C-Plus Chapter 4-6
Raven has been asked to configure the web server with a specific public class B IP address. Which of the following is a possible address she was given?
a. 168.192.10.172
Quinn is currently looking to deploy a new Microsoft SharePoint server farm, a web-based application, into its own VPC. Which of the following ports would be unnecessary for her to leave open on the firewall for usage or management purposes?
a. 22
Arya is looking to install a security appliance that is designed to detect applications and other resources running within the domain and monitor them according to her organization's policies. Which of the following would she want to implement?
a. CASB
Eugene has been given the subnet 10.20.30.0/24 to use for the creation of a group of virtual machines to be used for the sales department. He is used to seeing a subnet mask in the format of four numbers separated by periods (255.255.255.0) along with the subnet ID, but isn't familiar with what the slash and a number mean after the subnet ID. He asks you to help him interpret the information. What term should you tell him to search for on a search engine to learn more about this topic?
a. CIDR
Hodor has a VPC that is only accessed by IP address and does not do any DNS lookups for any of the applications that it runs. Which of the following rules should he add to the firewall?
a. Deny port 53
Sansa has moved the only Linux server within VPC1 to the Linux-only VPC15. The remaining servers in VPC1 all run Windows Server. Which of the following should she do on the firewall for VPC1?
a. Disable port 22
Patti's company has just migrated the only Windows server in a particular VPC to a different VPC. Which of the following should she do next?
a. Disable port 3389 on the firewall of the original VPC.
Bronn is examining the log files and notices a constant stream of traffic initializing sessions to an FTP server coming from a single IP address. Which of the following is most likely occurring?
a. DoS attack
Stannis wants to block any traffic that uses insecure protocols from entering his VPC. Which of the following might he use to accomplish that goal?
a. Firewall
Carl has created a virtual machine on the cloud service provider that his company uses and has given it a static private IP address. He wants to make this server is the new web server for the company's website. Which of the following is required to allow that server to perform in that role?
a. IG
Lara is trying to decide on a protocol to use for a VPN to connect from one cloud service provider to another. She knows there are a variety of protocols out there that can be used for VPNs, but wants to make sure she chooses one that both cloud service providers support and that can be combined with IPsec. Which of the following protocols would she most likely need to choose?
a. L2TP
Cersei wants to protect the application servers within her cloud deployment by implementing granular control of the traffic and workflows in the deployment. Which of the following would she implement?
a. Microsegmentation
Hershel is working with a virtual network that has the subnet mask 255.255.255.192. He changes the IP address of one of the servers from 172.16.25.183 to 172.16.25.193. What is the result of this change?
a. The server will no longer be able to communicate with the devices on the subnetwork that it was previously in without the aid of a router.
Fredrica is installing more infrastructure in her company's on-premises data center. She has installed 10 servers, but there is only one switch in the rack that the new equipment is going in. Which of the following technologies can she use to segment the servers into two groups without having to add a new switch that will also put them into separate broadcast domains?
a. VLAN
Erma wants to look at the current IP configuration on a Linux server. Which of the following tools can she use to view this information? (Choose two)
a. ifconfig c. ip
Olivia manages a group of Windows and Linux servers. She knows there is a command that she can use to view currently open network connections that works on both platforms. Which of the following commands will she most likely use?
a. netstat
Victoria is trying to determine whether one of the new servers she set up on the cloud service provider is reachable and online from her current workstation. Which of the following tools is she most likely trying to use?
a. ping
Darryl has been given the 10.20.30.64/26 network to use for a set of virtual machines that he is provisioning on his company's private cloud. He has been told to configure the last usable IP address in the range as the gateway, or router, address. Which of the following IP addresses should he use for the gateway?
b. 10.20.30.126
Finn needs to create multiple virtual networks using a /28 mask. How many devices can he put on each subnet?
b. 14
Xena has noticed that traffic to her company's website has been increasing from across the world. She has decided to start deploying copies of that server to various regions and wants to direct traffic to the site that is closest to each user. Which of the following technologies could she use to do this?
b. GSLB
Jon recently returned from an IT conference where he learned about a technology that could alert the administrators to any intrusions that may occur by installing software on each of the servers within the cloud deployment. Unfortunately, this particular system wouldn't stop the intrusion automatically. Which of the following technologies did he learn about?
