ACT CompTIA Network+ N10-008 Practice Test Flashcards
Identify and list the types of secure protocols that use communications protected by the host’s private key.
SELECT ALL THAT APPLY
Secure Hash Algorithm (SHA)
HyperText Transfer Protocol over SSL/TLS (HTTPS)
Message Digest (MD5)
Secure Shell (SSH)
HyperText Transfer Protocol over SSL/TLS (HTTPS)
Secure Shell (SSH)
When using a secure channel, such as Secure Shell (SSH), the communications are protected by the host’s private key. SSH typically uses a utility such as ssh-keygen.
When using a secure channel, such as HTTP over SSL/TLS, the communications are protected by the host’s private key. HTTPS make a certificate signing request (CSR) with new key material and submit it to the certificate authority (CA) that issues digital certificates.
Secure Hash Algorithm (SHA) is a secure hash algorithm and is a means of fingerprinting a file.
Message Digest (MD5) is a secure hash algorithm and is a means of fingerprinting a file.
An administrator configured a group of routers so that one router is the master, and all other routers are prioritized backups that monitor to the master and if the master loses connectivity one of the backups becomes the new master based on priority. What is the administrator using?
VRRP
Multipathing
NIC Teaming
ISP
VRRP
The administrator is using Virtual Router Redundancy Protocol (VRRP) where the active router is known as the master and all other backup routers monitor the status of the master.
An organization may need to contract multiple Internet Service Providers (ISPs) and use routing policies to forward traffic over multiple external circuits to provide fault tolerance and load balancing.
Network Interface Card (NIC) teaming on a host means combining two or more separate cabled links between a host and a switch into a single logical channel.
Multipathing means that a network node has more than one physical link to another node and is a default feature of full and partial mesh internetworks.
A network architect is updating the organization’s network to use one set of credentials to access corporate equipment, further mitigating threats and vulnerabilities. What is the architect creating for each employee?
Vendor assessment
Vulnerability assessment
Threat assessment
Single sign-on (SSO)
Single sign-on (SSO)
A single sign-on (SSO) system allows the user to authenticate once to a local device and access compatible application servers without having to enter credentials again.
A vulnerability assessment is an evaluation of a system’s security and ability to meet compliance requirements based on the configuration state of the system.
A vendor management assessment is a process for selecting supplier companies and evaluating the risks inherent in relying on a third-party product or service.
Threat assessment is the process of identifying threat sources and profiling the types and capabilities of threat actors.
A network consultant is conducting a test to determine the amount of data transferred through a connection over a given period. What is the consultant testing?
Netflow data
Bandwidth
Baselines
Audit Logs
Bandwidth
Generally, bandwidth refers to the amount of transferable data through a connection over a given period.
An audit log records the use of authentication and authorization privileges. It will generally record success/fail type events. An audit log is also an access log or security log.
Reviewing baselines is the process of evaluating whether a baseline is still fit for purpose or whether a network technician should establish a new baseline.
Netflow is a Cisco-developed means of reporting network flow information to a structured database. NetFlow allows a better understanding of IP traffic flows as used by different network applications and hosts.
A school with no resources stages an enterprise mobility management solution for their planned “Bring Your Own Device” (BYOD) program. A network analyst will caution them about obstacles they will need to mitigate as a successful part of this rollout. What are the obstacles? (Select all that apply.)
SELECT ALL THAT APPLY
Security
Feature licensing
Misconfigured firewall
Compatibility
Security
Compatibility
BYOD device variety also causes security issues, especially in terms of unpatched devices. Another issue is that the device is not fully under the administrative control of the IT department. An insider threat actor could install apps that might risk school data or misuse the device to exfiltrate data.
The wide range of BYOD devices, mobile OS versions, and vendor support for patches do the job of ensuring that each device can connect to network apps and data resources highly complex.
Licensing for servers and network appliances can be complex, and it is easy to make configuration errors. Although this would be a problem, it would not be specific to a BYOD subset of devices.
Although a misconfigured firewall would be something to address, it would affect all BYOD devices and school-owned devices.
A network administrator is trying to set up IP assignments to be automatic for all broadcast domains. How can they enable this for routers?
Dynamic assignment
Stratum
IP helper
DHCP relay
DHCP relay
A DHCP relay agent can be configured to provide forwarding of DHCP traffic between subnets. Routers that can provide this type of forwarding are described as RFC 1542 compliant.
This IP helper functionality can be configured on routers to allow set types of broadcast traffic (including DHCP) to be forwarded to an interface.
A disadvantage of the standard dynamic assignment method is that it does not guarantee that any given client will retain the same IP address over time.
Top-level NTP servers (stratum 1) obtain the Coordinated Universal Time (UTC) via a direct physical link to an accurate clock source.
A network administrator implemented video surveillance mechanisms to provide a layer of defense in the event prevention-based controls fail to work. If this security mechanism is effective, it ensures which of the following options? (Select all that apply.)
SELECT ALL THAT APPLY
Detecting attempts to penetrate a barricade
Recording of movement and access
Improving resilience of perimeter gateways
Shorter response times and fewer guards needed
Detecting attempts to penetrate a barricade
Recording of movement and access
Improving resilience of perimeter gateways
Detection-based controls provide an important layer of defense if prevention-based controls fail to work. Effective surveillance mechanisms ensure attempts to penetrate a barricade are detected.
Detection-based controls provide an important layer of defense if prevention-based controls fail to work. Surveillance is another layer of security designed to improve the resilience of perimeter gateways.
Detection-based controls provide an important layer of defense if prevention-based controls fail to work. The other big advantage of video surveillance is that movement and access can be recorded.
The main drawback to surveillance is longer response times, and security may be compromised if not enough staff are in place to monitor the camera feeds.
A fancy new office floor uses high-gloss, shiny tile on the walls and on the building’s inside pillars. Employees are reporting connectivity issues and slow download speeds. Identify the most likely reason for the reported issues.
Signal mismatch
Signal refraction
Signal absorption
Signal reflection
Signal reflection
A signal reflection is a multipath interference caused by mirrors or shiny surfaces. A high-gloss, shiny tile will have a mirror effect. A variable delay in the signal is also introduced in this case.
A signal refraction occurs when radio waves bend and take a different path to the receiver caused by glass or water.
A signal absorption happens when obstacles such as walls are in the signal’s patch. Concrete walls are the most effective at absorbing the wireless signal.
A signal or frequency mismatch occurs, for example, when a laptop with a network interface card (NIC) using a 2.4 Ghz frequency attempts to connect to an access point (AP) using the 5.0 Ghz frequency. All users are connecting in this case.
Which of the following are characteristics of cloud services as opposed to local services? (Select all that apply.)
SELECT ALL THAT APPLY
Direct attached storage
Pay-per-use
Virtualization
Rapid elasticity
Pay-per-use
Rapid elasticity
Cloud service provides rapid elasticity. This means it can scale quickly to meet peak demand. A company may operate a single web server for part of the year but provision additional instances for the busy periods.
Pay-per-use is a feature provided by many cloud services like Amazon Web Services and Microsoft Azure Cloud. Customers only use services as needed, making it cost efficient.
Virtualization is used on cloud and local services. Although virtualization makes cloud possible, it is not exclusive to cloud services. vSphere virtual solutions can be used as stand alone.
Direct attached storage (DAS) is a storage drive within a computer server. Although cloud services may operate on physical hosts with DAS, it is not exclusive to cloud services.
A network engineer is designing a network in various offices to create multiple broadcast domains. Each has its own Virtual Local Area Network (VLAN). When configuring these multiple broadcast domains on the switch, the switch will be operating at what layer of the OSI model?
Layer 7
Layer 2
Layer 5
Layer 3
**Layer 3 **
Layer 3 of the OSI model is the Network layer. Information is sent and configured using logical network addresses (e.g. IP address). Layer 3 switches are capable of creating multiple broadcast domains using multiple subnet IP ranges.
Layer 2, or the Data link layer, is responsible for transferring data between nodes on the same logical segment using local or hardware addresses (e.g. MAC address).
Layer 7 or the application layer provides an interface for software programs on the network. A switch will never operate at layer 7.
Layer 5 or the Session layer represents the dialog control functions to exchange messages between the client and server. SSH (Secure Shell) is an example of using the session layer.
A tech team provides a network technician with a faulty device. They want a new one with the same parameters as the failed device. What should the parameters on the new device be?
Baseline Configuration
Business Continuity Plan
Audit and Assessment Report
Change Management
Baseline Configuration
Each device should have a documented baseline configuration. The deployment process should be capable of applying this configuration to a replacement device or restoring a faulty device.
A documented change management process minimizes the risk of unscheduled downtime by implementing changes in a planned and controlled way.
An audit and assessment report makes recommendations on where the network is not meeting goals for performance or security.
Business continuity planning (BCP) identifies controls and processes that enable an organization to maintain critical workflows in the face of some adverse event.
A network engineer is setting up a network in a new building. What should the engineer complete to make sure the access points are properly placed?
nmap
Asset tags
Site survey
Baseline report
Site survey
A site survey is documentation about a location to build an ideal wireless infrastructure. It often contains optimum locations for wireless antenna and access point placement to provide the required coverage for clients and identifying sources of interference.
A baseline is a snapshot of a known good configuration and how a device operates at that known good configuration.
Asset tags are important to gather when setting up a network to track where devices are, but it does not help the network’s performance.
The Nmap Security Scanner is widely used for IP scanning, both auditing and penetration testing tools.
What application can define policy decisions on the control plane?
Software Defined Networking (SDN)
Network Controller
Storage Area Network (SAN)
Distributed switching
Software Defined Networking (SDN)
A Software Defined Networking (SDN) application, or suite of applications, can be used to define policy decisions on the control plane.
The decisions that are defined by the SDN are implemented on the data plane by a network controller application. The network controller application interfaces with the network devices using Application Programming Interfaces (APIs).
Distributed switching accommodates the design goals of adaptability and scalability and is a hierarchical model.
A Storage Area Network (SAN) is one that interconnects storage devices, such as tape drives, to make pools of shared storage capacity available to servers.
A network technician is setting up DHCP scopes for printers. Which of the following would be the best practice for these? (Select all that apply.)
SELECT ALL THAT APPLY
Dynamic assignment
Lease time
Reservation
Static assignment
Reservation
Static assignment
A reservation is a mapping of a MAC address or interface ID to a specific IP address within the DHCP server’s address pool.
Statically assigned addresses can be assigned from a specially configured exclusion range if this is supported by the server.
One disadvantage of the standard dynamic assignment method is that it does not guarantee that any given client will retain the same IP address over time.
A long lease time means the client does not have to renew the lease often, but the DHCP server’s available pool of IP addresses is not replenished frequently. Printers should be fixed.
A technology company is investigating the possibility of working with a marketing company on the development and advertising of a new product. In order to discuss the details of the product without concern that the marketing firm will share it with other technology companies, what will the technology company ask the marketing firm to sign?
Memorandum of understanding
Security policy
Service level agreement
Non-disclosure agreement
Memorandum of understanding
The technology company will ask the marketing firm to sign a memorandum of understanding (MOU) which is a preliminary agreement to express an intent to work together and almost always have clauses stating that the parties shall respect confidentiality.
A non-disclosure agreement (NDA) defines the permitted uses of sensitive data, the enforcement of storage and distribution restrictions, and what penalties for breaches of the agreement will incur.
Security policy establishes a duty for each employee to ensure the confidentiality, integrity, and availability of any data assets or processing systems that they use as part of their job.
A service level agreement (SLA) is a contractual agreement setting out the detailed terms under which a service provider provides an ongoing service.
A network engineer conducts a redundancy check and identifies that interference exists due to a poor-quality cable. What is this finding called?
CRC
Logging Levels
MIB
CRC error
CRC error
Interference usually causes CRC errors. This interference might be due to poor quality cable or termination, attenuation, mismatches between optical transceivers or cable types, or some external factor.
The error checking field contains a 32-bit (4-byte) checksum called a Cyclic Redundancy Check (CRC) or Frame Check Sequence (FCS).
The logging level configured on each host determines the maximum level at which events are recorded or forwarded.
The agent is a process (software or firmware) running on a switch, router, server, or other SNMP-compatible network devices. This agent maintains a database called a Management Information Base (MIB) that holds statistics relating to the device’s activity, such as the number of frames per second handled by a switch.
