COMP TIA NETWORK + Flashcards
Q/A
1.1
Which of the following protocols reside at the application layer of the Open Systems Interconnection (OSI) model? (Select all that apply.)
HTTP
SMTP
IP
TCP
HTTP, SMTP
Layer 7 (Application layer) works at the user end to interact with user applications. QoS (Quality of Service), file transfer, and email are the major popular services of the Application layer. This layer uses the following protocols: HTTP, SMTP, and FTP.
SMTP protocol resides at the Application layer (layer 7). This is the layer at which many TCP/IP services (high-level protocols) can run, which also includes FTP and HTTP.
Layer 3 (Network layer) performs real-time processing and transfers data from nodes to nodes. The Network layer assists the IP protocol.
The Transport layer–or Host-to-Host layer–establishes connections between the different applications, that the source and destination hosts are communicating with, using the TCP and UDP protocols.
1.1
Client A is sending data to Server A. The packet has left the application layer and traversed the ISO model through to the data link layer. Which header will get encapsulated onto the packet at the data link layer?
Ethernet header
IP header
TCP header
UDP header
Ethernet header
Ethernet encapsulates the payload from higher layer protocols within a protocol data unit (PDU) called a frame. The ethernet header encapsulates a packet at the data link layer.
At the network layer, the Internet Protocol (IP) header wraps the TCP segment. The Internet Protocol (IP) stands at the heart of this protocol suite, providing logical addressing and packet forwarding between different networks.
The transport layer encapsulates the packet in the Transport Control Protocol (TCP) header.
The transport layer encapsulates the packet in the User Datagram Protocol (UDP) header.
1.1
A network engineer is adding a bridge into the network design. Where in the Open Systems Interconnection (OSI) model will this bridge operate? (Select all that apply.)
Data Link layer of the OSI model
Layer 2 of the OSI model
Layer 5 of the OSI model
Transport layer of the OSI model
Data Link layer of the OSI model, Layer 2 of the OSI model
The bridge creates a link between the two physical segments so that hosts in Segment A can send and receive messages to hosts in Segment B. Bridges perform on Layer 2 (Data Link layer).
Connectivity devices found in the Layer 2 include a bridge. A bridge joins two network segments while minimizing the performance reduction of having more nodes on the same network.
There are no devices or components that operate at Layer 5. Layer 5 assumes responsibility for managing network connections between applications.
At the Transport layer, on the sending host, data from the upper layers is packaged as segments and tagged with the application’s port number, but there are no devices that operate at this layer.
1.1
Which Open Systems Interconnection (OSI) layer assumes responsibility for managing network connections between applications?
Session
Physical
Network
Data Link
Session
Most application protocols require the exchange of multiple messages between the client and server. This exchange of such a sequence of messages is called a session, thus, the Session layer. Sessions can work in three modes: simplex, half-duplex, or duplex.
Some form of transmission or physical media creates a link between network nodes. The Physical layer of the OSI model (layer 1) is responsible for the transmission and receipt of bits from one node to another node.
The Network layer (layer 3) transfers information between networks. It is the Session layer that manages connections between applications.
The Data Link layer (layer 2) transfers data between nodes on the same logical segment. Whereas, the Session layer manages connections between applications.
1.1
A network administrator is reviewing some packets flagged by the Intrusion Detection System (IDS). The administrator notices that the packets are ping packets, but the size of the packets is much larger than expected. What is the MOST likely cause of the oversized packets?
Modified payload
Corrupted MTU
TCP flags
False positive
Modified payload
Payload is the data the packet is carrying. A modified payload will increase the size of the packet, exceeding the normal packet size.
The upper limit of the payload is also known as the maximum transmission unit (MTU). The official IEEE 802.3 standard defines a 2-byte field to specify the size of the data field or payload. The payload is between 46 and 1500 bytes.
Handshake transactions manage TCP connections, which make use of several TCP flags. The flags are SYN, ACK, FIN, RST, PSH, and URG. They do not change the packet’s size.
A false positive is a report of a fault when no fault exists. This can mean a signaled alert when no real threat or error causing the alert exists.
1.1
A network administrator is looking at an ARP table on a switch for connected devices. Which Open Systems Interconnection (OSI) layer are they looking at?
Data Link
Physical
Network
Session
Data Link
The Data Link layer (layer 2) transfers data between nodes on the same logical segment. This is where ARP tables are located.
Some form of transmission or physical media creates a link between network nodes. The Physical layer of the OSI model (layer 1) is responsible for the transmission and receipt of bits from one node to another node.
The Network layer (layer 3) transfers information between networks. It is the Session layer that manages connections between applications.
Most application protocols require the exchange of multiple messages between the client and server. This exchange of such a sequence of messages is called a session, thus, the Session layer. Sessions can work in three modes: simplex, half-duplex, or duplex.
1.1
An engineer upgrades an organization’s network. Part of the upgrade focuses on the consolidation of devices. In particular, planning to replace routers and switches is on the agenda. When evaluating how network appliances operate, which device is a suitable replacement that performs the required functions?
Multilayer switch
IDS/IPS
Firewall
Repeater
Multilayer switch
A multilayer switch routes based on the contents of packets at layers 3 and up and more effectively in a VLAN environment. A multilayer switch is an appropriate solution for this scenario.
An IDS (intrusion detection system) detects malicious activity. An IPS (intrusion prevention system) is an inline security device, that monitors suspicious network and/or system traffic and reacts in real-time to block it.
Firewalls are principally used to implement security zones, such as an intranet, screened subnet topology, and the Internet.
A repeater is a layer 1 device that takes a signal and repeats it to the devices connected to it. Repeaters maintain signal integrity and amplitude.
1.1
Host A is communicating with Host B. Host A uses the American Standard Code for Information Interchange (ASCII) and Host B uses Unicode. The clients agree to translate the communication to ASCII. What layer of the Open System Interconnection (OSI) model does the agreement and translation occur?
Presentation
Application
Session
Transport
Presentation
The Presentation layer (Layer 6) transforms data between the format required for the network and the format required for the application. For example, the Presentation layer is used for character set conversion.
The Application layer (Layer 7) receives the translated data. This protocol does not encapsulate any other protocols or provide services to any protocol.
The Session layer (Layer 5) represents the dialog control functions that administer the process of establishing the dialog, managing data transfer, and then ending the session.
The Transport layer (Layer 4) identifies each type of network application by assigning it a port number.
1.1
A server contains two ethernet cards. Two departments on separate networks need access to the server and resources on either side. A systems administrator configures a bridge with the interfaces. The administrator utilizes a bridge configuration to achieve which of the following?
Connecting different networks as if they were one
Connecting different networks for communication purposes but keeping them separate
Connecting devices within a single network
Protecting differing networks from one another
Connecting different networks as if they were one
A bridge is a hardware appliance or software application that connects different networks and treats them as if they were one network.
A router is a hardware appliance or application that connects different networks for communication purposes but keeps them separate. A router is a layer 3 device and communication between networks is done with routing tables.
To connect systems within a single network subnet, a hub or a switch is used. A hub is simply a physical hardware device, whereas a switch is a layer 2 device.
A firewall is a hardware device or application that is used to protect a network from another.
1.1
An organization has asked a network administrator to research and submit a purchase order for new network access points. The network administrator is attempting to choose between using wired and wireless access points. Which layer of the OSI model is the administrator making a decision?
Physical layer
Network layer
Data link layer
Session layer
Physical layer
The physical layer of the OSI model is responsible for the transmission and receipt of the signals that represent bits of data from one node to another node.
The network layer is responsible for moving data around a network of networks, known as an internetwork or the Internet.
The data link layer is responsible for transferring data between nodes on the same logical segment.
The session layer (layer 5) represents functions that administer the process of establishing a dialog, managing data transfer, and then ending (or tearing down) the session.
1.1
A junior-level systems administrator troubleshoots network connectivity. Results of the troubleshooting reveal a device that is new to the administrator. This device connects all hosts and routes network traffic. After evaluating the possibilities, and based on the device’s characteristics, what does the network utilize for connectivity and traffic flow?
Multilayer switch
IDS/IPS
Firewall
Repeater
Multilayer switch
A multilayer switch routes based on the contents of packets at layers 3 and up and more effectively in a VLAN environment. A multilayer switch is an appropriate solution for this scenario.
An IDS (intrusion detection system) detects malicious activity. An IPS (intrusion prevention system) is an inline security device, monitoring suspicious network and/or system traffic and reacts in real time to block it.
Firewalls are principally used to implement security zones, such as intranet, screened subnet topology, and Internet.
A repeater is a layer 1 device that takes a signal and repeats it to the devices connected to it. Repeaters maintain signal integrity and amplitude.
1.1
An engineer troubleshoots a network connectivity issue that the server team reported. The engineer notices that the trunk port is down between two routers. After checking the fiber link on the router, the engineer moves the cable and notices that the link light comes on. The issue is MOST likely a part of what layer of the OSI model?
Physical layer
Network layer
Data link layer
Session layer
Physical layer
The physical layer of the OSI model is responsible for the transmission and receipt of the signals that represent bits of data from one node to another node.
The network layer is responsible for moving data around a network of networks, known as an internetwork or the Internet.
The data link layer is responsible for transferring data between nodes on the same logical segment.
The session layer (layer 5) represents functions that administer the process of establishing a dialog, managing data transfer, and then ending (or tearing down) the session.
1.1
A technician surveys an office space to document the network. Upon discovering a network closet, the technician finds a network bridge. After examing the possibilities, what description satisfies the technician’s notes regarding the bridge?
Connecting different networks as if they were one
Connecting different networks for communication purposes, but keeping them separate
Connecting devices within a single network
Protecting differing networks from one another
Connecting different networks as if they were one
A bridge is a hardware appliance or software application that connects different networks and treats them as if they were one network.
A router is a hardware appliance or application that connects different networks for communication purposes but keeps them separate. A router is a layer 3 device and communication between networks is done with routing tables.
To connect systems within a single network subnet, a hub or a switch is used. A hub is simply a physical hardware device, whereas a switch is a layer 2 device.
A firewall is a hardware device or application that is used to protect a network from another.
1.2
A network installer is upgrading the software on a new router. The router has the ability to download software directly from an already upgraded, connected router. What kind of connection is MOST likely between these two routers to share configurations and software?
SAN
Client-Server
Peer-to-peer
PAN
Peer-to-peer
A peer-to-peer network is one where each end system acts as both client and server. A peer-to-peer connection is a single connection between two devices.
A client-server network is one where some nodes, such as PCs and laptops, act as clients and the servers are more powerful computers. Application services and resources are centrally provisioned, managed, and secured.
A personal area network (PAN) links devices, such as laptops and smartphones, and provides connectivity with peripheral devices, plus wearable technology, such as fitness trackers and smart watches.
A storage area network (SAN) provisions access to storage devices at the block level. A SAN is isolated from the main network and only accessed by servers, not by client PCs and laptops.
1.2
A server technician is shopping for new storage for data on the business network. The storage requirement has risen over the last year, and the servers currently have limited space. What is an option for the technician to purchase to increase the available storage on the local network?
VLAN
SAN
Client-server
SDWAN
SAN
A storage area network (SAN) provisions access to storage devices at the block level. A SAN is isolated from the main network. It is only accessed by servers, not by client PCs and laptops.
Software-defined wide area network (SDWAN) is an overlay network that provisions a corporate WAN across multiple locations and facilitates secure access to the cloud directly from a remote location.
A client-server network is one where some nodes, such as PCs and laptops, act as clients, and the servers are more powerful computers. Application services and resources are centrally provisioned, managed, and secured.
At layer 2, virtual local area networks (VLANs) can address this issue. Each interface on a managed switch can be assigned a VLAN ID.
1.2
A wireless access point is available on the floor for wireless users in the area. User 1 wants to send a file to user 2 using their laptop’s wireless adapters. Which of the following is the most secure way of sending files to one another using their current wireless adapters?
Using a bus network connection
Using an ad hoc connection
Using a wireless mesh network
Using an infrastructure connection
Using an ad hoc connection
In an ad hoc topology, the wireless adapter allows connections to and from other devices. This makes it possible for two laptops to connect directly with each other wirelessly. This is also referred to as an Independent Basic Service Set (IBSS).
Unlike an ad hoc network, nodes in a wireless mesh network (WMN), called mesh stations, are capable of discovering one another and peering, forming a Mesh Basic Service Set (MBSS).
Wireless access points are deployed in an infrastructure topology and provide a bridge between wireless and wired networks. In this case, the users want to use wireless only.
A bus network is a physical network topology where all nodes are attached directly to the main cable.
1.2
A tech deploys a network using an E-LAN mesh approach. Compare and evaluate the choices to determine which network type the tech deploys.
WAN
MAN
PAN
CAN
MAN
A metropolitan area network (MAN) is a network that covers an area equivalent to a municipality. A MAN uses a service category such as an E-line, which establishes a point-to-point link or an E-LAN, which establishes a mesh topology.
A personal area network (PAN) is a network that connects two to three devices with cables and is most often seen in small or home offices.
