Domain 3
Your network uses the following backup strategy. You create: Full backups every Sunday night. Incremental backups Monday night through Saturday night. On a Thursday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?
Four
Which backup strategy backs up all files from a computer's file system (regardless of whether the file's archive bit is set or not) and then marks them as backed up?
Full
You maintain the network for an industrial manufacturing company. A short-circuit of a switch in the server room starts an electrical fire. Which of the following should you use to suppress the fire?
Halon or CO2
Which of the following devices accepts incoming client requests and distributes those requests to specific servers?
Load balancer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?
Packet sniffer
What is the definition of bandwidth?
The amount of data that can be transferred from one place to another in a specific amount of time.
You have a WAN link that connects two sites. It's supposed to provide 1.5 Mbps of bandwidth. You want to perform a test to see the link's actual bandwidth. Which tool should you use?
Throughput tester
Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company's customer database. Which action should you take? (Select two. Each response is part of a complete solution.)
Train sales employees to use their own user accounts to update the customer database. Delete the account that the sales employees are currently using.
You have just configured the password policy and set the minimum password age to 10. What is the effect of this configuration?
Users cannot change the password for 10 days.
You suspect that the gshant user account is locked. Enter the command you would use in Command Prompt to display the account's status.
passwd -S gshant
Which of the following is true about a community string?
A community string identifies devices under the same administrative control.
Which of the following accurately describe what a protocol analyzer is used for? (Select two.)
A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack). A passive device that is used to copy frames and allow you to view frame contents.
Which of the following is true about processor performance?
A healthy system's CPU utilization should average around 40%.
Which of the following pieces of information are you MOST likely to find in a policy document?
A requirement for using encrypted communications for web transactions
Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60%, and the temperature is 80 degrees. What should you do to help reduce future problems?
Add a separate A/C unit in the server room.
Which of the following defines an Acceptable Use Agreement?
An agreement that identifies the employees' rights to use company property, such as internet access and computer equipment, for personal use.
Where can you check your CPU's temperature?
BIOS
What does SNMP use to identify a group of devices under the same administrative control?
Community strings
For users on your network, you want to automatically lock user accounts if four incorrect passwords are used within 10 minutes. What should you do?
Configure account lockout policies in Group Policy
You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days. What should you do?
Configure account policies in Group Policy.
You have hired 10 new temporary employees to be with the company for three months. How can you make sure that these users can only log on during regular business hours?
Configure day/time restrictions in user accounts.
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, which is a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer, and he would like his account to have even stricter password policies than are required for other members in the Directors OU. What should you do?
Create a granular password policy for Matt. Apply the new policy directly to Matt's user account.
Which of the following information are you MOST likely to find in a procedure document?
Details on how to test and deploy patches
Which backup strategy backs up only files that have the archive bit set and does not mark them?
Differential
You suspect that a bad video driver is causing a user's system to randomly crash and reboot. Where would you go to identify and confirm your suspicions?
Dump files
Which of the following is the term for a calculation of how often bits are damaged in transit due to electromagnetic interference?
Error rate
You would like to get a feel for the amount of bandwidth that you are using on your network. What is the first thing you should do?
Establish a baseline
Most equipment is cooled by bringing cold air in the front and ducting the heat out the back. What is the term for where heat is sent?
Hot aisle
Which of the following are reasons to use a protocol analyzer? (Select two.)
Identify users that are connecting to unauthorized websites Find devices that might be using legacy protocols, such as IPX/SPX or NetBIOS
You have been using SNMP on your network for monitoring and management, but you're concerned about the security of this configuration. What should you do to increase security in this situation?
Implement version 3 of SNMP
What is the purpose of using Ethernet bonding? (Select two.)
Increases network performance Provides a failover solution for network adapters
Which of the following does an agent send to the manager to confirm the receipt of a transmission?
Inform
What does a differential backup do during the backup process?
It backs up all files with the archive bit set and does not reset the archive bit.
Which of the following is true of an incremental backup's process?
It backs up all files with the archive bit set and resets the archive bit.
Which of the following provides information on the subnets within your network, including the subnet addresses and the routers connecting each subnet?
Network diagram
Which of the following is a contract in which both parties agree not to share proprietary or confidential information gathered during the business relationship?
Non-Disclosure Agreement
Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived. On a Wednesday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?
