TestOut Unit 3

Ace your homework & exams now with Quizwiz!

When designing a firewall, what is the recommended approach for opening and closing ports?

Close all ports; open only ports required by applications inside the DMZ.

You have three switches configured as shown in the Exhibit. How can you guarantee that switch C becomes the root bridge?

Configure switch C with a lower priority value.

Which of the following best describes the concept of a VLAN?

Devices on the same network logically grouped as if they were on separate networks.

In the output of the netstat command, you notice that a remote system has made a connection to your Windows Server 2016 system using TCP/IP port 21. Which of the following actions is the remote system most likely performing?

Downloading a file

Which of the following tasks do routers perform? (Select two.)

Maintain information about paths through an internetwork. Route data based on logical network addresses.

Which of the following solutions would you implement to eliminate switching loops?

Spanning tree

Haley configures a website using Windows Server 2016 default values. What are the HTTP port and SSL port settings?

80 for HTTP; 443 for SSL

You recently installed a new all-in-one security appliance in a remote office. You are in the process of configuring the device. You need to: Increase the security of the device. Enable remote management from the main office. Allow users to be managed through Active Directory. You want to configure the device so you can access it from the main office. You also want to make sure the device is as secure as possible. Which of the following tasks should you carry out? (Select two.)

Change the default username and password. Configure the device's authentication type to use Active Directory.

You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply.)

- Destination address of a packet - Port number - Source address of a packet

You have used firewalls to create a demilitarized zone. You have a webs server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)

- Put the database server on the private network - Put the web server inside the DMZ.

You have two switches connected together as shown in the following diagram. How many broadcast domains are in the network shown?

2

You have recently installed a new Windows Server 2016 system. To ensure the accuracy of the system time, you have loaded an application that synchronizes the hardware clock on the server with an external time source on the internet. Now, you must configure the firewall on your network to allow time synchronization traffic through. Which of the following ports are you most likely to open on the firewall?

123

Which of the following IP addresses is a valid IP address for a host on a public network?

142.15.6.1

You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to use DNS, which port should you enable?

53

You connect your computer to a wireless network available at the local library. You find that you can access all the websites you want on the internet except for two. What might be causing the problem?

A proxy server is blocking access to the websites.

An all-in-one security appliance is best suited for which type of implementation?

A remote office with no on-site technician.

Which of the following describes how access lists can be used to improve network security?

An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.

You have just connected four switches as shown in the Exhibit. Assuming the default switch configuration, which switch will become the root bridge?

B

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. There is no default route configured on the router. The router receives a packet addressed to network 10.1.0.0/16. What will the router do with the packet?

Drop the packet.

Which of the following routing protocols is classified as a hybrid routing protocol?

EIGRP

You want to allow users to download files from a server running the TCP/IP Protocol. You want to require user authentication to gain access to specific directories on the server. Which TCP/IP protocol should you implement to provide this capability?

FTP

Which of the following is likely to be located in a DMZ?

FTP server

You have a private network connected to the internet. Your routers will not share routing information about your private network with internet routers. Which of the following best describes the type of routing protocol you would use?

IGP

You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?

IP address

Under which of the following circumstances might you implement BGP on your company network and share routes with Internet routers?

If the network is connected to the Internet using multiple ISPs.

A switch running STP is in the listening state. A message destined for a different network segment arrives at the switch. Which of the following best describes what the switch will do?

It does not record address or segment information. It does not forward the message.

Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?

Network-based firewall

After blocking a number of ports to secure your server, you are unable to send email. To allow email service, which of the following needs to be done?

Open port 25 to allow SMTP service.

Match the firewall type on the left with its associated characteristics on the right. Each firewall type may be used once, more than once, or not at all.

Operates at Layer 2 - Virtual firewall Operates at Layer 3 - Routed firewall Counts as a hop in the path between hosts. - Routed firewall Does not count as a hop in the path between hosts. - Virtual firewall Each interface connects to a different network. - Routed firewall Each interface connects to the same network segment. - Virtual firewall

Match the firewall type on the right with the OSI layer at which it operates. Each OSI Layer may be used once, more than once, or not at all.

