Exam 2 Test

Kenji has decided upon a multi-cloud deployment so that the company can continue to operate even if one of the cloud service providers experiences an outage. Which of the following explains the factor that was important to Kenji in choosing this structure?

Disaster recovery

Breanne wants to create a tunneled connection between her on-premises data center and the cloud service provider that her company uses. Which of the following would allow her to create that connection?

VPN

Cara works for a startup company that up until now has been running on a single virtual machine. The virtual machine is starting to see capacity issues and she is unable to provision more CPU and memory resources to satisfy its needs. Which of the following would allow her to expand the capacity of her company's web server?

Load balancer

Daisy is researching load balancing solutions to implement for a new application that she is tasked with designing and deploying the infrastructure for. One of the requirements is that a client should continue communicating with the same server for the duration of their web browsing session. Which of the following features should she look for in the load balancer?

Sticky sessions

Tim has three separate VPCs at the cloud service provider that his company uses. Some of the services in each of the VPCs need to communicate with some of the services in other VPCs on that same CSP. Which of the following might he implement in order to accommodate that requirement?

Cloud peering

Frederica is installing more infrastructure in her company's on-premises data center. She has installed 10 servers, but there is only one switch in the rack that the new equipment is going in. Which of the following technologies can she use to segment the servers into two groups without having to add a new switch that will also put them into separate broadcast domains?

VLAN

Greta manages the on-premises networks for her company's Atlanta and Orlando offices. She hears about a technology that will allow her to connect certain network segments in Atlanta to their counterparts in Orlando by inserting the MAC address into layer 4 for UDP transport over the Internet. What is the technology that she has heard about that she should research more about in order to implement?

VXLAN

Darnell does not want to manually assign IP addresses to clients on one of the network segments that he manages. Instead, he wants clients to obtain an IP address from a server that manages a pool of IP addresses. Which of the following technologies should he implement?

DHCP

Ingrid has configured one of the network segments to use a DHCP server to dynamically assign IP addresses. She knows that DHCP can also tell the clients the address of the server that they should use to resolve FQDNs to IP addresses. Which of the following settings should she configure?

DNS servers

Jenna's cloud service provider has just started supporting IPv6. She wants her web servers there to be accessible by both IPv4 and IPv6. Which of the following records should she add to the DNS configuration to ensure that IPv6 clients can access her company's website?

AAAA

Jordan's manager knows that he is working on implementing a VPN connection between the company's on-premises data center and the cloud service provider his company uses. The manager was concerned that Jordan used an older data link layer protocol developed by Microsoft that is no longer considered secure. Which of the following protocols was manager was concerned about?

PPTP

Lara is trying to decide on a protocol to use for a VPN to connect from one cloud service provider to another. She knows there are a variety of protocols out there that can be used for VPNs but wants to make sure she chooses one that both cloud service providers support and that can be combined with IPsec. Which of the following protocols would she most likely need to choose?

L2TP

Marissa is wanting to implement a VPN at her company but knows that some of the places the users need to connect from have issues with IPsec being used through the firewall. Which of the following protocols should she choose?

OpenVPN

Jens was recently reading about a network layer protocol that provides encryption, authentication, and key management for TCP/IP transmissions that is built into the IPv6 protocol stack. Which of the following was Jens reading about?

IPsec

Ophelia wants to create a VPN that uses SSL or TLS for the encryption. Which of the following protocols should she choose?

OpenVPN

Patti's company has just migrated the only Windows server in a particular VPC to a different VPC. Which of the following should she do next?

Disable port 3389 on the firewall of the original VPC.

Quinn is currently looking to deploy a new Microsoft SharePoint server farm, a web-based application, into its own VPC. Which of the following ports would be unnecessary for her to leave open on the firewall for usage or management purposes?

22

LeRoy has decided that the servers in one of the VPCs that he manages should only be reachable by IP address and they should not be able to perform any domain name lookups from the Internet. Which of the following ports should he disable on the firewall for that VPC?

