Bonus Exam 1

Question 1

You are looking at network traffic and see a large amount of traffic on UDP port 53; what type of traffic is this?

A. SSH

B. DNS

C. FTP

D. SMTP

Answer 1

B. DNS

DNS query traffic uses the UDP protocol and port 53.

Question 2

You are having problems with an FTP application and your firewall; what should you use to fix the issue?

A. Active mode

B. A different port number

C. Passive mode

D. A TCP port above 1023

Answer 2

C. Passive mode

Passive mode FTP operates by allowing the client to open the data channel to the server. Active mode requires the data channel be open from the server to the client, which causes issues with firewalls.

Question 3

You are collaborating with a network application developer on an application they are designing. The developer states she does not want to write code for checking the delivery of data. Which transport layer should you recommend?

A. ICMP

B. TFTP

C. UDP

D. TCP

Answer 3

D. TCP

The Transmission Control Protocol (TCP) has sequencing and acknowledgment of segments built in—the application designer does not need to worry about this function if TCP is used.

Question 4

Which OSI layer is responsible for the logical assignment of addressing?

A. Network

B. Presentation

C. Transport

D. Data link

Answer 4

A. Network

The network layer is responsible for the logical assignment of IP addressing for networks, subnets, and hosts. The data link layer is responsible for physical assignment of MAC addresses.

Question 5

What is the benefit of network segmentation?

A. Decreased broadcast domains

B. Increased broadcast domains

C. Decreased collision domains

D. Increased collision domains

Answer 5

B. Increased broadcast domains

Network segmentation increases the number of broadcast domains. This effectively decreases the number of broadcasts seen on a network segment and effectively increases bandwidth.

Question 6

How is the root bridge selected with the Spanning Tree Protocol (STP)?

A. Lowest MAC address and highest bridge priority

B. Lowest MAC address and lowest bridge priority

C. Highest MAC address and highest bridge priority

D. Highest MAC address and lowest bridge priority

Answer 6

B. Lowest MAC address and lowest bridge priority

The lowest MAC address and lowest bridge priority in the network are selected as the root bridge.

Question 7

You find that when a computer is turned on, it does not get a link light for about 1 minute. What should be done to fix the issue with minimal effect to the network?

A. Turn off the Spanning Tree Protocol on the switch

B. Configure port security on the port

C. Configure BPDU Guard on the port

D. Configure Spanning Tree PortFaston the port

Answer 7

D. Configure Spanning Tree PortFaston the port

Spanning Tree PortFast will change the order of blocking, listening, learning, and forwarding for traffic during convergence to forwarding, listening, and learning. This will allow for an immediate link light and forwarding of data during convergence.

Question 8

You have an identical route for both a static route and OSPF route in your routing table, each to different destination gateways. What mechanism will allow static routes to be preferred over OSPF?

A. The static metrics are higher than the OSPF metrics

B. Administrative distance

C. The order of the route statements

D. The configuration of default gateway command

Answer 8

B. Administrative distance

The administrative distance of a static route is 1 as opposed to OSPF, which is 110. The lowest administrative distance associated with the route will always be preferred over a higher administrative distance.

Question 9

You require the subnetting of the network address 192.168.1.0 to allow for 10 hosts per subnet while maintaining the maximum number of subnets. What should the subnet mask be?

A. 255.255.255.192

B. 255.255.255.224

C. 255.255.255.240

D. 255.255.255.248

Answer 9

C. 255.255.255.240

The subnet mask of 255.255.255.240 will allow for 14 hosts per subnet and a maximum of 16 subnets.

Question 10

You need to cover a warehouse with wireless. The distances for many of the wireless access points will require additional switches. What can be implemented to reduce costs and maintain wireless coverage?

A. Power injectors

B. Mesh wireless network

C. Fiber-optic media converters

D. Coaxial media converters

Answer 10

B. Mesh wireless network

Mesh wireless networks reduce the costs of direct network cables to each WAP. Each mesh WAP will backhaul network communications over a separate wireless channel or frequency from the wireless channel/frequency used for service of the clients.

Question 11

You have implemented IPv6 and EUI-64 on your network. You need to obtain the MAC address from the IPv6 address of 2001:0DB8::0301:24FF:FE56:7C7C. What is the MAC address?

