ITProTV - NET+ 008 Practice Exam: Baseline #1 Flashcards
** Which WAN technology offers the highest potential bandwidth?
Frame Relay T3 E3 FDDI OC-3
OC-3
Explanation: SONET WAN Technologies - Frame Relay up to 1.544 Mbps - OC-1 speeds up to 51.84 Mbps - OC-3 speeds up to 155.52 Mbps - OC-12 speeds up to 622.08 Mbps - ATM speeds up to 622 Mbps
** While troubleshooting a network outage on a 10GBase-SW network, a technician finds a 500-meter fiber cable with a small service loop and suspects it might be the cause of the outage. Which of the following is MOST likely the issue?
bend radius exceeded
maximum cable length exceeded
dirty connectors
RF interference caused by impedance mismatch
maximum cable length exceeded
Explanation:
10GBase-SW max cable length is 300 meters.
Bend Radius Exceeded - could be the problem if the max cable length wasn’t exceeded already. Remember, fiber-optic cable has max distances depending on the type of cable used and thet ype of network being implemented.
attenuation/DB loss - is reduction in power of the light signal as it is transmitted.
SFP/GBIC cable mismatch - occurs when you use the wrong cable type.
Bad SFP/GBIC cable or transceiver - occurs when you need to replace the component that is bad.
Wavelength mismatch - multimode fiber is designed to operate at 850 and 1300 nm while singlemode fiber is optimized for 1310 and 1550nm. If the wrong wavelength is implemented or a device is added to the network that operates at the wrong wavelength, signal loss will occur.
Fiber type mismatch - if you seu different types of fiber cable on the same network, you will get DB loss.
Connector mismatch - using the wrong connectors on your network, devices will be unable to communicate.
** Your network uses a single switch that divides your network into 3 virtual LANs (VLANs). The devices in each VLAN are connected to a single port on the switch. You plan to implement a second switch on your Network. You need to ensure that the VLANs that were originally implemented are spread across both switches. What should you do?
create a subnet-based VLAN on both switches.
implement frame tagging on both switches.
create a protocol-based VLAN on both switches.
Create a port-based VLAN on both switches.
implement frame tagging on both switches
Explanation:
Frame Tagging is a technique that adds a small ehader to the frame as it is passed between devices in order to maintain the original VLAN broadcast domain. In normal Ethernet, there is NO Tagging. Tagging is implemented only when Trunking VLANs between devices is involved. If you have only one switch, untagged VLAN is just fine. If you have two or more switches and you want all the VLANs to talk with each other, they will need the same TAG.
Which one of these requires a user complete an action, such as digitally signing an AUP, prior to accessing the Network?
Captive Portal
Access Control List
MAC Filter
Port Security
Captive Portal
Explanation:
Captive Portals - are Web Pages, typically used in public Networks, where users must complete some action before they are granted access to the Network. Captive Portals are commonly seen in coffee shops, hotels, airports, and the user often has to accept an acceptable use policy (AUP) before they can connect to the internet.
Port Security - Allows a Network administrator to only allow a specific MAC Address (or group of MAC Addresses) on a Switch port.
MAC Filtering - Basically does the same thing as Port Security, but Port Filtering works on Switches where MAC Filtering works on Routers. Accomplished by granting or denying Network access to a list of MAC Addresses. The List of MAC Addresses for which you are either granting or denying access to is stored in an Access Control List (ACL)
ACLs - compare the entity that is requesting access to a Network resource against a list of valid entities. Access is granted or denied based on the access configured for that entity. Simply put, ACLs identify which users have access to a given object, such as a drive, a file, or a directory.
Your company has decided to implement an Acceptable Use Policy (AUP) that must be distributed to all users. You have been asked to write the preliminary policy to submit your management approval. What is defined in this policy?
which method administrators should use to back up Network data
how users are allowed to employ company hardware
the sensitivity of company data
which users require access to certain company data
how users are allowed to employ company hardware
Your company has a corporate-wide Windows Server network using the TCP/IP protocol. Several users are complaining that their computers are getting IP address conflics. Which action should you perform?
Implement a DHCP Server
Increase the TCP window size
Change the MAC Address for each Network interface card
Manually configure IP Addresses on each computer
Implement a DHCP server
One of your branch offices is located on two non-adjacent floors in an office building. You have been given permission to route a communications link between the two floors using existing conduit in the building’s elevator shaft. Your current cabling plan calls for TP wiring on each of the two floors, but the distance between them is more than 90 meters. You need to interconnect the two floors using fiber optic cable in the cheapest manner possible. Which of the following should you deploy between the wiring centers on each floor?
Media Converters Firewalls Modems Hubs Routers Switches
Media Converters
You support multiple wireless networks. You need to ensure that the protocols used offer the appropriate level of security. Match the descriptions on the left with the Wireless Encryption Protocols on the right?
Descriptions:
Uses a 256-bit Preshared Key
Requires RADIUS Server
Uses a 40-bit or 104-bit Key
Answers:
WEP
WPA/WPA2 Personal
WPA/WPA2 Enterprise
WEP = Uses a 40-bit or 104-bit Key
WPA/WPA2 Personal = Uses a 256-bit pre-shared Key
WPA/WPA2 Enterprise = Requires a RADIUS Server
You are designing a SOHO Network for your company. You want to use the Ethernet standard that supports a data transmission rate of 1 Gbps over copper cable. Which Ethernet standard should you use on the Network?
