7.

0 Explaining Application Services

7.1 Application Security and Time Synchronization

7.1.1 Transport Layer Security

One of the critical problems for the provision of services is that TCP/IP
application protocols were originally devised without any security
mechanisms. Without security, there is no authentication of the servers
running the applications (or of the clients accessing them), and all data is
sent in plaintext. This makes these services highly vulnerable to spoofing,
eavesdropping, and unauthorized modification. Transport Layer Security
(TLS) was developed as an IETF standard to solve this issue.

TLS works as a layer between the Application and Transport layers of the
TCP/IP stack, or, in OSI terms, at the Session layer. It's normally used to
authenticate and encrypt TCP connections. When it is used with the HTTP
application, it is referred to as HTTP Secure (HTTPS). TLS can also be used to
secure other TCP application protocols, such as DNS, NTP, FTP, POP3/IMAP,
SMTP, and LDAP. The secure form of the protocol typically uses a different
port than the insecure version.

TLS can also be used with UDP, referred to as Datagram Transport Layer
Security (DTLS), most often in virtual private networking (VPN) solutions.

To implement TLS, the server is installed with a digital certificate issued by

some trusted certificate authority (CA). When a client connects to a
secure service, a TLS handshake is performed. During the handshake, the
server provides its certificate to the client. The cryptographic data in the
certificate proves the identity of the server, assuming that the client also
trusts the CA. The certificate contains the public key part of a public/private
encryption key pair. The private key is kept a secret known only to the
server.

If authentication is successful, the server and client use the key pair in the
digital certificate and a chosen cryptographic cipher suite within the TLS
protocol to set up an encrypted tunnel. Even though someone else might
know the public key and be in a position to record traffic passing between
the server and client, they cannot decrypt the contents of the tunnel without
obtaining the server's private key. This means that the communications
cannot be read or changed by a third party.
The latest versions of TLS can use a mechanism called Perfect Forward
Secrecy (PFS). When this is configured, not even obtaining the server's
private key allows decrpytion of captured packets.

TLS has been developed through a number of versions, with TLSv1.3 being
current at the time of writing. A server and client must be able to agree on a
compatible version. As older versions can contain serious weaknesses, many
servers are configured to allow only TLSv1.3 or TLSv1.2. Additionally, the
client and server must be able to agree on a mutually supported cipher suite.

TLS itself was developed from an older protocol called Secure Sockets Layer
(SSL). SSL is now completely obsolete.

 7.1.2 Network Time Protocol

Many applications on networks require hosts to be synchronized to the same time.

These include authentication and auditing/logging mechanisms, scheduling
applications, and backup software. The Network Time Protocol (NTP) enables the
synchronization of these time-dependent applications. NTP works over UDP on port
123.

Top-level NTP servers (stratum 1) obtain the Coordinated Universal Time (UTC) via
a direct physical link to an accurate clock source, such as an atomic clock accessed
over the Global Positioning System (GPS). An NTP server that synchronizes its
time with a stratum 1 server over a network is operating at stratum 2. Each stratum
level represents a step away from the accurate clock source over a network link.
These lower stratum servers act as clients of the stratum 1 servers and as servers or
time sources to lower stratum NTP servers or client hosts. Most switches and
routers can be configured to act as time servers to local client hosts and this function
is also typically performed by network directory servers. It is best to configure each
of these devices with multiple reference time sources (at least three) and to establish
them as peers to allow the NTP algorithm to detect drifting or obviously incorrect
time values.
 Description

Stratum 1 NTP servers are directly connected to an accurate clock source. Each
stratum level below one represents a network hop away from that accurate time
source. (Images © 123RF.com.)

Client hosts (application servers and workstations) usually obtain the time by using a
modified form of the protocol called Simple NTP (SNTP). SNTP works over the
same port as NTP. A host that supports only SNTP cannot act as a time source for
other hosts. In Windows, the Time Service can be configured by using
the w32tm command. In Linux, the ntp package can be configured
via /etc/ntp.conf.

Time drift is when a system’s clock begins to deviate from the source clock.
NTP can use two methods to deal with time drift:

 Slew method—If the time is off by only a few seconds, NTP adjusts
the time a few milliseconds at a time to get it back on track. Slewing is
a slower, methodical method of correcting the time, but the risk of
problems occurring is much less.

 Slam method—If the time is off by more than a few seconds and
slewing will take too long, NTP will hard reset the time. While this is a
quick and immediate fix, slamming can cause some programs to not
function properly.
If a server or host is configured with the incorrect time, it may not be able to
access network services. Authentication and other security mechanisms will
often fail if the time is not synchronized on both communicating devices. In
this situation, errors are likely to be generic failure or invalid token type
messages. Always try to rule out time synchronization as an issue early in
the troubleshooting process.

If a local stratum 1 server cannot be implemented on the local network, the

time source can be configured using one or more public NTP server pools,
such as time.google.com, time.windows.com, time.apple.com, time.nist.gov,
or pool.ntp.org.

To mitigate risks from unauthorized time sources or manipulation of

synchronization data, NTP can be protected using Transport Layer Security
(TLS). Network Time Security (NTS)works over TCP port 4460. NTS
servers may also support ports 3443 and 4443, which were specified in early
draft versions of the protocol.

7.1.3 Precision Time Protocol

NTP is accurate enough for many network services, but not for the most
timing critical application requirements. Networks supporting industrial
processes, 5G cellular data, medical devices, market trading and financial
services, or broadcasting use the Precision Time Protocol (PTP). Where NTP
can produce millisecond precision, PTP is capable of nanosecond precision.
PTP can also be seen as a general replacement for NTP. It is defined in the
IEEE 1588 standard.

PTP can use layer 2 messaging plus hardware clocks in compatible network
adapters and switches to ensure greater levels of accuracy than NTP can
support. It uses mechanisms to measure and account for delay.

PTP uses the following clock types:

Grandmaster clock is the authoritative time source within a PTP domain.

Boundary clock is one with interfaces in multiple PTP segments.

Ordinary clock is one with a single PTP interface.

When two clocks are connected, one interface has a timeTransmitter role,
and the other has a timeReceiver role. The grandmaster clock's interfaces
are always timeTransmitter. A boundary clock would have the timeReceiver
role on its interface with the grandmaster and the timeTransmitter role on
other interfaces. Ordinary clock interfaces are usually timeReceiver.

Additionally, transparent clocks can be deployed. These can measure path

delay and adjust P2P messages to compensate.

PTP can also be deployed as a layer 3 protocol over IP, but it will not work as
accurately as a layer 2 implementation with PTP-compatible hardware-
timestamping adapters and switches.

Configure NTP on Linux 00:00-00:21

Network Time Protocol, or NTP, is a protocol used to sync time on

computers. Any system, regardless of whether it's Linux or Windows, has
some form of time synchronization. Today, we're going to look at two ways of
syncing time on a Linux system.

NTP Service 00:21-01:58

The first package we're going to check out is ntp. This is a legacy service
that's being deprecated in newer versions of Redhat and Ubuntu, but it's still
relevant for now. To install it, we need to type 'yum -y install ntp'. This installs
all the libraries, configs, and daemons needed. To check the status, we use
'systemctl status ntpd', and we see that it's not running yet. This is normal,
as we want to make sure the config is in place before we run it. It's located in
/etc, so if we type 'vi /etc/ntp.conf', it'll allow us to view the existing config
related to the ntp package.

Out of the box, this config will only be for the local system. But it's possible
to have this Redhat server as a time server for other systems. Typically, you
wouldn't go through the extra effort to make a time server unless it were GPS
synced, which provides better accuracy than an internet time server. The
config we're interested in is the server list. Whenever you specify an NTP
server, you first start with 'server', the server's name, and lastly, 'iburst'. This
sends a burst of requests to the time server at startup, which usually results
in a faster time sync. The maxpull option could be included here, but I
wouldn't set it too low, otherwise you may be blacklisted from the public
time servers. Entries like 'maxpull 10' would pull NTP messages every 1024
seconds. 6 would be 64 seconds and so on. We're just going to leave
the default time servers as they are. If your organization has specific time
server requirements, this is where you'd make those changes. Let's exit out
of this.

Systemctl 01:58-02:54

'systemctl enable ntpd' enables the daemon to start up at boot. That way we
don't forget to start. The 'systemctl start ntpd' command initializes the
daemon and runs the NTP protocol for us. Now when we check the daemon's
status with 'systemctl status ntpd', we can see that it's running. This only
tells us information about the daemon and not much related to time sync,
which is why we need to use ntpq to query for ntp-related info. When we
issue the 'ntpq -p' command, it prints a list of peers and their states. Notice
when you see the servers you're syncing against, they're not the same
as the servers you specified in your config. This is OK because when you
sync against a DNS name with the word "pool", it means that there's a pool
of servers under that name. Commands related to ntpq can be found in the
man page by typing 'man ntpq'. And here you can see the '-p' flag we just
used, among others.

View Stats 02:54-03:28

Just so you know a little about the stats listed, we're going to break it
down. Most of these measurements are in milliseconds, so items such as
delay is the round trip delay it takes or latency of the time packets. The
offset refers to the difference in time between the local host and the time
server. Lastly, jitter is the variance in time between the local host and the
time server. The lower the jitter, the better. After running the command to
check the status again, we notice that it'll take a while for this clock to get in
sync, so your stats may not be good initially.

Now let's look at another service used for NTP.

Chrony Service 03:28-04:25

Chrony is a newer implementation of the NTP protocol. Not only can Chrony
perform better in a congested network, it can synchronize the clock quicker
and with better accuracy. All around, this is better than using the ntp
service. Keep in mind that you can't use both of them at the same time. If
you were using the ntp service prior to this, you'd need to uninstall it first
and then install Chrony. To do so, you type 'yum -y install chrony'. The
configuration is also located in /etc, so type 'vi /etc/chrony.conf'. Now, up at
the top are the time server pools that Redhat uses. Just like the ntp package,
if you had your own NTP servers, you could input them or change some
internet time server pools. Both iburst and maxpull still apply even in this
config. We're just going to keep the defaults, so let's exit this now.

Enable Chrony 04:25-06:18

To enable our chronyd daemon at startup, we type 'systemctl enable

chronyd'. Next, we start it up by typing 'systemctl start chronyd'. To check
the status, we can do 'systemctl status chronyd'. Checking the status after
starting a daemon is always good so you can see if there are errors popping
up. From the logs at the bottom of the status, it looks like we have some
good startup messages. The commands to check the status of Chrony's
sync aren't the same, as they're unique to Chrony. 'chronyc sources' shows
you all the current NTP servers you're syncing against. They may vary, as
you're pulling from a pool of internet time servers that might not always be
the same. Also, 'chronyc sourcestats' provides you with more statistics
related to each time server. You'll notice some stats are similar, but
these stats from Chrony provide more granular details. A good reference is to
look at the man page. If we do a forward slash and type 'sourcestats', we
can look at the details related to the command we just ran. These pages are
very descriptive and explain what you may be looking for. Right here is a
good example where they give definitions for each field in the
sourcestats command, so you know what you're reading. Let's exit this. Just
to check our time sync again, let's type 'chronyc sources'. Generally, when
our reach is 37, all syncs are in good standing order. The characters off to the
left-hand side of the time servers serve a purpose by giving you certain
details. For example, the time server with a * indicates which time server
you're sync'd against. The + would be other acceptable sources, while the -
indicates an acceptable source that's excluded from the algorithm. There are
a few other characters that aren't present currently, so be sure to do your
research so that you know what you're looking at.

After setting up either the NTP service or Chrony, make sure there are no
firewall rules restricting the use of UDP port 123. Generally, outbound system
firewall traffic isn't blocked by default.

Summary 06:18-06:29

That's it for this demo. In this demo, we showed you two different NTP
protocol services and details related to time sync in Linux.
7.1.4 Lab: Configure NTP on Linux

On the CorpData server, your task is to:

Use the dnf package manager to install the NTP service.

Use the systemctl utility to verify that the NTP service is running.

Answer Question 1.

Find the IP address of the NTP server.

Answer Question 2.

On the Exec computer, your task is to:

Add the NTP server as a time source using the following command:

w32tm /config /manualpeerlist:[servers_ip_address],0x8

/syncfromflags:MANUAL /update

Verify that the Exec computer is using the NTP server for time
synchronization using the following command:

w32tm /query /status

Explanation Click to open/close text to speech

Complete this lab as follows:

1. Install the NTP service on the CorpData server.

a. Under Networking Closet, select CorpData.

b. From the Favorites bar, select Terminal.

c. At the terminal prompt, type dnf install ntp and then

press Enter to begin the installation process.

d. Type y and press Enter to install the NTP package.

2. Verify that the NTP service is running.

a. Type systemctl status ntp and press Enter.

b. From the top left, select Questions.

 c. Answer Question 1.

3. Find the NTP server's IP address.

a. Type ip addr show | more to view the NTP server's IP address.

b. Answer Question 2.

4. Add the NTP server as a time source for the Exec computer.

a. From the top left, select Floor1.

b. Under Executive Office, select Exec.

c. Right-click Start and select Terminal (Admin).

d. Configure Exec to use the NTP server with the following

command:
w32tm /config /manualpeerlist:192.168.0.22,0x8
/syncfromflags:MANUAL /update

5. Verify that the Exec computer is using the NTP server for time
synchronization.

a. In the console, type w32tm /query /status and then

press Enter.

7.1.5 Lesson Review

 print

 close modal

Candidate: Catalina Adams (mar2492014)

Date: 1/25/2025, 7:16:20 PM • Time Spent: 09:12

Score: 100%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct
You are setting up a secure website for your online store. You want to ensure
that all data transmitted between your website and your customers is
encrypted.

Which of the following steps is essential for you to achieve this?

answer

Increase your website's bandwidth.

Correct Answer:

Obtain and install a digital certificate.

Implement a CAPTCHA system on your website.

Install a web analytics tool.

Explanation

To secure data transmission between your website and your customers, you
need to implement HTTPS, which is the secure version of HTTP enabled by
TLS. Obtaining and installing a digital certificate from a trusted CA is
essential for this process. The digital certificate will authenticate your
website's identity to your customers and enable encrypted communication.

While useful for tracking website traffic and user behavior, web analytics
tools do not encrypt data transmission.

Increasing bandwidth can improve website performance but does not secure
data transmission.

CAPTCHA systems help differentiate human users from bots but do not
encrypt or secure data transmission.

References

o 6.5.10 DNS Security

resources\text\t_tls_n09\q_tls_digital_certificate_scenario_n09.question.xml

 Question 2.

Correct

What is established between a server and a client after successful

authentication with TLS?

answer
A direct physical connection

A public network

Correct Answer:

An encrypted tunnel

A data compression protocol

Explanation

After successful authentication with TLS, an encrypted tunnel is established

between the server and the client. This tunnel ensures that all data
transmitted between the two parties is encrypted, providing confidentiality
and integrity. The encryption prevents unauthorized parties from
eavesdropping or tampering with the data.

TLS operates over existing network connections and does not establish new
physical connections. It secures data transmitted over these connections
through encryption.

While TLS can secure data transmitted over public networks, it does not
establish the network itself. Its role is to provide security for data in transit,
regardless of the network type.

TLS is focused on securing communications through encryption, not on

compressing data. While some protocols may include options for
compression, the primary function of TLS is to authenticate the server and
client and to encrypt their communications.

References

o 6.5.10 DNS Security

resources\text\t_tls_n09\q_tls_encrypted_tunnel_n09.question.xml

 Question 3.

Correct

What happens during a TLS handshake?

answer

The server and client agree on a data compression method.

Correct Answer:
The server provides its digital certificate to the client for authentication.

The server's processing load is reduced.

The client and server negotiate network congestion management.

Explanation

The correct answer is that the server provides its digital certificate to the
client for authentication. The TLS handshake is a critical phase in
establishing a secure connection. During this process, the server presents its
digital certificate to the client. This certificate allows the client to verify the
server's identity, establishing trust and enabling the secure exchange of
encryption keys for the session.

The TLS handshake is focused on authentication and key exchange, not on

processing load.

Data compression is not the focus of the TLS handshake; it is about

establishing a secure communication channel.

Network congestion management is unrelated to the TLS handshake, which

is concerned with security and authentication.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_tls_n09\q_tls_tls_handshake_n09.question.xml

 Question 4.

Correct

What is it called when a system's clock begins to be off by a few seconds or

even minutes?

answer

Slew

Correct Answer:

Time drift

Slam
Dispersion

Explanation

Time drift is when a system's clock begins to be off by a few seconds or

minutes. Using Network Time Protocol (NTP) can help reduce the risk of time
drift.

Slewing is an NTP correction method where the time is adjusted a few

milliseconds at a time until it's correct again.

Slamming is an NTP correction method where the time is hard reset to the
correct time.

Dispersion measures how scattered the time offsets (in seconds) are from a
given time server.

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

o 7.1.4 Lab: Configure NTP on Linux

resources\text\t_ntp_n09\q_ntp_drift_n09.question.xml

 Question 5.

Correct

What can happen if a server or host is configured with the incorrect time?

answer

It will automatically correct itself without NTP

Correct Answer:

It may not be able to access network services

It can lead to increased network speed

It will increase the security of network communications

Explanation

Incorrect time settings can lead to failures in authentication and other

security mechanisms, preventing access to network services.
Incorrect time settings do not affect network speed.

Without NTP or manual correction, a device will not automatically correct its
time.

Incorrect time settings can actually decrease the security of network

communications by causing authentication errors.

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

o 7.1.4 Lab: Configure NTP on Linux

resources\text\t_ntp_n09\q_ntp_network_services_n09.question.xml

 Question 6.

Correct

You are the network administrator for a small consulting firm. You've set up
an NTP server to manage the time across all the machines in the network.

You have a computer that's experiencing a slight time drift of just a few
seconds.

Which time correction should you use to fix the system's clock?

answer

Jitter

Correct Answer:

Slew

Slam

Skew

Explanation

If time is off by just a few seconds, slewing is better for putting it back on
track. Slewing is a slower, methodical method of correcting the time, but the
risk of problems occurring is much less.
Slamming is used if the time is off by quite a bit and slewing will take too
long. While this is a quick and immediate fix, slamming can cause some
programs to function improperly.

Jitter refers to small, rapid variations in a system's clock.

Skew measures the difference (in hertz) between a clock's actual frequency
and the frequency necessary to keep a more accurate time.

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

o 7.1.4 Lab: Configure NTP on Linux

resources\text\t_ntp_n09\q_ntp_slew_n09.question.xml

 Question 7.

Correct

Which of the following time standards does NTP use?

answer

PDT

Correct Answer:

UTC

CDT

EDT

Explanation

Network Time Protocol (NTP) uses Coordinated Universal time (UTC) instead
of time zones. Each device is responsible for converting the time to the local
time zone.

The other options are United States time zones:

o EDT = Eastern Time

o PDT = Pacific Time

 o CDT = Central Time

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

o 7.1.4 Lab: Configure NTP on Linux

resources\text\t_ntp_n09\q_ntp_utc_n09.question.xml

 Question 8.

Correct

What role does a grandmaster clock play in a PTP domain?

answer

It acts as the primary backup time source.

It serves as the primary network router.

It synchronizes directly with satellite clocks.

Correct Answer:

It is the authoritative time source.

Explanation

In a PTP domain, the grandmaster clock is the authoritative time source to

which other clocks in the domain synchronize, ensuring high precision across
the network.

The grandmaster clock is not a backup; it is the primary time source.

There is no mention of direct synchronization with satellite clocks for the

grandmaster clock.

The grandmaster clock's role is related to time synchronization, not routing

network traffic.

References

o 7.1.1 Transport Layer Security

o 7.1.3 Precision Time Protocol

resources\text\t_ntp_issues_n09\
q_ntp_issues_grandmaster_clock_n09.question.xml

 Question 9.

Correct

PTP can be deployed as a layer 3 protocol over IP. What is a limitation of this
deployment?

answer

Correct Answer:

It cannot achieve the same accuracy as layer 2 implementations.

It is incompatible with most network adapters.

It requires additional satellite synchronization.

It increases the network bandwidth usage significantly.

Explanation

When deployed as a layer 3 protocol over IP, PTP cannot work as accurately
as a layer 2 implementation that uses hardware-timestamping adapters and
switches, due to the nature of layer 3's handling of packets.

There is no mention of increased network bandwidth usage as a limitation of

layer 3 deployment.

The need for additional satellite synchronization is not discussed as a

limitation of deploying PTP over layer 3.

PTP is compatible with most network adapters.

References

o 7.1.1 Transport Layer Security

o 7.1.3 Precision Time Protocol

resources\text\t_ntp_issues_n09\
q_ntp_issues_layer_3_limitation_n09.question.xml

 Question 10.

Correct
What is the main advantage of Precision Time Protocol (PTP) over Network
Time Protocol (NTP)?

answer

Correct Answer:

PTP provides nanosecond precision.

PTP supports more network services.

PTP uses less network bandwidth.

PTP is easier to implement.

Explanation

The correct answer is that PTP provides nanosecond precision. PTP is capable
of providing nanosecond precision, making it suitable for timing-critical
applications, unlike NTP which can only provide millisecond precision. This
higher level of precision is crucial for networks supporting industrial
processes, 5G cellular data, medical devices, market trading and financial
services, or broadcasting.

The main advantage is not about supporting more network services, but
about providing higher precision.

Ease of implementation is not discussed as an advantage of PTP over NTP;

the focus is on precision.

