CYBR1-Domain 3.0 Review MC Format (N10-008) (100)
Which of the following types of network documentation is often overlaid on an architectural drawing or blueprint? A. Network map B. Network diagram C. Cable diagram D. Management information base
. C. A cable diagram is a precise depiction of the cable runs installed in a site. Often drawn on an architect's floor plan or blueprint, the cable diagram enables network administrators to locate specific cables and troubleshoot connectivity problems. A network map is a depiction of network devices, not drawn to scale, with additional information added, such as IP addresses and link speeds. In most cases, network maps are automatically created by a software product, such as Nmap, that scans the network and creates a display from the information it discovers. The term network diagram is most often used to refer to a manually created document containing pictograms of network devices, with lines representing the connections between them. The diagram might be roughly similar to the actual layout of the site, but it is usually not drawn to scale. A Management Information Base (MIB) is a component of a network management system that is based on the Simple Network Management Protocol (SNMP) and contains information about only one device; it does not depict all of the devices on the network.
Ralph is designing the HVAC implementation for his company's new central datacenter, which will house all of the equipment for the corporate headquarters and the company's manufacturing facility. The datacenter must adhere to the Tier III standard defined by the Uptime Institute, which calls for at least 99.9 percent uptime. As part of the environmental infrastructure for the datacenter, Ralph plans to install sensors to monitor environmental factors that can affect computer equipment and generate alerts when conditions exceed accepted thresholds. Which of the following environmental factors is not one of those that Ralph should arrange to monitor to protect the equipment specific to a datacenter? A. Flood B. Humidity C. Radon D. Static electricity E. Temperature
C. Unless there is a specific known threat at the datacenter location, radon is not one of the environmental factors that typically can affect equipment uptime and that needs to be monitored. Temperature, humidity, flooding, and static electricity, however, are factors that should be monitored in a datacenter, as variations of these elements can result in equipment damage and downtime.
Which of the following terms best describes a connectivity problem on wired networks that is caused by individual packets that are delayed due to network congestion, different routing, or queuing problems? A. Latency B. Attenuation C. Jitter D. Bottleneck
C. When individual packets in a data stream are delayed, the resulting connectivity problem is called jitter. Although this condition might not cause problems for asynchronous applications, real-time communications, such as Voice over Internet Protocol (VoIP) or streaming video, can suffer interruptions, from which the phenomenon gets its name. Latency describes a generalized delay in network transmissions, not individual packet delays. Attenuation is the weakening of a signal as it travels through a network medium. A bottleneck is a condition in which all traffic is delayed, due to a faulty or inadequate component.
Which of the following data loss prevention terms is used to describe dangers pertaining to data while a user is loading it into an application? A. Data in use B. Data at rest C. Data in process D. Data in motion
A. Data in use is the data loss prevention term used to describe endpoint access, such as a user loading data into an application. Data in motion is the term used to describe network traffic. Data at rest describes data storage. Data in process is not one of the standard data loss prevention terms.
Which of the following is not one of the standard terms used in data loss prevention? A. Data online B. Data at rest C. Data in motion D. Data in use
A. Data online is not one of the standard data loss prevention terms. Data at rest is a data loss prevention term that describes data that is currently in storage while not in use. Data in motion is the term used to describe network traffic. Data in use describes endpoint actions.
Which of the following are reasons contributing to the number of packet drops displayed by an interface monitor? (Choose all that apply.) A. Resets B. Discards C. Errors D. Overflows
B, C. The packet drops displayed by an interface monitor are caused by errors, such as malformed or unreadable packets, or discards, which are packets that are dropped because they are destined for another interface. Resets and overflows are not reasons for packet drops.
Which of the following is not one of the typical heights for devices mounted in IT equipment racks? A. 1 unit B. 2 units C. 3 units D. 4 units
C. Devices designed to fit into IT equipment racks typically have heights measured in units. One unit equals 1.75 inches. Most rack-mounted devices are one (1U), two (2U), or four units (4U) tall.
Which of the following utilities can display the number of packets sent and received for a specific network interface on a Unix, Linux, MacOS or Windows computer? A. Top B. Ifconfig C. Netstat D. Nbtstat
C. The netstat utility can display the incoming and outgoing packets for a specific network interface, as well as other statistics, depending on the operating system. Top and ifconfig are Unix/Linux utilities, and Nbtstat is a Windows tool.
What is the width of a standard equipment rack in a datacenter? A. 12 inches B. 16 inches C. 19 inches D. 24 inches
C. The standard width of an equipment rack in a data center is 19 inches. Network hardware manufacturers use this width when designing rack-mountable components.
Which of the following event logs on a Windows server can record information about both successful and failed access attempts? A. System B. Application C. Security D. Setup
C. When you enable audit policies on Windows systems, you can specify whether to audit successful or failed events (or both), including access attempts. This audit information is recorded in the Security event log. The System, Application, and Setup events logs typically do not record both successful and failed access attempts.
Many employees have been contacting the IT help desk asking how they can connect their personal smartphones and tablets to the company's wireless network. This has raised issues regarding network security and technical support. You have been asked to draft a policy for the in-house use of personal electronics that addresses these issues. Which of the following describes the document that you will be creating? A. SLA B. AUP C. NDA D. BYOD
D. A Bring Your Own Device (BYOD) policy specifies the personal electronics that employees are permitted to use on the company network and documents the procedures for connecting and securing them. A Service Level Agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available. Acceptable Use Policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. A Non-Disclosure Agreement (NDA) specifies what company information employees are permitted to discuss outside the company.
After being hired for a job as an IT administrator, you have been assigned two user accounts, one of which is intended for general use and the other only for administrative tasks. You are also required to sign an agreement that outlines the restrictions for your account use. Specifically, you are not permitted to use the administrative account for anything other than administrative tasks, including browsing the Internet and accessing data for which you are not authorized. Which of the following is the best name for this type of agreement? A. Remote access policies B. Service level agreement C. Acceptable use policy D. Privileged user agreement
D. A privileged user agreement specifies the abilities and limitations of users with respect to the administrative accounts and other privileges they have been granted. Remote access policies specify when and how users are permitted to access the company network from remote locations. A Service Level Agreement (SLA) is a contract between a provider and a subscriber that specifies the guaranteed availability of the service. Acceptable Use Policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources.
Which of the following statements about web server logs is not true? A. To analyze web server activity, you typically use an application that interprets the web server log files. B. Web server logs are typically maintained as text files. C. Web server logs record the IP addresses of all visiting users. D. To interpret web server logs, you use a protocol analyzer.
D. A protocol analyzer provides information about network traffic; it does not interpret web server logs. Most web servers maintain logs that track the Internet Protocol (IP) addresses and other information about all hits and visits. The logs are stored as text files and contain a great deal of information, but in their raw form, they are difficult to interpret. Therefore, it is common practice to use a traffic analysis application that reads the log files and displays their contents in a more user-friendly form, such as tables and graphs.