10Base-T
1000BaseCX
1000BaseSX
100Base-FX
1000BaseCX
You need to increase the arena that is covered by your Wireless Network to include another building. You decide to use a signal bounce. All of the following could help with this issue EXCEPT?
repeaters
encryption
reflectors
channel bonding
encryption
Management has stipulated that you must use unshielded twisted-pair category consists of four twisted pairs of copper wire that is certified for transmission rates up to 100 Mbps for the new guest network you are setting up. Which cabling category should you use?
CAT 2 CAT 1 CAT 4 CAT 5 CAT 3
CAT 5
Explanation: Transmission Rates CAT 1 = 4 Mbps, 2 Twisted Pairs CAT 2 = 4 Mbps CAT 3 = 10 Mbps CAT 4 = 16 Mbps CAT 5 = 100 Mbps CAT 5e = 1000 Mbps (1 Gbps) CAT 6 = 1000 Mbps CAT 6a = 10 Gbps CAT 7 = 10 Gbps CAT 8 = 40 Gbps
Protocols: POP3 HTTPS FTP IMAP RDP
Answers: Port 3389 Port 110 Port 21 Port 143 Port 443
POP3 = 110 HTTPS = 443 FTP = 21 IMAP = 143 RDP = 3389
To improve security, you change your Web server named Web1 to the HTTPS protocol. Shortly after implementing the change, users report that they cannot access any Web sites hosted on Web1 by using their fully qualified domain names (FQDN). However, they can access other websites that are hosted on other Web Servers by using their FQDN. What is causing the problem?
HTTPs is not a supported protocol.
The local area network (LAN) is down.
The DNS Server is down.
The new Web address starts with https instead of http.
The new Web address starts with https instead of http.
A Network admin use wants the Network can accept an MTU value above 1500. Which of the following should he configure?
UTM appliance
Jumbo Frame
Virtual Router
FCoE
Jumbo Frame
What is a physical barrier that acts as the first line of defense against an intruder?
a lock
a turnstile
an access control vestibule
a fence
a fence
You use HTTPS to secure your e-commerce website. You suspect an external breach has occurred. What should you do to enhance transaction security?
Hashing files
Generating new keys
Avoiding common passwords
disabling IP ports
Generating new keys
Your organization needs to perform a risk assessment for their ISP. Which specific type of assessment should you complete?
Vulnerability Assessment
Process Assessment
Vendor Assessment
Posture Assessment
Vendor Assessment
Which TCP Port is the Well-Known Port assigned to SSL?
119
80
443
20
443
Your company has implemented a Firewall that only examines the packet header information. Which type of Firewall is this an example of?
application-level proxy firewall
kernel proxy firewall
stateful firewall
packet-filtering firewall
packet-filtering firewall
You need to implement Spanning Tree Protocol (STP) to prevent Network Loops when more than one path can be used. Which two devices could you deploy? (Choose Two)
Switches
Routers
Bridges
Hubs
Switches
Bridges
Your company wants to use the Private Class B Network designation of 172.17.0.0/20. You have been asked to divide it up into six subnets. Two subnets should have 512 nodes and four more subnets have 256 nodes already established. While a total of 2,048 IP addresses are needed, the design should leave some room for growth in each subnet.
What is the correct way to subnet this network?
Allocate two networks with /22 masks, and the remaining four with /23 masks.
Allocate two networks with /20 masks, and the remaining four with /22 masks.
Allocate two networks with /21 masks, and the remaining four with /22 masks.
Allocate two networks with /24 masks, and the remaining four with /25 masks.
Allocate two networks with /23 masks, and the remaining four with /24 masks.
Allocate two networks with /22 masks, and the remaining four with /23 masks.
Which of these devices functions works at Layer 7?
VoIP Gateway
Content Filter
NGFW
VoIP PBX
NGFW (Next Generation Firewall)
Explanation:
Layer 7 = Application Layer
Which of the following would be used to help defend against a Man-in-the-Middle Attack?
Flood Guard
DHCP Snooping
Root Guard
BPDU Guard
DHCP Snooping
Your organization has implemented Kerberos 5 to authenticate its users. A member of management has asked you to explain ticket granting in Kerberos 5. You want to explain all the components of Kerberos to this member of management. Which entity is a ticket that is granted to a client after a client is Authenticated?
AS
KDC
TG S
TGT
TGT (Ticket-Granting Ticket)
Explanation:
AS = Authentication Server
KDC = Key Distribution Center
TGS = Ticket Granting Server
A company procedure calls for using the IPv4 and IPv6 Loopback addresses as part of the troubleshooting process. Which of the following explanations best represents the purpose of this tool?
To provide an IP address for testing the local IP stack through the Network interface.
To provide an IP address that is always available even in the absence of a Network.
To provide an IP address to check interface drivers and hardware.
To provide an IP address for testing the local IP stack without a physical Network connection.
To provide an IP address to determine minimum round-trip performance for packets.
To provide an IP address for testing the local IP stack without a physical Network connection.
