Welcome to CET2025+ Flashcards
Review our featured flashcards one at a time!
Programming - PHP
Question: Which function outputs text in PHP?
Options:
- echo
- print_r
- var_dump
- write
Answer: echo
Explanation: No explanation available.
Programming - PHP
Question: The _______ starts a PHP script.
Answer: <?php
Explanation: No explanation available.
Programming - PHP
Question: Which operator concatenates strings?
Options:
- .
- +
- &
- =
Answer: .
Explanation: No explanation available.
Programming - PHP
Question: Match PHP functions with outputs:
Options:
- echo
- print_r
- var_dump
Answers:
- echo - Simple
- print_r - Array
- var_dump - Detailed
Explanation: No explanation available.
Programming - PHP
Question: Explain how echo works.
Answer: echo outputs strings or variables to the screen in PHP.
Explanation: No explanation available.
Programming - PHP
Question: Which keyword declares a variable?
Options:
- $
- var
- let
- declare
Answer: $
Explanation: No explanation available.
Programming - PHP
Question: A _______ defines a function.
Answer: function
Explanation: No explanation available.
Programming - PHP
Question: Which function checks variable type?
Options:
- gettype
- typeof
- type
- vartype
Answer: gettype
Explanation: No explanation available.
Programming - PHP
Question: Match variable functions with uses:
Options:
- gettype
- isset
- empty
Answers:
- gettype - Type
- isset - Exists
- empty - Value
Explanation: No explanation available.
Programming - PHP
Question: Describe how isset works.
Answer: isset checks if a variable is set and not null.
Explanation: No explanation available.
Programming - PHP
Question: Which statement controls flow?
Options:
- if
- for
- while
- All of these
Answer: All of these
Explanation: No explanation available.
Programming - PHP
Question: The _______ loops through arrays.
Answer: foreach
Explanation: No explanation available.
Programming - PHP
Question: Which keyword includes files?
Options:
- include
- require
- import
- Both A and B
Answer: Both A and B
Explanation: No explanation available.
Programming - PHP
Question: Match include types with behavior:
Options:
- include
- require
- require_once
Answers:
- include - Optional
- require - Mandatory
- require_once - Once
Explanation: No explanation available.
Programming - PHP
Question: Explain how require differs from include.
Answer: Require halts execution if a file is missing; include continues.
Explanation: No explanation available.
Programming - PHP
Question: Which function starts a session?
Options:
- session_start
- start_session
- session
- begin_session
Answer: session_start
Explanation: No explanation available.
Programming - PHP
Question: A _______ stores session data.
Answer: $_SESSION
Explanation: No explanation available.
Programming - PHP
Question: Which function redirects pages?
Options:
- header
- redirect
- location
- goto
Answer: header
Explanation: No explanation available.
Programming - PHP
Question: Match session functions with roles:
Options:
- session_start
- session_destroy
- header
Answers:
- session_start - Begins
- session_destroy - Ends
- header - Redirects
Explanation: No explanation available.
Programming - PHP
Question: Describe how sessions work in PHP.
Answer: Sessions store user data across pages using session_start and $_SESSION.
Explanation: No explanation available.
Programming - PHP
Question: Which function connects to MySQL?
Options:
- mysqli_connect
- mysql_connect
- db_connect
- connect_db
Answer: mysqli_connect
Explanation: No explanation available.
Programming - PHP
Question: The _______ queries a database.
Answer: mysqli_query
Explanation: No explanation available.
Programming - PHP
Question: Which function fetches query results?
Options:
- mysqli_fetch_assoc
- fetch_result
- get_result
- result_fetch
Answer: mysqli_fetch_assoc
Explanation: No explanation available.
Programming - PHP
Question: Match DB functions with uses:
Options:
- mysqli_connect
- mysqli_query
- mysqli_fetch_assoc
Answers:
- mysqli_connect - Connects
- mysqli_query - Queries
- mysqli_fetch_assoc - Fetches
Explanation: No explanation available.
Programming - PHP
Question: Explain how mysqli_connect works.
Answer: mysqli_connect establishes a connection to a MySQL database.
Explanation: No explanation available.
Programming - PHP
Question: Which keyword defines a class?
Options:
- class
- object
- define
- struct
Answer: class
Explanation: No explanation available.
Programming - PHP
Question: A _______ creates an object.
Answer: new
Explanation: No explanation available.
Programming - PHP
Question: Which keyword extends classes?
Options:
- extends
- implements
- inherits
- uses
Answer: extends
Explanation: No explanation available.
Programming - PHP
Question: Match OOP terms with keywords:
Options:
- class
- extends
- new
Answers:
- class - Defines
- extends - Inherits
- new - Instantiates
Explanation: No explanation available.
Programming - PHP
Question: Describe how classes work in PHP.
Answer: Classes define objects with properties and methods, supporting OOP.
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: The outcome of the analysis phase is:
Options:
- Feasibility analysis document
- System proposal document
- System specification document
- System request document
- Business process document
Answer: System proposal document
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: The outcome of the planning phase is:
Options:
- Test plan
- System proposal document
- System specification document
- System request document
- Business process document
Answer: System request document
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: The outcome of the design phase is:
Options:
- Feasibility analysis document
- System proposal document
- System specification document
- System request document
- Business process document
Answer: System specification document
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Another outcome of the planning phase is:
Options:
- Feasibility analysis document
- Project plan
- System specification document
- System proposal document
- Business process document
Answer: Project plan
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which is NOT true for systems analysts?
Options:
- They create value for an organization
- They enable the organization to perform work better
- They do things and challenge the current way that an organization works
- They play a key role in information systems development projects
- They are the project sponsors for system proposals
Answer: They are the project sponsors for system proposals
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which is NOT an attribute of a systems analyst?
Options:
- Understanding what to change
- Knowing how to change it
- Convincing others of the need to change
- Serving as a change agent
- Selecting which projects to approve
Answer: Selecting which projects to approve
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which of the following project roles would identify how technology can improve business processes?
Options:
- Systems analyst
- Business analyst
- Infrastructure analyst
- Change management analyst
- Requirements analyst
Answer: Systems analyst
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which of the following project roles would ensure that the system conforms to information systems standards?
Options:
- Systems analyst
- Business analyst
- Infrastructure analyst
- Change management analyst
- Project manager
Answer: Systems analyst
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which of the following project roles would focus on stakeholder requirements?
Options:
- Systems analyst
- Business analyst
- Infrastructure analyst
- Change management analyst
- Requirements analyst
Answer: Requirements analyst
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which of the following project roles would serve as a primary point of contact for a project?
Options:
- Systems analyst
- Business analyst
- Infrastructure analyst
- Change management analyst
- Project sponsor
Answer: Project sponsor
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which of the following project roles would analyze the key business aspects of the system?
Options:
- Systems analyst
- Business analyst
- Infrastructure analyst
- Change management analyst
- Project manager
Answer: Business analyst
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Michaela is a systems analyst who is determining business requirements. What would most likely be the SDLC phase for her?
Options:
- Planning
- Analysis
- Design
- Implementation
- Business requirements are not developed by systems analysts, but by business analysts
Answer: Analysis
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Chang is working on 'How will this system work.' What SDLC phase is he in?
Options:
- Planning
- Analysis
- Design
- Implementation
- Transition
Answer: Design
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Joan’s project is to take a fairly straightforward manual process and make it an electronic process. This will make the processing more efficient. Which of the following requirements analysis strategies is she using?
Options:
- Business process automation
- Business process improvement
- Business process internalization
- Business process reengineering
- Business process renovation
Answer: Business process automation
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Wayne is a senior director of finance. His company only recently came under Sarbanes-Oxley regulations and is the project sponsor to become compliant. He is leaning towards:
Options:
- Business process automation
- Business process improvement
- Business process internalization
- Business process reengineering
- Business process renovation
Answer: Business process reengineering
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Moderate changes to existing processes fall under the _________ analysis.
Options:
- Business process automation (BPA)
- Business process improvement (BPI)
- Business process reengineering (BPR)
- Business process blue-skying (BPB)
- Business process efficiency (BPE)
Answer: Business process improvement
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Alice is calculating whether a system will lower costs or increase revenues. What SDLC phase is she in?
Options:
- Planning
- Analysis
- Design
- Implementation
- Evaluation
Answer: Planning
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which was NOT given as a method for determining business requirements?
Options:
- Benchmarking
- Interviewing
- Observation
- Document analysis
- Questionnaires and surveys
Answer: Benchmarking
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which would normally NOT be a reason for a project?
Options:
- When a business need has been identified
- A consultant has suggested a new customer relationship management system
- An open source platform has just come on the market
- An existing system just isn’t working properly and the workaround is tedious
- To support a new business initiative
Answer: An open source platform has just come on the market
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which phase is generally the longest and most expensive part of the development process?
Options:
- Planning
- Analysis
- Design
- Implementation
- Feasibility
Answer: Implementation
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Because the cost can be immense, _________ is one of the most critical steps in implementation.
Options:
- Documentation
- Coding
- Testing
- Developing a conversion strategy
- Training
Answer: Testing
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: PCM Incorporated will need to purchase new servers for a system. This would be a:
Options:
- Development cost
- Operating cost
- Ongoing cost
- Intangible cost
- Intangible benefit
Answer: Development cost
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Linda is a clerk in the accounting department. She was interviewed by David and is excited about the proposed system that will utilize electronic funds transfer. This would be an example of ______.
Options:
- Tangible benefit
- Cash flow
- Break-even analysis
- Intangible benefit
- Return on investment
Answer: Intangible benefit
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Ramya is preparing an economic feasibility study. She has a calculation where she takes total benefits minus total costs and divides that answer by the total costs. She is calculating:
Options:
- Cash flow
- Return on investment
- Break-even point
- Net present value
- Internal rate of return
Answer: Return on investment
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Ramona is preparing an economic feasibility study. She is calculating the payback period. She is calculating:
Options:
- Cash flow
- Return on investment
- Break-even point
- Net present value
- Internal rate of return
Answer: Break-even point
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Robert is doing an economic analysis using today’s dollar values. He is doing:
Options:
- Cash flow analysis
- Return on investment analysis
- Break-even point analysis
- Net present value analysis
- Internal rate of return analysis
Answer: Net present value analysis
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: TJ has prepared a spreadsheet where the total benefits are $182,000; the total cumulative costs are $120,000. The ROI would be:
Options:
- $62,000
- About 34%
- About 51.7%
- About 65.3%
- Less than 20%
Answer: About 51.7%
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which of the following project roles would probably make a presentation about the objectives of a proposed project and its benefits to executives who will benefit directly from the project?
Options:
- Requirements analyst
- Systems analyst
- Project manager
- Champion
- Chief Information Officer (CIO)
Answer: Champion
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Which is an activity the users probably will NOT do on a project?
Options:
- Make decisions that influence the project
- Budget funds for the project
- Perform hands-on activities for the project
- Be assigned specific tasks to perform (with clear deadlines)
- Have some official roles on the project team
Answer: Budget funds for the project
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: The type of skill that is common to systems analysts to deal fairly and honestly with other project team members is:
Options:
- Technical
- Business
- Analytical
- Interpersonal
- Ethical
Answer: Ethical
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: The type of skill that is common to systems analysts to understand how IT can be applied to business situations and to ensure that IT delivers real business value is:
Options:
- Technical
- Business
- Analytical
- Interpersonal
- Ethical
Answer: Business
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Rocky is dealing one-on-one with users and business managers (including some that have little experience with technology). He is demonstrating what system analyst skill?
Options:
- Technical
- Business
- Analytical
- Interpersonal
- Ethical
Answer: Interpersonal
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Becky is a systems analyst for Laswell Consulting. She is attending a three-day intensive workshop on developing applications in PHP. What systems analyst skill is she working on?
Options:
- Technical
- Business
- Analytical
- Interpersonal
- Ethical
Answer: Technical
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Jack is going over financial numbers for a proposed project. Which of the following system analyst skills is he exhibiting currently?
Options:
- Technical
- Business
- Analytical
- Interpersonal
- Management
Answer: Analytical
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Amy is planning on talking with a clerk and a manager in the accounts payable area, a manager in the procurement department, and two vendors. She is probably doing:
Options:
- Observation
- Interviews
- JAD
- Documentation analysis
- Organizational Feasibility
Answer: Interviews
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: Kallie is creating use cases, data flow diagrams, and entity relationship diagrams. In what phase of the SDLC would she do this?
Options:
- Planning
- Analysis
- Design
- Construction
- Implementation
Answer: Design
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: The primary goal of a system is to create value for the organization.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: Systems analysis and design projects are highly effective, with less than 3% of all projects cancelled or abandoned.
Options:
- True
- False
Answer: False
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: Systems that are cancelled or abandoned are frequently due to a lack of clarity about how the system should support an organization’s goals and improve processes.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: The key person in the SDLC is the systems analyst who analyzed the business situation, identifies opportunities for improvements and designs an information system to implement the improvements.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: Systems analysts are generally experts in business, finance, and application development.
Options:
- True
- False
Answer: False
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: When compared to a business analyst, the systems analyst will identify how the system will provide business value.
Options:
- True
- False
Answer: False
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: The business analyst role focuses on the business issues surrounding the system.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: When compared to a systems analyst, the business analyst will probably have more responsibility for determining business value.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: Because of the need to be focused on providing information about the business value of a system, a systems analyst will probably have much training or experience in programming or application development.
Options:
- True
- False
Answer: False
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: The requirements analyst role includes complete and accurate determination of what the system requirements consist of for all stakeholders.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: The SDLC generally can be broken into four phases: planning, analysis, design and implementation.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: In SDLC, analysis is generally divided into three steps: understanding the as-is system; developing a cost-benefit analysis; and understanding the technical feasibility.
Options:
- True
- False
Answer: False
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: Anne has asked users and managers to identify problems with the as-is system and to describe how to solve them in the to-be system. She is probably in the analysis phase of SDLC.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: Determining business requirements is generally done in the planning phase of the SDLC.
Options:
- True
- False
Answer: False
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: The primary output of the planning phase is the system request.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: The primary output of the analysis phase is the system proposal.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: The normal sequence of SDLC phase outputs (from beginning to end) would be: system request; system proposal; system specifications; and installed system.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: The question ‘Can we build it’ is asked in the design phase.
Options:
- True
- False
Answer: False
Explanation: No explanation available.
Systems Analysis - Chapter 1
Question: True / False: Interviewing is generally done in the analysis phase of the SDLC.
Options:
- True
- False
Answer: True
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: A critical success factor in project management is to do which of the following?
Options:
- Say 'no' to all requests as they add to ‘scope creep’
- Use throwaway prototyping
- Use a CASE tool to delineate requirements from work tasks
- Start with a realistic assessment of the work that needs to be done
- Hire an outside project management consulting group
Answer: Start with a realistic assessment of the work that needs to be done
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Which is a true statement about IT projects?
Options:
- Most IT departments face a demand for IT projects that far exceed the ability to do them.
- Project Managers must be certified as PMP (Project Management Professionals)
- Project estimates tend to have a built-in buffer of time
- Project teams of 12 to 15 are generally considered optimum
- The majority of projects taken on by IT departments are not strategic to the business
Answer: Most IT departments face a demand for IT projects that far exceed the ability to do them.
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Which is NOT suggested for IT development projects?
Options:
- Projects need to be prioritized
- Projects need to be carefully selected
- Projects need to be carefully managed
- Projects need to give a positive return on investment within four years
- Projects need to give value to the business
Answer: Projects need to give a positive return on investment within four years
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Which would generally NOT be taken into consideration for project portfolio management in an organization?
Options:
- The number of large projects
- The number of tactical projects
- The number of high risk projects
- The number of strategic projects
- The number of financially feasible projects
Answer: The number of financially feasible projects
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: The V-model pays more explicit attention to ___________:
Options:
- Iteration
- Return on investment (ROI)
- Business Value (the 'V')
- Testing
- Prototyping
Answer: Testing
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: RAD is an acronym for:
Options:
- Real Application Development
- Rapid Application Design
- Rapid Authentic Development
- Real Autonomous Development
- Rapid Application Development
Answer: Rapid Application Development
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Which of the following might result in version 1; version 2 (etc.) of a system?
Options:
- System Prototyping
- Waterfall Development
- Iterative Development
- System prototyping
- Parallel Development
Answer: Iterative Development
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: System prototyping is BEST characterized as:
Options:
- A ‘Quick and Dirty’ system
- A series of versions
- A method for exploring design alternatives
- A method for stressing customer satisfaction
- More explicit testing
Answer: A ‘Quick and Dirty’ system
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Throwaway prototyping is BEST characterized as:
Options:
- A ‘quick and dirty’ system
- A series of versions
- A method for exploring design alternatives
- A method for stressing customer satisfaction
- More explicit testing
Answer: A method for exploring design alternatives
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Parallel methodology is BEST characterized as:
Options:
- A ‘Quick and Dirty’ system
- A series of versions
- A method for exploring design alternatives
- A method for stressing customer satisfaction
- More explicit testing
Answer: A series of versions
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Extreme Programming (XP) is BEST characterized as:
Options:
- A ‘Quick and Dirty’ system
- A series of versions
- A method for exploring design alternatives
- A method for emphasizing customer satisfaction
- More explicit testing
Answer: A method for emphasizing customer satisfaction
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: What is the MAIN difference between systems prototyping and throwaway prototyping?
Options:
- Systems prototyping involves users while throwaway prototyping does not
- Throwaway prototyping involves users while systems prototyping does not
- Systems prototyping is a rapid application development methodology; while throwaway prototyping is not
- Systems prototyping works with users to quickly develop a simplified working version of the proposed system; while throwaway prototyping focuses more on exploring design alternatives
- Throwaway prototyping develops systems that will be used as ‘stop-gap’ systems – and generally for less than six months; while systems prototyping results in systems that will be used extensively for several years.
Answer: Systems prototyping works with users to quickly develop a simplified working version of the proposed system; while throwaway prototyping focuses more on exploring design alternatives
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Which of the following methodologies might be most appropriate if you have a system project with: clear requirements; very familiar technologies; not all that complex; reasonably reliable; a very long time schedule, and the schedule visibility is not important?
Options:
- Waterfall
- Parallel
- Iterative
- System prototyping
- Throwaway prototyping
Answer: Waterfall
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Which of the following methodologies might be most appropriate if you have a system project with: unclear user requirements; unfamiliar technologies; somewhat complex; needs to be reliable; time is not an issue and the schedule visibility is somewhat important?
Options:
- Waterfall
- Parallel
- Iterative
- System prototyping
- Throwaway prototyping
Answer: Throwaway prototyping
Explanation: No explanation available.
Systems Analysis - Chapter 2
Question: Which of the following methodologies might be most appropriate if you have a system project with: clear requirements; very familiar technologies; not all that complex; reasonably reliable; a short time schedule and the schedule visibility is not important?
Options:
- Waterfall
- Parallel
- Iterative
- System prototyping
- Throwaway prototyping
Answer: Parallel
Explanation: No explanation available.
Systems Security - Cybersecurity Basics
Question: What is a common type of malware?
Options:
- Virus
- Browser
- Router
- Firewall
Answer: Virus
Explanation: No explanation available.
Systems Security - Cybersecurity Basics
Question: What does phishing aim to steal?
Answer: Sensitive information
Explanation: No explanation available.
Systems Security - Network Security
Question: A _______ attack attempts to overwhelm a server with traffic.
Answer: Denial of Service
Explanation: No explanation available.
Systems Security - Network Security
Question: Which protocol secures web traffic?
Options:
- HTTP
- HTTPS
- FTP
- SMTP
Answer: HTTPS
Explanation: No explanation available.
Systems Security - Data Protection
Question: Explain why encryption is important for securing sensitive data.
Answer: Encryption converts data into an unreadable format to prevent unauthorized access, ensuring confidentiality even if intercepted.
Explanation: No explanation available.
Systems Security - Data Protection
Question: What is a common encryption standard for Wi-Fi?
Options:
- WEP
- WPA2
- MD5
- SHA-1
Answer: WPA2
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Which Cisco command enables SSH on a router?
Options:
- ssh enable
- crypto key generate rsa
- ip ssh version 2
- enable ssh
Answer: crypto key generate rsa
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: A _______ isolates network segments to enhance security.
Answer: VLAN
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Match network security tools with their functions:
Options:
- Firewall
- IDS
- VLAN
Answers:
- Firewall - Filters traffic
- IDS - Detects intrusions
- VLAN - Segments network
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Explain how VLANs improve network security.
Answer: VLANs segment traffic, reducing broadcast domains and limiting unauthorized access.
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Which protocol encrypts data over a VPN?
Options:
- IPsec
- HTTP
- FTP
- SNMP
Answer: IPsec
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: What does ACL stand for?
Answer: Access Control List
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Which command sets a VLAN IP address?
Options:
- ip address 192.168.1.1
- vlan ip 192.168.1.1
- interface vlan 10
- ip vlan 10
Answer: interface vlan 10
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: A _______ attack targets network availability.
Answer: DoS
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Match security protocols with their uses:
Options:
- SSL/TLS
- IPsec
- SSH
Answers:
- SSL/TLS - Web security
- IPsec - VPNs
- SSH - Remote access
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Describe the purpose of a DMZ.
Answer: A DMZ isolates public-facing servers from the internal network, enhancing security.
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Which layer does VLAN operate at?
Options:
- Layer 1
- Layer 2
- Layer 3
- Layer 4
Answer: Layer 2
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: The _______ command displays VLAN info.
Answer: show vlan brief
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Which security measure uses MAC addresses?
Options:
- ACL
- Port security
- VLAN
- NAT
Answer: Port security
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: A _______ network uses public infrastructure.
Answer: VPN
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Match network devices with security roles:
Options:
- Router
- Switch
- Firewall
Answers:
- Router - Routes traffic
- Switch - Segments LAN
- Firewall - Filters traffic
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Explain the role of NAT in security.
Answer: NAT hides internal IP addresses, reducing exposure to external threats.
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Which command sets a router password?
Options:
- enable password
- set password
- passwd
- login password
Answer: enable password
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: A _______ prevents unauthorized access.
Answer: firewall
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Which protocol uses port 22?
Options:
- FTP
- SSH
- Telnet
- HTTP
Answer: SSH
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: The _______ command shows interface status.
Answer: show interfaces
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Match security features with descriptions:
Options:
- ACL
- NAT
- VPN
Answers:
- ACL - Filters packets
- NAT - Translates addresses
- VPN - Encrypts traffic
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Describe how ACLs enhance security.
Answer: ACLs filter traffic based on rules, blocking unauthorized access.
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Which command configures a VLAN?
Options:
- vlan 10
- set vlan 10
- interface vlan 10
- vlan config 10
Answer: vlan 10
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: A _______ key secures SSH sessions.
Answer: RSA
Explanation: No explanation available.
Systems Security - Module 1: Securing Networks
Question: Which protocol secures web traffic?
Options:
- HTTP
- HTTPS
- FTP
- SMTP
Answer: HTTPS
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack floods a network with traffic?
Options:
- Phishing
- DDoS
- Spoofing
- MITM
Answer: DDoS
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: A _______ attack tricks users into revealing info.
Answer: Phishing
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Match attack types with descriptions:
Options:
- DDoS
- Phishing
- MITM
Answers:
- DDoS - Overloads servers
- Phishing - Steals credentials
- MITM - Intercepts communication
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Explain how a DDoS attack disrupts services.
Answer: A DDoS attack floods a target with traffic, overwhelming resources and denying access to legitimate users.
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack impersonates a legitimate source?
Options:
- Spoofing
- Brute Force
- SQL Injection
- XSS
Answer: Spoofing
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: A _______ attack tries multiple password combinations.
Answer: Brute Force
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack intercepts communication?
Options:
- Phishing
- DDoS
- MITM
- Spoofing
Answer: MITM
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Match threat types with examples:
Options:
- Malware
- Phishing
- DoS
Answers:
- Malware - Virus
- Phishing - Fake email
- DoS - Traffic flood
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Explain how spoofing compromises security.
Answer: Spoofing disguises a malicious source as legitimate, tricking users or systems into trusting it.
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack injects malicious code into a website?
Options:
- XSS
- SQL Injection
- Phishing
- DDoS
Answer: XSS
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: A _______ attack targets database vulnerabilities.
Answer: SQL Injection
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack uses social engineering?
Options:
- Phishing
- DDoS
- Spoofing
- MITM
Answer: Phishing
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Match mitigation techniques to threats:
Options:
- Firewall
- Antivirus
- User Training
Answers:
- Firewall - DoS
- Antivirus - Malware
- User Training - Phishing
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Describe how MITM attacks work.
Answer: MITM attacks intercept communication between two parties, allowing the attacker to eavesdrop or alter data.
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack exploits ARP?
Options:
- ARP Spoofing
- DDoS
- Phishing
- SQL Injection
Answer: ARP Spoofing
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: A _______ attack overwhelms a single system.
Answer: DoS
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack uses stolen credentials?
Options:
- Phishing
- Credential Stuffing
- Spoofing
- MITM
Answer: Credential Stuffing
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Match attack vectors with descriptions:
Options:
- Network
- Web
Answers:
- Email - Phishing
- Network - DDoS
- Web - XSS
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Explain the impact of ransomware.
Answer: Ransomware encrypts data, demanding payment for access, disrupting operations.
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack targets DNS?
Options:
- DNS Spoofing
- Phishing
- DDoS
- MITM
Answer: DNS Spoofing
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: A _______ attack disrupts service availability.
Answer: DDoS
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack uses malicious scripts?
Options:
- XSS
- SQL Injection
- Phishing
- DDoS
Answer: XSS
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Match attack goals with methods:
Options:
- Data Theft
- Disruption
- Deception
Answers:
- Data Theft - MITM
- Disruption - DDoS
- Deception - Phishing
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Describe how phishing campaigns are executed.
Answer: Phishing uses fake emails or sites to trick users into providing sensitive information.
Explanation: No explanation available.
Systems Security - Module 2: Network Threats
Question: Which attack exploits unpatched software?
Options:
- Exploit
- Phishing
- DDoS
- MITM
Answer: Exploit
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which command limits traffic rate?
Options:
- rate-limit
- traffic-shape
- ip limit
- bandwidth
Answer: rate-limit
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: A _______ reduces DoS attack impact.
Answer: firewall
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Match mitigation tools with functions:
Options:
- IDS
- Firewall
- Rate Limiting
Answers:
- IDS - Detects intrusions
- Firewall - Filters traffic
- Rate Limiting - Controls bandwidth
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Explain how rate-limiting mitigates threats.
Answer: Rate-limiting caps traffic volume, preventing overload from DoS attacks.
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which tool detects intrusions?
Options:
- IDS
- Firewall
- NAT
- VPN
Answer: IDS
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: The _______ command shapes traffic.
Answer: traffic-shape
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which method blocks malicious IPs?
Options:
- ACL
- NAT
- VPN
- IDS
Answer: ACL
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Match mitigation strategies with goals:
Options:
- Patching
- Filtering
- Monitoring
Answers:
- Patching - Fix vulnerabilities
- Filtering - Block threats
- Monitoring - Detect anomalies
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Describe how IDS mitigates threats.
Answer: IDS monitors network traffic, alerting admins to suspicious activity.
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which command applies an ACL?
Options:
- ip access-group
- access-list apply
- interface acl
- apply acl
Answer: ip access-group
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: A _______ prevents network overload.
Answer: rate-limit
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which tool logs network events?
Options:
- Syslog
- Firewall
- NAT
- VPN
Answer: Syslog
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Match logging tools with uses:
Options:
- Syslog
- NetFlow
- SNMP
Answers:
- Syslog - Event logs
- NetFlow - Traffic analysis
- SNMP - Device monitoring
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Explain how firewalls mitigate threats.
Answer: Firewalls filter traffic based on rules, blocking unauthorized access.
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which command enables logging?
Options:
- logging enable
- log on
- enable log
- logging start
Answer: logging enable
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: A _______ blocks suspicious traffic.
Answer: firewall
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which tool analyzes traffic patterns?
Options:
- NetFlow
- Syslog
- Firewall
- IDS
Answer: NetFlow
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Match mitigation actions with tools:
Options:
- Block
- Detect
- Analyze
Answers:
- Block - Firewall
- Detect - IDS
- Analyze - NetFlow
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Describe how patching mitigates threats.
Answer: Patching fixes software vulnerabilities, preventing exploitation.
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which command sets a traffic policy?
Options:
- policy-map
- traffic-policy
- set policy
- policy set
Answer: policy-map
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: A _______ detects anomalies.
Answer: IDS
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which tool prevents DDoS?
Options:
- Rate Limiting
- NAT
- VPN
- Syslog
Answer: Rate Limiting
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Match threat types with mitigations:
Options:
- DDoS
- Malware
- Phishing
Answers:
- DDoS - Rate Limiting
- Malware - Antivirus
- Phishing - Training
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Explain how user training mitigates threats.
Answer: Training educates users to recognize phishing, reducing social engineering risks.
Explanation: No explanation available.
Systems Security - Module 3: Mitigating Threats
Question: Which command monitors traffic?
Options:
- show traffic
- monitor traffic
- traffic monitor
- show ip traffic
Answer: show ip traffic
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Which command sets a console password?
Options:
- line con 0
- password cisco
- login
- All of these
Answer: All of these
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: A _______ secures device login.
Answer: password
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Match access methods with commands:
Options:
- Console
- VTY
- Enable
Answers:
- Console - line con 0
- VTY - line vty 0 4
- Enable - enable password
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Explain why strong passwords are critical.