53

Reggie is troubleshooting an issue related to an incorrectly configured load balancer. He thinks he made a mistake when he was setting up the ports but isn't quite sure if that's the root cause of the issues. Interference or errors in which of the following areas will confirm Reggie's suspicions?

Health-check protocol

Davis has been analyzing the on-premises data center and determined that the data center can handle most of the traffic on a day-to-day basis. However, there are times when the bandwidth becomes saturated, and he needs to find a solution to push the excess traffic out to virtual machines on a cloud service provider. Which of the following describes the technique he is looking to implement?

Cloud bursting

Uma has been analyzing the performance and baselines from her virtual machines that are on a cloud service provider's platform. She sees that they do not appear to be performing up to the standards that her cloud service provider guarantees. Which of the following documents outlines the standards that they are guaranteeing?

SLA

Jaysen is trying to determine whether one of the new servers he set up on the cloud service provider is reachable and online from his current workstation. Which of the following tools is he most likely trying to use?

ping

Denis is trying to determine which route's packets are traveling over when accessing his company's chosen cloud service provider. Which of the following Windows tools can help him discover that information?

tracert

Xena has noticed that traffic to her company's website has been increasing from across the world. She has decided to start deploying copies of that server to various regions and wants to direct traffic to the site that is closest to each user. Which of the following technologies could she use to do this?

GSLB

Yolanda wants to see a list of MAC addresses that one of her servers has been communicating with. Which of the following command line tools will display that information?

arp

Geoff is working on a Windows server that has two network interfaces. One is assigned an IP address by a DHCP server while the other is a static IP address. He wants to see what the current dynamic IP address is. Which of the following command line utilities can he use to view that information?

ipconfig

Adrienne wants to be able to analyze the traffic coming into a Linux server's network interface. Which of the following command line utilities will allow her to see this information?

tcpdump

Justin wants to look at the current IP configuration on a Linux server. Which of the following tools can he use to view this information? (Choose two)

ifconfig

ip

Isabel is troubleshooting a DNS issue on one of her Windows servers. Which of the following commands might let her look up the DNS records so she can track down where the problem might be?

nslookup

Olivia manages a group of Windows and Linux servers. She knows there is a command that she can use to view currently open network connections that works on both platforms. Which of the following commands will she most likely use?

netstat

Vahé is working on a Linux system and wants to determine which routers a packet will traverse when a packet is sent to a certain destination. Which of the following command line tools can he use to find that information?

traceroute

A year ago, Raj configured two servers on separate VLANs. He still needs them to remain on separate VLANs, but now has a need for them to be able to send certain communications to each other over a certain port. Which of the following will be necessary for him to do?

Create a route between the two VLANs, so they know how to contact each other.

Emily has just migrated the email from the company's on-premises data center to a cloud service provider. She has modified the appropriate A records, but e-mail isn't being delivered to the new servers. Which of the following records does she still need to modify?

MX

Laurel is selecting a VPN protocol for her company's network. This network includes a large number of users that move between wireless hotspots in the course of their jobs. User privacy is also required when using the VPN. Which protocol should Laurel consider using?

IKEv2

Colm is designating the QoS level to the messages on his corporation's network and has determined a certain type of message should be delivered exactly once when it is sent. Which QoS level should he designate these messages?

QoS 2

Rick is planning a deployment of multiple virtual machines that need to have internal IP addresses. He is unsure which address ranges he can use. He knows there is a formal document that outlines the ranges that can be used for internal addresses. Which of the following options is that formalized set of specifications?`

RFC 1918

Carl has created a virtual machine on the cloud service provider that his company uses and has given it a static private IP address. He wants to make this server is the new web server for the company's website. Which of the following is required to allow that server to perform in that role?

IG

Michonne currently manages a private cloud that has been built out in an on-premises data center. Some of the servers are reaching the end of their life, and she has been tasked with finding a solution that minimizes the amount of capital investment necessary. Which of the following might she choose to implement for her company?

VPC

Negan has been given the 10.50.0.0/16 subnet to create the cloud infrastructure necessary for a new subsidiary that his company is creating, Zombies Inc. He wants to create a minimum of 500 smaller networks that can hold 100 servers each out of that space to minimize broadcast traffic within each subnet. Which of the following CIDR masks could he use to meet his requirements?

