2.0 Network Implementation Flashcards

Question 1

Q

You have decided to implement frame tagging in a port-based switching network. What does this technique ensure?

A) that the VLANs are implemented based on protocol
B) that the VLANs are implemented based on port
C) that the VLANs are implemented based on subnet
D) that a single VLAN can be distributed across multiple switches

Answer

A

Frame tagging in a port-based switching network will ensure that a single VLAN can be distributed across multiple switches.

Question 2

Q

You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security to protect against wireless attack. However, you must provide support for older wireless clients. Which protocol should you choose?

A) WEP
B) WPA
C) WAP
D) WPA2

Answer

A

You should implement Wi-Fi Protected Access (WPA). WPA was created to fix core problems with WEP. WPA is designed to work with older wireless clients while implementing the 802.11i standard.

Question 3

Q

What is WAP?

Answer

A

Wireless Application Protocol (WAP) is the default protocol used by most wireless networks and devices. However, because WAP can access Web pages and scripts, there is great opportunity for malicious code to damage a system. WAP is considered the weakest wireless protocol.

Wi-Fi Protected Access 2 (WPA2) completely implements the 802.11i standard. Therefore, it does not support the use of older wireless cards. Identification and WPA2 are considered the best combination for securing a wireless network. WPA2 is much stronger than WPA. In addition, you can implement WPA2 with Temporal Key Integrity Protocol (TKIP), also referred to as TKIP-RC4, or Advanced Encryption Standard (AES), also referred to as AES-CCMP, to provide greater security. WPA2-AES is stronger than WPA2-TKIP.

Question 4

Q

What is WEP?

Answer

A

Wired Equivalent Privacy (WEP) is the security standard for wireless networks and devices that uses encryption to protect data. However, WEP does have weaknesses and is not as secure as WPA or WPA2. Wired Equivalent Privacy (WEP) should be avoided because even its highest level of encryption has been successfully broken.

Question 5

Q

What does an Evil Twin do in terms of hacking into wireless network?

Answer

A

Evil twin − occurs when a wireless access point that is not under your control is used to perform a hijacking attack. It is set up to look just like a valid network, including the same Set Service Identifier (SSID) and other settings.

Question 6

Q

What does an Rogue Access Point do in terms of hacking into wireless network?

Answer

A

Rogue access point (AP) − occurs when a wireless attack that is not under your control is connected to your network. With these devices, they are not set up to look just like your network. This attack preys on users’ failure to ensure that an access point is valid. You can perform a site survey to detect rogue APs.

Question 7

Q

What does an War Driving do in terms of hacking into wireless network?

Answer

A

War driving − occurs when attackers seek out a Wi-Fi network with a mobile device or laptop while driving a vehicle. You can lower the signal strength to help protect against this attack. You should also turn off the broadcasting of the SSID and use WPA or WPA2 authentication.

Question 8

Q

What does an War Chalking do in terms of hacking into wireless network?

Answer

A

War chalking − occurs when attackers place Wi-Fi network information on the outside walls of buildings. Keep an eye out for this type of information by periodically inspecting the outside of your facilities.

Question 9

Q

What does an BlueJacking do in terms of hacking into wireless network?

Answer

A

Bluejacking − the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Turning off Bluetooth when not in use is the best protection against this.

Question 10

Q

What does an BlueSnarfnig do in terms of hacking into wireless network?

Answer

A

Bluesnarfing − the unauthorized access of information from a wireless device through a Bluetooth connection. Once again, turning off Bluetooth when not in use is the best protection against this.

Question 11

Q

What does an WPA/WEP/WPS attacks do in terms of hacking into wireless network?

Answer

A

WPA/WEP/WPS attacks − Any attacks against wireless protocols can usually be prevented by using a higher level of encryption or incorporating RADIUS authentication. Wired Equivalent Privacy (WEP) should be avoided. Wi-Fi Protected Setup (WPS) allow users to easily secure a wireless home network but is susceptible to brute force attacks. Wi-Fi Protected Access (WPA) is more secure than WEP and WPS. WPA2 provides better security than WPA.

Question 12

Q

Which of these devices can perform router functions?

A) Proxy server
B) Multi-layer switch
C) Wireless controller
D) IDS

Answer

A

A multi-layer switch, in addition to working at the Data Link layer (Layer 2), also performs many Layer 3 router functions. When ports on a multi-layer switch are configured as Layer 2 ports, traffic will be routed based on the MAC address. When ports are configured as Layer 3 ports, traffic will be routed based on IP addresses. Multi-layer switches have the ability to route packets between virtual local area networks (VLANs).

Question 13

Q

What does Wireless controllers provide in AP?

Answer

A

Wireless controllers provide centralized management of wireless access points. Without wireless controllers, each access point must be configured individually.

Question 14

Q

What is the difference between IDS/IPS ?

Answer

A

An intrusion detection system (IDS) contrasts with an intrusion prevention system (IPS). When comparing IDS/IPS, IDS is essentially a warning system that provides notification of an intrusion, while IPS is more active and can stop an attack while it is taking place. An IDS does not route traffic.

Question 15

Q

What can a Proxy Server provide in terms of efficiency on the server?

Answer

A

A proxy server can provide caching services to reduce the amount of internet traffic from the gateway.

Question 16

Q

You need to connect wireless devices to a wired local area network. Which device should you implement?

A) CSU/DSU
B) Wireless NIC
C) Access Point
D) Gateway

Answer

A

An access point is either a software or hardware component that acts as a transceiver for wireless devices, connecting them to a wired local area network (LAN). It serves a similar function as a distribution center sending and receiving signals to and from computers on the network. Stations, or computers, placed too far from the access point will be unable to communicate with the network. A wireless network that employs access points is said to be operating in infrastructure mode. However, wireless networks can also be set up with just a few stations and wireless network cards. This is known as ad-hoc mode. Ad-hoc mode networks can be set up quickly; however, all of the stations must be within a 300-foot radius to communicate. A mesh network may use a combination of wireless access points while allowing some devices to connect using ad-hoc mode. Organizational wireless access points usually provide more connections and a wider range of transmission than small office/home office wireless routers.

Question 17

Q

What is a gateway?

Answer

A

A gateway is used to connect networks that use different protocols.

Question 18

Q

What is CSU/DSU funtion?

Answer

A

A Channel Service Unit/Digital Service Unit (CSU/DSU) is a device typically required by leased lines, such as T1 lines, to terminate their media connection to your LAN.

Question 19

Q

What is NIC used for?

Answer

A

A wireless network interface card (NIC) is designed specifically for wireless networks. It is the piece of hardware that enables wireless communication for a computer.

Question 20

Q

Why is placement for WAP important?

Answer

A

Keep in mind that wireless access point (WAP) placement is very important. WAP placement varies based on the environment in which the WAP is placed. WAPs should be centrally placed to ensure that the maximum number of devices can use it. Also, you should consider the other devices in the area, such as cordless telephones, that can cause interference. Placement is particularly important if more than one WAP is implemented in the same area. It may be necessary to configure WAPs that are in close proximity to use different channels.

Question 21

Q

Key features of Wireless controller?

Answer

A

A wireless controller is a centralized device that can be used to manage multiple wireless access points. You need to understand VLAN pooling and Light Weight Access Point Protocol (LWAPP). VLAN pooling assigns IP addresses to wireless clients from a pool of IP subnets and their associated VLANs. The protocols used to communicate between an access point and a wireless control is either the older Lightweight Access Point Protocol (LWAPP) or the more current Control And Provisioning of Wireless Access Points (CAPWAP).

Question 22

Q

What do you use to allow wireless devices to connect to a wired network?

Answer

A

A wireless bridge is a wireless access point that allows wireless devices to connect to a wired network.

Question 23

Q

MU-MIMO is a technology that uses?

Answer

A

Multi-user MIMO (MU-MIMO) is a set of advanced multiple in, multiple out (MIMO) technologies where the available antennas are spread over a multitude of independent access points and independent radio terminals. Each has one or multiple antennas. In contrast, single-user MIMO considers a single multi-antenna transmitter communicating with a single multi-antenna receiver. MIMO is used in 802.11n to allow the wireless network to reach higher speeds.

Question 24

Q

For a branch office network deployment, you have been asked to select network switches for the wiring center in your office building. You need a solution that does not rely on the availability of wall outlets to plug in IP-attached surveillance cameras, IP phones, and wireless access points near the RJ-45 wall jacks where those devices will be attached to the network. Which of the following options within a switch will solve this problem?

A) Configuration files for most common devices
B) QoS Support
C) Web-based UI for setup and configuration
D) Green, energy efficient fanless chassis
E) PoE

Answer

A

Power over Ethernet (PoE), also known as in-line power, allows a network switch to provide power to network-attached devices, including video surveillance cameras, IP phones, and wireless access points (WAPs), through the wall jack that delivers an Ethernet connection. This relieves network designers of the need to ensure adequate power outlets where they wish to stage network devices.

Question 25

Q

Why would you use QoS on a switch?

Answer

A

Quality of Service (QoS) support means that a switch can prioritize traffic. This allows important or time-sensitive traffic to get through faster and less important or time-insensitive traffic to get through when it can. QoS can be important on networks with real-time or time-sensitive traffic such as VoIP (voice) or streaming media. However, this will not relieve the network designer of concerns about the proximity or availability of a power outlet.

Question 26

Q

You have decided to implement a firewall between your company’s network and the Internet. What does a firewall software solution typically provide? (Choose 3)

A) IP proxy services
B) L1 cache
C) packet filtering
D) L2 cache
E) HTTP proxy services

Answer

A

Of the listed services, a firewall software solution typically provides packet filtering, Hypertext Transfer Protocol (HTTP) proxy services, and Internet Protocol (IP) proxy services. These three services can also be obtained as separate products.

