGRP uses bandwidth and delay for the metric. OSPF and IS-IS use a relative link cost. BGP uses paths, rules, and policies for the metric)
Which of the following statements about RIP is true? -RIP uses hop counts as the cost metric. -RIP is suitable for large networks. -RIP is the routing protocol used on the internet. -RIP is a link state routing protocol.
-RIP uses hop counts as the cost metric. (RIP is a distance vector routing protocol. As such, it is susceptible to the count-to-infinity problem. RIP uses the hop count as the cost metric. Because it has a limitation of 15 hops in one route, it is not suited for large networks.)
Which of the following are characteristics of a circuit level gateway? (select 2) -Filters IP addresses but not ports -Stateful -Filters by URL -Stateless -Filters by session
-Stateful -Filters by session (a circuit level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. a circuit level proxy is considered a stateful firewall because it keeps track of the state of a session. Packet filtering firewalls are stateless and filter by IP addresses and port number. Application level gateways filter by application layer data, which might include data such as URLs within an HTTP request)
You administer a Web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the Web site as follows: • IP address: 192.168.23.8 • HTTP Port: 1030 • SSL Port: 443 Users complain that they can't connect to the Web site when they type www.westsim.com. What is the most likely source of the problem? -SSL is blocking internet raffic -The HTTP port should be changed to 80 -FTP is not configured on the server -Clients are configured to look for the wrong IP addresses
-The HTTP port should be changed to 80 (the default HTTP port for the web is 80, if you change it, users must know this and specify the correct port number)
What info does the next hop entry in a routing table identify. -The last router in the path to the destination network. -The first router in the path to the destination network. -A backup router that is used to forward packets addresses to unknown networks -The number of routers that the packet must go through to reach the destination network.
-The first router in the path to the destination network. (the next hop router is the first(or next) router in the path to the destination network. Each router looks at the destination network in the packet, then consults the routing table to identify the next hop router to the destination network. The hop count identifies the number of routers in the path to the destination network. A default gateway router is a router that is used for packets sent to external networks. Most routers do not have a default gateway setting, but instead use a default route setting, which identifies a next hop router for all unknown networks.)
A router is connected to a network 192.169.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The next hop router for network 192.168.3.0 has changed. You need to make the change with the least amount of effort possible. What should you do? -Stop and restart the RIP protocol on the router. -Force RIP to perform an immediate update -Wait for convergence to take place -Manually configure the default route to point to the new next hop router.
-Wait for convergence to take place (when using a routing protocol, changes in routing information take some time to be propagated to all routers on the network. The term "convergence" is used to describe the condition when all routers have the same (or correct) routing information. Static routes in the routing table must be updated manually. Restarting RIP might actually increase the time required for changes to be learned. Forcing an update (if the router supports it) is not a requirement, as the periodic sharing of routes will eventually update the routing table entry.)
When designing a firewall, what is the recommended approach for opening and closing ports? -close all ports; open 20, 21, 53, 80, and 443. -close all ports -open all ports; close ports that show improper traffic or attacks in progress. -close all ports; open only ports required by applications inside the DMZ. -Open all ports; close ports that expose common network attacks
-close all ports; open only ports required by applications inside the DMZ. (when designing a firewall, the recommended practice is to close all ports and the only open the ports that allow the traffic that you want inside the DMZ or the private network. Ports 20, 21, 53, 80, and 443 are common ports that are open, but the exact ports you open will depend on the services provided inside the DMZ)
You recently installed a new all-in-one security appliance in a remote office. You are in the process of configuring the device. You need to: -increase security of the device -enable remote management from the main office -allow users to be managed through active directory You want to configure the device so you can access it from the main office. You also want to make sure the device is as secure as possible. Which of the following tasks should you carry out (select two) -configure the devices authentication type using active directory -create an active directory user group and add all users to the group -deny login from the devices WAN interface -deny login from all external IP addresses -change the default username and password
-configure the devices authentication type using active directory -change the default username and password (first thing you should do is change the default user and pass, active directory will allow centralized authentication)
You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (select all that apply) -destination address of a packet -acknowledgment number -checksum -port number -digital signature -sequence number -source address of packet
-destination address of a packet -port number -source address of packet (firewalls allow you to filter by IP address and port number)
You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (select all that apply) -checksum -digital signature -Ackknowledgement numnber -destination address of a packet -source address of a packet -sequence number -port number
-destination address of a packet -source address of a packet -port number firewalls allow you to filter by IP address and port number
in the output of the netstat command, you notice that a remote system has made a connection to your windows server 2016 system using TCP/IP port 21. Which of the following actions is the remote system most likely performing? -Performing a name resolution request -downloading a file -downloading a web page -downloading email
-downloading a file (port 21 is used for the file transfer protocol or FTP.)
