Combo with Monitoring and 8 others

You are concerned about attacks directed against your firewall on your network. You would like to examine the content of individual frames sent to the network.
Which tool should you use?
Packet sniffer.
You have installed a new application on a network device. During testing, it appears as if the software is causing other services running on the device to stop responding.
Which tool should you consult to identify the problem?
Application log.
You manage a firewall that connects your private network to the Internet. You would like to see a record of every packet that has been rejected by the firewall in the past month.
Which tool should you use?
Event log.
You connect a packet sniffer to a switch to monitor frames on your local area network. However, the packet sniffer is only able to see broadcast frames and frames addressed specifically to the host device.
Which feature should you enable on the switch so you can see frames from all devices connected to the switch?
Mirroring.
You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device.
Which tool should you use?
Protocol analyzer.
You decide to use a packet sniffer to identify the type of traffic sent to the router. You run the packet sniffing software on a device which is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router.
When you run the software, you only see frames addressed to the four workstations but not to the router.
Which feature should you configure?
Mirroring.
You have a Web site that customers use to view product information and place orders. You would like to identify the maximum number of simultaneous sessions that this server can maintain before the performance is negatively impacted.
Which tool should you use?
Load tester.
You have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B.
On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B.
What should you do?
Run the packet sniffer application on Host B.
You have a WAN link that connects two sites. The WAN link is supposed to provide 1.5 Mbps of bandwidth. You want to perform a test to see the actual bandwidth of the link.
Which tool should you use?
Throughput tester.
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffer software on a device which is connected to the same hub that is connected to the router.
When you run the software, you only see frames addressed to the workstation and not other devices.
Which feature should you configure?
Promiscuous mode.
You want to know what protocols are being used on your network. You’d like to monitor network traffic and sort traffic based on protocol.
Which tool should you use?
Packet sniffer.
You are troubleshooting the connection of a computer in an office to punchdown block in the distribution closet. Which document would you consult to identify the termination of the cable on the punchdown block based on the wall jack location in the office?
Wiring schematic.
Which of the following information are you likely to find in a policy document?
A requirement for using encrypted communication for Web transactions.
In troubleshooting a router, you want to identify which other devices are connected to the router, as well as the subnet addresses of each connected subnet.
Which type of document would most likely have this information?
Network diagram.
You need to find out what kind of laws might apply to the design and operation of your network. Which type of document would you consult?
Regulation.
You are troubleshooting a workstation connection to the network. During your troubleshooting, you move the cable in the wiring closet to a different port on the patch panel.
Which type of document should you update?
Wiring schematic.
Which of the following information are you likely to find in a procedure document?
Details on how to test and deploy patches.
You are troubleshooting a workstation to the network. During your troubleshooting, you replace the drop cable connecting the computer to the network.
Which type of document should you update?
Change documentation.
You are in the habit of regularly monitoring performance statistics for your devices. You find that this month a specific server has averaged a higher number of active connections than last month.
Which type of document should you update to reflect the change?
Baseline.
Which of the following documents would likely identify that drop cables on your network use the T568A standard?
Wiring schematic.
Which type of documentation would you consult to find the location of RJ-45 wall jacks and their endpoints in the intermediate distribution closet?
Wiring schematic.
You are concerned about the amount of traffic that passed through a router on your network. You want to see how the amount of traffic has changed over time.
Which document would help in identifying past average network traffic?
Baseline.
A new law was recently passed that states that all businesses must keep a history of all e-mails sent between members of the board of directors. You need to ensure that your organization complies with the law.
Which document type would you update first in response to this new law?
Policy.
You want to make sure that the correct ports on a firewall have been opened or closed. Which document should you check?
Configuration documentation.
Because of an unexplained network slowdown on your network, you decide to install monitoring software on several key network hosts to locate the problem. You will then collect and analyze the data from a central network host.
What protocol will the software use to detect the problem?
SNMP.
Which protocol uses traps to send notifications from network devices?
SNMP.
Which of the following protocols or services would you associate with Windows Remote Desktop Services network traffic?
