CH.3 EXPLORING NETWORK TECHNOLOGIES

Question 1

An outside consultant performed an audit of the Municipal House of Pancakes network. She identified a legacy protocol being used to access browser-based interfaces on switches and routers within the network. She recommended replacing the legacy protocol with a secure protocol to access these network devices using the same interface. Which of the following protocols should be implemented?

A. The newest fully supported version of SSL
B. The newest fully supported version of TLS
C. The newest fully supported version of LDAPS
D. The newest fully supported version of SNMP

Answer 1

B is correct. The newest version of Transport Layer Security (TLS) should be implemented to access the network devices. Because the scenario says the same interface is needed, the only possible choices are TLS or Secure Sockets Layer (SSL). However, SSL has been deprecated and should not be used. Lightweight Directory Access Protocol Secure (LDAPS) is used to communicate with directories such as Microsoft Active Directory. Simple Network Management Protocol version 3 (SNMPv3) adds security to SNMP and encrypts the credentials sent to and from the network devices, but it doesn’t support access via a browser interface.

Question 2

Your organization’s security policy requires that confidential data transferred over the internal network must be encrypted. Which of the following protocols would BEST meet this requirement?

A. FTP
B. SSH
C. SNMPv3
D. SRTP

Answer 2

B is correct. You can use Secure Shell (SSH) to encrypt confidential data when transmitting it over the network. Secure File Transfer Protocol (SFTP) uses SSH to encrypt File Transfer Protocol (FTP) traffic, but FTP is unencrypted. Simple Network Management Protocol version 3 (SNMPv3) is used to monitor and manage network devices, not transmit data over a network. Secure Real-Time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for voice and video, but not all data.

Question 3

Maggie needs to collect network device configuration information and network statistics from devices on the network. She wants to protect the confidentiality of credentials used to connect to these devices. Which of the following protocols would BEST meet this need?

A. SSH
B. FTPS
C. SNMPv3
D. TLS

Answer 3

Correct Answer: C) SNMPv3
SNMPv3 (Simple Network Management Protocol version 3) allows Maggie to collect configuration information and network statistics while ensuring the confidentiality of credentials. It supports authentication and encryption, making it secure for managing network devices.

A) SSH: Secures remote access to devices but is not designed for collecting network configuration information or statistics.
B) FTPS: Secures file transfers, not network management tasks.
D) TLS: Provides encryption for various protocols but is not specifically used for managing or collecting statistics from network devices.

Question 4

Which one of the following components would not be able to communicate on the data plane of a zero trust network?

A. Subject
B. Enterprise resource
C. Policy enforcement point
D. Policy administrator

Answer 4

D is correct. The Policy Administrator (PA) exists entirely on the control plane. It sends decisions to the Policy Enforcement Point (PEP), which is able to communicate on both the control plane and the data plane. The subject and the enterprise resource that the subject wishes to access communicate only on the data plane and may not access the control plane.

Question 5

You are configuring a web server that will contain information about your organization and receive orders from your customers. Which one of the following network locations is the best placement for this server?

A. Screened subnet
B. Intranet
C. Extranet
D. Internet

Answer 5

A is correct. Systems that must be accessed by the general public should always be placed on the screened subnet. This network is designed to house systems that require public access but still must be secured. Organizations should almost never place systems directly on the Internet because they would not be protected by the firewall. The intranet and extranet are private networks with limited access and would not be appropriate locations for a public web server.

Question 6

Maggie is examining traffic on a network searching for signs of insecure protocol use. She sees communications taking place on several different network ports. Which one of these ports most likely contains insecure traffic?

A. 22
B. 80
C. 443
D. 587

Answer 6

B is correct. Port 80 is used by the unencrypted Hypertext Transfer Protocol (HTTP). Secure web communications should take place using the encrypted HTTP Secure (HTTPS) on port 443. Port 22 is used by Secure Shell (SSH) for encrypted administrative connections and data transfers. Port 587 is used by the Simple Mail Transfer Protocol Secure (SMTPS) to transfer email messages between servers over an encrypted connection.

Question 7

You are tasked with enabling NTP on some servers within your organization’s screened subnet. Which of the following use cases are you MOST likely supporting with this action?

A. Encrypting voice and video transmissions
B. Providing time synchronization
C. Enabling email usage
D. Encrypting data in transit

Answer 7

B is correct. The Network Time Protocol (NTP) provides time synchronization services, so enabling NTP on servers in the screened subnet (sometimes called a demilitarized zone or DMZ) would meet this use case. The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for audio and video over IP networks. Protocols such as Simple Mail Transfer Protocol (SMTP), Post Office Protocol v3 (POP3), and Internet Message Access Protocol version 4 (IMAP4) are used for email. Encrypting data isn’t relevant to time synchronization services provided by NTP.

Question 8

Your organization has several switches in use throughout the internal network. Management wants to implement a security control to prevent unauthorized access to these switches within the network. Which of the following choices would BEST meet this need?

A. Disable unused ports.
B. Disable STP.
C. Enable SSH.
D. Enable DHCP.

Answer 8

A is correct. You can prevent unauthorized access by disabling unused physical ports on the switches as an overall port security practice. This prevents the connection if someone plugs their computer into an unused disabled ports. Spanning Tree Protocol (STP) prevents switching loop problems and should be enabled. Secure Shell (SSH) encrypts traffic and can be used to connect to network devices for management, but it doesn’t directly protect a switch. Dynamic Host Configuration Protocol (DHCP) is used to dynamically issue IP addresses and is unrelated to this scenario.

Question 9

Network administrators manage network devices remotely. However, a recent security audit discovered they are using a protocol that allows them to send credentials over the network in cleartext. Which of the following is the best method to be adopted to eliminate this vulnerability?

A. Use SNMPv2c.
B. Use SSH.
C. Use SSL.
D. Use TLS.

Answer 9

Correct Answer: B) Use SSH
SSH (Secure Shell) is the best method to eliminate the vulnerability of transmitting credentials in cleartext. SSH encrypts the communication, including credentials, ensuring secure remote management of network devices.

A) Use SNMPv2c: Still sends community strings (used as credentials) in cleartext, which does not address the issue. SNMPv3 would be required for encryption.
C) Use SSL: SSL can secure some communications, but it is not specifically designed for managing network devices remotely. Additionally, SSL is outdated, and TLS is the modern replacement.
D) Use TLS: While TLS provides encryption for many protocols (e.g., HTTPS), it is not designed for direct remote management of network devices.

Question 10

Which of the following devices would MOST likely have the following entries used to define its operation?
o permit IP any any eq 80
o permit IP any any eq 443
o deny IP any any

A. Firewall
B. Proxy server
C. Web server
D. Jump server

Answer 10

Correct Answer: A) Firewall
A firewall uses rules like “permit” and “deny” to control traffic flow based on IP addresses, protocols, and ports. The entries in the question represent a typical access control list (ACL) configuration on a firewall, allowing traffic for HTTP (port 80) and HTTPS (port 443) while denying all other traffic.

B) Proxy server: Acts as an intermediary for client-server communication but does not use ACLs to define its operation in this manner.
C) Web server: Hosts websites and responds to HTTP/HTTPS requests but does not control traffic using permit/deny rules.
D) Jump server: Provides secure remote access to other servers but does not use ACL rules like those shown.

Question 11

The Springfield Nuclear Power Plant has several stand-alone computers used for monitoring. Employees log on to these computers using a local account to verify proper operation of various processes. The CIO of the organization has mandated that these computers cannot be connected to the organization’s network or have access to the Internet. Which of the following would BEST meet this requirement?

A. Air gap the computers.
B. Place the computers in a screened subnet.
C. Create a separate isolated network for these computers.
D. Place the computers within a VLAN.

Answer 11

A is correct. The best choice of the available answers is to air gap the computers. An air gap provides physical isolation, indicating that there is a gap of air between an isolated system and other systems. A screened subnet (sometimes called a demilitarized zone or DMZ) provides a buffer between the Internet and an internal network and would connect these computers to both the internal network and the Internet. The scenario doesn’t indicate the computers need to be connected, so a separate isolated network is not needed. Placing the computers within a virtual local area network (VLAN) would connect the computers to a network.

Question 12

You have added another router in your network. This router provides a path to a limited access network that isn’t advertised. However, a network administrator needs to access this network regularly. Which of the following could he do to configure his computer to access this limited network?

A. Implement QoS technologies.
B. Add a VLAN.
C. Use the route command.
D. Open additional ports on the router.

Answer 12

C is correct. The route command can be used to display and manipulate the routing table on a Linux computer. Using this, you can provide another gateway path through this router to the limited access network. None of the other choices can add routing paths.
Quality of Service (QoS) technologies allow administrators to give priority of some network traffic over other network traffic.
A virtual local area network (VLAN) is used to segment or isolate a network, so configuring one won’t grant access to a network.
A router doesn’t have ports that can be opened for individual users.

Question 13

Several servers in your organization’s screened subnet were recently attacked. After analyzing the logs, you discover that many of these attacks used TCP, but the packets were not part of an established TCP session. Which of the following devices would provide the BEST solution to prevent these attacks in the future?

A. Stateless firewall
B. Stateful firewall
C. Network firewall
D. Web application firewall

Answer 13

Answer: B) Stateful firewall
A stateful firewall inspects the state of every TCP connection, ensuring that only packets belonging to a properly established session (e.g., via a valid TCP three-way handshake) are allowed, blocking those that are not part of an established session.

