Meyers Comp TIA Net+Gde 5e Chap020 TB PDF

Preview

Summary

Download Meyers Comp TIA Net+Gde 5e Chap020 TB PDF

Description

Chapter 20 – Network Monitoring TRUE/FALSE [QUESTION] 1. The current version of SNMP is SNMPv3. Ans: T Page: 596 Difficulty: Easy [QUESTION] 2. SNMP uses User Datagram Protocol (UDP) ports 161 and 162 for secure communication. Ans: F Page: 596 Difficulty: Easy [QUESTION] 3. The default Wireshark screen has become the standard most other protocol analyzers are based on. Ans: T Page: 597 Difficulty: Easy [QUESTION] 4. Wireshark uses the “DHCP” filter added to a capture file to only show DHCP packets. Ans: F Page: 598 Difficulty: Easy [QUESTION] 5. NetFlow is another name for SNMP. Ans: F Page: 599 Difficulty: Easy [QUESTION] 6. In NetFlow, a discard is an error. Ans: F Page: 600 Difficulty: Easy [QUESTION] 7. Performance monitors are usually generic and each can run successfully on any operating system. Ans: F Page: 601 Difficulty: Easy [QUESTION] 8. PerfMon is a unique Linux tool for performance monitoring. Ans: T Page: 601

Copyright © 2018 McGraw-Hill Education. All rights reserved.

Difficulty: Easy [QUESTION] 9. All operating systems come with some form of baseline tools. Ans: T Page: 602 Difficulty: Easy [QUESTION] 10. It is a good idea to give root access to critical log files for performance reasons. Ans: F Page: 602 Difficulty: Easy MULTIPLE CHOICE [QUESTION] 11. Which underlying protocol enables network monitoring tools to work? A. TCP B. SNMP C. UDP D. SMTP Ans: B Page: 593 Difficulty: Easy [QUESTION] 12. The SNMP manager requests and processes information from the __________ devices. A. opened B. closed C. managed D. privileged Ans: C Page: 594 Difficulty: Moderate [QUESTION] 13. Managed devices run specialized __________ called agents. A. robots B. switches C. drones D. software Ans: D Page: 594 Difficulty: Moderate [QUESTION] 14. An SNMP system has up to __________ core functions (depending on the version of SNMP). A. two B. four C. six

Copyright © 2018 McGraw-Hill Education. All rights reserved.

D. eight Ans: D Page: 594 Difficulty: Easy [QUESTION] 15. Which core function is sent when an SNMP manager wants to query an agent? A. Set B. Get C. Response D. Trap Ans: B Page: 594 Difficulty: Easy [QUESTION] 16. Which core function is sent by the agent after the SNMP manager queries an agent with a GetRequest or GetNextRequest? A. Set B. Get C. Response D. Trap Ans: C Page: 594 Difficulty: Easy [QUESTION] 17. An NMS can tell an agent to make changes to the information it queries and sends, called variables, through a __________ protocol data unit (PDU). A. Set B. Get C. Response D. Trap Ans: A Page: 594 Difficulty: Easy [QUESTION] 18. An agent can solicit information from an NMS with the __________ protocol data unit (PDU). A. Set B. Get C. Response D. Trap Ans: D Page: 594 Difficulty: Easy [QUESTION] 19. The snmpwalk utility tells the SNMP manager to perform a series of __________ commands. A. Set B. Get

Copyright © 2018 McGraw-Hill Education. All rights reserved.