The document does not mention network bandwidth usage as a

distinguishing factor between PTP and NTP.

References

o 7.1.1 Transport Layer Security

o 7.1.3 Precision Time Protocol

resources\text\t_ntp_issues_n09\
q_ntp_issues_ptp_advantage_n09.question.xml

• 7.2 Web, File, Print, and Database Services

7.2.1 Hyper Transfer Protocol

Websites and web applications are perhaps the most useful and ubiquitous of
network services. Web technology can be deployed for a huge range of
functions and applications, in no way limited to the static pages of
information that characterized the first websites. The foundation of web
technology is the HyperText Transfer Protocol (HTTP). HTTP enables
clients (typically web browsers) to request resources from an HTTP server. A
client connects to the HTTP server using an appropriate TCP port (TCP/80, by
default) and submits a request for a resource, using a uniform resource
locator (URL). The server acknowledges the request and either responds with
the data or with an error message.

HTTP Headers and Payload

The response and request formats are defined in the HTTP header. The HTTP
payload is usually used to serve HyperText Markup Language (HTML)
webpages, which are plain text files with coded tags describing how the page
should be formatted. A web browser can interpret the tags and display the
text and other resources associated with the page, such as binary picture or
sound files linked to the HTML page.

Description

Using Firefox's web developer tools to inspect the HTTP requests and
response headers involved in serving a typical modern webpage.
(Screenshot courtesy of Mozilla Foundation.)
HTTP also features a forms mechanism (POST) that enables a user to submit
data from the client to the server. HTTP is nominally a stateless protocol; this
means that the server is not required to preserve information about the
client during a session. However, the basic functionality of HTTP servers is
also often extended by support for scripting and programmable features
(web applications). Servers can also set text file cookies to preserve session
information. These coding features, plus integration with databases, increase
flexibility and interactivity, but also increase the attack surface and expose
more vulnerabilities.

Many argue that HTTP is a stateful protocol. Version 2 of HTTP adds more
state-preserving features (blog.zamicol.com/2017/05/is-http2-stateful-
protocol-application.html).

Web Servers

Most organizations have an online presence, represented by a website. In

order to run a website, it must be hosted on an HTTP server connected to the
Internet. Larger organizations or SMEs with the relevant expertise may host
websites themselves, but more typically, an organization will lease a server
or space on a server from an ISP. The following types of hosting packages are
common:

 Dedicated server—The ISP allocates your own private server

computer. This type of service is usually unmanaged (or management
comes at additional cost).

 Virtual private server (VPS)—The ISP allocates you a virtual

machine (VM) on a physical server. This is isolated from other customer
instances by the hypervisor.

 Cloud hosting—Your website is run on a cloud over several hardware

computers, allowing more scalability if demand patterns change.

 Shared hosting—Your website is hosted within a private directory on

a shared server. Performance can be severely affected by other sites
hosted on the server, because all the sites are competing for the same
resources.

The main web server platforms are Apache, Microsoft Internet Information
Services (IIS), and NGINX.

7.2.2 HTTP Secure

 Plaintext HTTP is highly vulnerable. A modern browser will warn users before
initiating an unencrypted connection (or may refuse such connections altogether). HTTP
protected by Transport Layer Security (TLS) is referred to as HTTP Secure (HTTPS).
HTTPS encrypted traffic is sent over TCP port 443 (by default), rather than the open
and unencrypted port 80. A web browser will open a secure session to a server
providing this service by using a URL starting with https://, and it will also show a
padlock icon in the address bar to indicate that the connection is secure. The padlock
icon allows inspection of the site's security data, including the certificate authority (CA)
that issued the certificate.

7.2.3 File Transfer Protocol

It is often necessary to transfer files to and from appliances or servers from a remote
host. Many methods of remote file access use some form of the File Transfer Protocol
(FTP). While HTTPS-based web services and web applications can now offer file
downloads to end users, FTP is still often used to perform the administrative
upload/download of files to and from servers and appliances. For these uses, it is
important to secure the FTP session.

Active Versus Passive FTP

An FTP client connects to TCP port 21 on an FTP server and opens a chosen dynamic
client port number (n). The TCP port 21 control port is used to transfer commands and
status information, but not for data transfer. Data transfer can operate in one of two
modes: active or passive. In active mode, the client sends a PORT command specifying
its chosen data connection port number (typically n+1), and the server opens the data
connection between the chosen client port and TCP port 20 on the server.
 Descriptio
n

FTP in active mode. (Images © 123RF.com.)

In passive mode, the client opens a data port (again, typically n+1) and sends
the PASV command to the server's control port. The server then opens a random high
port number and sends it to the client using the PORT command. The client then initiates
the connection between the two ports.

Description

FTP in passive mode. (Images © 123RF.com.)

Active FTP poses a configuration problem for some firewalls, as the server is initiating
the inbound connection, but there is no way of predicting which port number will be
utilized. However, not all FTP servers and clients can operate in passive mode. If this is
the case, check that firewalls installed between the client and server can support active
FTP (stateful inspection firewalls).

Another problem is that the control connection can remain idle when the data connection is in use,
meaning that the connection can be "timed out" by the firewall (or other routing device).

Trivial File Transfer Protocol

The Trivial File Transfer Protocol (TFTP) is a connectionless protocol running over
UDP port 69. Consequently, TFTP does not provide the guaranteed delivery offered by
FTP and is only suitable for transferring small files. Also, it only supports reading ( GET)
and writing (PUT) files, not directory browsing, file deletion, or any of the other features of
FTP. A TFTP server is most commonly used by legacy network appliances (switches,
routers, diskless workstations, and printers) to download configuration files. It can also
be used as a backup and restore method for configuration files. However, TFTP has no
security mechanisms, and appliances are no longer as resource constrained as they
were in the early days of networking. Consequently, secure protocols are now preferred
for these functions.

7.2.4 Secure File Transfer Protocol

Secure FTP (SFTP) addresses the privacy and integrity issues of FTP by
encrypting the authentication and data transfer between client and server. In
SFTP, a secure link is created between the client and server using Secure
Shell (SSH) over TCP port 22. Ordinary FTP commands and data transfer can
then be sent over the secure link without risk of eavesdropping. This solution
requires an SSH server that supports SFTP plus SFTP client software.

WinSCP SFTP client. (Screenshot courtesy of WinSCP.)

Another means of securing FTP is to use the connection security protocol
SSL/TLS. There are two means of configuring FTP over TLS:

 Explicit TLS (FTPES)—Use the AUTH TLS command to upgrade

an insecure connection established over TCP port 21 to a secure one.
This protects authentication credentials. The data connection for the
actual file transfers can also be encrypted (using the PROT command).

 Implicit TLS (FTPS)—Negotiate an SSL/TLS tunnel before the

exchange of any FTP commands. This mode uses TCP port 990 for the
control connection.

FTPS is tricky to configure when there are firewalls between the client and
server. Consequently, FTPES is usually the preferred method.

7.2.5 Server Message Block

File and print services allow network clients to share access to disk and
printer resources.

On a Windows network, the File/Print Sharing Service is provided by

the Server Message Block (SMB) protocol. SMB allows a host to share its
directories/files and printers to make them available for other machines to
use. Support for SMB in UNIX- or Linux-based machines and network
attached storage (NAS) appliances is provided by using the Samba software
suite (samba.org/samba/what_is_samba.html), which allows a Windows client
to access a Linux host as though it were a Windows file or print server.
Samba also allows Linux hosts to access file/printer shares hosted on
Windows.

On legacy networks, SMB ran as part of an older network services protocol

called NetBIOS on TCP port 139. If no legacy client support is required,
however, SMB is more typically run directly over TCP port 445. SMB should
be restricted to use only on local networks. It is important that any traffic on
the NetBIOS port ranges (137–139) and port 445 be blocked by a perimeter
firewall.

SMB version 3 supports message encryption, which can be enabled on a file

server or on a per-share basis. An encrypted share can only be accessed by
an SMB 3.0 or higher client.

SMB has gone through several updates, with SMB3 as the current version.
SMB1 has very serious security vulnerabilities and is now disabled by default
on current Windows versions
(docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/
detect-enable-and-disable-smbv1-v2-v3).

7.2.6 Network Attached Storage

A network attached storage (NAS) appliance is a device dedicated to

performing a file server role. A NAS uses a bespoke operating system,
typically based on Linux, and will usually be operated via a web app. A NAS
appliance is accessed via an IP address or domain name. Copy or backup
operations are performed at file level using an application protocol, such as
Server Message Block (SMB) or File Transfer Protocol (FTP).

Most NAS devices support some level of Redundant Array of Independent

Disks (RAID). In a RAID array, information is spread between disks so that if
one fails, the logical volume and its data will remain available.

The main drawback of NAS is that it shares bandwidth with other network
applications. Adding a NAS to an already overwhelmed network increases
network traffic and may result in unacceptable delays for users and
applications to access data. On networks with adequate bandwidth, however,
a NAS is a quick and easy way of adding shared storage.

Network attached storage. (Images © 123RF.com.)

7.2.7 Database Services

A database provisions information in a format that can be read and updated

through some type of query language. There are two main types of
databases. Relational databases store information in tables with rows
(records) and columns (fields). Relationships between data fields in different
tables is created using key fields that uniquely identify each record.
Relational databases are operated using Structured Query Language
(SQL). SQL defines commands such as SELECT to retrieve information or
UPDATE to change it.

SQL has been implemented in relational database management system

(RDBMS) platforms by several different vendors. As well as providing an
implementation of SQL, an RDBMS provides management tools and often a
GUI to use to operate the database. A remote access protocol allows a client
to connect to the database server over the network and allows replication
traffic to move between database servers. Replication is a means of
synchronizing the data held on each server. Each RDBMS uses a different TCP
port to distinguish it as an application service:

 Oracle's remote data access protocol SQL*Net uses TCP/1521.

 Microsoft SQL Server uses TCP/1433.

 The open source MySQL platform uses TCP/3306. The MariaDB platform
forked from MySQL uses the same port.

 The open source PostgreSQL platform uses TCP/5432.

These are the principal ports. An RDBMS is likely to use other TCP or UDP
ports for additional functions.

By default, these ports are insecure. However, the RDBMS server can be
installed with a certificate and configured to enable TLS transport encryption.
The connection is still made over the same port. Either the server or the
client can be configured to require encryption and drop the connection if a
valid security profile is not available. Optionally, the client can also be
installed with a certificate and the server configured to refuse connections
from clients without a valid certificate.

The other type of database is referred to as NoSQL or "not only SQL." Rather
than highly structured relational tables, NoSQL data can use a variety of
formats, such as key-value pairs or wide columns (where rows do not have to
have the same set of fields). NoSQL databases are typically accessed using
an application programming interface (API) over HTTPS.

All the RDBMS platforms also provide support for NoSQL datastores. There
are also dedicated NoSQL platforms, such as MongoDB, Amazon DynamoDB,
and CouchDB.

7.2.8 Lab: Scan for Web Services with Nmap

In this lab, your task is to:

 Use nmap to perform a port scan on the database server to

determine if any ports are open.

 Answer the question.

Perform a port scan using nmap

Q1How many ports were open on the company's database server?

Your answer:4

Correct answer:4

Explanation Click to open/close text to speech

Complete this lab as follows:

1. Scan the company's database server for open ports.

a. From the Favorites bar, select Terminal.

b. At the prompt, type nmap -p- 192.168.0.22.

c. Press Enter.

2. Answer the question.

a. In the top right, select Questions.

b. Answer the question.

7.2.9 Lesson Review

 print

 close modal

Candidate: Catalina Adams (mar2492014)

Date: 1/25/2025, 10:54:25 PM • Time Spent: 06:15

Score: 100%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct

What does the term "stateless protocol" imply about HTTP?

answer

Correct Answer:

Each request from a client to a server is treated as a new request.

The server requires authentication for every request.

The server retains information about client requests indefinitely.

The server stores data in a centralized database for all requests.

Explanation

The correct answer is that each request from a client to a server is treated as
a new request. Being a stateless protocol means that HTTP does not retain
any memory of past requests. Each request is treated independently, without
any knowledge of previous interactions.

The server does not retain information about client requests indefinitely; this
would imply stateful behavior.

Storing data in a centralized database for all requests is a design choice for
managing state and is not inherent to the stateless protocol itself.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.1 Hyper Text Transfer Protocol

resources\text\t_http_n09\q_http_stateless_protocol_n09.question.xml

 Question 2.

Correct
What feature does version 2 of HTTP add to enhance its functionality?

answer

Increased encryption

Correct Answer:

More state-preserving features

Faster email transmission

Improved FTP support

Explanation

The correct answer is more state-preserving features. HTTP/2 introduces

enhancements that allow for more efficient state preservation, improving
performance and user experience.

Encryption improvements are more associated with HTTPS rather than a

specific version of HTTP.

HTTP/2's improvements do not specifically target email transmission speeds.

HTTP/2 focuses on web traffic, not FTP.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.1 Hyper Text Transfer Protocol

resources\text\t_http_n09\q_http_state_preserving_n09.question.xml

 Question 3.

Correct

What does a client use to identify the resource it wants to request from an
HTTP server?

answer

MAC address

Correct Answer:

Uniform Resource Locator (URL)

Port number
IP address

Explanation

A URL is used by a client to specify the resource it wishes to request from an

HTTP server. It provides a way to locate a resource on the Internet.

An IP address identifies a device on the Internet, but it does not specify a

particular resource on an HTTP server.

A MAC address is used to identify network interfaces for communications

within a network segment and is not used in HTTP requests.

A port number is used to identify specific applications or services running on

a server but does not specify a particular resource.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.1 Hyper Text Transfer Protocol

resources\text\t_http_n09\q_http_url_n09.question.xml

 Question 4.

Correct

Which TCP port does HTTPS encrypted traffic default to?

answer

80

8080

21

Correct Answer:

443

Explanation

HTTPS encrypted traffic is sent over TCP port 443 by default. This is different
from HTTP, which uses the unencrypted port 80.

Port 80 is used for unencrypted HTTP traffic, not HTTPS.

Port 8080 is often used for an HTTP proxy or secondary web server, not
standard HTTPS traffic.
Port 21 is used for FTP (File Transfer Protocol), not HTTPS.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.2 HTTP Secure

o 7.2.8 Lab: Scan for Web Services with Nmap

o 7.3.2 Internet Message Access Protocol

resources\text\t_ssl_n09\q_ssl_https_port_n09.question.xml

 Question 5.

Correct

Which of the following is a limitation of active FTP mode regarding firewalls?

answer

Correct Answer:

It can cause configuration problems due to unpredictable port usage.

It encrypts the data transfer by default.

It only works with TCP port 22.

It requires HTTPS for data transfer.

Explanation

Active mode FTP can lead to firewall configuration issues because the server
initiates connections to random client ports, which can be blocked by
firewalls not configured to allow such connections.

FTP does not require HTTPS; this is a separate protocol used for secure web
browsing.

Active mode FTP uses TCP ports 20 and 21, not 22, which is for SSH.

FTP does not provide encryption by default; secure versions like FTPS or SFTP
are needed for encryption.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.3 File Transfer Protocol

 o 7.2.4 Secure File Transfer Protocol

resources\text\t_ftp_n09\q_ftp_active_limitation_n09.question.xml

 Question 6.

Correct

What is the primary purpose of the File Transfer Protocol (FTP)?

answer

To stream video content

Correct Answer:

To transfer files between a client and server

To encrypt web traffic

To send email messages

Explanation

FTP is designed to enable the transfer of files between a client and a server
over a network, making it the primary protocol for such tasks.

Encryption of web traffic is typically handled by protocols like HTTPS, not FTP.

Streaming video content is generally managed by streaming protocols, not

FTP.

Sending email messages is the function of protocols like SMTP, not FTP.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.3 File Transfer Protocol

o 7.2.4 Secure File Transfer Protocol

resources\text\t_ftp_n09\q_ftp_primary_purpose_n09.question.xml

 Question 7.

Correct

Why might TFTP not be suitable for transferring large files?

answer
It requires manual confirmation for each packet.

It only works within local networks.

It encrypts the data, causing overhead.

Correct Answer:

It operates over UDP, which does not guarantee delivery.

Explanation

The correct answer is that it operates over UDP, which does not guarantee
delivery. TFTP's use of UDP means it lacks mechanisms like error checking
and retransmission, making it unsuitable for large files where reliability is
crucial.

TFTP does not provide encryption; its unsuitability for large files is due to its
use of UDP.

TFTP's suitability is not limited by network scope but by its reliability and
feature set.

TFTP's limitations stem from its use of UDP, not from requiring manual packet
confirmation.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.3 File Transfer Protocol

resources\text\t_ftp_n09\q_ftp_transfer_large_files_n09.question.xml

 Question 8.

Correct

Why is FTPES usually preferred over FTPS?

answer

FTPES supports larger file transfers.

FTPES uses stronger encryption than FTPS.

FTPES is faster than FTPS.

Correct Answer:

FTPES is easier to configure with firewalls.

Explanation

FTPES is usually preferred over FTPS because it is easier to configure when

there are firewalls between the client and server. FTPES upgrades an
unsecure connection to a secure one, making it more firewall-friendly.

The preference for FTPES over FTPS is not based on speed; both can
potentially offer similar transfer speeds.

FTPES does not necessarily use stronger encryption than FTPS; both use TLS
for encryption. The preference is due to ease of configuration.

The ability to support larger file transfers is not the reason FTPES is
preferred; both FTPES and FTPS can handle large file transfers similarly.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.3 File Transfer Protocol

o 7.2.4 Secure File Transfer Protocol

resources\text\t_sftp_n09\q_sftp_ftpes_vs_ftps_n09.question.xml

 Question 9.

Correct

In the context of FTP over Explicit TLS (FTPES), which command is used to
encrypt the data connection for actual file transfers after upgrading an
unsecure connection to a secure one?

answer

AUTH TLS

SSH

Correct Answer:

PROT

PASV

Explanation

The PROT command is used in FTP over Explicit TLS (FTPES) to encrypt the
data connection for actual file transfers after an unsecure connection has
been upgraded to a secure one using the AUTH TLS command. This ensures
that not only the authentication credentials are protected but also the data
being transferred.

AUTH TLS is incorrect because it is the command used to upgrade an

unsecure connection to a secure one, not for encrypting the data connection
for file transfers.

PASV is incorrect as it is a command used to request passive mode, which is

related to how the connection is established between the client and server
for data transfer, but it does not encrypt the data.

SSH is incorrect because it is a protocol used by SFTP for secure file

transfers, not a command within the FTP or FTPES protocols.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.3 File Transfer Protocol

o 7.2.4 Secure File Transfer Protocol

resources\text\t_sftp_n09\q_sftp_prot_command_n09.question.xml

 Question 10.

Correct

Which protocol is typically used for copy or backup operations on a NAS

appliance?

answer

SMTP

Correct Answer:

SMB or FTP

SNMP

HTTP

Explanation

NAS appliances commonly use application protocols like SMB (Server

Message Block) or FTP (File Transfer Protocol) for performing copy or backup
operations at the file level.
HTTP is primarily used for web traffic and not typically for copy or backup
operations on NAS.

SMTP is used for sending emails, not for file transfers or backups.

SNMP is used for network management and monitoring, not for file transfers
or backups.

References

o 7.2.5 Server Message Block

o 7.2.6 Network Attached Storage

resources\text\t_file_services_n09\
q_file_services_nas_copy_backup_n09.question.xml

 Question 11.

Correct

Why is SMB1 now disabled by default on current Windows versions?

answer

It does not support printing services.

It is too slow.

Correct Answer:

It has very serious security vulnerabilities.

It does not support encryption.

Explanation

SMB1 is disabled by default due to its serious security vulnerabilities, which

pose significant risks to network security.

The primary reason for disabling SMB1 is not its speed but its security
vulnerabilities.

While SMB1 does not support encryption, the main reason for its deprecation
is its security vulnerabilities.

SMB1 does support printing services, but it is disabled due to security

concerns, not functionality limitations.

References
 o 6.1.6 Common TCP and UDP Ports

o 7.2.5 Server Message Block

resources\text\t_file_services_n09\
q_file_services_smb1_disabled_n09.question.xml

 Question 12.

Correct

Which version of SMB supports message encryption?

answer

All versions

Correct Answer:

SMB3

SMB1

SMB2

Explanation

SMB version 3 introduced support for message encryption, which can be

enabled on a file server or on a per-share basis.

SMB1 does not support message encryption and has serious security
vulnerabilities.

SMB2 introduced several improvements over SMB1 but did not include
message encryption.

Only SMB3 supports message encryption; earlier versions do not.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.5 Server Message Block

resources\text\t_file_services_n09\q_file_services_smb3_n09.question.xml

 Question 13.

Correct

Which operating system is typically used by NAS appliances?

answer

Windows

iOS

Correct Answer:

Linux-based

MacOS

Explanation

NAS appliances typically use a bespoke operating system that is based on

Linux. This allows for flexibility and stability in managing file storage.

Windows is commonly used for PCs and servers but not typically for NAS
appliances.

MacOS is used for Apple's computers and is not the standard OS for NAS
devices.

iOS is used for Apple's mobile devices and is not suitable for the operation of
NAS appliances.

References

o 7.2.5 Server Message Block

o 7.2.6 Network Attached Storage

resources\text\t_nas_n09\q_nas_linux_os_n09.question.xml

 Question 14.

