Network Operations (3.0) study set
Which of the following syslog message severity levels indicates that a system is unusable? 0 1 2 3 4
0 Every syslog message includes a single-digit severity code. The code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 1 is an alert message, indicating that immediate action is needed. Severity code 2 is a critical condition message, and code 3 is an error condition. Code 4 is a warning message.
Which of the following syslog message severity levels indicates that the message is purely informational? 0 2 4 6 7
6 The code 6 indicates that the message is purely informational. The code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 2 is a critical condition message, and code 4 is a warning message. Code 7 is used strictly for debugging.
Which of the following statements best describes a baseline? A baseline is an estimation of expected performance levels, based on manufacturers' specifications. A baseline is a record of performance levels captured under actual workload conditions. A baseline is a record of performance levels captured under simulated workload conditions. A baseline is a record of performance levels captured before the system is actually in use
A baseline is a record of performance levels captured under actual workload conditions.
Which of the following disaster recovery mechanisms can be made operational in the least amount of time? A cold site A warm site A hot site All of the options are the same.
A hot site
When you run a port scanner on a server, which of the following is the result? A list of processes running on the system A list of open ports through which the system can be accessed A list of protocols used by the system for network communication A list of IP addresses used on the network
A list of open ports through which the system can be accessed
Which of the following software releases is a fix designed to address one specific issue? A patch An update An upgrade A service pack
A patch A patch is a relatively small update that is designed to address a specific issue, often a security exploit or vulnerability. Patches do not add features or new capabilities; they are fixes targeted at a specific area of the operating system. Updates, upgrades, and service packs are larger packages that might include new features and/or many different fixes.
Which of the following statements about the differences between a diagram of a patch panel installation organized physically and one that is organized logically are true? (Choose all correct answers.) A physical diagram is organized according to the floors and rooms where the cable drops are located. A physical diagram is precisely scaled to represent the actual patch panel hardware. A logical diagram is organized according to the divisions within the company, such as departments and workgroups. A logical diagram uses an organization that represents company divisions but does not physically resemble the actual patch panels.
A physical diagram is organized according to the floors and rooms where the cable drops are located. A logical diagram is organized according to the divisions within the company, such as departments and workgroups.
Which of the following statements about physical network diagrams and logical network diagrams are true? (Choose all correct answers.) A physical network diagram is created automatically, and a logical network diagram is created manually. A physical network diagram depicts hardware devices and the connections between them. A logical network diagram contains all of the information you would need to rebuild your network from scratch. A logical network diagram typically contains the IP addresses of network devices.
A physical network diagram depicts hardware devices and the connections between them. A logical network diagram typically contains the IP addresses of network devices. Both physical and logical network diagrams can be created automatically or manually. It is the physical network diagram that contains the information needed to rebuild the network from scratch.
Which of the following best describes the primary function of a port scanner? A port scanner examines a computer' hardware and compiles a list of the physical ports in the system. A port scanner examines a computer for TCP and UDP endpoints that are accessible from the network. A port scanner examines a specified range of IP addresses on a network to determine whether they are in use. A port scanner accepts a computer name as input and scans the network for the IP address associated with that name.
A port scanner examines a computer for TCP and UDP endpoints that are accessible from the network.
Which of the following best states the potential security threat inherent in running a protocol analyzer? A protocol analyzer can display the application data in packets captured from the network. A protocol analyzer can display the IP addresses of the systems on the network. A protocol analyzer can decrypt protected information in packets captured from the network. A protocol analyzer can detect open ports on network systems and launch attacks against them.
A protocol analyzer can display the application data in packets captured from the network.
Which of the following statements about protocol analyzers is not true? To troubleshoot using a protocol analyzer, you must be familiar with the OSI model and the protocols that operate at each of its layers. Protocol analyzers can be a network security risk. Some network monitoring products are both analyzers and sniffers. All Windows operating systems include a protocol analyzer.
All Windows operating systems include a protocol analyzer. A protocol analyzer captures frames and displays their contents, including the header fields created by the protocols at the various OSI model layers. To interpret the exchanges between the computers on the network, you must be familiar with the protocols and how they operate. Protocol analyzers are useful tools in the hands of experienced network administrators, but they can also be used for malicious purposes, such as displaying unencrypted passwords and other confidential information in the captured packets. The difference between analyzers and sniffers is that analyzers read the internal contents of the packets they capture, parse the individual data units, and display information about each of the protocols involved in the creation of the packet. Sniffers look for trends and patterns in the network traffic without examining the contents of each packet.
Your department is experiencing frequent delays as users wait for images to render using their outdated graphics software package. As a result, you are planning to submit a change request for a new software product at the monthly meeting of the company's change management team. Which of the following types of information are likely to be included in your request? (Choose all correct answers.) The possibility of rolling back to the previous software, if necessary The procedure for installing and configuring the new software An estimate of the productivity increase realizable with the new software A list of software and hardware upgrades or modifications needed to run the new software
All of the above
Which of the following can be provided by clustering servers? Fault tolerance Load balancing Failover All of the above
All of the above A cluster is a group of computers configured with the same application that function as a single unit. The cluster can function as a fault tolerance mechanism by failing over from one server to the next, when necessary, or provide load balancing by distributing traffic among the servers.
