Jason Dion - CompTIA Network+ N10-008 Exam Prep #3 Flashcards

1
Q

Ted, a file server administrator at Dion Training, has noticed that many sensitive files have been transferred from a corporate workstation to an IP (Internet Protocol) address outside of the local area network. Ted looks up the IP address and determines that it is located in a foreign country. Ted contacts his company’s security analyst, verifying that the workstation’s anti-malware solution is up-to-date and the network’s firewall is properly configured. What type of attack most likely occurred to allow the exfiltration of the files from the workstation?

A.MAC (Media Access Control) spoofing
B.Zero-day
C.Session hijacking
D.Impersonation

A

B.Zero-day

OBJ-4.1: Since the firewall is properly configured and the anti-malware solution is up-to-date, this signifies that a zero-day vulnerability may have been exploited. A zero-day vulnerability is an unknown vulnerability, so a patch or virus definition has not been released yet. A zero-day vulnerability refers to a hole in software that is unknown to the vendor. Hackers then exploit this security hole before the vendor becomes aware and hurries to fix it. This exploit is therefore called a zero-day attack. Zero-day attacks include infiltrating malware, spyware, or allowing unwanted access to user information. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Impersonation is the act of pretending to be someone or something else. A session hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are configuring a point-to-point link and want to ensure it is configured for the most efficient use of your limited pool of available public IP addresses. Which of the following subnet masks would be BEST to use in this scenario?

A./29
B./30
C./24
D./28

A

B./30

OBJ-1.4: The most efficient subnet mask for a point-to-point link is actually a /31 subnet, which only provides 2 addresses. This will only work if both routers use a newer routing protocol like OSPF, IS-IS, EIGRP, or RIPv2 (or above). The most widely accepted and used method is to use a /30 subnet consisting of 4 IP addresses. The first is the network IP, the last is the broadcast, and the other 2 IPs can be assigned to the routers on either end of the point-to-point network. For the exam, if you see the option of /30 or /31, remember, they can be used for point-to-point networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following security features should be enabled to configure a quality of service filter to manage the traffic flow of a Cisco router or switch and protect it against a denial-of-service attack?

A.Dynamic ARP inspection
B.Router Advertisement Guard
C.Control plane policing
D.DHCP snooping

A

C.Control plane policing

OBJ-4.3: The Control Plane Policing, or CPP, feature allows users to configure a quality of service (or QoS) filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches against reconnaissance and denial-of-service (DoS) attacks. This helps to protect the control plane while maintaining packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Students at Dion Training have been reporting extreme performance degradation across the network every Friday morning. Which of the following should the network technician review FIRST to identify the root cause of the network performance issues?

A.Link status
B.Baseline
C.Utilization
D.Bottleneck

A

C.Utilization

OBJ-5.5: The technician should first review the utilization on the network during the time period where network performance issues are being experienced. This will then be compared to the average performance of the network throughout the rest of the week. In turn, this could be compared against the baseline. Since the issue is only occurring during a specific time period at a recurring interval (every Friday morning), it is likely an over-utilization issue causing the decreased performance. The link status could be checked to ensure the link is up and operational, but it is unlikely to determine the root cause of the slower network performance being experienced. Bottlenecks are points within a network through which data flow becomes limited thanks to insufficient computer or network resources. But, again, since this is occurring at a specific time and interval, it is likely a high utilization which in turn is affected by any network bottlenecks that may exist. Reviewing the network utilization can help the technician identify why the slowness is being experienced every Friday, such as placing additional load on the network by streaming videos or something similar.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Dion Worldwide has created a network architecture that relies on two main data centers, one in the United States and one in Japan. Each satellite office in the United States and Canada will connect back to the American data center, while each satellite office in Asia will connect back to the Japanese data center. Both the American and Japanese data centers are interconnected, as well. Therefore, if a client in the Philippines wants to send a file to the office in Miami, it will go first to the Japanese datacenter, then route across to the American datacenter, and then to the Miami satellite office. Which of the following network topologies best describes the Dion Worldwide network?