Correct

What is the primary function of a database?

answer

To encrypt data using transport layer security

To store data in a static format that cannot be updated

To serve as a graphical user interface for data management

Correct Answer:

To provision information in a format that can be read and updated

Explanation

A database's primary function is to organize and provision data in a way that

it can be easily read, updated, and managed through queries. This allows for
dynamic interaction with the stored data.

Databases are designed to allow updates to the stored data.

Encryption is a security feature, not the primary function of a database.

While some databases come with GUIs for management, the primary
function of a database is data storage and retrieval, not serving as a GUI.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.7 Database Services

resources\text\t_db_services_n09\
q_db_services_primary_role_n09.question.xml

 Question 15.

Correct

What is the purpose of using TLS transport encryption in databases?

answer

Correct Answer:

To secure data transmission over the network

To improve the graphical user interface

To increase data storage capacity

To synchronize data between servers

Explanation

TLS transport encryption is used to secure data as it is transmitted over the

network, protecting it from interception and unauthorized access.

TLS encryption does not affect storage capacity.

TLS encryption is unrelated to the graphical user interface.

While TLS can secure data during synchronization, its primary purpose is to
secure data in transit, not the synchronization process itself.
References

o 6.1.6 Common TCP and UDP Ports

o 7.2.7 Database Services

resources\text\t_db_services_n09\
q_db_services_tls_purpose_n09.question.xml

7.3 Email and Voice Services

7.3.1 Simple Mail Transfer Protocol

Electronic mail enables a person to compose a message and send it to

another user on their own network (intranet) or anywhere in the world via
the Internet. Email uses separate mail transfer and mailbox access protocols:

Description

Operation of delivery and mailbox email protocols. (Images © 123RF.com.)

The Simple Mail Transfer Protocol (SMTP) specifies how email is

delivered from one system to another. The SMTP server of the sender
discovers the IP address of the recipient SMTP server by using the domain
name part of the recipient's email address. The SMTP servers for the domain
are registered in DNS using mail exchange (MX) and host (A/AAAA) records.

SMTP does not queue messages indefinitely. If there is a communication

problem, the SMTP server retries at regular intervals before timing out and
returning a non-delivery report (NDR) to the sender. The NDR will contain an
error code indicating the reason the item could not be delivered. SMTP
provides no mechanism for the persistent storage of messages.

SMTP communications can be secured using TLS. This works much like HTTPS
with a certificate on the SMTP server and a negotiation between client and
server about which cipher suites to use. There are two ways for SMTP to use
TLS:

 STARTTLS—This is a command that upgrades an existing insecure

connection to use TLS. This is also referred to as explicit TLS or
opportunistic TLS. This method is now deprecated but does remain in
widespread use.

 Implicit TLS—This establishes the secure connection before any SMTP

commands (HELO, for instance) are exchanged. Implicit TLS is now
considered the preferred method.

Typical SMTP configurations use the following ports and secure services:

 Port 25—Used for message relay between SMTP servers, or message

transfer agents (MTAs). If security is required and supported by both
servers, the STARTTLS command can be used to set up the secure
connection.

 Port 465—Used for SMTP Submission with implicit TLS. SMTP

Submission is a subset of SMTP that allows the message submission
agent (MSA) part of a mail client to transfer messages for delivery by a
server.

 Port 587—Used for SMTP Submission with explicit TLS. Servers

configured to support port 587 should use STARTTLS and require
authentication before message submission.

Mail clients can use port 25 to submit messages to the server for delivery,
but this is not best practice. Use of port 25 is typically reserved for relay
between servers.
7.3.2 Internet Message Access Protocol

SMTP is useful only to deliver mail to hosts that are permanently available.
When a message is received by an SMTP server, it delivers the message to a
mailbox server. This could be a separate machine or a separate process
running on the same server. A mailbox access protocol allows the user's
client email software to operate the mailbox.

Configuring mailbox access protocols on a server. (Screenshot courtesy of

Mozilla Foundation.)

Internet Message Access Protocol (IMAP) is the most widely used mail
retrieval protocol. IMAP supports permanent connections to a server and
connecting multiple clients to the same mailbox simultaneously. It also allows
a client to manage the mailbox on the server (to organize messages in
folders and to control when they are deleted, for instance) and to create
multiple mailboxes.
A client connects to an IMAP server over TCP port 143, but this port is
insecure. Connection security can be established using a TLS. The default
port for IMAPs is TCP/993.

In a Windows environment, the proprietary Messaging Application

Programming Interface (MAPI) protocol is typically used to access Microsoft
Exchange mailboxes. MAPI uses HTTPS as a secure transport protocol.

7.3.3 Voice and Video Services

Voice over IP (VoIP), web conferencing, and video teleconferencing (VTC)

solutions have become standard methods for the provision of business and
social communications. Many networks are upgrading from legacy voice
services to IP-based protocols and products.

Private Branch Exchange

Legacy voice services use the public switched telephone network (PSTN). A
residential telephone installation would be serviced by a simple box
providing a one- or two-line analog interface to the local exchange. This
analog interface is also referred to as the plain old telephone service (POTS).
Each line provides a single channel for an incoming or outgoing call. A typical
business requires tens or hundreds of lines for voice communications, let
alone capacity for data communications. Historically, this requirement would
have been facilitated by a digital trunk line, also referred to as
a time division multiplexing (TDM) circuit. A TDM can multiplex separate
voice and data channels for transmission over a single cable.

A private branch exchange (PBX) is an automated switchboard providing

a single connection point for an organization's voice lines. A TDM-based PBX
connects to the telecommunications carrier over a digital trunk line, which
will support multiple channels (inward and outward calls). The PBX allows for
the configuration of the internal phone system to direct and route calls to
local extensions and provides other telephony features such as call waiting,
music on hold, and voicemail.

VoIP-Enabled PBX

TDM-based PBXes are being replaced by hybrid and fully IP/VoIP PBXes. For
internal calls and conferences, a VoIP PBX establishes connections between
local VoIP endpoints with data transmitted over the local Ethernet network. A
VoIP PBX can also route incoming and outgoing calls from and to external
networks. This might involve calls between internal and external VoIP
endpoints, or with voice telephone network callers and receivers. A VoIP PBX
will also support features such as music on hold and voicemail.

A TDM PBX is supplied as vendor-specific hardware. A VoIP PBX can be

implemented as software running on a Windows or Linux server. Examples of
software-based solutions include 3CX (3cx.com) and Asterisk (asterisk.org).
There are also hardware solutions, where the VoIP PBX runs on a router, such
as Cisco Unified Communications Manager
(cisco.com/c/en/us/products/unified-communications/unified-
communications-manager-callmanager/index.html).

A VoIP PBX would normally be placed at the network edge and be protected
by a firewall. Internal clients connect to the PBX over Ethernet data cabling
and switching infrastructure, using Internet Protocol (IP) at the Network layer
for addressing. The VoIP PBX uses the organization's Internet link to connect
to a VoIP service provider, which facilitates inward and outward dialing to
voice-based telephone networks.
Description

A VoIP PBX facilitates internal IP calls and calls to and from external VoIP
networks and the landline and cellular telephone networks. (Images ©
123RF.com.)

7.3.4 VoIP Protocols

Voice and video services can be challenging to support because they require
response times measured in milliseconds (ms). Delayed responses will result
in poor call or video quality. This type of data can be one-way, as is the case
with media streaming, or two-way, as is the case with VoIP and VTC.

The protocols designed to support real-time services cover one or more of

the following functions:

 Session control—Used to establish, manage, and disestablish

communications sessions. They handle tasks such as user discovery
 (locating a user on the network), availability advertising (whether a
user is prepared to receive calls), negotiating session parameters (such
as use of audio/video), and session management and termination.

 Data transport—Handles the delivery of the actual video or voice

information.

 Quality of service (QoS)—Provides information about the connection

to a QoS system, which in turn ensures that voice or video
communications are free from problems, such as dropped packets,
delay, or jitter.

Session Initiation Protocol

The Session Initiation Protocol (SIP) is one of the most widely used
session control protocols. SIP endpoints are the end user devices (also known
as user agents), such as IP-enabled handsets or client and server web
conference software. Each device, conference, or telephony user is assigned
a unique SIP address known as a SIP Uniform Resource Identifier (URI).
Examples of SIP URIs include:

sip:[email protected]

sip:[email protected]

sip:jaime@2622136227

meet:sip:[email protected];ms-app=conf;ms-conf-id=subg42

There is also a tel: URI scheme allowing SIP endpoints to dial a landline or
cell phone. A tel: URI can either use the global (E.164) format (such as tel:
+1-866-8358020) or a local format (for internal extensions).

SIP typically runs over UDP or TCP ports 5060 (insecured) and 5061 (SIP-TLS).
SIP has its own reliability and retransmission mechanisms and can thus be
seen to benefit most from the lower overhead and reduced latency and jitter
of UDP. Some enterprise SIP products use TCP anyway.

Real-Time Transport Protocol and RTP Control Protocol

While SIP provides session management, the actual delivery of real-time data
uses different protocols. The principal one is Real-time Transport Protocol
(RTP). RTP enables the delivery of a stream of media data via UDP, while
implementing some of the reliability features usually associated with TCP
communications. RTP works closely with the RTP Control Protocol (RTCP).
Each RTP stream uses a corresponding RTCP session to monitor the quality of
the connection and to provide reports to the endpoints. These reports can
then be used by the applications to modify codec parameters or by the
network stacks to tune quality of service (QoS) parameters.

Configure a VoIP Server 00:00-00:26

Voice over Internet Protocol, or VoIP, is the ability to make phones calls over
the internet. Landlines or telephone lines used to be the main method to
receive phone calls, but VOIP and cell phones have replaced much of the
existing infrastructure. Not only can they provide more options, they can
even save you money as well.

Server Setup 00:26-01:31

Today, we're going to be working with an open-source VOIP server called

FreePBX. We can deploy this simply with an ISO on a virtual or physical
machine. It's also possible to purchase an appliance for FreePBX, but this
isn't required. First, we need to change our server's name. We really don't
want the label VoIP server for our name. Go to 'Settings' and then 'Advanced
Settings'. We're going to scroll to the bottom where we see 'System
Identity'. Let's change that to 'Testout VoIP'. After we click 'Submit', 'Apply
Config' at the top will save the running config. Next, we're going to go to
'Admin' and then 'System Admin'. There's also options to change the
Hostname here. Let's change this to 'testoutpbx.testout.com' and click
'Update Hostname'. Under Time Zone, if you want to put your actual time
zone instead of UTC, you'd set that here. It's a good idea to have the
FreePBX server and the VoIP phones in sync.

IP and Port Configuration 01:31-04:30

Typically, when FreePBX is built, it's set to DHCP. We want to make sure this
is static so that any firewall rules or phones connecting to this IP will
work. Leaving the DHCP in place could result in an IP change if a reservation
isn't set up. These options are in 'Admin' and 'System Admin'.

On the right-hand side, you'll see 'Network Settings'. Click that. We want to
change this to 'Static' and then pick a different IP address that isn't in our
DHCP range. The rest of the settings can be left as is; these are the right
settings for our network. Saving this interface brings up a window
reminding us of the risks related to changing these settings. Click 'Save and
Apply'. Since the IP has changed, we have to go to the new one. We just
change our IP to '150' on the end and it'll refresh the screen. It's possible
that it might prompt us for a re-login.
Now that that's out of the way, we need to change some more
settings. Under 'Settings' and 'Asterisk SIP Settings', we're interested
specifically in the NAT settings here. If these aren't set right, you could have
problems. For example, we want to define our external (public) IP address
and define all our local networks to use FreePBX. You can see tabs for
chan_pjsip and chan_sip. The chan_pjsip driver is a newer one that
hasn't been used by many SIP trunk providers yet. A SIP trunk is a media
service provided by companies to trunk your phones to a public-switched
phone network. Without a SIP trunk, all you could do would be dial internal
business extensions. We know that our SIP trunk provider is only using
chan_sip, so we need to update our ports. Basically, we need to switch the
port 5060, which is the chan_pjsip one, to use something else so that
chan_sip can have it.

On our chan_pjsip tab, we scroll down and change the port to say
'5260'. When we submit the config, it does give us a note telling us Asterisk
will need to be restarted so the port changes can take effect. Let's apply the
config before proceeding. The easiest way to do this is to go to our console
session for this server. We're going to open PuTTY and go to
'192.168.30.150'. Next, we provide the root username and password for the
server. Then all we need to type is 'fwconsole restart'. This will run through
restarting Asterisk. Since this process takes several iterations to complete,
we're going to fast forward.

Now that our changes are done, we can show you the final product. On our
chan_pjsip, the port is 5160. And if we go to the chan_sip tab, our port is
5060. Basically, we just flipped the ports since weren't not using chan_pjsip.

SIP Trunks 04:30-06:35

Next, we're going to look at the area where we configure SIP trunks. Under
'Connectivity' and 'Trunks' is where we'd define our SIP trunk vendor. The
nice thing is that there's a built-in vendor called SIPStation. So, if you do use
SIPStation, it's very easy to configure the SIP trunk with little to no hassle.

Our SIPStation trunks are already defined, but we were unable to show the
wizard due to the personal information needed. If you didn't use SIPStation
and you wanted to add another vendor, you'd typically click 'Add Trunk' and
then 'Add SIP (chan_sip) Trunk'. The SIP trunk provider should give you all the
information you need or a tutorial on how to set it all up. For example, if you
want to set up a trunk name, the phone number associated with your SIP
trunk channel would be listed on the outbound caller ID here. On the 'sip
Settings' tab, you'd provide a Trunk Name and PEER Details. These details
provide the proper connection details, username, and password to connect to
your SIP trunk provider. You'd put similar details on the Incoming tab as
well. Once a trunk is defined, you can then configure the Inbound and
Outbound routes. This is necessary. Otherwise, FreePBX doesn't know
where to route incoming and outgoing calls. Under 'Connectivity' and
'Inbound Routes', you can see that we have one phone number defined from
our SIPStation wizard. If you go to the edit icon, that number is defined as
the DID number because we're using DID verification for the destination
SIPStation trunk. If we go to 'Connectivity' and then 'Outbound Routes', we
see the SIPStation-Out route, too. There are three outbound routes
configured, like the E911 one here, our normal SIPStation outbound route,
and an international outbound route as well. We're just going to deal with the
general outbound route, so let's click the edit icon.

At the bottom, you can see which trunks this is tied to. There are two trunks
listed for redundancy. Under dial patterns is where you configure patterns for
outbound calls. These are the default for SIPStation, but if your company has
a need to switch these patterns, they could do so here.

Extensions 06:35-08:32

Our server is mostly ready. The last thing we need to look at is extensions. To
do so, let's go to 'Applications' and 'Extensions'. As you can see, we have
none. To add one, we can click 'Add Extension' or 'Quick Create
Extension'. The Quick Create option makes things simpler, so let's go with
that.

The Type will be 'chan_sip' since our provider is using that one. The
Extension Number typically shouldn't be the number 1. We're going to start
at 100, but your organization can start on another one if they want.

Display Name would be the name of the person using the phone. You can
specify the Outbound Caller ID, but this would override the caller ID when
going out of a trunk. For now, we're not going to set that. Next, we can put in
an email, such as '[email protected]'.

On Step 2, there isn't much to configure. However, I am going to point out

some options. Enable Find Me/Follow Me is a cool option that can ring
another phone, like your cell phone, if you aren't at your desk. On the bottom
here, we can change the Voicemail PIN on creation or just do that later. Click
'Finish'. Now our extension is created.
Let's go back into it by clicking the edit icon. First, the area that says Secret
will need the password to authenticate to FreePBX. As we scroll down, I want
to look at User Manager Settings. By default, the extension and the
username will be the same unless you click the box for Use Custom
Username. As you hover over the password, it becomes visible. The
username and the user's secret will be needed to authenticate with a phone
on FreePBX. You don't want to confuse the password listed at the bottom
here, as this won't be used on the VOIP phone. Don't forget to save any
config changes made. Let's click the 'Apply Config' button.

Now that we have all these settings in place, we should be able to configure
more extensions. Keep in mind that you'll need to do some server
hardening to make sure that this FreePBX server is secure.

Summary 08:32-08:44

That's it for this demo. In this demo, we showed you how to set up a FreePBX
server, provided an overview of SIP trunks, and set up a VoIP phone
extension.

7.3.5 VoIP Phones

A VoIP/SIP endpoint can be implemented as software running on a computer

or smartphone or as a dedicated hardware handset. VoIP phones use VLAN
tagging to ensure that the SIP control and RTP media protocols can be
segregated from normal data traffic. In a typical voice VLAN configuration,
the LAN port on the handset is connected to the wall port, while the PC is
connected to the PC port on the handset. The two devices share the same
physical link, but data traffic is distinguished from voice traffic by configuring
separate VLAN IDs.

Handsets can use Power over Ethernet (PoE), if available, to avoid the need
for separate power cabling or batteries. There are also wireless handsets that
work over 802.11 Wi-Fi networks.

Connection security for VoIP works in a similar manner to HTTPS. To initiate

the call, the secure version of SIP (SIPS) uses digital certificates to
authenticate the endpoints and establish a TLS tunnel. The secure
connection established by SIPS can also be used to generate a master key to
use with the secure versions of the transport and control protocols.
When you are installing a new handset, you should also test that the
connection works and that the link provides sufficient call quality. Most
service providers have test numbers to verify basic connectivity and perform
an echo test call, which replays a message you record so that you can
confirm voice quality.

Configure a VoIP Phone 00:00-00:25

A Voice over IP, or VoIP, phone is a phone that's specifically used with a VoIP
telephone system. This phone hooks up to a RJ45 connector rather than to a
RJ11 one, which is a standard telephone line. There are many brands of VoIP
phones available, but today, we're just going to look at one from this
particular vendor Polycom.

Initial Setup 00:25-01:57

What you see here is a web browser for the Polycom phone we have on our
network. You should enable DHCP by default so that you can go onto the
phone's screen to obtain the assigned IP address. Our address happens to be
192.168.30.102. When we log in, the default password is 456. Just like the
note up here says, we suggest that you change the default admin password.

This model is a VVX 400. Typically, VoIP phones are more universal when it
comes to business phone systems because they aren't tied to one
brand. First, let's go to 'Preferences' and then 'Date and Time'. It's a good
idea to have the VoIP server and phone synced to the same Network Time
Protocol, or NTP, server. Simple Network Time Protocol, or SNTP, is similar to
NTP. It's basically implemented when a full NTP implementation isn't
necessary. Since we don't have an NTP server on site, let's set this up.

Our first server will be 'pool.ntp.org', and the second one will be 'north-
america.pool.ntp.org' since we're in North America. We're going to set the
time zone and alternate the same because we don't want an alternate time
zone. You can use the overrides, but if you don't have an NTP server on your
network, it won't matter. Also, we can see that daylight savings time is
enabled already. Click 'Save'.

Line Settings 01:57-04:00

To configure this phone on a FreePBX VoIP server, we need to go to 'Settings'

and then 'Lines'. The Display Name is typically the name of the person who's
using the phone. The Address and Label can be the phone's extension. The
number of line keys are for multiple direct numbers or even shared
numbers. In some businesses, this might be set to 6, for example, if you
have six total lines to set up per phone. SRTP is a protocol that adds more
security features to the phone's communications. We're just going to leave
the defaults for now.

Under 'Authentication', our domain will be the FreePBX server, which is

192.168.30.150. The User ID is the extension on the FreePBX server. To grab
this information, we're going to hop over to our Freepbx server tab. Under
'Applications and Extensions', we have one extension listed here that we
already created. Extension 100 is for a user called Daniel Jackson. If we go
into the 'Edit mode', there's more information listed about this extension. The
secret here is the password we'll use to authenticate to the FreePBX
server. Let's go ahead and copy that.

Now back to our Polycom phone. We can enter the user ID of '100' and paste
our password. We'll enter same IP under the Server 1 tab for the address
'192.168.30.150'. The port doesn't need to be set, as the default is 0.

The last part we need to configure is the Message Center. Although it's called
that, it's really just our voicemail. To access this on a FreePBX server, we use
*97 in both the subscription address and callback contact. Let's set the
callback mode to 'Contact'. Having this setup allows for the
voicemail buttons on the phone to work properly. Click 'Save' at the
bottom. Great! Our phone is set up and ready to go.

Troubleshooting 04:00-04:39

There may be times where troubleshooting is required for these

phones. There are some tools here to help with figuring out what the problem
is. Under 'Diagnostics', we can view and download logs. If there were errors
or problems occurring, we could go here and see if there were some logs
related to the issue we were having. Under 'Utilities', there are a few options,
such as Import & Export Configuration, Phone Backup & Restore, Software
Upgrade, and even Restart and Reboot. You might think those two
last options are the same, but they're not. Restart just restarts the
application on the phone, while Reboot restarts the kernel and
the application, which results in a longer boot time.

Summary 04:39-04:45

That's it for this demo. In this demo, we configure a VoIP phone.

7.3.6 Lab: Connect VoIP 1

3/1/24, 11:18 AM
Learning Platform | CompTIA

https://labsimapp.testout.com/v6_0_588/simwindow.html?
c2ltRGVmVXJsPWh0dHBzJTNBJTJGJTJGY2RuLnRlc3RvdXQuY29tJTJGX3ZlcnNpb
25fNj…

1/2

Lab Report

Lab Report

Time Spent: 00:09

Score: 0/4 (0%)

Not Passed

Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

Connect the IP phone in the LobbyShow Details

Plug the Exec workstation and monitor into the surge protector

Connect the IP phone in the Executive OfficeShow Details

Ensure that the workstation in the Executive Office is connected to the

network and the internet

 In the Lobby, complete the following:

o Connect the LAN port on the IP phone to the Ethernet port on the
wall outlet.

o Plug in the IP phone using the power adapter.