C. Response D. Trap Ans: B Page: 595 Difficulty: Easy [QUESTION] 20. What User Datagram Protocol (UDP) ports does SNMP use for unsecure communication? A. 61 and 62 B. 610 and 612 C. 161 and 162 D. 10162 and 10161 Ans: C Page: 596 Difficulty: Moderate [QUESTION] 21. On which port does the NMS receives/listen? A. 160 B. 161 C. 162 D. 163 Ans: C Page: 596 Difficulty: Moderate [QUESTION] 22. What User Datagram Protocol (UDP) ports does SNMP use for secure communication? A. 61 and 62 B. 610 and 612 C. 161 and 162 D. 10162 and 10161 Ans: D Page: 596 Difficulty: Moderate [QUESTION] 23. A packet sniffer is a program that queries a network interface and collects packets in a file called a __________ file. A. capture B. log C. flow cache D. syslog Ans: A Page: 596 Difficulty: Moderate [QUESTION] 24. Packet sniffers need to capture all the packets they can so it is typical for them to connect to an interface in __________ mode. A. clear text

Copyright © 2018 McGraw-Hill Education. All rights reserved.

B. closed C. promiscuous D. open Ans: C Page: 596 Difficulty: Moderate [QUESTION] 25. In the case of a switch, it is typical for packet sniffers to connect to an interface using a __________ port. A. virtual B. mirrored C. promiscuous D. closed Ans: B Page: 596 Difficulty: Moderate [QUESTION] 26. A protocol analyzer tool is often referred to as a __________ analyzer. A. segment B. frame C. packet D. cache Ans: C Page: 596 Difficulty: Moderate [QUESTION] 27. Which program is an example of a powerful and free protocol analyzer? A. Wireshark B. Syslog C. Cisco Network Assistant (CNA) D. PerfMon Ans: A Page: 597 Difficulty: Moderate [QUESTION] 28. Which filtering term does Wireshark use when creating a file that only shows DHCP packets? A. DHCP B. FilterDHCP C. bootp D. FILTER Ans: C Page: 598 Difficulty: Moderate [QUESTION] 29. Which tool was developed for packet flow monitoring and was subsequently included in Cisco routers and switches?

Copyright © 2018 McGraw-Hill Education. All rights reserved.

A. NetFlow B. Wireshark C. PerfMon D. Syslog Ans: A Page: 599 Difficulty: Moderate [QUESTION] 30. In NetFlow, a single flow is a flow of __________ from one specific place to another. A. frames B. packets C. segments D. cylinders Ans: B Page: 599 Difficulty: Moderate [QUESTION] 31. In NetFlow, single flows are stored in a __________. A. log B. flow cache C. packet D. frame Ans: B Page: 599 Difficulty: Moderate [QUESTION] 32. If you want to know how hard your network is working, use a(n) __________. A. management information base B. flow cache C. performance manager D. interface monitor Ans: D Page: 600 Difficulty: Moderate [QUESTION] 33. Interface monitors track the quantity and utilization of traffic through a physical __________ or ports on a single device. A. network interface card (NIC) B. port C. switch D. frame Ans: B Page: 600 Difficulty: Moderate [QUESTION] 34. A port will drop a packet for one of two reasons: __________.

Copyright © 2018 McGraw-Hill Education. All rights reserved.

A. an error or a discard B. a discards or a drop C. a delay or a drop D. an error or a delay Ans: A Page: 600 Difficulty: Moderate [QUESTION] 35. A __________ is when a port intentionally drops a well-formed frame. A. failure B. halt C. drop D. discard Ans: D Page: 600 Difficulty: Moderate [QUESTION] 36. Performance monitors use system __________ files to track performance over time. A. access control list B. flow cache C. routing table D. log Ans: D Page: 602 Difficulty: Moderate [QUESTION] 37. Which term does PerfMon use when referring to the monitored aspect of the system? A. Facilities B. Counters C. Modes D. Characteristics Ans: B Page: 602 Difficulty: Moderate [QUESTION] 38. What term does syslog use when referring to the monitored aspect of the system? A. Facilities B. Counters C. Modes D. Characteristics Ans: A Page: 602 Difficulty: Moderate [QUESTION] 39. Which tool is used to create a baseline on Windows systems? A. Performance Monitor

Copyright © 2018 McGraw-Hill Education. All rights reserved.

