Exam Practice - Set B

Question 1

A network administrator is using a packet analyzer to determine an issue on the local LAN. Two separate computers are showing an error message on the screen and are unable to communicate with other computers in the same lab. The network administrator looks at the following output:

SRC MAC SRC IP DST MAC DST IP

00: 1D:1F:AB:10:7D192.168.1.10:200015:BE:9F:AB:10:1D192.168.1.14:1200
05: DD:1F:AB:10:27192.168.1.10:100022:C7:2F:AB:10:A2192.168.1.15:1300

Given that all the computers in the lab are directly connected to the same switch, and are not using any virtualization technology, at which of the following layers of the OSI model is the problem occurring?

A. Network

B. Application

C. Data link

D. Transport

Answer 1

A

If we look at the Source Mac column, we can see two different MAC addresses. Every network interface card has a unique MAC address. These are the network cards in the two separate computers.
If we look in the Source IP column, we can see that the two network cards have been assigned the same IP address (192.168.1.10). This is the problem in this question. The error message on the screens will be saying that “An IP conflict exists”. Every network card connected to the network needs to be configured with a different IP address.
As the problem is with the IP address configuration of the two computers, we know that the problem is occurring at the Network layer (layer 3) of the OSI model. The network layer is responsible for Internet Protocol (IP) addressing and routing.

Question 2

A technician wants to implement a network for testing remote devices before allowing them to connect to the corporate network. Which of the following could the technician implement?

A. High availability

B. MAN network

C. Quarantine

D. Honeynet

Answer 2

C

Question 3

A network technician is replacing security devices that protect the DMZ for a client. The client has an application that allows external users to access the application remotely. After replacing the devices, the external users are unable to connect remotely to the application. Which of the following is MOST likely misconfigured?

A. Content filter

B. Firewall

C. DNS

D. DHCP

Answer 3

B

Question 4

A network technician is creating a new subnet for 488 host machines. The technician is told to use a class B address scheme when making the subnet and is instructed to leave as much room as possible for additional subnets of the same size. Which of the following subnets would fulfill these requirements?

A. 10.5.4.0/22

B. 10.233.2.0/23

C. 172.16.0.0/22

D. 172.18.0.0/23

E. 192.168.25.0/24

Answer 4

D

Question 5

Peter, and administrator, is setting up three more switches in the test lab and is configuring the switches. He is verifying the connectivity but when he pings one of the switches he receives “Destination Unreachable”. Which of the following issues could this be?

A. Denial of service attack

B. Misconfigured DNS settings

C. Misconfigured Split Horizon

D. RADIUS authentication errors

Answer 5

C

Question 6

A network administrator recently installed a web proxy server at a customer’s site. The following week, a system administrator replaced the DNS server overnight. The next day, customers began having issues accessing public websites. Which of the following will resolve the issue?

A. Update the DNS server with the proxy server information.

B. Implement a split horizon DNS server.

C. Reboot the web proxy and then reboot the DNS server.

D. Put the proxy server on the other side of the demarc.

Answer 6

A

Proxy servers act as an intermediary for requests from clients seeking resources from other servers. If the DNS server is not communicating with the proxy server, these requests are not forwarded. Therefore, updating the DNS server with the proxy server information will solve the problem.

Question 7

A company wants to create highly available datacenters. Which of the following will allow the company to continue to maintain an Internet presence at all sites in the event that a WAN circuit at one site goes down?

A. Load balancer

B. VRRP

C. OSPF

D. BGP

Answer 7

D

A collection of networks that fall within the same administrative domain is called an autonomous system (AS). In this question, each datacenter will be an autonomous system.
The routers within an AS use an interior gateway protocol, such as the Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF) protocol, to exchange routing information among themselves. At the edges of an AS are routers that communicate with the other AS’s on the Internet, using an exterior gateway protocol such as the Border Gateway Protocol (BGP).
If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available.

Question 8

After a server outage, a technician discovers that a physically damaged fiber cable appears to be the problem. After replacing the cable, the server will still not connect to the network. Upon inspecting the cable at the server end, the technician discovers light can be seen through one of the two fiber strands. Which of the following should the technician do FIRST to reconnect the server to the network?

A. Reverse the fiber strands of the cable and reconnect them to the server

B. Use a TDR to test both strands of a new replacement cable prior to connecting it to the server

C. Replace the server’s single-mode fiber cable with multimode fiber

D. Move the fiber cable to different port on the switch where both strands function

Answer 8

A

Question 9

A company is installing several APs for a new wireless system that requires users to authenticate to the domain. The network technician would like to authenticate to a central point. Which of the following would work BEST to achieve these results?

A. A TACACS+ device and a RADIUS server

B. A TACACS and a proxy server

C. A RADIUS server and an access point

D. A RADIUS server and a network controller

Answer 9

C

Question 10

A new threat is hiding traffic by sending TLS-encrypted traffic outbound over random ports. Which of the following technologies would be able to detect and block this traffic?

A. Intrusion detection system

B. Application aware firewall

C. Stateful packet inspection

D. Stateless packet inspection

Answer 10

C

Question 11

A network administrator wants to deploy a wireless network in a location that has too much RF interference at 2.4 GHz. Which of the following standards requires the use of 5 GHz band wireless transmissions? (Select TWO)

A. 802.11a

B. 802.11ac

C. 802.11b

D. 802.11g

E. 802.11n

Answer 11

AB

Question 12

A technician is trying to determine the IP address of a customer’s router. The customer has an IP address of 192.168.1.55/24. Which of the following is the address of the customer’s router?