Which of the following is not a statistic that you would typically find in a server performance baseline? A. CPU utilization B. Disk transfer rate C. Network transmissions speed D. OS update history E. Memory utilization
D. Performance baselines characterize hardware performance, so the OS update history would be of little or no use for future comparisons. A baseline typically consists of CPU, memory, disk, and network performance statistics.
You have been asked to draft an Acceptable Use Policy (AUP) for new hires at your company to sign, which specifies what they can and cannot do when working with the company's computers and network. Which of the following is not one of the provisions typically found in this type of document? A. Privacy B. Ownership C. Illegal use D. Upgrades
D. Software and hardware upgrades are typically not part of an AUP, because they are handled by the company's IT personnel. An AUP for a company typically includes a clause indicating that users have no right to privacy for anything they do using the company's computers, including email and data storage. An AUP usually specifies that the company is the sole owner of the computer equipment and any proprietary company information stored on it or available through it. The AUP also prohibits the use of its computers or network for any illegal practices, typically including spamming, hacking, or malware introduction or development.
Which of the following types of documentation should indicate the complete route of every internal cable run from wall plate to patch panel? A. Physical network diagram B. Asset management C. Logical network diagram D. Wiring schematic
D. The main purpose of a wiring schematic is to indicate where cables are located in walls and ceilings. A physical network diagram identifies all of the physical devices and how they connect together. Asset management is the identification, documentation, and tracking of all network assets, including computers, routers, switches, and so on. A logical network diagram contains addresses, firewall configurations, Access Control Lists (ACLs), and other logical elements of the network configuration.
A rack-mounted device that is four units tall will be approximately what height in inches? A. 1.75 B. 3.5 C. 4 D. 7
D. The standard unit height for IT equipment racks is 1.75 inches, which is the equivalent of one unit. Four units would therefore be 7 inches.
Which of the following metrics would you typically not find displayed by an interface monitor? A. Error rate B. Bandwidth utilization C. Packet drops D. Rollbacks
D. The term rollback refers to the process of uninstalling or downgrading an update patch; it has nothing to do with monitoring a network interface. An interface monitor does typically display the number of transmission errors that occur on an interface, the amount of the available bandwidth that the interface is using, and the number of packets that have been dropped due to errors or discards.
Which of the following is the database used by the Simple Network Management Protocol (SNMP) to store information gathered from agents distributed about the network? A. Trap B. Syslog C. MIB D. SIEM
2. C. A Management Information Base (MIB) is the database on an SNMP console where all of the information gathered from the network is stored. A trap is an alert message that SNMP agents send to the network management console. Syslog is a standard for message logging components. Security Information and Event Management (SIEM) is a combination tool that uses information gathered from logs and network devices to provide a real-time analysis of the network's security condition.
Your department is experiencing frequent delays as users wait for images to render using their outdated graphics software package. As a result, you are planning to submit a change request for a new software product at the monthly meeting of the company's change management team. Which of the following types of information are likely to be included in your request? (Choose all that apply.) A. The possibility of rolling back to the previous software, if necessary B. The procedure for installing and configuring the new software C. An estimate of the productivity increase realizable with the new software D. A list of software and hardware upgrades or modifications needed to run the new software
A, B, C, D. A change management team typically requires thorough documentation for all requested changes, specifying exactly what is needed; how the change will affect the current workflow, both to the direct recipients of the change and the rest of the organization; and what ramifications might come from the change.
Which of the following network interface occurrences are considered to be malfunctions on a full-duplex Ethernet network? (Choose all that apply.) A. Runts B. Giants C. Collisions D. Late collisions
A, B, C, D. All of these occurrences are malfunctions on a full-duplex Ethernet network. Runt frames occur when a network interface generates packets that are smaller than the 64-byte minimum allowable length. Giants occur when frames are larger than the 1518-byte maximum allowable length. Collisions are normal on a half-duplex network, but on a fullduplex network, collisions are considered to be malfunctions. Late collisions occur when network cables are too long
Which of the following are typical elements of a corporate password policy? (Choose all that apply.) A. Minimum password length B. Use of special characters C. Unique passwords D. Frequent password changes
A, B, C, D. The longer the password, the more difficult it is to guess. Corporate policies typically require passwords of a minimum length. A larger character set also makes a password more difficult to guess, so requiring upper- and lowercase, numeric, and special characters is common. Changing passwords forces the attack process to start over, so policies typically require frequent password changes and prevent users from reusing passwords.
The documentation for Main Distribution Frames (MDFs) and Intermediate Distribution Frames (IDFs) should incorporate details on which of the following elements? (Choose all that apply.) A. Power B. Environment C. Distances D. Costs
A, B, C. MDF and IDF documentation should take into account the power sources available at the locations, the HVAC equipment needed to keep the temperature and humidity levels under control, and the distances the cable runs must span. This type of documentation is typically used for installation and troubleshooting purposes, so the costs of components and services are unnecessary and can be covered elsewhere.
Which of the following types of password policies are designed to prevent brute-force attacks? (Choose all that apply.) A. Password length policies B. Account lockout policies C. Password history policies D. Complex password policies
A, B, D. A brute-force password attack is one in which the perpetrator tries as many passwords as possible in an effort to guess or deduce the right one. Password length and complexity policies produce passwords that are harder to guess, making the attack statistically less likely to succeed. Account lockout policies are intended to prevent brute-force attacks by limiting the number of incorrect password attempts. Password history policies do not help to prevent brute-force attacks.
Which of the following are occurrences that are typically addressed by an IT department's incident response policies? (Choose all that apply.) A. Denial-of-Service (DoS) attack B. Hard disk failure C. Electrical fire D. Server outage
A, B, D. Attacks, hardware failures, and crashes are all events that can be addressed by incident response policies that define what is to be done to analyze and remediate the problem. An electrical fire is typically not something that would be addressed by an IT department's incident response team; it is a job for trained firefighters. Once the fire is out, the company's response falls under the heading of disaster recovery.
The technical support clause of a Service Level Agreement (SLA) will typically include which of the following elements? (Choose all that apply.) A. Whether the provider will provide on-site, telephone, or online support B. The time service for responses to support calls, which specifies how quickly the provider must respond to requests for support. C. The percentage of time that the service is guaranteed to be available D. The amount of support that will be provided and the costs for additional support
A, B, D. The technical support clause of an SLA typically defines the type of support that the provider will furnish, the time service for support, and the amount of support that is included in the contract, as well as the cost for additional support. An SLA will typically guarantee service ability in the form of a percentage, but this refers to problems at the provider's end and is not a customer technical support matter.
