CertMaster

Question 1

South traffic

Answer 1

API calls between SDN controller + infrastructure devices

SDN inserts control layer between application layer + infrastructure layer

Question 2

North traffic

Answer 2

Interface between SDN applications + SDN controller

“Service interface”

Question 3

Reasons to NOT use WPA2

Answer 3

WPA2 not supported by some adapters

WPA2 not supported by some APs

WPA2 not supported by some OS

Question 4

Reason to implement RBAC + least privilege

Answer 4

Give rights to users implicitly

Grant users sufficient rights to perform job

Question 5

AAA server that can validate user credentials to provide remote access

Answer 5

RADIUS

Remote access devices (i.e.) VPN servers function as client devices of RADIUS server

Question 6

Authentication protocol that may detect when server is down

Answer 6

TACACS+

Authenticating administrative access to routers + switches

Uses reliable delivery offered by TCP to help detect if server is down

Question 7

What wireless standard uses 2.4 GHz spectrum + OFDM

Answer 7

802.11b

Question 8

Reasons to document findings, actions, outcomes during troubleshooting process

Answer 8

Creates installation procedures

Establishes new baseline for template

Question 9

Part of MAC address that determines whether frame is addressed to individual node or group

Answer 9

I/G bit

Individual (0)

Group (1)

Question 10

Network topology commonly used in variety of WANs

Answer 10

Mesh

Question 11

Allows fine-grained control over traffic parameters

Answer 11

QoS

via protocols like MPLS

Question 12

Functions of CoS

Answer 12

Categorize protocols into groups that require different service levels

Provide tagging mechanism to identify frame/packet class

Question 13

Framework that classifies each packet passing through a device

Answer 13

Differentiated Services (DiffServ)

Router policies can then be defined to use packet classification to prioritize delivery

Question 14

What should be implemented to limit clutter when installing multi-functional phones

Answer 14

PoE

QoS

Question 15

Solution where leased fiber link is terminated at demarc

Answer 15

Fiber to the Premises (FTTP)

Question 16

Solution that retains some copper wiring to the demarc while extending fiber link to communications cabinet servicing multiple subscribers

Answer 16

Fiber to the Node (FTTN)

Question 17

Used by service providers based in telephone networks to support FTTC

Answer 17

Very high-speed DSL (VDSL)

Allows for asymmetric + symmetric modes

Question 18

How a T1 line is terminated at demarc

Answer 18

Smartjack

RJ-48C / RJ-48X interface on customer side

Question 19

Device that controls logical network traffic

Answer 19

Router

IP address = logical addresses

Question 20

Framework for deploying multiple types of authentication protocols + technologies

Answer 20

EAP

Question 21

Packets that are moving through network from hosts to endpoints

Answer 21

Send / receive traffic

Question 22

Cable type that uses RG-59 / RG-6

Answer 22

Coaxial

Question 23

Commands to test remote server’s network configuration + confirm packet’s routing path

Answer 23

ping

tracert/traceroute

Question 24

Diagram that shows data path between client + server

Answer 24

Physical network diagram

Logical network diagram

Wiring diagram

Question 25

Step in troubleshooting process that involves approaching multiple problems individually

Answer 25

Step 1

Part of identifying the problem

Question 26

OSI layer in which deciding between wired / wireless AP belongs

Answer 26

Physical

Question 27

Network function of a bridge

Answer 27

Connects different networks as if they were one

Question 28

Topology of 2 or more nodes that share access to network but only 1 node can be active at any 1 time

Answer 28

Bus

Question 29

E-line / E-LAN services are examples of what type of network

Answer 29

MAN

Question 30

Protocols to connect multiple branch locations to main database located in central location

Answer 30

mGRE - supports point-to-multipoint links

MPLS - supports point-to-point / point-to-multipoint links between nodes regardless of underlying physical + data link topologies

Question 31

Punchdown tool with adjustable blades on 1 end

Answer 31

BIX

Question 32

Punchdown tool with scissor-like function on front instead of set blade

Answer 32

Krone

Question 33

110 vs 66 punchdown block

Answer 33

110 - LAN technology + RJ-45

66 - telecom + phone panels

Question 34

Fiber connection to use when space is limited

Answer 34

LC

Question 35

Converter that may accept multiple LC connections

Answer 35

SFP

Question 36

Transceiver form factor that supports 4 x 1 Gbps links, typically aggregated into a single 4 Gbps channel

Answer 36

QSFP

Question 37

Widely deployed pinout standard

Answer 37

TIA/EIA 568b

Question 38

How to verify network service installation + that device can communicate with Layer 3 switch

Answer 38

Ping loopback (confirms TCP/IP is correctly installed)

