final - 30 cards a day

Question 1

Identify which of the following designations can be associated with a member who coordinates the resources necessary to solve a problem and also ensures that the security policy is followed and that everyone within the organization is aware of the situation?

Answer 1

Manager

Question 2

Suppose you notice a sudden decrease in network performance and suspect malware is hogging network resources. Which of the following commands will you use to display the PID (process identifier) associated with your network connection?

Answer 2

netstat -o

Question 3

Which type of a recovery plan accounts for the worst-case scenarios and provides contingency plans for restoring or replacing computer systems, power, telephone systems, and paper-based files?

Answer 3

A Disaster Recovery Plan

is a part of the BCP (business continuity plan) that details the processes for restoring critical functionality and data to a network after an outage.

Question 4

You are a network administrator at Yosaka & Associates, a private law firm. The employees have been facing various types of data errors and other transmission problems, leading to decreased productivity. You need to find an appropriate technique that will help identify locations of network bottlenecks. Which of the following techniques would you choose in such a scenario?

Answer 4

Traffic Analysis

the examination of network traffic for patterns and exceptions to those patterns.

Question 5

Donald is a schoolteacher living in Atlanta. While conducting online classes, he experienced a momentary decrease in voltage. His computer shut down and when he switched it back on, he realized that he had lost some data. He called his friend Chadwick who is a network analyst to check out what the issue was. Chadwick found that there was a power flaw caused by an overtaxed electrical system. Such voltage decreases can cause computers or applications to fail and potentially corrupt data. What kind of power flaw caused this issue in Donald’s house?

Answer 5

Brownout

temporary dimming of lights

Question 6

One of the employees in your organization is suspected of hacking into the network. You as a network administrator want to check the user’s activity for the last week. Which of the following will you use in such a scenario?

Answer 6

Audit Log

is a collection of data in logs that is consistent and thorough enough to retroactively prove compliance and also to defensibly prove user actions.

Question 7

Which bandwidth management technique adjusts the way network devices respond to indications of network performance issues caused by traffic congestion throughout a network?

Answer 7

Congestion Control

manages the entrance of traffic onto the network, other methods allow for more nuanced control after what happens to the traffic once it’s on the network. (Qos)

Question 8

A network connection is congested as a result of which there are multiple network fluctuations and latency issues. You as a network administrator plan on solving this issue by using a network device to send signals to the sender or receiver of the data packets that the network is congested. Which of the following will you use in this scenario?

Answer 8

Explicit Signaling

the closed-loop response to existing congestion. (Backward/Forward)

Question 9

Which of the following is used to create flow records that show relationships among various traffic types?

Answer 9

NetFlow

is a proprietary traffic monitoring protocol from Cisco that tracks all IP traffic crossing any interface where NetFlow is enabled.

Question 10

Which KPI (key performance indicator) indicates delayed network communications while devices wait for responses or resend transmissions?

Answer 10

Packet Drops

packets that are damaged beyond use, arrive after their expiration, or are not allowed through an interface are dropped.

Question 11

Jilead Inc. is a software development company that is preparing an incident response plan to prepare for possible events such as a break-in, fire, weather-related emergency, hacking attack, discovery of illegal content or activity on an employee’s computer, malware outbreak, or a full-scale environmental disaster that shuts down businesses throughout the city or state. The response plan has identified the members of the response team and the responsibilities have been assigned and clearly spelled out to each team member. Stanley Hudson has been entrusted with the responsibility of being the person on call who first notices or is alerted to the problem. He has to create a record for the incident, detailing the time it began, its symptoms, and any other pertinent information about the situation. He must remain available at all times to answer calls from clients or employees. What is the role that Stanley has been assigned?

Answer 11

Dispatcher

Question 12

Which of the following steps of an incident response plan involves the process of repairing affected systems and putting them back in operation to ensure the smooth running of operations?

Answer 12

Recovery

Question 13

Francine, a new network administrator at an online thrift store, is required to use an application that monitors traffic on the interface between a single device and the network. The application must be able to see the traffic the switch sends to it, which includes broadcast traffic and traffic specifically addressed to the one computer. Which of the following methods should Francine use to monitor the network traffic?

Answer 13

Protocol Analyzer

Question 14

You are working with an ISP, and you have to impose a maximum cap limit to each client so that your company can predict and purchase accordingly from the network provider. Which of the following terms will you associate with this process?

Answer 14

Traffic Policing

is a traffic-shaping technique in which the volume or rate of traffic traversing an interface is limited to a predefined maximum.

Question 15

You are a network analyst who has been tasked with managing the volume of network traffic across an organization in order to prevent network congestion. On analyzing the current network, you notice that one of the primary reasons for congestion is that the switches used in the network keep resending data packets that have been lost in the transmission far too quickly. Which of the following do you think should be implemented to solve this issue?

Answer 15

Retransmission Policy

Question 16

A fraudulent financial deal has just taken place in the company where you are working as a network administrator. The data of the company will be collected in such a way that it can be presented in a court of law for the purpose of prosecution. Some of the forensic data available for analysis may be damaged or destroyed if improperly handled. You have been assigned the duty to safeguard sensitive information, logged data, and other legal evidence until the first responder or incident response team can take over the collection of evidence. To prevent contamination of evidence, you have made sure that each device involved is isolated-that is, the device is disconnected from the network and secured to ensure that no one else has contact with it until the response team arrives. What is the next step that you will take in the event of such an illegal activity?

Answer 16

Document The Scene.

creating a defensible audit trail is one of the highest priorities in the forensics process. An audit trail is a system of documentation that makes it possible for a third party to inspect evidence later and understand the flow of events. A defensible audit trail is an audit trail that can be justified and defended in a court of law according to specific standards

Question 17

Which network monitoring method can be used to ensure that all traffic sent to any port on a switch is also sent to a device connected to the mirrored port?

Answer 17

Port Mirroring

Question 18

Goldwin Enterprises has hired you as a network administrator to monitor the network and to ensure that the network functions reliably. To monitor the entire network, you will require a device that will display sensor data on your configurable dashboard. Which of the following software will you request from the management?

Answer 18

Room Alert Monitor by AVTECH

Question 19

You have been assigned the role of a network administrator, and your first task requires you to measure the throughput between network hosts. Which of the following tools will you use in this scenario?

Answer 19

iPerf

is a command-line based tool.

Question 20

Which of the following backs up only the data that has changed since the last backup?

Answer 20

Incremental Backups

Question 21

Which of the following is not a technique used in a closed-loop response to an existing congestion?

Answer 21

Admission Policy

closed-loop responses include:

-Implicit Signaling

-Explicit Signaling

-Choke Packet

-Backpressure

Question 22

Which of the following steps of an incident response plan includes the act of limiting the damage by the team, where affected systems or areas are isolated, and response staff are called in as required by the situation?

Answer 22

Containment

Question 23

You are the network administrator in Jolene Consultancy Pvt. Ltd., a small consultancy in Missouri. You have been assigned the task of monitoring network traffic in the systems. You must ensure that many devices can be configured to report their traffic and other statistics to a network monitor. Which of the following would you use in this scenario?

Answer 23

Reporting

Question 24

A system of documentation that makes it possible for a third party to inspect evidence later and understand the flow of events is called _____.

Answer 24

An Audit Trail

Question 25

BNB Group of Institutions has been facing a lot of issues with its network ever since it decided to adopt online classes as a medium to impart education. The IT department analyzes the issue and is of the opinion that the problems are related to the high amount of traffic due to students trying to log in from various locations; as a result, the network devices are overloaded. The IT department has requested your help as a network administrator. Which of the following bandwidth management techniques will you suggest in this scenario?

Answer 25

Flow Control

is a bandwidth management technique configured on interfaces to balance permitted traffic volume with a device’s capability of handling that traffic.

Question 26

Trevor is working as a network engineer at Spring Oaks High School. The school’s management has been facing some issues while handling network traffic. Trevor wants to check the bandwidth as he assumes that the issues faced by the management are related to bandwidth errors. Which of the following technologies should Trevor use to ensure some traffic gets priority over other traffic so the most important traffic gets through even during times of congestion?

Answer 26

QoS

Question 27

The 3-2-1-1 Rule defines backup principles to follow to reliably recover lost data under a wide variety of adverse conditions. What does the “2” in the second part of the principle denote?

Answer 27

Save Backups on at least Two Different Media Types.

3-2-1-1 is a collection of backup principles that requires at least three complete copies of the data, backups saved on at least two media types, with at least one copy stored offsite, and at least one copy stored offline.

Question 28

You have recently been appointed as a network analyst at Hayle Communications. Your first assignment requires you to limit the traffic between a single receiver and a single sender. Which of the following bandwidth management techniques will you use in this scenario?

Answer 28

Flow Control

is a bandwidth management technique configured on interfaces to balance permitted traffic volume with a device’s capability of handling that traffic.

Question 29

You are working as a network engineer at IBV Solutions. The network administrator tells you to prepare a report of all the bad NICs that have been retransmitted, leading to a bad network. Which of the following will you use to state this in your report?

Answer 29

Jabbers

network performance baselines are obtained by analyzing network traffic information and might include information on the utilization rate for your network backbone, number of users logged on per day or per hour, number of protocols that run on your network, statistics about errors (such as runts, jabbers, or giants), frequency with which networked applications are used, or information regarding which users take up the most bandwidth.