Password policies frequently require users to specify complex passwords. Which of the following are characteristic of a complex password? A. Passwords that contain mixed upper-and lowercase letters, numbers, and symbols B. Passwords that exceed a specific length C. Passwords that do not duplicate a specific number of the user's previous passwords D. Passwords that do not duplicate the user's account name, birth date, or other personal information
A. Although all of the options are characteristics of a strong password, the definition of a complex password is one that expands the available character set by using a mixture of upper- and lowercase letters, numerals, and symbols. The larger the character set used to create passwords, the more difficult they are to guess
You are starting a new job, and the company's Human Resources (HR) department has asked you to sign an Acceptable Use Policy (AUP) regarding computer and network use. The document includes a privacy clause. Which of the following are specifications you can expect to find in this clause? (Choose all that apply.) A. Any emails you send or receive can be monitored by the company at any time. B. All files and data that you store on company computers must be accessible to the company for scanning and monitoring. C. All work that you perform for the company becomes the sole property of the company, including copyrights and patents. D. All hardware, software, and any proprietary data stored on the company's computers remains the property of the company.
A, B. Clauses regarding company property, including the copyrights and patents for the work performed for the company, typically do appear in an AUP but not in the privacy clause. This information would be more likely to appear in an ownership clause. The privacy clause commonly explains that the company has the right to access and monitor anything stored on its computers.
Which of the following are settings typically included in an account lockout policy? (Choose all that apply.) A. Account lockout duration B. Time allowed between attempts C. Account lockout threshold D. Reset account lockout threshold counter
A, C, D. Account lockout threshold specifies the number of incorrect logon attempts that are allowed before the account is locked out. Account lockout duration is the amount of time that an account remains locked out. Reset account lockout threshold counter specifies the amount of time before the number of incorrect attempts is reset to zero. Account lockout policies typically do not include a setting that regulates the amount of time allowed between logon attempts.
Which of the following are places where network wiring connections are found? (Choose all that apply.) A. MDF B. MTBF C. IDF D. RDP
A, C. A large enterprise network will—at minimum—have demarcation points for telephone services and a connection to an Internet Service Provider's (ISP's) network. In many cases, these services will enter the building in the same equipment room that houses the backbone switch. This room is then called the Main Distribution Frame (MDF). An Intermediate Distribution Frame (IDF) is the location of localized telecommunications equipment such as the interface between the horizontal cabling and the backbone. Mean Time Between Failure (MTBF) and Remote Desktop Protocol (RDP) are not locations of network wiring.
Which of the following statements are true about the differences between a diagram of a patch panel installation organized physically and one that is organized logically? (Choose all that apply.) A. A physical diagram is organized according to the floors and rooms where the cable drops are located. B. A physical diagram is precisely scaled to represent the actual patch panel hardware. C. A logical diagram is organized according to the divisions within the company, such as departments and workgroups. D. A logical diagram uses an organization that represents company divisions but does not physically resemble the actual patch panels.
A, C. A physical diagram, in this case, represents the actual physical locations of the cable drops connected to the patch panels. A logical diagram uses artificial divisions that correspond to the organization of the company.
Which versions of the Simple Network Management Protocol (SNMP) do not include any security protection other than a cleartext community string? (Choose all that apply.) A. SNMPv1 B. SNMPv2 C. SNMPv2c D. SNMPv3
A, C. SNMP version 1, the original version, used an unencrypted community string. SNMPv2 added better security, but it was not backward compatible with the version 1 community string. A revised version, SNMP2c, added backward compatibility. SNMPv3, the one most often seen today, includes more advanced security and does not use a community string.
The change request for new graphics software that you submitted to your company's change management team has been approved. Now it is time to implement the change. Which of the following administrative tasks will most likely be the change management team's responsibility during the implementation process? (Choose all that apply.) A. Authorizing downtime B. Notifying users C. Designating a maintenance window D. Documenting all modifications made
A, C. The change management team is usually not responsible for tasks directly involved in the implementation of the changes they approve. Therefore, they would not be the ones to notify users exactly when the change will take place or document the procedure afterward. They would, however, be responsible for providing a maintenance window, during which the change must occur, and authorizing any downtime that would be needed.
Routers using link states and Dijkstra's algorithm to calculate the lowest cost route to a specific destination can conceivably be running which of the following interior gateway routing protocols? (Choose all that apply.) A. OSPF B. RIP C. EIGRP D. IS-IS E. BGP
A, D. Link states and Dijkstra's algorithm are used by link state routing protocols, such as Open Shortest Path First (OSPF) and Intermediate System - Intermediate System (IS - IS). Routing Information Protocol (RIP) and Enhanced Interior Gateway Routing Protocol (EIGRP) are distance vector protocols, which do not use link states. Border Gateway Protocol (BGP) is a distance vector protocol and an exterior (not interior) gateway protocol
After starting work as the network administrator of Wingtip Toys, you discover that all of the switches in the company's datacenter have support for remote management, with built-in Simple Network Management Protocol (SNMP) agents in each port. Which of the following tasks must you perform to be able to gather information from the agents on those switches and display it on a central console? (Choose all that apply.) A. Install the network management software on a network computer. B. Install a Management Information Base (MIB) on each of the switches. C. Install an agent on the console computer. D. Install an MIB on the console computer. E. Purchase a network management product.
A, E. An SNMP-based network management system consists of three components: a management console software product installed on a network computer, agents installed on the devices you want to manage, and MIBs for each of the agents. Because the switches support SNMP management and already have agents, they have MIBs also. Therefore, all you have to do is purchase the network management software and install the console on a network computer.
While negotiating a new contract with a service provider, you have reached a disagreement over the contracted reliability of the service. The provider is willing to guarantee that the service will be available 99 percent of the time, but you have been told to require 99.9 percent. When you finally reach an agreement, the negotiated language will be included in which of the following documents? A. SLA B. AUP C. NDA D. BYOD
A. A Service Level Agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available. Acceptable Use Policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. A Non-Disclosure Agreement (NDA) specifies what company information employees are permitted to discuss outside the company. A Bring Your Own Device (BYOD) policy specifies the personal electronics that employees are permitted to use on the company network and documents the procedures for connecting and securing them.
You have just completed negotiating an annual contract with a provider to furnish your company with cloud services. As part of the contract, the provider has agreed to guarantee that the services will be available 99.9 percent of the time, around the clock, seven days per week. If the services are unavailable more than 0.1 percent of the time, your company is due a price adjustment. Which of the following terms describes this clause of the contract? A. SLA B. MTBF C. AUP D. MTTR
A. A Service Level Agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available. Mean Time Between Failure (MTBF) is a hardware specification that estimates how long a particular component can be expected to function. Acceptable Use Policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. Mean Time to Repair (MTTR) specifies the average time it will take to repair a specific hardware company when it malfunctions.
