CompTIA Network+ Practice N10-008 2nd edition Flashcards

Question 1

Q

At which layer of the OSI model do the protocols on a typical LAN use MAC addresses to identify other computers on the network?

Answer

A

Data Link Layer

Question 2

Q

Which organisation developed the OSI model?

Answer

A

ISO (International Organisation for Standardisation

Question 3

Q

Which layer of the OSI layer is responsible for the logical addressing of end systems and the routing of datagrams on a network?

Answer

A

Network layer - contains headers that specify logical addresses for end system communication and route diagrams across a network

Question 4

Q

On a TCP/IP network, which layers of the OSI model contain protocols that are responsible for encapsulating the data generated by an application, creating a payload for a packet that will be transmitted over a network?

Answer

A

Data Link, Network, Transport - Before the payload data generated by an application can be transmitted over a TCP/IP network, the system must encapsulate it by applying protocol headers and footers at three layers of the OSI model. The data link layer applies a header and footer to create an Ethernet frame. The network layer applies a header to create an IP datagram. The transport layer applies a TCP or UDP header to create a segment or datagram.

Question 5

Q

What layer of the Open Systems Interconnection (OSI) model is responsible for translating and formatting information?

Answer

A

Presentation Layer - The presentation layer implements functions that provide formatting, translation, and presentation of information. No other layers of the OSI model translate and format application data.

Question 6

Q

Which device typically operates at the network layer of the Open Systems Interconnection (OSI) model?

Answer

A

A Router - A router connects networks at the network layer of the OSI model. Proxy servers operate at the application layer. Network interface adapters operate at both the data link and the physical layers. Hubs are physical layer devices.

Question 7

Q

Which layer of the Open Systems Interconnection (OSI) model provides an entrance point to the protocol stack for applications?

Answer

A

Application Layer - The application layer provides an entry point for applications to access the protocol stack and prepare information for transmission across a network. All other layers of the OSI model reside below this layer and rely on this entry point.

Question 8

Q

Which layer of the Open Systems Interconnection (OSI) model is responsible for dialogue control between two communicating end systems?

Answer

A

Session Layer - The session layer is responsible for creating and maintaining a dialogue between end systems. This dialogue can be a two-way alternate dialogue that requires end systems to take turns transmitting, or it can be a two-way simultaneous dialogue in which either end system can transmit at will. No other layers of the OSI model perform dialogue control between communicating end systems.

Question 9

Q

Some switches can perform functions associated with two layers of the Open Systems Interconnection (OSI) model. Which two of the following layers are often associated with network switching?

Answer

A

Data Link, Network - The primary function of a switch is to process packets based on their media access control (MAC) addresses, which makes it a data link layer device. However, many switches can also perform routing functions based on IP addresses, which operate at the network layer.

Question 10

Q

At which layer of the Open Systems Interconnection (OSI) model are there TCP/IP protocols than can provide either connectionless or connection-oriented services to applications?

Answer

A

Transport Layer - There are two types of transport layer protocols: connection-oriented and connectionless. Connection-oriented protocols guarantee the delivery of data from source to destination by creating a connection between the sender and the receiver before any data is transmitted. Connectionless protocols do not require a connection between end systems in order to pass data.

Question 11

Q

Which layers of the Open Systems Interconnection (OSI) model typically have dedicated physical hardware devices associated with them?

Answer

A

Physical, Datalink, Network - The physical layer of the OSI model is associated with hubs, cables, and network interface adapters. The data link layer is associated with bridges and switches. The network layer is associated with routers. The transport, session, presentation, and application layers are typically not associated with dedicated hardware devices.

Question 12

Q

At which layer of the Open Systems Interconnection (OSI) model is there a protocol that adds both a header and footer to the information that is passed down from an upper layer, thus creating a frame?

Answer

A

Data Link Layer - The only layer with a protocol (such as Ethernet) that adds both a header and a footer is the data link layer. The process of adding the headers and footers is known as data encapsulation. All other protocol layers that encapsulate data add just a header.

Question 13

Q

Identify the layer of the Open Systems Interconnection (OSI) model that controls the addressing, transmission, and reception of Ethernet frames, and also identify the media access control method that Ethernet uses.

Answer

A

Data Link Layer; CSMA/CD - The Ethernet protocol that handles the addressing, transmission, and reception of frames operates at the data link layer. Each frame includes hardware addresses that identify the sending and receiving systems on the local network. Ethernet uses the CSMA/CD media access control method.

Question 14

Q

At which layer of the OSI model do you find the protocol responsible for the delivery of data to its ultimate destination on an internetwork?

Answer

A

Network Layer - On a TCP/IP network, the Internet Protocol (IP) at the network layer is the protocol responsible for the delivery of data to its final destination. Data link layer protocols are only concerned with communication between devices on a Local Area Network (LAN) or between two points connected by a Wide Area Network (WAN) link. The session and application layers are not involved in the actual delivery of data.

Question 15

Q

Which of the following is not a protocol operating at the network layer of the OSI model? IP, ICMP, IGMP, IMAP

Answer

A

IMAP - Internet Protocol (IP), Internet Control Message Protocol (ICMP), and Internet Group Message Protocol (IGMP) are all network layer protocols. Internet Message Access Protocol (IMAP) is a mail protocol that operates at the application layer.

Question 16

Q

Ed is a software developer who has been given the task of creating an application that requires guaranteed delivery of information between end systems. At which layer of the Open Systems Interconnection (OSI) model does the protocol that provides the guaranteed delivery run, and what type of protocol must Ed use?

Answer

A

Transport Layer, Connection-oriented - A connection-oriented transport layer protocol, such as Transmission Control Protocol (TCP), provides guaranteed delivery of data for upper layer applications. Connectionless protocols do not guarantee delivery of information and therefore are not a good choice.

Question 17

Q

Which device operates only at the physical layer of the Open Systems Interconnection (OSI) model?

Answer

A

Hub - A hub functions only at the physical layer by forwarding all incoming signals out through all of its ports. Bridges and switches operate at the data link layer by selectively propagating incoming data. Routers operate at the network layer by connecting local area networks (LANs) and propagating only the traffic intended for another network, based on IP addresses.

Question 18

Q

Alice is a network administrator designing a new Local Area Network (LAN). She needs to determine the type of cabling and the network topology to implement. Which layers of the Open Systems Interconnection (OSI) model apply to cabling and topology elements?

Answer

A

Physical Layer - The physical layer defines the mechanical and electrical characteristics of the cables used to build a network. The data link layer defines specific network (LAN or WAN) topologies and their characteristics. The physical layer standard that Alice will implement is dependent on the data link layer protocol she selects. The network, transport, and application layers are not concerned with cables and topologies.

Question 19

Q

Which layers of the Open Systems Interconnection (OSI) model do not have protocols in the TCP/IP suite exclusively dedicated to them?

Answer

A

Session, Presentation - In the TCP/IP suite, the functions of the session layer are primarily implemented in the transport layer protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The presentation layer functions are often implemented in application layer protocols, although some functions, such as encryption, can also be performed by transport or network layer protocols.

Question 20

Q

The protocols at which layer of the Open Systems Interconnection (OSI) model use port numbers to identify the applications that are the source and the destination of the data in the packets?

Answer

A

Transport Layer - Transport layer protocols, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), have header fields that contain the port numbers of the applications that generated the data in the packet and which will receive it. The application, presentation, and network layers do not use port numbers.

Question 21

Q

At which of the Open Systems Interconnection (OSI) model layers do switches and bridges perform their basic functions?

Answer

A

Data Link Layer - Switches and bridges are involved in Local Area Network (LAN) communications only and therefore primarily at the data link layer. They are not primarily associated with the physical, network, or transport layers, although some switches include network layer routing capabilities.

Question 22

Q

On a TCP/IP network, flow control is a function implemented in protocols operating at which layer of the Open Systems Interconnection (OSI) model?

Answer

A

Transport Layer - Flow control is a process that adjusts the transmission rate of a protocol based on the capability of the receiver. If the receiving system becomes overwhelmed by incoming data, the sender dynamically reduces the transmission rate. In the TCP/IP protocol suite, Transmission Control Protocol (TCP) is responsible for implementing flow control. TCP runs at the transport layer.

Question 23

Q

Which layer of the Open Systems Interconnection (OSI) model defines the medium, network interfaces, connecting hardware, and signaling methods used on a network?

Answer

A

Physical Layer - The physical layer of the OSI model defines the standards for the physical and mechanical characteristics of a network, such as cabling (copper and fiber), connecting hardware (hubs and switches), and signaling methods (analog and digital).

Question 24

Q

Which of the OSI model layers is responsible for syntax translation and compression or encryption?

Answer

A

Presentation Layer - The presentation layer provides a syntax translation service that enables two computers to communicate, despite their use of different bit-encoding methods. This translation service also enables systems using compressed or encrypted data to communicate with each other.

Question 25

Q

Which layer of the Open Systems Interconnection (OSI) model is responsible for transmitting signals over the network medium?

Answer

A

Physical Layer - The physical layer of the OSI model defines the functions specific to the network medium and the transmission and reception of signals.

Question 26

Q

Specify the layer of the Open Systems Interconnection (OSI) model at which the Internet Protocol (IP) operates and whether it is connection-oriented or connectionless.

Answer

A

Network, Connectionless - IP is a connectionless protocol that operates at the network layer of the OSI model. There are no connection-oriented protocols at this layer.

Question 27

Q

An Ethernet network interface adapter provides functions that span which two layers of the Open Systems Interconnection (OSI) model?

Answer

A

Physical and Data Link Layers - An Ethernet network interface adapter functions at the data link layer by encapsulating network layer data for transmission over the network. It provides physical layer functions by providing the connection to the network medium and generating the appropriate signals for transmission. Network interface adapters do not operate at the network, transport, or application layer.

Question 28

Q

Which of the following protocols operate at the application layer of the Open Systems Interconnection (OSI) model? HTTP, SNMP, ICMP, IGMP, UDP?

Answer

A

HTTP, SNMP - Hypertext Transfer Protocol (HTTP) and Simple Network Management Protocol (SNMP) operate at the application layer. Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) both operate at the network layer. User Datagram Protocol (UDP) operates at the transport layer.

Question 29

Q

Which layer of the Open Systems Interconnection (OSI) model would be responsible for converting a text file encoded using EBCDIC on the sending system into ASCII code, when required by the receiving system?

Answer

A

Presentation Layer - The presentation layer of the OSI model is responsible for translating different kinds of syntax, including text-encoding systems, such as EBCDIC and ASCII.

Question 30

Q

Which of the following protocols operates at the network layer of the OSI model, but does not encapsulate data generated by an upper layer protocol for transmission over the network? IP, UDP, ARP, ICMP, TCP?

Answer

A

ICMP - Internet Control Message Protocol (ICMP) operates at the network layer by sending operational and error messages. It does not encapsulate upper layer protocol data.

Question 31

Q

A client on a TCP/IP network is attempting to establish a session with a server. List the order of the TCP flags raised in the Transmission Control Protocol (TCP) session establishment messages?

Answer

A

SYN, SYN/ACK, ACK - The TCP connection establishment exchange is a three-way handshake that uses TCP flags to specify the message type for each frame. The first frame contains a SYN flag from the client; the second frame contains the SYN and ACK flags from the server; and the last frame contains an ACK flag from the client.

Question 32

Q

Which of the following is the Maximum Transmission Unit (MTU) size for an Ethernet frame? 512, 1024, 1500, 1518?

Answer

A

1500 - The MTU is the largest amount of data (in bytes) that a protocol operating at a given layer of the OSI model can transmit in one packet. The MTU does not include any header and footer fields supplied by that protocol. For Ethernet, the maximum frame size is 1518 bytes, which includes 18 bytes of header and footer fields. Therefore, the MTU for Ethernet is 1500 bytes. Protocols operating at other OSI model layers can have different MTUs. For example, the typical MTU for an Internet Protocol (IPv4) implementation is smaller than that of Ethernet.

Question 33

Q

Which Transmission Control Protocol (TCP) control bits is set to 1 to initiate the termination of a session?

Answer

A

FIN - The termination phase of a TCP connection begins when either the client or the server sends a message containing the FIN control bit with a value of 1.

Question 34

Q

An electrician installing a new light fixture accidentally severs one of the LAN cables running through the dropped ceiling space. With which topology would the severed cable cause the greatest amount of disturbance to the network?

Answer

A

BUS - A cable break in a bus topology would split the network into two halves, preventing the nodes on one side of the break from communicating with those on the other. In addition, both halves of the network would be left with one unterminated end, which would prevent the computers on each side of the break from communicating effectively.

Question 35

Q

Which type of network is typically confined to a small area, such as a single room, floor, or building?

Answer

A

LAN - A Local Area Network (LAN), as the name implies, is a group of computers contained within a small geographic area. WANs (Wide Area Networks) connect LANs that are geographically distant. MANs (Metropolitan Area Networks) are not confined to a small area; they are typically larger than a LAN but smaller than a WAN. A Campus Area Network (CAN) typically includes a group of adjacent buildings, such as those of a corporation or university.

Question 36

Q

Which type of network connects Local Area Networks (LANs) in distant locations?

Answer

A

WAN - WANs (Wide Area Networks) connect LANs that are geographically distant.

Question 37

Q

Which topologies require the installation of terminating resistors at two locations?

Answer

A

Bus - A bus topology requires terminating resistors at each end of the bus, to remove signals as they reach the end of the cable and prevent them from reflecting back in the other direction and interfering with newly transmitted signals.

Question 38

Q

Which topology is used by the majority of new Ethernet networks installed today?

Answer

A

Hierarchical Star - Virtually all of the new Ethernet networks installed today use the star or the hierarchical star topology, with one or more switches functioning as a cabling nexus.

Question 39

Q

Alice has constructed a five-node failover cluster in which all five servers are connected to a hard disk array using a dedicated Fibre Channel network. Which term describes this network arrangement?