A) Stateless firewall: Filters packets based on static rules like IP, port, or protocol but does not track the state of TCP sessions, making it ineffective against such attacks.
C) Network firewall: A general term that can refer to either stateless or stateful firewalls, lacking specificity to address the problem.
D) Web application firewall (WAF): Protects web applications by filtering HTTP/HTTPS traffic at the application layer, not TCP traffic at the transport layer.

Question 14

Your network currently has a dedicated firewall protecting access to a web server. It is currently configured with only the following two rules in the ACL:
PERMIT TCP ANY ANY 443
PERMIT TCP ANY ANY 80
You have detected DNS requests and DNS zone transfer requests coming through the firewall and you need to block them. Which of the following would meet this goal? (Select TWO. Each answer is a full solution.)

A. Add the following rule to the firewall: DENY TCP ALL ALL 53.
B. Add the following rule to the firewall: DENY UDP ALL ALL 53.
C. Add the following rule to the firewall: DENY TCP ALL ALL 25.
D. Add the following rule to the firewall: DENY IP ALL ALL 53.
E. Add an implicit deny rule at the end of the ACL.

Answer 14

D and E are correct. The easiest way is to add an implicit deny rule at the end of the access control list (ACL) and all firewalls should have this to block all unwanted traffic. You can also deny all IP traffic using port 53 with DENY IP ALL ALL 53.

Domain Name System (DNS) requests use UDP port 53, and DNS zone transfers use TCP port 53, so blocking only TCP 53 or UDP 53 does not block all DNS traffic.

Port 25 is for Simple Mail Transfer Protocol (SMTP) and unrelated to this question.

Question 15

Which layer of the OSI model is responsible for handling IP addresses and routing traffic between networks?

A) Physical
B) Data Link
C) Network
D) Application

Answer 15

C) Network
Explanation: The Network layer (Layer 3) handles IP addressing and routing traffic between different networks.

Question 16

The process of establishing a TCP connection involves which of the following steps?

A) SYN, SYN/ACK, ACK
B) HELLO, SYN, ACK
C) ACK, FIN, SYN
D) SYN, ACK, FIN

Answer 16

Answer: A) SYN, SYN/ACK, ACK
Explanation: A TCP connection is established through a three-way handshake: SYN (synchronize), SYN/ACK (synchronize/acknowledge), and ACK (acknowledge).

Question 17

Which port does Secure Shell (SSH) use to encrypt and secure connections?

A) 21
B) 80
C) 22
D) 443

Answer 17

Answer: C) 22
Explanation: SSH operates on TCP port 22 and encrypts connections, often used for secure remote administration.

Question 18

To secure HTTP traffic, which protocol is used, and on what port does it operate?

A) HTTPS on port 443
B) HTTP on port 80
C) FTP on port 21
D) IMAP on port 143

Answer 18

Answer: A) HTTPS on port 443
Explanation: HTTPS uses SSL/TLS to secure HTTP traffic, and it operates on TCP port 443.

Question 19

Which protocol is used to synchronize time across network devices?

A) DHCP
B) DNS
C) NTP
D) RDP

Answer 19

Answer: C) NTP
Explanation: NTP (Network Time Protocol) is used to synchronize time across devices within a network, which is critical for security and logging.

Question 20

Which layer of the OSI model is responsible for managing MAC addresses and ensuring data is properly framed?

A) Physical
B) Data Link
C) Transport
D) Application

Answer 20

Answer: B) Data Link
The Data Link layer (Layer 2) is responsible for managing MAC (Media Access Control) addresses, ensuring proper framing of data, and handling error detection for frames transmitted over a local network.

A) Physical: Handles raw bit transmission over the physical medium but does not deal with MAC addresses or data framing.
C) Transport: Manages end-to-end communication, reliability, and port numbers but not MAC addressing or framing.
D) Application: Provides network services to applications and user interfaces but is not involved in MAC address handling or framing.

Question 21

What is the primary purpose of DNS within a network?

A) Assigning IP addresses dynamically
B) Resolving hostnames to IP addresses
C) Encrypting network traffic
D) Monitoring network devices

Answer 21

Answer: B) Resolving hostnames to IP addresses
Explanation: DNS (Domain Name System) resolves hostnames to IP addresses, enabling users to connect to websites using domain names.

Question 22

Which port is used by the Simple Mail Transfer Protocol (SMTP) for sending email securely?

A) 25
B) 110
C) 587
D) 443

Answer 22

Answer: C) 587
Explanation: SMTP uses port 587 for encrypted connections via TLS, while port 25 is typically used for unencrypted connections.

Question 23

What is the purpose of ARP (Address Resolution Protocol) in a network?

A) Resolving domain names to IP addresses
B) Encrypting network traffic
C) Resolving IP addresses to MAC addresses
D) Routing data across different networks

Answer 23

Answer: C) Resolving IP addresses to MAC addresses
Explanation: ARP maps IP addresses to MAC addresses on a local network, enabling devices to communicate directly on the same network.

Question 24

Which OSI layer ensures communication between applications by managing connections and maintaining sessions?

A) Network
B) Transport
C) Presentation
D) Session

Answer 24

Answer: D) Session
The Session layer (Layer 5) is responsible for establishing, managing, and terminating sessions between applications on different devices.

A) Network: Handles routing and forwarding based on IP addresses at Layer 3 but does not manage sessions.
B) Transport: Ensures reliable delivery of data using protocols like TCP but does not manage application-level sessions.
C) Presentation: Focuses on data formatting, encryption, and compression, not session management.

Question 25

Which protocol replaces SSL for securing web traffic?

A) FTP
B) IMAP
C) TLS
D) DHCP

Answer 25

Answer: C) TLS
Explanation: TLS (Transport Layer Security) is the secure successor to SSL, providing encryption and security for web traffic and other protocols.

Question 26

What does the “implicit deny” rule in an access control list (ACL) signify?

A) All traffic is allowed unless specified
B) All traffic is blocked unless explicitly allowed
C) Only secure traffic is allowed
D) Only unencrypted traffic is allowed

Answer 26

Answer: B) All traffic is blocked unless explicitly allowed
Explanation: “Implicit deny” means that any traffic not explicitly allowed by the ACL is automatically denied as a default security measure.

Question 27

What is the purpose of DHCP in a network?

A) Resolving domain names to IP addresses
B) Automatically assigning IP addresses
C) Encrypting traffic
D) Blocking malicious websites

Answer 27

Answer: B) Automatically assigning IP addresses
Explanation: DHCP (Dynamic Host Configuration Protocol) assigns IP addresses to devices on a network dynamically, reducing manual configuration.

Question 28

Which OSI layer is primarily concerned with encryption and data formatting?

A) Session
B) Data Link
C) Presentation
D) Application

Answer 28

Correct Answer: C) Presentation
The Presentation Layer (Layer 6) is primarily concerned with encryption, data formatting, and ensuring that data is presented in a readable and standardized format for the application layer. It handles tasks such as compression, translation, and encryption/decryption of data.

A) Session: Manages sessions or connections between devices but does not handle encryption or data formatting.
B) Data Link: Ensures reliable data transfer within a network segment and handles MAC addressing but does not deal with encryption or formatting.
D) Application: Interfaces directly with the user and applications, relying on the presentation layer for data formatting and encryption.

Question 29

What is the primary purpose of a firewall in network security?

A) Monitoring device performance
B) Filtering traffic to control access
C) Assigning IP addresses
D) Resolving domain names

Answer 29

Answer: B) Filtering traffic to control access
Explanation: Firewalls filter incoming and outgoing traffic based on defined security rules, controlling access to and from a network.

Question 30

Which protocol is commonly used for secure file transfer and uses TCP port 22?

A) FTP
B) SFTP
C) SMTP
D) TFTP

Answer 30

Answer: B) SFTP
SFTP (Secure File Transfer Protocol) is used for secure file transfer and operates over TCP port 22, utilizing SSH for encryption and authentication.

A) FTP: File Transfer Protocol, insecure, uses TCP ports 20 and 21.
C) SMTP: Simple Mail Transfer Protocol, used for sending emails, operates on ports 25 (unsecure) or 587(secure).
D) TFTP: Trivial File Transfer Protocol, insecure, uses UDP port 69.

Question 31

In which OSI layer does the Spanning Tree Protocol (STP) operate to prevent network loops?

A) Physical
B) Data Link
C) Network
D) Transport

Answer 31

Answer: B) Data Link
Explanation: The Data Link layer (Layer 2) hosts protocols like STP that help prevent network loops in switches and bridges.

Question 32

Which of the following protocols is commonly used for domain name resolution and operates over UDP?

A) SMTP
B) ICMP
C) HTTP
D) DNS

Answer 32

Answer: D) DNS (Domain Name System)
DNS resolves domain names to IP addresses and commonly uses UDP for queries on port 53.

A) SMTP (Simple Mail Transfer Protocol): Used for sending emails, operates on TCP ports 25 (insecure) and 587 (secure with STARTTLS).
B) ICMP (Internet Control Message Protocol): Used for network diagnostics (e.g., ping), doesn’t use TCP or UDP, operates at the network layer.
C) HTTP (Hypertext Transfer Protocol): Used for web traffic, operates over TCP port 80 (insecure).