RDP.
You are an administrator for a large company. You are setting up a computer at a worker’s house so he can telecommute while he recovers from surgery. You want to connect to the UNIX server at the office to update his account information
Which utility should you use to accomplish this task?
Telnet.
You manage a server at work that has just been configured with a new application. Consequently, the server has crashed several times during the last week. You think you have the problem resolved, but you would like to be able to manage the server remotely in case there is a problem.
Which of the following protocols would you use for remote management?q
VNC.
ICA.
Which of the following features dynamically places switch ports in blocking or forwarding states
Spanning Tree.
Angela is the network administrator for a rapidly growing company with a 100BaseT network. Users have recently complained about slow file transfers. In a check of network traffic, Angela discovers a high number of collisions.
Which connectivity device would best reduce the number of collisions and provide future growth?
Switch.
QoS provides which of the following on a network?
Reduces latency of time-sensative traffic.
Which of the following devices accept incoming client requests and distributes those requests to specific servers?
Load balancer.
You manage a small network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternative path is available.
Which feature should you switch support?
Spanning tree.
Which of the following solutions are most likely implemented with VoIP to ensure timely deliver of voice data?
QoS.
Traffic shaper.
You have a Web server on your network that hosts the public Web site for your company. You want to make sure that the Web site will continue to be available even in a NIC, hard drive, or other problem prevents the server from responding.
Which solution should you implement?
Load balancing.
What is the purpose of using Ethernet bonding?
Provides a fail over solution for network adapters.
Increases network performance.
You have a Web server on your network that hosts the public Web site for your company. You want to make sure that a failure of the NIC in the server does not prevent the Web site from being accessible on the Internet.
Which solution should you implement?
Ethernet bonding.
You have a Web site that uses multiple servers for different types of transactions. For example, one server is responsible for static Web content, while another is responsible for secure transactions.
You would like to implement a device to speed up access to your Web content. The device should be able to distribute requests between various Web servers using specialized hardware and not just a software configuration. In addition, SSL sessions should use the hardware components in the device to create the SSL sessions.
Which type of device should you choose?
Content switch.
You want to reduce collisions by creating separate collision domains and virtual LANs Which of the following devices should you choose?
Switch.
Which of the following devices does NOT segment the network?
Hub
You manage a server that runs your company Web site. The Web server has reached its capacity, and the number of client requests is greater than the server can handle.
You would like to find a solution so that the static Web content can be offloaded to a different server, while the Web server continues to process dynamic content.
Which solution should you implement?
Proxy Server.
You manage a server that runs your company Web site. The Web site includes streaming video that shows features of some of your products.
The link connecting your server to the Internet charges based on bandwidth use. When the bandwidth spikes, so does your bill. You would like to implement a solution to prevent the amount of traffic sent over the WAN link from exceeding a specific level.
Which solution should you implement?
Traffic shaper.
You have a network server with two network interface cards. You want both network adapters to be used at the same time to connect the same network to double the amount of data the server can send.
Which feature would you use?
Ethernet bonding.
Your network conducts training sessions for high-profile clients. As part of the training, clients connect to get a video feed of the instructor and other class activities. You want to make sure that the video traffic related to the training is not delayed on the network.
Which solution should you implement?
QoS.
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches.
Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning tree.
A switch receives a frame addressed to the MAC address FF:FF:FF:FF:FF:FF. What will the switch do with the frame?
Send it out all ports except for the port it was received on.
You manage a server that runs your company Web site. The Web server has reached its capacity, and the number of client requests is greater than the server can handle.
You would like to find a solution so that the second server can respond to requests for Web site content.
Which solution should you implement?
Load balancing.
Which of the following allows you to save frequently accessed Web sites on your local network for later retrieval?
Proxy.
Which of the following devices is capable of performing routing of IP packets at wire speeds using an ASIC module instead of the CPU or software?
Layer 3 switch
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services.
Which tool should you use?
Port scanner.
Which of the following devices is capable of detecting and responding to security threats?