A. 02:01:24:56:7C:7C

B. 03:01:24:56:7C:7C

C. 24:FF:FE:56:7C:7C

D. 01:01:24:56:7C:7C

Answer 11

D. 01:01:24:56:7C:7C

The FF:FE in the middle is padding that should be removed. Then the 7nd (U/L) bit in the first byte of the MAC address needs to be flipped back from 1 to 0, which reveals the original MAC address as 01:01:24:56:7C:7C.

Question 12

Your organization requires a cloud-based service for keeping track of customers and service contracts. What type of service is this according to NIST guidelines?

A. IaaS

B. PaaS

C. SaaS

D. CaaS

Answer 12

B. PaaS

A cloud-based service in which you are the end consumer and service is controlled by the vendor is a Platform as a Service (PaaS). Gmail, Salesforce, and WebEx are just some examples.

Question 13

You have a printer that is connected to the network. The printer is too difficult to configure a static IP address. What can be done to ensure that the printer obtains the same IP address every time?

A. Configure an exclusion on the DHCP server

B. Configure a pool on the DHCP server

C. Configure a scope on the DHCP server

D. Configure a MAC reservation on the DHCP server

Answer 13

D. Configure a MAC reservation on the DHCP server

Configuring a MAC reservation for the printer to an IP address in the DHCP pool will ensure that the same IP address is leased to the printer every time.

Question 14

You have been asked to change the IP address in external DNS for a mail server in your organization. Which record can be changed with the least amount of effort?

A. A record

B. MX record

C. PTR record

D. TXT record

Answer 14

A. A record

The alias, or A, record that matches the MX record configured for the mail server should be changed. If you were to change the MX record, a new alias record would need to be created as well, since every MX record contains the FQDN that maps to an alias record.

Question 15

Your company is installing a cable modem at another location and you need to gather supplies to terminate the coaxial cable. What connectors should you gather for the installation?

A. BNC connectors

B. F-connectors

C. LC connectors

D. RJ-45 connectors

Answer 15

B. F-connectors

The F-connector is used on coaxial cables for cable modems. Although RJ-45 might be required to terminate the network cable, the requirement is that you gather supplies for terminating the coaxial cable.

Question 16

Your organization is purchasing two fiber-optic strands from a fiber provider to connect your two locations. The requirement is that communications continue to flow in the event of a transceiver failure. Which transceiver should be used on both ends?

A. SFP+

B. Duplex

C. QSFP

D. Bidirectional

Answer 16

D. Bidirectional

A bidirectional transceiver will utilize one strand of a fiber-optic cable for both transmitting and receiving of data. Using two will make the connection fault tolerant in the event one transceiver fails.

Question 17

Your company has purchased office space that is prewired with Category 6 network cable. Most cable runs to the hosts are 80 meters. What is the maximum speed you will be able to use on this network?

A. 100 Mbps

B. 1 Gbps

C. 10 Gbps

D. 40 Gbps

Answer 17

B. 1 Gbps

The specification of Category 6 wiring is 10 Gbps if the cable run is under 55 meters. Therefore, your maximum transmission speed will be 1 Gbps, because the cable runs are over 55 meters.

Question 18

You have been called in to assess a performance problem in a network. Upon inspection you find that all of the hosts have a high level of collisions and low bandwidth. What should you recommend to solve the performance problem?

A. Replace the network cabling with a higher specification

B. Install a router and segment the network

C. Replace all hubs with switches

D. Force full duplex at the hosts

Answer 18

C. Replace all hubs with switches

A network that suffers from a high amount of collisions and low bandwidth is the direct result of hubs in the network connecting the hosts. Replacing the hubs with switches will alleviate the collisions and low bandwidth. Forcing full duplex at the hosts will only further impact the problem and will not resolve the bandwidth issues.

Question 19

You need to provide Ethernet connectivity to an IP camera that is 5,000 feet away. The solution should be cost effective. What should you recommend?

A. Wireless range extender

B. Media converter with fiber-optic cable

C. Media converter with coaxial cable

D. Wireless mesh network with a bridge

Answer 19

B. Media converter with fiber-optic cable

Installation of a fiber-optic cable with a media converter on both ends is the recommended solution because of the distance. The length of the cable run is too far for coaxial cable. Although a wireless mesh network with a bridge might work, it would be too expensive.

Question 20

You have several fax machines that use normal plain old telephone systems (POTS) lines. You need to eliminate the cost of the POTS lines and utilize the VoIP PBX. What is the most cost-effective solution?

