Chapter 8 Material - Network Services

Question 1

1. Your company hosts its own web server, and it allows consumers to make purchases via
   the server. The help line has been getting complaints that users are unable to access the website. You open the site from an internal workstation and it seems fine. What is the most likely cause?

A. The firewall is blocking TCP port 23.
B. The firewall is blocking TCP port 443.
C. The security module of the web server is malfunctioning.
D. The web server is down.

Answer 1

1. B. For secure transactions, the web server will be using HTTPS, which uses port 443. If the website works from an internal workstation, then the server is fine. It’s most likely that the firewall is blocking inbound traffic on port 443. Port 23 is Telnet.

Question 2

2. Your manager wants you to install a networked Internet appliance that prevents network traffic-based attacks and includes antimalware and antispam software. What should you install?

A. Spam gateway
B. Load balancer
C. UTM
D. Proxy server

Answer 2

2. C. It sounds like the manager wants a unified threat management (UTM) device. They are
   designed to be one-stop network protection devices. Spam gateways will help with spam email but not other malware. A load balancer spreads work around to multiple servers. A proxy server fulfills requests for clients.

Question 3

3. You are installing a file server for the accounting department. Where should this file server be located on the network?

A. Outside of the firewall
B. In the screened subnet
C. In the secure network
D. On the router

Answer 3

3. C. If the data on the server does not need to be accessed via the Internet, then the server
   should be in the most secure place possible, which is inside the firewall(s) in the secure net- work. The screened subnet is also behind a firewall, but by nature will be partially open to the outside world, so it’s not as secure as the internal network.

Question 4

4. Which of the following are services that a print server should provide? (Choose two.)

A. Accepting print jobs from clients
B. Turning off printers on demand
C. Providing clients with the appropriate printer driver during installation
D. Notifying users when the print job is complete

Answer 4

4. A, C. Print servers should make printers available to clients and accept print jobs. They also
   process print jobs and manage print priorities. Finally, they provide client computers with the right print drivers when the clients attempt to install the printer. They do not turn printers off on demand nor provide notification that a job has been printed.

Question 5

5. Which type of server is responsible for preventing users from accessing websites with objec- tionable content?

A. Proxy
B. Web
C. DHCP
D. DNS

Answer 5

5. A. A proxy server can be configured to block access to websites that contain potentially
   dangerous or inflammatory material. Web servers host web pages, some of which may have objectionable content. DHCP servers provide clients with IP addresses, and DNS servers resolve host names to IP addresses.

Question 6

6. What does a DHCP server need to be configured with to operate properly?

A. DNS server
B. Scope
C. Range
D. DHCP relay agent

Answer 6

6. B. Every DHCP server needs to have a scope, which is the range of addresses available to clients, as well as other options that it can give to client computers. A DHCP server can optionally provide clients with the address of a DNS server. There is no DHCP range. A DHCP relay agent is a system configured on a subnet with no DHCP server that relays DHCP requests to the DHCP server.

Question 7

7. When configuring a DNS server, administrators must create which of the following?

A. Zone file
B. Hosts file
C. Scope file
D. DNS proxy

Answer 7

7. A. DNS server records are contained in the zone file, which must be configured by adminis- trators. A hosts file is an alternative to using DNS (but that does not work well when scaling to the Internet). A scope is created on DHCP servers. There is no DNS proxy.

Question 8

8. You are configuring two email servers on your company’s network. Which network protocol
   do the servers use to transfer mail to each other?

A. POP3
B. IMAP4
C. SNMP
D. SMTP

Answer 8

8. D. Simple Mail Transfer Protocol (SMTP) is used to transfer (send) email between servers. POP3 and IMAP4 are used to download (receive) email. SNMP is Simple Network Management Protocol and not related to email.

Question 9

9. You have five web servers that manage requests for online purchases. An administrator
   notices that one of the servers is always busy while another is idle, and the company is get- ting some online complaints about the slow website. Which of the following servers will help fix this?