A. 192.168.0.55

B. 192.168.1.0

C. 192.168.1.1

D. 192.168.5.5

E. 255.255.255.0

Answer 12

C

Question 13

As part of a transition from a static to a dynamic routing protocol on an organization’s internal network, the routing protocol must support IPv4 and VLSM. Based on those requirements, which of the following should the network administrator use? (Choose two.)

A. OSPF

B. IS-IS

C. RIPv1

D. BGP

E. VRRP

Answer 13

AB

Question 14

An administrator needs to set up a space in the office where co-workers can relax. The administrator sets up several TV’s with interconnected gaming systems in the office. Which of the following did the administrator set up?

A. CAN

B. MAN

C. WAN

D. LAN

Answer 14

A

Question 15

A company has changed ISPs for their office and ordered a new 250 Mbps symmetrical Internet connection. As a result, they have been given a new IP range. The ISP has assigned the company 10.10.150.16 /28. The company gateway router has the following interface configuration facing the ISP:

Interface A:
IP address: 10.10.150.16
Subnet mask: 255.255.255.240
Default gateway: 10.10.150.32
Speed: 1000 Mbps Duplex: Auto
State: No Shutdown

None of the workstations at the company are able to access the Internet. Which of the following are the reasons? (Select TWO).

A. There is a duplex mismatch between the router and ISP.

B. The router interface is turned off.

C. The interface is set to the incorrect speed.

D. The router is configured with the incorrect subnet mask.

E. The router interface is configured with the incorrect IP address.

F. The default gateway is configured incorrectly.

Answer 15

EF

According to the IP Address Range Calculator, for the given subnet mask and the IP range address range assigned by the ISP, the first host address should be 10.10.150.17 and the broadcast address should be 10.10.150.31. Therefore, the router interface is configured with the incorrect IP address and the default gateway is configured incorrectly.

Question 16

In the past, a company has experienced several network breaches as a result of end-user actions. To help mitigate future breaches, which of the following documents should the security team ensure are up-to-date and enforced for all employees? (Select TWO)

A. Memorandum of understanding

B. Data classification document

C. Service level agreement

D. Interconnection security agreement

E. Consent to monitor

F. Acceptable use policy

Answer 16

AF

Question 17

Which of the following connection types is used to terminate DS3 connections in a telecommunications facility?

A. 66 block

B. BNC

C. F-connector

D. RJ-11c

Answer 17

B

A DS3 (Digital Signal 3) is also known as a T3 line with a maximum bandwidth of 44.736 Mbit/s. DS3 uses 75 ohm coaxial cable and BNC connectors.

Question 18

Which of the following is considered a classless routing protocol?

A. IGRP

B. IS-IS

C. RIPv1

D. STP

Answer 18

B

Question 19

A network technician needs to protect IP based servers in the network DMZ from being discovered by an intruder utilizing a ping sweep. Which of the following should the technician do to protect the network from ping sweeps?

A. Block echo replies inbound to the DMZ

B. Disable UDP on the servers

C. Block ICMP at the firewall

D. Disable TCP/IP on the server

Answer 19

C

Question 20

A network administrator wants to ensure sensitive data is not exfiltrated from the system electronically. Which of the following should be implemented?

A. DLP

B. AUP

C. NDA

D. SLA

Answer 20

A

Question 21

Which of the following is a UC application?

A. Softphone

B. Intranet

C. Proxy

D. Facsimile

Answer 21

A

Question 22

Which of the following allows a telecommunication company to test circuits to customers remotely?

A. VLAN

B. Toner Probe

C. RDP

D. Smart Jack

E. VPN

Answer 22

D

Question 23

A network administrator is noticing slow responds times from the server to hosts on the network. After adding several new hosts, the administrator realizes that CSMA/CD results in network slowness due to congestion at the server NIC. Which of the following should the network administrator do to correct the issue?

A. Add a honeypot to reduce traffic to the server

B. Update the Ethernet drivers to use 802.3

C. Add additional network cards to the server

D. Disable CSMA/CD on the network

Answer 23

C

Question 24

A telecommunications provider has just deployed a new OC-12 circuit at a customer site. While the circuit showed no errors from the provider end to the customer’s demarcation point, a network administrator is trying to determine the cause of dropped packets and errors on the circuit. Which of the following should the network administrator do to rule out any problems at Layer 1? (Choose two.)

A. Use a loopback at the demark and router, and check for a link light

B. Use an OTDR to validate the cable integrity

C. Use a pinout tester to validate the cable integrity

D. Use a multimeter to validate the cable integrity

E. Check for any devices that may be causing EMI on the cable

F. Clean the cables to be sure they are free of dust and debris

Answer 24

AB

Question 25

A network administrator is tasked with building a wireless network in a new adjacent building. Wireless clients should not have visibility to one another but should have visibility to the wired users. Users must seamlessly migrate between the two buildings while maintaining a connection to the LAN. Which of the following is the BEST way to configure the new wireless network in the new building? A. Use the same SSIDs on different channels and AP isolation B. Use different SSIDs on different channels and VLANs C. Use different SSIDs on the same channels with VLANs D. Use the same SSIDs on same channels with AP isolation

Answer 25

A

Question 26

An office user cannot access local network drives but has full access to the Internet. A technician troubleshoots the issue and observes the following output of the ipconfig command: [picture missing] Which of the following would MOST likely allow the network drives to be accessed?

Answer 26

B

Question 27

OFDM, QAM and QPSK are all examples of which of the following wireless technologies? A. Frequency B. Modulation C. RF interference D. Spectrum

Answer 27

B

Question 28

Which of the following requires the network administrator to schedule a maintenance window? A. When a company-wide email notification must be sent. B. A minor release upgrade of a production router. C. When the network administrator’s laptop must be rebooted. D. A major release upgrade of a core switch in a test lab.