A. Replacing the fax machines with VoIP-capable devices

B. Using scanners and fax gateways

C. Implementing a VoIP gateway

D. Leasing a T1 and channel bank to supply POTS

Answer 20

C. Implementing a VoIP gateway

Implementing a VoIP gateway will allow you to convert POTS lines to VoIP to use the VoIP PBX. Although other solutions may work, they will be more costly.

Question 21

Which hypervisor type allows virtual machines direct access to resources such as processor and memory and has no underlying operating system?

A. Software hypervisor

B. Type 1 hypervisor

C. Type 2 hypervisor

D. All of the above

Answer 21

B. Type 1 hypervisor

Type 1 hypervisors are software running on the hardware that allows direct access to resources such as memory and processor.

Question 22

You need to purchase a storage system for a camera network. The cameras will interface with the storage through SMB storage. Which storage system should be purchased?

A. DAS

B. SAN

C. NAS

D. Fibre Channel

Answer 22

C. NAS

Network attached storage (NAS) is a storage system that has a self-contained filer such as Server Message Blocks (SMB) or Network File System (NFS) that can be connected to the network.

Question 23

Your organization is building a large private cloud and requires a Fibre Channel SAN. The design should minimize the amount of cabling to each server. What would be your recommendation?

A. iSCSI

B. Arbitrated loop Fibre Channel

C. Dedicated Fibre Channel

D. FCoE

Answer 23

D. FCoE

Fibre Channel over Ethernet (FCoE) combines both the Ethernet connectivity and the Fibre Channel connectivity over the same cable, thus reducing cabling. The converged network adapter (CNA) is presented in the operating system as both a Fibre Channel card and a network interface card (NIC) at the host.

Question 24

Your organization requires Internet connectivity at a remote site. The site has a rough terrain that prevents many providers from servicing the location. What WAN technology should be investigated that will provide connectivity with low latency?

A. Satellite

B. Dial-up

C. WiMAX

D. MPLS

Answer 24

C. WiMAX

Worldwide Interoperability for Microwave Access (WiMAX) is a connectivity technology similar to Wi-Fi. An access card or access point is installed that supplies Internet access to the remote location. Although satellite communications can be used, severe latency results due to the distance the signal would travel.

Question 25

Which diagram should you create that will provide an overview of how your main website delivers email?

A. Physical diagram

B. MDF diagram

C. Logical diagram

D. Rack diagram

Answer 25

C. Logical diagram

A logical diagram is an overview of how a system or systems function to provide a set of services. A physical diagram is a detailed diagram of why the systems work to include physical connections.

Question 26

You have two gateway routers to the Internet. You want to provide a failover to the second gateway router in the event one of the gateway routers fail. What should be implemented?

A. Round-robin DNS

B. GLBP

C. VRRP

D. Mesh network

Answer 26

C. VRRP

Virtual Router Redundancy Protocol (VRRP) allows two or more gateway routers to function in an active/passive configuration. If one of the gateway routers were to fail, the passive gateway router would be used.

Question 27

You have two network switches that are connected with a 1 Gbps link. You find that traffic is saturating the single link. What is the most cost-effective solution?

A. Implement HSRP

B. Purchase 10 Gbps transceivers

C. Implement FHRP

D. Implement port aggregation

Answer 27

D. Implement port aggregation

Implementing port aggregation and bonding two or more 1 Gbps links together will increase the bandwidth of the two switches. This is the most cost-effective solution.

Question 28

Which RAID level is the most cost effective for ensuring that the operating system will be fault tolerant in the event of a drive failure?

A. RAID 0

B. RAID 1

C. RAID 5

D. RAID 6

Answer 28

B. RAID 1

The most cost-effective RAID level is mirroring (RAID 1). It requires two identically sized drives in which all data is mirrored. In the event of a failure, there is no performance penalty to the operating system.

Question 29

You need to purchase an uninterruptable power supply (UPS) for your data center. The requirements are conditioned power and the best transition of power in the event of a power failure. Which type of UPS should you invest in?

A. Online

B. Line interactive

C. Power conditioning

D. Standby

Answer 29

A. Online

An online UPS provides both power conditioning and the best transition to battery backup of all UPS types. The power into an online UPS supplies a rectifier/charging circuit that provides a charge to the batteries. The batteries supply voltage to the inverter circuit that provide AC voltage to the equipment. In the event of a power failure, the rectifier/charging circuit no longer supplies a charge and the unit continues on battery power.