/25

Maggie wants to create a small subnetwork for the Human Resources servers that her organization uses. There are currently 10 servers, but she also needs to plan for 50 percent growth over the next two years. Which of the following subnet masks would give her adequate IP address space while leaving the fewest number of unused IP addresses in the block?

255.255.255.240

Darryl has been given the 10.20.30.64/26 network to use for a set of virtual machines that he is provisioning on his company's private cloud. He has been told to configure the last usable IP address in the range as the gateway, or router, address. Which of the following IP addresses should he use for the gateway?

10.20.30.126

Carol has created a subnet of 10.20.30.0/27. Which of the following is the address that is used for broadcast messages within the subnet?

10.20.30.31

Morgan has hardened the virtual machines in the subnet he's just finished creating by turning off unnecessary services that were running in the background. However, he still wants to prevent unnecessary traffic from getting to the servers in the first place. Which of the following might he choose to implement in his cloud environment?

Virtual firewall

Glenn has been tasked with creating a few new virtual machines for a new project that will be used by the finance department. It will contain sensitive data about the company and its operations. Which of the following is the most important thing for Glenn to consider as he's creating the virtual machines?

Which region he is creating the virtual machines in

Enid is implementing new systems on a cloud service provider and needs to ensure that the finance systems and HR systems cannot communicate with each other without going through a virtual router. Which of the following should she implement?

Different subnets for each department

Eugene has been given the subnet 10.20.30.0/24 to use for the creation of a group of virtual machines to be used for the sales department. He is used to seeing a subnet mask in the format of four numbers separated by periods (255.255.255.0) along with the subnet ID, but isn't familiar with what the slash and a number mean after the subnet ID. He asks you to help him interpret the information. What term should you tell him to search for on a search engine to learn more about this topic?

CIDR

Ezekiel wants to ensure that several of the cloud resources he is responsible for managing are always available. Which of the following might best help him meet his goals of high availability?

Site mirroring between two or more regions

Dwight has just moved all of the Linux servers from the VPC that they shared with some Windows servers to another VPC. Which of the following does he most likely need to do?

Remove the rules that allow port 22 from the firewall to the original VPC.

Fictional Corp has just moved its web server from its on-premises data center to a cloud service provider. Which of the following most likely needs to be changed by an administrator?

DNS entries

Jadis has just created a new Linux server on the cloud service provider that her company uses. She attempts to SSH into it, and it immediately fails. Which of the following steps might she have forgotten to do?

Open port 22 on the virtual firewall

Simon was asked to create three Linux virtual machines to host the company's new sales application and database server. He is going to be using the company's cloud service provider and was given the 10.20.30.0/30 subnet to put them on. He immediately tells the person giving him this task that he cannot do what is asked of him. Why?

The /30 subnet is not large enough for 3 virtual machines.

Gabriel has been given the 10.30.0.0 network and told to use the subnet mask 255.255.248.0 for the new cloud infrastructure he is building out for the subsidiary his company just purchased. Assuming one of the IP addresses is used for a virtual router interface on that subnet, how many virtual machines could he create in each subnetwork?

2045

Tara had originally created a /28 mask for the 12 servers in the sales group server pool. However, her company has just merged with a competitor, and she needs to expand the subnet to accommodate another 20 servers. Which of the following new subnet masks will accommodate the new servers in addition to the original servers while having the fewest number of unused IP addresses remaining?

/26

Rosita has configured a subnet mask of 255.255.252.0 for the new virtual private cloud she is creating for her organization. One of the junior administrators remarks that he's never seen that kind of a subnet mask before and isn't sure how many devices the subnet would hold. How many devices should Rosita tell him that it will support?

1,022

Beth has been asked to migrate the company's virtual private clouds from class C private addresses to class B private addresses. Which of the following is a valid address for her to change the web server's IP address to?

172.30.101.50

Hershel is working with a virtual network that has the subnet mask 255.255.255.192. He changes the IP address of one of the servers from 172.16.25.183 to 172.16.25.193. What is the result of this change?