Answer

A

SAN - A storage area network (SAN) is a network that is dedicated to carrying traffic between servers and storage devices.

Question 40

Q

Which of the following is not a technology typically used for a personal area network (PAN)? Bluetooth, Z-wave, NFC, SDWAN?

Answer

A

SDWAN - A Software-Defined Wide Area Network (SDWAN) is a technology that automates the configuration of WAN routers based on the current mix of traffic. It is therefore not suitable for use on a PAN. Bluetooth, Z-Wave, and near-field communication (NFC) are all short-range wireless technologies that are capable of providing communications between PAN devices.

Question 41

Q

Which of the following network topologies are used by Wireless Local Area Networks (WLANs)? Ad hoc, bus, Infrastructure, Star?

Answer

A

Ad hoc, Infrastructure - WLANs can use the ad hoc topology, in which devices communicate directly with each other, or the infrastructure topology, in which the wireless devices connect to an access point.

Question 42

Q

Which of the following Ethernet physical layer options does not use the star topology? 10Base2, 10Base-T, 100Base-TX, 1000Base-T?

Answer

A

10Base2 - 10Base2 is the physical layer specification for Thin Ethernet, which uses coaxial cable in a bus topology. 10Base-T, 100Base-TX, and 1000Base-T all use twisted pair cable in a star topology.

Question 43

Q

Which of the following network types are typically wireless? WAN, PAN, SAN, WLAN?

Answer

A

PAN, WLAN - Personal area networks (PANs) connect devices associated with a single person, such as smartphones, and are nearly always wireless. Wireless Local Area Networks (WLANs) are wireless by definition. Wide Area Networks (WANs) typically span long distances and are typically wired, at least in part. Storage area networks (SANs) require high performance levels and are nearly always wired.

Question 44

Q

Dense Wave Division Multiplexing (DWDM) is a signaling technology that has become a popular choice in the construction of which of the following types of provider links? DSL, Metro-optical, Satelite, Cable?

Answer

A

Metro-optical - DWDM has become a popular technology in the construction of metro-optical networks because it addresses some of the scalability and cost restrictions of other optical technologies, such as Synchronous Optical Networks (SONETs). DSL, satellite, and cable providers do not typically use DWDM.

Question 45

Q

On peer-to-peer networks, every workstation is capable of authenticating users. T/F

Answer

A

True - A peer-to-peer network calls for each workstation to maintain accounts for authenticating users that access their shared resources. On a client-server network, authentication is centralized. Peer-to-peer networks can be more difficult to administer than client-server networks, but they are not inherently less secure.

Question 46

Q

Why does DSL (Digital Subscriber Line) technology support faster data transmissions than a standard Public Switched Telephone Network (PSTN) modem connection?

Answer

A

DSL technology provides higher data rates because it uses frequency ranges that are higher than the standard voice spectrum. DSL connections use 10 kHz and above, whereas the standard voice spectrum uses 300 Hz to 4 kHz. DSL does not use separate control circuits and does not perform CRC functions. Also, DSL technology is strictly digital and does not require an analog-to-digital conversion.

Question 47

Q

Which DSL (Digital Subscriber Line) technology can adjust its transmission speed based on line conditions?

Answer

A

RADSL - Rate-Adaptive Digital Subscriber Line (RADSL) technology can adjust its rate of transmission based on line conditions. High-bit-rate Digital Subscriber Line (HDSL), Very high-rate Digital Subscriber Line (VDSL), and Internet Digital Subscriber Line (IDSL) do not use rate adaptive transmission.

Question 48

Q

Which Wide Area Network (WAN) technologies uses broadband signaling?

Answer

A

Cable Television (CATV) - CATV networks use broadband signaling, which enables many signals to occupy the same channel. DSL and ISDN do not use broadband signaling.

Question 49

Q

Ed has been hired by a private company to connect two remote sites with a Wide Area Network (WAN). Each of these sites has more than 200 users, and they all need to constantly transfer files across the WAN. One of the sites has a customer database that is accessed by both sites at all hours of the day. Access to the database and other information is time sensitive and constant. The company estimates that their aggregate bandwidth needs to be approximately 40 Mbps. Management says that they need to guarantee access to this information and that money is not a factor in the WAN implementation. Which WAN technology should Ed recommend for this scenario?

Answer

A

A T-3 dedicated leased line - This is because the bandwidth requirements are constant, and the data transfer rates are high. To support the 40 Mbps data rate, Ed should recommend a T-3 dedicated leased line, running at 44.735 Mbps.

Question 50

Q

Ralph is an employee of a company that offers the option to telecommute from home. As a telecommuting employee, he needs to connect to the company network to access client information, transfer files, and send email through a Virtual Private Network (VPN) connection. Ralph is investigating the different Wide Area Network (WAN) services available for the remote connection before he implements one. His home is over 30 years old; the existing telephone wiring was not run through conduit, and the wiring seems to be deteriorating. Ralph has cable television (CATV) service, and his home is also approximately 20,000 feet from the nearest telephone central office. He wants to implement the fastest remote connection service possible, but cost is a factor in the decision. Which WAN technology should Ralph implement?

Answer

A

A broadband CATV connection - In this scenario, the best solution is for Ralph to use his existing CATV service for the remote connection. CATV offers faster data rates than standard modem-to-modem service and supports VPN connections.

Question 51

Q

Which of the following Wide Area Network (WAN) connection technologies uses analog signaling? PSTN, CATV, DSL, SONET?

Answer

A

PSTN is an analog, circuit-switched network. CATV, DSL, and SONET are all digital networks.

Question 52

Q

If you want to allow both voice and data traffic to be transmitted across the same Digital Subscriber Line (DSL) connection, what type of device is required at the customer site?

Answer

A

A splitter - In a DSL connection, a signal splitter is needed at the customer site to separate the lower frequency voice range from the higher frequencies used by data traffic. The higher frequency signals are handled at the central office by a DSLAM device. Lower frequency signals carrying voice traffic are handled at the central office by a CODEC device.

Question 53

Q

What are the two main factors that affect DSL (Digital Subscriber Line) transmission rates?

Answer

A

Distance to the nearest central office, Line Conditions - There are two factors that affect DSL transmission rates. The first is the distance to the nearest central office, and the second is the condition and quality of the line. For DSL to achieve higher data rates, the site must be close to the central office and use good-quality lines for signal transmission.

Question 54

Q

Describe the function of a demarcation point or demarc?

Answer

A

The place where an outside service enters the building - A demarcation point, or demarc, is the place where an outside telecommunications service meets a customer’s private network, which is typically where the service enters the building. The demarc is also the place where the responsibility of the network administrator ends. If a problem occurs outside the demarc, it is up to the service provider to fix it. Inside the demarc, it is the network administrator’s problem.

Question 55

Q

Which of the following broadband WAN services provides equal amounts of upstream and downstream bandwidth? ADSL, SDSL, Satelite, Cable?

Answer

A

SDSL - The word symmetric in Symmetric Digital Subscriber Line (SDSL) means that the service provides equal amounts of bandwidth in both directions. The asymmetric in Asymmetric Digital Subscriber Line (ADSL) means that the service provides more downstream bandwidth than upstream. Cable and satellite services are also asymmetric, providing more bandwidth downstream than upstream.

Question 56

Q

Which of the following remote access connection technologies can support the simultaneous transmission of voice and data traffic over the Public Switched Telephone Network (PSTN)? (Choose all that apply.)

Dial-up modem connection

Integrated Services Digital Network (ISDN)

Digital Subscriber Line (DSL)

Synchronous Optical Network (SONET)

Cable television (CATV) network

Answer

A

ISDN and DSL are both remote access technologies that enable users to transmit voice and data simultaneously. To do this, DSL splits the lower analog frequency (voice) range from the higher digital frequency (data) range, whereas ISDN provides multiple data channels (called B channels) that allow for both voice and data transmissions. Broadband cable television networks can often support simultaneous voice and data communications, but they use Voice over Internet Protocol (VoIP) to carry voice traffic over the Internet, not the PSTN. Dial-up connections and SONET do not support the simultaneous transmission of voice and data.

Question 57

Q

A T-3 leased line connection runs at 44.736 megabits per second (Mbps). How many separate channels does a T-3 provide?

Answer

A

672 - A T-3 leased line connection is the equivalent of 28 T-1 connections. Each T-1 consists of 24 channels, so a T-3 has a total of 672 channels (28 × 24).

Question 58

Q

A T-3 leased line connection is the equivalent of how many T-1 connections?

Answer

A

28 - A T-3 leased line connection is the equivalent of 28 T-1 connections. Each T-1 consists of 24 channels, so a T-3 has a total of 672 channels (28 × 24), for an overall transfer rate of 44.736 Mbps.

Question 59

Q

Which of the following is the U.S. standard for synchronous data transmissions that defines data rates designated by optical carrier levels, such as OC-3, OC-12, OC-48, and OC-192?

Answer

A

SONET - The Synchronous Optical Networking (SONET) standard defines a base data transfer rate of 51.84 Mbps, which is multiplied at the various optical carrier levels. An OC-3 connection therefore runs at 155.52 Mbps, an OC-12 at 622.08 Mbps and so forth. The Synchronous Digital Hierarchy (SDH) is the European equivalent of SONET.

Question 60

Q

Which is a wide area networking mechanism that assigns labels to packets and forwards them based on those labels, rather than addresses?

Answer

A

MPLS - Multiprotocol Label Switching (MPLS) is a data transfer mechanism that assigns labels to individual packets, and then routes the packets based on those labels.

Question 61

Q

Which two of the following constructs provide roughly the same function? (Choose two that apply.)

SIP trunk

CSU/DSU

VoIP gateway

Smartjack

VPN concentrator

Answer

A

A Session Initiation Protocol (SIP) trunk provides a connection between the private and public domains of a unified communications network. A Voice over Internet Protocol (VoIP) gateway provides a connection between an IP network and the Public Switched Telephone Network (PSTN). Both of these provide a conduit between a subscriber’s private network and the network furnished by a service provider.

Question 62

Q

Which is the device that provides the interface between a Local Area Network (LAN) and a Wide Area Network (WAN)?

Answer

A

CSU/DSU - A Channel Service Unit/Data Service Unit (CSU/DSU) is a device that provides a LAN router on a private network with access to a leased line WAN connection.

Question 63

Q

Which term describes a leased line subscription that provides access to only part of a T-1?

Answer

A

Fractional T-1 - A subscription to part of the T-1 leased line is called a fractional T-1 service. This service enables you to purchase some of the 24 DS0 channels in a T-1 connection. An E-1 is the European version of a T-1.

Question 64

Q

Multiprotocol Label Switching (MPLS) is sometimes said to operate between two layers of the Open Systems Interconnection (OSI) model. Between which two layers is it usually said to function?

Answer

A

Data Link and Network - MPLS is a data-carrying service that is often said to operate between the data link layer and the network layer. It is therefore sometimes called a layer 2.5 protocol. MPLS can be used to carry IP datagrams as well as Ethernet, Asynchronous Transfer Mode (ATM), and Synchronous Optical Network (SONET) traffic.

Answer 65

A

OC-1 - An OC-1 connection provides the fastest transfer rate at 51.84 Mbps. An E-1 connection is 2.048 Mbps. A T-3 is 44.736 Mbps, and a T-1 is 1.544 Mbps.

Answer 66

A

Cable Broadband - The Data Over Cable Service Interface Specification (DOCSIS) is a telecommunications standard that defines the manner in which data is to be transmitted over a cable television system.

Answer 67

A

PVC, SVC - Frame relay services offer permanent virtual circuits (PVCs) and switched virtual circuits (SVCs). SRV is a resource record type in the Domain Name System (DNS), and an Ultra-Physical Contact (UPC) is a type of fiber-optic cable connector.

Answer 68

A

Cable Broadband, DSL - Cable broadband and DSL subscribers typically connect to ISP networks that run Ethernet, but Ethernet has no built-in authentication or encryption mechanisms. PPP has the ability to use external authentication and encryption protocols, so by encapsulating PPP within Ethernet frames, users are able to log on to the ISP network securely.

Answer 69

A

Frame Relay - Frame relay is a packet switching service that uses a single leased line to replace multiple leased lines by multiplexing traffic through a cloud.

Answer 70

A

Bus to Star - All coaxial-based Ethernet networks, including Thin Ethernet, use a bus topology. All UTP-based Gigabit Ethernet networks use a star topology. Therefore, an upgrade from coaxial to UTP cable must include a change in topology from bus to star.

Answer 71

A

True - In most virtualization products, when you create multiple virtual machines on one host computer, they can communicate with each other internally using a built-in virtual switching capability. A computer with multiple network adapters can function as a router, but not as a switch. Layer 3 switches can provide virtual routers that connect VLANs together, but not virtual switches. The function that enables VLANs on different switches to communicate is called trunking, not virtual switching.

Answer 72

A

In Type I virtualization, the hypervisor runs directly on the physical computer hardware, whereas in Type II virtualization, a host operating system runs on the computer hardware and the hypervisor runs on top of the host OS. - Type I virtualization does not require a host OS, whereas Type II virtualization does. Both Type I and Type II virtualization can use processors with hardware virtualization assistance, but only Type I requires it. The type of virtualization does not impose any limit on the number of virtual machines supported; any limitations are left to the individual implementation. Both Type I and Type II virtualization can share a single processor among virtual machines.

Answer 73

A

Virtual Switch - You can create Virtual Local Area Networks (VLANs) on a virtual switch, just as you can create them on many physical switches. In most cases, virtual components function just like their physical counterparts.

Answer 74

A

Virtual NICs - Just like physical network interface cards (NICs), virtual NICs have 6 byte MAC addresses assigned to them, which enable them to be identified by data link layer protocols. Unlike physical NICs, however, it is typically an easy matter to modify a MAC address on a virtual NIC.

Answer 75

A

Hypervisor - The hypervisor is the hardware or software component responsible for managing virtual machines and providing the virtualized hardware environment on which they run.

