Mod 12 | NETI 104 | Q & A
What are the 4 categories disaster recovery contingencies are divided into?
1. Cold site 2. Warm site 3. Hot site 4. Cloud site (recent addition)
A disaster recovery plan should include the following 5 features.
1. Contact names and phone numbers for emergency coordinators 2. Details on which data and servers are being backed up, how frequently backups occur, where onsite and offsite backups are kept, and (most importantly) how backed-up data can be recovered in full. 3. Details on network topology, redundancy, and agreements with national service carriers. 4. Regular strategies for testing the disaster recovery plan. 5. A plan for managing the crisis.
When creating a backup system, what 6 things should you keep in mind?
1. Decide what to back up. 2. Select backup methods. (consider cloud backups). 3. Decide what type of backups will be made regularly. 4. Decide how often backups are needed. 5. Develop a backup schedule. 6. Regularly verify backups are being performed.
The Syslog standard defines what 2 roles for devices participating in logging events?
1. Generator 2. Collector
What are the 5 key SNMP messages used to communicate between the NMS and managed devices?
1. Get Request 2. Get Response 3. Get Next 4. Walk 5. Trap
What are the 4 Closed-Loop Congestion Control policies?
1. Implicit signaling 2. Explicit signaling 3. Choke packet 4. Backpressure
What are the 2 main categories of UPSs?
1. Online 2. Standby
List the six-stage process in preparing before an incident occurs.
1. Preparation 2. Detection and identification 3. Containment 4. Remediation 5. Recovery 6. Review Preparation: The response team brainstorms possible incidents and plans procedures for handling them. Detection and identification: Because security and environmental alarm systems can detect incidents of all kinds, staff not directly involved with incident response planning are educated about what qualifies as an incident and what to do if they notice a potential problem. Containment: The team works to limit the damage. Remediation: The team finds what caused the problem and begins to resolve it so no further damage occurs. Recovery: Operations return to normal as affected systems are repaired and put back in operation. Review: The team determines what can be learned from the incident and uses this information to make adjustments in preparation for and perhaps prevention of future threats.
Several types of traffic prioritization exist where more important traffic is treated preferentially. Software running on a router, multilayer switch, gateway, server, or even a client workstation can act as a traffic shaper by prioritizing traffic according to any of the following 6 characteristics:
1. Protocol 2. IP address 3. User group 4. Differentiated Services (DiffServ) flag in an IP packet 5. VLAN tag in a data link layer frame 6. Service or application
What are the 6 safeguard steps to take in waiting for a first responder to take over the collection of evidence?
1. Secure the area 2. Document the scene 3. Monitor the evidence and data collection 4. Protect the chain of custody 5. Monitor transport of data and equipment 6. Create a report
All network monitoring tools can perform the following functions:
1. Set the NIC to run in promiscuous modes to it will pass al traffic it receives to the monitoring software. 2. Continuously monitor network traffic on a segment. 3. Capture network data transmitted on a segment. 4. Capture frames sent to or from a specific node. 5. Reproduce network conditions by transmitting a selected amount and type of data. 6. Generate statistics about network activity.
What 2 categories are Uninterruptible Power Supplies (UPS) classified in?
1. Standby UPS, or Standby Power Supply (SPS) 2. Online UPS
What are the primary data link layer flow control methods?
1. Stop-and-wait method 2. Go-back-n sliding window method 3. Selective repeat sliding window method
What are some device availability and performance metrics?
CPU Memory usage Temperature Network connection speed
Which of the following backups is managed by third-party vendors? a. Incremental backup b. Differential backup c. Full backup d. Cloud backup
D | Cloud backup Cloud backups are more expensive and reliable than other methods. This is where third-party vendors manage the backup hardware and software.
Your roommate has been hogging the bandwidth on your router lately. What feature should you configure on the router to limit the amount of bandwidth his computer can utilize at any one time? a. Power management b. Congestion control c. Flow control d. Traffic shaping
D | Traffic Shaping Traffic shaping can be used to limit the volume of traffic flowing into or out of an interface. Power management is used to ensure clean and reliable power is provided to network devices. Congestion control is used to adjust the way network devices respond to indications of network performance issues caused by traffic congestion so they don't make the problem worse. Flow control is used to balance permitted traffic volume with a device's capability of handling that traffic.