If you have a server with dual power supplies, each of which is connected to a separate UPS, with each UPS connected to a separate building power circuit connected to a backup generator, which of the following failures can the server survive and keep running indefinitely? (Choose all correct answers.) Failure of one server power supply Failure of one UPS Failure of one building power circuit Failure of the building backup generator
All of the above.
Redundant power circuits can enable a server to continue running in spite of which of the following events? A citywide power outage A server power supply failure An uncorrected building circuit failure A failure of the server's uninterruptable power supply
An uncorrected building circuit failure The term redundant circuits refers to multiple connections to the building's main power, not to a generator.
Which of the following statements best explains the difference between a protocol analyzer and a sniffer? Analyzers examine the contents of packets, whereas sniffers analyze traffic trends. Analyzers are software products, whereas sniffers are hardware products. Analyzers connect to wired networks, whereas sniffers analyze wireless traffic. There is no difference between analyzers and sniffers.
Analyzers examine the contents of packets, whereas sniffers analyze traffic trends.
The change request for new graphics software that you submitted to your company's change management team has been approved. Now it is time to implement the change. Which of the following administrative tasks will most likely be the change management team's responsibility during the implementation process? (Choose all correct answers.) Authorizing downtime Notifying users Designating a maintenance window Documenting all modifications made
Authorizing downtime Designating a maintenance window The change management team is usually not responsible for tasks directly involved in the implementation of the changes they approve. Therefore, they would not be the ones to notify users exactly when the change will take place or document the procedure afterward.
Why does performing incremental backups to a hard drive, rather than a tape drive, make it possible to restore a server with a single job, rather than multiple jobs? Because hard drives hold more data than tape drives Because hard drives can transfer data faster than tape drives Because hard drives are random access devices and tape drives are not Because hard drives use a different block size than tape drives
Because hard drives are random access devices and tape drives are not Data is stored on tape drives in a linear fashion. Once you write backup data to a tape, you cannot selectively replace individual files. When you perform a restore job, you might have to restore the most recent full backup, followed by incremental backups, which overwrite some of the full backup files with newer ones. Hard disk drives are random access devices, meaning that individual files can be written to and read from any location on the disk. When you perform incremental backup jobs to a hard disk, the software can restore data using any version of each file that is available.
Which of the following are equivalent terms for the process of combining the bandwidth of two or more network adapters to increase the overall speed of the connection and provide fault tolerance? (Choose all correct answers.) Bonding Link aggregation Clustering Port aggregation NIC teaming
Bonding, link aggregation, port aggregation, and NIC teaming are all terms for the same basic technology, in which the bandwidth of multiple network adapter connections is joined to speed up transmissions. The technology also enables the network communication to continue if one of the adapters should be disconnected. Clustering refers to combining servers into a single unit, not network adapters.
How does an autochanger increase the overall storage capacity of a backup solution? By compressing data before it is stored on the medium By automatically inserting media into and removing it from a drive By running a tape drive at half its normal speed By writing two tracks at once onto a magnetic tape
By automatically inserting media into and removing it from a drive An autochanger is a robotic device containing one or more removable media drives, such as magnetic tape or optical disk drives. The robotic mechanism inserts and removes media cartridges automatically so that a backup job can span multiple cartridges, increasing its overall capacity.
Which of the following types of network documentation is often overlaid on an architectural drawing or blueprint? Network map Network diagram Cable diagram Management information base
Cable diagram A cable diagram is a precise depiction of the cable runs installed in a site. Often drawn on an architect's plan or blueprint, the cable diagram enables network administrators to locate specific cables and troubleshoot connectivity problems.
Which of the following networking concepts frequently use virtual IP addresses to provide high availability? (Choose all correct answers.) Clustering Load balancing Network address translation (NAT) NIC teaming
Clustering Load balancing A high availability virtual IP address implementation is when multiple servers are identified by a single address, enabling all of the servers to receive incoming client traffic. In the case of server clustering and network load balancing arrangements, the cluster itself has a unique name and IP address, separate from those of the individual servers. Clients address themselves to the cluster, not to one of the servers in the cluster. NAT is not a high availability technology, and NIC teaming does not use virtual IP addresses.
You are attempting to troubleshoot a problem between two hosts on the same network. You are using a protocol analyzer and start a new capture. After you finish the capture, you notice there are over 15,000 frames in the buffer. You are having a hard time identifying the frames that relate to the problem because so many frames are in the buffer. You want to eliminate the extraneous frames from your view, allowing you to view only frames from these two hosts. What do you need to do? Configure a display filter. Configure a capture filter. Delete the extraneous frames from the buffer. Configure a capture and display filter.