With packet filtering, data packets can either be allowed or denied entry into a network based on certain specified factors, such as the TCP port number or the IP address of the sending host. HTTP proxy services typically include Web page caching, which enables Web pages to be stored on an HTTP proxy server and retrieved from the proxy server rather than from the Internet; thus, HTTP proxy services can improve Web browsing performance. IP proxy services typically include the ability to present a single IP address to the Internet on behalf of all hosts on a private network. IP proxy services enable private IP addresses to be used on the private network, and IP proxy services protect the internal network-addressing scheme from malicious users on the Internet.

Question 27

Q

Where does the CPU cache there memory?

Answer

A

L1 cache is cache memory that resides on a central processing unit (CPU).

L2 cache is cache memory that resides on a system board near the CPU. Cache memory is a small amount of memory that is very fast and interfaces with the slower RAM on a system board to help increase the rate at which data flows between RAM and the CPU.

Question 28

Q

What are the type of of Firewalls can you install?

Answer

A

For the Network+ exam, you must understand the following firewall types:

Host-based − This firewall is installed on a specific host and only protects the host on which it is installed. This is the best solution if you need to protect laptops or desktop computers from external threats. An external threat is a threat that originates external to your organization, and these can be manmade or environmental.

Network-based − This firewall is installed on the network and protects all devices that are on the network that it controls.
Application aware/context aware − This firewall is designed to manage application and Web 2.0 traffic. This type allows fine-tuning the rules rather than just configuring allow or deny rules.

Small office/home office firewall − This firewall is easier to configure than most enterprise firewalls and often only involves a software component that you install on a network host.

Unified Threat Management (UTM) − This device bundles multiple security functions into a single physical or logical device. Features included could be IPS, IDS, anti-virus, anti-malware, anti-spam, NAT, and other functions.

Question 29

Q

You have been hired as a network administrator for a large corporation. This network includes a large number of switches that must be identically configured. In the past, this information has been configured manually. You want to automatically propagate the VLAN information to all switches on the LAN. What should you use? (Choose 2)

A) VTP
B) link aggregation
C) STP
D) 802.1q

Answer

A

To automatically propagate VLAN information to all switches on the LAN, you should use VLAN Trunking Protocol (VTP), which is also referred to as 802.1q. VTP configuration will prevent the VLAN information from having to be manually configured on all of the switches. VTP allows two switches to share VLAN information. One of the VLANs is called a native VLAN, also referred to a default VLAN. Frames belonging to the native VLAN are sent unaltered over the trunk with no tags. However, to distinguish other VLANs from one another, the remaining VLANs are tagged.

Question 30

Q

What types of STP are available?

Answer

A

There are two types of STP: spanning tree (802.1d) and rapid spanning tree (802.1w). 802.1d is an older standard that was designed when a minute or more of lost connectivity was considered acceptable downtime.

In Layer 3 switching, switching now competes with routed solutions where protocols such as Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) provide an alternate path in less time.

A layer 3 switch is the best option when you need to re-route multicast and unicast communication caused by a disruption of service when a network is failing redundancy at the main distribution frame (MDF).

Question 31

Q

You have been asked to implement a wireless network in a shared office building in a signal-rich environment. A wireless scan of the environment on your target floor shows you that the 5 GHz frequencies are not widely used in that building. Which of the following 802.11 Wi-Fi networking technologies should you choose in this scenario? (Choose 4)

A) 802.11b
B) 802.11g
C) 802.11n
D) 802.11ax
E) 802.11ac
F) 802.11a

Answer

A

802.11a, 802.11n, 802.11ac, and 802.11ax can use the 5 GHz frequencies for wireless communications. 802.11a and 802.11ac do not work at the 2.4 GHz frequency, while 802.11n and 802.11ax can transmit on either the 2.4 or 5 GHz bands.

The benefit of the higher frequency, especially for newer standards (where a through n fall in chronological order, and ac and ax after that), is higher throughput (especially when using wider channels and additional antennas). The disadvantage of the higher frequency, especially for older standards (802.11a and 802.11n), is reduced transmission/reception range, particularly indoors where walls and other solid or metallic barriers can interfere with or impede communications. Overall, 802.11ac or 802.11ax would be your best choice for a new network.

Question 32

Q

You have been hired as a network security consultant. The company that hires you has had multiple incidents where their wireless network has been breached by hackers. You find out that they have a RADIUS authentication server that they use for the corporate VPN. You decide to recommend using RADIUS authentication for the wireless network. Which WPA version should you suggest?

A) WPA
B) WPA-Enterprise
C) WPA2
D) WPA-PSK

Answer

A

WPA-Enterprise requires the use of a RADIUS authentication server. WPA-Enterprise is intended for large networks. It is also referred to a WPA-802.1x.None of the other options is correct. WPA2 is more secure than WPA. WPA-Pre-shared Key (WPA-PSK), also known as WPA-Personal, is for use in small home or office networks.

Question 33

Q

Which of the following network devices would be MOST likely found within an office building setting?

A) Industrial Control Systems (ICS)
B) SCADA systems
C) HVAC systems
D) Smart speakers

Answer

A

HVAC systems can be found in almost all settings due to their universal usage. HVAC systems are designed to handle the heating, ventilation, and air conditioning within a building. HVAC systems can be found in data centers, industrial buildings, residential buildings, and commercial buildings. With HVAC systems, it is important to understand that they can be vulnerable to cyberattacks as many of these systems are automated and not designed with cybersecurity in mind. Routinely monitoring and managing these systems is critical whenever designing a new network.

Question 34

Q

What does ICS function do?

Answer

A

ICS is a general term that encompasses several types of control systems that are designed in help manage and control industrial processes. These control systems can vary in size from a few modular panel systems to larger interconnected and interactive control systems with thousands of field connections. These systems are most likely to be found in an industrial setting. While they can be deployed in an office building, they are much less likely to be found there. ICS can interface with most HVAC systems, but not all HVAC systems will be deployed as part of an ICS.

Question 35

Q

What does SCADA function do?

Answer

A

SCADA systems are comprised of computers, networked data communications, and graphical user interfaces for high-level supervision of various network machines and processes. These systems can also cover various sensors and other logic controllers. These systems would most likely be found within a production facility, in a data center, or in an industrial plant and may include HVAC systems. They are much less likely than an HVAC system to be found in an office building.

Question 36

Q

Host A wants to communicate with Host B as shown in the following network exhibit:

Which three statements are true? (Choose three. Each answer is part of the solution.

A)The switch will forward the frame to the router.

B) Host A will send an ARP request for the router’s MAC address.

C) Host A will send a frame with the destination MAC address of Host B.
D) The switch will forward the frame to Host B.

E)Host A will send a frame with the destination MAC address of the router.

F) Host A will send an ARP request for Host B’s MAC address.

Answer

A

Host A will send out an ARP request for the MAC address of Host B. Host A will then send a data frame to the switch with a destination MAC address of Host B. Finally, the switch will forward the frame to Host B.

Host A and Host B are connected to the same subnet, 192.168.1.32 /27, and are thus within the same VLAN. For this reason, traffic between the two hosts does not need to be sent to their default gateway to be routed. Hosts are able to ARP and build unicast frames for hosts on the same subnet. The switch will receive the frame and forward it to the appropriate host based on a MAC address table lookup. The router is not involved in this scenario.

Host A will not send an ARP request for the router’s MAC address because routing is not required between hosts on the same subnet.

Host A will not send a frame with the destination MAC address of the router because routing is not required between hosts on the same subnet.

The switch will not forward the frame to the router because routing is not required between hosts on the same subnet.

Question 37

Q

You want to enable port authentication on your network switches. On which setting is port authentication based?

A) IP address
B) port number
C) MAC address
D) protocol

Answer

A

Port authentication on your network switches is based on the switch’s MAC address. If the switch is not specifically configured with a MAC address, the MAC address communication is not allowed through the switch port.

For the Network+ exam, you also need to understand managed versus unmanaged switches. Managed switches give you more control over your traffic and offer advanced features to control that traffic. An unmanaged switch simply allows Ethernet devices to communicate with one another. They are shipped with a fixed configuration and do not allow any changes to this configuration.

Question 38

Q

Management has asked you to ensure that any traffic through the external firewall is allowed as long as it is the result of a previous connection. Which type of firewall performs this assessment when it first encounters traffic?

A) circuit-level proxy firewall
B) packet-filtering firewall
C) application-level proxy firewall
D) stateful firewall

Answer

A

When traffic is encountered, a stateful firewall first examines a packet to see if it is the result of a previous connection. Information about previous connections is maintained in the state table.

You can configure the IDS to perform stateful packet matching and monitor for suspicious network activity. This is referred to as stateful inspection. An IDS cannot perform authentication and encryption for a VPN and cannot block traffic based on the application or port used.

With a stateful firewall, a packet is allowed if it is a response to a previous connection. If the state table holds no information about the packet, the packet is compared to the access control list (ACL). Depending on the ACL, the packet will be forwarded to the appropriate host or dropped completely.

Stateful firewalls can be used to track connectionless protocols, such as the User Datagram Protocol (UDP), because they examine more than the packet header.

Stateless firewalls watch network traffic and control packets based on source and destination addresses or other static values. They are not aware of traffic patterns. A stateless firewall uses simple rules that either allow or deny the traffic.

Question 39

Q

Where does the packet filtering firewalls sit in the OSI model?

Answer

A

Packet-filtering firewalls function at the Network layer of the OSI model. This type of firewall filters traffic based on rules defined by the administrator.

Question 40

Q

Where does the Circuit-Level firewalls sit in the OSI model?

Answer

A

Circuit-level firewalls function at the Session layer of the OSI model.

Question 41

Q

You are installing a known good NIC in a computer, and a spark jumps from your hand to the NIC. You install the NIC and discover that the NIC no longer operates correctly. What has most likely caused the NIC to malfunction?

