Comp C1

Question 1

While troubleshooting, a technician notices that some clients using FTP still work and that pings to the local router and servers are working. The technician tries to ping all known nodes on the network and they reply positively, except for one of the servers. The technician notices that ping works only when the host name is used but not when FQDN is used. Which of the following servers is MOST likely down?

A. WINS server
B. Domain controller
C. DHCP server
D. DNS server

Answer 1

D. DNS server

Question 2

The administrator’s network has OSPF for the internal routing protocol. One port going out to the Internet is congested. The data is going out to the Internet, but queues up before sending. Which of the following would resolve this issue?
Output:
Fast Ethernet 0 is up, line protocol is up Int ip address is 10.20.130.5/25
MTU 1500 bytes, BW10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set
Keep alive 10
Half duplex, 100Mb/s, 100 Base Tx/Fx Received 1052993 broadcasts
0 input errors
983881 packets output, 768588 bytes
0 output errors, 0 collisions, 0 resets

A. Set the loopback address
B. Change the IP address
C. Change the slash notation
D. Change duplex to full

Answer 2

D. Change duplex to full

From the output we see that the half-duplex is configured. This would not use the full capacity of ports on the network. By changing to full duplex the throughput would be doubled.
Note: All communications are either half-duplex or full-duplex. During half-duplex communication, a device can either send communication or receive communication, but not both at the same time. In full-duplex communication, both devices can send and receive communication at the same time. This means that the effective throughput is doubled and communication is much more efficient.

Question 3

In a service provider network, a company has an existing IP address scheme. Company A’s network currently uses the following scheme: Company B uses the following scheme: Subnet 1: 192.168.1.50/28
The network administrator cannot force the customer to update its IP scheme. Considering this, which of the following is the BEST way for the company to connect these networks?

A. DMZ
B. PAT
C. NAT
D. VLAN

Answer 3

C. NAT

Question 4

A network technician is troubleshooting an end-user connectivity problem. The network technician goes to the appropriate IDF but is unable to identify the appropriate cable due to poor labeling. Which of the following should the network technician use to help identify the appropriate cable?

A. Tone generator
B. Multimeter
C. OTDR
D. Loopback adapter

Answer 4

A. Tone generator

Question 5

Packet analysis reveals multiple GET and POST requests from an internal host to a URL without any response from the server. Which of the following is the BEST explanation that describes this scenario?

A. Compromised system
B. Smurf attack
C. SQL injection attack
D. Man-in-the-middle

Answer 5

A. Compromised system

As the extra unexplainable traffic comes from an internal host on your network we can assume that this host has been compromised.
If your system has been compromised, somebody is probably using your machine–possibly to scan and find other machines to compromise

Question 6

Which of the following describes an area containing a rack that is used to connect customer equipment to a service provider?

A. 110 block
B. MDF
C. DSU
D. CSU

Answer 6

B. MDF

MDF stands for Main Distribution Frame. A Main Distribution Frame is a commonly a long steel rack accessible from both sides. On one side of the rack is cabling that connects the service provider’s network. The other side of the rack is for the connections to the customer’s equipment.

Question 7

Which of the following protocols must be implemented in order for two switches to share VLAN information?

A. VTP
B. MPLS
C. STP
D. PPTP

Answer 7

A. VTP

The VLAN Trunking Protocol (VTP) allows a VLAN created on one switch to be propagated to other switches in a group of switches (that is, a VTP domain)

Question 8

A technician is troubleshooting a client’s connection to a wireless network. The client is asked to run a “getinfo” command to list information about the existing condition.
myClient$ wificard –getinfo agrCtlRSSI:-72 agrExtRSSI:0 state:running
op mode: station lastTxRate:178 MaxRate:300
802.11 auth:open link auth:wpa2-psk
BSSID:0F:33:AE:F1:02:0A
SSID:CafeWireless Channel:149,1
Given this output, which of the following has the technician learned about the wireless network? (Select TWO).

A. The WAP is using RC4 encryption
B. The WAP is using 802.11a
C. The WAP is using AES encryption
D. The WAP is using the 2.4GHz channel
E. The WAP is using the 5GHz channel
F. The WAP is using 802.11g

Answer 8

C. The WAP is using AES encryption
E. The WAP is using the 5GHz channel

WPA2 makes use of the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption protocol, which is an AES based protocol.
The output shows that the wireless network operates on channel 149, which is a channel in the 5GHz band.

Question 9

A T1 line has lost connectivity to the ISP. The ISP has instructed the technician to place a loopback on a device connecting the T1 line to their central office. On which of the following devices will the technician implement the loopback?

A. Channel remote module
B. Fiber optic modem
C. Channel service unit
D. Digital subscriber line modem

Answer 9

C. Channel service unit

Question 10

A network administrator received the following email from a user:
From: user@company.com
To: abuse@company.com
Subject: Free smart phone
Dear user,
please click the following link to get your free smart phone http://www.freesmartphone.it:8080/survey.php

Which of of the following should the administrator do to prevent all employees from accessing the link in the above email, while still allowing Internet access to the freesmartphone.it domain?

A. Add http://www.freesmartphone.it:8080/survey.php to the browser group policy block list.
B. Add DENY TCP http://www.freesmartphone.it ANY EQ 8080 to the firewall ACL
C. Add DENY IP ANY ANY EQ 8080 to the intrusion detection system filter
D. Add http://www.freesmartphone.it:8080/survey.php to the load balancer

Answer 10

A. Add http://www.freesmartphone.it:8080/survey.php to the browser group policy block list.

Question 11

A network technician has been assigned to install an additional router on a wireless network. The router has a different SSID and frequency. All users on the new access point and the main network can ping each other and utilize the network printer, but all users on the new router cannot get to the Internet. Which of the following is the MOST likely cause of this issue?

