Exam 2

Ace your homework & exams now with Quizwiz!

Haley configures a website using Windows Server 2016 default values. What are the HTTP port and SSL port settings? •440 for HTTP; 160 for SSL •80 for HTTP; 443 for SSL •443 for HTTP; 80 for SSL •160 for HTTP; 440 for SSL

80 for HTTP; 443 for SSL

Which of the following are typical components of a NAS device? (Select two.) A minimal network OS A dedicated network One or more NICs Initiator server An FC switch

A minimal network OS One or more NICs

You connect your computer to a wireless network available at the local library. You find that you can access all the websites you want on the internet except for two. What might be causing the problem? •A proxy server is blocking access to the websites. •A firewall is blocking ports 80 and 443. •The router has not been configured to perform port forwarding. •Port triggering is redirecting traffic to the wrong IP address.

A proxy server is blocking access to the websites.

An all-in-one security appliance is best suited for which type of implementation?

A remote office with no on-site technician.

Which of the following protocols is an open source protocol used by most manufacturers of VoIP systems? User datagram protocol (UDP) Session initiation protocol (SIP) Stream control transmission protocol (SCTP) Transmission control protocol (TCP)

Session initiation protocol (SIP)

You are monitoring network traffic on your network, and you see traffic between two network hosts on port 1720. What is the source of this network traffic? •Someone is downloading files from a server using the FTP protocol. •A workstation is using the DNS protocol to send a name resolution request to a DNS server. •A man-in-the-middle attack is in progress. •Someone is using voice over IP (VoIP) to make a telephone call.

Someone is using voice over IP (VoIP) to make a telephone call.

You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply.) •Checksum •Source address of a packet •Digital signature •Acknowledgement number •Sequence number •Port number •Destination address of a packet

Source address of a packet Port number Destination address of a packet

Which of the following features are common functions of an all-in-one security appliance?

Spam filtering Bandwidth shaping

Which of the following are characteristics of a circuit-level gateway? (Select two.) •Filters by session •Stateful •Stateless •Filters IP addresses, but not ports •Filters by URL

Stateful Filters by session.

You have just connected a new computer to your network. The network uses static IP addressing. You find that the computer can communicate with host on the same subnet, but not with hosts on a different subnet. No other computers are having a problem. Which of the configuration values would you most likely need to change? IP address Subnet mask Default gateway DNS server

Default gateway

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. There is no default route configured on the router. The router receives a packet addressed to network 10.1.0.0/16. What will the router do with the packet?

Drop the packet

You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connections to internal hosts. What type of network address translation (NAT) should you implement? Dynamic Static Restricted Shared

Dynamic

Which of the following routing protocols is classified as a hybrid routing protocol? IS-IS OSPF EIGRP RIP

EIGRP

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The router is also configured with a static route of 0.0.0.0 with a mask of 0.0.0.0. The router receives a packet addressed to network 10.1.0.0/16. What will the router do with the packet?

Forward the packet to the next hop router specified by the route to network 0.0.0.0

Which of the following are true about reverse proxy? (Select two.) •Handles requests from the internet to a server in a private network. •Can perform load balancing, authentication, and caching. •Handles requests from inside a private network out to the internet. •Clients always know they are using reverse proxy. •Sits between a client computer and the internet.

Handles requests from the internet to a server in a private network. Can perform load balancing, authentication, and caching.

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? •Host-based firewall •Network-based firewall •Proxy server •VPN concentrator

Host-based firewall.

You have a private network connected to the internet. Your routers will not share routing information about your private network with internet routers. Which of the following best describes the type of routing protocol you would use? BGP IGP Static Link state Distance vector Dynamic

IGP

You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? •Session ID •IP address •Username and password •MAC address

IP address

What are other names for a VoIP server? (Select two.) Jitter Hard phone IP-PBX VoIP PBX QoS

IP-PBX VoIP PBX

Under which of the following circumstances might you implement BGP on your company network and share routes with Internet routers? If the network has over 15 areas and uses IPv6. If the network has over 15 hops. If the network is connected to the Internet using multiple ISPs. If the network is connected to the Internet using public addressing.

If the network is connected to the Internet using multiple ISPs.

