Domain 4: Review Questions

Question 1

At which layer of the OSI model does the encapsulation process begin?

A. Transport
B. Application
C. Physical
D. Session

Answer 1

B.

The Application layer (Layer 7) is the place where the encapsulation process begins.

This layer receives the raw data from the application in use and provides services such as file transfer and message exchange to the application (and thus the user).

Question 2

Which layers of the OSI model are equivalent to the Link layer of the TCP/IP model? (Choose two.)

A. Data Link
B. Physical
C. Session
D. Application
E. Presentation

Answer 2

A, B.

The Link layer of the TCP/IP model provides the services provided by both the Data Link and the Physical layers in the OSI model.

Question 3

Which of the following represents the range of port numbers that is referred to as “well-known” port numbers?

A. 49152–65535
B. 0–1023
C. 1024–49151
D. All above 500

Answer 3

B.

The port numbers in the range 0 to 1023 are the well-known ports, or system ports. They are assigned by the IETF for standards-track protocols, as per RFC 6335.

Question 4

What is the port number for Hypertext Transfer Protocol (HTTP)?

A. 23
B. 443
C. 80
D. 110

Answer 4

C. 80

The listed port numbers are as follows:

23—Telnet
443—HTTPS
80—HTTP
110—POP3

Question 5

What protocol in the Transmission Control Protocol/Internet Protocol (TCP/IP) suite resolves IP addresses to MAC addresses?

A. ARP
B. TCP
C. IP
D. ICMP

Answer 5

A.

Address Resolution Protocol (ARP) resolves IP addresses to MAC addresses.

Question 6

How many bits are contained in an IPv4 address?

A. 128
B. 48
C. 32
D. 64

Answer 6

C.

IPv4 addresses are 32 bits in length and can be represented in either binary or in dotted-decimal format. IPv6 addresses are 128 bits in length and are composed of hexadecimal characters.

Question 7

Which of the following is a Class C IPv4 address?

A. 172.16.5.6
B. 192.168.5.54
C. 10.6.5.8
D. 224.6.6.6

Answer 7

B.

The IP Class C range of addresses is from 192.0.0.0 to 192.168.0.0–192.168.255.255.

Question 8

Which of the following is a valid private IP address?

A. 10.2.6.6
B. 172.15.6.6
C. 191.6.6.6
D. 223.54.5.5

Answer 8

A. 10.2.6.6

Valid private IP address ranges are

Class A - 10.0.0.0 to 10.255.255.255
Class B - 172.16.0.0 to 172.31.255.255
Class C - 192.168.0.0 to 192.168.255.255

Question 9

Which service converts private IP addresses to public IP addresses?

A. DHCP (Dynamic Host Configuration Protocol)
B. DNS (Domain Name System)
C. NAT (Network Address Translation)
D. WEP (Wired Equivalent Privacy)

Answer 9

C.

Network Address Translation (NAT) is a service that can be supplied by a router or by a server. The device that provides the service stands between the local LAN and the Internet. When packets need to go to the Internet, the packets go through the NAT service first. The NAT service changes the private IP address to a public address that is routable on the Internet. When the response is returned from the Web, the NAT service receives it and translates the address back to the original private IP address and sends it back to the originator.

Question 10

Which of the following transmission types uses stop and start bits in its communication?

A. Asynchronous
B. Unicast
C. Multicast
D. Synchronous

Answer 10

A.

With asynchronous transmission, the systems use start and stop bits to communicate when each byte is starting and stopping. This method also uses what are called parity bits to be used for the purpose of ensuring that each byte has not changed or been corrupted en route. This introduces additional overhead to the transmission.

Question 11

Which protocol encapsulates Fibre Channel frames over Ethernet networks?

A. MPLS (Multiprotocol Label Switching)
B. FCoE (Fibre Channel over Ethernet)
C. iSCSI (Internet Small Computer Systems Interface)
D. VoIP (Voice over Internet Protocol)

Answer 11

B.

Fibre Channel over Ethernet (FCoE) encapsulates Fibre Channel frames over Ethernet networks.

Question 12

Which protocol uses port number 143?

A. Remote Desktop Protocol (RDP)
B. Apple Filing Protocol (AFP)
C. Internet Message Access Protocol (IMAP)
D. Secure Shell Protocol (SSH)

Answer 12

C.

IMAP uses port 143. RDP uses port 3389. AFP (Apple Filing Protocol) uses port 548. SSH uses port 22.

Question 13

Which of the following best describes NFS?

A. An email protocol
B. A directory query protocol that is based on X.500
C. An Application layer protocol that is used to retrieve information from network devices
D. A client/server file-sharing protocol used in Unix/Linux

Answer 13

D.

NFS is a client/server file-sharing protocol used in Unix/Linux.

Question 14

Which of the following is a multilayer protocol that is used between components in process automation systems generally used in electric and water companies?

A. DNP3 (Distributed Network Protocol 3)
B. VoIP (Voice over Internet Protocol)
C. WPA (Wi-Fi Protected Access)
D. WPA2 (Wi-Fi Protected Access 2)

Answer 14

A.

DNP3 is a multilayer protocol that is used between components in process automation systems in electric and water companies.

Question 15

Which wireless communication standard includes multi-user, multiple input, multiple output (MU-MIMO)?

A. 802.11a
B. 802.11ac
C. 802.11g
D. 802.11n

Answer 15

B. 802.11ac includes multi-user multiple-input, multiple-output (MU MIMO).

Question 16

Which of the following is a service that goes beyond authentication of the user and examines the state of the computer that the user is introducing to the network when making a remote access or VPN (virtual private network) connection to the network?

A. NAC (network access control)
B. SNAT (stateful network address translation)
C. LDP (Label Distribution Protocol)
D. RARP (Reverse Address Resolution Protocol)

Answer 16

A.

Network access control goes beyond authentication of the user and includes an examination of the state of the computer the user is introducing to the network when making a remote access or VPN connection to the network.

Stateful NAT (SNAT) implements two or more NAT devices to work together as a translation group. One member provides network translation of IP address information. The other member uses that information to create duplicate translation table entries. Label Distribution Protocol (LDP) allows routers capable of Multiprotocol Label Switching (MPLS) to exchange label mapping information. Reverse ARP (RARP) resolves MAC addresses to IP addresses.

Question 17

Which of the following assigns an IP address to a device if the device is unable to communicate with the DHCP server in a Windows-based network?

A. NFC (Near Field Communication)
B. Dynamic NAT (Network Address Translation)
C. APIPA (Automatic Private IP Addressing)
D. Mobile IPv6

Answer 17

C.

Automatic Private IP Addressing (APIPA) assigns an IP address to a device if the device is unable to communicate with the DHCP server; APIPA is primarily implemented in Windows. The range of IP addresses assigned is 169.254.0.1 to 169.254.255.254 with a subnet mask of 255.255.0.0.