A. DNS
B. DHCP
C. Proxy
D. Load balancer

Answer 9

9. D. A load balancer can spread the work around to multiple servers. It accepts the inbound
   request and then sends it to the most appropriate web server. DNS resolves host names to IP addresses. DHCP provides IP configuration information. A proxy makes requests (usually outbound) on behalf of clients.

Question 10

10. A computer using which of the following would be considered a legacy device? (Choose all that apply.)

A. A 386 processor
B. The IPX/SPX protocol
C. An application developed in 1983
D. 1 GB of RAM

Answer 10

10. A, B, C. Legacy systems are ones that use older hardware, software, or network protocols that are not commonly used today. A system with only 1 GB of RAM might be woefully underpowered, but that in and of itself does not make it a legacy system.

Question 11

11. You are configuring a DHCP server for a small network with a network address of
    192.168.1.0/24. You want the DHCP server to manage and assign all IP addresses and also want to ensure that there are 20 addresses available for servers, printers, and router interfaces. Which of the following is the best solution?

A. Create a scope with addresses 192.168.1.1 to 192.168.1.200. Create an exclusion for
addresses 192.168.1.1 to 192.168.1.20.
B. Create a scope with addresses 192.168.1.1 to 192.168.1.200. Create a lease for
addresses 192.168.1.1 to 192.168.1.20.
C. Create a scope with addresses 192.168.1.21 to 192.168.1.200. Create an inclusion for
addresses 192.168.1.1 to 192.168.1.20.
D. Create a scope with addresses 192.168.1.1 to 192.168.1.200. Create reservations for
addresses 192.168.1.1 to 192.168.1.20.

Answer 11

11. D. The best answer is to create a scope with the available addresses that the server will man- age. Then, if you want the server to assign the same address each time to servers, printers, and router interfaces, create reservations for these addresses. An exclusion could work, but then you would have to manually assign addresses to those devices and the DHCP server wouldn’t assign all addresses.

Question 12

12. You’re adding entries for new servers into the corporate DNS server and have IPv6 addresses for those servers. Which type of entries will you create?
    A. A
    B. CNAME
    C. AAAA
    D. TXT

Answer 12

12. C. IPv6 hosts have AAAA records in a DNS zone file. IPv4 addresses have A records. A
    CNAME record is an alias, and TXT is a text entry.

Question 13

13. An administrator sets up an NTP server on their local network. What is the purpose of an
    NTP server on the local network?

A. To query national NTP servers to ensure all computers on the local network are set to
the same time
B. To provide the correct time to all computers on the local network
C. To ensure all local computers have the same newsfeed
D. To resolve SCADA control issues between compliant devices

Answer 13

13. B. The purpose of an NTP server is to provide the correct time to all computers (or devices) on a network. A local NTP server can query national servers but does not need to; it can function on its own. NTP has nothing to do with newsfeeds or SCADA.

Question 14

14. Company employees have recently started receiving large amounts of spam emails. Which of the following systems can help reduce the amount of spam received? (Choose all that apply.)

A. A. UTM
B. DMARC
C. SCADA
D. AAA

Answer 14

14. A, B. Unified threat management (UTM) systems can include antispam capabilities. DMARC
    is a type of spam management inclusion into DNS zone files. SCADA refers to legacy hardware systems, and AAA is authentication, authorization, and accounting.

Question 15

15. A network administrator is updating features on an AAA server. Which aspect of that server deals specifically with determining which users get to access which network resources?

A. Authentication
B. Authorization
C. Accounting
D. All of the above

Answer 15

15. B. Authentication refers to verification of user identity. Authorization is the set of permis- sions a user has to access resources. Accounting is the tracking or logging of who accessed what resource.

Question 16

16. Which type of network service is responsible for collecting and tracking error messages generated by networked devices such as routers?