A campus area network (CAN) is network that spreads over several buildings within the same overall area. As the name implies, a university would use a campus area network.
A wide area network (WAN) is a network that spans multiple geographic locations such as cities, states, provinces, and countries.
1.2
The main office is planning for more jobs to become remote in nature. The network team is briefing the chief information security officer (CISO) on the use of VPN software and the protocols used for point-to-muiltipoint connections. Which protocols should the team brief to the CISO? (Select all that apply.)
mGRE
NFV
MPLS
vNIC
mGRE, MPLS
Multipoint Generic Routing Encapsulation (mGRE) is a version of the Generic Routing Encapsulation (GRE) protocol that supports point-to-multipoint links, such as the hub and spoke dynamic multipoint Virtual Private Network (VPN).
Multiprotocol label switching (MPLS) can operate as an overlay network to configure point-to-point or point-to-multipoint links between nodes regardless of the underlying physical and data link topologies.
Network function virtualization (NFV) provisions virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.
Within the virtual machine (VM), the virtual NIC (vNIC) will look exactly like an ordinary network adapter and will be configurable in the same way.
1.2
A tech configures three computers in an office so users can share files. Which type of network does the tech create?
MAN
CAN
WAN
LAN
LAN
A local area network (LAN) covers a wide range of different sizes of networks but is mostly confined to a single geographical location. A small network in an office that is set up for simple fire sharing and printing is considered a LAN.
A campus area network (CAN) is a network that spreads over several buildings within the same overall area. As the name implies, a university would use a campus area network.
A wide area network (WAN) is a network that spans multiple geographic locations such as cities, states, provinces, and countries.
A metropolitan area network (MAN) is a network that covers an area equivalent to a city or a municipality.
1.2
A server administrator is adding a new Network Interface Card (NIC) to a virtual machine. What should the administrator modify to add the new NIC to the virtual machine?
Hypervisor
WAN
Demarcation point
SD-WAN
Hypervisor
In a virtualization host, the hypervisor—or virtual machine monitor (VMM)—manages the virtual environment and facilitates interaction with the computer hardware and network.
A wide area network (WAN) is a network of networks connected by long-distance links. A typical enterprise WAN would connect multiple sites, possibly in different countries.
The point at which the telco’s cabling enters the customer premises is known as the demarcation point.
Software-defined wide area network (SD-WAN) is a type of overlay network that provisions a corporate WAN across multiple locations and can facilitate secure access to the cloud directly from a remote location.
1.2
Which network topology describes the placement of nodes and how they connect to each other using network media?
Logical
Physical
Star
Ring
Physical
A physical network topology describes the placement of nodes and how they are connected by the network media. For example, in one network nodes might be directly connected via a single cable.
A logical network topology describes the flow of data through the network regardless of its physical layout.
A star network topology has each endpoint connected to a central forwarding node, such as a hub, switch, or router. The central node mediates communications between the endpoints.
A ring network topology has each node wired to its neighbor in a closed loop. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor until the transmission reaches its intended destination.
1.2
An organization has asked a network engineer to suggest a type of connection the new office space will require. The chief executive officer (CEO) tells the engineer the organization wants a dedicated T1 line not slowed down by other businesses or Internet Service Provider (ISP) customers. What type of connection has the CEO described to the engineer?
Satellite
Leased line
Demarcation point
Digital subscriber line (DSL)
Leased line
For leased line data services, the foundation level of the T-carrier is the DS1 or T1 digital signal circuit. This service comprises 24 channels multiplexed into a single 1.544 Mbps full duplex digital connection used for voice and data. The engineer can multiplex the T1 lines themselves to provide even more bandwidth.
The point at which the telco’s cabling enters the customer premises is known as the demarcation point.
Digital subscriber line (DSL) is a technology for transferring data over voice-grade telephone lines, often referred to as the local loop.
Satellite systems provide very large areas of coverage, as the microwave dishes are aligned to orbital satellites that can either relay signals between sites directly or via another satellite.
1.2
Which of the following topologies is a network of two or more nodes that shares access to the network, but only one node can be active at any one time?
Mesh
Star
Bus
Ring
Bus
In a bus topology with more than two nodes, they all share access and bandwidth of the media. Only one node can be active at any one time. So, the nodes must contend to put signals on the media.
In a star topology, each endpoint node is connected to a central forwarding node, such as a hub, switch, or router. The central node mediates communications between the endpoints.
In a ring topology, each node is wired to its neighbor in a closed loop. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor until transmission is complete.
In a mesh topology, each device has a point-to-point link with every other device on the network.
1.2
IT engineers evaluate a network for upgrade purposes. IT engineers recommend replacing a hub with a switch. Of the choices given, which represents the current physical topology and the current logical topology?
Star, star
Mesh, star
Star, ring
Star, bus
Star, bus
A physical star network can be used to implement a logical bus topology. When a device, such as a hub, is used at the center of the star, logically, the topology works like a single cable bus.
When a device, such as a switch, is used at the center of the star, the bus element is reduced to the link between each node and its switch port. Taking the network (as a whole) both the physical and logical topology, is a star.
In a physical ring topology, each node is wired to its neighbor in a closed loop.
Mesh network topologies are commonly used in WANs. In theory, a mesh network requires that each device has a point-to-point link with every other device on the network.
1.2
A college is upgrading their high-speed network infrastructure to support direct-connect Internet in all student buildings and dormitories. The network will connect to high-performing school servers that will provide computer lab environments for classes. What type of network is the school continuing to maintain?
CAN
WLAN
WAN
PAN
CAN
The term campus area network (CAN) is sometimes used for a LAN that spans multiple nearby buildings. This high-speed network can connect directly with all students in all the buildings and dormitories.
A wireless local area network (WLAN) is a network based on Wi-Fi. Open (public) WLANs are often referred to as hotspots.
A wide area network (WAN) is a network of networks, connected by long-distance links. A typical enterprise WAN would connect multiple sites, possibly in different countries.
A personal area network (PAN) is a close-range network link between a variety of devices. For example, two smart phones connected to each other via Bluetooth are creating a PAN.
1.2
An engineer for a large firm documents the internal computer network. A diagram the engineer creates shows a top-down view of the Ethernet infrastructure in a hub and spoke layout. While considering the physical and logical topologies of the network, determine which choices qualify. (Select all that apply.)
Star
Bus
Ring
LAN
Star, Bus
A star topology is a physical network design in which each node is connected to a central point. A star network is also referred to as a hub and spoke network.
A logical bus topology is one in which nodes receive the data transmitted all at the same time, regardless of the physical wiring layout of the network. A star network operates as a logical bus network when a hub is used rather than a switch.
In a physical ring topology, each node is wired in a closed loop. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor.
A local area network (LAN) covers a wide range of different sizes of networks, but is mostly confined to a single geographical location.
1.2
An IT engineer troubleshoots a small network. Previously, IT wired all nodes to a central closet. In the closet, the engineer discovers a hub. Of the choices given, which represents the current physical topology and the current logical topology?
Star, bus
Star, star
Star, ring
Mesh, star
Star, bus
A physical star network can be used to implement a logical bus topology. When a hub is used at the center of the star, logically, the topology works like a single cable bus.
When a switch is used at the center of network connectivity, each port acts independently. Therefore, both the physical and logical topology is a star.
In a physical ring topology, each node is wired to its neighbor in a closed loop.
Mesh network topologies are commonly used in WANs. In theory, a mesh network requires that each device has a point-to-point link with every other device on the network.
1.2
A tech configures a network to use an E-lines service. Compare and evaluate the choices to determine which network type the tech configures.
MAN
PAN
CAN
WAN
MAN
A metropolitan area network (MAN) is a network that covers an area equivalent to a municipality. A MAN uses a service category such as an E-line, which establishes a point-to-point link or an E-LAN, which establishes a mesh topology.
A personal area network (PAN) is a network that connects two to three devices with cables and is most often seen in small or home offices.
A campus area network (CAN) is a network that spreads over several buildings within the same overall area. As the name implies, a university would use a campus area network.
A wide area network (WAN) is a network that spans multiple geographic locations such as cities, states, provinces, and countries.
1.2
An engineer begins the installation of a network for a new business. Ethernet cables run from desktop locations to a centralized patch panel in a data closet where a hub is placed until a new switch arrives. Evaluate the engineer’s configuration, and conclude which types of physical and logical topologies the engineer implements. (Select all that apply.)
Star
Bus
Ring
LAN
Star, Bus
A star topology is a physical network design in which each node is connected to a central point. A star network is also referred to as a hub and spoke network.
A logical bus topology is one in which nodes receive the data transmitted all at the same time, regardless of the physical wiring layout of the network. A star network operates as a logical bus network when a hub is used rather than a switch.
In a physical ring topology, each node is wired in a closed loop. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor.
A local area network (LAN) covers a wide range of different sizes of networks, but is mostly confined to a single geographical location.
1.2
A network administrator is creating a plan for connecting multiple branch locations to the main database located in the headquarters. Which protocols can the administrator use to accomplish this link? (Select all that apply.)
mGRE
MPLS
NFV
vNIC
mGRE, MPLS
Multipoint Generic Routing Encapsulation (mGRE) is a version of the Generic Routing Encapsulation (GRE) protocol that supports point-to-multipoint links, such as the hub and spoke dynamic multipoint VPN.
Multiprotocol label switching (MPLS) can operate as an overlay network to configure point-to-point or point-to-multipoint links between nodes regardless of the underlying physical and data link topologies.
Network function virtualization (NFV) provisions virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.
Within the virtual machine (VM), the virtual NIC (vNIC) will look exactly like an ordinary network adapter and will be configurable in the same way.
1.3
An organization has asked a junior network technician to retrieve some swappable ports that host a single LC connection per port. Since there are numerous inserts for network devices, which should the technician retrieve?
F-type connector
QSFP
RJ-45
SFP
SFP
Also designed for Gigabit Ethernet, the small form-factor pluggable (SFP) uses local connectors (LCs). Gigabit Interface Converter (GBIC) was very bulky and largely replaced by SFP, also known as mini-GBIC.
Quad small form-factor pluggable (QSFP) is a transceiver form factor that supports 4 x 1 Gbps links, typically aggregated to a single 4 Gbps channel.
RG-6 is an 18 AWG cable with 75-ohm impedance typically used as a drop cable for Cable Access TV (CATV) and broadband cable modems, and usually terminated using F-type connectors secured by screwing into place.
Technicians use RJ-45 connectors with 4-pair (8-wire) cables. The connectors are also known as 8P8C (8-position/8-contact).
1.3
A network installer is building a long-distance link. The nodes are approximately 5 km apart. What type of fiber link should the installer build for this link?
1000BASE-LX
100BASE-FX
10GBASE-SR
100BASE-SX
1000BASE-LX
The 1000BASE-LX is a Gigabit Ethernet standard and supports 1 Gbps and a distance of 5 km using single mode fiber.
Installers often use the 100BASE-FX Fast Ethernet firer standard for wiring backbones. It uses multimode fiber for speeds of up to 100Mbps for a distance of up to 2 km.
The 100BASE-SX is a Fast Ethernet fiber standard that supports lengths up to 300 meters and speeds up to 100Mbps.
The 10GBASE-SR is a 10 Gigabit Ethernet fiber standard in backbone configurations, and it supports up to 300-meter link lengths.
1.3
Corporate has requested the installation of a new fiber link that supports 160 channels. What type of multiplexing is required to meet corporate’s request?
WDM
CWDM
DWDM
QSFP+
DWDM
Dense Wavelength Division Multiplexing (DWDM) provisions greater numbers of channels (20, 40, 80, or 160). This means that there is much less spacing between each channel and requires more precise and expensive lasers.
Coarse Wavelength Division Multiplexing (CWDM) supports up to 16 wavelengths and is typically used to deploy four or eight bidirectional channels over a single fiber strand.
Bidirectional wavelength division multiplexing (WDM) links are documented in Ethernet standards (1000BASE-BX and 10GBASE-BX).
Enhanced quad small form-factor pluggable (QSFP+) supports 40 GbE by provisioning 4 x 10 Gbps links.
1.3
Network equipment in a rack system has limited in-front facing space with the door closed. A technician uses small form-factor connectors to connect a fiber cable. After evaluating the choices, predict the correct fiber connectors for the system.
SC
LC
UPC
APC
LC
A local connector (LC) is a small form factor version of the SC push-pull fiber optic connector. It is available in simplex and duplex versions.
A subscriber connector (SC) is a push/pull connector used with fiber optic cabling.
Angled physical contact (APC) faces are angled for a tighter connection than other fiber connectors. These connectors are usually deployed when the fiber is being used to carry analog signaling, as in cable access TV (CATV) networks.
The ultra physical contact (UPC) fiber connector defines that the cable and connector are polished to the highest standard (a higher standard than with PC).
1.3
An engineer is building a backbone network in a new facility. The cabling going from one side of the building to the other is about 500 feet and will support a 5Gbps link between two routers. Which type of cabling should the engineer use?