You are using DSL to connect to the Internet. You recently setup Firewall software to protect your computer’s resources from external users. After setting up the Firewall software, you can no longer access Websites by name.
What is the problem?
You do not have a static IP address.
Your DHCP scope is exhausted.
You have a DHCP server on the Network.
Your firewall software is blocking port 53.
Your firewall software is blocking port 25.
Your firewall software is blocking port 53.
Explanation:
Port 53 is DNS (Domain Name System) which translates Frequently Qualified Domain Names (FQDN) to IP Addresses.
You administer your company’s 100Base-TX Ethernet Network. TCP/IP is the Networking protocol used on the Network. You want the routers on the network to send you notices when they have exceeded specified performance thresholds. Which protocol should you use to enable the routers to send the notices?
Telnet
SMTP
SNMP
ARP
SNMP (Simple Network Management Protocol)
You need to assign a virtual IP address to an internet server. What are valid reasons for doing so? (Choose ALL that Apply)
To permit multiple servers to share the same address.
To prevent generic addresses for immediate access
To permit the same address to access multiple domain names
To permit a single network interface to service multiple incoming service requests
To eliminate host dependencies on specific, individual network interfaces
To permit multiple servers to share the same address
To permit the same address to access multiple domain names
To eliminate host dependencies on specific, individual network interfaces.
You manage a network for your organization. The network contains one DNS server and three routers. You are setting up a new DHCP server. You configure separate scopes for each subnet on your Network. The routers are configured to forward DHCP requests. You need to ensure that DHCP clients receive the appropriate settings using the least administrative effort. What else should you do? (Choose ALL that Apply)
Configure the DNS server as a scope option for each scope
Configure the DNS server as a server option
Configure each router as a scope option for its appropriate scope
Configure each router as a server option
Configure the DNS server as a server option
Configure each router as a scope option for its appropriate scope
You just installed a replacement switch that was moved from one part of the network to a new location. After all the patch cables are reconnected, some users cannot communicate via email. What is the most likely issue?
Network connection LED status indicators
VLAN mismatch
Bad Port
Attenuation
VLAN mismatch
Which wireless topology only requires one access point to be physically connected to the wired network, while still offering maximum flexibility and redundancy?
Bluetooth
Mesh
Ad Hoc
Infrastructure
Mesh
Which device or feature provides a bridge between the physical environment and the virtual environment?
Virtual router
Hypervisor
Virtual NIC
Virtual Firewall
Virtual NIC (Network Interface Card)
You have been called to troubleshoot a workstation problem in the oldest building on your company’s corporate campus. The network workstations in the building are unreliable. When the room lights are on, connectivity is lost, but when the room lights are off, the network is functional. Upon arrival, you quickly survey the work environment. You observe the following conditions:
- Lighting consists mainly of fluorescent lights.
- Temperature is 65 degrees Fahrenheit (18 degrees Celsius)
- Humidity is 75%
- Employees own space heaters, but they are not using them.
- Electrical outlets appear outdated.
What is most likely causing the loss of connectivity?
Fluorescent lighting in the room
Defective network hubs
low temperature
voltage fluctuation in the outlets
Fluorescent lighting in the room
Your company is located in Atlanta, GA. Management has decided to deploy multiple 802.11b WLANs. You are concerned that there are not enough non-overlapping channels to support the number of access points that you need to deploy. How many non-overlapping channels are supported in this deployment?
five
eleven
three
eight
three
Your company uses a single global IP address that maps to the company’s local IP addresses. When requests are sent from the internal network to destinations outside the company, those requests are mapped from the IP address of the local host that made the request to the global IP address.
What term describes this process?
Network Address Translation (NAT)
Network File System (NFS)
Network Access Point (NAP)
Network Access Server (NAS)
Network Address Translation (NAT)
A user reports that she cannot print from her computer. You also notice that they are unable to reach a suppliers web site. The operating system is Windows 8.1. Which command should you start with to help with your diagnosis?
route
ping
nmap
dig
ping
Which of these devices can perform router functions?
IDS
Proxy Server
Wireless Controller
Multi-Layer Switch
Multi-Layer Switch
You are a system admin. A user calls you complaining that every time she tries to log onto the network, she gets an error message. Other users are not having any problems. Which question is best to ask first when attempting to troubleshoot the problem?
Which error message do you receive?
Have you rebooted your computer?
How much memory is installed in your computer?
What is your username and password?
Which error message do you receive?
Users are unable to log in to the network. When you examine the authentication server, you see that CPU usage is almost 100%. What is most likely the issue?
expired IP address
incorrect gateway
unresponsive service
names not resolving
unresponsive service
You are the network admin for a healthcare organization. Recently several federal and state government laws have been enacted which will affect network operations. Which change management documentation should record this information?
baselines
regulations
policies
procedures
regulations
You are installing the wiring for a small office. You want to connect the fifty computers in the office to the Switch. The CAT6 cables that you plan to use have RJ-45 connectors on both ends. Which component should you use?
