ITProTV - NET+ 008 Practice Exam: Baseline #1

Question 1

** Which WAN technology offers the highest potential bandwidth?

Frame Relay
T3
E3
FDDI
OC-3

Answer 1

OC-3

Explanation:
SONET WAN Technologies
- Frame Relay up to 1.544 Mbps
- OC-1 speeds up to 51.84 Mbps
- OC-3 speeds up to 155.52 Mbps
- OC-12 speeds up to 622.08 Mbps
- ATM speeds up to 622 Mbps

Question 2

** While troubleshooting a network outage on a 10GBase-SW network, a technician finds a 500-meter fiber cable with a small service loop and suspects it might be the cause of the outage. Which of the following is MOST likely the issue?

bend radius exceeded
maximum cable length exceeded
dirty connectors
RF interference caused by impedance mismatch

Answer 2

maximum cable length exceeded

Explanation:
10GBase-SW max cable length is 300 meters.

Bend Radius Exceeded - could be the problem if the max cable length wasn’t exceeded already. Remember, fiber-optic cable has max distances depending on the type of cable used and thet ype of network being implemented.

attenuation/DB loss - is reduction in power of the light signal as it is transmitted.
SFP/GBIC cable mismatch - occurs when you use the wrong cable type.
Bad SFP/GBIC cable or transceiver - occurs when you need to replace the component that is bad.
Wavelength mismatch - multimode fiber is designed to operate at 850 and 1300 nm while singlemode fiber is optimized for 1310 and 1550nm. If the wrong wavelength is implemented or a device is added to the network that operates at the wrong wavelength, signal loss will occur.
Fiber type mismatch - if you seu different types of fiber cable on the same network, you will get DB loss.
Connector mismatch - using the wrong connectors on your network, devices will be unable to communicate.

Question 3

** Your network uses a single switch that divides your network into 3 virtual LANs (VLANs). The devices in each VLAN are connected to a single port on the switch. You plan to implement a second switch on your Network. You need to ensure that the VLANs that were originally implemented are spread across both switches. What should you do?

create a subnet-based VLAN on both switches.
implement frame tagging on both switches.
create a protocol-based VLAN on both switches.
Create a port-based VLAN on both switches.

Answer 3

implement frame tagging on both switches

Explanation:
Frame Tagging is a technique that adds a small ehader to the frame as it is passed between devices in order to maintain the original VLAN broadcast domain. In normal Ethernet, there is NO Tagging. Tagging is implemented only when Trunking VLANs between devices is involved. If you have only one switch, untagged VLAN is just fine. If you have two or more switches and you want all the VLANs to talk with each other, they will need the same TAG.

Question 4

Which one of these requires a user complete an action, such as digitally signing an AUP, prior to accessing the Network?

Captive Portal
Access Control List
MAC Filter
Port Security

Answer 4

Captive Portal

Explanation:
Captive Portals - are Web Pages, typically used in public Networks, where users must complete some action before they are granted access to the Network. Captive Portals are commonly seen in coffee shops, hotels, airports, and the user often has to accept an acceptable use policy (AUP) before they can connect to the internet.

Port Security - Allows a Network administrator to only allow a specific MAC Address (or group of MAC Addresses) on a Switch port.

MAC Filtering - Basically does the same thing as Port Security, but Port Filtering works on Switches where MAC Filtering works on Routers. Accomplished by granting or denying Network access to a list of MAC Addresses. The List of MAC Addresses for which you are either granting or denying access to is stored in an Access Control List (ACL)

ACLs - compare the entity that is requesting access to a Network resource against a list of valid entities. Access is granted or denied based on the access configured for that entity. Simply put, ACLs identify which users have access to a given object, such as a drive, a file, or a directory.

Question 5

Your company has decided to implement an Acceptable Use Policy (AUP) that must be distributed to all users. You have been asked to write the preliminary policy to submit your management approval. What is defined in this policy?

which method administrators should use to back up Network data
how users are allowed to employ company hardware
the sensitivity of company data
which users require access to certain company data

Answer 5

how users are allowed to employ company hardware

Question 6

Your company has a corporate-wide Windows Server network using the TCP/IP protocol. Several users are complaining that their computers are getting IP address conflics. Which action should you perform?

Implement a DHCP Server
Increase the TCP window size
Change the MAC Address for each Network interface card
Manually configure IP Addresses on each computer

Answer 6

Implement a DHCP server

Question 7

One of your branch offices is located on two non-adjacent floors in an office building. You have been given permission to route a communications link between the two floors using existing conduit in the building’s elevator shaft. Your current cabling plan calls for TP wiring on each of the two floors, but the distance between them is more than 90 meters. You need to interconnect the two floors using fiber optic cable in the cheapest manner possible. Which of the following should you deploy between the wiring centers on each floor?

Media Converters
Firewalls
Modems
Hubs
Routers
Switches

Answer 7

Media Converters

Question 8

You support multiple wireless networks. You need to ensure that the protocols used offer the appropriate level of security. Match the descriptions on the left with the Wireless Encryption Protocols on the right?

Descriptions:
Uses a 256-bit Preshared Key
Requires RADIUS Server
Uses a 40-bit or 104-bit Key

Answers:
WEP
WPA/WPA2 Personal
WPA/WPA2 Enterprise

Answer 8

WEP = Uses a 40-bit or 104-bit Key
WPA/WPA2 Personal = Uses a 256-bit pre-shared Key
WPA/WPA2 Enterprise = Requires a RADIUS Server

Question 9

You are designing a SOHO Network for your company. You want to use the Ethernet standard that supports a data transmission rate of 1 Gbps over copper cable. Which Ethernet standard should you use on the Network?