B. Cacti C. Syslog D. NetFlow Ans: A Page: 602 Difficulty: Moderate [QUESTION] 40. Which program is an example of a graphing tool that could be used show everything about specific switches? A. NetFlow B. Cacti C. Syslog D. Cisco Network Assistant (CNA) Ans: B Page: 604 Difficulty: Moderate COMPLETION [QUESTION] 41. The ____________________ is the de facto network management protocol for TCP/IP networks. Ans: Simple Network Management Protocol (SNMP) Simple Network Management Protocol SNMP Page: 593 Difficulty: Hard [QUESTION] 42. An SNMP system—which creates a(n) ____________________—consists of at least three components: SNMP manager, managed device, Management Information Bases. Ans: managed network Page: 594 Difficulty: Hard [QUESTION] 43. The ____________________ requests and processes information from the managed devices. Ans: SNMP manager Page: 594 Difficulty: Hard [QUESTION] 44. The SNMP manager runs specialized software called ____________________. Ans: network management station (NMS) network management station NMS Page: 594 Difficulty: Hard [QUESTION] 45. Managed devices run specialized software called ____________________.

Copyright © 2018 McGraw-Hill Education. All rights reserved.

Ans: agents Page: 594 Difficulty: Moderate [QUESTION] 46. SNMP is a(n) ____________________ protocol, meaning it can be adapted to accommodate different needs. Ans: extensible Page: 594 Difficulty: Moderate [QUESTION] 47. SNMP uses ____________________ to categorize the data that can be queried (and subsequently analyzed). Ans: management information bases (MIBs) management information bases MIBs Page: 594 Difficulty: Hard [QUESTION] 48. The common term for each of the SNMP system core functions is ____________________. Ans: protocol data unit (PDU) protocol data unit PDU Page: 594 Difficulty: Moderate [QUESTION] 49. An NMS can tell an agent to make changes to the information it queries and sends, called ____________________, through a Set PDU. Ans: variables Page: 594 Difficulty: Moderate [QUESTION] 50. The ____________________ utility, tells the SNMP manager to perform a series of Get commands. Ans: snmpwalk Page: 595 Difficulty: Moderate [QUESTION] 51. The SNMP manager software has the event management capability to send ____________________: notifications directly sent to the technicians when their intervention is required. Ans: alerts Page: 595 Difficulty: Moderate [QUESTION] 52. SNMP uses ____________________ ports 161 and 162 for nonsecure communication. Ans: User Datagram Protocol (UDP)

Copyright © 2018 McGraw-Hill Education. All rights reserved.

User Datagram Protocol UDP Page: 596 Difficulty: Moderate [QUESTION] 53. SNMP adds security using ____________________. Ans: Transport Layer Security (TLS) Transport Layer Security TLS Page: 596 Difficulty: Moderate [QUESTION] 54. A(n) ____________________ is a program that queries a network interface and collects (captures) packets in a file called a capture file. Ans: packet sniffer Page: 596 Difficulty: Moderate [QUESTION] 55. A(n) ____________________ is a program that processes capture files from packet sniffers and analyzes them based on our monitoring needs. Ans: protocol analyzer Page: 596 Difficulty: Moderate [QUESTION] 56. ____________________, written by Gerald Combs, is a powerful and free protocol analyzer that is considered to be the perfect prototype of a protocol analyzer. Ans: Wireshark Page: 597 Difficulty: Easy [QUESTION] 57. In packet flow monitoring, a single ____________________ is a flow of packets from one specific place to another. Ans: flow Page: 599 Difficulty: Moderate [QUESTION] 58. Most of the heavy lifting of NetFlow is handled by the ____________________. Ans: NetFlow collectors Page: 599 Difficulty: Moderate [QUESTION] 59. ____________________ track the bandwidth and utilization of one or more interfaces on one or more devices. Ans: Interface monitors

Copyright © 2018 McGraw-Hill Education. All rights reserved.