A. The gateway is misconfigured on the new router.
B. The subnet mask is incorrect on the new router.
C. The gateway is misconfigured on the edge router.
D. The SSID is incorrect on the new router.

Answer 11

A. The gateway is misconfigured on the new router.

A missing or incorrect default gateway parameter limits communication to the local segment.
The question states: “All users on the new access point and the main network can ping each other and utilize the network printer, but all users on the new router cannot get to the Internet”.

Question 12

A network technician must utilize multimode fiber to uplink a new networking device. Which of the following Ethernet standards could the technician utilize? (Select TWO).

A. 1000Base-LR
B. 1000Base-SR
C. 1000Base-T
D. 10GBase-LR
E. 10GBase-SR
F. 10GBase-T

Answer 12

B. 1000Base-SR
E. 10GBase-SR

1000BASE-SX is a fiber optic Gigabit Ethernet standard for operation over multi-mode fiber with a distance capability between 220 meters and 550 meters. 10Gbase-SR is a 10 Gigabit Ethernet LAN standard for operation over multi-mode fiber optic cable and short wavelength signaling.

Question 13

A technician, Peter, needs to troubleshoot a recently installed NIC. He decides to ping the local loopback address. Which of the following is a valid IPv4 loopback address?

A. 10.0.0.1
B. 127.0.0.1
C. 172.16.1.1
D. 192.168.1.1

Answer 13

B. 127.0.0.1

The loopback address is a special IP address that is designated for the software loopback interface of a computer. The loopback interface has no hardware
associated with it, and it is not physically connected to a network. The loopback address causes any messages sent to it to be returned to the sending system. The loopback address allows client software to communicate with server software on the same computer. Users specify the loopback address which will point back to the computer’s TCP/IP network configuration.
In IPv4, the loopback address is 127.0.0.1.
In IPv6, the loopback address is 0:0:0:0:0:0:0:1, more commonly notated as follows. ::1

Question 14

A training class is being held in an auditorium. Hard-wired connections are required for all laptops that will be used. The network technician must add a switch to the room through which the laptops will connect for full network access. Which of the following must the technician configure on a switch port, for both switches, in order to create this setup?

A. DHCP
B. Split horizon
C. CIDR
D. TRUNK

Answer 14

D. TRUNK

We should use trunk ports to set up a VLAN for the laptops that will be used in the auditorium.
A trunk port is a port that is assigned to carry traffic for all the VLANs that are accessible by a specific switch, a process known as trunking. Trunk ports mark frames with unique identifying tags – either 802.1Q tags or Interswitch Link (ISL) tags – as they move between switches. Therefore, every single frame can be directed to its designated VLAN.

Question 15

Which of the following is a system of notation that uses base 16 rather than base 10?

A. Hex
B. Octal
C. Binary
D. CIDR

Answer 15

A. Hex

Question 16

An area to which access is controlled by retina scan is protected by which of the following security measure types?

A. Two-factor authentication
B. Biometric
C. Cipher locks
D. Optical reader
E. Proximity reader

Answer 16

B. Biometric

Question 17

A network technician is assisting the security team with some traffic captures. The security team wants to capture all traffic on a single subnet between the router and the core switch. To do so, the team must ensure there is only a single collision and broadcast domain between the router and the switch from which they will collect traffic. Which of the following should the technician install to BEST meet the goal?

A. Bridge
B. Crossover cable
C. Hub
D. Media converter

Answer 17

C. Hub

Question 18

When enabling jumbo frames on a network device, which of the following parameters is being adjusted?

A. Speed
B. Duplex
C. MTU
D. TTL

Answer 18

C. MTU

Question 19

A network technician has been tasked to configure a new network monitoring tool that will examine interface settings throughout various network devices. Which of the following would need to be configured on each network device to provide that information in a secure manner?

A. S/MIME
B. SYSLOG
C. PGP
D. SNMPv3
E. RSH

Answer 19

D. SNMPv3

The network monitoring need to use a network management protocol. SNMP has become the de facto standard of network management protocols. The security weaknesses of SNMPv1 and SNMPv2c are addressed in SNMPv3.

Question 20

A company finds that many desktops are being reported as missing or lost. Which of the following would BEST assist in recovering these devices?

A. Asset tracking tags
B. Motion detectors
C. Security guards
D. Computer locks

Answer 20

D. Computer locks

Question 21

It has been determined by network operations that there is a severe bottleneck on the company’s mesh topology network. The field technician has chosen to use log management and found that one router is making routing decisions slower than others on the network. This is an example of which of the following?

A. Network device power issues
B. Network device CPU issues
C. Storage area network issues
D. Delayed responses from RADIUS

Answer 21

B. Network device CPU issues

Network processors (CPUs) are used in the manufacture of many different types of network equipment such as routers. Such a CPU on a router could become bottleneck for the network traffic. The routing through that device would then slow down.

Question 22

An administrator only has telnet access to a remote workstation. Which of the following utilities will identify if the workstation uses DHCP?

A. tracert
B. ping
C. dig
D. ipconfig
E. netstat

Answer 22

D. ipconfig

The ipconfig command displays the TCP/IP configuration of a Windows system. The ipconfig /all command displays the system’s TCP/IP configuration in detail. This output includes whether DHCP is enabled or not.

Question 23

A company has had several virus infections over the past few months. The infections were caused by vulnerabilities in the application versions that are being used. Which of the following should an administrator implement to prevent future outbreaks?

A. Host-based intrusion detection systems
B. Acceptable use policies
C. Incident response team
D. Patch management

Answer 23

D. Patch management

As vulnerabilities are discovered, the vendors of the operating systems or applications often respond by releasing a patch. A patch is designed to correct a known bug or fix a known vulnerability, such as in this case to be vulnerable to virus infections, in a piece of software.
A patch differs from an update, which, in addition to fixing a known bug or vulnerability, adds one or more features to the software being updated.