Which of the following is likely to be located in a DMZ? -backup server -domain controller -user workstations -ftp server
-ftp server (DMZ should only contain servers that need to be accessed by users outside of the private network)
You would like to control internet access based on users, time of day, and websites visited. how can you do this? -configure a packet filtering firewall. Add rules to allow or deny internet access -Configure the local security policy of each system to add internet restrictions. -enable windows firewall on each system. add or remove exceptions to control access. -install a proxy server. allow internet access only through the proxy server. -configure internet zones using internet options
-install a proxy server. allow internet access only through the proxy server. (use a proxy server to control internet access based on users, time os day and websites visited. You configure these rules on the proxy server and all internet requests are routed through the proxy server. Use a packet filtering firewall, such as windows firewall, to allow or deny individual packets based on characteristics such as source or destination address and port number. Configure internet zones to identify trusted or restricted websites and control the types of actions that can be performed when visiting those sites.
Which of the following tasks do routers perform? (select 2) -identify devices through hardware addresses. -maintain info about paths through an internetwork. -control access to the transmission media. -route data based on logical network addresses -multiplex signals onto the same transmission media -Route data based on hardware device addresses.
-maintain info about paths through an internetwork. -route data based on logical network addresses Routers build and maintain tables of routes through an internetwork and deliver data between networks based on logical network addresses.
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ? -VPN concentrator -IDS - Host based firewall -network based firewall -IPS
-network based firewall ( a DMZ is a buffer network, or subnet, that sits between the private network and an untrusted network, such as the internet host based firewall inspects traffic received by host VPN concentrator is a device that is used to establish remote VPN connections. IDS or intrusion detection system is a special network device that can detect attacks and suspicious activity, also called IPS or intrusion prevention system)
After blocking a number of ports to secure your server, you are unable to send e-mail. To allow e-mail service which of the following needs to be done? -open port 25 to allow SNMP service -open port 110 to allow SMTP service -open port 110 to allow POP3 service -open port 80 to allow SNMP service -open port 25 to allow SMTP service -open port 80 to allow SMTP service
-open port 25 to allow SMTP service (the simple mail transfer protocol or SMTP uses TCP port 25 and is responsible for sending, if port 25 is blocked, users will not be able to **send** mail, but they could recieve it using port 11 and the POP3 protocol)
Match the firewall type on the right with the OSI layers at which it operates. Note: Each OSI Layer can be used once, more than once, or not at all. Routed firewall or virtual firewall -operates at layer 2: -operates at layer 3: -counts as a hop in the path between hosts: -does not count as a hop on the path between hosts: -each interface connects to a different network: -each interface connects to the same network segment:
-operates at layer 2: virtual -operates at layer 3: routed -counts as a hop in the path between hosts: routed -does not count as a hop on the path between hosts: virtual -each interface connects to a different network: routed -each interface connects to the same network segment: virtual (in a routed firewall, the firewall is also a layer 3 router. many hardware routers include firewall functionality. transmitting data through these types of firewalls counts as a router hop. routed firewalls usually support a transparent, or virtual firewall operates at layer 2 and is not seen as a router hop by connected devices)
Based on the diagram, which type of proxy server is handling the clients request? (diagram shows client outside of network, in the tinernet somewhere, trying to communicate with a private network) -Forward proxy server -circuit level proxy server -reverse proxy server -open proxy server
-reverse proxy server
You are monitoring network traffic on your network, and you see the traffic between two network hosts on port 1720. What is the source of this network traffic? - a man in the middle attack is in progress -someone is downloading files from a server using the FTP protocol -someone is using VoIP to make a telephone call -a workstation is using the DNS protocol to send a name resolution request to a DNS server.