Question 30

You have been hired as a systems analyst by an online food delivering service. Your job requires you to keep the network congestion free during peak hours and to ensure that important traffic can survive the congestion while less sensitive frames are discarded. Which of the following techniques will you use in such a scenario?

Answer 30

Discarding Policy

is an Open-Loop technique

Question 31

Which of the following power flaws is also called a sag?

Answer 31

Brownout

Question 32

Which of the following monitors network traffic and might receive data from monitored devices that are configured to report their statistics?

Answer 32

Network Monitor

Question 33

Agar is a network analyst at BMV, a mobile network. He efficiently manages the network’s QoS (Quality of Service) configurations for adjusting the priority a network assigns to various types of transmissions. He ensures timely delivery of the most important traffic while optimizing performance for all users. The management at BMV wants to conduct a pilot test for a new product, and they have requested Agar to limit the momentary throughput rate for an interface. Analyze which of the following Agar should use in this scenario.

Answer 33

Traffic Policing

is a traffic-shaping technique in which the volume or rate of traffic traversing an interface is limited to a predefined maximum.

Question 34

Which of the following policies should be adopted to help reduce increasing congestion caused by devices attempting to resend lost packets too quickly or too often?

Answer 34

Retransmission Policy

is an Open-Looped technique.

Retransmission timers help reduce increasing congestion caused by devices attempting to resend lost packets too quickly or too often.

Question 35

James, a network engineer, has been contracted by a company to monitor network performance. In order to know and analyze any problem in a network, James will need to understand how the network functions in a normal state. Analyze which of the following will be of use to James in this scenario.

Answer 35

Checking the Network’s Performance Baseline

baseline is a record of how a network or resource operates under normal conditions.

Question 36

What is an Ethernet packet that is smaller than 64 bytes called?

Answer 36

Runt

Question 37

An organization determined that there was an increase in network latency, and it approached you, a network administrator, to solve the issue. You decide that the extra demand on the network device’s CPU and memory should be lessened to solve this issue. You also plan on getting a comprehensive view of the network traffic and sample traffic as well. Which of the following will you use in this scenario?

Answer 37

SNMP (Simple Network Message Protocol)

Trap is a type of unsolicited SNMP message sent from an agent to the NMS (network management system) once specified conditions on the managed device are met.

Question 38

You are hired as a network administrator to monitor an organization’s network status on an ongoing basis and to make changes to best meet the needs of your network’s users. One feedback that you have received from the network engineer of the firm is that one of the modems is repeatedly power cycling to reset network activity. Which of the following KPIs will help you in getting a better understanding of the situation?

Answer 38

Interface Statistics

Question 39

Which power device prevents momentary increase in voltage due to lightning strikes, solar flares, or electrical problems?

Answer 39

Surge Protector

is a power management device that redirects excess voltage away from connected computing or networking devices to the ground, thereby protecting connected devices from harm.

Question 40

HomeLand is an organization that rescues abandoned dogs. They set up a hotline for the general public to report any street dog that they spot anywhere in the city or any dog that they feel needs to be rescued. Within 12 hours of the hotline being activated, the network starts experiencing congestion, messages are corrupted or dropped, and connected devices start resending frames to make up for the loss. These kinds of problems are overwhelming the network as a whole. This generates even more traffic, making the congestion even worse. Analyze which of the following policies HomeLand should adopt to detect congestion on the network after experiencing several missed acknowledgment messages.

Answer 40

Implicit Signaling

is a Closed-Loop respose.

Question 41

As a network analyst, you want the ACL (access control list) to forward the ICMP (Internet Control Message Protocol) traffic from host machine 2.2.2.2 to host machine 5.5.5.5. Which of the following commands will you use in this scenario?

Answer 41

access-list acl_2 permit tcp host 2.2.2.2 host 5.5.5.5

Question 42

Which of the following refers to a division of labor that ensures no one person can singlehandedly compromise the security of data, finances, or other resources?

Answer 42

SoD (Separation of Duties)

Question 43

You as a network administrator want to have a check on the ARP (address resolution protocol) vulnerabilities in your organization so that you can prevent a switch against possible ARP spoofing attacks and MAC flooding. Which of the following will you use in this scenario?

Answer 43

DAI (Dynamic ARP Inspection)

is a configuration on a switch that compares incoming messages with the switch’s DHCP snooping binding table to determine whether the message’s source IP address is appropriately matched with its source MAC address according to DHCP assignments on the network. DAI helps protect against ARP spoofing attacks.

Question 44

Which of the following stands in-line between the attacker and the targeted network or host where it can prevent traffic from reaching that network or host?

Answer 44

IPS (Intrusion Prevention System)

is a stand-alone device, an application, or a built-in feature running on a workstation, server, switch, router, or firewall that stands in-line between an attacker and the targeted network or host and can prevent traffic from reaching that network or host.

*Pic: Placement of IPS devices and software on a network.

Question 45

Johnathan is the network engineer of an organization that restricts the use of certain webpages. As he does not have any pending work, he decides to take a break and watch a movie online until a task is assigned to him. Analyze which of the following actions is best suited for him in this situation so that the IP address of the organization is not compromised.

Answer 45

Use proxy servers to mask Internet activities

Proxy Server is a server acting as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.

*Pic: A proxy server is used to connect to the nternet.

Question 46

You are a network engineer at BHMS Ltd. The network administrator wants you to set up a security configuration for the router so that the router can accept or decline certain packets depending on their information. Which of the following will you use in such a scenario?

Answer 46

ACL (Access Control List)

is a list of statements used by a router or other device to permit or deny the forwarding of traffic on a network based on one or more criteria.

Question 47

MNT Enterprises has hired you as a network administrator to help the organization design a more comprehensive traffic analysis and protection tool to protect the entire network from hackers trying to flood the network with traffic. Which of the following will you use in this situation?

Answer 47

NIPS (network-based intrusion prevention system)

is a type of intrusion prevention that protects an entire network and is situated at the edge of the network or in a network’s screened subnet.

Question 48

An IDS (intrusion detection system) has been installed in your organization as a stand-alone device to monitor network traffic and to generate alerts about suspicious activities. You as a network analyst have been assigned to check the effectiveness of the device. You notice that the effectiveness of the IDS has significantly come down since its installation because it has not been updated. Which of the following processes will you use in updating the IDS?

Answer 48

Signature Management

is the process of regularly updating the signatures used to monitor a network’s traffic.

Question 49

Hilary is an employee of Munich Securities. The HR manager has received a complaint from one of her fellow employees about her misusing her account. You as a network administrator want to conduct a user configuration check to ensure that there are no vulnerabilities to the network configuration. Which of the elements of the AAAA acronym will you use to apply this security measure?

Answer 49

Auditing

Question 50

Which authorization method grants access to a user when the user’s classification and category match those of a resource?

Answer 50

MAC (mandatory access control)

is a method of access control where resources are organized into hierarchical classifications, such as “confidential” or “top secret,” and grouped into categories, perhaps by department. Users, then, are also classified and categorized. If a user’s classification and category match those of a resource, then the user is given access.

Question 51

The HR manager of Veep Communications notices a lot of employees waste valuable time surfing social media websites. The HR manager requests you (a network administrator) to prevent the employees’ access to these websites. Which of the following firewalls will you use in this scenario?

Answer 51

Application Layer Firewall

is a firewall that can block designated types of traffic based on application data contained within packets.

Question 52

As a network administrator, you are already aware of the possible option of using a default trust relationship between a network device and another by a hacker to access an entire network. Which of the following security measures will you use to prevent a possible DoS attack that can be induced by sending high volumes of router advertisement messages?

Answer 52

RA Guard

A feature that can be configured on switches to filter RA messages according to interface, MAC or IP address, router priority, or other factors.

Question 53

Which of the following is a device or an application that stores or generates information known only to its authorized user?

Answer 53

Security Token

is a device or piece of software used for authentication that stores or generates information, such as a series of numbers or letters, known only to its authorized user.

Question 54

Which of the following will you use to monitor and analyze data stored in logs?

Answer 54

SIEM (Security Information and Event Management)

is software that can be configured to evaluate data logs from IDS, IPS, firewalls, and proxy servers to detect significant events that require the attention of IT staff according to predefined rules.

Question 55

In which of the following do the bits work opposite of how bits in a subnet work?

Answer 55

Wildcard Mask

statements can also specify network segments (groups of IP addresses) by using a network address for the segment and a wildcard mask. The bits in a wildcard mask work opposite of how bits in a subnet mask work. The 0s in the wildcard mask say to match the IP address bits to the network address given, and the 1s say you don’t care what the value of those bits are. For example, a wildcard mask of 0.0.0.255

Question 56

Darwin has purchased a laptop for the purpose of running his stock brokerage activities from home. He has contracted Navin, a network engineer, to install a software specifically for his workstation so that the software can protect the network from certain traffic. Analyze which of the following firewalls is best applicable in this scenario.

Answer 56

A Host-Based Firewall

is a firewall that only protects the computer on which it’s installed.