Question 24

Which of the following protocols uses label-switching routers and label-edge routers to forward traffic?

A. BGP
B. OSPF
C. IS-IS
D. MPLS

Answer 24

D. MPLS

In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the
packet itself.
MPLS works by prefixing packets with an MPLS header, containing one or more labels.
An MPLS router that performs routing based only on the label is called a label switch router (LSR) or transit router. This is a type of router located in the middle of a MPLS network. It is responsible for switching the labels used to route packets. When an LSR receives a packet, it uses the label included in the packet header as an index to determine the next hop on the label-switched path (LSP) and a corresponding label for the packet from a lookup table. The old label is then removed from the header and replaced with the new label before the packet is routed forward.
A label edge router (LER) is a router that operates at the edge of an MPLS network and acts as the entry and exit points for the network. LERs respectively, add an MPLS label onto an incoming packet and remove it off the outgoing packet.
When forwarding IP datagrams into the MPLS domain, an LER uses routing information to determine appropriate labels to be affixed, labels the packet accordingly, and then forwards the labelled packets into the MPLS domain. Likewise, upon receiving a labelled packet which is destined to exit the MPLS domain, the LER strips off the label and forwards the resulting IP packet using normal IP forwarding rules.

Question 25

A technician needs to ensure that new systems are protected from electronic snooping of Radio Frequency emanations. Which of the following standards should be consulted?

A. DWDM
B. MIMO
C. TEMPEST
D. DOCSIS

Answer 25

C. TEMPEST

Tempest was the name of a government project to study the ability to understand the data over a network by listening to the emanations. Tempest rooms are designed to keep emanations contained in that room to increase security of data communications happening there.

Question 26

Network segmentation provides which of the following benefits?

A. Security through isolation
B. Link aggregation
C. Packet flooding through all ports
D. High availability through redundancy

Answer 26

A. Security through isolation

Network segmentation in computer networking is the act or profession of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security through isolation.
Advantages of network segmentation:
Improved security: Broadcasts will be contained to local network. Internal network structure will not be visible from outside
Reduced congestion: Improved performance is achieved because on a segmented network there are fewer hosts per subnetwork, thus minimizing local traffic Containing network problems: Limiting the effect of local failures on other parts of network

Question 27

Which of the following communication technologies is used by video conferencing systems to synchronize video streams, and reduce bandwidth, sent by a central location to subscribed devices?

A. Anycast
B. Unicast
C. CoS
D. QoS
E. Multicast

Answer 27

E. Multicast

Question 28

A administrator’s network has OSPF for the internal routing protocol and has two interfaces that continue to flap. The administrator reviews the following output:
Fast ethernet 0 is up, line protocol is up
Int ip address is 10.20.130.5/25
MTU 1500 bytes, BW10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set
Keep alive 10
Full duplex, 100Mb/s, 100Base Tx/Fx Received 1052993 broadcasts
1258 input errors
983881 packet output, 768588 bytes
1747 output errors, 0 collisions, 423 resets

Which of the following problems would cause the interface flap?

A. Wrong IP address
B. Loopback not set
C. Bad wire
D. Incorrect encapsulation
E. Duplex mismatch

Answer 28

E. Duplex mismatch

Question 29

See Pass Comptia

Answer 29

N/a

Question 30

A network administrator configures an email server to use secure protocols. When the upgrade is completed, which of the following ports on the firewall should be configured to allow for connectivity? (Choose three.)

A. TCP 25
B. TCP 110
C. TCP 143
D. TCP 389
E. TCP 587
F. TCP 993
G. TCP 995

Answer 30

E. TCP 587
F. TCP 993
G. TCP 995

Question 31

Which of the following BEST describes the process of documenting everyone who has physical access or possession of evidence

A. Legal hold
B. Chain of custody
C. Secure copy protocol
D. Financial responsiblity

Answer 31

B. Chain of custody

Question 32

A network technician configures a firewall’s ACL to allow outgoing traffic for several popular services such as email and web browsing. However, after the firewall’s deployment, users are still unable to retrieve their emails. Which of the following would BEST resolve this issue?

A. Allow the firewall to accept inbound traffic to ports 25, 67, 179, and 3389
B. Allow the firewall to accept inbound traffic to ports 80, 110, 143, and 443
C. Set the firewall to operate in transparent mode
D. Allow the firewall to accept inbound traffic to ports 21, 53, 69, and 123

Answer 32

B. Allow the firewall to accept inbound traffic to ports 80, 110, 143, and 443

Question 33

While troubleshooting a connectivity issue, a network technician determines the IP address of a number of workstations is 169.254.0.0/16 and the workstations cannot access the Internet. Which of the following should the technician check to resolve the problem?

A. Default gateway address
B. Misconfigured DNS
C. DHCP server
D. NIC failure

Answer 33

C. DHCP server

If a DHCP server fails, the workstations are assigned an address from the 169.254.0.0 address range by Automatic Private IP Addressing (APIPA). APIPA also configures a suitable subnet mask, but it doesn’t configure the system with a default gateway address. This allows communication on the local network, but not externally.

Question 34

After a recent breach, the security technician decides the company needs to analyze and aggregate its security logs. Which of the following systems should be used?

A. Event log
B. Syslog
C. SIEM
D. SNMP

Answer 34

C. SIEM

Using a Security information and event management (SIEM) product, the security logs can be analyzed and aggregated.
SIEM is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.
SIEM capabilities include Data aggregation; Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.

Question 35

A firewall ACL is configured as follows:
10. Deny Any Trust to Any DMZ eq to TCP port 22
11. Allow 10.200.0.0/16 to Any DMZ eq to Any
12. Allow 10.0.0.0/8 to Any DMZ eq to TCP ports 80, 443
13. Deny Any Trust to Any DMZ eq to Any

A technician notices that users in the 10.200.0.0/16 network are unable to SSH into servers in the DMZ.