Answer 28

B During an update of a production router the router would not be able to route packages and the network traffic would be affected. It would be necessary to announce a maintenance window. In information technology and systems management, a maintenance window is a period of time designated in advance by the technical staff, during which preventive maintenance that could cause disruption of service may be performed.

Question 29

A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password has been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all networking devices, which of the following should the technician perform to prevent the password for the administrator account from being sniffed on the network? A. Use SNMPv1 for all configurations involving the router B. Ensure the password is 10 characters, containing letter and numbers C. Copy all configurations to routers using TFTP for security D. Only allow administrators to access routers using port 22

Answer 29

D

Question 30

A user connects to a wireless network at the office and is able to access unfamiliar SMB shares and printers. Which of the following has happened to the user? A. The user is connected using the wrong channel. B. The user is connected to the wrong SSID. C. The user is experiencing an EMI issue. D. The user is connected to the wrong RADIUS server.

Answer 30

B The user is connecting to an SSID assigned to a different subnet. Therefore, the user has access to SMB shares and printers that are not recognizable.

Question 31

After a company rolls out software updates, Jane, a lab researcher, is no longer able to use lab equipment connected to her PC. The technician contacts the vendor and determines there is an incompatibility with the latest IO drivers. Which of the following should the technician perform so that Jane can get back to work as quickly as possible? A. Reformat and install the compatible drivers. B. Reset Jane’s equipment configuration from a backup. C. Downgrade the PC to a working patch level. D. Restore Jane’s PC to the last known good configuration. E. Roll back the drivers to the previous version.

Answer 31

E By rolling back the drivers Jane would be able to use her lab equipment again. To roll back a driver in Windows means to return the driver to the version that was last installed for the device. Rolling back a driver is an easy way to return a driver to a working version when a driver update fails to fix a problem or maybe even causes a new problem. Think of rolling back a driver as a quick and easy way to uninstall the latest driver and then reinstall the previous one, all automatically.

Question 32

Which of the following wireless connection types utilize MIMO on non-overlapping channels? (Choose two.) A. 802.11a B. 802.11ac C. 802.11b D. 802.11g E. 802.11n

Answer 32

BE

Question 33

Which of the following MUST be implemented to share metrics between routing protocols within the same router? A. Routing loop B. Routing table C. Route redistribution D. Dynamic routes

Answer 33

B

Question 34

A NAC service has discovered a virus on a client laptop. In which of the following locations would the NAC service place the laptop? A. On the DMZ network B. On the sandbox network C. On the honeypot D. On the quarantine network

Answer 34

D

Question 35

A technician is dispatched to investigate sporadic network outages. After looking at the event logs of the network equipment, the technician finds that all of the equipment is restarting at the same time every day. Which of the following can the technician deploy to correct this issue? A. Grounding bar B. Rack monitoring C. UPS D. Air flow management E. Surge protector

Answer 35

C

Question 36

A network technician needs to connect two switches. The technician needs a link between them which is capable of handling 10gb. Which of the following media would be optimal for this application? A. CAT5e cable B. Coax cable C. Fiber Optic cable D. CAT6 cable

Answer 36

C

Question 37

Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the cause of this issue? A. WPA2 security key B. SSL certificates C. CSMA/CA D. RADIUS

Answer 37

D

Question 38

A host has been assigned the address 169.254.0.1. This is an example of which of the following address types? A. APIPA B. MAC C. Static D. Public

Answer 38

A ``` APIPA stands for Automatic Private IP Addressing and is a feature of Windows operating systems. When a client computer is configured to use automatic addressing (DHCP), APIPA assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the client when a DHCP server is unavailable. When a client computer configured to use DHCP boots up, it first looks for a DHCP server to provide the client with IP address and subnet mask. If the client is unable to contact a DHCP server, it uses APIPA to automatically configure itself with an IP address from a range that has been reserved especially for Microsoft. The client also configures itself with a default class B subnet mask of 255.255.0.0. The client will use the self-configured IP address until a DHCP server becomes available. ```

Question 39

Which of the following applies to data as it travels from Layer 1 to Layer 7 of the OSI model? A. Tagging B. Encapsulation C. Tunneling D. De-encapsulation

Answer 39

D

Question 40

An organization is moving to a new datacenter. During the move, several technicians raise concerns about a system that could potentially remove oxygen from the server room and result in suffocation. Which of the following systems are they MOST likely discussing? A. Fire suppression B. Mantraps at the entry C. HVAC D. UPS and battery backups

Answer 40

A Fire suppression systems are often deployed in server rooms to prevent a fire destroying all the I.T. equipment. Different fire suppression systems work in different ways. Obviously a fire suppression system that sprays water onto the fire is no good for a server room as the water would do as much damage as the fire. A common fire suppression system used in server rooms is one that suppresses the fire by starving it of oxygen. One way the oxygen can be removed from the server room is to fill the server room with an inert gas such as carbon dioxide.

Question 41

QoS operates at which of the following OSI model layers? (Select TWO) A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 5 E. Layer 7

Answer 41

BC

Question 42

When troubleshooting a network problem, browsing through the log of a switch, it is discovered that multiple frames contain errors. In which of the following layers does the problem reside? (Select TWO). A. Layer 2 B. Layer 3 C. Layer 5 D. Transport layer E. Data link F. Physical layer

Answer 42

AE Layer 2 of the OSI reference model is the data-link layer. Components of the data-link layer include frame-format, Media Access Control (MAC) addressing, protocol identification and error detection. When data is being sent, it is split into protocol data units (PDUs) as it passes through the layers of the OSI model. The PDUs have different names as they are passed through the layers of the OSI model. In layer 2, the PDU is called a ‘Frame’. The most common protocol specified in the data-link layer is Ethernet and the most common network component in the data-link layer is a network switch. In this question, problems are discovered with Ethernet frames by examining the logs in a network switch. Therefore, for this question, we are working in Layer 2, the data-link layer.