You would like to control internet access based on users, time of day, and websites visited. How can you do this? •Configure internet zones using Internet Options. •Configure the Local Security Policy of each system to add internet restrictions. •Enable Windows Firewall on each system. Add or remove exceptions to control access. •Install a proxy server. Allow internet access only through the proxy server. •Configure a packet filtering firewall. Add rules to allow or deny internet access.

Install a proxy server. Allow internet access only through the proxy server.

Transparent Firewalls OSI Layer

Layer 2

Router Firewalls OSI Layer

Layer 3

packet-filtering firewall OSI Layer

Layer 3

Circuit-level proxy OSI Layer

Layer 5

Application-Level Gateways OSI Layer

Layer 7

You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) •Put the web server inside the DMZ. •Put the web server on the private network. •Put the database server inside the DMZ. •Put the database server on the private network.

•Put the web server inside the DMZ. •Put the database server on the private network.

You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply.) •Acknowledgement number •Checksum •Sequence number •Source address of a packet •Port number •Destination address of a packet •Digital signature

•Source address of a packet •Port number •Destination address of a packet

In which of the following situations would you most likely implement a demilitarized zone (DMZ)? •You want to encrypt data sent between two hosts using the internet. •You want to detect and respond to attacks in real time. •You want to protect a public web server from attack. •You want internet users to see a single IP address when accessing your company network.

•You want to protect a public web server from attack.

You have a computer that is connected to the internet through a NAT router. You want to use a private addressing scheme for your computer. Which of the following IP addresses could you assign to the computer? (Select all that apply.) 10.0.12.15 192.168.12.253 32.188.99.10 127.0.0.1 240.12.188.1 224.15.166.12 172.18.188.67

10.0.12.15 192.168.12.253 172.18.188.67

You have recently installed a new Windows Server 2016 system. To ensure the accuracy of the system time, you have loaded an application that synchronizes the hardware clock on the server with an external time source on the internet. Now, you must configure the firewall on your network to allow time synchronization traffic through. Which of the following ports are you most likely to open on the firewall? •80 •123 •119 •110

123

Which of the following IP addresses is a valid IP address for a host on a public network? 10.3.125.2 142.15.6.1 192.168.16.45 172.16.254.12

142.15.6.1

Which of the following is not one of the ranges of IP addresses defined in RFC 1918 that are commonly used behind a NAT server? 192.168.0.1 - 192.168.255.254 172.16.0.1 - 172.31.255.254 10.0.0.1 - 10.255.255.254 169.254.0.1 - 169.254.255.254

169.254.0.1 - 169.254.255.254

You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable? •443 •42 •80 •21 •53

53

Which of the following is a characteristic of static routing when compared to dynamic routing?

All routes must be manually updated on the router

Which of the following routing protocols is used by routers on the internet for learning and sharing routes? RIP EIGRP IS-IS OSPF BGP

BGP

Which of the following routing protocols uses paths, rules, and policies instead of a metric for making routing decisions? RIP EIGRP BGP IS-IS OSPF

BGP

You have a network configured to use the OSPF routing protocol. Which of the following describes the state when all OSPF routers have learned about all other routes in the network? VLSM Link state Classful Convergence Distance vector

Convergence

Which of the following does not accurately describe an iSCSI SAN? Needs dedicated Ethernet cabling. Can be implemented on a standard production network with other network traffic. Uses port 3260 by default. Can authenticate connections and encrypt data transmissions.

Can be implemented on a standard production network with other network traffic.

When designing a firewall, what is the recommended approach for opening and closing ports? •Close all ports. •Open all ports; close ports that expose common network attacks. •Close all ports; open ports 20, 21, 53, 80, and 443. •Close all ports; open only ports required by applications inside the DMZ. •Open all ports; close ports that show improper traffic or attacks in progress.

Close all ports; open only ports required by applications inside the DMZ

You recently installed a new all-in-one security appliance in a remote office. You are in the process of configuring the device. You need to: *Increase the security of the device *Enable remote management from the main office *Allow users to be managed through Active Directory You want to configure the device so you can access it from the main office. You also want to make sure the device is as secure as possible. Which of the following tasks should you carry out?