Configure a display filter. Once the frames are in the buffer, you can configure a display filter to block the unwanted frames from view. This doesn't delete them from the buffer. Since the capture was already performed, there is no need to restart the capture. Also, configuring a capture filter will not meet the requirements, since the filter will eliminate the other frames completely from the buffer. You can't delete frames from an analyzer buffer.
The cable plant for your company network was installed several years ago by an outside contractor. Now, some of the paper labels have fallen off your patch panels, and you do not know which wall plate is connected to each port. Assuming that you are working on a properly maintained and documented network installation, which of the following is the easiest way to determine which port is connected to which wall plate? Consult the cable diagram provided by the cabling contractor at the time of the installation. Call the cable installation contractor and see if he or she can remember which ports go with which wall plates. Attach a tone generator to a patch panel port and then test each wall plate with a locator until you find the correct one. Repeat for each port that needs labeling. Use a cable certifier to locate the patch panel port associated with each wall plate port.
Consult the cable diagram provided by the cabling contractor at the time of the installation.
Which of the following mechanisms for load balancing web servers is able to read the incoming HTTP and HTTPS requests and perform advanced functions based on the information they contain? Content switches Multilayer switches Failover clustering DNS round-robin
Content switches A content switch is an application layer device, which is what renders it capable of reading the incoming Hypertext Transfer Protocol (HTTP/HTTPS) messages. HTTP is an application layer protocol. Multilayer switches do not operate above the transport layer.
Which of the following backup job types does not reset the archive bits of the files it backs up? Full Incremental Differential Supplemental
Differential
Which of the following are reasons contributing to the number of packet drops displayed by an interface monitor? (Choose all correct answers.) Resets Discards Errors Overflows
Discards Errors The packet drops displayed by an interface monitor are caused by errors, such as malformed or unreadable packets, or discards, packets that are dropped because they are destined for another interface. Resets and overflows are not reasons for packet drops.
Which of the following types of patches are IT personnel least likely to install unless there is a specific reason to do so? Feature change Driver update Operating system update Vulnerability patch
Driver update If a device driver is functioning properly, many administrators would prefer not to update it, believing that "if it ain't broke, don't fix it." Unless a device driver update addresses a specific bug or an incompatibility that the system is experiencing, there might be no need to install it. Feature changes, operating system updates, and especially vulnerability patches are more likely to be recommended installs.
Which of the following is an element of high availability systems that enables them to automatically detect problems and react to them? Backups Snapshots Failover Cold sites
Failover Highly available systems often have redundant components that enable them to continue operating even after a failure of a hard disk, server, or other component. Backups, snapshots, and cold sites can all contribute to a system's high availability, but they do not function automatically.
If you have a server with dual power supplies, one of which is plugged in a single UPS and the other into wall socket with a surge protector, and the building's power circuit is connected to a backup generator, which of the following failures can the server survive and keep running indefinitely? (Choose all correct answers.) Failure of one server power supply Failure of the UPS Failure of the building power circuit Failure of the building backup generator
Failure of one server power supply Failure of the UPS Failure of the building backup generator If one of the server's power supplies fails, the other will continue to function. If the UPS fails, the server will continue to using the power supply plugged into the wall socket. If the building's backup generator fails, the server will continue to run as long as the building still has outside power. If the breaker for the building power circuit trips, the server will run only as long as the UPS battery holds out.
If you have a server with dual power supplies, both of which are connected to a single UPS, with a building power circuit connected to a backup generator, which of the following failures can the server survive and keep running indefinitely? (Choose all correct answers.) Failure of one server power supply Failure of the UPS Failure of the building power circuit Failure of the building backup generator
Failure of one server power supply Failure of the building backup generator If one of the server's power supplies fails, the other will continue to function. If the building's backup generator fails, the server will continue to run as long as the building still has outside power. If the UPS fails, the server will go down. If the breaker for the building power circuit trips, the server will run only as long as the UPS battery holds out.
When you configure NIC teaming on a server with two network adapters in an active/ passive configuration, which of the following services is provided? Load balancing Fault tolerance Server clustering Traffic shaping
Fault tolerance NIC teaming enables you to combine the functionality of two network interface cards (NIC) in one connection. However, when you configure a NIC team to use an active/passive configuration, one of the network adapters remains idle and functions as a fault tolerance mechanism. If the other NIC should fail, the passive NIC becomes active.
