Flashcards in Topic 2: Network Operations Deck (29)
A company is experiencing accessibility issues reaching services on a cloud-based system. Which of the following monitoring tools should be used to locate possible outages?
A. Network analyzer
B. Packet analyzer
C. Protocol analyzer
D. Network sniffer
Explanation: A network analyzer is a useful tool, helping you do things like track traffic and malicious usage on the network.
Company policies require that all network infrastructure devices send system level information to a centralized server. Which of the following should be implemented to ensure the network administrator can review device error information from one central location?
A. TACACS+ server
B. Single sign-on
C. SYSLOG server
D. Wi-Fi analyzer
Explanation: Syslog is a protocol designed to send log entries generated by a device or process called a facility across an IP network to a message collector, called a syslog server. A syslog message consists of an error code and the severity of the error. A syslog server would enable the network administrator to view device error information from a central location.
After a recent breach, the security technician decides the company needs to analyze and aggregate its security logs. Which of the following systems should be used?
A. Event log
Explanation: Using a Security information and event management (SIEM) product, the security logs can be analyzed and aggregated. SIEM is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes. SIEM capabilities include Data aggregation; Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.
A technician would like to track the improvement of the network infrastructure after upgrades. Which of the following should the technician implement to have an accurate comparison?
A. Regression test
B. Speed test
D. Statement of work
Explanation: In networking, baseline can refer to the standard level of performance of a certain device or to the normal operating capacity for your whole network. High-quality documentation should include a baseline for network performance, because you and your client need to know what “normal” looks like in order to detect problems before they develop into disasters. A network baseline delimits the amount of available bandwidth available and when. For networks and networked devices, baselines include information about four key components:
It has been determined by network operations that there is a severe bottleneck on the company's mesh topology network. The field technician has chosen to use log management and found that one router is making routing decisions slower than others on the network. This is an example of which of the following?
A. Network device power issues
B. Network device CPU issues
C. Storage area network issues
D. Delayed responses from RADIUS
Explanation: Network processors (CPUs) are used in the manufacture of many different types of network equipment such as routers. Such a CPU on a router could become bottleneck for the network traffic. The routing through that device would then slow down.
A network technician receives the following alert from a network device: "High utilizations threshold exceeded on gi1/0/24 : current value 9413587.54"
Which of the following is being monitored to trigger the alarm?
A. Speed and duplex mismatch
B. Wireless channel utilization
C. Network device CPU
D. Network device memory
E. Interface link status
Explanation: This is an error message that indicates that threshold of high utilization of network interface, in this case interfacegi1/0/24, has been exceeded. The message has been triggered on the interface link status. Note: gi1/0 would be a gigabyte interface.
The administrator's network has OSPF for the internal routing protocol. One port going out to the Internet is congested. The data is going out to the Internet, but queues up before sending. Which of the following would resolve this issue?
Fast Ethernet 0 is up, line protocol is up
Int ip address is 10.20.130.5/25
MTU 1500 bytes, BW10000 kbit, DLY 100 usec
Reliability 255/255, Tx load 1/255, Rx load 1/255
Encapsulation ospf, loopback not set
Keep alive 10
Half duplex, 100Mb/s, 100 Base Tx/Fx
Received 1052993 broadcasts
0 input errors
983881 packets output, 768588 bytes
0 output errors, 0 collisions, 0 resets
A. Set the loopback address
B. Change the IP address
C. Change the slash notation
D. Change duplex to full
Explanation: From the output we see that the half-duplex is configured. This would not use the full capacity of ports on the network. By changing to full duplex the throughput would be doubled. Note: All communications are either half-duplex or full-duplex. During half-duplex communication, a device can either send communication or receive communication, but not both at the same time. In full-duplex communication, both devices can send and receive communication at the same time. This means that the effective throughput is doubled and communication is much more efficient.
The RAID controller on a server failed and was replaced with a different brand. Which of the following will be needed after the server has been rebuilt and joined to the domain?
A. Vendor documentation
B. Recent backups
C. Physical IP address
D. Physical network diagram
Explanation: If the RAID controller fails and is replaced with a RAID controller with a different brand the RAID will break. We would have to rebuild a new RAID disk, access and restore the most recent backup to the new RAID disk. Note: RAID controller is a hardware device or software program used to manage hard disk drives (HDDs) or solid-state drives (SSDs) in a computer or storage array so they work as a logical unit. In hardware-based RAID, a physical controller is used to manage the RAID array.
An administrator reassigns a laptop to a different user in the company. Upon delivering the laptop to the new user, the administrator documents the new location, the user of the device and when the device was reassigned. Which of the following BEST describes these actions?
A. Network map
B. Asset management
C. Change management
Explanation: Documenting the location, the user of the device and the date of the reassignment would be part of the asset management. The best way to keep track of your computers and their configurations is to document them yourself. Large enterprise networks typically assign their own identification numbers to their computers and other hardware purchases as part of an asset management process that controls the entire life cycle of each device, from recognition of a need to retirement or disposal.