 In the Executive Office, complete the following:

o Connect the Exec workstation and its monitor to a surge

protector.

o Connect the LAN port on the IP phone to the Ethernet port on the
wall outlet.

o Connect the PC port on the IP phone to the workstation's NIC.

o Plug in the IP phone using the power adapter.

 o Confirm that the workstation is connected to the network and the
internet using the Settings app.

EXPLANATION

Complete this lab as follows:

1. Connect the IP phone in the Lobby to the network.

a. Under Lobby, select Hardware.

b. Under Shelf, expand Phones.

c. For the IP phone shown, select Details and then select Specifications.

Make note of the port options.

d. Close the IP phone details window.

e. Drag the IP phone to the Workspace.

f. Above the IP phone, select Back to switch to the back view of the phone.

g. Under Shelf, expand Cables.

h. Drag Cat5e Cable, RJ45 to the LAN port on the phone.

i. From the Selected Component pane, drag the unconnected RJ45 Connector
to the Ethernet port on the

wall outlet.

j. Under Shelf, select the Power Adapter.

k. From the Select Connector window:

Drag the DC Power Connector to the DC power connector on the phone.

Drag the AC Power Adapter to the wall outlet.

l. Above the IP phone, select Front to switch to the front view of the phone.
Confirm that the phone's

display is on.

2. Connect the Exec workstation and its monitor to a surge protector.

a. From the top left, select Floor 1 Overview.

b. Under Executive Office, select Exec.

c. Right-click Start.

d. Select Shut down or sign out > Shut down.

e. Under Shelf, expand Outlets.

f. Drag the Surge Protector to the Workspace.

g. Drag both AC Power plugs from the wall outlet to an open outlet on the
surge protector.

h. Select the Surge Protector.

i. From the Selected Component pane, drag the AC Power Connector (Male)
to an open plug on the wall

outlet.

3. Connect the IP phone in the Executive Office to the network.

a. Under Shelf, expand Phones.

b. Drag the IP phone to the Workspace.

c. Above the IP phone, select Back to switch to the back view of the phone.

d. Under Shelf, expand Cables.

e. Drag Cat5e Cable, RJ45 to the LAN port on the phone.

f. From the Selected Component pane, drag the unconnected RJ45 Connector
to the Ethernet port on the

wall outlet.

g. Above the workstation, select Back to switch to the back view of the
workstation.

h. From the Shelf, drag Cat5e Cable, RJ45 to the PC port on the phone

7.3.7 Lab: Connect VoIP 2

 From the Lobby and the Executive Office, complete the following:

o Disconnect the AC/DC adapter from the IP phone and the wall.

o Place the AC/DC power adapters on the Shelf.

o Confirm that the phones are still receiving power through PoE.
 Install an IP phone in the Support Office.

o Place the IP phone in the Workspace.

o Move the Ethernet cable from the computer to the LAN port on
the phone.

o Connect an Ethernet cable from the workstation's NIC to the

phone's PC port.

 Make sure the Support computer is still connected to the internet.

o ping 198.28.2.254.

 Complete this lab as

follows:
 1. From the Lobby,
disconnect the AC/DC
adapter from the IP phone
and the wall.
 a. Under Lobby, select
Hardware.
 b. Above the IP phone,
select Back to switch to
the back view of the
phone.
 c. Drag the DC power
connector from the phone
to the Shelf.
 d. Drag the AC power plug
from the wall outlet to the
Shelf.
 e. Above the IP phone,
select Front to switch to
the front view of the phone
and confirm it is on.
 2. From the Executive
Office, disconnect the
AC/DC adapter from the IP
phone and the wall.
 a. From the top left, select
Floor 1 Overview.
 b. Under Executive Office,
select Hardware.
 c. Above the IP phone,
select Back to switch to
the back view of the
phone.
 d. Drag the DC power
connector from the phone
to the Shelf.
 e. Drag the AC power plug
from the wall outlet to the
Shelf.
 f. Above the IP phone,
select Front to switch to
the front view of the phone
and confirm it is on.
 3. From the Support Office,
connect an IP phone.
 a. From the top left, select
Floor 1 Overview.
 b. Under Support Office,
select Hardware.
 c. Under Shelf, expand
Phones.
 d. Drag the IP Phone to the
Workspace.
 e. Above the IP phone,
select Back to switch to
the back view of the
phone.
 f. Above the workstation,
select Back to switch to
 the back view of the
workstation.
 g. Drag the RJ45 Ethernet
cable from the workstation
to the LAN port (top port)
on the IP phone.
 h. Under Shelf, expand
Cables and then select
Cat5e Cable, RJ45.
 i. From the Selected
Component pane:
 Drag an RJ45 Connector to
the PC port on the phone.
 Drag the other
unconnected RJ45
Connector to the NIC on
the workstation.
 4. Make sure the Support
computer is still connected
to the internet.
 a. On the Support monitor,
select Click to view Linux.
 b. From the favorites bar,
select Terminal.
 c. From the terminal, type
ping -c4 198.28.2.254 (the
ISP) and press Enter.
 Complete this lab as
follows:
 1. From the Lobby,
disconnect the AC/DC
adapter from the IP phone
and the wall.
 a. Under Lobby, select
Hardware.
 b. Above the IP phone,
select Back to switch to
the back view of the
phone.
 c. Drag the DC power
connector from the phone
to the Shelf.
 d. Drag the AC power plug
from the wall outlet to the
Shelf.
 e. Above the IP phone,
select Front to switch to
the front view of the phone
and confirm it is on.
 2. From the Executive
Office, disconnect the
AC/DC adapter from the IP
phone and the wall.
 a. From the top left, select
Floor 1 Overview.
 b. Under Executive Office,
select Hardware.
 c. Above the IP phone,
select Back to switch to
the back view of the
phone.
 d. Drag the DC power
connector from the phone
to the Shelf.
 e. Drag the AC power plug
from the wall outlet to the
Shelf.
 f. Above the IP phone,
select Front to switch to
the front view of the phone
and confirm it is on.
 3. From the Support Office,
connect an IP phone.
 a. From the top left, select
Floor 1 Overview.
 b. Under Support Office,
select Hardware.
 c. Under Shelf, expand
Phones.
 d. Drag the IP Phone to the
Workspace.
 e. Above the IP phone,
select Back to switch to
the back view of the
phone.
 f. Above the workstation,
select Back to switch to
the back view of the
workstation.
 g. Drag the RJ45 Ethernet
cable from the workstation
to the LAN port (top port)
on the IP phone.
 h. Under Shelf, expand
Cables and then select
Cat5e Cable, RJ45.
 i. From the Selected
Component pane:
 Drag an RJ45 Connector to
the PC port on the phone.
 Drag the other
unconnected RJ45
Connector to the NIC on
the workstation.
 4. Make sure the Support
computer is still connected
to the internet.
 a. On the Support monitor,
select Click to view Linux.
 b. From the favorites bar,
select Terminal.
 c. From the terminal, type
ping -c4 198.28.2.254 (the
ISP) and press Enter.
 Lab Report
 Lab Report
 Time Spent: 00:07
 Score: 0/4 (0%)
 Not Passed
 Passing Score: 4/4 (100%)
 TASK SUMMARY
 Required Actions
 Disconnect the AC adapter
from the IP phone in the
Lobby and place it on the
ShelfShow Details
 Disconnect the AC adapter
from the IP phone in the
Executive Office and place
it on the ShelfShow Details
 Add an IP phone to the
Support OfficeShow Details
 Confirm that the Support
workstation is connected
to the internet
 EXPLANATION
 Complete this lab as
follows:
 1. From the Lobby,
disconnect the AC/DC
adapter from the IP phone
and the wall.
 a. Under Lobby, select
Hardware.
 b. Above the IP phone,
select Back to switch to
the back view of the
phone.
 c. Drag the DC power
connector from the phone
to the Shelf.
 d. Drag the AC power plug
from the wall outlet to the
Shelf.
 e. Above the IP phone,
select Front to switch to
the front view of the phone
and confirm it is on.
 2. From the Executive
Office, disconnect the
AC/DC adapter from the IP
phone and the wall.
 a. From the top left, select
Floor 1 Overview.
 b. Under Executive Office,
select Hardware.
 c. Above the IP phone,
select Back to switch to
the back view of the
phone.
 d. Drag the DC power
connector from the phone
to the Shelf.
 e. Drag the AC power plug
from the wall outlet to the
Shelf.
 f. Above the IP phone,
select Front to switch to
the front view of the phone
and confirm it is on.
 3. From the Support Office,
connect an IP phone.
 a. From the top left, select
Floor 1 Overview.
 b. Under Support Office,
select Hardware.
 c. Under Shelf, expand
Phones.
 d. Drag the IP Phone to the
Workspace.
 e. Above the IP phone,
select Back to switch to
the back view of the
phone.
 f. Above the workstation,
select Back to switch to
 the back view of the
workstation.
 g. Drag the RJ45 Ethernet
cable from the workstation
to the LAN port (top port)
on the IP phone.
 h. Under Shelf, expand
Cables and then select
Cat5e Cable, RJ45.
 i. From the Selected
Component pane:
 Drag an RJ45 Connector to
the PC port on the phone.
 Drag the other
unconnected RJ45
Connector to the NIC on
the workstation.
 4. Make sure the Support
computer is still connected
to the internet.
 a. On the Support monitor,
select Click to view Linux.
 b. From the favorites bar,
select Terminal.
 c. From the terminal, type
ping -c4 198.28.2.254 (the
ISP) and press Enter
 Lab Report
 Lab Report
 Time Spent: 00:07
 Score: 0/4 (0%)
 Not Passed
 Passing Score: 4/4 (100%)
 TASK SUMMARY
 Required Actions
 Disconnect the AC adapter
from the IP phone in the
Lobby and place it on the
ShelfShow Details
 Disconnect the AC adapter
from the IP phone in the
Executive Office and place
it on the ShelfShow Details
 Add an IP phone to the
Support OfficeShow Details
 Confirm that the Support
workstation is connected
to the internet
 EXPLANATION
 Complete this lab as
follows:
 1. From the Lobby,
disconnect the AC/DC
adapter from the IP phone
and the wall.
 a. Under Lobby, select
Hardware.
 b. Above the IP phone,
select Back to switch to
the back view of the
phone.
 c. Drag the DC power
connector from the phone
to the Shelf.
 d. Drag the AC power plug
from the wall outlet to the
Shelf.
 e. Above the IP phone,
select Front to switch to
the front view of the phone
and confirm it is on.
 2. From the Executive
Office, disconnect the
AC/DC adapter from the IP
phone and the wall.
 a. From the top left, select
Floor 1 Overview.
 b. Under Executive Office,
select Hardware.
 c. Above the IP phone,
select Back to switch to
the back view of the
phone.
 d. Drag the DC power
connector from the phone
to the Shelf.
 e. Drag the AC power plug
from the wall outlet to the
Shelf.
 f. Above the IP phone,
select Front to switch to
the front view of the phone
and confirm it is on.
 3. From the Support Office,
connect an IP phone.
 a. From the top left, select
Floor 1 Overview.
 b. Under Support Office,
select Hardware.
 c. Under Shelf, expand
Phones.
 d. Drag the IP Phone to the
Workspace.
 e. Above the IP phone,
select Back to switch to
the back view of the
phone.
 f. Above the workstation,
select Back to switch to
the back view of the
workstation.
 g. Drag the RJ45 Ethernet
cable from the workstation
to the LAN port (top port)
on the IP phone.
 h. Under Shelf, expand
Cables and then select
Cat5e Cable, RJ45.
 i. From the Selected
Component pane:
 Drag an RJ45 Connector to
the PC port on the phone.
 Drag the other
unconnected RJ45
Connector to the NIC on
the workstation.
 4. Make sure the Support
computer is still connected
to the internet.
 a. On the Support monitor,
select Click to view Linux.
  b. From the favorites bar,
select Terminal.
 c. From the terminal, type
ping -c4 198.28.2.254 (the
ISP) and press Enter
• Make sure the Support computer is still connected to the internet.

o ping 198.28.2.254.

 • Lab Report
 • Time Spent: 00:07
 • Score: 0/4 (0%)
 • Not Passed
 • Passing Score: 4/4 (100%)
 • TASK SUMMARY
 • Required Actions
 • Disconnect the AC adapter from the IP phone in the Lobby and
place it on the ShelfShow Details
 • Disconnect the AC adapter from the IP phone in the Executive
Office and place it on the ShelfShow Details
 • Add an IP phone to the Support OfficeShow Details
 • Confirm that the Support workstation is connected to the internet
 • EXPLANATION
 • Complete this lab as follows:
 • 1. From the Lobby, disconnect the AC/DC adapter from the IP
phone and the wall.
 • a. Under Lobby, select Hardware.
 • b. Above the IP phone, select Back to switch to the back view of
the phone.
 • c. Drag the DC power connector from the phone to the Shelf.
 • d. Drag the AC power plug from the wall outlet to the Shelf.
 • e. Above the IP phone, select Front to switch to the front view of
the phone and confirm it is on.
 • 2. From the Executive Office, disconnect the AC/DC adapter from
the IP phone and the wall.
 • a. From the top left, select Floor 1 Overview.
 • b. Under Executive Office, select Hardware.
 • c. Above the IP phone, select Back to switch to the back view of
the phone.
 • d. Drag the DC power connector from the phone to the Shelf.
 • e. Drag the AC power plug from the wall outlet to the Shelf.
 • f. Above the IP phone, select Front to switch to the front view of
the phone and confirm it is on.
 • 3. From the Support Office, connect an IP phone.
 • a. From the top left, select Floor 1 Overview.
 • b. Under Support Office, select Hardware.
 • c. Under Shelf, expand Phones.
 • d. Drag the IP Phone to the Workspace.
 • e. Above the IP phone, select Back to switch to the back view of
the phone.
 • f. Above the workstation, select Back to switch to the back view
of the workstation.
 • g. Drag the RJ45 Ethernet cable from the workstation to the LAN
port (top port) on the IP phone.
 • h. Under Shelf, expand Cables and then select Cat5e Cable, RJ45.
 • i. From the Selected Component pane:
 • Drag an RJ45 Connector to the PC port on the phone.
 • Drag the other unconnected RJ45 Connector to the NIC on the
workstation.
 • 4. Make sure the Support computer is still connected to the
internet.
 • a. On the Support monitor, select Click to view Linux.
 • b. From the favorites bar, select Terminal.
 • c. From the terminal, type ping -c4 198.28.2.254 (the ISP) and
press Enter
 • Lab Report
 • Lab Report
 • Time Spent: 00:07
 • Score: 0/4 (0%)
 • Not Passed
 • Passing Score: 4/4 (100%)
 • TASK SUMMARY
 • Required Actions
 • Disconnect the AC adapter from the IP phone in the Lobby and
place it on the ShelfShow Details
 • Disconnect the AC adapter from the IP phone in the Executive
Office and place it on the ShelfShow Details
 • Add an IP phone to the Support OfficeShow Details
 • Confirm that the Support workstation is connected to the internet
 • EXPLANATION
 • Complete this lab as follows:
 • 1. From the Lobby, disconnect the AC/DC adapter from the IP
phone and the wall.
 • a. Under Lobby, select Hardware.
 • b. Above the IP phone, select Back to switch to the back view of
the phone.
 • c. Drag the DC power connector from the phone to the Shelf.
 • d. Drag the AC power plug from the wall outlet to the Shelf.
 • e. Above the IP phone, select Front to switch to the front view of
the phone and confirm it is on.
 • 2. From the Executive Office, disconnect the AC/DC adapter from
the IP phone and the wall.
 • a. From the top left, select Floor 1 Overview.
 • b. Under Executive Office, select Hardware.
 • c. Above the IP phone, select Back to switch to the back view of
the phone.
 • d. Drag the DC power connector from the phone to the Shelf.
 • e. Drag the AC power plug from the wall outlet to the Shelf.
 • f. Above the IP phone, select Front to switch to the front view of
the phone and confirm it is on.
 • 3. From the Support Office, connect an IP phone.
 • a. From the top left, select Floor 1 Overview.
 • b. Under Support Office, select Hardware.
 • c. Under Shelf, expand Phones.
 • d. Drag the IP Phone to the Workspace.
 • e. Above the IP phone, select Back to switch to the back view of
the phone.
 • f. Above the workstation, select Back to switch to the back view
of the workstation.
 • g. Drag the RJ45 Ethernet cable from the workstation to the LAN
port (top port) on the IP phone.
 • h. Under Shelf, expand Cables and then select Cat5e Cable, RJ45.
 • i. From the Selected Component pane:
 • Drag an RJ45 Connector to the PC port on the phone.
  • Drag the other unconnected RJ45 Connector to the NIC on the
workstation.
 • 4. Make sure the Support computer is still connected to the
internet.
 • a. On the Support monitor, select Click to view Linux.
 • b. From the favorites bar, select Terminal.
 • c. From the terminal, type ping -c4 198.28.2.254 (the ISP) and
press Enter


7.3.8 Lesson Review

Individual ResponsesObjective Analysis

 Question 1.

Incorrect

What does SMTP use to discover the IP address of the recipient's SMTP
server?

answer

The recipient's email password

Correct Answer:

The domain name part of the recipient's email address

The sender's IP address

Incorrect answer:

The recipient's physical address

Explanation

The SMTP server uses the domain name part of the recipient's email address
to discover the IP address of the recipient SMTP server through DNS.

The recipient's email password is not used in the process of discovering the
recipient's SMTP server IP address.

The sender's IP address is irrelevant to discovering the recipient's SMTP

server IP address.
The recipient's physical address has no role in the electronic process of SMTP.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.1 Simple Mail Transfer Protocol

o 7.3.2 Internet Message Access Protocol

resources\text\t_smtp_n09\q_smtp_domain_name_discover_n09.question.xml

 Question 2.

Correct

What is the purpose of the STARTTLS command in SMTP?

answer

To encrypt the entire email message content

To create a new email account

Correct Answer:

To upgrade an existing unsecure connection to use TLS

To downgrade the connection to an unsecure state

Explanation

STARTTLS is used to upgrade an existing unsecure SMTP connection to a

secure one using TLS, enhancing the security of email transmission.

STARTTLS upgrades, not downgrades, the connection to a secure state.

While STARTTLS helps secure the connection, encrypting the entire email
content is not its sole purpose.

Creating a new email account is not related to the STARTTLS command or

SMTP's functionality.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.1 Simple Mail Transfer Protocol

o 7.3.2 Internet Message Access Protocol

resources\text\t_smtp_n09\q_smtp_starttls_purpose_n09.question.xml
  Question 3.

Correct

What is one of the primary purposes of the Internet Message Access Protocol
(IMAP)?

answer

To deliver email to hosts that are permanently available

Correct Answer:

To manage a mailbox on a server

To encrypt email messages

To connect to web servers

Explanation

IMAP allows a client to manage the mailbox on the server, including

organizing messages in folders and controlling when they are deleted. This is
the primary purpose of IMAP, making it a powerful tool for email
management.

IMAP does not encrypt email messages; it is used for mailbox management.
Encryption can be added with TLS or other security protocols.

SMTP, not IMAP, is used to deliver email to hosts. IMAP is focused on mailbox
management.

IMAP is used for accessing and managing email mailboxes, not for
connecting to web servers.

References

o 7.3.2 Internet Message Access Protocol

resources\text\t_mailbox_n09\
q_mailbox_imap_primary_purpose_n09.question.xml

 Question 4.

Correct

In a Windows environment, which protocol is typically used to access

Microsoft Exchange mailboxes?

answer
Correct Answer:

MAPI

SMTP

IMAP

HTTPS

Explanation

In a Windows environment, the proprietary Messaging Application

Programming Interface (MAPI) protocol is typically used to access Microsoft
Exchange mailboxes. MAPI allows for integration with Microsoft products and
provides functionalities specific to Exchange.

IMAP is a general email access protocol and not specific to Microsoft

Exchange.

SMTP is used for sending emails, not for accessing mailboxes.

HTTPS is a secure transport protocol used on the web, not specifically for
accessing Microsoft Exchange mailboxes.

References

o 7.3.2 Internet Message Access Protocol

resources\text\t_mailbox_n09\q_mailbox_mapi_exchange_n09.question.xml

 Question 5.

Correct

What is a key advantage of using VoIP technology over traditional PSTN

lines?

answer

Higher call costs

Correct Answer:

Ability to transmit voice over IP networks

Requirement for separate voice and data channels

Limited call routing options

Explanation
VoIP technology allows for the transmission of voice communications over IP
networks, which can lead to cost savings, greater flexibility, and integration
with other IP-based services.

One of the advantages of VoIP is actually lower call costs compared to

traditional PSTN lines.

VoIP provides more, not limited, call routing options due to its use of IP
networks.

VoIP does not require separate voice and data channels; it can integrate
voice and data communications over the same IP network.

References

o 7.3.3 Voice and Video Services

resources\text\t_voice_video_n09\q_voice_video_pstn_line_n09.question.xml

 Question 6.

Correct

What is a significant difference between a TDM PBX and a VoIP PBX?

answer

A VoIP PBX requires a separate data channel for each call, while a TDM PBX
does not.