Answer 76

A

Host - A computer with a hypervisor, on which you can create virtual machines, is referred to as a host. The virtual machines themselves are called guests.

Answer 77

A

Virtual switches have an unlimited number of ports, whereas physical switches have a specific number.

Answer 78

A

Frame Relay - Frame relay is a packet switching service that uses a single leased line to replace multiple leased lines by multiplexing traffic through a cloud. The service can create virtual circuits connecting the subscriber’s network to multiple destinations, eliminating the need for a dedicated leased line to each remote site.

Answer 79

A

NAT - Network Address Translation (NAT) enables workstations on private networks to access the Internet by substituting a public IP address in packets generated with private addresses. Layer 2 Tunneling Protocol (L2TP), IPsec, and Multipoint Generic Routing Encapsulation (MGRE) are all protocols that encapsulate packets in an encrypted form within another protocol to secure the contents.

Answer 80

A

NFV ISG - The NFV specification, published by the European Telecommunications Standards Institute (ETSI), calls for three main components: virtualized network functions (VNFs), which are software-based implementations of standard network services, such as firewalls and load balancers; a Network Functions Virtualization Infrastructure (NFVI), which is the hardware/software environment that hosts the VNFs; and a Network Functions Virtualization-Management And Orchestration (NFV-MANO) framework, which includes the elements required to deploy and administer the NFVI and the VNFs. The Network Functions Virtualization Industry Specification Group (NFV ISG) is the group within ETSI that develops the NFV specifications; it is not one of the three components.

Answer 81

A

ANSI/TIA/EIA, document T568b - The three organizations that collectively developed the T568b document, which defines the standard for a structured cabling system for voice and data communications, are the American National Standards Institute (ANSI), the Telecommunications Industry Association (TIA), and the Electronic Industries Association (EIA). All of the other options are not standards organizations or cabling standards.

Answer 82

A

A coaxial cable and an F-type connector - The cable type and connector used to attach a television set to a CATV network is a coaxial cable with a screw-on F-type connector. Although CATV networks typically use fiber-optic cables and ST connectors for outdoor connections, they do not use fiber for internal connections to television sets. Coaxial cables with BNC connectors are most commonly used for Thin Ethernet LANs, not CATV network connections.

Answer 83

A

RG-8 - The cable type used for Thick Ethernet segments is a coaxial cable called RG-8. RG-58 is used exclusively on Thin Ethernet segments.

Answer 84

A

RG-58 - RG-58 coaxial cable is used exclusively for Thin Ethernet segments. RG-8 cable is used for Thick Ethernet segments.

Answer 85

A

Krone LSA-Plus - The Krone LSA-Plus is a proprietary telecommunications connector type commonly used in European installations.

Answer 86

A

RG-6 and RG-59 - RG-6 and RG-59 are 75 ohm cables that are still used for cable television and similar connections. RG-8 and RG-58 are 50 ohm cables that were formerly used for Thick Ethernet and Thin Ethernet, respectively, but are no longer in general use.

Answer 87

A

BNC - Bayonet-Neill-Concelman (BNC) is a type of connector used with coaxial cable. Subscriber Connector (SC), Mechanical Transfer-Registered Jack (MT-RJ), and Straight Tip (ST) are all types of fiber-optic connectors.

Answer 88

A

The Gigabit Interface Converter (GBIC) transceiver standard was first published in 1995 and defines a maximum data transfer rate of 1.25 Gbps. It was rendered all but obsolete by the Small Form-factor Pluggable (SFP) standard, introduced in 2001, which ran at the same maximum speed but was smaller in size.

Answer 89

A

There are two main types of twisted pair wiring used for data communications: Unshielded Twisted Pair (UTP) and Shielded Twisted Pair (STP). Both types can be used in a star topology. UTP and STP cables contain eight copper conductors twisted in four pairs. UTP and STP cables use RJ-45 connectors to connect end systems to switches, patch panels, and wall plates.

Answer 90

A

The twists in a twisted pair cable prevent the signals on the different wires from interfering with each other (which is called crosstalk) and also provide resistance to outside electromagnetic interference. The twists have no effect on collisions. The twists cannot completely eliminate the effects of EMI.

Answer 91

A

RG-58, 50-ohm, 0.195-inch, coaxial cable with BNC connectors

Answer 92

A

BNC - Thin Ethernet networks use a type of coaxial cable that runs from each computer to the next one, forming a bus topology. To connect the cable to the network computers, each network interface adapter has a T-connector attached to it, with two additional male BNC connectors, to which you connect two lengths of network cabling.

Answer 93

A

ST, LC, MT-RJ - Fiber-optic cable connectors all function on the same basic principles, but there are a variety of form factors from which to choose, including Straight Tip (ST), Local Connector (LC), and Mechanical Transfer–Registered Jack (MT-RJ). RJ-11 is a twisted pair cable connector, and F connectors are for coaxial cable.

Answer 94

A

Coaxial - Thick Ethernet installations used a type of coaxial cable called RG-8. To connect a node to the network, installers ran a separate cable called an Attachment Unit Interface (AUI) cable from the computer to the RG-8 and connected it using a device called a vampire tap that pierced the sheathing to make contact with the conductors within.

Answer 95

A

Patch Panel - The cabling nexus in a telecommunications room is called a patch panel. A telepole is a tool used for installing cables. A backbone is a network that connects other Local Area Networks (LANs) together. A demarcation point, or demarc, is the location at which a telecommunication provider’s service meets the customer’s private network. A fiber distribution panel is used for fiber optic cable, not Unshielded Twisted Pair (UTP), connections.

Answer 96

A

Multimode Fibre Optic - Multimode fiber-optic cable best meets the client’s needs. Fiber-optic cable supports the required 1000 Mbps data rate and can connect networks that are more than 1000 feet apart. Fiber-optic cable is immune to EMI. Although both multimode and single-mode fiber would meet the corporation’s general needs, multimode is best in this scenario because it is less expensive than single-mode fiber.

Answer 97

A

Strip some of the sheath off the cable end to expose the wires.
Separate the twisted wire pairs at the ends.
Strip a small amount of insulation off each wire.
Insert the wires into the appropriate contacts in the jack.
Press the bare wire down between the two metal contacts that hold it in place.
Cut off the excess wire that protrudes past the contacts.

Answer 98

A

F-type - ST, SC, fiber LC, and MT-RJ are all connectors used with fiber-optic cables. F-type connectors are used with coaxial cables.

Answer 99

A

CAT6a, CAT7, CAT8 - Category 6a (CAT6a) twisted pair cable is a variant on CAT6 that enables you to create 10GBase-T networks with segments up to 100 meters long. Category 7 (CAT7) cable adds shielding both to the individual wire pairs and to the entire cable, for even greater resistance to crosstalk and noise. CAT7 supports 100-meter 10GBase-T segments as well. CAT8 cable supports bandwidth up to 2 GHz, making it even more suitable for 10GBase-T networks than CAT6a (500 MHz) or CAT7 (600 MHz). CAT5 and CAT5e are not suitable for use with 10GBase-T. You can use CAT6 for 10GBase-T, but it is limited to 55-meter segments.

Answer 100

A

40GBase-T - is a 40-gigabits-per-second (Gbps) Ethernet specification that calls for 4-pair CAT8 twisted pair cabling for lengths up to 30 meters. 10GBase-T and 100Base-TX do not require CAT8 cable, and 1000Base-SX is a fiber optic standard.

Answer 101

A

Mesh Topology, Fibre-optic cabling and internal installation

Answer 102

A

The FLP signals verify the integrity of the connection between the devices
The FLP signals enable the devices to negotiate to speed of the link between them

Answer 103

A

The 10GBase-CX4 specification calls for the use of a twinaxial copper cable with segments no longer than 15 meters. The10GBase-LR, 10GBase-ER, 10GBase-LX4, and 10GBase-SR specifications all call for fiber-optic cable.

Answer 104

A

Replace the 100Base-TX switch with a 1000Base-T switch, and leave the existing cables and network interface adapters in place - The multispeed network interface adapters in the computers can run at 1 Gbps speed using the existing CAT5 cable, but the 100Base-T switch must be replaced with a 1000Base-T switch. While the network might run better with a cable upgrade, it is not immediately necessary. Replacing the network interface adapters is not necessary because the existing multispeed adapters can run at 1 Gbps if they are connected to a 1000Base-T switch.

Answer 105

A

Network Address Translation (NAT) is a service that enables computers with unregistered IP addresses to access the Internet by substituting a registered address in packets as they pass through a router. The Dynamic Host Configuration Protocol (DHCP) is an IP address allocation service. Domain Name System (DNS) resolves domain and hostnames into IP addresses, and Network Time Protocol (NTP) enables network devices to synchronize their time settings.

Answer 106

A

A dual stack is an IP implementation that includes both IPv4 and IPv6 protocol stacks, operating simultaneously. A computer with two network adapters or connections to two network segments is often called multihomed. A computer with two installed operating systems is called a dual-boot system.

Answer 107

A

B, C. IPv4 addresses with first byte values from 224 to 239 are Class D addresses, which are reserved for use as multicast addresses. Therefore, you cannot assign 229.6.87.3 to a host. Option C, 103.256.77.4, is an invalid address because the value 256 cannot be represented by an 8-bit binary value. The other options, 1.1.1.1 and 9.34.0.1, are both valid IPv4 addresses.

Answer 108

A

15 - The value after the slash in a Classless Inter-Domain Routing (CIDR) address specifies the number of bits in the network identifier. An IPv4 address has 32 bits, so if 17 bits are allocated to the network identifier, 15 bits are left for the host identifier.

Answer 109

A

255.255.255.224 - To create a network with 8 subnets and 30 hosts per subnet, Alice would have to allocate 3 of the 8 bits in the last octet for subnet identifiers. This would result in a binary value of 11100000 for the last octet in the subnet mask, which converts to a decimal value of 224.

Answer 110

A

fe00::c955:c944:acdd:3fcb - The address fe00::c955:c944:acdd:3fcb is correctly formatted for IPv6, with the double colon replacing three blocks of zeroes. Uncompressed, the address would appear as follows: fe00:0000:0000:0000:c955:c944:acdd:3fcb. Option A contains a nonhexadecimal digit. Option B contains only seven 16-bit blocks (and no double colon) instead of the eight required for 128 bits. Option D contains blocks larger than 16 bits.

Answer 111

A

Class B - All Class B addresses have first octet values between 128 and 191. The first octet range of a Class A address is 1 to 126, and the Class C first octet range is 192 to 223. Class D addresses have a first octet range of 224 to 239.

Answer 112

A

255.252.0.0 - The 14-bit prefix indicated in the network address will result in a mask with 14 ones followed by 18 zeroes. Broken into 8-bit blocks, the binary mask value is as follows:

11111111 11111100 00000000 00000000

Converted into decimal values, this results in a subnet mask value of 255.252.0.0.

Answer 113

A

The formula for calculating the number of subnets you can create using a subnet identifier of a given length is 2x, where x is the number of bits in the subnet identifier. Therefore, with a 14-bit subnet, you can conceivably create 214, or 16,384, subnets.

Answer 114

A

In this scenario, the last byte of the IP address assigned to the company must be subdivided into 3 subnet bits and 5 host bits. The 3 subnet bits will give Alice up to 8 subnets, with 5 host bits for up to 30 hosts per subnet. The new subnet mask is 255.255.255.224. The 224 is the decimal equivalent of the binary value 11100000, which represents the 3 subnet bits and the 5 host bits.

Answer 115

A

To convert a MAC address to an Extended Unique Identifier (EUI-64), you split the 6-byte MAC address into two 3-byte halves and insert the 2-byte value FFFE in between, as follows:

001F9E FFFE FC7AD0

Then, you change the seventh bit in the first byte, the universal/local bit, from 0 to 1, indicating that this is a locally created address. This results in a binary first byte value of 00000010, which converts to 02 in hexadecimal.

Finally, you add the IPv6 link local prefix FE80::/10, resulting in the following complete address:

FE80::021F:9EFF:FEFC:7AD0

Answer 116

A

A standard Class B address with a mask of 255.255.0.0 has 16 bits that can be used for subnets and hosts. To get 600 subnets, you must use 10 of the available bits, which gives you up to 1024 subnets. This leaves 6 host bits, which gives you up to 62 hosts per subnet, which exceeds the requirement of 55 requested by the client. Using 9 bits would give you only 510 subnets, while 11 bits would give you 2046 subnets but leave you only 5 bits for a maximum of 30 hosts, which is not enough.

Answer 117

A

The formula for calculating the number of hosts you can create using a host identifier of a given length is 2x–2, where x is the number of bits in the host identifier. You cannot create a host with an address of all zeroes or all ones, which is why you subtract 2. On a network that uses 20 bits for network identification, 12 bits are left for the host identifier. Using those 12 bits, you can create 212–2 or 4,094 host addresses.

Answer 118

A

With a Class B subnet mask of 255.255.248.0, the binary form of the third and fourth bytes is 11111000 00000000. There are 5 subnet bits, providing up to 32 subnets and 11 host bits, providing up to 2046 hosts.

Answer 119

A

The decimal value for 11111111 is 255, the value for 11100000 is 224, and the value for 00000000 is 0, so the mask is 255.255.224.0.

Answer 120

A

With a network address of 192.168.1.32 and 27 mask bits, the subnet mask value is 11111111.11111111.11111111.11100000 in binary form, or 255.255.255.224 in decimal form. This leaves 5 bits for the host identifier. The valid range of host bits is therefore 00001 (1) through 11110 (30). This gives you a range of 192.168.1.32 + 1 (33) through 192.168.1.32 + 30 (62).

Answer 121

A

To calculate the number of host addresses available, Alice must determine the number of host bits in the address, which is 10, raise 2 to that power, and subtract 2 for the network and broadcast addresses, which are unusable for hosts. The formula is therefore 2x–2. 210–2=1022.