A network administrator is deciding which session control protocol they should use for their environment. Which of the following would they use?
EGP
RIP
RTP
SIP
SIP
The Session Initiation Protocol (SIP) is one of the most widely used session control protocols. SIP endpoints are the end-user devices (also known as user agents), such as IP-enabled handsets or client and server web conference software.
While SIP provides session management, the actual delivery of real-time data uses different protocols. The principal one is Real-time Transport Protocol (RTP).
The Routing Information Protocol (RIP) is a distance vector routing protocol. RIP only considers a single piece of information about the network topology.
An Exterior Gateway Protocol (EGP) can advertise routes between autonomous systems. An EGP includes a field to communicate the network’s autonomous system ID.
An office installed a wireless Access Point (AP). A network technician is in the area, surveying the signal from the AP and other background noises. The technician is looking for an above average Signal-to-Noise Ratio (SNR) to approve use of the AP. Which of the following readings would the technician consider unsatisfactory? (Select all that apply.)
SELECT ALL THAT APPLY
Background noise decibel is high.
RSSI (Received Signal Strength Indicator) decibel is low.
AP signal decibel is high.
SNR is high.
Background noise decibel is high.
RSSI (Received Signal Strength Indicator) decibel is low.
RSSI (Received Signal Strength Indicator) is an access point (AP) signal expressed as a percentage or decibel reading (dBm). A low dBm reading is unsatisfactory.
Background noise dBm must be as low as possible. AP signal dBm should be higher than background noise, and never the same to be rated good.
An AP signal with a high decibel reading (dBm) with the number beginning in the negative range and moving towards 0, is good. A -50 dBm is better than -65 dBm.
The signal-to-noise ratio must be high to be rated good. For example, if signal is 65 dBm and noise is 90 dBm, the SNR is 25 decibels (dB). A SNR at 5 dB would be worse.
fiber link is terminated at a demarc. Which of these solutions would accomplish that?
Smartjack
VDSL
FTTP
FTTN
FTTP
The most expensive solution is Fiber to the Premises (FTTP). The essential point about both these implementations is that the fiber link is terminated at the demarc.
Fiber to the Node (FTTN) retains some sort of copper wiring to the demarc while extending the fiber link to a communications cabinet servicing multiple subscribers.
Service providers with their roots in telephone networks use Very high-speed DSL (VDSL) to support FTTC. It allows for both symmetric and asymmetric modes.
A T1 line from the service provider is terminated at the demarc on a smartjack. The smartjack has an RJ-48C or RJ-48X interface on the customer side.
An engineer plans to configure a device as transparent, rather than non-transparent, at an organization. Which device does the engineer configure?
Firewall
Load balancer
Proxy server
Content filter
Proxy server
A proxy server is used as a middle-man for Internet access. A transparent proxy is configured on an inline device, while a nontransparent proxy is configured on a client machine.
Content filtering is a feature found in security appliances, such as firewalls. With content filtering enabled, people can block websites based on criteria such as topic categorization.
Firewalls are principally used to implement security zones, such as intranet, screened subnet topology, and Internet.
A load balancer distributes client requests across available systems, like server nodes in a farm or pool. Clients use the single name/IP address of the load balancer to connect to the servers in the farm.
A cyber engineer tests the organization’s network firewall to see if any vulnerabilities can be observed. What is the name of this test?
Penetration
Kerberos
LDAP
Honeypot
Penetration
Penetration testing aims to model how exposed the organization is to vulnerabilities that threat actors could exploit.
The client submits the Kerberos credentials (a Ticket Granting Ticket) obtained when the user logged onto the workstation to the server using the Generic Security Services Application Program Interface (GSSAPI).
Lightweight Directory Access Protocol (LDAP) is not a directory standard but a protocol used to query and update an X.500-like directory.
A honeypot is a computer system set up to attract attackers, intending to analyze attack strategies and tools, provide early warning of attack attempts, or possibly as a decoy to divert attention from actual computer systems.
There has been a system breach on the corporate network utilizing the installation of particular software. The security manager asks for a report to show which computers have this software installed on them. What data should the security administrator investigate to provide the requested information?
Syslog
Encapsulation errors
CRCs
Netflow data
Syslog
Syslog is an example of a protocol and supporting software that facilitates log collection. It has become a de-facto standard for logging events from distributed systems.
Netflow is a Cisco-developed means of reporting network flow information to a structured database. NetFlow allows a better understanding of IP traffic flows as used by different network applications and hosts.
Encapsulation errors will prevent transmission and reception. If you check the interface status, the physical link will be up, but the line protocol will be down.
CRC errors are caused by interference. This interference might be due to poor quality cable or termination, attenuation, mismatches between optical transceivers or cable types, or some external factor.
What describes what happens when traffic is recirculated and amplified by loops in the switching topology?
Asymmetrical routing
Broadcast storm
Hardware failure
Routing loop
Broadcast storm
In a broadcast storm, traffic is recirculated and amplified by loops in a switching topology, causing network slowdowns and crashing switches.
A routing loop occurs when two routers use one another as the path to a network. Packets are caught in a routing loop circle around until the TTL expires. One symptom of a potential routing loop is for routers to generate ICMP Time Exceeded error messages.
Asymmetrical routing refers to a topology where the return path is different from the forward path.
Hardware failure may cause issues on a network but typically does not cause a flood of traffic.
A user logged on to a desktop client and was immediately prompted to enter credit card information to proceed. What type of attack is the user witnessing on screen?
Brute-force attack
Ransomware
MAC spoofing
Phishing
Ransomware
Ransomware is malware that tries to extort money from the victim. For example, it does this by appearing to lock the victim’s computer or by encrypting their files.
Phishing is an email-based social engineering attack, where the attacker sends an email from a supposedly reputable source to try to elicit private information from the victim.
Brute-force attack is a password attack where software tries to match the password hash against one of every possible combination it could be to gain access to a system.
Media Access Control (MAC) or IP spoofing is when a threat actor spoofs the value of a valid MAC or IP address to try to circumvent an access control list or impersonate a legitimate server.
A network port does not seem to be working properly. Which of the following tools can be used to test if the the port is sending out data?
Loopback plug
Crimper
Patch cable
OTDR
Loopback plug
A loopback plug or adapter is a specially wired RJ-45 plug with a 6” stub of cable used to test for faulty ports and network cards.
A patch cable is an Ethernet or optical cable used to connect two electronic devices to each other. It is mostly referred to as short cables that “patch” certain physical routes from a patch panel or a switch.
A cable crimper is used to create network cables with terminated ends such as a patch cable. Different types of crimpers are specific to the type of connector and cable.
An OTDR (optical time domain reflector) is a fiber optic testing tool. it tests for attenuation using an optical source and optical power meter (or light meter).
A network administrator wants a network switch to authenticate attached devices before activating their port on the switch. When combined, which authentication methods provide the means to validate a client’s access to the network before being allowed access? (Select all that apply.)
SELECT ALL THAT APPLY
IEEE 802.1X
EAP
Local authentication
TACACS+
IEEE 802.1X
EAP
The Institute of Electrical and Electronics Engineers (IEEE) 802.1X uses authentication, authorization, and accounting (AAA) architecture that are made up of three components: a supplicant, network access point, and AAA server.
The Extensible Authentication Protocol (EAP) provides a framework for deploying multiple types of authentication protocols and technologies, many of which use a digital certificate on the server and/or client machines.
Terminal Access Controller Access Control System (TACACS+) is a similar protocol to RADIUS and is often used in authenticating administrative access to routers and switches.
The local authentication provider is the software architecture that underpins the mechanism by which the user is authenticated before starting a shell. This is a login (Linux) or a logon or sign-in (Microsoft).
A custom client application is unable to communicate with the internal Internet Information Services (IIS) server. Pinging or establishing a telnet connection from a workstation to the server works normally using an IP address or FQDN. Examine the following reasons and determine possible causes for this network issue. (Select all that apply.)
SELECT ALL THAT APPLY
The SSL (Secure Sockets Layer) certificate is not trusted.
The IIS service is not running.
TCP ports are blocked.
The client cannot resolve server’s name.
The IIS service is not running.
TCP ports are blocked.
The application on the client workstation may be communicating over a blocked Transmission Control Protocol (TCP) port. The workstation can communicate using Telnet via TCP port 23; ports may need to be manually allowed in and out.
The IIS service may not be working, causing the client application not to connect as well. Services on a Windows computer is viewable using the Services management console (services.msc).
As both a ping and Telnet test are successful between the client and the server using both an IP address and the hostname, name resolution is found to be working properly.
The client was not accessing the IIS server using a web browser, which indicates if a server certificate was installed or trusted.
A licensed wiring professional runs Cat 6A cable in lengths under 55 meters in an office building. What specification of cabling does the professional install?
100BaseT
1000BaseT
1000BaseLX
10GBaseT
10GBaseT
10GBaseT Ethernet specifies speeds of 10 gigabits. Cat 6, 6A, and 7 twisted pair cables fall under the 10GBaseT Ethernet specification.
100BaseT is a legacy cabling standard that supports speeds up to 100 megabits per second.
1000BaseT Ethernet specifies speeds of 1 gigabit. It is important to note that Cat 6 and Cat 6A fall under multiple specifications using criteria such as cable length.
1000Base-LX is a specification for gigabit Ethernet net using fiber optic cabling.
A data center technician is setting up high-speed connections between servers and storage but wants to save on cost. What would be a good way to do this?
NFV
FC
FCoE
iSCSI
FCoE
Provisioning separate Fibre Channel adapters and cabling is expensive. As its name suggests, Fibre Channel over Ethernet (FCoE) is a means of delivering Fibre Channel packets over Ethernet cabling and switches.
Fibre Channel (FC) is defined in the T11 ANSI standard. Provisioning separate Fibre Channel adapters and cabling is expensive but can provide higher speeds.
Internet Small Computer System Interface (iSCSI) is an IP tunneling protocol that enables the transfer of SCSI data over an IP-based network. iSCSI works with ordinary Ethernet network adapters and switches.
Virtual appliances might be developed against a standard architecture, such as ETSI’s Network Function Virtualization (NFV).
A network engineer has installed a new switch. What should the engineer check to troubleshoot the trunk port connected to the corporate network?
Byte count
Latency
Link state
Duplex/speed
Link state
Link state measures whether an interface is working (up) or not (down). You should configure an alert if an interface goes down so that you can investigate immediately. You may also want to track the uptime or downtime percentage so that you can assess a link’s reliability over time.
It is often helpful to monitor both packet counts and bandwidth consumption. High packet counts will incur a processing load on the CPU and system memory resources.
If an interface operates in half-duplex mode, there is likely to be a problem unless you support a legacy device.
Latency is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms).
The IT floor of a bank building contains servers that hold confidential data and the bank needs to regulate access to sensitive areas within the building. Analyze the scenario to determine which options can be implemented to allow employees to authenticate through locked barriers. (Select all that apply.)
SELECT ALL THAT APPLY
Smart Badge
Cameras
Radio Frequency Identification (RFID)
Biometric Device
Smart Badge
Biometric Device
A smart badge comes with an integrated chip and data interface that stores the user’s key pair and digital certificate. The user presents the card and enters a PIN and then the card uses its cryptographic keys to authenticate securely via the entry point’s badge reader.
A biometric device is activated by human physical features, such as a fingerprint, voice, retina, or signature.
Detection-based controls provide an important additional layer of defense in the event that prevention-based controls, such as key fob security, fail to work.
Radio Frequency Identification (RFID) is a means of encoding information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else.
A network engineer wants to install an antenna that could receive and send data from all directions. What type of directional antenna would the network technician use?
Wi-Fi Protected Access
Regulatory Impacts
Directional
Omni
Omni
The antenna type determines the propagation pattern or shape of the radio waves transmitted. Most wireless devices have simple omnidirectional vertical rod-type antennas, which receive and send signals in all directions more-or-less equally.
The exact use of channels can be subject to different regulations in different countries. Regulatory impacts also include a strict limit on power output, constraining the range of Wi-Fi devices.
The first version of Wi-Fi Protected Access (WPA) fixes critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard.
Directional is the angle that an antenna sends and receives traffic.