Near Field Communication (NFC) is a set of communication protocols that allow two electronic devices, one of which is usually a mobile device, to establish communication by bringing them within 2 inches of each other. With dynamic NAT, multiple internal private IP addresses are given access to multiple external public IP addresses. This is considered a many-to-many mapping. Mobile IPv6 (MIPv6) is an enhanced protocol supporting roaming for a mobile node so that it can move from one network to another without losing IP-layer connectivity (as defined in RFC 3775).

Question 18

Which of the following is a field of security that attempts to protect individual systems in a network by staying in constant contact with them from a central location?

A. IP convergence
B. Remote access
C. Static NAT
D. Endpoint security

Answer 18

D.

Endpoint security is a field of security that attempts to protect individual systems in a network by staying in constant contact with these individual systems from a central location.

IP convergence involves carrying different types of traffic over one network. The traffic includes voice, video, data, and images. It is based on the Internet Protocol (IP) and supports multimedia applications. Remote access allows users to access an organization’s resources from a remote connection. These remote connections can be direct dial-in connections but more commonly use the Internet as the network over which the data is transmitted. With static NAT, an internal private IP address is mapped to a specific external public IP address. This is considered a one-to-one-mapping.

Question 19

Which of the following accelerates software deployment and delivery, thereby reducing IT costs through policy-enabled workflow automation?

A. Virtual storage-area network (VSAN)
B. Internet Group Management Protocol (IGMP)
C. Transport Layer Security/Secure Sockets Layer (TLS/SSL)
D. Software-defined networking (SDN)

Answer 19

D.

Software-defined networking (SDN) accelerates software deployment and delivery, thereby reducing IT costs through policy-enabled workflow automation. It enables cloud architectures by providing automated, on-demand application delivery and mobility at scale.

A virtual storage-area network (VSAN) is a software-defined storage method that allows pooling of storage capabilities and instant and automatic provisioning of virtual machine storage. Internet Group Management Protocol (IGMP) provides multicasting capabilities to devices. Multicasting allows devices to transmit data to multiple recipients. IGMP is used by many gaming platforms. Transport Layer Security/Secure Sockets Layer (TLS/SSL) is used for creating secure connections to servers. It works at the Application layer of the OSI model. It is used mainly to protect HTTP traffic or web servers.

Question 20

Which of the following types of Extensible Authentication Protocol (EAP) is not recommended for WLAN implementations because it supports one-way authentication and may allow the user’s password to be derived?

A. EAP-Message Digest 5 (EAP-MD5)
B. EAP-Transport Layer Security (EAP-TLS)
C. EAP-Tunneled TLS (EAP-TTLS)
D. Protected EAP (PEAP)

Answer 20

A.

EAP-Message Digest 5 (EAP-MD5) provides base-level EAP support using one-way authentication. This method is not recommended for WLAN implementations because it may allow the user’s password to be derived.

EAP-Transport Layer Security (EAP-TLS) uses certificates to provide mutual authentication of the client and the network. The certificates must be managed on both the client and server side. EAP-Tunneled TLS (EAP-TTLS) provides for certificate-based, mutual authentication of the client and network through an encrypted channel (or tunnel). It requires only server-side certificates. Protected EAP (PEAP) securely transports authentication data, including legacy password-based protocols, via 802.11 Wi-Fi networks using tunneling between PEAP clients and an authentication server (AS). It uses only server-side certificates.

Question 21

Which of the following is considered the wireless access point during the 802.1X authentication process?

A. Supplicant
B. Authenticator
C. Authentication server
D. Multimedia collaborator

Answer 21

B. Authenticator

There are three basic entities during 802.1X authentication:

Supplicant: A software client running on the Wi-Fi workstation
Authenticator: The wireless access point
Authentication server (AS): A server that contains an authentication database, usually a RADIUS server

Question 22

During a routine network security audit on a local network, you suspect the presence of several rogue wireless access points (WAPs). What should you do first to identify if and where any rogue WAPs have been deployed on the network?

A. Adjust the power levels on all valid WAPs to decrease the coverage radius.
B. Replace all valid WAP directional antennas with omnidirectional antennas.
C. Perform a wireless site survey.
D. Ensure that all valid WAPs are using WPA2.

Answer 22

C.

Administrators perform a site survey prior to deploying a new wireless network to determine the standard and possible channels deployed. After a wireless network is deployed, site surveys are used to determine whether rogue access points have been deployed or to determine where new access points should be deployed to increase the range of the wireless network. Although adjusting all WAP power levels, replacing all antennas, and ensuring WPA2 is being used are all related to WAPs, they are not the best solution to the question presented.

Question 23

Which of the following would be considered a valid IPv6 address?

A. 192.72.103
B. 11011000.00000101.000011
C. 1.1.193.62
D. 2001:0db8:0055:0000:cd23:0000:0000:0205/48

Answer 23

D. 2001:0db8:0055:0000:cd23:0000:0000:0205/48 is a valid IPv6 address that can be compressed to 2001:db8:55:0:cd23::205/48.

Question 24

What type of attack occurs when more than one system or device floods the bandwidth of a targeted system or network?

A. Domain Name System Security Extensions (DNSSEC)
B. Domain grabbing
C. Cybersquatting
D. Distributed denial-of-service (DDoS)

Answer 24

D.

A distributed denial-of-service (DDoS) attack occurs when more than one system or device floods the bandwidth of a targeted system or network.

A newer approach to preventing DNS attacks is a stronger authentication mechanism called Domain Name System Security Extensions (DNSSEC). Many current implementations of DNS software contain this functionality. It uses digital signatures to validate the source of all messages to ensure they are not spoofed. Domain grabbing occurs when individuals register a domain name of a well-known company before the company has the chance to do so. Then later the individuals hold the name hostage until the company becomes willing to pay to get the domain name. When domain names are registered with no intent to use them but with intent to hold them hostage, it is called cybersquatting.

Question 25

What type of attack is occurring when the attacker intercepts legitimate traffic between two entities?

A. Man-in-the-middle (MITM)
B. Smurf
C. Bluejacking
D. Bluesnarfing

Answer 25

A.

A man-in-the-middle (MITM) attack intercepts legitimate traffic between two entities. The attacker can control information flow and can eliminate or alter the communication between the two parties.

A smurf attack is a denial-of-service (DoS) attack that uses a type of ping packet called an ICMP ECHO REQUEST. Bluejacking occurs when an unsolicited message is sent to a Bluetooth-enabled device, often for the purpose of adding a business card to the victim’s contact list. This attack can be prevented by placing the device in non-discoverable mode. Bluesnarfing is the unauthorized access to a device using the Bluetooth connection. In this case, the attacker is trying to access information on the device rather than send messages to the device.

Question 26

Gary wants to distribute a large file and prefers a peer-to-peer content delivery network (CDN). Which of the following is the most common example of this type of technology?

A. CloudFlare
B. BitTorrent
C. Amazon CloudFront
D. Akamai Edge

Answer 26

B.