Question 57

Yugen is a network administrator who is in the process of configuring CoPP (control plane policing) on a router. In this scenario, ICMP (Internet Network Control Protocol) traffic is permitted with no limits from one trusted device. All other ICMP traffic is limited and, when exceeding that limit, is dropped. Analyze which of the following commands Yugen should use to create a class map named limit-icmp that will classify traffic according to defined criteria such as an ACL.

Answer 57

class-map limit-icmp

Question 58

Which of the following technologies selectively filters or blocks traffic between networks?

Answer 58

Firewall

Question 59

You as a network administrator want a switch to determine if the message’s source IP address is appropriately matched with its source MAC address according to DHCP assignments on the network. Which of the following switch security configurations will you use alongside DAI on a network switch in this scenario?

Answer 59

DHCP Snooping

is a security feature on switches whereby DHCP messages on the network are checked and filtered.

Question 60

Which of the following will act as a filter to instruct the router to permit or deny traffic from travelling through the network?

Answer 60

ACL (Access Control List)

is a list of statements used by a router or other device to permit or deny the forwarding of traffic on a network based on one or more criteria.

Question 61

You as a network administrator plan on using an NIDS (network-based intrusion detection system) to protect your network. You plan on doing this by monitoring the traffic that will be carried by a switch. Which of the following will you use in such a scenario?

Answer 61

SPAN (Switched Port Analyser)

a.k.a Port Mirroring

which is a monitoring technique in which one port on a switch is configured to send a copy of all the switch’s traffic to the device connected to the port. It captures some of traffic crossing a switch, but TAP can capture all traffic between two devices.

Question 62

A special kind of DoS (denial of service) attack has attacked an AAA server with authentication requests that must all be processed and responded to. The network administrator has analyzed the situation and requested you, a network engineer, to use a command by which you can reclaim compromised resources in case of a similar attack in the future. Which of the following commands will you use in this scenario?

Answer 62

floodguard

by default, a floodguard feature might be configured on the AAA server to reclaim compromised resources. Floodguard settings can be changed with the floodguard command.

Question 63

Which of the following firewalls manages each incoming packet as a stand-alone entity without regard to currently active connections?

Answer 63

Stateless Firewall

Question 64

Bruno is a network engineer who is tasked with adding a separate layer of protection to the control plane of a router. He wants messages with a bps (bits per second) rate below the threshold 7000 to be transmitted and the messages with a threshold above 7000 to be dropped. Analyze which of the following commands Bruno should use in pmap configuration mode in this scenario.

Answer 64

police 8000 conform-action transmit exceed-action drop

Question 65

Fred works as the network administrator at Globecomm Communications. The HR team at Globecomm has come up with a new working policy for the employees. This policy allows the employees to freely work at any time of the day as long as they submit the work within 24 hours. Keeping this policy in view, Fred has to work on strengthening the security of the network by adding additional authentication restrictions. Analyze which of the following Fred should do in this scenario.

Answer 65

Restrict some user accounts to a specific number of hours of logged-on time

Question 66

As a network administrator, Murphy wants to add additional layers of security to prevent hackers from penetrating the network. In order to achieve this, he plans on adding additional authentication restrictions that might strengthen network security. Analyze which of the following he should do in this context.

Answer 66

Set a limit on consecutive login attempts

Question 67

Identify and analyze whether the implicit deny rule be applied to the following statements or not.

Answer 67

When the incoming packet is denied in the third test by the ACL

Question 68

You are employed as a network administrator of Vincent Motors. An unreleased blueprint of a new car model of Vincent Motors has term-38been leaked on the Internet. You assume that an intruder must have succeeded in gaining access to your network in order to copy the blueprint. Which of the following access control techniques will you use so that such an activity can be detected in the future?

Answer 68

Accounting

in the context of network security, the process of logging users’ access and activities on a network.

Question 69

Which authorization method allows a network administrator to receive from a user’s supervisor a detailed description of the roles or jobs the user performs for the organization?

Answer 69

RBAC (Role-Based Access Control)

Question 70

Which of the following can capture all traffic traversing a network connection?

Answer 70

TAP (Test Access Point)

Question 71

You as a network engineer have finished setting up local security policies for your Windows 10 operating system. Which of the following commands will you use to implement your changes in this scenario?

Answer 71

gpudate

Question 72

You are the network engineer for Muhan Mobile Services. The network administrator has asked you to separate the authentication, auditing, and authorization process. Which of the following tools will you use in such a scenario?

Answer 72

TACACS+ (Terminal Access Control System Access Control System Plus)

is a Cisco proprietary protocol that provides AAA services.

Question 73

Michelle has been inducted into an organization as a trainee. Which of the following firewall software should she use to protect only the computer on which it is installed?

Answer 73

Host-Based Firewall

Question 74

You have been working as a network engineer with an organization. You have decided to implement information access control to limit the users and devices that can get to your data and other network resources. For this purpose, you plan on using a username and password as a measure of security to grant any user access to your organization’s resources. Which of the elements of the AAAA acronym will you use to apply this security measure?

Answer 74

Authentication

Question 75

Identify which of the following terms defines the process of verifying a user’s credentials.

Answer 75

Authentication

Question 76

The IT department of Mascom Telecom has requested you to fix an error that seems to have been associated with a possible malware attack. This particular malware file seems to have attacked the operating system files on the computer. Which of the following should you use to avoid or alert such an attack in the future?

Answer 76

FIM (File Integrity Monitoring)

is a security technique that alerts the system of any changes made to files that shouldn’t change, such as operating system files.

Question 77

Valiant is an NGO that has very strong opinions against the government. It has faced a number of legal notices and its IP address has been blocked numerous times for voicing out dissent on online forums and social media. Valiant has requested your help as a network analyst to find a way around this problem so that it won’t receive any more legal notices due to IP address tracking. Which of the following methods will you use in this scenario?

Answer 77

Proxy Server

is a server acting as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.

Question 78

Which of the following commands is used to assign a statement to an ACL on Cisco routers?

Answer 78

Access-List

Question 79

Which of the following issues keys to clients during initial authentication?

Answer 79

KDC (Key Distribution Center)

Question 80

Which of the following is used to issue tickets to an authenticated client for access to services on the network?

Answer 80

TGS

Question 81

In which of the following phases of the social engineering attack cycle will an attacker require the most time investment?

Answer 81

Research

*Pic: this cycle might happen quickly over a few seconds, or take much longer, even years.

Question 82

Which of the following methods requires the entry of a code to open a door?

Answer 82

Cipher Lock

or Keypad.

*Pic: a cipher lock can document who enters an area and when.

Question 83

In which of the following forms of attack can an attacker redirect and capture secure transmissions as they occur?

Answer 83

On-Path Attack

previously called a MitM (man-in-the-middle) attack.

EX: Evil Twin attack (type of On-Path attack).

Question 84

You, as a network engineer, want to have an insight into your network’s weaknesses that need attention. You want to search for devices with open ports indicating which insecure service might be used to craft an attack and identify unencrypted sensitive data. Which of the following scanning tools will you use in this scenario?

Answer 84

Nessus

developed byL Tenable Security.

Nessus performs even more sophisticated vulnerability scans than Nmap. Among other things, Nessus can identify unencrypted, sensitive data (such as credit card numbers) saved on your network’s hosts. The program can run on your network or from off-site servers continuously maintained and updated by the developer.

Question 85

Which of the following is not a social engineering strategy?

Answer 85

DoS (Denial-of-Service)

is an attack in which a legitimate user is unable to access normal network resources because of an attacker’s intervention. Most often, this type of attack is achieved by flooding a system with so many requests for services that it can’t respond to any of them.

Question 86

At a security training exercise, you had to devise a strategy to penetrate into an organization’s data room by accessing one of their employee’s ID cards. You decided to demonstrate this exercise by offering a free gift to one of the employees in exchange for a few hours of data room access. Which kind of social engineering method have you used in such a scenario?

Answer 86

Quid Pro Quo

Question 87

Gary is a freelance network analyst. A client approaches him to provide a solution for his firm wherein employees have been found to carry sensitive information out of the office premises. This data breach has led to a lot of market speculations as a result of which there has been a significant drop in the share market prices of the company’s stocks. Gary is contracted to find a solution to this issue. Analyze which of the following options should be carried out by Gary keeping in mind the sensitivity of the situation.

Answer 87

Deploy a DLP solution.

DLP is a security technique that uses software to monitor confidential data, track data access and ownership, and prevent it from being copied or transmitted off the network.

Question 88

As a network administrator, you have asked one of the contracted vendors of the company to ship a consignment of spare parts and components of all the network devices. You have decided to place this order to store the devices for a rainy day. Now, as the consignment has been received by your organization, you want to store these devices in a secure location. Which of the following will you use in this scenario?

Answer 88

Locking Cabinets

is a storage container secured by a locked panel or door that might be used to store documents or hardware not in use.

Question 89

Zeneth Computers is a software development company. It has received a random email claiming that there will be an attempt to hack and extract sensitive financial data of the company before the year end. The company has contacted you, a network analyst, to verify if such claims are indeed true. You have decided to set up a trap for the hackers by putting up a system containing false financial data. Which of the following will you use in this scenario?

Answer 89

Honeypot

is a decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act.