A.Bus
B.Star
C.Ring
D.Hub and spoke

A

D.Hub and spoke

OBJ-1.2: A hub and spoke topology is a network topology where a central device (the hub) is connected to multiple other devices (the spokes). A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring.

Hub and spoke use a literal layer 1 device a Hub.

Star uses a layer 2 device a Switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Eduardo, a network technician, needs to protect IP-based (Internet Protocol) servers in the network DMZ (DeMilitarized Zone) from an intruder trying to discover them. What should the network technician do to protect the DMZ from ping sweeps?

A.Disable UDP on the servers in the DMZ
B.Disable TCP/IP (Transmission Control Protocol/Internet Protocol) on the servers in the DMZ
C.Block all ICMP (Internet Control Message Protocol) traffic to and from the DMZ
D..Block inbound echo replies to the DMZ

A

C.Block all ICMP (Internet Control Message Protocol) traffic to and from the DMZ

OBJ-4.3: A ping sweep is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers). A ping sweep occurs when a ICMP echo request message is sent to each target in a network and then waits for the ICMP echo replies to report if the target was available or not. To disable ping sweeps on a network, administrators can block ICMP echo requests from outside sources or block any outbound ICMP echo replies from being transmitted from their network. If you only blocked inbound echo replies to the DMZ, it would still allow an attacker to send an inbound echo request and the servers to send an outbound echo reply which would not stop the ping sweep from occurring. Ping sweeps are conducted using ICMP by default, not UDP, therefore disabling UDP on the servers will not stop a ping sweep. If you disable TCP/IP on the server in the DMZ, you will prevent them from operating properly and impose a self-created denial-of-service against your own servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of wireless network utilizes the 2.4 GHz frequency band and reaches up to 11 Mbps speeds?

A.802.11ax
B.802.11b
C.802.11n
D.802.11ac
E.802.11g
F.802.11a

A

B.802.11b

OBJ-2.4: The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. Even though 802.11a was a faster standard, the 802.11b standard gained more widespread adoption due to the low cost of manufacturing the radios for use in the 2.4 GHz frequency band. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Over the past week, your network users have reported that the network has been operating slowly. You have made some changes to the network to increase its speed and responsiveness, but your supervisor is requesting that you prove that the network is actually faster and doesn’t just “feel” faster. Which of the following should you use to prove that the current configuration has improved the network’s speed?

A.Present him with a physical network diagram that shows the changes you made
B.Present him with a logical network diagram showing the configuration changes
C.Provide him a copy the approved change request for your configuration changes
D.Show him the results of a new performance baseline assessment

A

D.Show him the results of a new performance baseline assessment

OBJ-3.1: The only way to prove to your supervisor that the network is actually faster and more responsive is to conduct a new performance baseline and compare it to the results of the baseline that was created before the changes. By comparing the “current” speed against the “previous” baseline’s speed, you can definitely prove if the network is indeed faster due to your configuration changes. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are setting up uplink ports for multiple switches to communicate with one another. All of the VLANs should communicate from the designated server switch. Which of the following should be set on the trunk ports if VLAN 1 is not the management VLAN?

A.802.1q
B.802.1x
C.802.1af
D.802.1d

A

C.802.1q

OBJ-2.3: The IEEE 801.q standard is used to define VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following describes the process of layer protective measures in the network to protect valuable data and information?

A.Zero trust
B.Least privilege
C.Acceptable use policy
D.Defense in depth

A

D.Defense in depth

OBJ-4.1: Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information. An acceptable use policy (AUP) is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. Zero-trust is a security framework that requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Jonah is conducting a physical penetration test against Dion Training. He walks up to the access control vestibule and tells an employee standing there. He says, “I forgot my access card on my desk when I left for lunch, would you mind swiping your badge for me so I can go to my desk and retrieve my access card?” What type of social engineering attack is Jonah attempting?