Answer 122

A

The address given uses 20 bits to identify the network, leaving 12 bits for the host identifier. In binary form, therefore, the subnet mask value would be 11111111 11111111 11110000 00000000. The decimal value for 11111111 is 255, and the decimal value for 11110000 is 240. Therefore, the subnet mask is 255.255.240.0.

Answer 123

A

A /28 address leaves 4 bits for the host identifier. To calculate the number of hosts, Ed uses 24–2=14. The first address on the subnet is therefore 192.168.2.33, and the fourteenth is 192.168.2.46.

Answer 124

A

Unlike network address translation, port address translation uses a single public IPv4 address for all of the client workstations. Instead of assigning each workstation a unique address, PAT assigns each workstation a unique port number.

Answer 125

A

The default port for the Post Office Protocol (POP3) is 110. The default port for the Simple Mail Transfer Protocol (SMTP), the other protocol used by email clients, is 25. Port 143 is the default for the Internet Message Access Protocol (IMAP), a different email mailbox protocol that clients never use with POP3. Port 80 is the default for the Hypertext Transfer Protocol (HTTP), which is not used by POP3 email clients.

Answer 126

A

The port numbers specified in a transport layer protocol header identify the application that generated the data in the packet or the application that will receive the data. Port numbers do not identify transport layer protocols, gateways, or proxy servers.

Answer 127

A

Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) are unusual in that they generate messages that are encapsulated directly within IP datagrams. Nearly all of the other TCP/IP protocols, including Simple Mail Transfer Protocol (SMTP) and Simple Network Management Protocol (SNMP), are encapsulated within one of the transport layer protocols—User Datagram Protocol (UDP) or Transmission Control Protocol (TCP)—which is encapsulated in turn within an IP datagram.

Answer 128

A

The Lightweight Directory Access Protocol (LDAP) is an application layer protocol used for managing and accessing information stored in directory services.

Answer 129

A

587, 995 - SMTP with TLS uses port number 587. POP3 over SSL uses port number 995. Port numbers 25 and 110 are used for SMTP and POP3 without encryption. Port number 993 is used for Internet Message Access Protocol (IMAP) over SSL.

Answer 130

A

3389 - The port number 3389 is used by the Remote Desktop Protocol (RDP) and is not involved in SQL communication. Port 1433 is used by SQL Server; 1521 is used by SQLnet; 3306 is used by MySQL.

Answer 131

A

Port number 514 is assigned to syslog, a Unix standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail SMTP server, across an IP network to a message collector, called a syslog server. Port number 389 is assigned to the Lightweight Directory Access Protocol (LDAP). Port number 636 is assigned to LDAP over Secure Sockets Layer (SSL). Port number 993 is assigned to Internet Message Access Protocol (IMAP) over SSL.

Answer 132

A

IP, UDP - The term datagram is typically used by protocols offering connectionless delivery service. The two main connectionless protocols in the TCP/IP suite are the Internet Protocol (IP) and the User Datagram Protocol (UDP), both of which use the term datagram. Ethernet uses the term frame, and Transmission Control Protocol (TCP) uses segment.

Answer 133

A

The default file sharing protocol used on all Windows operating systems is SMB. HTTP is the native protocol used by web clients and servers. NFS is the native file sharing protocol used on Unix/Linux networks. FTP is a protocol used for transferring files from one system to another. LDAP is a protocol for transmitting directory service information.

Answer 134

A

Three-way handshake - Two systems establishing a TCP connection exchange three messages before they begin transmitting data. The exchange of these synchronization messages is referred to as a three-way handshake.

Answer 135

A

67, 68, 69 - Dynamic Host Configuration Protocol (DHCP) servers use port numbers 67 and 68. The Trivial File Transfer Protocol (TFTP) uses port number 69.

Answer 136

A

49152 through 65535 - Ephemeral client ports are in the range of 49152 through 65535. Well-known TCP and UDP server ports are in the range of 1 through 1023. Registered port numbers are in the range of 1024 to 49151.

Answer 137

A

ESP - Encapsulating Security Protocol (ESP) is a protocol in the TCP/IP suite that is capable of providing encryption services for IPsec. Authentication Header (AH) provides digital integrity services for IPsec, in the form of a digital signature. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. MSCHAP is an authentication protocol used by remote access services.

Answer 138

A

AH, ESP - Authentication Header (AH) is an IPsec protocol that provides authentication and digital integrity services. Encapsulating Security Protocol (ESP) provides encryption services for IPsec. Secure Shell (SSH) is a remote administration tool, and Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers.

Answer 139

A

In a successful DHCP address allocation, the client issues DHCPDISCOVER broadcasts to locate servers, and the servers reply with DHCPOFFER messages containing addresses. Then, the client sends a DHCPREQUEST message to one server accepting an offered address, to which the server replies with a DHCPACK. DHCPNAK messages are only used in unsuccessful transactions, and DHCPRENEW, DHCPRELEASE, and DHCPINFORM messages are not used during the address allocation process.

Answer 140

A

Internet Web Servers, Incoming Email servers - The external DNS server should contain records only for the resources that must be accessible from the Internet, such as web servers and public email servers. For security reasons, servers containing sensitive data, such as database servers and domain controllers, should be registered on the internal DNS server.

Answer 141

A

DHCP Relay, UDP Forwarding, IP helper - DHCP relay, UDP forwarding, and IP helper are all router mechanisms that perform the same task, forwarding broadcast messages on one subnet to a specific IP address on another subnet as a unicast message. This enables DHCP clients to contact DHCP servers on another subnet to obtain IP addresses. Zone transfer is a DNS zone replication mechanism not used by DHCP clients or servers.

Answer 142

A

iSCSI, FCoE - iSCSI runs on a standard IP network, and Fibre Channel over Ethernet (FCoE) runs on a standard Ethernet network. Both of these protocols can share a network with LAN traffic, although the use of a Quality of Service (QoS) mechanism is usually recommended. Fibre Channel and InfiniBand both require a dedicated network medium that does not support LAN traffic.

Answer 143

A

iSNS - The Internet Storage Name Service (iSNS) is an application that provides iSCSI initiators with automated discovery of targets located on the network. iSNS can also function as a discovery service for Fibre Channel devices.

Answer 144

A

Ethernet, IP, TCP - iSCSI runs on a standard IP network; therefore, iSCSI messages are encapsulated using Transmission Control Protocol (TCP) at the transport layer, Internet Protocol (IP) at the network layer, and Ethernet at the data link layer. iSCSI does not use the User Datagram Protocol (UDP).

Answer 145

A

The Platform as a Service (PaaS) model provides consumers with the ability to install applications of their choice on a server furnished by the provider. Infrastructure as a Service (IaaS) provides the consumers with processing, storage, and networking resources that they can use to install and run operating systems and other software of their choice. Software as a Service (SaaS) provides consumers with access to a specific application running on the provider’s servers. Desktop as a Service (DaaS) provides remote virtualization of the entire workstation desktop, instead of a single application.

Answer 146

A

A cloud direct connection is a private link between the client’s private network and the cloud service provider. This link is independent from any ISP connection used by the client organization for other traffic, so it ensures a consistent bandwidth for the hybrid cloud network. Using a different ISP or a leased line does not replace the entire connection; there are still potential bottlenecks. A VPN can provide better performance than a standard connection and greater security, but it is not as consistent (or as expensive) as a direct cloud connection.

Answer 147

A

A key fob that unlocks your car is typically a short-range radio or infrared device that does not use the Internet for its communications. Each of the other examples describes a device with an IP address that uses the Internet to communicate with a controller or monitoring station.

Answer 148

A

A bridge can split a single network into two collision domains, because it forwards only the packets that are destined for the other side of the bridge. The bridge forwards all broadcast packets, so it maintains a single broadcast domain. A hub maintains a single collision domain and a single broadcast domain. A switch creates a separate collision domain for each port, and a single broadcast domain for the entire network. A router creates two collision domains, but it does not forward broadcasts, so there are two broadcast domains as well. A repeater is a physical layer device that amplifies signals; it does not affect collision domains.

Answer 149

A

Service-dependent filtering blocks traffic based on the port numbers specified in the transport layer header fields. Because port numbers represent specific applications, you can use them to prevent traffic generated by these applications from reaching a network. IP address filtering operates at the network layer. DPI scans the contents of packets, rather than their headers. NGFW defines a device with advanced protection capabilities; port number scanning is a basic firewall function.

Answer 150

A

The five functional levels in a distributed control system such as SCADA are field level, direct control, plant supervisory, production control, and production scheduling. Remote access is not one of the levels.

Answer 151

A

SOHO multifunction devices typically function as routers connecting the local network to an Internet Service Provider (ISP), switches providing wired connections to host devices, Dynamic Host Configuration Protocol (DHCP) servers assigning IP addresses, Domain Name System (DNS) servers resolving names into IP addresses, Network Address Translation (NAT) routers providing hosts with private IP addresses access to the Internet, and APs providing wireless devices with access to the network. They do not function as hubs.

Answer 152

A

The process by which STP populates its database with information about each port in a switch and designates the ports as forwarding or blocking is called convergence.

Answer 153

A

Security Information and Event Management (SIEM) systems can function as a central clearinghouse for information gathered by IDSs and other security processes.

Answer 154

A

The 100Base-TX specification specifies two hub types: Class I and II. Class I hubs perform signal translation; Class II hubs do not. A network can have only one Class I hub per collision domain; a network can have two Class II hubs per collision domain. The other options do not exist.

Answer 155

A

A proxy server is an application layer service, because it receives Internet service requests from client computers, reads the application layer protocol data in each request, and then generates its own request for the same service and transmits it to the Internet server the client specifies. Only an application layer service can read and process the application layer data in network packets. A proxy server cannot be a data link layer device, because it can provide Internet access to an entire internetwork, while the data link layer is concerned with communications on a single subnet. Proxy servers cannot be network layer devices, because the network layer handles all internetwork packets indiscriminately and is unaware of what application generated the data carried inside the packets. The transport layer is not involved in processing application data, so proxy servers cannot be said to function at the transport layer.

Answer 156

A

DPI is a firewall technique that examines the data carried in packets and not just the protocol headers. While traditional firewalls typically do not support DPI, NGFWs often do. Stateful packet inspection, NAT, and VPN support are all features that are commonly supported by traditional firewall products.

Answer 157

A

Which server has the fastest processor - In most cases, a load balancing router works by processing incoming traffic based on rules set by the administrator. The rules can distribute traffic among a group of servers using various criteria, such as each server’s current load or response time, or which server is next in a given rotation. Load balancers typically do not use the hardware configuration of the servers to direct traffic since this is a factor that does not change.

Answer 158

A

The Control and Provisioning of Wireless Access Points (CAPWAP) protocol and the Lightweight Access Point Protocol (LWAPP) are both protocols that enable wireless controllers to manage and control Access Points (APs).

Answer 159

A

A load balancer is a type of router that forwards traffic with a single IP address to multiple servers in turn. In most cases, a load balancing router works by processing incoming traffic based on rules set by the administrator. Because a load balancer works with IP addresses, it is a network layer device. Load balancers are not switches, gateways, or firewalls.

Answer 160

A

A private branch exchange (PBX) switches internal calls and provides access to external lines. A VoIP PBX performs the same tasks as a traditional PBX. A VoIP gateway is the device that provides the conduit between an IP network and the Public Switched Telephone Network (PSTN). A VoIP endpoint is a device that makes use of the VoIP system, such as a computer or handset. A multilayer switch is a data networking device that includes both switching and routing capabilities.

Answer 161

A

Port mirroring is a feature found in some switches that takes the form of a special port that runs in promiscuous mode. This means that the switch copies all incoming traffic to that port, as well as to the dedicated destination ports. By connecting an IDS or protocol analyzer to this port, an administrator can access all of the network’s traffic. Stateful packet inspection is a firewall feature that enables the device to examine network and transport layer header fields, looking for patterns that indicate damaging behaviors, such as IP spoofing, SYN floods, and teardrop attacks. Trunking is a switch feature that enables administrators to create VLANs that span multiple switches. Service-dependent filtering is a firewall feature that blocks traffic based on transport layer port numbers.

Answer 162

A

Bandwidth throttling, Rate limiting - Bandwidth throttling is a traffic shaping technique that prevents specified data streams from transmitting too many packets. Rate limiting is a traffic shaping technique that controls the transmission rate of sending systems. A broadcast storm is a type of network switching loop. NAT is a method by which private networks can share registered IP addresses. Neither of these last two is a traffic shaping technique.

Answer 163

A

Differentiated services (Diffserv) is a mechanism that provides Quality of Service (QoS) on a network by classifying traffic types using a 6-bit value in the differentiated services (DS) field of the IP header. Class of Service (CoS) is a similar mechanism that operates at the data link layer by adding a 3-bit Priority Code Point (PCP) value to the Ethernet frame. Traffic shaping is a means of prioritizing network traffic that typically works by delaying packets at the application layer. Quality of Service (QoS) is an umbrella term that encompasses a variety of network traffic prioritization mechanisms. Administrative distance is a value that routers use to select the most efficient route to a destination.

Answer 164

A

Link State Protocol - Distance vector protocols rely on hop counts to evaluate the efficiency of routes. Link state protocols use a different type of calculation, usually based on Dijkstra’s algorithm. The terms interior gateway protocol and edge gateway protocol do not refer to the method of calculating routing efficiency.

Answer 165

A

A single RIP broadcast packet can include up to 25 routes. If there are more than 25 routes in the computer’s routing table, then RIP must generate additional packets.

Answer 166

A

Convergence is the term for the process by which routers propagate information from their routing tables to other routers on the network using dynamic routing protocols.

Answer 167

A

Exterior Gateway Protocol (EGP) routes datagrams between autonomous systems. Interior Gateway Protocol (IGP) routes datagrams within an autonomous system. Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) are examples of interior gateway protocols.