Answer: Strong passwords prevent unauthorized access by resisting guessing or cracking.
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Which command enables login?
Options:
- login
- enable login
- set login
- login on
Answer: login
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: The _______ command sets a VTY password.
Answer: password
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Which protocol secures remote access?
Options:
- Telnet
- SSH
- FTP
- HTTP
Answer: SSH
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Match security levels with commands:
Options:
- User
- Privileged
- VTY
Answers:
- User - login
- Privileged - enable password
- VTY - line vty
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Describe how SSH secures access.
Answer: SSH encrypts remote connections, protecting credentials and data.
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Which command restricts VTY access?
Options:
- access-class
- restrict vty
- vty access
- limit vty
Answer: access-class
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: A _______ timeout enhances security.
Answer: exec-timeout
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Which command sets a timeout?
Options:
- exec-timeout
- timeout
- set timeout
- limit time
Answer: exec-timeout
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Match timeout settings with effects:
Options:
- 5 0
- 0 0
- 10 0
Answers:
- 5 0 - 5 minutes
- 0 0 - Never
- 10 0 - 10 minutes
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Explain how timeouts secure devices.
Answer: Timeouts log out inactive sessions, preventing unauthorized use.
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Which command disables Telnet?
Options:
- no telnet
- disable telnet
- transport input ssh
- telnet off
Answer: transport input ssh
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: A _______ key is used for SSH.
Answer: RSA
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Which command generates SSH keys?
Options:
- crypto key generate rsa
- ssh key
- generate ssh
- key ssh
Answer: crypto key generate rsa
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Match access types with security:
Options:
- Console
- SSH
- Telnet
Answers:
- Console - Physical
- SSH - Encrypted
- Telnet - Unencrypted
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Describe why Telnet is insecure.
Answer: Telnet sends data unencrypted, exposing credentials to interception.
Explanation: No explanation available.
Systems Security - Module 13
Question: What is the purpose of the command: address ipv4 10.1.1.50 auth-port 1812 acct-port 1813?
Options:
- It identifies the address of the RADIUS server and ports on the server used for RADIUS traffic.
- It identifies the address of the RADIUS server and the ports used for EAPOL messages.
- It identifies the address of the default gateway and the ports used for traffic destined for remote networks.
- It identifies the address of the switch to which the client connects and the ports used for the EAPOL messages.
Answer: "It identifies the address of the RADIUS server and ports on the server used for RADIUS traffic."
Explanation: "Topic 13.2.0 - When using 802.1X authentication, a switch must be configured with the IP address of the RADIUS server, and the port numbers used to communicate with the authentication server."
Systems Security - Module 13
Question: Which device is used as the authentication server in an 802.1X implementation?
Options:
- Ethernet switch
- Wireless router
- Access point
- RADIUS server
Answer: "RADIUS server"
Explanation: "Topic 13.2.0 - In an 802.1X implementation, the authentication server is typically a host server running software supporting the RADIUS and EAP protocols."
Systems Security - Module 13
Question: What are two main capabilities of a NAC system? (Choose two.)
Options:
- Route filtering
- DMZ protection
- Incident response
- Security posture check
- Administrative role assignment
Answer: ["Incident response", "Security posture check"]
Explanation: "Topic 13.1.0 - NAC systems can profile and recognize users and devices, manage guest network access, check security policy compliance, and respond to network incidents."
Systems Security - Module 13
Question: Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation?
Options:
- ASA
- AVC
- ESA
- WSA
Answer: "WSA"
Explanation: "Topic 13.1.0 - The Cisco Web Security Appliance (WSA) acts as a web proxy for enterprise networks and provides logs related to web traffic security, including web reputation filtering."
Systems Security - Module 13
Question: Which command is used to enable AAA as part of the 802.1X configuration process on a Cisco device?
Options:
- aaa new-model
- aaa authentication dot1x
- dot1x pae authenticator
- dot1x system-auth-control
Answer: "aaa new-model"
Explanation: "Topic 13.2.0 - The first step in configuring 802.1X is to enable AAA using the aaa new-model global configuration command."
Systems Security - Module 13
Question: The switch port to which a client attaches is configured for the 802.1X protocol. The client must authenticate before being allowed to pass data onto the network. Between which two 802.1X roles is EAP data encapsulated using RADIUS? (Choose two.)
Options:
- Encrypter
- Supplicant
- Authenticator
- Authentication server
- Data nonrepudiation server
Answer: ["Authenticator", "Authentication server"]
Explanation: "Topic 13.2.0 - When a client supplicant is starting the 802.1X message exchange, an EAPOL-Start message is sent between the supplicant and the authenticator, which is the switch. The authenticator then sends EAP data, encapsulated using RADIUS, to the authentication server."
Systems Security - Module 13
Question: Which host-based security measure is used to restrict incoming and outgoing connections?
Options:
- Rootkit
- Host-based IPS
- Host-based firewall
- Antivirus/antimalware software
Answer: "Host-based firewall"
Explanation: "Topic 13.1.0 - A host-based firewall restricts incoming and outgoing connections to a single host."
Systems Security - Module 13
Question: Which security service is provided by 802.1X?
Options:
- Port-based network access control
- Malware analysis and protection across the full attack continuum
- Malware analysis of files
- Protection against emerging threats for Cisco products
Answer: "Port-based network access control"
Explanation: "Topic 13.2.0 - 802.1X is an industry standard for providing port-based network access control, authenticating devices onto LANs and WLANs."
Systems Security - Module 13
Question: Why is it important to protect endpoints?
Options:
- Endpoints are the starting point for VLAN attacks.
- After an endpoint is breached, an attacker can gain access to other devices.
- Endpoints are susceptible to STP manipulation attacks that can disrupt the rest of the LAN.
- A breached endpoint gives a threat actor access to system configuration that can modify security policy.
Answer: "After an endpoint is breached, an attacker can gain access to other devices."
Explanation: "Topic 13.1.0 - Endpoints, once infiltrated, can provide attackers access to other devices, spreading malware within the system."
Systems Security - Module 4: Securing Device Access
Question: Which command sets a banner?
Options:
- banner motd
- motd banner
- set banner
- banner set
Answer: banner motd
Explanation: No explanation available.
Systems Security - Module 13
Question: Which endpoint security measure prevents endpoints from connecting to websites that have a bad rating?
Options:
- DLP
- Denylisting
- Spam filtering
- Host-based IPS
- Antimalware software
Answer: "Denylisting"
Explanation: "Topic 13.1.0 - Denylisting blocks endpoints from connecting to websites that have bad reputations, based on intelligence."
Systems Security - Module 13
Question: When would the authentication port-control command be used during an 802.1X implementation?
Options:
- When a client has sent an EAPOL-logoff message
- When the authentication server is located in the cloud
- When an organization needs to control the port authorization state on a switch
- When the authentication server is located at another location and cannot be reached
Answer: "When an organization needs to control the port authorization state on a switch"
Explanation: "Topic 13.2.0 - The authentication port-control command is used to control the port authorization state during the 802.1X authentication process."
Systems Security - Module 13
Question: When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?
Options:
- The switch that the client is connected to
- The authentication server
- The supplicant
- The router that is serving as the default gateway
Answer: "The switch that the client is connected to"
Explanation: "Topic 13.2.0 - The authenticator, typically a switch, controls physical network access during the 802.1X authentication process."
Systems Security - Module 13
Question: A port has been configured for the 802.1X protocol and the client has successfully authenticated. Which 802.1X state is associated with this PC?
Options:
- Authorized
- Enabled
- Forwarding
- Up
Answer: "Authorized"
Explanation: "Topic 13.2.0 - Once authenticated, the port moves to the authorized state, allowing the client access to the network."
Systems Security - Module 4: Securing Device Access
Question: A _______ warns unauthorized users.
Answer: banner
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Which command locks the console?
Options:
- lock
- console lock
- secure console
- lock con
Answer: lock
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Match security features with commands:
Options:
- Password
- Timeout
- Banner
Answers:
- Password - password
- Timeout - exec-timeout
- Banner - banner motd
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Explain how banners enhance security.
Answer: Banners warn against unauthorized access, deterring attackers.
Explanation: No explanation available.
Systems Security - Module 4: Securing Device Access
Question: Which command secures AUX access?
Options:
- line aux 0
- aux secure
- secure aux
- aux line
Answer: line aux 0
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command assigns privilege level 15?
Options:
- privilege 15
- username admin privilege 15
- level 15
- admin 15
Answer: username admin privilege 15
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: A _______ level defines user access.
Answer: privilege
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Match privilege levels with access:
Options:
- 1
- 5
- 15
Answers:
- 1 - Basic
- 5 - Limited
- 15 - Full
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Explain how privilege levels secure devices.
Answer: Privilege levels restrict command access, limiting damage from unauthorized users.
Explanation: No explanation available.
Systems Security - Module 14
Question: What is the only type of traffic that is forwarded by a PVLAN protected port to other protected ports?
Options:
- Control
- Management
- Broadcast
- User
Answer: "Control"
Explanation: "Topic 14.4.0 - PVLAN protected ports do not exchange any data traffic with other protected ports. The only traffic that is exchanged between protected ports is control traffic generated by network devices."
Systems Security - Module 14
Question: A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?
Options:
- It checks the source MAC address in the Ethernet header against the MAC address table.
- It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs.
- It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body.
- It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
Answer: "It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body."
Explanation: "Topic 14.6.0 - DAI can check for destination or source MAC and IP addresses. Source MAC checks the source MAC in the Ethernet header against the sender MAC in the ARP body."
Systems Security - Module 14
Question: What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?
Options:
- Disable DTP.
- Disable STP.
- Enable port security.
- Place unused ports in an unused VLAN.
Answer: "Enable port security."
Explanation: "Topic 14.3.0 - A MAC address table overflow attack can be mitigated by configuring port security. Other measures like disabling STP or VLAN isolation serve different purposes."
Systems Security - Module 14
Question: What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?
Options:
- DHCP starvation
- DHCP spoofing
- IP address spoofing
- CAM table attack
Answer: "DHCP starvation"
Explanation: "Topic 14.5.0 - A DHCP starvation attack floods the DHCP server with DHCPDISCOVER messages, depleting IP address resources and denying legitimate hosts access."
Systems Security - Module 14
Question: When security is a concern, which OSI Layer is considered to be the weakest link in a network system?
Options:
- Layer 4
- Layer 2
- Layer 3
- Layer 7
Answer: "Layer 2"
Explanation: "Topic 14.1.0 - Layer 2 is considered the weakest link in a network system, so network security professionals must mitigate attacks at this layer."
Systems Security - Module 14
Question: If two switches are configured with the same priority and the same extended system ID, what determines which switch becomes the root bridge?
Options:
- The MAC address with the highest hexadecimal value
- The highest BID
- The lowest IP address
- The Layer 2 address with the lowest hexadecimal value
Answer: "The Layer 2 address with the lowest hexadecimal value"
Explanation: "Topic 14.8.0 - When priorities and extended system IDs are equal, the switch with the lowest MAC address becomes the root bridge, as determined by its BID."
Systems Security - Module 14
Question: Which statement describes the behavior of a switch when the MAC address table is full?
Options:
- It treats frames as unknown unicast and floods all incoming frames to all ports on the switch.
- It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.
- It treats frames as unknown unicast and floods all incoming frames to all ports within the collision domain.
- It treats frames as unknown unicast and floods all incoming frames to all ports across multiple switches.
Answer: "It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN."
Explanation: "Topic 14.2.0 - When the MAC address table is full, the switch floods all unknown unicast traffic to all ports within the local VLAN only."
Systems Security - Module 14
Question: A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation?
Options:
- VLAN hopping
- DHCP spoofing
- VLAN double-tagging
- MAC address table overflow
Answer: "MAC address table overflow"
Explanation: "Topic 14.2.0 - Macof is a network attack tool used primarily to flood LAN switches with bogus MAC addresses, simulating a MAC address table overflow attack."
Systems Security - Module 14
Question: What determines which switch becomes the STP root bridge for a given VLAN?
Options:
- The lowest bridge ID
- The highest priority
- The highest MAC address
- The lowest IP address
Answer: "The lowest bridge ID"
Explanation: "Topic 14.8.0 - The switch with the lowest BID is elected as the root bridge. The BID is determined by a combination of priority value, extended system ID, and MAC address."
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command creates a user?
Options:
- username
- user create
- create user
- add user
Answer: username
Explanation: No explanation available.
Systems Security - Module 14
Question: What action can a network administrator take to help mitigate the threat of VLAN hopping attacks?
Options:
- Disable VTP.
- Configure all switch ports to be members of VLAN 1.
- Disable automatic trunking negotiation.
- Enable PortFast on all switch ports.
Answer: "Disable automatic trunking negotiation."
Explanation: "Topic 14.4.0 - To mitigate VLAN hopping, disable automatic trunking negotiation or turn off trunking on unused switchports."
Systems Security - Module 14
Question: Which two Cisco solutions help prevent DHCP starvation attacks? (Choose two.)
Options:
- Port Security
- IP Source Guard
- DHCP Snooping
- Web Security Appliance
- Dynamic ARP Inspection
Answer: ["DHCP Snooping", "Port Security"]
Explanation: "Topic 14.1.0 - Cisco mitigates DHCP starvation attacks using DHCP Snooping and Port Security, which validate traffic and limit MAC address spoofing."
Systems Security - Module 14
Question: What is the only type of port that an isolated port can forward traffic to on a private VLAN?
Options:
- A promiscuous port
- Another isolated port
- Any access port in the same PVLAN
- A community port
Answer: "A promiscuous port"
Explanation: "Topic 14.4.0 - Isolated PVLAN ports can only communicate with promiscuous ports, providing Layer 2 isolation within the same broadcast domain."
Systems Security - Module 14
Question: What additional security measure must be enabled along with IP Source Guard to protect against address spoofing?
Options:
- DHCP snooping
- BPDU Guard
- Root guard
- Port security
Answer: "DHCP snooping"
Explanation: "Topic 14.7.0 - Like Dynamic ARP Inspection, IP Source Guard relies on the bindings database built by DHCP Snooping to validate MAC-to-IP bindings."
Systems Security - Module 5: Assigning Administrative Roles
Question: The _______ command sets a user password.
Answer: secret
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command assigns level 5?
Options:
- privilege 5
- username user privilege 5
- level 5
- set level 5
Answer: username user privilege 5
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Match user roles with privileges:
Options:
- Monitor
- Operator
- Admin
Answers:
- Monitor - 1
- Operator - 5
- Admin - 15
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Describe how role-based access works.
Answer: Role-based access assigns privileges to users, controlling command execution.
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command shows user privileges?
Options:
- show privilege
- show users
- show priv
- show run
Answer: show privilege
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: A _______ user has full access.
Answer: 15
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command sets a custom privilege?
Options:
- privilege exec level
- set priv
- exec priv
- level set
Answer: privilege exec level
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Match commands with privilege settings:
Options:
- username
- privilege
- secret
Answers:
- username - Create user
- privilege - Set level
- secret - Encrypt password
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Explain why encrypted passwords are used.
Answer: Encrypted passwords protect credentials from being easily read.
Explanation: No explanation available.
Systems Security - Module 15
Question: Refer to the exhibit. Which type of cipher method is depicted?
Options:
- Caesar cipher
- Stream cipher
- Substitution cipher
- Transposition cipher
Answer: "Transposition cipher"
Explanation: "Topic 15.2.0 - In transposition ciphers, no letters are replaced; they are simply rearranged. An example of this cipher is the rail fence cipher, where words are placed in a zigzag pattern across parallel lines."
Systems Security - Module 15
Question: What are two objectives of ensuring data integrity? (Choose two.)
Options:
- Data is available all the time.
- Data is unaltered during transit.
- Access to the data is authenticated.
- Data is not changed by unauthorized entities.
- Data is encrypted while in transit and when stored on disks.
Answer: ["Data is unaltered during transit.", "Data is not changed by unauthorized entities."]
Explanation: "Topic 15.1.0 - Data integrity ensures that data is neither altered during transit nor changed by unauthorized entities. Availability is unrelated to data integrity."
Systems Security - Module 15
Question: A network security specialist is tasked to implement a security measure that monitors the status of critical files in the data center and sends an immediate alert if any file is modified. Which aspect of secure communications is addressed by this security measure?
Options:
- Data integrity
- Nonrepudiation
- Data confidentiality
- Origin authentication
Answer: "Data integrity"
Explanation: "Topic 15.1.0 - Data integrity guarantees that messages and data have not been altered. Monitoring file status aligns with this objective."
Systems Security - Module 15
Question: Which type of attack allows an attacker to use a brute force approach?
Options:
- Social engineering
- Packet sniffing
- Denial of service
- Password cracking
Answer: "Password cracking"
Explanation: "Topic 15.3.0 - Password cracking involves using brute force, network sniffing, or other methods to guess or deduce secure passwords."
Systems Security - Module 15
Question: Why would HMAC be used to help secure the data as it travels across various links?
Options:
- It is an asymmetric encryption algorithm used when the two communicating parties have not previously shared a secret key.
- It is a hashing algorithm used to guarantee that the message is not a forgery and actually comes from the authentic source.
- It is a hashing algorithm used to encrypt the message and guarantee that no one intercepted the message and altered it.
- It is a popular symmetric encryption algorithm used when each communicating party needs to know the pre-shared key.
Answer: "It is a hashing algorithm used to guarantee that the message is not a forgery and actually comes from the authentic source."
Explanation: "Topic 15.1.0 - HMAC provides message integrity and authentication, ensuring the source is legitimate."
Systems Security - Module 15
Question: What is the focus of cryptanalysis?
Options:
- Hiding secret codes
- Developing secret codes
- Breaking encrypted codes
- Implementing encrypted codes
Answer: "Breaking encrypted codes"
Explanation: "Topic 15.4.0 - Cryptanalysis focuses on breaking encrypted codes, while cryptography develops and implements those codes."
Systems Security - Module 15
Question: What is cryptology?
Options:
- The science of guaranteeing that a message is not a forgery and comes from the authentic source
- The science of creating transposition and substitution ciphers
- The science of cracking the code without access to the shared secret key
- The science of making and breaking secret codes
Answer: "The science of making and breaking secret codes"
Explanation: "Topic 15.4.0 - Cryptology is the science of making and breaking codes and includes both cryptography and cryptanalysis."
Systems Security - Module 15
Question: Which objective of secure communications is achieved by encrypting data?
Options:
- Authentication
- Availability
- Confidentiality
- Integrity
Answer: "Confidentiality"
Explanation: "Topic 15.1.0 - Encryption ensures confidentiality by scrambling data so only authorized recipients can view it."
Systems Security - Module 15
Question: What is the purpose of a nonrepudiation service in secure communications?
Options:
- To provide the highest encryption level possible
- To ensure that the source of the communications is confirmed
- To confirm the identity of the recipient of the communications
- To ensure that encrypted secure communications cannot be decoded
Answer: "To ensure that the source of the communications is confirmed"
Explanation: "Topic 15.1.0 - Nonrepudiation ensures that the sender of a message cannot deny having sent it, confirming the source."
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command encrypts a password?
Options:
- secret
- encrypt
- password encrypt
- secure
Answer: secret
Explanation: No explanation available.
Systems Security - Module 15
Question: What is an example of the transposition cipher?
Options:
- RC4
- Rail fence
- Caesar
- Vigenère
Answer: "Rail fence"
Explanation: "Topic 15.2.0 - The rail fence cipher is an example of transposition ciphers, where characters are rearranged rather than replaced."
Systems Security - Module 15
Question: A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
Options:
- Integrity
- Scalability
- Availability
- Confidentiality
Answer: "Confidentiality"
Explanation: "Topic 15.1.0 - Authentication ensures that data is accessed only by authorized users, meeting the confidentiality requirement."
Systems Security - Module 15
Question: As data is being stored on a local hard disk, which method would secure the data from unauthorized access?
Options:
- Data encryption
- A duplicate hard drive copy
- Deletion of sensitive files
- Two factor authentication
Answer: "Data encryption"
Explanation: "Topic 15.1.0 - Data encryption secures stored data by converting it into an unreadable form accessible only with a key."
Systems Security - Module 5: Assigning Administrative Roles
Question: A _______ level limits config access.
Answer: 5
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command restricts show commands?
Options:
- privilege exec level 5 show
- show restrict
- restrict show
- level show
Answer: privilege exec level 5 show
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Match access types with levels:
Options:
- Basic
- Config
- Full
Answers:
- Basic - 1
- Config - 5
- Full - 15
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Describe how to assign a user role.
Answer: Use 'username name privilege level secret password' to set role and access.
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command lists users?
Options:
- show users
- list users
- users show
- show run
Answer: show users
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: A _______ user can configure devices.
Answer: 15
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command sets level 1 access?
Options:
- privilege 1
- username user privilege 1
- level 1
- set 1
Answer: username user privilege 1
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Match privilege settings with effects:
Options:
- 1
- 5
- 15
Answers:
- 1 - View
- 5 - Limited config
- 15 - Full control
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Explain how to limit user access.
Answer: Set lower privilege levels to restrict command execution.
Explanation: No explanation available.
Systems Security - Module 5: Assigning Administrative Roles
Question: Which command removes a user?
Options:
- no username
- delete user
- remove user
- user delete
Answer: no username
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which protocol monitors network devices?
Options:
- SNMP
- SMTP
- FTP
- HTTP
Answer: SNMP
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: The _______ command enables SNMP.
Answer: snmp-server enable
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Match monitoring tools with purposes:
Options:
- SNMP
- Syslog
- NetFlow
Answers:
- SNMP - Device status
- Syslog - Logs events
- NetFlow - Traffic analysis
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Explain the role of SNMP in security.
Answer: SNMP monitors device health and alerts admins to potential security issues.
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which command sets an SNMP community?
Options:
- snmp-server community public
- snmp community public
- community public snmp
- snmp public
Answer: snmp-server community public
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: A _______ logs device events.
Answer: Syslog
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which command enables Syslog?
Options:
- logging on
- syslog enable
- enable syslog
- log start
Answer: logging on
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Match protocols with monitoring roles:
Options:
- SNMP
- Syslog
- NetFlow
Answers:
- SNMP - Polling
- Syslog - Event logging
- NetFlow - Flow analysis
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Describe how Syslog enhances security.
Answer: Syslog logs events, aiding in threat detection and auditing.
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which command sets a Syslog server?
Options:
- logging host
- syslog host
- host syslog
- set syslog
Answer: logging host
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: A _______ analyzes traffic flows.
Answer: NetFlow
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which command enables NetFlow?
Options:
- ip flow-export
- netflow enable
- enable netflow
- flow export
Answer: ip flow-export
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Match monitoring levels with tools:
Options:
- Device
- Event
- Traffic
Answers:
- Device - SNMP
- Event - Syslog
- Traffic - NetFlow
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Explain how NetFlow aids security.
Answer: NetFlow tracks traffic patterns, detecting anomalies like DDoS attacks.
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which command shows SNMP status?
Options:
- show snmp
- snmp status
- status snmp
- show run
Answer: show snmp
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: A _______ server collects logs.
Answer: Syslog
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which command sets SNMP traps?
Options:
- snmp-server host
- trap host
- host snmp
- set trap
Answer: snmp-server host
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Match monitoring commands with outputs:
Options:
- show snmp
- show logging
- show ip flow
Answers:
- show snmp - SNMP status
- show logging - Syslog events
- show ip flow - NetFlow data
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Describe how traps enhance monitoring.
Answer: Traps send real-time alerts for critical events, improving response time.
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which command shows log events?
Options:
- show logging
- log show
- show logs
- logging show
Answer: show logging
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: A _______ protocol polls devices.
Answer: SNMP
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which command exports NetFlow data?
Options:
- ip flow-export
- export flow
- flow-export
- netflow export
Answer: ip flow-export
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Match monitoring tools with data types:
Options:
- SNMP
- Syslog
- NetFlow
Answers:
- SNMP - Device metrics
- Syslog - Event logs
- NetFlow - Traffic flows
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Explain how monitoring improves security.
Answer: Monitoring detects anomalies and threats, enabling proactive defense.
Explanation: No explanation available.
Systems Security - Module 6: Device Monitoring and Management
Question: Which command disables SNMP?
Options:
- no snmp-server
- snmp off
- disable snmp
- snmp disable
Answer: no snmp-server
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which protocol is used for AAA?
Options:
- RADIUS
- HTTP
- FTP
- SNMP
Answer: RADIUS
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: A _______ verifies user identity.
Answer: authentication
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Match AAA components with roles:
Options:
- Authentication
- Authorization
- Accounting
Answers:
- Authentication - Verify identity
- Authorization - Grant access
- Accounting - Track usage
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Explain how AAA enhances security.
Answer: AAA verifies users, controls access, and logs activities, ensuring accountability.
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which command enables AAA?
Options:
- aaa new-model
- enable aaa
- aaa on
- set aaa
Answer: aaa new-model
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: The _______ command sets a RADIUS server.
Answer: radius-server host
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which protocol uses TCP port 1812?
Options:
- RADIUS
- TACACS+
- SNMP
- LDAP
Answer: RADIUS
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Match AAA protocols with features:
Options:
- RADIUS
- TACACS+
- LDAP
Answers:
- RADIUS - UDP-based
- TACACS+ - TCP-based
- LDAP - Directory access
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Describe how RADIUS secures access.
Answer: RADIUS authenticates users via a central server, encrypting credentials.
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which command sets a AAA method?
Options:
- aaa authentication
- set aaa
- auth method
- aaa method
Answer: aaa authentication
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: A _______ tracks user actions.
Answer: accounting
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which command enables accounting?
Options:
- aaa accounting
- accounting on
- enable accounting
- set accounting
Answer: aaa accounting
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Match AAA functions with commands:
Options:
- Auth
- Authz
- Acct
Answers:
- Auth - aaa authentication
- Authz - aaa authorization
- Acct - aaa accounting
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Explain how TACACS+ differs from RADIUS.
Answer: TACACS+ uses TCP, separates AAA functions; RADIUS uses UDP, combines them.
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which protocol encrypts all AAA?
Options:
- RADIUS
- TACACS+
- LDAP
- SNMP
Answer: TACACS+
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: A _______ server centralizes AAA.
Answer: RADIUS
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which command sets a TACACS+ server?
Options:
- tacacs-server host
- tacacs host
- host tacacs
- set tacacs
Answer: tacacs-server host
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Match server types with protocols:
Options:
- RADIUS
- TACACS+
- Local
Answers:
- RADIUS - Remote UDP
- TACACS+ - Remote TCP
- Local - Device-based
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Describe how accounting improves security.
Answer: Accounting logs user actions, enabling audit trails for security analysis.
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which command shows AAA status?
Options:
- show aaa
- aaa status
- show run
- status aaa
Answer: show run
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: A _______ method uses local auth.
Answer: local
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which command sets local fallback?
Options:
- aaa authentication login default local
- local auth
- auth local
- set local
Answer: aaa authentication login default local
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Match AAA methods with priorities:
Options:
- RADIUS
- TACACS+
- Local
Answers:
- RADIUS - Primary
- TACACS+ - Secondary
- Local - Fallback
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Explain how fallback enhances AAA.
Answer: Fallback uses local auth if remote servers fail, ensuring access continuity.
Explanation: No explanation available.
Systems Security - Module 7: Authentication, Authorization, and Accounting (AAA)
Question: Which command disables AAA?
Options:
- no aaa new-model
- aaa off
- disable aaa
- aaa disable
Answer: no aaa new-model
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command applies an ACL to an interface?
Options:
- ip access-group
- access-list apply
- interface acl
- apply acl
Answer: ip access-group
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: A _______ filters network traffic.
Answer: ACL
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Match ACL types with uses:
Options:
- Standard
- Extended
- Named
Answers:
- Standard - IP only
- Extended - Detailed rules
- Named - Named rules
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Explain how ACLs enhance security.
Answer: ACLs filter traffic based on rules, blocking unauthorized access.
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command creates a standard ACL?
Options:
- access-list 1
- standard acl
- acl 1
- set acl 1
Answer: access-list 1
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: The _______ keyword denies traffic.
Answer: deny
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command permits HTTP traffic?
Options:
- permit tcp any any eq 80
- allow http
- http permit
- permit http
Answer: permit tcp any any eq 80
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Match ACL actions with keywords:
Options:
- Permit
- Deny
- Log
Answers:
- Permit - Allow
- Deny - Block
- Log - Record
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Describe how extended ACLs differ from standard.
Answer: Extended ACLs filter by protocol, port, and more; standard ACLs only use IP.
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command creates an extended ACL?
Options:
- access-list 100
- extended acl
- acl 100
- set acl 100
Answer: access-list 100
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: A _______ ACL uses names.
Answer: named
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command creates a named ACL?
Options:
- ip access-list
- named acl
- acl named
- set named
Answer: ip access-list
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Match ACL numbers with types:
Options:
- 1-99
- 100-199
- Named
Answers:
- 1-99 - Standard
- 100-199 - Extended
- Named - Custom
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Explain why ACL placement matters.
Answer: Placement near the source reduces unnecessary traffic processing.
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command shows ACLs?
Options:
- show access-lists
- show acl
- acl show
- list acl
Answer: show access-lists
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: A _______ rule allows traffic.
Answer: permit
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command denies ICMP?
Options:
- deny icmp any any
- block icmp
- icmp deny
- no icmp
Answer: deny icmp any any
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Match ACL directions with effects:
Options:
- In
- Out
- Both
Answers:
- In - Inbound
- Out - Outbound
- Both - Bidirectional
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Describe how logging improves ACLs.
