Chapter 1
Networking Basics and Terminology
CERTIFICATION OBJECTIVES
1.01 Configuring Load Balancers
1.02 Managing IPv4
1.03 Managing IPv6
QUESTIONS
Disruption of connectivity to applications presents a risk for both on-premises and cloud-based apps. App performance can influence the effectiveness of IT solutions used to address business needs.
Load balancing addresses both application reachability and performance needs. A load balancer accepts client app requests and routes them to a pool of backend servers, where the least busy server services the request. Because there are multiple servers serving up the app, a backend server failure does not disrupt user connections to apps; instead, the load balancer does not route client requests to the unresponsive host.
Internet Protocol version 4 (IPv4) and the newer IPv6 are the protocol foundations on which network services are available. IPv6 uses a 128-bit hexadecimal addressing scheme as well as device discovery and communication techniques that differ from IPv4.
1. Which of the following benefits are realized from implementing a load balancer? (Choose two.)
A. Improved app performance
B. Increased app security
C. Increased app regulatory compliance
D. Increased app availability
2. A busy web site has not been responding well because of the large volume of HTTP requests sent to the web server. Which solution would be the most optimal to improve current and future web server performance?
A. Add more RAM to the web server.
B. Use two web servers hosting the same content. Configure a load balancer to distribute incoming HTTP connections between the two web servers.
C. Place a router between the web server and the Internet to throttle incoming HTTP connections.
D. Enable SSL on the web server.
3. You would like to prevent client requests from being serviced by busy backend servers hosting user sessions. Which load balancer scheduling algorithm should you configure?
A. Round robin
B. Weighted round robin
C. Random
D. Least connections
4. During an IT meeting, your colleague Trinity suggests that there is a single point of failure in the single load balancer in place for the company web site ordering system. She suggests having two load balancers configured, with only one in service at a given time. What type of load balancing configuration has Trinity described?
A. Round robin
B. Active-active
C. Active-passive
D. Least connections
5. An active-passive load balancer solution is configured on your network. When the standby load balancer determines that the primary load balancer is down, what attribute does it take control of?
A. Load balancer MAC address
B. Load balancer IP address
C. First backend server MAC address
D. First backend server IP address
6. Your public cloud–based load balancer uses Linux backend servers to host a web application. Each backend Linux host is configured with only a single private IPv4 address. You need to be able to manage each Linux backend host remotely from your on-premises network without exposing each backend server directly to the Internet. Which options should you consider? (Choose two.)
A. Assign a public IP address to each backend Linux instance.
B. Assign an IPv6 address to each backend Linux instance.
C. Configure inbound NAT rules on the load balancer.
D. Configure a jump box solution.
7. To improve application performance for a public-facing web application, you want to reduce the amount of processing for each backend Windows server configured in a load balancer backend server pool. HTTPS is currently configured on each server. HTTPS is required to protect traffic web application traffic. What should you do?
A. Enable SSL/TLS pass-through on the load balancer.
B. Configure IPSec on the load balancer.
C. Configure SSL/TLS termination at the load balancer.
D. Generate a new certificate for the load balancer DNS name.
8. How does an OSI layer 7 load balancer differ from a layer 4 load balancer?
A. Layer 7 load balancers can inspect IP addresses to make load balancing decisions.
B. Layer 7 load balancers can inspect URLs to make load balancing decisions.
C. Layer 7 load balancers can examine MAC addresses to make load balancing decisions.
D. Layer 7 load balancers can examine port numbers to make load balancing decisions.
9. Refer to Figure 1-1. Which type of load balancing is being depicted?
A. Fixed weighted
B. Source IP hash
C. Least connection
D. Round robin
FIGURE 1-1
Load balancer connections
10. What is the primary purpose of a load balancer health probe configuration?
A. To check Internet connectivity
B. To check load balancer responsiveness
C. To check backend server responsiveness
D. To compare performance baselines to current metrics
11. While testing a custom load balanced application, you determine that the app depends on client devices being connected to the same backend server throughout a session. Which load balancer option should you enable to support this kind of behavior?