Answer 168

A

The route command was originally created to display a Unix or Linux system’s routing table and modify its contents by adding, changing, and deleting static routes. The ip command is part of the iproute2 command-line utility package, which has replaced route in many Unix and Linux distributions. Running ip with the route parameter can manipulate the routing table. The traceroute and ifconfig tools are not commands for manipulating the routing table.

Answer 169

A

Routers that use OSPF transmit the speed of each network interface with the other OSPF routers in the network. This enables the routers to evaluate the cost of various routes through the network and transmit packets using the route with the smallest cost value. The routers do not need to share information about the data link layer protocols or network media they use or their IP addresses.

Answer 170

A

The Border Gateway Protocol (BGP) is a highly scalable protocol used for routing both on private autonomous systems, where it is known as the Internal Border Gateway Protocol (iBGP) and maintains full mesh communication among all of the routers, and on the Internet, where it is known as the External Border Gateway Protocol (eBGP).

Answer 171

A

The Internet Protocol (IP) in both of its versions (IPv4 and IPv6) includes a TTL field in its message header that limits the number of times a packet can be routed on a network. Each router processing the packet reduces the TTL value by one until it reaches zero, after which it is discarded. The Internet Control Message Protocol (ICMP) and the Internet Group Management Protocol (IGMP) do not have a TTL field.

Answer 172

A

Distributed switching describes a hierarchical switching architecture in which remote switches (departmental switches in this case) handle most of the network traffic, with a host switch used only for traffic between the remote locations.

Answer 173

A

The Spanning Tree Protocol (STP) prevents packets from endlessly looping from switch to switch due to redundant links. Creating redundant links is a good preventive against switch failure, but packets transmitted over multiple links can circulate from switch to switch infinitely. STP creates a database of switching links and shuts down the redundant ones until they are needed.

Answer 174

A

IEEE 802.1Q is a standard defining a mechanism (called Ethernet trunking by some manufacturers) that identifies the Virtual Local Area Network (VLAN) to which a packet belongs by inserting an extra 32-bit field into its Ethernet frame. IEEE 802.1P is a standard that defines a mechanism for implementing Quality of Service (QoS) at the data link layer by adding a 3-bit field into Ethernet frames. IEEE 802.1X is a standard defining an authentication mechanism called Port-based Network Access Control (PNAC). IEEE 802.1AB is a standard defining the Link Layer Discovery Protocol (LLDP). IEEE 802.1AX is a specification for the Link Aggregation Control Protocol (LACP), which is a mechanism for combining physical ports into a single logical channel.

Answer 175

A

Every network device has a unique hardware address coded into its network interface adapter, and administrators can use these addresses to select the devices that will be part of a specific Virtual Local Area Network (VLAN). When VLANs are implemented inside the switch, selecting the ports to which specific computers are attached is a simple way to identify the computers in a particular VLAN. IP addresses are layer 3 (network layer) constructs, so they do not apply to layer 2 (data link layer) devices like switches. Although DNS names do uniquely identify computers on a network, DNS is an application layer process and has nothing to do with the switching and routing processes, which occur at the data link and network layers. Therefore, you cannot use DNS names to identify the computers in a VLAN.

Answer 176

A

Ethernet uses jumbo frames at the data link layer to transfer large amounts of data more efficiently. Ethernet typically restricts frame size to 1500 bytes, but jumbo frames enable Ethernet systems to create frames up to 9000 bytes. Frames are protocol data units associated only with the data link layer, so they do not apply to the network, transport, or application layer.

Answer 177

A

10GBase-T, VLAN - Home and small office networks typically consist of a single subnet and require only a basic switch without the advanced Virtual Local Area Network (VLAN) capabilities that enable administrators to create separate subnets. Most home and small office networks have a Dynamic Host Configuration Protocol (DHCP) server that assigns IP addresses and other TCP/IP configuration settings to clients. The DHCP server can be integrated into a broadband router or another Internet access sharing solution. Most home and small office networks support Network Address Translation (NAT), enabling them to use private IP addresses and still access the Internet. 10GBase-T is the designation for UTP-based 10 Gigabit Ethernet, which is an advanced standard for network interface adapters often found in servers.

Answer 178

A

Double-tagged packets are prevented. - To join ports on different switches into one VLAN, you designate a trunk port on each switch for the traffic between switches. Initially, the native VLAN uses the default VLAN1 for trunk traffic, and that traffic is left untagged. Untagged traffic is susceptible to attacks using double-tagged packets. When you configure the native VLAN to use tagging, this makes it impervious to double-tagging. Changing the native VLAN does not create root guards or Bridge Protocol Data Unit (BPDU) guards, and all traffic continues to be switched, not routed.

Answer 179

A

BPDU guard, Root guard - Bridge Protocol Data Units (BPDUs) are messages that switches running the STP exchange to learn about the available paths through a switched network and the states of other switches. Switches should only receive BPDUs through ports that are connected to other switches. BPDU guard is a feature that prevents BPDU messages from arriving through ports connected to end systems, such as computers, thus preventing an attacker from manipulating the STP topology. A root guard affects the behavior of the STP by enforcing the selection of root bridge ports on a switched network. Without root guards, there is no way for administrators to enforce the topology of a network with a redundant switching fabric.

Answer 180

A

The IEEE 802.11n, 802.11ac, and 802.11ax standards include MIMO, which enables them to effectively multiplex signals using multiple antennae. This capability was first introduced in the 802.11n standard, so the 802.11a and 802.11b/g standards do not support it.

Answer 181

A

Wireless networks using equipment based on the IEEE 802.11n standard can span indoor distances of up to 175 feet at speeds up to 600 Mbps. An 802.11ac network can run at faster speeds—up to 1.3 Gbps—but it is limited to approximately 115-foot distances. Networks using 802.11g equipment can span 150 feet, but they run at only a maximum of 54 Mbps. An 802.11a network cannot span more than 75 feet, and it runs at no more than 54 Mbps.

Answer 182

A

Using a technique called channel bonding, the 802.11ac standard defines the combination of up to eight 20 MHz channels, for a total possible channel width of 160 MHz. The 802.11n standard can bond up to two channels, for a 40 MHz width. Earlier standards are limited to a single 20 MHz channel.

Answer 183

A

A replay attack is one in which an attacker utilizes the encryption key found in a previously captured packet to gain access to the network. Because TKIP generates a unique encryption key for every packet, it prevents this type of attack from being successful.

Answer 184

A

Install the network management software on a network computer.
Purchase a network management product.
An SNMP-based network management system consists of three components: a management console software product installed on a network computer, agents installed on the devices you want to manage, and MIBs for each of the agents. Because the switches support SNMP management and already have agents, they have MIBs also. Therefore, all you have to do is purchase the network management software and install the console on a network computer.

Answer 185

A

SNMPv1, SNMPv2c - SNMP version 1, the original version, used an unencrypted community string. SNMPv2 added better security, but it was not backward compatible with the version 1 community string. A revised version, SNMP2c, added backward compatibility. SNMPv3, the one most often seen today, includes more advanced security and does not use a community string.

Answer 186

A

Security Information and Event Management (SIEM) is a product that combines two technologies: security event management (SEM) and security information management (SIM). Together, the two provide a combined solution for gathering and analyzing information about a network’s security events. Simple Network Management Protocol (SNMP) is a technology that gathers information about managed devices.

Answer 187

A

If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet.

Answer 188

A

Every syslog message includes a single-digit severity code. Code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 1 is an alert message, indicating that immediate action is needed. Severity code 2 is a critical condition message, and code 3 is an error condition. Code 4 is a warning message.

Answer 189

A

Every syslog message includes a single-digit severity code. Code 6 indicates that the message is purely informational. Code 0 is the most severe, indicating an emergency that has rendered the system unusable. Severity code 2 is a critical condition message, and code 4 is a warning message. Code 7 is used strictly for debugging.

Answer 190

A

Messages that SNMP agents send to consoles when an event needing attention occurs are called traps. Alerts and notifications are terms for the messages that the console sends to administrators. A ping is an Internet Control Message Protocol (ICMP) echo request message sent from one TCP/IP computer to another.

Answer 191

A

Logs frequently contain sensitive information, so securing them with the appropriate permissions is an essential part of log management. Logs also can grow to overwhelm the storage medium on which they are stored, so cycling is a technique for managing log size by configuring it to delete the oldest record each time a new one is added.

Answer 192

A

In SIEM, forensic analysis is a process of searching logs on multiple computers for specific information based on set criteria and time periods. Data aggregation is a process of consolidating log information from multiple sources. Correlation is the process of linking logged events with common attributes together. Retention is the long-term storage of log data.

Answer 193

A

When individual packets in a data stream are delayed, the resulting connectivity problem is called jitter. Although this condition might not cause problems for asynchronous applications, real-time communications, such as Voice over Internet Protocol (VoIP) or streaming video, can suffer interruptions, from which the phenomenon gets its name. Latency describes a generalized delay in network transmissions, not individual packet delays. Attenuation is the weakening of a signal as it travels through a network medium. A bottleneck is a condition in which all traffic is delayed, due to a faulty or inadequate component.

Answer 194

A

All of these occurrences are malfunctions on a full-duplex Ethernet network. Runt frames occur when a network interface generates packets that are smaller than the 64-byte minimum allowable length. Giants occur when frames are larger than the 1518-byte maximum allowable length. Collisions are normal on a half-duplex network, but on a full-duplex network, collisions are considered to be malfunctions. Late collisions occur when network cables are too long.

Answer 195

A

Performance Monitor is a Windows application that can create logs of specific system and network performance statistics over extended periods. Such a log created on a new computer can function as a baseline for future troubleshooting. Event Viewer is a Windows application for displaying system log files; it cannot create a performance baseline. Syslog is a log compilation program originally created for Unix systems; it does not create performance baselines. Network Monitor is a protocol analyzer. Although it can capture a traffic sample that can function as a reference for future troubleshooting efforts, this ability cannot be called a performance baseline.

Answer 196

A

Humidity prevents the buildup of static electricity that can cause discharges that damage equipment. Humidity levels of 50 percent or lower can cause equipment to be susceptible to electrostatic shock.

Answer 197

A

When you enable audit policies on Windows systems, you can specify whether to audit successful or failed events (or both), including access attempts. This audit information is recorded in the Security event log.

Answer 198

A

Electromagnetic interference is the likely cause of CRC errors. A network interface adapter malfunction can cause runts and giant frames. Collisions are normal on a half-duplex network, but CRC errors are not. Late collisions occur when network cables are too long, but they do not cause CRC errors.

Answer 199

A

Cyclical Redundancy Checks (CRCs) are faults that occur when data does not arrive at its destination in the same state as when it was sent; they are not Simple Network Management Protocol (SNMP) components. Management Information Bases (MIBs), traps, and Object Identifiers (OIDs) are all components of a Simple Network Management Protocol (SNMP) implementation.

Answer 200

A

OSPF, IS-IS - Link states and Dijkstra’s algorithm are used by link state routing protocols, such as Open Shortest Path First (OSPF) and Intermediate System – Intermediate System (IS – IS). Routing Information Protocol (RIP) and Enhanced Interior Gateway Routing Protocol (EIGRP) are distance vector protocols, which do not use link states. Border Gateway Protocol (BGP) is a distance vector protocol and an exterior (not interior) gateway protocol.

Answer 201

A

A network map is a depiction of network devices, not drawn to scale, with additional information added, such as IP addresses and link speeds. In most cases, network maps are automatically created by a software product, such as Nmap, that scans the network and creates a display from the information it discovers.

Answer 202

A

3 units - Devices designed to fit into IT equipment racks typically have heights measured in units. One unit equals 1.75 inches. Most rack-mounted devices are one (1U), two (2U), or four units (4U) tall.

Answer 203

A

MDF and IDF documentation should take into account the power sources available at the locations, the HVAC equipment needed to keep the temperature and humidity levels under control, and the distances the cable runs must span. This type of documentation is typically used for installation and troubleshooting purposes, so the costs of components and services are unnecessary and can be covered elsewhere.

Answer 204

A

Patch panel ports and wall plates should be labeled when the cable runs are attached to them. Labeling them at any earlier time can result in cable runs being connected incorrectly.

Answer 205

A

The standard width of an equipment rack in a data center is 19 inches. Network hardware manufacturers use this width when designing rack-mountable components.

Answer 206

A

Datacenters typically mount components in racks, 19-inch-wide and approximately 6-foot-tall frameworks in which many networking components are specifically designed to fit. A rack diagram is a depiction of one or more racks, ruled out in standardized 1.752-inch rack units, and showing the exact location of each piece of equipment mounted in the rack.

Answer 207

A

A privileged user agreement specifies the abilities and limitations of users with respect to the administrative accounts and other privileges they have been granted.

Answer 208

A

On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. This grants new users the privileges they need to use the network, modifies their privileges if they change positions, and revokes privileges when they leave the company.

Answer 209

A

On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. Off-boarding revokes a user’s privileges when he or she leaves the company.

Answer 210

A

Once a network infrastructure has been partially or completely destroyed, it is no longer a matter of incident response; the responsibility passes over to the disaster recovery plan, which requires a different set of policies. Stopping, containing, and remediating an incident are all considered incident response policies.

Answer 211

A

A, B, D. Attacks, hardware failures, and crashes are all events that can be addressed by incident response policies that define what is to be done to analyze and remediate the problem. An electrical fire is typically not something that would be addressed by an IT department’s incident response team; it is a job for trained firefighters. Once the fire is out, the company’s response falls under the heading of disaster recovery.

Answer 212

A

A fail closed policy for the datacenter specifies that any open doors should lock themselves in the event of an emergency. To support this policy, the datacenter will have to have a self-contained fire suppression system, which uses devices such as fire detectors and oxygen-displacing gas systems.

Answer 213

A

While securing the area to prevent contamination of evidence, documenting the scene with photographs or video, collecting any evidence that might be visible, and cooperating with the authorities are tasks that are likely to be in the company’s incident response policy. Turning off the server most certainly would not, because this could disturb or delete evidence of the crime.