BitTorrent is an example of a peer-to-peer (P2P) content delivery network. It is commonly used for legitimate purposes to distribute large files like Linux ISOs and other freely distributed software packages and files in addition to its less legitimate uses. CloudFlare, CloudFront, and Akamai’s Edge are all hosted CDNs.

Question 27

What is the purpose of a virtual domain (VDOM)?

A. They combine multiple virtual instances into a single domain.
B. They divide a firewall device or appliance into two or more virtual firewalls.
C. They create a virtual domain controller.
D. They allow the hosting of multiple domain names for a single host.

Answer 27

B.

VDOMs are instances of firewalls, each with their own interfaces and rulesets allowing granular configurations based on security requirements. VDOMs are commonly used to accommodate different purposes, customers, or other needs where separately managed firewall instances are desirable. They don’t combine instances; instead, they create separate instances, they aren’t domain controllers, and hosting multiple domain names does not require a VDOM.

Question 28

Ben has connected his laptop to his tablet PC using an 802.11ac connection. What wireless network mode has he used to connect these devices?

A. Infrastructure mode
B. Wired extension mode
C. Ad hoc mode
D. Stand-alone mode

Answer 28

C.

Ben is using ad hoc mode, which directly connects two clients. It can be easy to confuse this with stand-alone mode, which connects clients using a wireless access point but not to wired resources like a central network. Infrastructure mode connects endpoints to a central network, not directly to each other. Finally, wired extension mode uses a wireless access point to link wireless clients to a wired network.

Question 29

Selah’s and Nick’s PCs simultaneously send traffic by transmitting at the same time. What network term describes the range of systems on a network that could be affected by this same issue?

A. The subnet
B. The supernet
C. A collision domain
D. A broadcast domain

Answer 29

C.

A collision domain is the set of systems that could cause a collision if they transmitted at the same time. Systems outside a collision domain cannot cause a collision if they send at the same time. This is important, as the number of systems in a collision domain increases the likelihood of network congestion due to an increase in collisions. A broadcast domain is the set of systems that can receive a broadcast from each other. A subnet is a logical division of a network, while a supernet is made up of two or more networks.

Question 30

Sarah is manually reviewing a packet capture of TCP traffic and finds that a system is setting the RST flag in the TCP packets it sends repeatedly during a short period of time. What does this flag mean in the TCP packet header?

A. RST flags mean “Rest.” The server needs traffic to briefly pause.
B. RST flags mean “Relay-set.” The packets will be forwarded to the address set in the packet.
C. RST flags mean “Resume Standard.” Communications will resume in their normal format.
D. RST means “Reset.” The TCP session will be disconnected.

Answer 30

D.

The RST flag is used to reset or disconnect a session. It can be resumed by restarting the connection via a new three-way handshake.

Question 31

Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Which one of the following wireless networking standards should he use?

A. 802.11ac
B. 802.11g
C. 802.11n
D. 802.11ax

Answer 31

D.

He should choose 802.11ax, which supports theoretical speeds up to 9.6 Gbps. 802.11ac supports up to 5.9 Gbps, 802.11n supports up to 600 Mbps, and 802.11g is only capable up to 54 Mbps.

Question 32

Name the versions of the 802.11 standard for wireless network communications. Provide the bandwidth and the frequencies at which they operate.

Answer 32

Question 33

Michele wants to replace FTP traffic with a secure replacement. What secure protocol should she select instead?

A. TFTP
B. HFTPS
C. SecFTP
D. SFTP

Answer 33

D.

Both FTP/S and SFTP are commonly used as replacement insecure FTP services. SFTP offers the advantage of using SSH for transfers, making it easy to use existing firewall rules. TFTP is trivial FTP, an insecure quick transfer method often used to transfer files for network devices, among other uses. HFTPS and SecFTP were made up for this question.

Question 34

Jake has been told that there is a layer 3 problem with his network. Which of the following is associated with layer 3 in the OSI model?

A. IP addresses
B. TCP and UDP protocols
C. MAC addresses
D. Sending and receiving bits via hardware

Answer 34

A.

The Network layer, or layer 3, uses IP addresses for logical addressing. TCP and UDP protocols are used at the Transport layer, which is layer 4. Hardware addresses are used at layer 2, the Data Link layer, and sending and receiving bits via hardware is done at the Physical layer (layer 1).

Question 35

Frank is responsible for ensuring that his organization has reliable, supported network hardware. Which of the following is not a common concern for network administrators as they work to ensure their network continues to be operational?

A. If the devices have vendor support
B. If the devices are under warranty
C. If major devices support redundant power supplies
D. If all devices support redundant power supplies

Answer 35

D.

Most networks include many edge devices like wireless access points and edge switches. These devices often have a single power supply to balance cost against reliability and will simply be replaced if they fail. More critical devices like routers and core switches are typically equipped with redundant power supplies to ensure that larger segments of the network do not fail if a component fails. Of course, making sure devices are supported so they get updates and that they are under warranty are both common practices for supportable networks.

Question 36

Brian is analyzing his network traffic and is focused on the variance of the delay between packets of data that are sent between two of his sites. What is he analyzing?

A. Latency
B. Jitter
C. Throughput
D. Signal-to-noise ratio

Answer 36

B.

Brian is analyzing the jitter, which is the variance in delay between packets. This can indicate issues along the path the packets take. Latency is the time it takes a packet to reach its destination, throughput is a measure of the volume of traffic that can be sent, and signal to noise ratios compare the amount of desired information that is received versus the level of background noise or unwanted data.

Question 37

Which one of the following protocols is commonly used to provide back-end authentication services for a VPN?

A. HTTPS
B. RADIUS
C. ESP
D. AH

Answer 37

B.

The Remote Access Dial In User Service (RADIUS) protocol was originally designed to support dial-up modem connections but is still commonly used for VPN-based authentication. HTTPS is not an authentication protocol. ESP and AH are IPsec protocols but do not provide authentication services for other systems.

Question 38

Isaac wants to ensure that his VoIP session initialization is secure. What protocol should he ensure is enabled and required?

A. SVOIP
B. PBSX
C. SIPS
D. SRTP

Answer 38

C.

SIPS, the secure version of the Session Initialization Protocol for VoIP, adds TLS encryption to keep the session initialization process secure. SVOIP and PBSX are not real protocols, but SRTP is the secure version of RTP, the Real time Transport Protocol.

Question 39

What type of firewall design is shown in the diagram?

A. A single-tier firewall
B. A two-tier firewall
C. A three-tier firewall
D. A four-tier firewall

Answer 39

B.

The firewall in the diagram has two protected zones behind it, making it a two-tier firewall design.

Question 40

From the diagram, if the VPN grants remote users the same access to network and system resources as local workstations have, what security issue should Chris raise?

A. VPN users will not be able to access the web server.
B. There is no additional security issue; the VPN concentrator’s logical network location matches the logical network location of the workstations.
C. Web server traffic is not subjected to stateful inspection.
D. VPN users should only connect from managed PCs.