Question 33

Which protocol enables administrators to monitor and manage network devices and uses UDP ports 161 and 162?

A) SSH
B) SNMP
C) SMTP
D) DHCP

Answer 33

Answer: B) SNMP (Simple Network Management Protocol)
SNMP enables administrators to monitor and manage network devices, using UDP port 161 for sending requests and UDP port 162 for receiving traps (alerts from devices).

A) SSH (Secure Shell): Used for secure remote command-line access and file transfer, operates over TCP port 22.
C) SMTP (Simple Mail Transfer Protocol): Used for sending emails, operates on TCP ports 25 (insecure) and 587 (secure with STARTTLS).
D) DHCP (Dynamic Host Configuration Protocol): Used for assigning IP addresses dynamically, operates over UDP ports 67 (server) and 68 (client).Answer:

Question 34

A network administrator needs to secure communication between two remote sites over the internet. Which protocol should they implement to ensure encryption for data in transit?

A) HTTPS
B) IPsec
C) FTP
D) Telnet

Answer 34

Answer: B) IPsec (Internet Protocol Security)
IPsec ensures encryption and secure communication for data in transit over the internet by providing confidentiality, integrity, and authentication at the network layer.

A) HTTPS (Hypertext Transfer Protocol Secure): Secures web traffic over TCP port 443 but is specific to browser-based communication, not general site-to-site communication.
C) FTP (File Transfer Protocol): Used for file transfers over TCP ports 20 and 21 but does not provide encryption.
D) Telnet (Teletype Network): Provides remote access over TCP port 23 but transmits data, including credentials, in plaintext, making it insecure.

Question 35

You are troubleshooting a connectivity issue between two systems on the same local network. You suspect there’s an issue with resolving IP addresses to MAC addresses. Which tool would best assist in diagnosing this issue?

A) Ping
B) ARP
C) Tracert
D) Netstat

Answer 35

Answer: B) ARP
Explanation: The ARP (Address Resolution Protocol) table can be checked to see if IP addresses are correctly mapped to MAC addresses, which is critical for local network communication.

A) Ping: Tests basic connectivity between devices but does not directly address IP-to-MAC resolution issues.
C) Tracert (Trace Route): Tracks the path packets take to reach a remote system, used for diagnosing routing issues, not local address resolution.
D) Netstat (Network Statistics): Displays active network connections and listening ports but does not address IP-to-MAC resolution.

Question 36

A company wants to limit access to certain network resources based on the employees’ department. Which network device and configuration should they use to ensure departments are isolated on the same switch?

A) Router with ACLs
B) Firewall with rules
C) VLANs on a managed switch
D) Hub with port mirroring

Answer 36

Answer: C) VLANs (Virtual Local Area Networks) on a managed switch
VLANs isolate network traffic by logically separating devices on the same physical switch based on departments, ensuring each VLAN has distinct access to resources.

A) Router with ACLs (Access Control Lists): Filters traffic between networks but does not isolate devices on the same switch.
B) Firewall with rules: Controls traffic between networks or zones but isn’t used to separate departments on a single switch.
D) Hub with port mirroring: Hubs broadcast traffic to all connected devices and do not support segmentation or traffic isolation.

Question 37

An organization’s mail server uses SMTP to send emails securely. Which port is typically used to provide this secure transmission?

A) 25
B) 110
C) 443
D) 587

Answer 37

Answer: D) 587
Port 587 is used for secure email transmission with SMTP (Simple Mail Transfer Protocol). It employs STARTTLS to encrypt the connection.

A) 25: Used for SMTP but primarily for relaying emails between servers; it does not inherently support secure transmission.
B) 110: Used for retrieving emails via POP3 (Post Office Protocol version 3), not for sending.
C) 443: Used for HTTPS (Hypertext Transfer Protocol Secure), not related to email communication.

Question 38

A user is experiencing delays when accessing a remote web server. You need to determine the network path taken and identify any delays at specific points. Which command should you use?

A) Ping
B) ARP
C) Netstat
D) Tracert

Answer 38

Answer: D) Tracert
Explanation: The Tracert (or Traceroute) command maps the path taken to reach a destination and highlights delays (latency) at each hop, aiding in network troubleshooting.

Question 39

Which protocol uses port 161 and is essential for monitoring and managing network devices?

A) LDAP
B) SNMP
C) HTTPS
D) ICMP

Answer 39

Answer: B) SNMP
Explanation: SNMP (Simple Network Management Protocol) uses port 161 to manage network devices, allowing centralized monitoring and control of network health.

Question 40

A network technician is configuring a firewall to block all traffic except web traffic and email. Which ports should be allowed to enable only HTTP, HTTPS, SMTP, and IMAP communications?

A) 80, 443, 25, 143
B) 80, 21, 22, 110
C) 23, 53, 443, 993
D) 110, 443, 22, 143

Answer 40

Answer: A) 80, 443, 25, 143
Explanation: HTTP uses port 80, HTTPS uses 443, SMTP (unsecured) uses port 25, and IMAP (unsecured) uses port 143.

Question 41

During a forensic investigation, a security analyst needs to determine the IP address associated with a particular MAC address on a local network. Which protocol provides this resolution?

A) DNS
B) ICMP
C) ARP
D) DHCP

Answer 41

Answer: C) ARP
Explanation: ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses within a local network, aiding forensic analysis.

Question 42

An administrator wants to securely manage several routers and switches across the network from a central location. Which protocol provides secure remote command-line access to these devices?

A) Telnet
B) SSH
C) SNMP
D) RDP

Answer 42

Answer: B) SSH (Secure Shell)
SSH provides secure remote command-line access to routers and switches by encrypting the communication and operating over TCP port 22.

A) Telnet: Provides remote command-line access over TCP port 23, but transmits data in plaintext, making it insecure.
C) SNMP (Simple Network Management Protocol): Used for monitoring and managing network devices, not for interactive command-line access. Operates on UDP ports 161 and 162.
D) RDP (Remote Desktop Protocol): Provides secure graphical remote access, not command-line, and operates on TCP port 3389.

Question 43

An organization wants to implement network redundancy to ensure continuous availability of critical systems in the event of a single switch failure. Which protocol should they use to prevent network loops?

A) OSPF
B) ARP
C) STP
D) RIP

Answer 43

Answer: C) STP (Spanning Tree Protocol)
STP prevents network loops by dynamically disabling redundant paths in a network until they are needed, ensuring continuous availability without loops.

A) OSPF (Open Shortest Path First): A routing protocol used to determine the best path for data between routers, not for preventing loops within a local network.
B) ARP (Address Resolution Protocol): Resolves IP addresses to MAC addresses but doesn’t address redundancy or loop prevention.
D) RIP (Routing Information Protocol): An older routing protocol for finding the best path between networks, not designed for loop prevention in switched networks.

Question 44

A technician is setting up a web server for external access and wants to ensure the data exchanged with users is encrypted. Which protocol and port should they use?

A) HTTP on port 80
B) FTP on port 21
C) HTTPS on port 443
D) Telnet on port 23

Answer 44

Answer: C) HTTPS on port 443
Explanation: HTTPS secures web traffic by encrypting it using TLS and operates on port 443, ensuring secure communication with users.

Question 45

A company’s security team notices an unusual amount of ICMP traffic from an external IP address. What type of attack might this indicate?

A) Phishing
B) DDoS
C) Brute Force
D) Man-in-the-Middle

Answer 45

Answer: B) DDoS (Distributed Denial of Service)
Excessive ICMP traffic, such as a ping flood or ICMP-based DDoS attack (e.g., Smurf attack), is commonly used to overwhelm a network or system, disrupting its availability.

A) Phishing: Involves fraudulent emails or messages to steal sensitive information, not related to ICMP traffic.
C) Brute Force: Focuses on guessing passwords or keys by systematically trying combinations, not associated with ICMP.
D) Man-in-the-Middle: Involves intercepting and manipulating communication between two parties, typically unrelated to ICMP traffic.

Question 46

An organization needs to enforce security policies on devices connected to the network based on MAC addresses. Which configuration should be implemented on the network switch to control access?

A) Port Security
B) Firewall ACLs
C) IPsec Tunneling
D) DHCP Reservations

Answer 46

Answer: A) Port Security
Port Security on network switches restricts access by allowing only specific MAC addresses on a port, preventing unauthorized devices from connecting.

B) Firewall ACLs (Access Control Lists): Filter traffic based on IP addresses, ports, and protocols, not MAC addresses.
C) IPsec (Internet Protocol Security) Tunneling: Encrypts and secures network traffic, but it doesn’t control access based on MAC addresses.
D) DHCP (Dynamic Host Configuration Protocol) Reservations: Assigns specific IP addresses to devices based on MAC addresses but doesn’t enforce access control.

Question 47

Which of the following protocols is connection-oriented and ensures the reliable transmission of data across a network?

A) UDP
B) IP
C) TCP
D) HTTP

Answer 47

Answer: C) TCP
Explanation: TCP (Transmission Control Protocol) is connection-oriented, meaning it establishes a connection and ensures data is reliably transmitted, unlike UDP.

Question 48

To diagnose issues with DNS resolution, a network administrator decides to check the DNS cache on a Windows computer. Which command should they use?

A) Ping
B) Nslookup
C) Ipconfig /displaydns
D) Tracert

Answer 48

Answer: C) Ipconfig /displaydns
The ipconfig /displaydns command shows the contents of the DNS cache on a Windows computer, helping diagnose DNS resolution issues.