A network administrator would like to setup a group of servers to retrieve the same content from a single host on the internal network. Which of the following will allow this type of data flow? (Select all that apply.)
SELECT ALL THAT APPLY
IGMP must be used to configure group membership.
A broadcast domain must be configured on the switches.
A multicast IP address is assigned to the servers.
A broadcast IP address is assigned to the servers.
IGMP must be used to configure group membership.
A multicast IP address is assigned to the servers.
IPv4 multicasting allows one host on the public or private network to send content to other hosts that have joined a multicast group. Each server will be given the same multicast IP address to join the group.
Internet Group Management Protocol (IGMP) is used to configure group memberships and IP addresses.
Broadcast IP addresses are not assigned to a single host. The last address in any IP network is the broadcast address (e.g. 192.168.1.255).
A broadcast domain is when all the hosts receive the same broadcast packets, and it is not specific to any group of hosts. A basic layer 2 switch is an example of a broadcast domain.
A network professional is installing software onto every company computer and phone that requires several layers of protection for authentication. What is this called?
Multifactor
Network segmentation enforcement
Screened subnet
Zero-Day
Multifactor
An authentication technology or mechanism is considered strong if it combines the use of more than one authentication data type (multifactor).
At layers two and three, network segmentation enforcement is applied using a combination of virtual LANs and subnets. Each segment is a separate broadcast domain.
A screened subnet uses two firewalls placed on either side of the perimeter network zone. The edge firewall restricts traffic on the external/public interface and allows permitted traffic to the hosts in the perimeter zone subnet.
A vulnerability that is exploited before the developer knows about it or can release a patch is called a zero-day.
A user filed a complaint with their company’s helpdesk support team about threatening pop-up messages. The messages say the user’s files are encrypted due to terroristic activity and that the data will stay encrypted until paid in bitcoin. What type of attack is the user most likely witnessing?
DNS poisoning
ARP spoofing
Ransomware
MAC spoofing
Ransomware
Ransomware is a type of malware that tries to extort money from the victim. The crypto-malware class of ransomware attempts to encrypt data files with an encryption key.
Domain Name System (DNS) poisoning is an attack that compromises the name resolution process. The attacker will replace the valid IP address for a trusted website, with the attacker’s IP address.
Media Access Control (MAC) or IP spoofing is when a threat actor spoofs the value of a valid MAC or IP address to try to circumvent an access control list or impersonate a legitimate server.
ARP spoofing, or ARP cache poisoning, perpetrates an on-path attack by broadcasting unsolicited ARP reply packets, also known as gratuitous ARP replies, with a spoofed source address.
A systems administrator wants to put in place a procedure for patch management on a Cisco network switch. Which of the following actions should be added to that procedure when preparing to flash the chip? (Select all that apply.)
SELECT ALL THAT APPLY
Load the old image at the device startup.
Complete environment and compatibility checks.
Make a backup of the system configuration.
Rollback the firmware version and updates.
Complete environment and compatibility checks.
Make a backup of the system configuration.
Updating firmware is known as flashing the chip. It is important to make a backup of the system configuration (especially for a firewall) before performing a firmware update or upgrade.
Complete an environment and compatibility check before upgrading the firmware. This may include using, for example, the IOS Software Checker for Cisco network devices to identify the “first fix” version.
Loading an old image at startup may not be compatible with the latest IOS software. Work with the current image for a proper upgrade.
Downgrading (or rollback) refers to reverting to a previous version of the software or firmware. This is only necessary to fix a problem caused by a recently upgrade.
A network technician is setting up network devices at a remote branch office. A small switch in the corner of the office connects the various workstations using category 6 Ethernet cables. A wireless access point in the center of the office connects company iPads. Some workstations are given wireless Network Interface Cards (NICs) because they are harder to reach. Which of the following devices in this scenario are layer 2 devices? (Select all that apply.)
SELECT ALL THAT APPLY
Category 6 Ethernet cable
Wireless Access Point
Network Switch
Wireless NICs
Wireless Access Point
Network Switch
Wireless NICs
A Wireless Access Point (WAP) is a layer 2 device that allows nodes with wireless network cards to communicate and creates a bridge between wireless networks and wired ones.
A basic network switch is a layer 2 device that is a more advanced type of bridge with many ports. It creates links between large numbers of nodes more efficiently.
Wireless or standard Network Interface Cards (NICs) are layer 2 devices that join a host to network media.
Category 6 (Cat6) Ethernet cables are part of layer 1 or the physical layer of the OSI model. They link nodes using a form of transmission or physical media.
Networks are vulnerable to several types of malicious attacks, and network engineers must prevent such attacks by various means. One means of protection available prevents denial of service (DOS) against a route processor over control or management plane protocols and packets. What answer choice describes this security method?
Dynamic ARP inspection
MAC filtering
Control plane policing
Preshared keys (PSKs)
Control plane policing
Control plane policing is a security method that prevents DoS attacks against a route processor over control or management plane protocols and packets.
MAC filtering is a security method where an access control list can be applied to a switch or access point so that only clients with approved MAC addresses can connect to it.
Dynamic ARP inspection is a security feature that prevents a host attached to an untrusted port from flooding the segment with gratuitous ARP replies.
Preshared keys (PSKs) are used in WPA2 for authentication that uses a passphrase to generate the key used to encrypt communications, also referred to as group authentication.
Which of the following Domain Name System (DNS) records can identify a record that is providing a network service or protocol?
TXT
PTR
NS
SRV
SRV
An SRV (service) record is used to identify a record that is providing a network service or protocol. They are often used to locate VoIP or media servers.
An NS (name server) record identifies authoritative DNS name servers for the zone. In most enterprise networks, each zone will have at least two DNS servers holding a replicated copy of the zone.
A PTR (pointer) record is found in reverse lookup zones and is used to resolve an IP address to a host name.
A TXT record stores any free-form text that may be needed to support other network services. They are most commonly used as part of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).
A network engineer is looking to support the local area network by implementing a payload that can manage up to 9,000 bytes. What could the engineer use to meet this byte requirement?
Spanning Tree Protocol
Duplex
Flow Control
Jumbo Frames
Jumbo Frames
A jumbo frame supports a data payload of up to around 9,000 bytes. This reduces the number of frames that need to be transmitted, reducing the amount of processing that switches and routers need to do.
IEEE 802.3x flow control allows a server to instruct the switch to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames.
Most Ethernet interfaces operate in full-duplex mode. If an interface operates in half-duplex mode, there is likely to be a problem unless you support a legacy device.
The spanning tree protocol (STP) is a means for the bridges or switches to organize themselves into a hierarchy.
A network engineer has prepared a new switch for installation. What did the engineer install on the new switch?
Netflow data
Baselines
Link state
MIBs
Baselines
A performance baseline establishes the resource utilization metrics at a point in time, such as when the system is installed. Baselines provide a comparison to measure system responsiveness later.
Management Information Base (MIB) holds statistics relating to the device’s activity, such as the number of frames per second handled by a switch.
Netflow is a Cisco-developed means of reporting network flow information to a structured database. NetFlow allows a better understanding of IP traffic flows as used by different network applications and hosts.
Link state measures whether an interface is working (up) or not (down).
An administrator normally working on a remote server using Remote Desktop Protocol (RDP), loses the session abruptly. The administrator pings the server and does not receive a reply. An RDP session is attempted again, and the administrator can log in. Why was the administrator unable to ping the server?
IP traffic was not encypted.
IP traffic was not tunneled.
ICMP traffic was blocked.
TCP traffic was blocked.
IICMP traffic was blocked.
nternet Control Message Protocol (ICMP) is used for status messaging and connectivity testing. An inbound rule blocking ICMP traffic using a firewall will prevent a reply if a ping command is used externally on the server.
Transmission Control Protocol (TCP) operates at the transport layer to provide connection-oriented, guaranteed delivery of packets. RDP uses TCP port 3389, which is not blocked.
Encapsulating Security Payload (ESP/50) and Authentication Header (AH/51) are used with the encrypted form of IP (IPSec).
Generic Routing Encapsulation (GRE/47) is used to tunnel packets across an intermediate network. This is used (for example) in some virtual private network (VPN) implementations.
A network technician purchasing a computer wants to ensure that it has enough temporary processing to fulfill the software requirement. What are they looking for?
Latency
Jitter
Bandwidth
Memory
Memory
Memory is considered the component of computers that temporarily stores actively used data.
Latency is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms). You can test the latency of a link using tools such as ping, pathping, and mtr. When assessing latency, you need to consider the Round Trip Time (RTT).
Jitter is a variation in the delay. Jitter manifests itself as an inconsistent rate of packet delivery. Jitter is also measured in milliseconds, using an algorithm to calculate a sample of transit times value.
Generally, bandwidth refers to the amount of transferable data through a connection over a given period.
A network technician is comparing types of VPN configurations. One VPN configuration will route all traffic via the VPN gateway and another VPN configuration only routes the private network traffic via the VPN gateway. What is the network technician comparing?
SSH
Virtual network computing (VNC)
Split tunnel vs. full tunnel
Remote desktop gateway
Split tunnel vs. full tunnel
Split tunnel VPNs only route private network traffic through the VPN gateway. Full tunnel VPNs route all network traffic via the VPN gateway.
SSH (secure shell) is a secure way to connect remotely to network appliances for in-band management.
Virtual network computing (VNC) is a popular alternative to Remote Desktop, similar to another application called TeamViewer.
Remote desktop gateway can be a means of implementing a clientless VPN and can also allow a user to access networked applications. A gateway can be used to connect a user to a virtual desktop, where a client operation system and applications software is provisioned as a virtual appliance.
A cyber consultant examines the security of the control room and evaluates the organization’s maturing level and its use of security policy and controls. What is the name of this assessment?
Posture assessment
Threat assessment
Process assessment
Penetration testing
Posture assessment
Posture assessment is often performed with reference to an IT or security framework. The framework can assess the organization’s maturity level in its use of security policies and controls.
Process assessment involves identifying critical systems and assets that support these functions.
Penetration testing aims to model how exposed the organization is to vulnerabilities that threat actors could exploit.
Threat assessment is the process of identifying threat sources and profiling the types and capabilities of threat actors.
What access security controls are important to consider when managing remote access for network administrators? (Select all that apply.)
SELECT ALL THAT APPLY
Remote desktop connection
Authentication
Secure shell session
Authorization
Authentication
Authorization
Administrative access to devices must always using strong authentication security controls. This verifies the administrator’s identity and provides accountability.
Administrators must be authorized to log on to a device and use/manage it’s services. Authorization can be given to individual users or groups. Authorization determines what rights and privileges a particular entity has.
A secure shell (SSH) session is an access method or connection that allows an administrator to securely implement remote configuration changes to network devices.
A remote desktop connection is an access method that allows an administrator to access, for example, a Windows server that host firewall services from which further administrative changes can be made using a graphical user interface (GUI).
A Linux administrator is configuring a Linux server’s network interface card. The server must have a static IP (Internet Protocol) address for a Class C network. Settings must be verified. Analyze and select which commands would be most appropriate to run in this scenario. (Select all that apply.)
SELECT ALL THAT APPLY
ifconfig
ifconfig eth0 netmask 255.255.255.0
ifconfig eth0 broadcast 192.168.101.100
ifconfig eth0 192.168.101.120
ifconfig
ifconfig eth0 netmask 255.255.255.0
ifconfig eth0 192.168.101.120
The ifconfig utility is used on Linux and Unix hosts to gather and configure network settings. The ifconfig eth0 192.168.101.120 command sets the static IP address of eth0 or the first network interface (NIC) card of the host.
The ifconfig eth0 netmask 255.255.255.0 command sets the subnet mask. This is the default subnet mask for a Class C network.
The ifconfig command with no arguments will output a list of all active interfaces and their details. This can be used to verify a change after it has been made.
The ifconfig eth0 broadcast 192.168.101.100 command sets the broadcast IP address to the given interface. This is not applicable in this case.
A network consultant reviews protocols to determine if bonded links between the switch ports and the end system were auto negotiated? What is the name of this protocol?
MAC address tables
VLAN
LACP
PoE+
LACP
Link Aggregation Control Protocol (LACP), which can be used to auto-negotiate the bonded link between the switch ports and the end system, detects configuration errors and recovers from the failure of one of the physical links.