Question 90

You have been appointed as a network administrator at JJ Securities. The CEO of the company has requested your presence to address some security concerns. The CEO feels that certain members of the senior management who have access to privileged accounts might be under serious social engineering attacks by potential hackers. So, the CEO wants you to monitor the activities of these privileged accounts. Which of the following software will you use in this situation?

Answer 90

PAM (Privileged Account Management) tool

Question 91

Rob has enrolled himself as a network security trainee in JV Internet Securities. Which of the following terms should he know to understand the advantage taken of a software vulnerability that hasn’t yet or only very recently become public?

Answer 91

Zero-Day Exploit

Question 92

Which of the following terms identifies the weakness of a system that could lead to compromised information or unauthorized access?

Answer 92

Vulnerability

Question 93

Chelsea is a hacker who befriends Adele McCain over lunch at the cafeteria. Adele is the senior associate of Spandangle Ltd., a private law firm based in Alabama. Chelsea manages to successfully guess Adele’s password to a sensitive database in the law firm. What kind of password attack did she use?

Answer 93

Brute-Force Attack

is an attempt to discover an encryption key or password by trying numerous possible character combinations until the correct combination is found.

Question 94

Kickstart Securities provides network analysis and safety measurement services to various clients. Recently, one of its clients has requested a technician to run a cross-check on the network system to ensure that there are no vulnerabilities that are exposed. You have been sent in to assess the situation and fix the errors if there are any. Which of the following will you use in such a scenario to track the vulnerabilities across systems?

Answer 94

CVE (Common Vulnerabilities and Exposures)

is a dictionary project funded by the U.S. Department of Homeland Security and managed by The MITRE Corporation to index cybersecurity vulnerabilities.

Question 95

Andy Bryant is a network analyst at Freewoods Centre for Policy Research. There are approximately 35 employees currently working on various issues of policy making and research, and this requires access to the network’s resources. He has been asked to set a list of dos and don’ts for all the employees to clarify what is acceptable use of company IT resources and what is not. He also needs to explain penalties for violations and describe how these measures protect the network’s security. Analyze which of the following security policies Andy should implement in this scenario.

Answer 95

AUP (Acceptable Use Policy)

is the portion of a security policy that explains to users what they can and cannot do while accessing a network’s resources and the penalties for violations. It might also describe how these measures protect the network’s security.

Question 96

Which of the following devices scans an individual’s unique physical characters such as iris color patterns to verify the person’s identity?

Answer 96

Biometrics

Question 97

Which of the following testing tools combines known scanning and exploit techniques to explore potentially new attack routes?

Answer 97

Metasploit

*Pic: Metasploit detected a SOHO router’s administrative username and password!

Question 98

Ground Movers Ltd., a courier service provider, has recently encountered certain breaches that have led to packages being stolen and damaged. The company has contracted you, a network analyst, to fix this issue. You plan on installing a device that will be able to provide constant or periodic collection of information. This information can then be used by the management control software for monitoring and reporting. Which of the following devices will you install for Ground Movers Ltd.?

Answer 98

Asset Tags

monitor the movement and condition of equipment, inventory, and people. A simple barcode or a wireless-enabled transmitter, such as the RFID label on the box in the *Pic , asset tracking enables constant or periodic collection of information. This data is then reported to a central management application for monitoring, logging, and reporting.

Question 99

Which of these DoS (denial-of-service) attacks damages a device’s firmware beyond repair?

Answer 99

PDoS (Permanent Dos) Attack

an attack damages a device’s firmware beyond repair. This is called “bricking” the device because it effectively turns the device into a brick. PDoS attacks usually target routers or switches.

Question 100

You are working as a network administrator, and you want to conduct simulated attacks on a network to determine its weaknesses. To do so, you want to check for open ports so that you can remote in using that port and craft an attack. Which of the following software will you use to scan for open ports in this scenario?

Answer 100

Nmap (Network Mapper)

ia a scanning tool designed to assess large networks quickly and provide comprehensive, customized information about a network and its hosts.

Question 101

Bryden is a network analyst who has been recruited into Big Bay Burger’s security management. Which of the following terminologies must he use to explain to the company’s employees about the possibility of someone using a deception in following them into a restricted area?

Answer 101

Piggybacking

ia an attack type in which a person uses deception to follow an authorized employee into a restricted area.

Question 102

Which of the following versions is the most recent iteration of SHA (Secure Hash Algorithm), which was developed by private designers for a public competition in 2012?

Answer 102

SHA-3 (Secure Hash Algorithm)

is a hash algorithm originally designed by the NSA to eliminate the inherent weaknesses of the older MD5 hash

Question 103

The managing director of Seviicco Laminates wants to secure certain financial documents that can only be accessed by him and the finance team of the organization. He wants to install a sophisticated authentication process so that the documents are extremely safe. You have been contracted as a network analyst for this project. After having an overview of the office premises, you decide to provide this security via a specific barcode that will be used as a key to access the documents. Which of the following access control technologies will you install in this scenario?

Answer 103

Smart Locker

*Pic: Scan the barcode from an email to access the package

Question 104

An organization hires you to handle the security policies of the organization. In order to protect the organization’s network from data breaches and potential hacks, you decide to draft a policy that will require the employees of the organization to adhere to a certain set of rules while accessing the network’s resources. To ensure that these rules are followed without fail, you decide to impose certain penalties for situations where violations may occur. Which of the following will help you achieve these standards?

Answer 104

AUP (Acceptable use Policy)

Question 105

Must Eat is a company that allows online food delivery. Must Eat rolls out updates every month for better user interface. Recently, after one of its updates, the network team of the company detects certain unauthorized access to the main data frame of the company. On inspection, the team notices that there has been no breach of sensitive data. What kind of cybersecurity exploitation was attempted by the hackers in this scenario?

Answer 105

A zero-day attack might have been the cause.

Question 106

Hammond Industries has appointed Gavin as the network administrator to set up a complete secured and flawless network throughout the office premises. One of the employees has come to him to fix an error message that keeps popping up every time he tries to open the web browser. He also states that this error started popping up after the external hard drive had been used to transfer some of the necessary documents to the HR’s office. Analyze what kind of malware might possibly be behind this error.

Answer 106

Virus

is a program that replicates itself with the intent to infect more computers, either through network connections when it piggybacks on other files or through the exchange of external storage devices. A virus might damage files or systems, or it might simply annoy users by, for example, flashing messages or pictures on the screen.

Question 107

The University of Claudine plans on opening a new IT division for underprivileged students so that it can offer education free of cost to them. However, the university wants to ensure that there are no data breaches, so it has requested the network administrator to handle the configurations of the computers in order to comply with the organizational policies. Analyze which of the following practices the university should adopt in this scenario so that the network securities are not compromised.

Answer 107

CYOD (Choose your own Device)

Question 108

Youhan has been placed as the security in charge of an organization. Which of the following should he use to monitor the movement and condition of equipment, inventory, and people?

Answer 108

Asset Tags

is a barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people.

Question 109

Game Zone is a well-known games park located in Manhattan that allows gamers to engage in multiplayer competitions. The competitions function smoothly on the opening day, but on the following days, there are multiple instances of the computers getting disconnected temporarily from the wireless network. These connections however function normally when they are reconnected. Which type of attack is this most likely to be?

Answer 109

Deauth Attack (deauthentication)

is an attack on a wireless network in which the attacker sends faked deauthentication frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the deauthentication process and knock one or more clients off the wireless network.

Question 110

The organization where you have been working as a network analyst decides to provide BYOD (bring your own device) options to the employees to cut down on its operating costs. The company has asked you to handle the BYOD policies and the necessary documentation. You have decided to install a software that will automatically handle the configuration process for the wireless clients when they require network access. Which of the following will you use in such a scenario?

Answer 110

MDM (Mobile Device Management)

is software that automatically handles the process of configuring wireless clients for network access.

Question 111

HealthCity Nursing Home is a newly opened hospital with many employees, doctors, nurses, and support staff. The upper management of the hospital wants to draft a security policy that outlines the guidelines, rules, restrictions, and consequences of violations, all of which help minimize the risk involved in allowing restricted access to some users. The doctors who have access to protected patient information must be informed what they can and can’t do with that patient data and what special precautions they must take to protect patients’ privacy. Certain checks and balances must also be maintained and defined in the policy measures in detail. Which of the following security policies should be used in this scenario?

Answer 111

PUA (privileged user agreement)

is a document that addresses the specific concerns related to privileged access given to administrators and certain support staff.

Question 112

Huey Dewey Ltd. is a talent management company with over a hundred employees. Gary has been appointed as a system analyst to ensure security across the office term-35networks during and after the period of employment. Some user accounts are given privileged access, which allows the users to perform more sensitive tasks, such as viewing or changing financial information, making configuration changes, or adjusting access privileges for other users. Analyze which of the following security precautions Gary should implement so that he can avoid users logging into the accounts even after their termination.

Answer 112

Limited Duration

privileged accounts should be carefully accounted for and disabled as soon as they’re not needed, such as when an employee is terminated.

Question 113

William has been working as a senior networking professional at Mediaworks Ltd. The company has a very strict policy regarding employees’ access to certain key rooms in the organization. The company wants William to provide a specific access technology to only a few selected employees so that they can access those certain rooms. Which of the following options are best suited for William in this scenario?