Question 43

Which of the following should be used to ensure a specific device always receives the same IP address? A. IP helper B. Reservation C. Address lease D. DHCP scope E. DHCP relay

Answer 43

B

Question 44

Which of the following refers to a network that spans several buildings that are within walking distance of each other? A. CAN B. WAN C. PAN D. MAN

Answer 44

A CAN stands for Campus Area Network or Corporate Area Network. Universities or colleges often implement CANs to link the buildings in a network. The range of CAN is 1KM to 5KM. If multiple buildings have the same domain and they are connected with a network, then it will be considered as a CAN

Question 45

A technician is troubleshooting a wired device on the network. The technician notices that the link light on the NIC does not illuminate. After testing the device on a different RJ-45 port, the device connects successfully. Which of the following is causing this issue? A. EMI B. RFI C. Cross-talk D. Bad wiring

Answer 45

B The question states that the device worked on a different port. This indicates that the wiring is faulty.

Question 46

A technician would like to track the improvement of the network infrastructure after upgrades. Which of the following should the technician implement to have an accurate comparison? A. Regression test B. Speed test C. Baseline D. Statement of work

Answer 46

C In networking, baseline can refer to the standard level of performance of a certain device or to the normal operating capacity for your whole network. High-quality documentation should include a baseline for network performance, because you and your client need to know what “normal” looks like in order to detect problems before they develop into disasters. A network baseline delimits the amount of available bandwidth available and when. For networks and networked devices, baselines include information about four key components: Processor Memory Hard-disk (or other storage) subsystem Network adapter or subsystem

Question 47

While implementing wireless access points into the network, one building is having connectivity issues due to light fixtures being replaced in the ceiling, while all other buildings’ connectivity is performing as expected. Which of the following should be exchanged on the access points installed in the building with connectivity issues? A. UTP patch cables B. Antenna C. Power adapter D. Security standard

Answer 47

B

Question 48

A network technician is attempting to connect a new host to existing manufacturing equipment on an Ethernet network. The technician is having issues trying to establish communication between the old equipment and the new host. The technician checks the cabling for breaks and finds that the CAT3 cable in use is in perfect condition. Which of the following should the technician check to ensure the new host will connect? A. Confirm the new host is using 10GBaseSR due to the manufacturing environment B. Confirm the new host is compatible with 10BaseT Ethernet C. Confirm the existing 10Base2 equipment is using the proper frame type D. Confirm that CSMA/CD is disabled on the Ethernet network

Answer 48

B The question states that the equipment is old and that CAT3 cabling is being used. 10BaseT Ethernet networks are old and slow by today’s standards. 10BaseT Ethernet networks use CAT3 UTP cabling and offer a maximum bandwidth of just 10Mpbs. A new host computer nowadays will have a network card that supports 1000Mpbs to be used with CAT5, CAT5e or CAT6 network cables in a 1000BaseT network. In this question, we need to check that the network card on the new host computer is backward-compatible with the old 10BaseT network.

Question 49

A technician, Peter, has been tasked with assigning two IP addresses to WAN interfaces on connected routers. In order to conserve address space, which of the following subnet masks should Peter use for this subnet? A. /24 B. /32 C. /28 D. /29 E. /30

Answer 49

E An IPv4 address consists of 32 bits. The first x number of bits in the address is the network address and the remaining bits are used for the host addresses. The subnet mask defines how many bits form the network address and from that, we can calculate how many bits are used for the host addresses. In this question, the /30 subnet mask dictates that the first 30 bits of the IP address are used for network addressing and the remaining 2 bits are used for host addressing. The formula to calculate the number of hosts in a subnet is 2n – 2. The “n” in the host’s formula represents the number of bits used for host addressing. If we apply the formula (22 – 2), a /30 subnet mask will provide 2 IP addresses.

Question 50

Which of the following describes an IPv6 address of ::1? A. Broadcast B. Loopback C. Classless D. Multicast

Answer 50

B The loopback address is a special IP address that is designated for the software loopback interface of a computer. The loopback interface has no hardware associated with it, and it is not physically connected to a network. The loopback address causes any messages sent to it to be returned to the sending system. The loopback address allows client software to communicate with server software on the same computer. Users specify the loopback address which will point back to the computer’s TCP/IP network configuration. In IPv4, the loopback address is 127.0.0.1. In IPv6, the loopback address is 0:0:0:0:0:0:0:1, which can be shortened to ::1

Question 51

Which of the following is a security benefit gained from setting up a guest wireless network? A. Optimized device bandwidth B. Isolated corporate resources C. Smaller ACL changes D. Reduced password resets

Answer 51

B A wireless guest network could be set up so that it has limited access (no access to local resources) but does provide Internet access for guest users. The corporate resources would be inaccessible (isolated) from the guest network.

Question 52

An administrator reassigns a laptop to a different user in the company. Upon delivering the laptop to the new user, the administrator documents the new location, the user of the device and when the device was reassigned. Which of the following BEST describes these actions? A. Network map B. Asset management C. Change management D. Baselines

Answer 52

B Documenting the location, the user of the device and the date of the reassignment would be part of the asset management. The best way to keep track of your computers and their configurations is to document them yourself. Large enterprise networks typically assign their own identification numbers to their computers and other hardware purchases as part of an asset management process that controls the entire life cycle of each device, from recognition of a need to retirement or disposal.