Answer 214

A

A brute-force password attack is one in which the perpetrator tries as many passwords as possible in an effort to guess or deduce the right one. Account lockout policies are intended to prevent this type of attack by limiting the number of incorrect password attempts.

Answer 215

A

Windows Server Backup cannot back up data to magnetic tape drives. However, it can back up to local hard disks, optical disks, and remote shares.

Answer 216

A

RAID 5 - RAID is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 5 combines disk striping with distributed storage of parity information, which provides fault tolerance. The parity information enables the array to rebuild a disk whose data has been lost. RAID 0 uses data striping only (blocks written to each disk in turn), which does not provide any form of fault tolerance. RAID 1 provides fault tolerance through disk mirroring. RAID 10 creates fault-tolerant mirrored stripe sets.

Answer 217

A

RAID 5 - Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 5 combines disk striping (blocks written to each disk in turn) with distributed storage of parity information, for fault tolerance. RAID 0 provides data striping only. RAID 1 provides disk mirroring. RAID 10 creates mirrored stripe sets.

Answer 218

A

A content switch is an application layer device, which is what renders it capable of reading the incoming Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) messages. HTTP is an application layer protocol. Multilayer switches do not operate above the transport layer. Failover clustering and (DNS) round-robin are both techniques for distributing incoming traffic without actually processing it.

Answer 219

A

B, D. It is an online UPS that runs devices using battery power all the time so that there is no gap to the power supplied to devices during a failure. It is a standby UPS that switches devices to battery power during a main power failure. Both online and standby UPSs provide only enough power for an orderly shutdown of the devices.

Answer 220

A

B. Online UPSs run devices from the battery all the time, while simultaneously keeping the battery charged. There is therefore no switchover gap when a power failure occurs. Online UPSs do not necessarily run longer than standby UPSs, nor do they provide more protection again power spikes and sags. Both online and standby UPSs can be managed devices.

Answer 221

A

A, B, D, E. Bonding, link aggregation, port aggregation, and Network Interface Card (NIC) teaming are all terms for the same basic technology, in which the bandwidth of multiple network adapter connections is joined to speed up transmissions. The technology also enables the network communication to continue if one of the adapters should be disconnected. Clustering refers to combining servers into a single unit, not network adapters.

Answer 222

A

Host - In a network load balancing cluster, each computer is referred to as a host. Other types of clusters use other terms. For example, in a failover cluster, each computer is called a node. The terms server and box are not used in clustering.

Answer 223

A

Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 0 uses data striping only (blocks written to each disk in turn), which does not provide any form of fault tolerance. RAID 1 provides disk mirroring, RAID 5 combines disk striping with distributed storage of parity information, and RAID 10 creates mirrored stripe sets—these three levels all provide fault tolerance.

Answer 224

A

Clustering, Load Balancing - A high availability virtual IP address implementation is when multiple servers are identified by a single address, enabling all of the servers to receive incoming client traffic. In the case of server clustering and network load balancing arrangements, the cluster itself has a unique name and IP address, separate from those of the individual servers. Clients address themselves to the cluster, not to one of the servers in the cluster. NAT is not a high availability technology, and NIC teaming does not use virtual IP addresses.

Answer 225

A

A Hot Site - Cold, warm, and hot backup sites differ in the hardware and software they have installed. A cold site is just a space at a remote location. The hardware and software must be procured and installed before the network can be restored. It is therefore the least expensive and takes the most time. A warm site has hardware in place that must be installed and configured. A hot site has all of the necessary hardware already installed, configured, and ready to go in the event of a disaster. A warm site is more expensive than a cold site, and a hot site is the most expensive and takes the least amount of time to be made operational.

Answer 226

A

A Cloud Site - A cloud site is the least expensive to implement. Cold, warm, and hot backup sites differ in the hardware and software they have installed, but they all require the maintenance of a facility for a new datacenter. A cold site is just a space at a remote location. The hardware and software must be procured and installed before the network can be restored. It is therefore the least expensive of the cold, warm, and hot options and takes the most time. A warm site has hardware in place that must be installed and configured. A hot site has all of the necessary hardware already installed, configured, and ready to go in the event of a disaster. A warm site is more expensive than a cold site, and a hot site is the most expensive and takes the least amount of time to be made operational. A cloud site is a virtual facility maintained with a cloud service provider. The cloud site does not require physical space or physical hardware, so it is therefore the least expensive.

Answer 227

A

A, D. If one of the server’s power supplies fails, the other will continue to function. If the building’s backup generator fails, the server will continue to run as long as the building still has outside power. If the UPS fails, the server will go down. If the breaker for the building power circuit trips, the server will run only as long as the UPS battery holds out.

Answer 228

A

The archive bit that backup software uses to perform incremental and differential jobs is a file attribute, so this is the most commonly used filter type. It is possible to filter files based on their names, their extensions, and their size, but these are not used as often as the archive file attribute.

Answer 229

A

Load balancing refers to the distribution of traffic between two or more channels. Port aggregation combines ports into a single logical channel with a single Media Access Control (MAC) address and provides greater throughput. Port aggregation also provides fault tolerance in the event of a port failure.

Answer 230

A

RAID 1, RAID 10 - Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 1 provides disk mirroring, and RAID 10 creates mirrored stripe sets. Both provide fault tolerance by maintaining two copies of every stored file, for a usable disk space percentage of 50 percent. Some mirroring configurations store more than two copies of each file, for even less usable space. RAID 0 provides data striping only, with no fault tolerance. RAID 5 combines disk striping (blocks written to each disk in turn) with distributed storage of parity information, for fault tolerance with a usable disk space percentage of at least 66 percent.

Answer 231

A

Disk duplexing enables a server to survive a failure of a disk drive or a disk controller. - Disk mirroring and disk duplexing both use multiple hard disk drives to store duplicate copies of all data. However, disk duplexing calls for each disk to be connected to a separate controller so that the data remains available despite a disk failure or a disk controller failure.

Answer 232

A

RAID 1, RAID 10 - Redundant Array of Independent Disks (RAID) is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 1 and RAID 10 both use disk mirroring to provide fault tolerance, which does not require parity data. RAID 0 uses data striping only (blocks written to each disk in turn), which does not provide any form of fault tolerance. RAID 5 combines disk striping with distributed storage of parity information.

Answer 233

A

Differential backups use the archive bit to determine which target files to back up. However, a differential backup does not reset the archive bit. Full backups do not pay attention to the archive bit, because they back up all of the files. A full backup, however, does clear the archive bit after the job is completed. Incremental backups also use the archive bit to determine which files have changed since the previous backup job. The primary difference between an incremental and a differential job, however, is that incremental backups clear the archive bit so that unchanged files are not backed up. There is no such thing as a supplemental backup job.

Answer 234

A

The generational media rotation system uses the terms grandfather, father, and son to refer to backup jobs that are run monthly, weekly, and daily. The jobs can be full, incremental, or differential, and the terms have nothing to do with whether the backup medium is a hard disk, optical, or any type of tape drive.

Answer 235

A

Incremental, Full - Windows Server Backup can perform full backups and incremental backups. It does not support differential backups, and there is no backup job called a supplemental.

Answer 236

A

Snapshots - Version skew can occur when a data set changes while a system backup is running. A file written to a directory that has already been backed up will not appear on the backup media, even though the job might still be running. This can result in unprotected files, or worse, data corruption. A snapshot is a read-only copy of a data set taken at a specific moment in time. By creating a snapshot and then backing it up, you can be sure that no data corruption has occurred due to version skew. Incrementals and differentials are types of backup jobs, and iteration is not a specific storage technology.

Answer 237

A

Five - An incremental backup is a job that backs up all of the files that have changed since the last backup of any kind. Therefore, to restore a system that failed on Monday at noon, you would have to restore the most recent full backup from the previous Wednesday and the incrementals from Thursday, Friday, Saturday, and Sunday.

Answer 238

A

An autochanger is a robotic device containing one or more removable media drives, such as magnetic tape or optical disk drives. The robotic mechanism inserts and removes media cartridges automatically so that a backup job can span multiple cartridges, increasing its overall capacity.

Answer 239

A

Two - A differential backup is a job that backs up all the files that have changed since the last full backup. Therefore, to restore a system that failed on Tuesday at noon, you would have to restore the most recent full backup from the previous Wednesday and the most recent differential from Monday.

Answer 240

A

Because hard drives are random access devices and tape drives are not - Data is stored on tape drives in a linear fashion. Once you write backup data to a tape, you cannot selectively replace individual files. When you perform a restore job, you might have to restore the most recent full backup, followed by incremental backups, which overwrites some of the full backup files with newer ones. Hard disk drives are random access devices, meaning that individual files can be written to and read from any location on the disk. When you perform incremental backup jobs to a hard disk, the software can restore data using any version of each file that is available.

Answer 241

A

Larger Power Input - A PDU for a datacenter performs the same basic function as an office power strip, but it typically has a larger power input. It does not necessarily have more outlets or a larger power output.

Answer 242

A

Hydrofluorocarbon (HFC) 125 is a heat-absorbing gas that is frequently used for fire suppression systems. Many large datacenters include HFC-125 total flooding fire suppression systems because the products resulting from the flame retardation process are less toxic than carbon dioxide and do not damage electric and electronic equipment as water and foam do.

Answer 243

A

RARP - FHRPs provide a fault tolerant default gateway for network hosts by automatically failing over to an alternative router address in the event of a router failure. The Reverse Address Resolution Protocol (RARP) is a deprecated Internet Protocol (IP) address assignment protocol; it is not an FHRP. Common Address Redundancy Protocol (CARP), Virtual Router Redundancy Protocol (VRRP), and Hot Standby Router Protocol (HSRP) are all FHRPs.

Answer 244

A

All - Access to the Internet can be interrupted by a failure on the Internet Service Provider’s (ISP’s) network, by a failure on the Wide Area Network (WAN) provider’s network, or by a router failure on the local network. Building redundancy into all of these elements is the best way to ensure continuous access to the Internet.

Answer 245

A

The Extensible Authentication Protocol (EAP) is the only Windows remote authentication protocol that supports the use of authentication methods other than passwords, such as smartcards. MS-CHAPv2 is a strong remote access authentication protocol, but it supports password authentication only. Users cannot use smartcards. The Challenge Handshake Authentication Protocol (CHAP) is a relatively weak authentication protocol that does not support the use of smartcards. The Password Authentication Protocol (PAP) supports only cleartext passwords, not smartcards.

Answer 246

A

Kerberos is a security protocol used by Active Directory that employs a system of tickets to authenticate users and other network entities without the need to transmit credentials over the network. IEEE 802.1X does authenticate by transmitting credentials. Temporal Key Integrity Protocol (TKIP) and Lightweight Directory Access Protocol (LDAP) are not authentication protocols.

Answer 247

A

Auditing can identify the guess patterns used by password cracking software. - Auditing of authentication activities can record both successful and unsuccessful logon attempts. Large numbers of logon failures can indicate attempts to crack passwords. Auditing tracks the time of authentication attempts, sometimes enabling you to detect off-hours logons that indicate an intrusion. Auditing does not record the passwords specified during authentications, so it cannot identify patterns of unsuccessful guesses.

Answer 248

A

TACACS+ was designed to provide authentication, authorization, and accounting services for network routers and switches. - Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide Authentication, Authorization, and Accounting (AAA) services for networks with many routers and switches, enabling administrators to access them with a single set of credentials.

Answer 249

A

802.1X - NAC is a set of policies that define security requirements that clients must meet before they are permitted to connect to a network. 802.1X is a basic implementation of NAC.

Answer 250

A

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a Remote Authentication Dial-In User Service (RADIUS) implementation that verifies the supplicant’s identity. There is no party to the transaction called an authorizing agent.

Answer 251

A

RADIUS - Remote Authentication Dial-In User Service (RADIUS) was originally conceived to provide AAA services for Internet Service Providers (ISPs), which at one time ran networks with hundreds of modems providing dial-up access to subscribers. Terminal Access Controller Access Control System Plus (TACACS+) is a protocol that was designed to provide AAA services for networks with many routers and switches, but not for dial-up connections. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services.

Answer 252

A

Remote Authentication Dial-In User Service (RADIUS) uses User Datagram Protocol (UDP) ports 1812 and 1813 or 1645 and 1646 for authentication, whereas Terminal Access Controller Access Control System Plus (TACACS+) uses Transmission Control Protocol (TCP) port 49.

Answer 253

A

Authorization is the process of determining what resources a user can access on a network. Typically, this is done by assessing the user’s group memberships. Authentication is the process of confirming a user’s identity. Accounting is the process of tracking a user’s network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.

Answer 254

A

Email Servers, Web Servers - A network segment that is separated from the internal network by a firewall and exposed to the Internet is called a screened subnet, a demilitarized zone (DMZ), or a perimeter network. Administrators typically use a screened subnet for servers that must be accessible by outside users, such as web and email servers. For security reasons, domain controllers and Dynamic Host Configuration Protocol (DHCP) servers should be located on internal network segments.

Answer 255

A

B. A vulnerability is a weakness, whether in software or hardware, of which an exploit is designed to take advantage. Neither term is specific to hardware or software.

Answer 256

A

The Common Vulnerabilities and Exposures (CVE) database is a resource that assigns identifier numbers to known security issues found in software products. By searching the database, Ralph can learn about the vulnerabilities that have already been found in the products he is evaluating. The Confidentiality - Integrity - Availability (CIA) triad lists important information security concepts, but it does not provide information about specific products. Stock Keeping Units (SKU) are product identifiers that do not involve security issues. Security Information and Event Management (SIEM) is a product that gathers and analyzes information about a network’s security events, but it would not help Ralph discover vulnerabilities in the products he is evaluating.

Answer 257

A

Lateral movement is when a user gains basic access to a network by legitimate means and then uses it to gain unauthorized access to other resources inside the network. A zero trust provides full protection for all sensitive resources, even from users already inside the network. A zero trust architecture does not protect against zero-day vulnerabilities, which are exploits in software; external threats; or deauthentication, which is a type of Denial-of-Service (DoS) attack.