Password policies that contain a history requirement typically have which of the following limitations? A. Users cannot reuse recent passwords. B. Users cannot create passwords containing names of relatives. C. Users cannot create passwords containing names of historical figures. D. Users cannot create passwords that duplicate those of any other users on the network.
A. A history requirement in a password policy prevents users from specifying any one of their most recently used passwords. Although creating passwords using the names of relatives and historical figures is not recommended, it is not something that is easy to prevent. Each user maintains his or her own password history; there is no conflict with the passwords of other users.
Which of the following is the term used to describe a wiring nexus that is typically the termination point for incoming telephone and Wide Area Network (WAN) services? A. MDF B. MTBF C. IDF D. RDP E. MOU
A. A large enterprise network will—at minimum—have demarcation points for telephone services and a connection to an Internet Service Provider's (ISP's) network. In many cases, these services will enter the building in the same equipment room that houses the backbone switch. This room is then called the Main Distribution Frame (MDF). An Intermediate Distribution Frame (IDF) is the location of localized telecommunications equipment such as the interface between the horizontal cabling and the backbone. Mean Time Between Failure (MTBF), Remote Desktop Protocol (RDP), and Memorandum of Understanding (MOU) are not locations of network wiring.
Which of the following is the term usually applied to a representation of network devices, automatically compiled, and containing information such as IP addresses and connection speeds? A. Network map B. Network diagram C. Cable diagram D. Management information base
A. A network map is a depiction of network devices, not drawn to scale, with additional information added, such as IP addresses and link speeds. In most cases, network maps are automatically created by a software product, such as Nmap, that scans the network and creates a display from the information it discovers. The term network diagram is most often used to refer to a manually created document containing pictograms of network devices, with lines representing the connections between them. The diagram might be roughly similar to the actual layout of the site, but it is usually not drawn to scale. A cable diagram is a precise depiction of the cable runs installed in a site. Often drawn on an architect's floor plan or blueprint, the cable diagram enables network administrators to locate specific cables and troubleshoot connectivity problems. A Management Information Base (MIB) is a component of a network management system that is based on the Simple Network Management Protocol (SNMP) and contains information about only one device; it does not depict all of the devices on the network.
The cable plant for your company network was installed several years ago by an outside contractor. Now, some of the paper labels have fallen off your patch panels, and you do not know which wall plate is connected to each port. Assuming that you are working on a properly maintained and documented network installation, which of the following is the easiest way to determine which port is connected to which wall plate? A. Consult the cable diagram provided by the cabling contractor at the time of the installation. B. Call the cable installation contractor and see if he or she can remember which ports go with which wall plates. C. Attach a tone generator to a patch panel port and then test each wall plate with a locator until you find the correct one. Repeat this for each port that needs labeling. D. Use a cable certifier to locate the patch panel port associated with each wall plate port.
A. A reputable cable installer should supply a cable diagram that indicates the locations of all the cable runs on a plan or blueprint of the site. You should be able to use this to determine which ports go with which wall plates. A busy cable installer is unlikely to remember specific details about an installation performed years ago. Using a tone generator and locator is an effective way to associate ports and wall plates, but it can be incredibly time consuming and is certainly not the easiest method. A cable certifier can test the cable run for faults, measure its length, and perform other tests, but it cannot specify which wall plate goes with which port, unless you entered that information yourself earlier
Which of the following is most likely to be the last step in a change management procedure? A. Documentation B. Notification C. Approval D. Scheduling
A. After a change is requested, approved, scheduled, and performed, everyone involved should be notified, and the entire process should be documented for future reference.
The precise locations of devices in a datacenter are typically documented in which of the following documents? A. Rack diagram B. Network map C. Wiring schematic D. Logical diagram E. Business continuity plan F. Audit and assessment report
A. Datacenters typically mount components in racks, 19-inch-wide and approximately 6-foot-tall frameworks in which many networking components are specifically designed to fit. A rack diagram is a depiction of one or more racks, ruled out in standardized 1.752-inch rack units, and showing the exact location of each piece of equipment mounted in the rack. Network maps, wiring schematics, and logical diagrams are documents that define the relationships between components, not their precise locations. A business continuity plan describes the organization's disaster prevention and recovery policies. An audit and assessment report is a document—often prepared by a third party—that summarizes the organization's security posture
Which of the following syslog message severity levels indicates that a system is unusable? A. 0 B. 1 C. 2 D. 3 E. 4
A. Every syslog message includes a single-digit severity code. Code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 1 is an alert message, indicating that immediate action is needed. Severity code 2 is a critical condition message, and code 3 is an error condition. Code 4 is a warning message
Which of the following terms best describes the Security Information and Event Management (SIEM) process of consolidating log information from multiple sources? A. Data aggregation B. Forensic analysis C. Correlation D. Retention
A. In SIEM, data aggregation is a process of consolidating log information from multiple sources. Forensic analysis is a process of searching logs on multiple computers for specific information based on set criteria and time periods. Correlation is the process of linking logged events with common attributes together. Retention is the long-term storage of log data.
Which of the following Windows applications would you most likely use to create a baseline of system or network performance? A. Performance Monitor B. Event Viewer C. Syslog D. Network Monitor
A. Performance Monitor is a Windows application that can create logs of specific system and network performance statistics over extended periods. Such a log created on a new computer can function as a baseline for future troubleshooting. Event Viewer is a Windows application for displaying system log files; it cannot create a performance baseline. Syslog is a log compilation program originally created for Unix systems; it does not create performance baselines. Network Monitor is a protocol analyzer. Although it can capture a traffic sample that can function as a reference for future troubleshooting efforts, this ability cannot be called a performance baseline.
Which of the following indicators is typically not included in an operating system's performance monitoring tool, such as the Windows Performance Monitor or the MacOS Activity Monitor? A. Temperature B. CPU/processor activity C. Memory consumption D. Network utilization E. Storage statistics
A. Performance monitoring utilities typically provide statistics on the Central Processing Unit (CPU), memory, network, and disk usage, but not computer temperature monitoring.
You are working for a company with numerous branch offices scattered around the country, and you are required to travel to these offices frequently. Each branch office has some means of accessing the network at the company headquarters. Some use frame relay, some use Virtual Private Networks (VPNs), and a few even use dial-in access. During one trip, you mention to a branch office manager that you intend to connect to the headquarters network that night from your hotel room. The manager warns you that this is against company policy, but you are not so sure. Where in the company documentation should you look to confirm this? A. Remote access policies B. Service level agreement C. Acceptable use policy D. Privileged user agreement
A. Remote access policies specify when and how users are permitted to access the company network from remote locations. A Service Level Agreement (SLA) is a contract between a provider and a subscriber that specifies the guaranteed availability of the service. Acceptable Use Policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. A privileged user agreement specifies the abilities and limitations of users with respect to the administrative accounts and other privileges they have been granted.