A network technician is diligent about maintaining all system servers' at the most current service pack level available. After performing upgrades, users experience issues with server-based applications. Which of the following should be used to prevent issues in the future?
A. Configure an automated patching server
B. Virtualize the servers and take daily snapshots
C. Configure a honeypot for application testing
D. Configure a test lab for updates
Explanation: To prevent the service pack issues make sure, before going ahead and applying a new Service Pack in your production environment, to validate them in a test/lab environment first.
A system administrator has been tasked to ensure that the software team is not affecting the production software when developing enhancements. The software that is being updated is on a very short SDLC and enhancements must be developed rapidly. These enhancements must be approved before being deployed. Which of the following will mitigate production outages before the enhancements are deployed?
A. Implement an environment to test the enhancements.
B. Implement ACLs that only allow management access to the enhancements.
C. Deploy an IPS on the production network.
D. Move the software team's workstations to the DMZ.
Explanation: Environments are controlled areas where systems developers can build, distribute, install, configure, test, and execute systems that move through the Software Development Life Cycle (SDLC). The enhancements can be deployed and tested in a test environment before they are installed in the production environment.
A system administrator wants to update a web-based application to the latest version. Which of the following procedures should the system administrator perform FIRST?
A. Remove all user accounts on the server
B. Isolate the server logically on the network
C. Block all HTTP traffic to the server
D. Install the software in a test environment
Explanation: We should test the new version of the application in a test/lab environment first. This way any potential issues with the new software would not affect the production environment. Set up a test lab on an isolated network in your organization. Do not set up your test lab in your production environment.
Network segmentation provides which of the following benefits?
A. Security through isolation
B. Link aggregation
C. Packet flooding through all ports
D. High availability through redundancy
Explanation: Network segmentation in computer networking is the act or profession of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security through isolation.
Advantages of network segmentation: Improved security: Broadcasts will be contained to local network. Internal network structure will not be visible from outside.
Reduced congestion: Improved performance is achieved because on a segmented network there are fewer hosts per subnetwork, thus minimizing local traffic.
Containing network problems: Limiting the effect of local failures on other parts of network
After a company rolls out software updates, Ann, a lab researcher, is no longer able to use lab equipment connected to her PC. The technician contacts the vendor and determines there is an incompatibility with the latest IO drivers. Which of the following should the technician perform so that Ann can get back to work as quickly as possible?
A. Reformat and install the compatible drivers.
B. Reset Ann's equipment configuration from a backup.
C. Downgrade the PC to a working patch level.
D. Restore Ann's PC to the last known good configuration.
E. Roll back the drivers to the previous version.
Explanation: By rolling back the drivers Ann would be able to use her lab equipment again. To roll back a driver in Windows means to return the driver to the version that was last installed for the device. Rolling back a driver is an easy way to return a driver to a working version when a driver update fails to fix a problem or maybe even causes a new problem. Think of rolling back a driver as a quick and easy way to uninstall the latest driver and then reinstall the previous one, all automatically.
Which of the following requires the network administrator to schedule a maintenance window?
A. When a company-wide email notification must be sent.
B. A minor release upgrade of a production router.
C. When the network administrator's laptop must be rebooted.
D. A major release upgrade of a core switch in a test lab.
Explanation: During an update of a production router the router would not be able to route packages and the network traffic would be affected. It would be necessary to announce a maintenance window. In information technology and systems management, a maintenance window is a period of time designated in advance by the technical staff, during which preventive maintenance that could cause disruption of service may be performed.
A company has implemented the capability to send all log files to a central location by utilizing an encrypted channel. The log files are sent to this location in order to be reviewed. A recent exploit has caused the company's encryption to become unsecure. Which of the following would be required to resolve the exploit?
A. Utilize a FTP service
B. Install recommended updates
C. Send all log files through SMTP
D. Configure the firewall to block port 22
Explanation: If the encryption is unsecure then we must look for encryption software updates or patches. If they are available we must install them. As vulnerabilities are discovered, the vendors of the operating systems or applications often respond by releasing a patch. A patch is designed to correct a known bug or fix a known vulnerability in a piece of software. A patch differs from an update, which, in addition to fixing a known bug or vulnerability, adds one or more features to the software being updated.
An outside organization has completed a penetration test for a company. One of the items on the report is reflecting the ability to read SSL traffic from the web server. Which of the following is the MOST likely mitigation for this reported item?
A. Ensure patches are deployed
B. Install an IDS on the network
C. Configure the firewall to block traffic on port 443
D. Implement a VPN for employees
Explanation: As vulnerabilities are discovered, the vendors of the operating systems or applications often respond by releasing a patch. A patch is designed to correct a known bug or fix a known vulnerability, such as in this case to be able to read SSL traffic, in a piece of software. A patch differs from an update, which, in addition to fixing a known bug or vulnerability, adds one or more features to the software being updated.
A company has had several virus infections over the past few months. The infections were caused by vulnerabilities in the application versions that are being used. Which of the following should an administrator implement to prevent future outbreaks?
