ITNW 1309 Module 4-7

Gabriel has been given the 10.30.0.0 network and told to use the subnet mask 255.255.248.0 for the new cloud infrastructure he is building out for the subsidiary his company just purchased. Assuming one of the IP addresses is used for a virtual router interface on that subnet, how many virtual machines could he create in each subnetwork?

2045

Negan has been given the 10.50.0.0/16 subnet to create the cloud infrastructure necessary for a new subsidiary that his company is creating, Zombies Inc. He wants to create a minimum of 500 smaller networks that can hold 100 servers each out of that space to minimize broadcast traffic within each subnet. Which of the following CIDR masks could he use to meet his requirements?

/25

Dwight has just moved all of the Linux servers from the VPC that they shared with some Windows servers to another VPC. Which of the following does he most likely need to do?

Remove the rules that allow port 22 from the firewall to the original VPC.

What is one difference in the virtual private clouds (VPCs) created by GCP and those created by other cloud providers?

GCP VCPs are global by default

Octavia has set up a private cloud with a virtual machine at the IP address 172.19.101.5 and the subnet mask 255.255.255.192. She has been asked what the broadcast IP address is for the network. How should she respond?

172.19.101.63

A network administrator is configuring a VPC in GCP, and manually enters the routes into a routing table. What kind of routing is this considered?

Static routing

Marcus has been asked to configure a web server with a specific private class C IP address. Which of the following is a possible address she was given?

192.168.205.63

Beth has been asked to migrate the company's virtual private clouds from class C private addresses to class B private addresses. Which of the following is a valid address for her to change the web server's IP address to?

172.30.101.50

Lexa has been asked for the subnet ID and subnet mask in CIDR notation for one of the web servers in the company's private cloud. The web server has an IP address of 192.168.1.200 and a subnet mask of 255.255.255.192. What should she tell them?

192.168.1.192/26

Finn needs to create multiple virtual networks using a /28 mask. How many devices can he put on each subnet?

14

Which GCP segment type is the largest?

Region

Ezekiel wants to ensure that several of the cloud resources he is responsible for managing are always available. Which of the following might best help him meet his goals of high availability?

Site mirroring between two or more regions

Rick is planning a deployment of multiple virtual machines that need to have internal IP addresses. He is unsure which address ranges he can use. He knows there is a formal document that outlines the ranges that can be used for internal addresses. Which of the following options is that formalized set of specifications?

RFC 1918

Jasper was given the IP address of 10.17.101.120/15 for the virtual machine he is to create along with the default gateway of 10.0.0.1. He enters the IP address correctly along with the subnet mask 255.254.0.0. However, the virtual machine doesn't appear to be able to communicate with the Internet when he tries to ping a popular domain name. Which of the following might be the reason why?

The default gateway is incorrect.

Clarke is trying to come up with a subnet mask so that three servers with the IP addresses 172.16.31.10, 172.16.30.15, and 172.16.31.206 are in the same network. Which of the following subnet masks will accommodate this requirement?

255.255.254.0

Carl has created a virtual machine on the cloud service provider that his company uses and has given it a static private IP address. He wants to make this server is the new web server for the company's website. Which of the following is required to allow that server to perform in that role?

IG

Abby has just created a new virtual machine. Once it has been installed, she connects to it and finds that it has configured the default subnet mask for a class A network. Which of the following subnet masks was automatically configured for this server?

255.0.0.0

Maggie wants to create a small subnetwork for the Human Resources servers that her organization uses. There are currently 10 servers, but she also needs to plan for 50 percent growth over the next two years. Which of the following subnet masks would give her adequate IP address space while leaving the fewest number of unused IP addresses in the block?

255.255.255.240

Lara is trying to decide on a protocol to use for a VPN to connect from one cloud service provider to another. She knows there are a variety of protocols out there that can be used for VPNs but wants to make sure she chooses one that both cloud service providers support and that can be combined with IPsec. Which of the following protocols would she most likely need to choose?