1000BASE-SX
10GBASE-SR
Coaxial/RG-6
10GBASE-LR
10GBASE-SR
A 10GBASE-SR is a fiber Ethernet standard best suited to implementing backbone cabling that does not exceed 200 m (656 feet) and can achieve at least 4 Gbps throughput.
A 10GBASE-LR is rated for 10 km operation over single mode fiber. Ethernet over Fiber uses the IEEE 802.3 10GBASE-LR and 10GBASE-ER specifications.
A 1000BASE-SX is a fiber optic Gigabit Ethernet standard for operation over multimode fibers. The standard specifies a distance capability between 220 meters and 550 meters.
Coaxial/RG-6 is an 18 AWG cable with 75-ohm impedance typically used as drop cable for Cable Access TV (CATV) and broadband cable modems.
1.3
A technician finishes running fiber optic cable across a large building to expand the internal network. The fiber connects to equipment in a rack with extremely limited space for a connector. Considering the situation and the types of available fiber connectors, which one will accomplish connectivity?
LC
APC
SC
UPC
LC
A local connector (LC) is a small form factor version of the SC push-pull fiber optic connector. It is available in simplex and duplex versions. SFP+ use the LC form factor but run at speeds of 10Gb.
A subscriber connector (SC) is a push/pull connector used with fiber optic cabling.
Angled physical contact (APC) faces are angled for a tighter connection than other fiber connectors. These connectors are usually deployed when the fiber is being used to carry analog signaling, as in cable access TV (CATV) networks.
The ultra physical contact (UPC) fiber connector defines that the cable and connector are polished to the highest standard (a higher standard than with PC).
1.3
A technician is building a new network link between a switch and a router. The switch only has ethernet ports, while the router only has fiber ports. What could the technician utilize to connect these two devices?
Patch panel/patch bay
Transceiver/media converter
Fiber distribution panel
SFP+
Transceiver/media converter
Enterprise switches and routers are available with modular, hot-swappable transceivers/media converters for different types of fiber optic patch cord connections. These allow connections between ethernet and fiber networks.
A patch panel or patch bay is a type of distribution block with insulation-displacement connections (IDCs) on one side and pre-terminated RJ-45 modular ports on the other.
Permanent cables run through conduit to wall ports at the client access end and a fiber distribution panel at the switch end. Fiber patch cables complete the link from the wall port to the NIC and from the patch panel to the switch port.
Enhanced SFP (SFP+) is an updated specification to support 10 GbE but still uses the LC form factor.
1.3
An IT engineer considers optical mode OM1 or OM2 cables for a project. The project requires cables that are rated for applications up to 1 Gbps and use LED transmitters. Of the following choices, which type of cable does the engineer select to use?
Duplex
Bidirectional
Single-mode
Multimode
Multimode
Multimode fiber is inexpensive to deploy compared to single-mode fiber. As such, it does not support long distances as single-mode. Multimode uses uses light emitting diode (LED) technology.
Single-mode cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics.
Duplex is a communication configuration. Full duplex refers to a communication configuration/type such as network links that allow simultaneously sending and receiving. Most network links are full-duplex.
Bidirectional refers to two-way communication. Bidirectional does not imply the ability for full-duplex and may only be half-duplex. This means send and receive is taken in turns.
previous
1.3
A network technician is installing a new router in a new wing of the corporate building. The technician needs to connect the new router to the core router. The router is about 300 feet away from the core router and requires a 100Mbps connection. What type of connection should the technician build for the router?
10BASE-T
100BASE-TX
Coaxial/RG-6
10GBASE-T
100BASE-TX
A 100BASE-TX refers to Fast Ethernet working over Cat 5 (or better) twisted pair copper cable for speeds up to 100Mbps, and a maximum supported link length of 100 meters (328 feet).
A 10BASE-T denotes an early implementation that works at 10 Mbps (10), uses a baseband signal (BASE), and runs over twisted pair copper cabling (-T).
A 10GBASE-T refers to Fast Ethernet working over Cat 6 or better shielded or screened cable for speeds up to 10 gigabits.
Coaxial/RG-6 is an 18 AWG cable with 75 ohm impedance typically used as drop cable for Cable Access TV (CATV) and broadband cable modems.
1.3
An engineer is installing a new connection between two database stacks. The engineer is using copper cable and needs a connection speed of 40GbE with a distance of about 12 feet. Which medium should the engineer utilize for this link?
10GBASE-LR
Coaxial
Twinaxial
10BASE-T
Twinaxial
Twinax is for data center 10 GbE (unofficially referred to as 10GBASE-CR) and 40 GbE (40GBASE-CR4) interconnections of up to about 5 meters for passive cable types and 10 meters for active cable types.
Coaxial/RG-6 is an 18 AWG cable with 75-ohm impedance typically used as drop cable for Cable Access TV (CATV) and broadband cable modems.
A 10GBASE-LR is rated for 10 km operation over single mode fiber.
Ethernet over Fiber uses the IEEE 802.3 10GBASE-LR and 10GBASE-ER specifications.
A 10BASE-T denotes an early implementation that works at 10 Mbps (10), uses a baseband signal (BASE), and runs over twisted pair copper cabling (-T).
1.3
An engineer creates several Ethernet cables and chooses to terminate the cable ends with the orange pair using pins one and two. Considering the standard choices, which of the following does the engineer choose to implement?
TIA/EIA 568b
TIA/EIA 568a
RJ-11
RJ-45
TIA/EIA 568b
There are two defined methods for terminating Ethernet connectors: T568A and T568B. While T568A is mandated, T568B is the more widely deployed of the two.
ANSI/TIA/EIA 568 standard defines two methods for terminating Ethernet connectors: T568A and T568B. T568A is mandated by the US government and by the residential cabling standard TIA 570.
RJ-45 connectors are used with 4-pair (8-wire) cables. The connectors are also referred to as 8P8C (8-position/8-contact).
RJ-11 connectors are used with 2 or 3-pair UTP (unshielded twisted pair). There is room for six wires, but the four center wires are most commonly used. Pins 3 and 4, carry the dial tone and voice circuit.
1.3
A network installer is installing new phone lines into the network room. The installer has many blades for the punchdown panels in the building and needs a blade that is customizable on one end. Which blade should the installer use that has a customizable blade on one end of the punch tool?
Bix
Krone
110
66
Bix
BIX panels are rare but still used. The blades for these panels are adjustable on one end of the punch tool. They are similar to a 110 punch tool but are adjustable.
Krone format panels are rare and proprietary to that type of punch tool. The tool has a scissor-like function on the front of the punch tool instead of a set blade.
Installers mostly use 110 format punch blocks for LAN technology and RJ-45 connections. They have a set blade on one end of the punch tool.
Installers mainly use 66 format punch blocks in telecom installations and phone connectivity panels. They have a blade on the side of the punch tool.
1.3
Corporate has requested the installation of a new fiber link that supports 160 channels. What type of multiplexing is required to meet corporate’s request?
DWDM
CWDM
QSFP+
WDM
DWDM
Dense Wavelength Division Multiplexing (DWDM) provisions greater numbers of channels (20, 40, 80, or 160). This means that there is much less spacing between each channel and requires more precise and expensive lasers.
Coarse Wavelength Division Multiplexing (CWDM) supports up to 16 wavelengths and is typically used to deploy four or eight bidirectional channels over a single fiber strand.
Bidirectional wavelength division multiplexing (WDM) links are documented in Ethernet standards (1000BASE-BX and 10GBASE-BX).
Enhanced quad small form-factor pluggable (QSFP+) supports 40 GbE by provisioning 4 x 10 Gbps links.
1.3
An engineer has installed a new router but is not connected to the core network yet. What type of connector should the engineer install to get the requested throughput of 30Gbps or more?
Enhanced quad small form-factor pluggable (QSFP+)
Enhanced form-factor pluggable (SFP+)
Coarse wavelength division multiplexing (CWDM)
Dense wavelength division multiplexing (DWDM)
Enhanced quad small form-factor pluggable (QSFP+)
Enhanced quad small form-factor pluggable (QSFP+) supports 40 GbE by provisioning 4 x 10 Gbps links.
Enhanced form-factor pluggable (SFP+) is an updated specification to support 10 GbE but still uses the LC form factor.
Dense Wavelength Division Multiplexing (DWDM) provisions greater numbers of channels (20, 40, 80, or 160). This means that there is much less spacing between each channel and requires more precise and expensive lasers.
Coarse Wavelength Division Multiplexing (CWDM) supports up to 16 wavelengths and is typically used to deploy four or eight bidirectional channels over a single fiber strand.
1.3
An engineer has a task to survey an old building and determine the current network infrastructure. Building owners state that some cabling is from a recent install. The engineer achieves a speed of 10 Gbps while testing the cable up to 100 meters and also determines the cable to be well shielded. Based on the engineer’s findings, the cabling meets what specification?
Cat 5e
Cat 6
Cat 3
Cat 7
Cat 7
Cat 7 cable is fully screened and shielded (S/FTP) and rated for 10GbE applications up to 100 m (328 feet). The cable supports transmission frequencies up to 600 MHz at 10 Gbps.
Cat 5e is tested at 100 MHz (like Cat 5 was) but to higher overall specifications for attenuation and crosstalk, meaning that the cable is rated to handle Gigabit Ethernet (1 Gbps) throughput.
Cat 6 can support 10 Gbps speeds only over shorter distances—nominally 55 meters, but often less if cables are closely bundled together.
Cat 3 is an old specification. It is not used for modern implementations but may be found in older installations. Cat 3 supports speeds up to 10 Mbps.
1.3
A network engineer is troubleshooting an ethernet connection between two buildings. The engineer noticed that the network devices got upgraded, but the wiring did not. The engineer needs a connection that can handle 10Gbps at 500 MHz for a distance of 300 feet using RJ-45 connectors. What type of ethernet should the engineer replace the Cat 5 with to meet the connection standard?
Cat 6
Cat 6a
Cat 7
Cat 8
Cat 6a
Cat 6A is an improved specification cable that can support 10 Gbps over 100 m. RJ-45 connectors terminate the Cat 6A cable.
Cat 6 can support 10 Gbps but over shorter distances—nominally 55 m, but often less if cables are closely bundled together.
Cat 7 cable is always of a screened/shielded type and rated for 10GbE applications up to 100 m (328 feet). GG45 or TERA connectors must terminate Cat 7 cable rather than standard RJ-45 connectors.
Intended for use in data centers, Cat 8 is only for short patch cable runs that make top-of-rack connections between adjacent appliances.
1.3
An engineer has installed a new router but is not connected to the core network yet. What type of connector should the engineer install to get the requested throughput of 30Gbps or more?
Enhanced quad small form-factor pluggable (QSFP+)
Coarse wavelength division multiplexing (CWDM)
Dense wavelength division multiplexing (DWDM)
Enhanced form-factor pluggable (SFP+)
Enhanced quad small form-factor pluggable (QSFP+)
Enhanced quad small form-factor pluggable (QSFP+) supports 40 GbE by provisioning 4 x 10 Gbps links.
Enhanced form-factor pluggable (SFP+) is an updated specification to support 10 GbE but still uses the LC form factor.
Dense Wavelength Division Multiplexing (DWDM) provisions greater numbers of channels (20, 40, 80, or 160). This means that there is much less spacing between each channel and requires more precise and expensive lasers.
Coarse Wavelength Division Multiplexing (CWDM) supports up to 16 wavelengths and is typically used to deploy four or eight bidirectional channels over a single fiber strand.
1.3
A network technician is installing a new ethernet receptacle using a punch tool. Which blade type can the technician utilize to terminate the wires onto the punch block?
110
66
RJ-45
RJ-11
110
Technicians mostly use 110 format punch blocks for LAN technology and RJ-45 connections. They have a set blade on one end of the punch tool.
Technicians mainly use 66 format punch blocks in telecom installations and phone connectivity panels. They have a blade on the side of the punch tool.
Technicians use RJ-45 connectors with 4-pair (8-wire) cables. The connectors are also known as 8P8C (8-position/8-contact).
Technicians use RJ-11 connectors with 2 or 3-pair UTP (unshielded twisted pair). There is room for six wires, but technicians most commonly use the four center wires. Pins 3 and 4 carry the dial tone and voice circuit.
1.3
A server administrator has asked a junior network engineer to build a link between the server and the new SAN that the administrator just installed. The speed requirements for the link are more than 20Gbps, and the distance is about 20 feet. What medium should the network engineer use to build the required link?
40GBASE-T
10GBASE-T
1000BASE-T
10BASE-T
40GBASE-T
A 40GBASE-T refers to Gigabit Ethernet working over Cat 8 shielded cable with speeds up to 40 Gbps and a distance of 30 meters.
A 10GBASE-T refers to Fast Ethernet working over Cat 6 or better shielded or screened cable for speeds up to 10 gigabits.
Gigabit Ethernet builds on the standards defined for Ethernet and Fast Ethernet to implement rates of 1000 Mbps (1 Gbps). Over copper wire, Gigabit Ethernet is specified as 1000BASE-T, working over Cat 5e or better.