Which of the following is the criterion most commonly used to filter files for backup jobs? Filename File extension File attributes File size
File attributes The archive bit that backup software uses to perform incremental and differential jobs is a file attribute, so this is the most commonly used filter type. It is possible to filter files based on their names, their extensions, and their size, but these are not used as often as the archive file attribute
Which of the following types of patches is most typically applied to a hardware device? Firmware updates Driver updates Feature changes Vulnerability patches
Firmware updates Firmware is a type of software permanently written to the memory built into a hardware device. A firmware overrides the read-only nature of this memory to update the software. Driver updates, feature updates, and vulnerability patches are typically applied to software products, such as applications and operating systems
If you back up your network by performing a full backup every Wednesday at 6 p.m. and incremental backups in the evening of the other days of the week, how many jobs would be needed to completely restore a computer with a hard drive that failed on a Monday at noon? One Two Five Six
Five
Which of the following Security Information and Event Management (SIEM) processes performs searches for specific criteria, during specific time frames, in logs located on different computers? Data aggregation Forensic analysis Correlation Retention
Forensic analysis In SIEM, forensic analysis is a process of searching logs on multiple computers for specific information based on set criteria and time periods. Data aggregation is a process of consolidating log information from multiple sources. Correlation is the process of linking logged events with common attributes together. Retention is the long-term storage of log data.
Which of the following is the term used to describe a wiring nexus—typically housed in a closet—where horizontal networks meet the backbone? MDF MTBF IDF SLA
IDF
After switching from a standard PSTN telephone system to a Voice over IP system, users are complaining of service interruptions and problems hearing callers at certain times of the day. After examining the network traffic, you determine that traffic levels on the Internet connection are substantially higher during the first and last hours of the day, the same times when most of the users experienced their problems. Which of the following solutions can provide more reliable VoIP service during peak usage times? Implement traffic shaping. Implement load balancing. Upgrade the LAN from Fast Ethernet to Gigabit Ethernet. Replace the router connecting the LAN to the Internet with a model that supports SNMP.
Implement traffic shaping. Traffic shaping is a technique for prioritizing packets by buffering packets that are not time sensitive for later transmission. You can use this technique to give VoIP packets priority over other types of traffic. Load balancing can conceivably improve the performance of a server, but it cannot help to relieve traffic congestion on the Internet link.
Which of the following types of backup jobs are supported by the Windows Server Backup program? (Choose all correct answers.) Incremental Differential Full Supplemental
Incremental, Full Windows Server Backup can perform full backups and incremental backups. It does not support differential backups, and there is no backup job called a supplemental.
When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem? Add memory to the system Install a second network adapter Update the network adapter's firmware Install a second processor
Install a second network adapter
After starting work as the network administrator of Wingtip Toys, you discover that all of the switches in the company's datacenter have support for remote management, with built-in SNMP agents in each port. Which of the following tasks must you perform to be able to gather information from the agents on those switches and display it on a central console? (Choose all correct answers.) Install the network management software on a network computer. Install a management information base (MIB) on each of the switches. Install an agent on the console computer. Install an MIB on the console computer. Purchase a network management product.
Install the network management software on a network computer. Purchase a network management product. An SNMP-based network management system consists of three components: a management console software product installed on a network computer, agents installed on the devices you want to manage, and MIBs for each of the agents. Because the switches support SNMP management and already have agents, they have MIBs also. Therefore, all you have to do is purchase the network management software and install the console on a network computer.
Which of the following virtual private networking (VPN) protocols does not provide encryption within the tunnel? PPTP IPsec L2TP SSL
L2TP Layer 2 Tunneling Protocol (L2TP) is used to create the tunnel forming a VPN connection, but it does not encrypt the traffic passing through the tunnel. To do this, it requires a separate protocol that provides encryption, such as IPsec. Point-to-Point Tunneling Protocol (PPTP) and Secure Sockets Layer (SSL) are both capable of encrypting tunneled traffic.
Which of the following is not a tool that provides vulnerability scanning capabilities? Nessus MAP Toolkit Nmap MBSA
MAP Toolkit Microsoft Assessment and Planning Toolkit (MAP Toolkit) is a free application that performs an agentless inventory of a network and uses the information to create reports on specific scenarios, such as whether computers are prepared for an operating system upgrade. Nessus, Nmap, and Microsoft Baseline Security Analyzer (MBSA) are all tools that include vulnerability scanning but that have other capabilities as well.
Which of the following is the term used to describe a wiring nexus that typically the termination point for incoming telephone and wide area network (WAN) services? MDF MTBF IDF RDP
MDF A large enterprise network will—at minimum—have demarcation points for telephone services and a connection to an Internet service provider's network. In many cases, these services will enter the building in the same equipment room that houses the backbone switch. This room is then called the main distribution frame (MDF). An intermediate distribution frame (IDF) is the location of localized telecommunications equipment such as the interface between the horizontal cabling and the backbone.
Which of the following is the database used by the Simple Network Management Protocol (SNMP) to referenced information gathered from agents distributed about the network? Trap Syslog MIB SIEM
MIB A management information base (MIB) is the database on an SNMP console where all of the counters and associated object identifiers (OIDs) are referenced.