Which of the following is not defined by syslog? a. Message transmission b. Message format c. Message handling d. Message security
D. Message security Explanation: The syslog standard addresses three primary components, including event message format, event message transmission, and event message handling. Syslog does not define or require message security.
Which is the most secure version of SNMP?
SNMPv3
What should be combined with a generator to provide clean power?
Uninterruptible Power Supply (UPS)
What normally causes jabber?
1. A bad NIC. 2. Outside electrical interference.
What 4 things should you consider when purchasing a UPS for your network?
1. Amount of power needed. 2. Req'd time to keep a device running 3. Line conditioning 4. Cost
What are the 2 traffic shaping goals?
1. Assure timely delivery of most important traffic. 2. Offer best possible performance for all users.
What can cause a discarded packet?
1. Buffer overflow. 2. Latency. 3. Bottlenecks.
Traffic shaping can involve any of the following 4 things:
1. Delaying less-important traffic, which is called buffering. 2. Increasing the priority of more-important traffic. 3. Limiting the volume of traffic flowing into or out of an interface during a specified time period. 4. Limiting the momentary throughput rate for an interface.
What are 6 common network performance key performance indicators (KPIs)?
1. Device availability and performance 2. Interface statistics 3. Utilization 4. Error Rate 5. Packet drops 6. Jitter
What are the 4 suggested team roles for a response team?
1. Dispatcher 2. Technical support specialist 3. Manager 4. Public relations specialist
Which backup site includes a running server that does not have access to the latest backups? a. Warm site b. Cold site c. Hot site d. On Site
A | Explanation: At a warm site, you might have server duplicates configured, updated, and connected, but backed up data is applied only at regular intervals to reduce costs. At a cold site, devices aren't necessarily configured or connected. At a hot site, servers are constantly mirrored so they have access to the latest data. On site refers to the location of resources.
Which of the following monitors traffic at a specific interface between a server or client and the network? a. Protocol analyzer b. Reporting c. Networking d. Port mirroring
A | Protocol analyzer
Which of the following would an environmental system not track? a. Liquid detection b. User authentication c. Data room lights d. UPS voltage
B. User authentication Explanation: Monitoring sensors can detect liquid such as when water floods a room, identify if a room's lights are on, and monitor voltage from a UPS. However, an environmental monitoring system would not be responsible for tracking user authentication to the network.
What are the 3 primary components the Syslog standard addresses?
1. Event message format. 2. Event message transmission. 3. Event message handling.
What 2 types of forwarding does DiffServ define?
1. Expedited Forwarding (EF) 2. Assure Forwarding (AF)
What are 3 bandwidth management technologies?
1. Flow Control 2. Congestion Control 3. Quality of Service (QoS)
When designing contingency plans and choosing backup options, what 2 factors will affect your decisions?
1. Recovery Time Objective (RTO) 2. Recovery Point Objective (RPO)
What are the 5 Open-Loop Congestion Control policies?
1. Retransmission policy 2. Windows policy 3. Acknowledgement policy 4. Discarding policy 5. Admission policy
What's the difference between a Power Distribution Unit (PDU) and a Uninterruptable Power Supply (UPS)?
A PDU distributes power while a UPS stores power and serves as a backup power source.
When you arrive at work one morning, your inbox is full of messages complaining of a network slowdown. You collect a capture from your network monitor. What documentation can help you determine what has changed?
A baseline document.
What's the difference between an incident and a disaster?
A disaster is an extreme type of incident.
What is the primary challenge in properly configuring NetFlow?
A significant challenge with NetFlow is determining the optimal balance between tracking all traffic and tracking enough traffic to sufficiently observe network behavior.
Which of the following occurs when there is fluctuation in voltage levels caused by other devices on the network or EMI? a. Noise b. Brownout c. Blackout d. Surge
A | Noise Noise occurs when there is fluctuation in voltage levels caused by other devices on the network or EMI. Some noise is unavoidable on an electrical circuit, but excessive noise can cause a power supply to malfunction, immediately corrupting application or data files and gradually damaging motherboards and other computer circuits.
Which power backup method will continually provide power to a server if the power goes out during a thunderstorm? a. Online UPS b. Generator c. Dual power supplies d. Standby UPS
A | Online UPS Explanation: An online UPS uses the AC power from the wall outlet to continuously charge its battery while providing power to a network device through its battery. A generator serves as a backup power source for many devices, providing power redundancy in the event of a total blackout. Dual power supplies in a server provides at least one backup in case a power supply fails. A standby UPS doesn't provide perfectly continuous power—in the brief amount of time it takes the UPS to discover that power from the wall outlet has faltered, a device may have already detected the power loss and shut down or restarted.