Question 53

A technician is configuring a managed switch and needs to enable 802.3af. Which of the following should the technician enable? A. PoE B. Port bonding C. VLAN D. Trunking

Answer 53

A Power over Ethernet (PoE) is defined by the IEEE 802.3af and 802.3at standards. PoE allows an Ethernet switch to provide power to an attached device (for example, a wireless access point, security camera, or IP phone) by applying power to the same wires in a UTP cable that are used to transmit and receive data.

Question 54

Which of the following is used to classify network data for the purpose of providing QoS? A. STP B. VLANs C. SIP D. DSCP

Answer 54

D

Question 55

The Chief Information Officer (CIO) wants to improve the security of the company’s data. Which of the following is a management control that should be implemented to ensure employees are using encryption to transmit sensitive information? A. Policies B. VPN C. HTTPS D. Standards

Answer 55

A

Question 56

An outside organization has completed a penetration test for a company. One of the items on the report is reflecting the ability to read SSL traffic from the web server. Which of the following is the MOST likely mitigation for this reported item? A. Ensure patches are deployed B. Install an IDS on the network C. Configure the firewall to block traffic on port 443 D. Implement a VPN for employees

Answer 56

A As vulnerabilities are discovered, the vendors of the operating systems or applications often respond by releasing a patch. A patch is designed to correct a known bug or fix a known vulnerability, such as in this case to be able to read SSL traffic, in a piece of software. A patch differs from an update, which, in addition to fixing a known bug or vulnerability, adds one or more features to the software being updated.

Question 57

Which of the following should current network performance be compared against to determine network anomalies? A. Baseline B. Traffic analysis C. Packet capture D. Logs

Answer 57

A

Question 58

An organization is involved in a civil court action and needs to ensure email messages are retained. Which of the following describes the requirement to archive and retain email traffic and other correspondence? A. Chain of custody B. Legal hold C. Divide and conquer D. Persistent agents

Answer 58

B

Question 59

A network technician must allow use of HTTP from the internet to an internal resource running HTTP. This is an example of which of the following? A. Dynamic DNS B. Virtual Private networking (VPN) C. Dynamic NAT D. Port Forwarding

Answer 59

D

Question 60

A network technician has just configured NAC for connections using Cat 6 cables. However, none of the Windows clients can connect to the network. Which of the following components should the technician check on the Windows workstations? (Choose two.) A. Start the Wired AutoConfig service in the Services console B. Enable IEEE 802.1q Authentication in Network Interface Card Properties C. Enable IEEE 802.1x Authentication in Network Interface Card Properties D. Start the Wireless AutoConfig service in the Services console E. Enable IEEE 802.3 Ethernet IPv6 in Network Interface Card Properties

Answer 60

AC

Question 61

The backups server connects to a NAS device using block-level storage over Ethernet. The performance is very slow, however, and the network technician suspects the performance issues are network related. Which of the following should the technician do to improve performance? A. Utilize UDP to eliminate packet overhead B. Turn off MDIX settings on the NAS and server switchports C. Enable jumbo frames on the NAS and server D. Encapsulate the storage traffic in a GRE tunnel

Answer 61

C

Question 62

Based on networks 10.8.16.0/22 and 10.8.31.0/21, which of the following is the BEST summarized CIDR notation? A. 10.8.0.0/16 B. 10.8.0.0/19 C. 10.8.0.0/20 D. 10.0.0.0/24

Answer 62

A

Question 63

A network engineer needs to set up a topology that will not fail if there is an outage on a single piece of the topology. However, the computers need to wait to talk on the network to avoid congestions. Which of the following topologies would the engineer implement? A. Star B. Bus C. Ring D. Mesh

Answer 63

C Token Ring networks are quite rare today. Token Ring networks use the ring topology. Despite being called a Ring topology, the ring is logical and the physical network structure often forms a ‘star’ topology with all computers on the network connecting to a central multistation access unit (MAU). The MAU implements the logical ring by transmitting signals to each node in turn and waiting for the node to send them back before it transmits to the next node. Therefore, although the cables are physically connected in a star, the data path takes the form of a ring. If any computer or network cable fails in a token ring network, the remainder of the network remains functional. The MAU has the intelligence to isolate the failed segment. To ensure that the computers need to wait to talk on the network to avoid congestions, a Token Ring network uses a ‘token’. The token continually passes around the network until a computer needs to send data. The computer then takes the token and transmits the data before releasing the token. Only a computer in possession of the token can transmit data onto the network.

Question 64

An engineer is reviewing the implementation requirements for an upcoming project. The basic requirements identified by the customer include the following: – WLAN architecture supporting speeds in excess of 150 Mbps – Clientless remote network access – Port-based network access control. Which of the following solution sets properly addresses all of the identified requirements? A. 802.11a, IPSec VPN, 802.1x B. 802.11ac, MPLS, 802.3 C. 802.11b, PPTP, 802.1x D. 802.11g, MS-CHAP, 802.16 E. 802.11n, SSL-VPN, 802.1x

Answer 64

E

Question 65

Users are reporting their network is extremely slow. The technician discovers pings to external host have excessive response times. However, internal pings to printers and other PCs have acceptable response times. Which of the following steps should the technician take NEXT? A. Determine if any network equipment was replaced recently B. Verify malware has not disabled the users’ PC firewalls C. Replace users’ network cables with known-good network cables D. Power cycle the web server

Answer 65

A

Question 66

Which of the following will negotiate standoff timers to allow multiple devices to communicate on congested network segments? A. CSMA/CD B. OSPF C. DOCSIS D. BGP

Answer 66

A Carrier Sense Multiple Access/Collision Detect (CSMA/CD) is used by devices in an Ethernet network for transmitting data on the network. Any device on an Ethernet network can send data at any time. The network devices sense when the line is idle and therefore available for the transmission of data. The network device then transmits a data frame onto the network. If another device sends a frame at exactly the same time, a collision occurs and the frames are discarded. The network devices will then wait for a random period of time before attempting to send the frame again.