110 Block
demarcation extension
66 block
Patch panel
Patch panel
You need to deploy a fiber distribution panel for datacenter, remote office, or local area networking use. Which of the following features are NOT important for such uses? (Choose ALL that Apply)
Support for SFP+ Cable storage Cable termination Support for GBIC connectors bulkhead adapters and receptacles cable splices
Support for SFP+
Support for GBIC Connectors
Explanation:
Fiber distribution panel does not need support for SFP+ and for GBIC connectors.
GBIC connectors are used for end-point termination at a device interface of some kind. They are neither typically used nor necessary on a fiber distribution panel.
SFP+ stands for the enhanced, or plus, version of the Small Form-Factor (Hot) pluggable or (SFP) fiber optic connector. SFP+ connectors are used for endpoint connections and not in FDPs which do not need optical-to-digital or digital-to-optical conversion.
You administer a LAN. You want to encrypt TCP/IP communications on the LAN. The protocol that you use for encryption should be able to encrypt entire data packets, and the protocol should be able to operate in both tunnel mode and transport mode. Which protocol should you use to encrypt data on the Network?
Kerberos
IPX
L2TP
IPSec
IPSec (Internet Protocol Security)
You are a desktop admin for Nutex Corporation. Your org uses Ethernet cable to connect network resources. A user reports that he is unable to access network resources on his portable computer. The portable computer is connected to the company’s network using an Ethernet cable. When you test the cable using a time domain reflectometer (TDR) the signal returns too soon. What should you do?
reinstall the network adapter
re-route the network cable
replace the network adapter
replace the network cable
replace the network cable
What is the main purpose of a VPN concentrator?
to resolve host names and IP addresses
to manage internet requests and cache web content
to terminate the VPN tunnels
to provide dynamic IP addresses
to terminate the VPN tunnels
A TOOL - used to identify and trace Wires?
Cable Certifier Cable Tester Multimeter OTDR Protocol Analyzer TDR Tone Generator/Probe
Tone Generator/Probe
A TOOL - used to test voltage, current, and resistance?
Cable Certifier Cable Tester Multimeter OTDR Protocol Analyzer TDR Tone Generator/Probe
Multimeter
A TOOL - used to check UTP/STP cable resistance levels and locate cable faults?
Cable Certifier Cable Tester Multimeter OTDR Protocol Analyzer TDR Tone Generator/Probe
TDR (Time Domain Reflectometer)
A TOOL - used to collect Network cable test data and print certification reports?
Cable Certifier Cable Tester Multimeter OTDR Protocol Analyzer TDR Tone Generator/Probe
Cable Certifier
A TOOL - used to capture and analyze data that is sent over a Network?
Cable Certifier Cable Tester Multimeter OTDR Protocol Analyzer TDR Tone Generator/Probe
Protocol Analyzer
A TOOL - used to check Fiber cable resistance levels and locate cable faults?
Cable Certifier Cable Tester Multimeter OTDR Protocol Analyzer TDR Tone Generator/Probe
OTDR (Optical Time Domain Reflectometer)
A TOOL - used to test cable resistance levels, but does not locate faults?
Cable Certifier Cable Tester Multimeter OTDR Protocol Analyzer TDR Tone Generator/Probe
Cable Tester
You need to check for open circuits and short circuits on your network. Which tool should you use?
Toner Probe
Butt Set
Protocol Analyzer
Cable Tester
Cable Tester
Which of the following computing technologies is most likely to fall under the US Government’s export administration regulations designed to protect the sale or transfer of commodities, technology, information, or software considered of strategic importance to the US?
file compression techniques
deduplication software
encryption tools
web page design tools
encryption tools
You are examining the packet captured on your network. You notice some communication between your Cisco router and someone from outside your network. The packets indicate that the communication is occurring over TCP port 23. Which protocol is being used?
FTP
Telnet
SSH
TFTP
Telnet
Which social engineering attack is typically considered the most dangerous?
social engineering
physical penetration
trojan horse
dumpster diving
physical penetration
You have recently discovered that your company is not maintaining system logs as per the adopted company procedures. You need to decide if the company procedures should be modified, or if the system logs should be maintained as per the procedures. Which statement is an accurate reason for following the company procedures?
Logging helps an administrator to detect security breaches and vulnerable points in a network.
Logging provides audit trails, but increases the risk for security violations.
Logging provides access control by authenticating user credentails.
Logging prevents security violations, but only deals with passive monitoring.
Logging helps an administrator to detect security breaches and vulnerable points in a network.
Your company is considering converting to the use of IPv6 addresses. What are the three types of internet protocol version 6 (IPv6) addresses? (Choose Three)
Unicast Anycast Dual-cast Broadcast Multi-cast
Unicast
Anycast
Multicast
Which of these is NOT associated with data conversion between the ISP and the customer premises equipment?
CSU/DSU
Demarcation Point
Smart Jack
ATM
ATM (Asynchronous Transfer Mode)
You install a Network analyzer to capture your network’s traffic as part of your company’s security policy. Later, you examine the captured packets and discover that the only packets that were captured are from Subnet 1. You need to capture packets from all four subnets on your network. Two routers are used on your network. What could you do? (Choose Two - Each answer is a complete solution.)
Install the network analyzer on a router.
Install a port scanner
Install a distributed network analyzer
install the network analyzer on the firewall
install the network analyzer on all four subnets
install a distributed network analyzer
install the network analyzer on all four subnets
Your database admin needs accurate timestamping for purchases. Which of the following would you implement?