Packet filtering firewall - OSI Layer 3 Circuit-level proxy - OSI Layer 5 Application-level gateway - OSI Layer 7 Routed firewall - OSI Layer 3 Transparent firewall - OSI Layer 2

You are monitoring network traffic on your network, and you see traffic between two network hosts on port 1720. What is the source of this network traffic?

Someone is using voice over IP (VoIP) to make a telephone call.

You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply.)

Source address of a packet Destination address of a packet Port number

Which of the following features are common functions of an all-in-one security appliance? (Select two.)

Spam filtering Bandwidth shaping

You administer a web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the website as follows: - IP address: 192.168.23.8 - HTTP Port: 1030 - SSL Port: 443 Users complain that they can't connect to the website when they type www.westsim.com. What is the most likely source of the problem?

The HTTP port should be changed to 80.

You are monitoring network traffic on your network, and you see traffic between two network hosts on port 2427. Which kind of network traffic uses this port?

The MGCP protocol is generating traffic, which VoIP uses to send voice data over a network.

What information does the next hop entry in a routing table identify?

The first router in the path to the destination network.

While viewing the status of the interfaces on a Cisco switch, you see an abnormally large number of oversized Ethernet frames being received on one interface. This interface is connected to a workstation located on the second floor. What could cause this to happen?

The workstation's network board is jabbering.

When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?

Trunk ports.

You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch in VLAN 1. What should you configure to allow communication between these two devices through the switches?

Trunking

Your company is a small start-up that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?

VLAN

You are configuring a firewall to allow access to a server hosted on the demilitarized zone of your network. You open TCP/IP ports 80, 25, 110, and 143. Assuming that no other ports on the firewall need to be configured to provide access, which applications are most likely to be hosted on the server?

Web server and email server

In which of the following situations would you most likely implement a demilitarized zone (DMZ)?

You want to protect a public web server from attack.

The network board in a workstation is currently configured as follows: Network speed = Auto Duplexing = Auto The workstation is experiencing poor network performance, and you suspect that the network board is not correctly detecting the network speed and duplex settings. Upon investigation, you find that it is running at 10 Mbps half-duplex. You know that your network switch is capable of much faster throughput. To fix this issue, you decide to manually configure these settings on the workstation. Before you do so, you need to verify the configuration of the switch port that the workstation is connected to. Given that it is a Cisco switch, which commands can be used on the switch to show a list of all switch ports and their current settings? (Select two.)

show interface show running-config interface

You are the network administrator of a branch office of your company. The branch office network is part of a WAN that covers most of the United States. The office has two Windows 2000 servers, two UNIX servers, one Windows NT server, 90 Windows 98 clients, 40 Windows 2000 Professional clients, and five Macintosh clients. Users have been complaining that they are unable to access resources over the WAN at the main headquarters. You suspect that one of the routers between your office and the main headquarters is not working properly. What TCP/IP utility can you use to see if a router is working properly?

tracert

Which of the following is not one of the ranges of IP addresses defined in RFC 1918 that are commonly used behind a NAT server?

169.254.0.1 - 169.254.255.254

You have a computer that is connected to the internet through a NAT router. You want to use a private addressing scheme for your computer. Which of the following IP addresses could you assign to the computer? (Select all that apply.)

192.168.12.253 10.0.12.15 172.18.188.67

Select the statement that best describes a broadcast storm.

A broadcast storm occurs when there are so many broadcast messages on the network that they approach or exceed the network bandwidth.

Which of the following is a characteristic of static routing when compared to dynamic routing?

All routes must be manually updated on the router.

Which of the following routing protocols is used by routers on the internet for learning and sharing routes?

BGP

Which of the following routing protocols uses paths, rules, and policies instead of a metric for making routing decisions?