b. HIDS
Podrick wants to implement a technology on the company's servers that will detect any intrusions as well as implement rules or other methods to immediately stop traffic that appears to be an intrusion. Which of the following is he looking to install?
b. HIPS
Nancy was recently reading about a network layer protocol that provides encryption, authentication, and key management for TCP/IP transmissions that is built into the IPv6 protocol stack. Which of the following should she read more about to find out how she can implement it?
b. IPsec
Tyrion wants to use a virtual firewall to filter the types of traffic that are allowed or not allowed into a virtual private cloud instance he has created on the cloud service provider his company uses. Which of the following can he use to accomplish this goal?
b. NACL
Eddard wants to install a VM running in the perimeter network that provides antivirus/anti-malware capabilities for the rest of the network. Which of the following describes the type of VM that he wants to install?
b. NVA
Dwight has just moved all of the Linux servers from the VPC that they shared with some Windows servers to another VPC. Which of the following does he most likely need to do?
b. Remove the rules that allow port 22 from the firewall to the original VPC.
Ezekiel wants to ensure that several of the cloud resources he is responsible for managing are always available. Which of the following might best help him meet his goals of high availability?
b. Site mirroring between two or more regions
Tormund has created a set of firewall rules and has noticed that when there is traffic that matches a rule, the traffic allowed in one direction automatically allows traffic in the other direction for an active connection as long as there is at least one message going in either direction within 10 minutes. What is the name of that type of firewall?
b. Stateful
Jorah is performing an analysis of some of the systems and protocols his company uses. Which of the following, if found in use, should he recommend discontinuing? (Select all that apply)
b. Telnet c. FTP
Simon was asked to create three Linux virtual machines to host the company's new sales application and database server. He is going to be using the company's cloud service provider and was given the 10.20.30.0/30 subnet to put them on. He immediately tells the person giving him this task that he cannot do what is asked of him. Why?
b. The /30 subnet is not large enough for 3 virtual machines.
Gilly is walking down the hallway at her office when she notices someone in a delivery uniform carrying boxes down the hall without an escort. She also doesn't see a visitor's badge, which is supposed to be clipped to a visitor's collar. Which of the following might have just occurred?
b. Unauthorized physical access
Glenn has been tasked with creating a few new virtual machines for a new project that will be used by the finance department. It will contain sensitive data about the company and its operations. Which of the following is the most important thing for Glenn to consider as he's creating the virtual machines?
b. Which region he is creating the virtual machines in
Yolanda wants to see a list of MAC addresses that one of her servers has been communicating with. Which of the following command line tools will display that information?
b. arp
Khal has set up a new web server on the company's private cloud. He has installed the security certificate necessary so that the application can be accessed by HTTPS. He isn't overly familiar with how these certificates work, so he decides to read up on the details. He learns that there is a pair of keys used to encrypt and decrypt the initial communications. Which of the following is the key that does not get sent to the browser?
b. private key
Thelonius has just created a new virtual machine. By default, the cloud service provider automatically configured it as part of a class C private network. Which of the following is the default subnet mask expressed in CIDR notation that was configured?
c. /24
Tara had originally created a /28 mask for the 12 servers in the sales group server pool. However, her company has just merged with a competitor and she needs to expand the subnet to accommodate another 20 servers. Which of the following new subnet masks will accommodate the new servers in addition to the original servers while having the fewest number of unused IP addresses remaining?
c. /26
Rosita has configured a subnet mask of 255.255.252.0 for the new virtual private cloud she is creating for her organization. One of the junior administrators remarks that he's never seen that kind of a subnet mask before and isn't sure how many devices the subnet would hold. How many devices should Rosita tell him that it will support?
c. 1,022
Marcus has been asked to configure a web server with a specific private class C IP address. Which of the following is a possible address she was given?
c. 192.168.205.63
Gabriel has been given the 10.30.0.0 network and told to use the subnet mask 255.255.248.0 for the new cloud infrastructure he is building out for the subsidiary his company just purchased. Assuming one of the IP addresses is used for a virtual router interface on that subnet, how many virtual machines could he create in each subnetwork?
c. 2045
Maggie wants to create a small subnetwork for the Human Resources servers that her organization uses. There are currently 10 servers, but she also needs to plan for 50 percent growth over the next two years. Which of the following subnet masks would give her adequate IP address space while leaving the fewest number of unused IP addresses in the block?
c. 255.255.255.240
Emina has three separate VPCs at the cloud service provider that her company uses. Some of the services in each of the VPCs need to communicate with some of the services in other VPCs on that same CSP. Which of the following might she implement in order to accommodate that requirement?
c. Cloud peering
A year ago Yvette configured two servers on separate VLANs. She still needs them to remain on separate VLANs, but now has a need for them to be able to send certain communications to each other over a certain port. Which of the following will be necessary for her to do?
c. Create a route between the two VLANs so they know how to contact each other.