10Base-T
1000BaseCX
1000BaseSX
100Base-FX

Answer 9

1000BaseCX

Question 10

You need to increase the arena that is covered by your Wireless Network to include another building. You decide to use a signal bounce. All of the following could help with this issue EXCEPT?

repeaters
encryption
reflectors
channel bonding

Answer 10

encryption

Question 11

Management has stipulated that you must use unshielded twisted-pair category consists of four twisted pairs of copper wire that is certified for transmission rates up to 100 Mbps for the new guest network you are setting up. Which cabling category should you use?

CAT 2
CAT 1
CAT 4
CAT 5
CAT 3

Answer 11

CAT 5

Explanation:
Transmission Rates
CAT 1 = 4 Mbps, 2 Twisted Pairs
CAT 2 = 4 Mbps
CAT 3 = 10 Mbps
CAT 4 = 16 Mbps
CAT 5 = 100 Mbps
CAT 5e = 1000 Mbps (1 Gbps)
CAT 6 = 1000 Mbps
CAT 6a = 10 Gbps
CAT 7 = 10 Gbps
CAT 8 = 40 Gbps

Question 12

Protocols:
POP3
HTTPS
FTP
IMAP
RDP

Answers:
Port 3389
Port 110
Port 21
Port 143
Port 443

Answer 12

POP3 = 110
HTTPS = 443
FTP = 21
IMAP = 143
RDP = 3389

Question 13

To improve security, you change your Web server named Web1 to the HTTPS protocol. Shortly after implementing the change, users report that they cannot access any Web sites hosted on Web1 by using their fully qualified domain names (FQDN). However, they can access other websites that are hosted on other Web Servers by using their FQDN. What is causing the problem?

HTTPs is not a supported protocol.
The local area network (LAN) is down.
The DNS Server is down.
The new Web address starts with https instead of http.

Answer 13

The new Web address starts with https instead of http.

Question 14

A Network admin use wants the Network can accept an MTU value above 1500. Which of the following should he configure?

UTM appliance
Jumbo Frame
Virtual Router
FCoE

Answer 14

Jumbo Frame

Question 15

What is a physical barrier that acts as the first line of defense against an intruder?

a lock
a turnstile
an access control vestibule
a fence

Answer 15

a fence

Question 16

You use HTTPS to secure your e-commerce website. You suspect an external breach has occurred. What should you do to enhance transaction security?

Hashing files
Generating new keys
Avoiding common passwords
disabling IP ports

Answer 16

Generating new keys

Question 17

Your organization needs to perform a risk assessment for their ISP. Which specific type of assessment should you complete?

Vulnerability Assessment
Process Assessment
Vendor Assessment
Posture Assessment

Answer 17

Vendor Assessment

Question 18

Which TCP Port is the Well-Known Port assigned to SSL?

119
80
443
20

Answer 18

443

Question 19

Your company has implemented a Firewall that only examines the packet header information. Which type of Firewall is this an example of?

application-level proxy firewall
kernel proxy firewall
stateful firewall
packet-filtering firewall

Answer 19

packet-filtering firewall

Question 20

You need to implement Spanning Tree Protocol (STP) to prevent Network Loops when more than one path can be used. Which two devices could you deploy? (Choose Two)

Switches
Routers
Bridges
Hubs

Answer 20

Switches

Bridges

Question 21

Your company wants to use the Private Class B Network designation of 172.17.0.0/20. You have been asked to divide it up into six subnets. Two subnets should have 512 nodes and four more subnets have 256 nodes already established. While a total of 2,048 IP addresses are needed, the design should leave some room for growth in each subnet.
What is the correct way to subnet this network?

Allocate two networks with /22 masks, and the remaining four with /23 masks.
Allocate two networks with /20 masks, and the remaining four with /22 masks.
Allocate two networks with /21 masks, and the remaining four with /22 masks.
Allocate two networks with /24 masks, and the remaining four with /25 masks.
Allocate two networks with /23 masks, and the remaining four with /24 masks.

Answer 21

Allocate two networks with /22 masks, and the remaining four with /23 masks.

Question 22

Which of these devices functions works at Layer 7?

VoIP Gateway
Content Filter
NGFW
VoIP PBX

Answer 22

NGFW (Next Generation Firewall)

Explanation:
Layer 7 = Application Layer

Question 23

Which of the following would be used to help defend against a Man-in-the-Middle Attack?

Flood Guard
DHCP Snooping
Root Guard
BPDU Guard

Answer 23

DHCP Snooping

Question 24

Your organization has implemented Kerberos 5 to authenticate its users. A member of management has asked you to explain ticket granting in Kerberos 5. You want to explain all the components of Kerberos to this member of management. Which entity is a ticket that is granted to a client after a client is Authenticated?

AS
KDC
TG S
TGT

Answer 24

TGT (Ticket-Granting Ticket)

Explanation:
AS = Authentication Server
KDC = Key Distribution Center
TGS = Ticket Granting Server

Question 25

A company procedure calls for using the IPv4 and IPv6 Loopback addresses as part of the troubleshooting process. Which of the following explanations best represents the purpose of this tool?

To provide an IP address for testing the local IP stack through the Network interface.
To provide an IP address that is always available even in the absence of a Network.
To provide an IP address to check interface drivers and hardware.
To provide an IP address for testing the local IP stack without a physical Network connection.
To provide an IP address to determine minimum round-trip performance for packets.

Answer 25

To provide an IP address for testing the local IP stack without a physical Network connection.

Question 26

You are using DSL to connect to the Internet. You recently setup Firewall software to protect your computer’s resources from external users. After setting up the Firewall software, you can no longer access Websites by name.