A) RFI
B) EMI
C) ESD
D) a power sag

Answer

A

Of the choices listed, an electrostatic discharge (ESD) has most likely caused the network interface card (NIC) to malfunction. ESD occurs when static electricity jumps from an object with a higher electrical charge to an object with a lower electrical charge. You can build up static electricity in your body by walking across a carpet. This static electricity can then be discharged in the form of ESD into the circuits on a microchip, which can destroy such circuits. NICs are expansion cards that contain microchips that ESD can destroy. You should take measures to prevent ESD before you handle the expansion cards in a computer. For example, you can wear an anti-static wrist strap, or you can discharge the static electricity in your body by touching a grounded object such as a computer case before you touch a circuit board. Companies should make employees aware of electrical safety if personnel may be required for perform work that could result in electric shock, such as computer repair. Proper grounding techniques should be covered as part of personnel training.

Question 42

Q

Which metric is used by the Routing Information Protocol (RIP) Version 2 protocol to determine the network path?

A) convergence
B) hop count
C) bandwidth
D) delay

Answer

A

Both Versions 1 and 2 of RIP use hop count as the primary metric to determine the most desirable network path. A metric is a variable value assigned to routes and is a mechanism used by routers to choose the best path when there are multiple routes to the same destination. Each router traversed by a packet from the source to the destination constitutes one hop. The lower the hop count, the higher the preference given to that path. Using RIP, the hop count is limited to 15 hops. Any router beyond this number of hops is marked as unreachable.

Question 43

Q

What are Rip v1/RIP v2 and IGRP considered as on the routing protocol?

Answer

A

RIP v1, RIP v2, and IGRP are considered distance vector protocols. Open Shortest Path First (OSPF) is a link-state protocol. EIGRP is a balanced hybrid routing protocol, also referred to as an advanced distance vector protocol.

Question 44

Q

You have been hired as a new network administrator for your company. In your first week, you discover a device that uses a security policy to filter and examine packets coming into a network to determine whether to forward the packet to its destination. This device is not depicted on the company’s network layout diagram. Which device is this?

A) hub
B) switch
C) firewall
D) router

Answer

A

A firewall examines the packets coming into a network based on a security policy to determine whether to forward the packet to its destination based on a security policy.

Question 45

Q

What types switch port security techniques can you use to monitor packet traffic in the network?

Answer

A

DHCP snooping − a security feature configured on switches that acts like a firewall between untrusted hosts and trusted DHCP servers.

ARP inspection − a security feature on switches that validates ARP packets in a network. It determines the packet validity by performing an IP-to-MAC address binding inspection stored in a trusted database before forwarding the packet to the appropriate destination. All ARP packets with invalid IP-to-MAC address bindings that fail the inspection will be dropped.

MAC address filtering − a security feature configured on switches that will allow or deny traffic based on the MAC address from which the communication comes.

VLAN assignments − Virtual LANs (VLANs) are assigned to individual switch ports. Devices on the same switch can then be assigned to separate VLANs so that their traffic is isolated.

Network segmentation − By assigning ports to different VLANs you provide network segmentation. Traffic meant for the same VLAN will only cross the ports in that VLAN. Because the traffic is isolated based on VLAN, it provides better security.

Question 46

Q

A suburban office location for your company is located next door to a regional airport, where a US government regional weather radar system is also housed. You are tasked with setting up a wireless 802.11ac network in that location. You must select a range of 80 MHz channels for that network to use. Furthermore, some of the devices on that network have 802.11n wireless interfaces. Which of the following channels should you use on your network? (Choose 2)

A) Channel 165
B) Channels 100-144
C) Channels 52-64
D) Channels 149-161
E) Channels 36-48

Answer

A

You should use channels 36-48 (80 MHz: 5.170-5.250 GHz) and 149-161 (80 MHz: 5.735-5.815 GHz) for indoor and outdoor Wi-Fi use. All 802.11n and 802.11ac client devices support use on these two bands.

Whenever using Wi-Fi channels, it is important to understand the different regulatory restrictions that may be placed for channels and channel bonding. Depending on your office location, the regulatory domains can change significantly. Therefore, it is important to identify what regulatory bodies you must comply with and ensure that your network is following the appropriate regulatory rulings.

Question 47

Q

What MHz does channel 52-64 operate in?

Answer

A

Channels 52-64 (80 MHz: 5.250-5.330 GHz) was historically reserved by the FCC for government weather radar systems, and DFS sensing is required for access points and client devices on this band. Only higher-end 802.11ac and older 802.11n client devices support use on this band.

Question 48

Q

What MHz does channel 100- 144 operate in?

Answer

A

Channels 100-144 (240 MHz: 5.49-5.730 GHz) is also reserved for government weather radar systems, and DFS sensing is required by access points and client devices. Channel 144 was added for Wi-Fi use in 2013, but does not work with older 802.11n client devices.

Question 49

Q

What MHz does channel 165 operate in?

Answer

A

Channel 165 (20 MHz: 5.825-5.845 MHz) is only 20 MHz wide and does not meet the channel width requirements.

Question 50

Q

For a new office space, you have been asked to choose a best cost solution for providing wireless network access for up to 60 employees. Your boss has informed you that there will be mix of 802.11n and 802.11ac devices in use. The maximum distance from the WAP to any user is 150 ft (~46M). Which kind of wireless access point should you buy?

A) 802.11ac
B) 802.11g
C) 802.11b
D) 802.11a
E) 802.11n

Answer

A

You should buy a 802.11n wireless access point (WAP). The critical factors at work here are compatibility and maximum distance (indoor range). 802.11ac is backward compatible with 802.11n, so 802.11ac and 802.11n devices may communicate with a WAP of either kind. The maximum indoor range for 802.11n is 70m or 230ft, while that for 802.11ac is 35m or 115 ft. Thus, only 802.11n will work.

Question 51

Q

What is the indoor range of 802.11a?

Answer

A

802.11a’s indoor range is identical to that for 802.11ac (35 m or 115 ft).

Question 52

Q

What is the indoor range of 802.11b?

Answer

A

Also its indoor range is identical to that for 802.11ac (35 m or 115 ft).

Question 53

Q

What is the indoor range of 802.11g?

Answer

A

Its indoor range is also too short at 38 m or 125 ft.

Question 54

Q

What is the indoor range of 802.11ac?

Answer

A

802.11ac would ordinarily be the best choice for deployment because of its ability to support multiple simultaneous users, wide data channels, and higher data rates. But the distance and cost limitations preclude its use (802.11ac’s indoor range is 35m or 115 ft).

Question 55

Q

You connect a home computer to a BRI ISDN line. The Bandwidth On Demand Interoperability Group (BONDING) protocol is used to combine the channels.

What is the maximum data transfer rate of the B channels?

A) 1.544 Mbps
B) 44.736 Mbps
C) 56 Kbps
D) 128 Kbps

Answer

A

Each B channel in a Basic Rate Interface (BRI) Integrated Services Digital Network (ISDN) connection can provide a maximum data transfer rate of 64 kilobits per second (Kbps). A BRI ISDN line provides a total of two bearer (B) channels, which can be combined by the bonding protocol to provide a total maximum data transfer rate of 128 Kbps. A BRI ISDN line also provides a single delta (D) channel, which is used to transfer connection control data. A BRI ISDN D channel operates at a data transfer rate of 16 Kbps. BRI ISDN is sometimes referred to as 2B+D ISDN because BRI ISDN provides two B channels and one D channel.

Question 56

Q

Your network contains several virtual LANs (VLANs). What is a benefit of using this technology?

A) It allows users on a LAN to communicate with remote networks.
B) It allows networks to be segmented logically without being physically rewired.
C) It allows users from different segments to communicate with each other.
D) It connects small networks together to form a single large network.

Answer

A

A virtual LAN (VLAN) is a networking technology that allows networks to be segmented logically without having to be physically rewired. In a traditional Ethernet network, you can replace all hubs with VLAN switches. This creates virtual network segments whose logical topology is independent of the physical topology of the wiring. Each station is assigned a VLAN identification number (ID), and stations with the same VLAN ID function as though they are all on the same physical network segment, no matter which physical switch they are connected to. Only devices with the same VLAN ID will receive broadcasts sent by a host. The assignment of VLAN IDs is done at the port level on the switches themselves. Moving a host to another department only requires the assignment of a different VLAN ID to the port on the switch to which the host is connected. No rewiring of cables is necessary.

The primary benefit of having a VLAN is that users can be grouped together according to their need for network communication, regardless of their actual physical locations. Membership in a VLAN segment, called a VLAN group, is controlled by the network management software, which allows users to be grouped according to their needs.

Question 57

Q

Why do we need to consider user/passwords management when it comes to switch management?

Answer

A

User/passwords − Limit the number of administrative users that are allowed to access the switches on your network. Always use complex passwords for those users. If there are any default accounts, such as administrator or guest, you should disable these accounts because attackers will often use these accounts to hack into your switch.

Question 58

Q

Why is AAA configuration important for switch management?

Answer

A

AAA configuration − AAA stands for Authentication, Authorization and Accounting. Authentication verifies the identity of the user. Authorization handles what the user is allowed to do and what resources he/she can access. Accounting audits the actions of the users. AAA and 802.1X are used for port-based authentication,

Question 59

Q

Why is console important in managing a switch?

Answer

A

Console − The console is used to manage a switch. You should use Secure Shell (SSH) or connect directly to the switch’s console port of the switch. An unmanaged switch is one that does not support the use of an IP address or a console port connection for management purposes.

Question 60

Q

Why is Virtual terminals important in managing a switch?

Answer

A

Virtual terminals − Virtual terminals are remote workstations that allow you to access the switch management tools and desktop interface. You should limit who has access to these terminals and place them only in secure locations. In addition, they should require authentication before accessing the management tools. If only one person can log in to the virtual terminal at a time, you should increase the number of virtual terminals available.

Question 61

Q

Why is OOB management in managing a switch?