The server will no longer be able to communicate with the devices on the subnetwork that it was previously in without the aid of a router.

Clarke is trying to come up with a subnet mask so that three servers with the IP addresses 172.16.31.10, 172.16.30.15, and 172.16.31.206 are in the same network. Which of the following subnet masks will accommodate this requirement?

255.255.254.0

Bellamy has been asked to configure the virtual router interface for the subnetwork that contains the server with IP address 172.19.101.200 and subnet mask of 255.255.255.128. He is asked to use the first usable IP address of the subnet. Which of the following IP addresses should he use?

172.19.101.129

Octavia has set up a private cloud with a virtual machine at the IP address 172.19.101.5 and the subnet mask 255.255.255.192. She has been asked what the broadcast IP address is for the network. How should she respond?

172.19.101.63

Lexa has been asked for the subnet ID and subnet mask in CIDR notation for one of the web servers in the company's private cloud. The web server has an IP address of 192.168.1.200 and a subnet mask of 255.255.255.192. What should she tell them?

192.168.1.192/26

Finn needs to create multiple virtual networks using a /28 mask. How many devices can he put on each subnet?

14

Jasper was given the IP address of 10.17.101.120/15 for the virtual machine he is to create along with the default gateway of 10.0.0.1. He enters the IP address correctly along with the subnet mask 255.254.0.0. However, the virtual machine doesn't appear to be able to communicate with the Internet when he tries to ping a popular domain name. Which of the following might be the reason why?

The default gateway is incorrect.

Raven has been asked to configure the web server with a specific public class B IP address. Which of the following is a possible address she was given?

172.16.172.16

Marcus has been asked to configure a web server with a specific private class C IP address. Which of the following is a possible address she was given?

192.168.205.63

Thelonius has just created a new virtual machine. By default, the cloud service provider automatically configured it as part of a class C private network. Which of the following is the default subnet mask expressed in CIDR notation that was configured?

/24

Abby has just created a new virtual machine. Once it has been installed, she connects to it and finds that it has configured the default subnet mask for a class A network. Which of the following subnet masks was automatically configured for this server?

255.0.0.0

Which GCP segment type is the largest?

Region

A network administrator is configuring a VPC in GCP, and manually enters the routes into a routing table. What kind of routing is this considered?

Static routing

What is one difference in the virtual private clouds (VPCs) created by GCP and those created by other cloud providers?

GCP VCPs are global by default

In a cloud environment, which device might be arranged at the presentation tier of a basic three-tier infrastructure?

A user's smartphone

Tyrion wants to use a virtual firewall to filter the types of traffic that are allowed or not allowed into a virtual private cloud instance he has created on the cloud service provider his company uses. Which of the following can he use to accomplish this goal?

NACL

Samwell wants to create a lightly protected subnet within the VNet that acts as a filter between the Internet and the other internal network resources. Which of the following describes the type of subnet that he is looking to deploy?

DMZ

Arya is looking to install a security appliance that is designed to detect applications and other resources running within the domain and monitor them according to her organization's policies. Which of the following would she want to implement?

CASB

Cersei wants to protect the application servers within her cloud deployment by implementing granular control of the traffic and workflows in the deployment. Which of the following would she implement?

Microsegmentation

Sansa has moved the only Linux server within VPC1 to the Linux-only VPC15. The remaining servers in VPC1 all run Windows Server. Which of the following should she do on the firewall for VPC1?

Disable port 22

Jon recently returned from an IT conference where he learned about a technology that could alert the administrators to any intrusions that may occur by installing software on each of the servers within the cloud deployment. Unfortunately, this particular system wouldn't stop the intrusion automatically. Which of the following technologies did he learn about?

HIDS

Khal has set up a new web server on the company's private cloud. He has installed the security certificate necessary so that the application can be accessed by HTTPS. He isn't overly familiar with how these certificates work, so he decides to read up on the details. He learns that there is a pair of keys used to encrypt and decrypt the initial communications. Which of the following is the key that does not get sent to the browser?

private key

Bran has recently learned about the CIA triad. He knows that encryption is important to a variety of things within his organization's infrastructure. One of those is the ability to ensure that data being transmitted across the network cannot be modified undetected. Which of the following tenets of the CIA triad supports this idea?