What is the problem?

You do not have a static IP address.
Your DHCP scope is exhausted.
You have a DHCP server on the Network.
Your firewall software is blocking port 53.
Your firewall software is blocking port 25.

Answer 26

Your firewall software is blocking port 53.

Explanation:
Port 53 is DNS (Domain Name System) which translates Frequently Qualified Domain Names (FQDN) to IP Addresses.

Question 27

You administer your company’s 100Base-TX Ethernet Network. TCP/IP is the Networking protocol used on the Network. You want the routers on the network to send you notices when they have exceeded specified performance thresholds. Which protocol should you use to enable the routers to send the notices?

Telnet
SMTP
SNMP
ARP

Answer 27

SNMP (Simple Network Management Protocol)

Question 28

You need to assign a virtual IP address to an internet server. What are valid reasons for doing so? (Choose ALL that Apply)

To permit multiple servers to share the same address.
To prevent generic addresses for immediate access
To permit the same address to access multiple domain names
To permit a single network interface to service multiple incoming service requests
To eliminate host dependencies on specific, individual network interfaces

Answer 28

To permit multiple servers to share the same address
To permit the same address to access multiple domain names
To eliminate host dependencies on specific, individual network interfaces.

Question 29

You manage a network for your organization. The network contains one DNS server and three routers. You are setting up a new DHCP server. You configure separate scopes for each subnet on your Network. The routers are configured to forward DHCP requests. You need to ensure that DHCP clients receive the appropriate settings using the least administrative effort. What else should you do? (Choose ALL that Apply)

Configure the DNS server as a scope option for each scope
Configure the DNS server as a server option
Configure each router as a scope option for its appropriate scope
Configure each router as a server option

Answer 29

Configure the DNS server as a server option

Configure each router as a scope option for its appropriate scope

Question 30

You just installed a replacement switch that was moved from one part of the network to a new location. After all the patch cables are reconnected, some users cannot communicate via email. What is the most likely issue?

Network connection LED status indicators
VLAN mismatch
Bad Port
Attenuation

Answer 30

VLAN mismatch

Question 31

Which wireless topology only requires one access point to be physically connected to the wired network, while still offering maximum flexibility and redundancy?

Bluetooth
Mesh
Ad Hoc
Infrastructure

Answer 31

Mesh

Question 32

Which device or feature provides a bridge between the physical environment and the virtual environment?

Virtual router
Hypervisor
Virtual NIC
Virtual Firewall

Answer 32

Virtual NIC (Network Interface Card)

Question 33

You have been called to troubleshoot a workstation problem in the oldest building on your company’s corporate campus. The network workstations in the building are unreliable. When the room lights are on, connectivity is lost, but when the room lights are off, the network is functional. Upon arrival, you quickly survey the work environment. You observe the following conditions:

• Lighting consists mainly of fluorescent lights.
• Temperature is 65 degrees Fahrenheit (18 degrees Celsius)
• Humidity is 75%
• Employees own space heaters, but they are not using them.
• Electrical outlets appear outdated.

What is most likely causing the loss of connectivity?

Fluorescent lighting in the room
Defective network hubs
low temperature
voltage fluctuation in the outlets

Answer 33

Fluorescent lighting in the room

Question 34

Your company is located in Atlanta, GA. Management has decided to deploy multiple 802.11b WLANs. You are concerned that there are not enough non-overlapping channels to support the number of access points that you need to deploy. How many non-overlapping channels are supported in this deployment?

five
eleven
three
eight

Answer 34

three

Question 35

Your company uses a single global IP address that maps to the company’s local IP addresses. When requests are sent from the internal network to destinations outside the company, those requests are mapped from the IP address of the local host that made the request to the global IP address.

What term describes this process?

Network Address Translation (NAT)
Network File System (NFS)
Network Access Point (NAP)
Network Access Server (NAS)

Answer 35

Network Address Translation (NAT)

Question 36

A user reports that she cannot print from her computer. You also notice that they are unable to reach a suppliers web site. The operating system is Windows 8.1. Which command should you start with to help with your diagnosis?

route
ping
nmap
dig

Answer 36

ping

Question 37

Which of these devices can perform router functions?

IDS
Proxy Server
Wireless Controller
Multi-Layer Switch

Answer 37

Multi-Layer Switch

Question 38

You are a system admin. A user calls you complaining that every time she tries to log onto the network, she gets an error message. Other users are not having any problems. Which question is best to ask first when attempting to troubleshoot the problem?

Which error message do you receive?
Have you rebooted your computer?
How much memory is installed in your computer?
What is your username and password?

Answer 38

Which error message do you receive?

Question 39

Users are unable to log in to the network. When you examine the authentication server, you see that CPU usage is almost 100%. What is most likely the issue?

expired IP address
incorrect gateway
unresponsive service
names not resolving

Answer 39

unresponsive service

Question 40

You are the network admin for a healthcare organization. Recently several federal and state government laws have been enacted which will affect network operations. Which change management documentation should record this information?

baselines
regulations
policies
procedures

Answer 40

regulations

Question 41

You are installing the wiring for a small office. You want to connect the fifty computers in the office to the Switch. The CAT6 cables that you plan to use have RJ-45 connectors on both ends. Which component should you use?

110 Block
demarcation extension
66 block
Patch panel

Answer 41

Patch panel

Question 42

You need to deploy a fiber distribution panel for datacenter, remote office, or local area networking use. Which of the following features are NOT important for such uses? (Choose ALL that Apply)

Support for SFP+
Cable storage
Cable termination
Support for GBIC connectors
bulkhead adapters and receptacles
cable splices

Answer 42

Support for SFP+
Support for GBIC Connectors

Explanation:
Fiber distribution panel does not need support for SFP+ and for GBIC connectors.