A. Source IP affinity
B. Health probe
C. Round robin
D. Fixed weight
12. IPv6 addresses consist of how many bits?
A. 8
B. 16
C. 32
D. 128
13. You need to test to determine whether a local IPv6 stack is functioning on a Windows 10 host. Which command should you issue?
A. ping 127.0.0.1
B. ipconfig –test 127.0.0.1
C. ping 0:0:0:0:0:0:0:1
D. ipconfig –test 0:0:0:0:0:0:0:1
14. An IT technician issues the Windows ipconfig command and is concerned after noticing an address with an FE80 prefix. What should you tell the technician?
A. IPv6 hosts always have a link-local unicast address beginning with FE80.
B. IPv6 hosts with an FE80 address are unable to communicate on the Internet.
C. FE80 is similar to an IPv4 169.254 prefix; it means the host could not reach a DHCP server.
D. The IPv4 FE80 prefix is the local loopback address.
15. Which IPv6 protocol is primarily responsible for error and status information?
A. TCP
B. ICMP
C. UDP
D. IP
16. Refer to Figure 1-2. What is wrong with the listed configuration? (Choose two.)
A. The load balancer is using a link-local IPv6 address instead of a public IPv6 address.
B. IPv6 addresses can use double colon notation only once within an IPv6 address.
C. Load balancer backend servers cannot be configured with IPv6 addresses.
D. Load balancer public IP addresses must be IPv4, not IPv6.
FIGURE 1-2
Load balancer addressing
17. One backend server named HOST 2 is used by a load balancer in a backend pool. HOST 2 has more RAM and CPU processing power than others in the same backend pool. You need to ensure that more client requests are serviced by this powerful server. What should you do?
A. Assign a lower priority weight value to HOST 2.
B. Assign a low priority weight value to the load balancer.
C. Assign a high priority weight value to the load balancer.
D. Assign a higher priority weight value to HOST 2.
18. Which load balancing scheduling algorithm treats all backend servers equally when it comes to client request processing capabilities?
A. Round robin
B. Weighted round robin
C. Random
D. Least connections
19. Which of the following terms is the most closely related to a load balancer?
A. Reverse proxy
B. Forward proxy
C. Jump box
D. Content delivery network
20. Which of the following load balancing solutions is best suited for routing incoming video-streaming requests to specific backend servers optimized for streaming?
A. Layer 4 load balancer
B. Round robin
C. Fixed weight
D. Layer 7 load balancer
21. You are configuring a load balancer to support a backend pool of FTP servers using standard port numbers. Which TCP ports should the load balancer accept FTP requests on?
A. 20, 21
B. 21, 23
C. 21, 80
D. 80, 443
22. Users complain that when they access a load balanced shopping web site, periodically the contents of their shopping cart is lost. What should you configure in the load balancer to alleviate the issue?
A. Active-passive
B. Virtual IP
C. Persistence
D. Active-active
23. You are configuring load balancer support for an HTTPS custom web application. Which of the following statements regarding this scenario are correct? (Choose two.)
A. Backend servers can listen on any port number.
B. Traffic between the load balancer and backend servers does not have to be encrypted.
C. The backend server port number must be the same as the load balancer VIP port number.
D. HTTPS requires an active-active load balancer configuration.
24. You are designing a load balancing strategy for a multi-tiered web app named APP1 that uses frontend publicly accessible web servers, application servers, and database servers. APP1 experiences a large number of requests each day. You need to ensure that the performance of each web app tier is optimized. What should you do?
A. Configure an internal load balancer in front of the web servers, an internal load balancer between web servers and app servers, and a public load balancer between app servers and database servers.
B. Configure a public load balancer in front of the web servers, an internal load balancer between web servers and app servers, and another internal load balancer between app servers and database servers.