Fictional Corp has just moved its web server from its on-premises data center to a cloud service provider. Which of the following most likely needs to be changed by an administrator?
c. DNS entries
Ingrid has configured one of the network segments to use a DHCP server to dynamically assign IP addresses. She knows that DHCP can also tell the clients the address of the server that they should use to resolve FQDNs to IP addresses. Which of the following settings should she configure?
c. DNS servers
Abby has just created a new virtual machine. Once it has been installed, she connects to it and finds that it has configured the default subnet mask for a class A network. Which of the following subnet masks was automatically configured for this server?
a. 255.0.0.0
Daenerys is examining the logs of one of the Linux servers as part of a standard auditing process. She comes across a number of entries showing that an administrative account has logged in from a foreign IP address many times over the past six months. She knows that the company doesn't have any operations in the country that the IP address is assigned to. Which of the following might describe the type of attack that has occurred?
a. APT
Tommen is doing an audit and finds that the firewall still includes some rules for some Windows servers that no longer exist in a VPC. The remaining servers all run a variant of Linux. Which of the following rules should he delete from the firewall?
a. Allow port 3389
Michonne currently manages a private cloud that has been built out in an on-premises data center. Some of the servers are reaching the end of their life and she has been tasked with finding a solution that minimizes the amount of capital investment necessary. Which of the following might she choose to implement for her company?
a. VPC
Breanne wants to create a tunneled connection between her on-premises data center and the cloud service provider that her company uses. Which of the following would allow her to create that connection?
a. VPN
Morgan has hardened the virtual machines in the subnet he's just finished creating by turning off unnecessary services that were running in the background. However, he still wants to prevent unnecessary traffic from getting to the servers in the first place. Which of the following might he choose to implement in his cloud environment?
a. Virtual firewall
Missandei's manager has asked her to implement microsegmentation for her company's cloud deployment. She wasn't overly familiar with this term and upon researching came across the reasoning to implement this as being that nothing should be trusted in a cloud environment and every system, communication, and user is considered a threat until proven otherwise. Which of the following concepts does this describe?
a. Zero-trust security model
Bellamy has been asked to configure the virtual router interface for the subnetwork that contains the server with IP address 172.19.101.200 and subnet mask of 255.255.255.128. He is asked to use the first usable IP address of the subnet. Which of the following IP addresses should he use?
b. 172.19.101.129
Beth has been asked to migrate the company's virtual private clouds from class C private addresses to class B private addresses. Which of the following is a valid address for her to change the web server's IP address to?
b. 172.30.101.50
Lexa has been asked for the subnet ID and subnet mask in CIDR notation for one of the web servers in the company's private cloud. The web server has an IP address of 192.168.1.200 and a subnet mask of 255.255.255.192. What should she tell them?
b. 192.168.1.192/26
Rita has decided that the servers in one of the VPCs that she manages should only be reachable by IP address and they should not be able to perform any domain name lookups from the Internet. Which of the following ports should she disable on the firewall for that VPC?
b. 53
Ellaria is analyzing the infrastructure that her organization uses and sees that the first rule of the firewall is as shown below. Which of the following is probably true? access-list 101 permit ip any any
c. Incorrect hardening settings
Davos has been reading about encryption recently. He begins to wonder how anything can be secure if everyone is using the same set of algorithms. After all, anyone using the same algorithm would be able to decrypt anything that had been encrypted using that algorithm. Which of the following helps make the data unusable by anyone else using that same encryption scheme without having this information?
c. Key
Cara works for a startup company that up until now has been running on a single virtual machine. The virtual machine is starting to see capacity issues and she is unable to provision more CPU and memory resources to satisfy its needs. Which of the following would allow her to expand the capacity of her company's web server?