A) Ping: Tests connectivity to a host but doesn’t provide DNS cache information.
B) Nslookup: Queries DNS servers directly for resolving domain names but doesn’t display the local DNS cache.
D) Tracert (Trace Route): Maps the path packets take to reach a destination but doesn’t interact with the DNS cache.

Question 49

A network administrator is configuring a VLAN on a switch to segregate the accounting department’s traffic. What is the primary security benefit of this configuration?

A) Prevents IP address spoofing
B) Limits broadcast traffic within the VLAN
C) Blocks internet access
D) Encrypts traffic within the VLAN

Answer 49

Answer: B) Limits broadcast traffic within the VLAN
Configuring a VLAN (Virtual Local Area Network) isolates traffic by department, limiting broadcast traffic to the VLAN and preventing it from reaching other parts of the network.

A) Prevents IP address spoofing: VLANs do not inherently prevent IP spoofing; additional security measures like ACLs are needed.
C) Blocks internet access: VLANs do not block internet access by default; this requires routing or firewall rules.
D) Encrypts traffic within the VLAN: VLANs segment traffic but do not encrypt it; encryption requires protocols like IPsec or TLS.

Question 50

An attacker sends falsified ARP messages on a local network to redirect traffic to their device. What type of attack is this?

A) DoS Attack
B) ARP Spoofing
C) ARP Poisoning
D) Brute Force Attack

Answer 50

Correct Answer: B) ARP Spoofing
ARP Spoofing involves sending falsified ARP messages to associate the attacker’s MAC address with the IP address of another device, redirecting traffic to the attacker’s device.

A) DoS Attack: Denial of Service attacks overwhelm a system or network to make it unavailable, not by falsifying ARP messages.
C) ARP Poisoning: Refers to the result of ARP spoofing, where devices have incorrect ARP table entries. ARP spoofing is the specific method used to achieve this.
D) Brute Force Attack: Involves attempting many combinations of credentials or keys to gain unauthorized access, unrelated to ARP messages.

Question 51

Which OSI layer is responsible for error checking and reliable delivery of data between two devices on a network?

A) Physical
B) Data Link
C) Transport
D) Application

Answer 51

Answer: C) Transport
The Transport layer (Layer 4 of the OSI model) is responsible for error checking and ensuring reliable delivery of data through protocols like TCP (Transmission Control Protocol).

A) Physical: Handles the transmission of raw bits over a physical medium (e.g., cables, radio waves). No error checking at this layer.
B) Data Link: Provides error detection for frames within a local network but does not handle end-to-end reliability.
D) Application: Supports network services and interfaces for user applications but relies on lower layers for error checking and delivery.

Question 52

An organization wants to ensure only authenticated users can send emails on behalf of its domain. Which email security protocol should they implement to verify sender identity?

A) SPF
B) TLS
C) HTTPS
D) SSH

Answer 52

Answer: A) SPF (Sender Policy Framework)
SPF allows the organization to specify which mail servers are authorized to send emails on behalf of its domain, helping verify the sender’s identity and prevent email spoofing.

B) TLS (Transport Layer Security): Encrypts email communication but does not verify sender identity.
C) HTTPS (Hypertext Transfer Protocol Secure): Secures web traffic, not related to email communication or sender verification.
D) SSH (Secure Shell): Provides secure remote command-line access, unrelated to email sender verification.

Question 53

A network administrator wants to block incoming traffic from specific IP addresses suspected of malicious activity. Which type of security control should they configure on the firewall?

A) Implicit Deny
B) Access Control List (ACL)
C) Stateful Inspection
D) NAT

Answer 53

Answer: B) Access Control List (ACL)
Explanation: ACLs on a firewall can specify rules to block or allow traffic from specific IP addresses, making them useful for controlling access.

Question 54

To prevent unauthorized devices from connecting to a wireless network, an organization uses MAC address filtering. What is a key limitation of this approach?

A) Complex configuration
B) Limited range
C) Susceptibility to MAC spoofing
D) Slower connection speeds

Answer 54

Answer: C) Susceptibility to MAC spoofing
Explanation: Attackers can use MAC spoofing to bypass MAC address filtering by imitating an authorized device’s MAC address.

Question 55

An administrator notices that sensitive data is sent over an unencrypted HTTP connection. To secure this traffic, which protocol should replace HTTP?

A) FTP
B) SSH
C) HTTPS
D) SNMP

Answer 55

Answer: C) HTTPS
Explanation: HTTPS uses SSL/TLS encryption to secure data transmission over HTTP, ensuring confidentiality and integrity.

Question 56

In a network segmented with VLANs, which device enables communication between devices in different VLANs?

A) Switch
B) Router
C) Hub
D) Repeater

Answer 56

Answer: B) Router
A router or a Layer 3 switch enables communication between devices in different VLANs by routing traffic between VLANs using their IP addresses.

A) Switch: Switches operate at Layer 2 and can segment VLANs but cannot route traffic between them without Layer 3 functionality.
C) Hub: A hub is a basic Layer 1 device that broadcasts traffic to all ports and cannot manage VLANs or route traffic.
D) Repeater: A repeater amplifies signals to extend network reach but does not manage or route traffic between VLANs.

Question 57

A network technician receives complaints of a slow network. After running a Traceroute, they find high latency at a specific router. What does this high latency indicate?

A) Router misconfiguration
B) DNS failure
C) Possible bottleneck at that router
D) ARP table error

Answer 57

Answer: C) Possible bottleneck at that router
High latency at a specific router indicates a possible bottleneck, meaning the router is likely overburdened or facing network congestion, slowing down packet processing.

A) Router misconfiguration: Could cause issues, but misconfiguration typically leads to dropped packets or connectivity failure, not high latency.
B) DNS failure: Affects domain name resolution and would not result in high latency observed in a traceroute.
D) ARP table error: Relates to resolving IP addresses to MAC addresses, which does not directly affect the latency shown in a traceroute.

Question 58

Which protocol is preferred for real-time applications like audio and video streaming due to its speed and low overhead?

A) TCP
B) HTTP
C) FTP
D) UDP

Answer 58

Answer: D) UDP
Explanation: UDP (User Datagram Protocol) is faster and has lower overhead than TCP, making it ideal for real-time applications like streaming audio and video.

Question 59

An organization uses a VPN to provide remote employees secure access to the internal network. Which protocol is MOST likely being used to encrypt data transmitted over the VPN?

A) IPsec
B) SSL/TLS
C) PPTP
D) L2TP

Answer 59

Answer: A) IPsec (Internet Protocol Security)
IPsec is the most commonly used protocol for encrypting data over VPNs, especially in site-to-site and remote access VPNs. It ensures confidentiality, integrity, and authentication.

B) SSL/TLS (Secure Sockets Layer/Transport Layer Security): Used in VPNs for secure web-based applications (SSL VPNs), but less common than IPsec for encrypting full network-level VPNs.
C) PPTP (Point-to-Point Tunneling Protocol): An older VPN protocol with weak encryption, making it less secure and rarely used today.
D) L2TP (Layer 2 Tunneling Protocol): Often combined with IPsec for encryption, but on its own, it does not provide encryption.

Question 60

Which tool can be used to verify DNS resolution and troubleshoot issues by querying DNS servers for information on IP addresses and hostnames?

A) Ping
B) Netstat
C) Nslookup
D) Tracert

Answer 60

Correct Answer: C) Nslookup
Nslookup is a tool specifically designed to query DNS servers, allowing users to verify DNS resolution and troubleshoot issues related to IP addresses and hostnames. It provides detailed information about DNS records, helping diagnose misconfigurations or connectivity problems.

A) Ping: Tests basic network connectivity to a destination but does not query DNS servers or provide detailed DNS information.
B) Netstat: Displays network connections, routing tables, and port activity but does not interact with DNS servers.
D) Tracert: Traces the route packets take to a destination but does not directly query DNS records.

Question 61

A technician needs to encrypt files before transferring them to a remote server. Which protocol should they use to secure the file transfer?

A) FTP
B) TFTP
C) SFTP
D) Telnet

Answer 61

Answer: C) SFTP
Explanation: SFTP (Secure File Transfer Protocol) encrypts file transfers using SSH, providing a secure way to transfer files over a network.

Question 62

Which protocol resolves domain names to IP addresses, allowing users to connect to websites using URLs instead of IP addresses?

A) DHCP
B) DNS
C) SMTP
D) ICMP

Answer 62

Answer: B) DNS
Explanation: DNS (Domain Name System) translates domain names to IP addresses, making it possible to access resources by name instead of numerical addresses.

Question 63

An attacker gains access to a network and floods it with ICMP requests, causing legitimate users to lose connectivity. What type of attack is this?

A) Man-in-the-Middle
B) ARP Spoofing
C) DDoS
D) Phishing

Answer 63

Answer: C) DDoS
Explanation: A Distributed Denial-of-Service (DDoS) attack can involve flooding a network with ICMP requests, overloading it and denying service to legitimate users.

Question 64

Which port does IMAP use to retrieve email messages securely from a mail server?

A) 25
B) 110
C) 143
D) 993

Answer 64

Answer: D) 993
IMAP (Internet Message Access Protocol) retrieves email messages securely using port 993 with encryption via SSL/TLS.