Question 67

A network security technician observes multiple attempts to scan network hosts and devices. All the attempts originate from a single host on the network. Which of the following threats is MOST likely involved? A. Smurf attack B. Rogue AP C. Compromised system D. Unintentional DoS

Answer 67

C

Question 68

A company wants to make sure that users are required to authenticate prior to being allowed on the network. Which of the following is the BEST way to accomplish this? A. 802.1x B. 802.1p C. Single sign-on D. Kerberos

Answer 68

A For security purposes, some switches require users to authenticate themselves (that is, provide credentials, such as a username and password, to prove who they are) before gaining access to the rest of the network. A standards-based method of enforcing user authentication is IEEE 802.1X.

Question 69

A system administrator has been tasked to ensure that the software team is not affecting the production software when developing enhancements. The software that is being updated is on a very short SDLC and enhancements must be developed rapidly. These enhancements must be approved before being deployed. Which of the following will mitigate production outages before the enhancements are deployed? A. Implement an environment to test the enhancements. B. Implement ACLs that only allow management access to the enhancements. C. Deploy an IPS on the production network D. Move the software team’s workstations to the DMZ.

Answer 69

A Environments are controlled areas where systems developers can build, distribute, install, configure, test, and execute systems that move through the Software Development Life Cycle (SDLC). The enhancements can be deployed and tested in a test environment before they are installed in the production environment.

Question 70

After repairing a computer infected with malware, a technician determines that the web browser fails to go to the proper address for some sites. Which of the following should be checked? A. Server host file B. Subnet mask C. Local hosts file D. Duplex settings

Answer 70

C The local hosts file is a text file that contains hostname-to-IP address mappings. By default, host to IP address mappings that are configured in the Hosts file supersede the information in DNS. If there is an entry for a domain name in the Hosts file, then the server will not attempt to query DNS servers for that name. Instead, the IP address that is configured in the Hosts file will be used. If the IP address corresponding to a name changes and the Hosts file is not updated, you may be unable to connect to the host.

Question 71

A network technician is utilizing a network protocol analyzer to troubleshoot issues that a user has been experiencing when uploading work to the internal FTP server. Which of the following default port numbers should the technician set the analyzer to highlight when creating a report? (Select TWO). A. 20 B. 21 C. 22 D. 23 E. 67 F. 68

Answer 71

AB FTP (File Transfer Protocol) is used for transferring files between an FTP client and an FTP server. FTP uses TCP Ports 20 and 21.

Question 72

A network technician was tasked to respond to a compromised workstation. The technician documented the scene, took the machine offline, and left the PC under a cubicle overnight. Which of the following steps of incident handling has been incorrectly performed? A. Document the scene B. Forensics report C. Evidence collection D. Chain of custody

Answer 72

D To verify the integrity of data since a security incident occurred, you need to be able to show a chain of custody. A chain of custody documents who has been in possession of the data (evidence) since a security breach occurred. A well-prepared organization will have process and procedures that are used when an incident occurs. A plan should include first responders securing the area and then escalating to senior management and authorities when required by policy or law. The chain of custody also includes documentation of the scene, collection of evidence, and maintenance, e-discovery (which is the electronic aspect of identifying, collecting, and producing electronically stored information), transportation of data, forensics reporting, and a process to preserve all forms of evidence and data when litigation is expected. The preservation of the evidence, data, and details is referred to as legal hold.

Question 73

A building is equipped with light sensors that turn off the fluorescent lights when natural light is above a certain brightness. Users report experiencing network connection issues only during certain hours. The west side of the building experiences connectivity issues in the morning hours and the east side near the end of the day. At night the connectivity issues affect the entire building. Which of the following could be the cause of the connectivity issues? A. Light sensors are interfering with the network B. EMI from the lights is interfering with the network cables C. Network wiring is run perpendicular to electrical conduit D. Temperature changes are causing attenuation in copper cabling

Answer 73

C

Question 74

Which of the following is the number of broadcast domain that are created when using an unmanaged 12-port switch? A. 0 B. 1 C. 2 D. 6 E. 12

Answer 74

B

Question 75

A network technician is diligent about maintaining all system servers’ at the most current service pack level available. After performing upgrades, users experience issues with server-based applications. Which of the following should be used to prevent issues in the future? A. Configure an automated patching server B. Virtualize the servers and take daily snapshots C. Configure a honeypot for application testing D. Configure a test lab for updates

Answer 75

D To prevent the service pack issues make sure, before going ahead and applying a new Service Pack in your production environment, to validate them in a test/lab environment first.

Question 76

A network technician is using a network monitoring system and notices that every device on a particular segment has lost connectivity. Which of the following should the network technician do NEXT? A. Establish a theory of probable cause. B. Document actions and findings. C. Determine next steps to solve the problem. D. Determine if anything has changed.