Configure the device's authentication type to use Active Directory Change the default username and password

You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? •Username and password •Session ID •MAC address •IP address

•IP address

What is one benefit of placing VoIP gateways in geographically separated branch offices that have an existing WAN connection? Long-distance PSTN charges can be reduced by switching VoIP calls to the PSTN in locations where only local call charges would be incurred. Data can be transported between VoIP gateways over the PSTN instead of via the expensive WAN. VoIP gateways can aggregate multiple VoIP calls for more efficient transmission to the home office. Less costly VoIP gateways can be used in place of expensive routers and modems to provide WAN connectivity.

Long-distance PSTN charges can be reduced by switching VoIP calls to the PSTN in locations where only local call charges would be incurred.

When multiple routes to a destination exist, what is used to select the best possible route?

Metric

You manage a network with multiple subnets connected to the internet. A user reports that she can't access the internet. You investigate the problem and find that she can access all hosts on the private network, but no hosts on the internet. Which of the following is likely the cause of the problem? Switching loop on the user's subnet Incorrect default gateway setting on the computer Duplex mismatch between a switch and a router Missing default route on a router

Missing default route on a router

You manage a network with multiple subnets connected to the internet. A user reports that she can't access the new server used in the accounting department. You check the problem and find out that her computer cannot access any server on that subnet. However, the computer does access other computers on other subnets as well as the internet. Which of the following is most likely the cause of the problem? Missing route on the default gateway router Incorrect VLAN membership of the accounting server Incorrect default gateway setting on the computer Switching loop on the user's subnet

Missing route on the default gateway router

You manage a network with three dedicated storage devices, as shown in the diagram. Users on the network see only a single file server. Which network-based storage technology is being used? NAS with clustering iSCSI SAN with clustering NAS Fibre channel SAN

NAS with clustering

Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ? •VPN concentrator •Network-based firewall •IDS •Host-based firewall •IPS

Network-based firewall

Match the firewall type on the left with its associated characteristics on the right. Each firewall type may be used once, more than once, or not at all.

None

Match the firewall type on the right with the OSI layer at which it operates. Each OSI Layer may be used once, more than once, or not at all.

None

Which of the following routing protocols divides the network into areas, with all networks required to have an area 0 (area 0 identifying the backbone area)? OSPF EIGRP RIP IS-IS

OSPF

Which of the following routing protocols uses relative link cost as the metric? BGP EIGRP OSPF RIP

OSPF

Which of the following best describes OSPF? OSPF is a classful distance vector routing protocol. OSPF is a classless distance vector routing protocol. OSPF is a classless link state routing protocol. OSPF is a classful link state routing protocol.

OSPF is a classless link state routing protocol.

What are the main differences between the OSPF and IS-IS routing protocols? OSPF requires an area 0, while IS-IS does not. OSPF is a classful protocol, while IS-IS is a classless protocol. OSPF is a link state protocol, while IS-IS is not. OSPF is an IGP routing protocol, while IS-IS is a BGP routing protocol.

OSPF requires an area 0, while IS-IS does not.

You work for a large multinational organization that has an extensive global network that is interconnected using WAN links and routers. Lately, users in one location have complained that they are unable to access resources stored on a server named FS23 in a South American branch office. To troubleshoot the issue, you have done the following: • Verified that the server is up and running. • Verified that the various routers in between the two locations are up and running. You suspect that perhaps one of the routers between the two locations may be dropping packets. To test this theory, you enter the ping FS23 -f -l 1500 command on your workstation. The ping command returns the following command for each ping packet sent: "Packet needs to be fragmented but DF set" What does this mean? Collisions are occurring on the network. Communications are functioning normally between your workstation and the target server. One of the intermediate routers is an MTU black hole One of the intermediate routers is offline. The destination host is down.

One of the intermediate routers is an MTU black hole.

Which of the following associates a port number with a host on a private network? VLSM PAT NAT CIDR

PAT

Which of the following is a firewall function? •Packet filtering •FTP hosting •Encrypting •Frame filtering •Protocol conversion

Packet filtering

After blocking a number of ports to secure your server, you are unable to send email. To allow email service, which of the following needs to be done? •Open port 25 to allow SMTP service. •Open port 80 to allow SNMP service. •Open port 110 to allow SMTP service. •Open port 25 to allow SNMP service. •Open port 80 to allow SMTP service. •Open port 110 to allow POP3 service.