A TDM PBX can only support voice mail, while a VoIP PBX cannot.

Correct Answer:

A TDM PBX is supplied as vendor-specific hardware, while a VoIP PBX can be

implemented as software.

A TDM PBX uses the Internet for all calls, while a VoIP PBX uses the PSTN.

Explanation

A key difference between TDM and VoIP PBX systems is that TDM PBXes are
typically provided as specific hardware solutions, whereas VoIP PBXes can be
implemented as software running on general-purpose servers, offering more
flexibility.

Both TDM and VoIP PBX systems can support voice mail.
A VoIP PBX does not require a separate data channel for each call; it can
multiplex multiple calls over the same IP network.

It's the other way around; a TDM PBX primarily uses the PSTN, while a VoIP
PBX uses the Internet for transmitting voice communications.

References

o 7.3.3 Voice and Video Services

resources\text\t_voice_video_n09\
q_voice_video_tdm_vs_voip_n09.question.xml

 Question 7.

Correct

Which of the following is a unique identifier used by SIP endpoints?

answer

DNS name

IP address

Correct Answer:

SIP URI

MAC address

Explanation

The correct answer is SIP Uniform Resource Indicator (URI). SIP URIs are
unique identifiers assigned to devices, conferences, or telephony users in SIP
systems. They are used for user discovery and session initiation.

MAC address is a hardware identification number that uniquely identifies

each device on a network but is not used by SIP endpoints for identification
in VoIP systems.

IP address is a numerical label assigned to each device connected to a

computer network but is not specifically used as a unique identifier in SIP
systems.

DNS name is used to identify entities on the Internet but is not the specific
identifier used by SIP endpoints in VoIP communications.

References
 o 6.1.6 Common TCP and UDP Ports

o 7.3.4 VoIP Protocols

o 7.3.5 VoIP Phones

resources\text\t_voip_n09\q_voip_sip_unique_identifier_n09.question.xml

 Question 8.

Correct

What is the purpose of using a tel: URI scheme in SIP systems?

answer

To encrypt voice communications

To compress audio data for transmission

Correct Answer:

To dial a landline or cell phone

To assign unique identifiers to devices

Explanation

To dial a landline or cell phone is the correct answer. The tel: URI scheme
allows SIP endpoints to dial a landline or cell phone, either using the global
(E.164) format or a local format for internal extensions.

Encrypting voice communications is not the purpose of the tel: URI scheme;
it is used for dialing purposes.

Assigning unique identifiers to devices is the role of SIP URIs, not the tel: URI
scheme.

Compressing audio data for transmission is related to codec functions, not

the purpose of the tel: URI scheme in SIP systems.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.4 VoIP Protocols

o 7.3.5 VoIP Phones

resources\text\t_voip_n09\q_voip_uri_scheme_purpose_n09.question.xml
  Question 9.

Incorrect

How do VoIP phones distinguish data traffic from voice traffic?

answer

By using digital certificates for voice traffic only

Incorrect answer:

By prioritizing voice traffic over data traffic using PoE

Correct Answer:

By configuring separate VLAN IDs for data and voice traffic

By using separate physical links for each type of traffic

Explanation

The correct answer is by configuring separate VLAN IDs for data and voice
traffic. VoIP phones use VLAN tagging to configure separate VLAN IDs for
data and voice traffic, allowing the two types of traffic to be distinguished
and managed separately on the same physical network link.

By using separate physical links for each type of traffic is incorrect because
VoIP phones typically share the same physical link for both data and voice
traffic, using VLAN IDs to segregate them.

By using digital certificates for voice traffic only is incorrect because digital
certificates are used for securing communications, not for distinguishing
between data and voice traffic.

By prioritizing voice traffic over data traffic using PoE is incorrect because
PoE provides power, not traffic prioritization or segregation.

References

o 5.6.5 Voice VLANs

resources\text\t_voip_phones_n09\
q_voip_phones_data_vs_voice_traffic_n09.question.xml

 Question 10.

Correct

How do VoIP phones use VLAN tagging?

answer

To disable all data traffic except for VoIP communication

To prioritize video traffic over voice traffic

Correct Answer:

To ensure that SIP control and RTP media protocols are segregated from
normal data traffic

To ensure that voice and data traffic are combined on the same network

Explanation

The correct answer is to ensure that SIP control and RTP media protocols are
segregated from normal data traffic. VLAN tagging allows VoIP phones to
segregate SIP control and RTP media protocols from normal data traffic,
ensuring efficient and secure communication without interference from other
types of network traffic.

To ensure that voice and data traffic are combined on the same network is
incorrect because the purpose of VLAN tagging is to segregate, not combine,
different types of traffic.

To disable all data traffic except for VoIP communication is incorrect as VLAN
tagging segregates traffic types; it does not disable non-VoIP data traffic.

To prioritize video traffic over voice traffic is incorrect because VLAN

tagging's primary purpose in VoIP phones is to segregate SIP and RTP
protocols from normal data traffic, not to prioritize video over voice.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.4 VoIP Protocols

o 7.3.5 VoIP Phones

resources\text\t_voip_phones_n09\
q_voip_phones_vlan_tagging_n09.question.xml

7.4 Disaster Recovery and High Availability

7.4.1 Disaster Recovery Concepts

A disaster recovery plan (DRP) addresses large-scale network outage
incidents. These will typically be incidents that threaten the performance or
security of a whole site. A DRP should accomplish the following:

 Identify scenarios for natural and non-natural disasters and options for
protecting systems.

 Identify tasks, resources, and responsibilities for responding to a

disaster. Disaster recovery focuses on tasks such as switching services
to failover systems or sites and restoring systems and data from
backups.

 Train staff in the disaster planning procedures and how to react well to
adverse events.

Testing system resilience and incident response effectiveness are crucial for
organizations to recover from disruptions and maintain business continuity.
By conducting various tests, organizations can identify potential
vulnerabilities, evaluate the efficiency of their recovery strategies, and
improve their overall preparedness for real-life incidents.

 Tabletop exercises involve teams discussing and working through

hypothetical scenarios to assess their response plans and decision-
making processes. These exercises help identify knowledge,
communication, and coordination gaps, ultimately strengthening the
organization's incident response capabilities. For example, a tabletop
exercise might be an earthquake that destroys processing ability at a
primary site, testing failover to an alternate processing location.

 Validation tests involve performing simulations of failovers. This tests

that services can be restored using backup configurations and data.
Validation tests can also test metrics for recovery time. They can also
reveal any unexpected problems, such as dependencies between
services not being met during the failover process.

Where disaster recovery focuses on plans for specific scenarios, a business

continuity plan (BCP) or continuity of operations plan (COOP) is a
collection of processes and resources that enable an organization to maintain
normal business operations in the face of some adverse event. Continuity
planning activity focuses on the functions performed by a business or other
organization:
  Business impact analysis (BIA) identifies mission essential and primary
business functions and the risks that would arise if the organization
cannot fulfill them.

 IT contingency planning (ITCP) or IT service continuity planning (ITSCP)

ensures that these functions are supported by resilient IT systems,
working to identify and mitigate all single points of failure from a
process or function.

7.4.2 Disaster Recovery Metrics

Disaster recovery planning is governed by a variety of metrics that express

how reliable services are and how long it takes to recover from critical
events.

One of the key properties of a resilient system is availability. Availability is

the percentage of time that the system is online, measured over a certain
period, typically one year. The corollary of availability is downtime; that is,
the percentage or amount of time during which the system is unavailable.

High availability is a characteristic of a system that can guarantee a

certain level of availability. The Maximum Tolerable Downtime
(MTD) metric states the requirement for a business function. Downtime is
calculated from the sum of scheduled service intervals (Agreed Service Time)
plus unplanned outages over the period. High availability might be
implemented as 24x7 (24 hours per day, seven days per week) or 24x365
(24 hours per day, 365 days per year). For a critical system, availability will
be described as two-nines (99%) up to five- or six-nines (99.9999%).

Availability Annual MTD (hh:mm:ss)

99.9999% 00:00:32

99.999% 00:05:15

99.99% 00:52:34

99.9% 08:45:36

99% 87:36:00
A system where there is almost no scheduled downtime and outages are
extremely rare is also referred to as continuous availability. This sort of
availability is required when there is not just a commercial imperative, but a
danger of injury or loss of life associated with systems failure. Examples
include networks supporting medical devices, air traffic control systems,
communications satellites, networked autonomous vehicles, and smart traffic
signaling systems.

The MTD metric sets the upper limit on the amount of recovery time that
system and asset owners have to resume operations. Additional metrics can
be used to govern recovery operations:

 Recovery time objective (RTO). This is the period following a

disaster that an individual IT system may remain offline. This
represents the maximum amount of time allowed to identify that there
is a problem and then perform recovery (restore from backup or switch
in an alternative system, for instance).

 Work recovery time (WRT). Following systems recovery, there may

be additional work to reintegrate different systems, restore data from
backups, test overall functionality, and brief system users on any
changes or different working practices so that the business function is
again fully supported.

RTO+WRT must not exceed MTD!

Recovery point objective (RPO). This is the amount of data loss that a
system can sustain, measured in time units. That is, if a database is
destroyed by a virus, an RPO of 24 hours means that the data can be
recovered from a backup copy to a point not more than 24 hours before the
database was infected.
Description

Metrics governing mission essential functions. (Images © 123RF.com.)

Any data that has been lost between the RPO and the present needs to
either be accepted as a loss or reconstructed.

7.4.3 Disaster Recovery Sites

Within the scope of business continuity planning, disaster recovery plans

(DRPs) describe the specific procedures to follow to recover a system or site
to a working state. A disaster could be anything from a loss of power or
failure of a minor component to human-made or natural disasters, such as
fires, earthquakes, or acts of terrorism.

Providing redundant devices and spares or network links allows the spare
devices to be swapped in if existing systems fail. Enterprise-level networks
often also provide for spare sites. A spare site is another location that can
provide the same (or similar) level of service. A disaster or systems failure at
one site will cause services to failover to the alternate processing site.
Disaster recovery planning must demonstrate how this will happen, what
checks need to be made to ensure that failover has occurred successfully
(without loss of transactional data or service availability), and how to revert
to the primary site once functionality is restored there.

Site resiliency is described as hot, warm, or cold:

  A hot site can failover almost immediately. It generally means that the
site is already within the organization's ownership and is ready to
deploy. For example, a hot site could consist of a building with
operational computer equipment that is kept updated with a live
dataset.

 A warm site could be similar but with the requirement that the latest
dataset will need to be loaded.

 A cold site takes longer to set up. A cold site may be an empty
building with a lease agreement in place to install whatever equipment
is required when necessary.

Clearly, providing redundancy on this scale can be very expensive. Sites are
often leased from service providers. However, in the event of a nationwide
emergency, demand for the services is likely to exceed supply! Another
option is for businesses to enter into reciprocal arrangements to provide
mutual support. This is cost-effective but complex to plan and set up.

For many companies, the most cost-effective solution is to move processing

and data storage to a cloud site. A cloud operator should be able to maintain
hot site redundancy so that a disaster in one geographic area will not disrupt
service, because the cloud will be supported by a datacenter in a different
region.

7.4.4 Fault Tolerance and Redundancy

Switching services over to a disaster recovery site should be a rare

occurence. A resilient network should be able to deal with routine faults by
provisioning highly available systems. A fault is usually defined as an event
that causes a service to become unavailable. Each IT system will be
supported by assets, such as servers, disk arrays, switches, routers, and so
on. Each asset is susceptible to faults. Key performance indicators (KPIs) can
be used to determine the reliability of each asset and assess whether goals
for MTD, RTO, and RPO can be met. Some of the main KPIs relating to
component reliability are as follows:

 Mean time between failures (MTBF) represents the expected

lifetime of a product. The calculation for MTBF is the total operational
time divided by the number of failures. For example, if you have 10
appliances that run for 50 hours and two of them fail, the MTBF is 250
hours/failure (10*50)/2.
  Mean time to failure (MTTF) expresses a similar metric for non-
repairable components. For example, a hard drive may be described
with an MTTF, while a server, which could be repaired by replacing the
hard drive, would be described with an MTBF. The calculation for MTTF
is the total operational time divided by the number of devices. For
example, say two drives were installed in the server in a RAID array.
One had failed after 10 years, but had never been replaced, and the
second failed after 14 years, bringing down the array and the server.
The MTTF of the drives is (10+14)/2 = 12 years.

MTTF/MTBF can be used to determine the amount of asset redundancy a

system should have. A redundant system can failover to another asset if
there is a fault and continue to operate normally. It can also be used to work
out how likely failures are to occur.

 Mean time to repair (MTTR) is a measure of the time taken to

correct a fault so that the system is restored to full operation. This can
also be described as mean time to replace or recover. MTTR is
calculated as the total number of hours of unplanned maintenance
divided by the number of failure incidents. This average value can be
used to estimate whether a recovery time objective (RTO) is
achievable.

A system that can experience failures in individual components and

subsystems and continue to provide the same (or nearly the same) level of
service is said to be fault tolerant. Fault tolerance is often achieved by
provisioning redundancy for critical components to eliminate single points of
failure. A redundant or failover component is one that is not essential to the
normal function of a system but that allows the system to recover from the
failure of another component. Examples of devices and solutions that provide
fault tolerance include the following:

 Redundant spares—Components such as power supplies, network

cards, drives (RAID), and cooling fans provide protection against
hardware failures. A fully redundant server configuration is configured
with multiple components for each function (power, networking, and
storage). A faulty component will then automatically failover to the
working one.

 Network links—If there are multiple paths between switches and

routers, these devices can automatically failover to a working path if a
cable or network port is damaged.
  Uninterruptible power supplies (UPSs) and standby power
supplies—Provide power protection in the event of complete power
failure (blackout) and other types of building power issues.

 Backup strategies—Provide protection for data.

 Cluster services—A means of ensuring that the total failure of a

server does not disrupt services generally.

7.4.5 Load Balancers

Where NIC teaming allows load balancing at the component level, a load
balancer can be deployed as a hardware appliance or software instance to
distribute client requests across server nodes in a farm or pool. You can use a
load balancer in any situation where you have multiple servers providing the
same function. Examples include web servers, front-end email servers, and
web conferencing, video conferencing, or streaming media servers. The load
balancer is placed in front of the server network and distributes requests
from the client network or Internet to the application servers. The service
address is advertised to clients as a virtual server. This is used to provision
services that can scale from light to heavy loads, provision fault tolerant
services, and to provide mitigation against distributed denial of service
(DDoS) attacks.

Description

Topology of basic load balancing architecture. (Images © 123RF.com.)

There are two main types of load balancers:

 Layer 4 switch—Basic load balancers make forwarding decisions on IP

address and TCP/UDP header values, working at the Transport layer of
the OSI model.

 Layer 7 switch (content switch)—As web applications have become

more complex, modern load balancers need to be able to make
forwarding decisions based on application-level data, such as a request
for a particular URL or data types like video or audio streaming. This
requires more complex logic, but the processing power of modern
appliances is sufficient to deal with this.

We are used to associating switches with layer 2 (Ethernet), but appliances

can perform switch-like forwarding at layer 3, layer 4, and layer 7. These are
collectively referred to as multilayer switches.

Play Video

 Video Previous Segment

 Video Control Resume Play

 Video Next Segment

00:001. Configure Load Balancing Server

CC
1.6x

Volume Control

Interactive ScriptTheater ModeFull Screen

7.4.6 High Availability Clusters

Where a load balancer distributes traffic between independent processing

nodes, clustering allows multiple redundant processing nodes that share
data with one another to accept connections. If one of the nodes in the
cluster stops working, connections can failover to a working node. To clients,
the cluster appears to be a single server.

Play Video

 Video Previous Segment

 Video Control Resume Play

 Video Next Segment

00:001. Clustered Nodes and Network Connections

CC

1.6x
Volume Control

Interactive ScriptTheater ModeFull Screen

Virtual IP

For example, you might want to provision two load balancer appliances so
that if one fails, the other can still handle client connections. Unlike load
balancing with a single appliance, the public IP used to access the service is
shared between the two instances in the cluster. This is referred to as
a virtual IP or shared or floating address. The instances are configured with
a private connection, on which each is identified by its "real" IP address. This
connection runs some type of redundancy protocol, such as Common
Address Redundancy Protocol (CARP), that enables the active node to "own"
the virtual IP and respond to connections. The redundancy protocol also
implements a heartbeat mechanism to allow failover to the passive node if
the active one should suffer a fault.

Description

Topology of clustered load balancing architecture. (Images © 123RF.com.)

The same sort of topology can be used to deploy routers and firewalls for
high availability and load sharing.

Active-Passive and Active-Active Clustering

In the previous example, if one node is active, the other is passive. This is
referred to as active-passive clustering. The major advantage of
active/passive configurations is that performance is not adversely affected
during failover. However, the hardware and operating system costs might be
higher because of the unused capacity.

An active-active cluster means that both nodes are processing connections

concurrently. This allows the administrator to use the maximum capacity
from the available hardware while all nodes are functional. In the event of a
failover, the workload of the failed node is immediately and transparently
shifted onto the remaining node. At this time, the workload on the remaining
nodes is higher, and performance is degraded.

In a standard active-passive configuration, each active node must be

matched by a passive node. There are N+1 and N+M configurations that
provision fewer passive nodes than active nodes to reduce costs.

7.4.7 First Hop Redundancy

In a full or partial mesh network topology, alternate routes can be found to

bypass failed routers or faulty connections. However, end systems are
typically served by a single router configured as the default gateway. While it
is possible to configure hosts with multiple default gateways for fault
tolerance, this does not work well in practice, as it requires a greater degree
of complexity in the hosts' routing algorithms than is typically implemented
on an end system host.

To address this problem, various types of first hop redundancy protocols

(FHRP) have been developed.

Hot Standby Router Protocol

The proprietary Hot Standby Router Protocol (HSRP) developed by Cisco

allows multiple physical routers to serve as a single default gateway for a
subnet. To do this, each router must have an interface connected to the
subnet, with its own unique MAC address and IP address. In addition, they
also need to be configured to share a common virtual IP address and a
common MAC address. The group of routers configured in this way is known
as a standby group. They communicate among themselves using IP
multicasts and choose an active router based on priorities configured by an
administrator. The active router responds to any traffic sent to the virtual IP
address. Of the remaining routers in the standby group, the router with the
next highest priority is chosen as the standby router. The standby router
monitors the status of the active router and takes over the role if the active
router becomes unavailable, also triggering the selection of a new standby
router from the remaining routers in the group.

Description
Hot Standby Router Protocol (HSRP) topology. (Image © 123RF.com.)

Cisco also has the Gateway Load Balancing Protocol (GLBP) which allows for
an active/active load-balanced configuration.

Virtual Router Redundancy Protocol

The open standard protocol Virtual Router Redundancy Protocol (VRRP) is

similar to HSRP, with the differences mainly being in terminology and packet
formats. In VRRP, the active router is known as the master, and all other
routers in the group are known as backup routers. There is no specific
standby router; instead, all backup routers monitor the status of the master,
and in the event of a failure, a new master router is selected from the
available backup routers based on priority.

One advantage of VRRP over HSRP is that it does not require each router
interface to be assigned a unique IP address. It is possible to configure VRRP
routers to use only the virtual IP address. This can be useful on subnets
where address space utilization is high.

7.4.8 Lab: Configure NIC Teaming

You are the IT administrator for a small corporate network. You use
CorpServer for your production server and need to have the most throughput
possible. As a result, you need to configure NIC teaming.

In this lab, your task is to configure a NIC team on CorpServer as follows:

 Move the cable attached to the onboard NIC to the 4-port NIC on
CorpServer. Leave the other end in port 22 of the switch.

 Connect network cables from remaining ports on the 4-port NIC on

CorpServer to switch ports 19, 20, and 21.

 Configure the adapter ports as members of a NIC team using the

following parameters:

o Use NetTeam as the team name.

o Configure Ethernet 3 through Ethernet 6 as members of the

team.

o Verify the speeds of the individual connections.

 Answer Question 1.
 o Teaming mode: LACP

o Load balancing mode: Address Hash

o Standby adapter: None (all adapters Active)

 Configure the Hyper-V Virtual Switch Manager to use the new NIC team
for the External network using the Microsoft Network Adapter
Multiplexor Driver.

 Verify the status and speed of your network connection in the Network
and Sharing Center.

o Answer Question 2.