Integrity

Joffrey is about to deploy a new web server. He wants to ensure that when a user accesses the server, that their web browsing session is encrypted between the browser and the server. Which of the following should he use with the web server to provide this functionality?

TLS

Theon wants to transfer some files to one of the Linux servers that he manages. Which of the following would ensure that the transmissions are secure while not relying on SSL/TLS for the encryption?

SFTP

Gendry has been learning more about security within the cloud after hearing that it is a hot topic within the IT industry. He starts reading up on SHA-3 being used for hashing. Which of the following best describes SHA-3?

Cipher

Eddard wants to install a VM running in the perimeter network that provides antivirus/anti-malware capabilities for the rest of the network. Which of the following describes the type of VM that he wants to install?

NVA

Missandei's manager has asked her to implement microsegmentation for her company's cloud deployment. She wasn't overly familiar with this term and upon researching came across the reasoning to implement this as being that nothing should be trusted in a cloud environment and every system, communication, and user is considered a threat until proven otherwise. Which of the following concepts does this describe?

Zero-trust security model

Davos has been reading about encryption recently. He begins to wonder how anything can be secure if everyone is using the same set of algorithms. After all, anyone using the same algorithm would be able to decrypt anything that had been encrypted using that algorithm. Which of the following helps make the data unusable by anyone else using that same encryption scheme without having this information?

Key

Tormund has created a set of firewall rules and has noticed that when there is traffic that matches a rule, the traffic allowed in one direction automatically allows traffic in the other direction for an active connection as long as there is at least one message going in either direction within 10 minutes. What is the name of that type of firewall?

Stateful

Shae wants to implement antivirus in her cloud environments. Where should she look at installing this protection to be most effective?

All of the other options are correct

(a. Inside the DMZ

b. On each host of the network

c. On the e-mail server)

Stannis wants to block any traffic that uses insecure protocols from entering his VPC. Which of the following might he use to accomplish that goal?

Firewall

Hodor has a VPC that is only accessed by IP address and does not do any DNS lookups for any of the applications that it runs. Which of the following rules should he add to the firewall?

Deny port 53

Podrick wants to implement a technology on the company's servers that will detect any intrusions as well as implement rules or other methods to immediately stop traffic that appears to be an intrusion. Which of the following is he looking to install?

HIPS

Tommen is doing an audit and finds that the firewall still includes some rules for some Windows servers that no longer exist in a VPC. The remaining servers all run a variant of Linux. Which of the following rules should he delete from the firewall?

Allow port 3389

Walder is reviewing the logs and sees a spike in overnight activity by one of the user accounts that he knows the employee left the organization over a month ago. Which of the following is most likely the cause of these logins?

Failure to properly deactivate accounts

Brienne is trying to access one of her company's websites but gets an error message about not being able to trust the website. Which of the following has most likely occurred?

The site's certificate has expired

Jamie is head of security at his company and has gotten an alert from the monitoring system that the web servers are receiving a sudden spike in traffic from a number of foreign IP addresses. This is causing the website to run very slow or return errors to some users. Which of the following is most likely occurring?

DDoS attack

Bronn is examining the log files and notices a constant stream of traffic initializing sessions to an FTP server coming from a single IP address. Which of the following is most likely occurring?

DoS attack

Petyr has been called into Fictional Corp to perform a security audit of their systems. One of the things that he notes on his report is that the sales department is using FTP to remotely upload scanned copies of physical order sheets from customers. Why is this an issue?

FTP is considered insecure

Jorah is performing an analysis of some of the systems and protocols his company uses. Which of the following, if found in use, should he recommend discontinuing? (Select all that apply)

Telnet, FTP

Gilly is walking down the hallway at her office when she notices someone in a delivery uniform carrying boxes down the hall without an escort. She also doesn't see a visitor's badge, which is supposed to be clipped to a visitor's collar. Which of the following might have just occurred?

Unauthorized physical access