Which of the following is the most likely cause of runt and giant frames on an Ethernet network interface? A. A network adapter malfunction B. Half-duplex communication C. Excessive cable length D. Electromagnetic interference
A. Runts and giants are typically the result of a network interface adapter malfunction. Runt frames occur on an Ethernet network when a network interface generates packets that are smaller than the 64-byte minimum allowable length. Giants occur when frames are larger than the 1518-byte maximum allowable length. Collisions are normal on a half-duplex network, but runts and giants are not. Late collisions occur when network cables are too long. Electromagnetic interference is a likely cause of Cyclic Redundancy Check (CRC) errors, but not runts and giants
Which of the following technologies provides both real-time monitoring of security events and automated analysis of the event information gathered? A. SIEM B. SNMP C. SEM D. SIM
A. Security Information and Event Management (SIEM) is a product that combines two technologies: security event management (SEM) and security information management (SIM). Together, the two provide a combined solution for gathering and analyzing information about a network's security events. Simple Network Management Protocol (SNMP) is a technology that gathers information about managed devices
Which of the following, originally created for the UNIX sendmail program, is now a standard for message logging that enables tools that generate, store, and analyze log information to work together? A. Syslog B. Netmon C. Netstat D. Top
A. Syslog is a standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail SMTP server, across an Internet Protocol (IP) network to a message collector, called a syslog server. Network Monitor (Netmon) is a protocol analyzer. Netstat is a program that displays status information about a system's network connections. Top is a utility to display system processes. None of these provide logging services
Which of the following was created to provide logging services for the Unix sendmail program? A. Syslog B. Netstat C. SNMP D. CARP
A. Syslog is a standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail Simple Network Management Protocol (SMTP) server, across an Internet Protocol (IP) network to a message collector, called a syslog server. Netstat is a program that displays status information about a system's network connections; it does not provide logging services. SNMP is a protocol that carries network management information from agents to a central console; it was not created specifically for sendmail. The Cache Array Routing Protocol (CARP) enables proxy servers to exchange information; it does not provide logging services.
Which of the following log types is the first place that a Windows administrator should look for information about a server's activities? A. System log B. Setup log C. Application log D. Security log
A. System logs document the server's startup activities and the ongoing status of its services and device drivers. When a problem occurs or the server's status changes, the system logs can provide information about what happened and when.
You are the network administrator of your company's network. Your company wants to perform a baseline analysis of network-related traffic and statistics. They want to track broadcasts, Cyclical Redundancy Check (CRC) errors, and collisions for all traffic traversing a switched network. In addition, they want to provide historical and daily reports for management. They also want to keep track of software distribution and metering. What type of network software product best meets these needs? A. SNMP management B. Protocol analyzer C. Performance Monitor D. Network traffic monitor
A. The best solution is to implement Simple Network Management Protocol (SNMP). This includes a management console, agents, and Management Information Bases (MIBs). SNMP allows you to track statistical network information (historical and current) and produce reports for baseline analysis and troubleshooting. Some SNMP products also allow you to track software distribution and metering. Protocol analyzers are best used for troubleshooting problems in real time and are not used for software distribution and metering. Performance Monitor is a tool that allows you to track performance statistics for one system at a time and does not include software distribution and metering. There is no such product as a network traffic monitor.
After switching from a standard public switched telephone network (PSTN) telephone system to a Voice over Internet Protocol (VoIP) system, users are complaining of service interruptions and problems hearing callers at certain times of the day. After examining a network traffic audit and assessment report, you determine that traffic levels on the Internet connection are substantially higher during the first and last hours of the day, the same times when most of the users experienced problems. Which of the following solutions can provide more reliable VoIP service during peak usage times? A. Implement traffic shaping B. Implement load balancing C. Upgrade the Local Area Network (LAN) from Fast Ethernet to Gigabit Ethernet D. Replace the router connecting the LAN to the Internet with a model that supports Simple Network Management Protocol (SNMP).
A. Traffic shaping is a technique for prioritizing packets by buffering packets that are not time sensitive for later transmission. You can use this technique to give VoIP packets priority over other types of traffic. Load balancing can conceivably improve the performance of a server, but it cannot help to relieve traffic congestion on the Internet link. The traffic congestion is on the Internet connection, not the LAN, so upgrading to Gigabit Ethernet will not help. SNMP is a protocol used by network management products; it will not relieve the traffic congestion problem.
You are the first responder to an incident of computer crime at your company. The datacenter's security has been penetrated, a server accessed, and sensitive company data stolen. The company's incident response plan lists the specific tasks that you are responsible for performing. Which of the following are likely to be among those tasks? (Choose all that apply.) A. Turn off the server. B. Secure the area. C. Document the scene. D. Collect evidence. E. Cooperate with the authorities.
B, C, D, E. While securing the area to prevent contamination of evidence, documenting the scene with photographs or video, collecting any evidence that might be visible, and cooperating with the authorities are tasks that are likely to be in the company's incident response policy. Turning off the server most certainly would not, because this could disturb or delete evidence of the crime.
Which of the following U.S. organizations are capable of imposing international export controls on software products? (Choose all that apply.) A. The company that created the software B. Department of State C. Department of Commerce D. Department of the Treasury
B, C, D. The U.S. government controls exports of sensitive software and other technology as a means to maintain national security interests and foreign policy agreements. Three U.S. agencies have the authority to issue export licenses: the Department of State, the Department of Commerce, and the Department of the Treasury. Individual software developers do not have the authority to impose their own export controls.
Which of the following network applications are most likely to be obviously affected by the wired network connectivity problem known as jitter? (Choose all that apply.) A. Email B. VoIP C. Streaming video D. Instant messaging
B, C. Jitter is a connectivity problem on wired networks that is caused by individual packets that are delayed due to network congestion, different routing, or queuing problems. When individual packets in a data stream are delayed, the resulting connectivity problem is called jitter. While this condition might not cause problems for asynchronous applications, such as email and instant messaging, real-time communications, such as Voice over Internet Protocol (VoIP) or streaming video, can suffer intermittent interruptions, from which the phenomenon gets its name.
Which of the following statements about the Simple Network Management Protocol (SNMP) are not true? (Choose all that apply.) A. To effectively monitor a network using SNMP, you must be sure that all of the equipment you purchase when designing and building your network supports the protocol. B. SNMP is not only the name of a protocol, it is also the name of a network management product. C. SNMPv1 and SNMPv2 rely on a community string as their only means of security. D. Most of the network management products on the market today support SNMPv3.