BGP

A switch running STP is classified as a backup bridge. What state is it in?

Blocking

Which of the following are true about reverse proxy? (Select two.)

Can perform load balancing, authentication, and caching. Handles requests from the internet to a server in a private network.

You manage a network with a single switch. On each switch port, a hub connects multiple devices to the switch. Which condition are you most likely to experience on the network?

Collisions

Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all.

Commonly sold at retail stores. Unmanaged switch Provides port security features. Managed switch Supports VLANs. Managed switch Provides very few configuration options. Unmanaged switch Can be configured over a network connection. Managed switch Can be configured over a dedicated communication channel. Managed switch

Match each switch management method on left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all.

Competes with normal network traffic for bandwidth. In-band management Uses a dedicated communication channel. Out-of-band management Must be encrypted to protect communications from sniffing. In-band management Does not compete with normal network traffic for bandwidth. Out-of-band management Affected by network outages. In-band management

Computers A and B are on the same VLAN and are separated by two switches as shown in the exhibit. Computer A sends a frame to Computer B. Which of the following best describes the composition of the frame as it travels from A to B?

Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The second switch removes the VLAN ID before forwarding it to Computer B.

You have just connected four switches as shown in the Exhibit. Assuming the default switch configuration, how can you force switch C to become the root bridge?

Configure a priority number of 4096 for switch C.

What does the ip address dhcp command allow you to do?

Configure the switch to obtain an IP address from a DHCP server.

Match the Cisco device password type on the left with its function on the right.

Controls the ability to log on through a LAN or WAN interface configured on the device. VTY Controls the ability to connect to the device using a web browser using HTTPS. SDM Controls the ability to connect to the device using a direct connection. Console

You have a network configured to use the OSPF routing protocol. Which of the following describes the state when all OSPF routers have learned about all other routes in the network?

Convergence

You have just connected a new computer to your network. The network uses static IP addressing. You find that the computer can communicate with hosts on the same subnet, but not with hosts on a different subnet. No other computers are having a problem. Which of the configuration values would you most likely need to change?

Default gateway

Match the EtherChannel protocol on the left with its characteristics on the right. Each protocol may be used once, more than once, or not at all.

Desirable mode places the port in a negotiating state. Port Aggregation Protocol (PAgP) Based on the 802.3ad standard. Link Aggregation Control Protocol (LACP) Passive mode places the port into a passive negotiating state. Link Aggregation Control Protocol (LACP) Auto mode places the port into a passive negotiating state. Port Aggregation Protocol (PAgP) Active mode places the port in a negotiating state. Link Aggregation Control Protocol (LACP)

Which of the following statements describe how VLANs affect broadcast traffic within an internetwork? (Select two.)

Devices on the same VLAN have the same subnet address. Broadcast traffic is transmitted only within a VLAN.

A user reports that network access from her workstation is very slow. The problem does not seem to be affecting any other users. Which of the following conditions is the most likely cause?

Duplex Mismatch

You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connections to internal hosts. What type of network address translation (NAT) should you implement?

Dynamic

You manage a network with multiple switches. You find that your switches are experiencing heavy broadcast storms. Which of the following will help reduce the effects of a broadcast storm?

Enable spanning tree on the switches

You need to disable the FastEthernet 0/0 interface on a switch. Drag the command on the left to the appropriate configuration step on the right. It is possible that not all of the commands are required.

Enter global configuration mode. conf t Enter interface configuration mode. int fa0/0 Disable the interface. shutdown Verify that the interface is disabled. show ip interface brief

The FastEthernet 0/0 interface on a switch is currently disabled. You need to enable it so a workstation can be connected to it. Drag the command on the left to the appropriate configuration step on the right. It is possible that not all commands are required.

Enter global configuration mode. conf t Enter interface configuration mode. int fa0/0 Enable the interface. no shut Verify that the interface is enabled. show interface status

You need to configure the FastEthernet 0/1 interface on a switch to automatically detect the appropriate link speed and duplex setting by negotiating with the device connected to the other end of the link. Drag the command on the left to the appropriate configuration step on the right. It is possible that not all of the commands are required.