Page: 600 Difficulty: Hard [QUESTION] 60. With interface monitoring, ____________________ references how much of the port’s total bandwidth is being used. Ans: utilization Page: 600 Difficulty: Easy [QUESTION] 61. A(n) ____________________ tracks the performance of some aspect of a system over time and lets you know when things aren’t normal. Ans: performance monitor Page: 601 Difficulty: Moderate [QUESTION] 62. The most common macOS and Linux performance monitor tool is called ____________________. Ans: syslog Page: 602 Difficulty: Moderate [QUESTION] 63. ____________________ store information about the performance of some particular aspect of a system. Ans: Logs Page: 602 Difficulty: Moderate [QUESTION] 64. Part of any proper performance monitor is the facility to create a(n) ____________________: a log of performance indicators such as CPU usage, network utilization, and other values to give you a picture of your network and servers when they are working correctly. Ans: baseline Page: 602 Difficulty: Moderate [QUESTION] 65. The job of providing proper security and maintenance for log files is called ____________________. Ans: log management Page: 602 Difficulty: Easy [QUESTION] 66. ____________________ means that as a new record appears in a file, the oldest record in the file is deleted. Ans: Cycling Page: 603 Difficulty: Moderate

Copyright © 2018 McGraw-Hill Education. All rights reserved.

[QUESTION] 67. A(n) ____________________ is a centralized location for technicians and administrators, used to manage all aspects of the network. Ans: network operations center (NOC) network operations center NOC Page: 604 Difficulty: Moderate [QUESTION] 68. On an SNMP-managed network, a(n) ____________________ program could create graphs and diagrams that display any set of the data received. Ans: graphing Page: 604 Difficulty: Moderate [QUESTION] 69. ____________________ are the computers sending the most data. Ans: Top talkers Page: 606 Difficulty: Moderate [QUESTION] 70. ____________________ are the computers receiving the most data. Ans: Top listeners Page: 606 Difficulty: Moderate ESSAY [QUESTION] 71. Identify three components in a managed network. Ans: A managed network consists of at least three components: • SNMP manager • Managed device • Management Information Bases. Page: 594 Difficulty: Hard [QUESTION] 72. Identify several managed device types. Ans: Managed device types include workstations, printers, video cameras, routers, switches, and more. Page: 594 Difficulty: Easy [QUESTION] 73. Why does the information that the SNMP manager gets from managed devices vary so much? Ans: The kind of information the SNMP manager can monitor from managed devices varies a lot, primarily because SNMP is an extensible protocol, meaning it can be adapted to accommodate different needs. Developers can create software that queries pretty much any aspect of a managed device, from

Copyright © 2018 McGraw-Hill Education. All rights reserved.

current CPU load on a workstation to how much paper is left in a printer. SNMP uses management information bases (MIBs) to categorize the data that can be queried (and subsequently analyzed). Page: 594 Difficulty: Hard [QUESTION] 74. Once set up properly, how does an SNMP gather information? Ans: Once set up properly, an SNMP managed network runs regular queries to managed devices and then gathers that information in a format usable by SNMP operators. Page: 594 Difficulty: Moderate [QUESTION] 75. What are alerts and how are they disseminated? Ans: Alerts are notifications directly sent to the technicians when their intervention is required. These notifications can have a variety of forms. When the SNMP system was initially rolled out, one snarky manager suggested using text messages via Short Message Service (SMS) alerts that would cause techs’ smartphones to meow upon receipt. That idea was nixed pretty early in favor of e-mail alerts (without any pictures attached). Page: 595 Difficulty: Hard [QUESTION] 76. Briefly list the versions of SNMP. Ans: SNMP has (as of this writing) three major versions. SNMP version 1 (SNMPv1) appeared in three requests for proposals (RFPs) all the way back in 1988. SNMPv2 was a relatively minor tweak to version 1. SNMPv3 added additional security with support for encryption and robust authentication, plus it provided features to make administering a large number of devices easier. Page: 596 Difficulty: Moderate [QUESTION] 77. Describe the ports SNMP uses for unsecure and secure communications. Ans: SNMP uses User Datagram Protocol (UDP) ports 161 and 162 for nonsecure communication. The NMS receives/listens on port 162. The agent receives/listens on port 161. When security is added via Transport Layer Security (TLS) the standard ports used are 10162 and 10161, respectively. Page: 596 Difficulty: Hard [QUESTION] 78. List the four major types of monitoring tools. Ans: The four major types of monitoring tools are: • Packet sniffers • Protocol analyzers • Interface monitors • Performance monitors Page: 596 Difficulty: Moderate [QUESTION] 79. Briefly describe a packet sniffer.