The company wants 10.200.0.0/16 to be able to use any protocol, but restrict the rest of the 10.0.0.0/8 subnet to web browsing only. Reordering the ACL in which of the following manners would meet the company’s objectives?

A. 11, 10, 12, 13
B. 12, 10, 11, 13
C. 13, 10, 12, 11
D. 13, 12, 11, 10

Answer 35

A. 11, 10, 12, 13

ACL are processed in TOP DOWN process in routers or switches. This means that when a condition in the ACL is met, all processing is stopped. We start by allowing any protocol on the 10.200.0.0/16 subnet:11. Allow 10.200.0.0/16 to Any DMZ eq to Any
We then deny any traffic on TCP port 22:10. Deny Any Trust to Any DMZ eq to TCP port 22
We allow browsing (port 80 and 443) on the 10.0.0.0/8 subnet:Allow 10.0.0.0/8 to Any DMZ eq to TCP ports 80, 443 Finally we deny all other traffic:13. Deny Any Trust to Any DMZ eq to Any

Question 36

A network technician needs to monitor the network to find a user that is browsing inappropriate websites. Which of the following would the technician use to view the website and find the user browsing it?

A. An SNMP GET
B. A top listener tool
C. An intrusion detection system
D. A packet sniffer

Answer 36

D. A packet sniffer

Question 37

A client is receiving certificate errors in other languages when trying to access the company’s main intranet site. Which of the following is MOST likely the cause?

A. DoS
B. Reflective DNS
C. Man-in-the-middle
D. ARP poisoning

Answer 37

C. Man-in-the-middle

Question 38

A customer has engaged a company to improve the availability of all of the customer’s services and applications, enabling the customer to minimize downtime to a few hours per quarter. Which of the following will document the scope of the activities the company will provide to the customer, including the intended outcomes?

A. MLA
B. MOU
C. SOW
D. SLA

Answer 38

C. SOW

SOW stands for Statement of Work. When a company has been hired for a project that involves many tasks, a statement of work is often issued at the start of the project.
The SOW will outline the tasks or activities in a project, their costs and the timelines for deliverables within the project. In an IT project, the SOW would define what tasks will be performed (hardware and software upgrades etc.), why the work is being done and how long each stage of the project will take

Question 39

A technician installs a new WAP and users in the area begin to report poor performance. The technician uses a ping and 3 of 5 packets respond. Testing from a wired connection shows 5 of 5 packets respond. Which of the following tools should be used to discover the cause of the poor performance?

A. Port scanner tool
B. Interface monitoring tool
C. Packet capture tool
D. Spectrum Analyzer tool

Answer 39

D. Spectrum Analyzer tool

Question 40

A network technician needs to set up two public facing web servers and wants to ensure that if they are compromised the intruder cannot access the intranet. Which of the following security techniques should be used?

A. Place them behind honeypots
B. Place them in a separate subnet
C. Place them between two internal firewalls
D. Place them in the demilitarized zone

Answer 40

D. Place them in the demilitarized zone

Question 41

Which of the following WAN technologies is associated with high latency?

A. T1
B. Satellite
C. Cable
D. OCx

Answer 41

B. Satellite

Latency in this instance is the time it takes for the signal to and from the satellite. Since signal has to travel to the satellite, then from the satellite to the ground station, and then out to the Internet (or IP WAN). Not forgetting the return trip, and processing delays.

Question 42

A user calls the help desk and states that he was working on a spreadsheet and was unable to print it. However, his colleagues are able to print their documents to the same shared printer. Which of the following should be the FIRST question the helpdesk asks?

A. Does the printer have toner?
B. Are there any errors on the printer display?
C. Is the user able to access any network resources?
D. Is the printer powered up?

Answer 42

C. Is the user able to access any network resources?

The user has already provided you with the information relevant to the first step in the 7-step troubleshooting process. The next step is to “Question the obvious.” The user has stated: “…his colleagues are able to print their documents to the same shared printer.” The obvious question in this instance is whether the user can access any network resources.
1. Identify the problem. Information gathering. Identify symptoms. Question users.
Determine if anything has changed.
2. Establish a theory of probable cause. Question the obvious.
3. Test the theory to determine cause:
When the theory is confirmed, determine the next steps to resolve the problem. If theory is not confirmed, re-establish a new theory or escalate.
4. Establish a plan of action to resolve the problem and identify potential effects.
5. Implement the solution or escalate as necessary.
6. Verify full system functionality and if applicable implement preventive measures.
7. Document findings, actions, and outcomes.

Question 43

A network administrator is following best practices to implement firewalls, patch management and policies on the network. Which of the following should be performed to verify the security controls in place?

A. Penetration testing
B. AAA authentication testing
C. Disaster recovery testing
D. Single point of failure testing

Answer 43

A. Penetration testing

Question 44

A company is having a new T1 line installed. Which of the following will the connection MOST likely terminate to?

A. Core switch
B. MDF
C. Ethernet router
D. IDF

Answer 44

B. MDF

Question 45

A typical cell tower will have microwave and cellular antennas. Which of the following network topologies do these represent? (Choose two.)

A. Point-to-multipoint
B. Bus
C. Point-to-point
D. Mesh
E. Peer-peer
F. Ring

Answer 45

C. Point-to-point
D. Mesh

Question 46

Which of the following types of network would be set up in an office so that customers could access the Internet but not be given access to internal resources such as printers and servers?

A. Quarantine network
B. Core network
C. Guest network
D. Wireless network

Answer 46

C. Guest network

A wireless guest network could be set up so that it has limited access (no access to local resources) but does provide Internet access for guest users.

Question 47

Which of the following is a document that is used in cyber forensics that lists everywhere evidence has been?