GBIC connectors are used for end-point termination at a device interface of some kind. They are neither typically used nor necessary on a fiber distribution panel.

SFP+ stands for the enhanced, or plus, version of the Small Form-Factor (Hot) pluggable or (SFP) fiber optic connector. SFP+ connectors are used for endpoint connections and not in FDPs which do not need optical-to-digital or digital-to-optical conversion.

Question 43

You administer a LAN. You want to encrypt TCP/IP communications on the LAN. The protocol that you use for encryption should be able to encrypt entire data packets, and the protocol should be able to operate in both tunnel mode and transport mode. Which protocol should you use to encrypt data on the Network?

Kerberos
IPX
L2TP
IPSec

Answer 43

IPSec (Internet Protocol Security)

Question 44

You are a desktop admin for Nutex Corporation. Your org uses Ethernet cable to connect network resources. A user reports that he is unable to access network resources on his portable computer. The portable computer is connected to the company’s network using an Ethernet cable. When you test the cable using a time domain reflectometer (TDR) the signal returns too soon. What should you do?

reinstall the network adapter
re-route the network cable
replace the network adapter
replace the network cable

Answer 44

replace the network cable

Question 45

What is the main purpose of a VPN concentrator?

to resolve host names and IP addresses
to manage internet requests and cache web content
to terminate the VPN tunnels
to provide dynamic IP addresses

Answer 45

to terminate the VPN tunnels

Question 46

A TOOL - used to identify and trace Wires?

Cable Certifier
Cable Tester
Multimeter
OTDR
Protocol Analyzer
TDR
Tone Generator/Probe

Answer 46

Tone Generator/Probe

Question 47

A TOOL - used to test voltage, current, and resistance?

Cable Certifier
Cable Tester
Multimeter
OTDR
Protocol Analyzer
TDR
Tone Generator/Probe

Answer 47

Multimeter

Question 48

A TOOL - used to check UTP/STP cable resistance levels and locate cable faults?

Cable Certifier
Cable Tester
Multimeter
OTDR
Protocol Analyzer
TDR
Tone Generator/Probe

Answer 48

TDR (Time Domain Reflectometer)

Question 49

A TOOL - used to collect Network cable test data and print certification reports?

Cable Certifier
Cable Tester
Multimeter
OTDR
Protocol Analyzer
TDR
Tone Generator/Probe

Answer 49

Cable Certifier

Question 50

A TOOL - used to capture and analyze data that is sent over a Network?

Cable Certifier
Cable Tester
Multimeter
OTDR
Protocol Analyzer
TDR
Tone Generator/Probe

Answer 50

Protocol Analyzer

Question 51

A TOOL - used to check Fiber cable resistance levels and locate cable faults?

Cable Certifier
Cable Tester
Multimeter
OTDR
Protocol Analyzer
TDR
Tone Generator/Probe

Answer 51

OTDR (Optical Time Domain Reflectometer)

Question 52

A TOOL - used to test cable resistance levels, but does not locate faults?

Cable Certifier
Cable Tester
Multimeter
OTDR
Protocol Analyzer
TDR
Tone Generator/Probe

Answer 52

Cable Tester

Question 53

You need to check for open circuits and short circuits on your network. Which tool should you use?

Toner Probe
Butt Set
Protocol Analyzer
Cable Tester

Answer 53

Cable Tester

Question 54

Which of the following computing technologies is most likely to fall under the US Government’s export administration regulations designed to protect the sale or transfer of commodities, technology, information, or software considered of strategic importance to the US?

file compression techniques
deduplication software
encryption tools
web page design tools

Answer 54

encryption tools

Question 55

You are examining the packet captured on your network. You notice some communication between your Cisco router and someone from outside your network. The packets indicate that the communication is occurring over TCP port 23. Which protocol is being used?

FTP
Telnet
SSH
TFTP

Answer 55

Telnet

Question 56

Which social engineering attack is typically considered the most dangerous?

social engineering
physical penetration
trojan horse
dumpster diving

Answer 56

physical penetration

Question 57

You have recently discovered that your company is not maintaining system logs as per the adopted company procedures. You need to decide if the company procedures should be modified, or if the system logs should be maintained as per the procedures. Which statement is an accurate reason for following the company procedures?

Logging helps an administrator to detect security breaches and vulnerable points in a network.
Logging provides audit trails, but increases the risk for security violations.
Logging provides access control by authenticating user credentails.
Logging prevents security violations, but only deals with passive monitoring.

Answer 57

Logging helps an administrator to detect security breaches and vulnerable points in a network.

Question 58

Your company is considering converting to the use of IPv6 addresses. What are the three types of internet protocol version 6 (IPv6) addresses? (Choose Three)

Unicast
Anycast
Dual-cast
Broadcast
Multi-cast

Answer 58

Unicast
Anycast
Multicast

Question 59

Which of these is NOT associated with data conversion between the ISP and the customer premises equipment?

CSU/DSU
Demarcation Point
Smart Jack
ATM

Answer 59

ATM (Asynchronous Transfer Mode)

Question 60

You install a Network analyzer to capture your network’s traffic as part of your company’s security policy. Later, you examine the captured packets and discover that the only packets that were captured are from Subnet 1. You need to capture packets from all four subnets on your network. Two routers are used on your network. What could you do? (Choose Two - Each answer is a complete solution.)