Which of the following is not a fault tolerance mechanism? Port aggregation Clustering MTBF UPS
MTBF
Which of the following specifications would you most want to examine when comparing hard disk models for your new RAID array? MTBF SLA AUP MTTR
MTBF Mean Time Between Failures (MTBF) specifies how long you can expect a device to run before it malfunctions. For a hard disk, this specification indicates the life expectancy of the device.
Which of the following media types is Windows Server Backup unable to use to store backed-up data? Local hard disks Local optical disks Magnetic tape drives Remote shared folders
Magnetic tape drives
What are the three elements in the Grandfather-Father-Son media rotation system? Hard disk drives, optical drives, and magnetic tape drives Incremental, differential, and full backup jobs Monthly, weekly, and daily backup jobs QIC, DAT, and DLT tape drives
Monthly, weekly, and daily backup jobs
Which of the following is not a type of server load balancing mechanism? DNS round-robin Network address translation Content switching Multilayer switching
Network address translation
Which of the following is the term usually applied to a representation of network devices, automatically compiled, and containing information such as IP addresses and connection speeds? Network map Network diagram Cable diagram Management information base
Network map A network map is a depiction of network devices, not drawn to scale, with additional information added, such as IP addresses and link speeds. In most cases, network maps are automatically created by a software product The term network diagram is most often used to refer to a manually created document containing pictograms of network devices, with lines representing the connections between them.
Which of the following statements about network maps is true? Network maps are typically drawn to scale. Network maps typically contain more information than network diagrams. Network maps must be read/write accessible to all personnel working on the network. Network maps diagram only the locations of cable runs and endpoints.
Network maps typically contain more information than network diagrams. Network diagrams typically specify device types and connections, but network maps can also include IP addresses, link speeds, and other information. Network maps diagram the relationships between devices, and provide information about the links that connect them, but they are not drawn to scale and usually do not indicate the exact location of each device. Although universal accessibility would be desirable, there are individuals who should not have access to network maps and other documentation, including temporary employees and computer users not involved in IT work. A network maps include all networking devices, not just cable runs and endpoints.
Which of the following utilities can be classified as port scanners? (Choose all correct answers.) Nmap Nessus Network Monitor Performance Monitor
Nmap Nessus Nmap is command-line utility that scans a range of IP addresses, runs a series of scripts against each device it finds, and displays a list of the open ports it finds on each one. Nessus is similar to Nmap in that it also scans a range of IP addresses to find open ports, but it then proceeds to mount attacks against those ports, to ascertain their vulnerability.
Which of the following is not a statistic that you would typically find in a server performance baseline? CPU utilization Disk transfer rate Network transmissions speed OS update history Memory utilization
OS update history Performance baselines characterize hardware performance, so the OS update history would be of little or no use for future comparisons.
You have finished capturing traffic with a protocol analyzer. The analyzer reports that 2000 frames have been seen, but only 1500 frames have been accepted. What does this mean? 2000 frames have passed the display filter, but only 1500 meet the criteria for display. Only 1500 frames have passed the capture filter and are currently being held in the buffer. You lost 500 frames and need to start over—something is obviously wrong. 500 frames were damaged and never made it into the buffer.
Only 1500 frames have passed the capture filter and are currently being held in the buffer. Protocol analyzers report the total number of frames seen compared to the number of frames that were accepted. If a capture filter has been configured, there will be a discrepancy between these two values. Only frames that meet the capture criteria will be accepted by the analyzer and placed in the buffer for later display. Protocol analyzers place good and bad frames into the buffer as long as they meet the capture criteria. If only good frames were placed in the buffer, there would be no way to identify problems.
Which of the following virtual private networking protocols is generally considered to be obsolete? IPsec L2TP PPTP SSL/TLS
PPTP Point-to-Point Tunneling Protocol (PPTP) is considered to be obsolete for VPN use because of several serious security vulnerabilities that have been found in it. IPsec, Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer/Transport Layer Security (SSL/TLS) are all still in use.
Programs such as FTP and Telnet are widely criticized because they transmit all data as clear text, including usernames and passwords. Which of the following types of tools might unscrupulous individuals use to read those passwords? Packet sniffer Terminal emulator Packet analyzer Vulnerability scanner
Packet analyzer
Which of the following Windows applications would you most likely use to create a baseline of system or network performance? Performance Monitor Event Viewer Syslog Network Monitor
Performance Monitor
Which of the following statements about port aggregation is not true? All of the aggregated ports use the same MAC address. Port aggregation can be a fault tolerance mechanism. Aggregating ports increases network throughput. Port aggregation provides load balancing.
Port aggregation provides load balancing. Load balancing refers to the distribution of traffic between two or more channels. Port aggregation combines ports into a single logical channel with a single MAC address and provides greater throughput. Port aggregation also provides fault tolerance in the event of a port failure
Which of the following is a function typically classified as vulnerability scanning? Network mapping Remediation Penetration testing Port scanning
Port scanning
Which of the following processes scans multiple computers on a network for a particular open TCP or UDP port? Port scanning War driving Port sweeping Bluejacking
Port sweeping Port scanning identifies open ports on a single computer, whereas port sweeping scans multiple computers for a single open port. War driving and bluejacking are methods of attacking wireless networks.