You are hired as a network administrator to monitor the organization's network status on an ongoing basis to make changes to meet the needs of your network's users. One feedback that you have received from the network engineer of the firm is that there is a lot of delay in network communications because some of the devices used in the network are resending transmissions. Which of the following KPIs will help you in getting a better understanding of the situation? a. Packet drops b. Error rate c. Utilization d. Jitter
A | Packet drops Packets that are damaged beyond use, arrive after their expiration, or are not allowed through an interface are dropped. Packet drops result in delayed network communications while devices wait for responses or resend transmissions.
Which of the following would be assigned an Object Identifier (OID)? a. A NMS server b. A switch's interface c. A web server d. A UDP port
B. A switch's interface Explanation: A device, such as a web server, can be managed by an NMS server, typically using UDP ports 161 and 162. Each managed device may contain several managed objects, which can be any characteristic of the device that is monitored, including components such as a switch's interface, processor temperature, or memory utilization. Each managed object is assigned an OID (object identifier).
Which type of disaster recovery site contains all the equipment you would need to get up and running again after a disaster, and yet would require several weeks to implement? a. Warm site b. Standby site c. Hot site d. Cold site
D | Cold Site Explanation: A cold site contains computers, devices, and connectivity necessary to rebuild a network exist, but they are not appropriately configured, updated, or connected. Therefore, restoring functionality from a cold site could take weeks. Recovery using a warm site can take hours or days, compared with the weeks a cold site might require. In a hot site contingency plan, both locations would also contain identical connectivity devices and configurations, and thus be able to stand in for the other at a moment's notice. A standby site is not a legitimate option.
Which power device prevents a critical server from losing power, even for an instant? a. Surge protector b. Generator c. PDU d. UPS
D | UPS Explanation: Because the server never needs to switch from the wall outlet's power to the UPS's (uninterruptible power supply) power, there is no risk of briefly losing service. A surge protector redirects excess voltage away from the device to a ground, thereby protecting the device from harm. A generator serves as a backup power source for many devices, providing power redundancy in the event of a total blackout. A PDU (power distribution unit) acts as a power strip to bring power from outlets, a generator, or a UPS closer to the devices on the rack.
What port is used to send messages from the manager to the installed agents?
Port 161
What port is used to send messages from the installed agents to the manager?
Port 162
What port are syslog event messages transported across the network?
Port 514
What port are syslog event messages secured by TLS transported across the network?
Port 6514
What Transmission Control Protocol (TCP) ports does Simple Network Management Protocol (SNMP) run over?
Ports 10161 and 10162
What User Datagram Protocol (UDP) ports does Simple Network Management Protocol (SNMP) run over?
Ports 161 and 162.
Which congestion control techniques help to prevent network congestion?
Retransmission policy, window policy, acknowledgment policy, discarding policy, and admission policy
JV Steels has established its manufacturing plant in Alabama. Reports of a huge thunderstorm have surfaced in the media. As a network analyst at JV Steels, what kind of a power flaw should you be prepared for? Blackout Noise Brownout Surge
Surge Surge is a momentary increase in voltage due to lightning strikes, solar flares, or electrical problems. It might last only a few thousandths of a second, but it can degrade a computer's power supply.
Which backup type, if performed daily, would offer the lowest Recovery Time Objective (RTO) and why?
While unreasonable in reality, a full backup created every day would offer the lowest Recovery Time Objective (RTO) because it contains all backed up data together in one place.
Which bandwidth management technique limits traffic specifically between a single sender and a single receiver? a. Congestion control b. Traffic shaping c. Quality of Service (QoS) d. Flow control
d. Flow control Explanation: Flow control addresses the number of frames that can be handled from end-to-end between a single sender and a single receiver. Congestion control addresses traffic throughout the network. QoS (Quality of Service) techniques allow for more nuanced control of what happens to the traffic once it's on the network. Traffic shaping is a QoS technique.
Which log type would most likely be used first to investigate the cause of high numbers of dropped packets? a. Traffic log b. System log c. Jitter log d. Audit log
A. Traffic log Explanation: Historical traffic logs can be used to investigate security breaches, confirm regulatory compliance, and investigate network performance issues. A system log tracks information on a single device and will not be helpful until you know which device(s) to check. The data in an audit log is thorough enough to retroactively prove compliance and is often used in forensics investigations; due to the level of detail included, an audit log is not likely the best place to start investigating a network problem. There's no such thing as a jitter log.