A switch learns MAC addresses by reading the source address when a port receives a frame. The address mapping for that port normally caches in a MAC address table.
VLAN can reduce broadcast traffic when a network has expanded beyond a certain number of hosts or users. From a security point of view, each VLAN can represent a separate zone.
PoE+ are powered devices that can draw up to about 25 W, with a maximum current of 600 mA.
A network technician attempts to set up the configuration to help prevent dropped packets, delay, or jitter for voice communications. What ensures that audio and video are free from these issues?
QoS
Session control
Data transport
SIP
QoS
Quality of Service (QoS) ensures that voice or video communications are free from problems, such as dropped packets, delays, or jitter.
Session control handles use discovery, availability advertising, negotiating session parameters, and session management and termination.
Data transport handles the delivery of the actual video or voice information.
The Session Initiation Protocol (SIP) is one of the most widely used session control protocols. SIP endpoints are the end-user devices, such as IP-enabled handsets or client and server web conference software. Each device, conference, or telephony user is assigned a unique SIP address known as a SIP Uniform Resource Indicator (URI).
A security administrator wants to ensure that the router setup prevents badly addressed packets from permanently circulating the network. Which of the following accomplishes this?
Static routing
QoS
TTL
Administrative distance
TTL
At each router, the Time to Live (TTL) IP header field is decreased by at least 1. This prevents badly addressed packets from permanently circulating the network.
Quality of Service (QoS) ensures that voice or video communications are free from problems, such as dropped packets, delays, or jitter.
Static routing tables are manually configured and require a lot of maintenance when there is a change in the network. This is not ideal for a robust network.
An Administrative Distance (AD) value expresses the relative trustworthiness of the protocol supplying the route. Default AD values are coded into the router but can be adjusted by the administrator if necessary.
There are many ways to authenticate a user based on an authentication card they have. However, a user must keep up with and is responsible for the authentication card as dictated through company onboarding training. Which of the following mitigates the risk of a lost or stolen authentication card?
Card used self-signed certificates
Card is contactless
User must present fingerprint
Prompts user for a PIN
Prompts user for a PIN
A smart badge authenticates a user based on something they have. When a user inserts a smart badge, the card software prompts the user for a PIN or password, which mitigates the risk of the card being lost or stolen.
A smart badge is either contact based (must be physically inserted into a reader) or contactless (data is transferred using a tiny antenna in the card). This does not provide any security benefit.
Self-signed certificates are generally not trustworthy. The smart badges store the user’s key pair and digital certificate from a trusted certificate authority (CA).
Biometric systems would be an additional access control hardware or device that can examine a user’s fingerprint, voice, retina, or signature.
A network technician is tasked with determining the site technological capabilities of each building in the organization. When looking at the current building, the technician confirms that the building is currently empty but has the approved equipment install permits on site. What type of site is this?
Cold Site
Warm Site
Firewalls
Hot Site
Cold Site
A cold site takes longer to set up. A cold site may be an empty building with a lease agreement in place to install whatever equipment is required when necessary.
A hot site means that the site is already within the organization’s ownership and is ready to deploy. For example, a hot site could consist of a building with operational computer equipment that is kept updated with a live data set.
A warm site could be similar, but with the requirement that the latest data set will need to be loaded.
The basic function of a firewall is traffic filtering. The firewall processes traffic according to rules; traffic that does not conform to a rule that allows it access is blocked.
A user gets shocked, and the computer turns off. The system administrator notices scorching on the power port of the laptop and questions the user about the power source. The user admits to using a personal power supply for the work computer. What hazard did the user introduce to the system?
CPU usage
Humidity
Temperature
Electrical
Electrical
Computer systems need a stable power supply, free from outages (blackouts), voltage dips (brownouts), and voltage spikes and surges.
Electrical systems need to be shut down immediately in the presence of any significant amount of water. Water vapor in the air (humidity) risks condensation forming within a device chassis, leading to corrosion and short circuit faults.
High temperatures will make it difficult for device and rack cooling systems to dissipate heat effectively. High temperatures increase the risk of overheating components within the device chassis and consequent faults.
CPU utilization can indicate a problem with network traffic, or there may be a need for an upgrade.
A helpdesk technician is helping a user attempt to connect to the network but they are receiving a 169 address. What is this?
Default gateway
Classful addressing
Link-local
Loopback
Link-local
Automatic Private IP Addressing (APIPA), or link-local, was developed by Microsoft as a means for clients that could not contact a DHCP server to communicate on the local network anyway.
Classful addressing allocates a network ID based on the first octet of the IP address. While routers have performed classless routing, the 169 address is more specifically an APIPA address.
127.0.0.0 to 127.255.255.255 (or 127.0.0.0/8) is reserved and is used to configure a loopback address.
The default gateway is a router configured with a path to remote networks. The helpdesk technician may want to check the default gateway as part of their troubleshooting though.
A network engineer monitors the network and follows information packets as they move through the network from hosts to endpoints. What is the engineer observing?
Traffic logs
Send/Receive Traffic
Traps
Speed/duplex
Send/Receive Traffic
Sending and receiving traffic involves the movement of information within a system.
Switches normally support a range of Ethernet standards so that older and newer network adapters can all connect to the same network. In most cases, the port on the switch is set to auto-negotiate speed (10/100/1000) and full- or half-duplex operation.
Traffic logs record statistics for computing, storage, and network resources over a defined period.
A trap is an agent that informs the monitor of a notable event (port failure, for instance). The threshold for triggering traps can be set for each value.
An electrician creates several cat 6 cables to connect new computers to a network at a small company. The IT staff discovers that two cables do not work properly due to faulty crimping. Of the available methods to inspect the cables, which of the following should the IT staff utilize to find cables that do not work?
Cable tester
Tone generator
Packet sniffer
Spectrum analyzer
Cable tester
A cable tester provides detailed information on the physical and electrical properties of a cable. A cable tester can be used to check that the cable pins are functioning properly.
A network tone generator and probe are used to trace and identify a cable from one end to the other. This may be necessary when cables have not been labeled properly.
Electromagnetic Interference (EMI) from radio or electromagnetic sources working in the same frequency band as a Wi-Fi device can be detected with a spectrum analyzer.
A packet sniffer is a device or program that is used to monitor network communication and capture data.
Virtual hosts on the network have system clocks that are out of sync. After further investigation, the network administrator configures the hosts to the sync system time with domain controllers. What may be causing these clocks to go out of sync? (Select all that apply.)
SELECT ALL THAT APPLY
The TCP port 443 is blocked.
The NTP is misconfigured.
The UDP port 123 is blocked.
The TCP ports 636 and 143 are blocked.
The NTP is misconfigured.
The UDP port 123 is blocked.
Network Time Protocol (NTP) enables the synchronization of time-dependent systems and software. A time source such as a DC (domain controller) can be misconfigured on the virtual hosts which prevent syncing.
Network Time Protocol (NTP) works over UDP port 123. Blocking the passing of this port on the server or network level can prevent time from syncing across all virtual hosts.
Network Time Protocol (NTP) operates over Universal Datagram Protocol (UDP). Port 636 is for secure LDAP and port 143 is for IMAP.
Hypertext Transfer Protocol Secure (HTTPS) provides the means for a client to access secure web sites. It uses TCP port 443.
A network engineer received a ticket that people cannot connect to the printer. After researching the issue, the printer is property wired, as are the workstations. However, the network was misconfigured, leading to the printer being tagged incorrectly. What is the most likely cause of the issue?
Missing route
Broadcast storm
Incorrect VLAN
Interface status
Incorrect VLAN
VLAN assignments can be configured manually, and the administrator may have made a mistake, so check the interface configuration for the switch port.
A missing route may arise because a required static routing entry has not been entered or has been entered incorrectly.
In a broadcast storm, traffic is recirculated and amplified by loops in a switching topology, causing network slowdowns and crashing switches.
Use the LED status indicators and switch’s command-line utility to check the interface status. If a port is down, it will not be lit up by an LED indicator.
While pricing new equipment for the Information Technology department, the network technician attempted to measure the expected lifetime of certain products. What was the technician trying to calculate?
RPO
MTBF
MTTF
PDU
MTBF
Mean Time Between Failures (MTBF) represents the expected lifetime of a product. The calculation for MTBF is the total operational time divided by the number of failures.
Mean Time to Failure (MTTF) expresses a similar metric for non-repairable components. For example, a hard drive may be described with an MTTF, while a server, which the network engineer could repair by replacing the hard drive, would be described with an MTBF.
At each level (except the physical layer), the sending node adds a header to the data payload, forming a “chunk” of data called a Protocol Data Unit (PDU).
Recovery Point Objective (RPO) is the data loss that a system can sustain, measured in time units.
A security analyst from a major company approaches a systems administrator wanting to set up fake servers so that they can study activity which should not be happening and look for other signs of that activity in their environment. Which of the following are they trying to set up?
Screened subnet
Penetration test
Honeypot
Vulnerability assessment
Honeypot
A honeypot is a computer system set up to attract attackers, with the intention of analyzing attack strategies and tools, to provide early warning of attack attempts, or possibly as a decoy to divert attention from actual computer systems.
A screened subnet uses two firewalls placed on either side of the perimeter network zone. This was formerly known as a demilitarized zone (DMZ).
A vulnerability assessment is an evaluation of a system’s security and ability to meet compliance requirements based on the configuration state of the system.
Penetration testing aims to model how exposed the organization is to vulnerabilities that could be exploited by threat actors.
A network technician wants to achieve over 1Gbps with wireless standards. Which of the following could they use? (Select all that apply.)
SELECT ALL THAT APPLY
802.11ax
CDMA
802.11n
Wifi 5
802.11ax
Wifi 5
As with Wi-Fi 6 (802.11ax), products brand using the combined throughput. AX6000 allows 1,148 Mbps on the 2.4 GHz radio and 4,804 over 5 GHz.
The aim for Wi-Fi 5 (802.11ac) is for throughputs similar to Gigabit Ethernet or better, but over 5Ghz. As with 802.11n, only enterprise-class equipment has enough antennas to use three streams or more.
With Code Division Multiple Access (CDMA), each subscriber uses a code to key the receiver and modulation. This “key” extracts the subscriber’s traffic from the radio channel.
The data rate for 802.11n is 72 Mbps per stream. Assuming the maximum number of four spatial streams and optimum conditions, the nominal data rate could be 600 Mbps for a 40 MHz bonded channel.
An engineer uses fiber optic cable for a run within a building to a centralized fiber distribution panel in a network closet. Which type of transceiver does the engineer use to achieve 40 GbE speed?
Bix
mini-GBIC
SFP+
QSFP
QSFP
Quad Small Form Factor Pluggable (SFP) (QSFP and QSFP+) is a transceiver form factor designed to support 40 GbE plus other high bandwidth applications (including InfiniBand and SONET).
Small Form Factor Pluggable (SFP) uses Lucent Connectors (LC) connectors and is designed for Gigabit Ethernet. SFP+ is an updated specification to support 10GbE.
Transceiver modules previously used the Gigabit Interface Converter (GBIC) form factor, but Small Form Factor Pluggable (SFP), also known as mini-GBIC, have largely replaced them.
Bix refers to a block type. Where a 110 block uses a two-piece design where wafer blocks are installed over the main block, the competing format BIX uses a single module
A communications company uses TIA/EIA IS-95 handsets that require each subscriber to use a code to key the modulation of their signal. The receiver uses this “key” to extract the subscriber’s traffic from the radio signal. What type of handsets is the company using?
Independent Basic Service Set (Ad-Hoc)
Omni
LTE
CDMA
CDMA
Code Division Multiple Access (CDMA) means that each subscriber uses a code to key the modulation of their signal and this “key” is used by the receiver to extract the subscriber’s traffic from the radio channel.
In an ad hoc topology, the wireless adapter allows connections to and from other devices. In 802.11 documentation, this is called an Independent Basic Service Set (IBSS).
Long Term Evolution (LTE) is a converged 4G standard supported by GSM and CDMA network providers.
Antennas transmit signals in different ways. For example, an Access Point (AP) designed for ceiling mounting may produce a stronger signal in a cone directed downwards. The office should install an AP with an outward omnidirectional path with a stronger signal.
A network administrator is measuring Key Performance Indicators (KPI) for an industrial network. Which of the following are examples of a KPI? (Select all that apply.)