A) 25: Used for sending emails with SMTP, not retrieving.
B) 110: Used by POP3 (Post Office Protocol version 3) for retrieving email without encryption.
C) 143: Used by IMAP for retrieving email without encryption.

Question 65

A security analyst wants to monitor the status of network devices like routers and switches. Which protocol provides the necessary tools for monitoring and managing these devices?

A) SMTP
B) SNMP
C) HTTPS
D) Telnet

Answer 65

Answer: B) SNMP
Explanation: SNMP (Simple Network Management Protocol) allows centralized monitoring and management of network devices like routers and switches.

Question 66

Which protocol or method is primarily used to secure email communication by encrypting the message content during transmission between mail servers?

A) STARTTLS
B) SMTP with TLS
C) IMAP
D) POP3S

Answer 66

Answer: B) SMTP with TLS
SMTP (Simple Mail Transfer Protocol) secures email communication between mail servers by using TLS (Transport Layer Security) to encrypt messages during transmission.

A) STARTTLS: A command used to upgrade an existing plain-text connection to an encrypted one but is part of the SMTP protocol, not the protocol itself.
C) IMAP (Internet Message Access Protocol): Used for retrieving emails, not for sending or securing messages between mail servers.
D) POP3S (Post Office Protocol Secure): A secure version of POP3 for retrieving emails, not for encrypting message delivery between mail servers.

Question 67

An administrator configures a switch to block all devices that are not on a pre-approved list of MAC addresses. What security measure is being implemented?

A) ARP Spoofing
B) Port Security
C) Implicit Deny
D) VLAN Tagging

Answer 67

Answer: B) Port Security
Port Security restricts access to a network by allowing only devices with pre-approved MAC addresses to communicate on a specific switch port. Any device not on the list will be blocked.

A) ARP Spoofing: An attack technique, not a security measure, where an attacker sends falsified ARP messages to associate their MAC address with a legitimate IP.
C) Implicit Deny: A principle where traffic not explicitly allowed is denied, often used in firewalls or ACLs, but not directly related to MAC address filtering.
D) VLAN Tagging: A method for identifying and segregating traffic on a switch but does not control access based on MAC addresses.

Question 68

A network administrator needs to capture and analyze packets traversing the network. Which tool would they use for packet analysis?

A) Wireshark
B) Nslookup
C) Ping
D) Tracert

Answer 68

Answer: A) Wireshark
Explanation: Wireshark is a widely-used tool for capturing and analyzing network packets, providing insight into network traffic patterns and issues.

Question 69

Which layer of the OSI model is responsible for data compression and encryption BEFORE it reaches the application layer?

A) Transport
B) Network
C) Session
D) Presentation

Answer 69

Answer: D) Presentation
The Presentation layer (Layer 6 of the OSI model) is responsible for data compression, encryption, and formatting, ensuring data is in a usable form for the Application layer.

A) Transport: Ensures reliable delivery of data between devices but does not handle compression or encryption.
B) Network: Handles routing and addressing of packets between devices, not data formatting or encryption.
C) Session: Manages connections and sessions between devices, such as establishing and terminating communication, but not data transformation.

Question 70

A network administrator configures a router to filter packets by IP address and port number. At which OSI layer is this filtering occurring?

A) Data Link
B) Network
C) Transport
D) Session

Answer 70

Answer: B) Network
Filtering by IP address occurs at the Network layer (Layer 3), which is where routers primarily operate. While port numbers belong to the Transport layer (Layer 4), routers filter packets based on both IP addresses and port numbers as an extension of their Layer 3 functionality.

A) Data Link: Works with MAC addresses and frames at Layer 2, not IP addresses or port numbers.
C) Transport: Manages communication between applications using port numbers, but filtering by port in combination with IP occurs at Layer 3.
D) Session: Manages connection establishment and maintenance between applications at Layer 5, unrelated to packet filtering.

Question 71

Which command can a technician use on a Linux system to view current network connections and their status?

A) Ping
B) Netstat
C) Tracert
D) ARP

Answer 71

Answer: B) Netstat
Explanation: Netstat displays active connections and network statistics, showing the status of each network connection on the system.

Question 72

Which protocol provides automatic assignment of IP addresses to devices on a network, reducing manual configuration?

A) DNS
B) DHCP
C) ICMP
D) SNMP

Answer 72

Answer: B) DHCP
Explanation: DHCP (Dynamic Host Configuration Protocol) automates the assignment of IP addresses, easing network configuration management.

Question 73

Sophia, a network engineer, is configuring a switch and wants to ensure that only authorized devices are allowed to connect to specific ports. She needs to prevent unauthorized access from devices that are not on a pre-approved list. Which of the following security configurations would BEST meet her needs?

A) VLAN tagging
B) Port mirroring
C) Port security
D) Network segmentation

Answer 73

Answer: C) Port security
Explanation: Port security allows specific MAC addresses to be whitelisted on switch ports, preventing unauthorized devices from connecting.

Question 74

A company wants to establish a secure remote connection for employees working from home. They need encryption for data transmitted between remote users and the corporate network. Which of the following would BEST meet this need?

A) TLS
B) IPsec VPN
C) Telnet
D) SNMP

Answer 74

Answer: B) IPsec VPN
Explanation: An IPsec VPN provides encrypted tunnels for secure remote access, making it suitable for protecting data sent over the internet.

Question 75

Jared is responsible for securing communications between internal devices within the organization. He needs to prevent eavesdropping on these communications. Which protocol would BEST secure this internal network traffic?

A) SSL
B) IPsec
C) SNMPv3
D) SFTP

Answer 75

Answer: B) IPsec (Internet Protocol Security)
IPsec provides encryption, integrity, and authentication for network traffic at the network layer, ensuring internal device communications are secure and protected from eavesdropping.

A) SSL (Secure Sockets Layer): An outdated protocol for securing web traffic, replaced by TLS, and not ideal for securing all internal network traffic.
C) SNMPv3 (Simple Network Management Protocol version 3): Secures device monitoring and management traffic but does not encrypt general internal network communications.
D) SFTP (SSH File Transfer Protocol): Secures file transfers, not general internal network traffic.

Question 76

A security analyst is investigating network traffic that contains requests to resolve IP addresses from hostnames. She wants to identify the protocol used to carry out these requests. Which protocol is MOST likely responsible?

A) DHCP
B) DNS
C) ARP
D) SNMP

Answer 76

Answer: B) DNS (Domain Name System)
DNS is the protocol responsible for resolving hostnames to IP addresses and vice versa. It operates primarily over UDP port 53 for queries and TCP port 53 for larger responses like zone transfers.

A) DHCP (Dynamic Host Configuration Protocol): Assigns IP addresses dynamically to devices on the network but does not resolve hostnames.
C) ARP (Address Resolution Protocol): Resolves IP addresses to MAC addresses on a local network but does not handle hostname resolution.
D) SNMP (Simple Network Management Protocol): Used for monitoring and managing network devices, not for resolving hostnames to IP addresses.

Question 76

An IT manager needs to configure remote access for administrators to manage network devices securely. The protocol currently in use transmits credentials in cleartext. Which protocol should replace it to ensure secure management connections?

A) Telnet
B) SNMPv2
C) RDP
D) SSH

Answer 76

Answer: D) SSH
Explanation: SSH encrypts management connections and prevents credentials from being sent in cleartext, making it ideal for secure remote device management.

Question 77

A system administrator is setting up a server that will house sensitive customer data. The server should be accessible to internal employees but should not be exposed to external users on the internet. Which network location would BEST meet this requirement?

A) DMZ
B) Screened subnet
C) Intranet
D) Extranet

Answer 77

Answer: C) Intranet
Explanation: An intranet is a private network accessible only to authorized users within the organization, providing a secure environment for sensitive internal data.

Question 78

During a recent security audit, it was discovered that network administrators are using Telnet to manage network devices. This practice poses a security risk. Which protocol would BEST address this vulnerability?

A) SSH
B) SNMP
C) FTP
D) HTTP

Answer 78

Answer: A) SSH (Secure Shell)
SSH is the best replacement for Telnet as it encrypts all communication, including login credentials, ensuring secure remote management of network devices. It operates over TCP port 22.

B) SNMP (Simple Network Management Protocol): Used for network monitoring and management but does not provide interactive remote command-line access.
C) FTP (File Transfer Protocol): Used for transferring files and does not support device management or encryption.
D) HTTP (Hypertext Transfer Protocol): Transmits data in plaintext and is insecure for managing network devices. For secure web-based management, HTTPS would be required.

Question 78

Network traffic analysis shows that a device on the network is sending a high number of ICMP requests, impacting network performance. Which type of attack might this indicate?

A) ARP Poisoning
B) DDoS Attack
C) Phishing
D) Spoofing

Answer 78

Answer: B) DDoS Attack
Explanation: Excessive ICMP traffic can be a sign of a Distributed Denial-of-Service (DDoS) attack, which overwhelms network resources.

Question 78

A network engineer needs to securely transmit sensitive configuration data to a remote device. Which of the following protocols would BEST meet the requirement for encrypted file transfer?

A) FTP
B) Telnet
C) SFTP
D) SMTP

Answer 78

Answer: C) SFTP
Explanation: SFTP (Secure File Transfer Protocol) encrypts file transfer data over SSH, ensuring confidentiality and integrity of sensitive data.