Answer 76

D The technician has already identified the symptom: Loss of connectivity on a specific network segment. The next step in identifying the problem is to “Determine if anything has changed”. Common troubleshooting steps and procedures: 1. Identify the problem. Information gathering. Identify symptoms. Question users. Determine if anything has changed. 2. Establish a theory of probable cause. Question the obvious. 3. Test the theory to determine cause: When the theory is confirmed, determine the next steps to resolve the problem. If theory is not confirmed, re-establish a new theory or escalate. 4. Establish a plan of action to resolve the problem and identify potential effects. 5. Implement the solution or escalate as necessary. 6. Verify full system functionality and if applicable implement preventive measures. 7. Document findings, actions, and outcomes.

Question 77

A desktop computer is connected to the network and receives an APIPA address but is unable to reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet are able to reach the Internet. Which of the following is MOST likely the source of the problem? A. 802.1q is not configured on the switch port B. APIPA has been misconfigured on the VLAN C. Bad SFP in the PC’s 10/100 NIC D. OS updates have not been installed

Answer 77

A APIPA addresses are self-configured and are used when the client is unable to get proper IP configuration from a DHCP server. One possible source of this problem is that switch port, to which the computer is connected, is misconfigured. The 802.1q protocol is used to configure VLAN trunking on switch ports.

Question 78

Which of the following would be the result of a user physically unplugging a VoIP phone and connecting it into another interface with switch port security enabled as the default setting? A. The VoIP phone would request a new phone number from the unified communications server. B. The VoIP phone would cause the switch interface, that the user plugged into, to shutdown. C. The VoIP phone would be able to receive incoming calls but will not be able to make outgoing calls. D. The VoIP phone would request a different configuration from the unified communications server.

Answer 78

B Without configuring any other specific parameters, the switchport security feature will only permit one MAC address to be learned per switchport (dynamically) and use the shutdown violation mode; this means that if a second MAC address is seen on the switchport the port will be shutdown and put into the err-disabled state.

Question 79

A technician is configuring a computer lab at a school. The computers need to be able to communicate with each other, but students using the computers should not be able to access the internet. Which of the following rules on the firewall should the technician configure for the lab computers? A. Block all LAN to LAN traffic B. Block all LAN to WAN traffic C. Block all WAN to LAN traffic D. Block all WLAN to WAN traffic

Answer 79

C

Question 80

Which of the following cloud infrastructure designs includes on premise servers utilizing a centralized syslog server that is hosted at a third party organization for review? A. Hybrid B. Public C. Community D. Private

Answer 80

A

Question 81

The network administrator is configuring a switch port for a file server with a dual NIC. The file server needs to be configured for redundancy and both ports on the NIC need to be combined for maximum throughput. Which of the following features on the switch should the network administrator use? A. BPDU B. LACP C. Spanning tree D. Load balancing

Answer 81

B

Question 82

A company has implemented the capability to send all log files to a central location by utilizing an encrypted channel. The log files are sent to this location in order to be reviewed. A recent exploit has caused the company’s encryption to become unsecure. Which of the following would be required to resolve the exploit? A. Utilize a FTP service B. Install recommended updates C. Send all log files through SMTP D. Configure the firewall to block port 22

Answer 82

B If the encryption is unsecure then we must look for encryption software updates or patches. If they are available we must install them. As vulnerabilities are discovered, the vendors of the operating systems or applications often respond by releasing a patch. A patch is designed to correct a known bug or fix a known vulnerability in a piece of software. A patch differs from an update, which, in addition to fixing a known bug or vulnerability, adds one or more features to the software being updated.

Question 83

Exploiting a weakness in a user’s wireless headset to compromise the mobile device is known as which of the following? A. Multiplexing B. Zero-day attack C. Smurfing D. Bluejacking

Answer 83

D

Question 84

A technician who is working with a junior member of the team is called away for another issue. The junior technician orders an SC 80/125 fiber cable instead of an ST 80/125. Which of the following will MOST likely be an issue with the new cable? A. Wavelength mismatch B. Distance limitations C. Connector mismatch D. Attenuation/Db loss:

Answer 84

C

Question 85

A network technician has just installed a TFTP server on the administrative segment of the network to store router and switch configurations. After a transfer attempt to the server is made, the process errors out. Which of the following is a cause of the error? A. Only FTP can be used to copy configurations from switches B. Anonymous users were not used to log into the TFTP server C. An incorrect password was used and the account is now locked D. Port 69 is blocked on a router between the network segments

Answer 85

D The question states that the TFTP server is installed on the “administrative segment of the network”. This implies that the network has multiple segments (subnets) and TFTP server is on a different network segment to other computers. For a computer on one subnet to connect to a computer on a different subnet, a router is required to route traffic between the two subnets. Routers often include firewalls so they can be configured to allow specific traffic to be routed between the subnets and block unwanted traffic. TFTP uses UDP port 69. The most likely cause of the connection timeout error in the question is that the firewall has not been configured to allow traffic using UDP port 69.

Question 86

A network technician is performing a tracert command to troubleshoot a website-related issue. The following output is received for each hop in the tracert: 1 * * * Request timed out. 2 * * * Request timed out. 3 * * * Request timed out. The technician would like to see the results of the tracert command. Which of the following will allow the technician to perform tracert on external sites but not allow outsiders to discover information from inside the network? A. Enable split horizon to allow internal tracert commands to pass through the firewall B. Enable IGMP messages out and block IGMP messages into the network C. Configure the firewall to allow echo reply in and echo request out of the network D. Install a backdoor to access the router to allow tracert messages to pass through

Answer 86

C Tracert makes use of ICMP echo packets to trace the route between two hosts. For the command to be successful, the firewall has to allow incoming echo replies and outgoing echo requests.