Answer: Logging tracks matched traffic, aiding in threat analysis.
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command adds logging?
Options:
- log
- enable log
- log acl
- set log
Answer: log
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: A _______ ACL filters by port.
Answer: extended
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command permits SSH?
Options:
- permit tcp any any eq 22
- allow ssh
- ssh permit
- permit ssh
Answer: permit tcp any any eq 22
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Match ACL keywords with meanings:
Options:
- any
- eq
- host
Answers:
- any - All IPs
- eq - Equal port
- host - Specific IP
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Explain ACL implicit deny.
Answer: An implicit deny at the end of an ACL blocks all unspecified traffic.
Explanation: No explanation available.
Systems Security - Module 8: Access Control Lists
Question: Which command removes an ACL?
Options:
- no access-list
- delete acl
- remove acl
- acl delete
Answer: no access-list
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which firewall type examines packet headers only?
Options:
- Packet-filtering
- Stateful
- Proxy
- Next-Generation
Answer: Packet-filtering
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: A _______ firewall tracks connection states.
Answer: Stateful
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Match firewall types with features:
Options:
- Packet
- Stateful
- Proxy
Answers:
- Packet - Header-based
- Stateful - Connection tracking
- Proxy - Application-level
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Explain how stateful firewalls improve security.
Answer: Stateful firewalls track connections, allowing only authorized traffic.
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which firewall acts as an intermediary?
Options:
- Packet-filtering
- Stateful
- Proxy
- Next-Generation
Answer: Proxy
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: A _______ firewall uses deep packet inspection.
Answer: Next-Generation
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which firewall blocks based on apps?
Options:
- Packet-filtering
- Stateful
- Proxy
- Next-Generation
Answer: Next-Generation
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Match firewall capabilities with types:
Options:
- Filtering
- State
- App Control
Answers:
- Filtering - Packet
- State - Stateful
- App Control - Next-Gen
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Describe how proxy firewalls work.
Answer: Proxy firewalls intercept requests, filtering at the application layer.
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which command sets a firewall rule?
Options:
- access-list
- firewall rule
- rule set
- set firewall
Answer: access-list
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: A _______ firewall is basic.
Answer: Packet-filtering
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which firewall uses connection tables?
Options:
- Packet-filtering
- Stateful
- Proxy
- Next-Generation
Answer: Stateful
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Match firewall types with layers:
Options:
- Packet
- Stateful
- Proxy
Answers:
- Packet - Network
- Stateful - Transport
- Proxy - Application
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Explain how NGFWs differ from others.
Answer: NGFWs use deep packet inspection and app awareness, unlike basic firewalls.
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which firewall logs app usage?
Options:
- Packet-filtering
- Stateful
- Proxy
- Next-Generation
Answer: Next-Generation
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: A _______ firewall hides client identity.
Answer: Proxy
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which command shows firewall rules?
Options:
- show access-lists
- show firewall
- firewall show
- list rules
Answer: show access-lists
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Match firewall features with benefits:
Options:
- State
- App Control
- Proxy
Answers:
- State - Tracks sessions
- App Control - Blocks apps
- Proxy - Anonymity
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Describe how packet-filtering works.
Answer: Packet-filtering examines headers, allowing or denying based on rules.
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which firewall is fastest?
Options:
- Packet-filtering
- Stateful
- Proxy
- Next-Generation
Answer: Packet-filtering
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: A _______ firewall requires more resources.
Answer: Next-Generation
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which firewall supports IPS?
Options:
- Packet-filtering
- Stateful
- Proxy
- Next-Generation
Answer: Next-Generation
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Match firewall types with complexity:
Options:
- Packet
- Stateful
- NGFW
Answers:
- Packet - Simple
- Stateful - Moderate
- NGFW - Complex
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Explain why stateful firewalls are preferred.
Answer: Stateful firewalls track connections, improving security over basic filtering.
Explanation: No explanation available.
Systems Security - Module 9: Firewall Technologies
Question: Which command clears firewall logs?
Options:
- clear logging
- log clear
- clear logs
- reset log
Answer: clear logging
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command defines a security zone?
Options:
- zone security
- security zone
- zone define
- define zone
Answer: zone security
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: A _______ groups interfaces.
Answer: zone
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Match ZBPF components with roles:
Options:
- Zone
- Class-Map
- Policy-Map
Answers:
- Zone - Groups interfaces
- Class-Map - Matches traffic
- Policy-Map - Applies rules
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Explain how ZBPF enhances security.
Answer: ZBPF applies policies between zones, controlling traffic flow.
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command assigns an interface to a zone?
Options:
- zone-member security
- member zone
- zone assign
- set zone
Answer: zone-member security
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: The _______ command matches traffic.
Answer: class-map
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command creates a class-map?
Options:
- class-map
- map class
- create class
- set class
Answer: class-map
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Match ZBPF actions with commands:
Options:
- Inspect
- Drop
- Pass
Answers:
- Inspect - inspect
- Drop - drop
- Pass - pass
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Describe how zones segment networks.
Answer: Zones group interfaces, applying rules to traffic between them.
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command sets a policy-map?
Options:
- policy-map
- map policy
- set policy
- policy set
Answer: policy-map
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: A _______ defines traffic actions.
Answer: policy-map
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command applies a ZBPF policy?
Options:
- zone-pair security
- apply zone
- zone apply
- set zone-pair
Answer: zone-pair security
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Match ZBPF terms with definitions:
Options:
- Zone-Pair
- Class
- Policy
Answers:
- Zone-Pair - Source/Dest zones
- Class - Traffic type
- Policy - Action set
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Explain how ZBPF differs from ACLs.
Answer: ZBPF uses zones and policies, offering stateful control vs. ACLs’ stateless rules.
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command shows ZBPF status?
Options:
- show zone security
- zone status
- show zones
- status zone
Answer: show zone security
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: A _______ pair defines traffic direction.
Answer: zone
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command inspects traffic?
Options:
- inspect
- check traffic
- traffic inspect
- set inspect
Answer: inspect
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Match ZBPF policies with actions:
Options:
- Inspect
- Drop
- Pass
Answers:
- Inspect - Monitor
- Drop - Block
- Pass - Allow
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Describe how ZBPF handles state.
Answer: ZBPF tracks connection states, allowing return traffic automatically.
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command drops traffic?
Options:
- drop
- block
- deny
- stop
Answer: drop
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: A _______ map classifies traffic.
Answer: class
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command passes traffic?
Options:
- pass
- allow
- permit
- pass-through
Answer: pass
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Match ZBPF elements with config:
Options:
- Zone
- Class
- Policy
Answers:
- Zone - zone security
- Class - class-map
- Policy - policy-map
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Explain why ZBPF is stateful.
Answer: ZBPF maintains a state table, tracking connections for bidirectional traffic.
Explanation: No explanation available.
Systems Security - Module 10: Zone-Based Policy Firewalls
Question: Which command removes a zone?
Options:
- no zone security
- delete zone
- remove zone
- zone delete
Answer: no zone security
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: IPS stands for _______ Prevention System.
Answer: Intrusion
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which command enables IPS?
Options:
- ip ips name
- ips enable
- enable ips
- set ips
Answer: ip ips name
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Match IPS features with roles:
Options:
- Detection
- Prevention
- Logging
Answers:
- Detection - Identifies threats
- Prevention - Blocks attacks
- Logging - Records events
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Explain how IPS enhances security.
Answer: IPS detects and blocks intrusions in real-time, preventing attacks.
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which tool is IPS?
Options:
- IDS
- IPS
- Firewall
- NAT
Answer: IPS
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: A _______ signature detects threats.
Answer: IPS
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which command applies IPS to an interface?
Options:
- ip ips in
- ips apply
- apply ips
- set ips in
Answer: ip ips in
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Match IPS actions with effects:
Options:
- Alert
- Block
- Reset
Answers:
- Alert - Notify
- Block - Stop
- Reset - Terminate
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Describe how IPS differs from IDS.
Answer: IPS actively blocks threats; IDS only detects and alerts.
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which command sets an IPS signature?
Options:
- ip ips signature
- signature set
- set signature
- ips sig
Answer: ip ips signature
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: A _______ IPS monitors inline.
Answer: inline
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which IPS mode blocks traffic?
Options:
- Promiscuous
- Inline
- Passive
- Monitor
Answer: Inline
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Match IPS modes with operations:
Options:
- Promiscuous
- Inline
- Hybrid
Answers:
- Promiscuous - Monitor only
- Inline - Block
- Hybrid - Both
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Explain how inline IPS works.
Answer: Inline IPS processes traffic directly, blocking threats in real-time.
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which command shows IPS status?
Options:
- show ip ips
- ips status
- show ips
- status ips
Answer: show ip ips
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: A _______ detects attack patterns.
Answer: signature
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which IPS uses anomaly detection?
Options:
- Signature-based
- Anomaly-based
- Rule-based
- Policy-based
Answer: Anomaly-based
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Match IPS types with methods:
Options:
- Signature
- Anomaly
- Hybrid
Answers:
- Signature - Known patterns
- Anomaly - Behavior
- Hybrid - Both
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Describe how anomaly-based IPS works.
Answer: Anomaly-based IPS detects deviations from normal behavior, flagging potential threats.
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which command updates IPS signatures?
Options:
- ip ips update
- update ips
- signature update
- ips update
Answer: ip ips update
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: A _______ IPS reduces false positives.
Answer: hybrid
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which IPS integrates with firewalls?
Options:
- Standalone
- Integrated
- Passive
- Active
Answer: Integrated
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Match IPS deployment with benefits:
Options:
- Inline
- Promiscuous
- Hybrid
Answers:
- Inline - Real-time blocking
- Promiscuous - Low impact
- Hybrid - Balanced
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Explain how IPS logs improve security.
Answer: IPS logs record threats, aiding in forensic analysis and response.
Explanation: No explanation available.
Systems Security - Module 11: IPS Technologies
Question: Which command disables IPS?
Options:
- no ip ips
- ips off
- disable ips
- ips disable
Answer: no ip ips
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which command applies an IPS rule?
Options:
- ip ips name
- ips apply
- ip ips in
- ips rule
Answer: ip ips in
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: A _______ enforces IPS policies.
Answer: interface
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Match IPS config steps with commands:
Options:
- Enable
- Define
- Apply
Answers:
- Enable - ip ips name
- Define - ip ips signature
- Apply - ip ips in
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Explain how IPS rules are implemented.
Answer: IPS rules are defined with signatures and applied to interfaces to block threats.
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which command sets IPS direction?
Options:
- ip ips in
- ips direction
- direction ips
- set ips dir
Answer: ip ips in
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: The _______ command names an IPS policy.
Answer: ip ips name
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which IPS action resets connections?
Options:
- Alert
- Block
- Reset
- Drop
Answer: Reset
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Match IPS actions with config:
Options:
- Drop
- Reset
- Alert
Answers:
- Drop - drop
- Reset - reset
- Alert - alert
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Describe how IPS resets connections.
Answer: IPS sends TCP reset packets to terminate malicious sessions.
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which command logs IPS events?
Options:
- ip ips log
- log ips
- ips log
- logging
Answer: ip ips log
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: A _______ defines IPS behavior.
Answer: signature
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which command sets a custom IPS action?
Options:
- ip ips signature
- set ips action
- ips custom
- action ips
Answer: ip ips signature
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Match IPS setup with steps:
Options:
- Name
- Signature
- Interface
Answers:
- Name - ip ips name
- Signature - ip ips signature
- Interface - ip ips in
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Explain why IPS placement matters.
Answer: Placement near threats reduces processing and improves blocking efficiency.
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which command shows IPS events?
Options:
- show ip ips events
- ips events
- show events
- event log
Answer: show ip ips events
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: A _______ triggers IPS actions.
Answer: signature
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which IPS blocks specific threats?
Options:
- Signature-based
- Anomaly-based
- Rule-based
- General
Answer: Signature-based
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Match IPS enforcement with types:
Options:
- Signature
- Anomaly
- Policy
Answers:
- Signature - Known threats
- Anomaly - Unknown
- Policy - Rules
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Describe how IPS integrates with networks.
Answer: IPS sits inline or monitors traffic, enforcing security policies.
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which command tests IPS?
Options:
- test ips
- ips test
- ip ips test
- show ip ips
Answer: show ip ips
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: A _______ IPS uses predefined rules.
Answer: signature
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which command removes IPS?
Options:
- no ip ips
- ips remove
- remove ips
- unset ips
Answer: no ip ips
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Match IPS terms with definitions:
Options:
- Signature
- Policy
- Event
Answers:
- Signature - Threat pattern
- Policy - Action set
- Event - Trigger
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Explain how IPS reduces false positives.
Answer: IPS uses fine-tuned signatures and policies to minimize incorrect alerts.
Explanation: No explanation available.
Systems Security - Module 12: IPS Operation and Implementation
Question: Which command updates IPS policies?
Options:
- ip ips update
- update ips
- policy update
- ips policy
Answer: ip ips update
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which command enables port security?
Options:
- port-security
- switchport port-security
- security port
- enable port-security
Answer: switchport port-security
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: A _______ limits MAC addresses.
Answer: port security
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Match port security features with roles:
Options:
- MAC Limit
- Violation
- Aging
Answers:
- MAC Limit - Restricts devices
- Violation - Handles breaches
- Aging - Removes old MACs
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Explain how port security protects endpoints.
Answer: Port security limits devices by MAC, preventing unauthorized access.
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which command sets a MAC limit?
Options:
- switchport port-security maximum
- mac limit
- limit mac
- set mac
Answer: switchport port-security maximum
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: The _______ action shuts down a port.
Answer: shutdown
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which violation mode blocks access?
Options:
- Protect
- Restrict
- Shutdown
- Alert
Answer: Shutdown
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Match violation modes with actions:
Options:
- Protect
- Restrict
- Shutdown
Answers:
- Protect - Drops
- Restrict - Drops and logs
- Shutdown - Disables
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Describe how shutdown mode works.
Answer: Shutdown mode disables the port on violation, requiring manual reset.
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which command sets a violation action?
Options:
- switchport port-security violation
- violation set
- set violation
- port violation
Answer: switchport port-security violation
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: A _______ MAC is manually set.
Answer: static
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which command adds a static MAC?
Options:
- switchport port-security mac-address
- mac static
- static mac
- set mac static
Answer: switchport port-security mac-address
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Match MAC types with config:
Options:
- Static
- Dynamic
- Sticky
Answers:
- Static - Manual
- Dynamic - Learned
- Sticky - Auto-saved
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Explain how sticky MACs work.
Answer: Sticky MACs learn and save addresses dynamically, locking them to the port.
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which command enables sticky MAC?
Options:
- switchport port-security mac-address sticky
- sticky mac
- mac sticky
- set sticky
Answer: switchport port-security mac-address sticky
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: A _______ removes old MACs.
Answer: aging
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which command sets MAC aging?
Options:
- switchport port-security aging
- mac age
- age mac
- set aging
Answer: switchport port-security aging
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Match aging types with effects:
Options:
- Absolute
- Inactivity
- None
Answers:
- Absolute - Fixed time
- Inactivity - Idle time
- None - No aging
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Describe how aging enhances security.
Answer: Aging removes stale MACs, preventing spoofing on unused ports.
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which command shows port security?
Options:
- show port-security
- port show
- show ports
- security show
Answer: show port-security
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: A _______ port limits device access.
Answer: secure
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which command restricts to one MAC?
Options:
- switchport port-security maximum 1
- mac 1
- limit 1
- set mac 1
Answer: switchport port-security maximum 1
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Match security settings with commands:
Options:
- Limit
- Action
- MAC
Answers:
- Limit - maximum
- Action - violation
- MAC - mac-address
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Explain why port security is critical.
Answer: Port security prevents unauthorized devices from connecting to the network.
Explanation: No explanation available.
Systems Security - Module 13: Endpoint Security
Question: Which command disables port security?
Options:
- no switchport port-security
- port off
- disable port
- unset security
Answer: no switchport port-security
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which attack exploits ARP?
Options:
- ARP Spoofing
- DDoS
- Phishing
- SQL Injection
Answer: ARP Spoofing
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: A _______ poisons the ARP table.
Answer: ARP Spoofing
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Match Layer 2 threats with descriptions:
Options:
- ARP Spoofing
- MAC Flooding
- VLAN Hopping
Answers:
- ARP Spoofing - Fake ARP
- MAC Flooding - Table overflow
- VLAN Hopping - Cross VLANs
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Explain how ARP spoofing works.
Answer: ARP spoofing sends fake ARP messages, redirecting traffic to the attacker.
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which command mitigates ARP spoofing?
Options:
- arp inspection
- ip arp inspection
- arp protect
- set arp
Answer: ip arp inspection
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: The _______ attack floods MAC tables.
Answer: MAC Flooding
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which command limits MAC flooding?
Options:
- switchport port-security maximum
- mac limit
- limit mac
- flood control
Answer: switchport port-security maximum
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Match mitigation tools with Layer 2 threats:
Options:
- DAI
- Port Security
- VLAN ACL
Answers:
- DAI - ARP Spoofing
- Port Security - MAC Flooding
- VLAN ACL - VLAN Hopping
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Describe how MAC flooding impacts switches.
Answer: MAC flooding overflows the MAC table, forcing the switch into hub mode.
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which attack crosses VLANs?
Options:
- ARP Spoofing
- MAC Flooding
- VLAN Hopping
- DDoS
Answer: VLAN Hopping
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: A _______ prevents VLAN hopping.
Answer: VLAN ACL
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which command sets a VLAN ACL?
Options:
- vlan access-map
- acl vlan
- set vlan acl
- vlan acl
Answer: vlan access-map
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Match Layer 2 defenses with commands:
Options:
- DAI
- Port Security
- VACL
Answers:
- DAI - ip arp inspection
- Port Security - switchport port-security
- VACL - vlan access-map
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Explain how DAI mitigates ARP spoofing.
Answer: DAI validates ARP packets, dropping invalid ones to prevent spoofing.
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which command enables DAI?
Options:
- ip arp inspection
- arp inspect
- inspect arp
- set arp inspection
Answer: ip arp inspection
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: A _______ attack disrupts Layer 2.
Answer: MAC Flooding
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which command shows ARP inspection?
Options:
- show ip arp inspection
- arp show
- show arp
- inspect show
Answer: show ip arp inspection
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Match Layer 2 attacks with impacts:
Options:
- ARP
- MAC
- VLAN
Answers:
- ARP - Redirects traffic
- MAC - Overflows tables
- VLAN - Crosses segments
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Describe how VLAN hopping works.
Answer: VLAN hopping sends tagged frames to access other VLANs illicitly.
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which command prevents VLAN hopping?
Options:
- switchport mode access
- vlan block
- block vlan
- set vlan
Answer: switchport mode access
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: A _______ validates ARP packets.
Answer: DAI
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which command secures trunk ports?
Options:
- switchport mode trunk
- trunk secure
- secure trunk
- set trunk
Answer: switchport mode trunk
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Match Layer 2 security with tools:
Options:
- ARP
- MAC
- VLAN
Answers:
- ARP - DAI
- MAC - Port Security
- VLAN - VACL
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Explain why Layer 2 security is critical.
Answer: Layer 2 security prevents low-level attacks that bypass higher layers.
Explanation: No explanation available.
Systems Security - Module 14: Layer 2 Security Considerations
Question: Which command disables DAI?
Options:
- no ip arp inspection
- arp off
- disable arp
- unset arp
Answer: no ip arp inspection
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which command generates RSA keys?
Options:
- crypto key generate rsa
- rsa generate
- key rsa
- generate rsa
Answer: crypto key generate rsa
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: A _______ secures data transmission.
Answer: encryption
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Match crypto methods with uses:
Options:
- Symmetric
- Asymmetric
- Hash
Answers:
- Symmetric - Fast encryption
- Asymmetric - Key exchange
- Hash - Integrity
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Explain how RSA enhances security.
Answer: RSA uses public/private keys for secure data exchange and authentication.
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which protocol uses RSA?
Options:
- SSH
- HTTP
- FTP
- SNMP
Answer: SSH
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: The _______ algorithm is symmetric.
Answer: AES
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which encryption is fastest?
Options:
- AES
- RSA
- DES
- SHA
Answer: AES
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Match encryption types with keys:
Options:
- Symmetric
- Asymmetric
- Hash
Answers:
- Symmetric - One key
- Asymmetric - Two keys
- Hash - No key
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Describe how AES secures data.
Answer: AES encrypts data with a single key, ensuring confidentiality.
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which command sets an AES key?
Options:
- crypto key aes
- aes key
- key aes
- crypto key generate
Answer: crypto key generate
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: A _______ ensures data integrity.
Answer: hash
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which hash algorithm is secure?
Options:
- MD5
- SHA-1
- SHA-256
- CRC
Answer: SHA-256
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Match hash uses with algorithms:
Options:
- Integrity
- Authentication
- Password
Answers:
- Integrity - SHA-256
- Authentication - HMAC
- Password - MD5
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Explain how hashing improves security.
Answer: Hashing creates a unique data fingerprint, detecting tampering.
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which command enables encryption?
Options:
- crypto key generate
- encrypt on
- enable crypto
- set encrypt
Answer: crypto key generate
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: A _______ key encrypts SSH.
Answer: RSA
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which protocol uses AES?
Options:
- IPsec
- HTTP
- FTP
- SNMP
Answer: IPsec
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Match crypto protocols with uses:
Options:
- IPsec
- SSL/TLS
- SSH
Answers:
- IPsec - VPN
- SSL/TLS - Web
- SSH - Remote
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Describe how IPsec secures data.
Answer: IPsec encrypts traffic, ensuring confidentiality and integrity.
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which command shows crypto keys?
Options:
- show crypto key
- crypto show
- show keys
- key show
Answer: show crypto key
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: A _______ verifies data origin.
Answer: signature
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which algorithm signs data?
Options:
- RSA
- AES
- DES
- SHA
Answer: RSA
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Match crypto terms with roles:
Options:
- Key
- Cipher
- Hash
Answers:
- Key - Encrypts
- Cipher - Algorithm
- Hash - Verifies
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Explain how digital signatures work.
Answer: Digital signatures use asymmetric keys to verify data authenticity.
Explanation: No explanation available.
Systems Security - Module 15: Cryptographic Services
Question: Which command removes crypto keys?
Options:
- no crypto key
- key remove
- remove key
- unset crypto
Answer: no crypto key
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: HMAC uses _______ for integrity.
Answer: hashing
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Which command enables HMAC?
Options:
- hmac enable
- crypto hmac
- enable hmac
- set hmac
Answer: crypto hmac
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Match integrity tools with roles:
Options:
- Hash
- HMAC
- Checksum
Answers:
- Hash - Data fingerprint
- HMAC - Authenticated hash
- Checksum - Error check
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Explain how HMAC ensures authenticity.
Answer: HMAC combines a hash with a key, verifying data source and integrity.
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Which hash is used in HMAC?
Options:
- MD5
- SHA-1
- SHA-256
- CRC
Answer: SHA-256
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: A _______ verifies data wasn’t altered.
Answer: hash
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Which protocol uses HMAC?
Options:
- IPsec
- HTTP
- FTP
- SNMP
Answer: IPsec
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Match authenticity methods with uses:
Options:
- Hash
- HMAC
- Signature
Answers:
- Hash - Integrity
- HMAC - Authenticity
- Signature - Non-repudiation
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Describe how hashes detect tampering.
Answer: Hashes create a unique value; any change alters it, revealing tampering.
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Which command sets a hash key?
Options:
- crypto key
- hash key
- key hash
- set hash
Answer: crypto key
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: A _______ ensures data source.
Answer: HMAC
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Which hash is outdated?
Options:
- MD5
- SHA-256
- SHA-3
- BLAKE2
Answer: MD5
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Match hash types with security:
Options:
- MD5
- SHA-1
- SHA-256
Answers:
- MD5 - Weak
- SHA-1 - Deprecated
- SHA-256 - Strong
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Explain why MD5 is weak.
Answer: MD5 has collision vulnerabilities, making it insecure for integrity.
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Which command shows hash status?
Options:
- show crypto
- crypto status
- show hash
- hash status
Answer: show crypto
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: A _______ hash uses a key.
Answer: HMAC
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Which protocol uses SHA-256?
Options:
- SSL/TLS
- HTTP
- FTP
- SNMP
Answer: SSL/TLS
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Match integrity tools with outputs:
Options:
- Hash
- HMAC
- Checksum
Answers:
- Hash - Fixed value
- HMAC - Keyed value
- Checksum - Simple sum
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Describe how checksums differ from hashes.
Answer: Checksums are simpler, less secure; hashes are cryptographic, collision-resistant.
Explanation: No explanation available.
Systems Security - Module 16: Basic Integrity and Authenticity
Question: Which command disables HMAC?
Options:
- no crypto hmac
- hmac off
- disable hmac
- unset hmac
Answer: no crypto hmac
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Which key pair includes public and private keys?
Options:
- RSA
- DES
- AES
- MD5
Answer: RSA
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: A _______ key is shared.
Answer: public
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Match key types with roles:
Options:
- Public
- Private
- Symmetric
Answers:
- Public - Encrypt
- Private - Decrypt
- Symmetric - Both
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Explain how public key cryptography works.
Answer: Public key encrypts; private key decrypts, ensuring secure exchange.
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Which command generates RSA keys?
Options:
- crypto key generate rsa
- rsa key
- generate rsa
- key rsa
Answer: crypto key generate rsa
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: The _______ key is kept secret.
Answer: private
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Which protocol uses public keys?
Options:
- SSH
- HTTP
- FTP
- SNMP
Answer: SSH
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Match crypto uses with keys:
Options:
- Encryption
- Signature
- Exchange
Answers:
- Encryption - Public
- Signature - Private
- Exchange - Both
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Describe how RSA secures SSH.
Answer: RSA generates key pairs; public key encrypts, private key authenticates.
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Which command shows key pairs?
Options:
- show crypto key
- key show
- show keys
- crypto show
Answer: show crypto key
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: A _______ signs data.
Answer: private key
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Which algorithm is asymmetric?
Options:
- AES
- RSA
- DES
- SHA
Answer: RSA
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Match key roles with protocols:
Options:
- SSH
- SSL/TLS
- IPsec
Answers:
- SSH - Authentication
- SSL/TLS - Encryption
- IPsec - Both
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Explain how public keys are shared.
Answer: Public keys are distributed openly; private keys remain secret.
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Which command removes RSA keys?
Options:
- no crypto key
- remove key
- key remove
- unset rsa
Answer: no crypto key
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: A _______ verifies signatures.
Answer: public key
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Which protocol uses certificates?
Options:
- SSL/TLS
- HTTP
- FTP
- SNMP
Answer: SSL/TLS
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Match crypto terms with functions:
Options:
- Public
- Private
- Cert
Answers:
- Public - Encrypt
- Private - Sign
- Cert - Trust
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Describe how certificates enhance security.
Answer: Certificates bind public keys to identities, ensuring trust.
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Which command imports a certificate?
Options:
- crypto pki import
- import cert
- cert import
- set cert
Answer: crypto pki import
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: A _______ authority issues certificates.
Answer: CA
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Which command shows certificates?
Options:
- show crypto pki
- cert show
- show certs
- pki show
Answer: show crypto pki
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Match cert roles with entities:
Options:
- CA
- User
- Server
Answers:
- CA - Issues
- User - Requests
- Server - Uses
Explanation: No explanation available.
Systems Security - Module 17: Public Key Cryptography
Question: Explain how CAs ensure trust.
Answer: CAs verify identities, issuing trusted certificates for secure communication.
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which protocol secures VPN traffic?
Options:
- IPsec
- HTTP
- FTP
- SNMP
Answer: IPsec
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: A _______ creates a secure tunnel.
Answer: VPN
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Match VPN types with uses:
Options:
- Site-to-Site
- Remote Access
- Clientless
Answers:
- Site-to-Site - Network link
- Remote Access - User access
- Clientless - Web-based
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Explain how VPNs enhance security.
Answer: VPNs encrypt traffic over public networks, ensuring confidentiality.
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which command enables IPsec?
Options:
- crypto ipsec
- ipsec enable
- enable ipsec
- set ipsec
Answer: crypto ipsec
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: The _______ protocol encrypts VPN data.
Answer: IPsec
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which VPN uses SSL?
Options:
- Site-to-Site
- Remote Access
- Clientless SSL
- IPsec
Answer: Clientless SSL
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Match VPN protocols with features:
Options:
- IPsec
- SSL
- PPTP
Answers:
- IPsec - Strong security
- SSL - Web-based
- PPTP - Legacy
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Describe how IPsec secures VPNs.
Answer: IPsec encrypts and authenticates packets, securing VPN tunnels.
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which command sets an IPsec transform?
Options:
- crypto ipsec transform-set
- transform ipsec
- set transform
- ipsec transform
Answer: crypto ipsec transform-set
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: A _______ defines VPN endpoints.
Answer: tunnel
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which command creates a VPN tunnel?
Options:
- crypto map
- tunnel create
- create tunnel
- set tunnel
Answer: crypto map
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Match VPN components with roles:
Options:
- Tunnel
- Transform
- Crypto Map
Answers:
- Tunnel - Path
- Transform - Encryption
- Crypto Map - Policy
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Explain how SSL VPNs differ from IPsec.
Answer: SSL VPNs use web-based encryption; IPsec secures all traffic.