A.Tailgating
B.Piggybacking
C.Shoulder surfing
D.Phishing

A

B.Piggybacking

OBJ-4.2: Piggybacking attack is a social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises. The big difference between tailgating and piggybacking is permission. Tailgating is when an unauthorized person physically follows an authorized person into a restricted corporate area or system. With tailgating, the authorized person doesn’t know the unauthorized person is walking behind them. With Piggybacking, the authorized person will allow the unauthorized person to enter the secure area using the authorized person’s access credentials. Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers, passwords and other confidential data by looking over the victim’s shoulder. Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the back-end authentication system supports EAP (Extensible Authentication Protocol) and TTLS (Tunneled Transport Layer Security). What should the network administrator implement?

A.PKI (Public Key Infrastructure) with user authentication
B.802.1x using PAP (Password Authentication Protocol)
C.WPA2 (Wi-Fi Protected Access version 2) with a pre-shared key
D.MAC (Media Access Control) address filtering with IP filtering

A

B.802.1x using PAP (Password Authentication Protocol)

OBJ-4.3: The network administrator can utilize 802.1x using EAP-TTLS with PAP for authentication since the backend system supports it. Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. MAC address filtering does not filter based on IP addresses, but instead, it filters based on the hardware address of a network interface card, known as a MAC address. WPA2 is a secure method of wireless encryption that relies on the use of a pre-shared key or the 802.1x protocol. In the question, though, it states that the system only supports WPA, therefore WPA2 cannot be used. PKI with user authentication would be extremely secure, but it is only used with EAP-TLS, not EAP-TTLS. EAP-TTLS only works with credential-based authentication, such as a username and password. Therefore, 802.1x using PAP is the best answer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You just bought a new wireless access point and connected it to your home network. What type of network have you created?

A.PAN (Personal Area Network)
B.WLAN (Wireless Local Area Network)
C.WAN (Wide Area Network)
D.MAN (Metro Area Network aka Metro-E)

A

WLAN (Wireless Local Area Network)

OBJ-1.2: A wireless local area network (WLAN) connects computers within a small and specific area geographically using Wi-Fi. Since your wireless access point is simply extending your wired local area network to the wireless domain, it is still a local area network but is now called a wireless local area network, or WLAN. A personal area network (PAN) is centered around a short distance, usually around a person or up to a few meters. PANs are heavily used with Bluetooth and NFC. A metropolitan area network (MAN) is confined to a specific town, city, or region. It covers a larger area than a LAN but a smaller area than a WAN. A wide area network (WAN) will typically cover a larger area geographically, such as a continent, a state, or a country.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company is setting up a brand new server room and would like to keep the cabling infrastructure out of sight but still accessible to the network administrators. Infrastructure cost is not an issue. Which of the following should be installed to meet the requirements?

A.Cable trays
B.Patch panels
C.Conduit
D.Raised floor

A

D.Raised floor

OBJ-1.3: Raised floors allow the cabling to be placed under the floor, but still accessible to the network administrators. A conduit is a tube through which power or data cables pass. Conduits are usually metal or plastic pipes, and it makes accessing the cables difficult when maintenance is going to be performed. Cable trays are a mechanical support system that can support electrical cables used for power distribution, control, and communication. Cable trays can be installed on the ceiling or under the floor if you are using a raised floor system. If cable trays are installed in the ceiling, they can be difficult to reach and work on. Patch panels are useful in a cable distribution plant, but they will not allow the cables to be distributed throughout the entire work area. A patch panel is a piece of hardware with multiple ports that helps organize a group of cables. Each of these ports contains a wire that goes to a different location. Patch panels and cable trays may be used to form the backbone of your cable distribution plant, but to meet the requirements of the question you should use raised floors in conjunction with these.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your office is located in a small office park, and you are installing a new wireless network access point for your employees. The companies in the adjacent offices are using Wireless B/G/N routers in the 2.4 GHz spectrum. Your security system uses the 5 GHz spectrum, so you have purchased a 2.4 GHz wireless access point to ensure you don’t cause interference with the security system. To maximize the distance between channels, which set of channels should you configure for use on your access points?