Answer 40

D.

Segmentation is a critical concept for network designers. Remote PCs that connect to a protected network need to comply with security settings and standards that match those required for the internal network. The VPN concentrator logically places remote users in the protected zone behind the firewall, but that means user workstations (and users) must be trusted in the same way that local workstations are.

Question 41

15. Chris wants to implement security controls in his data center at the level of individual services and workloads. He plans to use firewall rules and other controls as well as on-demand access to services as part of his security design. What design concept is he implementing?

A. Converged protocols
B. Physical segmentation
C. Edge network-based design
D. Micro-segmentation

Answer 41

D.

Micro-segmentation is used to logically separate systems and services by defining boundaries between them. This is often part of a zero trust architecture including the use of on-demand access to services. Converged protocols implement other protocols over another protocol like iSCSI or InfiniBand over Ethernet. Physical segmentation uses separate physical devices and infrastructure to provide segmentation. Edge networks place computation and storage closer to the end user.

Question 42

As part of his segmentation approach, Chris also wants to segment network routes. What type of solution should he select?

A. VPCs
B. VRF
C. VLANs
D. A CDN

Answer 42

B.

Virtual routing and forwarding (VRF) is used to allow multiple routing tables to exist in a virtual router, all working simultaneously as defined by network traffic rules. A VPC may include VRF capabilities, but VRF would still be required to complete this requirement. VLANs are used to separate network segments, not to provide routing, and a content distribution network is used to provide high-performance, denial-of-service-resistant content replication and access from a large-scale network of replicas.

Question 43

Ben has configured his network to not broadcast an SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?

A. Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets.
B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer.
C. Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID.
D. Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network.

Answer 43

B.

Disabling SSID broadcast can help prevent unauthorized personnel from attempting to connect to the network. Since the SSID is still active, it can be discovered by using a wireless sniffer. Encryption keys are not related to SSID broadcast, beacon frames are used to broadcast the SSID, and it is possible to have multiple networks with the same SSID.

Question 44

Chuck is in charge of a commercial data center that handles many customers who host their servers there. He wants to be able to configure his data center network to adjust to traffic pattern changes and to manage bandwidth and other options. What technology should he implement to allow central, programmatic control of his network?

A. SDN
B. SD-WAN
C. Proxy routing
D. Agile networking

Answer 44

A.

Software-defined networking (SDN) uses code to configure and control the network. This allows for agile, programmatic control and configuration as needed from a central control point. SD-WAN provides the same sort of control for wide area network links, which aren’t mentioned in this question. Proxy routing occurs when a proxy server routes traffic between clients and other systems, and agile networking is not a commonly used term.

Question 45

Susan wants to access her company’s SAN via Ethernet and knows that she can access it as a block-level storage device. What converged protocol is she most likely to use?

A. CXL
B. SDWAN
C. iSCSI
D. Zigbee

Answer 45

C.

iSCSI is a converged protocol that supports SCSI storage access via Ethernet. CXL is Compute Express Link, often used to interconnect memory, CPUs, and accelerators. SD-WAN is a software-defined wide area network, and Zigbee is a low-power wireless protocol.

Question 46

Melissa wants to leverage a cloud service provider’s edge services. What will peering allow her to do in this scenario?

A. Ensure that a copy of any data stored in the cloud is also replicated in her local data center.
B. Provide a direct path from her on-premises network to the cloud provider’s services.
C. Control traffic flows via software-defined routes.
D. Host copies of her sites at multiple locations hosted by her cloud computing service provider.

Answer 46

B.

Peering allows you to connect directly to a provider’s network at a peering location where they provide edge facilities. This can reduce ingress/egress costs as well as provide direct paths to their networks and services. Replication of data is not an artifact of or a result of peering. Controlling traffic flows via software-defined routes is done using SD-WAN, and hosting copies of sites at multiple locations is a typical result of using a CDN.

Question 47

Jake wants to describe traffic sent between servers in his data center. What common terminology should he use to describe this?

A. North/South
B. Privilege/Unprivileged
C. East/West
D. Store/Forward

Answer 47

C.

Traffic sent between systems in the same data center is called east/west traffic since it does not flow across network boundaries. East/west traffic requires additional design work in many organizations if monitoring and other security is desired. Traffic that is external to the data center, either inbound or outbound, is called north/south traffic. Privileged/unprivileged and store/forward are not typically used to describe the traffic flows in the question.

Question 48

During a security assessment, Jim discovers that the organization he is working with uses a multilayer protocol to handle SCADA systems and recently connected the SCADA network to the rest of the organization’s production network. What concern should he raise about serial data transfers carried via TCP/IP?

A. SCADA devices that are now connected to the network can be attacked over the network.
B. Serial data over TCP/IP cannot be encrypted.
C. Serial data cannot be carried in TCP packets.
D. TCP/IP’s throughput can allow for easy denial-of-service attacks against serial devices.

Answer 48

A.

Multilayer protocols like Distributed Network Protocol (DNP3) allow SCADA and other systems to use TCP/IP-based networks to communicate. Many SCADA devices were never designed to be exposed to a network, and adding them to a potentially insecure network can create significant risks. TLS or other encryption can be used on TCP packets, meaning that even serial data can be protected. Serial data can be carried via TCP packets because TCP packets don’t care about their content; it is simply another payload. Finally, TCP/IP does not have a specific throughput as designed, so issues with throughput are device-level issues.

Question 49

Ben provides networking and security services for a small chain of coffee shops. The coffee shop chain wants to provide secure, free wireless for customers. Which of the following is the best option available to Ben to allow customers to connect securely to his wireless network without needing a user account if Ben does not need to worry about protocol support issues?

A. Use WPA2 in PSK mode.
B. Use WPA3 in SAE mode.
C. Use WPA2 in Enterprise mode.
D. Use a captive portal.

Answer 49

B.

WPA3’s simultaneous authentication of equals (SAE) mode improves on WPA2’s pre-shared key (PSK) mode by allowing for secure authentication between clients and the wireless network without enterprise user accounts. If Ben needed to worry about support for WPA3, which may not be available to all systems that may want to connect, he might have to choose WPA2. A captive portal is often used with open guest networks but requires additional work to maintain, and Enterprise mode requires user accounts.

Question 50

Alicia’s company has implemented multifactor authentication using SMS messages to provide a numeric code. What is the primary security concern that Alicia may want to express about this design?

A. SMS messages are not encrypted.
B. SMS messages can be spoofed by senders.
C. SMS messages may be received by more than one phone.
D. SMS messages may be stored on the receiving phone.

Answer 50

A.

SMS messages are not encrypted, meaning that they could be sniffed and captured. While using two factors is more secure than a single factor, SMS is one of the less secure ways to implement two-factor authentication because of this. SMS messages can be spoofed, can be received by more than one phone, and are typically stored on the recipient’s phone. The primary threat here, however, is the unencrypted message itself.

Question 51

What speed and frequency range are used by 802.11ac?