Answer 113

Cipher Lock

or keypad.

Question 114

Kristen has plans of starting an online food delivery company. She plans on making the company one of the most secured portals for online food delivery. She hires Brad, a network consultant, to guide her through the necessary security protocols. Brad conducts all the necessary security checks and involves a white hat hacker too to point out any vulnerability that might be overlooked. Analyze if Brad needs to conduct any other risk assessment procedures in this scenario.

Answer 114

He should conduct a vendor risk assessment.

a Vendor Risk Assessment is an evaluation of security and compliance risks related to suppliers and vendors a company does business with. Also called a third-party risk assessment.

Question 115

To ensure better security measures for the computers used in your organization, you, as a network administrator, have decided to update the passwords of each computer on a weekly basis. But managing and changing the passwords for all the computers is a tiresome task. Hence, you decide to apply a security measure with the help of a password management software. Which of the following software will you use in this scenario?

Answer 115

LastPass

is an online password manager and form filler.

Question 116

You have been invited to the University of Bert to deliver a lecture on network security. In your presentation, you want to focus solely on malware that can harm a system or its resources by disguising itself as something useful. Which of the following categories of malware would be best suited to demonstrate such an example?

Answer 116

Trojan Horse or Trojan

because Trojan horses do not replicate themselves, they are not considered viruses. An example of a Trojan horse is an executable file that someone sends you over the Internet, promising that the executable will install a great new game, when in fact it erases data on your hard disk or mails spam to all the users in your email app’s address book.

Question 117

Which of the following is a type of DoS (denial-of-service) attack that is bounced off uninfected computers before being directed at the target?

Answer 117

DRDoS Attack (Distributed Reflection DoS)

the attack is achieved by spoofing the source IP address in the attack to make it look like all the requests for response are being sent by the target. As a result, all the reflectors send their responses to the target, thereby flooding the target with traffic, as shown in *Pic.

Question 118

Which of the following anti-malware software will slow down your network performance considerably?

Answer 118

Server-Based

Question 119

You are working as a network analyst at BBM Infotech. The entire network of computers in the organization had recently been at the receiving end of an attempted hack that eventually turned out to be unsuccessful. However, certain computer systems have sustained sufficient damages. After inspection, it has been found that the firmware in few of the switches has been completely damaged because of the attack. What kind of an attack is this most likely to be?

Answer 119

PDos Attack (Permanent Dos) Attack

an attack damages a device’s firmware beyond repair. This is called “bricking” the device because it effectively turns the device into a brick. PDoS attacks usually target routers or switches.

Question 120

Robert has been working as a network security expert for Indus Grow Wealth Management, which allows its clients to view their current loan status online. With the recent cases of attempted hacks in banking systems, Robert has decided to test the security systems by hiring hackers to try and analyze the security risks at Grow Wealth Management. Analyze who among the following would best suit Robert’s requirement in this scenario.

Answer 120

White Hat Hackers

Question 121

SMCS School has hired you to set up an Internet connection within the school premises. The Internet connection will be utilized by both the junior and senior sections of the school situated in two different buildings on the same campus. Which of the following types of network will you install in this scenario?

Answer 121

CAN Campus Area Network)

Question 122

As a network administrator, a client has approached you to set up the network for MKV, a software company. The company requires sufficient amounts of data for both uploading and downloading purposes; however, it prefers a connection that has better download speed. Which of the following DSL varieties do you think is best suited for such a requirement?

Answer 122

VDSL (Very high rate DSL or Variable DSL)

is a type of DSL. It is faster than ADSL and also asymmetric. Has faster download speeds than upload speeds. EX: for companies located close to a telephone company CO (Central Office) (in the middle of a metropolitan area).

Question 123

You are employed as a network engineer. While setting up a client’s connection, the client requests you to display trunks configured on a switch. Which of the following commands will you use in this scenario?

Answer 123

sh int tr

Question 124

You are working as a network engineer at Krofter Securities. The organization uses Cisco’s Linux OS in all of its workstations. The network administrator has asked you to use the route utility to delete some static routes used by the router. Which of the following commands will you use in this scenario?

Answer 124

route

Question 125

Which of the following commands can be used to change a device’s name?

Answer 125

hostname

Question 126

Which of the following traverses a significant distance and usually supports very high data throughput?

Answer 126

WAN

Question 127

Browski is a company that deals with SD-WAN (software-defined wide area network) units. The management of Browski wants to present an audio-video presentation at one of the network exhibitions to demonstrate its new product. As a network administrator working there, you have been asked to go through a few pointers in the presentation to verify the accuracy of the content. Analyze if any of these aspects do not apply to SD-WAN.

Answer 127

SD-WAN can be more expensive than leased lines.

Question 128

As a network analyst, you have to separate the digital communication of data in a GSM network. Which of the following will you use in this scenario?

Answer 128

TDMA (Time Division Multiple Access)

is a method of multiplexing in which signals from several sources on a channel are separated by timeslots.

Question 129

Crom Breweries is an old client of HW Internet Solutions. Crom’s IT department calls HW Solutions to inform that the interface is down. HW Solutions sends a network analyst to check the situation. The network analyst assumes that an employee must have shut down the interface. He applies the show interface command to get an overview of all the devices interfaces. Analyze which of the following will help the network analyst to know whether the interface was shut down.

Answer 129

Link State

Question 130

Which form of communication is well suited to users who receive more information from the network than they send to it?

Answer 130

ADSL (Asymmetric DSL)

is the most common form of DSL. Faster download speeds than upload speeds. EX: Surfing the Web, watching a movie.

Question 131

XYZ Ltd. is a company that has 12 regional offices around the world. All the major operations of the company are carried out from the headquarters based in New York. XYZ Ltd. has approached you, a network facilitator, to install a WAN service that can manage network configurations at multiple locations throughout the world. Which of the following WAN services would you advise to XYZ Ltd. in this scenario?

Answer 131

SD-WAN (Software-Defined Wide Area Network)

abstracted, centralized control of networking devices that manage network functions across a diverse infrastructure.

*Pic: SD-WAN supports many underlying WAN connectivity technologies.

Question 132

Beevan works as a network analyzer for an ISP. The network manager has asked him to use a protocol for the routers that can scan beyond the home territory and can instruct a group of routers to prefer one route over other available routes. Analyze which of the following should be used in this scenario.

Answer 132

BGP (Border Gateway Protocol)

dubbed the “Protocol of the Internet,” this path-vector routing protocol is the only current EGP (Exterior Gateway Protocol) and is capable of considering many factors in its routing metrics.

Question 133

Bradley has been running a business in his garage for over a period of 10 years. He plans on expanding the business by opening up three new offices in three different cities. Since he has accumulated sufficient profits to move to a larger office space, he plans to upgrade his network connection to one with a dedicated and symmetrical bandwidth. Bradley approaches Mantle Solutions, an ISP. Which of the following options should be offered by the ISP in this term-4scenario?

Answer 133

Leased Lines

dedicated Internet bandwidth provided over fiber-optic connections.

*Pic: Each location needs its own Leased Line

Question 134

Which of the following devices serves as the endpoint for a dedicated connection between an ISP and a customer?

Answer 134

CSU/DSU (Channel Service Unit/Data Service Unit)

Question 135

You are working as an executive for a cable company. A client raises a request to set up a network that uses fiber-optic cabling to connect your company’s distribution center to distribution hubs and then to optical nodes near its customers. From the following network options, which one would you recommend in the given scenario?

Answer 135

HFC (Hybrid Fiber Coaxial)

either fiber-optic or coaxial cable then connects a node to each customer’s business or residence.

*Pic: HFC Infrastructure

Question 136

You are employed as a network engineer. While setting up a client’s connection, the client requests you to display the concise network layer information of the device interface that is being installed. Which of the following commands will you use in this scenario?

Answer 136

sh ip int br

Question 137

You are working as a network engineer with an ISP. A query has come to you from a client who requires a guarantee of minimum uptime percentages if the service goes down. Which of the following will you choose in this scenario?

Answer 137

DIA

Question 138

You, as a network engineer, have recently established a network connection for three separate department buildings in a university. One of the departments has complained that the signal strength it receives is not the same as the signal strength the other two buildings receive. Which of the following will you use in this scenario?

Answer 138

Line Drivers

Question 139

Nathan has plans of opening a call center. He will require a network connection that will have a bare minimum of 3 Gbps upstream and at least 8 Gbps downstream throughput. Analyze which of the following will provide a solution to Nathan.

Answer 139

Using a DOCSIS 4.0 for maximum throughput.

DOCSIS (Data Over Cable Service Interface Specifications). Cable broadband was standardized by an international, cooperated effort orchestrated by CableLabs that yielded a suite of specifications called DOCSIS. The newest standard, 4.0, allows for symmetric multi-gigabit speeds up to 10 Gpbs downstream and 6 Gpbs upstream.

Question 140

Which of the following is a more intelligent version of an NIU (network interface unit)?

Answer 140

Smartjack

are able to loop ISP’s signal back to CO (Central Office) for testing.

Question 141

White Hawks runs a baseball stadium, and it would like to set up a network that has a reasonable level of availability and effectiveness so that fans can receive a close and strong signal throughput when they watch a game. Analyze which of the following statements will help in understanding why a 5G service is ideal in this scenario.