A. Warrant
B. Legal document
C. Chain of custody
D. Forensic report
E. Documentation of the scene

Answer 47

C. Chain of custody

Question 48

A company has just implemented VoIP. Prior to the implementation, all of the switches were upgraded to layer 3 capable in order to more adequately route packages. This is an example of which of the following network segmentation techniques?

A. Compliance implementation
B. Separate public/private newtorking
C. Honeypot implementation
D. Performance optimization

Answer 48

D. Performance optimization

Question 49

Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line?

A. Multilayer switch
B. Access point
C. Analog modem
D. DOCSIS modem

Answer 49

C. Analog modem

Before ADSL broadband connections became the standard for Internet connections, computers used analog modems to connect to the Internet. By today’s standards, analog modems are very slow typically offering a maximum bandwidth of 56Kbps.
An analog modem (modulator/demodulator) converts (modulates) a digital signal from a computer to an analog signal to be transmitted over a standard (POTS) phone line. The modem then converts (demodulates) the incoming analog signal to digital data to be used by the computer.
An analog modem uses an RJ-11 connector to connect to a phone line (POTS) in the same way a phone does.

Question 50

Which of the following default ports is associated with protocols that are connectionless?

A. 80
B. 443
C. 2427
D. 3389

Answer 50

C. 2427

Question 51

A technician configures a firewall in the following manner in order to allow HTTP traffic.

Source IPZone: Any Untrust
Dest IPZone: Any DMZ
Port: 80
Action: Allow

The organization should upgrade to which of the following technologies to prevent unauthorized traffic from traversing the firewall?

A. HTTPS
B. Stateless packet inspection
C. Intrusion detection system
D. Application aware firewall

Answer 51

D. Application aware firewall

Question 52

A client reports that half of the marketing department is unable to access network resources. The technician determines that the switch has failed and needs to replace it. Which of the following would be the MOST helpful in regaining connectivity?

A. VLAN configuration
B. Network diagram
C. Configuration backup
D. Router image

Answer 52

C. Configuration backup

Question 53

Which of the following is a connectionless protocol? (Select TWO)

A. ICMP
B. SSL
C. TCP
D. SSH
E. HTTP
F. UDP

Answer 53

A. ICMP
F. UDP

Question 54

A PC technician has installed a new network printer that was preconfigured with the correct static IP address, subnet mask, and default gateway. The printer was installed with a new cable and appears to have link activity, but the printer will not respond to any network communication attempts. Which of the following is MOST likely the cause of the problem?

A. Damaged cable
B. Duplex mismatch
C. Incorrect VLAN assignment
D. Speed mismatch

Answer 54

C. Incorrect VLAN assignment

If a port is accidentally assigned to the wrong VLAN in a switch, it’s as if that client was magically transported to another place in the network. This would explain the inability to communication with the printer, as it is on a different VLAN.

Question 55

A wireless network technician for a local retail store is installing encrypted access points within the store for real-time inventory verification, as well as remote price checking capabilities, while employees are away from the registers. The store is in a fully occupied strip mall that has multiple neighbors allowing guest access to the wireless networks. There are a finite known number of approved handheld devices needing to access the store’s wireless network. Which of the following is the BEST security method to implement on the access points?

A. Port forwarding
B. MAC filtering
C. TLS/TTLS
D. IP ACL

Answer 55

B. MAC filtering

MAC filtering allows traffic to be permitted or denied based on a device’s MAC address. We make a MAC filtering which contains the MAC addresses of all approved devices that need to access the wireless network. This ensures that only approved devices are given access to the network.

Question 56

A technician is installing a surveillance system for a home network. The technician is unsure which ports need to be opened to allow remote access to the system. Which of the following should the technician perform?

A. Disable the network based firewall
B. Implicit deny all traffic on network
C. Configure a VLAN on Layer 2 switch
D. Add the system to the DMZ

Answer 56

D. Add the system to the DMZ

By putting the system in the DMZ (demilitarized zone) we increase the security, as the system should be opened for remote access.
A DMZ is a computer host or small network inserted as a “neutral zone” between a company’s private network and the outside public network. It prevents outside users from getting direct access to a server that has company data. A DMZ often contains servers that should be accessible from the public Internet.

Question 57

Upon arrival at work, an administrator is informed that network users cannot access the file server. The administrator logs onto the server and sees the updates were automatically installed and the network connection shows limited and no availability. Which of the following needs to be rolled back?

A. The browser on the server
B. The server’s NIC drivers
C. The server’s IP address
D. The antivirus updates

Answer 57

B. The server’s NIC drivers

Question 58

Before logging into the company network, users are required to sign a document that is to be stored in their personnel file. This standards and policies document is usually called which of the following?

A. SOP
B. BEP
C. AUP
D. SLA

Answer 58

C. AUP

AUP stands for Acceptable Use Policy. An Acceptable Use Policy defines what a user can or cannot do with his or her computer during business hours. For example, using the company’s Internet connection to look at the sports scores on a sports website may be deemed inappropriate or unacceptable during business hours. Other examples include the use of social media websites such as Facebook or using Instant Messaging clients to chat to your friends.

Question 59

A network administrator noticed that when one computer goes down, all the other computers in the office will not work. Which of the following topologies is in use?

A. Star
B. Ring
C. Hybrid
D. Bus
E. Mesh

Answer 59

D. Bus

Question 60

Jane, a network technician is preparing to configure a company’s network. She has installed a firewall to allow for an internal DMZ and external network. No hosts on the internal network should be directly accessible by IP address from the internet, but they should be able to communicate with remote networks after receiving a proper IP address. Which of the following is an addressing scheme that will work in this situation?

A. Teredo tunneling
B. Private
C. APIPA
D. Classless

Answer 60

B. Private

Question 61

A network engineer is designing a new IDF in an old building. The engineer determines the equipment will fit in a two-post rack, and there is power available for this equipment. Which of the following would be the FIRST issue to remediate?