Answer

A

In-band/Out-of-band management − When possible, you should use a separate network for management of a managed switch. This is referred to as out-of-band (OOB) management when the management traffic is kept on a separate network than the user traffic. In-band management occurs over the same network as user traffic. OOB management is more secure.

Question 62

Q

Which feature provides varying levels of network bandwidth based on the traffic type?

A)f ault tolerance
B) QoS
C)l oad balancing
D) traffic shaping

Answer

A

Quality of Service (QoS) provides varying levels of network bandwidth based on the traffic type. Each traffic type has its own queue. Each traffic type queue is given its own priority. Traffic types with a higher priority are preferred over lower priority traffic types.

QoS is used in a variety of networks, including VoIP, to ensure performance standards.

Question 63

Q

What is traffic shaping?

Answer

A

Traffic shaping is a specialized type of QoS where traffic from each host is monitored. When traffic from the host is too high, packets are then queued. Traffic shaping can also define how much bandwidth can be used by different protocols on the network. A key feature of QoS is control plane policing. This feature will allow users to configure a QoS filter to manage the traffic flow within a network’s control plane. This hardening technique helps to protect the network against reconnaissance and denial of service (DoS) attacks.

Question 64

Q

What is load balancing?

Answer

A

Load balancing divides requests among several servers or resources. This ensures that no single server or resource is overloaded.

Answer 65

A

Fault tolerance is the ability to respond to a single point of failure on a network. Fault tolerance on servers involves hardware RAID, UPS systems, power conditioning, backups, and clustering.

Answer 66

A

Multiple user, multiple input, multiple output (MU-MIMO) permits multiple devices to send/receive wireless data simultaneously. This decreases the wait time when seeking wireless communications. Regular MIMO is more properly designated as SU-MIMO, where SU stands for single user. It supports multiple inputs and outputs, but can only service a single device at a time.

While MU-MIMO often offers higher bandwidth and better throughput, this would not explain why MU-MIMO makes more sense than MIMO in a busy area where numbers of users are constantly active at the same time.

Answer 67

A

MU-MIMO does offer advantages over MIMO.

While MU-MIMO often supports more users than MIMO, this would not explain why MU-MIMO makes more sense than MIMO in a busy area where numbers of users are constantly active at the same time.

Indeed, MU-MIMO is faster and more capable than MIMO. But again, this would not explain why MU-MIMO makes more sense than MIMO in a busy area where numbers of users are constantly active at the same time.

Answer 68

A

Jumbo frames should be used by a network administrator so that the network can accept a maximum transmission unit (MTU) greater than 1,500. It can be used on a network that supports at least 1 Gbs, and the MTU size can be up to 9000 bytes. To take advantage of this feature, all nodes must be configured to accept jumbo frames at the same MTU rate. Jumbo frames improve network performance.

Answer 69

A

Fiber Channel over Ethernet (FCoE), as the name implies, deploys Fiber Channel frames in Ethernet networks. By encapsulating the frames, Fiber Channel can utilize 10Gb Ethernet.

Answer 70

A

A Unified Threat Management (UTM) appliance would be the best device to provide multiple security functions in a central location. UTM appliances incorporate multiple security and performance functions in one device. Some of those services can include load balancing, email security, URL filtration, wireless security and more.

Answer 71

A

You should first determine whether the call terminates on an analog endpoint. Dealing with audio quality issues on Voice over Internet Protocol (VoIP) is an occasional necessity. But before digging into the usual troubleshooting routine, it is essential to establish if the problem call or connection terminates on VoIP equipment on both sides. If one end of a call terminates on an analog endpoint, occasional audio problems are inevitable.

Non-VoIP equipment cannot provide routine compression, echo cancellation, and sound quality enhancements. When a call terminates on an analog endpoint, this is really nothing to troubleshoot (aside from replacing the analog endpoint). So that possibility should be eliminated first before troubleshooting commences.

Answer 72

A

The H.323 protocol is the most widely used protocol for packet voice communications. Its selection versus other voice protocols, such as SIP, does not significantly affect call quality and echo one way or other.

Answer 73

A

A Unified Threat Management (UTM) appliance would be the best device to provide multiple security functions in a central location. UTM appliances incorporate multiple security and performance functions in one device. Some of those services can include load balancing, email security, URL filtration, and wireless security.

Answer 74

A

A multi-layer switch, in addition to working at the Data Link layer (Layer 2), also performs many Layer 3 router functions. When ports on a multi-layer switch are configured as Layer 2 ports, traffic is routed based on the MAC address. When ports are configured as Layer 3 ports, traffic is routed based on IP addresses. Multi-layer switches have the ability to route packets between VLANs.

Answer 75

A

A Layer 7 firewall or Next Generation Firewall (NGFW) combines traditional firewall functionality with an Application layer firewall. A traditional firewall that allows HTTP traffic on port 80 may also permit an SQL injection attack embedded in a properly formed HTTP request. An Application layer firewall would perform a more intensive examination of the traffic instead of just allowing the traffic on a given port. In this example, even though HTTP traffic on port 80 is allowed on a traditional firewall, the Application layer firewall would look for an SQL injection attack, and block the data.

Answer 76

A

VLANs place users from many locations into the same broadcast domain. A single VLAN can span multiple physical LAN segments, collision domains, and TCP/IP segments. VLANs can be based on work function, common applications or protocols, department, or other logical groupings. VLAN assignment is configured at the switch for each device that is connected to the switch. VLANs enable many users at many locations to be in the same broadcast domain. Remember, routers define broadcast domains, and because switches are Layer 2 devices, they do not segment broadcast domains; instead, they segment collision domains.

VLANs span multiple collision domains, subnets, and cable segments, so users would not have these aspects of the network in common. IEEE 802.1Q is the networking standard that supports VLANs on an Ethernet network. Broadcast domains can be created using switches or routers.

Answer 77

A

Bridges, switches, and routers can be used to connect multiple LAN segments. For the Network+ exam, you need to understand the placement of these devices. Bridges, switches, and routers are implemented on the perimeters of segments or subnetworks and are used to connect those segments together.

Bridges and switches operate at the Data Link layer, using the Media Access Control (MAC) address for sending packets to their destination.

Answer 78

A

Routers operate at the Network layer by using IP addresses to route packets to their destination along the most efficient path. Backbone routers are the open shortest path first (OSPF) routers that are in Area zero. Area zero is considered the backbone of an OSPF network. Internal routers are located in a single area within a single OSPF autonomous system. Area border routers (ABRs) are located in more than one area within a single OSPF autonomous system. Autonomous system border routers (ASBRs) connect multiple OSPF autonomous systems. A load balancer can be used to balance the workload between routers if more than one router is connected to a subnetwork. Load balancers can also be used with other devices to perform the same function.

Answer 79

A

A Wireless Access Point (WAP) is essentially a translational bridge. One side is commonly connected to the wired LAN and the other side communicates using IEEE 802.11b with a wireless connection. WAPs are not Physical layer devices like hubs or repeaters. They selectively transmit traffic based upon MAC addresses. A WAP can also function as a repeater. WAPs are placed in the center of an area to which you want to provide wireless access

Answer 80

A

Hubs act as a central connection point for network devices on one network segment. They work at the Physical layer. The primary reason for choosing a switch over a hub is bandwidth needs. Switches can greatly improve network performance because switches do not broadcast the packets they receive. Hubs broadcast the packets they receive to all available ports on the hub, thereby increasing network traffic. Hubs, like routers and switches, are placed on the perimeter of a single segment and only control the traffic on that segment.

Both switches and hubs support the same protocols. Hubs are cheaper than switches, but can result in higher costs over time when you consider the potential for issues with lower bandwidth. Both switches and hubs support different types of nodes.

Answer 81

A

You may also need to understand network bridges, which operate at the OSI Data Link layer. They divide a network into segments, keeping the appearance of one segment to the upper-layer protocols. Using MAC addresses, bridges determine which traffic should pass through the bridge and which traffic should remain on the local segment. Keeping local traffic local can increase network performance.

Bridges can be used to perform the following functions:

Expand the length of a segment
Provide for an increased number of computers on the network
Reduce traffic bottlenecks resulting from an excessive number of attached computers
Split an overloaded network into two separate networks, reducing the amount of traffic on each segment and making each network more efficient
Link different types of physical media, such as twisted-pair and coaxial Ethernet

Answer 82

A

Another device that you may need to understand is a Multi-station Access Unit (MAU), which is also abbreviated as MSAU. This term is synonymous with a passive “hub” in a Token Ring network. A MAU is a multiport device that connects the computers in a physical star topology that functions as a logical ring.

Answer 83

A

A concept that you need to understand is traffic shaping, also known as packet shaping. A packet shaper delays data packets to bring them into compliance with a desired traffic profile. Packet shaping optimizes or guarantees performance and improves latency. The most common type of packet shaping is application-based traffic shaping. An example of this is P2P bandwidth throttling. Many application protocols use encryption to circumvent application-based traffic shaping. Another type of packet shaping is route-based traffic shaping that is conducted based on previous-hop or next-hop information.

Answer 84

A

WEP − Uses a 40-bit or 104-bit key
WPA/WPA2 Personal − Uses a 256-bit pre-shared key (PSK)
WPA/WPA2 Enterprise − Requires a RADIUS server

Answer 85

A

Proxy servers fulfill requests on the behalf of others. There are several kinds of proxy servers, including HTTP proxy, IP proxy, and FTP proxy. An HTTP proxy server is placed between the clients and the Internet. Frequently accessed files are placed in the cache on this server. When a client requests a file that is in the proxy cache, it will be downloaded from the proxy server rather than from the source, potentially lowering bandwidth usage. A proxy server can be configured to retrieve the originals of frequently requested files during low Internet usage hours so that content does not become outdated.

Answer 86

A

A WINS server is used to resolve NetBIOS names to IP addresses on Microsoft Windows networks.

Answer 87

A

An IP proxy server hides the local IP addresses of the private network, using one global IP address instead. All communication directed outside the local network is done using this one IP address.