A. 5 GHz only
B. 900 MHz and 2.4 GHz
C. 2.4 GHz and 5 GHz
D. 2.4 GHz only

Answer 51

A.

802.11ac operates in the 5 GHz range. The 900 MHz range has frequently been used for phones and non-Wi-Fi wireless networks as well as other amateur radio uses, and 2.4 GHz is used by 802.11n and other protocols. Knowing that multiple ranges are available and that they may behave differently based on how many access points are in use and whether other devices that may cause interference on that band are in the area can be important for wireless network deployments.

Question 52

The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4

Answer 52

B.

ARP and RARP operate at the Data Link layer, the second layer of the OSI model. Both protocols deal with physical hardware addresses, which are used above the Physical layer (layer 1) and below the Network layer (layer 3), thus falling at the Data Link layer.

Question 53

Which of the following is a converged protocol that allows storage mounts over TCP, and which is frequently used as a lower-cost alternative to Fibre Channel?

A. MPLS
B. SDN
C. VoIP
D. iSCSI

Answer 53

D.

Internet Small Computer Systems Interface (iSCSI) is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional Fibre Channel. VoIP is Voice over IP, SDN is software-defined networking, and MPLS is Multiprotocol Label Switching, a technology that uses path labels instead of network addresses.

Question 54

Chris is building an Ethernet network and knows that he needs to span a distance of more than 150 meters with his 1000BaseT network. What network technology should he use to help with this?

A. Install a repeater, a switch, or a concentrator before 100 meters.
B. Use Category 7 cable, which has better shielding for higher speeds.
C. Install a gateway to handle the distance.
D. Use STP cable to handle the longer distance at high speeds.

Answer 54

A.

A repeater, switch, or concentrator will amplify the signal, ensuring that the 100-meter distance limitation of 1000BaseT is not an issue. A gateway would be useful if network protocols were changing, while Cat7 cable is appropriate for a 10 Gbps network at much shorter distances. STP cable is limited to 155 Mbps and 100 meters, which would leave Chris with network problems.

Question 55

Selah’s organization has used a popular messaging service for a number of years. Recently, concerns have been raised about the use of messaging.

What protocol is the messaging traffic most likely to use based on the diagram?

A. SLACK
B. HTTP
C. SMTP
D. HTTPS

Answer 55

B.

The use of TCP port 80 indicates that the messaging service is using the HTTP protocol. Slack is a messaging service that runs over HTTPS, which uses port 443. SMTP is an email protocol that uses port 25.

Question 56

Selah’s organization has used a popular messaging service for a number of years. Recently, concerns have been raised about the use of messaging.

What security concern does sending internal communications from A to B raise?

A. The firewall does not protect system B.
B. System C can see the broadcast traffic from system A to B.
C. It is traveling via an unencrypted protocol.
D. Messaging does not provide nonrepudation.

Answer 56

C.

HTTP traffic is typically sent via TCP80. Unencrypted HTTP traffic can be easily captured at any point between A and B, meaning that the messaging solution chosen does not provide confidentiality for the organization’s corporate communications.

Question 57

Selah’s organization has used a popular messaging service for a number of years. Recently, concerns have been raised about the use of messaging.

How could Selah’s company best address a desire for secure messaging for users of internal systems A and C?

A. Use a third-party messaging service.
B. Implement and use a locally hosted service.
C. Use HTTPS.
D. Discontinue use of messaging and instead use email, which is more secure.

Answer 57

B.

If a business need requires messaging, using a local messaging server is the best option. This prevents traffic from traveling to a third-party server and can offer additional benefits such as logging, archiving, and control of security options like the use of encryption.

Question 58

Which of the following drawbacks is a concern when multilayer protocols are allowed?

A. A range of protocols may be used at higher layers.
B. Covert channels are allowed.
C. Filters cannot be bypassed.
D. Encryption can’t be incorporated at multiple layers.

Answer 58

B.

Multilayer protocols create three primary concerns for security practitioners: they can conceal covert channels (and thus covert channels are allowed), filters can be bypassed by traffic concealed in layered protocols, and the logical boundaries put in place by network segments can be bypassed under some circumstances. Multilayer protocols allow encryption at various layers and support a range of protocols at higher layers.

Question 59

Which of the following is not an example of a converged protocol?

A. MIME
B. FCoE
C. iSCSI
D. VoIP

Answer 59

A.

Fibre Channel over Ethernet (FCoE), Internet Small Computer Systems Interface (iSCSI), and Voice over Internet Protocol (VoIP) are all examples of converged protocols that combine specialized protocols with standard protocols like TCP/IP. Multipurpose Internet Mail Extensions (MIIME) is not a converged protocol.

Question 60

Chris uses a cellular hot spot to provide Internet access when he is traveling. If he leaves the hot spot connected to his PC while his PC is on his organization’s corporate network, what security issue might he cause?

A. Traffic may not be routed properly, exposing sensitive data.
B. His system may act as a bridge from the Internet to the local network.
C. His system may be a portal for a reflected DDoS attack.
D. Security administrators may not be able to determine his IP address if a security issue occurs.

Answer 60

B.

When a workstation or other device is connected simultaneously to both a secure network and a nonsecure network like the Internet, it may act as a bridge, bypassing the security protections located at the edge of a corporate network. It is unlikely that traffic will be routed improperly, leading to the exposure of sensitive data, as traffic headed to internal systems and networks is unlikely to be routed to the external network. Reflected DDoS attacks are used to hide identities rather than to connect through to an internal network, and security administrators of managed systems should be able to determine both the local and wireless IP addresses his system uses.

Question 61

Sarah has been asked to improve the observability of her network. Which of the following is not a common step to improve observability?

A. Aggregate and centralize data.
B. Enable alerts for critical errors.
C. Implement logging using a standardized format.
D. Avoid feedback loops.

Answer 61

D.

Observability focuses on the ability to see how an entire system, service, or environment is performing and behaving based on its external outputs. That means that telemetry data—information about what components are doing—is critical and will be gathered using logs, metrics, and real-time analysis. This means that centralizing and aggregating data, enabling alerts for critical errors, and implementing logging using standardized formats are all common practices. Feedback loops are also important, allowing administrators and others to take action when problems or issues are detected.

Question 62

What features can IPsec provide for secure communication?

A. Encryption, access control, nonrepudiation, and message authentication
B. Protocol convergence, content distribution, micro-segmentation, and network virtualization
C. Encryption, authorization, nonrepudiation, and message integrity checking
D. Micro-segmentation, network virtualization, encryption, and message authentication

Answer 62

A.

IPsec can provide encryption, access control, nonrepudiation, and message authentication using public key cryptography. It does not provide authorization, protocol convergence, content distribution, or the other items listed.

Question 63

Casey has been asked to determine if Zigbee network traffic can be secured in transit. What security mechanism does Zigbee use to protect data traffic?

A. 3DES encryption
B. AES encryption
C. ROT13 encryption
D. Blowfish encryption

Answer 63

B.

