Chapter 7

Question 1

An enterprise-wide VPN can include elements of both the client-to-site and site-to site models.

True
False

Answer 1

True

Question 2

After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel.

True
False

Answer 2

False

Question 3

PPP can support several types of Network layer protocols that might use the connection.

True
False

Answer 3

True

Question 4

A community cloud is a service shared between multiple organizations, but not available publicly.

True
False

Answer 4

True

Question 5

A Type 2 hypervisor installs on a computer before any OS, and is therefore called a bare-metal hypervisor.

True
False

Answer 5

False

Question 6

Office 365 is an example of an SaaS implementation with a subscription model

True
False

Answer 6

True

Question 7

Digital certificates are issued, maintained, and validated by an organization called a certificate authority (CA).

True
False

Answer 7

True

Question 8

The HTTPS (HTTP Secure) protocol utilizes the same TCP port as HTTP, port 80.

True
False

Answer 8

False

Question 9

FTPS (FTP Security or FTP Secure) and SFTP (Secure FTP) are two names for the same protocol.

True
False

Answer 9

False

Question 10

The Virtual Network Computing (VNC) application uses the cross-platform remote frame buffer (RFB) protocol.

True
False

Answer 10

True

Question 11

Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers?

IaaS
PaaS
SaaS
XaaS

Answer 11

IaaS

Question 12

What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices?

IaaS
PaaS
SaaS
XaaS

Answer 12

SaaS

Question 13

What type of scenario would be best served by using a Platform as a Service (PaaS)
cloud model?

A group of developers needs access to multiple operating
systems and the runtime libraries that the OS provides

An organization wishes to gain access to applications through
an online user interface, while maintaining compatibility across
operating systems

An organization needs to have a hosted virtual network
infrastructure for their services, which are run on virtual
machines

A small organization needs to have high availability for their web
server

Answer 13

A group of developers needs access to multiple operating systems and the runtime libraries that the OS provides

Question 14

When using public and private keys to connect to an SSH server from a Linux device, where must your public key be placed before you can connect?

In an authorization file under your home directory on your
computer

In an authorization file on the host where the SSH server is

In the /etc/ssh/keys folder

In the /var/run/ssh/public folder

Answer 14

In an authorization file on the host where the SSH server is

Question 15

The combination of a public key and a private key are known by what term below?

key set
key team
key pair
key tie

Answer 15

key pair

Question 16

What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission?

L2TP
TLS
IPsec
SSL

Answer 16

IPsec

Question 17

At what layer of the OSI model does the IPsec encryption protocol operate?

Physical layer
Network layer
Transport layer
Application layer

Answer 17

Network layer

Question 18

The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field?

priority
FCS
FEC
encryption

Answer 18

FCS

Question 19

When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites?

VPN proxy
VPN server
VPN transport
VPN gateway

Answer 19

VPN gateway

Question 20

Amazon and Rackspace both utilize what virtualization software below to create their cloud environments?

VMware vSphere
Oracle VirtualBox
Parallels
Citrix Xen

Answer 20

Citrix Xen

Question 21

What open-source VPN protocol utilizes OpenSSL for encryption and has the ability
to possibly cross firewalls where IPsec might be blocked?

Layer 2 Tunneling Protocol (L2TP)

Point-to-Point Tunneling Protocol (PPTP)

Generic Routing Encapsulation (GRE)

OpenVPN

Answer 21

OpenVPN

Question 22

VMware Player and Linux KVM are both examples of what type of hypervisor?

Type 1 hypervisor
Type 2 hypervisor
barebones hypervisor
bare-metal hypervisor

Answer 22

Type 2 hypervisor

Question 23

Which statement regarding the use of a bridged mode vNIC is accurate?

The vNIC will its own IP address on the physical LAN

The vNIC will be assigned a NAT-ed IP address

The vNIC will only be able to communicate across the bridge to
the host PC

The vNIC will utilize the host PC’s IP address.

Answer 23

The vNIC will its own IP address on the physical LAN

Question 24

When is it appropriate to utilize the NAT network connection type?

Only when the VM requires an IP address on the physical LAN

Whenever the VM does not need to be access at a known
address by other network nodes

Only if the VM does not need to communicate with the host PC

Only if the VM is intended for VM-to-host communications.

Answer 24

Whenever the VM does not need to be access at a known address by other network nodes.