c. Load balancer
Rick is planning a deployment of multiple virtual machines that need to have internal IP addresses. He is unsure which address ranges he can use. He knows there is a formal document that outlines the ranges that can be used for internal addresses. Which of the following options is that formalized set of specifications?
c. RFC 1918
Greta manages the on-premises networks for her company's Atlanta and Orlando offices. She hears about a technology that will allow her to connect certain network segments in Atlanta to their counterparts in Orlando by inserting the MAC address into layer 4 for UDP transport over the Internet. What is the technology that she has heard about that she should research more about in order to implement?
c. VXLAN
Negan has been given the 10.50.0.0/16 subnet to create the cloud infrastructure necessary for a new subsidiary that his company is creating, Zombies Inc. He wants to create a minimum of 500 smaller networks that can hold 100 servers each out of that space to minimize broadcast traffic within each subnet. Which of the following CIDR masks could he use to meet his requirements?
d. /25
Carol has created a subnet of 10.20.30.0/27. Which of the following is the address that is used for broadcast messages within the subnet?
d. 10.20.30.31
Clarke is trying to come up with a subnet mask so that three servers with the IP addresses 172.16.31.10, 172.16.30.15, and 172.16.31.206 are in the same network. Which of the following subnet masks will accommodate this requirement?
d. 255.255.254.0
Jenna's cloud service provider has just started supporting IPv6. She wants her web servers there to be accessible by both IPv4 and IPv6. Which of the following records should she add to the DNS configuration to ensure that IPv6 clients can access her company's website?
d. AAAA
Shae wants to implement antivirus in her cloud environments. Where should she look at installing this protection to be most effective?
d. All of the other options are correct
Bran has recently learned about the CIA triad. He knows that encryption is important to a variety of things within his organization's infrastructure. One of those is the ability to ensure that data being transmitted across the network cannot be modified undetected. Which of the following tenets of the CIA triad supports this idea?
d. Integrity
Ophelia wants to create a VPN that uses SSL or TLS for the encryption. Which of the following protocols should she choose?
d. OpenVPN
Brienne is trying to access one of her company's websites but gets an error message about not being able to trust the website. Which of the following has most likely occurred?
d. The site's certificate has expired
Isabel is troubleshooting a DNS issue on one of her Windows servers. Which of the following commands might let her look up the DNS records so she can track down where the problem might be?
d. nslookup
Adrienne wants to be able to analyze the traffic coming into a Linux server's network interface. Which of the following command line utilities will allow her to see this information?
d. tcpdump
Ursula is working on a Linux system and wants to determine which routers a packet will traverse when a packet is sent to a certain destination. Which of the following command line tools can she use to find that information?
d. traceroute
Wanda is trying to determine which routes packets are traveling over when accessing the company's chosen cloud service provider. Which of the following Windows tools can help her discover that information?
d. tracert
Tia has been analyzing the on-premises data center and determined that the data center can handle most of the traffic on a day-to-day basis. However, there are times when the bandwidth becomes saturated and she needs to find a solution to push the excess traffic out to virtual machines on a cloud service provider. Which of the following describes the technique she is looking to implement?
b. Cloudbursting
Haley does not want to manually assign IP addresses to clients on one of the network segments that she manages. Instead, she wants clients to obtain an IP address from a server that manages a pool of IP addresses. Which of the following technologies should she implement?
b. DHCP
Walder is reviewing the logs and sees a spike in overnight activity by one of the user accounts that he knows the employee left the organization over a month ago. Which of the following is most likely the cause of these logins?
b. Failure to properly deactivate accounts
Karen's manager knows that she is working on implementing a VPN connection between the company's on-premises data center and the cloud service provider her company uses. The manager approached her with a concern to make sure that she wasn't using an older data link layer protocol developed by Microsoft that is no longer considered secure. Which of the following was most likely the protocol that the manager was concerned about?
b. PPTP
Uma has been analyzing the performance and baselines from her virtual machines that are on a cloud service provider's platform. She sees that they do not appear to be performing up to the standards that her cloud service provider guarantees. Which of the following documents outlines the standards that they are guaranteeing?
b. SLA
Zoie is working on a Windows server that has two network interfaces. One is assigned an IP address by a DHCP server while the other is a static IP address. She wants to see what the current dynamic IP address is. Which of the following command line utilities can she use to view that information?
b. ipconfig
Jamie is head of security at his company and has gotten an alert from the monitoring system that the web servers are receiving a sudden spike in traffic from a number of foreign IP addresses. This is causing the website to run very slow or return errors to some users. Which of the following is most likely occurring?
c. DDoS attack
Petyr has been called into Fictional Corp to perform a security audit of their systems. One of the things that he notes on his report is that the sales department is using FTP to remotely upload scanned copies of physical order sheets from customers. Why is this an issue?
c. FTP is considered insecure.