B, C. SNMP is not the name of a network management product; it is just the name of the protocol that provides a framework for the interaction of the various components in a network management product. SNMPv1 uses a community string, but SNMPv2 does not. The interim version SNMPv2c retains the community string from version 1 in place of the new version 2 security system. When you see a network interface adapter, switch, router, access point, or other device that purports to be managed or that claims to have network management capabilities, this usually means that the device includes an SNMP agent. Most of today's network management products do support SNMPv3. In addition, many network management products that implement SNMPv3 also include support for the earlier, unprotected versions, such as SNMPv1 and SNMPv2c
Which of the following statements about physical network diagrams and logical network diagrams are true? (Choose all that apply.) A. A physical network diagram is created automatically, and a logical network diagram is created manually. B. A physical network diagram depicts hardware devices and the connections between them. C. A logical network diagram contains all of the information you would need to rebuild your network from scratch. D. A logical network diagram typically contains the IP addresses of network devices.
B, D. A physical network diagram identifies all of the physical devices and how they connect together. A logical network diagram contains IP addresses, firewall configurations, Access Control Lists (ACLs), and other logical elements of the network configuration. Both physical and logical network diagrams can be created automatically or manually. It is the physical network diagram that contains the information needed to rebuild the network from scratch.
Which of the following types of documentation should contain the chemical composition of all cleaning compounds used in a datacenter? A. ESD B. MSDS C. NDA D. BYOD E. SOP
B. A Material Safety Data Sheet (MSDS) is a document created by manufacturers of chemical, electrical, and mechanical products, specifying the potential dangers and risks associated with them, particularly in regard to exposure or fire. A properly documented network should have MSDS documents on file for all of the chemical and hardware products used to build and maintain it. MSDSs can be obtained from the manufacturer or the Environmental Protection Agency (EPA). Electrostatic discharges (ESDs), Non-Disclosure Agreements (NDAs), Bring Your Own Device (BYOD) policies, and standard operating procedures (SOPs) are not concerned with the chemical composition of cleaning compounds.
Which of the following statements best describes a baseline? A. A baseline is an estimation of expected performance levels, based on manufacturers' specifications. B. A baseline is a record of performance levels captured under actual workload conditions. C. A baseline is a record of performance levels captured under simulated workload conditions. D. A baseline is a record of performance levels captured before the system is actually in use.
B. A baseline is a record of a system's performance under real-world operating conditions, captured for later comparison as conditions change. The workload during a baseline capture should be genuine, not simulated or estimated
A server with dual power supplies must be running in which of the following modes for the system to be fault tolerant? A. Combined mode B. Redundant mode C. Individual mode D. Hot backup mode
B. A server with dual power supplies can run in one of two modes: redundant or combined. In redundant mode, both power supplies are capable of providing 100 percent of the power needed by the server. Therefore, the server can continue to run if one power supply fails, making it fault tolerant. In combined mode, both power supplies are needed to provide the server's needs, so a failure of one power supply will bring the server down. Individual mode and hot backup mode are not terms used for this purpose.
A rack diagram is typically ruled into vertical rack units, which are standard-sized divisions that hardware manufacturers use when manufacturing rack-mountable components. Which of the following is the standard vertical height of a single rack unit? A. 1.721 inches B. 1.75 inches C. 40 mm D. 3.5 inches
B. A single rack unit is 1.75 inches, or 44.5 mm. Option A, 1.721 inches, is the height used for many components that are one rack unit tall, leaving a small space between components for easy insertion and removal.
Which of the following is a document that a company's new hires might want to consult to determine whether they are permitted to install their own personal software on company computers? A. SLA B. AUP C. NDA D. BYOD
B. Acceptable Use Policies (AUPs) specify whether and how employees can utilize company owned hardware and software resources. AUPs typically specify what personal work employees can perform, what hardware and software they can install, and what levels of privacy they are permitted when using company equipment. A Service Level Agreement (SLA) is a contract between a provider and a subscriber. A Non-Disclosure Agreement (NDA) specifies what company information employees are permitted to discuss outside the company. A Bring Your Own Device (BYOD) policy specifies how employees can connect their personal devices to the company network.
How do account lockouts help to prevent intruders from cracking passwords? A. By forcing users to select passwords of a minimum length B. By preventing users from entering incorrect passwords more than a specified number of times C. By preventing users from reusing the same passwords D. By requiring an additional authentication method, such as a fingerprint
B. Account lockouts limit the number of incorrect passwords that a user can enter. This prevents intruders from using a brute force attack to crack the account by trying password after password. After a specified number of incorrect tries, the account is locked for a specified length of time or until an administrator unlocks it
Which of the following data loss prevention terms is used to describe potential dangers of data loss or data leakage to unauthorized parties while the data is stored without being used? A. Data in use B. Data at rest C. Data in motion D. Data on disk
B. Data at rest describes data that is currently in storage while not in use. Data in motion is the term used to describe network traffic. Data in use describes endpoint actions working with the data, and data on disk is not one of the standard data loss prevention terms.
At what humidity level do electronic components become vulnerable to damage from electrostatic shock? A. Below 30 percent B. Below 50 percent C. Above 70 percent D. Above 90 percent
B. Humidity prevents the buildup of static electricity that can cause discharges that damage equipment. Humidity levels of 50 percent or lower can cause equipment to be susceptible to electrostatic shock.
Which of the following IT asset management documents published by the International Organization for Standardization (ISO) defines a standard for Software Identification Tags (SWIDs) containing inventory information about the software running on a computer or other device? A. ISO 19770-1 B. ISO 19770-2 C. ISO 19770-3 D. ISO 19770-4 E. ISO 19770-5
B. ISO 19770 is a family of IT Asset Management (ITAM) standards that defines procedures and technology for the management of software and related assets in a corporate infrastructure. ISO 19770-2 defines the creation and use of SWID tags, which are XML files containing management and identification information about a specific software product. The other standards define other ITAM elements, such as compliance with corporate governance (ISO 19770-1) and resource utilization measurement (ISO 19770-4).
When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem? A. Add memory to the system. B. Install a second network adapter. C. Update the network adapter's firmware. D. Install a second processor.
B. If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet. The other solutions could conceivably address the problem, but their success is less likely
Which of the following Security Information and Event Management (SIEM) processes performs searches for specific criteria, during specific time frames, in logs located on different computers? A. Data aggregation B. Forensic analysis C. Correlation D. Retention
B. In SIEM, forensic analysis is a process of searching logs on multiple computers for specific information based on set criteria and time periods. Data aggregation is a process of consolidating log information from multiple sources. Correlation is the process of linking logged events with common attributes together. Retention is the long-term storage of log data.
Which of the following is a feature included in some routers that collects and analyzes network traffic data sent or received through a network interface? A. Netmon B. Netflow C. Netstat D. Nbtstat
B. Netflow is a network traffic monitoring feature first introduced in Cisco routers in 1996. Netmon, Netstat, and Nbtstat are all operating system utilities, not router features.