IPS.
Which of the following functions can a port scanner provide?
Determine which ports are open on a firewall.
Discover unadvertised servers.
Which of the following devices can monitor a network and detect potential security attacks?
IDS.
You are concerned about protecting your network from network-based attacks from the Internet. Specifically, you are concerned about “zero day” attacks (attacks that have not yet been identified or that do not have prescribed protections).
Which type of device should you use?
Anomaly based IDS>
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?
Signature based.
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack
Which tool should you use?
IPS.
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices.
You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.
Which solution should you implement?
Host based IDS.
What is the most common form of based IDS that employs signature or pattern matching detection methods?
Anti-virus software.
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?
IDS.
What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?
IDS.
What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack?
An alert is generated and delivered via Email, the console, or an SNMP trap.
The IDS logs all pertinent data about the intrusion.
Which of the following are improvements to SNMP that are included within SNMP version 3?
Authentication for agents and managers.
Encryption of SNMP messages.
Which protocol does HTTPS use to offer greater security for Web transactions?
SSL.
Talnet is inherently insecure because its communication is in plain text and is easily interpreted. Which of the following is an acceptable alternative to Talnet?
SSH.
Which of the protocols is used for securely browsing a Web site?
HTTPS
You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration.
What should you do?
Implement version 3 of SNMP.
Which of the following protocols can be used to securely manage a network device from a remote connection?
SSH.
Which of the following protocols are often added to other protocols to provide secure transmission of data?
TLS.
SSL.
Which of the following connectivity hardware is used to create a VLAN?
Switch.
You run a small network for your business that has a single router connected to the Internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer.

What should you use for this situation?

VLAN
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch.
You want to make sure that visitors cannot plug their computers to the free network and connect to the network. However, employees who plug into those same jacks should be able to connect to the network.
What feature should you configure?
Port authentication.
You manage a network that uses a single switch. All ports within your building connect through the single switch.
In the lobby of your building are three RJ-45 ports connected to a switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access.
Which feature should you implement?
VLANs.
Which type of device is required to implement port authentication throughout a switch?
RADIUS server.
Which of the following best describes the concept of virtual LAN?
Devices on the same network logically grouped as if they were on separate networks.
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches.
Which feature allows the switches to pass VLAN traffic between the switches?
Trunking.
You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports.
You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch also in VLAN 1.
What should you configure to allow communication between these two devices through the switches?
Trunking.
Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access.
You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?
VLAN.
You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports.
You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the same switch which is in VLAN 2.
What should you configure so that the two devices can communicate?q
Routing.
When configuring VLANs on a switch, what is used to identify VLAN membership of a device?
Switch port.
Which switch features are typically used with VoIP
VLAN.
PoE.
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?
Trunk ports.
Which of the following do switches and wireless access points use to control access through the device?
MAC filtering.
Which of the following authentication protocols uses a three-way handshake to authenticate users to the network?
CHAP.
MS-CHAP.
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?
Ticket.
Which of the following authentication methods uses tickets to provide single sign-on?
Kerberos.
You want to increase the security of your network by allowing authenticated users to be able to access network devices through a switch.
Which of the following should you implement?
802.1x
Which of the following is a feature of MS CHAP v2 that is not included in CHAP?
Mutual authentication.
Which of the following is a mechanism for granting and validating certificates?
PKI
Which of the following are used when implementing Kerberos for authentication and authorization?
Ticket granting server.
Time server.
You want to implement an authentication method that uses public and private key pairs. Which authentication method should you use?
EAP.
You have been contracted by a firm to implement a new remote access solution based on a Windows Server 2003 system. The customer wants to purchase and install a smartcard system to provide a high level of security to the implementation.
Which of the following authentication protocols are you most likely to recommend to the client?
EAP.
Which of the following applications typically uses 802.1x authentication?
Controlling access through a wireless access point.
Controlling access through a switch.
You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL.
Which method would you use to get a certificate for the server?
Obtain a certificate from a public PKI.