-someone is using VoIP to make a telephone call (some VoIP's use the H.323 protocol to make calls, which uses port 1720)
You are monitoring network traffic on your network, and you see the traffic between two network hosts on port 2427. Which kind of network traffic uses this port? -someone is remotely accessing another system using the SSH protocol. -a workstation is using the DHCP protocol to request an IP address from a DHCP server. -the MGCP protocol is generating traffic, which VoIP uses to send data over a network. -a ping of death attack on a network host is in progress
-the MGCP protocol is generating traffic, which VoIP uses to send data over a network. (the media gateway control protocol or MGCP uses port 2427)
Which of the following are true of a circuit proxy filter firewall? (select 2) -examines the entire message contents -operates at the network and transport layers -operates at the application layer. -verifies sequencing of session packets -operates at ring 0 of the operating system -operates at the session layer
-verifies sequencing of session packets -operates at the session layer (A circuit proxy filter firewall operates at the session layer. It verifies the sequencing of session packets, breaks the connections, and acts as a proxy between the server and the client. An application layer firewall operates at the application layer, examines the entire message, and can act as a proxy to clients. A stateful inspection firewall operates at the network and transport layers. it filters on both IP addresses and port numbers. A kernel proxy firewall operates at the operating system ring 0.)
Which of the following are true of a circuit proxy filter firewall? (select 2) -operates at the network and transport layers -operates at ring 0 of the operating system. -verifies sequencing of sessions packets. -operates at the application layer -operates at the session layer. -examines the entire message contents
-verifies sequencing of sessions packets. -operates at the session layer. (a circuit proxy filter firewall operates at the session layer. It verifies the sequencing of session packets, breaks the connections, and acts as a proxy between the server and the client. An application layer firewall operates at the aplication layers, examines the entire message, and can act as a proxy to clients. a stateful inspection firewall operates at the network and transport layers. It filters on both IP addresses and port numbers. A kernel proxy filtering firewall operates at the operating system ring 0.
you are configuring a firewall to allow access to a server hosted on the DMZ of your network. You open TCP/IP ports 80, 25, 110, and 143. Assuming that no other ports on the firewall need to be configured to provide access, which applications are most likely to be hosted on the server? -web server, DNS server, and DHCP server -web server and email server -web server, DNS server, and email server -email serverm newsgroup server, and DNS server.
-web server and email server 80 is web pages, 25 is SMTP (simple mail transfer protocol), 110 is POP3 (post office protocol), and 143 is IMAP4 (internet message access protocol)
In which of the following situations would you most likey implement a DMZ? -You want to detect and respond to attacks in real time -you want to encrypt data sent between two hosts using the internet -you want internet users to see a single IP address when accessing your company network -you want to protect a public web server from attack
-you want to protect a public web server from attack (DMZ's protect servers that are going to be accessed by outside users, such as users from the internet.)
You wish to create a RAID level 5 volume using the Disk Management tool. How many storage devices can you use in the volume?
32
You are investigating strange traffic on your network and wish to resolve an IP address to a DNS name.What resource record should you use to perform a reverse lookup?
A PTR record.
What resource record type defines an IPv6 host address in DNS?
AAAA record
Which of the following statements is true of the ownership of a file or folder?
An administrator can take ownership of a file or folder without being granted the permission to do so.
Which of the following organizations does not need to install a WINS server?
An organization that has disabled NetBIOS on its computers.
Pavel is an IT project lead at Krystal Engineering. Because of his role, he is part of multiple groups, including the Developer group as well as the Project Manager group. One of the files that he is trying to access, PLStatus.xls, is not opening. Upon investigation, you find that Pavel's user account has full control permission over the file. The Project Manager group has Modify access but not Full control. The developer group has write access but no read access.What is the most likely reason that Pavel is not able to open the file?
Another group has the deny box checked for read access.