Question 78

Which of the following devices would MOST likely have the following entries used to define its operation?

permit IP any any eq 80
permit IP any any eq 443
deny IP any any

A) Firewall
B) Proxy server
C) Web server
D) Router

Answer 78

Answer: A) Firewall
A firewall uses Access Control Lists (ACLs) like the entries shown to filter and control traffic based on IP addresses, protocols, and ports. The rules explicitly allow web traffic (HTTP on port 80 and HTTPS on port 443) while blocking all other traffic.

B) Proxy server: Intermediates traffic between clients and servers but doesn’t define operations using ACL-style rules like the example.
C) Web server: Hosts websites but does not filter or control network traffic with permit/deny rules.
D) Router: Routes traffic between networks and may use ACLs, but the given rules focus on filtering traffic, a function typically associated with firewalls.

Question 79

An organization is deploying a web server for public access to its website. The server must be protected from direct access to the internal network. In which network segment should the server be placed?

A) DMZ
B) Intranet
C) Extranet
D) VLAN

Answer 79

Answer: A) DMZ
Explanation: A DMZ (Demilitarized Zone) allows public access to servers while protecting the internal network, ideal for a public web server.

Question 80

A security engineer needs to enforce a rule where only encrypted protocols are allowed for remote management. Which protocol should NOT be permitted?

A) RDP
B) SSH
C) Telnet
D) HTTPS

Answer 80

Answer: C) Telnet
Explanation: Telnet does not provide encryption, making it unsuitable for secure remote management. SSH, RDP, and HTTPS offer encrypted connections.

Question 80

A network administrator is configuring ACLs to permit SSH traffic to a server. Which port should be allowed in the firewall rules?

A) 21
B) 22
C) 80
D) 443

Answer 80

Answer: B) 22
Explanation: SSH operates on port 22 and provides secure access for managing servers, which should be allowed in firewall ACLs if SSH access is needed.

Question 80

A network administrator is configuring a firewall to block unauthorized traffic from accessing the internal network but still wants to allow DNS queries from the network to the internet. Which port should remain open?

A) 53
B) 80
C) 25
D) 110

Answer 80

Answer: A) 53
Port 53 is used by DNS (Domain Name System) for queries. Keeping this port open allows internal devices to send DNS queries to external servers for domain name resolution.

B) 80: Used for HTTP traffic, not DNS.
C) 25: Used for SMTP (Simple Mail Transfer Protocol) to send emails, unrelated to DNS queries.
D) 110: Used for POP3 (Post Office Protocol version 3) to retrieve emails, not for DNS.

Question 80

An organization has deployed SNMPv2 on its devices for network management. However, a security audit flagged this as a vulnerability. Which of the following protocols would address this issue by encrypting SNMP traffic?

A) SNMPv1
B) SNMPv2c
C) SNMPv3
D) SMTP

Answer 80

Answer: C) SNMPv3
Explanation: SNMPv3 provides encryption and authentication, addressing the vulnerabilities of earlier versions like SNMPv1 and SNMPv2.

Question 80

Which protocol is commonly used to retrieve emails from a mail server securely?

A) FTP
B) POP3
C) IMAP over TLS
D) SMTP

Answer 80

Answer: C) IMAP over TLS
Explanation: IMAP over TLS (port 993) allows secure email retrieval from mail servers, while SMTP is used for sending email.

Question 81

A user reports they cannot access a secure website. You check and find that the website uses HTTPS. Which port should be allowed on the firewall to enable access to this site?

A) 80
B) 443
C) 22
D) 21

Answer 81

Answer: B) 443
Explanation: HTTPS uses port 443 for secure web traffic, so allowing this port will enable access to HTTPS sites.

Question 82

Which of the following protocols is connectionless and often used for live video streaming applications?

A) TCP
B) UDP
C) SNMP
D) ICMP

Answer 82

Answer: B) UDP
Explanation: UDP is a connectionless protocol that allows faster data transmission, making it suitable for real-time applications like video streaming.

Question 83

A security analyst is tasked with monitoring network devices to ensure they meet the organization’s security policies. Which protocol would provide device statistics while also protecting the confidentiality of the data?

A) SNMPv3
B) Telnet
C) SNMPv2
D) FTP

Answer 83

Answer: A) SNMPv3
Explanation: SNMPv3 adds encryption and authentication to network management, protecting the data during transmission and securing device statistics.

Question 83

An organization needs to secure remote management of its network devices. The current setup uses a protocol, Telnet, that transmits credentials in plaintext. Which of the following protocols provides encryption and secure authentication for remote device management over the command line?

A) FTPS
B) SSH
C) SNMPv3
D) HTTPS

Answer 83

Answer: B) SSH (Secure Shell)
SSH provides secure, encrypted command-line access to network devices, replacing Telnet for remote management over TCP port 22.

A) FTPS (FTP Secure): Secures file transfers but does not support interactive device management.
C) SNMPv3 (Simple Network Management Protocol version 3): Secures monitoring and management traffic but does not provide command-line access.
D) HTTPS (Hypertext Transfer Protocol Secure): Secures web-based management interfaces but is not used for command-line management.

Question 84

During a security audit, it was found that FTP was being used to transfer files between servers. Which protocol should replace FTP to ensure secure file transfers?

A) Telnet
B) SFTP
C) SNMP
D) TFTP

Answer 84

Answer: B) SFTP
Explanation: SFTP (Secure File Transfer Protocol) uses SSH to encrypt file transfers, replacing FTP, which sends data in plaintext.

Question 85

A network technician is configuring access rules for a firewall. They need to block all ports except for HTTP and HTTPS traffic. Which ports should be left open?

A) 21 and 22
B) 80 and 443
C) 25 and 110
D) 53 and 161

Answer 85

Answer: B) 80 and 443
Explanation: HTTP and HTTPS use ports 80 and 443, respectively, allowing web traffic to pass through the firewall while other ports are blocked.

Question 86

A network administrator wants to ensure that only specific IP addresses can connect to a server. Which of the following configurations would BEST achieve this?

A) Port Security
B) DHCP Reservations
C) Access Control List (ACL)
D) DNS Filtering

Answer 86

Answer: C) Access Control List (ACL)
An Access Control List (ACL) allows the administrator to define rules to permit or deny traffic based on specific IP addresses, ensuring that only authorized addresses can connect to the server.

A) Port Security: Controls access based on MAC addresses at the switch port level, not IP addresses.
B) DHCP Reservations: Assigns specific IP addresses to devices based on their MAC address but does not restrict access.
D) DNS Filtering: Restricts access to domain names or specific websites, not based on IP addresses connecting to a server.

Question 87

An organization wants to segment its network to isolate sensitive data. Which configuration would BEST allow the organization to separate data without additional hardware?

A) Port Mirroring
B) VLANs
C) NAT
D) PAT

Answer 87

Answer: B) VLANs (Virtual Local Area Networks)
VLANs allow a network to be segmented into logical groups on the same physical hardware, isolating sensitive data without requiring additional devices.

A) Port Mirroring: Duplicates network traffic for monitoring or analysis but does not isolate data.
C) NAT (Network Address Translation): Translates private IP addresses to public IPs for internet access but does not provide network segmentation.
D) PAT (Port Address Translation): A type of NAT that maps multiple private IPs to a single public IP using different ports, but it does not isolate or segment data.

Question 88

An organization needs to secure web-based authentication and data transmission between clients and servers. Which protocol BEST provides encryption for these communications?

A) SSH
B) TLS
C) HTTP
D) FTP

Answer 88

Answer: B) TLS (Transport Layer Security)
TLS provides encryption for both authentication and data transmission at the transport layer, ensuring secure web-based communications, such as HTTPS.

A) SSH (Secure Shell): Encrypts remote command-line access, not general web-based communications.
C) HTTP (Hypertext Transfer Protocol): Used for web communications but transmits data in plaintext, making it insecure.
D) FTP (File Transfer Protocol): Used for file transfers but lacks encryption unless combined with TLS/SSL (FTPS).

Question 88

An IT team needs to allow only encrypted email communication between its mail servers. Which protocol and port combination would BEST support secure email transmission?

A) SMTP on port 25
B) HTTPS on port 443
C) IMAP over TLS on port 993
D) FTP on port 21

Answer 88

Correct Answer: C) IMAP over TLS on port 993
IMAP over TLS on port 993 ensures encrypted email communication. IMAP (Internet Message Access Protocol) is commonly used to access email on a remote mail server. By using TLS (Transport Layer Security) on port 993, the communication is encrypted, making it secure.

A) SMTP on port 25: Used for sending emails but is not secure by default. This port typically handles plain text communication unless STARTTLS or other encryption methods are applied.
B) HTTPS on port 443: Used for secure web traffic, not for email communication.
D) FTP on port 21: Used for file transfers and is unrelated to email communication. It also lacks encryption by default.

Question 88

Which port is used by RDP to provide remote desktop access to network devices?

A) 22
B) 80
C) 443
D) 3389

Answer 88

Answer: D) 3389
Explanation: RDP (Remote Desktop Protocol) uses port 3389 for remote desktop connections, allowing users to access systems from remote locations.

Question 88

A network administrator needs to block all external access to their internal network while allowing internal users to browse the internet. Which network device would BEST meet this requirement?

A) Switch
B) Router
C) Firewall
D) Proxy Server

Answer 88

Correct Answer: C) Firewall
A firewall is designed to block unauthorized external access while allowing specific outbound traffic, such as internal users browsing the internet. It controls access based on predefined security rules, making it the best option for this scenario.