A 10BASE-T denotes an early implementation that works at 10 Mbps (10), uses a baseband signal (BASE), and runs over twisted pair copper cabling (-T).
1.4
A company has 725 hosts on the network that utilize public Internet Protocol (IP) addresses. The company has three contiguous class C addresses for the hosts. Instead of maintaining three routing tables, the company has one single entry. What feature allows the company to consolidate the routing tables?
Network Address Translation (NAT)
Reserved Addresses
Variable Length Subnet Masks (VLSMs)
Classless Inter-Domain Routing (CIDR)
Classless Inter-Domain Routing (CIDR)
The company is using Classless Inter-Domain Routing (CIDR). CIDR uses bits normally assigned to the network ID to mask the complexity of the subnet and host addressing scheme within the network. CIDR collapses the three routing entries into one single entry.
Variable Length Subnet Masking (VLSM) allows a network designer to allocate ranges of Internet Protocol (IP) addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet.
Reserved addresses are for special use and are not public routable.
Network Address Translation (NAT) is used by routers to translate
1.4
All client machines configured for DHCP are up and running without issue. However, the clients not configured for IPv4 are not getting IP addresses. What should the server administrator configure so the IPv6 clients can receive automatic address configuration as well?
Router advertisement
RFC1918
SLAAC
Dual stack
SLAAC
IPv4 depends heavily on the Dynamic Host Configuration Protocol (DHCP) for address autoconfiguration. IPv6 uses a more flexible system of address autoconfiguration called stateless address autoconfiguration (SLAAC).
Private IP addresses can draw from one of the pools of addresses defined in RFC 1918 as non-routable over the Internet.
Dual stack hosts and routers can run both IPv4 and IPv6 simultaneously and communicate with devices configured with either type of address.
A router advertisement (RA) contains information about the network prefix(es) served by the router, information about autoconfiguration options, plus information about link parameters, such as the maximum transmission unit (MTU) and hop limit.
1.4
What allows a network designer to allocate ranges of Internet Protocol (IP) addresses to subnets that match the predicted need for the number of subnets and hosts per subnet?
Private addressing
Classless Inter-Domain Routing (CIDR)
Public addressing
Variable Length Subnet Masks (VLSMs)
Variable Length Subnet Masks (VLSMs)
Variable Length Subnet Masks (VLSMs) allows a network designer to allocate ranges of Internet Protocol (IP) addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet.
Classless Inter-Domain Routing (CIDR) uses bits normally assigned to the network ID to mask the complexity of the subnet and host addressing scheme within that network. CIDR is also sometimes described as supernetting.
Private addressing is used by hosts communicating within a Local Area Network (LAN).
Public addressing is used by hosts communicating with other hosts on different networks or over the Internet.
previous
1.4
A networked host is sending data to a single host in the same Virtual Local Area Network (VLAN). Which protocol will handle the packets for this transmission?
Unicast
Anycast
Broadcast
Multicast
Unicast
When a host wants to send a packet to a single recipient, it uses a unicast packet addressed to the IP address of the destination host.
Multicasting allows one host on a network to send content to other hosts that have identified themselves as interested in receiving the originating host’s content.
Anycast refers to a group of hosts configured with the same IP address. When a router forwards a packet to an anycast group, it uses a prioritization algorithm and metrics to select the host that is “closest.”.
One means of addressing multiple hosts is to perform a broadcast. A broadcast occurs by sending a packet to the network or subnet’s broadcast address.
1.4
A network administrator is setting up a 192.168.1.0/24 network using variable length subnet masking (VLSM) to support the sales and marketing department. The sales department has 120 computers and the marketing department has 50 computers. Which of the following Internet Protocol (IP) address configurations will provide adequate support for the marketing department? (Select all that apply.)
192.168.1.128/26
192.168.1.0/25
255.255.255.192
255.255.255.224
192.168.1.128/26 and 255.255.255.192
The 192.168.1.128/26 network provides 62 assignable IP addresses in the range of 192.168.1.129 - 192.168.1.190. This is enough addresses to support the 50 computers of the marketing department.
The subnet mask of 255.255.255.192 is used for the 192.168.1.128/26 network. The network’s broadcast address is 192.168.1.191.
The 192.168.1.0/25 network provides 126 assignable IP addresses in the range of 192.168.1.1 - 192.168.1.126. The network’s broadcast address is 192.168.1.127.
The 192.168.1.192/27 network uses a subnet mask of 255.255.255.224 and provides 30 valid host IP addresses ranging from 192.168.1.193 to 192.168.1.222. This network’s broadcast address is 192.168.1.223.
1.4
A user goes to the website www.shopping.com. A bastion host reviews the request to enter the site to verify the safety of the request. What has the company established to enable clients access to data on the private system without compromising the security of the internal network?
Port forwarding
Network Address Translation (NAT)
Port Address Translation (PAT)
Demilitarized Zone (DMZ)
Demilitarized Zone (DMZ)
The company is using a Demilitarized Zone (DMZ), also referred to as a perimeter network. The idea of a DMZ is that traffic cannot pass through it directly. If communication is required between hosts on either side of a DMZ, a bastion host will take the request and check it.
Network Address Translation (NAT) was devised as a way of freeing up scarce Internet Protocol (IP) addresses for hosts needing Internet access.
Port Address Translation (PAT) is a means for multiple private IP addresses to be mapped onto a single public address.
Port forwarding is used by configuring a router’s public address to accept incoming requests and forwarding them to a different IP.
1.4
A system sends a message to all link-local nodes via a multicast address. Compare private address types and conclude which address the system will use.
192.152.160.120
ff:ff:ff:ff:ff:ff
ff02::1
00:5a:3b:08:5c:02
ff02::1
A multicast address identifies multiple network interfaces. Unlike Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6) must support multicast. The first 8 bits indicate the address is within the multicast scope (1111 1111 or ff). The address ff02::1 has a target of all link-local nodes.
A broadcast address sends data to all of the other nodes on the network.
A broadcast frame is given the hardware address of ff:ff:ff:ff:ff:ff.
A unicast address is used when a sending interface addresses a single receiving interface. A unicast message uses the receiver’s Media Access Control (MAC) address.
An Internet Protocol (IP) address is used for sending data outside of an internal network. An example of an IP address is 192.152.160.120.
1.4
A windows server cannot connect to the public network. After entering a ipconfig /all command, the server has an IP address of 169.254.219.35. Which of the following is most likely the reason the server cannot communicate with the public network?
The server has a DHCP address.
The server has an APIPA address.
The server has an EUI-64 (or interface ID).
The server has a public IP address.
The server has an APIPA address.
Automatic Private IP Addressing (APIPA) is automatically set by the Windows operating system if a static IP is not set, and DHCP addressing is not working. Hosts with an APIPA IP address will only communicate with others with the same setting on a local network.
Dynamic Host Configuration Protocol (DHCP) servers do not lease out APIPA IP addresses that use the range of 169.254.0.0 to 169.254.255.255, exclusively.
Public IP addresses are reserved for services or host on the Internet which is a public network. Public IP addresses are not used in internal networks.
An EUI-64 or interface identifier is a MAC-derived address that is used for IPv6 globally scoped unicast addresses that are similar to public IPv4 addresses.
1.4
A company has 350 hosts that connect to the network. All of the hosts use a public Internet Protocol (IP) address. Consider public address classes to determine which of the following may represent the first octet in the IP address range.
225
132
125
192
132
The company will require the use of a Class B public network. This network can have up to 65,534 hosts and the first octet of the address will range from 128-191.
The first octet of 125 will be too large for the company. 125 falls within a Class A range and supports up to 16,777,241 hosts. The range for this class is 1-126.
The first octet of 192 will not be sufficient. This octet falls within Class C, which supports up to 254 hosts. The range for Class C is 192-223.
The first octet of 225 is not a valid address for the company. Class D addresses range from 224.0.0.0 through 239.255.255.255 and is used for multicasting.
1.4
A new physical web server receives power from and connects to the network in the communications closet. To ensure the server is ready to communicate with users in the various offices of the building, a network administrator verifies network service installation and that the server can communicate with a Layer 3 switch in the same closet. How may the network administrator carry out these tests? (Select all that apply.)
Ping the Default Gateway
Ping the subnet mask
Ping the virtual IP
Ping the loopback
Ping the Default Gateway and Ping the loopback
The loopback address is a reserved address, typically an IPv4 address of 127.0.0.1. It is often used to check that TCP/IP is correctly installed on the local host.
The default gateway is the router. A layer 3 switch can operate on the network layer to route traffic. Pinging the gateway will verify that a path exists to eventually route to other offices.
The subnet mask is not a pingable IP address. A subnet mask distinguishes the network ID and host ID of a single IP address (e.g., 255.255.255.0).
A virtual IP is a shared IP address for representing, for example, a pair of web servers configured for load balancing. There is no virtual IP in this case.
1.4
The DHCP server is offline and the server team is working on re-building corrupted scope information. The team notices that some clients have not had any issues since the DHCP server went down. After investigating the operational client machines, the team notices that they are all running IPV6. How do IPv6 hosts gain addressing without manual configuration?
RFC1918
SLAAC
Dual stack
Router advertisement
SLAAC
IPv4 depends heavily on the Dynamic Host Configuration Protocol (DHCP) for address autoconfiguration. IPv6 uses a more flexible system of address autoconfiguration called stateless address autoconfiguration (SLAAC).
Private IP addresses can draw from one of the pools of addresses defined in RFC 1918 as non-routable over the Internet.
Dual stack hosts and routers can run both IPv4 and IPv6 simultaneously and communicate with devices configured with either type of address.
A router advertisement (RA) contains information about the network prefix(es) served by the router, information about autoconfiguration options, plus information about link parameters, such as the maximum transmission unit (MTU) and hop limit.
1.4
A small office is utilizing a total of 25 Internet Protocol (IP) addresses to support various workstations and printers. One of the workstations has an IP address of 192.168.10.50. Which of the following are true about this network’s subnet? (Select all that apply.)
Subnet mask of 255.255.255.224
CIDR notation of /28
Broadcast address of 192.168.10.31
CIDR notation of /27
Subnet mask of 255.255.255.224 and CIDR notation of /27
IP address 192.169.10.50 is part of the second subnet of the 192.168.10.0 network that is notated as 192.168.10.32/27. Its subnet mask is 255.255.255.224.
The Classless Inter-Domain Routing (CIDR) notation of /27 breaks down the 192.169.10.0 network into multiple sets of 30 usable IP addresses. This will supply enough IP addresses for the office.
The first subnet of a 192.168.10.0/27 network begins with host IP address 192.168.10.1 to 192.168.10.30. The broadcast address of 192.168.10.31 is associated with this first subnet.
A /28 subnet has 14 usable IP addresses, and is not enough for the office. The IP address of 192.168.10.50 would be part of the 192.168.10.48/28 subnet.
1.4
A user goes to the website www.shopping.com. A bastion host reviews the request to enter the site to verify the safety of the request. What has the company established to enable clients access to data on the private system without compromising the security of the internal network?
Port forwarding
Port Address Translation (PAT)
Demilitarized Zone (DMZ)
Network Address Translation (NAT)
Demilitarized Zone (DMZ)
The company is using a Demilitarized Zone (DMZ), also referred to as a perimeter network. The idea of a DMZ is that traffic cannot pass through it directly. If communication is required between hosts on either side of a DMZ, a bastion host will take the request and check it.
Network Address Translation (NAT) was devised as a way of freeing up scarce Internet Protocol (IP) addresses for hosts needing Internet access.
Port Address Translation (PAT) is a means for multiple private IP addresses to be mapped onto a single public address.
Port forwarding is used by configuring a router’s public address to accept incoming requests and forwarding them to a different IP.
1.4
A network administrator is setting up a 192.168.1.0/24 network using variable length subnet masking (VLSM) to support the sales and marketing department. The sales department has 120 computers and the marketing department has 50 computers. Which of the following Internet Protocol (IP) address configurations will provide adequate support for the marketing department? (Select all that apply.)
255.255.255.224
255.255.255.192
192.168.1.128/2
192.168.1.0/25
255.255.255.192 and 192.168.1.128/26
The 192.168.1.128/26 network provides 62 assignable IP addresses in the range of 192.168.1.129 - 192.168.1.190. This is enough addresses to support the 50 computers of the marketing department.
The subnet mask of 255.255.255.192 is used for the 192.168.1.128/26 network. The network’s broadcast address is 192.168.1.191.
The 192.168.1.0/25 network provides 126 assignable IP addresses in the range of 192.168.1.1 - 192.168.1.126. The network’s broadcast address is 192.168.1.127.
The 192.168.1.192/27 network uses a subnet mask of 255.255.255.224 and provides 30 valid host IP addresses ranging from 192.168.1.193 to 192.168.1.222. This network’s broadcast address is 192.168.1.223.