Answer 88

A

The 802.11b wireless local area network (WLAN) technology supports maximum data rates of 11 Mbps.

802.11b WLAN clients, access points, and bridges use the Direct Sequence Spread Spectrum (DSSS) for transmission through RF ports. DSSS radio transmission provides data rates between 1 Mbps and 11 Mbps. DSSS uses three types of modulation schemes for Radio Modulation:

Binary Phase Shift Keying (BPSK) for transmitting data rates at 1 Mbps.
Quadrature Phase Shift Keying (QPSK) for transmitting data rates at 2 Mbps.
Complementary Code Keying (CCK) for transmitting data rates at 5.5 Mbps and 11 Mbps.

Answer 89

A

802.11a WLANs work in the 5-GHz Industrial, Scientific and Medical (ISM) frequency band with Orthogonal Frequency Division Multiplexing (OFDM). OFDM supports a maximum data rate of 54 Mbps.

Answer 90

A

802.11g WLANs work in the 2.4-GHz frequency band and supports a maximum data rate of 54 Mbps. 802.11g is compatible with 802.11b. 802.11g hardware will work on an 802.11b network, and vice versa.

Answer 91

A

802.11e is a specification that was implemented to add quality of service (QoS) features to the 802.11 specification.

Answer 92

A

802.11n is a specification that was designed to replace 802.11a, 802.11b, and 802.11g. To achieve maximum throughput, 802.11n should be implemented in the 5-GHz ISM frequency, but can be operated at the 2.4-GH ISM frequency for backwards compatibility. This frequency is capable of up to 600 Mbps. 802.11n provides faster throughput using multiple input, multiple output (MIMO) and channel bonding. But if you implement an 802.11n wireless card on an existing wireless network and achieve only 11 Mbps with full signal strength, the network is implementing 802.11b, making the network only capable of the lower speed.

Answer 93

A

A dual-homed firewall has two network interfaces. One interface connects to the public network, usually the Internet. The other interface connects to the private network. The forwarding and routing function should be disabled on the firewall to ensure that network segregation occurs.

Answer 94

A

A bastion host is a computer that resides on a network that is locked down to provide maximum security. These types of hosts reside on the front line in a company’s network security systems. The security configuration for this entity is important because it is exposed to un-trusted entities. Any server that resides in a demilitarized zone (DMZ) should be configured as a bastion host. A bastion host has firewall software installed, but can also provide other services.

Answer 95

A

A screened host is a firewall that resides between the router that connects a network to the Internet and the private network. The router acts as a screening device, and the firewall is the screen host.

Answer 96

A

A screened subnet is another term for a demilitarized zone (DMZ). Two firewalls are used in this configuration: one firewall resides between the public network and DMZ, and the other resides between the DMZ and private network.

Answer 97

A

A multi-layer switch, which operates at Layers 2, 3, and 4 of the OSI model, can make routing decisions based on the following criteria:

MAC address − a Data Link layer (Layer 2) function
IP address − a Network layer (Layer 3) function
Protocol − a Network layer (Layer 3) function
Port number − a Transport layer (Layer 4) function

A multi-layer switch has 24 collision domains.

Multi-layer switches do not route based on message content.

Answer 98

A

You can also purchase switches that offer services at only one layer of the OSI model. Layer 2 switches only route based on the MAC address. Layer 3 switches route based on the IP address or protocol. Layer 4 switches only route based on the port number.

Answer 99

A

A load balancer can be used to divert incoming web traffic by content to specific servers. This will reduce the workload on the primary server. The destination server is determined by data in Transport layer or Application layer protocols. Traffic distribution can be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest response time.

Wireless controllers provide central management of wireless access points. Without wireless controllers, each access point must be configured individually.

Answer 100

A

A VPN concentrator provides enhanced capabilities to a VPN router, including adding data and network security. It also creates and manages site-to-site VPN connections.

Answer 101

A

An authentication, authorization, accounting (AAA) server performs separate authentication, authorization, and accounting tasks. A Remote Access Dial-In User Service (RADIUS) provides AAA services in a centralized location. Whenever using RADIUS or similar remote access methods, organizations should establish remote access policies. These policies can be useful in determining who can remotely gain access to a network, when they can access the network, where they can access the network from, and how they can access the network.

Answer 102

A

Wireless controllers provide central management of wireless access points. Without wireless controllers, each access point must be configured individually.

Answer 103

A

Port mirroring copies the traffic from a single port to a different or mirror port, but prevents bidirectional traffic on the port. It allows you to view all of the traffic for a single VLAN, no matter the switch where the traffic originates. Local port mirroring only uses ports from the same switch. Remote port mirroring uses ports from multiple switches.

Answer 104

A

A spanning tree prevents loops when more than one path can be used. Spanning Tree Protocol (STP) uses the Spanning Tree Algorithm (STA) to help a switch or bridge by allowing only one active path at a time. A switching loop or bridge loop occurs when there is more than one path between two endpoints. The loop causes broadcast storms because broadcasts and multicasts are forwarded by switches out every port. The switch will repeatedly rebroadcast the messages, thereby flooding the network. If a frame is sent into a looped topology, it can loop forever. You should allow physical loop, but create a loop-free logical topology using the shortest path bridging (SPB) protocol or the older spanning tree protocols (STP) on the network switches.

Answer 105

A

Trunking (802.1q) allows different switches to support the same virtual LAN (VLAN) using frame-tagging. For example, when two ports on Switch A are connected to one port on Switch B, trunking has been implemented. Frame tags will be used to route the communication appropriately. If you need to add a switch to a room through which laptops can connect for full network access, you should configure a trunk on a switch port for both switches, the new switch in the room and the switch to which the new switch connects.

Answer 106

A

For the Network+ exam, you also need to understand Link Aggregation Control Protocol (LACP), also referred to as 802.3ad. LACP supports automatic link configuration and prevents an individual link from becoming a single point of failure. With this protocol, traffic is forwarded to a different link if a link fails. LACP allows network administrators to configure two or more links to pass traffic as if they were one physical link.

Answer 107

A

You should implement a unified communication (UC) gateway to connect the VoIP network to your company’s PBX.

Unified communications include VoIP, video, real-time services, quality of service (QoS), and UC devices. VoIP allows you to transmit voice communications over an IP network. Real-time services include instant messaging, presence information, voice, mobility features, conferencing services, desktop sharing, data sharing, call control, and speech recognition. Real-time services support both multicast and unicast communications. In unicast, one packet is transmitted to only one destination at a time. On the other hand, multicast sends packets to multiple destinations which is represented by a group address.

UC devices include UC servers, UC devices, and UC gateways. UC servers are responsible for managing the UC communications. UC devices help transport and monitor UC. UC gateways connect VoIP networks to other types of networks, such as PBX networks.

Answer 108

A

For VoIP implementations, you also need to understand VoIP private branch exchange (PBX) and VoIP gateway. A VoIP PBX is a device where voice traffic is encapsulated inside data packets for transmission across a data network. A VoIP PBX operates between a VoIP network and a traditional telephone network. A VoIP gateway is a device that converts telephony traffic into IP for transmission over a data network.

PBX systems are closely linked with the PSDN network, but existing PBX systems can also be migrated to VoIP using suitable adapters. A VoIP adapter used in combination with a PBX system constitutes an IP-PBX adapter that may be used to interface a PBX with an IP network and its VoIP devices. IP-ISDN fills the same role for ISDN-based PBX systems, where and IP-ISDN adapter may be used to interface an ISDN-PBX with an IP network and its VoIP devices.

Answer 109

A

The company must deploy one or more VoIP-PSTN gateways. These devices establish the routing of calls to the existing PSTN network. Such gateways connect to the PSTN network through T1/E1/J1, ISDN, or FXO interfaces.

Answer 110

A

IP-PBX adapters permit VoIP devices to interact with PBX-based devices for calling. They do not support communications with the existing PSTN network.

Answer 111

A

IP-ISDN adapters permit VoIP devices to interact with ISDN-based PBX systems. Like IP-PBX adapters, IP-ISDN adapters do not support communications with the existing PSTN network.

Answer 112

A

The advantage of wireless bridges over E1/T1 lines is that wireless bridges support higher bandwidth than E1/T1 lines, and E1/T1 lines tend to be more expensive in the long term.

Wireless bridges provide connectivity between two geographically separated LANs. These bridges are designed to provide outdoor deployments for connecting two or more remote locations. These bridges can be deployed for either point-to-point or point-to-multipoint wireless local area networks (WLANs). Wireless bridges can be deployed to interconnect two remote locations, up to a distance of 25 miles (40.2 Kms), with the integration of high-gain antennas. A wireless bridge products support a maximum of 54 Mbps of bandwidth.

The disadvantage of using wireless bridging is that you need line-of-sight between the installation sites to provide WLAN connectivity.

Answer 113

A

A primary drawback of a network-based intrusion detection system (NIDS) is that it cannot detect an attack on a host if the intruder is logged on to the host computer.

The simplest kind of IDS to implement is a pattern-matching NIDS. However, they have the disadvantage of generating an infinite volume of false positive alerts, and can flood the system with useless data when the defined signatures are not specific enough.

Answer 114

A

An NIDS is passive when it acquires data over the network. A primary advantage of NIDS is its usage of reliable real-time information to monitor the network without consumption of many resources.

The primary disadvantage of a NIDS is its inability to analyze encrypted information. For example, the packets that traverse through a Virtual Private Network (VPN) tunnel cannot be analyzed by the NIDS.

An NIDS can monitor either a complete network or some portions of a segregated network. It remains passive while acquiring the network data. For example, an intrusion detection system (IDS) can be placed on the internal network to monitor either real-time traffic or a de-militarized zone (DMZ). In a DMZ, public servers such as e-mail, DNS, and FTP servers are hosted by an organization to segregate these public servers from the internal network. An NIDS monitors real-time traffic over the network, captures the packets, and analyzes them either through a signature database or against the normal traffic pattern behavior to ensure that there are no intrusion attempts or malicious threats. NIDS finds extensive commercial implementation in most organizations.