A) Switch: Used to connect devices within the same internal network but cannot block or control external access.
B) Router: Routes traffic between networks but does not inherently block unauthorized access unless paired with firewall capabilities.
D) Proxy Server: Facilitates internet access and can provide some filtering, but it does not block external access to the internal network.

Question 88

An employee’s workstation is sending numerous ARP requests across the network. A security analyst suspects malicious activity. What type of attack could be causing this behavior?

A) Phishing
B) ARP Spoofing
C) DDoS
D) DNS Poisoning

Answer 88

Correct Answer: B) ARP Spoofing
ARP spoofing involves sending numerous ARP (Address Resolution Protocol) requests or replies to associate an attacker’s MAC address with an IP address on the network. This behavior matches the suspected malicious activity.

A) Phishing: Involves deceptive communication (e.g., emails or messages) to trick users into revealing sensitive information, not related to ARP traffic.
C) DDoS: Distributed Denial of Service overwhelms a target with traffic but does not involve ARP requests.
D) DNS Poisoning: Alters DNS records to redirect traffic but does not involve ARP requests.

Question 88

A security analyst wants to prevent ARP poisoning attacks on the company’s network. Which of the following tools or methods would BEST help detect or mitigate such attacks?

A) DNS Filtering
B) VLAN Segmentation
C) Packet Sniffing
D) DAI

Answer 88

Answer: D) Dynamic ARP Inspection
Explanation: Dynamic ARP Inspection (DAI) helps prevent ARP poisoning by verifying IP-to-MAC address mappings, making it effective for detecting and mitigating such attacks.

Question 88

A company is configuring remote access to its internal applications for employees working from home. They need to ensure that users are authenticated and data is encrypted. Which solution would BEST meet this requirement?

A) VPN
B) Telnet
C) FTP
D) RDP

Answer 88

Answer: A) VPN
Explanation: A VPN provides secure, encrypted remote access to internal applications, ensuring user authentication and data protection for remote employees.

Question 88

Which type of firewall is capable of analyzing traffic based on both header information and the content within the data payload?

A) Packet-Filtering Firewall
B) Stateful Firewall
C) Application Firewall
D) Circuit-Level Gateway

Answer 88

Correct Answer: C) Application Firewall
Application firewalls analyze traffic at the application layer, examining both the header information and the data payload. This allows them to inspect the content of communications, making them ideal for detecting malicious activity like SQL injections or cross-site scripting.

A) Packet-Filtering Firewall: Only examines packet headers, such as source and destination IPs and ports, without inspecting the payload.
B) Stateful Firewall: Tracks the state of active connections and inspects headers but does not analyze payload data deeply.
D) Circuit-Level Gateway: Operates at the session layer and verifies the handshake process but does not inspect payload content.

Question 88

An administrator needs to block malicious traffic from a specific country that is attempting to access the company’s network. Which feature would BEST accomplish this?

A) IPsec
B) Geo-Blocking
C) DNS Filtering
D) VLAN

Answer 88

Answer: B) Geo-Blocking
Explanation: Geo-blocking restricts access based on geographic location, allowing administrators to block traffic from specific countries.

Question 88

Which type of device would be MOST useful in detecting unauthorized access attempts to a network and alerting administrators about potential security threats?

A) Firewall
B) IDS
C) Router
D) Switch

Answer 88

Answer: B) IDS
Explanation: An Intrusion Detection System (IDS) monitors network traffic and alerts administrators about potential security incidents or unauthorized access attempts.

Question 89

An administrator needs to ensure that employees cannot access certain malicious or inappropriate websites. Which network security solution would BEST help enforce this restriction?

A) NAT
B) Proxy Server
C) DHCP
D) ARP

Answer 89

Answer: B) Proxy Server
Explanation: A proxy server can filter and restrict access to specific websites, helping enforce acceptable use policies and block malicious sites.

Question 89

A network administrator is asked to configure the company’s network to support VoIP communications. Which protocol is typically used to initiate and manage VoIP sessions?

A) FTP
B) SIP
C) SMTP
D) DNS

Answer 89

Answer: B) SIP
Explanation: SIP (Session Initiation Protocol) is used to initiate, maintain, and terminate VoIP sessions, enabling voice and video communication over IP networks.

Question 89

A security engineer wants to encrypt network traffic between web servers and users to prevent data interception. Which technology provides encryption to achieve this?

A) Telnet
B) DNS
C) TLS
D) HTTPs

Answer 89

Correct Answer: D) HTTPS
HTTPS (Hypertext Transfer Protocol Secure) provides encryption for network traffic between web servers and users. It uses TLS (Transport Layer Security) to secure communication, ensuring data integrity and confidentiality.

A) Telnet: Used for remote access but transmits data, including credentials, in plain text without encryption.
B) DNS: Resolves domain names to IP addresses but does not encrypt traffic.
C) TLS: Provides the underlying encryption for HTTPS but is not a standalone web communication protocol.

Question 90

A network administrator configures DHCP on the company’s network. Which of the following is the primary benefit of using DHCP for IP addressing?

A) Static IP assignment
B) Dynamic IP allocation
C) Encryption of IP addresses
D) Filtering of MAC addresses

Answer 90

Answer: B) Dynamic IP allocation
Explanation: DHCP (Dynamic Host Configuration Protocol) dynamically assigns IP addresses, simplifying network management and reducing manual configuration.

Question 91

Which type of network device can connect multiple network segments, perform packet filtering, and make forwarding decisions based on IP addresses?

A) Switch
B) Router
C) Repeater
D) Hub

Answer 91

Correct Answer: B) Router
A router connects multiple network segments, filters packets, and makes forwarding decisions based on IP addresses. It operates at the Network Layer (Layer 3) of the OSI model, enabling communication between different networks.

A) Switch: Operates at the Data Link Layer (Layer 2), forwarding traffic based on MAC addresses, not IP addresses.
C) Repeater: Amplifies or regenerates signals but does not filter packets or make forwarding decisions.
D) Hub: Broadcasts data to all connected devices without any filtering or intelligent forwarding.

Question 91

An organization requires its employees to use a two-step authentication process for accessing internal resources. Which protocol can provide this multi-factor authentication capability?

A) DNS
B) RADIUS
C) FTP
D) Telnet

Answer 91

Answer: B) RADIUS
Explanation: RADIUS (Remote Authentication Dial-In User Service) supports multi-factor authentication, providing secure access to network resources.

Question 91

A network technician needs to block all traffic between two subnets except DNS requests. Which port should be allowed through the firewall to enable DNS communication?

A) 21
B) 53
C) 80
D) 443

Answer 91

Correct Answer: B) 53
Port 53 is used for DNS (Domain Name System) communication, allowing devices to resolve domain names to IP addresses. To enable DNS requests between the subnets, this port should be allowed.

A) 21: Used for FTP (File Transfer Protocol), not related to DNS.
C) 80: Used for HTTP (web traffic), not for DNS communication.
D) 443: Used for HTTPS (secure web traffic), unrelated to DNS.

Question 92

A technician is installing a device that must restrict access to network resources by verifying both the identity and role of the user. Which access control model BEST supports this requirement?

A) MAC
B) RBAC
C) DAC
D) HMAC

Answer 92

Correct Answer: B) RBAC
Role-Based Access Control (RBAC) restricts access to resources based on a user’s identity and their assigned role within the organization. This model ensures users have access only to the resources necessary for their role, meeting the requirement to verify both identity and role.

A) MAC (Mandatory Access Control): Enforces access based on classifications (e.g., security labels) rather than user roles or identity.
C) DAC (Discretionary Access Control): Allows resource owners to decide access permissions but does not focus on roles.
D) HMAC (Hash-Based Message Authentication Code): A method for data integrity and authentication, unrelated to access control models.

Question 93

An employee in the marketing department needs access to an internal web application that is restricted to employees only. The web application should not be accessible from the public internet. In which network zone should the application server be placed?

A) Extranet
B) Intranet
C) DMZ
D) VLAN

Answer 93

Answer: B) Intranet
Explanation: An intranet is a private network accessible only to authorized internal users, making it ideal for applications restricted to employees.

Question 93

A network administrator needs to prevent unauthorized wireless devices from connecting to the corporate network. Which security feature would BEST address this requirement?

A) WPA2
B) MAC Address Filtering
C) Port Security
D) Proxy Server

Answer 93

Answer: B) MAC Address Filtering
Explanation: MAC address filtering allows the network to limit access to devices with specific, pre-approved MAC addresses, reducing unauthorized access.

Question 94

To enhance security, a network administrator wants to implement a technology that continuously monitors for and identifies abnormal behavior or potential malicious activity on the network. Which of the following solutions would BEST meet this need?

A) SIEM
B) NAT
C) VPN
D) DHCP

Answer 94

Answer: A) SIEM
Explanation: A SIEM (Security Information and Event Management) system aggregates logs and monitors network activity, identifying potential threats through behavior analysis.

Question 95

A security analyst needs to identify vulnerabilities within a web application. Which of the following tools is BEST suited for this task?

A) Port Scanner
B) Network Mapper
C) Web Application Scanner
D) Packet Sniffer

Answer 95

Answer: C) Web Application Scanner
Explanation: Web application scanners are specifically designed to identify vulnerabilities in web applications, such as SQL injection and XSS.