SELECT ALL THAT APPLY
Fault tolerance
IT contingency planning (ITCP)
Mean Time to Repair (MTTR)
Mean Time Between Failures (MTBF)
Mean Time to Repair (MTTR)
Mean Time Between Failures (MTBF)
Mean Time Between Failures (MTBF) is a Key Performance Indicator measuring the expected lifetime of a product. This is intended for assets meant to be replaced rather than repaired. The calculation is the total lifetime of all devices combined divided by the number of failures.
Mean Time to Repair (MTTR) is a measurement of the mean time it takes to repair assets or correct a fault to the point of restoration and recovery of network services. It is another Key Performance Indicator (KPI).
Fault tolerance is the ability of a network or system to experience failures and maintain the same level of functionality and service. It is not a directly measurable metric and is not a Key Performance Indicator (KPI).
IT contingency planning (ITCP) is identifying points of failure and determining the impact and acceptability of that impact on the network and on availability. Key performance indicators are measured during contingency planning.
Which of the following Domain Name System (DNS) records can resolve a hostname to an Internet Protocol Version 4 (IPv4) address?
MX
A
AAAA
CNAME
A
An A record is used to resolve a host name to an IPv4 address. This is the most common type of record in a Domain Name System (DNS) zone.
An AAAA record performs the same function as an A record, but for resolving a host name to an IPv6 address.
A Canonical Name (CNAME) record represents an alias for a host such as A or AAAA. For example, the true name of a web server could be masked as the alias WEB.
A Mail Exchanger (MX) record is used to identify an email server for the domain. In a typical network, multiple servers are installed to provide redundancy. Each one will be represented with an MX record.
A security analyst is looking at various network traffic but can’t make heads or tails of most of the packets. Which of the following traffic would they be able to read without private keys?
Port 995
Port 993
Port 587
Port 110
Port 110
Port 110 is POP3. The Post Office Protocol (POP) is an early example of a mailbox access protocol. Examples of POP client applications would be Microsoft Outlook or Mozilla Thunderbird.
POP can be secured by using TLS encryption. The default TCP port for secure POP (POP3S) is port 995.
A client connects to an IMAP server over TCP port 143, but this port is unsecure. Connection security can be established using a TLS. The default port for IMAPS is TCP/993.
Port 587 is SMTP using TLS. Servers configured to support port 587 should use STARTTLS and require authentication before message submission.
A multi-tenant third-party cloud service that is available via the Internet can be described as which of the following cloud delivery models?
Community
Public
Hybrid
Private
Public
A public, or multi-tenant model, is hosted by a third-party and shared with other subscribers. This is commonly known by consumers as cloud computing.
A private model is completely private to and owned by the organization. This is geared more toward banking and governmental services that require strict access control.
A hybrid model uses a mixture of private and public cloud services, which may be on-premise or off-premise. Virtual machines and services are able to migrate between the two.
A community model is where several organizations share the costs of either a hosted private or fully private cloud. Security may be a concern with this implementation type.
A security researcher is looking at a network with established close-range network links between a variety of devices, such as smartphones, tablets, headsets, and printers. Which of the following are they looking at?
PAN
SME
CAN
MAN
PAN
Personal area networks (PAN) and wireless PAN (WPAN) have gained some currency over the last few years. With a peer-to-peer PAN, one might establish close-range network links between a variety of devices, such as smartphones, tablets, headsets, and printers.
The term metropolitan area network (MAN) is sometimes used for something a bit smaller than a WAN: a city-wide network encompassing multiple buildings.
The term campus area network (CAN) is sometimes used for a LAN that spans multiple nearby buildings.
Small and medium-sized enterprise (SME) networks are networks supporting dozens of users. Such networks would use structured cabling and multiple switches and routers to provide connectivity.
A network technician is trying to ensure that each channel has sufficient power in a WDM. Which of the following should they use?
Cable tester
Spectrum analyzer
Sniffer
Tone generator
Spectrum analyzer
An optical spectrum analyzer (OSA) is typically used with wavelength division multiplexing (WDM) to ensure that each channel has sufficient power. At very long distances, the attenuation of different wavelengths can vary.
A cable tester provides detailed information on the physical and electrical properties of a cable.
A network tone generator and probe are used to trace and identify a cable from one end to the other. This may be necessary when cables have not been labeled properly.
A packet sniffer is a device or program that is used to monitor network communication and capture data.
The CIO asks an IT systems administrator to configure a passive threat management solution. IT utilizes which type of technology?
IDS
Wireless Controller
Firewall
IPS
IDS
An Intrusion Detection System (IDS) is a system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. An IDS uses a passive approach to threat management.
A wireless controller is a hardware device or software application which can centralize the management function of a wireless network. An extended service set is defined in a wireless network.
An Intrusion Prevention System (IPS) is an inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it. An IPS uses an active approach to threat management.
Firewalls are principally used to implement security zones, such as intranet, screened subnet topology, and Internet.
Which of the following can you use to remotely manage network systems or devices without a graphical user interface (GUI)? (Select all that apply.)
SELECT ALL THAT APPLY
HTTP
HTTPS
SSH
Telnet
SSH
Telnet
Secure Shell (SSH) is a remote administration and file-copy program that supports remote management of devices using TCP port 22. SSH is typically used without a GUI.
Telnet is a TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation). It uses TCP port 23 by default. Telnet is typically used without a GUI.
Hyper Text Transfer Protocol (HTTP) is used to provide web content to browsers. It uses port 80 and can provide an unsecure web management interface of remote devices and systems.
HTTP Secure (HTTPS) is a subset of HTTP that allows for secure communication using SSL/TLS between the client and server. This protocol uses port 443 and provides a secure web management interface of remote devices and systems.
A new web server on the domain is called WEBMARKETING01.proprints.co. The marketing department worked remotely on setting up this web server for the past two days. After joining the server to the domain, a remote session cannot be established. Pinging the FQDN (Fully Qualified Domain Name) also fails. Using a divide and conquer approach, how would a network admin most likely begin to theorize a probable cause?
Theorize a port issue at Layer 4.
Theorize an IP issue at Layer 3.
Theorize a cable issue at Layer 1.
Theorize an MAC issue at Layer 2.
Theorize an IP issue at Layer 3.
In a divide and conquer approach, you start with the layer most likely to be causing the problem. The DNS A record including the server’s IP address may not have been created yet. Ping the FQDN, if IP resolution fails, fix the A record.
A MAC (Media Access Control) address is not the immediate concern because the previous remote access assumes local LAN was accessible.
A port issue, like TCP port 3389 for RDP (Remote Desktop Protocol) is most likely not the case because remote access worked previously to join server to the domain.
A possible failure of a physical cable is most likely not the cause since the issue occurred after a change in software settings.
What layer of the Open Systems Interconnection (OSI) model does a router switch in?
4
1
2
5
2
The second layer of the OSI model refers to the data link layer, which involves switches, bridges, Network adapters, and access points.
The first layer of the OSI model refers to the physical layer, which involves the cabling that connects devices. This may involve fiber optic cabling as well as copper cablings, such as ethernet cat-5 or cat-6.
Layer four of the OSI model refers to the transport layer, which involves the protocols: transport connection protocol (TCP) and user datagram protocol (UDP).
Layer five of the OSI model refers to the session layer, which involves the communication sessions between two devices.
What step of the CompTIA Network+ troubleshooting methodology refers to identifying the problem?
4
2
3
1
1
The first step of the CompTIA Network+ troubleshooting methodology is identifying the problem, which includes identifying symptoms.
The second step of the CompTIA Network+ troubleshooting methodology is establishing a theory of probable cause. This involves questioning the obvious and considering multiple approaches.
The third step of the CompTIA Network+ troubleshooting methodology is to test the theory to determine a cause. If the theory is not confirmed, it is important to reestablish a new theory or escalate.
The fourth step of the CompTIA Network+ troubleshooting methodology is to establish a plan of action to resolve the problem and identify potential effects.
A company just moved into a new office space, and a network technician has been hired to set up a wireless infrastructure. What would the proper first step be for the technician?
Plan for overcapacity
Complete a site survey
Print out a heat map
Calculate Electromagnetic interference (EMI)
Complete a site survey
A site survey is performed first by examining the blueprints or floor plan of the premises to understand the layout and identify features that might produce radio frequency interference (RFI).
A heat map would show areas with a strong signal in greens and yellows with warning oranges and reds where signal strength drops off. This would be completed after installation.
Overcapacity (or device saturation) occurs when too many client devices connect to the same AP.
Electromagnetic interference (EMI) is interference from a powerful radio or electromagnetic source working in the same frequency band, such as a Bluetooth device, cordless phone, or microwave oven.
What term refers to the orientation of waves propagating from a wireless antenna?
Parabolic
Radio frequency attenuation
Placement
Polarization
Polarization
Polarization refers to the orientation of the wave propagating from the antenna. To maximize signal strength, the transmission and reception antennas should normally use the same polarization.
Parabolic refers to an antenna type form factor for specific applications.
Antenna placement helps to eliminate attenuation and interference problems.
Radiofrequency attenuation (RF attenuation) is the loss of signal strength due to distance and environmental factors. They are also referred to as free space path loss.
A network technician patches the vulnerability and verifies full system functionality after identifying a vulnerability on a network switch operating system. Justify the technician’s decision to document any findings, actions, or outcomes that may have taken place during the process. (Select all that apply.)
SELECT ALL THAT APPLY
They record network performance.
They establish a new baseline for the template.
They create installation procedures.
They estimate purchases on new firewall software.
They establish a new baseline for the template.
They create installation procedures.
A new baseline is established and documented any time a change is made to a device’s settings and/or software. This is beneficial for security audits and future installations of the same device.
Creating installation instructions for this type of patching, especially recording the file name and version of the patch, will ensure the process can be duplicated with a high success rate.
Documenting the fixing of a device vulnerability does not typically warrant the need to estimate purchases of new switches.
Unless performance was an issue, prior to installing the security patch, such a test or recording is not necessary. A performance test and results, if required, would be performed when testing a theory to determine cause.
A network engineer is noticing a lot of traffic collisions on the network. What should the engineer investigate to help lower the collision rates?
DNS
Routing loop
Switching loop
Duplex settings
Duplex settings
Duplex settings refer to the ability of a network device to transmit or receive at the same time or not. Half-duplex means only one can happen at a time, while Full-duplex means send/receive can happen simultaneously. If not configured properly, collisions can occur.
A routing loop occurs when two routers use one another as the path to a network. Packets caught in a routing loop circle around until the TTL expires. One symptom of a potential routing loop is for routers to generate ICMP Time Exceeded error messages.
A switching loop is where flooded frames circulate the network perpetually.
Domain Name Service is used to translate domain names (i.e. www.comptia.com) to its actual IP address.
A security admin has been tasked to audit a new web server on the network. The admin’s task is to ensure the server does not have any unecessary open ports or services running on it. Deduce the best course of action for checking the server if the admin knows the Internet Protocol (IP) address of the server.
Run the nslookup utility from the web server
Run the nestat utility from a laptop
Run the nmap utility from a laptop
Run the dig utility from the web server
Run the nmap utility from a laptop
The nmap utility is a versatile port scanner used for topology, host, service, and OS (Operating System) discovery and enumeration. The admin will run it from a local node such as a laptop in order to scan the remote server’s connections.
The netstat utility can output the status on active ports and TCP connections on a local host to verify any unnecessary ports or services running. Running this on the laptop will only provide details about the laptop.
The nslookup utility is a software tool for querying DNS server records.
The dig utility is used to query a DNS (Domain Name System) and return information about a domain name.
A systems administrator installs a connectivity device that results in a high number of data collisions. Which device did the administrator install?
Bridge
Media converter
Hub
Switch
Hub
A hub (also known as a dumb device) connects computers to a network in a star configuration. A hub lacks the features contained in a switch such as traffic control based on physical addressing.
A bridge is an appliance or application that connects different networks as if they were one network.
Media converters are layer 1 devices and are used to convert one cable type to another. These components alter the characteristics of one type of cable to match those of another.
A switch is a layer 2 device. Switches can handle traffic based on a node’s physical address, which is also known as a Media Access Control (MAC) address.