Answer 115

A

NIDS does not monitor specific workstations.

A host-based IDS (HIDS) monitors individual workstations on a network. An intrusion detection agent should be installed on each individual workstation of a network segment to monitor any security breach attempt on a host.

Answer 116

A

You need to implement frame tagging on both switches to ensure that the VLANs that were originally implemented are spread across both switches. Tagging is a technique that adds a small header to the frame as it is passed between devices in order to maintain the original VLAN broadcast domain. In normal Ethernet, there is no tagging. Tagging is implemented only when trunking VLANs between devices is involved. If you only have one switch, an untagged VLAN is just fine. If you have two or more switches and you want all of the VLANs to talk with each other, they will all need the same tag.

A frame-tagging VLAN is not used to isolate IP and IPX traffic. A frame-tagging VLAN is a type of port-based VLAN that uses frame tagging to allow VLANs to be spread across multiple switches.

You should not create a port-based, protocol-based, or subnet-based VLAN on both switches. The original switch is already configured to use port-based switching. Port-based switching alone will not ensure that the VLANs that were originally implemented are spread across both switches. Neither will protocol-based or subnet-based switching.

Answer 117

A

You should implement a protocol-based VLAN. This will allow you to isolate the IP and IPX traffic. With protocol-based VLANs, each VLAN is configured to support a single protocol.

Answer 118

A

A port-based VLAN is not used to isolate IP and IPX traffic. With this type of VLAN, each port on the switch is assigned to a VLAN. Devices attached to that port automatically becomes members of that VLAN.

Answer 119

A

A subnet-based VLAN is not used to isolate IP and IPX traffic. With this type of VLAN, each subnet on your network is assigned to a VLAN. Devices are part of a subnet based on the subnet to which the device’s IP address belongs.

Answer 120

A

If you implement 802.1q, you are implementing VLAN trunking. It allows traffic from all VLAN to cross a single cable between two switches. If 802.1q were not implemented, each separate VLAN would require its own port connection.

Trunking (802.1q) allows different switches to support the same virtual LAN (VLAN) using frame-tagging. For example, when two ports on Switch A are connected to one port on Switch B, trunking has been implemented. Frame tags will be used to route the communication appropriately. If you need to add a switch to a room through which laptops can connect for full network access, you should configure a trunk on a switch port for both switches, including the new switch in the room and the switch to which the new switch connects.

Answer 121

A

The 802.1d standard implements Spanning Tree Protocol (STP), which prevents looping.

Answer 122

A

A static route will be preferred because it has the lowest administrative distance. Administrative distance is a feature that is used to select the best path when two or more routes to the same destination exist. These multiple routes are the result of different protocols being available to be used. Routing protocols are dynamic routing methods. With the default configuration, a router will prefer static routes to dynamic routes. The default administrative distances for the offered options are:

RIP − 120
OSPF − 110
BGP − 20
Static − 1

When Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), and static routing is enabled on a router, the router will prefer the static route.

Static routing does not consume the network bandwidth that dynamic routing does because static routing does not require routing broadcasts over the network. However, in large networks, dynamic routing is a better choice because static routing requires manual updates to all routing tables. In dynamic routing, convergence occurs when all devices have learned of a routing table change and have updated their routing table.

If a router receives a packet for a destination not on the router’s routing table, it usually forwards the packet to the next available router until the packet is “forwarded out.” However, if the router is configured with a gateway of last resort, it will automatically forward a packet for an unknown destination to the gateway of last resort.

Answer 123

A

For the Network+ exam, you need to understand static vs dynamic vs default routes. Static routes are manually configured by an administrator. Dynamic routes are discovered by the devices through the messages that they send out. Default routes are the routes on a computer that define the packet forwarding rule to use when no specific route can be determined for a given destination address.

Answer 124

A

Border Gateway Protocol (BGP) is categorized as an EGP. An EGP is used between autonomous networks. BGP uses an algorithm to determine the quickest route between networks. When a company needs to implement highly available data centers, BGP allows a company to continue to maintain an Internet presence at all data center sites in the event that a WAN circuit at one site goes down.

Routing Information Protocol (RIP), Intermediate System to Intermediate System (IS-IS), and Open Shortest Path First (OSPF) are categorized as Interior Gateway Protocols (IGPs). RIPv2 was developed to address the deficiencies of RIP and includes support for Classless Inter-Domain Routing (CIDR). RIP is considered a distance-vector protocol. OSPF is a link-state protocol. BGP is a hybrid protocol.

Enhanced Interior Gateway Routing Protocol (EIGRP) is an IGP. EIGRP is a distance-vector protocol.

All of the routing protocols mentioned can be used in IPv4/IPv6 networks.

Answer 125

A

A media converter should be used to connect the networks of the two offices because they use two different types of media. Media converters work on the Physical layer of the OSI model.

A gateway allows two computers with no protocols in common to communicate.

A Channel Service Unit/Digital Service Unit (CSU/DSU) is a device typically required by leased lines, such as T1 lines, to terminate their media connection to your LAN.

A modem converts computer signals to travel over telephone and cable lines.

Types of media converters include the following:

Single-mode fiber to Ethernet
Multi-mode fiber to Ethernet
Fiber to coaxial
Single-mode fiber to multi-mode fiber

Answer 126

A

You should understand the placement of these devices for the Network+ exam. Media converters are placed where two different types of media meet. A gateway is placed where two different types of computers meet. A CSU/DSU is placed where the leased line meets your local network. An internal modem is installed in the device that needs the ability to make calls, while an external modem is installed near the device needing that ability and connected to it and the telephone line.

Answer 127

A

A signature-based IDS relies upon a database that contains the identities of possible attacks. This database is known as the signature database. A signature-based IDS watches for intrusions that match a known identity or signature. The signature database must be updated for a signature-based IDS to remain effective.

Answer 128

A

A network-based IDS is attached to the network in a place where it can monitor all network traffic. It implements passive and active responses. Passive responses include logging, notification, and shunning. Active responses include terminating processes or sessions, network configuration changes, and deception

Answer 129

A

An anomaly-based IDS detects activities that are unusual. With this type of IDS, there is an initial learning period before anomalies can be detected. Once the baselines are established, an anomaly-based IDS can detect anomalies. Sometimes the baseline is established through a manual process.

Answer 130

A

A behavior-based IDS looks for behavior that is not allowed and acts accordingly.

Answer 131

A

The 802.11a wireless local area networks (WLANs) use the 5-GHz frequency band.

802.11a WLANs use the 5-GHz frequency band with Orthogonal Frequency Division Multiplexing (OFDM). OFDM supports a maximum data rate of 54 Mbps.

802.11b WLANs use the 2.4-GHz frequency band for transmission with Direct Sequence Spread Spectrum (DSSS). DSSS supports a maximum data rate of 11 Mbps.

802.11a WLAN equipment does not use the 900-MHz or 2.9-GHz frequency bands for transmission.

The maximum data rate is often referred to as maximum bandwidth. Channel bandwidth is the amount of bandwidth within a single channel used by the frequency.

Answer 132

A

802.11b wireless local area networks (WLANs) use the 2.4-GHz frequency band. 802.11g WLANs also use this frequency band.

802.11b WLANs use 2.4-GHz frequency band with Direct Sequence Spread Spectrum (DSSS). DSSS supports a maximum data rate of 11 Mbps.

802.11a WLANs use 5-GHz frequency band with Orthogonal Frequency Division Multiplexing (OFDM). OFDM supports maximum data rate of 54 Mbps.

802.11n WLANs can operate in both the 2.4-GHz frequency band and the 5-GHz frequency band. It will allow you to use both 802.11a and 802.11g devices. It will also support legacy devices. In 802.11n networks, you can modify the spectrum that is used. An 802.11a device that connects to an 802.11n network will use an 802.11a-ht connection type. An 802.11g device that connects to an 802.11n network will use an 802.11g-ht connection type.

While wireless networks allow computers to connect to your network using a wireless connection, they also allow cell phones, laptops, tablets, gaming devices, media devices, and other mobile devices to connect to a network.

Answer 133

A

A hardware firewall is also referred to as an appliance firewall. Appliance firewalls are often designed as stand-alone black box solutions that can be plugged in to a network and operated with minimal configuration and maintenance.

An application firewall is typically integrated into another type of firewall to filter traffic that is traveling at the Application layer of the Open Systems Interconnection (OSI) model. An embedded firewall is typically implemented as a component of a hardware device, such as a switch or a router.

A software firewall is a program that runs within an operating system, such as Linux, Unix, or Windows 2000. If you set up a subnet with computers that use peer-to-peer communication, a software firewall is probably the best firewall solution.

Firewalls can be used to create demilitarized zones (DMZs). A DMZ is a network segment placed between an internal network and a public network, such as the Internet. Typically, either one or two firewalls are used to create a DMZ. A DMZ with a firewall on each end is typically more secure than a single-firewall DMZ. However, a DMZ implemented with one firewall connected to a public network, a private network and a DMZ segment is cheaper to implement than a DMZ implemented with two firewalls.

Answer 134

A

A hub is a central point of connection between media segments. There are two primary types of hub: passive and active.

A passive hub sends received signals out through all of its ports except the one through which the signal was received. It does not amplify or regenerate the signal. Therefore, it does not require electricity to operate. This type of hub is used mainly to provide communication flow through the network.

An active hub also sends data out all of its ports except the one through which the signal was received, but amplifies or regenerates the signal as it sends it out the ports. Therefore, it does require electricity to operate. It can effectively double the length of the network segment. For example, you can extend an Ethernet segment to 200 meters (656 feet), rather than its usual 100 meters (328 feet), by placing a hub at the midpoint of the segment.

Another type of hub is a hybrid hub, which is used to connect different types of cabling. Typically, the hybrid hub will connect to sub-hubs, which connect to computers.