A.1,6,11
B.3,6,9
C.1,7,13
D.2,6,10

A

A.1,6,11

OBJ-2.4: Wireless access points should always be configured with channels 1, 6, or 11 to maximize the distance between channels and prevent overlaps. Each channel on the 2.4 GHz spectrum is 20 MHz wide. The channel centers are separated by 5 MHz, and the entire spectrum is only 100 MHz wide. This means the 11 channels have to squeeze into the 100 MHz available, and in the end, overlap. Channels 1, 6, and 11, however, are far enough from each other on the 2.4GHz band that they have sufficient space between their channel centers and do not overlap.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A network architect is designing a highly redundant network with a distance vector routing protocol to prevent routing loops. The architect wants to configure the routers to advertise failed routes with the addition of an infinite metric. What should the architect configure to achieve this?

A.Hold down timers
B.Spanning tree
C.Route poisioning
D.Split horizon

A

C.Route poisioning

OBJ-2.2: Route poisoning is a method to prevent a router from sending packets through a route that has become invalid within computer networks. This is achieved by changing the route’s metric to a value that exceeds the maximum allowable hop count so that the route is advertised as unreachable. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks and operates at layer 2 of the OSI model. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. A split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. A hold down timer is a function of a router that prevents a route from being updated for a specified length of time (in seconds). A hold down timer allows for the routers in a topology to have sufficient time to reach convergence and be updated when a route fails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Your co-worker has just installed an unmanaged 24-port switch. He is concerned with the amount of broadcast traffic that may exist when using this device. How many broadcast domains are created when using this single 24-port switch?

A.2
B.1
C.24
D.0

A

B.1

OBJ-2.1: A single 24-port unmanaged switch will have only 1 broadcast domain. Routers and VLANs split up broadcast domains. Since this is an unmanaged switch, it will only have a single broadcast domain, but it will have 24 collision domains. If this was a managed layer 3 switch, it could provide routing functions and break apart the broadcast domains. But, since this was an unmanaged switch, there must be only 1 broadcast domain on this switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What happens when convergence on a routed network occurs?

A.All routers are using hop count as the metric
B.All routers use route summarization
C.All routers learn the route to all connected networks
D.All routers have the same routing table

A

C.All routers learn the route to all connected networks

OBJ-2.2: Routers exchange routing topology information with each other by using a routing protocol. When all routers have exchanged routing information with all other routers within a network, the routers have converged. In other words: In a converged network, all routers “agree” on what the network topology looks like.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. Which of the following is MOST likely the cause of the connectivity issue?

A.Misconfigured DNS (Domain Name System; phone book of the internet)
B.Cable short
C.Attenuation
D.Bad power supply

A

B.Cable short

OBJ-5.2: Since the scenario states the VoIP phone works properly from the old desk, it is properly configured and the hardware itself works. This indicates the problem must be caused by the new desk which contains a different network cable from the switch to the wall jack in the cubicle. This is most likely a bad cable, such as one with a short in it. To verify this theory, the technician should use a cable tester to verify if the cable does have a short or not. While attenuation is a possible cause of the problem described, it is unlikely since the employee only moved a few desks (10-15 feet), and is not a large enough distance to cause significant attenuation issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which parameter must be adjusted to enable a jumbo frame on a network device?

A.Duplex
B.Speed
C.TTL (Time-To-Live)
D.MTU (Maximum Transmission Unit)

A

D.MTU (Maximum Transmission Unit)

OBJ-1.1: A jumbo frame is an Ethernet frame with a payload greater than the standard maximum transmission unit (MTU) of 1,500 bytes. Jumbo frames are used on local area networks that support at least 1 Gbps and can be as large as 9,000 bytes. By adjusting the MTU on a given network device’s interface, you can enable or prevent jumbo frames from being used in the network. Time to live (TTL) refers to the amount of time or “hops” that a packet is set to exist inside a network before being discarded by a router. Duplex refers to if network devices can listen and transmit at the same time (full-duplex), or if they can only do one or the other (half-duplex). Speed is the bit rate of the circuit and is often measured in multiples of bits per second (bps).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

(This is a simulated Performance-Based Question.) The results of the cable certifier are shown below:

Cable Test Results

1,2 Open 3ft
3,6 Short 3ft
4,5 Open 3ft
7,8 Open 3ft

Using the results provided, was the cable properly crimped or not?

