CNIT 34220 Final Exam Questions and Answers Rated A+

CNIT 34220 Final Exam Questions and Answers Rated A+ Examples of Inbound Web Service Connections protocols, addressing, redundancy, load balancing Examples of Outbound Web Service Connections proxy servers What port does HTTP use? Port 80 HTTP is a __________ protocol simple TCP sessions established by HTTP 1) "Control" session for the base HTML data that defines the webpage 2) Multiple other sessions for the content defined on the page What port does HTTPS use? Port 443 T/F: HTTPS authenticates the server true T/F: HTTPS does not require a digital certificate False, HTTPS requires a cert from a trusted certificate authority to work transparently (if the cert authority is not trusted the browser will alert the user) T/F: Multiple sites can exist on the same web server True, each site should consist of a unique DNS identifier Basic steps in Web Server Configuration: 1) Define a default page to be used when a request is made for the base page or a directory 2) Define sites What does CNAME do? CNAME points to the underlying host name of a web server (ex: is CNAMED at ) T/F: IP Based HTTP Site Identification is the most efficient F: it is an inefficient use of IP addresses and therefore frowned upon by ICANN b/c multiple IP addresses are bound to the web server's external NIC Each site has its own underlying DNS "A" record IP Based HTTP Site Identification Each site has its own DNS "CNAME" record that points to the underlying hostname DNS Name HTTP Site Identification What is the preferred method of HTTP Site Identification? DNS Name HTTP Site Identification (there is one IP address for the server = more efficient use of IP addresses) How does a web server decide which page to serve in DNS Name HTTP Site Identification? Based on the DNS entry from the HTTP Get from the URL Basic HTTPS site configuration 1) Acquire and assign certificates for each site 2)Create a redirect page to send user from http --> 3)Use separate IP addresses for each site T/F: HTTPS security is established on an IP basis rather than a name basis True (this is why separate IPs are required for each site) T/F: Simple Servers always support HTTPS F: Simple servers often DO NOT support HTTPS Disadvantages of Simple Servers 1) often added on top of existing workstations which creates significant security issues 2) doesn't support HTTPS 3) often offer no method of authenticating A highly available web server running in a secure environment is a ____________________________________ Single Dedicated Server T/F: Single Dedicated Servers support both HTTP and HTTPS True Where are Single Dedicated Servers typically placed? in a DMZ What is the reverse proxy server located in the first layer DMZ responsible for? Answering the incoming connection request (and then making a connection back to the actual web server where it retrieves the page and presents it to the requesting node) T/F: Reverse Proxy Servers increase security True, it places a machine with no actual data as the most exposed serve (if the reverse proxy is breached, it contains nothing) T/F: Reverse proxy servers can add HTTPS level security to non-HTTPS enabled web applications True (the requesting node makes an HTTPS connection to the reverse proxy server which then makes a standard HTTP connection to the actual server) T/F: Reverse proxy servers decrease the capacity of a dynamic web application False, the reverse proxy can cache static content so the actual web server only has to generate the dynamically generated content, and multiple web servers can be placed in the second DMZ to further increase capacity How does DNS flagging as a form of load balancing work? Multiple host addresses are associated with the host name > your DNS server passes out the IPs in a round robin fashion and splits the load across multiple servers How do dynamic load balancers work? The load balancer has a separate control channel with the web servers used to keep track of current utilization, the requesting makes its initial request to the load balancer which then passes the connection to the least loaded server What are the benefits of outbound proxy servers? caching, security, statistics, filtering Why is an outbound proxy servery located in DMZ? To isolate internet traffic from clients T/F: Outbound proxy servers work with HTTP AND HTTPS False, only works with HTTP What are the 2 approaches to Outbound proxy servers 1) Standard 2) Transparent What are the 2 ways that a browser can be configured to use a standard proxy server? 1) Manually 2) Proxy Auto Configuration (PAC) - clients configure themselves upon hitting the script that is placed on internally accessible web server T/F: Clients are aware of a transparent proxy server when they use it False Basic process of a Transparent Proxy Server 1) Outbound HTTP traffic is "hijacked" at the gateway 2) Traffic is routed to the proxy server 3)Proxy spoofs the address of the target server when replying to the client 4)All direct HTTP connections out are blocked What are the benefits of Transparent proxy servers? 1) Requires no client configuration 2)Captures traffic from ALL clients (even guests) Julian Calendar Created by Julius Caesar in 46 BC, 365 days in a year (error in leap year calculation) Gregorian Calendar Decreed by Pope Gregory XIII on Feb 24, 1582 and fixed the leap year calculation UNIX Time Representation -Syst. clock is UTC -13:00 -5 DST -Keeps time based on the seconds since the UNIX Epoch (00:00:) -Will overflow on 1-19-2038 Windows Time Representation -System clock is local time zone -9:00 AM -5 +1 Where does the "Real Time Clock" keep time? BIOS -it keeps time when the computer is turned off but is notoriously inaccurate How is System Time kept? By a process running in the OS -problematic Non-Domain Time Synchronization in Windows -No built in sync -Default is to sync to via SNTP Domain Time Synchronization in Windows -the PDC FSMO role is the time server -all domain members sync to the PDC Protocol Support Time Synchronization in Windows -Pre 2003 SP1 only support SNTP to get time data -2003 SP1 and later support NTPv3 SNTP (Simple Network Time Protocol) An IP-based protocol used to coordinate time among devices across the network SNTP Characteristics -Single transaction (sets the time once) -Can be done repeatedly on a schedule -Time can be off between syncs NTP (Network Time Protocol) An Internet protocol that enables synchronization of computer clock times in a network of computers by exchanging time signals. Benefits of NTP -Uses UTC complete with leap seconds (Marzullo's algorithm takes into account transmission duration for time data) -keeps the clock constantly correct T/F: NTP operates in a hierarchy True T/F: Stratum 1 servers are typically used only to service other time servers True T/F: Stratum 2 servers reference at least 1 stratum 1 server False: they reference at least TWO stratum 1 servers T/F: Stratum 2 servers typically only service stratum 3 servers True T/F: Stratum 3 servers peer with other stratum 3 servers within an organization to create LAN level connectivity True How are NTP Pools organized? Geographically (theoretically this reduces transmission delay) NTP Pools Group of time servers available for public use NTP Pools Structure NTP Timestamps use _____ bit time representation 64 bit (32 bit for seconds and 32 bits for fractional seconds) T/F: VMs should only be synchronized to their host True Key Cloud Concepts 1) Virtualized everything 2) Dynamic Management 3) Non-Dedicated Resources What capabilities do application delivery controllers provide? -Dynamic load balancing -fail over -SSL acceleration -stream processing -monitoring -redirection T/F: An ADC needs to be logically in front of an application/service True T/F: The ADC serves as a virtual server True -it emulates the server and is defined by an IP address and port