Question 87

The process of attempting to exploit a weakness in a network after being given permission by the company is known as: A. penetration testing B. vulnerability scanning C. reconnaissance D. social engineering

Answer 87

A

Question 88

Which of the following can be issued from the command line to find the layer 3 hops to a remote destination? A. traceroute B. nslookup C. ping D. netstat

Answer 88

A

Question 89

A network technician is considering opening ports on the firewall for an upcoming VoIP PBX implementation. Which of the following protocols is the technician MOST likely to consider? (Choose three.) A. SIP B. NTP C. H.323 D. SMB E. ICMP F. RTP G. IPSec H. RDP

Answer 89

ACF

Question 90

Which of the following would be the MOST efficient subnet mask for a point-to-point link? A. /28 B. /29 C. /31 D. /32

Answer 90

C

Question 91

A company has a network with three switches, each one with eight ports. The switch is connected to a router that has a hub with four computers plugged into one of its interfaces. How many broadcast domains are present in this company’s network A. 1 B. 2 C. 5 D. 16 E. 28

Answer 91

B

Question 92

An attacker has connected to an unused VoIP phone port to gain unauthorized access to a network. This is an example of which of the following attacks? A. Smurf attack B. VLAN hopping C. Bluesnarfing D. Spear phishing

Answer 92

B The VoIP phone port can be used to attack a VLAN on the local network. VLAN hopping is a computer security exploit, a method of attacking networked resources on a Virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible.

Question 93

A technician is troubleshooting a newly installed WAP that is sporadically dropping connections to devices on the network. Which of the following should the technician check FIRST? A. WAP placement B. Encryption type C. Bandwidth saturation D. WAP SSID

Answer 93

A

Question 94

A technician is tasked with connecting a router to a DWDM. The technician connects the router to the multiplexer and confirms that there is a good signal level. However, the interface on the router will not come up. Which of the following is the MOST likely cause? A. The wrong wavelength was demuxed from the multiplexer. B. The SFP in the multiplexer is malfunctioning. C. There is a dirty connector on the fiber optic cable. D. The fiber optic cable is bent in the management tray.

Answer 94

A A multiplexer (or mux) is a device that selects one of several analog or digital input signals and forwards the selected input into a single line. A demultiplexer (or demux) is a device taking a single input signal and selecting one of many data-output-lines, which is connected to the single input. Since the signal going in is good, the problem must be with the signal output. If the correct wavelength was demultiplexed, the interface will be displayed on the router.

Question 95

A technician needs to install software onto company laptops to protect local running services, from external threats. Which of the following should the technician install and configure on the laptops if the threat is network based? A. A cloud-based antivirus system with a heuristic and signature based engine B. A network based firewall which blocks all inbound communication C. A host-based firewall which allows all outbound communication D. A HIDS to inspect both inbound and outbound network communication

Answer 95

C A host-based firewall is a computer running firewall software that can protect the computer itself. For example, it can prevent incoming connections to the computer and allow outbound communication only

Question 96

An office network consists of one two-port router connected to a 12-port switch. A four-port hub is also connected to the switch. On this particular network, which of the following is the number of collision domain that exist? A. 3 B. 12 C. 13 D. 14 E. 15

Answer 96

D

Question 97

A technician is setting up a new network and wants to create redundant paths through the network. Which of the following should be implemented to prevent performance degradation? A. Port mirroring B. Spanning tree C. ARP inspection D. VLAN

Answer 97

B The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.

Question 98

While troubleshooting a network outage, a technician finds a 100-meter fiber cable with a small service loop and suspects it might be the cause of the outage. Which of the following is MOST likely the issue? A. Maximum cable length exceeded B. Dirty connectors C. RF interference caused by impedance mismatch D. Bend radius exceeded

Answer 98

D The excessive bending of fiber-optic cables can increase microbending and macrobending losses. Microbending causes light attenuation induced by deformation of the fiber, while macrobending causes the leakage of light through the fiber cladding and this is more likely to happen where the fiber is excessively bent.

Question 99

A network technician has detected duplicate IP addresses on the network. After testing the behavior of rogue DHCP servers, the technician believes that the issue is related to an unauthorized home router. Which of the following should the technician do NEXT in the troubleshooting methodology? A. Document the findings and action taken. B. Establish a plan to locate the rogue DHCP server. C. Remove the rogue DHCP server from the network. D. Identify the root cause of the problem.

Answer 99

B By testing the behavior of rogue DHCP servers and determining that the issue is related to an unauthorized home router, the technician has completed the third step in the 7-step troubleshooting process. The next step is to establish a plan of action to resolve the problem and identify potential effects. Establishing a plan to locate the rogue DHCP server meets the requirements of this step. 1. Identify the problem. Information gathering. Identify symptoms. Question users. Determine if anything has changed. 2. Establish a theory of probable cause. Question the obvious. 3. Test the theory to determine cause: When the theory is confirmed, determine the next steps to resolve the problem. If theory is not confirmed, re-establish a new theory or escalate. 4. Establish a plan of action to resolve the problem and identify potential effects. 5. Implement the solution or escalate as necessary. 6. Verify full system functionality and if applicable implement preventive measures. 7. Document findings, actions, and outcomes.

Question 100

A technician is setting up a computer lab. Computers on the same subnet need to communicate with each other using peer to peer communication. Which of the following would the technician MOST likely configure? A. Hardware firewall B. Proxy server C. Software firewall D. GRE tunneling

Answer 100

C A host-based firewall is a computer running firewall software that can protect the computer itself. A software firewall would be the most cost effective in a lab scenario.