1.4
A company has 725 hosts on the network that utilize public Internet Protocol (IP) addresses. The company has three contiguous class C addresses for the hosts. The company implemented Classless Inter-Domain Routing (CIDR) to assist with the maintenance of the three networks. What will CIDR provide to the network?
CIDR will provide translation between the private and public addresses.
CIDR will use bits normally assigned to the network ID to mask the complexity of the subnet and host address scheme.
CIDR will allow a network designer to allocate ranges of IP addresses to subnets that match the predicted need for numbers of subnets and hosts.
CIDR will provide groups of address ranges reserved for special use and are not publicly routable.
CIDR will use bits normally assigned to the network ID to mask the complexity of the subnet and host address scheme.
The company is using Classless Inter-Domain Routing (CIDR). CIDR uses bits normally assigned to the network ID to mask the complexity of the subnet and host addressing scheme within the network. CIDR collapses the three routing entries into one single entry.
Variable Length Subnet Masking (VLSM) allows a network designer to allocate ranges of Internet Protocol (IP) addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet.
Reserved addresses are for special use and are not public routable.
Network Address Translation (NAT) is used by routers to translate between the private and public addresses.
1.4
A host with a Media Access Control (MAC) of 00:72:8b:31:8b:cb uses a global scope addressing scheme. One identifier for this host is 0272:8bff:fe31:8bcb. Consider Internet Protocol version 6 (IPv6) addressing schemes to determine what this identifier represents.
Extended Unique Identifier (EUI) 64
Subnet address
Global scope
Network ID
Extended Unique Identifier (EUI) 64
The identifier 0272:8bff:fe31:8bcb is the Extended Unique Identifier (EUI) 64. This is a Media Access Control (MAC)-derived address that converts a 48 bit MAC address to a 64-bit interface ID. Another method of developing the interface ID is to use privacy extensions.
The first three bits in Internet Protocol version 6 (IPv6) indicates that the address is within the global scope. Most of the IPv6 address space is unused.
The subnet address is a 16-bit identifier located immediately before the interface ID.
The network ID consists of 45 bits that are allocated in a hierarchical manner to regional registries, Internet Service Providers (ISPs), and end users.
1.4
A new network administrator is going through the company’s network and surveying current network configurations. After examining a few hosts, the general Internet Protocol (IP) scheme starts with the first octet at 10 and all are using a default mask of 255.0.0.0. Which of the following would be true for this network? (Select all that apply.)
Class A network
Public IP addressing
/24
Private IP addressing
Class A network and Private IP addressing
A Class A network can be identified by the first octet being in the range of 1-126. It supports large numbers of hosts over 16 million.
Private IP addresses are used for internal networks. They can be drawn from one of the pools of addresses defined in RFC 1918, or better known as Class A, B, and C private address ranges.
Public IP addresses are used and routable on the public network or the Internet. The allocation of these addresses is governed by IANA and administered by regional registries and Internet service providers (ISP).
A classless inter-domain routing (CIDR) notation of a /24 is representative of a Class C network that uses a subnet mask of 255.255.255.0.
1.4
What is the Internet Protocol (IP) address of a router on the same IP network as the host?
Virtual IP
Default gateway
Subnet mask
Loopback address
Default gateway
The default gateway is the Internet Protocol (IP) address of a router on the same IP network as the host.
The loopback address is used by administrators to verify if the Transmission Control Protocol (TCP)/IP is correctly installed on a local host.
A subnet mask is used to distinguish between the network ID and the host ID within a single IP address.
A virtual IP allows for multiple physical routers to serve as a single default gateway for a subnet. To do this, each router must have an interface connected to the subnet, with its own unique Media Access Control (MAC) address and IP address. They share a common virtual IP.
1.4
A system administrator has installed a new client computer on the network. The computer is getting an IP address of 169.254.0.1 on a DHCP-enabled network. What kind of address did the computer receive?
Subinterfaces
Loopback
Tunneling
Link local
Link local
A link local IP addressing scheme is used within the scope of a single broadcast domain only. An example of such an address is an automatic private IP addressing (APIPA) that issues when a DHCP server cannot be found.
A loopback address is an IP address by which a host can address itself over any available interface. Loopbacks usually test the local machine.
Tunneling occurs when the source and destination hosts are on the same logical network, but connected via different physical networks.
The router’s physical interface gets configured with multiple subinterfaces or virtual interfaces. The subinterface receives traffic from a given VLAN and then routes it to the subinterface serving the destination VLAN.
1.4
Select the Internet Protocol (IP) address that is in the Class B private address range.
10.160.025.001
169.254.140.102
127.050.137.081
172.20.105.003
172.20.105.003
Hosts communicating with one another over a Local Area Network (LAN) will typically use private addressing. Private Internet Protocol (IP) addresses can be drawn from one of the pools of addresses. The Class B private address range is 172.16.0.0 to 172.31.255.255. The answer option 172.20.105.003 falls within this range.
The addresses 169.254.0.0 to 169.254.255.255 are reserved for use by hosts for automatic private IP addressing, also known as link-local addressing.
The IP address 127.050.137.081 is reserved for loopback addresses. The range 127.0.0.0 to 127.255.255.255 is reserved for this purpose, to be used by administrators to verify if the Transmission Control Protocol (TCP)/IP is correctly installed on the local host.
The Class A private address range is 10.0.0.0 to 10.255.255.255.
1.4
A system uses a private address to send a packet within the internal network. The address is ff02::1. Compare private address types and determine what type of address the system is using.
Broadcast
Multicast
Unicast
Internet Protocol (IP)
Multicast
A multicast address identifies multiple network interfaces. Unlike Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6) must support multicast. The first 8 bits indicate the address is within the multicast scope (1111 1111 or ff). The address ff02::1 has a target of all link-local nodes.
A broadcast address sends data to all of the other nodes on the network.
A broadcast frame is given the hardware address of ff:ff:ff:ff:ff:ff.
A unicast address is used when a sending interface addresses a single receiving interface. A unicast message uses the receiver’s Media Access Control (MAC) address.
An Internet Protocol (IP) address is used for sending data outside of an internal network. An example of an IP address is 192.152.160.120.
1.4
The hosts on a company’s network all use a public Internet Protocol (IP) address. The first octet in the IP range is 132. Determine which class the network belongs to after comparing the octet ranges of the following classes of addresses.
Class A
Class D
Class C
Class B
Class B
The company will require the use of a Class B public network. This network can have up to 65,534 hosts and the first octet of the address will range from 128-191. The first octet in the scenario is 132 and falls within this range.
A company with a Class A network can have up to 16,777,241 hosts. The range for this class is 1-126.
A company with a Class C network can have up to 254 hosts. The range for Class C is 192-223.
A Class D network contains addresses that range from 224.0.0.0 through 239.255.255.255. This class is used for multicasting.
1.5
Which protocol allows for a protected dialog between the client and server by assigning the web server a digital certificate issued by a Certificate Authority?
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Network Time Protocol (NTP)
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol Secure (HTTPS)
Hypertext Transfer Protocol Secure (HTTPS)
Hypertext Transfer Protocol Secure (HTTPS) is a subset of Hypertext Transfer Protocol (HTTP) that allows for a secure dialog between the client and server using Secure Sockets Layer/Transport Layer Security (SSL/TLS). To implement HTTPS, the web server is assigned a digital certificate by a trusted Certificate Authority (CA).
HTTP is the foundation of web technology. HTTP enables clients to request resources from an HTTP server.
SSL/TLS works as a layer between the Application and Transport layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) stack. It is normally used to encrypt TCP connections.
The Network Time Protocol (NTP) enables the synchronization of time-dependent applications.
1.5
Company A has purchased new computing devices that support IPv6 and not IPv4. What protocol could the company enable on the network to allow the transmission of IPv6 packets and encapsulated frames or packets from different types of network protocols over an IPv4 network?
LDAP
SQL Server
GRE
ICMP
GRE
Generic Routing Encapsulation (GRE) Tunneling protocol allows the transmission of encapsulated frames or packets from different types of network protocol over an IP network.
The Internet Control Message Protocol (ICMP) reports errors and sends messages about the delivery of a packet.
Relational databases operate using structured query language (SQL). SQL uses port 1433 and defines commands, such as SELECT, to retrieve information or UPDATE to change it.
Most directory services are implementations of the Lightweight Directory Access Protocol (LDAP). LDAP is not a directory standard but a protocol used to query and update X.500-like directories. It operates on port 389.
1.5
Corporate hired a penetration testing expert to test their internal security. The final report given to the executives shows that the way the expert circumvented their security was by using port 1521 from a remote location. The expert suggested enabling access control lists on that service. What protocol did the expert use to infiltrate the network?
Telnet
SQLnet
MySQL
Syslog
SQLnet
Oracle’s remote data access protocol SQL*Net uses TCP/1521. Access lists should secure these ports to provide security.
Syslog is an example of a protocol and supporting software that facilitates log collection. It has become a de facto standard for logging events from distributed systems on port 514.
Telnet is both a protocol and a terminal emulation software tool that transmits shell commands and output between a client and the remote host on port 23.
The open-source MySQL platform uses TCP/3306. The MariaDB platform forked from MySQL uses the same port.
1.5
What provides additional options, rather than only leases, for host Internet Protocol (IP) addresses?
ESP
DHCPv6
APIPA
EUI64
DHCPv6
Internet Protocol version 6 (IPv6) can locate routers and generate a host address with a suitable network prefix. In this context, the role of a Dynamic Host Configuration Protocol (DHCP) server in IPv6 is different. DHCPv6 is used to provide additional option settings, rather than leases for host IP addresses.
Extended Unique Identifier 64 (EUI64) is a method used to automatically configure IPv6 host addresses. The unique 64-bit interface ID is derived from the MAC address of the network interface of a host.
Automatic Private Internet Protocol Addressing (APIPA) was developed as a means for clients that could not contact a DHCP server to communicate on the local network.
Encapsulating Security Payload (ESP) provides confidentiality and/or authentication and integrity. It can be used to encrypt the packet.
1.5
Which port will a Domain Name Server (DNS) use for record transfers over 512 bytes?
Transmission Control Protocol (TCP) port 53
Transmission Control Protocol (TCP) port 23
User Datagram Protocol (UDP) port 53
User Datagram Protocol (UDP) 69
Transmission Control Protocol (TCP) port 53
A Domain Name Server (DNS) server that needs to allow large record transfers over 512 bytes will be configured to allow connections over Transmission Control Protocol (TCP) port 53.
A DNS server is usually configured to listen for queries on User Datagram Protocol (UDP) port 53. Larger transfers (over 512 bytes) require use of TCP port 53.
Telnet uses TCP port 23 by default. Telnet is terminal emulation software to support a remote connection to another computer.
Trivial File Transfer Protocol (TFTP) is a connectionless protocol running over User Datagram Port 69.
1.5
A Simple Network Management Protocol (SNMP) agent informs the monitor of a port failure. Analyze the functions of an SNMP agent to determine what command the monitor uses for this notification.
Set
Walk
Get
Trap
Trap
The Trap command is used when the agent informs the monitor of a notable event, such as a port failure. The threshold for triggering traps can be set for each value.
The Get command is used for the software to query the agent for a single Object Identifier (OID). This command is used by the monitor to perform regular polling.
The monitor can be used to change certain variables using the Set command.
The monitor can walk a Management Information Base (MIB) subtree by using multiple Get and Get Next commands.
1.5
A new system administrator configures a shared repository for access to files through a web-based interface. What port must the administrator enable on the repository?
80
22
21
445
80
The Hypertext Transfer Protocol (HTTP) enables clients to request resources from an HTTP server. HTTP uses port 80.
Secure Shell (SSH) is the principal means of obtaining secure remote access to a UNIX or Linux server. SSH uses port 22.
The Server Message Block (SMB) protocol provides File/Print Sharing Service. SMB allows a machine to share its files and printers to make them available. SMB uses port 445.
File Transfer Protocol (FTP) connects to Transmission Control Protocol (TCP) port 21 on an FTP server and opens a chosen dynamic client port number for communications and transfers.
1.5
A user has received a new computer from the system administrator. The sysadmin told the user to just plug the computer in and everything will work fine. After plugging the computer in at the desk, the user noticed there is no connectivity but sees an IP address of 169.254.1.1. What protocol was the system administrator depending on to configure this computer?
SMTP TLS
DHCP
HTTPS
LDAP
DHCP
A router runs a dynamic host configuration protocol (DHCP) server to allocate a unique address to each host that connects to the network on ports 67 and 68.
Simple Mail Transfer Protocol (SMTP) with TLS uses TCP port 587 and TLS to allow mail clients to submit messages for delivery securely.
Most directory services are implementations of the Lightweight Directory Access Protocol (LDAP). LDAP is not a directory standard but a protocol used to query and update an X.500-like directory that runs on port 389.
SSL/TLS works between the Application and Transport layers of the TCP/IP stack. When used with the HTTP application, it is known as HTTP Secure (HTTPS) on port 443.