Install the network analyzer on a router.
Install a port scanner
Install a distributed network analyzer
install the network analyzer on the firewall
install the network analyzer on all four subnets

Answer 60

install a distributed network analyzer

install the network analyzer on all four subnets

Question 61

Your database admin needs accurate timestamping for purchases. Which of the following would you implement?

Lease Time
NTP
SRV
CoS

Answer 61

NTP (Network Time Protocol)

Question 62

You are troubleshooting a Network connectivity problem on a Windows 7 Enterprise computer, and you need to view the MAC address for the NIC installed in the computer. Which command should you use?

the ping command
the ipconfig /all command
the tracert command
the arp command

Answer 62

the ipconfig /all command

Question 63

Your client is experiencing what appears to be a decrease in network throughput. However, the symptoms the client is reporting to you are not detailed enough for your to diagnose the issue and make a recommendation. What will best assist you in pinpointing the bottleneck the next time it occurs?

Standard operating procedures/work instructions
Network configuration and performance baselines
Wiring and port locations
Rack diagrams

Answer 63

Network configuration and performance baselines

Question 64

You have a strong wireless password policy, but users (including management) are complaining about it. Consequently, enforcement is difficult. You need a protocol solution that does not require digital certificates. Which of these choices would help you secure your Network?

PEAP
EAP-FAST
EAP-TLS
Geofencing

Answer 64

EAP-FAST (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling)

Question 65

You need to solve a traffic problem occurring on a large Ethernet network. Within this large segment, the accounting department is flooding the network with a high volume of data, which causes the entire network to slow down. Which device is a quick and low-cost solution to isolating the accounting department?

bridge
router
gateway
repeater

Answer 65

bridge

Question 66

You have a subnet that contains a computer within the IP address 172.16.5.2/23. You need to send a message to every computer on the network where the computer resides. Which subnet is the IP address a member of, and what is the broadcast address for that subnet?

subnet: 172.16.0.0, broadcast: 172.16.7.255
subnet: 172.16.5.0, broadcast: 172.16.5.255
subnet: 172.16.4.0, broadcast: 172.16.5.255
subnet 172.16.2.0, broadcast: 172.16.5.255

Answer 66

subnet: 172.16.4.0, broadcast: 172.16.5.255

Question 67

You administer a network for your company. You determine that there is a network connectivity problem on one of the computers on the network. You re-create the problem and determine that the problem is located in the NIC. You establish a theory of probable cause. Which step should you take NEXT to troubleshoot the problem?

Form a correction plan.
Test the Theory
Implement a correction plan.
Provide feedback to the user of the computer.

Answer 67

Test the Theory.

Question 68

Which component of a computer use policy should state that the data stored on a company computer is NOT guaranteed to remain confidential?

computer ownership
no expectation of privacy
acceptable use
information ownership

Answer 68

no expectation of privacy

Question 69

During a recent network redesign meeting, one team member suggested that you implement a device that operates at both the Data Link Layer and the Network Layer of the OSI Model. Which device operates at BOTH of these layers?

A repeater
A brouter
A bridge
A router
A hub

Answer 69

A brouter

Explanation:
A brouter can act as a bridge or a Router. When acting as a bridge, a brouter operates at the Data Link layer, when acting as a Router it operates at the Network Layer.

Question 70

You have recently added a new Windows 8 computer to your IPv6 Network. Because your network is small, you currently use static IP addressing. You record the IPv6 addresses of the new Windows 8 computer. What is the shortest possible notation of IPv6 addresses as shown below?

2001:0DB8:0000:0001:0000:0000:0000:F00D

2001: DB8::1::F00D
2001: 0DB8:0:1::F00D
2001: DB8:0:1:0:0:0:F00D
2001: DB8:0:1::F00D

Answer 70

2001:DB8:0:1::F00D

Explanation:
Removing leading zeros.
Remove consecutive fields with zeros with double colon (::)
The double colon (::) can be used only once.

Question 71

Your company consists of 75 employees. Your company has entered into a partnership with another company that is located across the country. Your company’s users must be able to connect to the partner’s network quickly and reliably. Support for voice, data, and imaging transmissions and a dedicated 24-hour link are required. Your solution must be as inexpensive as possible while providing enough bandwidth for your company’s employees. What should you implement?

ATM
POTS
FDDI
T1
ISDN

Answer 71

T1

Question 72

You have been hired as a network admin. The company’s network consists of several subnetworks located in various locations across the southeast United States. You want to deploy switches across the different locations so that you can implement virtual local area networks (VLANs). What is the primary benefit of this implementation?

Users are grouped by their geographical locations.

Users can be grouped by their work functions, by shared applications or protocols, or by department, regardless of their geographical location.

VLANs provide switchless networking using virtual addresses.

Users in a single geographical location can be micro-segmented.

Answer 72

Users can be grouped by their work functions, by shared applications or protocols, or by department, regardless of their geographical location.

Question 73

What well-known port is used to forward email on the Internet between email Servers?

23
110
25
161

Answer 73

25 (SMTP = Simple Mail Transfer Protocol)

Explanation:
SMTP = Sending/Forwarding Email between Servers
POP3 & IMAP = Receiving Email
POP3 = 110
IMAP = 143

Question 74

Which unsecured Protocol do Web Browsers use to access documents on the World Wide Web?