Question 30

Your organization is shopping for cloud providers. Which service level agreement (SLA) will provide less than 10 minutes of downtime per year and remain cost effective?

A. 99.9%

B. 99.99%

C. 99.999%

D. 99.9999%

Answer 30

C. 99.999%

A service level agreement (SLA) of 99.999% (also called five nines) will contractually obligate the provider to 5.26 minutes of downtime per year. Although six nines will contractually obligate the provider to 31.5 seconds of downtime per year, the service may not be cost effective.

Question 31

Which tool allows you to audit the configuration and compliance of host-based firewalls on your servers?

A. MBSA

B. Nmap

C. Nessus

D. WSUS

Answer 31

B. Nmap

The Nmap port scanning utility provides you with the details of compliance and current configuration for host-based firewalls on servers. It does this by showing you open and closed ports when you scan the host.

Question 32

You need to capture network traffic at the device to verify that it is reaching a network device. What method can be used to capture the network traffic at the device?

A. Capture the traffic from the source

B. Implement SPAN

C. Capture traffic on another port on the same switch of the device

D. Capture traffic on another port on the same switch of the source

Answer 32

B. Implement SPAN

Switched Port Analyzer (SPAN), or port mirroring, will allow the mirroring of all traffic on a specific port. This will enable you to capture the traffic directed to the network device.

Question 33

You are required to install a remote access file server. The file server must encrypt all file transfers and require the least amount of firewall configuration. Which remote access file server should you install?

A. FTPS

B. TFTP

C. SFTP

D. RDP

Answer 33

C. SFTP

The SSH File Transfer Protocol (SFTP) will encrypt all file transfers and is identical to SSH in respect to firewall requirements. Only TCP port 22 must be configured for inbound connections. File Transfer Protocol Secure (FTPS) is similar in firewall requirements to FTP and will require a great deal of configuration.

Question 34

The helpdesk receives a number of calls for the reset of new employee passwords and lookup of their email address for ordering business cards. What policy or procedure should be updated to alleviate this problem?

A. Bring your own device (BYOD) policy

B. Password policy

C. Acceptable use policy (AUP) policy

D. On-boarding procedure

Answer 34

D. On-boarding procedure

The on-boarding procedure should be updated to include the initial password reset and initial email lookup process. The bring your own device (BYOD) policy, password policy, and acceptable use policy (AUP) policy should all be components of the on-boarding procedures for a new employee.

Question 35

You need to implement a new cloud-based service for your users. The login requirement is that the same username and password be used for the cloud service as is used to logon to the network. What should you investigate with the cloud-based service?

A. Kerberos authentication

B. Federated services authentication

C. RADIUS authentication

D. Pass-through authentication

Answer 35

B. Federated services authentication

The use of federated services authentication allows for single sign-on (SSO) of the user. Federated services such as Active Directory Federated Services (ADFS) and Shibboleth use claims sent to the cloud service on behalf of the user; this in turn logs the user into the cloud service.

Question 36

Several of your users have taken it upon themselves to bring in wireless access points (WAPs) and plug them into the network. What can be done with the least amount of administrative burden to restrict this from being done in the future?

A. Network access control (NAC)

B. MAC filtering

C. Port security

D. Captive portal

Answer 36

C. Port security

Port security should be implemented with the sticky subcommand, which will restrict the number of MAC addresses that can be associated with a physical port to the first learned MAC addresses. Network access control (NAC) and the use of a captive portal will not restrict the WAP from being plugged into the port in the future, and MAC filtering requires a high degree of administrative overhead.

Question 37

You have been asked to research the encryption that your organization uses for wireless. The wireless in your organization is secured with Wi-Fi Protected Access II (WPA2). What is the encryption algorithm that is used?

A. MD5

B. SHA1

C. RC4

D. AES

Answer 37

D. AES

Wi-Fi Protected Access II (WPA2) uses Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP) – Advanced Encryption Standard (AES) as the encryption method.

Question 38

You need to implement an open standard authentication method for wireless. The authentication method must be able to authenticate hosts with certificates. Which authentication method should you implement?

A. PEAP

B. LEAP

C. EAP-FAST

D. EAP-TLS

Answer 38

D. EAP-TLS

Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) is an open standard defined by the Internet Engineering Task Force (IETF). EAP-TLS can be used with certificates or preshared (PSK) to authenticate hosts.