L2TP

Vahé is working on a Linux system and wants to determine which routers a packet will traverse when a packet is sent to a certain destination. Which of the following command line tools can he use to find that information?

traceroute

Jordan's manager knows that he is working on implementing a VPN connection between the company's on-premises data center and the cloud service provider his company uses. The manager was concerned that Jordan used an older data link layer protocol developed by Microsoft that is no longer considered secure. Which of the following protocols was manager was concerned about?

PPTP

Tim has three separate VPCs at the cloud service provider that his company uses. Some of the services in each of the VPCs need to communicate with some of the services in other VPCs on that same CSP. Which of the following might he implement in order to accommodate that requirement?

Cloud peering

Jenna's cloud service provider has just started supporting IPv6. She wants her web servers there to be accessible by both IPv4 and IPv6. Which of the following records should she add to the DNS configuration to ensure that IPv6 clients can access her company's website?

AAAA

Quinn is currently looking to deploy a new Microsoft SharePoint server farm, a web-based application, into its own VPC. Which of the following ports would be unnecessary for her to leave open on the firewall for usage or management purposes?

22

Patti's company has just migrated the only Windows server in a particular VPC to a different VPC. Which of the following should she do next?

Disable port 3389 on the firewall of the original VPC.

Jaysen is trying to determine whether one of the new servers he set up on the cloud service provider is reachable and online from his current workstation. Which of the following tools is he most likely trying to use?

ping

Ingrid has configured one of the network segments to use a DHCP server to dynamically assign IP addresses. She knows that DHCP can also tell the clients the address of the server that they should use to resolve FQDNs to IP addresses. Which of the following settings should she configure?

DNS servers

Ophelia wants to create a VPN that uses SSL or TLS for the encryption. Which of the following protocols should she choose?

OpenVPN

Davis has been analyzing the on-premises data center and determined that the data center can handle most of the traffic on a day-to-day basis. However, there are times when the bandwidth becomes saturated, and he needs to find a solution to push the excess traffic out to virtual machines on a cloud service provider. Which of the following describes the technique he is looking to implement?

Cloud bursting

Kenji has decided upon a multi-cloud deployment so that the company can continue to operate even if one of the cloud service providers experiences an outage. Which of the following explains the factor that was important to Kenji in choosing this structure?

Disaster recovery

Greta manages the on-premises networks for her company's Atlanta and Orlando offices. She hears about a technology that will allow her to connect certain network segments in Atlanta to their counterparts in Orlando by inserting the MAC address into layer 4 for UDP transport over the Internet. What is the technology that she has heard about that she should research more about in order to implement?

VXLAN

Olivia manages a group of Windows and Linux servers. She knows there is a command that she can use to view currently open network connections that works on both platforms. Which of the following commands will she most likely use?

netstat

A year ago, Raj configured two servers on separate VLANs. He still needs them to remain on separate VLANs, but now has a need for them to be able to send certain communications to each other over a certain port. Which of the following will be necessary for him to do?

Create a route between the two VLANs, so they know how to contact each other.

Breanne wants to create a tunneled connection between her on-premises data center and the cloud service provider that her company uses. Which of the following would allow her to create that connection?

VPN

Isabel is troubleshooting a DNS issue on one of her Windows servers. Which of the following commands might let her look up the DNS records so she can track down where the problem might be?

nslookup

Emily has just migrated the email from the company's on-premises data center to a cloud service provider. She has modified the appropriate A records, but e-mail isn't being delivered to the new servers. Which of the following records does she still need to modify?

MX

Denis is trying to determine which route's packets are traveling over when accessing his company's chosen cloud service provider. Which of the following Windows tools can help him discover that information?

tracert

Gilly is walking down the hallway at her office when she notices someone in a delivery uniform carrying boxes down the hall without an escort. She also doesn't see a visitor's badge, which is supposed to be clipped to a visitor's collar. Which of the following might have just occurred?