A. Air flow and cooling
B. UPS capability
C. Circuit labeling
D. Power redundancy

Answer 61

A. Air flow and cooling

Question 62

Which of the following broadband WAN technologies would MOST likely be used to connect several remote branches that have no fiber or satellite connections?

A. OC12
B. POTS
C. WiMax
D. OC3

Answer 62

B. POTS

Question 63

An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted id this change is not immediate. The request come directly from management, and there is no time to go through the emergency change control process. Given this scenario, which of the following is the BEST course of action for the network administrator to take?

A. Wait until the maintenance window, and make the requested change
B. First document the potential impacts and procedures related to the change
C. Send out a notification to the company about the change
D. Make the change, noting the requester, and document all network changes

Answer 63

D. Make the change, noting the requester, and document all network changes

Question 64

The Chief Information Officer (CIO) of an organization is concerned that the current locally-hosted, software threat solution is not agile enough. The CIO points to specific examples of zero-day threats that have recently taken a day or more to receive patches. The IT team is tasked with finding a solution that has a better chance of stopping emerging threats and stopping zero-day threats more quickly. Which of the following solutions would have the BEST chance of meeting these goals?

A. Stateful firewall
B. Premise-based IDS
C. Host-based IDS
D. Cloud-based anti-malware

Answer 64

A. Stateful firewall

Question 65

A network technician receives a spool of Cat 6a cable and is asked to build several cables for a new set of Ethernet runs between devices. Which of the following tools are MOST likely needed to complete the task? (Choose three.)

A. Wire stripper
B. Cable crimper
C. RJ-11 connectors
D. RJ-45 connectors
E. Multimeter
F. Punchdown tool
G. Tone generator

Answer 65

A. Wire stripper
B. Cable crimper
D. RJ-45 connectors

Question 66

A network administrator has created a virtual machine in the cloud. The technician would like to connect to the server remotely using RDP. Which of the following default ports needs to be opened?

A. 445
B. 3389
C. 5004
D. 5060

Answer 66

B. 3389

RDP (Remote Desktop Protocol) is used for connecting to a remote Windows computer. When using RDP to connect to a remote Windows computer, you can view and control the desktop of the remote computer. RDP uses TCP port 3389.

Question 67

The Chief Information Officer (CIO) has noticed the corporate wireless signal is available in the parking lot. Management requests that the wireless network be changed so it is no longer accessible in public areas, without affecting the availability inside the building. Which of the following should be changed on the network?

A. Power levels
B. Overcapacity
C. Distance limitations
D. Channel overlap

Answer 67

A. Power levels

Question 68

A technician needs to set aside addresses in a DHCP pool so that certain servers always receive the same address. Which of the following should be configured?

A. Leases
B. Helper addresses
C. Scopes
D. Reservations

Answer 68

D. Reservations

A reservation is used in DHCP to ensure that a computer always receives the same IP address. To create a reservation, you need to know the hardware MAC address of the network interface card that should receive the IP address.
For example, if Server1 has MAC address of 00:A1:FB:12:45:4C and that computer should always get 192.168.0.7 as its IP address, you can map the MAC address of Server1 with the IP address to configure reservation.

Question 69

A network technician has detected a personal computer that has been physically connected to the corporate network. Which of the following commands would the network technician use to locate this unauthorized computer and determine the interface it is connected to?

A. nbtstat –a
B. show mac address-table
C. show interface status
D. show ip access-list
E. nslookup hostname

Answer 69

B. show mac address-table

The show mac address-table command is used to view the ageing timer, and also the unicast and multicast MAC addresses stored in the MAC address table by the switch. Furthermore, you can view all of the addresses in the table or only the addresses learned or specified on a particular port or VLAN.

Question 70

A network technician discovers an issue with spanning tree on the core switch. Which of the following troubleshooting steps should the network technician perform NEXT to resolve the issue?

A. Test a theory to determine the cause
B. Escalate to a senior technician
C. Identify the symptoms
D. Establish a theory of probable cause
E. Establish a plan of action

Answer 70

D. Establish a theory of probable cause

Question 71

A network technician wants to remotely and securely access the desktop of a Linux workstation. The desktop is running remote control software without encryption. Which of the following should the technician use to secure the connection?

A. SSH in tunnel mode
B. RDP set to console connection
C. EAP-PEAP
D. SFTP

Answer 71

A. SSH in tunnel mode

Question 72

A technician has determined the most likely cause of an issue and implement a solution. Which of the following is the NEXT step that should be taken?

A. Document the findings, actions, and outcomes
B. Duplicate the problem if possible
C. Verify system functionality
D. Make an archival backup

Answer 72

C. Verify system functionality

Question 73

A company is implementing enhanced user authentication for system administrators accessing the company’s confidential servers. Which of the following would be the BEST example of two-factor authentication?

A. ID badge and keys
B. Password and key fob
C. fingerprint scanner and retina scan
D. Username and password

Answer 73

B. Password and key fob

Question 74

A network technician notices the site-to-site VPN and Internet connection have not come back up at a branch office after a recent power outage. Which of the following is an out-of-band method the technician would MOST likely utilize to check the branch office’s router status?

A. Use a modem to console into the router
B. Walk a user through troubleshooting the connection
C. Travel to the branch office
D. Hire a contractor to go on-site

Answer 74

A. Use a modem to console into the router

Question 75

A technician is concerned about security and is asked to set up a network management protocol. Which of the following is the best option?

A. SLIP
B. SNMPv3
C. TKIP
D. SNMPv2

Answer 75

B. SNMPv3

Question 76

A network technician is tasked with designing a firewall to improve security for an existing FTP server that is on the company network and is accessible from the internet. The security concern is that the FTP server is compromised it may be used as a platform to attack other company servers. Which of the following is the BEST way to mitigate this risk?