Switching hubs, also known as a switches or Layer 2 switches, also serve as connection points between media segments. Unlike other types, these hubs build a table of MAC addresses. Thus, they are able to send the signal out through the specific port leading to the destination, rather than through all of the ports.

Answer 135

A

An application-level proxy firewall most detrimentally affects network performance because it requires more processing per packet.

The packet-filtering firewall provides high performance. Stateful and circuit-level proxy firewalls, while slower than packet-filtering firewalls, offer better performance than application-level firewalls.

Kernel proxy firewalls offer better performance than application-level firewalls.

An application-level firewall, or Layer 7 firewall, creates a virtual circuit between the firewall clients. Each protocol has its own dedicated portion of the firewall that is concerned only with how to properly filter that protocol’s data. Unlike a circuit-level firewall, an application-level firewall does not examine the IP address and port of the data packet. Often, these types of firewalls are implemented as a proxy server.

A proxy-based firewall provides greater network isolation than a stateful firewall. A stateful firewall provides greater throughput and performance than a proxy-based firewall. In addition, a stateful firewall provides some dynamic rule configuration with the use of the state table.

Answer 136

A

Virtual local area networks (VLANs) allow you to segment a network and isolate traffic to different segments. Each segment (such as Sales, Administration, Manufacturing, or Accounting) can become its own VLAN. VLANs are created by tagging and untagging ports on a switch. A trunk port, which serves as the connection between switches, tags the VLAN traffic. An access port, which is the connection to an end device, does not tag. Port tagging and VLANs are not used in unsegmented networks.

MAC address tables contain the MAC address of any device on the network and the corresponding port on the switch to which it is attached. In instances where a VLAN is implemented, the MAC address table will also have the associated VLAN for that port. However, MAC address tables alone do not provide the network segmentation.

ARP tables show the relationship of IP addresses to MAC addresses and are located on most devices. While they help the devices may routing decisions, they do not provide network segmentation.

Answer 137

A

You could deploy bridges or switches, which use STP to prevent loops in the network when more than one path can be used. STP uses the Spanning Tree Algorithm (STA) to help a switch or bridge by allowing only one active path at a time. STP can prevent network congestion and broadcast storms.

Routers and hubs do not use STP.

Answer 138

A

There are two types of STP: spanning tree (802.1d) and rapid spanning tree (802.1w). 802.1d is an older standard that was designed when a minute or more of lost connectivity was considered acceptable downtime. In Layer 3 switching, switching now competes with routed solutions where protocols such as Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) provide an alternate path in less time. You can implement a layer 3 switch and virtual LANs (VLANs) to limit the amount of broadcast traffic on a network and allow different segments to communicate with each other.

The 802.1w protocol was developed to improve performance. 802.1w bridges are fully distributed, while 802.1d switches agree on a root port. This root port acts differently than the other switches and is responsible for the network’s connectivity.

802.1w defines roles for the ports and a new bridge protocol data unit (BPDU) format, which introduces the proposal/agreement mechanism. BPDU’s handling and convergence is different in each protocol. 802.1w introduces these new features:

Rapid Transition To Forwarding State − includes new Edge Ports and Link Types variables.
Uplink Fast − distinguishes between port roles and uses alternate ports.

Answer 139

A

Network configuration and performance baselines are parts of the network documentation that assist with troubleshooting. In particular, performance baselines show how the network performs under typical loads, in terms of bandwidth used, packets dropped, throughput, or other metrics, for a given period of time. Later, when network issues occur, such as a perceived drop in network speed, the administrator can compare current conditions to the previously recorded baseline.

Answer 140

A

Standard operating procedures/work instructions represent key documents used to manage the network. While the two documents are related, they each have a different purpose. Standard operating procedures (SOPs) indicate what is to be done, as well as the responsible party. The work instructions describe how to execute the task identified in the SOP, but would not identify an active issue with throughput.

Answer 141

A

Rack diagrams depict the placement of network equipment, such as routers, switches, hubs, patch panels, and servers, in a standard 19” rack. Rack diagrams are particularly useful when planning server rooms and networking closets as the diagrams allow the engineer to determine the proper placement of equipment prior to the physical buildout. They also serve as a tool to help locate equipment for maintenance or repair, but not to identify an active issue with throughput.

Answer 142

A

Wiring and port locations should be a critical component of the network documentation. This documentation facilitates troubleshooting connectivity by not only identifying the IP or MAC address where the problem is located, but also the physical location of the problem. Wiring and port locations will not help you research performance issues until after the network configuration and performance baselines examined and compared to current performance.

Answer 143

A

The 802.11a and 802.11g Wireless Local Area Network (WLAN) transmission technologies are least affected by multipart distortion. Multipath distortion is caused by the reflection of radio frequency (RF) signal on surfaces while traveling between the transmitter and the receiver. These reflected signals reach the receiver with delay. This is also known as inter-symbol interference. This delayed signal adds distortion to the original signal that is directly sent to the antenna system of the receiver.

802.11a and 802.11g WLAN devices use Orthogonal Frequency Division Multiplexing (OFDM) modulation for transmission. Each 802.11a channel utilizes an RF bandwidth of 20 MHz in OFDM modulation. This 20-MHz channel is split into 52 channels with 300-KHz smaller sub-carriers, of which 48 are used for data transmission. The access point transmits the same data in the different frequency channels. When the data is sent on multiple frequencies instead of single frequency, the RF signal is less susceptible to the inter-symbol interference. This is because there is less probability that two signals will use the same sub-carrier frequency channel for transmission.

Answer 144

A

The IEEE 802.11 standard, which is the main standard for wireless LANs, specifies using Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) for its media access method. Like an Ethernet network, which uses Carrier Sense Multiple Access/Collision Detection (CSMA/CD), wireless adapter cards “sense,” or listen, for network traffic before transmitting. If the network is free of traffic, the station will send its data.

However, unlike an Ethernet network, wireless network cards cannot send and receive transmissions at the same time, which means that they cannot detect a collision. Instead, the sending station will wait for an acknowledgment packet (ACK) to be sent by the destination computer, verifying that the data was received. If, after a random amount of time, an acknowledgment has not been received, the sending station will retransmit the data. The 802.11 standard also refers to CSMA/CA as Distributed Coordination Function (DCF).

Carrier Sense Multiple Access/Collision Detection (CSMA/CD) computers compete for the right to send data. In CSMA/CD, when a collision occurs, the computers sending the data wait a random amount of time before attempting to retransmit the data.

Answer 145

A

Token-passing access methods allow only the one computer that has the token to transmit data, meaning there is no contention for media access.

Answer 146

A

Demand priority is an 802.12 standard known as 100VG-AnyLAN. It operates at 100 Mbps. In the event of contention on the network, the higher-priority data is given access first

Answer 147

A

Modulation techniques − Modulation is the process of encoding source data onto a continuous carrier signal frequency.

Multiplexing − Multiplexing allows multiple communications sessions to share the same physical medium.
De-multiplexing − De-multiplexing separates 2 or more multiplexing channels.

Analog and digital techniques − With analog, transmission of data is done in the form of continuous subjecforms. With digital, the transmission of discrete data uses two distinct electric states: ‘1’ for “on” and ‘0’ for “off”.

Time-division multiplexing (TDM) − TDM supports different communication sessions (for example, different telephone conversations in a telephony network) on the same physical medium by causing the sessions to take turns.

Answer 148

A

Numbering systems − Binary, hexadecimal, and octal refer to different number systems. In the decimal system, you use ten different symbols: 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9. In a binary number system, you use only two symbols to represent numbers: 0 and 1.

The hexadecimal system uses sixteen symbols to represent numbers: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. Octal uses eight symbols to represent all the quantities: 0, 1, 2, 3, 4, 5, 6, and 7.

Answer 149

A

OSPF is a link-state routing protocol which uses cost as a metric for optimal path calculation. It is an open standard protocol based on Dijkstra’s Shortest Path First (SPF) algorithm. Routing metrics are used by routing protocols to determine the lowest cost path to a network number, which is considered the optimal or “fastest” path. Cisco’s implementation of OSPF calculates the cost (metric) of a link as inversely proportional to the bandwidth of that interface. Therefore, a higher bandwidth indicates a lower cost and a more favorable metric

The following are characteristics of OSPF:

Uses Internet Protocol (IP) protocol 89.
Has a default administrative distance of 110.
Is an industry standard protocol (non-Cisco proprietary).
Supports Non-Broadcast Multi-Access (NBMA) networks such as frame relay, X.25, and Asynchronous Transfer Mode (ATM). The default hello interval for NBMA networks is 30 seconds.
Supports point-to-point and point-to-multipoint connections.
Supports authentication.
Uses 224.0.0.6 as multicast address for ALL D Routers.
Uses 224.0.0.5 as multicast address for ALL SPF Routers.
Uses link-state updates and SPF calculation that provides fast convergence.
Recommended for large networks due to good scalability.
Uses cost as the default metric.

Answer 150

A

Maximum Transmission Unit (MTU), bandwidth, delay (latency), load, and reliability form a composite metric used by Interior Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP). IGRP is a distance vector routing protocol developed by Cisco Systems. Enhanced IGRP (EIGRP) is a Cisco-proprietary, hybrid routing protocol that combines features of both distance-vector and link-state protocols.

Answer 151

A

Hop count is a metric used by Routing Information Protocol (RIP). The fewer hops between the routers, the better the path.

Answer 152

A

Loopback interface − allows you to test to ensure that the local network interface is working properly. The IPv4 address for the locate loopback is 127.0.0.1, and the IPv6 address for the loopback is ::1. By pinging this address, you can determine whether the local network interface is working.

Answer 153

A

Routing table − a data table that lists the routes to particular network destinations. They can be stored on a router or computer. The routes that are included can be manually configured by using the appropriate routing command or can be automatically configured by the router.