1.5
A system administrator for ABC Company receives a request for a new account. A new employee is onboarding and will receive a Voice over Internet Protocol (VoIP) phone. The employee’s name is Sam Smith and the phone number will be 1234567890. The company’s domain is @abccompany.com. Develop a Session Initiation Protocol (SIP) Uniform Resource Indicator (URI). (Select all that apply.)
sip:sam.smith@1234567890
sip:sam.smith.abccompany.com
sip:123456789.abccompany.com
sip:sam.smith@abccompany.com
sip:sam.smith@abccompany.com and sip:sam.smith@1234567890
Session Initiation Protocol (SIP) endpoints are the end-user devices, also known as user agents. In this scenario, the Voice over Internet Protocol (VoIP) is the SIP endpoint. One example of an SIP for this VoIP is sip:sam.smith@abccompany.com. This is a unique URI that includes the user’s name and the company domain.
The URI sip:sam.smith@1234567890 is a unique URI that includes the user’s name and the SIP endpoint phone number.
The URI sip:1234567890.abcompany.com is not a valid URI. The URI must include the “@” symbol followed by the phone number or company domain.
The URI sip:sam.smith.abccompany.com is not a valid URI. The URI must include the “@” symbol followed by the phone number or company domain.
1.5
Explain how the Simple Authentication and Security Layer (SASL) provides binding in Lightweight Directory Access Protocol Secure (LDAPS).
The client supplies the Domain Name (DN) and password.
The server authenticates to the client and configures a secure channel for communications.
The client and server negotiate the use of a supported security mechanism.
The directory grants anonymous access.
The client and server negotiate the use of a supported security mechanism.
1.5
A Cybersecurity specialist has been gathering data about the corporate network. The specialist has realized that the e-mail server is using port 143 and getting intercepted at random times. The specialist has briefed the CISO of his findings and has suggested swapping to port 993. Which protocol did the specialist suggest?
POP3 over SSL
IMAP
IMAP over SSL
SMTP
IMAP over SSL
A client connects to an IMAP server over port 143 and establishes connection security using a TLS. The default port for IMAPS (IMAP over SSL) is TCP/993.
A client establishes a connection to the POP server on TCP port 110. Using TLS encryption can secure POP. The default TCP port for secure POP (POP3S) is port 995.
A client connects to an IMAP server over TCP port 143. Like POP, IMAP is a mail retrieval protocol, but with mailbox management features lacking in POP.
SMTP is useful only to deliver mail to permanently available hosts. When an SMTP server receives a message, it delivers the message to a mailbox server using port 25.
1.5
Which of the following provides an automatic method for allocating an Internet Protocol (IP) address, subnet mask, default gateway, and Domain Name System (DNS) server addresses?
DHCP
RARP
APIPA
TFTP
DHCP
The Dynamic Host Configuration Protocol (DHCP) provides an automatic method for allocating an Internet Protocol (IP) address, subnet mask, default gateway, and optional parameters.
Automatic Private IP Addressing (APIA) was developed by Microsoft as a means for clients that could not contact a DHCP server to communicate on the local network.
Reverse Address Resolution Protocol (RARP) allows a host to obtain an IP address from a server configured with a list of address mappings. RARP can be used to obtain only an IP address, which is inadequate for most implementations of IP.
Trivial File Transfer Protocol (TFTP) is used to provide additional parameters for the Bootstrap Protocol (BOOTP).
1.5
Corporate hired a penetration testing expert to test their internal security. The final report given to the executives shows that the way the expert circumvented their security was by using port 1521 from a remote location. The expert suggested enabling access control lists on that service. What protocol did the expert use to infiltrate the network?
Syslog
Telnet
SQLnet
MySQL
SQLnet
Oracle’s remote data access protocol SQL*Net uses TCP/1521. Access lists should secure these ports to provide security.
Syslog is an example of a protocol and supporting software that facilitates log collection. It has become a de facto standard for logging events from distributed systems on port 514.
Telnet is both a protocol and a terminal emulation software tool that transmits shell commands and output between a client and the remote host on port 23.
The open-source MySQL platform uses TCP/3306. The MariaDB platform forked from MySQL uses the same port.
1.5
A network administrator is monitoring network traffic and notices a severe spike on port 993. Which protocol is causing the spike in network traffic?
POP3 over SSL
IMAP
SMTP
IMAP over SSL
IMAP over SSL
A client connects to an IMAP server over port 143 and establishes connection security using a TLS. The default port for IMAPS (IMAP over SSL) is TCP/993.
A client establishes a connection to the POP server on TCP port 110. Using TLS encryption can secure POP. The default TCP port for secure POP (POP3S) is port 995.
A client connects to an IMAP server over TCP port 143. Like POP, IMAP is a mail retrieval protocol, but with mailbox management features lacking in POP.
SMTP is useful only to deliver mail to permanently available hosts. When an SMTP server receives a message, it delivers the message to a mailbox server using port 25.
1.5
A client is attempting to connect to a network, but is unable to successfully connect. They decide to open Wireshark to see if they can troubleshoot but want to filter based on the DHCP port. What should they filter on?
TCP 67
TCP 139
TCP 80
UDP 123
TCP 67
Information can be viewed from Dynamic Host Configuration Protocol (DHCP) traffic by filtering on TCP 67 and 68. DHCP dynamically assigns IP addresses to network hosts.
Server Message Block (SMB) provides File/Print Sharing Service and operates on TCP 139 and 445. SMB allows a machine to share its files and printers to make them available.
Hypertext Transfer Protocol (HTTP) operates over TCP 80 and enables clients to request resources from a HTTP server.
The Network Time Protocol (NTP) enables the synchronization of time-dependent applications. A server or host that is configured with the incorrect time may not be able to access network services. Authentication, and other security mechanisms will often fail if the time is not synchronized on both communicating devices. Errors are likely to be generic failed or invalid token messages.
1.5
A network engineer is troubleshooting interconnectivity between IPv4 hosts and IPv6 hosts. The engineer has found there is a need for a layer three tunneling protocol that can encapsulate different types of IPv6 and IPv4 packets. What type of encapsulation should the engineer enable on the network?
LDAP
GRE
ICMP
SQL Server
GRE
Generic Routing Encapsulation (GRE) Tunneling protocol allows the transmission of encapsulated frames or packets from different types of network protocol over an IP network.
The Internet Control Message Protocol (ICMP) reports errors and sends messages about the delivery of a packet.
Relational databases operate using structured query language (SQL). SQL uses port 1433 and defines commands, such as SELECT, to retrieve information or UPDATE to change it.
Most directory services are implementations of the Lightweight Directory Access Protocol (LDAP). LDAP is not a directory standard but a protocol used to query and update X.500-like directories. It operates on port 389.
1.5
A system administrator notices a server cannot access network services. Authentication is also failing. The error is an invalid token message. Which of the following protocols should the system administrator verify early in the troubleshooting process?
Network Time Protocol (NTP)
Server Message Block (SMB)
Hypertext Transfer Protocol (HTTP)
Post Office Protocol (POP)
Network Time Protocol (NTP)
The Network Time Protocol (NTP) enables the synchronization of time-dependent applications. A server or host that is configured with the incorrect time may not be able to access network services. Authentication, and other security mechanisms will often fail if the time is not synchronized on both communicating devices. Errors are likely to be generic failed or invalid token messages.
Server Message Block (SMB) provides File/Print Sharing Service. SMB allows a machine to share its files and printers to make them available.
Hypertext Transfer Protocol (HTTP) enables clients to request resources from a HTTP server.
The Post Office Protocol (POP) is an early example of a mailbox protocol.
.1.5
A new helpdesk technician has been working on a computer for a few days with no issues. Today, the technician logged into the computer and noticed no connection. The network technician tells the helpdesk technician that the IP lease expired, and there are no usable IP addresses right now. What service should the network technician modify to incorporate more IP addresses or reduce the lease times?
DHCP
SMTP TLS
LDAP
HTTPS
DHCP
A router runs a dynamic host configuration protocol (DHCP) server to allocate a unique address to each host that connects to the network on ports 67 and 68.
Simple Mail Transfer Protocol (SMTP) with TLS uses TCP port 587 and TLS to allow mail clients to submit messages for delivery securely.
Most directory services are implementations of the Lightweight Directory Access Protocol (LDAP). LDAP is not a directory standard but a protocol used to query and update an X.500-like directory that runs on port 389.
SSL/TLS works between the Application and Transport layers of the TCP/IP stack. When used with the HTTP application, it is known as HTTP Secure (HTTPS) on port 443.
1.5
A user has turned in a computer to the help desk with the complaint that “nothing works.” When the technician logs into the computer, the time is not correct. The technician knows that all domain computers pull time from the domain controller, but this occurs through which protocol?
Network Time Protocol (NTP)
Server Message Block (SMB)
Hypertext Transfer Protocol (HTTP)
Post Office Protocol (POP)
Network Time Protocol (NTP)
Network Time Protocol (NTP) Application protocol allows machines to synchronize to the same time clock that runs over UDP port 123.
Server Message Block (SMB) Application protocol, used for requesting files from Windows servers and delivering them to clients, uses port 445.
Hypertext Transfer Protocol (HTTP) enables clients to request resources from a HTTP server.
Post Office Protocol (POP) allows the download of mail messages but not the management of the remote inbox. It uses port 110.
1.5
Which protocol uses Network Level Authentication (NLA) which requires the client to authenticate before a full remote session starts?
Remote Desktop Protocol (RDP)
Telnet
Secure Shell (SSH)
Virtual Network Computing (VNC)
Remote Desktop Protocol (RDP)
Remote Desktop Protocol (RDP) is Microsoft’s protocol for operating remote Graphical User Interface (GUI) connections to a Windows machine. RDP uses Network Level Authentication (NLA) which requires the client to authenticate before a full remote session is started.
During a Telnet connection, the password and other communications are not encrypted and therefore could be vulnerable to packet sniffing and other attacks.
Secure Shell (SSH) is the principal means of obtaining secure remote access to a UNIX or Linux server. The server’s host key is used to set up a secure channel for the client to submit authentication credentials.
Virtual Network Computing (VNC) is a freeware product with similar functionality to RDP. There is no connection security with this product.
1.5
Which delivery method and protocol may send data out of order and over different paths? (Select all that apply.)
Connectionless
UDP
TCP
Connection-oriented
Connectionless and UDP
Connectionless, a data transmission delivery method using User Datagram Protocol (UDP), does not establish a connection between devices so data delivery may be out of order and over different paths.
User Datagram Protocol (UDP) is used in the connectionless delivery method where data delivery may be out of order and over different paths.
Transmission Control Protocol (TCP) is used in the connection-oriented delivery method where deliver of a stream of data is in the same order as it was sent after establishing a connection.
Connection-oriented, a data transmission delivery method using TCP, after establishing a connection sends any data and delivers a stream of data in the same order as it was sent.
1.5
Explain how the Simple Authentication and Security Layer (SASL) provides binding in Lightweight Directory Access Protocol Secure (LDAPS).
The client and server negotiate the use of a supported security mechanism.
The directory grants anonymous access.
The client supplies the Domain Name (DN) and password.
The server authenticates to the client and configures a secure channel for communications.
The client and server negotiate the use of a supported security mechanism.
Authentication, referred to as binding to the server, can be implemented in several ways for Lightweight Directory Access Protocol Secure (LDAPS). The Simple Authentication and Security Layer (SASL) completes binding by the client and server negotiating the use of a supported security mechanism.
If no authentication is used, anonymous access is granted to the directory.
Simple authentication performs binding by the client supplying the Domain Name (DN) and password.
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) can also be used for authentication. SSL/TLS provides a means for the server to authenticate to the client and configure a secure channel for communications.
1.6
Which DNS record type is responsible for identifying a primary authoritative name server?
SOA
Root
MX
NS
SOA
The Start of Authority (SOA) record identifies a primary authoritative name server that maintains complete resource records for a zone.
A root is not a record type but is a server type. Root domain name system (DNS) servers have complete information about top-level domain servers.
A Mail Exchange (MX) record identifies an email server for the domain. An MX record must not point to a CNAME record.
An NS (Name Server) record identifies a server as a name server for a zone, but it does not indicate its authoritative status.
1.6
What might cause zone transfers of domain name system (DNS) record updates to fail between multiple DNS servers?
Misconfigured stratum
Incorrect scope
Missing root server
Incorrect DNS records
Misconfigured stratum
Stratum 1 NTP servers directly connect to an accurate clock source. If an inaccurate Network Time Protocol (NTP) server is specified on a server, it may result in time synchronization and further communication problems.
Dynamic Host Configuration Protocol (DHCP) servers use an address pool called a scope. Addresses get dynamically assigned from this pool to client computers that request one.
A root server is aware of top-level domains. A missing root server might cause failure in a DNS lookup but would not impact a zone transfer.
Incorrect DNS records will cause problems with the name resolution of host systems but will not impact a zone transfer.
1.6
A server administrator configures a network’s internal DNS to set the records for all servers. Users mention that one server, in particular, is not reachable by name. What does the administrator investigate?