One
Which of the following are backed up during a differential backup?
Only files that have changed since the last full backup.
Which of the following are backed up during an incremental backup?
Only files that have changed since the last full or incremental backup.
You suspect that your web server has been the target of a denial-of-service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you MOST likely examine?
Performance
In addition to performing regular backups, what must you do to protect your system from data loss?
Regularly test restoration procedures.
Of the following restoration processes, which would result in the fastest restoration of all data if a system failure occurred on Friday?
Restore the full backup from Sunday and the last differential backup.
Which protocol uses traps to send notifications from network devices?
SNMP
Each of the following are tools used to check a network's health. Which of these is typically used for managing and sending messages from one computer system to another?
Syslog
Which of the following is a standard for sending log messages to a central logging server?
Syslog
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts occurred. Which log type should you check?
System
Your network uses the following backup strategy. You create: Full backups every Sunday night. Differential backups Monday night through Saturday night. On Thursday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?
Two
Your computer seems to be running slowly. In particular, you notice that the hard drive activity light remains lit when you run multiple applications and switch between open windows. This happens even though you aren't saving large files. What should you do to troubleshoot the problem
Use Resource Monitor to monitor memory utilization.
You are concerned that an attacker can gain access to your web server, make modifications to the system, and alter the log files to hide his or her actions. Which of the following actions would BEST protect the log files?
Use Syslog to send log entries to another server.
Which SNMP component uses GETNEXT messages to navigate the MIB structure?
Walk
Which log file type is one of the most tedious to parse but can tell you exactly when a user logged onto your site and what their location was?
Web server logs
Which operating system does not use Syslog by default?
Windows
You are worried about email spoofing. What can you put throughout an email's header that provides the originating email account or IP address and not a spoofed one?
X-headers
Some users report that frequent system crashes have started happening on their workstations. Upon further investigation, you notice that these users all have received a recent update to the same application. Where would you go to conduct a root cause analysis?
Application log
You have installed a new application on a network device. During testing, it appears as if the software is causing other services on the device to stop responding. Which tool should you consult to identify the problem?
Application log
You are configuring the Local Security Policy on a Windows system. You want to require users to create passwords that are at least 10 characters in length. You also want to prevent login after three unsuccessful login attempts. Which policies should you configure? (Select two.)
Account lockout threshold Minimum password length
Which of the following is the term for when a system is unable to keep up with the demands placed on it?
Bottleneck
You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simplify this process?
Capture filters
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before you implement that device?
Change Management
You are troubleshooting a workstation connection to the network. During your troubleshooting, you replace the drop cable that connects the computer to the network. Which type of document should you update?
Change documentation
You manage your company's website, which uses a cluster of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage and a single connection to your ISP. You want to provide redundancy so that a failure on a single component doesn't cause the website to become unavailable. What should you add to your configuration to accomplish this?
Connect one server to the internet through a different ISP.
You suspect that cache poisoning or spoofing has occurred on your network. Users are complaining of strange web results and being redirected to undesirable sites. Which log would help you determine what's going on?
DNS logs
A web server on your network hosts your company's public website. You want to make sure that a NIC failure on the server does not prevent the website from being accessible on the internet. Which solution should you implement?
Ethernet bonding
You manage a firewall that connects your private network to the internet. You would like to see a record of every packet that has been rejected by the firewall in the past month. Which tool should you use?
Event log
You've heard about a Trojan horse program where the compromised system sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to an attacker. Which log should you monitor?
Firewall
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. Which of the following actions should you take?
Implement a granular password policy for the users in the Directors OU.
You have purchased a solar backup power device to provide temporary electrical power to critical systems in your data center should the power provided by the electrical utility company go out. The solar panel array captures sunlight, converts it into direct current (DC), and stores it in large batteries. The power supplies on the servers, switches, and routers in your data center require alternating current (AC) to operate. Which electrical device should you implement to convert the DC power stored in the batteries into AC power that can be used in the data center?
Inverter
When packets arrive at their destination at different speeds, they sometimes arrive out of order. What does this cause?
Jitter
Which Syslog level indicates an emergency that could severely impact the system and cause it to become unusable?
Level 0
Which Syslog severity level indicates a debugging message?
Level 7
What is the name of the computer that queries agents and gathers responses by sending messages?