Ping default gateway

Question 39

Functions of CIDR

Answer 39

Uses bits normally assigned to network ID to mask complexity of subnet + host addressing scheme within network

Enables maintaining 1 routing table instead of multiple tables

Question 40

Function of VLSM

Answer 40

Allows network designer to allocate ranges of IP addresses to subnets that match predicted need for number of subnets + hosts per subnet

Question 41

SIP Uniform Resource Indicator (URI) for employee “Corn Pig” / phone number “1234567890” / domain “@abccompany”

Answer 41

sip: corn.pig@abccompany.com
sip: corn.pig@1234567890

Question 42

Protocol that provides additional options, rather than only leases, for host IP addresses

Answer 42

DHCPv6

Used with IPV6

Question 43

Port that must be enabled to access file repository through web-based interface

Answer 43

80

Question 44

Protocol that uses Network Level Authentication (NLA) which requires client to authenticate before full remote session starts

Answer 44

RDP

Question 45

Protocol that allows for protected dialog between client + server by assigning web server digital certificate issued by CA

Answer 45

HTTPS

Question 46

Used by DHCP servers to issue configuration options

Answer 46

Scope options

Question 47

Minimum DHCP scope options to simplify adding computers to domain

Answer 47

Default gateway

DNS IP addresses

NTP IP addresses

Question 48

Benefits of each cloud model

Answer 48

Hybrid - utilization benefits

Community - shared costs

Public - multi-tenant use

Private - Third-party secure

Question 49

System to enable voice message functionality i.e. voice message functionality

Answer 49

VoIP Private Branch Exchange (PBX)

Question 50

Translates between VoIP systems and legacy voice equipment

Answer 50

Voice gateway

Question 51

Features provided by forward proxy server

Answer 51

Caching engine

Traffic filtering (protocol-specific outbound traffic)

Question 52

Proxy configured with filters for multiple protocol types

Answer 52

Multipurpose proxy

Question 53

AP in bridged mode

Answer 53

Doesn’t support wireless clients

Question 54

Transparent vs nontransparent vs web proxy

Answer 54

Transparent - no client configuration (implemented on inline appliance)

Nontransparent - requires client configuration (port 8080)

Web - prevent malware from Internet, block spam, restrict browsing to authorized sites

Question 55

QoS functional planes

Answer 55

Control plane - how to prioritize traffic

Data plane - switching of traffic

Management plane - monitors traffic conditions

As traffic conditions change, changes occur at control + data plane levels

QoS service is basically a traffic shaper

Question 56

Used to interconnect switches on large networks

Answer 56

Trunks

Question 57

CSMA/CA vs CSMA/CD

Answer 57

CSMA/CA - nodes listen + transmit when media is clear

CSMA/CD - simultaneous node transmission + jam signal

Question 58

Configure VoIP on existing data network without using trunk ports

Answer 58

Auxiliary VLAN

Multiple broadcast domains

Question 59

Considerations when selecting AP to reach all users in area

Answer 59

Omnidirectional antennas

2.4 + 5.0 GHz bands

Question 60

Cellular technology real-world speeds

Answer 60

5G - 300 Mbps

4G/4G LTE - 20 Mbps

3G - 3.1 Mbps down + 1.8 Mbps up

Question 61

Cellular technologies that don’t accept SIM cards

Answer 61

Code Division Multiple Access (CDMA)

3G

Question 62

Cellular technologies that can accept SIM cards

Answer 62

GSM

LTE

Question 63

Define value of numbers: 4x4:2

Answer 63

Number of transmit antennas x number of receive antennas : number of simultaneous transmit + receive streams

Question 64

Indicator to help identify problem with slow network connections despite high bandwidth configuration

Answer 64

Latency

Question 65

What to implement to provide port-based authentication for network access to devices

Answer 65

802.1X

Port-based Network Access Control (PNAC)

Question 66

Protocol switch authenticating via 802.1X would use

Answer 66

EAP over LAN (EAPoL)

Question 67

Protocol to mitigate risk of rogue APs

Answer 67

EAP-TLS

Authentication server + clients perform mutual authentication

Question 68

Protocol that allows an AP to forward authentication data without allowing any other type of network access

Answer 68

EAP over Wireless (EAPoW)

Question 69

Biometric recognition as intrusion detection / continuous authentication mechanism

Answer 69

Something you do

Behavioral biometric recognition

Subject to high error rates

Question 70

Types of attacks that can utilize pharming, DoS, traffic interception + cache corruption

Answer 70

DNS poisoning

ARP poisoning

Question 71

How to configure AP if it must support entire location on its own

Answer 71

Mount AP in ceiling

Configure maximum power output

Question 72

Wireless access features that can support + secure a guest network that should only be accessible to customers in immediate lobby area of office floor