Question 96

A user requires remote access to a company’s desktop environment and applications from an offsite location. The connection must be encrypted to protect sensitive data. Which protocol is BEST suited for this purpose?

A) RDP
B) HTTP
C) FTP
D) SNMP

Answer 96

Answer: A) RDP
Explanation: RDP (Remote Desktop Protocol) provides secure, encrypted remote access to desktop environments, allowing users to connect securely from offsite locations.

Question 97

An organization wants to ensure that only encrypted name resolution queries are processed within its network. Which protocol would BEST meet this requirement?

A) DNSSEC
B) DHCP
C) HTTP
D) ARP

Answer 97

Correct Answer: A) DNSSEC
DNSSEC (Domain Name System Security Extensions) ensures the integrity and authenticity of DNS queries by digitally signing DNS records. While it does not encrypt the query itself, it prevents tampering and spoofing, ensuring secure name resolution.

B) DHCP: Used for dynamic IP address assignment, unrelated to name resolution or encryption.
C) HTTP: Used for unencrypted web communication, not for name resolution.
D) ARP: Resolves IP addresses to MAC addresses on a local network and does not handle name resolution.

Question 98

A network administrator notices that multiple devices on the network are broadcasting their IP addresses. Which type of device should they use to reduce these broadcasts and improve network performance?

A) Hub
B) Switch
C) Repeater
D) Bridge

Answer 98

Correct Answer: B) Switch
A switch reduces network congestion, at Data Link Layer, by isolating devices into separate collision domains and forwarding traffic only to the intended recipient based on MAC addresses. Modern switches also support VLANs (Virtual Local Area Networks), which can create separate broadcast domains, effectively reducing unnecessary broadcasts and improving performance.

A) Hub: Broadcasts all traffic to all connected devices, increasing congestion and worsening the problem.
C) Repeater: Amplifies signals but does not filter or manage traffic, so it cannot reduce broadcasts.
D) Bridge: Similar to a switch but outdated and less scalable. Switches are more efficient and widely used in modern networks.

Question 99

A network technician needs to connect two separate buildings on a campus network using a wireless solution. Which of the following technologies would BEST provide a reliable, dedicated connection between the buildings?

A) Wi-Fi Access Points
B) VPN Tunnel
C) Wi-Fi Mesh Network
D) Point-to-Point Wireless Bridge

Answer 99

Correct Answer: D) Point-to-Point Wireless Bridge
A Point-to-Point Wireless Bridge is the best solution for connecting two buildings with a dedicated, reliable wireless link. This technology uses directional antennas to create a high-speed, stable connection over a specific path, making it ideal for campus networks.

A) Wi-Fi Access Points: Provide local wireless coverage but are not suitable for creating a dedicated link between buildings.
B) VPN Tunnel: Provides secure communication over an existing network but does not physically connect two locations wirelessly.
C) Wi-Fi Mesh Network: Designed for extending wireless coverage in a large area, not for creating a direct, dedicated link between buildings.

Question 100

An organization’s network has several devices that use private IP addresses. The organization needs to provide internet access for these devices. Which technology will BEST meet this requirement?

A) DNS
B) NAT
C) DHCP
D) MAC Filtering

Answer 100

Answer: B) NAT
Explanation: NAT (Network Address Translation) allows devices with private IP addresses to access the internet by translating them to a public IP address.

Question 100

An organization requires that employees authenticate using their username and password as well as a token-based system. This is an example of which security principle?

A) Least Privilege
B) Single Sign-On
C) Multi-Factor Authentication
D) Role-Based Access Control

Answer 100

Answer: C) Multi-Factor Authentication
Explanation: Multi-Factor Authentication (MFA) uses two or more independent credentials, such as a password and a token, to verify user identity.

Question 100

A network administrator wants to monitor all traffic that flows between two key servers. Which device would BEST accomplish this task by copying traffic from one port to another for analysis?

A) Router
B) Port Mirroring
C) Firewall
D) Load Balancer

Answer 100

Correct Answer: B) Port Mirroring
Port Mirroring is a feature of switches that allows traffic from one port (or multiple ports) to be copied and sent to another port for analysis. This is ideal for monitoring all traffic between servers without disrupting their communication.

A) Router: Directs traffic between networks but does not have the functionality to copy and forward traffic for monitoring.
C) Firewall: Controls and filters traffic but is not designed to duplicate and forward traffic for analysis.
D) Load Balancer: Distributes traffic across multiple servers for performance optimization but does not facilitate monitoring of traffic.

Question 101

A company needs to verify that a website’s data has not been modified in transit. Which technology is BEST suited for verifying data integrity of web communications?

A) SSL/TLS
B) NAT
C) RDP
D) FTP

Answer 101

Answer: A) SSL/TLS
Explanation: SSL/TLS protocols provide encryption and integrity checks, ensuring that web data has not been altered during transmission.

Question 102

A user reports that they are unable to reach a specific website. A network administrator checks the connectivity using a command that traces the route taken to reach the destination. Which command did the administrator most likely use?

A) Nslookup
B) Ping
C) Tracert
D) Ipconfig

Answer 102

Correct Answer: C) Tracert
Tracert (or Traceroute in Linux/Unix systems) is used to trace the route packets take to reach a destination. It provides information about each hop along the path, helping identify where connectivity issues might occur.

A) Nslookup: Used for querying DNS servers to resolve domain names into IP addresses, not for tracing network paths.
B) Ping: Tests basic connectivity to a destination by sending ICMP echo requests but does not provide information about the route taken.
D) Ipconfig: Displays the network configuration of a device but does not trace routes or diagnose connectivity to a specific website.

Question 102

To prevent unauthorized users from accessing a wireless network, an administrator configures WPA2 security with a strong passphrase. Which aspect of network security is being addressed?

A) Confidentiality
B) Availability
C) Non-Repudiation
D) Integrity

Answer 102

Answer: A) Confidentiality
Explanation: WPA2 encryption helps protect data confidentiality by preventing unauthorized access to the wireless network and data.

Question 102

An attacker has successfully redirected a user’s traffic to a malicious website by tampering with name resolution records. Which type of attack is this?

A) Phishing
B) DNS Poisoning
C) ARP Spoofing
D) Man-in-the-Middle

Answer 102

Correct Answer: B) DNS Poisoning
DNS Poisoning (also called DNS spoofing) occurs when an attacker manipulates DNS records to redirect traffic to a malicious website. This compromises the integrity of DNS, causing users to unknowingly visit fraudulent sites.

A) Phishing: Involves deceptive communication, like emails or messages, to trick users into revealing sensitive information but does not manipulate DNS records.
C) ARP Spoofing: Redirects traffic on a local network by associating the attacker’s MAC address with another device’s IP address, unrelated to DNS records.
D) Man-in-the-Middle: Intercepts and potentially alters communication between two parties but does not involve DNS record manipulation.

Question 102

A company needs to verify the identity of a remote user attempting to access the internal network via VPN. Which of the following technologies would BEST support user authentication?

A) LDAP
B) SNMP
C) DNSSEC
D) SSL

Answer 102

Correct Answer: A) LDAP
LDAP (Lightweight Directory Access Protocol) is commonly used for user authentication and accessing directory services. It enables the company to verify the remote user’s identity against a centralized database, such as Active Directory, when accessing the VPN.

Question 102

A company requires a network device that can enforce policies and filter traffic based on IP, protocol, and port number. Which device would BEST meet this requirement?

A) Hub
B) Repeater
C) Firewall
D) Switch

Answer 102

Correct Answer: C) Firewall
A firewall enforces security policies and filters traffic based on IP addresses, protocols, and port numbers. It is specifically designed to control the flow of traffic between networks based on predefined rules.

A) Hub: Simply broadcasts data to all connected devices without filtering or enforcing policies.
B) Repeater: Amplifies or regenerates signals but does not perform any traffic filtering.
D) Switch: Operates at Layer 2 of the OSI model, forwarding traffic based on MAC addresses, not IP, protocol, or port.

Question 103

To prevent unauthorized access, an administrator configures a network device to allow only specific IP addresses. Which configuration method is the administrator most likely using?

A) MAC Filtering
B) IP Filtering
C) Port Security
D) SNMP Traps

Answer 103

Answer: B) IP Filtering
Explanation: IP filtering restricts access by allowing only specific IP addresses, controlling which devices can connect to network resources.

Question 104

A network engineer needs to set up a system that can dynamically balance incoming requests across multiple servers to ensure availability. Which device would BEST meet this requirement?

A) Firewall
B) Load Balancer
C) Router
D) Switch

Answer 104

Answer: B) Load Balancer
Explanation: A load balancer distributes incoming requests across multiple servers, ensuring high availability and preventing server overload.

Question 105

Which command-line tool can be used on a Windows computer to view active connections and network statistics?

A) Ping
B) Tracert
C) Netstat
D) Ipconfig

Answer 105

Answer: C) Netstat
Explanation: The netstat command shows active connections and provides network statistics, aiding in network diagnostics.

Question 105

An organization wants to reduce the risk of data loss during power outages. Which device would BEST meet this need by providing temporary power to critical systems?

A) UPS
B) Load Balancer
C) Router
D) Firewall

Answer 105

Answer: A) UPS
Explanation: A UPS (Uninterruptible Power Supply) provides temporary power to devices during an outage, preventing data loss and allowing safe shutdown.