C. Create a load balancer active-active configuration.
D. Create a load balancer active-passive configuration.
25. Refer to Figure 1-3. To ensure proper load balanced web app functionality, what should be configured where a question mark appears in the diagram?
A. Database backup
B. Active-active load balancer configuration
C. Active-standby load balancer configuration
D. Database replication
FIGURE 1-3
Load balanced multi-tiered web application
26. Which IPv6 protocol is used to discover neighboring hosts on a local area network?
A. ARP
B. TCP
C. UDP
D. NDP
27. Refer to Figure 1-4. Which statements about this configuration are correct? (Choose two).
A. An IPv4 DHCP server was not reachable.
B. The FE80 IPv6 address will still appear if a static IPv6 address is configured.
C. The FE80 IPv6 address will not appear if a static IPv6 address is configured.
D. Network traffic can be routed to remote IP networks (no default gateway is set).
FIGURE 1-4
IP configuration
28. Refer to Figure 1-5. The nature of the load balanced application is such that users must connect to the same backend server for the duration of their connection. Which option should be configured?
A. The protocol should be set to UDP.
B. The port should be 443.
C. The backend port should be 443.
D. Session persistence should be enabled.
FIGURE 1-5
Load balancer configuration
29. Refer to Figure 1-6. Which aspect of a load balancer configuration does this apply to?
A. Session persistence
B. Frontend IP address
C. Health probe
D. Backend server pool
FIGURE 1-6
Load balancer configuration
30. Refer to Figure 1-7. You need the ability to manage servers in BEPool1 from a remote network. What should you configure?
A. Session persistence
B. NAT rule
C. IPv6 Private IP address
D. SSH public key
FIGURE 1-7
Load balancer configuration settings
31. You have an active-active load balancer configuration for a web app using a backend Microsoft SQL Server database. How many SQL database instances are active concurrently?
A. None
B. One
C. Two
D. It depends on the backend pool configuration
32. You have configured two load balancers to work together. The first load balancer routes all client traffic to backend servers, while the second load balancer is idle. What type of configuration is this?
A. Active-active
B. Active-passive
C. Active-scheduled
D. Active-persistent
QUICK ANSWER KEY
1. A, D
2. B
3. D
4. C
5. B
6. C, D
7. C
8. B
9. D
10. C
11. A
12. D
13. C
14. A
15. B
16. A, B
17. D
18. A
19. A
20. D
21. A
22. C
23. A, B
24. B
25. D
26. D
27. A, B
28. D
29. C
30. B
31. D
32. B
IN-DEPTH ANSWERS
1. 
A and D. Load balancers improve app performance because a pool of backend servers is available to handle client requests instead of a single server, which means that these servers can handle the additional request load that may occur. App availability is increased because a pool of backend servers is available to service client requests. A backend server failure means client requests will be serviced by backend servers that remain up and running.
B and C are incorrect. Load balancing is not directly related to increasing the security of an app, even with Secure Sockets Layer/Transport Layer Security (SSL/TLS) termination. Compliance with regulations is not necessarily achieved with the deployment of a load balancer.
2. B. Configuring multiple servers behind a load balancer allows for the distribution of incoming network traffic among those servers. This improves the performance of busy web applications and increases availability because more than one server is hosting the same application.
A, C, and D are incorrect. Adding more RAM can sometimes improve the performance of a computing device, but the problem here is network performance based. Routers determine the best path to be used when transmitting data between networks. They are not used to increase network performance to a web server. SSL secures network transmissions and is not related to improving network performance to a web server.
3. D. The least connections algorithm ensures that traffic is sent to the backend server with the smallest amount of active connections.
A, B, and C are incorrect. The round robin algorithm sends traffic to the first backend node, then the second, the third, back to the first, and so on. Weighted round robin is similar to round robin but differs in that it also takes the overall computing power into consideration, so the beefiest servers get sent traffic first. Random algorithms, as the name suggests, route client traffic to backend servers randomly.
4. C. Active-passive configurations consist of two load balancers, one of which is active. When the active load balancer is unresponsive, the second load balancer takes over.
A, B, and D are incorrect. Round robin and least connections are load balancer scheduling algorithms and are not related to fault tolerance with multiple load balancers. Active-active means that both load balancers function at the same time and work together to distribute incoming traffic to backend nodes.
5. B. A virtual IP address (load balancer IP address) is assigned to the active load balancer. This is the externally exposed address that the DNS names must resolve to.
A, C, and D are incorrect. MAC addresses are not exchanged in an active-passive load balancer configuration; neither is the first backend server IP address.
6. C and D. Load balancer inbound NAT rules allow incoming traffic to the load balancer on a given port, such as SSH for Linux management, to be mapped to internal hosts configured with only private IP addresses. A jump box is a physical or virtual server with at least two network interfaces with routing between the interfaces disabled. One jump box interface has a connection to a public network and the second interface has a connection to an internal network. Once authenticated to the jump box, administrators can use it as a launch pad to connect to internal hosts.
A and B are incorrect. For security reasons, each backend Linux instance should not be directly exposed to the Internet with a public IPv4 or IPv6 address.
7. C. Configuring SSL/TLS termination at the load balancer offloads this computationally expensive operation from each backend server. This means network connections to and from the load balancer are protected using HTTPS. Traffic between the load balancer and backend servers is not protected with HTTPS.
A, B, and D are incorrect. SSL/TLS pass-through uses HTTPS configurations on each backend server; this needs to be disabled in this scenario to reduce the workload on each backend server. IPSec is not as well suited for protecting public-facing web applications as HTTPS, so IPSec should not be configured on the load balancer for this purpose. Load balancers can be configured with custom DNS names to match existing DNS names in PKI certificates. DNS records would need to be changed to resolve the DNS name to the IP address of the load balancer.
8. B. Layer 7 of the OSI model, the application layer, enables access to all packet contents including the payload; therefore, URLs can be examined by the load balancer to determine which backend servers should receive the request.
A, C, and D are incorrect. OSI layer 7 does not apply to IP addresses (layer 3), MAC addresses (layer 2), or port numbers (layer 4).
9. D. With round robin load balancing, each client request to the load balancer is routed to the next backend server in sequence, one after the other.
A, B, and C are incorrect. Fixed weighted load balancing uses an assigned “weight” value, and servers with higher priority weight values receive the most requests. Source IP hashing generates a hash value from the source and destination IP addresses of a request to determine which backend server will service a request; it is not sequential, as shown in the figure. Least connection load balancing ensures that traffic is sent to the backend server with the smallest amount of active connections.
10. C. A load balancer can be configured to test connectivity to backend servers periodically on a given port number using health probes. Unresponsive backend servers are marked as unhealthy and do not receive client app requests.
A, B, and D are incorrect. None of the listed items defines the purpose of configuring load balancer health probes. Health probes are used to ensure that load balanced backend servers are responsive, not to check Internet or load balancer connectivity or compare performance metrics.
11. A. Load balancer source IP affinity, also called client IP affinity, ensures that clients remain connected to the same backend host during an app session.
B, C, and D are incorrect. A load balancer can be configured to test connectivity to backend servers periodically on a given port number using health probes. Unresponsive backend servers are marked as unhealthy and do not receive client app requests. With round robin load balancing, each client request to the load balancer is routed to the next backend server in sequence, one after the other. Fixed weighted load balancing uses an assigned “weight” value, and servers with higher priority weight values receive the most requests.
12. D. IPv6 addresses are 128 bits long, represented as eight 16-bit groups of hexadecimal characters, where each group is separated with a colon.
A, B, and C are incorrect. None of the listed values correctly represents the number of bits in an IPv6 address.
13. C. The Windows ping command can be used to test IPv6 functionality for the IPv6 local loopback address of 0:0:0:0:0:0:0:1, also referred to as ::1. The double colons represent a series of consecutive zeroes.
A, B, and D are incorrect. The ipconfig command is not used to test IPv6 connectivity; 127.0.0.1 is the IPv4 local loopback address; and 0:0:0:0:0:0:0:1 is the IPv6 local loopback address.
14. A. The IPv6 FE80 prefix is used for link-local unicast addresses. IPv6 hosts always have this type of IP address, whether or not they are configured with a static IP address or are configured to use DHCP.
B, C, and D are incorrect. All IPv6 hosts have an FE80 link-local unicast address for local network purposes; this does not prevent Internet connectivity. FE80 addresses are not the same as IPv4 168.254 addresses, which result when a DHCP server is not reachable. The IPv6 local loopback address is 0:0:0:0:0:0:0:1 and does not begin with FE80. The IPv4 local loopback address is 127.0.0.1.
15. B. The Internet Control Message Protocol (ICMP) is responsible for error and status information in IPv4 and IPv6.
A, C, and D are incorrect. Transmission Control Protocol (TCP) is responsible for the establishing and maintaining of TCP sessions as well as the acknowledging of the receipt of transmissions. User Datagram Protocol (UDP) is a best-effort transmission method that does not establish sessions or acknowledge receipt of sent packets. Internet Protocol (IP) is responsible for routing traffic to destinations.
16. A and B. IPv6 addresses using the FE80 prefix are automatically assigned to network interfaces and are used for local area network connectivity, not public Internet connectivity. The double colon notation in IPv6 represents a series of zeroes and can be used only once within an IPv6 address.
C and D are incorrect. Load balancers and backend servers can use either IPv4 or IPv6 addresses.
17. D. Assigning a higher priority weight value to HOST 2 as compared to other backend hosts in the same pool means HOST 2 will service more requests than other servers in the pool.
A, B, and C are incorrect. Lower priority weight values would result in less requests being sent to HOST 2. Weight values apply to backend pool hosts, not the load balancer itself.
18. A. Round robin sends traffic to the first backend node, then the second, the third, back to the first, and so on. All servers are treated equally when it comes to client processing capability.
B, C, and D are incorrect. Weighted round robin is similar to round robin but differs in that it also takes the overall computing power into consideration, so that the beefiest servers get sent traffic first. Random, as the name suggests, routes client traffic to backend servers randomly. Least connections ensures that traffic is sent to the backend server with the smallest amount of active connections.
19. A. A reverse proxy accepts clients requests and forwards them to an internal host or hosts for processing, thus hiding the true identity of the internal host(s).
B, C, and D are incorrect. Forward proxies accept client requests and forward them to external services such as Internet web sites, thus hiding the true identity of requesting client devices. Although a load balancer could behave as a jump box to enable external connectivity to internal hosts for management purposes, this is rare compared to much more common load balancing configuration of acting as a reverse proxy. A content delivery network (CDN) replicates content geographically to place it close to the users requesting it, thus reducing network latency.
20. D. OSI layer 7 (the application layer) load balancers can inspect URL requests, such as those that may include references to media, and send those requests to specific backend hosts configured to stream media.
A, B, and C are incorrect. OSI layer 4 (the transport layer) cannot inspect URLs and so would not be able to determine which requests are media-related. Round robin sends traffic to the first backend node, then the second, the third, back to the first, and so on. Fixed weighted load balancing uses an assigned “weight” value, so that servers with higher priority weight values receive the most requests.
21. A. FTP normally uses TCP ports 20 and 21.
B, C, and D are incorrect. Port 23 is used by Telnet daemons. Port 80 is HTTP and port 443 is HTTPS, both of which are used for web servers.