Lease Time
NTP
SRV
CoS
NTP (Network Time Protocol)
You are troubleshooting a Network connectivity problem on a Windows 7 Enterprise computer, and you need to view the MAC address for the NIC installed in the computer. Which command should you use?
the ping command
the ipconfig /all command
the tracert command
the arp command
the ipconfig /all command
Your client is experiencing what appears to be a decrease in network throughput. However, the symptoms the client is reporting to you are not detailed enough for your to diagnose the issue and make a recommendation. What will best assist you in pinpointing the bottleneck the next time it occurs?
Standard operating procedures/work instructions
Network configuration and performance baselines
Wiring and port locations
Rack diagrams
Network configuration and performance baselines
You have a strong wireless password policy, but users (including management) are complaining about it. Consequently, enforcement is difficult. You need a protocol solution that does not require digital certificates. Which of these choices would help you secure your Network?
PEAP
EAP-FAST
EAP-TLS
Geofencing
EAP-FAST (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling)
You need to solve a traffic problem occurring on a large Ethernet network. Within this large segment, the accounting department is flooding the network with a high volume of data, which causes the entire network to slow down. Which device is a quick and low-cost solution to isolating the accounting department?
bridge
router
gateway
repeater
bridge
You have a subnet that contains a computer within the IP address 172.16.5.2/23. You need to send a message to every computer on the network where the computer resides. Which subnet is the IP address a member of, and what is the broadcast address for that subnet?
subnet: 172.16.0.0, broadcast: 172.16.7.255
subnet: 172.16.5.0, broadcast: 172.16.5.255
subnet: 172.16.4.0, broadcast: 172.16.5.255
subnet 172.16.2.0, broadcast: 172.16.5.255
subnet: 172.16.4.0, broadcast: 172.16.5.255
You administer a network for your company. You determine that there is a network connectivity problem on one of the computers on the network. You re-create the problem and determine that the problem is located in the NIC. You establish a theory of probable cause. Which step should you take NEXT to troubleshoot the problem?
Form a correction plan.
Test the Theory
Implement a correction plan.
Provide feedback to the user of the computer.
Test the Theory.
Which component of a computer use policy should state that the data stored on a company computer is NOT guaranteed to remain confidential?
computer ownership
no expectation of privacy
acceptable use
information ownership
no expectation of privacy
During a recent network redesign meeting, one team member suggested that you implement a device that operates at both the Data Link Layer and the Network Layer of the OSI Model. Which device operates at BOTH of these layers?
A repeater A brouter A bridge A router A hub
A brouter
Explanation:
A brouter can act as a bridge or a Router. When acting as a bridge, a brouter operates at the Data Link layer, when acting as a Router it operates at the Network Layer.
You have recently added a new Windows 8 computer to your IPv6 Network. Because your network is small, you currently use static IP addressing. You record the IPv6 addresses of the new Windows 8 computer. What is the shortest possible notation of IPv6 addresses as shown below?
2001:0DB8:0000:0001:0000:0000:0000:F00D
2001: DB8::1::F00D
2001: 0DB8:0:1::F00D
2001: DB8:0:1:0:0:0:F00D
2001: DB8:0:1::F00D
2001:DB8:0:1::F00D
Explanation:
Removing leading zeros.
Remove consecutive fields with zeros with double colon (::)
The double colon (::) can be used only once.
Your company consists of 75 employees. Your company has entered into a partnership with another company that is located across the country. Your company’s users must be able to connect to the partner’s network quickly and reliably. Support for voice, data, and imaging transmissions and a dedicated 24-hour link are required. Your solution must be as inexpensive as possible while providing enough bandwidth for your company’s employees. What should you implement?
ATM POTS FDDI T1 ISDN
T1
You have been hired as a network admin. The company’s network consists of several subnetworks located in various locations across the southeast United States. You want to deploy switches across the different locations so that you can implement virtual local area networks (VLANs). What is the primary benefit of this implementation?
Users are grouped by their geographical locations.
Users can be grouped by their work functions, by shared applications or protocols, or by department, regardless of their geographical location.
VLANs provide switchless networking using virtual addresses.
Users in a single geographical location can be micro-segmented.
Users can be grouped by their work functions, by shared applications or protocols, or by department, regardless of their geographical location.
What well-known port is used to forward email on the Internet between email Servers?
23
110
25
161
25 (SMTP = Simple Mail Transfer Protocol)
Explanation: SMTP = Sending/Forwarding Email between Servers POP3 & IMAP = Receiving Email POP3 = 110 IMAP = 143
Which unsecured Protocol do Web Browsers use to access documents on the World Wide Web?
IP
ARP
HTTP
FTP
HTTP (Hypertext Transfer Protocol - Port 80)
You have been hired as a contractor to implement a Small Office Home Office (SOHO) Network for a small business. While gathering the requirements and constraints regarding the Network, you decide to implement two subnets on the Network.