Which log type is used to prove who did what and when? a. Traffic log b. Audit log c. System log d. Syslog
B | Audit Log Explanation: The data in audit logs is consistent and thorough enough to retroactively prove compliance and also to defensibly prove user actions. Historical traffic logs are primarily used to investigate network performance issues. Syslog is a standard for generating, storing, and processing messages about events on many networked systems. Computers running Linux and UNIX record syslog data in a system log, found in the /var/log directory.
Which data link layer flow control method offers the most efficient frame transmission when sending large volumes of data? a. Go-back-n sliding window b. Choke packet c. Selective repeat sliding window d. Stop-and-wait
C | Selective repeat sliding window Explanation: With the selective repeat sliding window method, the sender continues sending additional frames as long as space is available in the window for new frames. This is a more efficient approach because later frames don't have to wait for as many earlier frames to be acknowledged. The stop-and-wait method is very slow because only one frame can be sent at a time. With the go-back-n sliding window method, the sender can transmit multiple frames at one time. However, if an acknowledgment is missing, the sender retransmits all three frames, even if only one frame was lost. A router experiencing congestion creates and sends a choke packet to the traffic source, informing it of the congestion so the sender can reduce its rate of transmission.
Nathan, a network engineer, has been contracted by a company to fix an error that has led to an increase in network latency during conference calls with various clients. Analyze the way to correctly diagnose this issue. a. By checking the interface statistics of the network b. By checking if the network is operating at maximum capacity c. By calculating the error rate d. By checking if the connection has any jitter
D | By checking if the connection has any jitter All packets experience some latency. When successive packets experience varying amounts of latency, resulting in their arriving out of order, the user experience is degraded. This is called jitter, a problem that can be addressed through traffic management techniques.
Which flow control method resends a lost frame along with all frames sent with it? a. Selective repeat sliding window b. Stop-and-wait c. Go-back-n sliding window d. Backpressure
Explanation: With the go-back-n sliding window flow control method, the sender retransmits all frames in the window, even if only one frame was lost. With the stop-and-wait method, only one frame is sent at a time. With the selective repeat sliding window method, only the lost frame is resent while successive frames continue to be sent. Backpressure is a congestion control technique.
Why might you want to install two power supplies in a critical server?
If one power supply fails, the other can take over.
What OSI Layer do network management agents operate at?
Layer 7 - Application
What can cause an interface reset?
Misconfiguration of the interface.
One of your coworkers downloaded several, very large video files for a special project she's working on for a new client. When you run your network monitor later this afternoon, what list will your coworker's computer likely show up on? a. Top talkers b. Top listeners c. Giants d. Jabbers
B | Top listeners Explanation: Top listeners are hosts that receive an inordinate amount of data. Top talkers are hosts that send an inordinate amount of data. Giants are packets that exceed the medium's maximum packet size. A jabber is a device that handles electrical signals improperly.
Which QoS technique operates at layer 2 to more efficiently route Ethernet traffic between VLANs?
Class of Service (CoS)
What field in an IPv4 packet is altered to prioritize video streaming traffic over web surfing traffic? a. Traffic Class b. Priority Code Point c. Time to Live d. DiffServ
D | DiffServ (Differentiated Services) Explanation: To prioritize traffic, DiffServ places information in the DiffServ field of an IPv4 packet. In IPv6 packets, DiffServ uses a similar field known as the Traffic Class field. The TTL (Time to Live) field indicates the maximum duration that an IPv4 packet can remain on the network before it is discarded. Frames that have been tagged for CoS (Class of Service) contain a 3-bit field in the frame header called the PCP (Priority Code Point).
What can cause packet loss?
1. Unknown protocol. 2. Unrecognized port. 3. Network noise.
NetFlow focuses on?
The way network bandwidth is being utilized by identifying how communications from all devices are related to each other.
Simple Network Management Protocol (SNMP) focuses on?
Individual devices.
What problem arises when a network is required to handle a lot of VoIP traffic?