A.Cable was properly crimped
B.Cable was not properly crimped

A

B.Cable was not properly crimped

OBJ-5.2: Cable certifiers can provide a “pass” or “fail” status following the industry standards and can also show detailed information such as “open,” “short,” or the length of the cable. When a short is detected, but the cable’s full length is shown (3 ft), this indicates the cable was incorrectly crimped. In this case, it appears that pin 3 and pin 6 are both crimped into the same position in the RJ-45 connector, causing the short. An open indicates that the electrical signal is not reaching the other end of the cable. A short indicates that the electrical signal is crossing two wires at the same time. Both of these are indications of a incorrectly crimped cable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A company is implementing enhanced user authentication for system administrators accessing the company’s confidential servers. They intend to use two-factor authentication to accomplish this. Which of these BEST represents two-factor authentication?

A.Fingerprint scanner and retina scan
B.ID (IDentification) badge and keys
C.Password and key fob
D.Username and password

A

C.Password and key fob

OBJ-4.1: Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by using a combination of two different factors: (1) something you know, (2) something you have, or (3) something you are. Out of the options provided, only a key fob (something you have) and a password (something you know) meet the requirements of 2FA. If you have two factors from the same type/category, like something you know (username and password), this is only considered a single factor of authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What can be issued from the command line to find the layer 3 hops to a remote destination?

A.nslookup
B.netstat
C.traceroute
D.ping

A

C.traceroute

OBJ-5.3: Traceroute will determine every hop between the host and the destination using ICMP. Traceroute is used for Linux and UNIX systems. Tracert is used for Windows systems. The traceroute command will issue a series of pings from the host to the destination, incrementing the time to live (TTL) by one each time. As each packet passes through a router or firewall, the TTL is decreased by one. If the TTL for a packet reaches zero, it will send an error message back to the host. By doing this, the host can map out each hop in the network from the host to the destination. The netstat command is used to display the network statistics. The nslookup command is used to display and troubleshoot DNS records. The ping command is used to test the end to end connectivity between a host and a destination. The netstat, nslookup, and ping commands cannot be used to find the layer 3 hops to a remote destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You are trying to connect to a router using SSH (Secure SHell) to check its configuration. Your attempts to connect to the device over SSH keep failing. You ask another technician to verify that SSH is properly configured, enabled on the router, and allows access from all subnets. She attempts to connect to the router over SSH from her workstation and confirms all the settings are correct. Which of the following steps might you have missed in setting up your SSH client preventing you from connecting to the router?

A.Perform file hashing
B.Update firmware
C.Change default credentials
D.Generate a new SSH (Secure SHell) key

A

D.Generate a new SSH (Secure SHell) key

OBJ-4.4: When configuring your SSH connection, you must ensure that a key is established between your client and the server. If you never set up an SSH key, you will need to generate a new key to get SSH to connect properly. Since the other technician was able to connect on her machine, we can rule out a SSH server issue, so it must be an issue with your account or client. The only option that relates solely to your account or client is the possibility that a key was not properly generated for your client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

The physical security manager has asked you to assist with the risk assessment of some proposed new security measures. The manager is concerned that during a power outage, the server room might be targeted for attack. Luckily, they have many different protection measures in place to keep intruders out of the server room. During a power outage, which of the following security controls would still be usable?

A.Door locks
B.Video surveillance
C.Biometric scanners
D.Motion detectors

A

A.Door locks

OBJ-4.5: A traditional door lock doesn’t require power to operate. Therefore, it will still protect the facility and keep the intruder out of the server room. The other options all require power to function and operate. A biometric lock is any lock that can be activated by biometric features, such as a fingerprint, voiceprint, or retina scan. Biometric locks make it more difficult for someone to counterfeit the key used to open the lock or a user’s account. A smart card is a form of hardware token. Closed-circuit television is a type of video surveillance where video cameras transmit a signal to a specific place using a limited set of monitors. A motion detector is an electrical device that utilizes a sensor to detect nearby motion. Such a device is often integrated as a component of a system that automatically performs a task or alerts a user of motion in an area. They form a vital component of security, automated lighting control, home control, energy efficiency, and other useful systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

(This is a simulated Performance-Based Question. If this was the real exam, you would click on each device to open up its Network Properties to determine their current settings.)