 Start Lab

 ask Summary
 Required Actions and
Questions
 Connect the 4 port NIC
to the switchShow
Details
 Create the NIC
teamShow Details
 Q1What is the
connection speed of
Ethernet 3, 4, 5, or 6?
 Your answer: 1 Gbps
 Correct answer: 1 Gbps
 Configure the External
network to use
NetTeamShow Details
 Q2What is the
connection speed of
NetTeam?
 Your answer: 4 Gbps
 Correct answer: 4 Gbps
 Explanation
 Complete this lab as
follows:
 1. Move the network
cable from the onboard
adapter in the
CorpServer to the 4-
port NIC in
 CorpServer.
 a. Above the rack,
select Back to switch to
the back view of the
rack.
 b. Drag the network
cable from the onboard
 network adapter on
CorpServer (the 1U
 server) to a free port
on the 4-port NIC in
CorpServer.
 c. Above the rack,
select Front to switch
to the front view of the
rack.
 2. Connect network
cables from the 4-port
NIC on CorpServer to
the switch ports 19, 20,
 and 21.
 a. Under Shelf, expand
Cables.
 b. Select Cat6a Cable,
RJ45.
 c. From the Selected
Component pane, drag
an unconnected RJ45
cable to port 19,
 20, or 21.
 d. Repeat steps 2b-2c
for two more cables.
Use a port not
previously used.
 e. Above the rack,
select Back.
  f. From Partial
Connections:
ask SummaryRequired Actions and QuestionsConnect the 4 port NIC to the
switchShow DetailsCreate the NIC teamShow DetailsQ1What is the
connection speed of Ethernet 3, 4, 5, or 6?Your answer: 1 GbpsCorrect
answer: 1 GbpsConfigure the External network to use NetTeamShow
DetailsQ2What is the connection speed of NetTeam?Your answer: 4
GbpsCorrect answer: 4 GbpsExplanation Complete this lab as follows:1. Move
the network cable from the onboard adapter in the CorpServer to the 4-port
NIC in CorpServer. a. Above the rack, select Back to switch to the back view
of the rack.b. Drag the network cable from the onboard network adapter on
CorpServer (the 1Userver) to a free port on the 4-port NIC in CorpServer.c.
Above the rack, select Front to switch to the front view of the rack.2. Connect
network cables from the 4-port NIC on CorpServer to the switch ports 19, 20,
and 21. a. Under Shelf, expand Cables.b. Select Cat6a Cable, RJ45.c. From
the Selected Component pane, drag an unconnected RJ45 cable to port 19,
20, or 21.d. Repeat steps 2b-2c for two more cables. Use a port not
previously used.e. Above the rack, select Back.f. From Partial Connections:

Drag a cable to an open port on the 4-port NIC in CorpServer.

Repeat the previous step until there are no more cables in Partial

Connections.

3. Configure the adapter ports as members of a NIC team.

a. On the CorpServer monitor, select Click to view Windows Server 2022.

b. From Server Manager, select Local Server from the menu on the left.

c. Next to NIC Teaming, select Disabled to enable and configure NIC Teaming.

d. From the Teams panel, use the Tasks drop-down list to select New Team.

e. In the Team name field, type NetTeam.

f. Select adapters Ethernet 3 through Ethernet 6 to be included in the team.

g. From the top right, select Questions.

h. Answer Question 1.
i. Minimize the Lab Questions window.

j. From the NIC Teaming window, expand Additional Properties.

k. Configure the additional properties as follows:

Teaming mode: LACP

Load balancing mode: Address Hash

Standby adapter: None (all adapters Active)

l. Select OK to close the NIC Teaming dialog.

m. Close the NIC Teaming window.

4. Configure the Hyper-V Virtual Switch Manager to use the new NIC team for
the External

network.

a. From Server Manager's menu bar, select Tools > Hyper-V Manager.

b. Right-click CORPSERVER and then select Virtual Switch Manager.

c. Under Virtual Switches, select the External switch for configuration

options.

d. Under Connection type, use the External network drop-down to select the

Microsoft Network Adapter Multiplexor Driver.

e. Select OK

Verify the status of the team and your network connection using the
Network and Sharing

Center.

a. From the system tray, right-click on the network icon and then select Open

Network and Sharing Center.

b. Verify that the vEthernet (External) NIC has an internet connection. Also,
notice

that the network icon in the system tray shows that the server is connected.

c. To check the connection speed in the Network and Sharing Center, select

NetTeam connection on the right.

d. At the top right, select Questions.

e. Answer Question 2.

7.4.9 Lesson Review

Score: 87%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct

What is the purpose of a Business Impact Analysis (BIA) in continuity

planning?

answer

To assess the impact of new hires on the business

To identify the most profitable business areas

Correct Answer:

To identify risk disruption for primary business functions

To evaluate the effectiveness of sales strategies

Explanation

A BIA is conducted to understand which business functions are critical

(mission essential and primary) and to assess the risks and impacts that
would arise if the organization is unable to fulfill these functions due to a
disruption.

Identifying profitable business areas is a strategic business decision, not the

focus of a BIA, which is concerned with continuity planning.

Assessing the impact of new hires is related to human resources

management, not the objective of a BIA.

Evaluating sales strategies is a marketing function and not the purpose of

conducting a BIA in continuity planning.

References
 o 7.4.1 Disaster Recovery Concepts

resources\text\t_availability_n09\q_availability_bia_role_n09.question.xml

 Question 2.

Correct

What does disaster recovery focus on?

answer

Developing new products

Increasing the number of employees

Correct Answer:

Switching services to failover systems or sites

Expanding the business to new markets

Explanation

Disaster recovery is specifically concerned with actions such as switching to

alternate systems or sites in the event of a disaster and restoring data and
systems from backups to ensure continuity.

Expanding the business to new markets is not related to disaster recovery,

which is focused on recovery and continuity in the face of disasters.

Increasing the number of employees is a business growth strategy, not

related to disaster recovery.

Developing new products is unrelated to the immediate needs and focus of

disaster recovery.

References

o 7.4.1 Disaster Recovery Concepts

resources\text\t_availability_n09\
q_availability_disaster_recovery_focus_n09.question.xml

 Question 3.

Correct

What is the significance of conducting validation tests in disaster recovery?

answer
Correct Answer:

To ensure services can be restored

To evaluate the company's financial health

To increase the company's market share

To assess the effectiveness of marketing strategies

Explanation

Validation tests are crucial in disaster recovery to simulate failover

processes, ensuring that services can indeed be restored as planned using
backups and revealing any unexpected issues in the failover process.

Increasing market share is unrelated to the purpose of validation tests in

disaster recovery.

Evaluating financial health is important but not the focus of validation tests,
which are technical in nature.

Assessing marketing strategies is not related to the technical objectives of

validation tests in disaster recovery planning.

References

o 7.4.1 Disaster Recovery Concepts

resources\text\t_availability_n09\
q_availability_validation_tests_n09.question.xml

 Question 4.

Correct

What does an availability of "five-nines" (99.999%) signify in disaster

recovery?

answer

The system requires maintenance 99.999% of the time.

The system can recover from any disaster in 99.999% of cases.

The system is unavailable for 99.999% of the time.

Correct Answer:

The system is available for 99.999% of the time.

Explanation

An availability of "five-nines" means the system is designed to be operational

and accessible 99.999% of the time, indicating extremely high reliability and
minimal downtime.

Five-nines indicates high availability, not unavailability.

The system requires maintenance 99.999% of the time is incorrect because

this level of availability refers to operational time, not maintenance
requirements.

The system can recover from any disaster in 99.999% of cases is incorrect
because it refers to system availability, not the probability of recovery from
disasters.

References

o 7.4.2 Disaster Recovery Metrics

resources\text\t_redundancy_n09\q_redundancy_five_nines_n09.question.xml

 Question 5.

Correct

What does Recovery Time Objective (RTO) measure in disaster recovery

planning?

answer

Correct Answer:

The time following a disaster within which a system must be restored

The maximum amount of data loss that is acceptable

The amount of time needed to perform system maintenance

The time it takes to detect a system failure

Explanation

RTO is the maximum amount of time allowed for restoring a system after a
disaster has occurred, ensuring that operations can resume within this
timeframe.

The maximum amount of data loss that is acceptable describes the Recovery
Point Objective (RPO), not RTO.
RTO is about recovery time, not detection time.

RTO deals with disaster recovery, not regular maintenance.

References

o 7.4.2 Disaster Recovery Metrics

resources\text\t_redundancy_n09\
q_redundancy_rto_measurement_n09.question.xml

 Question 6.

Correct

What is the main difference between a hot site and a warm site?

answer

A hot site requires the latest data set to be loaded.

A warm site is ready to deploy immediately.

Correct Answer:

A warm site requires the latest data set to be loaded.

A hot site is an empty building.

Explanation

The main difference is that a hot site is already equipped and updated with a
live data set for immediate deployment, whereas a warm site is similar but
requires the latest data set to be loaded before it can be fully operational.

A site that requires the latest data set to be loaded describes a warm site,
not a hot site.

A site that is ready to deploy immediately describes a hot site, not a warm
site.

An empty building describes a cold site, not a hot site.

References

o 7.4.3 Disaster Recovery Sites

resources\text\t_recovery_n09\
q_recovery_hot_vs_warm_site_n09.question.xml

 Question 7.
Correct

What is the primary challenge of entering into reciprocal arrangements for

disaster recovery?

answer

It is simple to plan and set up.

It does not provide mutual support.

Correct Answer:

It is complex to plan and set up.

It is too expensive.

Explanation

Entering into reciprocal arrangements to provide mutual support in the event

of a disaster is cost-effective but complex to plan and set up, requiring
coordination between different businesses.

Reciprocal arrangements are considered cost-effective, not too expensive.

The challenge is that it is complex, not simple, to plan and set up.

Reciprocal arrangements are specifically designed to provide mutual support.

References

o 7.4.3 Disaster Recovery Sites

resources\text\t_recovery_n09\
q_recovery_reciprocal_arrangements_n09.question.xml

 Question 8.

Correct

Which of the following is NOT a component of a fully redundant server

configuration?

answer

Multiple cooling fans

Redundant storage

Correct Answer:
Single network card

Multiple power supplies

Explanation

In a fully redundant server configuration, having a single network card would

represent a single point of failure. Redundancy requires multiple components
for each critical function, including networking, to ensure continuous
operation.

Multiple power supplies are a part of a fully redundant configuration to

prevent power failure from causing downtime.

Redundant storage, such as RAID arrays, is crucial for data availability and
protection against drive failures.

Multiple cooling fans are included to ensure that the failure of a single fan
does not lead to overheating and potential system failure.

References

o 7.4.4 Fault Tolerance and Redundancy

resources\text\t_multipathing_n09\
q_multipathing_fully_redundant_not_n09.question.xml

 Question 9.

Incorrect

What does MTTF stand for, and how is it different from MTBF?

answer

Correct Answer:

Mean Time to Failure; MTTF is used for non-repairable components, while

MTBF is for repairable ones.

Maximum Time to Fix; MTTF is used for repairable components, while MTBF is
for non-repairable ones.

Mean Time to Fix; MTTF and MTBF are interchangeable terms.

Incorrect answer:

Maximum Time to Failure; MTTF is used for predicting the longest operational
time, while MTBF is an average.
Explanation

MTTF (Mean Time to Failure) is used to express the expected lifetime or

reliability of non-repairable components, providing an average time until
failure. MTBF (Mean Time Between Failures) is used for repairable
components, indicating the average time between failures. The key
difference is in the applicability to repairable versus non-repairable
components.

Maximum Time to Fix is not what MTTF stands for, and the explanation
incorrectly swaps the uses of MTTF and MTBF.

Mean Time to Fix is not the correct meaning of MTTF, and MTTF and MTBF are
not interchangeable; they apply to different types of components.

Maximum Time to Failure is not the correct interpretation of MTTF, which

represents an average, not a maximum. MTBF is also an average time
between failures, not a specific prediction of operational time.

References

o 7.4.2 Disaster Recovery Metrics

o 7.4.4 Fault Tolerance and Redundancy

resources\text\t_multipathing_n09\
q_multipathing_mttf_vs_mtbf_n09.question.xml

 Question 10.

Correct

What distinguishes a Layer 7 switch from a Layer 4 switch in load balancing?

answer

Correct Answer:

Layer 7 switch makes forwarding decisions based on application-level data.

Layer 7 switch operates at the network layer.

Layer 7 switch is used exclusively for encrypting data traffic.

Layer 7 switch increases the storage capacity of servers.

Explanation
A Layer 7 switch, also known as a content switch, operates at the application
layer and can make forwarding decisions based on the content of the traffic,
such as URL requests or data types, allowing for more sophisticated load
balancing.

Layer 7 switch operates at the network layer is incorrect as Layer 7 operates

at the application layer.

Encryption is not the primary function of a Layer 7 switch.

Layer 7 switch increases the storage capacity of servers is unrelated to the

function of a Layer 7 switch in load balancing.

References

o 7.4.5 Load Balancers

o 7.4.8 Lab: Configure NIC Teaming

resources\text\t_balance_n09\
q_balance_layer_4_vs_layer_7_switch_n09.question.xml

 Question 11.

Correct

Where is a load balancer typically placed in a network topology?

answer

Within the client network

Correct Answer:

Between the Internet and the application servers

Between the client network and the Internet

Directly on the application servers

Explanation

The correct answer is between the Internet and the application servers. A
load balancer is placed in front of the server network (application servers)
and acts as a "traffic cop," distributing client requests that come from the
Internet or client network to the application servers.

Between the client network and the Internet would not effectively distribute
traffic to multiple servers.
Load balancers are separate entities that distribute traffic to application
servers, not installed directly on them.

Within the client network would not effectively manage traffic to the servers
providing the services.

References

o 7.4.5 Load Balancers

o 7.4.8 Lab: Configure NIC Teaming

resources\text\t_balance_n09\
q_balance_load_balancer_placement_n09.question.xml

 Question 12.

Correct

In an active-active cluster configuration, what happens in the event of a

failover?

answer

The system automatically purchases and adds a new node to the cluster.

The workload of the failed node is not shifted, and the system goes offline.

The remaining nodes are shut down to prevent data corruption.

Correct Answer:

The workload of the failed node is shifted onto the remaining node(s).

Explanation

In an active-active cluster configuration, both nodes are processing

connections concurrently. If one node fails, the workload of the failed node is
immediately and transparently shifted onto the remaining node(s), although
this may lead to degraded performance due to the increased load on the
remaining node(s).

The system does not go offline; the workload is shifted to ensure continued
operation.

The remaining nodes are not shut down; they take over the workload of the
failed node.
The system does not automatically purchase and add a new node; the
existing nodes handle the failover process.

References

o 7.4.6 High Availability Clusters

resources\text\t_clusters_n09\q_clusters_active-
active_failover_n09.question.xml

 Question 13.

Incorrect

What is a virtual IP in the context of high availability clusters?

answer

Correct Answer:

A shared or floating address used to access the service provided by the

cluster.

An IP address used exclusively for load balancing.

The private IP address used for the management of cluster nodes.

Incorrect answer:

A unique IP address assigned to each node in the cluster.

Explanation

A virtual IP (VIP) is a shared or floating address that is used by clients to

access the service provided by the cluster. It is shared between instances in
the cluster, making the cluster appear as a single server to clients.

A virtual IP is not unique to each node; it is shared among the nodes in the
cluster.

The private IP address is used for internal identification and communication

between nodes, not as a virtual IP.

While a virtual IP can be involved in load balancing within a cluster, it is not

used exclusively for this purpose.

References

o 7.4.6 High Availability Clusters

resources\text\t_clusters_n09\q_clusters_virtual_ip_role_n09.question.xml

 Question 14.

Correct

Which FHRP is designed to work in an active/standby configuration?

answer

EIGRP

GLBP

OSPF

Correct Answer:

HSRP

Explanation

HSRP (Hot Standby Router Protocol) is designed to work in an active/standby

configuration, where one router is active and the others are standby routers
ready to take over if the active router fails.

GLBP is designed for load balancing, allowing for an active/active

configuration.

EIGRP is a distance-vector routing protocol, not a First Hop Redundancy

Protocol.

OSPF is a routing protocol, not a FHRP.

References

o 7.4.7 First Hop Redundancy

resources\text\t_first_hop_n09\q_first_hop_hsrp_active-
standby_n09.question.xml

 Question 15.

Correct

In HSRP, what term is used to describe the group of routers configured to

work together as a single default gateway?

answer

Correct Answer:
Standby group

Virtual group

Active group

Backup group

Explanation

In HSRP, the term "standby group" refers to the collection of routers

configured to collaborate, presenting a single virtual default gateway to the
subnet.

"Active group" is not a term used in HSRP.

"Virtual group" is not the correct term; the correct term is "standby group."

"Backup group" is misleading; while it implies redundancy, the specific term

used in HSRP is "standby group."

References

o 7.4.7 First Hop Redundancy

resources\text\t_first_hop_n09\q_first_hop_standby_group_n09.question.xml

7.5 Module Quiz

Score: 100%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct

Which port is typically used for message relay between SMTP servers?
answer

Correct Answer:

Port 25

Port 587

Port 465

Port 443

Explanation

Port 25 is used for message relay between SMTP servers, or message

transfer agents (MTAs), and can use STARTTLS for security if supported.

Port 465 is used for SMTPS (implicit TLS).

Port 587 is used by mail clients to submit messages for delivery by an SMTP
server.

Port 443 is commonly used for HTTPS, not SMTP.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.1 Simple Mail Transfer Protocol

o 7.3.2 Internet Message Access Protocol

resources\text\t_smtp_n09\q_smtp_port_25_servers_n09.question.xml

 Question 2.

Correct

What does the Recovery Point Objective (RPO) indicate?

answer

The maximum amount of time a system can be offline

The time it takes to detect a system failure

Correct Answer:

The maximum amount of data loss that is acceptable following a disaster

The time needed to perform system maintenance

Explanation

RPO specifies the maximum timeframe of data loss that is acceptable during
a disaster, indicating how recent the backups need to be to avoid significant
data loss.

The maximum amount of time a system can be offline describes the

Recovery Time Objective (RTO), not RPO.

RPO is about data loss, not the time to detect a failure.

RPO is related to disaster recovery, not maintenance schedules.

References

o 7.4.1 Disaster Recovery Concepts

o 7.4.2 Disaster Recovery Metrics

resources\text\t_redundancy_n09\q_redundancy_rpo_role_n09.question.xml

 Question 3.

Correct

Your company has recently expanded its network infrastructure to include a

new subnet for its growing R&D department. To ensure high availability and
redundancy for the network's first hop, you've been tasked with
implementing a First Hop Redundancy Protocol. The company's network
equipment is a mix of Cisco and non-Cisco devices.

You need a solution that will work seamlessly across all devices and provide a
single virtual IP address as the default gateway for the subnet.

Which First Hop Redundancy Protocol would be MOST suitable for this
scenario?

answer

GLBP

OSPF

HSRP

Correct Answer:

VRRP
Explanation

The correct answer is VRRP. VRRP (Virtual Router Redundancy Protocol) is an

open standard protocol, making it suitable for environments with mixed
vendor equipment. It allows multiple routers to work together to present a
single virtual IP address as the default gateway, ensuring redundancy and
high availability.

HSRP is a Cisco proprietary protocol, which may not be fully compatible with
non-Cisco devices.

GLBP is also a Cisco proprietary protocol and, while it provides load balancing
in addition to redundancy, may not be supported on non-Cisco devices.

OSPF is a routing protocol, not a First Hop Redundancy Protocol, and does not
provide the functionality required for this scenario.

References

o 7.4.7 First Hop Redundancy

resources\text\t_first_hop_n09\q_first_hop_vrrp_scenario_n09.question.xml

 Question 4.

Correct

Which of the following is NOT a characteristic of NoSQL databases?

answer

Correct Answer:

They require structured relational tables.

They can use a variety of formats for data storage.

They use key-value pairs for data storage.

They are typically accessed using an API over HTTPS.

Explanation

NoSQL databases do not require structured relational tables. Instead, they

can store data in formats like key-value pairs, wide columns, or documents,
offering more flexibility than traditional SQL databases.

Using key-value pairs is a characteristic of NoSQL databases.

NoSQL databases indeed can use a variety of data storage formats.

Accessing NoSQL databases through an API over HTTPS is common practice.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.7 Database Services

resources\text\t_db_services_n09\q_db_services_not_nosql_n09.question.xml

 Question 5.

Correct

What role does IT Service Continuity Planning (ITSCP) play in a Business

Continuity Plan (BCP)?

answer

It ensures that personal development goals for IT staff are met.

It focuses on expanding the IT department.

It aims to reduce the IT budget.

Correct Answer:

It ensures that essential functions are supported by resilient IT systems.

Explanation

ITSCP or IT contingency planning is a crucial part of a BCP, focusing on

making sure that the organization's essential functions have the support of
resilient and reliable IT systems to mitigate single points of failure.

Meeting personal development goals for IT staff, while important, is not the
primary focus of ITSCP within a BCP.

Expanding the IT department is a strategic decision not directly related to

the continuity planning aspect of ITSCP.

Reducing the IT budget is a financial goal and not the focus of ITSCP, which is
about ensuring continuity and resilience of IT support for essential functions.

References

o 7.4.1 Disaster Recovery Concepts

resources\text\t_availability_n09\q_availability_itscp_role_n09.question.xml

 Question 6.
Correct

What is the purpose of HTTP headers?

answer

To encrypt data

Correct Answer:

To specify the format of the request or response

To decrease the loading time of a web page

To increase the size of the payload

Explanation

HTTP headers are used to provide essential information about the request or
response, or about the object sent in the message body. They define how the
message should be formatted and processed.

Encrypting data is not the purpose of HTTP headers; encryption is handled by

HTTPS.

HTTP headers do not increase the size of the payload; they are part of the
protocol overhead.

Decreasing the loading time of a web page is not the direct purpose of HTTP
headers; performance optimizations are achieved through other means.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.1 Hyper Text Transfer Protocol

resources\text\t_http_n09\q_http_header_purpose_n09.question.xml

 Question 7.

Correct

Which of the following is NOT a public NTP server pool?

answer

time.nist.gov

Correct Answer:
time.microsoft.com

time.google.com

pool.ntp.org

Explanation

time.microsoft.com is not listed as a public NTP server pool option. The

correct Microsoft NTP server is time.windows.com.

time.google.com, time.nist.gov, and pool.ntp.org are valid public NTP server

pools.