Theon wants to transfer some files to one of the Linux servers that he manages. Which of the following would ensure that the transmissions are secure while not relying on SSL/TLS for the encryption?
c. SFTP
Meera notices someone entering a side door of her company's facility, but did not swipe a badge on the proximity badge reader before being able to open the door, even though there is a badge reader installed. Which of the following may have occurred?
c. Security device failure
Daisy is researching load balancing solutions to implement for a new application that she is tasked with designing and deploying the infrastructure for. One of the requirements is that a client should continue communicating with the same server for the duration of their web browsing session. Which of the following features should she look for in the load balancer?
c. Sticky sessions
Joffrey is about to deploy a new web server. He wants to ensure that when a user accesses the server, that their web browsing session is encrypted between the browser and the server. Which of the following should he use with the web server to provide this functionality?
c. TLS
Shelley wants to make sure that any protocols not using encryption are blocked at the firewall for one of her VPCs. Which of the following protocols should she ensure has a deny rule enabled for it?
c. Telnet
Octavia has set up a private cloud with a virtual machine at the IP address 172.19.101.5 and the subnet mask 255.255.255.192. She has been asked what the broadcast IP address is for the network. How should she respond?
d. 172.19.101.63
Gendry has been learning more about security within the cloud after hearing that it is a hot topic within the IT industry. He starts reading up on SHA-3 being used for hashing. Which of the following best describes SHA-3?
d. Cipher
Samwell wants to create a lightly protected subnet within the VNet that acts as a filter between the Internet and the other internal network resources. Which of the following describes the type of subnet that he is looking to deploy?
d. DMZ
Enid is implementing new systems on a cloud service provider and needs to ensure that the finance systems and HR systems cannot communicate with each other without going through a virtual router. Which of the following should she implement?
d. Different subnets for each department
Angela has decided upon a multi-cloud deployment so that the company can continue to operate even if one of the cloud service providers experiences an outage. Which of the following explains the factor that was important to Angela in choosing this structure?
d. Disaster recovery
Myrcella has been hired to perform an audit of a security incident where a large corporation was using an open-source application that they had deployed to a cloud service provider. The application was used to manage the many people whose information it tracked and included a lot of identifying information about them that could be used in identity fraud. Unfortunately, the person that installed the application never removed the default administrative account that was still using the default password. Which of the following describes this scenario?
d. Incorrect hardening settings
Emily has just migrated the email from the company's on-premises data center to a cloud service provider. She has modified the appropriate A records, but e-mail isn't being delivered to the new servers. Which of the following records does she still need to modify?
d. MX
Jadis has just created a new Linux server on the cloud service provider that her company uses. She attempts to SSH into it and it immediately fails. Which of the following steps might she have forgotten to do?
d. Open port 22 on the virtual firewall
Marissa is wanting to implement a VPN at her company, but knows that some of the places the users need to connect from have issues with IPsec being used through the firewall. Which of the following protocols should she choose?
d. OpenVPN
Euron has received several complaints that none of the users can access the company's resources that are hosted on a cloud service provider. The company has a piece of hardware installed that provides a VPN tunnel to the CSP. Upon entering the data center, he sees that all of the lights are off on the device. He unplugs it and plugs it back in and does not see any changes. Which of the following has most likely occurred?
d. Security device failure
Jasper was given the IP address of 10.17.101.120/15 for the virtual machine he is to create along with the default gateway of 10.0.0.1. He enters the IP address correctly along with the subnet mask 255.254.0.0. However, the virtual machine doesn't appear to be able to communicate with the Internet when he tries to ping a popular domain name. Which of the following might be the reason why?
d. The default gateway is incorrect.