Answer 141

The Cell Density for the network must be close.

Question 142

You are currently working as a network engineer at GHP Ltd. The network administrator tells you to change a default route and apply the best route available so that the path to the destination can be shortened. Which of the following will help you in doing so?

Answer 142

Routing Cost

the more desirable the path, the lower its cost.

Question 143

A network administrator has asked Robin, a network engineer, to use OSPF (Open Shortest Path First) along with RIP (Routing Information Protocol) on an edge router in a network so that it demands more memory and CPU power for calculations but keeps network bandwidth to a minimum with a very fast convergence time. Identify and analyze which characteristic of OSPF signifies this.

Answer 143

Low Overhead, Fast Convergence

-OSPF (Open Shortest Path First) is an IGP (Interior Gateway Protocol) and link-state routing protocol that improves on some of the limitations of RIP (Routing Information Protocol) and can coexist with RIP on a network.

-Overhead: the burden placed on the underlying network to support a routing protocol.

-Convergence Time: the time it takes for routers on a network to recognize and adjust to configuration changes or a network outage.

Question 144

Your network administrator has asked you to change the subnet mask of the Cisco router used in the organization. Which of the following Cisco CLI modes would you apply in this scenario?

Answer 144

Interface Configuration

Question 145

Moses wants to update the interface of a router. He plans on having a check on the current running configuration file and then wants to copy the running configuration file to the startup configuration file. Analyze which CLI mode Moses must use in this scenario.

Answer 145

Use the privileged EXEC mode to apply the changes

Question 146

Global ISP has received the tender for a project that requires the company to run a fiber connection to provide Internet connection to 120 families in an area simultaneously. Analyze which of the following would be feasible for Globe ISP in this scenario.

Answer 146

Providing the connection using FTTN (Fiber-to-the-Node or Fiber-to-the-Neighborhood)

is a nearby service junction that serves a few hundred customers.

Question 147

Which of the following commands lists a router’s routing table information?

Answer 147

show ip route

Question 148

Examine the following circumstances as a network analyst and analyze in which of the following conditions MANs (metropolitan area networks) cannot be useful.

Answer 148

Connecting a clothing manufacturer to sell its products to customers worldwide

Question 149

Fox Agro, a small business, faces network congestion and connection failures, which affect the network. As a result, the quality of performance of the unit gets adversely affected. You are appointed as a network administrator to determine the best solution to this problem. Which type of routing path will you use to solve this problem?

Answer 149

Dynamic Route

is a route automatically calculated by the router to determine the best path between two networks. As dynamic routes are identified and calculated, this information is collected in a routing table.

Question 150

Which of the following devices contains ports to connect both to an incoming telephone line and to a computer or network connectivity device?

Answer 150

DSL Modem

Question 151

Which of the following statements about MPLS (multiprotocol label switching) is not true?

Answer 151

MPLS does not offer any decreased latency.

Question 152

Mr. X wants to use cellular technology that offers at least 5 Mbps of download speed. He consults you about this. Which of the following cellular technologies will you suggest?

Answer 152

5G

Question 153

You are working as a technical specialist for an ISP. The network administrator has asked you to set up a router for a client with a routing protocol that will use a distance-vector algorithm and is limited to 15 hops. Which of the following will you use?

Answer 153

RIPv2 (Routing Information Protocol, Version 2)

is an updated version of the original RIP routing protocol that generates less broadcast traffic and functions more securely than its predecessor

Question 154

Which of the following refers to any router outside an organization’s AS(autonomous system), such as a router on the Internet backbone?

Answer 154

Exterior Router

is a router that directs data between autonomous systems.

Question 155

LTE (Long-Term Evolution) and LTE-A (LTE advanced) are variations of which generation of cellular network?

Answer 155

Fourth Generation (4G)

is a mobile phone service that is characterized by an all-IP network for both data and voice transmission and throughput of 100 Mbps up to 1 Gbps.

Question 156

You are working as a network analyzer for an ISP. A client has approached you to set up a network connection for a bank with offices around the state. The network needs to connect these offices with each other in order to gather transaction and account information into a central database. Which of the following connections will you provide in this scenario?

Answer 156

WAN

Question 157

Which of the following IGPs supports large networks, calculates more efficient best paths than RIPs, and uses algorithms that prevent routing loops?

Answer 157

OSPF (Open Shortest Path First)

Question 158

You are working as a network engineer for an ISP. You have successfully set up a home Internet connection for a client. The ISP requires the network engineers to provide a document with specifications and tests that the customer can run on their own to check various aspects of their connectivity. However, in the document that you provided you forgot to mention the functionality of speedtest.net in the document. So, the client calls you with a query about the use of speedtest.net. Which of the following will be your reply to the client in this scenario?

Answer 158

It is used for bandwidth speed tests.

Question 159

Identify which router connects an autonomous system with an outside network, also called an untrusted network.

Answer 159

Edge Router

Question 160

An ISP’s headquarters is located in Philadelphia, and it has a branch office in Canada. The ISP wants to ship an edge device to the branch location where a non-technical person can plug in the device without any configuration needed on-site. Which of the following should be used in this scenario?

Answer 160

SD-WAN

Question 161

Rodri has been contracted by an ISP to set up an IPv6 address for MIL Ltd. The RIR (regional Internet registry) has assigned the ISP a block of 32-bit routing prefix. The ISP will provide MIL Ltd. with a /48 site prefix. Analyze which of the following scenarios will help Rodri in calculating the total number of possible subnets.

Answer 161

MIL Ltd. can create up to 65,536 Subnets

Question 162

You, as a network administrator, are calculating the range of host IP addresses for a subnet (the targeted subnet). If the next subnet’s network ID is 192.168.50.119, what is the targeted subnet’s broadcast address?

Answer 162

192.168.50.118

Question 163

Which of the following is a valid IP address for a network ID of 191.254.0.0 using 11 bits for subnetting?

Answer 163

191.254.1.29

Question 164

Your network administrator wants you, a network analyst, to partition a VLAN broadcast domain. However, he has asked you to ensure that the host can connect with the Internet. Which of the following will you use in this scenario?

Answer 164

Community VLAN

Question 165

Mason, a new network engineer in your organization, has set up the configuration of the switch ports to other network devices. On inspection, you, the network administrator, realize that the configuration has been made using access mode instead of trunk mode. What kind of a configuration error are you facing in this situation?

Answer 165

Incorrect Port Mode

Question 166

Which of the following can be used to provide administrative access to a switch?

Answer 166

Management VLAN

Question 167

The organization where you are currently working as a network administrator has a class A network address 10.0.0.0 with 40 subnets. You want to add another 60 new subnets to the network. You would like to still allow for the largest possible number of host IDs per subnet. Which of the following subnet masks will you choose in this scenario?

Answer 167

255.254.0.0

Question 168

You are working on a network device that has a subnet mask of /26. How many IP addresses are available according to you?

Answer 168

62

Question 169

JVC Corporations is a multinational company that has a variety of products worldwide. You are working as a network engineer with the network management team of the company. The network administrator has requested you to submit a network document after subdividing the smaller network of Human Resources into a separate network segment so that it is convenient for troubleshooting. Under which of the following groupings will you place this network segment in this scenario?

Answer 169

Departmental Boundaries

Question 170

How many bits are used in a network with a subnet of 255.0.0.0?

Answer 170

8

Question 171

Globcom is a call center operating in California. It has hired you as a network administrator to set up a voice VLAN to ensure the quality of voice transmissions. Which of the following will not be of immediate priority while setting up the VLAN connection?

Answer 171

Untagged Frames

Question 172

You are working on an IPv6 address 2608:FE10:1:AA:002:50FF:FE2B:E708. You want to create subnets within this IP address. Which of the following will you choose to alter when creating subnets for this address?

Answer 172

AA

Question 173

You as a network administrator want to protect the network from unauthorized traffic, and for this reason, you decide to change the native VLAN to an unused VLAN so that the untagged traffic is essentially directed toward a dead-end. Which of the following commands will you use to do this on a Cisco switch?

Answer 173

Switchport Trunk Native VLAN

Question 174

Murphy Communications has been running a VLAN-managed network to connect different devices. You as a network analyst want to assign a name to the VLAN network, but you are unable to do so. What kind of VLAN is most likely being used in the organization?

Answer 174

Default VLAN

is a preconfigured VLAN on a switch that cannot be renamed or deleted.

Question 175

The network administrator has asked you to subnet a network that has 5 subnets, each with at least 16 hosts. Which subnet mask would you use?

Answer 175

255.255.255.240

Question 176

The part which identifies the network in an IPv4 address is known as _____.

Answer 176

The Network ID

Question 177

Which of the following will allow subnets to be further subdivided into smaller and smaller groupings until each subnet is about the same size as the necessary IP address space?

Answer 177

VLSM (Variable Length Subnet Mask)

is a subnetting method that allows subnets to be further subdivided into smaller groupings until each subnet is about the same size as the needed IP address space.

Question 178

Analyze which of the following can be used to establish a static VLAN assignment for a device.

Answer 178

Assigning a VLAN based on the switch port of the device is connected to.

Question 179

Which of the following carries user-generated traffic, such as email, web browsing, or database updates?