Which of the following statements about network maps is true? A. Network maps are typically drawn to scale. B. Network maps typically contain more information than network diagrams. C. Network maps must be read/write accessible to all personnel working on the network. D. Network maps diagram only the locations of cable runs and endpoints.
B. Network diagrams typically specify device types and connections, but network maps can also include IP addresses, link speeds, and other information. Network maps diagram the relationships between devices, and provide information about the links that connect them, but they are not drawn to scale and usually do not indicate the exact location of each device. Although universal accessibility would be desirable, there are individuals who should not have access to network maps and other documentation, including temporary employees and computer users not involved in IT work. A network map includes all networking devices, not just cable runs and endpoints.
Which of the following terms would apply to the procedure of adding a user's personal smartphone to the network under a Bring Your Own Device (BYOD) policy? A. Out-of-band B. On-boarding C. In-band D. Off-boarding
B. The process of adding a user's personal device and allowing it to access the company network is called on-boarding. Removing the personal device from the network would be called off-boarding. In-band and out-of-band are terms defining methods for gaining administrative access to a managed network device
Which of the following is the primary result of an organization's security incident response policies? A. To know how to respond to a particular incident B. To prevent an incident from occurring again C. To identify the cause of an incident D. To document the procedures leading up to an incident
B. While incident response policies might include the process of responding to an incident and identifying and documenting its cause, the primary function of incident response policies is to ensure that the same incident does not happen again.
Which of the following data loss prevention terms is used to describe dangers pertaining to data that is being transmitted over a network? (Choose all that apply.) A. Data in use B. Data at rest C. Data in motion D. Data in transit
C, D. Data in motion and data in transit are the terms used to describe network traffic. Data in use describes endpoint actions, and data at rest describes data storage.
Log management typically consists of which of the following tasks? (Choose all that apply.) A. Rollback B. Utilization C. Security D. Cycling
C, D. Logs frequently contain sensitive information, so securing them with the appropriate permissions is an essential part of log management. Logs also can grow to overwhelm the storage medium on which they are stored, so cycling is a technique for managing log size by configuring it to delete the oldest record each time a new one is added. Rollback and utilization are not log management tasks.
SIEM products combine the capabilities of which of the following? (Choose all that apply.) A. Syslog B. SNMP C. SEM D. SIM
C, D. Security Information and Event Management (SIEM) is a product type that combines two technologies: security event management (SEM) and security information management (SIM). Together, the two provide a combined solution for gathering and analyzing information about a network's security events. Simple Network Management Protocol (SNMP) is a technology that gathers information about managed devices. Syslog is a standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail Simple Network Management Protocol (SMTP) server, across an Internet Protocol (IP) network to a message collector, called a syslog server. Neither SNMP nor syslog capabilities are typically included in SIEM products.
You are going to work for a new company as a software developer, and Human Resources (HR) has notified you that you must sign a document guaranteeing that you will maintain confidentiality about the company's products and programming code in perpetuity. Which of the following documents contains this agreement? A. SLA B. AUP C. NDA D. MOU E. BYOD
C. A Non-Disclosure agreement (NDA) specifies what company information employees are permitted to discuss outside the company. A Service Level Agreement (SLA) is a contract between a provider and a subscriber that specifies the percentage of time that the contracted services are available. Acceptable Use Policies (AUPs) specify whether and how employees can utilize company-owned hardware and software resources. A Memorandum of Understanding (MOU) is a document outlining an agreement between two parties that precedes the signing of a contract. A Bring Your Own Device (BYOD) policy specifies the personal electronics that employees are permitted to use on the company network and documents the procedures for connecting and securing them.
Account lockout policies are designed to protect against which of the following types of attacks? A. Social engineering B. Spoofing C. Brute force D. Man in the middle
C. A brute-force password attack is one in which the perpetrator tries as many passwords as possible in an effort to guess or deduce the right one. Account lockout policies are intended to prevent this type of attack by limiting the number of incorrect password attempts.
Your company has been acquired by another firm and, as IT director, you will have to comply with the new firm's safety policies in your datacenter and other IT workspaces. One of the new requirements states that there must be a fail closed policy for the datacenter. Which of the following best describes what this policy dictates should occur in the event of an emergency? A. All computers that are logged on should automatically log off. B. All computers that are running should automatically shut down. C. All doors that are normally open should lock themselves. D. All doors that are normally locked should open themselves.
C. A fail closed policy for the datacenter specifies that any open doors should lock themselves in the event of an emergency. To support this policy, the datacenter will have to have a self-contained fire suppression system, which uses devices such as fire detectors and oxygen displacing gas systems
Which of the following is not likely to be a procedural element of an IT asset disposal policy? A. Data deletion B. Recycling C. Data preservation D. Inventory
C. An IT asset disposal policy typically includes procedures to be performed on assets that have reached the end of their system life cycle and that are ready for final processing. This includes the wiping of all data, the completion of inventory records, and the possible recycling of the asset. The policy assumes that all data requiring preservation has already been preserved before the asset is submitted for disposal. Therefore, data preservation procedures are not needed at this phase.
Which of the following is the term used to describe a wiring nexus—typically housed in a closet—where horizontal networks meet the backbone? A. MDF B. MTBF C. IDF D. SLA E. MOU
C. An Intermediate Distribution Frame (IDF) is the location of localized telecommunications equipment such as the interface between a horizontal network, which connects to workstations and other user devices, and the network backbone. A large enterprise network will typically have demarcation points for telephone services and a connection to an Internet Service Provider's (ISP's) network. In many cases, these services will enter the building in the same equipment room that houses the backbone switch. This room is then called the Main Distribution Frame (MDF). Mean Time Between Failure (MTBF), Service Level Agreements (SLAs), and Memoranda of Understanding (MOUs) are not locations of network wiring.
Which of the following is the most likely cause of Cyclic Redundancy Check (CRC) errors on an Ethernet network interface? A. Half-duplex communication B. A network adapter malfunction C. Electromagnetic interference D. Excessive cable length
C. Electromagnetic interference is the likely cause of CRC errors. A network interface adapter malfunction can cause runts and giant frames. Collisions are normal on a half-duplex network, but CRC errors are not. Late collisions occur when network cables are too long, but they do not cause CRC errors.
A diagram of a telecommunications room or Intermediate Distribution Frame (IDF) for an office building is typically based on which of the following? A. A hand-drawn sketch B. A series of photographs C. An architect's plan D. A 3D model E. A site survey report
C. IDF diagrams should be based on an architect's plan whenever possible so that actual lengths and locations of cable runs can be documented. In situations where an architect's plan is not available, a detailed sketch, drawn to scale, can be acceptable. Photographs, models, and reports are impractical for this purpose.