Zigbee uses AES to protect network traffic, providing integrity and confidentiality controls. It does not use 3DES, and ROT13 is a simple rotational cipher you might find in a cereal box or secret decoder ring.

Question 64

Sue modifies her MAC address to one that is allowed on a network that uses MAC filtering to provide security. What is the technique Sue used, and what nonsecurity issue could her actions cause?

A. Broadcast domain exploit, address conflict
B. Spoofing, token loss
C. Spoofing, address conflict
D. Sham EUI creation, token loss

Answer 64

C.

The process of using a fake Media Access Control (MAC) address is called spoofing, and spoofing a MAC address already in use on the network can lead to an address collision, preventing traffic from reaching one or both systems. Tokens are used in token ring networks, which are outdated, and EUI refers to an Extended Unique Identifier, another term for MAC address, but token loss is still not the issue. Broadcast domains refer to the set of machines a host can send traffic to via a broadcast message.

Question 65

Joanna wants to deploy 4G LTE as an out-of-band management solution for devices at remote sites. Which of the following security capabilities is not commonly available from 4G service providers?

A. Encryption capabilities
B. Device-based authentication
C. Dedicated towers and antennas for secure service subscribers
D. SIM-based authentication

Answer 65

C.

While security features vary from provider to provider, encryption, device-based authentication (for example, using certificates), and SIM-based authentication are all common options for 4G connectivity solutions. Joanna should work with her provider to determine what capabilities are available and assess whether they meet her needs.

Question 66

SMTP, HTTP, and SNMP all occur at what layer of the OSI model?

A. Layer 4
B. Layer 5
C. Layer 6
D. Layer 7

Answer 66

D.

Application-specific protocols are handled at layer 7, the Application layer of the OSI model.

Question 67

Mark’s organization hosts their infrastructure in a cloud IaaS environment. They operate in a private, isolated, and secure cloud that they configure. What term best describes this?

A. VLAN
B. VPC
C. SDN
D. CXL

Answer 67

B.

AVPC, or virtual private cloud, is the environment many organizations operate inside of public clouds. They provide on-demand access to configurable, shared resources operated by the cloud provider inside of their isolated boundaries. VLANs are used to logically separate networks; SDN is software-defined networking, which is typically part of how a VPC is implemented; and CXL, or Compute Express Link, is a converged protocol used to connect CPUs, GPUs, accelerators, and other components at high speeds.

Question 68

Selah wants to provide port-based authentication on her network to ensure that clients must authenticate before using the network. What technology is an appropriate solution for this requirement?

A. 802.11a
B. 802.3
C. 802.15.1
D. 802.1x

Answer 68

D.

802.1x provides port-based authentication and can be used with technologies like the Extensible Authentication Protocol (EAP). 802.11a is a wireless standard, 802.3 is the standard for Ethernet, and 802.15.1 was the original Bluetooth IEEE standard.

Question 69

Ben has deployed a 1000BaseT gigabit network and needs to run a cable across a large building. If Ben is running his link directly from a switch to another switch in that building, what is the maximum distance Ben can cover according to the 1000BaseT specification?

A. 2 kilometers
B. 500 meters
C. 185 meters
D. 100 meters

Answer 69

D.

1000BaseT is capable of a 100-meter run according to its specifications. For longer distances and exterior runs, a fiber-optic cable is typically used in modern networks.

Question 70

What security control does MAC cloning attempt to bypass for wired networks?

A. Port security
B. VLAN hopping
C. 802.1q trunking
D. Etherkiller prevention

Answer 70

A.

Port security prevents unrecognized or unpermitted systems from connecting to a network port based on their MAC address. Cloning a permitted or legitimate MAC address attempts to bypass this. VLAN hopping and 802.1q trunking attacks attempt to access other subnets by encapsulating packets so they will be unwrapped and directed to the other subnet. Etherkiller prevention is not a security setting or control.

Question 71

The company that Kathleen works for has moved to remote work for most employees and wants to ensure that the multimedia collaboration platform that they use for voice, video, and text-based collaboration is secure. Which of the following security options will provide the best user experience while providing appropriate security for communications?

A. Require software-based VPN to the corporate network for all use of the collaboration platform.
B. Require the use of SIPS and SRTP for all communications.
C. Use TLS for all traffic for the collaboration platform.
D. Deploy secure VPN endpoints to each remote location and use a point-to-point VPN for communications.

Answer 71

C.

Most modern applications support TLS throughout their communications allowing clients to securely connect to the service and to encrypt communications. VPN, either in software or hardware form, will be more complex and unwieldy. Software-based VPN would be more flexible, and hardware-based VPN would be more expensive and more complex. SIPS and SRTP are appropriate for a VoIP environment but are not generally a complete solution for a modern multimedia collaboration platform like Microsoft Teams, Zoom, or WebEx.

Question 72

Chris wants to use a low-power, personal area network (PAN) wireless protocol for a device he is designing. Which of the following wireless protocols is best suited to creating small, low-power devices that can connect to each other at relatively short distances across buildings or rooms?

A. Wi-Fi
B. Zigbee
C. NFC
D. Infrared

Answer 72

B.

Zigbee is designed for this type of low-power, Internet of Things network, and would be the best option for Chris. Some versions of Bluetooth are designed to operate in low-power mode as well, but Bluetooth isn’t in this list of answers. Wi-Fi requires more power, NFC is very short range and would not work across a building or room, and infrared requires line of sight and is rarely used for that reason

Question 73

Olga wants to provide out-of-band management for her SCADA devices, which are deployed across her organization’s large physical infrastructure in multiple distinct production facilities. Which of the following is an appropriate solution to meet her needs?

A. Administrative access via a web client installed on each system that requires Windows-based domain authentication
B. Administrative access via nonstandard ports using a secure protocol like SSH
C. Administrative access via a second, physically separate Ethernet network with access controlled via VPN and multifactor authentication
D. Administrative access via physical access to the devices when needed

Answer 73

C.

Separate, physically isolated Ethernet networks that require strong authentication are a commonly used out-of-band (OOB) option. While direct physical access is also an acceptable out-of-band option, it does not work well in a complex, production-oriented environment where devices may not be safe or easy to access. Web clients and nonstandard ports are not out-of-band options as described.

Question 74

Cameron is worried about distributed denial-of-service attacks against his company’s primary web application. Which of the following options will provide the most resilience against large-scale DDoS attacks?

A. A CDN
B. Increasing the number of servers in the web application server cluster
C. Contract for DDoS mitigation services via the company’s ISP
D. Increasing the amount of bandwidth available from one or more ISPs

Answer 74

A.

A content delivery network run by a major provider can handle large-scale DDoS attacks more easily than any of the other solutions. Using DDoS mitigation techniques via an ISP is the next most useful capability, followed by both increases in bandwidth and increases in the number of servers in the web application cluster.

Question 75

There are four common VPN protocols. Which group listed contains all of the common VPN protocols?