Radha has changed the IP address for servery.zone1.com and updated the primary DNS server. She is using nslookup to troubleshoot DNS-related issues on SERVER1. She uses the command prompt and types in the statement nslookup severy.zone1.com. SERVER1 returns an incorrect result.If SERVER1 is non-authoritative for this lookup, what should Radha do to resolve this issue?
Clear the DNS server cache, and clear the DNS cache on the resolver
Fayola realizes that many of her colleagues use folders on the network drive to store videos, and this consumes a lot of space on the drive. She asks the employees to delete their videos from the network drive.Which of the following steps can Fayola take to maintain a log whenever a video file is saved on the drive in the future?
Configure passive screening.
What is the first step in troubleshooting an issue where a single computer is unable to lease an address?
Confirming that the computer has a physical connection to the network.
Which of the following options provided by Windows Server 2019 helps configure folders that are on different servers to synchronize contents?
Distributed File System (DFS) replication
Ananya is installing the Hyper-V role on a server. When prompted for the location of the virtual machine files, she changes the location from the default value to E:\VMs.Where will the virtual machine configuration files be stored?
E:\VMs\Virtual Machines
Hasad is the system administrator for a marketing company. The company stores sensitive data in a folder named Assets on the company's network drive. Hasad is asked to identify the users who access the files within the folder or make changes to them.Which of the following steps should Hasad take to track all the activity within the folder Assets?
Edit the Default Domain Policy object to enable auditing functionality
Live Migration cannot be enabled if the Hyper-V host operating system is joined to an Active Directory domain.
False
To replicate a virtual machine, it is sufficient that replication is enabled on the Hyper-V host of the virtual machine that is being replicated.
False
You have a private network connected to the internet. Your routers will not share routing information about your private network with internet routers. Which of the following best describes the type of routing protocol you would use? -Link state -BGP -Distance Vector -IGP -Static -Dynamic
IGP (You would use an interior gateway protocol (IGP) on routers within your network. Routing protocols can be classified based on whether they are routing traffic within you network. Routing protocols can be classified based on whether they are routing traffic within or between autonomous systems. an GIP routes traffic within an AS; an exterior gateway protocol (EGP) routes traffic between ASs. Link state and distance vector describe how routing protocols share routing information. The network size might determine which protocol is best for your network. Static routing uses manually defined routes in the routing table, while dynamic routing uses a protocol so routers lean and share routes with other routers. You can use static routing, dynamic routing, or both on a private network.
Which of the following is a component that enables users to search and locate a shared folder in the Active Directory?
LDAP
Imran is associating a drive letter to a filesystem so that the drive letter can be accessed by the operating system. What is the term given to the process that Imran is carrying out?
Mounting
While copying files between folders, it is possible to retrace and complete the transfer in case of a power failure if an NTFS-based filesystem is being used. The same cannot be said for a FAT32 filesystem.What do you think could be the reason for this difference?
NTFS is a journaling filesystem, while FAT32 is not.
Natalie a graphic designer who frequently works with large files. These files, which are stored on an NTFS filesystem, measure 500 MB on average. She uses a software application to create backups of her work, and she had not faced any issues with backing up her files until recently. During a recent backup, she noticed that a newly created folder was not backed up.Identify the most likely cause for this issue.
Natalie did not enable the archive attribute on the folder.
Isabella configures three virtual machines, VM1, VM2 and VM3, on a Windows Server 2019 host. The host and VM1 are connected to a physical switch (external virtual switch). VM1 and VM2 are connected to a private virtual switch. VM2 and the host are connected to an internal virtual switch. VM3 is not connected to any switch. Isabella is building an application that provides clients access to confidential financial information in a secure database. Isabella chooses to run the application on the host server and decides to implement an N-tier security design to protect the database.Where should Isabella place the database?
On VM2
Match the firewall type on the right with the OSI layers at which it operates. Note: Each OSI Layer can be used once, more than once, or not at all. OSI layers 1-7 Packet filtering firewall: Circuit level proxy: Application level gateway: Routed firewall: Transparent firewall:
Packet filtering firewall: 3 Circuit level proxy: 5 Application level gateway: 7 Routed firewall: 3 Transparent firewall: 2
Which type of virtual switch in Hyper-V can only have virtual machines connected to it?