What are valid reasons for implementing Subnets on an IP Network? (Choose Two)
to increase network security
to use more than one server on each segment of an IP LAN
to reduce congestion by decreasing network traffic
to reduce congestion by increasing network media bandwidth
to configure a great number of hosts
to increase network security
to reduce congestion by decreasing network traffic
Explanation: Subnets are used for the following Reasons: - To expand the Network. - To reduce congestion. - To reduce CPU use. - To isolate Network problems. - To improve Security. - To allow combinations of media, because each subnet can support different medium.
You are troubleshooting a connectivity problem on an Ethernet Network that contains both NetWare and Windows Servers. A Windows 7 Client cannot connect to the internet or any network resources. However, other computers on the same subnet as the client can access network resources and the internet. You issue the ipconfig command at the workstation and find that the IP Address is 169.254.184.25 and the subnet mask is 255.255.0.0. The IP network and subnet are different from the IP network and subnet that other computers on the same segment are using. What is the most likely problem?
the client obtained the IP address from a NetWare server.
the client obtained the IP address from a DHCP server it found on the Internet.
the client selected the IP address using APIPA.
The client obtained the IP address from a Windows Server.
the client selected the IP address using APIPA. (Automatic Private IP Addressing)
The owner of your favorite pastry shop has just installed Free WIFI access for customers. The owner accomplished this task with limited technical skills and without any assistance. After a couple of days in operation, the owner calls to complain that he cannot get into the WIFI router to make an adjustment. First, you have him use the hard reset function built into the router. What action would you recommend that the owner take next?
patch and update the router
upgrade the firmware
change the default credentials
generate new keys
change the default credentials
You decide to install an 802.11a wireless network in your company’s main building. Which frequency band is used in this network?
2.4 GHz
2.9 GHz
5 GHz
900 MHz
5 GHz
Explanation:
- 11a = 5 GHz / 54 mbps
- 11b = 2.4 GHz / 11 mbps
- 11g = 2.4 GHz / 54 mbps
- 11n = 2.5 & 5 GHz / 100+ mbps
- 11ac = 5 GHz / up to 1 gbps
- 11ax = 2.4, 5 GHz, 6 GHz / 10 gbps
Your organization has several VLANs implemented on its network. The VLANs operate across several switches. What do all users on a VLAN have in common?
Collision Domain
Cable Segment
TCP/IP Subnet
Broadcast Domain
Broadcast Domain
Your network is experiencing a problem that a tech suspects is concerning a Cisco router. The tech provides you the following command RESULTS:
1 14.0.0.2 4 msec 4 msec 4 msec 2 63.0.0.3 20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec
What Cisco command produced the results you were given?
traceroute
tracert
extended ping
ping
traceroute
You have decided to implement 802.1q. What does this standard do?
It implements MAC filtering.
It implements STP.
It forwards traffic based on priorities.
It implements VLAN trunking.
It implements VLAN trunking.
You need to verify a network’s transmission speed. Which tool should you use?
loopback plug
throughput tester
connectivity software
bit-error rate tester
throughput tester
An administrator would like to integrate DNS and DHCP so that each is aware of changes in the other. Which of the following would be the best method for him to do this?
MAC reservations
IPAM
ARP table
DHCP relay
IPAM (IP Address Management)
Which of the following indicates the largest number of bytes allowed in a frame?
PDU
CSMA/CA
MTU
CSMA/CD
MTU (Maximum Transmission Unit)
Your company is researching different wireless antennas. Antennas that you research are high-gain antennas. Which statement best describes a property of high-gain antennas?
high-gain antennas provide a wide coverage area.
high-gain antennas provide a small vertical beamawidth.
high-gain antennas are best suited for point-to-multipoint bridging.
high-gain antennas avoid multiplath distortion.
high-gain antennas provide a small vertical beamwidth.
You administer a TCP/IP network that is not subnetted. one of the network hosts has the following IP address:
130.250.0.10
What is the network ID of the network you administer?
- 250.0.0
- 250.255.255
- 255.255.255
- 0.0.0
130.250.0.0
Which type of intrusion detection system (IDS) relies upon a database that contains the identities of possible attacks?
signature-based IDS
behavior-based IDS
network-based IDS
anomaly-based IDS
signature-based IDS
Explanation:
signature-based = relies upon a database that contains the identities of possible attacks.
network-based IDS = is attached to the network in a place where it can monitor all network traffic.
anomaly-based IDS = detects activities that are unusual.
behavior-based IDS = looks for behaviors that is not allowed and acts accordingly.
What should you implement to isolate two of the devices that are located on a storage area network (SAN) fabric containing eight devices?
HBA allocation
SAN snapshots
virtual SAN
VLAN
virtual SAN
You have been hired as a consultant for the medium-sized business. As part of your duties, you need to make recommendations on changes to the network. You decide that you want to install agents on the network devices to monitor network traffic and record the behavior of network components. You will then use the statistical data that is gathered to make your recommendations. Which standard should you deploy?
SNMP
Token Ring
x.25
SMTP
SNMP (Simple Network Management Protocol)
You notice that several ping requests have been issued on your network in the past couple of hours. Which protocol responds to these requests?
TCP
ARP
RARP
ICMP
ICMP (Internet Control Message Protocol)
A company has an 802.11b wireless network deployed to allow mobile devices to connect to the network. Which frequency band is used in this network?
2.9 GHz
900 MHz
2.4 GHz
5 GHz
2.4 GHz
Which protocol is NOT capable of preventing a man-in-the-middle attack?