Forward lookups
DNS caching
Recursive lookups
Time to live settings
Forward lookups
Forward lookups use a forward lookup zone to return an IP address associated with a host name. In this case, an entry for the particular host was likely missed or contains a typo.
DNS caching occurs in both servers and client computers. Caching helps to speed the name resolution process by caching host names. If a cache cannot resolve a name, then a lookup is performed.
A recursive lookup means that if the queried server is not authoritative, it does take on the task of querying other name servers until it finds the requested record or times out.
Time to live (TTL) settings refer to the configuration of caching host names. When the TTL expires, the cache entry is invalid.
1.6
Client systems receive IP address configurations via a DHCP server. When negotiating the address information assignment, what relates to available leases? (Select all that apply.)
T1
T2
DORA
ARP
T1 and T2
A client can renew its lease from a Dynamic Host Configuration Protocol (DHCP) server when at least half the lease’s period has elapsed (T1 timer) so that it keeps the same IP addressing information.
A client can attempt to rebind the same lease configuration with any available DHCP server. By default, this happens after 87.5% of the lease duration is up (T2 timer).
The DHCP lease process is often known as the DORA process. This process of obtaining a lease includes Discover, Offer, Request, and Ack(nowledge).
When negotiating an address from a DHCP server, an ARP message checks that the address is unused.
1.6
A network administrator configures all printers in an organization to be issued specific IP addresses from a DHCP server. What does the administrator configure to accomplish this?
Scope options
Static assignment
Dynamic assignment
Scope
Scope options
Dynamic host configuration protocol (DHCP) servers use scope options to issue configuration options, such as DNS server settings and more.
A system, such as a printer, can use a static assignment. Typically this is done by using IP addresses outside the DHCP scope. Alternatively, a specially configured exclusion range can assign statically assigned addresses.
Client systems can use a dynamically assigned IP address. This is an address assigned by a dynamic host configuration protocol (DHCP) server that may change when the assigned lease time is up.
A scope defines a range or ranges of addresses that a dynamic host configuration protocol (DHCP) server can issue to client systems.
1.6
In which of the following would an IT engineer configure a PTR?
Reverse lookup zone
Forward lookup zone
DNS Hierarchy
DNS Forwarder
Reverse lookup zone
A PTR record is found in reverse lookup zones and is used to resolve an IP address to an associated host name.
A forward lookup zone is used to translate a given a name record and return a related Internet protocol (IP) address.
Third-party domain name system (DNS) means that another organization is responsible for hosting records. Typically, this would be for external domains.
A forwarder transmits a client query to find a host to another domain name system (DNS) server and routes the replies it gets back to the client.
1.6
A virtual private network exists between two sites. The main site delivers Internet protocol (IP) addresses to the remote site. A configuration change places the remote site on a different subnet. An IT engineer reconfigures which of the following?
Relay
Reservation
Lease
Pool
Relay
A DHCP relay agent can be configured to provide forwarding of DHCP traffic between different subnets.
A media access control (MAC) address reservation is a mapping of a MAC address to a specific IP address within the DHCP server’s address pool.
Using a reservation ensures a device always uses the same IP address.
A lease period determines how long a system is assigned an IP address from a DHCP server. A long lease means the client does not have to renew as frequently, but as a result the DHCP server’s pool of IP addresses is not replenished.
The address pool is the range of IP addresses that a DHCP server can allocate to clients.
1.6
A Voice over Internet Protocol (VoIP) application does not work properly with company email address accounts. A tech concludes that a domain name system (DNS) record is incorrect. Which record type does the tech modify to restore services?
SRV
CNAME
TXT
AAAA
SRV
A Service (SRV) record is a DNS record used to identify a record that is providing a network service or protocol. Properties of this record type include port and protocol.
A Canonical Name (CNAME) record is a Domain Name System (DNS) record used to represent an alias for a host.
A TXT record is used to store any free-form text that may be needed to support other network services. An SPF record, for example, is a TXT record that is used to list the IP addresses or names of servers that are permitted to send email.
An AAAA record is used to resolve a host name to an Internet Protocol version 6 (IPv6) address.
1.6
A user requests that a company web host have two different names for the same Internet protocol (IP) address. The user requests jobs.companyname.com and careers.companyname.com. Which domain name system (DNS) record does an IT tech configure to accomplish this?
CNAME
SRV
TXT
AAAA
CNAME
A Canonical Name (CNAME) record is a Domain Name System (DNS) record used to represent an alias for a host. Aliases are used to give a host multiple names.
A Service (SRV) record is a DNS record which identifies a record that provides a network service or protocol. Properties of this record type include port and protocol.
A TXT record is used to store any free-form text needed to support other network services. An SPF record, for example, is a TXT record that is used to list the IP addresses or names of servers that are permitted to send email.
An AAAA record is used to resolve a host name to an Internet Protocol version 6 (IPv6) address.
1.6
A Windows Active Directory (AD) domain uses companyname.com. An external web server uses www.companyname.com. Users on the corporate network cannot reach the web server when using a www prefix. An IT engineer modifies which of the following to remedy the issue?
Internal DNS zone
External DNS zone
DNS forwarder
Third-party DNS
Internal DNS zone
Internal domain name system (DNS) zones refer to the domains used on a private network. As the site uses the same domain name as AD, an A record for www needs to be created internally to point to the public web server address.
External domain name system (DNS) zones refer to records that Internet clients must be able to access.
A forwarder transmits a client query to find a host to another domain name system (DNS) server and routes the replies it gets back to the client.
Third-party domain name system (DNS) means that another organization is responsible for hosting records. Typically, this would be for external domains.
1.6
A company has an Active Directory domain called specks.com. The company has an on-demand subscription for cloud services and wants to ensure their internal applications are accessible to their remote employees via their Fully Qualified Domain Names (FQDNs) in the cloud. The company will control all these services and applications. Which of the following will the company most likely be using throughout their organization? (Select all that apply.)
Internal DNS server
Cloud-hosted DNS server
External DNS server
Third-party DNS server
Internal DNS server and Cloud-hosted DNS server
The company is using an internal DNS server because it controls all its services and applications. The DNS server will provide name resolution using FQDNs.
The company wants to extend its internal DNS services to the cloud and a cloud-hosted option is most appropriate option. The company can deploy a virtual DNS server that is accessible by its cloud users.
External DNS servers refers to an external DNS zone that Internet clients must be able to access. A company will most likely not have an external DNS server with a public IP address.
Most external DNS servers are managed by third-party organizations and are referred to as external DNS servers. These are usually owned and managed by another company.
1.6
An engineer configures a DomainKeys Identified Mail (DKIM) record to list the names allowed to receive email from a given source. Considering domain name system (DNS) record types, which does the engineer configure?
TXT record
CNAME record
SRV record
“A” record
TXT record
A TXT record is used to store any free-form text that may be needed to support other network services. DomainKeys Identified Mail (DKIM) records are TXT records that are used to decide whether email is allowed from a given source to prevent spam and mail spoofing.
A Canonical Name (CNAME) record is a Domain Name System (DNS) record used to represent an alias for a host.
A Service (SRV) record is a DNS record used to identify a record that is providing a network service or protocol.
An A record is used to resolve a host name to an IPv4 address. This is the most common type of record in a DNS zone.
1.6
New workstations are set up in the office. They currently do not have an Internet Protocol (IP) address set and are connected to the network. These workstations will need to work with applications that are time sensitive. What must the system administrator configure for these applications to function correctly?
Configure the correct NTP settings.
Enable DHCP on the NIC.
Point to the correct DNS server.
Create a CNAME record.
Configure the correct NTP settings.
The Network Time Protocol (NTP) enables the synchronization of these time-dependent applications. Workstations that connect to these applications must know the correct time by pointing to the correct NTP IP address to synchronize time.
Enabling Dynamic Host Configuration Protocol (DHCP) will allow the workstation to get basic IP settings. There are DHCP options for NTP, but that must be setup on the DHCP server.
Configuring the correct IP setting on the workstation so its pointing to the correct Domain Name System (DNS) server will provide proper name resolution.
A Canonical Name (CNAME) record is used to represent an alias for a host. For example, the true name of a web server could be masked as the alias WEB.
1.6
A network administrator is working with the in-addr.arpa domain of the company’s Domain Name System (DNS) server. The admin creates a pointer (PTR) record for a server’s Internet Protocol (IP) address 10.60.100.21. Which of the following Enterprise network components is the administrator working with?
The reverse lookup zone
The IP exclusions
The IP helper
The MAC reservations
The reverse lookup zone
The reverse lookup zone is found in a special domain called in-addr.arpa of a Domain Name System (DNS) server. It contains PTR records to resolve IP addresses to name records (e.g. A record).
Internet Protocol (IP) exclusions is a feature of the Dynamic Host Configuration Protocol (DHCP) service. It excludes addresses from a DHCP pool that are used for static configuration of certain services in the same subnet range.
The IP helper refers to the DHCP relay configurations set on a router to forward DHCP requests to the appropriate DHCP server for processing.
Media Access Control (MAC) reservations or IP reservations are a mapping of a MAC address to a specific IP address within the DHCP server’s address pool.
1.7
A business with three different locations needs to share data between storage area networks at each site. This business has a strict budget they need to maintain while achieving this function. Which of the following options can link storage area networks without the need for expensive fiber-specific switches and adapters?
Fibre Channel
Software-defined network
East-West
Internet Small Computer Systems Interface (iSCSI)
Internet Small Computer Systems Interface (iSCSI)
The iSCSI can link Storage Area Networks (SANs) but is also seen as an alternative to Fibre Channel itself since it works over ordinary Ethernet network adapters and switches.
The purpose of a software-defined network is to make all parts of the network infrastructure accessible to automation and orchestration technologies.
Fibre Channel is the most popular high-bandwidth solution to connect SANs and the network administrator can configure them to work over Ethernet, but it is pricey.
East-West is a term to describe traffic that flows from server to server in a data center.
1.7
An employee working from home uses a virtual private network (VPN) to access certain websites. To connect to the VPN, the employee needs to request access to a server. What kind of traffic is the employee’s request from the machine to the server?
North-South
East-West
Application layer
Control layer
North-South
The employee’s request from the machine to the server is North-South traffic since it is traffic going into the data center from the outside.
The control layer is the layer between the application layer and the infrastructure layer in software-defined networking. The software-defined network (SDN) controller provides the functionality of the control layer by communicating between SDN applications (“northbound” API) and infrastructure devices (“southbound” API).
East-West traffic is traffic traveling within a data center but not traveling into a data center.
The application layer is part of the infrastructure of software-defined networking. It applies the business logic that makes decisions about how to prioritize and secure traffic and where to switch the traffic.
1.7
Name the model typically used in spine and leaf topologies to connect distribution switches to server nodes and provide higher bandwidth than the typical workgroup switch.
Fibre Channel
Software-defined network
Top-of-rack switching
Core
Top-of-rack switching
Top-of-rack switching refers to the practice of using switches specifically made to provide high-bandwidth links between distribution switches and server nodes.
A software-defined network does not serve the purpose of connecting server nodes to distribution switches. The software-defined network makes all parts of the network infrastructure accessible to automation and orchestration technologies.
Fibre Channel (FC) connects storage area networks via fiber technologies, not server nodes and distribution switches. Fibre Channel involves three components: the initiator, the target, and the FC switch.
The core is a layer of the hierarchical network model that provides a highly available network backbone. This layer comprises connections between wide area network (WAN) routers/firewalls and layer 3 switches.
1.7
A technology firm is opening a brick-and-mortar location and needs to determine if they can pay more for higher network speeds or if they need to sacrifice some speed to stay on budget. Which of the following options can the tech firm consider when designing the configuration of their data center?
Branch office vs. on-premises data center vs. colocation
Backbone
Software-defined network
Infrastructure layer
Branch office vs. on-premises data center vs. colocation
Branch office vs. on-premises data center vs. colocation are the different configurations a data center can design, and each has its pros and cons.
In this example, higher speeds at a colocated data center are the pro, but the higher expense is the con.
A software-defined network is not an option to design a data center.
The infrastructure layer is a layer of devices that handle the actual forwarding of traffic and imposition of ACLs and other policy configurations for security in software-defined networking.
Backbone describes parts of network topology, not an option to design a data center.
1.7
A network technician is setting up a new office space by plugging in computers, printers, and telephones to workgroup switches via structured cabling and ports on the wall. What tier of the network hierarchy is the network technician plugging these devices?
Backbone
Access/edge
Control layer
Management plane
Access/edge
The access/edge layer allows end-user devices to connect to the network using cabling and wall ports for wired access and access points for wireless access.
User/end devices do not plug directly into the backbone.
User/end devices do not plug directly into the control layer. The functions of the control plane are implemented by a virtual device referred to as the SDN controller.
User/end devices do not plug directly into the management plane. The management plane interfaces with the operational plane and implements monitoring of traffic conditions and network status.
1.7
In a spine and leaf topology, there are two layers: the spine and the leaf. What do the top-tier switches in the spine layer comprise, even though neither link to one another?