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

o 7.1.4 Lab: Configure NTP on Linux

resources\text\t_ntp_n09\q_ntp_ntp_server_pool_n09.question.xml

 Question 8.

Correct

An IT security specialist is configuring an NTP server for their organization.

The specialist is aware of the risks associated with unauthorized time sources
and wants to ensure the NTP synchronization data is protected.

Which protocol should the IT security specialist implement to secure the NTP
server against these risks?

answer

TLS

Correct Answer:

NTS

SSH

HTTPS

Explanation
The correct answer is NTS. Network Time Security (NTS) is specifically
designed to secure NTP by protecting the synchronization data and
preventing unauthorized access to time sources.

HTTPS is used for secure communication over a computer network but is not
specifically designed to protect NTP.

SSH is a protocol for secure network services but does not specifically protect
NTP synchronization data.

TLS provides secure communications over networks but NTS is the specific
protocol recommended for securing NTP.

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

o 7.1.4 Lab: Configure NTP on Linux

resources\text\t_ntp_n09\q_ntp_nts_scenario_n09.question.xml

 Question 9.

Correct

You are currently an IT administrator for a medium-sized company. The

company has been experiencing rapid growth, leading to an increase in the
number of employees and the volume of data being generated.

You've been tasked with finding a storage solution that can accommodate
the growing data needs, ensure data availability, and allow for easy file
sharing among employees. After some research, you decide that a Network
Attached Storage (NAS) system might be the best solution.

You plan to implement a NAS system that uses RAID technology to ensure
data redundancy and availability. However, you are aware that the
company's network is already experiencing high traffic loads during peak
hours.

Given this scenario, which of the following considerations should be your top
priority when implementing the NAS system?

answer
Choosing a NAS that supports RAID to spread information between disks

Upgrading the company's internet service to increase internet speed

Ensuring the NAS uses the latest version of Bluetooth for connectivity

Correct Answer:

Evaluating and possibly upgrading the network infrastructure to handle

increased traffic

Explanation

Given the scenario where the company's network is already experiencing

high traffic, adding a NAS system could further increase network traffic,
potentially leading to delays in data access. Evaluating and possibly
upgrading the network infrastructure to handle the increased traffic is crucial
to ensure that the NAS system does not negatively impact network
performance and that data remains readily accessible.

NAS systems are accessed over a network, typically via an IP address or

domain name, not through Bluetooth connectivity. This option does not
address the primary concern of network traffic and bandwidth.

While choosing a NAS that supports RAID is important for data redundancy
and availability, it does not address the immediate concern of network traffic
and potential delays caused by adding a NAS to an already overwhelmed
network.

Upgrading the company's internet service may increase internet speed, but it
does not directly address the internal network traffic issues that could be
exacerbated by adding a NAS system. The primary concern is the internal
network's ability to handle increased traffic, not the speed of the internet
connection.

References

o 7.2.5 Server Message Block

o 7.2.6 Network Attached Storage

resources\text\t_nas_n09\q_nas_increased_traffic_scenario_n09.question.xml

 Question 10.

Correct
Which TCP port does an FTP client use to connect to an FTP server for
command and status information?

answer

20

69

22

Correct Answer:

21

Explanation

TCP port 21 is used for the command and control channel in FTP, allowing for
the transfer of commands and status information between the client and
server.

TCP port 20 is used for the data channel in active mode FTP, not for
commands and status information.

TCP port 22 is used by SSH (Secure Shell) for secure logins, file transfers, and
port forwarding, not FTP.

UDP port 69 is used by TFTP (Trivial File Transfer Protocol), not FTP.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.3 File Transfer Protocol

o 7.2.4 Secure File Transfer Protocol

resources\text\t_ftp_n09\q_ftp_port_21_n09.question.xml

 Question 11.

Correct

A company is planning to enhance its IT infrastructure to improve the

availability and reliability of its services. They are considering an active-
active cluster configuration for their database servers to ensure that their
online services can handle high traffic volumes and remain available even if
one server fails.

What is a critical consideration they should keep in mind for this setup?
answer

An active-active configuration will significantly reduce their hardware and

operating system costs.

Active-active configurations do not support the use of a virtual IP, requiring

clients to connect to each server directly.

Correct Answer:

They need to ensure that their system can handle the increased workload on
the remaining server(s) in the event of a failover.

In the event of a server failure, the system will automatically purchase and
integrate a new server into the cluster.

Explanation

The correct answer is that they need to ensure that their system can handle
the increased workload on the remaining server(s) in the event of a failover.
In an active-active cluster configuration, all servers are processing
connections concurrently. If one server fails, the workload of the failed server
is immediately shifted onto the remaining server(s). This can lead to
increased workload on these servers, potentially degrading performance. It's
critical to ensure that the system can handle this increased workload to
maintain service availability and performance during failover.

An active-active configuration may not necessarily reduce hardware and

operating system costs; in fact, it might increase them due to the need for
additional resources to support concurrent processing.

High availability clusters do not automatically purchase and integrate new

servers. While some cloud services might offer auto-scaling features, this is
not a standard feature of active-active clustering itself.

Active-active configurations can and often do use a virtual IP to provide a

single point of access for clients. The use of a virtual IP is not limited to
active-passive configurations.

References

o 7.4.6 High Availability Clusters

resources\text\t_clusters_n09\q_clusters_active-
active_scenario_n09.question.xml

 Question 12.
Correct

What is the primary function of the Simple Mail Transfer Protocol (SMTP)?

answer

To provide persistent storage of messages

To encrypt email messages

Correct Answer:

To deliver email from one system to another

To manage email contacts

Explanation

SMTP specifies how email is delivered from one system to another, ensuring
that messages reach the intended recipient's mail server.

SMTP does not encrypt email messages; it is used for the delivery of emails.
Encryption can be achieved using TLS with SMTP.

SMTP provides no mechanism for persistent storage of messages; it is purely

for email transmission.

Managing email contacts is not a function of SMTP; it is typically handled by

the email client or service.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.1 Simple Mail Transfer Protocol

o 7.3.2 Internet Message Access Protocol

resources\text\t_smtp_n09\q_smtp_primary_function_n09.question.xml

 Question 13.

Correct

What is the main advantage of Precision Time Protocol (PTP) over Network
Time Protocol (NTP)?

answer

Correct Answer:
PTP provides nanosecond precision.

PTP supports more network services.

PTP uses less network bandwidth.

PTP is easier to implement.

Explanation

The correct answer is that PTP provides nanosecond precision. PTP is capable
of providing nanosecond precision, making it suitable for timing-critical
applications, unlike NTP which can only provide millisecond precision. This
higher level of precision is crucial for networks supporting industrial
processes, 5G cellular data, medical devices, market trading and financial
services, or broadcasting.

The main advantage is not about supporting more network services, but
about providing higher precision.

Ease of implementation is not discussed as an advantage of PTP over NTP;

the focus is on precision.

The document does not mention network bandwidth usage as a

distinguishing factor between PTP and NTP.

References

o 7.1.1 Transport Layer Security

o 7.1.3 Precision Time Protocol

resources\text\t_ntp_issues_n09\
q_ntp_issues_ptp_advantage_n09.question.xml

 Question 14.

Correct

What does IMAP allow multiple clients to do simultaneously?

answer

Use TCP port 25

Encrypt emails

Correct Answer:

Connect to the same mailbox

Deliver email to hosts

Explanation

IMAP supports connecting multiple clients to the same mailbox

simultaneously. This feature allows users to access their email from different
devices or locations at the same time.

IMAP does not directly deal with encrypting emails; it is a protocol for
accessing and managing mailboxes.

Delivering email to hosts is a function of SMTP, not IMAP.

TCP port 25 is used by SMTP for sending emails, not by IMAP.

References

o 7.3.2 Internet Message Access Protocol

resources\text\t_mailbox_n09\q_mailbox_multiple_clients_n09.question.xml

 Question 15.

Correct

How do VoIP phones distinguish data traffic from voice traffic?

answer

By using digital certificates for voice traffic only

By prioritizing voice traffic over data traffic using PoE

Correct Answer:

By configuring separate VLAN IDs for data and voice traffic

By using separate physical links for each type of traffic

Explanation

The correct answer is by configuring separate VLAN IDs for data and voice
traffic. VoIP phones use VLAN tagging to configure separate VLAN IDs for
data and voice traffic, allowing the two types of traffic to be distinguished
and managed separately on the same physical network link.

By using separate physical links for each type of traffic is incorrect because
VoIP phones typically share the same physical link for both data and voice
traffic, using VLAN IDs to segregate them.
By using digital certificates for voice traffic only is incorrect because digital
certificates are used for securing communications, not for distinguishing
between data and voice traffic.

By prioritizing voice traffic over data traffic using PoE is incorrect because
PoE provides power, not traffic prioritization or segregation.

References

o 5.6.5 Voice VLANs

resources\text\t_voip_phones_n09\
q_voip_phones_data_vs_voice_traffic_n09.question.xml

 Question 16.

Correct

What is the primary function of the HyperText Transfer Protocol (HTTP)?

answer

To manage internet connections

To provide email services

To encrypt data sent over the Internet

Correct Answer:

To enable clients to request resources from an HTTP server

Explanation

HTTP is fundamentally designed to facilitate communication between clients

(like web browsers) and servers, allowing the clients to request and receive
resources such as web pages. This is the core functionality of HTTP.

Encryption is not the primary function of HTTP; HTTPS, an extension of HTTP,

handles secure communications.

Email services use protocols like SMTP, IMAP, and POP3, not HTTP.

Managing internet connections is more related to network protocols like

TCP/IP, not HTTP.

References

o 6.1.6 Common TCP and UDP Ports

 o 7.2.1 Hyper Text Transfer Protocol

resources\text\t_http_n09\q_http_primary_purpose_n09.question.xml

 Question 17.

Correct

What can happen if a server or host is configured with the incorrect time?

answer

It will automatically correct itself without NTP

Correct Answer:

It may not be able to access network services

It can lead to increased network speed

It will increase the security of network communications

Explanation

Incorrect time settings can lead to failures in authentication and other

security mechanisms, preventing access to network services.

Incorrect time settings do not affect network speed.

Without NTP or manual correction, a device will not automatically correct its
time.

Incorrect time settings can actually decrease the security of network

communications by causing authentication errors.

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

o 7.1.4 Lab: Configure NTP on Linux

resources\text\t_ntp_n09\q_ntp_network_services_n09.question.xml

 Question 18.

Correct

A systems administrator is configuring a server for email services.

Which protocol or protocol command is also referred to as implicit TLS?

answer

STARTTLS

Correct Answer:

SMTPS

IMAP

SMTP

Explanation

SMTPS establishes the secure connection before any SMTP commands (HELO,
for instance) are exchanged. This is also referred to as implicit TLS and only
represents encryption at the level of the transport layer.

Internet Message Access Protocol (IMAP) is a mail retrieval protocol that has
mailbox management features.

SMTP is an application protocol used to send mail between hosts on the

Internet. Messages are sent between servers over TCP port 25.

STARTTLS is a command that upgrades an existing unsecure connection to

TLS. This is also referred to as explicit TLS or opportunistic TLS and only
represents encryption at the level of the transport layer.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.1 Simple Mail Transfer Protocol

resources\text\t_smtp_n09\q_smtp_smtps_implicit_tls_n09.question.xml

 Question 19.

Correct

What role does a grandmaster clock play in a PTP domain?

answer

It acts as the primary backup time source.

It serves as the primary network router.

It synchronizes directly with satellite clocks.

Correct Answer:

It is the authoritative time source.

Explanation

In a PTP domain, the grandmaster clock is the authoritative time source to

which other clocks in the domain synchronize, ensuring high precision across
the network.

The grandmaster clock is not a backup; it is the primary time source.

There is no mention of direct synchronization with satellite clocks for the

grandmaster clock.

The grandmaster clock's role is related to time synchronization, not routing

network traffic.

References

o 7.1.1 Transport Layer Security

o 7.1.3 Precision Time Protocol

resources\text\t_ntp_issues_n09\
q_ntp_issues_grandmaster_clock_n09.question.xml

 Question 20.

Correct

What are N+1 and N+M configurations in the context of high availability
clusters?

answer

Configurations that allow for unlimited scalability and processing power

Correct Answer:

Configurations that provision fewer passive nodes than active nodes

Configurations that distribute traffic evenly across all nodes

Configurations that eliminate the need for a virtual IP

Explanation
N+1 and N+M configurations are strategies used in high availability clusters
to provision fewer passive nodes than active nodes. This approach aims to
reduce costs while still providing redundancy and failover capabilities.

Configurations that eliminate the need for a virtual IP do not eliminate the
need for a virtual IP; a virtual IP is still used for accessing the service.

Configurations that allow for unlimited scalability and processing power do

not specifically allow for unlimited scalability and processing power; they are
cost-reduction strategies.

Distributing traffic evenly is not the primary focus of N+1 and N+M
configurations; they are concerned with the provisioning of passive nodes.

References

o 7.4.6 High Availability Clusters

resources\text\t_clusters_n09\
q_clusters_n1_nm_configuration_n09.question.xml

07_CIS190 - Lesson 7 Assignment v10

Exit Exam

Quiz End

You have reached the end of the quiz.

English

LegalCopyright © CompTIA, Inc. All rights reserved.

07_CIS190 - Lesson 7 Assignment v10

 print

 close modal

Candidate: Catalina Adams (mar2492014)

Date: 1/26/2025, 12:59:38 AM • Time Spent: 37:26

Score: 100%

Passing Score: 60%

Individual ResponsesObjective Analysis

 Question 1.
Correct

What is one of the primary purposes of the Internet Message Access Protocol
(IMAP)?

answer

To deliver email to hosts that are permanently available

Correct Answer:

To manage a mailbox on a server

To encrypt email messages

To connect to web servers

Explanation

IMAP allows a client to manage the mailbox on the server, including

organizing messages in folders and controlling when they are deleted. This is
the primary purpose of IMAP, making it a powerful tool for email
management.

IMAP does not encrypt email messages; it is used for mailbox management.
Encryption can be added with TLS or other security protocols.

SMTP, not IMAP, is used to deliver email to hosts. IMAP is focused on mailbox
management.

IMAP is used for accessing and managing email mailboxes, not for
connecting to web servers.

References

o 7.3.2 Internet Message Access Protocol

resources\text\t_mailbox_n09\
q_mailbox_imap_primary_purpose_n09.question.xml

 Question 2.

Correct

To answer this question, complete the lab using the information below.

You have already answered this question. You are not allowed to view the lab
again.
You completed the lab correctly.

View Lab Report

You are a network technician for a small corporate network. Executives have
decided to add an IP phone for guests in the Lobby and another for the
company owner in the Executive Office.

In this lab, your task is to complete the following:

o In the Lobby, complete the following:

 Connect the LAN port on the IP phone to the Ethernet port

on the wall outlet.

 Plug in the IP phone using the power adapter.

o In the Executive Office, complete the following:

 Connect the Exec workstation and its monitor to a surge

protector.

 Connect the LAN port on the IP phone to the Ethernet port

on the wall outlet.

 Connect the PC port on the IP phone to the workstation's

NIC.

 Plug in the IP phone using the power adapter.

 Confirm that the workstation is connected to the network

and the internet using the Settings app.

In the Details window, use the Specifications tab to identify the phone's
connection areas. Additional VoIP configuration steps are required outside of
the tasks listed above, but they will not be included in this lab.

Launch Lab

References

o 1.1.7 Lab: Create Network Topologies

o 1.3.8 Lab: Explore a Single Location in a Lab

o 1.3.9 Lab: Create a Home Wireless Network

o 1.3.10 Lab: Create a SOHO Network

o 1.4.10 Lab: Troubleshooting Methodology

o 2.1.8 Lab: Reconnect to an Ethernet Network

o 2.2.7 Lab: Connect to an Ethernet Network

o 2.2.8 Lab: Connect a Cable Modem

o 2.3.6 Lab: Explore Multiple Locations in a Lab

o 2.3.7 Lab: Connect Network Devices

o 2.3.8 Lab: Connect Patch Panel Cables 1

o 2.3.9 Lab: Connect Patch Panel Cables 2

o 2.4.8 Lab: Connect Fiber Optic Cables

o 2.6.10 Lab: Explore Physical Connectivity 1

o 2.6.11 Lab: Explore Physical Connectivity 2

o 2.6.12 Lab: Troubleshoot Physical Connectivity 1

o 2.6.13 Lab: Troubleshoot Physical Connectivity 2

o 2.6.14 Lab: Troubleshoot Physical Connectivity 3

o 2.6.15 Lab: Troubleshoot Physical Connectivity 4

o 3.1.8 Lab: Select and Install a Network Adapter

o 3.1.9 Lab: Connect a Media Converter

o 3.2.7 Lab: Install a Switch in the Rack

o 3.2.8 Lab: Secure a Switch

o 3.2.9 Lab: Cisco IOS Basics

o 3.3.6 Lab: Configure Port Aggregation

o 3.3.7 Lab: Enable Jumbo Frame Support

o 3.3.8 Lab: Configure PoE

o 3.4.8 Lab: Troubleshoot Disabled Ports

o 3.4.9 Lab: Switching Loop

o 4.1.6 Lab: Explore Packets and Frames

o 4.1.7 Lab: Explore ARP in Wireshark

o 4.2.9 Lab: Configure IP Addresses

o 4.2.10 Lab: Configure IP Addresses on Mobile Devices

o 4.2.11 Lab: Configure IP Addresses on Linux

o 4.3.7 Lab: Configure IP Networks and Subnets

o 4.4.5 Lab: IPv4 Troubleshooting Tools

o 4.4.6 Lab: IPv4 Troubleshooting tools for Linux

o 4.4.7 Lab: Use IPv4 Test Tools

o 4.5.9 Lab: Configure an IPv6 Address

o 4.6.4 Lab: Use ping and tracert on Windows

o 4.6.5 Lab: Use ping and traceroute on Linux

o 4.6.6 Lab: Assisted Troubleshooting 1

o 4.6.7 Lab: Assisted Troubleshooting 2

o 4.6.8 Lab: Assisted Troubleshooting 3

o 5.1.9 Lab: Install an Enterprise Router

o 5.1.10 Lab: Cisco Troubleshooting Tools

o 5.3.4 Lab: Configure NAT

o 5.5.4 Lab: Create a Three-Tier Network

o 5.6.8 Lab: Configure Switch IP and VLAN - GUI

o 5.6.9 Lab: Create VLANs - GUI

o 5.6.10 Lab: Configure Trunking

o 5.6.11 Lab: Configure Switch IP Settings - CLI

o 5.6.12 Lab: Configure Management VLAN Settings - CLI

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

o 6.1.8 Lab: View Open Ports with netstat

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.7 Lab: Create DHCP Exclusions

o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.4 Lab: Explore APIPA Addressing

o 6.3.5 Lab: Explore APIPA Addressing in Network Modeler

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.7 Lab: Explore DHCP Troubleshooting

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

o 6.4.10 Lab: Troubleshoot IP Configuration 3

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

o 7.1.4 Lab: Configure NTP on Linux

o 7.2.8 Lab: Scan for Web Services with Nmap

o 7.3.6 Lab: Connect VoIP 1

o 7.3.7 Lab: Connect VoIP 2

o 7.4.8 Lab: Configure NIC Teaming

o 8.1.11 Lab: Update Firmware

o 8.2.8 Lab: Scan Using Zenmap

o 8.4.6 Lab: Configure Logging in pfSense

o 8.4.7 Lab: Evaluate Event Logs in pfSense

o 8.4.8 Lab: Auditing Device Logs on a Cisco Switch

o 8.4.9 Lab: Configure Logging on Linux

o 8.4.10 Lab: View Event Logs

o 8.5.5 Lab: Troubleshoot with Wireshark

o 8.5.6 Lab: Configure Port Mirroring

o 8.6.7 Lab: Configure QoS

o 9.1.7 Lab: Create a Honeypot

o 9.2.5 Lab: Analyze a DoS Attack

o 9.2.6 Lab: Analyze a DDoS Attack

o 9.3.7 Lab: Poison ARP and Analyze with Wireshark

o 9.3.8 Lab: Spoof MAC Addresses with SMAC

o 9.3.9 Lab: Perform a DHCP Spoofing On-Path Attack

o 9.4.6 Lab: Discover a Rogue DHCP Server

o 9.4.7 Lab: Configure DHCP Snooping

o 9.4.8 Lab: Poison DNS

o 9.4.9 Lab: Analyze DNS Spoofing

o 9.5.3 Lab: Respond to Social Engineering Exploits

o 9.5.4 Lab: Crack a Password with John the Ripper

o 10.2.5 Lab: Manage Account Policies

o 10.3.3 View Linux Services

o 10.3.5 Lab: Scan for Unsecure Protocols

o 10.3.6 Lab: Enable and Disable Linux Services

o 10.3.7 Lab: Disable Network Service

o 10.4.2 Lab: Secure Access to a Switch

o 10.4.3 Lab: Secure Access to a Switch 2

o 10.4.4 Lab: Disable Switch Ports - GUI

o 10.4.7 Lab: Harden a Switch

o 10.5.6 Lab: Configure Network Security Appliance Access

o 10.5.7 Lab: Configure a Security Appliance

o 10.5.8 Lab: Configure a Perimeter Firewall

o 10.5.9 Lab: Restrict Telnet and SSH Access

o 10.5.10 Lab: Permit Traffic

o 10.5.11 Lab: Block Source Hosts

o 11.1.5 Lab: Configure a Screened Subnet (DMZ)

o 11.1.6 Lab: Configure Screened Subnets

o 11.1.9 Lab: Implement Intrusion Prevention

o 11.2.5 Lab: Scan for IoT Devices

o 11.3.4 Lab: Implement Physical Security

o 12.1.9 Lab: Configure Wireless Profiles

o 12.2.8 Lab: Design an Indoor Wireless Network

o 12.2.9 Lab: Design an Outdoor Wireless Network

o 12.2.10 Lab: Implement an Enterprise Wireless Network

o 12.3.7 Lab: Configure a Captive Portal

o 12.3.8 Lab: Create a Guest Network for BYOD

o 12.3.9 Lab: Secure an Enterprise Wireless Network

o 12.3.10 Lab: Secure a Home Wireless Network

o 12.3.11 Lab: Enable Wireless Intrusion Prevention

o 12.4.7 Lab: Explore Wireless Network Problems

o 12.4.8 Lab: Troubleshoot Wireless Network Problems

o 12.4.9 Lab: Optimize a Wireless Network

o 13.2.8 Lab: Configure a Remote Access VPN

o 13.2.9 Lab: Configure an iPad VPN Connection

o 13.2.10 Lab: Configure a RADIUS Solution

o 13.3.8 Lab: Allow Remote Desktop Connections

o 13.3.9 Lab: Use PowerShell Remote

 o 14.1.5 Lab: Configure an iSCSI Target

o 14.1.6 Lab: Configure an iSCSI Initiator

o A.1 Network Sandbox Lab

l_voip1_n09.js

 Question 3.