IPSec
RSH
SSH
HTTPS
RSH (Remote Shelll)
Explanation:
RSH = Remote Shell, used to log on to remote computers and can be easily exploited by man-in-the-middle attacks.
You need to ensure that the Web Server always receives the same IP address from the DHCP server. What should you do?
create a DHCP exclusion
create a DHCP reservation
create a DHCP scope
create a scope option
create a DHCP reservation
You have recently been hired by a small company to assess its network security. You need to determine which TCP/IP ports are open on the network. Which tool should you use?
port scanner
a wardialer
a packet analyzer
whois
port scanner
You are troubleshooting a computer that has the IP address of 192.22.14.42. To which network class does the IP belong?
Class C Class B Class E Class D Class A
Class C
Explanation:
Class A = 00000000 - 11111110 // 0 - 126
Class B = 10000000 - 10111111 // 128 - 191
Class C = 11000000 - 11011111 // 192 - 223
Class D = 11100000 - 11101111 // 224 - 239
Class E = 11110000 - 11111111 // 240 - 255
Your company wants to allow remote users to access their Windows Network remotely if their network is NOT connected to the Internet. Which of the following should you implement?
DHCP
SSL
PPTP
RAS
Remote Access Service (RAS)
Explanation:
RAS = Is a service provided by Windows that allows Remote Access to the Network via a dial-up connection.
Point-to-Point Tunneling Protocol = PPTP is used to allow networks to connect using the INternet as their WAN link. Does not provide remote dial-up access.
Secure Sockets Layer (SSL) is a security encryption protocol.
Dynamic Host Configuration Protocol is a protocol that allows network administrators to centrally manage and automate the assignment of Internet Addresses in an organization’s network. DHCP can automatically assign a new IP address when a computer is plugged into a different location the network. It does not provide remote dial-up access.
Which of the following provides both authentication and authorization using UDP?
SSO
RADIUS
TACACS+
LDAP
Remote Authentication Dial-In User Service (RADIUS)
Explanation:
RADIUS was originally designed for Dial-Up networking and validates the credentails of a remote user against a stored database.
Terminal Access Controller Access Control System Plus (TACACS+) authenticates credentials of a remote user, typically an administrator. Only provides Authentication, not Authorization.
Lightweight Directory Access Protocol (LDAP) validates user credentials (typically just username/password) against a database stored in Microsoft Active Directory, Open LDAP, or OpenDJ. LDAP runs over TCP.
Single Sign-On (SSO) allows a client to access multiple applications with a single set of credentials. SSO relies on several underlying authentication technologies, and on its own does NOT use UDP or TCP.
Match the Description with the DNS Resource record?
DNS Resource Records: A AAAA CNAME MX PTR
Description: Maps a host name to an IPv6 Maps a mail server name to a domain Maps an additional host name to an existing host record Maps a host name to an IPv4 address Maps an IP address to a host name
A = Maps a host name to an IPv4 Address AAAA = Maps a host name to an IPv6 Address CNAME = Maps an additional host name to an existing host record MX = Maps a mail server name to a domain PTR = Maps an IP address to a host name (Reverse)
Other:
SVR = specifies location data, IE: port numbers for specified services.
TXT = provides the ability to associate other services, sometimes your mail service, to your domain
SOA = stores important information about the DNS zone for your domain, each zone must have an SOA record
Which system or device detects network intrustion attempts and controls access to the network for the intruders?
IPS
VPN
Firewall
IDS
Intrustion Prevention System (IPS)
Explanation:
IPS = detects and controls access to the network for intruders
IDS = Intrusion Detection System only Detects the intrusion and then notifies or logs it.
An employee shows you a Website that publishes the SSIDs and passwords for private Wireless Networks in your area. The information on your company’s Wireless network is included. Of which type of attack is this an example of?
war chalking
WEP cracking
evil twin
WPA cracking
war chalking
Explanation:
war chalking = occurs when hackers write SSID and security information on the side of buildings. It has evolved to the point where hackers are now publishing this information on Websites.
WEP cracking = is the process of cracking WEP security.
WPA cracking = is the process of cracking WPA security.
Evil Twin = occurs when a wireless access point that is not under your control is used to perform a hijacking attack. Is a type of Rogue Access Point.
Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered. What should you do LAST as part of the incident response?
analysis
post-mortem review
investigation
triage
post-mortem review
You need to implement a wireless network to provide users in an outdoor sitting area with Internet connections. Which signal-absorbing obstructions should be noted when performing a WLAN site survey?
trees
local telephone lines
plastic material
microwave ovens
trees
Which DSL technology provides the highest data rate?
SDSL
VDSL
ADSL
HDSL
VDSL (Very high data rate Digital Subscriber Line)
Explanation:
VDSL = provides the highest data rate at 51 to 55 Mbps over 1000 feet/300 meters.