Answer 72

Captive portal

Network isolation

Power levels

Question 73

Effective ways to ensure security of physical switch port access

Answer 73

Disabling switch port using management software

Isolating ports to black hole VLAN

Configuring MAC filtering on switch

Question 74

MAC limiting vs MAC filtering

Answer 74

MAC limiting - restricts number of address (drops any traffic beyond maximum connected addresses)

MAC filtering - defining which addresses are permitted to connect to switch port

Question 75

Sending data over internet where data + original IP address are encrypted

Answer 75

Transport mode

Secure communication between hosts on private network

ESP - only payload data is encrypted

AH - provide integrity for IP header

Question 76

Mode used for communication between VPN gateways across unsecure network

Answer 76

Tunnel mode

AKA “router implementation”

ESP - whole packet is encrypted + encapsulated

AH - no real use in tunnel mode

Question 77

Policy that secures authentication mechanism that a host must be able to match at least 1 matching security method to establish connection

Answer 77

IPSec

Secure local network communication + remote access protocol

Each host required to use IPSec must be assigned a policy

Question 78

Authentication methods to ensure only authorized collection of users are connecting securely to network

Answer 78

PSK

Group authentication

MAC filtering

Question 79

Method used to encapsulate IP packets for transmission over serial digital lines

Answer 79

Point-to-point protocol (PPP)

Works at Data Link layer

Used to communicate multiprotocol data between 2 routers

No security mechanisms (must be used with other protocols to provision secure tunnel)

Question 80

Layer 3 encapsulation protocol

Answer 80

Generic Routing Encapsulation (GRE)

Can encapsulate IP packet as payload

Doesn’t have any mechanisms for authenticating users / devices (often used with other protocols in VPN solution)

Question 81

Biometric authentication considerations

Answer 81

Users find biometric recognition invades privacy

Biometric recognition technology can be discriminatory

Setup + maintenance costs for biometric recognition are high

Question 82

Layers of security to detect + alert to tampering of devices

Answer 82

Tamper detection

Circuit alarm

Duress alarm

Question 83

Benefits of surveillance systems

Answer 83

Detect attempts to penetrate barricade

Improve resilience of perimeter gateways

Recording movement + access

Question 84

Physical security policies to control access to specific authorized access zones

Answer 84

ID badge

Lock mechanism

Question 85

Methods to help pinpoint / isolate actual issue user, system, organization may be experiencing

Answer 85

Question users

Duplicate the problem

Question 86

User can reach Internet but can’t access internal network resources while out of office

Answer 86

Incorrect DNS

Question 87

Troubleshooting step that includes open + closed approaches to obtaining information

Answer 87

Question users

Question 88

Logical approach that allows methodical steps to diagnose cause of network issue

Answer 88

OSI reference model guidance

Question 89

Method to identify which device is experiencing issues when too much jitter suspected on network backbone

Answer 89

LED status indicators

Question 90

Tool to test fiber optic cable spectral attenuation to ensure each channel has enough power to support wavelength division multiplexing

Answer 90

Optical spectrum analyzer (OSA)

Question 91

PoE cable requirements

Answer 91

PoE - Cat 3 or better

PoE+ - Cat 5e or better

Should use shielded cabling (capable of dispersing heat more efficiently than unshielded)

Question 92

Sources of fiber optic signal loss

Answer 92

Dirty optical cables

Incorrect transceivers

Mismatched coupled cables

Question 93

Command to examine OUTPUT chain in Linux

Answer 93

iptables

Question 94

All telnet operations are sent as:

Answer 94

8 bits

Question 95

Service to make management of allocated IP addresses easier

Answer 95

IPAM

Scans DHCP + DNS servers

Log IP address usage to database

Used to manage + reconfigure DHCP + DNS servers remotely

Question 96

Command to visualize general NetFlow data on command line

Answer 96

Show ip cache flow

Question 97

Command-line packet capturing utility

Answer 97

tcpdump

Question 98

Sum of transmit power, antenna cable / connection loss, antenna gain

Answer 98

Effective Isotropic Radiated Power (EIRP)

Question 99

Issue indicated by being redirected to HTTP rather than HTTPS site

Answer 99

Captive portal

Should use HTTPS

Most modern browsers will block redirection to sites that don’t use TLS

Question 100

Reason that number of ports available on a router may be restricted

Answer 100

Licensed feature issue

May affect number of ports available, number of routes allowed in routing table, availability of routing protocols

Question 101

Reasons a certificate could be untrusted

Answer 101

Certificate subject name doesn’t match URL

Certificate not being used for its stated purpose

Certificate is expired / revoked

Question 102

Possible risks associated with BYOD devices

Answer 102

Compatibility / support

Security

Question 103

Reason to shorten DHCP lease times

Answer 103

Avoid expired IP addresses