Answer 154

A

Default route − the route that takes effect when no other route can be determined for a given destination. All packets for destinations not established in the routing table are sent via the default route. In most cases, the default route is to the router closest to the computer.

Answer 155

A

Interior Gateway Routing protocols versus Exterior Gateway Routing Protocols − protocols that route between autonomous systems or routing domains are referred to as Exterior Gateway Routing Protocols. Interior Gateway Routing Protocols discover paths between networks within the same organizational boundary, and EGPs discover paths between autonomous systems.

Answer 156

A

Autonomous System (AS) Numbers − numbers assigned to network operators by the Internet Assigned Numbers Authority (IANA) and the Regional Internet Registries (RIRs).

Answer 157

A

Route redistribution − when you take a route from one routing protocol and distribute it to another protocol. By default, routers only advertise and share routes with other routers running the same protocol. If you have an OSPF router and an EIGRP router and you want them to know each other’s routes, you would implement route redistribution so the two different protocols can share and advertise routes to each other.

Answer 158

A

High availability − can be ensured by implementing the following:
Virtual Router Redundancy Protocol (VRRP) − a protocol that manages virtual routers. VRRP sets up VRRP clusters.
Virtual IP − an address assigned to virtual routers.

Answer 159

A

Hot Standby Router Protocol (HSRP) − a Cisco proprietary first-hop redundancy protocol (FHRP) designed to allow for transparent fail-over of the first-hop IP router.

Answer 160

A

Route aggregation − minimizes the number of routing tables required in an IP network organizing network layer IP addresses in a hierarchical way so that addresses are topologically significant.

Answer 161

A

Shortest Path Bridging (SPB) − a routing protocol that identifies loop-free shortest paths to help with traffic engineering.

Answer 162

A

You should use the 802.11b and 802.11g wireless access points. These two standards operate at the 2.4 GHz frequency and can be used interchangeably. If you deploy all of these access points, you will need to ensure that each of them uses a different channel to prevent interference between them.

You cannot use 802.11a wireless access points with 802.11b or 802.11g wireless access points. 802.11a wireless access points operate at the 5 GHz frequency. Therefore, a solution that includes 802.11a will only provide two wireless access points.

Answer 163

A

VLANs place users from many locations into the same broadcast domain. A single VLAN can span multiple physical LAN segments. VLANs can be based on work function, common applications or protocols, departments, or other logical groupings. An example of a work function VLAN would be grouping all executives into the same broadcast domain.

The three main benefits of VLANs are security, segmentation, and flexibility. Flexibility and segmentation are important because today’s networking environment is no longer limited to a single location. With multiple district, branch, and home offices, traditional LANs are very inefficient. VLANs address these issues by allowing users to be grouped by functions, common applications, departments, and various other logical groupings. However, whichever criterion you use to group VLANs, you should be consistent throughout the network.

VLANs improve security by controlling broadcasts and forcing upper-layer security checks so that all devices cannot communicate using Layer 2 alone. A VLAN’s primary purpose is not to provide micro-segmentation for a single geographic location. VLANs do not provide switchless networking using virtual addresses, and VLANs can be grouped by multiple criteria, not just by their physical location. Note that each switch port is assigned to a single VLAN.

Answer 164

A

A packet-filtering firewall only examines the packet header information.

A stateful firewall usually examines all layers of the packet to compile all the information for the state table. A kernel proxy firewall examines every layer of the packet, including the data payload. An application-level proxy firewall examines the entire packet.

Packet-filtering firewalls are based on access control lists (ACLs). They are application independent and operate at the Network layer of the OSI model. They cannot keep track of the state of the connection.

A packet-filtering firewall only looks at a data packet to obtain the source and destination addresses and the protocol and port used. This information is then compared to the configured packet-filtering rules to decide if the packet will be dropped or forwarded to its destination. When implemented on a firewall, port security specifically allows or denies traffic based on which port is being used.

Answer 165

A

Shared authentication and open authentication were the two insecure methods of authentication under WEP. Under Shared Key Authentication (SKA), all of the clients used the same key, making the key very vulnerable to being cracked. This would be like giving every customer the keys to your business and once inside, they can do anything they want.

Authentication for wireless can be configured to OSA or open system authentication (no authentication), shared key authentication (SKA), pre-shared key (PSK), or 802.1x/EAP. An open wireless network does not require any form of authentication key, which is like leaving the front door open.

Answer 166

A

In a wireless network, a preshared key (PSK) is an encryption method used with WPA Personal or WPA2 personal. PSK is appropriate for Small Office Home Office networks. A user will request access to the wireless network, supply a passphrase, which is then used with the Service Set Identifier (SSID) to generate a unique encryption key.

Answer 167

A

Authentication and authorization are two of the three security principles in Authentication, Authorization, and Accounting (AAA). Authentication is validating that a user is who they say they are. This is, in essence, an identity check. Validation is often accomplished with the user supplying a user name and a password, but there are other methods available, such as biometrics.

Once authenticated, the next step is determining to which network resources should be granted to the user. This process is called authorization.

Accountability or accounting is holding personnel accountable for their actions. Accounting is accomplished by comparing the audit logs with the authorization settings and the security policy in order to determine compliance or violation. These audit logs are designed to keep a chronological and security-relevant collection of various records that revolve around a specific operation, device, or event. Teams should consistently and thoroughly review these logs to ensure compliance and to monitor for suspicious behaviors.

Answer 168

A

An intrusion prevention system (IPS) detects network intrusion attempts and controls access to the network for the intruders. An IPS is an improvement over an intrusion detection system (IDS) because an IPS actually prevents intrusion.

Answer 169

A

Time Division Multiple Access (TDMA) is obsolete. It is a multiplexing technique used to combine multiple signals in a single wireless cellular channel. It is a 2G cellular technology that was largely decommissioned in 2007-2009.

Answer 170

A

Code-division multiple access (CDMA) refers to a multiplexing technique used to combine multiple signals in a single wireless cellular channel. CDMA applies to both 2G and 3G cellular networks, and remains in wide use today at carriers such as Sprint, Virgin Mobile, and Verizon Wireless.

Answer 171

A

Enhanced Data Rates for GSM Evolution (EDGE) is three times faster than GSM (but based on GSM technologies). EDGE capabilities are roughly equivalent to those delivered on the original iPhone in late June 2007. It is still in use today.

Answer 172

A

Global System for Mobile (GSM) communications is the world’s most widely used cellphone technology. In the USA, T-Mobile, AT&T, and many other smaller cellular providers use GSM on their networks. Overseas, India, Russia, and China all have more GSM phone users than the USA. GSM is the best choice for those who need to use their cellphones outside the USA. Because GSM is still widely used today, it would not be obsolete and unusable in the vehicles.

Answer 173

A

Long Term Evolution (LTE) is an IP-based 4G cellular technology that started rolling out in 2012.

Answer 174

A

Omnidirectional antennas radiate in a 360-degree pattern in the horizontal plane.

The radiation pattern of an antenna defines the use of the antenna for WLAN deployments. Omnidirectional antennas have 360 degrees of coverage in the horizontal plane. These antennas are used for point-to-multipoint WLAN deployments for smaller areas. The combination of omnidirectional and directional antennas is used for long-distance point-to-multipoint bridging applications.

Answer 175

A

Patch antennas are unidirectional antennas with a wide beam width. Patch antennas are used for wide directional radiation patterns. Cisco manufactures 6.5-dBi diversity patch wall mount antennas that broadcast a 55-degree radiation pattern for the 2.4-GHz frequency band.

Yagi antennas are unidirectional antennas and have coverage pattern of 28 to 80 degrees in the 2.4-GHz frequency band. Cisco provides 13.5 dBi Yagi antennas with a 25-degree radiation pattern. Yagi antennas are used for point-to-multipoint and point-to-point directional WLAN deployments. Yagi antennas have a small physical footprint and minimal weight as compared to the other options.

Answer 176

A

The parabolic dish antennas are very high-gain antennas and have very sharp beam in radiation. Cisco provides 21 dBi parabolic dish antennas with a radiation pattern of 12 degrees for the 2.4-GHz frequency band. Parabolic dish antennas are used for point-to-point, long distance WLAN bridging deployments.

Answer 177

A

The characteristics match with the 802.11 specifications as follows:

802.11a − 5 GHz, up to 54 Mbps
802.11b − 2.4 GHz, up to 11 Mbps
802.11g − 2.4 GHz, up to 54 Mbps
802.11n − 2.4 or 5 GHz, up to 600 Mbps
802.11g devices are backwards compatible with 802.11b devices.

Answer 178

A

802.11ac operates in the 5GHz band up to 1 Gbps. You should use 802.11ac if you need to support HD video streaming to multiple devices. Spatial streams can be deployed in 802.11ac to support a higher bandwidth. For example, if your company requires a 800-Mbps wireless network throughput, you could deploy 802.11ac with 2 spatial streams and an 80 MHz bandwidth.

Answer 179

A

The newest generation of Wi-Fi is known as 802.11ax or Wi-Fi 6. 802.11ax builds on the strengths of 802.11ac by improving efficiency, flexibility, and scalability to allow new and existing networks to have increased speed and capacity. 802.11ax can transmit on either the 2.4 or 5 GHz bands, with plans to expand into the 6 GHz band. As of this writing, the planned maximum speed for 802.11ax is 3.5 Gbps.

Answer 180

A

You should deploy media converters between the wiring centers on each floor. By definition, a media converter maintains network characteristics, but permits dissimilar media to be linked together. A pair of media converters that can interlink TP (RJ-45) cables and some kind of standard fiber-optic interface would be a good solution for this scenario. They would permit you to use a single- or multi-mode duplex fiber optic cable to bridge the gap between floors in your office building. Multi-mode makes the most sense here because it is cheaper to purchase and install.

Brainscape's Knowledge GenomeTM

2.0 Network Implementation Flashcards

Brainscape's Knowledge Genome^TM