ADSL = Asymmetric Digital Subscriber Line
HDSL = High bit rate Digital Subscriber Line
SDSL = Symmetric Digital Subscriber Line
Which of the following can be manipulated to reduce Network traffic?
lower TTL
increase lease time
MAC reservations
NTP
increased lease time
Explanation:
Lease Time is the amount of time a device maintains the IP address assigned by the DHCP server. Default lease time for Windows is 8 days, but lease times may be adjusted. Increasing Lease Time justification is that every lease must be renewed, and those renewals increase Network Traffic. Increasing the duration of the lease reduces the amount of Network traffic required for lease renewal.
MAC Reservations allow you to permanently assign an IP address to the MAC address of a specific device.
TTL = Time to Live specifies the length of time that a DNS Name server must cache the name. By default, the TTL is 60 minutes, but it may be modified in the DNS management console. Longer TTLs are best for more permanent records such as MX Records and others. Lower TTL would mean additional network traffic.
NTP = Network Time Protocol is used to synchronize clocks of computers and network devices on the Network.
NTP has 3 major elements
1. Stratum/Clientstratum
2. Clients
3. Serverservers
Your company’s WAN connects Networks in New York, Atlanta, Dallas, and Boston. Each city is directly connected to every other city.
Which physical topology is used for this WAN?
Star
Mesh
Ring
Bus
Mesh
Explanation:
Bus = All computers are connected to a Single Cable
Star = Each computer is connected to a Central Point
Ring = Each computer is connected to two other computers.
Mesh = Each computer is connected to every other computer (Point-to-Point Connections)
Which option is a Critical Metric in preventitive maintenance that would allow you to schedule the replacement of a component at a convenient time, as opposed to waiting for the component to fail at an inopportune time?
SLA Requirements
Load Balancer
MTTR
MTBF
MTBF (Mean Time Between Failures)
Explanation:
MTBF = is the average, or mean, time between failures on a device or system. It is an expression of reliability. Generally speaking, it is the average length of time that something will work before it is likely to fail. Good preventive maintenance policies would replace a device, such as a power supply as the time in service approaches MTBF.
MTTR = Mean Time to Revoer is the average, or mean time that it takes to Recover or Restore a system. Can be applied in terms of Backups, or also applied to full system failures, hardware failures.
SLA = Service Level Agreements requirements determine what the vendor who provides technology services is obligated to provide to the customer.
Load Balancer = can be used to divert incoming web traffic based on content, to specific servers to reduce workload of the primary server.
RTO = Recovery Time Objective, refers to the concept of the amount of time in which a business processes and applications must be restored to prevent a defined amount of impact after an outage. RPO = Recovery Point Objective refers to a maximum tolerable period that data can be considered LOST after an incident.
An employee has just relocated to the New York Office, after working in Paris for the past five years. Both offices use DHCP to issue IP addresses. She brought her company laptop with her. The laptop was issued in Paris. As she is settling in to the new office, she is not able to connect to the Network. What is most likely the cause of her problem?
Duplicate MAC Address
Untrusted SSL Certificate
Hardware Failure
Expired IP Address
Duplicate MAC Address
Explanation:
Duplicate MAC addresses can be caused by MAC address spoofing or by manufacturers reusing MAC addresses in their devices. Manufacturers will often ship NICs with duplicate MAC addresses to different geographic areas. As long as two NICs with the same MAC addresses have atleast one router between them, there will not be a conflict.
Which of the following technologies implements packet tagging in a LAN?
Diffserv
QoS
Traffic Shaping
CoS
CoS (Class of Service)
Explanation:
CoS = implements packet tagging in a LAN. Tags different types of traffic, such as Video Streaming or VoIP.
QoS = Quality of Service, uses the CoS tag to determine which traffic gets priority, but QoS does NOT implement the tags.
Traffic Shaping = the overall mechanism that encompasses CoS, QoS, and differentiated services. It does NOT directly implement tagging.
Diffserv = Differentiated Services, uses the CoS classifications for identification and subsequently utilizes the QoS parameters to differentiate traffic.
An eight-port hub receives a signal through port five. That signal is then sent back out through ports one, two, three, four, six, seven, and eight without any signal regeneration. Which type of Hub has been described?
switching hub
passive hub
hybrid hub
active hub
passive hub
Explanation:
hub = is a central point of connection between media segments.
2 Primary types of Hubs
1. Passive - sents received signals out through ALL of its ports except the one through which the signal was received. Does NOT amplified or regenerate the signal, therefore it does not require electricity to operate. 2. Active - also sends data out all of its ports except the one through which the signal was received, but it amplifies or regenerates the signal as it sends it out the ports. Therefore it does require electricity to operate. 3. Hybrid - not a Primary type, but there is a Hybrid Hub. Used to connect different types of cabling. Typically connects sub-hubs which connect to computers.
Switching Hubs - Also known as Switches or Layer 2 Switches, also serve as connection points between media segments. They are built on a table of MAC Addresses unlike other hubs. Thus they are able to send the signal out through the Specific Port leading to the destination rather than through all of the ports.
Which of the following Network Devices would be MOST likely found within an Office Building setting?
Industrial Control Systems (ICS)
Smart Speakers
SCADA Systems
HVAC Systems
HVAC Systems
Explanation:
HVAC = Heating, Ventilation, Air Conditioning - important to understand that they too can be vulnerabile to cyberattacks as many of these systems are automated and not designed with cybersecurity in mind. Routinely monitoring and managing these systems is critical whenever designing a new network.