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which command applies a crypto map?
Options:
- crypto map interface
- apply crypto
- interface crypto
- set crypto
Answer: crypto map interface
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: A _______ key encrypts VPN traffic.
Answer: session
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which protocol uses IKE?
Options:
- IPsec
- SSL
- PPTP
- L2TP
Answer: IPsec
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Match VPN security with protocols:
Options:
- IPsec
- SSL
- L2TP
Answers:
- IPsec - Full encryption
- SSL - Web encryption
- L2TP - Tunneling
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Describe how IKE secures VPNs.
Answer: IKE negotiates keys and policies for IPsec VPN security.
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which command shows VPN status?
Options:
- show crypto ipsec
- vpn status
- show vpn
- status vpn
Answer: show crypto ipsec
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: A _______ VPN connects sites.
Answer: Site-to-Site
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which command sets IKE policy?
Options:
- crypto isakmp policy
- ike policy
- policy ike
- set ike
Answer: crypto isakmp policy
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Match VPN types with access:
Options:
- Site
- Remote
- Clientless
Answers:
- Site - Network
- Remote - User
- Clientless - Browser
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Explain why VPNs use encryption.
Answer: Encryption protects data over untrusted networks, ensuring privacy.
Explanation: No explanation available.
Systems Security - Module 18: VPNs
Question: Which command removes a VPN?
Options:
- no crypto map
- remove vpn
- vpn delete
- unset vpn
Answer: no crypto map
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which command sets an IPsec transform set?
Options:
- crypto ipsec transform-set
- ipsec transform
- transform-set ipsec
- set transform
Answer: crypto ipsec transform-set
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: A _______ links two networks.
Answer: Site-to-Site VPN
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Match VPN config steps with commands:
Options:
- Transform
- Crypto Map
- Interface
Answers:
- Transform - crypto ipsec transform-set
- Crypto Map - crypto map
- Interface - crypto map interface
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Explain how Site-to-Site VPNs work.
Answer: Site-to-Site VPNs connect networks via encrypted tunnels over the internet.
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which command defines IKE policy?
Options:
- crypto isakmp policy
- ike policy
- policy ike
- set ike
Answer: crypto isakmp policy
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: The _______ command applies a crypto map.
Answer: crypto map interface
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which protocol negotiates VPN keys?
Options:
- IKE
- SSL
- PPTP
- L2TP
Answer: IKE
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Match IPsec components with roles:
Options:
- IKE
- Transform
- Crypto Map
Answers:
- IKE - Key exchange
- Transform - Encryption
- Crypto Map - Policy
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Describe how IKE sets up IPsec.
Answer: IKE negotiates security associations and keys for IPsec encryption.
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which command shows IPsec SA?
Options:
- show crypto ipsec sa
- sa show
- show sa
- ipsec sa
Answer: show crypto ipsec sa
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: A _______ defines encryption settings.
Answer: transform set
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which command sets a peer IP?
Options:
- crypto map set peer
- peer set
- set peer
- ip peer
Answer: crypto map set peer
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Match VPN setup with commands:
Options:
- Policy
- Peer
- Map
Answers:
- Policy - crypto isakmp policy
- Peer - crypto map set peer
- Map - crypto map
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Explain why peers are defined.
Answer: Peers specify VPN endpoints, ensuring correct tunnel termination.
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which command enables NAT-T?
Options:
- crypto isakmp nat-traversal
- nat-t enable
- enable nat-t
- set nat-t
Answer: crypto isakmp nat-traversal
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: A _______ traverses NAT.
Answer: NAT-T
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which command logs IPsec?
Options:
- debug crypto ipsec
- log ipsec
- ipsec log
- show log
Answer: debug crypto ipsec
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Match IPsec features with benefits:
Options:
- Encryption
- Auth
- NAT-T
Answers:
- Encryption - Privacy
- Auth - Integrity
- NAT-T - Compatibility
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Describe how NAT-T aids VPNs.
Answer: NAT-T encapsulates IPsec in UDP, allowing traversal of NAT devices.
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which command clears IPsec SA?
Options:
- clear crypto sa
- sa clear
- clear sa
- reset sa
Answer: clear crypto sa
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: A _______ secures site links.
Answer: IPsec
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which command sets a VPN ACL?
Options:
- crypto map match address
- acl set
- set acl
- match acl
Answer: crypto map match address
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Match VPN terms with config:
Options:
- SA
- Peer
- ACL
Answers:
- SA - Security association
- Peer - Endpoint
- ACL - Traffic filter
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Explain how ACLs define VPN traffic.
Answer: ACLs specify which traffic is encrypted and sent over the VPN.
Explanation: No explanation available.
Systems Security - Module 19: Implement Site-to-Site IPsec VPNs
Question: Which command disables IPsec?
Options:
- no crypto ipsec
- ipsec off
- disable ipsec
- unset ipsec
Answer: no crypto ipsec
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: ASA stands for _______ Security Appliance.
Answer: Adaptive
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which command enters ASA config mode?
Options:
- configure terminal
- config t
- conf t
- All of these
Answer: All of these
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Match ASA features with roles:
Options:
- Firewall
- VPN
- IPS
Answers:
- Firewall - Filters
- VPN - Tunnels
- IPS - Intrusion
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Explain how ASA enhances security.
Answer: ASA combines firewall, VPN, and IPS for comprehensive protection.
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which ASA mode is default?
Options:
- Routed
- Transparent
- Multi-context
- Single
Answer: Routed
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: The _______ command sets ASA mode.
Answer: mode
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which ASA supports multiple VLANs?
Options:
- Routed
- Transparent
- Multi-context
- Single
Answer: Multi-context
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Match ASA modes with functions:
Options:
- Routed
- Transparent
- Multi
Answers:
- Routed - Routing
- Transparent - Bridging
- Multi - Virtual
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Describe how transparent mode works.
Answer: Transparent mode bridges traffic without routing, acting as a Layer 2 device.
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which command shows ASA mode?
Options:
- show mode
- mode show
- show running-config
- status mode
Answer: show running-config
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: A _______ ASA acts as a router.
Answer: Routed
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which command enables multi-context?
Options:
- mode multiple
- multi mode
- set multi
- context multi
Answer: mode multiple
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Match ASA components with uses:
Options:
- Firewall
- VPN
- Contexts
Answers:
- Firewall - Access control
- VPN - Remote access
- Contexts - Virtual ASA
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Explain how multi-context works.
Answer: Multi-context splits ASA into virtual firewalls, isolating traffic.
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which command sets an ASA name?
Options:
- hostname
- name set
- set name
- asa name
Answer: hostname
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: A _______ separates ASA contexts.
Answer: context
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which command enters context mode?
Options:
- changeto context
- context change
- mode context
- set context
Answer: changeto context
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Match ASA terms with definitions:
Options:
- Context
- Mode
- Interface
Answers:
- Context - Virtual ASA
- Mode - Operation type
- Interface - Traffic port
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Describe how ASA differs from IOS.
Answer: ASA uses a dedicated OS for security, unlike IOS’s general routing.
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which command shows ASA interfaces?
Options:
- show interface
- interface show
- show int
- int status
Answer: show interface
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: A _______ ASA filters traffic.
Answer: Firewall
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which command sets ASA IP?
Options:
- ip address
- set ip
- address ip
- configure ip
Answer: ip address
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Match ASA setup with commands:
Options:
- Name
- Mode
- IP
Answers:
- Name - hostname
- Mode - mode
- IP - ip address
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Explain why ASA uses contexts.
Answer: Contexts allow multiple virtual firewalls, improving isolation.
Explanation: No explanation available.
Systems Security - Module 20: Introduction to the ASA
Question: Which command disables multi-context?
Options:
- no mode multiple
- mode single
- disable multi
- unset multi
Answer: no mode multiple
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command sets an ASA interface IP?
Options:
- ip address
- interface ip
- set ip
- config ip
Answer: ip address
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: A _______ defines ASA zones.
Answer: interface
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Match ASA config with commands:
Options:
- Interface
- ACL
- NAT
Answers:
- Interface - ip address
- ACL - access-list
- NAT - nat
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Explain how ASA interfaces secure traffic.
Answer: Interfaces apply security levels and policies to control traffic flow.
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command creates an ACL?
Options:
- access-list
- acl create
- create acl
- set acl
Answer: access-list
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: The _______ command applies an ACL.
Answer: access-group
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command permits traffic?
Options:
- permit
- allow
- access permit
- set permit
Answer: permit
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Match ACL actions with effects:
Options:
- Permit
- Deny
- Log
Answers:
- Permit - Allows
- Deny - Blocks
- Log - Records
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Describe how ACLs work on ASA.
Answer: ACLs filter traffic based on rules applied to interfaces.
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command sets NAT?
Options:
- nat
- set nat
- nat config
- configure nat
Answer: nat
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: A _______ hides internal IPs.
Answer: NAT
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command enables NAT?
Options:
- nat enable
- nat
- enable nat
- set nat enable
Answer: nat
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Match NAT types with uses:
Options:
- Dynamic
- Static
- PAT
Answers:
- Dynamic - Many-to-one
- Static - One-to-one
- PAT - Port-based
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Explain how PAT works on ASA.
Answer: PAT maps multiple internal IPs to one external IP using ports.
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command shows NAT rules?
Options:
- show nat
- nat show
- show run nat
- list nat
Answer: show nat
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: A _______ level sets interface security.
Answer: security-level
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command sets a security level?
Options:
- security-level
- level set
- set security
- config level
Answer: security-level
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Match security levels with access:
Options:
- 0
- 50
- 100
Answers:
- 0 - Least secure
- 50 - Medium
- 100 - Most secure
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Describe how security levels work.
Answer: Higher levels allow outbound traffic; lower levels restrict inbound.
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command shows ASA config?
Options:
- show running-config
- config show
- show config
- run show
Answer: show running-config
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: A _______ denies traffic by default.
Answer: ASA
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command allows ICMP?
Options:
- permit icmp
- icmp permit
- access-list permit icmp
- set icmp
Answer: access-list permit icmp
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Match ASA settings with commands:
Options:
- IP
- ACL
- Level
Answers:
- IP - ip address
- ACL - access-list
- Level - security-level
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Explain why ASA uses NAT.
Answer: NAT hides internal IPs and manages address space on ASA.
Explanation: No explanation available.
Systems Security - Module 21: ASA Firewall Configuration
Question: Which command removes an ACL?
Options:
- no access-list
- delete acl
- remove acl
- unset acl
Answer: no access-list
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which tool tests network vulnerabilities?
Options:
- Wireshark
- Nmap
- Ping
- Traceroute
Answer: Nmap
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: A _______ scans for open ports.
Answer: Nmap
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Match testing tools with uses:
Options:
- Nmap
- Wireshark
- Nessus
Answers:
- Nmap - Port scanning
- Wireshark - Packet capture
- Nessus - Vulnerability scan
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Explain how Nmap improves security.
Answer: Nmap identifies open ports and services, revealing vulnerabilities.
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which tool captures packets?
Options:
- Nmap
- Wireshark
- Nessus
- Metasploit
Answer: Wireshark
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: The _______ tool tests exploits.
Answer: Metasploit
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which tool scans for weaknesses?
Options:
- Nessus
- Wireshark
- Nmap
- Ping
Answer: Nessus
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Match test types with tools:
Options:
- Port
- Packet
- Vuln
Answers:
- Port - Nmap
- Packet - Wireshark
- Vuln - Nessus
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Describe how Wireshark aids testing.
Answer: Wireshark captures packets, analyzing traffic for anomalies.
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which command runs Nmap?
Options:
- nmap
- scan nmap
- run nmap
- nmap scan
Answer: nmap
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: A _______ tests penetration.
Answer: Metasploit
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which tool exploits vulnerabilities?
Options:
- Metasploit
- Wireshark
- Nmap
- Nessus
Answer: Metasploit
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Match security tests with goals:
Options:
- Scan
- Capture
- Exploit
Answers:
- Scan - Identify
- Capture - Analyze
- Exploit - Test
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Explain how Nessus improves security.
Answer: Nessus scans for vulnerabilities, enabling proactive fixes.
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which command runs Wireshark?
Options:
- wireshark
- capture wire
- wire shark
- run wireshark
Answer: wireshark
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: A _______ maps network devices.
Answer: Nmap
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which tool tests firewall rules?
Options:
- Nmap
- Wireshark
- Nessus
- Metasploit
Answer: Nmap
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Match testing phases with tools:
Options:
- Recon
- Analysis
- Attack
Answers:
- Recon - Nmap
- Analysis - Wireshark
- Attack - Metasploit
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Describe how Metasploit tests security.
Answer: Metasploit exploits vulnerabilities, simulating real attacks.
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which command runs Nessus?
Options:
- nessus
- scan nessus
- run nessus
- nessus scan
Answer: nessus
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: A _______ captures live traffic.
Answer: Wireshark
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which tool tests OS vulnerabilities?
Options:
- Nessus
- Wireshark
- Nmap
- Metasploit
Answer: Nessus
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Match test outputs with tools:
Options:
- Ports
- Packets
- Exploits
Answers:
- Ports - Nmap
- Packets - Wireshark
- Exploits - Metasploit
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Explain why testing is critical.
Answer: Testing identifies weaknesses, enabling fixes before exploitation.
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which command stops Wireshark?
Options:
- stop
- exit
- quit
- close
Answer: quit
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: A _______ scans for services.
Answer: Nmap
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which tool tests network latency?
Options:
- Ping
- Wireshark
- Nmap
- Nessus
Answer: Ping
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Match testing tools with commands:
Options:
- Nmap
- Wireshark
- Ping
Answers:
- Nmap - nmap
- Wireshark - wireshark
- Ping - ping
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Describe how ping tests connectivity.
Answer: Ping sends ICMP packets, measuring response time to test reachability.
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which command runs Metasploit?
Options:
- msfconsole
- metasploit
- run msf
- msf run
Answer: msfconsole
Explanation: No explanation available.
Systems Security - Module 22: Network Security Testing
Question: Which command enables logging for security testing?
Options:
- logging enable
- log on
- enable log
- logging start
Answer: logging enable
Explanation: No explanation available.
Systems Security - Module 5
Question: What must be done before any role-based CLI views can be created?
Options:
- Issue the aaa new-model command
- Assign multiple privilege levels
- Create the secret password for the root user
- Configure usernames and passwords
Answer: Issue the aaa new-model command
Explanation: No explanation available.
Systems Security - Module 5
Question: Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)
Options:
- There is no access control to specific interfaces on a router.
- The root user must be assigned to each privilege level that is defined.
- Commands set on a higher privilege level are not available for lower privilege users.
- Views are required to define the CLI commands that each user can access.
- Creating a user account that needs access to most but not all commands can be a tedious process.
- It is required that all 16 privilege levels be defined, whether they are used or not.
Answer: ["There is no access control to specific interfaces on a router.", "Commands set on a higher privilege level are not available for lower privilege users.", "Creating a user account that needs access to most but not all commands can be a tedious process."]
Explanation: No explanation available.
Systems Security - Module 5
Question: Which two router commands can a user issue when granted privilege level 0? (Choose two.)
Options:
- help
- ping
- configure
- disable
- show
Answer: ["help", "disable"]
Explanation: No explanation available.
Systems Security - Module 5
Question: What does level 5 in the following enable secret global configuration mode command indicate? Router(config)# enable secret level 5 csc5io
Options:
- The enable secret password is hashed using MD5.
- The enable secret password is hashed using SHA.
- The enable secret password grants access to privileged EXEC level 5.
- The enable secret password can only be set by individuals with privileges for EXEC level 5.
Answer: "The enable secret password grants access to privileged EXEC level 5."
Explanation: No explanation available.
Systems Security - Module 5
Question: What are three network enhancements achieved by implementing the Cisco IOS software role-based CLI access feature? (Choose three.)
Options:
- Security
- Scalability
- Availability
- Cost reduction
- Fault tolerance
- Operational efficiency
Answer: ["Security", "Availability", "Operational Efficiency"]
Explanation: No explanation available.
Systems Security - Module 5
Question: A network administrator wants to create a new view so that a user only has access to certain configuration commands. In role-based CLI, which view should the administrator use to create the new view?
Options:
- Root view
- CLI view
- Superview
- Admin view
Answer: "Root view"
Explanation: No explanation available.
Systems Security - Module 5
Question: A network administrator enters the command R1# enable view adminview. What is the purpose of this command?
Options:
- To enter the root view
- To enter a CLI view named adminview
- To enter a superview named adminview
- To create a CLI view named adminview
Answer: "To enter a CLI view named adminview"
Explanation: No explanation available.
Systems Security - Module 5
Question: Which range of custom privilege levels can be configured on Cisco routers?
Options:
- 1 through 15
- 1 through 16
- 2 through 14
- 2 through 15
- 0 through 15
Answer: "2 through 14"
Explanation: No explanation available.
Systems Security - Module 5
Question: Which command will move the show interface command to privilege level 10?
Options:
- Router(config)# privilege level 10 show interface
- Router(config)# show interface level 10
- Router(config)# privilege exec level 10 show interface
- Router(config-if)# privilege level 10 show interface
- Router(config-if)# show interface level 10
- Router(config-if)# privilege exec level 10 show interface
Answer: "Router(config)# privilege exec level 10 show interface"
Explanation: No explanation available.
Systems Security - Module 5
Question: What is the default privilege level of user accounts created on Cisco routers?
Options:
- 0
- 1
- 15
- 16
Answer: "1"
Explanation: No explanation available.
Systems Security - Module 5
Question: An administrator assigned a level of router access to the user ADMIN using the commands below. Router(config)# privilege exec level 14 show ip route Router(config)# enable algorithm-type scrypt secret level 14 cisco-level-10 Router(config)# username ADMIN privilege 14 algorithm-type scrypt secret cisco-level-10 Which two actions are permitted to the user ADMIN? (Choose two.)
Options:
- The user can execute all subcommands under the show ip interfaces command.
- The user can issue the ip route command.
- The user can issue all commands because this privilege level can execute all Cisco IOS commands.
- The user can issue the show version command.
- The user can only execute the subcommands under the show ip route command.
Answer: ["The user can execute all subcommands under the show ip interfaces command.", "The user can issue the show version command."]
Explanation: No explanation available.
Systems Security - Module 8
Question: In applying an ACL to a router interface, which traffic is designated as outbound?
Options:
- Traffic that is coming from the source IP address into the router
- Traffic that is leaving the router and going toward the destination host
- Traffic that is going from the destination IP address into the router
- Traffic for which the router can find no routing table entry
Answer: "Traffic that is leaving the router and going toward the destination host"
Explanation: No explanation available.
Systems Security - Module 8
Question: What is the quickest way to remove a single ACE from a named ACL?
Options:
- Use the no keyword and the sequence number of the ACE to be removed.
- Use the no access-list command to remove the entire ACL, then recreate it without the ACE.
- Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router.
- Create a new ACL with a different number and apply the new ACL to the router interface.
Answer: "Use the no keyword and the sequence number of the ACE to be removed."
Explanation: No explanation available.
Systems Security - Module 8
Question: Which ICMP message type should be stopped inbound?
Options:
- Echo
- Echo-reply
- Unreachable
- Source quench
Answer: "Echo"
Explanation: No explanation available.
Systems Security - Module 8
Question: Which scenario would cause an ACL misconfiguration and deny all traffic?
Options:
- Apply a standard ACL in the inbound direction.
- Apply a named ACL to a VTY line.
- Apply an ACL that has all deny ACE statements.
- Apply a standard ACL using the ip access-group out command.
Answer: "Apply an ACL that has all deny ACE statements."
Explanation: No explanation available.
Systems Security - Module 8
Question: Refer to the exhibit. A network administrator is configuring an IPv6 ACL to allow hosts on the 2001:DB8:CAFE:10::/64 network to access remote web servers, except for PC1. However, a user on PC1 can successfully access the web server PC2. Why is this possible?
Options:
- The IPv6 ACL Deny_WEB is spelled incorrectly when applied to the interface.
- The IPv6 ACL Deny_WEB is applied to the wrong interface of router R1.
- The IPv6 ACL Deny_WEB is applied in the incorrect direction on router R1.
- The IPv6 ACL Deny_WEB is permitting all web traffic before the specific host is blocked.
Answer: "The IPv6 ACL Deny_WEB is permitting all web traffic before the specific host is blocked."
Explanation: No explanation available.
Systems Security - Module 8
Question: Refer to the exhibit. A network administrator wants to create a standard ACL to prevent Network 1 traffic from being transmitted to the Research and Development network. On which router interface and in which direction should the standard ACL be applied?
Options:
- R1 Gi0/0 inbound
- R1 Gi0/0 outbound
- R1 S0/0/0 outbound
- R2 S0/0/0 inbound
- R2 Gi0/0 outbound
- R2 Gi0/0 inbound
Answer: "R2 Gi0/0 outbound"
Explanation: No explanation available.
Systems Security - Module 8
Question: Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two.)
Options:
- Multiple ACLs per protocol and per direction can be applied to an interface.
- If an ACL contains no permit statements, all traffic is denied by default.
- The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.
- Standard ACLs are placed closest to the source, whereas extended ACLs are placed closest to the destination.
- If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface.
Answer: ["If an ACL contains no permit statements, all traffic is denied by default.", "The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs."]
Explanation: No explanation available.
Systems Security - Module 8
Question: Refer to the exhibit. Which statement describes the function of the ACEs?
Options:
- These ACEs allow for IPv6 neighbor discovery traffic.
- These ACEs must be manually added to the end of every IPv6 ACL to allow IPv6 routing to occur.
- These ACEs automatically appear at the end of every IPv6 ACL to allow IPv6 routing to occur.
- These are optional ACEs that can be added to the end of an IPv6 ACL to allow ICMP messages that are defined in object groups named nd-na and nd-ns.
Answer: "These ACEs allow for IPv6 neighbor discovery traffic."
Explanation: No explanation available.
Systems Security - Module 8
Question: What wild card mask will match networks 172.16.0.0 through 172.19.0.0?
Options:
- 0.0.3.255
- 0.0.255.255
- 0.252.255.255
- 0.3.255.255
Answer: "0.3.255.255"
Explanation: No explanation available.
Systems Security - Module 8
Question: What method is used to apply an IPv6 ACL to a router interface?
Options:
- The use of the access-class command
- The use of the ip access-group command
- The use of the ipv6 traffic-filter command
- The use of the ipv6 access-list command
Answer: "The use of the ipv6 traffic-filter command"
Explanation: No explanation available.
Systems Security - Module 8
Question: What type of ACL offers greater flexibility and control over network access?
Options:
- Flexible
- Named standard
- Extended
- Numbered standard
Answer: "Extended"
Explanation: No explanation available.
Systems Security - Module 8
Question: Which operator is used in an ACL statement to match packets of a specific application?
Options:
- eq
- lt
- gt
- established
Answer: "eq"
Explanation: No explanation available.
Systems Security - Module 8
Question: Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.)
Options:
- most
- host
- all
- any
- some
- gt
Answer: ["host", "any"]
Explanation: No explanation available.
Systems Security - Module 8
Question: Consider the following access list. <strong>access-list 100 permit ip host 192.168.10.1 any access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo access-list 100 permit ip any any</strong> Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)
Options:
- A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.
- Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests.
- Only Layer 3 connections are allowed to be made from the router to any other network device.
- Only the network device assigned the IP address 192.168.10.1 is allowed to access the router.
- Devices on the 192.168.10.0/24 network can successfully ping devices on the 192.168.11.0 network.
Answer: ["A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.", "Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests."]
Explanation: No explanation available.
Systems Security - Module 9
Question: What is one benefit of using a next-generation firewall rather than a stateful firewall?
Options:
- Integrated use of an intrusion prevention system (IPS)
- Support of TCP-based packet filtering
- Reactive protection against Internet threats
- Support of logging
Answer: "Integrated use of an intrusion prevention system (IPS)"
Explanation: Topic 9.1.0 - Stateful firewalls and next-generation firewalls provide better log information than a packet filtering firewall, both defend against spoofing, and both filter unwanted traffic. Next-generation firewalls provide the following benefits over stateful firewalls: - Granularity control within applications - Website and application traffic filtering based on site reputation - Proactive rather than reactive protection from Internet threats - Enforcement of security policies based on multiple criteria including user, device, role, application, and threat profile - Improved performance with NAT, VPN, and stateful inspections - Integrated IPS
Systems Security - Module 9
Question: Which three layers of the OSI model include information that is commonly inspected by a stateful firewall? (Choose three.)
Options:
- Layer 1
- Layer 2
- Layer 3
- Layer 4
- Layer 5
- Layer 7
Answer: ["Layer 3", "Layer 4", "Layer 5"]
Explanation: Topic 9.1.0 - A stateful firewall provides filtering at the network layer, but also analyzes traffic at OSI Layer 4 and Layer 5.
Systems Security - Module 9
Question: Which statement is a characteristic of a packet filtering firewall?
Options:
- They are susceptible to IP spoofing.
- They have a high impact on network performance.
- They filter fragmented packets.
- They examine each packet in the context of the state of a connection.
Answer: "They are susceptible to IP spoofing."
Explanation: Topic 9.1.0 - Packet filtering firewalls have a low impact on network performance. They are stateless, examining each packet individually and they do not filter fragmented packets well.
Systems Security - Module 9
Question: Which type of firewall is supported by most routers and is the easiest to implement?
Options:
- Packet filtering firewall
- Next generation firewall
- Stateful firewall
- Application gateway firewall
Answer: "Packet filtering firewall"
Explanation: Topic 9.1.0 - A packet filtering firewall uses a simple policy table look-up that filters traffic based on specific criteria and is considered the easiest firewall to implement.
Systems Security - Module 9
Question: Which type of traffic is usually blocked when implementing a demilitarized zone?
Options:
- Traffic that is returning from the DMZ network and traveling to the private network
- Traffic that is returning from the public network and traveling to the DMZ network
- Traffic originating from the private network and traveling to the DMZ network
- Traffic originating from the DMZ network and traveling to the private network
Answer: "Traffic originating from the DMZ network and traveling to the private network"
Explanation: Topic 9.2.0 - A firewall will usually block traffic that is originating from the DMZ network and traveling to the private network. If traffic originated from the private network and the DMZ is sending returning traffic to the private network, then it will be allowed.
Systems Security - Module 9
Question: What are two characteristics of an application gateway firewall? (Choose two.)
Options:
- Uses a simple policy table look-up to filter traffic based on Layer 3 and Layer 4 information.
- Analyzes traffic at Layers 3, 4, 5 and 7 of the OSI model.
- Performs most filtering and firewall control in software.
- Uses connection information maintained in a state table and analyzes traffic at OSI Layers 3, 4, and 5.
- Provides an integrated intrusion prevention and detection feature.
Answer: ["Analyzes traffic at Layers 3, 4, 5 and 7 of the OSI model.", "Performs most filtering and firewall control in software."]
Explanation: Topic 9.1.0 - An application gateway firewall is able to filter information at Layers 3, 4, 5, and 7 of the OSI reference model. When using this type of firewall, most firewall control and filtering is done in software.
Systems Security - Module 9
Question: Which type of firewall generally has a low impact on network performance?
Options:
- Application gateway firewall
- Stateful firewall
- Next generation firewall
- Stateless firewall
Answer: "Stateless firewall"
Explanation: Topic 9.1.0 - A stateless firewall uses a simple policy table look-up that filters traffic based on specific criteria and causes minimal impact on network performance.
Systems Security - Module 9
Question: Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 or 4 information?
Options:
- Stateful firewall
- Packet filtering firewall
- Next generation firewall
- Proxy firewall
Answer: "Packet filtering firewall"
Explanation: Topic 9.1.0 - A packet filtering firewall uses a simple policy table look-up that filters traffic based on specific criteria. These firewalls are usually part of a router firewall. They permit or deny traffic based on Layer 3 and Layer 4 information.
Systems Security - Module 9
Question: How does a firewall handle traffic that is originating from the DMZ network and traveling to a private network?
Options:
- Traffic is usually blocked when it is originating from the DMZ network and traveling to a private network.
- Traffic is usually allowed when it is originating from the DMZ network and traveling to a private network.
- Traffic is usually not filtered using firewall rules when it is originating from the DMZ network and traveling to a private network.
- Traffic is allowed when it is originating from the private network, but the response traffic from the DMZ network will be blocked.
Answer: "Traffic is usually blocked when it is originating from the DMZ network and traveling to a private network."
Explanation: Topic 9.2.0 - A firewall will usually block traffic that is originating from the DMZ network and traveling to the private network. If traffic originated from the private network and the DMZ is sending returning traffic to the private network, then it will be allowed.
Systems Security - Module 9
Question: Which two protocols are stateless and do not generate connection information needed to build a state table? (Choose two.)
Options:
- ICMP
- HTTP
- UDP
- FTP
- TCP
Answer: ["ICMP", "UDP"]
Explanation: Topic 9.1.0 - Connectionless protocols, such as ICMP and UDP, are not stateful and do not generate connection information for a state table.
Systems Security - Module 9
Question: What are two benefits of implementing a firewall in a network? (Choose two.)
Options:
- A firewall will inspect network traffic and forward traffic based solely on the Layer 2 Ethernet MAC address.
- A firewall will reduce security management complexity.
- A firewall will provide accessibility of applications and sensitive resources to external untrusted users.
- A firewall will sanitize protocol flow.
- A firewall will prevent unauthorized traffic from being tunneled or hidden as legitimate traffic through an enterprise network.
Answer: ["A firewall will reduce security management complexity.", "A firewall will sanitize protocol flow."]