22. C. Configuring the load balancer persistence setting ensures that client session traffic continues to the same backend server. This can be especially important when server-side storage is used for user sessions.
A, B, and D are incorrect. Active-passive load balancer configurations, also called active-standby, provide redundancy in the event that the active load balancer fails, in which case the standby becomes active. A load balancer virtual IP (VIP) is the IP address that receives client requests. A single VIP can be used to load balance an application with many backend servers. In an active-active load balancer configuration, both load balancers can accept traffic on either the same VIP or different VIPs, depending on the configuration and solution being used.
23. A and B. Backend web servers may be configured to listen on TCP port 400, while the load balancer VIP configuration listens on the standard HTTPS port, TCP 443. Load balancers can be configured as SSL/TLS termination points to offload the extra encryption/decryption processing from the backend servers.
C and D are incorrect. Backend server port numbers do not have to match the load balancer VIP port number. HTTPS does not require multiple load balancers.
24. B. To ensure that each web app tier performs optimally, each tier should have a load balancer; a public load balancer between the Internet and the frontend web servers, an internal load balancer between web servers and apps servers, and another internal load balancer between app servers and database servers.
A, C, and D are incorrect. Public load balancers are placed between clients and the frontend web servers. Internal load balancers in this scenario are used for the application and database tiers. Redundant load balancer configurations such as active-active or active-passive will not ensure that each web app tier performs optimally.
25. D. The backend databases should have replication enabled so that if one frontend web server fails, the second frontend web server will point to a database that has up-to-date data.
A, B, and C are incorrect. Although database backups are important, they are not required for a proper load balanced web application. Active-active and active-standby load balancer configurations do not apply to backend database servers.
26. D. Neighbor Discovery Protocol (NDP) is used by IPv6 to discover nodes on a local are network.
A, B, and C are incorrect. Address Resolution Protocol (ARP) is used by IPv4 to translate IP addresses to MAC addresses. Transmission Control Protocol (TCP) is responsible for the establishing and maintaining of TCP sessions as well as the acknowledging of the receipt of transmissions. User Datagram Protocol (UDP) is a best-effort transmission method that does not establish sessions or acknowledge receipt of sent packets.
27. A and B. An IPv4 address with a 169.254 prefix results from being unable to reach a DHCP server. IPv6 uses the FE80 prefix for local network discovery and communication. An IPv6 address with the FE80 prefix exists even if a static IPv6 configuration is applied.
C and D are incorrect. IPv6 FE80 prefix address are always attached to a network interface and do not disappear if static IPv6 addresses are configured. Because a default gateway is not configured, traffic cannot be routed to remote IP networks.
28. D. Session persistence is enabled when clients need to connect to the same backend server throughout a session.
A, B, and C are incorrect. None of the listed items links a client to the same backend server for the duration of a session.
29. C. Health probes are used periodically to test the reachability of backend servers to determine when they are unhealthy. The load balancer does not route client requests to unhealthy backend servers.
A, B, and D are incorrect. None of the listed items is indicated in Figure 1-6. The Unhealthy Threshold field indicates this is a health probe configuration.
30. B. Inbound Network Address Translation (NAT) rules allow traffic external to the load balancer to come in through the load balancer and be mapped to backend servers for management purposes.
A, C, and D are incorrect. None of the listed options would allow management access to backend servers through a load balancer.
31. D. Each backend server may have a replicated SQL database, or each backend server may refer to shared storage or a dedicated server hosting the SQL database.
A, B, and C are incorrect. There is no definitive number of active SQL database instances implied just because there is an active-active load balancer configuration. There are, however, two load balancers active concurrently (active-active).
32. B. An active-passive load balancer configuration links two load balancers together for high availability, but only one load balancer is active at any time.
A, C, and D are incorrect. An active-active load balancer configuration means both load balancers are active at the same time and can route client traffic to backend servers. Active-scheduled and active-persistent are invalid load balancer configuration terms.