The term off-boarding refers to which of the following procedures? A. Removing a node from a cluster B. Disconnecting all cables from a switch C. Revoking a user's network privileges D. Retiring old workstations
C. On-boarding and off-boarding are identity management processes in which users are added or removed from an organization's identity and access management (IAM) system. Off-boarding revokes a user's privileges when he or she leaves the company. The term off-boarding does not refer to cluster management, disconnecting a switch, or retiring workstations.
At what point in the installation process should patch panel ports and wall plates be labeled? A. When the patch panels and wall plates are installed B. When a length of cable is cut from the spool C. When the cables are attached to the connectors D. When the cable runs are tested, immediately after their installation
C. Patch panel ports and wall plates should be labeled when the cable runs are attached to them. Labeling them at any earlier time can result in cable runs being connected incorrectly.
A rack diagram is typically ruled vertically using which of the following measurements? A. Inches B. Centimeters C. Units D. Grids
C. Rack diagrams use vertical measurement called units, each of which is 1.75 inches. Most rack-mounted devices are one (1U), two (2U), or four units (4U) tall.
Alice is implementing a new password policy that requires all users to change their passwords every seven days. What further modification can she make to the password policy to prevent users from thwarting the password change requirement? A. Specify a minimum password length B. Require the use of special characters C. Require the creation of unique passwords D. Specify a maximum password change interval
C. Requiring unique passwords can prevent users from thwarting a password change policy by reusing the same passwords over and over. Password length, password character sets, and password change interval maximums can do nothing to thwart a frequent password change policy.
Which of the following elements would you typically not expect to find in a Service Level Agreement (SLA) between an Internet Service Provider (ISP) and a subscriber? A. A definition of the services to be provided by the ISP B. A list of specifications for the equipment to be provided by the ISP C. The types and schedule for the technical support to be provided by the ISP D. The types of applications that the subscriber will use when accessing the ISP's services
D. An ISP provides subscribers with access to the Internet. The applications that the subscriber uses on the internet are typically not part of the SLA. An SLA does typically specify exactly what services the ISP will supply, what equipment the ISP will provide, and the technical support services the ISP will furnish as part of the agreement.
Which of the following is not an SNMP component? A. MIBs B. Traps C. OIDs D. CRCs
D. Cyclical Redundancy Checks (CRCs) are faults that occur when data does not arrive at its destination in the same state as when it was sent; they are not Simple Network Management Protocol (SNMP) components. Management Information Bases (MIBs), traps, and Object Identifiers (OIDs) are all components of a Simple Network Management Protocol (SNMP) implementation.
Which of the following syslog message severity levels indicates that the message is purely informational? A. 0 B. 2 C. 4 D. 6 E. 7
D. Every syslog message includes a single-digit severity code. Code 6 indicates that the message is purely informational. Code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 2 is a critical condition message, and code 4 is a warning message. Code 7 is used strictly for debugging.
You are an IT director, and a fire has broken out in the lower floors of your company's office building. After the personnel are evacuated, the fire department asks you where they can find documentation about all chemicals and equipment used in the company's datacenter, which is threatened by the fire. You direct them to the correct filing cabinet in your office, which contains which of the following document types? A. ESD B. NDA C. BYOD D. MSDS
D. Material Safety Data Sheets (MSDSs) are documents created by manufacturers of chemical, electrical, and mechanical products, which specify the potential risks and dangers associated with them, particularly in regard to flammability and the possibility of toxic outgassing. A properly documented network should have MSDS documents on file for all of the chemical and hardware products used to build and maintain it. MSDSs can be obtained from the manufacturers or the Environmental Protection Agency (EPA). Electrostatic discharges (ESDs), Non-Disclosure Agreements (NDAs), and Bring Your Own Device (BYOD) policies are not concerned with the dangers inherent in building contents.
A Simple Network Management Protocol (SNMP) console can inform administrators when a managed device requires attention. For this to occur, the agent in the device first has to send a message to the console. What is the term used for a message sent by an SNMP agent to the central console? A. Ping B. Alert C. Notification D. Trap
D. Messages that SNMP agents send to consoles when an event needing attention occurs are called traps. Alerts and notifications are terms for the messages that the console sends to administrators. A ping is an Internet Control Message Protocol (ICMP) echo request message sent from one TCP/IP computer to another.
When a service fails to start on a Windows server, an entry is typically created in which of the following event logs? A. Application B. Security C. Setup D. System
D. On a Windows system, information about services, including successful service starts and failures, is recorded in the System event log. The Application, Security, and Setup logs typically do not contain this type of information
The terms on-boarding and off-boarding are typically associated with which of the following policies? A. Data loss prevention B. Incident response C. Inventory management D. Identity management E. Disaster recovery F. Business continuity
D. On-boarding and off-boarding are identity management processes in which users are added or removed from an organization's identity and access management (IAM) system. This grants new users the privileges they need to use the network, modifies their privileges if they change positions, and revokes privileges when they leave the company. On-boarding and off-boarding are not data loss prevention, incident response, inventory management, disaster recovery, or business continuity processes.
Which of the following tasks is not considered to be part of an IT department's incident response plan? A. Stopping an ongoing incident B. Containing the damage caused by an incident C. Repairing the damage caused by an incident D. Rebuilding an infrastructure destroyed by an incident
D. Once a network infrastructure has been partially or completely destroyed, it is no longer a matter of incident response; the responsibility passes over to the disaster recovery plan, which requires a different set of policies. Stopping, containing, and remediating an incident are all considered incident response policies.
Which of the following IT asset management documents published by the International Organization for Standardization (ISO) provides an overview of the ITAM concepts discussed in the ISO 19770 family of standards? A. ISO 19770-1 B. ISO 19770-2 C. ISO 19770-3 D. ISO 19770-4 E. ISO 19770-5
E. ISO 19770 is a family of IT Asset Management (ITAM) standards that defines procedures and technology for the management of software and related assets in a corporate infrastructure. ISO 19770-5 provides a general overview of the functions provided by the standards and their benefits to an IT infrastructure. The other standards define other ITAM elements, such as compliance with corporate governance (ISO 19770-1), creation and use of software ID (SWID) tags (ISO 19770-2), and resource utilization measurement (ISO 19770-4).
Which of the following is not a type of error typically found in network interface statistics? A. Runt B. Encapsulation C. Giant D. CRC E. Jumbo
E. Jumbo frames is a feature supported by some Ethernet implementations that enable frames to exceed the 1500-byte maximum data payload defined in the IEEE 802.3 standard. Runt frames, giant frames, Cyclical Redundancy Check (CRC) errors, and encapsulation errors are all types of errors typically reported in network interface diagnostics.
Which of the following syslog message severity levels indicates a call for immediate action? A. 0 B. 1 C. 2 D. 3 E. 4
Which of the following syslog message severity levels indicates a call for immediate action? A. 0 B. 1 C. 2 D. 3 E. 4