IP
ARP
HTTP
FTP

Answer 74

HTTP (Hypertext Transfer Protocol - Port 80)

Question 75

You have been hired as a contractor to implement a Small Office Home Office (SOHO) Network for a small business. While gathering the requirements and constraints regarding the Network, you decide to implement two subnets on the Network.
What are valid reasons for implementing Subnets on an IP Network? (Choose Two)

to increase network security
to use more than one server on each segment of an IP LAN
to reduce congestion by decreasing network traffic
to reduce congestion by increasing network media bandwidth
to configure a great number of hosts

Answer 75

to increase network security
to reduce congestion by decreasing network traffic

Explanation:
Subnets are used for the following Reasons:
- To expand the Network.
- To reduce congestion.
- To reduce CPU use.
- To isolate Network problems.
- To improve Security.
- To allow combinations of media, because each subnet can support different medium.

Question 76

You are troubleshooting a connectivity problem on an Ethernet Network that contains both NetWare and Windows Servers. A Windows 7 Client cannot connect to the internet or any network resources. However, other computers on the same subnet as the client can access network resources and the internet. You issue the ipconfig command at the workstation and find that the IP Address is 169.254.184.25 and the subnet mask is 255.255.0.0. The IP network and subnet are different from the IP network and subnet that other computers on the same segment are using. What is the most likely problem?

the client obtained the IP address from a NetWare server.
the client obtained the IP address from a DHCP server it found on the Internet.
the client selected the IP address using APIPA.
The client obtained the IP address from a Windows Server.

Answer 76

the client selected the IP address using APIPA. (Automatic Private IP Addressing)

Question 77

The owner of your favorite pastry shop has just installed Free WIFI access for customers. The owner accomplished this task with limited technical skills and without any assistance. After a couple of days in operation, the owner calls to complain that he cannot get into the WIFI router to make an adjustment. First, you have him use the hard reset function built into the router. What action would you recommend that the owner take next?

patch and update the router
upgrade the firmware
change the default credentials
generate new keys

Answer 77

change the default credentials

Question 78

You decide to install an 802.11a wireless network in your company’s main building. Which frequency band is used in this network?

2.4 GHz
2.9 GHz
5 GHz
900 MHz

Answer 78

5 GHz

Explanation:

802. 11a = 5 GHz / 54 mbps
803. 11b = 2.4 GHz / 11 mbps
804. 11g = 2.4 GHz / 54 mbps
805. 11n = 2.5 & 5 GHz / 100+ mbps
806. 11ac = 5 GHz / up to 1 gbps
807. 11ax = 2.4, 5 GHz, 6 GHz / 10 gbps

Question 79

Your organization has several VLANs implemented on its network. The VLANs operate across several switches. What do all users on a VLAN have in common?

Collision Domain
Cable Segment
TCP/IP Subnet
Broadcast Domain

Answer 79

Broadcast Domain

Question 80

Your network is experiencing a problem that a tech suspects is concerning a Cisco router. The tech provides you the following command RESULTS:

1 14.0.0.2 4 msec 4 msec 4 msec 2 63.0.0.3 20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec

What Cisco command produced the results you were given?

traceroute
tracert
extended ping
ping

Answer 80

traceroute

Question 81

You have decided to implement 802.1q. What does this standard do?

It implements MAC filtering.
It implements STP.
It forwards traffic based on priorities.
It implements VLAN trunking.

Answer 81

It implements VLAN trunking.

Question 82

You need to verify a network’s transmission speed. Which tool should you use?

loopback plug
throughput tester
connectivity software
bit-error rate tester

Answer 82

throughput tester

Question 83

An administrator would like to integrate DNS and DHCP so that each is aware of changes in the other. Which of the following would be the best method for him to do this?

MAC reservations
IPAM
ARP table
DHCP relay

Answer 83

IPAM (IP Address Management)

Question 84

Which of the following indicates the largest number of bytes allowed in a frame?

PDU
CSMA/CA
MTU
CSMA/CD

Answer 84

MTU (Maximum Transmission Unit)

Question 85

Your company is researching different wireless antennas. Antennas that you research are high-gain antennas. Which statement best describes a property of high-gain antennas?

high-gain antennas provide a wide coverage area.
high-gain antennas provide a small vertical beamawidth.
high-gain antennas are best suited for point-to-multipoint bridging.
high-gain antennas avoid multiplath distortion.

Answer 85

high-gain antennas provide a small vertical beamwidth.

Question 86

You administer a TCP/IP network that is not subnetted. one of the network hosts has the following IP address:
130.250.0.10
What is the network ID of the network you administer?

130. 250.0.0
131. 250.255.255
132. 255.255.255
133. 0.0.0

Answer 86

130.250.0.0

Question 87

Which type of intrusion detection system (IDS) relies upon a database that contains the identities of possible attacks?

signature-based IDS
behavior-based IDS
network-based IDS
anomaly-based IDS

Answer 87

signature-based IDS

Explanation:
signature-based = relies upon a database that contains the identities of possible attacks.

network-based IDS = is attached to the network in a place where it can monitor all network traffic.

anomaly-based IDS = detects activities that are unusual.

behavior-based IDS = looks for behaviors that is not allowed and acts accordingly.

Question 88

What should you implement to isolate two of the devices that are located on a storage area network (SAN) fabric containing eight devices?

HBA allocation
SAN snapshots
virtual SAN
VLAN

Answer 88

virtual SAN

Question 89

You have been hired as a consultant for the medium-sized business. As part of your duties, you need to make recommendations on changes to the network. You decide that you want to install agents on the network devices to monitor network traffic and record the behavior of network components. You will then use the statistical data that is gathered to make your recommendations. Which standard should you deploy?

SNMP
Token Ring
x.25
SMTP

Answer 89

SNMP (Simple Network Management Protocol)

Question 90

You notice that several ping requests have been issued on your network in the past couple of hours. Which protocol responds to these requests?