A. Add an outbound ACL to the firewall
B. Change the FTP server to a more secure SFTP
C. Use the implicit deny of the firewall
D. Move the server to the DMZ of the firewall

Answer 76

D. Move the server to the DMZ of the firewall

Question 77

A company that was previously running on a wired network is performing office-wide upgrades. A department with older desktop PC’s that do not have wireless capabilities must be migrated to the new network, ensuring that all computers are operating on a single network. Assuming CAT5e cables are available, which of the following network devices should a network technician use to connect all the devices to the wireless network?

A. Wireless bridge
B. VPN concentrator
C. Default WAP
D. Wireless router

Answer 77

D. Wireless router

Question 78

Which of the following helps prevent routing loops?

A. Routing table
B. Default gateway
C. Route summarization
D. Split horizon

Answer 78

D. Split horizon

Routing loops occur when the routing tables on the routers are slow to update and a redundant communication cycle is created between routers. Split horizon, which prevents the router from advertising a route back to the other router from which it was learned, can be used to resist routing loops. Poison reverse, also known as split horizon with poison reverse, is also used to resist routing loops.

Question 79

The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following would BEST handle the rerouting caused by the disruption of service?

A. Layer 3 switch
B. Proxy server
C. Layer 2 switch
D. Smart hub

Answer 79

A. Layer 3 switch

The question states that the traffic being transported is a mixture of multicast and unicast signals. There are three basic types of network transmissions: broadcasts, which are packets transmitted to every node on the network; unicasts, which are packets transmitted to just one node; and multicasts, which are packets transmitted to a group of nodes. Multicast is a layer 3 feature of IPv4 & IPv6. Therefore, we would need a layer 3 switch (or a router) to reroute the traffic. Unlike layer 2 switches that can only read the contents of the data-link layer protocol header in the packets they process, layer 3 switches can read the (IP) addresses in the network layer protocol header as well.

Question 80

An F-connector is used on which of the following types of cabling?

A. CAT3
B. Single mode fiber
C. CAT5
D. RG6

Answer 80

D. RG6

An F connector is a coaxial RF connector commonly used for terrestrial television, cable television and universally for satellite television and cable modems, usually with RG-6/U cable or, in older installations, with RG-59/U cable.

Question 81

A technician wants to securely manage several remote network devices. Which of the following should be implemented to securely manage the devices?

A. WPA2
B. IPv6
C. SNMPv3
D. RIPv2

Answer 81

C. SNMPv3

To manage the remote network devices we need to use a network management protocol. SNMP has become the de facto standard of network management protocols. The security weaknesses of SNMPv1 and SNMPv2c are addressed in SNMPv3.

Question 82

A network administrator would like to collect information from several networking devices using SNMP. Which of the following SNMP options should a network administrator use to ensure the data transferred is confidential?

A. authpriv
B. SHA
C. MD5
D. Authentication passphrase

Answer 82

A. authpriv

Question 83

The security manager reports that individual systems involved in policy or security violations or incidents cannot be located quickly. The security manager notices the hostnames all appear to be randomly generated characters. Which of the following would BEST assist the security manager identifying systems involved in security incidents?

A. Enforce port security to require system authentication
B. Implement a standardized UNC
C. Label existing systems with current hostnames
D. Forward the DHCP logs to the security manager every day

Answer 83

B. Implement a standardized UNC

Question 84

A network administrator receives a call asking for assistance with connecting to the network. The user asks for the IP address, subnet class, and VLAN required to access the network. This describes which of the following attacks?

A. Social engineering
B. Spoofing
C. Zero-day attack
D. VLAN hopping

Answer 84

A. Social engineering

Question 85

A network technician has set up an FTP server for the company to distribute software updates for their products. Each vendor is provided with a unique username and password for security. Several vendors have discovered a virus in one of the security updates. The company tested all files before uploading them but retested the file and found the virus. Which of the following could the technician do for vendors to validate the proper security patch?

A. Use TFTP for tested and secure downloads
B. Require biometric authentication for patch updates
C. Provide an MD5 hash for each file
D. Implement a RADIUS authentication

Answer 85

C. Provide an MD5 hash for each file

If we put an MD5 has for each file we can see if the file has been changed or not.
MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specific individual.

Question 86

Which of the following types of equipment should be used for telecommunications equipment and have an open design?

A. 2/4 post racks
B. Rail Racks
C. Vertical frame
D. Ladder racks

Answer 86

A. 2/4 post racks

Question 87

Which of the following communication technologies would MOST likely be used to increase bandwidth over an existing fiber optic network by combining multiple signals at different wavelengths?

A. DWDM
B. SONET
C. ADSL
D. LACP

Answer 87

A. DWDM

Dense wavelength-division multiplexing (DWDM) is a high-speed optical network type commonly used in MANs (metropolitan area networks). DWDM uses as many as 32 light wavelengths on a single fiber, where each wavelength can support as many as 160 simultaneous transmissions using more than eight active wavelengths per fiber.

Question 88

A network technician has just received an email regarding a security issue detected on the company’s standard web browser. Which of the following will MOST likely fix the issue?

A. Firmware update
B. OS update
C. Vulnerability patch
D. Driver update

Answer 88

C. Vulnerability patch

Question 89

An attack where the potential intruder tricks a user into providing sensitive information is known as which of the following?

A. Social engineering
B. Bluesnarfing
C. Man-in-the-middle
D. Evil Twin

Answer 89

A. Social engineering

Question 90

Client PCs are unable to receive addressing information from a newly configured interface on a router. Which of the following should be added to allow the clients to connect?

A. DHCP lease me
B. IP helper
C. TTL
D. DNS record type

Answer 90

B. IP helper

Question 91

A network technician receives a call from a use who is experiencing network connectivity issues. The network technician questions the user and learns the user brought in a personal wired router to use multiple computers and connect to the network. Which of the following has the user MOST likely introduced to the network?