Answer 179

Data VLAN

Question 180

Subnetting, which alters the rules of classful IPv4 addressing, is known as _____.

Answer 180

Classless Addressing

Question 181

Analyze which of the following is true about a default VLAN.

a. Ports in default VLAN can be reassigned to other VLANs.
b. To protect a network from unauthorized traffic, a default VLAN should be changed to an unused VLAN.
c. A default VLAN can be used to carry user-generated traffic, such as email, web browsing, or database updates.
d. A default VLAN supports VoIP traffic, which requires high bandwidths, priority over other traffic, flexible routing, and minimized latency.

Answer 181

Ports in default VLAN can be reassigned to other VLANs.

Question 182

The headquarters of BBK Solutions has detected a possible attack with the help of VLAN tags. Mathews is the head of the Network Administration department in BBK Solutions, and he has to come up with security measures to prevent such instances from occurring in the future. Which of the following security measures should Matthews consider keeping the VLAN pathway as the primary focus?

Answer 182

The default VLAN should not be used.

Default VLAN is a preconfigured VLAN on a switch that cannot be renamed or deleted.

Question 183

What will be the number of hosts per subnet in a 255.255.255.240 IPv4 class C subnet mask?

Answer 183

14

Question 184

Bilmain Manufactures has recruited you as a network administrator to handle the organization’s network operations. You want to set up a class A IP address. What will be the subnet mask for this class A address?

Answer 184

255.0.0.0

Question 185

Brown Industries consults you to review and check for faults in the recently installed port-based VLAN network on its premises. The VLAN has been segmented according to Brown Industries’ departments such as Sales, Finance, and Marketing. On inspection, you realize that a virtual sales client, which should have been plugged into port 6, has been plugged into port 1, which is reserved for marketing clients. What kind of configuration error are you facing in this situation?

Answer 185

Incorrect VLAN Assignment

Question 186

In the formula 2 n = Y, what does n represent?

Answer 186

It is the number of bits that must be switched from the host address to the network ID.

Question 187

You as a network analyst want to make certain changes to a VLAN database, and you want these changes to be reflected in all the other switches in the network. Which of the following will you use?

Answer 187

Stack Master

Question 188

Which of the following will you use to assign a VLAN based on the switch port the device is connected to?

Answer 188

Static VLAN Assignment

Question 189

You have been appointed to design a subnet mask for a network. The current IP address of the network is 192.168.89.0. You have been requested by the network administrator to divide this local network into nine subnets to correspond to the organization’s nine different floors. How many bits will you borrow from the host portion of the ID address in this scenario?

Answer 189

Four Bits

Question 190

What is the term used to identify the first four blocks that normally help to identify a network?

Answer 190

Site Prefix

is the first four blocks or 64 bits of an IPv6 address that normally identify the network. Also called Global Routing Prefix.

Question 191

You are a network analyst at a securities firm. You have to assign an identifier to each VLAN used in the network so that the connecting devices can identify which VLAN a transmission belongs to. Which of the following will you use in such a situation?

Answer 191

SAID (Security Association Identifier)

indicates to other connectivity devices which VLAN a transmission belongs to.

Question 192

You as a network engineer want to create a subnet that supports 16 hosts. Which of the following subnet masks will you use in this scenario?

Answer 192

255.255.255.224

Question 193

You are working as a network engineer for ABC Ltd. You have been instructed to translate the slash notation /20 into a subnet mask. Which of the following will you select?

Answer 193

255.255.240.0

Question 194

An attack has been detected in your network system by one of the network engineers. Analyzing the attack, you come to know that the system was accessed through one of the switches where the hacker fed his own VLAN traffic into the port and accessed the network. What kind of an attack have has been experienced in this scenario?

Answer 194

Switch Spoofing

Question 195

Phillips is a trainee who is currently on probation at ICP Solutions. Under which of the following groupings will he classify the network segment of the floors of a building connected by a LAN?

Answer 195

Geographic Locations

Question 196

The network administrator has instructed you to set up multiple logical VLANs to receive and transmit data. He has asked you to connect one of the switches to a router so that the interface can manage the traffic from multiple VLANs. Which of the following will you use in this scenario?

Answer 196

Trunking

Question 197

Calculate the total number of hosts per subnet that you can derive from the network ID 192.168.1.0 255.255.255.224.

Answer 197

30

Question 198

When a router connects to a switch that supports multiple VLANs, it is sometimes called _____.

Answer 198

A Router-on-a-Stick

Question 199

Which of the following VLANs receives all untagged frames from untagged ports?

Answer 199

Native VLAN

Question 200

Identify the current name of a DMZ (demilitarized zone).

Answer 200

Screened Subnet

also known as DMZ.

is an area on the perimeter of a network that is surrounded by 2 firewalls, an external firewall porous enough to allow more types of traffic, and a hardened internal firewall that provides greater protection to the internal network.

Question 201

Basil Telecommunications have hired you as a network manager for providing a network system that will include redundant processors, backup generators, and earthquake-resilient installation. You have decided that the average downtime per year cannot be more than 5 minutes 15 seconds. Which of the following will you use in this scenario?

Answer 201

Five 9s = 99.999%

Question 202

James has been appointed as the service manager in one of the outlets for Grason Communication, which sells switches and routers. A client approaches James with a query from a network provider who is requesting for an alternative router that is less expensive and will work within layer 5 and layer 7 in the OSI (open systems interconnection) model. Analyze which of the following options James should present to his client in this scenario.

Answer 202

Layer 4 Switches

is a switch capable of interpreting layer 4 data, which means it can perform advanced filtering, keep statistics, and provide security functions.

Question 203

As a network administrator of your company, you have decided to implement redundant connections between network devices to solve problems like network bottlenecks. You have decided to implement this change so that multiple network interfaces and ports can act as one logical interface and focus on increasing total throughput and better load balancing. Which of the following will you use to implement this change in your Windows devices?

Answer 203

NIC Teaming

is the seamless combination of multiple network interfaces or ports on Windows devices to act as one logical interface.

Question 204

You have been working as the network administrator for JP Steels. In order to cut down on operating costs, you plan to install a firewall’s OS (operating system) in a VM on an inexpensive server, instead of purchasing an expensive hardware firewall to protect a LAN. Hence, you no longer require a firewall that runs on its own OS. Which of the following firewalls will you purchase in this scenario?

Answer 204

BARRACUDA’S CLOUDGEN Firewall Device

Question 205

As a network administrator, you want to modernize your network with modular software running on standard server platforms. You want to start by replacing traditional, custom-designed network equipment. You also wish to have flexible, cost-saving options for many types of network devices, including virtual servers, data storage, load balancers, and firewalls. Which of the following will you use in such a scenario?

Answer 205

NFV (Network Functions Virtualization)

is a network architecture that merges physical and virtual network devices.

Question 206

Which of the following is a multipath link-state protocol?

Answer 206

TRILL (Transparent Interconnection of Lots of Links)

is a multipath, link-state protocol developed by IETF. TRILL is newer technology to improve on or replace STP.

Question 207

You have been working with an ISP (Internet service provider) as a network engineer. You have made multiple WAN (wide area network) connections over a period of time. Recently, you have received complaints from various clients about network failure, which is having an effect on their day-to-day business. This network failure is primarily caused by some bugs in a few of the network devices. In order to protect your clientele, you have decided to provide an additional information sheet that will specifically state the amount of time you will take to fix the issue. Which of the following will you use to calculate the average amount of time required to repair the faulty device?

Answer 207

MTTR (Mean Time to Repair)

is the average amount of time required to repair a device or restore a service.

Question 208

Ross is running a small data entry back office, for which he has contracted you for network management. Ross has made it very clear that because he has just started the company he wants to cut down on expenses wherever he can. One such option involves the router-he wants to exchange the router with a similar but less expensive alternative. Which of the following will you refer to Ross in such a situation?

Answer 208

Layer 3 Switch

is a switch capable of interpreting layer 3 data and works much like a router in that it supports the same routing in that it supports the same routing protocols and makes routing decisions.

Question 209

Cloud computing offers many significant advantages and opportunities for expansion, but it has its disadvantages as well. Which of the following options is the cheapest and simplest alternative to a cloud?

Answer 209

Internet

Question 210

Which of the following switches can be configured via a command-line interface or a web-based management GUI (graphical user interface)?

Answer 210

Managed Switch

is a switch that can be configured via a command-line interface or a web-based management GUI, and sometimes can by configured in groups.

Question 211

For over a decade, Ramanathan has been working as a network engineer in an MNC that uses FC (Fibre Channel) networking architecture. His primary duty is to ensure that there are no issues in the network connections between servers and SAN (storage area network) devices, so that maximum throughput is achieved at all times. Recently, one of the connections of the FC device to the network malfunctioned, which Ramanathan has to fix. Analyze which of the following Ramanathan should do in this scenario.

Answer 211

Connect the FC devices to the network through HBAs

FC (Fibre Channel)

HBA (Host Bus Adapters)

Question 212

Which of the following protocols allows a pool of computers or interfaces to share one or more IP addresses?

Answer 212

CARP (Common Address Redundancy Protocol)

is a protocol that allows a pool of computers or interfaces to share one or more IP addresses.