A. PPTP, LTP, L2TP, IPsec
B. PPP, L2TP, IPsec, VNC
C. PPTP, L2F, L2TP, IPsec
D. PPTP, L2TP, IPsec, SPAP

Answer 75

C.

PPTP, L2F, L2TP, and IPsec are the most common VPN protocols. TLS is also used for an increasingly large percentage of VPN connections and may appear at some point in the CISSP exam. PPP is a dial-up protocol, LTP is not a protocol, and SPAP is the Shiva Password Authentication Protocol sometimes used with PPTP.

Question 76

Wayne wants to deploy a secure voice communication network. Which of the following techniques should he consider? (Select all that apply.)

A. Use a dedicated VLAN for VoIP phones and devices.
B. Require the use of SIPS and SRTP.
C. Require the use of VPN for all remote VoIP devices.
D. Implement a VoIP IPS.

Answer 76

A, B.

Wayne should consider the use of a dedicated VLAN for VoIP devices to help separate them from other networked devices, and he should also require the use of SIPS and SRTP, both secure protocols that will keep his VoIP traffic encrypted. Requiring the use of VPN for all remote VoIP devices is not necessary if SIPS and SRTP are in use, and a specific IPS for VoIP is not a typical deployment in most organizations.

Question 77

What mode of switching is best suited to low-latency, high-throughput data transfer?

A. Store-and-forward switching
B. Blind switching
C. Forward switching
D. Cut-through switching

Answer 77

D.

Cut-through switching forwards packets as soon as the destination address is known without waiting for the rest of the frame to arrive. This means that packets are not checked for integrity before being forwarded, optimizing throughput and reducing latency at the expense of error checking. Store-and-forward waits for the entire frame to allow it to be checked using a cyclic redundancy check (CRC) before forwarding it. Blind and forward switching were made up for this question.

Question 78

Segmentation, sequencing, and error checking all occur at what layer of the OSI model that is associated with SSL, TLS, and UDP?

A. The Transport layer
B. The Network layer
C. The Session layer
D. The Presentation layer

Answer 78

A.

The Transport layer provides logical connections between devices, including end-to-end transport services to ensure that data is delivered. Transport layer protocols include TCP, UDP, SSL, and TLS.

Question 79

The Windows ipconfig command displays the following information:

BC-5F-F4-7B-4B-7D

What term describes this, and what information can usually be gathered from it?

A. The IP address, the network location of the system
B. The MAC address, the network interface card’s manufacturer
C. The MAC address, the media type in use
D. The IPv6 client ID, the network interface card’s manufacturer

Answer 79

B.

Machine Access Control (MAC) addresses are the hardware address the machine uses for layer 2 communications. The MAC addresses include an organizationally unique identifier (OUI), which identifies the manufacturer. MAC addresses can be changed, so this is not a guarantee of accuracy, but under normal circumstances you can tell what manufacturer made the device by using the MAC address.

Question 80

Chris wants to ensure that traffic sent via his backhaul networks provided by third-party telecom providers is secure. Which of the following options is best suited to ensuring that all traffic sent through the connection is secure?

A. Use TLS for all web services.
B. Use an on-demand, client-based VPN.
C. Use a point-to-point VPN.
D. Tunnel traffic via SSH.

Answer 80

C.

For long-term connections like backhaul networks, a point-to-point VPN that is connected at all times is the most common choice to ensure all traffic is secured. TLS and SSH are commonly used to tunnel data but require additional attention to ensure that all traffic is tunneled. On-demand VPNs are more commonly used by users than for a connection like a backhaul network link.

Question 81

Ben is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.x.x subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering?

A. 192.168.x.x is a nonroutable network and will not be carried to the Internet.
B. 192.168.1.40 is not a valid address because it is reserved by RFC 1918.
C. Double NATing is not possible using the same IP range.
D. The upstream system is unable to de-encapsulate his packets, and he needs to use PAT instead.

Answer 81

C.

Double NATing isn’t possible with the same IP range; the same IP addresses cannot appear inside and outside a NAT router. RFC 1918 addresses are reserved, but only so they are not used and routable on the Internet, and changing to PAT would not fix the issue.

Question 82

What is the default subnet mask for a Class B network?

A. 255.0.0.0
B. 255.255.0.0
C. 255.254.0.0
D. 255.255.255.0

Answer 82

B.

A Class B network holds 2^16 systems, and its default network mask is 255.255.0.0.

Question 83

Kim wants to protect her Zoom meetings from Zoom bombing. What security option should she enable?

A. Require HTTPS connections.
B. Turn on the waiting room.
C. Randomize meeting links.
D. Require a meeting passcode.

Answer 83

B.

Enabling waiting rooms allows hosts to allow only intended attendees for events and meetings. Unfortunately, passcodes are easily shared, resulting in Zoom bombing despite the security they appear to offer. Meeting links are automatically generated and randomized, preventing brute forcing, and HTTPS is enabled by default for meetings.

Question 84

Olivia wants to use a network fault management tool that can provide real-time fault detection. What capabilities are most commonly associated with this type of monitoring?

A. SNMP and ICMP-based monitoring and diagnostic data retrieval
B. Netflow and syslog-based monitoring
C. SNMP and Netflow-based monitoring
D. ICMP and syslog-based monitoring

Answer 84

A.

Real-time fault monitoring for network devices and connections often relies on SNMP and ICMP-based monitoring capabilities. Netflow and syslog are more commonly used for diagnostic and analysis tasks.

Question 85

Selah’s organization has deployed VoIP phones on the same switches that the desktop PCs are on. What security issue could this create, and what solution would help?

A. VLAN hopping; use physically separate switches.
B. VLAN hopping; use encryption.
C. Caller ID spoofing; MAC filtering.
D. Denial-of-service attacks; use a firewall between networks.

Answer 85

A.

VLAN hopping between the voice and computer VLANs can be accomplished when devices share the same switch infrastructure. Using physically separate switches can prevent this attack. Encryption won’t help with VLAN hopping because it relies on header data that the switch needs to read (and this is unencrypted), while Caller ID spoofing is an inherent problem with VoIP systems. A denial of service is always a possibility, but it isn’t specifically a VoIP issue, and a firewall may not stop the problem if it’s on a port that must be allowed through.

Question 86

Susan is designing her organization’s new network infrastructure for a branch office.

Susan wants to use a set of nonroutable IP addresses for the location’s internal network addresses. Using your knowledge of secure network design principles and IP networking, which of the following IP ranges are usable for that purpose? (Select all that apply.)

A. 172.16.0.0/12
B. 192.168.0.0/16
C. 128.192.0.0/24
D. 10.0.0.0/8

Answer 86

A, B, D.

RFC 1918 defines three address ranges as private (nonroutable) IP address ranges: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Any of these would work, but many organizations use the 192.168.0.0/16 range for smaller sites or opt to carve out sections of the 10.0.0.0/8 range for multiple remote sites.