Installing an electrical generator for your datacenter is an example of which of the following fault tolerance concepts? Uninterruptible power supply (UPS) Power redundancy Dual power supplies Redundant circuits
Power redundancy Power redundancy is a general term describing any fault tolerance mechanism that enables equipment to continue functioning when one source of power fails. A UPS is a device that uses battery power, not a generator. The term dual power supplies refers to the power supply units inside a computer, not a separate generator. The term redundant circuits refers to multiple connections to the building's main power, not to a generator.
Which of the following is not a load balancing mechanism? NIC teaming Server clustering DNS round robin RAID 1
RAID 1
You are installing a new Windows server with two hard disk drives in it, and you want to use RAID to create a fault-tolerant storage system. Which of the following RAID levels can you configure the server to use? RAID 0 RAID 1 RAID 5 RAID 10
RAID 1
Which of the following RAID levels provide fault tolerance without using parity data? (Choose all correct answers.) RAID 0 RAID 1 RAID 5 RAID 10
RAID 1 RAID 10
Which of the following RAID levels provides fault tolerance with the smallest amount of usable disk space? (Choose all correct answers.) RAID 0 RAID 1 RAID 5 RAID 10
RAID 1 RAID 10
Which of the following Redundant Array of Independent Disks (RAID) levels provides fault tolerance by storing parity information on the disks, in addition to the data? (Choose all correct answers.) RAID 0 RAID 1 RAID 5 RAID 10
RAID 5
Which of the following RAID levels uses disk striping with distributed parity? RAID 0 RAID 1 RAID 5 RAID 10
RAID 5 RAID 5 combines disk striping (blocks written to each disk in turn) with distributed storage of parity information, for fault tolerance. RAID 0 provides data striping only. RAID 1 provides disk mirroring. RAID 10 creates mirrored stripe sets.
Which of the following terms defines how long it will take to restore a server from backups if a complete system failure occurs? RPO RTO BCP MIB
RTO A high availability virtual IP address implementation is when multiple servers are identified by a single address, enabling all of the servers to receive incoming client traffic. In the case of server clustering and network load balancing arrangements, the cluster itself has a unique name and IP address, separate from those of the individual servers. Clients address themselves to the cluster, not to one of the servers in the cluster. NAT is not a high availability technology, and NIC teaming does not use virtual IP addresses.
The precise locations of devices in a datacenter are typically documented in which of the following documents? Rack diagram Network map Wiring schematic Logical diagram
Rack diagram Datacenters typically mount components in racks, 19-inch-wide and approximately 6-foot-tall frameworks in which many networking components are specifically designed to fit. A rack diagram is a depiction of one or more racks, ruled out in standardized 1.752-inch rack units, and showing the exact location of each piece of equipment mounted in the rack. Network maps, wiring schematics, and logical diagrams are documents that document the relationships between components, not their precise locations.
A server with dual power supplies must be running in which of the following modes for the system to be fault tolerant? Combined mode Redundant mode Individual mode Hot backup mode
Redundant mode A server with dual power supplies can run in one of two modes: redundant or combined. In redundant mode, both power supplies are capable of providing 100 percent of the power needed by the server. Therefore, the server can continue to run if one power supply fails, making it fault tolerant. In combined mode, both power supplies are needed to provide the server's needs, so a failure of one power supply will bring the server down.
Which of the following terms refers to the process of uninstalling a recently released patch to resume using the previous version? Backslide Downgrade Reset Rollback
Rollback
Which of the following metrics would you typically not find displayed by an interface monitor? Error rate Bandwidth utilization Packet drops Rollbacks
Rollbacks
Unlike individual users, who usually have their operating system patches downloaded and installed automatically, corporate IT departments typically evaluate new patches before deploying them. Which of the following is not a common step in this evaluation process? Testing Researching Rolling back Backing up
Rolling back Rolling back, the process of uninstalling a patch to revert to the previous version of the software, is not part of the patch evaluation process. The evaluation process for new patches in a corporate environment usually consists of a research stage, in which you examine the need and purpose for the patch, a testing stage, in which you install the patch on a lab machine, and a backup of the production systems to which you will apply the patch.
Which of the following technologies provides both real-time monitoring of security events and automated analysis of the event information gathered? SIEM SNMP SEM SIM
SIEM Security Information and Event Management (SIEM) is a product that combines two technologies: security event management (SEM) and security information management (SIM). Together, the two provide a combined solution for gathering and analyzing information about a network's security events. Simple Network Management Protocol (SNMP) is a technology that gathers information about managed devices.