A. Host-based intrusion detection systems
B. Acceptable use policies
C. Incident response team
D. Patch management
Explanation: As vulnerabilities are discovered, the vendors of the operating systems or applications often respond by releasing a patch. A patch is designed to correct a known bug or fix a known vulnerability, such as in this case to be vulnerable to virus infections, in a piece of software. A patch differs from an update, which, in addition to fixing a known bug or vulnerability, adds one or more features to the software being updated.
Which of the following protocols must be implemented in order for two switches to share VLAN information?
Explanation: The VLAN Trunking Protocol (VTP) allows a VLAN created on one switch to be propagated to other switches in a group of switches (that is, a VTP domain).
A technician is setting up a new network and wants to create redundant paths through the network. Which of the following should be implemented to prevent performance degradation?
A. Port mirroring
B. Spanning tree
C. ARP inspection
Explanation: The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.
A training class is being held in an auditorium. Hard-wired connections are required for all laptops that will be used. The network technician must add a switch to the room through which the laptops will connect for full network access. Which of the following must the technician configure on a switch port, for both switches, in order to create this setup?
B. Split horizon
Explanation: We should use trunk ports to set up a VLAN for the laptops that will be used in the auditorium. A trunk port is a port that is assigned to carry traffic for all the VLANs that are accessible by a specific switch, a process known as trunking. Trunk ports mark frames with unique identifying tags – either 802.1Q tags or Interswitch Link (ISL) tags – as they move between switches. Therefore, every single frame can be directed to its designated VLAN.
A desktop computer is connected to the network and receives an APIPA address but is unable to reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet are able to reach the Internet. Which of the following is MOST likely the source of the problem?
A. 802.1q is not configured on the switch port
B. APIPA has been misconfigured on the VLAN
C. Bad SFP in the PC's 10/100 NIC
D. OS updates have not been installed
Explanation: APIPA addresses are self-configured and are used when the client is unable to get proper IP configuration from a DHCP server. One possible source of this problem is that switch port, to which the computer is connected, is misconfigured. The 802.1q protocol is used to configure VLAN trunking on switch ports.
Which of the following communication technologies would MOST likely be used to increase bandwidth over an existing fiber optic network by combining multiple signals at different wavelengths?
C. 50 ADSL
Explanation: Dense wavelength-division multiplexing (DWDM) is a high-speed optical network type commonly used in MANs (metropolitan area networks). DWDM uses as many as 32 light wavelengths on a single fiber, where each wavelength can support as many as 160 simultaneous transmissions using more than eight active wavelengths per fiber.
When two or more links need to pass traffic as if they were one physical link, which of the following would be used to satisfy the requirement?
A. Port mirroring
Explanation: The Link Aggregation Control Protocol (LACP) enables you to assign multiple physical links to a logical interface, which appears as a single link to a route processor.
A technician is configuring a managed switch and needs to enable 802.3af. Which of the following should the technician enable?
B. Port bonding
Explanation: Power over Ethernet (PoE) is defined by the IEEE 802.3af and 802.3at standards. PoE allows an Ethernet switch to provide power to an attached device (for example, a wireless access point, security camera, or IP phone) by applying power to the same wires in a UTP cable that are used to transmit and receive data.
A technician has finished configuring AAA on a new network device. However, the technician is unable to log into the device with LDAP credentials but is able to do so with a local user account. Which of the following is the MOST likely reason for the problem?
A. Username is misspelled is the device configuration file
B. IDS is blocking RADIUS
C. Shared secret key is mismatched
D. Group policy has not propagated to the device
Explanation: AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems. Authentication, authorization, and accounting (AAA) allows network to have a single repository of user credentials. A network administrator can then, for example, supply the same credentials to log in to various network devices (for example, routers and switches). RADIUS and TACACS+ are protocols commonly used to communicate with an AAA server.
Multiple students within a networking lab are required to simultaneously access a single switch remotely. The administrator checks and confirms that the switch can be accessed using the console, but currently only one student can log in at a time. Which of the following should be done to correct this issue?
A. Increase installed memory and install a larger flash module.
B. Increase the number of VLANs configured on the switch.
C. Decrease the number of VLANs configured on the switch.
D. Increase the number of virtual terminals available.
Explanation: You can set a limit of how many virtual terminals that can simultaneously be connected to a switch. Here the limit is set to one, and we should increase it. For a Cisco network device: You can use virtual terminal lines to connect to your Cisco NX-OS device, for example a switch.
Secure Shell (SSH) and Telnet create virtual terminal sessions. You can configure an inactive session timeout and a maximum sessions limit for virtual terminals. session-limit sessions Example: switch(config-line)# session-limit 10 Configures the maximum number of virtual sessions for the Cisco NX-OS device. The range is from 1 to 64.
A company is experiencing very slow network speeds of 54Mbps. A technician has been hired to perform an assessment on the existing wireless network. The technician has recommended an 802.11n network infrastructure. Which of the following allows 802.11n to reach higher speeds?
Explanation: One way 802.11n achieves superior throughput is through the use of a technology called multiple input, multiple output (MIMO). MIMO uses multiple antennas for transmission and reception.