Question 87

Susan is designing her organization’s new network infrastructure for a branch office.

Susan knows that she will need to implement a Wi-Fi network for her customers and wants to gather information about the customers, such as their email address, without having to provide them with a wireless network password or key. What type of solution would provide this combination of features?

A. NAC
B. A captive portal
C. Pre-shared keys
D. WPA3’s SAE mode

Answer 87

B.

A captive portal is a popular solution that you may be familiar with from hotels and coffee shops. They combine the ability to gather data from customers with an open network, so customer data will not be encrypted. This avoids the need to distribute network passwords but means that customers must ensure their own traffic is encrypted if they are worried about security.

Question 88

Susan is designing her organization’s new network infrastructure for a branch office.

With her wireless network set up, Susan moves on to ensuring that her network will remain operational even if disruptions occur. What is the simplest way she can ensure that her network devices, including her router, access points, and network switches, stay on if a brownout or other temporary power issue occurs?

A. Purchase and install a generator with an automatic start.
B. Deploy dual power supplies for all network devices.
C. Install UPS systems to cover all network devices that must remain online.
D. Contract with multiple different power companies for redundant power.

Answer 88

C.

A UPS system, or uninterruptible power supply, is designed to provide backup power during brief power disruptions ranging from power sags and brownouts to temporary power failures. For a longer outage, Susan will still want a generator or even a secondary power feed from another power grid or provider if possible, but for this specific scenario, a UPS will meet her needs. Dual power supplies help when the concern is losing power from one power supply and would be a great idea for her most critical network devices, but it is rare to have dual power supplies for edge devices like access points or edge switches.

Question 89

Susan is designing her organization’s new network infrastructure for a branch office.

Susan wants to provide 100 gigabit network connections to devices in the facility where the new branch will operate. What connectivity options does she have for structured wiring that can meet those speeds? (Select all that apply.)

A. Cat5e
B. Fiber
C. Cat6
D. Coaxial cable

Answer 89

B.

Fiber-optic cable is best suited to running 100 gigabit speeds. Cat5e, Cat6, and coaxial cable are not rated to those speeds.

Question 90

Data streams occur at what three layers of the OSI model?

A. Application, Presentation, and Session
B. Presentation, Session, and Transport
C. Physical, Data Link, and Network
D. Data Link, Network, and Transport

Answer 90

A.

Data streams are associated with the Application, Presentation, and Session layers. Once they reach the Transport layer, they become segments (TCP) or datagrams (UDP). From there, they are converted to packets at the Network layer, frames at the Data Link layer, and bits at the Physical layer.

Question 91

Lucca wants to protect endpoints that are in production use but that are no longer supported and cannot be patched from network attacks. What should he do to best protect these devices?

A. Install a firewall on the device.
B. Disable all services and open ports on the devices.
C. Place a hardware network security device in front of the devices.
D. Unplug the devices from the network because they cannot be properly secured.

Answer 91

C.

If the devices still need to be in production but cannot be patched, Lucca’s best option is to use a separate security device to protect them. It may be tempting to simply install a firewall on the device or to disable all the services it exposes to the network, but some devices may not have firewall software available, and even if they do, the underlying operating system may have vulnerabilities in its implementation of its network stack or other software that even a firewall could not protect. Unplugging devices that are needed for protection does not resolve the need to keep them online.

Question 92

Selah’s networking team has been asked to identify a technology that will allow them to separate the routing process for the network from the packet switching process while increasing centralization?

A. A network that follows the 5-4-3 rule
B. A converged network
C. A software-defined network
D. A hypervisor-based network

Answer 92

C.

Software-defined networking provides a network architecture that can be defined and configured as code or software and separates routing processes from packet switching while centralizing control. The 5-4-3 rule is an old design rule for networks that relied on repeaters or hubs. A converged network carries multiple types of traffic like voice, video, and data. A hypervisor-based network may be software defined, but it could also use traditional network devices running as virtual machines.

Question 93

Jason knows that protocols using the OSI model rely on encapsulation as data moves from layer to layer. What is added at each layer as data flows up the OSI layers such as from layer 3 to 4 and layer 4 to 5?

A. Information is added to the header.
B. Information is added to the main body of the data.
C. The data is encrypted with a new secret key.
D. A security envelope that provides perfect forward secrecy.

Answer 93

A.

Encapsulation adds to the header (and sometimes to the footer) of the data provided by the previous layer. The main body of the data is not modified, and encryption may happen but does not always happen.

Question 94

During a troubleshooting process, the support technician that Alyssa is talking to states that the problem is a layer 3 problem. Which of the following possible issues is not a layer 3 problem?

A. A TTL mismatch
B. An MTU mismatch
C. An incorrect ACL
D. A broken network cable

Answer 94

D.

A broken network cable is a layer 1 problem. If you encounter a problem like this and aren’t sure, look for the answer that has a different situation or set of assumptions. Here you have three questions that occur at the network (layer 3), all of which have software or protocol implications. A broken network cable is a completely different type of issue and should stand out. Be careful, though! The exam is likely to give you two potentially valid answers to choose from, so work to get rid of the two least likely answers and spend your time on the remaining options.

Question 95

During a review of her organization’s network, Angela discovered that it was suffering from broadcast storms and that contractors, guests, and organizational administrative staff were on the same network segment. What design change should Angela recommend?

A. Require encryption for all users.
B. Install a firewall at the network border.
C. Enable spanning tree loop detection.
D. Segment the network based on functional requirements.

Answer 95

D.

Network segmentation can reduce issues with performance as well as diminish the chance of broadcast storms by limiting the number of systems in a segment. This decreases broadcast traffic visible to each system and can reduce congestion. Segmentation can also help provide security by separating functional groups that don’t need to be able to access each other’s systems. Installing a firewall at the border would only help with inbound and outbound traffic, not cross-network traffic. Spanning tree loop prevention helps prevent loops in Ethernet networks (for example, when you plug a switch into a switch via two ports on each), but it won’t solve broadcast storms that aren’t caused by a loop or security issues. Encryption might help prevent some problems between functional groups, but it won’t stop them from scanning other systems, and it definitely won’t stop a broadcast storm!

Question 96

Lisa wants to explain the difference between network throughput and bandwidth to her team. Which of the following best describes the difference between the two terms?

A. Bandwidth describes the number of parallel data channels available to a network, and throughput describes how many can be used at once.
B. Bandwidth is the maximum amount of data that can be sent via a channel or connection, and throughput is the actual amount of data that is sent via the channel or connection in a given period of time.
C. Bandwidth and throughput are the same and can be used interchangeably.
D. Bandwidth is a measure of the amount of data sent over a given period of time, and throughput is the maximum amount of data that could be sent via the channel.

Answer 96

B.

Bandwidth describes the maximum amount of data that can be sent via a connection or network in a given period of time, and throughput describes the actual amount of traffic that is sent via the network or connection in a given period of time. The terms are not interchangeable but are closely related.