Answer 258

A

A, C. A threat assessment should estimate the potential severity of a threat, such as the damage that the loss of a specific resource can cause to the organization. The assessment should also estimate the likelihood of a particular threat occurring, as the organization will have to devote more attention to the more likely threats. An assessment of the organization’s current posture (or status) with regard to a specific threat and the mitigation techniques used to counter it are both elements that come later in the risk management process, after the threat assessment has been completed.

Answer 259

A

A, C. Spoofing is the process of modifying network packets to make them appear as though they are transmitted by or addressed to someone else. One way of doing this is to modify the Media Access Control (MAC) address in the packets to one that is approved by the MAC filter. An on-pass (or man-in-the-middle) attack is one in which an attacker intercepts network traffic, reads the traffic, and can even modify it before sending it on to the destination. Denial-of-Service (DoS) is a type of attack that overwhelms a computer with traffic, preventing it from functioning properly, whereas a logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. Neither of these last two involves modifying network packets.

Answer 260

A

Bluesnarfing is an attack in which an intruder connects to a wireless device using Bluetooth, for the purpose of stealing information. Bluejacking is the process of sending unsolicited messages to a device using Bluetooth. The other options do not exist.

Answer 261

A

Permanent - Although a DoS attack typically involves traffic flooding, any attack that prevents a server from functioning can be called a DoS attack. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning. This can be a physical attack that actually damages the hardware, or the attacker can disable the server by altering its software or configuration settings. Flood-based attacks include the Distributed Denial-of-Service (DDoS) attack, one in which the attacker uses hundreds or thousands of computers controlled by malware and called bots or zombies, to send traffic to a single server or website in an attempt to overwhelm it and prevent it from functioning. An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as Domain Name System (DNS) servers, causing them to send a flood of responses to the target.

Answer 262

A

B. Distributed Denial-of-Service (DDoS) attacks use hundreds or thousands of computers that have been infected with malware, called bots or zombies, to flood a target server with traffic in an attempt to overwhelm it and prevent it from functioning. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as Domain Name System (DNS) servers, causing them to send a flood of responses to the target. Neither attack type causes a computer to flood itself.

Answer 263

A

A, B, C. A brute-force attack is one in which an attacker uses repeated guesses to find a password, an open port, or some other type of sensitive data. A Denial-of-Service (DoS) attack floods a target server with traffic so that it is unable to function normally. While both of these attack types can be mounted using specialized software, they can also be the work of a lone attacker using nothing more than the tools provided on a standard workstation. Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. It requires nothing more than a telephone or an email client. Phishing is the term for an attack that uses bogus emails or websites designed to infect users with some type of malware.

Answer 264

A

VLAN Hopping, Smurf - Smurf attacks rely on routers to forward broadcast traffic. Routers no longer forward broadcast messages, so smurf attacks have been rendered ineffective. In the same way, Virtual Area Network (VLAN) hopping, which is a method for sending commands to switches to transfer a port from one VLAN to another, is rarely seen because switches are now designed to prevent them.

Answer 265

A

On-path, Session hijacking - Address Resolution Protocol (ARP) poisoning is the deliberate insertion of fraudulent information into the ARP cache stored on computers and switches. This can enable an attacker to intercept traffic intended for another system. In an on-path (man-in-the-middle) attack, the attacker can read the intercepted traffic and even modify it before sending it on to the destination. In a session hijacking attack, the attacker can use the intercepted traffic to obtain authentication information, including passwords.

Answer 266

A

B. A replay attack is one in which an attacker utilizes the information found in previously captured packets to gain access to a secured resource. In many cases, the captured packets contain authentication data. In this way, the attacker can make use of captured passwords, even when they are encrypted and cannot be displayed.

Answer 267

A

EAP - Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages. EAP is used on wireless networks and point-to-point connections and supports dozens of different authentication methods. WiFi Protected Access (WPA) is a wireless encryption standard. Temporal Key Integrity Protocol (TKIP) is an encryption algorithm. Transport Layer Security (TLS) is an encryption protocol used for Internet communications.

Answer 268

A

PEAP, EAP-FAST - Protected Extended Authentication Protocol (PEAP) encapsulates EAP inside a Transport Layer Security (TLS) tunnel. Flexible Authentication via Secure Tunneling (FAST) also establishes a TLS tunnel to protect user credential transmissions. EAP-TLS uses TLS for encryption, but not for tunneling. EAP-PSK uses a preshared key to provide an authentication process that does not use encryption.

Answer 269

A

PEAP, EAP-FAST - The Protected Extensible Authentication Protocol (PEAP) and EAP Flexible Authentication via Secure Tunneling (EAP-FAST) both use TLS tunneling to secure authentication transmissions. EAP Password (EAP-PWD) and EAP-MP5 do not use TLS for tunneling or any other purpose.

Answer 270

A

B. Disabling SSID broadcasts is a way of hiding the presence of a wireless network, but if an intruder knows that a network is there, it is a simple matter to capture packets transmitted by the wireless devices and read the SSID from them. It is not possible to connect to a wireless network without the SSID. SSIDs are set by the administrator of the access point; they are not printed on the device’s label. SSIDs can be found relatively easily but guessing them is no easier than guessing a password.

Answer 271

A

C. Upgrading the UEFI or BIOS firmware on a server typically does not enhance its security, so it cannot be considered a form of server hardening. Disabling services and ports that are not in use reduces the attack surface of a server, and creating privileged user accounts reduces the chance that privileged accounts will be compromised. Therefore, these are all forms of server hardening.

Answer 272

A

A, D. If there is no way for unauthorized people to access the datacenter, then there is no danger of someone plugging a device into a port that is left enabled. If the switch uses an Access Control List (ACL) that specifies the Media Access Control (MAC) addresses of systems permitted to connect to it, then there is no need to disable unused ports. However, disabling the ports is probably far easier than creating and maintaining the ACL. Ports that are not patched in can still be compromised at the switch location. Enabling ports is not difficult, so accommodating new users is not a valid reason for leaving them enabled.

Answer 273

A

Deauthentication is a type of Denial-of-Service (DoS) attack in which the attacker targets a wireless client by sending a deauthentication frame that causes the client to be disconnected from the network. It is therefore not a method for hardening an access point. Upgrading the device’s firmware to apply security fixes, changing the default administrative credentials applied at the factory, and frequent Pre-Shared Key (PSK) changes are all means of hardening the security of an access point.

Answer 274

A

Network hardening is a term used to describe any method of making it more difficult for intruders to penetrate. In many cases, network hardening techniques are based on education rather than technology. Compelling users to create passwords that are difficult to guess is one example of this. Mitigation techniques are methods for reducing the severity of an attack.

Answer 275

A

Dynamic Host Configuration Protocol (DHCP) snooping is a feature found in some network switches that prevents rogue DHCP servers from assigning IP addresses to clients. It can also detect when DHCP release or decline messages arrive over a port other than the one on which the DHCP transaction originated. The other options are all techniques that are applicable to servers.

Answer 276

A

Role separation is the practice of creating a different virtual server for each server role or application. In addition to providing other benefits as well, this forces intruders to mount attacks on multiple servers to disable an entire network.

Answer 277

A

Role separation is the practice of creating a different virtual server for each server role or application. In addition to providing other benefits as well, this forces intruders to mount attacks on multiple servers to disable an entire network.

Answer 278

A

An implicit deny is a policy that denies access to a resource by default, without a rule defining that denial. Creating a new rule denying access is an explicit deny. If anyone was able to access the server remotely by default, that would be an implicit allow. An explicit allow is a rule granting specific users remote access.

Answer 279

A

Dynamic Host Configuration Protocol (DHCP) snooping is a process in which the switch examines DHCP traffic to determine the IP addresses that DHCP servers have assigned to specific MAC addresses. DAI detects ARP poisoning attempts by comparing the IP-and-MAC address pairs in ARP packets with those in the DHCP snooping table it has compiled. The switch then discards packets with address pairs that do not match. Secure SNMP Secure Network Protocol (SNP), Domain Name Server (DNS) name resolution, and Neighbor Discovery Protocol (NDP) are not used to implement DAI.

Answer 280

A

Although DHCP is an application layer service that uses the User Datagram Protocol (UDP) transport layer protocol to assign network layer IP addresses, DHCP snooping is a data link layer process in which a network switch examines incoming DHCP traffic to determine whether it originates from an authorized server and is arriving over the correct port.

Answer 281

A

A root guard affects the behavior of the Spanning Tree Protocol (STP) by enforcing the selection of root bridge ports on a switched network. Without root guards, there is no way for administrators to enforce the topology of a network with a redundant switching fabric.

Answer 282

A

A, B, C - Because only Ralph possesses the private key, only he could have signed and encrypted it. Although it is possible for someone other than Alice to have decrypted the document while it was in transit, using Ralph’s public key, that individual could not have modified it and encrypted it again.

Answer 283

A

NTFS, WAP - NTFS files and folders all have ACLs, which contain Access Control Entries (ACEs) that specify the users and groups that can access them and the specific permissions they have been granted. Wireless Access Points (WAPs) have ACLs that contain Media Access Control (MAC) addresses of the devices that are permitted to connect to the wireless network.

Answer 284

A

NAC, Security Gateways - Because many IoT devices are mobile or located in unprotected areas, a firewall is not a viable protection mechanism for all of them, nor is the practice of placing them on separate network segments. Network security mechanisms such as access control policies and centralized gateways providing authentication and authorization could conceivably be incorporated into a general IoT security standard.

Answer 285

A

Control plane policing uses Quality of Service (QoS) policies to block, allow, or impose rate limits on the traffic processed by the router or switch.

Answer 286

A

DMVPN - VPN typically enables remote clients to connect to a VPN router at a central site, much like the star topology of a Local Area Network (LAN), in which computers are all connected to a central switch. Dynamic Multipoint Virtual Private Network (DMVPN) is a technology that creates a mesh topology between the remote VPN sites, enabling the remote sites to connect directly to each other, rather than to the central VPN server.

Answer 287

A

Layer 2 Tunneling Protocol (L2TP) is used to create the tunnel forming a VPN connection, but it does not encrypt the traffic passing through the tunnel. To do this, it requires a separate protocol that provides encryption, such as Internet Protocol Security (IPSec). Point-to-Point Tunneling Protocol (PPTP) and Secure Sockets Layer (SSL) are both capable of encrypting tunneled traffic.

Answer 288

A

An extranet VPN is designed to provide clients, vendors, and other outside partners with the ability to connect to your corporate network with limited access. A host-to-site VPN is a remote access solution, enabling users to access the corporate network from home or while traveling. A site-to-site VPN enables a branch office to connect to the home office using the Internet rather a more expensive Wide Area Network (WAN) connection. A host-to-host VPN enables two individual users to establish a protected connection to each other.

Answer 289

A

Thin Client Computing - RDP is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP does not carry actual application data; it just transfers keystrokes, mouse movements, and graphic display information. Because the client program does not participate in the application computing on the server, it is known as a thin client. RDP does not provide clientless virtual private networking, encrypted tunneling, or unauthenticated file transfers.

Answer 290

A

RDP, VNC - Remote Desktop Protocol (RDP) is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP does not carry actual application data; it just transfers keystrokes, mouse movements, and graphic display information. Virtual Network Computing (VNC) is a similar desktop sharing system that is platform independent and open source. Secure Shell (SSH) and Telnet are character-based remote control solutions.

Answer 291

A

-Keystrokes
-Mouse Movements
-Display Information
RDP is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP does not carry actual application data; it just transfers keystrokes, mouse movements, and graphic display information.

Answer 292

A

A, C, D, F. A computer requires four components to establish a remote connection. First, a physical-layer Wide Area Network (WAN) connection is needed. Second, the two systems must share common protocols from the data link layer and above. Third, if TCP/IP is being used to establish a remote session, then TCP/IP parameters must be configured on the systems. Fourth, host and remote software are needed. The remote client must have software that enables it to establish a remote session, and the server must have software that enables it to receive and grant remote sessions. Microsoft RAS supports both client and server remote access software; however, this is not a required component since other types of software can be used. PPTP is a tunneling protocol and is not a required component for establishing a remote session.

Answer 293

A

The browser is using the remote network’s Internet connection. - When users connect to a remote network using VPN, they become a participant on that network, which includes using the remote network’s Internet connection. Therefore, when a user opens a browser, the application passes the user’s requests through the VPN tunnel to the remote server, which uses the default gateway and Internet connection at the remote site to connect to the desired address. This is inherently slower than connecting the browser directly to the Internet from the client computer.

Answer 294

A

The two most common types of TLS/SSL VPN connection are TLS/SSL portals, which provide users with access to selected remote network resources through a standard website, and TLS/SSL tunnels, which require the client web browser to run an active control, typically using Java or Flash. TLS/SSL client and TLS/SSL gateway are not common TLS/SSL VPN connections.

Answer 295

A

Cheaper, Slower - Because the two endpoints of a VPN are connecting to local Internet Service Providers (ISPs), the ongoing connection costs are typically much less than a long-distance WAN connection. However, in most cases, a VPN is slower because it is affected by Internet bandwidth use and other factors. VPN connections are not inherently less secure than WANs, and they are not necessarily more difficult to maintain.

Answer 296

A

VNC supports many operating systems, can run through a web browser, and is free. However, it is not any faster than the competing products.

Answer 297

A

Telnet (TELetype NETwork) was the first TCP/IP terminal emulation program, but it is rarely used today because of its limitations. It is character-based only, and it transmits all data as cleartext, which is insecure. Secure Shell (SSH) addresses the security problem, but it too is character-based. Windows Terminal Services and Virtual Network Computing (VNC) were both created to provide graphical terminal emulation.