A. Rogue DHCP server
B. Evil twin
C. VLAN mismatch
D. Honeypot

Answer 91

A. Rogue DHCP server

Question 92

Routing prefixes which are assigned in blocks by IANA and distributed by the Regional Internet Registry (RIR) are known as which of the following?

A. Network handle
B. Autonomous system number
C. Route aggregation
D. Top level domain

Answer 92

B. Autonomous system number

Question 93

Company policies require that all network infrastructure devices send system level information to a centralized server. Which of the following should be implemented to ensure the network administrator can review device error information from one central location?

A. TACACS+ server
B. Single sign-on
C. SYSLOG server
D. Wi-Fi analyzer

Answer 93

C. SYSLOG server

Syslog is a protocol designed to send log entries generated by a device or process called a facility across an IP network to a message collector, called a syslog server. A syslog message consists of an error code and the severity of the error. A syslog server would enable the network administrator to view device error information from a central location.

Question 94

A Chief Information Officer (CIO) wants to move some IT services to a cloud service offering. However, the network administrator still wants to be able to control some parts of the cloud service’s networking components. Which of the following should be leveraged to complete this task?

A. IaaS
B. PaaS
C. SaaS
D. DaaS

Answer 94

B. PaaS

Question 95

A disgruntled employee executes a man-in-the-middle attack on the company network. Layer 2 traffic destined for the gateway is redirected to the employee’s computer. This type of attack is an example of:

A. ARP cache poisoning
B. IP spoofing
C. amplified DNS attack
D. evil twin

Answer 95

A. ARP cache poisoning

Question 96

A technician is connecting a router directly to a PC using the G1/0/1 interface. Without the use of auto-sensing ports, which of the following cables should be used?

A. Straight-through
B. Console
C. Rollover
D. Crossover

Answer 96

D. Crossover

Question 97

Which of the following is an example of an IPv4 address?

A. 192:168:1:55
B. 192.168.1.254
C. 00:AB:FA:B1:07:34
D. ::1

Answer 97

B. 192.168.1.254

An IPv4 address is notated as four decimal numbers each between 0 and 255 separated by dots (xxx.xxx.xxx.xxx). Each number is known as an octet as it represents eight binary bits. All four octets make up a 32-bit binary IPv4 address.
In this question, 192.168.1.254 is a valid IPv4 address.

Question 98

There has been an increased amount of successful social engineering attacks at a corporate office. Which of the following will reduce this attack in the near future?

A. Helpdesk training
B. Appropriate use policy
C. User awareness training
D. Personal Identifiable Information

Answer 98

C. User awareness training

Question 99

A network engineer is conducting an assessment for a customer that wants to implement an 802.11n wireless network. Before the engineer can estimate the number of WAPs needed, it is important to reference which of the following?

A. Network diagram
B. Site survey
C. Network topology
D. PoE requirements

Answer 99

B. Site survey

Question 100

Which of the following protocols were designed to avoid loops on a Layer 2 network? (Select TWO)

A. OSPF
B. RIPv2
C. 802.1q
D. Spanning tree
E. 802.1d
F. QoS

Answer 100

D. Spanning tree
E. 802.1d

Question 101

A network technician is asked to redesign an Ethernet network before new monitoring software is added to each host on the network. The new software will broadcast statistics from each host to a monitoring host for each of the five departments in the company. The added network traffic is a concern of management that must be addressed. Which of the following solutions should the technician design into the new network?

A. Place each department in a separate VLAN
B. Add a router and create a segment for all the monitoring host stations
C. Increase the number of switches on the network to reduce broadcasts
D. Increase the collision domain to compensate for the added broadcasts

Answer 101

A. Place each department in a separate VLAN

Question 102

A network technician receives the following alert from a network device: “High utilizations threshold exceeded on gi1/0/24 : current value 9413587.54” Which of the following is being monitored to trigger the alarm?

A. Speed and duplex mismatch
B. Wireless channel utilization
C. Network device CPU
D. Network device memory
E. Interface link status

Answer 102

E. Interface link status

This is an error message that indicates that threshold of high utilization of network interface, in this case interface gi1/0/24, has been exceeded. The message has been triggered on the interface link status.
Note: gi1/0 would be a gigabyte interface.

Question 103

A company plan established to resume normal system operations following a disruption in business would be described as which of the following?

A. First responders
B. User awareness training
C. Disaster recovery
D. Business continuity

Answer 103

D. Business continuity

Question 104

Which of the following network topologies has a central, single point of failure?

A. Ring
B. Star
C. Hybrid
D. Mesh

Answer 104

B. Star

A Star network is the most common network in use today. Ethernet networks with computers connected to a switch (or a less commonly a hub) form a star network. The switch forms the central component of the star. All network devices connect to the switch. A network switch has a MAC address table which it populates with the MAC address of every device connected to the switch. When the switch receives data on one of its ports from a computer, it looks in the MAC address table to discover which port the destination computer is connected to. The switch then unicasts the data out through the port that the destination computer is connected to. The switch that forms the central component of a star network is a single point of failure. If the switch fails, no computers will be able to communicate with each other.

Question 105

A network technician has been asked to make the connections necessary to add video transported via fiber optics to the LAN within a building. Which of the following is the MOST common connector that will be used on the switch to connect the media converter?

A. FDDI
B. Fiber coupler
C. MT-RJ
D. ST

Answer 105

D. ST

Question 106

A company owns four kiosks that are in close proximity within a shopping center. The owner is concerned about someone accessing the internet via the kiosk’s wireless network. Which of the following should be implemented to provide wireless access only to the employees working at the kiosk?

A. Firewall
B. Web filtering
C. MAC filtering
D. Host-based antivirus

Answer 106

C. MAC filtering