While negotiating a new contract with a service provider, you have reached a disagreement over the contracted reliability of the service. The provider is willing to guarantee that the service will be available 99 percent, but you have been told to require 99.9 percent. When you finally reach an agreement, the negotiated language will be included in which of the following documents? SLA AUP NDA BYOD
SLA
You have just completed negotiating an annual contract with a provider to furnish your company with cloud services. As part of the contract, the provider has agreed to guarantee that the services will be available 99.9 percent of the time, around the clock, seven days per week. If the services are unavailable more than 0.1 percent of the time, your company is due a price adjustment. Which of the following terms describes this clause of the contract? SLA MTBF AUP MTTR
SLA
Which of the following statements about the Simple Network Management Protocol (SNMP) are not true? (Choose all correct answers.) To effectively monitor a network using SNMP, you must be sure that all of the equipment you purchase when designing and building your network supports the protocol. SNMP is not only the name of a protocol; it is also the name of a network management product. SNMPv1 and SNMPv2 rely on a community string as their only means of security. Most of the network management products on the market today support SNMPv3.
SNMP is not only the name of a protocol; it is also the name of a network management product. SNMPv1 and SNMPv2 rely on a community string as their only means of security. SNMP is not the name of a network management product; it is just the name of the protocol that provides a framework for the interaction of the various components in a network management product. SNMPv1 uses a community string, but SNMPv2 does not. The interim version SNMPv2c retains the community string from version 1 in place of the new version 2 security system.
Which versions of the Simple Network Management Protocol do not include any security protection other than a clear text community string? (Choose all correct answers.) SNMPv1 SNMPv2 SNMPv2c SNMPv3
SNMPv1 SNMPv2c SNMP version 1, the original version, used an unencrypted community string. SNMPv2 added better security, but it was not backward compatible with the version 1 community string. A revised version, SNMP2c, added backward compatibility. SNMPv3, the one most often seen today, includes more advanced security and does not use a community string.
Which of the following event logs on a Windows server can record information about both successful and failed access attempts? System Application Security Setup
Security The System, Application, and Setup events logs typically do not record both successful and failed access attempts.
Log management typically consists of which of the following tasks? (Choose all correct answers.) Rollback Utilization Security Cycling
Security Cycling Logs frequently contain sensitive information, so securing them with the appropriate permissions is an essential part of log management. Logs also can grow to overwhelm the storage medium on which they are stored, so cycling is a technique for managing log size by configuring them to delete the oldest record each time a new one is added. Rollback and utilization are not log management tasks.
You are the network administrator of your company's network. Your company wants to perform baseline analysis of network-related traffic and statistics. They want to track broadcasts, cyclical redundancy check (CRC) errors, and collisions for all traffic traversing a switched network. In addition, they want to provide historical and daily reports for management. They also want to keep track of software distribution and metering. What type of network software product best meets these needs? Simple Network Management Protocol (SNMP) management Protocol analyzer Performance Monitor Network traffic monitor
Simple Network Management Protocol (SNMP) management The best solution is to implement SNMP. This includes a management console, agents, and management information bases (MIBs). SNMP allows you to track statistical network information (historical and current) and produce reports for baseline analysis and troubleshooting. Some SNMP products also allow you to track software distribution and metering. Protocol analyzers are best used for troubleshooting problems in real time and are not used for software distribution and metering. Performance Monitor is a tool that allows you to track performance statistics for one system at a time and does not include software distribution and metering. There is no such product as a network traffic monitor.
Which of the following storage techniques prevents version skew from occurring during a system backup? Incrementals Differentials Iterations Snapshots
Snapshots Version skew can occur when a data set changes while a system backup is running. A file written to a directory that has already been backed up will not appear on the backup media, even though the job might still be running. This can result in unprotected files, or worse, data corruption. A snapshot is a read-only copy of a data set taken at a specific moment in time. By creating a snapshot and then backing it up, you can be sure that no data corruption has occurred due to version skew. Incrementals and differentials are types of backup jobs, and iteration is not a specific storage technology.
Which of the following, originally created for the UNIX sendmail program, is now a standard for message logging that enables tools that generate, store, and analyze log information to work together? Syslog Netmon Netstat Top
Syslog Syslog is a standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail SMTP server, across an IP network to a message collector, called a syslog server.
When a service fails to start on a Windows server, an entry is typically created in which of the following event logs? Application Security Setup System
System On a Windows system, information about services, including successful service starts and failures, is recorded in the System event log. The Application, Security, and Setup logs typically do not contain this type of information.
Which of the following log types is the first place that an administrator should look for information about a server's activities? System log Setup log Application log Security log
System log
The technical support clause of a service level agreement will typically include which of the following elements? (Choose all correct answers.) Whether the provider will provide on-site, telephone, or online support The time service for responses to support calls The percentage of time that the service is guaranteed to be available The amount of support that will be provided and the costs for additional support
The percentage of time that the service is guaranteed to be available The technical support clause of an SLA typically defines the type of support that the provider will furnish, the time service for support, and the amount of support that is included in the contract, as well as the cost for additional support. An SLA will typically guarantee service ability in the form of a percentage, but this refers to problems at the provider's end and is not a customer technical support matter.