Unauthorized physical access

Dez has been reading about encryption recently. She begins to wonder how anything can be secure if everyone is using the same set of algorithms. After all, anyone using the same algorithm would be able to decrypt anything that had been encrypted using that algorithm. Which of the following helps make the data unusable by anyone else using that same encryption scheme without having this information?

Key

Cory had an audit performed on her company's external-facing IT infrastructure. One of the items in the report she was presented with mentions that the company's website is running on HTTP. The recommended fix is to require HTTPS connections for the website. Which of the following should the technician responsible for making this change install and configure?

TLS

Kareem has set up a new web server on the company's private cloud. He has installed the security certificate necessary so that the application can be accessed by HTTPS. He isn't overly familiar with how these certificates work, so he decides to read up on the details. He learns that there is a pair of keys used to encrypt and decrypt the initial communications. Which of the following is the key that does not get sent to the browser?

Private key

Carol is analyzing the security on her company's hybrid network and sees that GRE is being used as a VPN. Why does Carol recommend it be removed from the company's network?

GRE transmits unencrypted data.

Marcella has been hired to perform an audit of a security incident where a large corporation was using an open-source application that they had deployed to a cloud service provider. The application was used to manage the many people whose information it tracked and included a lot of identifying information about them that could be used in identity fraud. Unfortunately, the person that installed the application never removed the default administrative account that was still using the default password. Which of the following describes this scenario?

Incorrect hardening settings

Gandy has been learning more about security within the cloud after hearing that it is a hot topic within the IT industry. He starts reading up on SHA-3 being used for hashing. Which of the following best describes SHA-3?

Cipher

Rayshawn is about to deploy a new web server. He wants to ensure that when a user accesses the server, that their web browsing session is encrypted between the browser and the server. Which of the following should he use with the web server to provide this functionality?

TLS

Jamie is head of security at his company and has gotten an alert from the monitoring system that the web servers are receiving a sudden spike in traffic from several foreign IP addresses. This is causing the website to run very slow or return errors to some users. Which of the following is most likely occurring?

DDoS attack

Aria is looking to install a security appliance that is designed to detect applications and other resources running within the domain and monitor them according to her organization's policies. Which of the following would she want to implement?

CASB

Ella is analyzing the infrastructure that her organization uses and sees that the first rule of the firewall is as shown below. Which of the following is most likely true?

Incorrect hardening settings

Joy has received several complaints that none of the users can access the company's resources that are hosted on a cloud service provider. The company has a piece of hardware installed that provides a VPN tunnel to the CSP. Upon entering the data center, she sees that all the lights are off on the device. She unplugs it and plugs it back in and does not see any changes. Which of the following has most likely occurred?

Security device failure

Nirav is considering using private key encryption for transmitting messages from his VPC. What is a possible problem this may cause when he attempts to implement it?

Private key encryption requires the decryption key to somehow be sent in a secure manner.

Shae wants to implement a system that can identify, block, and remove harmful files from the VNet. Which best describes the product she needs?

Antivirus

Rachel has a VPC that is only accessed by IP address and does not do any DNS lookups for any of the applications that it runs. Which of the following rules should she add to the firewall?

Deny port 53

Darren wants to implement a technology on the company's servers that will detect any intrusions as well as implement rules or other methods to immediately stop traffic that appears to be an intrusion. Which of the following is he looking to install?

HIPS

Bryan is examining the log files and notices a constant stream of traffic initializing sessions to an FTP server coming from a single IP address. Which of the following is most likely occurring?

DoS attack

Theo wants to transfer some files to one of the Linux servers that he manages. Which of the following would ensure that the transmissions are secure while not relying on SSL/TLS for the encryption?

SFTP

Aron has recently learned about the CIA triad. He knows that encryption is important to a variety of things within his organization's infrastructure. One of those is the ability to ensure that data being transmitted across the network cannot be modified undetected. Which of the following tenets of the CIA triad supports this idea?

Integrity

Sasha has moved the only Linux server within VPC1 to the Linux-only VPC15. The remaining servers in VPC1 all run Windows Server. Which of the following should she do on the firewall for VPC1?