A network technician wants to create efficiencies in network traffic by implementing a device which applies microsegmentation by establishing a point-to-point link between any two network nodes. Which of the following should they implement?
Hub
Bridge
Access Point
Layer 2 switch
Layer 2 switch
An Ethernet layer 2 switch performs the same sort of function as a bridge, but in a more granular way. In effect, the switch establishes a point-to-point link between any two network nodes. This is referred to as microsegmentation.
An Ethernet bridge works at the data link layer (layer 2) to establish separate physical network segments while keeping all nodes in the same logical network.
A hub acts like a multiport repeater so that every port receives transmissions sent from any other port.
A wireless access point (AP) allows nodes with wireless network cards to communicate and creates a bridge between wireless networks and wired ones.
A network technician wants to gain visual coverage for an area obscured from trees surrounding the west side of the building. What could the technician use to gain visibility in that area?
SCADA
Cameras
HVAC Sensors
Layer 3 Capable Switches
Cameras
A security camera is either fixed or operates using Pan-Tilt-Zoom (PTZ) controls. Different cameras suit different purposes. If you want to record the image of every person entering through an access control vestibule, a fixed, narrow focal length camera positioned on the doorway will be perfectly adequate.
An HVAC uses temperature sensors and moisture detection sensors (to measure humidity).
A supervisory control and data acquisition (SCADA) system replaces a control server in large-scale, multiple-site industrial control systems (ICSs).
A layer 3 capable switch is one that is optimized for routing between VLANs.
Which device type does an IT systems engineer install to control logical network traffic?
Hub
Modem
Switch
Router
Router
A router is a layer 3 device. A router can be used to segregate network devices by using a logical address such as an Internet protocol (IP) address.
A network switch in its simplest form is a layer 2 network device. Switches can handle and control traffic based on a node’s physical address which is also known as a hardware address or media access control (MAC) address.
A hub is a known as a dumb device that simply connects computers to a network in a star configuration. A hub lacks the features contained in a switch.
A modem is a device that enables digital data to be sent over an analog medium, such as a telephone line.
A network technician is trying to determine which digital communication frequencies would be best at penetrating through the solid surfaces of the walls. Which would be the best solution?
2.4 GHz
AC (Wifi 5)
3G, 4G, 5G
5GHz
2.4 GHz
2.4 GHz is better at propagating through solid surfaces, making it ideal for providing the longest signal range.
3G is a digital communication generation that deployed various packet-switched technologies to mobile devices. 4G converged to a standard supported by GSM and CDMA network providers. 5G was a complex system with expectations to provide fixed-wireless broadband solutions.
5 GHz is less effective at penetrating solid surfaces and does not support the maximum ranges achieved with 2.4 GHz standards. The band supports individual channels and suffers less from congestion and interference, supporting higher data rates at shorter spans.
Wi-Fi 5 (802.11AC) works only in the 5 GHz band. A network technician can use the 2.4 GHz band for legacy standards (802.11g/n) in mixed mode.
Which of the following solutions is designed to switch traffic to an alternative processing node?
IPS
Load balancer
Router
Proxy server
Load balancer
A load balancer distributes client requests across available systems such as server nodes in a farm or pool. Clients use the single name/IP address of the load balancer to connect to the servers in the farm.
A router is a layer 3 device. A router can be used to segregate network devices by using a logical address such as an Internet protocol (IP) address.
A proxy server is used as a middle-man for network access, such as Internet access. A proxy can control what a system can or cannot connect to.
An intrusion prevention system (IPS) is an inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it. An IPS is considered to use an active approach to handling threats.
A network security engineer is performing network penetration testing. The engineer is using Nmap to make a map of all network devices and wants to identify all host addresses on the network more quickly by skipping OS fingerprinting until after a target machine is selected. Suggest an Nmap switch that will allow the engineer to perform host discovery only.
-sT
-p
-sn
-sU
-sn
Using Nmap with the -sn switch will suppress the port scan, which can reduce scanning time on large networks.
TCP connect scanning is a more visible scan that establishes full connections with remote hosts.
By default, Nmap scans 1,000 commonly used ports. The -p argument can be used to specify a port range.
UDP ports can be scanned using the -sU argument. As these do not use ACKs, Nmap needs to wait for a response or timeout to determine the port state, so UDP scanning can take a long time.
What advantage does Collision Detection (CD) bring to the carrier-sense multiple access (CSMA) media access control method?
Separate collision domains for each port
10 Gbps speeds
Instant termination upon collision
Full-duplex transmission
Instant termination upon collision
CSMA Collision Detection utilizes half-duplex transmission to detect when a signal is present on an interface’s transmit and receive lines simultaneously. A jamming signal is then used to keep other nodes from transmitting for a period of time.
Separate collision/broadcast domains for each port can be done by using VLAN segmentation. It can also be done with a Layer 3 capable switch.
Bandwidth can be affected by many factors such as cable category, router capabilities, etc. However, CSMA with Collision Detection does not increase bandwidth directly and is concerned with packet collisions.
Because CSMA Collision Detection relies on half-duplex transmission to detect collisions, full-duplex is not used. Modern Ethernet with full-duplex does not require CSMA/CD.
A network engineer is creating a network diagram based on a list of media access control (MAC) addresses used in a network. At what layer of the OSI model are all hosts identified by a specific MAC address?
Physical layer
Transport layer
Data-link layer
Network layer
Data-link layer
The data link layer (layer 2) is responsible for transferring data between nodes on the same logical segment. At the Data Link layer, a segment is one where all nodes can send traffic to one another using hardware (MAC) addresses.
The physical layer of the OSI model (layer 1) is responsible for the transmission and receipt of the signals that represent bits of data from one node to another node.
The transport layer is known as the end-to-end or host-to-host layer. A function of the transport layer is to identify each type of network application by assigning port numbers.
The network layer (layer 3) is responsible for moving data (routing) around a network of networks, known as an internetwork or the Internet.
An IT security employee discovered a rogue access point (AP) and traced the activity to a smartphone tethered to a workstation on the corporate network. What would this type of attack allow a malicious user to do?
SELECT ALL THAT APPLY
Allow access to private information
Force clients to authenticate to the AP
Perform on-path attacks
Capture user logon attempts
Allow access to private information
Perform on-path attacks
Capture user logon attempts
A rogue access point (AP) can be set up with a tethered smartphone. Connecting to a LAN without security, the unauthorized AP creates a malicious backdoor, and can be used to capture user logon attempts.
The threat actor (or owner of the smartphone) can perform on-path attacks by intercepting and relay data between two hosts.
As information is sent between this rogue AP and wireless clients, intercepted data may contain private information from users which can be used to gain access to other areas of the network.
The rogue AP will may not immediately force clients to authenticate to it, but it provides another option that users may want to explore and connect to.
A network technician is installing sensors to measure environmental conditions in an equipment closet. A sensor is attached to the fire suppression system. What will this sensor detect?
Humidity
Flooding
Electrical
Temperature
Flooding
Regarding flooding, there may be natural or person-made flood risks from nearby watercourses and reservoirs or leaking plumbing or fire suppression systems.
High temperatures will make it difficult for device and rack cooling systems to dissipate heat effectively.
Regarding electricity, computer systems need a stable power supply, free from outages (blackouts), voltage dips (brownouts), and voltage spikes and surges.
Regarding humidity, more water vapor in the air risks condensation forming within a device chassis, leading to corrosion and short circuit faults. Conversely, very low humidity increases the risks of static charges building up and damaging components.
A security engineer for a company wants to implement an authentication, authorization, and accounting (AAA) server to validate user credentials so users can remotely access the network services via a virtual private network (VPN). Identify the protocol the security engineer should implement if the server and client configure the same shared secret.
Directory services
Lightweight Directory Access Protocol (LDAP)
TACACS+ (Terminal Access Controller Access Control System Plus)
Remote Authentication Dial-in User Service (RADIUS)
Remote Authentication Dial-in User Service (RADIUS)
RADIUS is a way of implementing an AAA server. Remote access devices, such as VPN servers, function as client devices of the RADIUS server.
Most directory services are implementations of the Lightweight Directory Access Protocol (LDAP). LDAP is not a directory standard, but a protocol used to query and update an x.500 standard directory. LDAP is supported in current directory products such as Windows Active Directory.
TACACS+ is used in authenticating administrative access to routers and switches. TACACS+ uses reliable delivery offered by TCP making it easier to detect when a server is down.
Directory services is a network service that stores identity information about all the objects in a network, including users, groups, servers, client computers, and printers.
A wiring professional terminates the ends of some coaxial cables. Which one of these connectors can the professional use?
QSFP+/SFP+
RJ-11/RJ45
LC
F-Type
F-Type
Coaxial cables are usually terminated using F-type connectors, which are secured by screwing into place.
The Lucent Connector (LC) is a small form factor fiber optic connector with a tabbed push/pull design. The small size of LC allows for higher port density.
RJ-11 connectors are used with 2- or 3-pair UTP. where the four center wires are most commonly used. RJ-45 connectors are used with 4-pair (8-wire) cables.
Enhanced quad small form-factor pluggable (QSFP+) is designed to support 40 GbE by provisioning 4 x 10 Gbps fiber links. SFP+ uses LC connectors and is also designed for Gigabit Ethernet.
Which of the following policies would best help if users want to secure their devices and online accounts against tampering or abuse, particularly against dictionary attacks?
Disable unneeded switchports
Avoid common passwords
Setup private VLANs
Setup firewall access control lists
Avoid common passwords
Many users rely on simple passwords, which has led to databases of common credentials being posted online. Password database “dumps” give attackers a useful dictionary when password cracking.
Disable switch ports to prevent the attachment of unauthorized client devices. You can also isolate unneeded ports to a black hole Virtual LAN (VLAN) that has not route to the network.
A private virtual local area network (PVLAN) applies an additional layer of segmentation by restricting the ability of hosts within a VLAN to communicate directly with one another.
Firewall access control lists (ACLs) are configured on the principle of least access which only allow the minimum amount of traffic required for the operation of valid network services and no more.
A network administrator is unable to access files on a remote system. A network firewall seems to be blocking traffic from passing through. Which of the following will the administrator most likely need to reconfigure for inbound and outbound traffic?
SELECT ALL THAT APPLY
TCP port 110
SMTP traffic
TCP port 20
TFTP traffic
TCP port 20
TFTP traffic
Trivial File Transfer Protocol (TFTP) is a file transfer service which is a connectionless protocol running over UDP port 69. It is suitable for transferring small files.
File Transfer Protocol (FTP) is a connection-oriented protocol running over TCP port 20 and 21. TCP port 20 is used for data connection on the server side, and TCP port 21 is used as a control port.
Simple Mail Transfer Protocol (SMTP) makes the connection from the sender’s server to that of the recipient and transfers an email message. It uses port 25.
Post Office Protocol (POP) is a mailbox protocol now commonly used as POP3. The client establishes a connection to the POP server on TCP port 110 and contents are downloaded.
A network technician suspects a short in the network cable and wants to test it. Identify which of the following tools will provide this capability.
Spectrum analyzer
Loopback adapter
Tone generator
Multimeter
Multimeter
A multimeter is for testing electrical circuits, but they can test for the continuity of any sort of copper wire, the existence of a short, and the integrity of a terminator.
A network tone generator applies a signal on the cable to be traced by a probe, and can be used to follow the cable over ceilings and through ducts.
A spectrum analyzer, typically a handheld device, is used to analyze radio or electrical interferences. The exact location can be pinpointed using this device.
A loopback plug or adapter is a specially wired RJ-45 plug with a 6” stub of cable used to test for faulty ports and network cards.
An attacker exploited a vulnerability within the operating system of a computer inside a bank’s network. Although the attacker posed no serious threat, the network administrator wants to start taking security more seriously. Recommend a best practice that can help mitigate operating system vulnerabilities in the network.
SELECT ALL THAT APPLY
Implement control plan policing
Implement patch management
Enable only required services
Enable DHCP snooping
Implement patch management
Enable only required services
Patch management refers to the procedures put in place to manage the installation of updates for hardware and software that can mitigate operating system (OS) vulnerabilities.
Any services or protocols that are not used should be disabled. For example, disabling Transmission Control Protocol (TCP) port 23 to prevent the use of telnet on an OS.
A control plane policing policy is designed to mitigate the risk from route processor vulnerabilities. Such a policy can use Access Control Lists (ACLs) to allow or deny control traffic from certain sources.