Question 213

Which cloud characteristic allows a provider to limit or charge by the amount of bandwidth, processing power, storage space, or client connections available to customers?

Answer 213

Measured Service

Question 214

Which of the following terms refers to the technique of grouping redundant resources such as servers so they appear as a single device to the rest of the network?

Answer 214

Automatic Failover

Question 215

Which of the following will help evenly distribute traffic to each device in a cluster so every device carries a portion of the load?

Answer 215

Load Balancer

is a device that distributes traffic intelligently among mutiple devices or connections.

Question 216

Jasper Infotech have an issue with their network system-a malfunctioning NIC on a router caused network outages. They have hired you specifically to ensure that the network system does not collapse when there is an unexpected hardware or software malfunction. Which of the following terms will you refer to while fixing this issue for Jasper Infotech?

Answer 216

Fault Tolerance

Question 217

You are working as one of the network administrators of Wells & Welsh Associates. The company wants to provide network administrators with more centralized control of network settings and management. For this reason, the department has decided to use an SDN (software-defined networking) controller to allow network administrators to remotely manage network devices and monitor data collected about these devices. Which plane of the SDN will enable you to allow such a feature?

Answer 217

The Management Plane

Question 218

Which of the following protocols can detect and correct link failures in milliseconds?

Answer 218

RSTP (Rapid Spanning Tree Protocol)

is newer technology to improve on or replace STP. Defined in IEEE’s 802.1w standard, and MSTP (Multiple Spanning Tree Protocol), originally defined by the 802.1s standard.

Question 219

Which of the following is a distinct network of storage devices that communicate directly with each other and with other portions of the network?

Answer 219

A SAN

Question 220

Valentina is employed under the network management team at Iris Global Services, which is a software management firm. Following a recent hacking attempt at its office, the network administrator wants her to cross-check whether security precautions have been enabled on the STP interfaces so that the information transmitted by the BPDUs can be protected. On inspection, she discovers that the security precautions have not been configured. Analyze what Valentina should do in order to prevent a rogue switch or computer connected to one of these ports from hijacking the network’s STP paths.

Answer 220

Use a BPDU Guard to Block BPDUs

(Bridge Protocol Data Units)

Question 221

Glenn, who is working as a network engineer, has been instructed to automate many tasks to work together in a complex and lengthy workflow. What is the term for this process?

Answer 221

Orchestration

Question 222

You have been hired as an assistant to the head network administrator in an ISP (Internet service provider). While setting up the network for one of your clients, he wants you to check whether sufficient security precautions have been taken to ensure none of the customer’s switches becomes the ISP’s root bridge. Which of the following will you use in this scenario to ensure that the appropriate security measures have been taken?

Answer 222

Root Guard

prevents switches beyond the configured port from becoming the root bridge.

Question 223

You run a website called Offhand that sells exclusive handmade home decor items. On Mother’s Day, the website unexpectedly receives a burst of traffic following the marketing campaign designed for this occasion. Thankfully, you are equipped with a good cloud service model and hence you are able to increase the cloud resources the website needs without disrupting your web services. Which of the following cloud characteristics helped you manage the situation easily?

Answer 223

Rapid Elasticity

Question 224

Which of the following cloud models makes resources available to users through a WAN connection?

Answer 224

Private Cloud

Question 225

You have been working as a network administrator at Yong Solutions, which is an ISP (Internet service provider). The switches used in the storage network of the ISP essentially use the STP (Spanning Tree Protocol) for detecting link failures. You have been asked to upgrade the STP because repeated reports of network transmissions being bogged down have been received. Which of the following will you use in this scenario?

Answer 225

SPB (Shortest Path Bridging)

is a descendent of STP and is defined in IEEE’s 802.1aq standard. SPB differs from earlier iterations of STP in that it keeps all potential paths active while managing the flow of data across those paths to prevent loops. By utilizing all network paths, SPB greatly improves network performance. Protocols designed to replace STP, such as SPB, operate at layer 3 instead of or in addition to layer 2.

Question 226

The Centre for Equity Studies is a not-for-profit organization in Staten Island, New York, working in the human rights sector. Currently, because of the pandemic, the employees work from home. They work in association with three other initiatives, all of them involved in the same sector. Hence, there are a lot of resources that are routinely shared among all of them but not with the general public. You have been assigned the task of selecting one cloud model, keeping in mind the working conditions and the requirements of the users. Which of the following would suit this organization the most?

Answer 226

A Community Cloud

Question 227

As a network administrator of Wheeling Communications, you have to ensure that the switches used in the organization are secured and there is trusted access to the entire network. In order to maintain this security standard, you have decided to disable all the unused physical and virtual ports on your Huawei switches. Which of the following commands will you use to bring your plan to action?

Answer 227

Shutdown

Question 228

Lewis has been hired as an assistant to the head network administrator. He needs to understand the basic functioning of certain STP (Spanning Tree Protocol) features that will block BPDUs (Bridge Protocol Data Units) on any port serving network hosts. Which of the following will he use for such purposes?

Answer 228

BPDU Guard (Bridge Protocol Data Units)

Question 229

You, as a network administrator, plan on running a trial for a beta version of an application. The idea is to install the application on a guest machine. You plan on doing this because you would rather have the untested software cause errors on the guest machine than on the host. Which of the following will you use in this instance?

Answer 229

VirtualBox

In VMware and VirtualBox, you can choose the bridged connection type when you create or configure the virtual adapter. In KVM, you create a bridge between the VM and your physical NIC when you modify the vNIC’s settings. In Hyper-V, you create a bridged connection type by assigning VMs to an external network switch.

Question 230

In which of the following modes will a vNIC access a physical network using the host machine’s NIC?

Answer 230

Bridged Mode

is a type of network connection in which a vNIC accesses a physical network using the host machine’s NIC. The bridged vNIC obtains its own IP address, default gateway, and subnet mask information from the physical LAN’s DHCP server.

Question 231

Which of the following creates and manages a VM (virtual machine) and allocates hardware resources for the host and any of its guest VMs?

Answer 231

Hypervisor

is the element of virtualization software that manages multiple guest machines and their connections to the host (and by association, to a physical network).

Question 232

Krypton Spares and Parts is an MNC dealing in motorcycle spare parts. The administration department of the company has constantly been complaining of severe network issues, and you have been hired to fix the issues. On inspection, it has come to your notice that these network fluctuations are primarily because of flooding attacks from broadcast and multicast traffic. Which of the following do you plan on using to fix this issue?

Answer 232

Storm Control

Question 233

As a developer, you need frequent access to multiple platforms during the development process. Rather than purchasing and maintaining a separate device for each platform, you have decided to avail the cloud service option. You are looking to build and test the applications within these virtual, online environments, which are tailored to the specific needs of the project. The cloud service model should have servers that provide only the resources needed to run an application and also allow customers to run their code directly in the cloud without having to manage a server environment at all. Which of the following cloud service models do you think would be appropriate considering your requirements?

Answer 233

PaaS (Platform as a Service)

is a cloud service model in which various platforms are provided virtually, enabling developers to build and test applications within virtual, online environments tailored to the specific needs of a project.

Question 234

In order to achieve the utmost fault tolerance, as a network administrator, you want to ensure that critical devices are all equipped with redundant NICs, routers, and processors, which are able to immediately assume the duties of an identical component in case one of the components fails. Which of the following will help you ensure these devices contain the necessary components you require?

Answer 234

Automatic Failover

in the event of a component failure, the ability of a redundant component to immediately assume the duties of the failed component.

Question 235

Which of the following planes is made up of the physical or virtual devices that receive and send network messages on their way to their destinations?

Answer 235

The Infrastructure Plane

an SDN (Software-Defined Networking) construct made up of physical or virtual devices that receive and send network messages. Also called Data Plane.

Question 236

Blue Whale is an e-commerce website that has hired you as part of the network management team. The network administrator has delegated one of his tasks to you, which requires you to allow and configure more than one MAC address in one of the ports. Which of the following commands will help you complete the task at hand?

Answer 236

allowed-mac

Question 237

Which of the following network technologies uses a transport layer protocol that runs on top of TCP to allow fast transmissions over LANs, WANs, and the Internet?

Answer 237

iSCSI (Internet SCSI)

is a transport layer protocol used by SANs that runs on top of TCP to allow fast transmission over LANs, WANs, and the Internet.

Question 238

Scott & Wayne Law Associates is a private law firm in Atlanta specializing in cases involving violation of environmental laws. The firm currently has approximately 50 employees who all work on various matters and in different departments. You have been hired as a network administrator and tasked with finding a suitable cloud model for the firm. The firm is looking for a comparatively low-cost cloud model that can be accessed only by the employees and senior management but not its clients or third parties. Which of the following cloud models would you choose?

Answer 238

A Private Cloud

Question 239

What is the downtime per day for a system showing 99.9% availability?

Answer 239

1 Minute & 26 Seconds

Question 240

You already have a running network in your organization, but because of the recent influx of network traffic and as a network engineer, you want to take a more organized approach in designing the network so that every device can function optimally. You have decided to add highly efficient multilayer switches to pass traffic in and out of a few backbone ports as quickly as possible. Which of the following layers of the network architecture will you use to bring in this change to your network?

Answer 240

The Core Layer