Disable port 22

Tyler wants to use a virtual firewall to filter the types of traffic that are allowed or not allowed into a virtual private cloud instance he has created on the cloud service provider his company uses. Which of the following can he use to accomplish this goal?

NACL

Eddy wants to install a VM running in the perimeter network that provides antivirus/anti-malware capabilities for the rest of the network. Which of the following describes the type of VM that he wants to install?

NVA

Meera notices someone entering a side door of her company's facility but did not swipe a badge on the proximity badge reader before being able to open the door, even though there is a badge reader installed. Which of the following may have occurred?

Security device failure

Jon recently returned from an IT conference where he learned about a technology that could alert the administrators to any intrusions that may occur by installing software on each of the servers within the cloud deployment. Unfortunately, this system wouldn't stop the intrusion automatically. Which of the following technologies did he learn about?

HIDS

Tomás has created a set of firewall rules and has noticed that when there is traffic that matches a rule, the traffic allowed in one direction automatically allows traffic in the other direction for an active connection as long as there is at least one message going either direction within 10 minutes. What is the name of that type of firewall?

Stateful

Petyr has been called into Fictional Corp to perform a security audit of their systems. One of the things that he notes on his report is that the sales department is using FTP to remotely upload scanned copies of physical order sheets from customers. Why is this an issue?

FTP is considered insecure.

Bianca manages the e-mail server for Fictional Corp. All of the employees' e-mails are encrypted using the user's keys. One of the user's certificates expires, so a new certificate is installed. However, now they can no longer access their archived e-mails. Which of the following does Bianca need to do to give this user access to their archived e-mails?

Import the keys for the old certificate so the e-mails can be decrypted and then re-encrypt them using the new certificate.

Since starting his new job with the government, Noah has seen that certain systems identify data as classified, secret, or top secret rather than dividing individuals into groups and assigning them authorization. Which of the following best sums up these data labeling systems?

MAC

Owen has been tasked with having multifactor authentication installed for entrances into the company's data center. Which of the following would meet that requirement?

Proximity badge reader and fingerprint scanner

Kevin is implementing SSO functionality for his organization. Which of the following authentication standards could he use to implement it?

SAML

Tia has run a report on one of the Linux servers she manages and sees that one of the users has not changed their password in over two years. Which of the following parameters should she configure on the server?

Expiration

Sarah has deployed a private cloud infrastructure that requires users to insert a smart card into their computer or into a card reader in order to authenticate them to use the applications. The smart card is associated with a certificate for each user, which is verified against a certificate authority. Which of the following has she deployed?

PKI

Sean has implemented an automatic account locking policy that will lock a user account after five invalid attempts. Which of the following types of attacks will this help thwart?

Brute force

Sharon is having trouble logging into the new cloud-based web application that her small company uses. It asks whether she wants to use a local account or an OpenID account. Which of the following is used by OpenID in order to implement authentication?

OAuth

In order to introduce a new authentication technique, Judy's organization must issue smart cards and distribute certificates to users. Which of the following certificates will she have to install and set up?

CA

Fictional Corp. has assigned each user within their Active Directory implementation a username. This username is a form of:

identity

Otis wants to give a mobile app short-term access to a resource without having to store long-term user credentials (such as access keys) in the app. Which of the following describes the method he can use to do that?

Roles

Fictional Corp. is trying out a new experimental technology that analyzes how users type as part of a multifactor authentication implementation. Which of the following categories of authentication factors would this fall into?

Something you do

Stan is walking past a row of cubicles when he notices someone's password written down on a sticky note that is attached to a monitor. The password is passwordpassword3. Besides the obvious problem of the word password repeated followed by a single number, which of the following policies isn't in place that should be?

Complexity

Sebastian is trying to access a resource that has been labeled as top secret, but he only has secret clearance. Which of the following access control methods does his organization use?

Mandatory access control

Fictional Corp has just moved its web server from its on-premises data center to a cloud service provider. Which of the following most likely needs to be changed by an administrator?

DNS Entries