Enter global configuration mode. conf t Enter interface configuration mode. int fa0/1 Set the speed of the interface. speed auto Set the duplex setting for the interface. duplex auto

Which of the following are characteristics of a circuit-level gateway? (Select two.)

Filters by session Stateful

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The router is also configured with a static route of 0.0.0.0 with a mask of 0.0.0.0. The router receives a packet addressed to network 10.1.0.0/16. What will the router do with the packet?

Forward the packet to the next hop router specified by the route to network 0.0.0.0.

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?

Host-based firewall

You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?

IP address

You manage a local area network with several switches. A new employee has started today, so you connect her workstation to a switch port. After connecting the workstation, you find that the workstation cannot get an IP address from the DHCP server. You check the link and status lights and see that the connection is working properly. A ping to the loopback address on the workstation succeeds. No other computers seem to have the problem. Which of the following is the most likely cause of the problem?

Incorrect VLAN assignment

Which of the following are reasons to configure VLANs on a switch as opposed to using switches without VLANs? (Select two.)

Increased security Increased number of broadcast domains

You would like to control internet access based on users, time of day, and websites visited. How can you do this?

Install a proxy server. Allow internet access only through the proxy server.

A switch is running STP is in the learning state. A message destined for a different network segment arrives at the switch. Which of the following best describes what the switch will do?

It uses the source MAC address and network segment information to build its bridge database, but does not forward the message.

Switches running STP are in the process of exchanging BPDUs and redefining their roles. Which port state are the switches currently in?

Listening

When multiple routes to a destination exist, what is used to select the best possible route?

Metric

You manage a network with multiple subnets connected to the internet. A user reports that she can't access the internet. You investigate the problem and find that she can access all hosts on the private network, including subnets, but no hosts on the internet. Which of the following is likely the cause of the problem?

Missing default route on a router

You manage a network with multiple subnets connected to the internet. A user reports that she can't access the new server used in the accounting department. You check the problem and find out that her computer cannot access any server on that subnet. However, the computer does access other computers on other subnets as well as the internet. Which of the following is most likely the cause of the problem?

Missing route on the default gateway router

You are configuring a switch so that you can manage it using PuTTY from the same network segment as the switch. On the switch, you enter the following commands: switch#config terminalswitch(config)#interface vlan 1switch(config-if)#ip address 192.168.1.10 255.255.255.0 Will this configuration work?

No, the no shutdowncommand needs to be entered.

Which of the following routing protocols divides the network into areas, with all networks required to have an area 0 (area 0 identifying the backbone area)?

OSPF

Which of the following routing protocols uses relative link cost as the metric?

OSPF

Which of the following best describes OSPF?

OSPF is a classless link-state routing protocol.

What are the main differences between the OSPF and IS-IS routing protocols?

OSPF requires an area 0, while IS-IS does not.

You work for a large multinational organization that has an extensive global network that is interconnected using WAN links and routers. Lately, users in one location have complained that they are unable to access resources stored on a server named FS23 in a South American branch office. To troubleshoot the issue, you have done the following: Verified that the server is up and running. Verified that the various routers in between the two locations are up and running. You suspect that perhaps one of the routers between the two locations may be dropping packets. To test this theory, you enter the ping FS23 -f -l 1500 command on your workstation. The ping command returns the following command for each ping packet sent: "Packet needs to be fragmented but DF set." What does this mean?

One of the intermediate routers is an MTU black hole.

Which of the following are true of a circuit proxy filter firewall? (Select two.)

Operates at the Session layer. Verifies sequencing of session packets.

Which of the following associates a port number with a host on a private network?

PAT

Which of the following is a firewall function?

Packet filtering

Which of the following techniques allows incoming traffic addressed to a specific port to move through a NAT router and be forwarded to a specific host?