Copyright © 2018 McGraw-Hill Education. All rights reserved.

Ans: A packet sniffer (or just sniffer) is a program, a software tool that queries a network interface and collects (captures) packets in a file called a capture file. These programs might sit on a single computer, or perhaps on a router or a dedicated piece of hardware. Page: 596 Difficulty: Moderate [QUESTION] 80. How do packet sniffers capture all the packets they can? Ans: Packet sniffers need to capture all the packets they can, so it’s typical for them to connect to an interface in promiscuous mode or, in the case of a switch, a mirrored port. This ensures they get as much data as possible. They run silently and transparently in the background. Page: 596 Difficulty: Moderate [QUESTION] 81. Explain why you do not really see packet sniffers as a standalone product. Ans: Packet sniffers are essential information-gathering tools, but we also need a tool to enable analysis of the captured packets. For this reason, you don’t really see packet sniffers as a stand-alone product. Instead, they are usually packaged with a protocol analyzer. Page: 596 Difficulty: Moderate [QUESTION] 82. Briefly describe a protocol analyzer. Ans: A protocol analyzer is a program that processes capture files from packet sniffers and analyzes them based on our monitoring needs. A good protocol analyzer can filter and sort a capture file based on almost anything and create an output to help us do monitoring properly. Page: 596 Difficulty: Easy [QUESTION] 83. Identify additional terms for utilities that analyze packets. Ans: Various names are used to describe utilities that analyze packets: packet sniffer, packet analyzer, protocol analyzer, and network analyzer. There’s so much overlap here! That can be attributed to the fact that so many protocol analyzers come with sniffers as well. Bottom line, don’t rely on the name of the monitoring tool to determine all it can do. Read the tech specs. Page: 596 Difficulty: Moderate [QUESTION] 84. Describe the three parts of Wireshark’s screen that display after you stop the capture. Ans: Wireshark’s screen breaks into three parts. The top part is a numbered list of all the packets in the capture file, showing some of the most important information. The second part is a very detailed breakdown of the packet that is currently highlighted in the top pane. The bottom pane is the hex representation and the ASCII representation of whatever part of the second pane is detailed. Page: 597-598 Difficulty: Moderate [QUESTION] 85. Describe the downside to a Wireshark capture.

Copyright © 2018 McGraw-Hill Education. All rights reserved.

Ans: The downside to a capture is that Wireshark is going to grab everything unless you filter the capture or filter the capture file after the capture. In many cases you will find yourself doing both. Note that the DHCP filter doesn’t actually say “DHCP.” Wireshark uses the term bootp because it follows the same structure as its predecessor. All the other Wireshark filters use the acronym you’d expect today, such as dns, ssh, http, and so on. Page: 598 Difficulty: Moderate [QUESTION] 86. Explain what is meant by a single flow from a NetFlow perspective. Ans: A single flow is a flow of packets from one specific place to another. Each of these flows is then cached in a flow cache. Page: 599 Difficulty: Moderate [QUESTION] 87. From a NetFlow perspective, explain how analyzing the flow of data helps an administrator. Ans: Analyzing the flow data enables administrators to build a clear picture of the volume and flow of traffic on the network. This in turn enables them to optimize the network (by adding capacity where needed or other options). Page: 599 Difficulty: Moderate [QUESTION] 88. How should an administrator enable NetFlow in order to use it? Ans: To use NetFlow you must enable NetFlow on that device. If the device doesn’t support NetFlow, you can use standalone probes that can monitor maintenance ports on the unsupported device and send the information to the NetFlow collector. Page: 599 Diff...