Question 25

By default, what network connection type is selected when creating a VM in VMware, VirtualBox, or KVM? host-only mode bridged mode NAT mode lockdown mode

Answer 25

NAT mode

Question 26

Which statement regarding the IKEv2 tunneling protocol is accurate? IKEv2 is an older, Layer 2 protocol developed by Microsoft that encapsulates VPN data frames IKEv2 is based on technology developed by Cisco and standardized by the IETF IKEv2 is an open-source VPN protocol that utilizes OpenSSL for encryption IKEv2 offers fast throughput and good stability when moving between wireless hotspots

Answer 26

IKEv2 offers fast throughput and good stability when moving between wireless hotspots

Question 27

The use of certificate authorities to associate public keys with certain users is known by what term? public-key organization certified infrastructure public-key infrastructure symmetric identification

Answer 27

public-key infrastructure

Question 28

What is NOT a potential disadvantage of utilizing virtualization? Multiple virtual machines contending for finite resources can compromise performance Increased complexity and administrative burden can result from the use of virtual machines Licensing costs can be high due to every instance of commercial software requiring a separate license Virtualization software increases the complexity of backups, making creation of usable backups difficult

Answer 28

Virtualization software increases the complexity of backups, making creation of usable backups difficult

Question 29

A vSwitch (virtual switch) or bridge is a logically defined device that operates at what layer of the OSI model? Layer 1 Layer 2 Layer 4 Layer 7

Answer 29

Layer 2

Question 30

Which of the following virtualization products is an example of a bare-metal hypervisor? Citrix XenServer VirtualBox VMware Player Linux KVM

Answer 30

Citrix XenServer

Question 31

In a software defined network, what is responsible for controlling the flow of data? flow director vRouter SDN controller SDN switch

Answer 31

SDN controller

Question 32

What term is used to describe a space that is rented at a data center facility by a service provider? point of presence (PoP) service location (SL) central service point (CSP) locally exchanged data point (ledp)

Answer 32

point of presence (PoP)

Question 33

Which of the following statements regarding the Point-to-Point (PPP) protocol is NOT accurate? PPP can negotiate and establish a connection between two endpoints PPP can utilize an authentication protocol, such as MS-CHAPv2 or EAP to authenticate a client PPP can support several Network layer protocols, such as IP, that might use the connection PPP can support strong encryption, such as AH or ESP

Answer 33

PPP can support strong encryption, such as AH or ESP

Question 34

Why is the telnet utility a poor choice for remote access to a device? It provides no mechanism for authentication It does not allow for control of a computer remotely It cannot be used over a public WAN connection It provides poor authentication and no encryption

Answer 34

It provides poor authentication and no encryption

Question 35

What statement regarding the SSH (Secure Shell) collection of protocols is accurate? SSH provides a graphical view of the remote computer SSH does not protect against DNS spoofing SSH does not protect against IP spoofing SSH supports port forwarding

Answer 35

SSH supports port forwarding

Question 36

In order to generate a public and private key for use with SSH, what command line utility should you use? ssh-keygen key-generate ssh-newkey gpg --ssh

Answer 36

ssh-keygen

Question 37

Regarding VNC (Virtual Network Computing or Virtual Network Connection), what statement is accurate? VNC is faster than Remote Desktop, and requires less network bandwidth VNC is open source, allowing companies to develop their own software based on VNC VNC uses the Remote Desktop Protocol (RDP) VNC is a standard developed by Microsoft and used by Windows Remote Desktop

Answer 37

VNC is open source, allowing companies to develop their own software based on VNC

Question 38

Which file transfer protocol has no authentication or security for transferring files, uses UDP, and requires very little memory to use? File Transfer Protocol (FTP) FTP Secure (FTPS) Secure FTP (SFTP) Trivial FTP (TFTP)

Answer 38

Trivial FTP (TFTP)

Question 39

What special enterprise VPN supported by Cisco devices creates VPN tunnels between branch locations as needed rather than requiring constant, static tunnels? Dynamic Multipoint VPN Dynamic SmartVPN Symmetric VPN Autodial Auto Switched VPN Service

Answer 39

Dynamic Multipoint VPN

Question 40

Which of the following is NOT a task that a VPN concentrator is responsible for? A VPN concentrator authenticates VPN clients A VPN concentrator establishes tunnels for VPN connections A VPN concentrator shuts down established connections when malicious traffic occurs A VPN concentrator manages encryption for VPN transmissions

Answer 40

A VPN concentrator shuts down established connections with malicious traffic occurs