Explanation: Topic 9.1.0 - There are several benefits of using a firewall in a network: - It prevents the exposure of sensitive hosts, resources, and applications to untrusted users. - It sanitizes protocol flow, which prevents the exploitation of protocol flaws. - It blocks malicious data from servers and clients. - It reduces security management complexity by off-loading most of the network access control to a few firewalls in the network.
Systems Security - Module 9
Question: When implementing a ZPF, which statement describes a zone?
Options:
- A zone is a group of hardened computers known as bastion hosts.
- A zone is a group of one or more interfaces that have similar functions or features.
- A zone is a group of one or more devices that provide backup and disaster recovery mechanisms.
- A zone is a group of administrative devices that protect against rogue access point installations.
Answer: "A zone is a group of one or more interfaces that have similar functions or features."
Explanation: Topic 9.2.0 - When implementing a zone-based policy firewall (ZPF), a zone is a group of one or more interfaces that have similar functions or features.
Systems Security - Module 10
Question: Which statement accurately describes Cisco IOS zone-based policy firewall operation?
Options:
- The pass action works in only one direction.
- A router interface can belong to multiple zones.
- Service policies are applied in interface configuration mode.
- Router management interfaces must be manually assigned to the self zone.
Answer: "The pass action works in only one direction."
Explanation: Topic 10.3.0 - The pass action in CCP is similar to the permit parameter in an ACL entry. Pass allows traffic only in one direction.
Systems Security - Module 10
Question: How does ZPF handle traffic between an interface that is a zone member and another interface that does not belong to any zone?
Options:
- Pass
- Drop
- Allow
- Inspect
Answer: "Drop"
Explanation: Topic 10.2.0 - The rules for a zone-based policy firewall to handle transit traffic depend on whether or not the ingress and egress interfaces are members of zones. If one interface is a zone member, but the other is not, then the resulting action is to drop the traffic regardless of whether a zone-pair exists.
Systems Security - Module 10
Question: Which statement describes a factor to be considered when configuring a zone-based policy firewall?
Options:
- An interface can belong to multiple zones.
- The router always filters the traffic between interfaces in the same zone.
- The classic firewall ip inspect command can coexist with ZPF as long as it is used on interfaces that are in the same security zones.
- A zone must be configured with the zone security global command before it can be used in the zone-member security command.
Answer: "A zone must be configured with the zone security global command before it can be used in the zone-member security command."
Explanation: Topic 10.3.0 - An interface cannot belong to multiple zones. A firewall never filters traffic between interfaces that have been configured for the same zone. The way that a zone-based policy firewall coexists with a class firewall configuration is that interfaces that are not members of a security zone can still have the classic firewall ip inspect command applied and operational.
Systems Security - Module 10
Question: Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?
Options:
- An administrator can assign an interface to multiple security zones.
- An administrator can assign interfaces to zones, regardless of whether the zone has been configured.
- By default, traffic is allowed to flow among interfaces that are members of the same zone.
- By default, traffic is allowed to flow between a zone member interface and any interface that is not a zone member.
Answer: "By default, traffic is allowed to flow among interfaces that are members of the same zone."
Explanation: Topic 10.2.0 - An interface can belong to only one zone. Creating a zone is the first step in configuring a zone-based policy firewall. A zone cannot be assigned to an interface if the zone has not been created. Traffic can never flow between an interface that is assigned to a zone and an interface that has not been assigned to a zone.
Systems Security - Module 10
Question: Designing a ZPF requires several steps. Which step involves defining boundaries where traffic is subjected to policy restrictions as it crosses to another region of the network?
Options:
- Determine the zones
- Establish policies between zones
- Design the physical infrastructure
- Identify subsets within zones and merge traffic requirements
Answer: "Determine the zones"
Explanation: Topic 10.1.0 - Designing ZPFs involves several steps: - Step 1. Determine the zones - The administrator focuses on the separation of the network into zones. Zones establish the security borders of a network. - Step 2. Establish policies between zones - For each pair of "source-destination" zones, define the sessions that clients in the source zones can request from servers in destination zones. - Step 3. Design the physical infrastructure - After the zones have been identified, and the traffic requirements between them documented, the administrator must design the physical infrastructure. This includes dictating the number of devices between most-secure and least-secure zones and determining redundant devices. - Step 4. Identify subsets within zones and merge traffic requirements - For each firewall device in the design, the administrator must identify zone subsets that are connected to its interfaces and merge the traffic requirements for those zones.
Systems Security - Module 10
Question: When a Cisco IOS zone-based policy firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)
Options:
- Log
- Hold
- Drop
- Inspect
- Copy
- Forward
Answer: ["Drop", "Inspect"]
Explanation: Topic 10.3.0 - The three actions that can be applied are inspect, drop,and pass. The inspect CCP action is similar to the classic firewall ip inspect command in that it inspects traffic going through the firewall and allowing return traffic that is part of the same flow to pass through the firewall. The drop action is similar to the deny parameter in an ACL. This action drops whatever traffic fits the defined policy. The pass action is similar to a permit ACL statement--traffic is allowed to pass through because it met the criteria of the defined policy statement.
Systems Security - Module 10
Question: Which three statements describe zone-based policy firewall rules that govern interface behavior and the traffic moving between zone member interfaces? (Choose three.)
Options:
- An interface can be assigned to multiple security zones.
- Interfaces can be assigned to a zone before the zone is created.
- Pass, inspect, and drop options can only be applied between two zones.
- If traffic is to flow between all interfaces in a router, each interface must be a member of a zone.
- Traffic is implicitly prevented from flowing by default among interfaces that are members of the same zone.
- To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.
Answer: ["Pass, inspect, and drop options can only be applied between two zones.", "If traffic is to flow between all interfaces in a router, each interface must be a member of a zone.", "To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone."]
Explanation: Topic 10.2.0 - Some of the rules that govern interfaces in zones are as follows: - Create a policy allowing or inspecting traffic so that traffic can flow between that zone and any other zone. - Create zones before assigning to an interface. - If traffic is to flow between all interfaces in a router, each interface must be a member of a zone. - Traffic cannot flow between an interface that has been assigned to a zone and one that has not been assigned to a zone. The actions of pass, inspect, or drop can only be applied between two zones. - Interfaces that belong to the same zone allow traffic flow between them by default.
Systems Security - Module 10
Question: Which statement describes a feature of a zone-based policy firewall?
Options:
- It does not depend on ACLs.
- All traffic through a given interface is subject to the same inspection.
- The router security posture is to allow traffic unless explicitly blocked.
- It uses a flat, non-hierarchical data structure making it easier to configure and troubleshoot.
Answer: "It does not depend on ACLs."
Explanation: Topic 10.1.0 - A zone-based policy firewall (ZPF) does not require the use of complex ACLs. By default, traffic traveling between zones is blocked unless specifically permitted, and different types of traffic can be inspected differently even on the same interface. ZPF uses C3PL for policy configuration, which is hierarchical and allows for easier configuration and troubleshooting.
Systems Security - Module 10
Question: In what step of zone-based policy firewall configuration is traffic identified for policy application?
Options:
- Assigning policy maps to zones
- Creating policy maps
- Configuring class maps
- Defining zones
Answer: "Configuring class maps"
Explanation: Topic 10.3.0 - During the class maps configuration stage, interesting traffic is identified for later policy application.
Systems Security - Module 10
Question: When configuring a class map for a zone-based policy firewall, how is the match criteria applied when using the match-all parameter?
Options:
- Traffic must match all of the match criteria specified in the statement.
- Traffic must match the first criteria in the statement.
- Traffic must match at least one of the match criteria statements.
- Traffic must match all of the criteria solely defined by ACLs.
Answer: "Traffic must match all of the match criteria specified in the statement."
Explanation: Topic 10.3.0 - In the Identifying traffic step of a ZPF configuration, the syntax for the class-map type inspect command has two parameters, match-any and match-all. The match-all parameter dictates that packets must meet all the match criteria to be considered a member of the class.
Systems Security - Module 10
Question: In ZPF design, what is described as the self zone?
Options:
- A predefined cluster of servers with configured interfaces
- A predefined cluster of routers with configured interfaces
- The outward facing interface on the edge router
- The router itself, including all interfaces with assigned IP addresses
Answer: "The router itself, including all interfaces with assigned IP addresses"
Explanation: Topic 10.2.0 - The self zone is the router itself and includes all the IP addresses assigned to the router interfaces.
Systems Security - Module 10
Question: Which statement describes a zone when implementing ZPF on a Cisco router?
Options:
- A zone establishes a security border of a network.
- Only one zone can be attached to a single interface.
- A zone is used to implement traffic filtering for either TCP or UDP.
- A zone is used to define security policies for a unique interface on the router.
Answer: "A zone establishes a security border of a network."
Explanation: Topic 10.1.0 - The first step in implementing ZPF is determining the zones. Zones establish the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of the network. The policy between zones can be established to restrict multiple protocol sessions such as TCP, UDP, and ICMP. One design consideration is to identify subsets within zones and merge traffic requirements because multiple zones might be indirectly attached to a single interface of a firewall.
Systems Security - Module 11
Question: What is an IPS signature?
Options:
- It is the timestamp that is applied to logged security events and alarms.
- It is the authorization that is required to implement a security policy.
- It is a set of rules used to detect typical intrusive activity.
- It is a security script that is used to detect unknown threats.
Answer: "It is a set of rules used to detect typical intrusive activity."
Explanation: Topic 11.1.0 - An IPS signature uniquely identifies specific malware, protocol anomalies, or malicious traffic. IPS sensors are tuned to look for matching signatures or abnormal traffic patterns. IPS signatures are conceptually similar to the virus.dat file used by virus scanners.
Systems Security - Module 11
Question: Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?
Options:
- NetFlow
- Network tap
- SNMP
- IDS
Answer: "Network tap"
Explanation: Topic 11.4.0 - A network tap is a common technology that is used to capture traffic for monitoring the network. The tap is typically a passive splitting device implemented inline on the network and that forwards all traffic, including physical layer errors, to an analysis device.
Systems Security - Module 11
Question: What is a characteristic of an IPS operating in inline-mode?
Options:
- It does not affect the flow of packets in forwarded traffic.
- It can stop malicious traffic from reaching the intended target.
- It requires the assistance of another network device to respond to an attack.
- It can only send alerts and does not drop any packets.
Answer: "It can stop malicious traffic from reaching the intended target."
Explanation: Topic 11.2.0 - An IPS in inline-mode is directly in the traffic flow and adds latency. Inline-mode allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus providing a protective service.
Systems Security - Module 11
Question: What is a zero-day attack?
Options:
- It is a computer attack that occurs on the first day of the month.
- It is an attack that results in no hosts able to connect to a network.
- It is a computer attack that exploits unreported software vulnerabilities.
- It is an attack that has no impact on the network because the software vendor has mitigated the vulnerability.
Answer: "It is a computer attack that exploits unreported software vulnerabilities."
Explanation: Topic 11.1.0 - A zero-day attack is an attack on a system that uses vulnerabilities that have not yet been reported to, and mitigated by, the vendor.
Systems Security - Module 11
Question: What is a feature of an IPS?
Options:
- It can stop malicious packets.
- It has no impact on latency.
- It is deployed in offline mode.
- It is primarily focused on identifying possible incidents.
Answer: "It can stop malicious packets."
Explanation: Topic 11.1.0 - An advantage of an intrusion prevention systems (IPS) is that it can identify and stop malicious packets. However, because an IPS is deployed inline, it can add latency to the network.
Systems Security - Module 11
Question: Which network monitoring technology passively monitors network traffic to detect attacks?
Options:
- IDS
- TAP
- RSPAN
- IPS
Answer: "IDS"
Explanation: Topic 11.1.0 - Intrusion Detection Systems (IDSs) are network devices that passively monitor the traffic on a network.
Systems Security - Module 11
Question: Which open source network monitoring technology performs real-time traffic analysis and generates alerts when threats are detected on IP networks?
Options:
- Snort IPS
- IOS IPS
- SPAN
- RSPAN
Answer: "Snort IPS"
Explanation: Topic 11.3.0 - Snort is an open source network IPS that performs real-time traffic analysis and generates alerts when threats are detected on IP networks. The legacy Cisco IOS IPS allowed a Cisco ISR router to be enabled as an IPS sensor to scan packets and sessions to match any of the Cisco IOS IPS signatures. Port mirroring allows a switch to copy frames that are received on one or more ports to a Switch Port Analyzer (SPAN) that is connected to an analysis device. Remote SPAN (RSPAN) is a variation of SPAN that enables a network administrator to use the flexibility of VLANs to monitor traffic on remote switches.
Systems Security - Module 11
Question: Which Cisco platform supports Cisco Snort IPS?
Options:
- 800 series ISR
- 2900 series ISR
- 3900 series ISR
- 4000 series ISR
Answer: "4000 series ISR"
Explanation: Topic 11.3.0 - The newer ISR routers, Cisco 4000 series, no longer support IOS IPS. The 4000 series routers provide IPS services using Snort.
Systems Security - Module 11
Question: Which device supports the use of SPAN to enable monitoring of malicious activity?
Options:
- Cisco NAC
- Cisco IronPort
- Cisco Security Agent
- Cisco Catalyst switch
Answer: "Cisco Catalyst switch"
Explanation: Topic 11.4.0 - SPAN is a Cisco technology that allows all of the traffic from one port to be redirected to another port.
Systems Security - Module 11
Question: What is a host-based intrusion detection system (HIDS)?
Options:
- It is an agentless system that scans files on a host for potential malware.
- It identifies potential attacks and sends alerts but does not stop the traffic.
- It detects and stops potential direct attacks but does not scan for malware.
- It combines the functionalities of antimalware applications with firewall protection.
Answer: "It combines the functionalities of antimalware applications with firewall protection."
Explanation: Topic 11.2.0 - A current HIDS is a comprehensive security application that combines the functionalities of antimalware applications with firewall protection. An HIDS not only detects malware but also prevents it from executing. Because the HIDS runs directly on the host, it is considered an agent-based system.
Systems Security - Module 11
Question: Which network monitoring capability is provided by using SPAN?
Options:
- Network analysts are able to access network device log files and to monitor network behavior.
- Real-time reporting and long-term analysis of security events are enabled.
- Statistics on packets flowing through Cisco routers and multilayer switches can be captured.
- Traffic exiting and entering a switch is copied to a network monitoring device.
Answer: "Traffic exiting and entering a switch is copied to a network monitoring device."
Explanation: Topic 11.4.0 - When enabled on a switch, SPAN or port mirroring, copies frames that are sent and received by the switch and forwards them to another port, known as a Switch Port Analyzer port, which has a analysis device attached.
Systems Security - Module 11
Question: What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis?
Options:
- NAC
- SNMP
- SPAN
- Syslog
Answer: "SPAN"
Explanation: Topic 11.4.0 - The Cisco Switched Port Analyzer (SPAN) feature allows traffic that is coming into or out of a port to be copied to a different port so that it can be collected and analyzed.
Systems Security - Module 12
Question: Which IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern?
Options:
- Pattern-Based Detection
- Anomaly-Based Detection
- Honey Pot-Based Detection
- Policy-Based Detection
Answer: "Pattern-Based Detection"
Explanation: Topic 12.1.0 - The pattern-based detection trigger is also known as signature-based. This is the simplest triggering mechanism because it searches for specific pre-defined patterns known as signatures.
Systems Security - Module 12
Question: What term describes a set of rules used by an IDS or IPS to detect typical intrusion activity?
Options:
- Event file
- Trigger
- Definition
- Signature
Answer: "Signature"
Explanation: Topic 12.1.0 - A signature is a set of rules that an IDS and an IPS use to detect typical intrusion activity, such as DoS attacks. These signatures uniquely identify specific worms, viruses, protocol anomalies, and malicious traffic.
Systems Security - Module 12
Question: Which type of alert is generated when an IPS incorrectly identifies normal network user traffic as attack traffic?
Options:
- True positive
- True negative
- False positive
- False negative
Answer: "False positive"
Explanation: Topic 12.1.0 - A false positive occurs when an IPS generates an alarm after processing normal user network traffic. The IPS must be tuned to change these alarm types to true negatives. The alert does not indicate an actual security incident. Benign activity that results in a false positive is sometimes referred to as a benign trigger. False positives are costly because they must be investigated.
Systems Security - Module 12
Question: What is a characteristic of the Snort subscriber rule set term-based subscription?
Options:
- It provides 30-day delayed access to updated signatures.
- It focuses on reactive responses to security threats.
- It is available for a fee.
- It does not provide access to Cisco support.
Answer: "It is available for a fee."
Explanation: Topic 12.2.0 - There are two types of Snort term-based subscriptions: - Community Rule Set - Available for free and provides limited coverage against threats. There is also a 30-day delayed access to updated signatures and there is no Cisco customer support available. - Subscriber Rule Set - Available for a fee and provides the best protection against threats. It includes coverage in advance of exploits by using the research work of the Cisco Talos security experts. This subscription is fully supported by Cisco.
Systems Security - Module 12
Question: Which classification indicates that an alert is verified as an actual security incident?
Options:
- True positive
- True negative
- False positive
- False negative
Answer: "True positive"
Explanation: Topic 12.1.0 - Alerts can be classified as follows: - True Positive: The alert has been verified to be an actual security incident. - False Positive: The alert does not indicate an actual security incident. Benign activity that results in a false positive is sometimes referred to as a benign trigger. An alternative situation is that an alert was not generated. The absence of an alert can be classified as follows: - True Negative: No security incident has occurred. The activity is benign. - False Negative: An undetected incident has occurred.
Systems Security - Module 12
Question: Which intrusion prevention service was available on first-generation ISR routers and is no longer supported by Cisco?
Options:
- Cisco IOS IPS
- Cisco Firepower Next-Generation
- Cisco Snort IPS
- External Snort IPS Server
Answer: "Cisco IOS IPS"
Explanation: Topic 12.2.0 - Cisco IOS IPS was available on the first-generation of Integrated Services Routers, however support was discontinued in 2018. As a result, IOS IPS is no longer recommended by Cisco on branch routers.
Systems Security - Module 12
Question: Which statement correctly describes the configuration of a Snort VPG interface?
Options:
- The VPG0 interface must have a routable address with access to the internet.
- The VPG1 interface must be configured with a public IP address.
- The VPG1 interface must use a routable static IP address.
- The VPG1 interface must receive an address from DHCP.
Answer: "The VPG0 interface must have a routable address with access to the internet."
Explanation: Topic 12.3.0 - The VPG0 interface is used for management traffic to exchange information with IPS servers. The guest IP address needs to be routable on the internet to connect to the signature update server and external log server. The VPG1 interface is for user traffic that should be inspected. The VPG1 interface address should not be routable and therefore should use a non-routable private IP address.
Systems Security - Module 12
Question: What are three actions that can be performed by Snort in IDS mode? (Choose three.)
Options:
- Log
- Drop
- Alert
- Reject
- Sdrop
- Pass
Answer: ["Log", "Alert", "Pass"]
Explanation: Topic 12.2.0 - Snort in IDS mode can perform the following three actions: - Alert - Generate an alert using the selected alert method, and then log the packet. - Log - Log the packet. - Pass - Ignore the packet.
Systems Security - Module 12
Question: Which device is a dedicated inline threat prevention appliance that is effective against both known and unknown threats?
Options:
- Cisco FirePOWER NGIPS
- Cisco Snort IPS
- Cisco ASA
- Cisco IOS IPS
Answer: "Cisco FirePOWER NGIPS"
Explanation: Topic 12.2.0 - The Cisco FirePOWER NGIPS is a dedicated inline threat prevention appliance. It is effective in preventing both known and unknown threats.
Systems Security - Module 12
Question: Which rule action will cause Snort IPS to block a packet without logging it?
Options:
- Drop
- Reject
- Alert
- Sdrop
Answer: "Sdrop"
Explanation: Topic 12.2.0 - There are several rule actions that can be configured for Snort: - Alert - Generate an alert using the selected alert method, and then log the packet. - Log - Log the packet. - Pass - Ignore the packet. - Drop - Block and log the packet. - Reject - Block the packet, log it, and then send a TCP reset if the protocol is TCP or an ICMP port unreachable message if the protocol is UDP. - Sdrop - Block the packet but do not log it.
Systems Security - Module 12
Question: What is the source for IPS rule updates when using a Cisco intrusion prevention service?
Options:
- Cisco Talos
- Cisco.com
- Security Onion
- SIEM
Answer: "Cisco Talos"
Explanation: Topic 12.2.0 - All Cisco supported IPS solutions use Cisco Talos to receive IPS rule updates.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which of the following is NOT a characteristic of cloud computing?
Options:
- On-demand self-service
- Broad network access
- Limited resource pooling
- Rapid elasticity
Answer: Limited resource pooling
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In virtualization, a Type 1 hypervisor is also known as:
Options:
- Hosted hypervisor
- Bare-metal hypervisor
- Client-side hypervisor
- Nested hypervisor
Answer: Bare-metal hypervisor
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: VMware Workstation Pro is classified as which type of hypervisor?
Options:
- Type 1 hypervisor
- Type 2 hypervisor
- Type 3 hypervisor
- Cloud-based hypervisor
Answer: Type 2 hypervisor
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which feature in Oracle VM VirtualBox allows seamless integration of guest windows into the host desktop?
Options:
- Guest Additions
- Shared Folders
- Seamless Mode
- Virtual Networking
Answer: Seamless Mode
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Microsoft Hyper-V allows the creation of three types of virtual switches. Which of the following is NOT one of them?
Options:
- External
- Internal
- Private
- Public
Answer: Public
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In cloud service models, Platform as a Service (PaaS) provides:
Options:
- Virtualized hardware resources
- Development tools and environment
- Ready-to-use software applications
- Networking hardware and protocols
Answer: Development tools and environment
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: VMware ESXi is best described as:
Options:
- A Type 2 hypervisor requiring a host OS
- A cloud service model
- A Type 1 hypervisor for server virtualization
- A desktop virtualization application
Answer: A Type 1 hypervisor for server virtualization
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: The Rapid Elasticity characteristic of cloud computing refers to:
Options:
- The ability to stretch network cables
- Quick scaling of resources up or down as needed
- Fast data transmission speeds
- Immediate software updates
Answer: Quick scaling of resources up or down as needed
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In VMware ICM Module 4, the recommended practice before making significant changes to a VM is to:
Options:
- Clone the VM
- Take a snapshot
- Shut down the VM
- Increase the VM's memory
Answer: Take a snapshot
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which of the following is a benefit of using virtualization?
Options:
- Increased hardware costs
- Reduced server utilization
- Isolation of applications
- Limited scalability
Answer: Isolation of applications
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Match the virtualization tools to their appropriate descriptions:
Options:
- 1. VMware Workstation Pro
- 2. Oracle VM VirtualBox
- 3. Microsoft Hyper-V
- 4. VMware ESXi
- 5. Docker
Answers:
- 1 - A Type 2 hypervisor used for running multiple OS on a single PC
- 2 - An open-source Type 2 hypervisor supporting cross-platform use
- 3 - A Type 1 hypervisor designed for Windows environments
- 4 - A bare-metal hypervisor used in enterprise environments
- 5 - A containerization platform for deploying applications
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In cloud computing, the service model where users are provided with applications over the internet is known as ______________.
Answer: Software as a Service (SaaS)
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: ________________ is a software layer that enables multiple operating systems to share a single hardware host.
Answer: Hypervisor
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: The ______________ feature in virtualization allows you to save the state of a virtual machine at a specific point in time.
Answer: Snapshot
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: ________________ is the process of creating a virtual version of something, such as hardware or a storage device.
Answer: Virtualization
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In VMware, ______________ provides centralized management of virtualized hosts and VMs.
Answer: vCenter Server
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Explain the differences between Type 1 and Type 2 hypervisors. Provide examples of each and discuss scenarios where one might be preferred over the other.
Answer: Type 1 hypervisors run directly on hardware (e.g., VMware ESXi, Microsoft Hyper-V), while Type 2 hypervisors run on a host OS (e.g., VMware Workstation, VirtualBox). Type 1 is used for enterprise server virtualization, while Type 2 is used for development and testing.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Discuss the benefits and challenges of cloud computing in modern IT infrastructure. How does virtualization support cloud computing?
Answer: Cloud computing benefits include scalability, cost efficiency, and accessibility. Challenges include security and vendor lock-in. Virtualization enables efficient resource allocation and scalability in cloud environments.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Describe the process of creating a virtual machine in VMware Workstation Pro. Highlight the key steps and considerations during the setup.
Answer: Key steps: Open VMware Workstation, create a new VM, select OS type, allocate memory, configure disk, install OS, install VMware Tools.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Oracle VM VirtualBox offers "Guest Additions". Explain what this feature is and how it enhances the performance and usability of virtual machines.
Answer: "Guest Additions" enhances VM performance by enabling shared clipboard, drag-and-drop, improved display resolution, and seamless integration between host and guest OS.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In the context of VMware ICM Module 1, define what is meant by a Software-Defined Data Center (SDDC) and discuss its importance in enterprise environments.
Answer: SDDC refers to a data center where all infrastructure components (compute, storage, networking) are virtualized and delivered as a service. It enhances automation, scalability, and efficiency in enterprise IT.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which of the following is NOT a characteristic of cloud computing?
Options:
- On-demand self-service
- Broad network access
- Limited resource pooling
- Rapid elasticity
Answer: Limited resource pooling
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In virtualization, a Type 1 hypervisor is also known as:
Options:
- Hosted hypervisor
- Bare-metal hypervisor
- Client-side hypervisor
- Nested hypervisor
Answer: Bare-metal hypervisor
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: VMware Workstation Pro is classified as which type of hypervisor?
Options:
- Type 1 hypervisor
- Type 2 hypervisor
- Type 3 hypervisor
- Cloud-based hypervisor
Answer: Type 2 hypervisor
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which feature in Oracle VM VirtualBox allows seamless integration of guest windows into the host desktop?
Options:
- Guest Additions
- Shared Folders
- Seamless Mode
- Virtual Networking
Answer: Seamless Mode
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Microsoft Hyper-V allows the creation of three types of virtual switches. Which of the following is NOT one of them?
Options:
- External
- Internal
- Private
- Public
Answer: Public
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In cloud service models, Platform as a Service (PaaS) provides:
Options:
- Virtualized hardware resources
- Development tools and environment
- Ready-to-use software applications
- Networking hardware and protocols
Answer: Development tools and environment
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: VMware ESXi is best described as:
Options:
- A Type 2 hypervisor requiring a host OS
- A cloud service model
- A Type 1 hypervisor for server virtualization
- A desktop virtualization application
Answer: A Type 1 hypervisor for server virtualization
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: The Rapid Elasticity characteristic of cloud computing refers to:
Options:
- The ability to stretch network cables
- Quick scaling of resources up or down as needed
- Fast data transmission speeds
- Immediate software updates
Answer: Quick scaling of resources up or down as needed
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In VMware ICM Module 4, the recommended practice before making significant changes to a VM is to:
Options:
- Clone the VM
- Take a snapshot
- Shut down the VM
- Increase the VM's memory
Answer: Take a snapshot
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which of the following is a benefit of using virtualization?
Options:
- Increased hardware costs
- Reduced server utilization
- Isolation of applications
- Limited scalability
Answer: Isolation of applications
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Match the virtualization tools to their appropriate descriptions:
Options:
- 1. VMware Workstation Pro
- 2. Oracle VM VirtualBox
- 3. Microsoft Hyper-V
- 4. VMware ESXi
- 5. Docker
Answers:
- 1 - A Type 2 hypervisor used for running multiple OS on a single PC
- 2 - An open-source Type 2 hypervisor supporting cross-platform use
- 3 - A Type 1 hypervisor designed for Windows environments
- 4 - A bare-metal hypervisor used in enterprise environments
- 5 - A containerization platform for deploying applications
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In cloud computing, the service model where users are provided with applications over the internet is known as ______________.
Answer: Software as a Service (SaaS)
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: ________________ is a software layer that enables multiple operating systems to share a single hardware host.
Answer: Hypervisor
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: The ______________ feature in virtualization allows you to save the state of a virtual machine at a specific point in time.
Answer: Snapshot
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: ________________ is the process of creating a virtual version of something, such as hardware or a storage device.
Answer: Virtualization
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In VMware, ______________ provides centralized management of virtualized hosts and VMs.
Answer: vCenter Server
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Explain the differences between Type 1 and Type 2 hypervisors. Provide examples of each and discuss scenarios where one might be preferred over the other.
Answer: Type 1 hypervisors run directly on hardware (e.g., VMware ESXi, Microsoft Hyper-V), while Type 2 hypervisors run on a host OS (e.g., VMware Workstation, VirtualBox). Type 1 is used for enterprise server virtualization, while Type 2 is used for development and testing.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Discuss the benefits and challenges of cloud computing in modern IT infrastructure. How does virtualization support cloud computing?
Answer: Cloud computing benefits include scalability, cost efficiency, and accessibility. Challenges include security and vendor lock-in. Virtualization enables efficient resource allocation and scalability in cloud environments.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Describe the process of creating a virtual machine in VMware Workstation Pro. Highlight the key steps and considerations during the setup.
Answer: Key steps: Open VMware Workstation, create a new VM, select OS type, allocate memory, configure disk, install OS, install VMware Tools.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Oracle VM VirtualBox offers "Guest Additions". Explain what this feature is and how it enhances the performance and usability of virtual machines.
Answer: "Guest Additions" enhances VM performance by enabling shared clipboard, drag-and-drop, improved display resolution, and seamless integration between host and guest OS.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In the context of VMware ICM Module 1, define what is meant by a Software-Defined Data Center (SDDC) and discuss its importance in enterprise environments.
Answer: SDDC refers to a data center where all infrastructure components (compute, storage, networking) are virtualized and delivered as a service. It enhances automation, scalability, and efficiency in enterprise IT.
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Which of the following is NOT a feature of VMware Workstation Pro?
Options:
- Snapshot management
- Virtual machine cloning
- Direct access to physical hardware
- Multiple VM support
Answer: Direct access to physical hardware
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Which file format is used to store virtual machines in VMware Workstation?
Options:
- .vmdk
- .iso
- .vmx
- .exe
Answer: .vmx
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: In VMware Workstation Pro, which feature allows you to run multiple virtual machines simultaneously?
Options:
- VMware Fusion
- Virtual Machine Network
- Virtual Machine Isolation
- VMware Workstation Pro
Answer: VMware Workstation Pro
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Which of the following can be used to manage the virtual network adapters in VMware Workstation?
Options:
- VMware vSphere
- VMware Network Editor
- VMware vCenter
- VMware Fusion
Answer: VMware Network Editor
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: VMware Workstation Pro is mainly used for:
Options:
- Cloud-based applications
- Development and testing
- Data storage management
- Server virtualization
Answer: Development and testing
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which of the following is a key feature of Oracle VM VirtualBox?
Options:
- Seamless mode
- Hyper-V integration
- Multiple guest OS per VM
- Native cloud integration
Answer: Seamless mode
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: In VirtualBox, which of the following file types represents a virtual machine disk image?
Options:
- .vmdk
- .iso
- .vdi
- .vpx
Answer: .vdi
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which of the following is NOT a supported host operating system for Oracle VM VirtualBox?
Options:
- Windows
- Linux
- MacOS
- Chrome OS
Answer: Chrome OS
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: In VirtualBox, a VM can be connected to the host network using:
Options:
- Host-only adapter
- Internal network
- NAT adapter
- All of the above
Answer: All of the above
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which component is required to enable better guest OS performance in VirtualBox?
Options:
- Guest Additions
- Host Extensions
- VirtualBox Management Suite
- VirtualBox Host Add-ons
Answer: Guest Additions
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which of the following best describes the role of Hyper-V in virtualization?
Options:
- Cloud management tool
- Type 1 hypervisor for running virtual machines
- Type 2 hypervisor for running guest OS
- Virtual machine monitoring tool
Answer: Type 1 hypervisor for running virtual machines
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: In Hyper-V, which of the following is a virtual switch type?
Options:
- Internal
- External
- Private
- All of the above
Answer: All of the above
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which of the following is NOT a feature of Microsoft Hyper-V?
Options:
- Snapshot management
- Live migration
- Multiple virtual CPUs per VM
- Support for virtual hardware appliances
Answer: Support for virtual hardware appliances
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: In Hyper-V, what feature allows you to move virtual machines between hosts without downtime?
Options:
- Live Migration
- Snapshot
- Hyper-V Replica
- Dynamic Memory
Answer: Live Migration
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which of the following is the correct command to start a virtual machine in Hyper-V using PowerShell?
Options:
- Start-VM
- Run-VM
- Start-VirtualMachine
- VMStart
Answer: Start-VM
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: In VMware ICM, which component is responsible for centralized management of virtual machines?
Options:
- vCenter Server
- vSphere Client
- VMware Workstation
- ESXi
Answer: vCenter Server
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which of the following is NOT a function of vSphere HA (High Availability)?
Options:
- Automatic VM restart
- VMware Fault Tolerance
- Clustered VM migration
- VM monitoring
Answer: Clustered VM migration
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: In VMware vSphere, which feature allows VMs to move from one host to another without interruption?
Options:
- VMware vMotion
- VMware Fault Tolerance
- VMware DRS
- VMware HA
Answer: VMware vMotion
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which of the following actions can be performed in the VMware vSphere Web Client?
Options:
- VM cloning
- VM storage management
- VM migration
- All of the above
Answer: All of the above
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which of the following describes a virtual machine snapshot in VMware?
Options:
- A point-in-time copy of a virtual machine
- A backup of the virtual machine
- A clone of the virtual machine
- A running instance of the VM
Answer: A point-in-time copy of a virtual machine
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which of the following is the key benefit of cloud computing?
Options:
- Increased physical hardware requirements
- On-demand resource scaling
- Higher capital expenditure
- Fewer software solutions
Answer: On-demand resource scaling
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: What does IaaS stand for in cloud computing?
Options:
- Infrastructure as a Service
- Integration as a Service
- Internet as a Service
- Information as a Service
Answer: Infrastructure as a Service
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which of the following is an example of a Platform as a Service (PaaS)?
Options:
- AWS EC2
- Google App Engine
- Microsoft Azure Storage
- Amazon S3
Answer: Google App Engine
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: What is a hypervisor in the context of virtualization?
Options:
- A virtual machine monitor
- A physical server
- A cloud service
- A storage solution
Answer: A virtual machine monitor
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: In a private cloud, who manages and controls the cloud environment?
Options:
- A third-party provider
- An organization itself
- The general public
- A hybrid cloud provider
Answer: An organization itself
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Which of the following is a virtual disk format used by VMware Workstation?
Options:
- .vmdk
- .iso
- .vdi
- .vpx
Answer: .vmdk
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: What feature allows VMware Workstation to run guest operating systems in a seamless window?
Options:
- Seamless Mode
- VMware Tools
- SnapShot
- Full-screen mode
Answer: Seamless Mode
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Which of the following is used to manage the virtual network in VMware Workstation?
Options:
- Virtual Network Editor
- vSphere Client
- VMware Cloud Director
- VMware Fusion
Answer: Virtual Network Editor
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: How can you increase the memory allocation for a virtual machine in VMware Workstation?
Options:
- Edit the VM settings
- Increase the physical host memory
- Upgrade the operating system
- Add a new hard drive
Answer: Edit the VM settings
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: What is the maximum number of virtual machines you can run simultaneously in VMware Workstation Pro?
Options:
- Depends on the host hardware
- 5
- 10
- Unlimited
Answer: Depends on the host hardware
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which of the following is NOT supported in Oracle VM VirtualBox?
Options:
- USB device pass-through
- 3D acceleration
- vMotion
- Shared folders
Answer: vMotion
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: How can you create a snapshot of a virtual machine in Oracle VM VirtualBox?
Options:
- Using VirtualBox Manager
- By copying the VM folder
- By using command-line tools
- By exporting the VM
Answer: Using VirtualBox Manager
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which of the following is required to run a 64-bit virtual machine in Oracle VM VirtualBox?
Options:
- 64-bit host OS
- 64-bit processor
- Enabled hardware virtualization in BIOS
- All of the above
Answer: All of the above
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which network adapter mode provides internet access to a virtual machine in VirtualBox?
Options:
- Bridged Adapter
- Host-Only Adapter
- Internal Network
- NAT
Answer: NAT
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which of the following is a correct method to add a new virtual disk to a virtual machine in VirtualBox?
Options:
- Attach it in VM settings
- Insert it into the guest OS
- Download from the internet
- Create a new VM
Answer: Attach it in VM settings
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which of the following Hyper-V components is used to manage virtual machines and hosts?
Options:
- Hyper-V Manager
- VirtualBox Manager
- vSphere Client
- Hyper-V Console
Answer: Hyper-V Manager
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which of the following storage options is recommended for running a Hyper-V virtual machine?
Options:
- Direct-attached storage
- iSCSI
- Shared storage
- Network-attached storage
Answer: Shared storage
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which of the following is NOT a type of virtual switch in Hyper-V?
Options:
- External
- Private
- Internal
- Shared
Answer: Shared
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which of the following is the default location for Hyper-V virtual machine files?
Options:
- C:Program FilesMicrosoft Hyper-V
- C:UsersPublicDocumentsHyper-V
- C:Virtual Machines
- C:Hyper-V VM
Answer: C:Virtual Machines
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: What is the purpose of Hyper-V Replica?
Options:
- To replicate virtual machine data across servers
- To migrate virtual machines between hosts
- To backup virtual machines
- To integrate virtual machines with Active Directory
Answer: To replicate virtual machine data across servers
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: In VMware vSphere, what is the function of Distributed Resource Scheduler (DRS)?
Options:
- Automatically moves VMs to balance resource usage
- Performs VM backups
- Patches VMs
- Creates VM templates
Answer: Automatically moves VMs to balance resource usage
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which of the following tasks is performed by VMware vCenter Server?
Options:
- Managing and monitoring ESXi hosts
- Upgrading VMware Workstation
- Creating VM snapshots
- Setting up network switches
Answer: Managing and monitoring ESXi hosts
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which technology in VMware vSphere allows a virtual machine to migrate to another host without downtime?
Options:
- vMotion
- vCenter
- vSphere HA
- VMware Workstation
Answer: vMotion
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which VMware feature allows centralized management of virtualized infrastructure?
Options:
- vSphere Web Client
- vCenter Server
- vCloud Director
- VMware Horizon
Answer: vCenter Server
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: What is the purpose of VMware Fault Tolerance?
Options:
- Provide a live replica of a VM for continuous availability
- Migrate virtual machines between ESXi hosts
- Backup virtual machine data
- Create virtual machine snapshots
Answer: Provide a live replica of a VM for continuous availability
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is virtualization?
Answer: Virtualization is the process of creating a virtual version of a physical resource, such as a server, operating system, or storage device. It allows you to run multiple operating systems or applications on a single physical machine, isolating them from each other and making them appear as separate entities. This helps in better resource utilization, cost savings, and improved flexibility.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the different types of virtualization?
Answer: The primary types of virtualization include: Server Virtualization (virtualizing physical servers to create multiple virtual servers, e.g., VMware ESXi, Microsoft Hyper-V), Desktop Virtualization (virtualizing desktops for remote access, e.g., Citrix XenDesktop, VMware Horizon), Network Virtualization (virtualizing network devices, e.g., VMware NSX, Cisco ACI), and Storage Virtualization (pooling storage resources, e.g., VMware vSAN, NetApp ONTAP).
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: Explain the concept of hypervisor.
Answer: A hypervisor, also known as a virtual machine monitor (VMM), is a software layer that creates and manages virtual machines (VMs). It runs directly on the host hardware, acting as an intermediary between the hardware and the VMs, controlling resource allocation and ensuring VMs function correctly and securely.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the main benefits of using virtualization technologies?
Answer: Virtualization offers improved resource utilization by running multiple VMs on one server, cost savings through reduced hardware and power needs, increased flexibility and agility for rapid provisioning, enhanced disaster recovery with VM replication, and improved security via VM isolation.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the different types of hypervisors?
Answer: The two main types are Type 1 (Bare Metal), which runs directly on hardware (e.g., VMware ESXi, Microsoft Hyper-V), and Type 2 (Hosted), which runs on an existing OS (e.g., VMware Workstation, Oracle VirtualBox).
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: Compare and contrast VMware and VirtualBox.
Answer: VMware is a commercial, enterprise-grade platform with advanced features like scalability and reliability (e.g., vSphere), ideal for large organizations. VirtualBox is free, open-source, suited for personal and educational use with basic functionality. VMware costs money and scales better; VirtualBox is free but less feature-rich.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is a virtual machine (VM)?
Answer: A virtual machine (VM) is a software-based emulation of a physical computer, running an OS and applications in a virtual environment, isolated from the host hardware with allocated resources.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: Explain the difference between a virtual machine and a container.
Answer: A virtual machine (VM) emulates a full computer with hardware and OS, requiring more resources. A container shares the host OS kernel, packaging only the app and dependencies, making it lightweight and faster.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the different components of a virtual machine?
Answer: A VM includes a virtual CPU (vCPU) for processing, virtual memory (vRAM), virtual hard disk (vHDD) for storage, virtual network interface card (vNIC) for connectivity, a guest OS, and applications.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is snapshotting in virtualization?
Answer: Snapshotting creates a point-in-time image of a VM’s state, allowing reversion to that state for backups, testing, or troubleshooting.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are some common virtualization management tools?
Answer: Common tools include VMware vCenter Server for VMware environments, Microsoft System Center Virtual Machine Manager (SCVMM) for Hyper-V, and Oracle VM Manager for Oracle VM Server.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: Explain the concept of live migration in virtualization.
Answer: Live migration (e.g., vMotion in VMware) moves a running VM between physical servers without downtime by transferring its memory and state, useful for maintenance and load balancing.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are some common security considerations in virtualization?
Answer: Key considerations include securing the hypervisor, isolating VMs, controlling access, securing virtual networks, and managing patches.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are some best practices for implementing virtualization?
Answer: Best practices include thorough planning, selecting an appropriate hypervisor, optimizing VM performance, implementing backups and disaster recovery, and maintaining security.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is a virtual switch?
Answer: A virtual switch is a software-based network switch in a hypervisor that enables VM communication internally and with the physical network.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are some challenges associated with virtualization?
Answer: Challenges include complexity in management, performance overhead, security risks, and complex licensing models.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is a virtual disk?
Answer: A virtual disk (vHDD) is a file representing a VM’s storage, acting as a virtual hard drive for the OS, applications, and data.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the purpose of a virtual network?
Answer: A virtual network provides a secure, isolated environment for VM communication, managing resources and enforcing security policies.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: Explain the concept of thin provisioning in virtualization.
Answer: Thin provisioning allocates storage to VMs on demand, showing full size initially but using physical storage only as data grows, saving space.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a thick provisioned disk and a thin provisioned disk?
Answer: A thick provisioned disk allocates all space upfront for better performance, while a thin provisioned disk allocates space as needed, saving storage but potentially slower.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is a virtual machine template?
Answer: A VM template is a pre-configured VM image with an OS, apps, and settings, used to deploy new VMs quickly and consistently.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a Type 1 and Type 2 hypervisor?
Answer: Type 1 (Bare Metal) runs directly on hardware for better performance (e.g., ESXi), while Type 2 (Hosted) runs on an OS, easier to set up but less efficient (e.g., VirtualBox).
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are some common virtualization use cases?
Answer: Use cases include server consolidation, app testing/development, disaster recovery, desktop virtualization, and cloud computing.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the purpose of resource allocation in virtualization?
Answer: Resource allocation assigns CPU, memory, storage, and network bandwidth to VMs to ensure performance and avoid contention.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the different types of virtual network topologies?
Answer: Types include NAT (uses hypervisor IP), Bridged (direct physical network access), and Internal (private VM network).
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is vSphere?
Answer: vSphere is VMware’s virtualization platform, including ESXi hypervisor, vCenter Server, vMotion, and more for managing virtual environments.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are some common commands used in VMware ESXi?
Answer: Common commands include esxcli (CLI management), vm-run (VM management), and vim-cmd (vCenter management).
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a virtual machine and a container?
Answer: A VM emulates a full system with OS and hardware, while a container shares the host OS, packaging only apps and dependencies, making it lighter.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the key features of VMware vCenter Server?
Answer: Features include centralized management, VM lifecycle management, resource monitoring, high availability, and security management.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is vMotion in VMware?
Answer: vMotion is a VMware feature that moves a running VM between servers without downtime by transferring its memory and state.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between vMotion and Storage vMotion?
Answer: vMotion moves a VM’s memory and state between hosts; Storage vMotion moves its virtual disk between storage locations.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is VMware vSAN?
Answer: vSAN is VMware’s software-defined storage, pooling local ESXi host storage into a shared, scalable, high-availability solution.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the benefits of using VMware vSAN?
Answer: Benefits include simplified management, high availability, performance, scalability, and cost savings by reducing hardware needs.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is VMware NSX?
Answer: NSX is VMware’s network virtualization platform, offering SDN and security for virtual environments with virtual networks and policies.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the key features of VMware NSX?
Answer: Features include virtual networking, security with micro-segmentation, automation, load balancing, and multi-cloud support.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between VMware vSphere and VMware vCenter Server?
Answer: vSphere is the full virtualization platform including ESXi and vCenter; vCenter Server is the centralized management component of vSphere.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between VMware Workstation and VMware ESXi?
Answer: Workstation is a Type 2 hypervisor for personal use on an OS; ESXi is a Type 1 hypervisor for enterprise use directly on hardware.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the different types of virtual network adapters available in VMware?
Answer: Types include VMXNET3 (high performance), E1000 (legacy compatibility), and Vmxnet (basic compatibility).
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is a cluster in VMware?
Answer: A cluster is a group of ESXi hosts managed together for high availability, load balancing, and resource sharing.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the purpose of a resource pool in VMware?
Answer: A resource pool manages CPU, memory, and storage allocation for a group of VMs, ensuring proper resource distribution.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a resource pool and a resource allocation rule?
Answer: A resource pool groups VMs for resource management; a rule defines specific allocation limits or priorities within it.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is a datastore in VMware?
Answer: A datastore is a logical storage entity in VMware for VM files, created on physical storage like SANs or local disks.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a datastore and a storage volume?
Answer: A datastore is a logical storage unit in VMware; a storage volume is the physical storage presented to ESXi hosts.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a virtual machine and a physical machine?
Answer: A VM is a software emulation sharing resources, while a physical machine is dedicated hardware with exclusive resource access.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a host operating system and a guest operating system?
Answer: The host OS runs on physical hardware managing the hypervisor; the guest OS runs within a VM, isolated from the host.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are some common virtual machine file formats?
Answer: Common formats include VHD (Hyper-V), VMDK (VMware), and VDI (VirtualBox).
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a virtual machine and a virtual appliance?
Answer: A VM is a general-purpose virtual environment; a virtual appliance is a pre-configured VM for a specific purpose.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a virtual network and a physical network?
Answer: A virtual network is software-defined within a hypervisor; a physical network uses hardware like routers and switches.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the purpose of a virtual network switch?
Answer: A virtual network switch connects VMs within a hypervisor, enabling internal and external communication.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are the different types of virtual network switch configurations?
Answer: Types include Standard Switch (basic connectivity) and Distributed Switch (centralized multi-host management).
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a virtual switch and a physical switch?
Answer: A virtual switch is software-based in a hypervisor; a physical switch is hardware managing network traffic.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a virtual network and a virtual private network (VPN)?
Answer: A virtual network is a hypervisor-defined network for VMs; a VPN is a secure connection over a public network.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the purpose of a virtual machine console?
Answer: A VM console provides a graphical interface to interact with a VM, manage settings, and monitor status.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What are some common virtual machine console tools?
Answer: Tools include VMware vSphere Client and VirtualBox Manager.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a virtual machine console and a remote desktop?
Answer: A VM console accesses a VM locally via the host; remote desktop connects to a system over a network.
Explanation: No explanation available.
Systems Virtualization - Interview Questions
Question: What is the difference between a virtual machine and a virtual desktop?
Answer: A VM is a general virtual environment; a virtual desktop is a VM designed for a user’s desktop experience.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: What is the primary purpose of virtualization in cloud computing?
Options:
- Increase hardware costs
- Reduce resource efficiency
- Enable resource sharing
- Limit scalability
Answer: Enable resource sharing
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: A _______ cloud combines resources from both public and private clouds.
Answer: hybrid
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Match the virtualization types with their descriptions:
Options:
- 1. Server Virtualization
- 2. Desktop Virtualization
- 3. Application Virtualization
Answers:
- 1 - Running multiple servers on one physical machine
- 2 - Delivering desktop environments to users remotely
- 3 - Isolating applications from the underlying OS
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Explain how multi-tenancy works in a public cloud environment.
Answer: Multi-tenancy allows multiple users or organizations to share the same physical resources while keeping their data and applications isolated through virtualization and security measures.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which of these is a disadvantage of cloud computing?
Options:
- Cost savings
- Data security concerns
- Scalability
- Flexibility
Answer: Data security concerns
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: The ability to quickly provision computing resources as needed is called _______.
Answer: rapid elasticity
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Match the cloud computing benefits with their examples:
Options:
- 1. Cost Efficiency
- 2. Accessibility
- 3. Disaster Recovery
Answers:
- 1 - Pay only for resources used
- 2 - Access services from any location
- 3 - Quick restoration of data
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Describe the role of APIs in cloud computing.
Answer: APIs enable interaction between different cloud services and applications, allowing automation, integration, and management of resources programmatically.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which cloud model is shared among multiple organizations with similar needs?
Options:
- Public
- Private
- Hybrid
- Community
Answer: Community
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: _______ is a software layer that abstracts hardware resources for virtual machines.
Answer: Hypervisor
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Match the cloud service models with their use cases:
Options:
- 1. IaaS
- 2. PaaS
- 3. SaaS
Answers:
- 1 - Hosting virtual machines
- 2 - Developing web applications
- 3 - Using email services
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Discuss the environmental benefits of cloud computing.
Answer: Cloud computing reduces energy consumption and carbon footprint by consolidating resources, optimizing hardware usage, and minimizing the need for physical infrastructure.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which of these is an example of a SaaS application?
Options:
- Amazon EC2
- Google Drive
- Microsoft Azure
- VMware ESXi
Answer: Google Drive
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: The practice of measuring and billing cloud resource usage is known as _______.
Answer: measured service
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Match the virtualization challenges with their explanations:
Options:
- 1. Performance Overhead
- 2. Security Risks
- 3. Resource Contention
Answers:
- 1 - Extra processing due to virtualization layer
- 2 - Potential vulnerabilities in shared environments
- 3 - Competition for CPU and memory among VMs
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Explain the difference between Type 1 and Type 2 hypervisors.
Answer: Type 1 hypervisors run directly on hardware (e.g., VMware ESXi), offering better performance, while Type 2 hypervisors run on a host OS (e.g., VirtualBox), making them easier to set up but less efficient.
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Which deployment model is most cost-effective for small businesses?
Options:
- Public
- Private
- Hybrid
- Community
Answer: Public
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: _______ enables multiple virtual machines to share a single physical server's resources.
Answer: Resource pooling
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Match the cloud terms with their meanings:
Options:
- 1. SLA
- 2. CAPEX
- 3. OPEX
Answers:
- 1 - Service Level Agreement defining service expectations
- 2 - Capital Expenditure for upfront costs
- 3 - Operational Expenditure for ongoing costs
Explanation: No explanation available.
Systems Virtualization - NDG: Cloud and Virtualization Concepts
Question: Discuss the impact of cloud computing on IT staffing needs.
Answer: Cloud computing reduces the need for on-site IT staff for hardware maintenance but increases demand for skills in cloud management, security, and integration.
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: What is the purpose of Unity Mode in VMware Workstation Pro?
Options:
- Run VMs in the background
- Integrate guest apps into the host desktop
- Clone VMs
- Take snapshots
Answer: Integrate guest apps into the host desktop
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: The _______ feature in VMware Workstation Pro enhances guest OS performance.
Answer: VMware Tools
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Match the VMware Workstation Pro actions with their purposes:
Options:
- 1. Suspend
- 2. Power Off
- 3. Reset
Answers:
- 1 - Pause the VM and save its state
- 2 - Shut down the VM completely
- 3 - Restart the VM
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Explain how to create a linked clone in VMware Workstation Pro.
Answer: Select an existing VM, choose 'Manage' > 'Clone', opt for 'Linked Clone' to create a VM that shares disks with the parent, then complete the wizard.
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Which networking mode allows VMs to act as physical devices on the network?
Options:
- NAT
- Bridged
- Host-only
- Custom
Answer: Bridged
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: _______ allows file sharing between the host and guest OS in VMware Workstation Pro.
Answer: Shared Folders
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Match the VMware Workstation Pro virtual hardware with its role:
Options:
- 1. Virtual CD/DVD
- 2. Virtual NIC
- 3. Virtual Sound Card
Answers:
- 1 - Emulates optical drives
- 2 - Provides network connectivity
- 3 - Enables audio in the VM
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Describe the benefits of using linked clones instead of full clones.
Answer: Linked clones save disk space by sharing the parent VM’s disks and are faster to create, though they depend on the parent VM remaining intact.
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Which option allows you to test software without affecting the original VM?
Options:
- Snapshot
- Clone
- Template
- Export
Answer: Snapshot
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: In VMware Workstation Pro, _______ enables direct access to a physical disk.
Answer: Raw Device Mapping
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Match the VMware Workstation Pro settings with their functions:
Options:
- 1. Memory
- 2. Processors
- 3. Display
Answers:
- 1 - Allocates RAM to the VM
- 2 - Assigns CPU cores to the VM
- 3 - Configures graphics options
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Explain the process of exporting a VM as an OVF file.
Answer: Select the VM, go to 'File' > 'Export to OVF', choose the destination, and confirm settings to create a portable VM package.
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Which feature allows dragging files between host and guest OS?
Options:
- Drag and Drop
- Shared Folders
- Clipboard Sharing
- Unity Mode
Answer: Drag and Drop
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: The _______ option in VMware Workstation Pro creates a full copy of a VM.
Answer: Full Clone
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Match the VMware Workstation Pro snapshot options with their effects:
Options:
- 1. Revert
- 2. Delete
- 3. Take
Answers:
- 1 - Restores VM to previous state
- 2 - Removes snapshot and merges changes
- 3 - Captures current VM state
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Discuss the use of VMware Workstation Pro in a lab environment.
Answer: It allows creating isolated VMs for testing software, networks, or configurations without risking the host system, ideal for educational or experimental labs.
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Which setting adjusts the number of CPU cores assigned to a VM?
Options:
- Memory
- Processors
- Network
- Storage
Answer: Processors
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: _______ is required to run 64-bit guest OSes in VMware Workstation Pro.
Answer: Hardware virtualization
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Match the VMware Workstation Pro file types with their purposes:
Options:
- 1. .vmx
- 2. .vmdk
- 3. .nvram
Answers:
- 1 - Configuration file for the VM
- 2 - Virtual disk file
- 3 - Stores BIOS settings
Explanation: No explanation available.
Systems Virtualization - VMware Workstation Pro
Question: Explain how to configure a VM to boot from an ISO file.
Answer: In VM settings, select 'CD/DVD', choose 'Use ISO image file', browse to the ISO, and ensure it’s set to connect at power on.
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: What does Seamless Mode do in Oracle VM VirtualBox?
Options:
- Runs VMs in the background
- Integrates guest apps into the host desktop
- Clones VMs
- Creates snapshots
Answer: Integrates guest apps into the host desktop
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: The _______ feature in VirtualBox improves guest OS integration.
Answer: Guest Additions
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Match the VirtualBox actions with their purposes:
Options:
- 1. Pause
- 2. Stop
- 3. Reset
Answers:
- 1 - Suspends the VM temporarily
- 2 - Powers off the VM
- 3 - Reboots the VM
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Explain how to create a clone of a VM in VirtualBox.
Answer: Select the VM, click 'Machine' > 'Clone', choose full or linked clone, name it, and complete the process to duplicate the VM.
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which networking mode isolates VMs from the external network?
Options:
- NAT
- Bridged
- Internal
- Host-only
Answer: Internal
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: _______ allows dragging files between host and guest in VirtualBox.
Answer: Drag and Drop
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Match the VirtualBox virtual hardware with its role:
Options:
- 1. Virtual Floppy
- 2. Virtual Network
- 3. Virtual USB
Answers:
- 1 - Emulates floppy drives
- 2 - Connects VM to networks
- 3 - Enables USB device passthrough
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Describe how to set up shared folders in VirtualBox.
Answer: In VM settings, go to 'Shared Folders', add a folder, specify the path and name, set access options, and mount it in the guest OS.
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which feature saves the current state of a VM in VirtualBox?
Options:
- Snapshot
- Clone
- Export
- Backup
Answer: Snapshot
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: In VirtualBox, _______ runs VMs without a GUI.
Answer: VBoxHeadless
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Match the VirtualBox settings with their purposes:
Options:
- 1. Base Memory
- 2. Video Memory
- 3. Acceleration
Answers:
- 1 - Allocates RAM to the VM
- 2 - Sets graphics memory
- 3 - Enables hardware acceleration
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Explain the process of exporting a VM in VirtualBox.
Answer: Select the VM, go to 'File' > 'Export Appliance', choose the VM, set the format (e.g., OVA), and save it to a location.
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which option allows VMs to share the host’s IP address?
Options:
- NAT
- Bridged
- Host-only
- Internal
Answer: NAT
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: The _______ command-line tool manages VirtualBox VMs.
Answer: VBoxManage
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Match the VirtualBox snapshot actions with their effects:
Options:
- 1. Restore
- 2. Delete
- 3. Take
Answers:
- 1 - Reverts VM to a saved state
- 2 - Removes snapshot and merges changes
- 3 - Captures current VM state
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Discuss the advantages of VirtualBox being open-source.
Answer: Being open-source makes VirtualBox free, customizable, and supported by a community, allowing users to adapt it to specific needs.
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Which setting determines the amount of RAM allocated to a VM?
Options:
- Base Memory
- Video Memory
- Acceleration
- Storage
Answer: Base Memory
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: _______ is required to enable 3D acceleration in VirtualBox.
Answer: Hardware virtualization
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Match the VirtualBox file types with their uses:
Options:
- 1. .vdi
- 2. .vbox
- 3. .log
Answers:
- 1 - Virtual disk image
- 2 - VM configuration file
- 3 - VM activity log
Explanation: No explanation available.
Systems Virtualization - Oracle VM VirtualBox
Question: Explain how to attach a USB device to a VM in VirtualBox.
Answer: In VM settings, go to 'USB', enable the USB controller, add a filter for the device, start the VM, and select it from 'Devices' > 'USB'.
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: What is the purpose of Hyper-V Integration Services?
Options:
- Enhance guest OS performance
- Manage virtual switches
- Clone VMs
- Take snapshots
Answer: Enhance guest OS performance
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: The _______ feature in Hyper-V provides automatic VM restart after a host failure.
Answer: High Availability
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Match the Hyper-V actions with their purposes:
Options:
- 1. Start
- 2. Turn Off
- 3. Save
Answers:
- 1 - Powers on the VM
- 2 - Forces VM shutdown
- 3 - Suspends VM and saves state
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Explain how to configure Hyper-V Replica for disaster recovery.
Answer: Enable replication on the primary VM, specify the replica server, configure replication settings (e.g., frequency), and start replication to duplicate the VM.
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which virtual switch type connects VMs to the physical network?
Options:
- External
- Internal
- Private
- Isolated
Answer: External
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: _______ allows moving a VM between hosts without downtime in Hyper-V.
Answer: Live Migration
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Match the Hyper-V storage options with their features:
Options:
- 1. Fixed Size Disk
- 2. Dynamically Expanding Disk
- 3. Differencing Disk
Answers:
- 1 - Pre-allocates all space
- 2 - Grows as data is added
- 3 - Stores changes from a parent disk
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Describe the difference between Generation 1 and Generation 2 VMs in Hyper-V.
Answer: Generation 1 supports legacy hardware and BIOS, while Generation 2 uses UEFI, supports modern features like Secure Boot, and offers better performance.
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which feature adjusts VM memory based on demand?
Options:
- Dynamic Memory
- Static Memory
- Memory Reservation
- Memory Overcommit
Answer: Dynamic Memory
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: In Hyper-V, _______ captures a VM’s state for later restoration.
Answer: Checkpoint
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Match the Hyper-V tools with their uses:
Options:
- 1. Hyper-V Manager
- 2. Failover Cluster Manager
- 3. PowerShell
Answers:
- 1 - Manages VMs graphically
- 2 - Configures high availability
- 3 - Automates Hyper-V tasks
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Explain how to export a VM in Hyper-V.
Answer: In Hyper-V Manager, select the VM, choose 'Export', specify a location, and confirm to save the VM files for transfer or backup.
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which switch type allows VM-to-VM communication only?
Options:
- External
- Internal
- Private
- NAT
Answer: Private
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: The _______ disk format in Hyper-V supports up to 64 TB.
Answer: VHDX
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Match the Hyper-V checkpoint types with their uses:
Options:
- 1. Standard
- 2. Production
Answers:
- 1 - Includes memory state
- 2 - Ensures application consistency
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Discuss the benefits of Hyper-V for small businesses.
Answer: Hyper-V reduces costs by consolidating servers, simplifies management with built-in tools, and supports disaster recovery with replication.
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Which setting enables hardware-assisted virtualization in Hyper-V?
Options:
- VT-x/AMD-V
- SLAT
- DEP
- All of the above
Answer: All of the above
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: _______ connects VMs to SAN storage in Hyper-V.
Answer: Virtual Fibre Channel
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Match the Hyper-V networking components with their roles:
Options:
- 1. Virtual Switch
- 2. NIC Teaming
- 3. VLAN
Answers:
- 1 - Connects VMs to networks
- 2 - Combines network adapters for redundancy
- 3 - Segments network traffic
Explanation: No explanation available.
Systems Virtualization - Microsoft Hyper-V
Question: Explain how to configure Dynamic Memory for a VM in Hyper-V.
Answer: In VM settings, go to 'Memory', enable Dynamic Memory, set minimum, maximum, and startup RAM, then apply the changes.
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: What is the role of VMware vSphere Client?
Options:
- Manage ESXi hosts
- Configure virtual switches
- Monitor VM performance
- All of the above
Answer: All of the above
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: The _______ component in vSphere provides software-defined storage.
Answer: vSAN
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Match the vSphere features with their benefits:
Options:
- 1. Storage vMotion
- 2. FT
- 3. vSphere Replication
Answers:
- 1 - Moves VM storage without downtime
- 2 - Provides continuous availability
- 3 - Replicates VMs for disaster recovery
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Explain the purpose of Distributed Resource Scheduler (DRS) in vSphere.
Answer: DRS automatically balances VM workloads across ESXi hosts based on resource usage, optimizing performance and utilization.
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which feature moves a VM’s storage without interrupting its operation?
Options:
- vMotion
- Storage vMotion
- HA
- DRS
Answer: Storage vMotion
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: In vSphere, _______ ensures VMs restart on another host after a failure.
Answer: High Availability
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Match the vSphere networking types with their descriptions:
Options:
- 1. VMkernel
- 2. Virtual Machine
- 3. Management
Answers:
- 1 - Handles ESXi services like vMotion
- 2 - Connects VMs to networks
- 3 - Manages ESXi host traffic
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Describe how to create a resource pool in vCenter Server.
Answer: In vCenter, right-click a cluster or host, select 'New Resource Pool', name it, set CPU and memory limits or reservations, and save.
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which vSphere feature encrypts VM data at rest?
Options:
- VM Encryption
- Secure Boot
- vSphere Trust Authority
- DRS
Answer: VM Encryption
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: The _______ file system in vSphere stores virtual machine files.
Answer: VMFS
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Match the vSphere deployment options with their uses:
Options:
- 1. Template
- 2. Clone
- 3. OVF
Answers:
- 1 - Pre-configured VM for mass deployment
- 2 - Exact copy of an existing VM
- 3 - Portable VM package
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Explain the benefits of vSphere Fault Tolerance.
Answer: Fault Tolerance creates a live replica of a VM on another host, ensuring zero downtime and data loss in case of host failure.
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which option allows live migration of VMs between hosts?
Options:
- vMotion
- Storage vMotion
- DRS
- HA
Answer: vMotion
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: In vSphere, _______ provides a centralized interface for managing multiple clusters.
Answer: vCenter Server
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Match the vSphere monitoring tools with their functions:
Options:
- 1. vSphere Client
- 2. ESXi Shell
- 3. vRealize Operations
Answers:
- 1 - Monitors VM and host status
- 2 - Provides command-line access to ESXi
- 3 - Advanced performance analytics
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Discuss the role of vSphere in hybrid cloud environments.
Answer: vSphere integrates with public clouds (e.g., VMware Cloud on AWS), enabling seamless workload migration and management across on-premises and cloud resources.
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Which feature ensures only trusted software runs on an ESXi host?
Options:
- Secure Boot
- VM Encryption
- vSphere Trust Authority
- HA
Answer: Secure Boot
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: _______ is used to export a VM as a portable package in vSphere.
Answer: OVF
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Match the vSphere security features with their purposes:
Options:
- 1. Role-Based Access
- 2. Lockdown Mode
- 3. Audit Logs
Answers:
- 1 - Controls user permissions
- 2 - Restricts direct ESXi access
- 3 - Tracks administrative actions
Explanation: No explanation available.
Systems Virtualization - ICM Module 1 & 4
Question: Explain how to configure a VM to use a specific datastore in vSphere.
Answer: In vCenter, edit VM settings, go to 'Virtual Hardware', select the disk, choose a datastore from the list, and save the changes.
Explanation: No explanation available.
Systems Virtualization - ICM Module 3
Question: What is the primary purpose of an ESXi host?
Options:
- To host virtual machines
- To manage storage
- To secure networks
- To provide backup services
Answer: To host virtual machines
Explanation: ESXi hosts run virtual machines directly on physical hardware, providing virtualization.
Systems Virtualization - ICM Module 3
Question: Which component is essential for installing ESXi?
Options:
- Server hardware
- Cloud software
- Desktop OS
- Network switch
Answer: Server hardware
Explanation: A compatible server is required to install ESXi.
Systems Virtualization - ICM Module 3
Question: Which tool is primarily used to manage ESXi hosts after installation?
Options:
- vSphere Client
- ESXi Shell
- Web Client
- PowerCLI
Answer: vSphere Client
Explanation: The vSphere Client is the standard tool for managing ESXi hosts.
Systems Virtualization - ICM Module 3
Question: Which installation method is ideal for bulk ESXi deployment?
Options:
- Interactive installation
- Unattended installation
- Manual installation
- Custom installation
Answer: Unattended installation
Explanation: Unattended installation is commonly used to deploy ESXi on many hosts simultaneously.
Systems Virtualization - ICM Module 3
Question: What type of license unlocks the full functionality of ESXi?
Options:
- Free license
- Evaluation license
- Commercial license
- OEM license
Answer: Commercial license
Explanation: A commercial license is required to access all features of ESXi.
Systems Virtualization - ICM Module 3
Question: Which network configuration is recommended for ESXi hosts?
Options:
- Dynamic IP
- Static IP
- No IP configuration
- Manual DNS
Answer: Static IP
Explanation: Static IP assignment ensures consistent management connectivity for ESXi hosts.
Systems Virtualization - ICM Module 3
Question: What is one major benefit of using ESXi over a traditional OS?
Options:
- Improved security
- Enhanced performance
- Lower cost
- Simpler management
Answer: Enhanced performance
Explanation: ESXi is optimized for high performance in virtualized environments.
Systems Virtualization - ICM Module 3
Question: Which storage configurations are supported by ESXi?
Options:
- Local storage
- SAN
- NAS
- All of the above
Answer: All of the above
Explanation: ESXi supports local, SAN, and NAS storage options.
Systems Virtualization - ICM Module 3
Question: What is the significance of a VMkernel adapter in ESXi?
Options:
- Manages network traffic
- Handles storage I/O
- Monitors host performance
- Provides backup
Answer: Manages network traffic
Explanation: A VMkernel adapter handles the network traffic necessary for ESXi operations.
Systems Virtualization - ICM Module 3
Question: How can administrators access the ESXi host console?
Options:
- SSH
- Direct console access
- Web interface
- vCenter Server
Answer: Direct console access
Explanation: The ESXi host console is accessed directly via the physical server’s interface.
Systems Virtualization - ICM Module 3
Question: Which hypervisor type is ESXi classified as?
Options:
- Bare-metal hypervisor
- Hosted hypervisor
- Container-based hypervisor
- Cloud hypervisor
Answer: Bare-metal hypervisor
Explanation: ESXi is a bare-metal hypervisor, running directly on the server hardware.
Systems Virtualization - ICM Module 3
Question: What is the minimum memory requirement for installing ESXi 8?
Options:
- 2GB
- 4GB
- 8GB
- 16GB
Answer: 4GB
Explanation: ESXi 8 typically requires at least 4GB of RAM for installation.
Systems Virtualization - ICM Module 3
Question: Which network protocol is used for secure management of ESXi hosts?
Options:
- HTTP
- HTTPS
- FTP
- SSH
Answer: HTTPS
Explanation: HTTPS is used to securely manage ESXi hosts via encrypted connections.
Systems Virtualization - ICM Module 3
Question: What is the advantage of using a bootable USB for ESXi installation?
Options:
- Faster installation
- Improved performance
- Enhanced security
- Lower cost
Answer: Faster installation
Explanation: Bootable USB devices can speed up the ESXi installation process.
Systems Virtualization - ICM Module 3
Question: Which hardware component must be compatible with ESXi for a successful installation?
Options:
- BIOS
- CPU
- Firmware
- All of the above
Answer: All of the above
Explanation: ESXi requires compatible BIOS, CPU, and firmware to function properly.
Systems Virtualization - ICM Module 3
Question: What is the primary role of the ESXi installer?
Options:
- To update drivers
- To deploy the hypervisor
- To manage storage
- To secure the host
Answer: To deploy the hypervisor
Explanation: The ESXi installer deploys the hypervisor onto the server hardware.
Systems Virtualization - ICM Module 3
Question: Which command line interface is used to manage ESXi hosts?
Options:
- PowerCLI
- ESXi Shell
- vCLI
- All of the above
Answer: All of the above
Explanation: Multiple command line interfaces, including ESXi Shell and PowerCLI, can manage ESXi hosts.
Systems Virtualization - ICM Module 3
Question: What is a benefit of clustering ESXi hosts?
Options:
- Enhanced performance
- High availability
- Simplified configuration
- Cost reduction
Answer: High availability
Explanation: Clustering ESXi hosts provides high availability for virtual machines.
Systems Virtualization - ICM Module 3
Question: Which component enables ESXi hosts to communicate with vCenter Server?
Options:
- Management network
- Storage network
- Virtual switch
- NIC teaming
Answer: Management network
Explanation: A dedicated management network facilitates communication between ESXi hosts and vCenter.
Systems Virtualization - ICM Module 3
Question: How can you verify that an ESXi host has been successfully installed?
Options:
- Ping the host
- Check the boot log
- Use the vSphere Client
- Restart the server
Answer: Use the vSphere Client
Explanation: The vSphere Client confirms that the ESXi host is operational after installation.
Systems Virtualization - ICM Module 3
Question: Which installation media is most commonly recommended for ESXi 8?
Options:
- DVD
- USB drive
- Network boot
- ISO file
Answer: USB drive
Explanation: USB drives are widely used as installation media for ESXi due to their speed and reliability.
Systems Virtualization - ICM Module 3
Question: What is a common cause for ESXi installation failures?
Options:
- Incompatible hardware
- Excessive memory
- Fast network speeds
- High storage capacity
Answer: Incompatible hardware
Explanation: Hardware incompatibility is a frequent cause of ESXi installation failures.
Systems Virtualization - ICM Module 3
Question: Which virtualization model does ESXi primarily support?
Options:
- Containerization
- Full virtualization
- Paravirtualization
- Emulation
Answer: Full virtualization
Explanation: ESXi supports full virtualization to run complete guest operating systems.
Systems Virtualization - ICM Module 3
Question: How are ESXi hosts typically updated?
Options:
- Through the vSphere Client
- Via SSH
- Using VMware Update Manager
- Manually editing files
Answer: Using VMware Update Manager
Explanation: VMware Update Manager streamlines the patching and updating of ESXi hosts.
Systems Virtualization - ICM Module 3
Question: What does the ESXi installer verify before beginning installation?
Options:
- Hardware compatibility
- Software updates
- Network speed
- User permissions
Answer: Hardware compatibility
Explanation: The installer checks that the hardware meets compatibility requirements before installation.
Systems Virtualization - ICM Module 3
Question: What is the benefit of using a custom installation image for ESXi?
Options:
- Simplifies driver inclusion
- Reduces installation time
- Improves security
- Enhances performance
Answer: Simplifies driver inclusion
Explanation: A custom image can bundle necessary drivers for specific hardware configurations.
Systems Virtualization - ICM Module 3
Question: Which log file is most useful for troubleshooting ESXi installation issues?
Options:
- /var/log/esxi.log
- /var/log/vmkernel.log
- /var/log/hostd.log
- /var/log/boot.log
Answer: /var/log/boot.log
Explanation: The boot log is crucial for diagnosing installation errors in ESXi.
Systems Virtualization - ICM Module 3
Question: What is a common post-installation task for an ESXi host?
Options:
- Rebooting the server
- Configuring network settings
- Installing antivirus
- Defragmenting storage
Answer: Configuring network settings
Explanation: After installation, network settings must be configured for proper host management.
Systems Virtualization - ICM Module 3
Question: What is the recommended method to remotely access ESXi logs?
Options:
- SSH
- FTP
- Telnet
- HTTP
Answer: SSH
Explanation: SSH provides secure remote access to ESXi log files for troubleshooting.
Systems Virtualization - ICM Module 3
Question: Which hardware component is least critical for ESXi performance?
Options:
- CPU
- Memory
- Graphics card
- Storage
Answer: Graphics card
Explanation: Graphics cards are generally less critical in a server environment focused on virtualization.
Systems Virtualization - ICM Module 3
Question: How does clustering enhance the availability of ESXi hosts?
Options:
- Increases performance
- Improves fault tolerance
- Simplifies management
- Reduces cost
Answer: Improves fault tolerance
Explanation: Clustering helps maintain availability by providing redundancy among ESXi hosts.
Systems Virtualization - ICM Module 3
Question: Which component is necessary for communication between ESXi and vCenter?
Options:
- Management network
- Storage network
- Virtual switch
- NIC teaming
Answer: Management network
Explanation: A dedicated management network is essential for ESXi to communicate with vCenter Server.
Systems Virtualization - ICM Module 3
Question: How do you ensure that an ESXi host remains updated with security patches?
Options:
- Automatic updates
- Manual patching
- Firmware updates
- Driver updates
Answer: Automatic updates
Explanation: Enabling automatic updates helps keep the ESXi host secure and up to date.
Systems Virtualization - ICM Module 3
Question: What is the impact of running ESXi in a nested virtualization environment?
Options:
- Improved performance
- Layered virtualization
- Reduced overhead
- Potential performance degradation
Answer: Potential performance degradation
Explanation: Nested virtualization may lead to additional performance overhead.
Systems Virtualization - ICM Module 3
Question: Which setting is critical when configuring the ESXi management network?
Options:
- DNS settings
- Time synchronization
- IP addressing
- Proxy configuration
Answer: IP addressing
Explanation: Accurate IP addressing is crucial for the ESXi management network to function correctly.
Systems Virtualization - ICM Module 3
Question: What is the primary interface used for initial ESXi configuration?
Options:
- Direct console
- vSphere Web Client
- PowerCLI
- Remote desktop
Answer: Direct console
Explanation: The direct console interface is used for the initial configuration of an ESXi host.
Systems Virtualization - ICM Module 3
Question: How does ESXi isolate guest virtual machines?
Options:
- Through virtual switches
- Using VMkernel
- By the hypervisor layer
- With firewall rules
Answer: By the hypervisor layer
Explanation: The hypervisor layer isolates guest VMs from each other for security and stability.
Systems Virtualization - ICM Module 3
Question: Which protocol is used for secure management communications in ESXi?
Options:
- HTTP
- HTTPS
- FTP
- SNMP
Answer: HTTPS
Explanation: HTTPS is the default protocol used for secure management of ESXi hosts.
Systems Virtualization - ICM Module 3
Question: How does ESXi support hardware redundancy?
Options:
- Dual processors
- Redundant network adapters
- RAID configurations
- All of the above
Answer: All of the above
Explanation: ESXi can utilize various redundancy mechanisms such as dual processors, redundant NICs, and RAID.
Systems Virtualization - ICM Module 3
Question: What is one method to monitor ESXi host performance?
Options:
- Using built-in tools
- Third-party software
- Manual checks
- Visual inspection
Answer: Using built-in tools
Explanation: ESXi provides built-in performance monitoring tools accessible via the vSphere Client.
Systems Virtualization - ICM Module 3
Question: Which factor is least important when planning an ESXi deployment?
Options:
- Scalability
- Redundancy
- Aesthetics
- Resource allocation
Answer: Aesthetics
Explanation: While important in other contexts, aesthetics are not a key factor in ESXi deployments.
Systems Virtualization - ICM Module 3
Question: What is the function of the ESXi boot bank?
Options:
- Store configuration files
- Hold the hypervisor code
- Backup virtual machines
- Manage drivers
Answer: Hold the hypervisor code
Explanation: The boot bank contains the ESXi hypervisor code required for host operation.
Systems Virtualization - ICM Module 3
Question: Which method is recommended for securing the ESXi host console?
Options:
- Disabling direct access
- Using a strong password
- Enabling guest login
- Allowing remote access
Answer: Using a strong password
Explanation: Implementing a strong password is essential to secure the ESXi host console.
Systems Virtualization - ICM Module 3
Question: How is remote management of an ESXi host typically enabled?
Options:
- Enabling SSH
- Configuring FTP
- Using Telnet
- Activating SNMP
Answer: Enabling SSH
Explanation: SSH is commonly enabled to allow secure remote management of an ESXi host.
Systems Virtualization - ICM Module 3
Question: What is a typical task performed after installing ESXi on a host?
Options:
- Installing applications
- Configuring network settings
- Running benchmarks
- Defragmenting drives
Answer: Configuring network settings
Explanation: Post-installation tasks often include configuring network settings for optimal management.
Systems Virtualization - ICM Module 3
Question: Which tool is used to automate patch management for ESXi hosts?
Options:
- vSphere Update Manager
- PowerCLI
- vCenter Converter
- ESXi Installer
Answer: vSphere Update Manager
Explanation: vSphere Update Manager automates patch deployment and updates for ESXi hosts.
Systems Virtualization - ICM Module 3
Question: What is an advantage of using the ESXi direct console user interface?
Options:
- Graphical interface
- Quick troubleshooting
- Remote access
- Multiple sessions
Answer: Quick troubleshooting
Explanation: The direct console UI allows for fast troubleshooting during host issues.
Systems Virtualization - ICM Module 3
Question: How do you ensure data integrity during an ESXi installation?
Options:
- Using RAID
- Running backups
- Verifying checksums
- Monitoring temperature
Answer: Verifying checksums
Explanation: Verifying checksums helps confirm that the installation media is not corrupted.
Systems Virtualization - ICM Module 3
Question: Which setting is crucial for achieving optimal performance on an ESXi host?
Options:
- Power management
- Display resolution
- USB configuration
- Sound settings
Answer: Power management
Explanation: Proper power management settings ensure efficient resource usage on an ESXi host.
Systems Virtualization - ICM Module 3
Question: How does proper power management affect ESXi host performance?
Options:
- Increases energy consumption
- Improves performance
- Causes overheating
- Reduces security
Answer: Improves performance
Explanation: Effective power management minimizes waste and improves overall host performance.
Systems Virtualization - ICM Module 4
Question: What is the purpose of vCenter Server in a VMware environment?
Options:
- Centralized management
- Backup operations
- Direct hardware access
- User authentication
Answer: Centralized management
Explanation: vCenter Server centralizes management of ESXi hosts and virtual machines.
Systems Virtualization - ICM Module 4
Question: Which component is essential for managing multiple ESXi hosts?
Options:
- vSphere Client
- vCenter Server
- ESXi Shell
- Virtual SAN
Answer: vCenter Server
Explanation: vCenter Server provides centralized control and management for multiple hosts.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server assist with resource allocation?
Options:
- By monitoring performance
- By automating VM placement
- By reducing network load
- By managing storage arrays
Answer: By automating VM placement
Explanation: vCenter automates resource allocation by dynamically placing VMs on optimal hosts.
Systems Virtualization - ICM Module 4
Question: Which feature in vCenter Server enables efficient management of virtual resources?
Options:
- Distributed Resource Scheduler (DRS)
- vMotion
- Storage vMotion
- Fault Tolerance
Answer: Distributed Resource Scheduler (DRS)
Explanation: DRS automatically balances workloads across hosts to optimize resource usage.
Systems Virtualization - ICM Module 4
Question: Which tool in vCenter allows live migration of virtual machines?
Options:
- vMotion
- DRS
- vSphere Client
- High Availability
Answer: vMotion
Explanation: vMotion enables live migration of running VMs between ESXi hosts with zero downtime.
Systems Virtualization - ICM Module 4
Question: What is the benefit of Storage vMotion in a VMware environment?
Options:
- Migrating VMs between hosts
- Migrating VMs between storage locations
- Increasing VM performance
- Enhancing security
Answer: Migrating VMs between storage locations
Explanation: Storage vMotion enables live migration of VM disks without interrupting operations.
Systems Virtualization - ICM Module 4
Question: What does VMware High Availability (HA) provide in vCenter?
Options:
- Automatic load balancing
- Automatic VM restart
- Scheduled backups
- Network segmentation
Answer: Automatic VM restart
Explanation: HA restarts virtual machines on other hosts if a host failure occurs.
Systems Virtualization - ICM Module 4
Question: Which feature ensures continuous service in the event of hardware failure?
Options:
- vMotion
- Fault Tolerance
- DRS
- vCenter Server
Answer: Fault Tolerance
Explanation: Fault Tolerance creates a live shadow instance of a VM, ensuring uninterrupted service.
Systems Virtualization - ICM Module 4
Question: How is vCenter Server typically deployed?
Options:
- On a physical server
- As a virtual appliance
- On a client PC
- Directly on an ESXi host
Answer: As a virtual appliance
Explanation: vCenter Server is commonly deployed as a virtual appliance to simplify management.
Systems Virtualization - ICM Module 4
Question: What is the role of the vSphere Web Client?
Options:
- Hardware management
- Web-based management of vCenter
- Direct host configuration
- VM backup
Answer: Web-based management of vCenter
Explanation: The vSphere Web Client provides a browser-based interface for managing the virtual environment.
Systems Virtualization - ICM Module 4
Question: Which feature in vCenter enables automated distribution of VMs based on load?
Options:
- DRS
- HA
- vMotion
- Storage vMotion
Answer: DRS
Explanation: DRS automates the distribution of VMs across hosts to balance workloads.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server improve VM availability?
Options:
- By scheduling downtime
- By automating VM restarts
- By manual intervention
- By powering off idle VMs
Answer: By automating VM restarts
Explanation: The HA feature in vCenter automatically restarts VMs on alternate hosts after a failure.
Systems Virtualization - ICM Module 4
Question: What does vCenter Server use to monitor and manage host performance?
Options:
- Performance charts
- Event logs
- Real-time alerts
- All of the above
Answer: All of the above
Explanation: vCenter consolidates performance charts, event logs, and alerts for comprehensive monitoring.
Systems Virtualization - ICM Module 4
Question: Which component is critical for enabling vMotion operations?
Options:
- Shared storage
- Local storage
- High network bandwidth
- Server cooling
Answer: Shared storage
Explanation: Shared storage is required for live migration of VMs using vMotion.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server support virtual machine backups?
Options:
- Through third-party integrations
- Using built-in backup tools
- Manual snapshot management
- Direct disk imaging
Answer: Through third-party integrations
Explanation: vCenter Server works with backup solutions to enable VM backup operations.
Systems Virtualization - ICM Module 4
Question: What is a key function of the Distributed Virtual Switch (DVS) in vCenter?
Options:
- Simplify network management
- Improve VM performance
- Increase storage capacity
- Reduce licensing costs
Answer: Simplify network management
Explanation: DVS centralizes network management across multiple hosts in the virtual environment.
Systems Virtualization - ICM Module 4
Question: Which feature in vCenter helps optimize storage utilization?
Options:
- Storage DRS
- vMotion
- Fault Tolerance
- vSphere Web Client
Answer: Storage DRS
Explanation: Storage DRS automates VM placement on storage resources to optimize utilization.
Systems Virtualization - ICM Module 4
Question: What is the purpose of the vCenter Server Appliance (VCSA)?
Options:
- To host VMs
- To provide centralized management
- To backup data
- To act as a storage controller
Answer: To provide centralized management
Explanation: The VCSA is a pre-configured appliance designed for managing virtual infrastructures.
Systems Virtualization - ICM Module 4
Question: Which mechanism does vCenter Server use to balance workload across hosts?
Options:
- Manual allocation
- DRS
- vMotion
- High Availability
Answer: DRS
Explanation: DRS dynamically balances workloads across hosts to optimize performance.
Systems Virtualization - ICM Module 4
Question: What is one of the benefits of using vCenter Server for resource management?
Options:
- Simplified licensing
- Improved scalability
- Reduced storage needs
- Enhanced graphics performance
Answer: Improved scalability
Explanation: vCenter Server improves scalability by efficiently managing resources across hosts.
Systems Virtualization - ICM Module 4
Question: How can vCenter Server help reduce downtime during maintenance?
Options:
- By scheduling maintenance windows
- By enabling vMotion
- By providing backup services
- By using local storage
Answer: By enabling vMotion
Explanation: vMotion enables live migration of VMs during maintenance, reducing downtime.
Systems Virtualization - ICM Module 4
Question: Which feature enables live migration of storage without downtime?
Options:
- vMotion
- Storage vMotion
- DRS
- Fault Tolerance
Answer: Storage vMotion
Explanation: Storage vMotion allows live migration of VM disks between storage systems without downtime.
Systems Virtualization - ICM Module 4
Question: What role does the vSphere Web Client play in managing vCenter?
Options:
- It manages physical servers
- It provides a web interface for management
- It replaces the vCenter Server
- It handles storage replication
Answer: It provides a web interface for management
Explanation: The vSphere Web Client offers browser-based management for the virtual environment.
Systems Virtualization - ICM Module 4
Question: Which feature ensures high availability for vCenter Server components?
Options:
- vSphere HA
- Clustered appliances
- DRS
- vMotion
Answer: Clustered appliances
Explanation: Clustering vCenter components helps maintain continuous availability during failures.
Systems Virtualization - ICM Module 4
Question: What is the purpose of vCenter alarms?
Options:
- To monitor hardware temperature
- To alert administrators of issues
- To manage VM snapshots
- To perform backups
Answer: To alert administrators of issues
Explanation: vCenter alarms notify administrators when predefined conditions or thresholds are met.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server facilitate VM cloning?
Options:
- Using manual copy procedures
- Through cloning wizards
- By duplicating storage arrays
- By automating vMotion
Answer: Through cloning wizards
Explanation: vCenter includes cloning wizards that simplify the process of creating VM copies.
Systems Virtualization - ICM Module 4
Question: Which feature allows for the creation of VM templates in vCenter?
Options:
- Snapshot management
- Template cloning
- Content libraries
- Backup tools
Answer: Content libraries
Explanation: Content libraries store VM templates and other files for easy deployment.
Systems Virtualization - ICM Module 4
Question: What is one advantage of using vCenter Server in a virtualized environment?
Options:
- Increased manual intervention
- Centralized monitoring
- Isolated host management
- Local storage optimization
Answer: Centralized monitoring
Explanation: Centralized monitoring simplifies management and improves oversight of virtual resources.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server enhance security in a virtualized environment?