•Open port 25 to allow SMTP service.

Which of the following techniques allows incoming traffic addressed to a specific port to move through a NAT router and be forwarded to a specific host? Port address translation Spanning tree protocol EIGRP Port forwarding

Port forwarding

You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. All computers on your home network can connect to the internet. From your work office, you try to access your home computer using its IP address, but are unable to communicate with the server. You are able to connect to other hosts on the internet. Why can't you access the server? The server must have an entry on a DNS server that exists on the internet. The server has been assigned a multicast address. Private addresses are not accessible through the internet. The server isn't using the default subnet mask.

Private addresses are not accessible through the internet.

Your computer has an IP address of 161.13.5.15. Your computer is on a: Multi-cast network Public network Private network Class C network

Public Network

How can QoS be configured so that large data transfers will not block VoIP calls by using too much network bandwidth? QoS can be configured on network devices to only allow network protocols that throttle network bandwidth usage. QoS can be configured on network devices to set a bandwidth threshold on selected ports. QoS can be configured on network devices to limit the size of a file that can be transferred on the network. QoS can be configured on network devices to give priority to VoIP traffic.

QoS can be configured on network devices to give priority to VoIP traffic.

Which of the following protocols has a limit of 15 hops between any two networks? OSPF BGP IS-IS RIP EIGRP

RIP

Which of the following statements about RIP is true? RIP is suitable for large networks. RIP is the routing protocol used on the internet. RIP uses hop counts as the cost metric. RIP is a link state routing protocol.

RIP uses hop counts as the cost metric.

Based on the diagram, which type of proxy server is handling the client's request? •Circuit-level proxy server •Forward proxy server •Reverse proxy server •Open proxy server

Reverse proxy server.

Which of the following tasks do routers perform? (Select two.)

Route data based on logical network addresses. Maintain information about paths through an internetwork.

Counts as a hop in the path between hosts.

Routed firewall

Each interface connects to a different network.

Routed firewall

Operates at Layer 3.

Routed firewall

You are the network administrator for a small company that implements NAT to access the internet. You recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these five servers? Dynamic Restricted Static Overloading

Static

You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow access? Dynamic NAT DNS CNAME record Static NAT DNS A record Multicast

Static NAT

Install two Fiber Channel host bus adapters in each server that will access the shared storage on the SAN.

Step 1

Deploy two FC switches.

Step 2

Using fiber optic cables, connect each server to each FC switch by connecting one FC HBA to one FC switch and the other FC HBA to the other FC switch.

Step 3

Deploy the shared storage devices, such as an external RAID device containing multiple hard disk drives and two FC HBAs.

Step 4

Using fiber optic cables, connect each storage device to each FC switch by connecting one FC HBA to one FC switch and the other FC HBA to the other FC switch.

Step 5

You administer a web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the website as follows: • IP address: 192.168.23.8 • HTTP Port: 1030 • SSL Port: 443 Users complain that they can't connect to the website when they type www.westsim.com. What is the most likely source of the problem? •The HTTP port should be changed to 80. •FTP is not configured on the server. •Clients are configured to look for the wrong IP address. •SSL is blocking internet traffic.

The HTTP port should be changed to 80.

You are monitoring network traffic on your network, and you see traffic between two network hosts on port 2427. Which kind of network traffic uses this port? •The MGCP protocol is generating traffic, which VoIP uses to send voice data over a network. •A ping of death attack on a network host is in progress. •Someone is remotely accessing another system using the SSH protocol. •A workstation is using the DHCP protocol to request an IP address from a DHCP server.

The MGCP protocol is generating traffic, which VoIP uses to send voice data over a network.

What information does the next hop entry in a routing table identify?

The first router in the path to the destination network

Upper management has asked you if there is a way to integrate phone calls, emails, and instant messaging into a single platform. Which of the following systems should you recommend? PSTN Quality of service Voice over IP Unified communication

Unified communication

Which of the following are true of a circuit proxy filter firewall? (Select two.) •Operates at the Application layer. •Operates at the Network and Transport layers. •Examines the entire message contents. •Verifies sequencing of session packets. •Operates at ring 0 of the operating system. •Operates at the Session layer.