Infrastructure layer
Control layer
Backbone
Access/edge
Backbone
The term backbone describes the links that aggregate and distribute traffic from multiple different areas in the network.
A virtual device, referred to as the Software-Defined Network (SDN) controller, implements the functions of the control plane.
An infrastructure layer is a group of devices that handle the actual forwarding of traffic and imposition of access control lists (ACLs) and other policy configurations for security.
Access/edge is where users and end devices plug into the network. This layer does not aggregate and distribute traffic from multiple different areas of the network.
1.7
What is a cost-effective way to connect a Storage Area Network (SAN)?
Fibre Channel over Ethernet (FCoE)
Software-defined network
Infrastructure layer
Fibre Channel
Fibre Channel over Ethernet (FCoE)
Fibre Channel over Ethernet (FCoE) is the standard that allows for mixed use of ethernet networks with both ordinary data and storage network traffic. FCoE delivers Fibre Channel packets over ethernet cabling and switches.
Fibre Channel is a high-speed network communications protocol used to implement SANs but is pricey since it requires fiber infrastructure.
The infrastructure layer is not a way to connect SANs. It contains devices that handle the actual forwarding of traffic and imposition of access control lists (ACLs) and other policy configurations for security in software-defined networking.
Software-defined networking enables all parts of the network infrastructure to be accessible for automation and orchestration technologies.
1.7
A network technician is troubleshooting failed Quality of Server (QoS) echo requests between a firewall and a Layer 3 switch. Which layer of the 3-tiered network hierarchy is the network technician troubleshooting?
Core
Infrastructure layer
Distribution/aggregation layer
Application layer
Distribution/aggregation layer
The distribution/aggregation layer provides fault-tolerant interconnections between different access blocks. This layer is often used to implement traffic policies, such as quality of service (QoS).
The application layer is not part of the three-tiered network hierarchy. It is part of a software-defined networking architecture that determines how to prioritize and secure traffic and where to switch the traffic.
Infrastructure layer is not part of Cisco’s design principle for the three-tiered network hierarchy. It contains devices that handle the actual forwarding of traffic and imposition of ACLs and other policy configurations for security in software-defined networking.
The core tier provides a high availability network backbone that has redundant traffic paths for data to continue to flow around the access and distribution layers of the network.
1.7
The T11 ANSI standard can be a particularly expensive way to connect a Storage Area Network (SAN) and involves three main types of components: the initiator, the target, and a director. What is the name of the standard described?
Fibre Channel
Internet Small Computer Systems Interface (iSCSI)
North-South
Application layer
Fibre Channel
The Fibre Channel connects storage area networks using 3 main types of components: the initiator, the target, and the Fibre Channel switch. The initiator is the client device of the SAN. The target is the network port for a storage device. The Fibre Channel switch, sometimes referred to as a director, provides the connections between the initiator and the target.
The application layer is part of the infrastructure of software-defined networking. It applies the business logic that makes decisions about how to prioritize and secure traffic and where to switch the traffic.
North-South describes data traveling into and out of a data center.
Internet Small Computer Systems Interface (iSCSI) does not require a Fibre Channel switch.
1.7
A network designer is explaining the options a business owner has to manage his business’ network infrastructure. One option the business owner can choose will allow devices to provision and decommission quickly and to configure the devices via code in scripts. What is the term for the option described?
Software-defined network
Management plane
Backbone
Distribution/aggregation layer
Software-defined network
A software-defined network makes all parts of the network infrastructure accessible to automation and orchestration technologies.
The management plane sits at the same level as the control plane but is in place to monitor traffic conditions and the network status.
Backbone describes parts of a network topology, not a way to manage network infrastructure. While the backbone may provide the underlay for software-defined networking, its function is not to manage network infrastructure.
The distribution/aggregation layer provides fault-tolerant interconnections between different access blocks and either the core or other distribution blocks, but does not provide a way to manage network infrastructure.
1.7
A real estate agent is uploading photos of the latest listing onto the corporate website. Once the agent uploads the photos, they pass through multiple servers undergoing quality checks and sorting to ensure that they appear in the most relevant searches. What term best describes the passing of data from server to server?
East-West
North-South
Branch office vs. on-premises data center vs. colocation
Top-of-rack switching
East-West
East-West is a term to describe traffic that travels or flows between server to server in a data center.
North-South is a term to describe traffic that goes to and from a data center. In this scenario, the North-South traffic would be the process of uploading the photos by the real estate agent.
Branch office vs. on-premises data center vs. colocation represents options used when designing a data center.
A top-of-rack switching refers to the practice of using switches specifically made to provide high-bandwidth links between distribution switches and server nodes.
1.8
Management at an online retailer meet to discuss delivery options for an online shopping experience. IT proposes using a method where transactions take place in a cloud environment, but using a back-end locally. Which delivery model does IT suggest as a solution?
Hybrid
Private
Public
Community
Hybrid
A hybrid cloud solution uses a mix of multiple cloud delivery models. One approach is to only utilize cloud services when forecasted that private services will experience an increase in activity.
A private cloud infrastructure is one that is completely private to, and owned by, the organization.
A public (or multi-tenant) cloud solution is hosted by a third-party and shared with other subscribers. There are risks regarding performance and security.
A community cloud solution is where several organizations share the costs of either a hosted private or fully private cloud.
1.8
An organization decides to retire an internal email infrastructure based on Microsoft Exchange server technology. As a result, IT plans a migration to Microsoft Office 365. Based on IT’s plan, which cloud service type best identifies the upcoming implementation?
SaaS
PaaS
IaaS
Hybrid
SaaS
Software as a Service (SaaS) is a computing method that uses the cloud to provide application services to users. Office 365 is an example of SaaS.
Platform as a Service (PaaS) is a computing method that uses the cloud to provide any platform-type services. An Oracle database is an example of PaaS.
Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components.
Hybrid refers to a cloud computing solution that implements a combination of service types such as public, private, or community solution.
1.8
Cloud offerings, such as Amazon’s Elastic Compute Cloud and Microsoft’s Azure Virtual Machines, are examples of what type of service?
Infrastructure
Platform
Software
Virtual
Infrastructure
Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly. Examples include Amazon’s Elastic Compute Cloud and Microsoft’s Azure Virtual Machines.
Software as a Service (SaaS) is a computing method that uses the cloud to provide application services to users. An example is Microsoft Office 365.
Platform as a Service (PaaS) provides resources between SaaS and IaaS. It may include servers and storage network infrastructure but with a multi-tier web application/database platform on top. An example is Microsoft Azure SQL Database.
A virtual service is a term used for virtual infrastructure such as VMware’s vSphere (e.g. ESXi). Virtual infrastructure by itself is not a cloud service.
1.8
An organization moving to a cloud infrastructure joins one of its partners’ platforms. Evaluate the given statements and conclude which best fits the organization’s approach.
Shared costs
Utilization benefits
Multi-tenant use
Private link
Shared costs
A community cloud solution is where several organizations share the costs of either a hosted private or fully private cloud.
A hybrid cloud solution uses a mix of multiple cloud delivery models. One approach is to only utilize cloud services when it forecasts that private services will experience an increase in activity.
A public (or multi-tenant) cloud solution is hosted by a third-party and shared with other subscribers. There are risks regarding performance and security.
Co-location within a data center offers a higher bandwidth solution by providing a direct or private link. The customer establishes infrastructure within a data center supported by the cloud provider or provisions a direct link from an enterprise network.
1.8
An organization considers moving some internal services to the cloud. Which of the following descriptions relates to a hybrid cloud infrastructure?
Utilization benefits
Shared costs
Multi-tenant use
Third-party secure
Utilization benefits
A hybrid cloud solution uses a mix of multiple cloud delivery models. One approach is to only utilize cloud services when it forecasts that private services will experience an increase in activity.
A community cloud solution is where several organizations share the costs of either a hosted private or fully private cloud.
A public (or multi-tenant) cloud solution is hosted by a third-party and shared with other subscribers. There are risks regarding performance and security.
A hosted private cloud solution is hosted by a third-party for the exclusive use of the organization. This is more secure and can guarantee a better level of performance than a public cloud.
1.8
A company uses several Windows Servers for Active Directory, SQL Server, RADIUS, DHCP, and DNS. Management pushes to move to the cloud. IT suggests moving services in a staggered fashion as to not cause disruption. IT moves SQL server instances to the cloud as a start. IT migrates this specific function to which of the following service types?
PaaS
IaaS
SaaS
Hybrid
PaaS
Platform as a Service (PaaS) is a computing method that uses the cloud to provide any platform-type services. A SQL database is an example of PaaS.
Software as a Service (SaaS) is a computing method that uses the cloud to provide application services to users. Office 365 is an example of SaaS.
Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components.
Hybrid refers to a cloud computing solution that implements a combination of delivery models such as public, private, or a community solution.
1.8
Which of the following relates to a private hosted cloud delivery model?
Exclusively secure
Utilization benefits
Multi-tenant use
Shared costs
Exclusively secure
A hosted private cloud solution is hosted by a third-party for the exclusive use of the organization. This is more secure and can guarantee a better level of performance than a public cloud.
A hybrid cloud solution uses a mix of multiple cloud delivery models. One approach is to only utilize cloud services when it forecasts that private services will experience an increase in activity.
A public (or multi-tenant) cloud solution is hosted by a third-party and shared with other subscribers. There are risks regarding performance and security.
A community cloud solution is where several organizations share the costs of either a hosted private or fully private cloud.
1.8
An organization looks to implement a solution where remote workers can access both cloud-based resources and on-premise data. Some users will use company-issued laptops, while others will use personally owned desktop computers. Which solution does the IT department deploy?
A virtual private network
A desktop as a service environment
A hybrid cloud
A multitenancy environment
A virtual private network
A virtual private network (VPN) uses a secure tunnel created between two endpoints across a network. A VPN would satisfy the organization’s need to access cloud apps and on-premise data.
Desktop as a Service (DaaS) is a means of provisioning virtual desktop infrastructure (VDI) as a cloud service. VDI allows a client browser to operate an OS desktop plus software apps.
A hybrid cloud solution uses a mix of multiple cloud delivery models. Mixing private and public models is known as a hybrid.
Cloud service providers (CSPs) offer multitenant services to multiple cloud consumers. As a shared resource, there are risks regarding performance and security.
1.8
A cloud implementation for a growing business requires additional processing power. How will an engineer provide additional resources in real-time?
Implementing elasticity
Implementing scalability
Implementing a private direct-connect to the CSP
Implementing orchestration
Implementing elasticity
Elasticity refers to a system’s ability to handle changes on-demand in real-time. A system with high elasticity will not experience loss of service or performance if demand increases.
Adding nodes (horizontal/scaling out) or adding resources to each node (vertical/scaling up) can achieve scalability. This does not occur in real-time.
Colocation within a data center offers a higher bandwidth solution to the cloud by providing a direct or private link to a customer’s on-premise network.
Orchestration performs a sequence of automated tasks, such as creating a virtual server. In doing so, the orchestrated steps would have to run numerous automated scripts or API service calls.
1.8
Which of the following descriptions relates to a public cloud infrastructure?
Multi-tenant use
Shared costs
Co-location
Third-party secure
Multi-tenant use
A public (or multi-tenant) cloud solution is hosted by a third-party and shared with other subscribers. There are risks regarding performance and security.
A community cloud solution is where several organizations share the costs of either a hosted private or fully private cloud.
Co-location within a data center offers a higher bandwidth solution by providing a direct or private link. The customer establishes infrastructure within a data center supported by the cloud provider or provisions a direct link from an enterprise network.
A hosted private cloud solution is hosted by a third-party for the exclusive use of the organization. This is more secure and can guarantee a better level of performance than a public cloud.
1.8
IT implements Google Suite for Business at a large firm. This implementation negates the need to install any local applications. Considering the implementation, which type of cloud service does IT deploy?
PaaS
SaaS
Hybrid
IaaS
SaaS
Software as a Service (SaaS) is a computing method that uses the cloud to provide application services to users. Office 365 is an example of SaaS.
Platform as a Service (PaaS) is a computing method that uses the cloud to provide any platform-type services. An Oracle database is an example of PaaS.
Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components.
Hybrid refers to a cloud computing solution that implements a combination of service types such as public, private, or community solution.
1.8
IT engineers from partner organizations plan a cloud infrastructure. After considering the available delivery models, engineers decide to migrate and use a community model. Evaluate the given statements and conclude which best fits the model’s approach.
Shared costs
Multi-tenant use
Private link
Utilization benefits
Shared costs
A community cloud solution is where several organizations share the costs of either a hosted private or fully private cloud.
A hybrid cloud solution uses a mix of multiple cloud delivery models. One approach is to only utilize cloud services when it forecasts that private services will experience an increase in activity.
A public (or multi-tenant) cloud solution is hosted by a third-party and shared with other subscribers. There are risks regarding performance and security.
Co-location within a data center offers a higher bandwidth solution by providing a direct or private link. The customer establishes infrastructure within a data center supported by the cloud provider or provisions a direct link from an enterprise network.