TCP
ARP
RARP
ICMP

Answer 90

ICMP (Internet Control Message Protocol)

Question 91

A company has an 802.11b wireless network deployed to allow mobile devices to connect to the network. Which frequency band is used in this network?

2.9 GHz
900 MHz
2.4 GHz
5 GHz

Answer 91

2.4 GHz

Question 92

Which protocol is NOT capable of preventing a man-in-the-middle attack?

IPSec
RSH
SSH
HTTPS

Answer 92

RSH (Remote Shelll)

Explanation:
RSH = Remote Shell, used to log on to remote computers and can be easily exploited by man-in-the-middle attacks.

Question 93

You need to ensure that the Web Server always receives the same IP address from the DHCP server. What should you do?

create a DHCP exclusion
create a DHCP reservation
create a DHCP scope
create a scope option

Answer 93

create a DHCP reservation

Question 94

You have recently been hired by a small company to assess its network security. You need to determine which TCP/IP ports are open on the network. Which tool should you use?

port scanner
a wardialer
a packet analyzer
whois

Answer 94

port scanner

Question 95

You are troubleshooting a computer that has the IP address of 192.22.14.42. To which network class does the IP belong?

Class C
Class B
Class E
Class D
Class A

Answer 95

Class C

Explanation:
Class A = 00000000 - 11111110 // 0 - 126
Class B = 10000000 - 10111111 // 128 - 191
Class C = 11000000 - 11011111 // 192 - 223
Class D = 11100000 - 11101111 // 224 - 239
Class E = 11110000 - 11111111 // 240 - 255

Question 96

Your company wants to allow remote users to access their Windows Network remotely if their network is NOT connected to the Internet. Which of the following should you implement?

DHCP
SSL
PPTP
RAS

Answer 96

Remote Access Service (RAS)

Explanation:
RAS = Is a service provided by Windows that allows Remote Access to the Network via a dial-up connection.

Point-to-Point Tunneling Protocol = PPTP is used to allow networks to connect using the INternet as their WAN link. Does not provide remote dial-up access.

Secure Sockets Layer (SSL) is a security encryption protocol.

Dynamic Host Configuration Protocol is a protocol that allows network administrators to centrally manage and automate the assignment of Internet Addresses in an organization’s network. DHCP can automatically assign a new IP address when a computer is plugged into a different location the network. It does not provide remote dial-up access.

Question 97

Which of the following provides both authentication and authorization using UDP?

SSO
RADIUS
TACACS+
LDAP

Answer 97

Remote Authentication Dial-In User Service (RADIUS)

Explanation:
RADIUS was originally designed for Dial-Up networking and validates the credentails of a remote user against a stored database.

Terminal Access Controller Access Control System Plus (TACACS+) authenticates credentials of a remote user, typically an administrator. Only provides Authentication, not Authorization.

Lightweight Directory Access Protocol (LDAP) validates user credentials (typically just username/password) against a database stored in Microsoft Active Directory, Open LDAP, or OpenDJ. LDAP runs over TCP.

Single Sign-On (SSO) allows a client to access multiple applications with a single set of credentials. SSO relies on several underlying authentication technologies, and on its own does NOT use UDP or TCP.

Question 98

Match the Description with the DNS Resource record?

DNS Resource Records:
A
AAAA
CNAME
MX
PTR

Description:
Maps a host name to an IPv6
Maps a mail server name to a domain
Maps an additional host name to an existing host record
Maps a host name to an IPv4 address
Maps an IP address to a host name

Answer 98

A = Maps a host name to an IPv4 Address
AAAA = Maps a host name to an IPv6 Address
CNAME = Maps an additional host name to an existing host record
MX = Maps a mail server name to a domain
PTR = Maps an IP address to a host name (Reverse)

Other:
SVR = specifies location data, IE: port numbers for specified services.
TXT = provides the ability to associate other services, sometimes your mail service, to your domain
SOA = stores important information about the DNS zone for your domain, each zone must have an SOA record

Question 99

Which system or device detects network intrustion attempts and controls access to the network for the intruders?

IPS
VPN
Firewall
IDS

Answer 99

Intrustion Prevention System (IPS)

Explanation:
IPS = detects and controls access to the network for intruders
IDS = Intrusion Detection System only Detects the intrusion and then notifies or logs it.

Question 100

An employee shows you a Website that publishes the SSIDs and passwords for private Wireless Networks in your area. The information on your company’s Wireless network is included. Of which type of attack is this an example of?

war chalking
WEP cracking
evil twin
WPA cracking

Answer 100

war chalking

Explanation:
war chalking = occurs when hackers write SSID and security information on the side of buildings. It has evolved to the point where hackers are now publishing this information on Websites.

WEP cracking = is the process of cracking WEP security.
WPA cracking = is the process of cracking WPA security.

Evil Twin = occurs when a wireless access point that is not under your control is used to perform a hijacking attack. Is a type of Rogue Access Point.

Question 101

Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered. What should you do LAST as part of the incident response?

analysis
post-mortem review
investigation
triage

Answer 101

post-mortem review

Question 102

You need to implement a wireless network to provide users in an outdoor sitting area with Internet connections. Which signal-absorbing obstructions should be noted when performing a WLAN site survey?

trees
local telephone lines
plastic material
microwave ovens

Answer 102

trees

Question 103

Which DSL technology provides the highest data rate?