After some recent changes to the network, several users are complaining that they cannot access the servers. You have been provided with the Internet Protocol Version 4 (IPv4) Properties for PC1, PC2, PC3, and PC4.

PC1
TCP/IPv4 Properties
General
Use the following IP address
IP address:192.168.1.129
Subnet mask:255.255.255.0
Default gateway:192.168.1.1

Use the following DNS server addresses
Preferred DNS server:192.168.8.18

PC2
TCP/IPv4 Properties
General
Use the following IP address
IP address:192.168.2.129
Subnet mask:255.255.255.0
Default gateway:192.168.2.1

Use the following DNS server addresses
Preferred DNS server:192.168.8.18

PC3
TCP/IPv4 Properties
General
Use the following IP address
IP address:192.168.3.129
Subnet mask:255.255.255.128
Default gateway:192.168.3.1

Use the following DNS server addresses
Preferred DNS server:192.168.8.18

PC4
TCP/IPv4 Properties
General
Use the following IP address
IP address:192.168.24.129
Subnet mask:255.255.255.0
Default gateway:192.168.24.1

Use the following DNS server addresses
Preferred DNS server:192.168.8.18

Which of the following actions should you perform to fix the issue and ensure the computers can communicate with the servers again?

A.Change PC3’s IP address to 192.168.3.200
B.Change PC3’s subnet mask to 255.255.255.0
C.Change PC4’s subnet mask to 255.255.255.128
D.Change the DNS server on PC1,PC2,PC3, and PC4 to 8.8.8.8

A

B.Change PC3’s subnet mask to 255.255.255.0

OBJ-5.5: PC3’s IP is 192.168.3.129, but its subnet mask is 255.255.255.128. This means that the 192.168.3.0/24 network is split into two (192.168.3.0/25 and 192.168.3.128/25). The current configuration means that PC3 is not on the same subnet as its default gateway and causes the connectivity issue. If you change the subnet mask to 255.255.255.0, both PC3 and its default gateway will be on the same subnet, and connectivity will be restored. If you get a question like this on exam day, you will only get the network diagram first. As you click on each PC, its settings will be shown as a popup, and you will be able to change the settings using your mouse and keyboard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following levels would an information condition generate?

A.6
B.7
C.0
D.1

A

A.6

OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Company policies require that all network infrastructure devices send system-level information to a centralized server. Which of the following should be implemented to ensure the network administrator can review device error information from one central location?

A.TACACS+ (Terminal Access Controller Access Control Server) server
B.Syslog server
C.Single sign-on
D.Wi-Fi analyzer

A

B.Syslog server

OBJ-3.1: System Logging Protocol (Syslog) uses port 514, and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Your company’s corporate headquarters provided your branch office a portion of their Class C subnet to use at a new office location. You must allocate the minimum number of addresses using CIDR (Classless Inter-Domain Routing or supernetting) notation in order to accommodate each department’s needs. What is the correct CIDR notation for the Human Resources (HR) department’s subnet, which requires 25 devices?

A./26
B./30
C./27
D./28
E./29
F./25

A

C./27

OBJ-1.4: Since the Human Resources (HR) department needs 25 devices plus a network ID and broadcast IP, it will require 27 IP addresses. The smallest subnet that can fit 27 IPs is a /27 (32 IPs). A /27 will borrow 3 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^5 available host IP addresses, or 32 total IP addresses. Of the 32 IP addresses, there are 30 available for clients to use, one for the network ID, and one for the broadcast address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

You have been asked to troubleshoot a router which uses label-switching and label-edge routers to forward traffic. Which of the following types of protocols should you be familiar with to troubleshoot this device?