Dynamic Host Configuration Protocol (DHCP) snooping is a type of switch port security setting that inspects DHCP traffic arriving on access ports to ensure that a host is not trying to spoof its MAC address.
A gamer is using a wireless AC router connected to a fiber optic network from the local Internet Service Provider (ISP). The gamer must ensure the ISP is providing close to advertised network speeds. Which is the most appropriate tool to gauge the available bandwidth?
A packet sniffer
A speed testing website
A Wi-Fi analyzer
A port scanner
A speed testing website
A bandwidth or broadband speed tester website measures the time taken to download and upload a randomized stream of data to a web host. This is a common speed test with Internet Service Providers (ISPs).
A Wi-Fi analyzer is software that records statistics for the access point that the client is currently associated with. It can also detect other access points in the vicinity.
A port scanner is software that enumerates the status of TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports on a target system. One example is the nmap command-line utility.
A packet sniffer such as winpcap for Windows can read and capture packets on a port and save the information to a file on disk. This does not test bandwidth.
An organization is putting an employee through security checkpoints that include a background investigation, account creation with proper privileges, assigning a laptop, and completing security training. What kind of policy is the employee under?
Remote access policy
BYOD policy
Onboarding policy
Offboarding policy
Onboarding policy
The employee is under an onboarding policy which is the process of welcoming a new employee to the organization with tasks that affect security.
Offboarding is the process of ensuring that an employee leaves a company gracefully and includes disabling accounts, returning company assets, and wiping personal assets of company data.
Remote access policies are technical policy controls that govern the employees’ use of remote access privileges where employers assign the right for employees to connect to the corporate network from a remote location.
A bring your own device (BYOD) policy means that employees can use their own personal devices on the corporate network so long as it meets a minimum specification required by the company.
A network configuration includes the ability to inspect packets at the application layer to identify potential threats. Which of the following choices uses the new configuration?
Firewall
Load balancer
Switch
Proxy server
Firewall
Firewalls are can be done at application layer and are principally used to implement security zones, such as intranet, screened subnet topology, and Internet.
A proxy server is used as a middle-man for network access, such as Internet access. A proxy can control what a system can or cannot connect to.
A load balancer distributes client requests across available systems, like server nodes in a farm or pool. Clients use the single name/IP address of the load balancer to connect to the servers in the farm.
A switch is a layer 2 device. Switches can handle traffic based on a node’s physical address, which is also known as a Media Access Control (MAC) address.
A user submitted a ticket saying they only have 1 bar of signal at their desk. What issue is the user having in regards to wireless access?
RF attenuation
Interference
Distance
Speed
Distance
Distance to an access point will cause issues the further away you are. As the signal gets weaker, a device will spend more power trying to connect and slow data transfer.
Speed is important to a wireless network, but that may only be a symptom of the issue. Distance would be the cause of the speed issue.
Interference can be caused by several factors, including neighboring equipment that may use the same frequency of radio waves.
Radiofrequency attenuation (RF attenuation) is the loss of signal strength due to distance and environmental factors. Also referred to as free space path loss.
A helpdesk operator is reviewing the part of a MAC address which determines whether the frame is addressed to an individual node or a group. What is this called?
VNF
EUI-64
I/G
OUI
I/G
The I/G bit of a MAC address determines whether the frame is addressed to an individual node (0) or a group (1). The latter is used for broadcast and multicast transmissions.
A EUI-64 is a 64-bit hardware address. A translation mechanism allows a 48-bit MAC address to be converted to a EUI-64. EUI-64 addresses can be used with IPv6.
The first six hex digits (3 bytes or octets), also known as the Organizationally Unique Identifier (OUI), identify the manufacturer of the adapter. The last six digits are serial numbers.
Virtual Network Function (VNF) specifies and deploys instances of each virtual appliance. VNFs are designed to run as VMs on standard CPU platforms.
A systems administrator is setting up a static IP for a new server with a Class A IP scheme. Which netmask lines up with a class A address?
/16
/24
/8
/32
/8
The first octet for Class A falls from 1 – 126 and the netmask is 255.0.0.0 (/8). Class A network addresses support large numbers of hosts—over 16 million. However, there are only 126 Class A network addresses.
The first octet for Class B falls from 128 – 191 and the netmask is 255.255.0.0 (/16). There are 16,000 Class B networks, each containing up to about 65,000 hosts.
The first octet for Class C falls from 192 – 223 and the netmask is 255.255.255.0 (/24). Class C networks support only 254 hosts each, but there are over 2 million of them.
Class D addresses (224.0.0.0 through 239.255.255.255) are used for multicasting.
A network engineer reviewed the password database for the company’s networks and servers and identified that the passwords were all common words and animal names. Concerned that this would be easy to compromise, the engineer alerted this concern to the cyber team. What kind of attack could have occurred if the passwords were not changed?
Ransomware
Evil twin
Dictionary
Phishing
Dictionary
Password cracking software uses dictionary terms to assist in gaining access to a password-protected account or system.
A rogue AP masquerading as a legitimate one is called an evil twin. An evil twin might advertise a similar network name (SSID) to the legitimate one. For example, an evil twin might be configured with the network name “company” where the legitimate network name is “company.”
Social engineering and techniques such as phishing and pharming, where the attacker sets up a false website in imitation of a real one, are types of spoofing attacks. It is also possible to abuse how a protocol works or how network packets are constructed to inject false or modified data onto a network.
Ransomware is a type of malware that tries to extort money from the victim.
A network consultant is looking into a matter where the interface is discarding incoming and outgoing frames. In this instance, the packets are too large. What is the name for these packets?
Uptime/Downtime
Bandwidth
Giants
Runts
Giants
An interface may discard incoming or outgoing frames for several reasons, including checksum errors, mismatched MTUs, and too large packets (giants).
An interface may discard incoming or outgoing frames for several reasons, including checksum errors, mismatched MTUs, and too small packets (runts).
If an interface goes down, a network technician must configure an alert to investigate immediately. Track the uptime or downtime percentage so that the technician can assess the link’s reliability over time.
Generally, bandwidth refers to the amount of data transferable through a connection over a given period.
Users report that one of the access points seems not to be working properly. When they go to download files, it takes forever. The sysadmin noticed that the access point is pretty old and should be replaced with a more powerful one. What issue would replacing the access point help to fix?
RF attenuation
Interference
Speed
Distance
Speed
Speed is important to a wireless network, but that may only be a symptom of the issue. Distance would be the cause of the speed issue.
Interference can be caused by several factors, including neighboring equipment that may use the same frequency of radio waves.
Radiofrequency attenuation (RF attenuation) is the loss of signal strength due to distance and environmental factors. Also referred to as free space path loss.
Distance to an access point will cause issues the further away you are. As the signal gets weaker, a device will spend more power trying to connect and slow data transfer.
Mobile users in an organization complain about limited functionality in a company’s headquarters. The IT staff decide to extend mobile access capabilities by widening the current wireless network. When evaluating the expansion configuration, a wireless access point media access control (MAC) address relates to which option?
Basic Service Set Identifier (BSSID)
Extended Service Set (ESS)
Basic Service Set (BSS)
Base station
Basic Service Set Identifier (BSSID)
The media access control (MAC) address of a wireless access point (AP) is used as the Basic Service Set Identifier (BSSID).
An access point mediates communications between wireless stations and it can also provide a bridge to a cabled network segment. This is known as a Basic Service Set (BSS).
Wireless networks deploy in an infrastructure topology. In an infrastructure topology, each station connects through a base station or access point (AP).
An Extended Service Set (ESS) groups more than one Basic Service Set (BSS) together.
A network engineer reviews a report that makes recommendations where the network is not meeting goals for performance or security. What is the name of this report?
Audit and Assessment Report
Business Continuity Plan
Acceptable Use Policy
IDF/MDF
Audit and Assessment Report
An audit and Assessment report makes recommendations on where the network is not meeting goals for performance or security.
In an extensive network, one or more Intermediate Distribution Frames (IDFs) provide termination for access layer switches that serve a given area, such as a single office floor. The Main Distribution Frame (MDF) is the location for distribution/core level internal switching.
Acceptable use policy (AUP) is a policy that governs employees’ use of company equipment and Internet services.
Business continuity planning (BCP) identifies controls and processes that enable an organization to maintain critical workflows in the face of some adverse event.
A server instructs a switch to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames. What is the name of this mechanism?
Port Mirroring
Flow Control
Port Security
Speed
Flow Control
Flow control allows a server to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames. This is also called 802.3x.
Port security prevents a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.
Port mirroring copies ingress and egress communications from one or more switch ports to another port. This monitors communications passing over the switch and is also called a switched port analyzer (SPAN).
Speed is the rate at which something travels from one location to another.
A computer technician is reading archived logs and identifies that the company was using 802.11n. Not knowing what this Wi-Fi category meant, the technician researched its origins. In recent years, what was 802.11n renamed?
3G, 4G, 5G
Wi-Fi 6
Wi-Fi 4
Wi-Fi 5
Wi-Fi 4
Wi-Fi standards are becoming renamed with simpler digit numbers. 802.11n is now officially designated as Wi-Fi 4.
Wi-Fi 5 (802.11AC) works only in the 5 GHz band. The network engineer can use the 2.4 GHz band for legacy standards (802.11g/n) in mixed mode.
3G is a digital communication generation that deployed various packet-switched technologies to mobile devices. 4G converged to a standard supported by GSM and CDMA network providers. 5G was a more complex system with expectations to provide fixed-wireless broadband solutions for homes and businesses.
Wi-Fi 6 uses more complex modulation and signal encoding to improve the amount of data sent per packet by about 40%.
A network engineer needs to integrate the corporate wireless local area network (WLAN) with the wired local area network (LAN) authentication scheme, but wants both the client and server to use public key certificates. Which of the following is an authentication protocol that would allow this type of mutual authentication?
Extensible Authentication Protocol Transport Layer Security (EAP-TLS)
Protected Extensible Authentication Protocol (PEAP)
Flexible Authentication via Secure Tunneling (EAP-FAST)
Challenge Handshake Authentication Protocol (CHAP)
Extensible Authentication Protocol Transport Layer Security (EAP-TLS)
Extensible Authentication Protocol (EAP) allows WLAN authentication to be integrated with the wired LAN authentication scheme. With EAP-TLS, as both supplicant and server are configured with certificates, this provides mutual authentication.
Protected Extensible Authentication Protocol (PEAP) also uses an encrypted tunnel, but PEAP only requires a server-side public key certificate. The supplicant does not require a certificate.
Flexible Authentication via Secure Tunneling (EAP-FAST) uses a Protected Access Credential (PAC) to set up the tunnel, which is generated for each user from the authentication server’s master key.
Challenge Handshake Authentication Protocol (CHAP) is an authentication scheme developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server.
A service provider is negotiating a Service Level Agreement (SLA) with a client involving the repair of broken server nodes when failure occurs. The service provider mentions a prior contract that included about 20 billable hours a month, which involved the repair of about five servers a month. Calculate the MTTR (Mean Time To Repair).
20 hours - 5 repairs = 15 hours
5 repairs * 20 hours = 100 hours
20 hours + 5 repairs = 25 hours
20 hours / 5 repairs = 4 hours
20 hours / 5 repairs = 4 hours
Mean Time to Repair (MTTR) is the average time taken for a device or component to be repaired, replaced, or otherwise recovered from a failure. MTTR is calculated by dividing the total number of hours by the total number of repairs.
Mean Time to Repair (MTTR) cannot be calculated by multiplying the total number of hours by the total number of repairs.
Mean Time to Repair (MTTR) cannot be calculated by adding the total number of hours by the total number of repairs.
Mean Time to Repair (MTTR) cannot be calculated by subtracting the total number of hours by the total number of repairs.
A computer technician wants to purchase a cable modem capable of combining multiple channels to increase traffic flow from two 20 MHz channels to a single 40 MHZ channel. What is the combination of channels called in this instance?
Channel Bonding
Roaming
CDMA
Extended Service Set
Channel Bonding
803.802.11n products can also use channels in the 2.4 GHz band or the 5 GHz band. 802.11n also allows two adjacent 20 MHz channels to be combined into a single 40 MHz channel, referred to as channel bonding.