Correct

Why is SMB1 now disabled by default on current Windows versions?

answer

It does not support printing services.

It is too slow.

Correct Answer:

It has very serious security vulnerabilities.

It does not support encryption.

Explanation

SMB1 is disabled by default due to its serious security vulnerabilities, which

pose significant risks to network security.

The primary reason for disabling SMB1 is not its speed but its security
vulnerabilities.

While SMB1 does not support encryption, the main reason for its deprecation
is its security vulnerabilities.

SMB1 does support printing services, but it is disabled due to security

concerns, not functionality limitations.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.5 Server Message Block

resources\text\t_file_services_n09\
q_file_services_smb1_disabled_n09.question.xml

 Question 4.
Correct

You are the network administrator for a small consulting firm. You've set up
an NTP server to manage the time across all the machines in the network.

You have a computer that's experiencing a slight time drift of just a few
seconds.

Which time correction should you use to fix the system's clock?

answer

Jitter

Correct Answer:

Slew

Slam

Skew

Explanation

If time is off by just a few seconds, slewing is better for putting it back on
track. Slewing is a slower, methodical method of correcting the time, but the
risk of problems occurring is much less.

Slamming is used if the time is off by quite a bit and slewing will take too
long. While this is a quick and immediate fix, slamming can cause some
programs to function improperly.

Jitter refers to small, rapid variations in a system's clock.

Skew measures the difference (in hertz) between a clock's actual frequency
and the frequency necessary to keep a more accurate time.

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

o 7.1.4 Lab: Configure NTP on Linux

resources\text\t_ntp_n09\q_ntp_slew_n09.question.xml

 Question 5.
Correct

Why is FTPES usually preferred over FTPS?

answer

FTPES supports larger file transfers.

FTPES uses stronger encryption than FTPS.

FTPES is faster than FTPS.

Correct Answer:

FTPES is easier to configure with firewalls.

Explanation

FTPES is usually preferred over FTPS because it is easier to configure when

there are firewalls between the client and server. FTPES upgrades an
unsecure connection to a secure one, making it more firewall-friendly.

The preference for FTPES over FTPS is not based on speed; both can
potentially offer similar transfer speeds.

FTPES does not necessarily use stronger encryption than FTPS; both use TLS
for encryption. The preference is due to ease of configuration.

The ability to support larger file transfers is not the reason FTPES is
preferred; both FTPES and FTPS can handle large file transfers similarly.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.3 File Transfer Protocol

o 7.2.4 Secure File Transfer Protocol

resources\text\t_sftp_n09\q_sftp_ftpes_vs_ftps_n09.question.xml

 Question 6.

Correct

Where is a load balancer typically placed in a network topology?

answer

Within the client network

Correct Answer:

Between the Internet and the application servers

Between the client network and the Internet

Directly on the application servers

Explanation

The correct answer is between the Internet and the application servers. A
load balancer is placed in front of the server network (application servers)
and acts as a "traffic cop," distributing client requests that come from the
Internet or client network to the application servers.

Between the client network and the Internet would not effectively distribute
traffic to multiple servers.

Load balancers are separate entities that distribute traffic to application

servers, not installed directly on them.

Within the client network would not effectively manage traffic to the servers
providing the services.

References

o 7.4.5 Load Balancers

o 7.4.8 Lab: Configure NIC Teaming

resources\text\t_balance_n09\
q_balance_load_balancer_placement_n09.question.xml

 Question 7.

Correct

What can happen if a server or host is configured with the incorrect time?

answer

It will automatically correct itself without NTP

Correct Answer:

It may not be able to access network services

It can lead to increased network speed

It will increase the security of network communications

Explanation

Incorrect time settings can lead to failures in authentication and other

security mechanisms, preventing access to network services.

Incorrect time settings do not affect network speed.

Without NTP or manual correction, a device will not automatically correct its
time.

Incorrect time settings can actually decrease the security of network

communications by causing authentication errors.

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

o 7.1.4 Lab: Configure NTP on Linux

resources\text\t_ntp_n09\q_ntp_network_services_n09.question.xml

 Question 8.

Correct

You are setting up a secure website for your online store. You want to ensure
that all data transmitted between your website and your customers is
encrypted.

Which of the following steps is essential for you to achieve this?

answer

Increase your website's bandwidth.

Correct Answer:

Obtain and install a digital certificate.

Implement a CAPTCHA system on your website.

Install a web analytics tool.

Explanation

To secure data transmission between your website and your customers, you
need to implement HTTPS, which is the secure version of HTTP enabled by
TLS. Obtaining and installing a digital certificate from a trusted CA is
essential for this process. The digital certificate will authenticate your
website's identity to your customers and enable encrypted communication.

While useful for tracking website traffic and user behavior, web analytics
tools do not encrypt data transmission.

Increasing bandwidth can improve website performance but does not secure
data transmission.

CAPTCHA systems help differentiate human users from bots but do not
encrypt or secure data transmission.

References

o 6.5.10 DNS Security

resources\text\t_tls_n09\q_tls_digital_certificate_scenario_n09.question.xml

 Question 9.

Correct

What is the main advantage of Precision Time Protocol (PTP) over Network
Time Protocol (NTP)?

answer

Correct Answer:

PTP provides nanosecond precision.

PTP supports more network services.

PTP uses less network bandwidth.

PTP is easier to implement.

Explanation

The correct answer is that PTP provides nanosecond precision. PTP is capable
of providing nanosecond precision, making it suitable for timing-critical
applications, unlike NTP which can only provide millisecond precision. This
higher level of precision is crucial for networks supporting industrial
processes, 5G cellular data, medical devices, market trading and financial
services, or broadcasting.

The main advantage is not about supporting more network services, but
about providing higher precision.
Ease of implementation is not discussed as an advantage of PTP over NTP;
the focus is on precision.

The document does not mention network bandwidth usage as a

distinguishing factor between PTP and NTP.

References

o 7.1.1 Transport Layer Security

o 7.1.3 Precision Time Protocol

resources\text\t_ntp_issues_n09\
q_ntp_issues_ptp_advantage_n09.question.xml

 Question 10.

Correct

What does disaster recovery focus on?

answer

Developing new products

Increasing the number of employees

Correct Answer:

Switching services to failover systems or sites

Expanding the business to new markets

Explanation

Disaster recovery is specifically concerned with actions such as switching to

alternate systems or sites in the event of a disaster and restoring data and
systems from backups to ensure continuity.

Expanding the business to new markets is not related to disaster recovery,

which is focused on recovery and continuity in the face of disasters.

Increasing the number of employees is a business growth strategy, not

related to disaster recovery.

Developing new products is unrelated to the immediate needs and focus of

disaster recovery.

References
 o 7.4.1 Disaster Recovery Concepts

resources\text\t_availability_n09\
q_availability_disaster_recovery_focus_n09.question.xml

 Question 11.

Correct

What is a virtual IP in the context of high availability clusters?

answer

Correct Answer:

A shared or floating address used to access the service provided by the

cluster.

An IP address used exclusively for load balancing.

The private IP address used for the management of cluster nodes.

A unique IP address assigned to each node in the cluster.

Explanation

A virtual IP (VIP) is a shared or floating address that is used by clients to

access the service provided by the cluster. It is shared between instances in
the cluster, making the cluster appear as a single server to clients.

A virtual IP is not unique to each node; it is shared among the nodes in the
cluster.

The private IP address is used for internal identification and communication

between nodes, not as a virtual IP.

While a virtual IP can be involved in load balancing within a cluster, it is not

used exclusively for this purpose.

References

o 7.4.6 High Availability Clusters

resources\text\t_clusters_n09\q_clusters_virtual_ip_role_n09.question.xml

 Question 12.

Correct

How do VoIP phones use VLAN tagging?

answer

To disable all data traffic except for VoIP communication

To prioritize video traffic over voice traffic

Correct Answer:

To ensure that SIP control and RTP media protocols are segregated from
normal data traffic

To ensure that voice and data traffic are combined on the same network

Explanation

The correct answer is to ensure that SIP control and RTP media protocols are
segregated from normal data traffic. VLAN tagging allows VoIP phones to
segregate SIP control and RTP media protocols from normal data traffic,
ensuring efficient and secure communication without interference from other
types of network traffic.

To ensure that voice and data traffic are combined on the same network is
incorrect because the purpose of VLAN tagging is to segregate, not combine,
different types of traffic.

To disable all data traffic except for VoIP communication is incorrect as VLAN
tagging segregates traffic types; it does not disable non-VoIP data traffic.

To prioritize video traffic over voice traffic is incorrect because VLAN

tagging's primary purpose in VoIP phones is to segregate SIP and RTP
protocols from normal data traffic, not to prioritize video over voice.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.4 VoIP Protocols

o 7.3.5 VoIP Phones

resources\text\t_voip_phones_n09\
q_voip_phones_vlan_tagging_n09.question.xml

 Question 13.

Correct

In a Windows environment, which protocol is typically used to access

Microsoft Exchange mailboxes?
answer

Correct Answer:

MAPI

SMTP

IMAP

HTTPS

Explanation

In a Windows environment, the proprietary Messaging Application

Programming Interface (MAPI) protocol is typically used to access Microsoft
Exchange mailboxes. MAPI allows for integration with Microsoft products and
provides functionalities specific to Exchange.

IMAP is a general email access protocol and not specific to Microsoft

Exchange.

SMTP is used for sending emails, not for accessing mailboxes.

HTTPS is a secure transport protocol used on the web, not specifically for
accessing Microsoft Exchange mailboxes.

References

o 7.3.2 Internet Message Access Protocol

resources\text\t_mailbox_n09\q_mailbox_mapi_exchange_n09.question.xml

 Question 14.

Correct

Which TCP port does HTTPS encrypted traffic default to?

answer

80

8080

21

Correct Answer:

443
Explanation

HTTPS encrypted traffic is sent over TCP port 443 by default. This is different
from HTTP, which uses the unencrypted port 80.

Port 80 is used for unencrypted HTTP traffic, not HTTPS.

Port 8080 is often used for an HTTP proxy or secondary web server, not
standard HTTPS traffic.

Port 21 is used for FTP (File Transfer Protocol), not HTTPS.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.2 HTTP Secure

o 7.2.8 Lab: Scan for Web Services with Nmap

o 7.3.2 Internet Message Access Protocol

resources\text\t_ssl_n09\q_ssl_https_port_n09.question.xml

 Question 15.

Correct

In the context of FTP over Explicit TLS (FTPES), which command is used to
encrypt the data connection for actual file transfers after upgrading an
unsecure connection to a secure one?

answer

AUTH TLS

SSH

Correct Answer:

PROT

PASV

Explanation

The PROT command is used in FTP over Explicit TLS (FTPES) to encrypt the
data connection for actual file transfers after an unsecure connection has
been upgraded to a secure one using the AUTH TLS command. This ensures
that not only the authentication credentials are protected but also the data
being transferred.

AUTH TLS is incorrect because it is the command used to upgrade an

unsecure connection to a secure one, not for encrypting the data connection
for file transfers.

PASV is incorrect as it is a command used to request passive mode, which is

related to how the connection is established between the client and server
for data transfer, but it does not encrypt the data.

SSH is incorrect because it is a protocol used by SFTP for secure file

transfers, not a command within the FTP or FTPES protocols.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.3 File Transfer Protocol

o 7.2.4 Secure File Transfer Protocol

resources\text\t_sftp_n09\q_sftp_prot_command_n09.question.xml

 Question 16.

Correct

What is a key advantage of using VoIP technology over traditional PSTN

lines?

answer

Higher call costs

Correct Answer:

Ability to transmit voice over IP networks

Requirement for separate voice and data channels

Limited call routing options

Explanation

VoIP technology allows for the transmission of voice communications over IP

networks, which can lead to cost savings, greater flexibility, and integration
with other IP-based services.
One of the advantages of VoIP is actually lower call costs compared to
traditional PSTN lines.

VoIP provides more, not limited, call routing options due to its use of IP
networks.

VoIP does not require separate voice and data channels; it can integrate
voice and data communications over the same IP network.

References

o 7.3.3 Voice and Video Services

resources\text\t_voice_video_n09\q_voice_video_pstn_line_n09.question.xml

 Question 17.

Correct

To answer this question, complete the lab using the information below.

You have already answered this question. You are not allowed to view the lab
again.

You completed the lab correctly.

View Lab Report

You are a network technician for a small corporate network. You would like to
use NTP to synchronize time on your network. You are currently logged in as
the root user.

On the CorpData server, your task is to:

o Use the dnf package manager to install the NTP service.

o Use the systemctl utility to verify that the NTP service is

running.

o Answer Question 1.

o Find the IP address of the NTP server.

o Answer Question 2.

On the Exec computer, your task is to:

o Add the NTP server as a time source using the following

command:
 w32tm /config /manualpeerlist:[servers_ip_address],0x8
/syncfromflags:MANUAL /update

o Verify that the Exec computer is using the NTP server for time
synchronization using the following command:
w32tm /query /status

Launch Lab

References

o 7.1.1 Transport Layer Security

o 7.1.2 Network Time Protocol

o 7.1.3 Precision Time Protocol

l_ntp_n09.js

 Question 18.

Correct

To answer this question, complete the lab using the information below.

You have already answered this question. You are not allowed to view the lab
again.

You completed the lab correctly.

View Lab Report

You are the IT administrator for a small corporate network. You use
CorpServer for your production server and need to have the most throughput
possible. As a result, you need to configure NIC teaming.

In this lab, your task is to configure a NIC team on CorpServer as follows:

o Move the cable attached to the onboard NIC to the 4-port NIC on
CorpServer. Leave the other end in port 22 of the switch.

o Connect network cables from remaining ports on the 4-port NIC

on CorpServer to switch ports 19, 20, and 21.

o Configure the adapter ports as members of a NIC team using the

following parameters:

 Use NetTeam as the team name.

  Configure Ethernet 3 through Ethernet 6 as members of
the team.

 Verify the speeds of the individual connections.

 Answer Question 1.

 Teaming mode: LACP

 Load balancing mode: Address Hash

 Standby adapter: None (all adapters Active)

o Configure the Hyper-V Virtual Switch Manager to use the new NIC
team for the External network using the Microsoft Network
Adapter Multiplexor Driver.

o Verify the status and speed of your network connection in the

Network and Sharing Center.

 Answer Question 2.

Launch Lab

References

o 7.4.5 Load Balancers

l_nic_teaming_n09.js

 Question 19.

Correct

What does Recovery Time Objective (RTO) measure in disaster recovery

planning?

answer

Correct Answer:

The time following a disaster within which a system must be restored

The maximum amount of data loss that is acceptable

The amount of time needed to perform system maintenance

The time it takes to detect a system failure

Explanation
RTO is the maximum amount of time allowed for restoring a system after a
disaster has occurred, ensuring that operations can resume within this
timeframe.

The maximum amount of data loss that is acceptable describes the Recovery
Point Objective (RPO), not RTO.

RTO is about recovery time, not detection time.

RTO deals with disaster recovery, not regular maintenance.

References

o 7.4.2 Disaster Recovery Metrics

resources\text\t_redundancy_n09\
q_redundancy_rto_measurement_n09.question.xml

 Question 20.

Correct

What is established between a server and a client after successful

authentication with TLS?

answer

A direct physical connection

A public network

Correct Answer:

An encrypted tunnel

A data compression protocol

Explanation

After successful authentication with TLS, an encrypted tunnel is established

between the server and the client. This tunnel ensures that all data
transmitted between the two parties is encrypted, providing confidentiality
and integrity. The encryption prevents unauthorized parties from
eavesdropping or tampering with the data.

TLS operates over existing network connections and does not establish new
physical connections. It secures data transmitted over these connections
through encryption.
While TLS can secure data transmitted over public networks, it does not
establish the network itself. Its role is to provide security for data in transit,
regardless of the network type.

TLS is focused on securing communications through encryption, not on

compressing data. While some protocols may include options for
compression, the primary function of TLS is to authenticate the server and
client and to encrypt their communications.

References

o 6.5.10 DNS Security

resources\text\t_tls_n09\q_tls_encrypted_tunnel_n09.question.xml

 Question 21.

Correct

What is the significance of conducting validation tests in disaster recovery?

answer

Correct Answer:

To ensure services can be restored

To evaluate the company's financial health

To increase the company's market share

To assess the effectiveness of marketing strategies

Explanation

Validation tests are crucial in disaster recovery to simulate failover

processes, ensuring that services can indeed be restored as planned using
backups and revealing any unexpected issues in the failover process.

Increasing market share is unrelated to the purpose of validation tests in

disaster recovery.

Evaluating financial health is important but not the focus of validation tests,
which are technical in nature.

Assessing marketing strategies is not related to the technical objectives of

validation tests in disaster recovery planning.

References
 o 7.4.1 Disaster Recovery Concepts

resources\text\t_availability_n09\
q_availability_validation_tests_n09.question.xml

 Question 22.

Correct

What does SMTP use to discover the IP address of the recipient's SMTP
server?

answer

The recipient's email password

Correct Answer:

The domain name part of the recipient's email address

The sender's IP address

The recipient's physical address

Explanation

The SMTP server uses the domain name part of the recipient's email address
to discover the IP address of the recipient SMTP server through DNS.

The recipient's email password is not used in the process of discovering the
recipient's SMTP server IP address.

The sender's IP address is irrelevant to discovering the recipient's SMTP

server IP address.

The recipient's physical address has no role in the electronic process of SMTP.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.1 Simple Mail Transfer Protocol

o 7.3.2 Internet Message Access Protocol

resources\text\t_smtp_n09\q_smtp_domain_name_discover_n09.question.xml

 Question 23.

Correct
In an active-active cluster configuration, what happens in the event of a
failover?

answer

The system automatically purchases and adds a new node to the cluster.

The workload of the failed node is not shifted, and the system goes offline.

The remaining nodes are shut down to prevent data corruption.

Correct Answer:

The workload of the failed node is shifted onto the remaining node(s).

Explanation

In an active-active cluster configuration, both nodes are processing

connections concurrently. If one node fails, the workload of the failed node is
immediately and transparently shifted onto the remaining node(s), although
this may lead to degraded performance due to the increased load on the
remaining node(s).

The system does not go offline; the workload is shifted to ensure continued
operation.

The remaining nodes are not shut down; they take over the workload of the
failed node.

The system does not automatically purchase and add a new node; the
existing nodes handle the failover process.

References

o 7.4.6 High Availability Clusters

resources\text\t_clusters_n09\q_clusters_active-
active_failover_n09.question.xml

 Question 24.

Correct

To answer this question, complete the lab using the information below.

You have already answered this question. You are not allowed to view the lab
again.

You completed the lab correctly.

View Lab Report

You are the security analyst for your company. Your manager is concerned
about the vulnerability of the company's database server, which contains the
finance and accounting systems. He wants you to perform a port scan on the
server (192.168.0.22) to identify all the open ports.

In this lab, your task is to:

o Use nmap to perform a port scan on the database server to

determine if any ports are open.

o Answer the question.

Launch Lab

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.2 HTTP Secure

o 7.3.2 Internet Message Access Protocol

o 8.2.2 Nmap

o 8.2.3 Nmap Port Scanning

l_nmap_scan_v2_n09.js

 Question 25.

Correct

What does a client use to identify the resource it wants to request from an
HTTP server?

answer

MAC address

Correct Answer:

Uniform Resource Locator (URL)

Port number

IP address

Explanation
A URL is used by a client to specify the resource it wishes to request from an
HTTP server. It provides a way to locate a resource on the Internet.

An IP address identifies a device on the Internet, but it does not specify a

particular resource on an HTTP server.

A MAC address is used to identify network interfaces for communications

within a network segment and is not used in HTTP requests.

A port number is used to identify specific applications or services running on

a server but does not specify a particular resource.

References

o 6.1.6 Common TCP and UDP Ports

o 7.2.1 Hyper Text Transfer Protocol

resources\text\t_http_n09\q_http_url_n09.question.xml