Verifies sequencing of session packets. Operates at the Session layer.

Does not count as a hop in the path between hosts.

Virtual firewall

Each interface connects to the same network segment.

Virtual firewall

Operates at Layer 2

Virtual firewall

Which VoIP device helps establish the connection between two VoIP phones? VoIP codec VoIP endpoint VoIP server VoIP gateway

VoIP server

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The next hop router for network 192.168.3.0 has changed. You need to make the change with the least amount of effort possible. What should you do? Wait for convergence to take place. Stop and restart the RIP protocol on the router. Force RIP to perform an immediate update. Manually reconfigure the default route to point to the new next hop router.

Wait for convergence to take place.

You are configuring a firewall to allow access to a server hosted on the demilitarized zone of your network. You open TCP/IP ports 80, 25, 110, and 143. Assuming that no other ports on the firewall need to be configured to provide access, which applications are most likely to be hosted on the server? •Web server, DNS server, and DHCP server •Web server, DNS server, and email server •Email server, Newsgroup server, and DNS server •Web server and email server

Web server and email server

When would you consider changing the codec used in your VoIP system? (Select two.) When excessive jitter causes unusual sound effects in VoIP calls. When VoIP data consumes too large a portion of your network bandwidth. When network latency causes callers to talk over each other. When sound quality is poor. When an open source VoIP protocol requires a different codec.

When VoIP data consumes too large a portion of your network bandwidth. When sound quality is poor.

You are in the process of configuring an iSCSI storage area network (SAN) for your network. You want to configure a Windows Server 2016 system to connect to an iSCSI target defined on a different server system. You also need to define iSCSI security settings, including CHAP and IPsec. Which tool should you use? iSCSI under File and Storage Services in Server Manager iSCSI Initiator Multipath I/O Internet Storage Name Service

iSCSI Initiator

In a SAN implementation, the servers that connect to shared storage devices are called __________.

initiators

Arrange the Fibre Channel (FC) SAN implementation tasks in the order they should be performed to build a redundant FC SAN.

na

Which of the following utilities would you use to view the routing table? traceroute tracert mtr dig route

route

Which of the following commands would display the output shown here? route print ifconfig mtr host

route print

Examine the following output: 4 22 ms 21 ms 22 ms sttlwa01gr02.bb.ispxy.com [154.11.10.62] 5 39 ms 39 ms 65 ms plalca01gr00.bb.ispxy.com [154.11.12.11] 6 39 ms 39 ms 39 ms Rwest.plalca01gr00.bb.ispxy.com [154.11.3.14] 7 40 ms 39 ms 46 ms svl-core-03.inet.ispxy.net [205.171.205.29] 8 75 ms 117 ms 63 ms dia-core-01.inet.ispxy.net [205.171.142.1] Which of these commands produced this output? tracert nslookup pingroute ping

tracert

What TCP/IP utility can you use to see if a router is working properly? nbtstat netstat tracert nslookup

tracert

Which TCP/IP utility gives you the following output? nslookup ifconfig ipconfig tracert

tracert

Which of the following describes how access lists can be used to improve network security? •An access list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. •An access list filters traffic based on the frame header such as source or destination MAC address. •An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers. •An access list identifies traffic that must use authentication or encryption.

•An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.

In the output of the netstat command, you notice that a remote system has made a connection to your Windows Server 2016 system using TCP/IP port 21. Which of the following actions is the remote system most likely performing? •Downloading a file •Downloading a web page •Performing a name resolution request •Downloading email

•Downloading a file

You want to allow users to download files from a server running the TCP/IP protocol. You want to require user authentication to gain access to specific directories on the server. Which TCP/IP protocol should you implement to provide this capability? •HTML •IP •FTP •HTTP •TFTP •TCP

•FTP

Which of the following is likely to be located in a DMZ? •FTP server •User workstations •Domain controller •Backup server

•FTP server


Related study sets

Sensation and Perception- TEST ONE

View Set

Biology IGCSE syllabus chapter 8

View Set

Nursing Informatics Chapters 21&22

View Set

Chapter 12: introduction to analysis of variance

View Set

International Business: Unit 2 Exam

View Set