A network engineer can group more than one BSS in an Extended Service Set (ESS).
Code Division Multiple Access (CDMA) means that each subscriber uses a code to key the modulation of their signal and this “key” is used by the receiver to extract the subscriber’s traffic from the radio channel.
Clients can roam within an extended service area (ESA). An ESA is created by installing APs with the same SSID and security configuration connected by a wired network or Distribution System (DS).
An engineer needs to connect a fiber connection to a network that uses category 5 twisted pair cabling. Which of the following solutions will connect the two at the physical layer of the OSI reference model?
Hub
Media converter
Switch
Bridge
Media converter
Standalone media converters are used to convert one cable type to another.
A bridge is a hardware device that connects varying subnets together.
A hub is a known as a dumb device that simply connects computers to a network in a star configuration. A hub lacks the features contained in a switch.
A network switch in its simplest form is a layer 2 network device.
Switches can handle and control traffic based on a node’s physical address which is also known as a hardware address or media access control (MAC) address. A switch segregates devices from communicating by using methods such as VLANs or policies.
What allows fine-grained control over traffic parameters?
Differentiated Services (DiffServ)
Traffic Shaping
Quality of Service (QoS)
Class of Service (CoS)
Quality of Service (QoS)
Quality of Service (QoS) allows fine-grained control over traffic parameters. Protocols, such as Multiprotocol Label Switching (MPLS), provides QoS. MPLS can reserve the required bandwidth and pre-determine statistics when configuring the link.
Class of Service (CoS) categorize protocols into groups that require different service levels and provide a tagging mechanism to identify a frame or packet class.
The Differentiated Services (DiffServ) framework classifies each packet passing through a device. Router policies can then be defined to use the packet classification to prioritize delivery.
Traffic shaping enables administrators to closely monitor network traffic and to manage that network traffic.
An engineer needs to place a device that will act as a repeater on a network. Which device does the engineer use?
Bridge
Wireless range extender
Router
Firewall
Wireless range extender
Wireless networks can be expanded by using devices called wireless range extenders (WREs). A range extender is essentially a lightweight access point (AP) functioning in repeater mode only.
A bridge is an appliance or application that connects different networks as if they were one network.
A firewall or unified threat management (UTM) device is a hardware device that is used to prevent external network threats.
A router is a hardware appliance or application that connects different networks/subnets for communication purposes, but keeps them as separate networks. A router is a layer 3 device.
A network engineer attempts to determine if they are permitted or prohibited from installing nonstore apps onto a company device. Additionally, the engineer wants to understand if rooting/jailbreaking is permitted. What policy would the network engineer review?
NDA
MOU
Acceptable Use Policy
Onboarding and Offboarding Policy
Acceptable Use Policy
Acceptable use policy (AUP) is a policy that governs employees’ use of company equipment and Internet services. ISPs may also apply AUPs to their customers. Also called fair use policy.
A non-disclosure agreement (NDA) is the legal basis for protecting information assets.
A memorandum of understanding (MOU) is a preliminary or exploratory agreement to express an intent to work together.
Onboarding is the process of welcoming a new employee to the organization. Similar principles apply to taking on new suppliers or contractors. Offboarding is the process of ensuring that an employee leaves a company gracefully.
A firewall configuration handles threat management with an active approach. Which feature operates this way?
AAA server
IPS
Wireless Controller
Amplification
IPS
An Intrusion Prevention System (IPS) is an inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it. An IPS uses an active approach to threat management.
A repeater is a device that amplifies an electronic signal to extend the maximum allowable distance for a media type.
A wireless controller is a hardware device or software application which can centralize the management function of a wireless network. An extended service set is defined in a wireless network.
An authentication, authorization, and accounting (AAA) device uses a security concept where a centralized platform verifies object identification, ensures the object is assigned relevant permissions, and then creates an audit trail.
A security analyst is setting up detections to look for unauthorized domain transfers from their external-facing DNS servers. Which of the following ports should they monitor?
TCP 443
UDP 53
TCP 53
UDP 520
TCP 53
Some DNS servers are also configured to allow connections over TCP port 53, as this allows larger record transfers (over 512 bytes).
A DNS server is usually configured to listen for queries on UDP port 53, but zone transfers are over TCP because of the large size.
RIPv1 is a classful protocol and uses inefficient broadcasts to communicate updates over UDP port 520. RIPng (next generation) is a version of the protocol designed for IPv6. RIPng uses UDP port 521.
Encrypted web traffic between the client and server is sent over TCP port 443 (by default), rather than the open and unencrypted port 80.
A network specialist has been installing antennas around the building to get clear coverage. Some of the operators stated that they can hear the transmission but cannot reply. What should the specialist consider?
RA guard
Geofencing
MAC filtering
Antenna placement
Antenna placement
Site designs and surveys facilitate robust wireless coverage when all expected areas receive a strong signal. Power levels and channel selection should be tuned so that access points do not interfere with one another or broadcast a signal that stations can “hear” but cannot reply to.
With Router Advertisement Guard (RA Guard), switchport security feature to block router advertisement packets from unauthorized sources.
Geofencing can be used to ensure that the station is within a valid geographic area to access the network, such as ensuring the device is within a building rather than trying to access the WLAN from a car park or other external location.
As with a switch, an access point can be configured with an accept or deny list of known MAC addresses.
The CEO of an organization informs IT that email is not working. Upon investigating the problem, an engineer discovers that the company’s domain name system records are missing on a company owned internal DNS server. Which record type does IT fix to solve the email issue?
TTL
PTR
MX
CNAME
MX
A mail exchanger (MX) record identifies an email server for the domain. In a typical network, multiple servers are defined to provide redundancy.
A canonical name (CNAME) record is a domain name system (DNS) record, which represents an alias for a host. Aliases give a host multiple names.
A pointer (PTR) is a domain name system (DNS) record that creates an Internet protocol (IP) address to hostname mapping that corresponds to the host (A) record stored in the forward lookup zone.
Time to Live (TTL) is a value a system can use to determine the life of a value. For example, in DNS a TTL value tells a system how long it should keep a record in cache.
What step of the CompTIA Network+ troubleshooting methodology involves confirming a theory and determining the next steps to resolve a problem?
3
7
2
5
3
The third step of the CompTIA Network+ troubleshooting methodology is to test the theory to determine the cause. It involves determining the next steps if the theory is confirmed.
The second step of the CompTIA Network+ troubleshooting methodology is establishing a theory of probable cause. This involves questioning the obvious and considering multiple approaches.
The fifth step of the CompTIA Network+ troubleshooting methodology is to implement a solution or escalate as necessary.
The seventh step of the CompTIA Network+ troubleshooting methodology is to document findings, actions, and outcomes. These should be saved and archived in order to help mitigate issues in the future.
A company requires connectivity between two buildings. The buildings are over 750 meters apart. IT engineers suggest which type of fiber cabling?
Multimode
Single mode
Media conversion
Straight-through
Single mode
Single-mode fiber cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics.
Multimode fiber is inexpensive to deploy compared to single-mode fiber. As such, it does not support high signaling speeds or long distances as single-mode and is more suitable for Local Area Networks (LANs) than Wide Area Networks (WANs).
A media converter is a device that converts one media signaling type to another. A media convertor is not required in this case.
Straight-through refers to cabling such as twisted pair cabling where pins on one end of the cable match the pins on the opposite end.
A security engineer is setting up anomaly detection for suspiciously large file transfers. Which of the following ports should they set up their alert for?
5060
1433
161
445
445
SMB is more typically run directly over TCP port 445. SMB should be restricted to use only on local networks. It is also important that any traffic on the NetBIOS port ranges from 137 to 139.
Simple Network Management Protocol (SNMP) device queries take place over UDP port 161; traps are communicated over UDP port 162.
Microsoft SQL Server uses TCP/1433. SQL has been implemented in relational database management system (RDBMS) platforms by several different vendors.
SIP typically runs over UDP or TCP ports 5060 (unsecured) and 5061 (SIP-TLS). The Session Initiation Protocol (SIP) is one of the most widely used session control protocols.
An IT engineer works with desktop installation technicians who deploy new computers to users. The installation technicians report that users in one area of the building do not achieve network speeds above 100 Mbps. After evaluating the cabling choices, the IT engineer determines that the problem area uses which type of cabling?
Cat 5
Cat 3
Cat 6
Cat 5e
Cat 5
The American National Standards Institute (ANSI) and the Telecommunications Industry Association (TIA)/Electronic Industries Alliance (EIA) have created
categories and standards for twisted pair cabling. Cat 5 cabling supports a maximum speed of 100 Mbps.
Cat 3 cabling is the oldest cabling standard among the choices. This twisted pair cable type supports speeds up to 10 Mbps.
Cat 6 defines a modern implementation of twisted pair cabling that supports speeds up to 10 Gbps.
Cat 5e defines an improvement of Cat 5 cabling by improving speeds from 100 Mbps to 1 Gbps.
A network architect is looking for topologies where each node is wired to its neighbor in a closed loop. Which of the following should they use when connecting and replacing a DSL modem with a layer 2 switch?
Star
Bus
Ring
Mesh
Star
In a star topology, each endpoint node is connected to a central forwarding node, such as a hub, switch, or router.
A mesh topology is commonly used in WANs. In theory, a mesh network requires that each device has a point-to-point link with every other device on the network (fully connected).
A physical bus topology with more than two nodes is a shared access topology, meaning that all nodes share the bandwidth of the media.
In a physical ring topology, each node is wired to its neighbor. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor.
A network technician wants to enable a rule that blocks all traffic that does not match the rule. What is the name of this rule?
Implicit deny
Role-based access
Explicit deny
Antenna placement
Implicit deny
The final default rule is typically to block any traffic that has not matched a rule. This is called an implicit deny.
If the firewall does not have a default implicit deny rule, an explicit deny-all rule can be added manually to the end of the ACL.
Site designs and surveys facilitate robust wireless coverage when all common areas receive a strong signal. Power levels and channel selection should be tuned so that access points do not interfere with one another or broadcast a signal that stations can “hear” but cannot reply to.
Role-based access means that a set of organizational roles are defined, and subjects are allocated to those roles.
A network technician is looking at leaf layer access switches of a SDN. What are these implemented as?
SAWs
LER
FCoE
ToR
ToR
The leaf layer access switches are implemented as top-of-rack (ToR) switch models. These are switch models designed to provide high-speed connectivity to a rack of server appliances.
Fibre Channel over Ethernet (FCoE) is a means of delivering Fibre Channel packets over Ethernet cabling and switches.
A Label Edge Router (LER) inserts or “pushes” a label or “shim” header into each packet sent from routers below it, and then forwards it to an LSR to determine the Label Switched Path (LSP) for the packet.
SAWs are secure administrative workstations that are hardened and are used solely to manage servers.
A working physical server is experiencing network connectivity issues after switching connections to another physical port on a basic layer 2 switch. Identify the most likely problem with the switch.
Blocked TCP ports
Incorrect cable type
Duplicate IP address
Hardware failure
Hardware failure
A bad physical port or a hardware failure is most likely the cause of the issue, as the connection to the previous physical switch port was working fine.
A basic layer 2 switch does not have the capability of blocking TCP ports. This would be appropriate for a network firewall appliance to handle.
A duplicate IP address is not the case because network connectivity works when returning the network cable to the previously used port.
The cable type is most likely compatible if it is connecting to the same switch. Even if a small form factor pluggable (SFP) module was used, the module can be switched out as well with the network cable into another physical port on that switch.
A manager informs a support technician that users spend too much time using company computers for personal reasons. Which of the following can the technician implement to address the issue?
Proxy server
Smart jack
Content filter
Load Balancer
Content filter
A content filter is designed for corporate control over employees’ Internet use. It can be implemented as a standalone appliance or proxy server software. Content filters can be applied in a number of ways, such as by using categories (games, gambling, weapons, etc.).
A proxy server is used as a middle-man for network access, such as Internet access. A proxy can control what a system can or cannot connect to.
A load balancer distributes client requests across available systems such as server nodes in a farm or pool. Clients use the single name/IP address of the load balancer to connect to the servers in the farm.
A T1 line is usually terminated at a smart jack or network interface unit (NIU), which contains line testing facilities for the telco to use. This allows the service provider to test the line remotely.