Answer 298

A

Access to local network devices while connected to the VPN
Conservation of VPN bandwidth - A basic VPN typically uses full tunneling, in which all of the system’s network traffic is encapsulated and encrypted for transmission. Split tunneling is a variation of this method in which only part of the system’s traffic uses the VPN connection; the rest is transmitted over the network in the normal manner. Administrators can select which applications and devices use the VPN. Split tunneling can conserve Internet bandwidth used by the VPN and provide access to local services without the need for encapsulation. Split tunneling does not provide additional data integrity protection or improved performance through multiplexing.

Answer 299

A

Identify symptoms of the problem - The first step in troubleshooting is to identify the problem by establishing symptoms related to the network issue being reported. In this step, problems are typically reported as trouble tickets, which are prioritized based on the severity of the problem. You complete the other steps after the trouble ticket has been prioritized and is being investigated.

Answer 300

A

C - A systemwide error is a problem that renders an individual user’s system (computer) completely unusable. All the other problems listed would affect more than one system or user.

Answer 301

A

If a problem lies within a specific server or other network component that prevents many users from working, it is a shared resource problem. A problem that lies within resources that provide services to the entire network is a networkwide problem. Systemwide problems put a specific computer out of commission, preventing a user from getting any work done. An application problem is a problem that affects only a single user’s access to a device or application.

Answer 302

A

Since only one user is reporting the problem, the user’s computer and its configuration are the likeliest suspect components. A DNS, proxy, or router problem would affect more than one user.

Answer 303

A

Alice is using a top-to-bottom approach, based on the Open Systems Interconnection (OSI) reference model. She begins at the top of the model (the application layer) by checking the system’s email capabilities, and then proceeds downwards to check the computer’s IP configuration (at the network layer), the local network connectivity (the data link layer), and the computer’s cables (the physical layer). A bottom-to-top approach would begin with the cables.

Answer 304

A

Split Pairs - A wiremap tester consists of a main unit that connects to all eight wires of a UTP cable at once and a loopback device that you connect to the other end, enabling you to test all of the wires at once. A wiremap tester can detect opens and shorts, as well as transposed wires. However, it cannot detect split pairs because, in that fault, the pins are properly connected.

Answer 305

A

Short Circuit - The first and most essential test that installers must perform on every cable run is a continuity test, which ensures that each wire on both ends of the cable is connected to the correct pin and only the correct pin. If a pin on one end of a cable run is connected to two or more pins on the other end, the cable has a short circuit.

Answer 306

A

A short circuit is a wiring fault indicating that a pin at one end of a cable run is connected to two pins at the other end. To correct the problem, you must replace the connector with the faulty wiring. None of the other suggestions are solutions for a wiring fault.

Answer 307

A

A, C. Cable certifiers can detect all of the faults that tone generators and wiremap testers can detect, and they can do a great deal more, such as specify whether a cable run meets the performance specifications defined in a cable standard. When testing a new cable type, the specifications defined in the cable standard must be added to the device. Cable certifiers are far more expensive than most other cable testing solutions. Cable certifiers are available that support various cable media, including copper and fiber optic.

Answer 308

A

Dirty optical cables, Excessive cable length - Dirt on fiber-optic cable connectors can reduce the strength of the signal, resulting in decibel loss. Excessive cable length can result in greater attenuation and weaker signals due to the decibel loss. Electromagnetic interference and signal crosstalk are both factors that can affect copper cable transmissions, but not fiber optic.

Answer 309

A

Speed mismatch, TX/RX reversal, Bad switch port - A speed mismatch on a wired network only occurs when two devices are configured to use a specific transmission speed and those speeds are different. In that case, network communication stops. For network communication to occur on a twisted-pair network, transmit (TX) pins must be connected to receive (RX) pins. If the connections are reversed, no communication occurs. If the switch port to which a computer is connected is bad, there will be no network communication. Bottlenecks and duplex mismatches will slow down network communications, but they will not stop them completely.

Answer 310

A

Speed mismatch, Duplex mismatch - The Gigabit Ethernet standards call for switches and network adapters to support autonegotiation by default, which enables devices to communicate and select the best network speed and duplex mode available to them both. Therefore, speed mismatches and duplex mismatches no longer occur unless someone modifies the speed or duplex settings to incompatible values on one or both devices.

Answer 311

A

The Windows tracert tool transmits a series of ICMP messages with incrementing Time to Live (TTL) values, which identify each router on the path that the packets take through the network. Ping uses ICMP, but it does not manipulate TTL values. Netstat, Route, Nslookup, and Hostname do not use ICMP messages, nor do they manipulate TTL values when performing their normal functions.

Answer 312

A

traceroute - The traceroute (or tracert) utility can locate a malfunctioning router by using an Echo Request messages with incrementing Time to Live (TTL) values. ifconfig is a network configuration utility for Unix and Linux systems; ping can test connectivity to another Transmission Control Protocol/Internet Protocol (TCP/IP) system, but it cannot locate a malfunctioning router; and netstat displays information about network connections and traffic but cannot locate a malfunctioning router.

Answer 313

A

The nmap utility is capable of scanning a system for open ports that might be a security hazard.

Answer 314

A

ping and tracert are both utilities that test network layer characteristics using ICMP messages. ping tests the network layer functionality of the host, and traceroute displays the path to the host through the internetwork. ipconfig and netstat do not use ICMP messages.

Answer 315

A

-s - The netstat -s command displays packet counts and other traffic statistics for the IPv6, IPv4, ICMP, TCP, and UDP protocols. The netstat -a command displays all of a workstation’s current connections and ports on which it is listening. The netstat -e command displays Ethernet statistics, such as the number of bytes and packets sent and received. The netstat -r command displays the computer’s routing table.

Answer 316

A

Running netstat with the -e parameter on a Windows workstation displays Ethernet statistics, including the number of bytes and packets the workstation has sent and received. The ipconfig command displays Transmission Control Protocol/Internet Protocol (TCP/IP) configuration data; it does not display network traffic statistics. The tcpdump and iptables commands both run only on Unix and Linux workstations.

Answer 317

A

The Internet Protocol (IP) address 127.0.0.1 is a dedicated loopback address that directs outgoing IP traffic directly into the incoming IP traffic buffer. A successful ping test using that address indicates that the computer’s Transmission Control Protocol/Internet Protocol (TCP/IP) stack is functioning properly, but the traffic never reaches the network adapter or the network, so the test does not confirm that the adapter is functioning or that the computer has a correct IP address for the network.

Answer 318

A

B, C, D. When you run the netstat command without any switch options, it displays the computer’s active connections. Running netstat -e displays the computer’s interface statistics. Running netstat -r displays the routing table. There is no netstat switch that displays the computer’s connection state.

Answer 319

A

NetFlow Analyser - A NetFlow analyzer is a tool that can collect network traffic data and analyze how bandwidth is being used and who is using it. A protocol analyzer is also a tool that captures network packets, but for the purpose of analyzing their contents. A bandwidth speed tester measures a network’s internet access speed. An Internet Protocol (IP) scanner lists the IP addresses that are in use on a network.

Answer 320

A

UDP - On Unix and Linux systems, the traceroute utility tests Transmission Control Protocol/Internet Protocol (TCP/IP) connectivity by transmitting User Datagram Protocol (UDP) messages. This is unlike the tracert utility on Windows systems, which uses Internet Control Message Protocol (ICMP) messages. Neither version uses TCP or Hypertext Transfer Protocol (HTTP).

Answer 321

A

route add 192.168.99.0 MASK 255.255.255.0 192.168.3.100 -
The correct syntax for the Windows route add command is to specify the destination network address, followed by the subnet mask for the destination network, followed by the address of the router interface on the local network that provides access to the destination network. The other options do not specify the correct addresses in the syntax.

Answer 322

A

Port Sweeping - Port scanning identifies open ports on a single computer, whereas port sweeping scans multiple computers for a single open port. War driving and bluejacking are methods of attacking wireless networks.

Answer 323

A

D. A protocol analyzer captures frames and displays their contents, including the header fields created by the protocols at the various Open Systems Interconnection (OSI) model layers. To interpret the exchanges between the computers on the network, you must be familiar with the protocols and how they operate. Protocol analyzers are useful tools in the hands of experienced network administrators, but they can also be used for malicious purposes, such as displaying unencrypted passwords and other confidential information in the captured packets. The difference between analyzers and sniffers is that analyzers read the internal contents of the packets they capture, parse the individual data units, and display information about each of the protocols involved in the creation of the packet, while sniffers look for trends and patterns in the network traffic without examining the contents of each packet.

Answer 324

A

A, B. nmap is a command-line utility that scans a range of IP addresses, runs a series of scripts against each device it finds, and displays a list of the open ports it finds on each one. Nessus is similar to nmap in that it also scans a range of IP addresses to find open ports, but it then proceeds to mount attacks against those ports, to ascertain their vulnerability.

Answer 325

A

top - The top utility displays performance information about the currently running processes on a Unix/Linux system.

Answer 326

A

Transport - A port is a numbered service endpoint identifying an application running on a Transmission Control Protocol/Internet Protocol (TCP/IP) system. A port scanner examines a system for open endpoints, accessible using the TCP or User Datagram Protocol (UDP) at the transport layer, which intruders can conceivably use to gain access to the system from the network.

Answer 327

A

A. Once the frames are in the buffer, Alice can configure a display filter to block the unwanted frames from view. This does not delete them from the buffer. Since the capture was already performed, there is no need to restart the capture. Configuring a capture filter will not meet the requirements, because the filter will eliminate the other frames completely from the buffer. It is not possible to delete specific frames from an analyzer buffer.

Answer 328

A

B, D, E. Interference resulting from channel overlap, a weak signal due to incorrect antenna polarization, and signal loss due to antenna cable attenuation could render the workstation unable to make contact with the AP. An incorrect passphrase would not be the problem unless Ralph had already seen the AP and attempted to connect to it. An incorrect Service Set Identifier (SSID) would be the problem only if Ralph had already attempted to manually enter an SSID.

Answer 329

A

A patch antenna is a flat device that transmits signals in a half-spherical pattern. By placing the antenna against the building’s outer wall, Ralph can provide coverage inside the building and minimize coverage extending to the outside.

Answer 330

A

B, C. The first steps Alice should take are the simplest ones: make sure that the wireless interface in the user’s laptop is turned on and that she is attempting to connect to the correct SSID for the company network. Changing the channel would not be necessary unless other users in the area are also having problems due to interference. The 802.11n wireless networking standard is backward compatible with 802.11g, so it should not be necessary to provide the user with a new network adapter.

Answer 331

A

C. If the users are losing their connections due to interference from other types of devices, changing the channel alters the frequency the network uses and can enable it to avoid the interference. The other options are not likely to affect any condition that would cause users to drop their connections.

Answer 332

A

Effective Isotropic Radiated Power (EIRP) is a measurement of the signal strength generated by an access point (or other radio transceiver) with a particular antenna. Received Signal Strength Indicator (RSSI) is a measurement of the strength of the signal received by a device from an access point. Service Set Identifier (SSID) is a designation assigned to a specific wireless network, which appears in the Available Networks list of a WiFi client. Multiple Input, Multiple Output (MIMO) is a technology used by some IEEE wireless networking standards to increase throughput by using multiple antennae.

Answer 333

A

A. The problem is unlikely to be a bad hub port or a bad cable, so moving the cable from port 4 to port 2 will not help. The problem is the crossover circuit between the two computers. The two systems were once connected directly together, which means that Ralph was using a crossover cable. The hub also provides a crossover circuit (except in the X port), and old hubs often do not autonegotiate crossovers. Therefore, the connection has two crossovers, which is the equivalent of wiring transmit pins to transmit pins, instead of transmit pins to receive pins. All of the other options eliminate one of the crossover circuits, enabling the computers to be wired correctly.

Answer 334

A

Open and Short circuits - An open circuit is caused either by a break in the wire somewhere inside the cable or a bad connection with the pin in one or both connectors. A short is when a wire is connected to two or more pins at one end of the cable or when the conductors of two or more wires are touching inside the cable. In this instance, the damage to the cables could have resulted in either condition. A split pair is a connection in which two wires are incorrectly mapped in exactly the same way on both ends of the cable. Having transposed pairs is a fault in which both of the wires in a pair are connected to the wrong pins at one end of the cable. Both of these faults are the result of incorrect wiring during installation; they are not caused by damaged cables.

Answer 335

A

Internet Group Management Protocol (IGMP) snooping is a switching technique that prevents network hosts from receiving multicast packets when they are not members of the multicast group. The multicast traffic will still appear on the network, but only the members of the multicast group will process the packets.

Answer 336

A

Because DHCP clients use ARP broadcasts to check for duplicate IP addresses -
When a Dynamic Host Configuration Protocol (DHCP) client is offered an Internal Protocol (IP) address by a DHCP server, the client broadcasts Address Resolution Protocol (ARP) requests using that address before accepting it. If another computer on the local network is using the offered address, the computer responds to the ARP request, and the DHCP client declines the address. The DHCP server then offers another address. Domain Name Service (DNS) queries and routing table checks are not reliable means of checking for duplicate IP addresses. It is possible to have two DHCP servers on the same local network, but they must be configured with scopes that do not overlap.

Answer 337

A

Duplicate MAC addresses - If someone on the network is spoofing the Media Access Control (MAC) address of Ed’s workstation, the MAC address table in the switch handing the network traffic might be continually changing as packets from each computer reach the switch. This could cause some of the response packets to be forwarded to Ed’s workstation and some to the spoofer’s workstation. Duplicate IP addresses would not cause this problem, because they would be detected by the operating system. Blocked Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports, incorrect firewall settings, or a flood of multicast transmissions could prevent Ed from receiving responses, but they would not be sent to another workstation.

Answer 338

A

For the link pulse LED on the switch port to light up, there must be a completed connection between the switch and a computer at the other end. None of the other options will cause the LED to light.

Brainscape's Knowledge GenomeTM

CompTIA Network+ Practice N10-008 2nd edition Flashcards

CompTIA Practice Questions

Brainscape's Knowledge Genome^TM