Question 39

Several emails have been received by your organization that require the users to login to view a PDF document. Many of the users complain that they enter their credentials, but nothing shows up. What possible type of attack is this?

A. Logic bomb

B. Phishing

C. Spoofing

D. Deauthentication

Answer 39

B. Phishing

Phishing is an attack where an attacker attempts to gain the username, password, and other personally identifiable information (PII) from a victim.

Question 40

Which proactive method can thwart a man-in-the-middle (MitM) attack?

A. Secure protocols

B. Strong passwords

C. File hashing

D. Disabling services

Answer 40

A. Secure protocols

Secure protocols can thwart an MitM attack. An MitM attack is when an attacker eavesdrops on a conversation, impersonating both sides of the conversation in an attempt to steal information.

Question 41

Recently you’ve had several reports that spurious DHCP servers have been operating in your network. What can be done to prevent this in the future?

A. Configuring ACLs

B. Implementing DHCP snooping

C. Implementing MAC filtering

D. Implementing DHCP Guard

Answer 41

B. Implementing DHCP snooping

Implementing DHCP snooping can prevent spurious, also known as rouge, DHCP servers from answering DHCP discover messages from clients. Only the trusted port that the DHCP server resides on will be allowed to answer DHCP discover messages.

Question 42

Which Microsoft feature prevents an application from inadvertently using a privileged accounts rights to make unauthorized changes?

A. AUP

B. SFC

C. UAC

D. HID

Answer 42

C. UAC

User Access Control (UAC) is a feature that prevents an application from inadvertently using a privileged account’s rights to make unauthorized changes without user intervention.

Question 43

What diagnostic step is required so that you can test a probable cause of a problem?

A. Identifying the problem

B. Duplicating the problem

C. Questioning users

D. Documenting the problem

Answer 43

A. Identifying the problem

The identification of the problem is the only required step to testing a probable cause of the problem. Duplicating the problem and questioning users are optional steps if you have already identified the problem and have developed a hypothesis.

Question 44

A maintenance worker recently installed a new network cable. You are having trouble achieving speeds advertised with Category 6a of 10 Gbps. Which tool will help you verify that the cable was installed correctly?

A. Cable tester

B. Time domain reflectometer (TDR)

C. Cable certifier

D. Tone generator

Answer 44

C. Cable certifier

A cable certifier will allow you to test the cable installation and certify that the installed cable and connections are to Category 6a specifications. Although this will not identify the problem, it will rule out the cable installation as the problem.

Question 45

You recently had a fiber-optic line installed and you are intermittently seeing down-up events on the line. Which tool can help you identify dirty optic contributing to signal loss?

A. Optical time domain reflectometer (OTDR)

B. Optical power meter (OPM)

C. Optical loopback

D. Small form-factor pluggable (SFP)

Answer 45

B. Optical power meter (OPM)

An OPM, also called a light meter, is used to determine signal loss. Some SFP+ transceivers will also report signal strength, but normal SFP transceivers do not perform that function.

Question 46

Several users report that when trying to reach a website, they receive an error that the hostname cannot be resolved. What should you test first in your diagnostic of the problem?

A. nslookup to verify name resolution

B. ipconfig/release to flush DNS entries

C. ping to verify that the site is responding

D. tracert to identify the path the packet is being routed to

Answer 46

A. nslookup to verify name resolution

Because the information gathered from talking to the users indicates the problem is DNS resolution, the first step is to check DNS resolution. The nslookup command will assist you in verifying that the hostname resolves.

Question 47

Which command will help identify the IP address of a rogue DHCP server?

A. ifconfig

B. ipconfig/renew

C. ipconfig/all

D. netstat -nab

Answer 47

C. ipconfig/all

The command ipconfig/all will detail the IP address of the DHCP server the lease was granted by, as seen in the following output. The ipconfig/renew will provide an output of the leased IP address, but not the DHCP server that granted the lease.

Question 48

Which command will allow you to check the DNS resolution for the MX records of sybex.com from the server 8.8.8.8?

A. nslookup -type=mx sybex.com -server 8.8.8.8

B. nslookup mx sybex.com 8.8.8.8

C. nslookup -type=mx -server 8.8.8.8 sybex.com

D. nslookup -type=mx sybex.com 8.8.8.8

Answer 48

D. nslookup -type=mx sybex.com 8.8.8.8

The command nslookup followed by the parameter -type={resource record}, followed by the parameter of the FQDN, then followed by the server, will result in the following output: