- (Topic 3)
A security team updated a web server to require https:// in the URL. Although the IP address did not change, users report being unable to reach the site. Which of the following should the security team do to allow users to reach the server again?
Correct Answer:
B
One possible reason why users are unable to reach the site after the security team updated the web server to require https:// in the URL is that the firewall rules are blocking the traffic to port 443. Port 443 is the default port for HTTPS, which is the protocol that encrypts and secures the web communication. If the firewall rules do not allow inbound traffic to port 443, then users will not be able to access the web server using HTTPS12.
To troubleshoot this issue, the security team should configure inbound firewall rules to allow traffic to port 443. This can be done by using the firewall-cmd command on RHEL 8.2, which is a tool that manages firewalld, the default firewall service on RHEL. The command to add a rule to allow traffic to port 443 is:
firewall-cmd --permanent --add-port=443/tcp
The --permanent option makes the rule persistent across reboots, and the --add-port option specifies the port number and protocol (TCP) to allow. After adding the rule, the security
team should reload the firewalld service to apply the changes: firewall-cmd --reload
The security team can verify that the rule is active by using this command:
firewall-cmd --list-ports
The output should show 443/tcp among the ports that are allowed34.
The other options are not relevant to troubleshooting this issue. Configuring the switch port with the correct VLAN may help with network segmentation or isolation, but it will not affect the HTTPS protocol or port. Configuring the router to include the subnet of the server may help with network routing or connectivity, but it will not enable HTTPS communication. Configuring the server with a default route may help with network access or reachability, but it will not allow HTTPS traffic.
- (Topic 3)
An administrator wants to host services on the internet using an internal server. The server is configured with an RFC1918 address, and the administrator wants to make the services that are hosted on the server available on one of the company's public IP addresses. Which of the following should the administrator configure to allow this access?
Correct Answer:
B
A virtual IP (VIP) is an IP address that is shared by multiple servers or devices on a network. A VIP can be used to provide load balancing, failover, or high availability for services that are hosted on the network. A VIP can also be used to map an internal server’s private IP address to a public IP address, allowing the server to host services on the internet. This is also known as network address translation (NAT) or port forwarding. The other options are not correct because they are not related to mapping an internal server’s IP address to a public IP address. They are:
•IPv6 tunneling is a technique that allows IPv6 packets to be encapsulated and transmitted over an IPv4 network.
•Dual stack is a configuration that allows a device to support both IPv4 and IPv6 protocols simultaneously.
•EUI-64 is a method of generating a 64-bit interface identifier for an IPv6 address based on the 48-bit MAC address of the device.
References
What is a Virtual IP Address (VIP)? - Definition from Techopedia IPv6 Tunneling - an overview | ScienceDirect Topics
Dual Stack Definition
[EUI-64 - an overview | ScienceDirect Topics]
- (Topic 3)
Which of the following is the MOST cost-effective alternative that provides proper cabling and supports gigabit Ethernet devices?
Correct Answer:
A
twisted cable with a minimum Cat 5e certification is the MOST cost-effective alternative that provides proper cabling and supports gigabit Ethernet devices.
- (Topic 3)
A user reports that the internet seems slow on a workstation, but no other users have reported any issues. The server team confirms the servers are functioning normally. A technician suspects something specific to the user's computer is overutilizing bandwidth. Which of the following commands should the technician use to further investigate the issue?
Correct Answer:
C
netstat is a command-line tool that displays network connections, routing tables, interface statistics, and more. It can help the technician identify which processes or applications are using the network bandwidth on the user’s computer. netstat can also show the current bandwidth usage in bytes per second for each network interface.
References
✑ netstat - Wikipedia provides an overview of the netstat tool and its features.
✑ How to get current bandwidth usage from command line using built-in Linux tools?
- Super User explains how to use netstat and other tools to monitor bandwidth usage on Linux systems.
✑ Get network utilization from command line - Super User shows how to use typeperf and other tools to monitor bandwidth usage on Windows systems.
- (Topic 3)
During a client audit, a network analyst is tasked with recommending changes to upgrade the client network and readiness. Afield technician has submitted the following report:
Based on this report, which of the following metrics or sensors would be the BEST recommendation to the client?
Correct Answer:
B
Humidity is the amount of water vapor in the air. High humidity can cause corrosion, condensation, and short circuits in electronic devices. Low humidity can cause static electricity and damage sensitive components. The optimal humidity range for a data center is between 40% and 60%. Based on the report, the humidity level in the server room is 70%, which is too high and can affect the performance and reliability of the network equipment. Therefore, the best recommendation to the client is to install a humidity sensor and a dehumidifier to control the humidity level in the server room.
References: Network+ Study Guide Objective 5.1: Summarize the importance of physical security controls.