Manager
You are configuring the Local Security Policy on a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again. Which policies should you configure? (Select two.)
Minimum password age Enforce password history
You are concerned about attacks directed against your network firewall. You would like to examine the contents of individual frames sent to the firewall. Which tool should you use?
Packet sniffer
Your disaster recovery plan (DRP) calls for backup media to be stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies that you must choose a method that uses the least amount of backup media but also allows you to quickly back up and restore files. Which backup strategy would BEST meet the DRP's specifications?
Perform a full backup once per week and a differential backup the other days of the week.
A new law was recently passed requiring that all businesses must keep a history of the emails sent between members of the board of directors. You need to ensure that your organization complies with this law. Which document type would you update first in response to this new law?
Policy
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that's connected to a hub with three other computers. The hub is connected to a switch that's connected to the router. When you run the software, you see frames addressed to the four workstations but not to the router. Which feature should you configure on the switch?
Port mirroring
You decide to use a packet sniffer to identify the type of traffic being sent to a router. You run the packet sniffing software on a device connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation, not other devices. Which feature should you configure?
Promiscuous mode
Beside protecting a computer from under-voltages, a typical UPS also performs which two actions?
Protects from over-voltages Conditions the power signal
You want to identify the traffic that is generated and sent through a network by a specific application on a device. Which tool should you use?
Protocol analyzer
What does a remote access server use for authorization?
Remote access policies
You have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you can't find any captured packets between Host A and Host B. What should you do?
Run the packet sniffer application on Host B.
Because of an unexplained slowdown on your network, you decide to install monitoring software on several key network hosts to locate the problem. You will then collect and analyze the data from a central network host. Which protocol will the software use to detect the problem?
SNMP
Which of the following improvements to SNMP are included in version 3? (Select two.)
SNMP message encryption Agent and manager authentication
Consider the following output from the show interface fa0/0 command generated on a router: FastEthernet0/0 is up, line protocol is up [...] Auto-duplex, 100Mb/s, 100BaseTX/FX [...] Input queue: 0/75/1771/0 (size/max/drops/flushes); Total output drops: 0 [...] 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15387 packets input, 1736263 bytes, 0 no buffer Received 15241 broadcasts, 0 runts, 0 giants 0 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 watchdog, 0 multicast 0 input packets with dribble condition detected 607 packets output, 6141 bytes, 0 underruns 4 output errors, 10 collisions, 3 interface resets, 0 restarts 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier0 output buffer failures, 0 output buffers swapped out Which of the following statements are true about the fa0/0 interface? (Select three.)
Several collisions have occurred. One cyclic redundancy check error has occurred. The interface is dropping incoming packets.
You have been struggling to keep the temperature in your server room under control. To address this issue, you've decided to reconfigure the room to create hot and cold aisles. Which of the following are true concerning this configuration? (Select two.)
The rear of your servers should face the hot aisle. The front of your servers should face the cold aisle.
What is the definition of latency?
The speed at which data packets travel from source to destination and back.
When an event occurs, the agent logs details regarding the event. What is this event called?
Trap
You are the network administrator for a growing business. When you were hired, the organization was small, and only a single switch and router were required to support your users. During this time, you monitored log messages from your router and switch directly from each device's console. The organization has grown considerably in recent months. Now you manage eight individual switches and three routers. It's becoming more and more difficult to monitor these devices and stay on top of issues in a timely manner.
Use Syslog to implement centralized logging.
You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for file storage and a database server. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a crossover UTP plenum cable that will run through the suspended tile ceiling in the data center. To provide power for the new devices, you had an electrician install several new 20-amp wall outlets near the new rack. Each device on the rack will be plugged directly into one of these new wall outlets. What is wrong with this configuration? (Select two.)
You should implement redundant power supplies for the network devices. You should implement a UPS between the wall outlet and the network devices.
An employee named Bob Smith, whose username is bsmith, has left the company. You have been instructed to delete his user account and home directory. Which of the following commands would produce the desired outcome? (Select two.)
userdel bsmith;rm -rf /home/bsmith userdel -r bsmith
Which of the following utilities could you use to lock a user account? (Select two.)
usermod passwd
You have performed an audit and found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account?
usermod -L joer
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones with no other values changed. Which of the following commands would accomplish this?
usermod -l kjones kscott