Private
What is the advantage of using production checkpoints over standard checkpoints?
Production checkpoints cause fewer problems than standard checkpoints when applied because they do not save system state.
Rebecca is configuring a RAID with two storage devices. If she saves a file, the file will be divided into two sections, with each section written to separate storage devices concurrently, in half the amount of time it would take to save the entire file on one storage device.Which of the following RAID levels is Rebecca configuring?
RAID level 0
Abu is creating a virtual machine template to enable rapid server deployment at his organization. He creates a virtual machine, installs Windows Server 2019 and names the server SERVERX. Next, he installs server roles and features and adds third-party software. He then runs the system preparation tool.
Remove the computer name SERVERX
Danielle creates a new scope, Sales LAN, for a DHCP server in her organization. She wants to assign the same IP address to a printer in the sales department every time.Which of the following folders shoudl Danielle use to configure this option?
Reservations
How do you create a RAID level 1 volume with two disks in the Disk Management tool?
Right-click on the disk that you want to configure as a RAID volume then click new mirrored volume to create a RAID level 1 volume with two disks.
Identify a vital service provided by secondary DNS servers
Secondary DNS servers respond to DNS lookup requests using ready-only zone files.
Identify the option that can be used to create storage pools that include storage devices from different servers on a network.
Storage Spaces Direct
You are troubleshooting a DHCP server and discover that it is not dynamically updating DNS records for DHCP clients.What is most likely the cause for this issue?
The DNS server and DHCP server are in different domains.
Raymond and Lin are facing network issues on their computers. Rayna, the administrator, is troubleshooting the issue. She notices that Raymond and Lin's computers are using the same IP address, 192.167.1.85.If the organization's network uses a DHCP server, which of the following most likely caused this issue?
The IP addresses were configured manually.
Which service is a faster replacement for the Windows Indexing Service that is available on Windows Server 2019?
The Windows Search Service
Devansh creates a checkpoint on his virtual machine before making some Windows Registry changes. After making these changes, he runs a test to verify that the virtual machine is working as intended. He notices some unintended effects of the Registry changes. Devansh applies the checkpoint to revert the virtual machine to its state before the Registry changes were made.Which of the following is true of this scenario?
The checkpoint file that is used to track and reverse the changes will be deleted from the system.
What happens if an encrypted file in an NTFS partition on a Windows 10 system is moved to FAT32 partition on a Windows 7 system?
The file is decrypted and placed onto the FAT32 volume.
What happens when a folder with NTFS permissions is copied to a shared folder on a FAT volume?
The folder inherits the share permissions but loses the NTFS permissions.
Miguel is using the New Virtual Machine Wizard to create a new virtual machine for the first time.Which of the following statement is true if Miguel creates a virtual machine with default settings?
The virtual machine will have 1 GB of memory
What are users who only have the List folder contents permission allowed to do?
They can list files in the folder or switch to a subfolder, view folder attributes and permissions, and execute files, but cannot view file contents.
Dmitry installs the Hyper-V role using the Add Roles and Features Wizard. Upon completion, he is prompted to reboot the computer. However, his computer reboots twice.Why does Dmitry's computer reboot the second time?
To allow Hyper-V to start the host operating system.
Access to a shared folder on the network will use the most restrictive permissions, regardless of whether they are NTFS or share permissions.
True
The subnet mask cannot be modified once a scope is created.
True
Andrei enabled the Live Migration feature of Hyper-V during its installation. He selects a virtual machine called VM1 within Hyper-V Manager and clicks the Move within the actions pane. Next, he selects "Move the Virtual Machine's storage"Which of the following is true of this scenario?
VM1's virtual hard disk files will be moved to the destination server.
Catelin creates a virtual machine template named WindowsServer2019VMTemplate. She wants to import this template, so she opens the Import Virtual Machine wizard in Hyper-V Manager on SERVERX and proceeds with the process. She specifies the location D:\VMS\Win2019VM1 for the configuration files and virtual hard disks.When Catelin clicks Finish during the last step and the virtual machine is created, what name will it have?
WindowsServer2019VMTemplate
Which of the following is the most likely cause for missing resources records in a secondary zone?
Zone transfer issues.