A. AAA
B. NTP
C. Syslog
D. UTM

Answer 16

16. C. A syslog server collects and tracks error messages sent from network devices such as
    routers. AAA is for authentication, authorization, and accounting. NTP is a time server. UTM is unified threat management, which is a security server or servers.

Question 17

17. Which of the following is a term that refers to legacy industrial servers that control critical
    infrastructure?

A. DKIM
B. SPF
C. DMARC
D. SCADA

Answer 17

17. D. Supervisory control and data acquisition (SCADA) systems are legacy systems that often
    control public infrastructure. DKIM, SPF, and DMARC all deal with spam management.

Question 18

18. Your company has decided to set up its own DHCP server. How many DHCP servers is the
    company required to maintain?

A. 1.
B. 2.
C. 3.
D. It depends on how many computers are on the network.

Answer 18

18. A. If a company wants to implement DHCP, it only needs one DHCP server. In fact, having
    more than one can cause administrative headaches if they are not configured properly. If a company wants to run their own DNS, they are required to have two DNS servers.

Question 19

19. You just purchased an Alexa smart assistant. What type of service is this?

A. UTM
B. SCADA
C. IoT
D. AAA

Answer 19

19. C. Smart assistants are examples of Internet of Things (IoT) devices. UTM is unified threat
    management, which is a security service. SCADA refers to legacy hardware and software. AAA is authentication, authorization, and accounting.

Question 20

20. Which spam management capability authenticates email servers based on their IP addresses?

A. SPF
B. DKIM
C. DMARC
D. SCADA

Answer 20

20. A. Sender Policy Framework (SPF) is the simplest of the three DNS TXT record types that deals with spam management. It authenticates servers based on their IP address. DomainKeys Identified Mail (DKIM) authenticates servers using a public-private key pair. Domain-based Message Authentication, Reporting, and Conformance (DMARC) allows domains to decide what to do with emails that fail SPF or DKIM authentication. SCADA refers to legacy hardware and software.

Question 21

What does DNS do?

Answer 21

Domain name service resolves the hostnames to IP addresses so that communication can begin. Resolving hostnames to IP addresses

Question 22

What are dedicated servers?

Answer 22

Servers that are dedicated to a single task such as hosting websites

Question 23

What are nondedicated servers?

Answer 23

Nondedicated servers may perform multiple tasks such as hosting a website and serving as the admin’s daily workstation

Question 24

What is a zone file?

Answer 24

A zone file is a database which maintains record of hostname to IP address mappings

Question 25

What are the 7 common DNS record types?

Answer 25

SOA, start of authority NS, name server MX, mail exchange A, IPv4 host record AAAA, "quad A", it's the host record CNAME, canonical name TXT, text record

Question 26

What are the 3 standards used to battle spam email?

Answer 26

SPF, sender policy framework DKIM, domain keys identifier mail DMARC, domain-based message authentication, reporting, and comformance

Question 27

Which is the simplest of the three standards to fight spam emails?

Answer 27

Sender policy framework (SPF), is the simplest oof the three. It authenticates an email server based on its IP address. In an SPF TXT record, the administrator specifies all servers that are legitimate email senders for that domain, based on their IP address

Question 28

How does DKIM work?

Answer 28

Domain keys identified mail (DKIM) authenticates using encryption through a public private key pair

Question 29

How does DMARC work?

Answer 29

Domain-based message authentication, reporting, and conformance (DMARC) build on SPF and DKIM and essentially combines them together into one framework

Question 30

What is the order of the internet name hierarchy from top to bottom?

Answer 30

Root level Top-level domains Second-level domains Subdomains Host

Question 31

What is the dot at the end of the internet?

Answer 31

The dot represents the root. Without the root a domain name is not considered a fully qualified domain name (FQDN), which makes it unfit for internet use

Question 32

What does a DHCP do?

Answer 32

A dynamic host configuration protocol (DHCP) server is configured to provide IP configuration information to clients automatically (dynamically), in what is called a lease