Options:
- By using local passwords
- By centralizing user management
- By disabling network features
- By reducing storage options
Answer: By centralizing user management
Explanation: Centralized user management in vCenter streamlines security and access control.
Systems Virtualization - ICM Module 4
Question: What does vCenter Server use to report on overall system health?
Options:
- Event logs
- Performance metrics
- Hardware alerts
- All of the above
Answer: All of the above
Explanation: vCenter consolidates event logs, performance metrics, and hardware alerts for a complete system view.
Systems Virtualization - ICM Module 4
Question: Which feature of vCenter aids in managing large-scale environments?
Options:
- Local storage
- Hierarchical management
- Simple clustering
- Manual resource allocation
Answer: Hierarchical management
Explanation: Hierarchical management organizes hosts and clusters, easing large-scale management.
Systems Virtualization - ICM Module 4
Question: What is the primary benefit of using vCenter Server for virtual machine lifecycle management?
Options:
- Automated provisioning
- Manual configuration
- Local monitoring
- Direct hardware control
Answer: Automated provisioning
Explanation: vCenter automates many aspects of the VM lifecycle, reducing manual intervention.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server simplify the management of virtual machine snapshots?
Options:
- By automatic deletion
- Through snapshot wizards
- Using manual commands
- With built-in reporting
Answer: Through snapshot wizards
Explanation: Snapshot wizards simplify the creation and management of VM snapshots in vCenter.
Systems Virtualization - ICM Module 4
Question: Which feature in vCenter allows for automation of routine tasks?
Options:
- Task scheduler
- Manual scripts
- User alerts
- vMotion
Answer: Task scheduler
Explanation: vCenter includes a task scheduler to automate routine administrative tasks.
Systems Virtualization - ICM Module 4
Question: What is one key benefit of using the vCenter Server Appliance over a Windows-based vCenter?
Options:
- Lower hardware requirements
- Easier deployment
- Better performance
- More features
Answer: Easier deployment
Explanation: The vCenter Server Appliance is generally simpler and faster to deploy than a Windows-based installation.
Systems Virtualization - ICM Module 4
Question: Which component of vCenter Server allows administrators to view detailed reports on VM performance?
Options:
- Dashboard
- Performance charts
- Event logs
- Alarms
Answer: Performance charts
Explanation: Performance charts in vCenter provide detailed insights into the performance of virtual machines.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server facilitate effective storage management?
Options:
- Through DRS
- By monitoring storage I/O
- Using Storage DRS
- Manual allocation
Answer: Using Storage DRS
Explanation: Storage DRS automatically manages storage load and optimizes resource allocation.
Systems Virtualization - ICM Module 4
Question: What is a primary role of vCenter Server in disaster recovery planning?
Options:
- Automated backups
- VM replication
- Manual recovery procedures
- Direct storage management
Answer: VM replication
Explanation: vCenter Server supports disaster recovery by managing VM replication and failover processes.
Systems Virtualization - ICM Module 4
Question: Which feature in vCenter Server helps in reducing administrative overhead?
Options:
- Automated alerts
- Centralized management
- Local monitoring
- Manual updates
Answer: Centralized management
Explanation: Centralized management in vCenter significantly reduces the administrative overhead of managing multiple hosts.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server assist with capacity planning?
Options:
- By tracking resource usage
- Through user feedback
- By reducing workload
- Through hardware upgrades
Answer: By tracking resource usage
Explanation: vCenter Server monitors resource usage to help administrators plan for future capacity needs.
Systems Virtualization - ICM Module 4
Question: Which technology enables live migration of VMs without downtime in vCenter?
Options:
- vMotion
- DRS
- Fault Tolerance
- Storage vMotion
Answer: vMotion
Explanation: vMotion enables live migration of virtual machines between hosts, ensuring minimal downtime.
Systems Virtualization - ICM Module 4
Question: What challenge is addressed by vCenter Server in virtualized environments?
Options:
- Complex hardware configuration
- Fragmented management
- Limited scalability
- Lack of security
Answer: Fragmented management
Explanation: vCenter Server centralizes management to overcome the challenge of fragmented infrastructure.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server support proactive maintenance of ESXi hosts?
Options:
- By scheduling reboots
- Through real-time monitoring
- By performing manual checks
- Using static configurations
Answer: Through real-time monitoring
Explanation: Real-time monitoring in vCenter enables proactive maintenance and rapid issue resolution.
Systems Virtualization - ICM Module 4
Question: What is a benefit of automating routine tasks in vCenter Server?
Options:
- Increased errors
- Reduced administrative burden
- Higher hardware costs
- Complex configuration
Answer: Reduced administrative burden
Explanation: Automating routine tasks in vCenter reduces manual effort and minimizes errors.
Systems Virtualization - ICM Module 4
Question: Which feature allows vCenter to automatically detect changes in the virtual environment?
Options:
- Event logging
- Change monitoring
- Auto discovery
- Performance tracking
Answer: Auto discovery
Explanation: Auto discovery in vCenter detects changes in the environment and updates configuration automatically.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server contribute to efficient energy management in data centers?
Options:
- By reducing cooling requirements
- By consolidating workloads
- By enabling power capping
- By controlling lighting
Answer: By consolidating workloads
Explanation: By consolidating workloads, vCenter optimizes server usage and enhances energy efficiency.
Systems Virtualization - ICM Module 4
Question: What is the purpose of vCenter Server roles and permissions?
Options:
- To improve network speed
- To control access
- To increase storage
- To automate updates
Answer: To control access
Explanation: Roles and permissions in vCenter are used to control user access and secure the environment.
Systems Virtualization - ICM Module 4
Question: Which tool does vCenter Server use for detailed performance analysis of VMs?
Options:
- Performance charts
- Event logs
- Task scheduler
- Alarms
Answer: Performance charts
Explanation: Performance charts in vCenter offer detailed performance analysis for virtual machines.
Systems Virtualization - ICM Module 4
Question: How does vCenter Server assist in reducing the complexity of managing virtual infrastructure?
Options:
- Through manual reporting
- By integrating with third-party tools
- By centralizing management
- Using local scripts
Answer: By centralizing management
Explanation: Centralized management in vCenter reduces the complexity of managing a virtual infrastructure.
Systems Virtualization - ICM Module 4
Question: What is one of the primary benefits of using vCenter Server for workload balancing?
Options:
- Increased downtime
- Optimized resource distribution
- Higher energy consumption
- Manual intervention
Answer: Optimized resource distribution
Explanation: vCenter Server optimizes resource distribution by efficiently balancing workloads across hosts.
Systems Virtualization - ICM Module 5
Question: What is the primary function of a vSphere Distributed Switch (VDS)?
Options:
- Centralized network management
- Local network segmentation
- Direct VM storage
- User authentication
Answer: Centralized network management
Explanation: The VDS centralizes network configuration across multiple ESXi hosts.
Systems Virtualization - ICM Module 5
Question: Which protocol is most commonly used to secure vSphere network communications?
Options:
- HTTP
- SSL/TLS
- FTP
- SNMP
Answer: SSL/TLS
Explanation: SSL/TLS provides encrypted communications for vSphere management and data transfers.
Systems Virtualization - ICM Module 5
Question: What feature of vSphere assists in creating isolated networks for virtual machines?
Options:
- Port groups
- Virtual NICs
- Virtual switches
- Firewall rules
Answer: Port groups
Explanation: Port groups enable network isolation and segmentation for virtual machines.
Systems Virtualization - ICM Module 5
Question: Which component provides advanced traffic management in a vSphere environment?
Options:
- vSphere Replication
- vSphere Distributed Switch
- ESXi Shell
- vCenter Server
Answer: vSphere Distributed Switch
Explanation: The distributed switch offers advanced traffic management and policy enforcement across hosts.
Systems Virtualization - ICM Module 5
Question: How does Network I/O Control (NIOC) benefit a vSphere network?
Options:
- By limiting VM CPU usage
- By prioritizing network traffic
- By managing storage queues
- By automating backups
Answer: By prioritizing network traffic
Explanation: NIOC prioritizes network traffic to ensure critical applications receive necessary bandwidth.
Systems Virtualization - ICM Module 5
Question: What is the role of a virtual network adapter in ESXi hosts?
Options:
- To connect VMs to physical networks
- To store VM data
- To manage host resources
- To secure virtual machines
Answer: To connect VMs to physical networks
Explanation: Virtual network adapters enable VMs to communicate with external networks via the ESXi host.
Systems Virtualization - ICM Module 5
Question: Which setting is crucial when configuring a distributed switch for optimal performance?
Options:
- Jumbo frames
- Power management
- Antivirus configuration
- Local firewall rules
Answer: Jumbo frames
Explanation: Enabling jumbo frames can improve network performance by allowing larger packet sizes.
Systems Virtualization - ICM Module 5
Question: How does vSphere ensure network redundancy in a virtual environment?
Options:
- By using multiple virtual switches
- By implementing NIC teaming
- By duplicating VM settings
- By increasing storage capacity
Answer: By implementing NIC teaming
Explanation: NIC teaming aggregates multiple network adapters to provide redundancy and increased bandwidth.
Systems Virtualization - ICM Module 5
Question: What is the benefit of using private VLANs in a vSphere environment?
Options:
- Improved VM performance
- Enhanced network segmentation
- Increased storage speed
- Simplified management
Answer: Enhanced network segmentation
Explanation: Private VLANs isolate traffic within a VLAN, improving security and segmentation.
Systems Virtualization - ICM Module 5
Question: Which tool is primarily used to monitor network performance in vSphere?
Options:
- vCenter Server
- vSphere Client
- vRealize Operations
- ESXi Shell
Answer: vRealize Operations
Explanation: vRealize Operations provides advanced monitoring and analytics for network performance.
Systems Virtualization - ICM Module 5
Question: How does vSphere integrate software-defined networking (SDN) capabilities?
Options:
- Through manual configuration
- By using virtual appliances
- By leveraging distributed switches
- By direct hardware installation
Answer: By leveraging distributed switches
Explanation: vSphere integrates SDN by using distributed switches that enable programmable network policies.
Systems Virtualization - ICM Module 5
Question: What is the primary purpose of vSpheres Network Health Check feature?
Options:
- To monitor VM CPU usage
- To validate network configurations
- To backup network settings
- To update firmware
Answer: To validate network configurations
Explanation: The Network Health Check verifies that network settings are optimal and correctly configured.
Systems Virtualization - ICM Module 5
Question: Which feature provides load balancing for network traffic in vSphere?
Options:
- vMotion
- NIOC
- DRS
- vCenter Server
Answer: NIOC
Explanation: Network I/O Control (NIOC) helps balance network traffic across available paths.
Systems Virtualization - ICM Module 5
Question: What is the role of a virtual firewall in a vSphere environment?
Options:
- To manage storage
- To secure network traffic
- To monitor CPU usage
- To update VM tools
Answer: To secure network traffic
Explanation: A virtual firewall filters and secures network traffic between virtual machines.
Systems Virtualization - ICM Module 5
Question: Which protocol is critical for remote management of ESXi hosts over the network?
Options:
- Telnet
- SSH
- FTP
- HTTP
Answer: SSH
Explanation: SSH is the secure protocol used for remote management of ESXi hosts.
Systems Virtualization - ICM Module 5
Question: How does vSphere support Quality of Service (QoS) for network traffic?
Options:
- By using static IP addresses
- Through bandwidth reservation
- By limiting storage access
- With manual configurations
Answer: Through bandwidth reservation
Explanation: Bandwidth reservation in vSphere helps ensure QoS by allocating network resources to critical applications.
Systems Virtualization - ICM Module 5
Question: What is a key advantage of virtualizing network functions in vSphere?
Options:
- Reduced hardware costs
- Increased physical complexity
- Higher energy consumption
- Limited scalability
Answer: Reduced hardware costs
Explanation: Virtualizing network functions reduces the need for dedicated hardware and lowers costs.
Systems Virtualization - ICM Module 5
Question: Which component is used to segregate traffic in a virtual network?
Options:
- Virtual LANs (VLANs)
- Storage arrays
- Hypervisor kernels
- Backup domains
Answer: Virtual LANs (VLANs)
Explanation: VLANs segregate network traffic logically to improve security and performance.
Systems Virtualization - ICM Module 5
Question: How can vSphere administrators monitor the health of network adapters on ESXi hosts?
Options:
- Using vSphere Client
- Through SNMP traps
- By reviewing system logs
- All of the above
Answer: All of the above
Explanation: Administrators can use a combination of the vSphere Client, SNMP, and logs to monitor network adapters.
Systems Virtualization - ICM Module 5
Question: What is the purpose of setting up a dedicated management network in vSphere?
Options:
- To reduce VM latency
- To isolate management traffic
- To increase storage throughput
- To enable vMotion
Answer: To isolate management traffic
Explanation: A dedicated management network separates administrative traffic from regular VM data traffic.
Systems Virtualization - ICM Module 5
Question: Which tool can be used to perform network configuration backups in vSphere?
Options:
- vSphere Replication
- vCenter Server
- PowerCLI scripts
- ESXi Shell commands
Answer: PowerCLI scripts
Explanation: PowerCLI scripts are often used to automate and backup network configurations in vSphere.
Systems Virtualization - ICM Module 5
Question: How does vSphere ensure that network changes are consistently applied across all hosts?
Options:
- By manual updates
- Through distributed configurations
- Using local policies
- Via hardware switches
Answer: Through distributed configurations
Explanation: Distributed configurations ensure that network policies are consistently enforced across all hosts.
Systems Virtualization - ICM Module 5
Question: What is a common method for troubleshooting network connectivity issues in vSphere?
Options:
- Rebooting all hosts
- Checking VMkernel logs
- Increasing storage capacity
- Disabling vMotion
Answer: Checking VMkernel logs
Explanation: VMkernel logs often contain detailed information to troubleshoot network connectivity issues.
Systems Virtualization - ICM Module 5
Question: Which configuration is important for ensuring optimal throughput on a distributed switch?
Options:
- Proper MTU settings
- Default IP addressing
- Local DNS settings
- Static routing
Answer: Proper MTU settings
Explanation: Configuring the Maximum Transmission Unit (MTU) correctly is vital for optimal network throughput.
Systems Virtualization - ICM Module 5
Question: What is the purpose of using vSphere Auto Deploy in network configurations?
Options:
- To manually configure switches
- To automate host provisioning
- To back up VM data
- To update firmware
Answer: To automate host provisioning
Explanation: Auto Deploy can automatically provision and configure hosts including network settings.
Systems Virtualization - ICM Module 5
Question: Which feature allows vSphere to dynamically allocate network resources based on demand?
Options:
- Static IP assignment
- Dynamic Resource Scheduling
- Network I/O Control
- Manual configuration
Answer: Network I/O Control
Explanation: Network I/O Control dynamically adjusts network resource allocation based on current demand.
Systems Virtualization - ICM Module 5
Question: How is traffic shaping used in vSphere networking?
Options:
- To limit network throughput
- To boost storage speed
- To secure management access
- To configure VM settings
Answer: To limit network throughput
Explanation: Traffic shaping controls and limits the amount of network bandwidth consumed by VMs.
Systems Virtualization - ICM Module 5
Question: Which component in vSphere helps manage multicast traffic?
Options:
- vSphere Distributed Switch
- vCenter Server
- vMotion
- DRS
Answer: vSphere Distributed Switch
Explanation: The distributed switch can be configured to efficiently manage multicast traffic across the network.
Systems Virtualization - ICM Module 5
Question: What is the primary goal of network segmentation in a vSphere environment?
Options:
- To improve VM performance
- To reduce broadcast traffic
- To simplify storage management
- To enhance CPU efficiency
Answer: To reduce broadcast traffic
Explanation: Network segmentation reduces broadcast domains and improves overall network performance.
Systems Virtualization - ICM Module 5
Question: How does vSphere support the integration of third-party network monitoring tools?
Options:
- Through open APIs
- By manual configuration
- Using proprietary protocols
- Direct hardware integration
Answer: Through open APIs
Explanation: vSphere offers APIs that allow third-party tools to integrate and monitor network performance.
Systems Virtualization - ICM Module 5
Question: Which network feature is essential for virtual machine migration across hosts?
Options:
- Static routing
- vMotion network
- Distributed firewall
- DNS management
Answer: vMotion network
Explanation: A dedicated vMotion network ensures smooth migration of VMs across hosts.
Systems Virtualization - ICM Module 5
Question: What is the role of Link Aggregation Control Protocol (LACP) in vSphere?
Options:
- To monitor VM performance
- To combine multiple network links
- To backup network configurations
- To encrypt traffic
Answer: To combine multiple network links
Explanation: LACP aggregates multiple network interfaces to increase bandwidth and provide redundancy.
Systems Virtualization - ICM Module 5
Question: How can vSphere administrators validate network configurations across hosts?
Options:
- By running connectivity tests
- Through manual inspections
- Using vCenter alerts
- By rebooting hosts
Answer: By running connectivity tests
Explanation: Connectivity tests help validate that network configurations are applied correctly across hosts.
Systems Virtualization - ICM Module 5
Question: Which practice is recommended for maintaining network performance in a virtual environment?
Options:
- Increasing VM count
- Regular firmware updates
- Ignoring error logs
- Disabling security features
Answer: Regular firmware updates
Explanation: Keeping network firmware up-to-date helps maintain performance and security.
Systems Virtualization - ICM Module 5
Question: What is the benefit of using virtual machine templates in network configuration?
Options:
- Simplifies VM deployment
- Enhances network security
- Improves CPU speed
- Reduces storage use
Answer: Simplifies VM deployment
Explanation: Templates streamline the deployment of VMs with pre-configured network settings.
Systems Virtualization - ICM Module 5
Question: How does vSphere handle network policy enforcement across different hosts?
Options:
- Through manual rules
- By centralized policies
- Using local configurations
- Via third-party tools
Answer: By centralized policies
Explanation: Centralized network policies ensure consistent enforcement across all hosts.
Systems Virtualization - ICM Module 5
Question: Which method is used to isolate network traffic for sensitive applications in vSphere?
Options:
- VLAN tagging
- IP filtering
- MAC address locking
- Port mirroring
Answer: VLAN tagging
Explanation: VLAN tagging isolates network traffic and enhances security for sensitive applications.
Systems Virtualization - ICM Module 5
Question: What does the term "east-west traffic" refer to in a vSphere network?
Options:
- Traffic between VMs on the same host
- Traffic between different data centers
- Traffic from external networks
- Traffic from storage arrays
Answer: Traffic between VMs on the same host
Explanation: East-west traffic refers to the data exchanged between VMs residing on the same host or cluster.
Systems Virtualization - ICM Module 5
Question: How can administrators secure the communication between ESXi hosts and vCenter Server?
Options:
- By disabling encryption
- Using VPN tunnels
- Enforcing SSL certificates
- Implementing open ports
Answer: Enforcing SSL certificates
Explanation: SSL certificates ensure that the communication between hosts and vCenter is secure.
Systems Virtualization - ICM Module 5
Question: Which feature assists in minimizing packet loss during network congestion in vSphere?
Options:
- Traffic shaping
- Increased CPU allocation
- Reduced memory usage
- Disabling vMotion
Answer: Traffic shaping
Explanation: Traffic shaping controls the rate of data transmission to help reduce packet loss during congestion.
Systems Virtualization - ICM Module 5
Question: What is the role of multicast in a vSphere environment?
Options:
- To support VM backups
- To enable efficient data distribution
- To manage storage
- To control VM power states
Answer: To enable efficient data distribution
Explanation: Multicast is used to efficiently distribute data to multiple recipients simultaneously.
Systems Virtualization - ICM Module 5
Question: How does vSphere handle dynamic changes in network topology?
Options:
- By manual intervention
- Through automated discovery
- Using static routes
- By disabling unused ports
Answer: Through automated discovery
Explanation: Automated discovery in vSphere helps adapt to changes in network topology without manual intervention.
Systems Virtualization - ICM Module 5
Question: Which aspect of network configuration is critical for supporting high VM density?
Options:
- Network latency
- IP address allocation
- Bandwidth management
- DNS resolution
Answer: Bandwidth management
Explanation: Effective bandwidth management is crucial when supporting a high density of virtual machines.
Systems Virtualization - ICM Module 5
Question: What is the significance of monitoring broadcast traffic in a vSphere network?
Options:
- It indicates security breaches
- It affects network performance
- It manages storage I/O
- It improves VM responsiveness
Answer: It affects network performance
Explanation: Excessive broadcast traffic can degrade network performance and lead to congestion.
Systems Virtualization - ICM Module 5
Question: How does vSphere support the scalability of network configurations?
Options:
- By using fixed settings
- Through distributed management
- By limiting VM connections
- By enforcing static routes
Answer: Through distributed management
Explanation: Distributed management in vSphere allows the network configuration to scale with the environment.
Systems Virtualization - ICM Module 5
Question: What is a benefit of integrating vSphere with external network controllers?
Options:
- Increased hardware costs
- Enhanced network visibility
- Manual configuration
- Reduced performance
Answer: Enhanced network visibility
Explanation: Integration with external controllers provides deeper insights and control over the network.
Systems Virtualization - ICM Module 5
Question: Which approach is recommended for troubleshooting network latency issues in vSphere?
Options:
- Rebooting all VMs
- Using performance monitoring tools
- Disabling NIC teaming
- Removing VLANs
Answer: Using performance monitoring tools
Explanation: Performance monitoring tools help identify and resolve network latency issues efficiently.
Systems Virtualization - ICM Module 5
Question: How can administrators ensure consistent network performance across vSphere clusters?
Options:
- By standardizing configurations
- Through random adjustments
- By isolating clusters
- By using different protocols
Answer: By standardizing configurations
Explanation: Standardized network configurations help ensure consistent performance across clusters.
Systems Virtualization - ICM Module 5
Question: What is the importance of monitoring error rates on virtual network adapters?
Options:
- They affect storage performance
- They indicate potential network issues
- They improve VM speed
- They control CPU usage
Answer: They indicate potential network issues
Explanation: Monitoring error rates helps identify underlying network problems before they escalate.
Systems Virtualization - ICM Module 5
Question: Which strategy is effective for mitigating network bottlenecks in a virtualized environment?
Options:
- Increasing the number of VMs
- Optimizing network configurations
- Adding more storage arrays
- Reducing CPU allocation
Answer: Optimizing network configurations
Explanation: Optimizing network settings and policies can effectively mitigate bottlenecks in a virtualized network environment.
Systems Virtualization - ICM Module 6
Question: What is a datastore in VMware vSphere?
Answer: A logical container that holds virtual machine files and other files necessary for VM operations.
Explanation: A datastore is a storage container for files necessary for virtual machine operations.
Systems Virtualization - ICM Module 3
Question: True or False: ESXi is the virtualization platform on which you can create and run virtual machines.
Answer: True
Explanation: Proper configuration of the ESXi host ensures that virtual machines run in an environment that is reliable, secure, and performance.
Systems Virtualization - ICM Module 3
Question: ESXi is a ________ hypervisor that is licensed as a part of vSphere. A free version is also available as a standalone server.
Answer: bare-metal / type 1
Explanation:
Systems Virtualization - ICM Module 3
Question: Features of ESXI include
Options:
- High Security
- Small disk footprint
- Quick boot for faster patching and upgrades
- All of the above
Answer: All of the above
Explanation:
Systems Virtualization - ICM Module 3
Question: What drive formats are compatible with ESXI?
Options:
- hard disks
- SAN LUNs
- SSD
- SATADOM
- diskless hosts
Answer: All of the above
Explanation:
Systems Virtualization - ICM Module 3
Question: Security features of ESXI include
Options:
- Host-based firewall
- Memory hardening
- Kernel module integrity
- Trusted Platform Module (TPM 2.0)
- UEFI secure boot
- Encrypted core dumps
- All of the above
Answer: All of the above
Explanation:
Systems Virtualization - ICM Module 3
Question: To minimize the risk of an attack through the management interface, ESXi includes a firewall between the _____________ and the network.
Answer: management interface
Explanation:
Systems Virtualization - ICM Module 3
Question: What is memory hardening?
Answer: Memory hardening is a security technique used to protect systems from malicious attacks that exploit vulnerabilities in memory.
Explanation: Using random memory locations makes the ESXi protected from malicious code injections. Non-Executable Memory protections in modern CPUs prevent any code that is successfully injected from running.
Systems Virtualization - ICM Module 3
Question: Match the following ESXi security features:
Options:
- Memory hardening is a security technique used to protect systems from malicious attacks that exploit vulnerabilities in memory=Digital signing ensures the integrity and authenticity of modules,
- drivers, and applications as they are loaded by the VMkernel
- Trusted Platform Module= a hardware element that creates a trusted platform. This element affirms that the boot process and all drivers loaded are genuine
- UEFI secure boot= for systems that support UEFI secure boot firmware,
- which contains a digital certificate to which the VMware infrastructure bundles (VIBs) chain
- ESXi Quick Boot=With this feature, ESXi can reboot without reinitializing the physical server BIOS.
Answer: Memory hardening is a security technique used to protect systems from malicious attacks that exploit vulnerabilities in memory=Digital signing ensures the integrity and authenticity of modules, drivers, and applications as they are loaded by the VMkernel Trusted Platform Module= a hardware element that creates a trusted platform. This element affirms that the boot process and all drivers loaded are genuine UEFI secure boot= for systems that support UEFI secure boot firmware, which contains a digital certificate to which the VMware infrastructure bundles (VIBs) chain ESXi Quick Boot=With this feature, ESXi can reboot without reinitializing the physical server BIOS.
Explanation:
Systems Virtualization - ICM Module 3
Question: What is ESXi quickboot?
Options:
- A feature that allows ESXi to reboot without reinitializing the physical server BIOS
- A feature which reduces remediation time during host patch or host upgrade operations
- A and B
- None of the above
Answer: A and B
Explanation:
Systems Virtualization - ICM Module 3
Question: True or False: Quick Boot is disabled by default
Answer: False
Explanation: Quick Boot is activated by default on supported hardware
Systems Virtualization - ICM Module 3
Question: Can the following host support ESXi 8.0? -2 CPU cores -8GB RAM -32GB persistent storage
Answer: Yes, but you also need a supported server platform and one or more Gigabit or faster ethernet controllers
Explanation:
Systems Virtualization - ICM Module 3
Question: True or False: During the ESXi installation, the ESXi host is given a DHCP-assigned IP address.
Answer: True
Explanation: You use the ESXi host's DCUI to configure certain settings, such as the host's network settings.
Systems Virtualization - ICM Module 3
Question: True or False: The DCUI is a text-based user interface with mouse-only interaction.
Answer: False
Explanation: The DCUI is a text-based user interface with keyboard-only interaction.
Systems Virtualization - ICM Module 3
Question: What is a DCUI
Answer: The DCUI is a low-level configuration and management interface, accessible through the console of the server, that is used primarily for initial basic configuration
Explanation:
Systems Virtualization - ICM Module 3
Question: How do you access the DCUI
Answer: F12
Explanation:
Systems Virtualization - ICM Module 3
Question: True or False: You must configure management network settings before your ESXi host is operational.
Answer: True
Explanation:
Systems Virtualization - ICM Module 3
Question: How would an administrator use the DCUI to configure the root access settings?
Options:
- Change the root password
- activate or deactivate lockdown mode (limits the management of the host to vCenter)
- All of the above
Answer: All of the above
Explanation:
Systems Virtualization - ICM Module 3
Question: Why is time synchronization important?
Options:
- For accurate performance graphs
- For accurate time stamps in log messages
- So that virtual machines have a source to syncronize
- for log messages, auditing and troubleshooting
- All of the above
Answer: All of the above
Explanation:
Systems Virtualization - ICM Module 3
Question: How can you configure NTP
Options:
- Manually
- Through NTP
- Through PTP
- using VMware Host Client
- using vSphere Client
- All of the above
Answer: All of the above
Explanation:
Systems Virtualization - ICM Module 3
Question: True or False: NTP and PTP can run simultaneously
Answer: False
Explanation:
Systems Virtualization - ICM Module 3
Question: What is the difference between NTP and PTP
Answer: NTP gets its timesource from a server and is accurate to the millisecond, PTP gets its timesource from the hardware (PCI passthrough) or software (VMKernel Adapter) and has microsecond accuracy.
Explanation:
Systems Virtualization - ICM Module 3
Question: True or False: The ESXi firewall is activated by default
Answer: True
Explanation: The firewall blocks incoming and outgoing traffic, except for the traffic activated in the host’s firewall settings.
Systems Virtualization - ICM Module 3
Question: What mode prevents remote users from logging in to the host directly and makes it accessible only through the DCUI or vCenter
Options:
- Lockdown mode
- Lockout mode
- Admin mode
- Shutdown mode
Answer: Lockdown mode
Explanation:
Systems Virtualization - ICM Module 3
Question: T/F ESXI Quick Boot bypasses the need to reinitialize the physical server bios during reboot
Answer: True
Explanation:
Systems Virtualization - ICM Module 3
Question: What is the protocol number that we use to time synchronize from the ESXi host to PTP client?
Answer: UDP ports 319 and 320
Explanation:
Systems Virtualization - ICM Module 3
Question: Which feature helpsminimize the risk of attacks through the management interface?
Answer: Host-Based firewall
Explanation:
Systems Virtualization - ICM Module 3
Question: T/F The DCUI is a text based user interface with only mouse interaction
Answer: False
Explanation: It has only keyboard interaction