SDSL
VDSL
ADSL
HDSL

Answer 103

VDSL (Very high data rate Digital Subscriber Line)

Explanation:
VDSL = provides the highest data rate at 51 to 55 Mbps over 1000 feet/300 meters.
ADSL = Asymmetric Digital Subscriber Line
HDSL = High bit rate Digital Subscriber Line
SDSL = Symmetric Digital Subscriber Line

Question 104

Which of the following can be manipulated to reduce Network traffic?

lower TTL
increase lease time
MAC reservations
NTP

Answer 104

increased lease time

Explanation:
Lease Time is the amount of time a device maintains the IP address assigned by the DHCP server. Default lease time for Windows is 8 days, but lease times may be adjusted. Increasing Lease Time justification is that every lease must be renewed, and those renewals increase Network Traffic. Increasing the duration of the lease reduces the amount of Network traffic required for lease renewal.

MAC Reservations allow you to permanently assign an IP address to the MAC address of a specific device.

TTL = Time to Live specifies the length of time that a DNS Name server must cache the name. By default, the TTL is 60 minutes, but it may be modified in the DNS management console. Longer TTLs are best for more permanent records such as MX Records and others. Lower TTL would mean additional network traffic.

NTP = Network Time Protocol is used to synchronize clocks of computers and network devices on the Network.
NTP has 3 major elements
     1. Stratum/Clientstratum
     2. Clients
     3. Serverservers

Question 105

Your company’s WAN connects Networks in New York, Atlanta, Dallas, and Boston. Each city is directly connected to every other city.
Which physical topology is used for this WAN?

Star
Mesh
Ring
Bus

Answer 105

Mesh

Explanation:
Bus = All computers are connected to a Single Cable
Star = Each computer is connected to a Central Point
Ring = Each computer is connected to two other computers.
Mesh = Each computer is connected to every other computer (Point-to-Point Connections)

Question 106

Which option is a Critical Metric in preventitive maintenance that would allow you to schedule the replacement of a component at a convenient time, as opposed to waiting for the component to fail at an inopportune time?

SLA Requirements
Load Balancer
MTTR
MTBF

Answer 106

MTBF (Mean Time Between Failures)

Explanation:
MTBF = is the average, or mean, time between failures on a device or system. It is an expression of reliability. Generally speaking, it is the average length of time that something will work before it is likely to fail. Good preventive maintenance policies would replace a device, such as a power supply as the time in service approaches MTBF.

MTTR = Mean Time to Revoer is the average, or mean time that it takes to Recover or Restore a system. Can be applied in terms of Backups, or also applied to full system failures, hardware failures.

SLA = Service Level Agreements requirements determine what the vendor who provides technology services is obligated to provide to the customer.

Load Balancer = can be used to divert incoming web traffic based on content, to specific servers to reduce workload of the primary server.

RTO = Recovery Time Objective, refers to the concept of the amount of time in which a business processes and applications must be restored to prevent a defined amount of impact after an outage.
RPO = Recovery Point Objective refers to a maximum tolerable period that data can be considered LOST after an incident.

Question 107

An employee has just relocated to the New York Office, after working in Paris for the past five years. Both offices use DHCP to issue IP addresses. She brought her company laptop with her. The laptop was issued in Paris. As she is settling in to the new office, she is not able to connect to the Network. What is most likely the cause of her problem?

Duplicate MAC Address
Untrusted SSL Certificate
Hardware Failure
Expired IP Address

Answer 107

Duplicate MAC Address

Explanation:
Duplicate MAC addresses can be caused by MAC address spoofing or by manufacturers reusing MAC addresses in their devices. Manufacturers will often ship NICs with duplicate MAC addresses to different geographic areas. As long as two NICs with the same MAC addresses have atleast one router between them, there will not be a conflict.

Question 108

Which of the following technologies implements packet tagging in a LAN?

Diffserv
QoS
Traffic Shaping
CoS

Answer 108

CoS (Class of Service)

Explanation:
CoS = implements packet tagging in a LAN. Tags different types of traffic, such as Video Streaming or VoIP.
QoS = Quality of Service, uses the CoS tag to determine which traffic gets priority, but QoS does NOT implement the tags.
Traffic Shaping = the overall mechanism that encompasses CoS, QoS, and differentiated services. It does NOT directly implement tagging.
Diffserv = Differentiated Services, uses the CoS classifications for identification and subsequently utilizes the QoS parameters to differentiate traffic.

Question 109

An eight-port hub receives a signal through port five. That signal is then sent back out through ports one, two, three, four, six, seven, and eight without any signal regeneration. Which type of Hub has been described?

switching hub
passive hub
hybrid hub
active hub

Answer 109

passive hub

Explanation:
hub = is a central point of connection between media segments.

2 Primary types of Hubs

 1. Passive - sents received signals out through ALL of its ports except the one through which the signal was received. Does NOT amplified or regenerate the signal, therefore it does not require electricity to operate.
 2. Active - also sends data out all of its ports except the one through which the signal was received, but it amplifies or regenerates the signal as it sends it out the ports. Therefore it does require electricity to operate.
 3. Hybrid - not a Primary type, but there is a Hybrid Hub. Used to connect different types of cabling. Typically connects sub-hubs which connect to computers.

Switching Hubs - Also known as Switches or Layer 2 Switches, also serve as connection points between media segments. They are built on a table of MAC Addresses unlike other hubs. Thus they are able to send the signal out through the Specific Port leading to the destination rather than through all of the ports.

Question 110

Which of the following Network Devices would be MOST likely found within an Office Building setting?

Industrial Control Systems (ICS)
Smart Speakers
SCADA Systems
HVAC Systems

Answer 110

HVAC Systems

Explanation:
HVAC = Heating, Ventilation, Air Conditioning - important to understand that they too can be vulnerabile to cyberattacks as many of these systems are automated and not designed with cybersecurity in mind. Routinely monitoring and managing these systems is critical whenever designing a new network.