Port forwarding

Which statements accurately describe the port states of both bridges and switches? (Select two.)

Ports in a blocked state still receive BPDUs. In the learning state, the MAC address table can be populated, but frames are not forwarded.

You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. All computers on your home network can connect to the internet. From your work office, you try to access your home computer using its IP address, but are unable to communicate with the server. You are able to connect to other hosts on the internet. Why can't you access the server?

Private addresses are not accessible through the internet.

Your computer has an IP address of 161.13.5.15. Your computer is on a:

Public network

Which of the following protocols has a limit of 15 hops between any two networks?

RIP

Which of the following statements about RIP is true?

RIP uses hop counts as the cost metric.

You need to configure spanning tree on a Cisco switch. You'd like to use a protocol that conforms to the 802.1w standards. Which protocol should you use?

Rapid PVST+

Based on the diagram, which type of proxy server is handling the client's request?

Reverse proxy server

You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the same switch which is in VLAN 2. What should you configure so that the two devices can communicate?

Routing

A switch receives a frame addressed to the MAC address FF:FF:FF:FF:FF:FF. What will the switch do with the frame?

Send it out all ports except for the port it was received on.

Which of the following features dynamically places switch ports in blocking or forwarding states?

Spanning tree

You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support?

Spanning tree

You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?

Spanning tree

You are the network administrator for a small company that implements NAT to access the internet. You recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these five servers?

Static

You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow access?

Static NAT

Which of the following connectivity hardware is used to create a VLAN?

Switch

You can create a virtual LAN using which of the following?

Switch

You want to reduce collisions by creating separate collision domains and virtual LANs. Which of the following devices should you choose?

Switch

When you configure VLANs on a switch, which of the following is used to identify a device's VLAN membership?

Switch port

Which of the following statements accurately describes a VLAN ID?

Switches append a VLAN ID to the header of each frame to identify the virtual network it belongs to.

Which problem does the spanning tree protocol prevent?

Switching loops from developing when redundant paths are implemented between switches.

Which of the following are true regarding using multiple VLANs on a single switch? (Select two.)

The number of broadcast domains increases. The number of collision domains remains the same.

You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature allows the switches to pass VLAN traffic between the switches?

Trunking

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?

VLAN

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. Which of the following should you use in this situation?

VLAN

You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access. Which feature should you implement?

VLANs

You need to keep users in all other departments from accessing the servers used by the finance department. Which of the following technologies should you use to logically isolate the network?

VLANs

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The next hop router for network 192.168.3.0 has changed. You need to make the change with the least amount of effort possible. What should you do?

Wait for convergence to take place.

Which of the following benefits apply only to creating VLANs with switches and not to segmenting the network with regular switches?

You can create multiple broadcast domains.

Which command would you use on a switch to enable management from a remote network?

ip default-gateway 192.168.10.185

Which of the following utilities would you use to view the routing table?

route

Which of the following commands would display the output shown here?

route print

Examine the following output: 4 22 ms 21 ms 22 ms sttlwa01gr02.bb.ispxy.com [154.11.10.62]5 39 ms 39 ms 65 ms plalca01gr00.bb.ispxy.com [154.11.12.11]6 39 ms 39 ms 39 ms Rwest.plalca01gr00.bb.ispxy.com [154.11.3.14]7 40 ms 39 ms 46 ms svl-core-03.inet.ispxy.net [205.171.205.29]8 75 ms 117 ms 63 ms dia-core-01.inet.ispxy.net [205.171.142.1] Which of these commands produced this output?

tracert

Which TCP/IP utility gives you the following output?

tracert


Related study sets

IO psych: Chapter 7-Performance apprasial

View Set

Math - 3.12 Quiz: Use Slope as a Rate

View Set

Chapter 23: Legal Implications in Nursing Practice (Legal Implications in Nursing)

View Set

Survey of Environmental Health - Final Exam Questions

View Set

EXAM 2 LEADERSHIP STUDY GUIDE from Test 1

View Set