Which of the following describes the difference between cold, warm, and hot backup sites? Whether the backup site is owned, borrowed, or rented The age of the most recent backup stored at the site The cost of the hardware used at the site The time needed to get the site up and running
The time needed to get the site up and running
Which of the following elements would you typically not expect to find in a service level agreement (SLA) between an Internet service provider (ISP) and a subscriber? A definition of the services to be provided by the ISP A list of specifications for the equipment to be provided by the ISP The types and schedule for the technical support to be provided by the ISP The types of applications that the subscriber will use when accessing the ISP's services
The types of applications that the subscriber will use when accessing the ISP's services An ISP provides subscribers with access to the Internet. The applications that the subscriber uses on the Internet are typically not part of the SLA. An SLA does typically specify exactly what services the ISP will supply, what equipment the ISP will provide, and the technical support services the ISP will furnish as part of the agreement.
Which of the following statements about web server logs is not true? To analyze web server activity, you typically use an application that interprets the web server log files. Web server logs are typically maintained as text files. Web server logs record the IP addresses of all visiting users. To interpret web server logs, you use a protocol analyzer.
To interpret web server logs, you use a protocol analyzer. A protocol analyzer provides information about network traffic; it does not interpret web server logs. Most web servers maintain logs that track the IP addresses and other information about all hits and visits. The logs are stored as text files and contain a great deal of information, but in their raw form, they are difficult to interpret. Therefore, it is common practice to use a traffic analysis application that reads the log files and displays their contents in a more user-friendly form, such as tables and graphs.
A port scanner examines a system for network vulnerabilities at which layer of the Open Systems Interconnection (OSI) model? Application Transport Network Data Link
Transport A port is a numbered service endpoint identifying an application running on a TCP/IP system. A port scanner examines a system for open endpoints, accessible using the TCP or UDP protocols at the transport layer, which intruders can conceivably use to gain access to the system from the network.
A Simple Network Management Protocol (SNMP) console can inform administrators when a managed device requires attention. For this to occur, the agent in the device first has to send a message to the console. What is the term used for a message sent by an SNMP agent to the central console? Ping Alert Notification Trap
Trap Messages that SNMP agents send to consoles when an event needing attention occurs are called traps. Alerts and notifications are terms for the messages that the console sends to administrators. A ping is an ICMP echo request message sent from one TCP/IP computer to another.
If you back up your network by performing a full backup every Wednesday at 6 p.m. and differential backups in the evening on the other six days of the week, how many jobs would be needed to completely restore a computer with a hard drive that failed on a Tuesday at noon? One Two Six Seven
Two A differential backup is a job that backs up all the files that have changed since the last full backup. Therefore, to restore a system that failed on Tuesday at noon, you would have to restore the most recent full backup from the previous Wednesday and the most recent differential from Monday.
A rack diagram is typically ruled vertically using which of the following measurements? Inches Centimeters Units Grids
Units Rack diagrams use vertical measurement called units, each of which is 1.75 inches. Most rack-mounted devices are one (1U), two (2U), or four units (4U) tall.
Which of the following types of patches is most likely to be released outside of the normal schedule for the product? Vulnerability patch Feature change Driver update Firmware update
Vulnerability patch
At what point in the installation process should patch panel ports and wall plates be labeled? When the patch panels and wall plates are installed When a length of cable is cut from the spool When the cables are attached to the connectors When the cable runs are tested, immediately after their installation
When the cables are attached to the connectors Patch panel ports and wall plates should be labeled when the cable runs are attached to them. Labeling them at any earlier time can result in cable runs being connected incorrectly.
Which of the following types of documentation should indicate the complete route of every internal cable run from wall plate to patch panel? Physical network diagram Asset management Logical network diagram Wiring schematic
Wiring schematic The main purpose of a wiring schematic is to indicate where cables are located in walls and ceilings. A physical network diagram identifies all of the physical devices and how they connect together. A logical network diagram contains addresses, firewall configurations, access control lists, and other logical elements of the network configuration.
Which of the following was created to provide logging services for the Unix sendmail program? syslog netstat SNMP CARP
syslog Syslog is a standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail SMTP server, across an IP network to a message collector, called a syslog server.
Which of the following are places where network wiring connections are found? (Choose all correct answers.) MDF MTBF IDF RDP
the main distribution frame (MDF). An intermediate distribution frame (IDF) Mean Time Between Failures (MTBF) and Remote Desktop Protocol (RDP) are not locations of network wiring.
Which Unix/Linux performance monitoring tool, shown in the figure, enables you to display information about processes that are currently running on a system? monitor top netstat cpustat
top The top utility displays performance information about the currently running processes on a Unix/Linux system. Netstat is a tool that enables you to view active network connections and TCP/IP traffic statistics. It does not measure system performance. There are no Unix/Linux tools called monitor or cpustat.