Jitter
Michigan Tires has hired you as a network administrator to monitor the network and to ensure that the network functions reliably. You will require a device to monitor the CPU temperatures of your servers. Which of the following software will you request from the management? a. PRTG dashboard by Paessler b. Spiceworks c. Room Alert Monitor by AVTECH d. Wireshark
A | PRTG dashboard by Paessler
What port do SNMP agents listen on? a. Port 161 b. Port 21 c. Port 162 d. Port 20
A | Port 161 Explanation: SNMP typically runs over UDP ports 161 and 162 (though it can be configured to run over TCP ports 10161 and 10162). Agents listen on port 161 for information from the manager, while managers listen on port 162 for trap messages from agents. Ports 20 and 21 support FTP.
Jeff Green has been hired as a systems analyst by an online retail company. The company is expecting a huge network traffic triggered by the Christmas sale, which will begin from the midnight of December 23. There is an urgent need to adopt a congestion control technique, and it is Jeff's responsibility to ensure that he selects an appropriate open-loop congestion control technique to prevent this congestion before it occurs. Which of the following techniques should Jeff ideally choose to ensure that important traffic can survive the congestion while less sensitive frames are discarded? a. Acknowledgement policy b. Discarding policy c. Window policy d. Admission policy
B | Discarding policy Discarding policy involves discarding less sensitive frames so that important traffic can survive the congestion.
What command requests the next record in an SNMP log? a. SNMP Get Request b. SNMP Get Next c. SNMP Trap d. SNMP Get Response
B | SNMP Get Next The NMS can use an SNMP Get Next message to request the next row of data in the MIB database. The NMS uses a SNMP Get Request message to request data from an agent. The SNMP Get Response message is used when an agent sends a response with the requested information. An agent can be programmed to detect certain abnormal conditions that prompt the generation of SNMP Trap messages, where the agent sends the NMS unsolicited data once the specified conditions on the managed device are met.
While troubleshooting a recurring problem on your network, you want to examine the TCP messages being exchanged between a server and a client. Which tool should you use on the server? a. Spiceworks b. Wireshark c. iPerf d. NetFlow
B | Wireshark Explanation: A protocol analyzer like Wireshark can monitor traffic at a specific interface between a server or client and the network. Spiceworks monitors traffic between multiple devices on a network at one time to monitor overall network bandwidth. A monitored NetFlow device sends its flow records to a NetFlow analyzer for network-wide traffic analysis. iPerf is a simple CLI-based tool used to measure throughput between two devices.
When repairing a coworker's computer, you find some illegal files. What should you do next? a. Shut down the computer and unplug it. b. Take screenshots on the computer and save them in your own folder. c. Disconnect the computer from the network and leave it running. d. Delete the files.
C | Disconnect the computer from the network and leave it running. Explanation: First secure the area by disconnecting the computer from the network (remove the Ethernet cable or disable the Wi-Fi antenna). Ideally, you should leave the device running without closing any applications or files. Don't shut down the computer unless a destructive program is running, and then you would immediately unplug the computer. Don't change anything on the computer by taking screenshots and don't tamper with evidence by deleting files.
Which of the following KPIs (key performance indicators) refers to the actual throughput used as a percentage of available bandwidth? a. Packet drops b. Error rate c. Utilization d. Jitter
C | Utilization Utilization refers to the actual throughput used as a percentage of available bandwidth.
Which of the following statements is true? Choose two. a. When streaming a movie, the transmission is sensitive to loss and tolerant of delays. b. When sending an email, the transmission is sensitive to delays and tolerant of loss. c. When streaming a movie, the transmission is sensitive to delays and tolerant of loss. d. When sending an email, the transmission is sensitive to loss and tolerant of delays.
C | When streaming a movie, the transmission is sensitive to delays and tolerant of loss. D | When sending an email, the transmission is sensitive to loss and tolerant of delays. Explanation: Delayed traffic for a streaming movie results in reduced quality, while an occasional skipped video frame will likely not be noticeable. This means that, when streaming a movie, the transmission is sensitive to delays and tolerant of loss. An email, however, can tolerate a brief delay, but lost data can result in a corrupted message. Therefore, when sending an email, the transmission is sensitive to loss and tolerant of delays.
Which of the following is a battery-operated power source directly attached to one or more devices and to a power supply, such as a wall outlet, that provides a backup power source in the event of a power outage? a. Generator b. Surge protector c. Power Distribution Unit (PDU) d. Uninterruptable Power Supply (UPS)
D | Uninterruptable Power Supply (UPS)