A.MPLS (Multi-Protocol Label Switching)
B.OSPF (Open Shortest Path First)
C.EIGRP (Enhanced Interior Gateway Routing Protocol)
D.BGP (Border Gateway Protocol)

A

A.MPLS (Multi-Protocol Label Switching)

OBJ-1.2: Multi-protocol label switching (MPLS) is a mechanism used within computer network infrastructures to speed up the time it takes a data packet to flow from one node to another. The label-based switching mechanism enables the network packets to flow on any protocol. Border Gateway Protocol (BGP) refers to a gateway protocol that enables the internet to exchange routing information between autonomous systems (AS). Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. BGP, OSPF, and EIGRP do not use label-switching technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A coworker is sitting next to you while you log into your workstation. They carefully glance over at your keyboard as you are entering your password without you noticing. What type of social engineering attack are they conducting?

A.Phishing
B.Shoulder surfing
C.Tailgating
D.Piggybacking

A

B.Shoulder surfing

OBJ-4.2: Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers, passwords, and other confidential data by looking over the victim’s shoulder. Piggybacking is when an unauthorized person physically follows an authorized person into a restricted corporate area or system. Tailgating attack is a social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises. The big difference between tailgating and piggybacking is permission. With piggybacking, the authorized person doesn’t know the unauthorized person is walking in behind them. With tailgating, the authorized person will allow the unauthorized person to enter the secure area using the authorized person’s access credentials. Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following network devices is used to separate collision domains?

A.Bridge
B.Hub
C.Media converter
D.Access point

A

A.Bridge

OBJ-2.1: A bridge is networking hardware that forwards traffic between network segments at the data link layer (Layer 2) of the OSI model using MAC addresses. Each switchport on a bridge is a separate collision domain, but all switchports are in a common broadcast domain. A hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub operates at the physical layer (Layer 1) of the OSI model. All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD. A wireless access point is a networking device that allows other Wi-Fi devices to connect to a wired network. A wireless access point operates at the physical layer (Layer 1) of the OSI model to extend the wired network into the wireless domain. A media converter is a networking device that transparently converts Ethernet or other communication protocols from one cable type to another type, such as from copper to fiber or twisted pair to coaxial. A media converter operates at the physical layer (Layer 1) of the OSI model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A new network administrator is hired to replace a consultant who ran the network for several months and whose contract was just canceled. After a month of working on the network, the new network administrator realized some network issues and configuration changes in the server settings. The log files on the servers do not contain any error messages related to the issues or changes. What could be the problem?

A.A TACACS+ (Terminal Access Controller Access Control Server) or RADIUS (Remote Authentication Dial-In User Service)misconfiguration is causing logs to be erased
B.A backdoor has been installed to grant someone access to the network
C.The last ACL (Access Control List) on the firewall is set to DENY ANY ANY
D.The server was the victim of a brute force password attack

A

B.A backdoor has been installed to grant someone access to the network

OBJ-4.2: A hacker or the previous administrator (consultant) left a piece of software or an SSH protocol to allow themselves access to the network and change the server settings. The consultant may be disgruntled that their contract was canceled and that the new network administrator was hired to replace them. The last ACL on the firewall should be set to DENY ANY ANY, as this is a form of implicit deny and considered a best practice in network security. A brute force password attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. If a brute force password attack was used, there would be numerous failed login attempts showing in the security log files on the servers. TACACS+ and RADIUS misconfigurations would lead to authentication issues, not to log erasures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

You are working for a brand new startup company who recently moved into an old office building because the CEO liked the “charm” of the place. You have been tasked with converting a small janitorial closet into an IDF to support the new office network. You measure the closet and determine that you can install a two-post rack inside of it, and all your necessary networking equipment will fit in the two-post rack. You test the power outlet installed in the closet, and it is sufficient for your needs. What is the NEXT thing you should be concerned with to ensure this closet can be used as your IDF (Intermediate Distribution Frame)?

A.Can I install a UPS (Uninterruptible Power Supply) in this closet?
B.How will I label the cables during installation?
C.Is there redundant power available?
D.Is there adequate airflow and cooling in the closet?

A

D.Is there adequate airflow and cooling in the closet?

OBJ-3.3: Since you are converting an old closet into an IDF, you need to ensure you have 3 main things: Power, Space, and Cooling. You already verified there were adequate power and space, so you need to determine if there are adequate airflow and cooling to prevent the equipment from overheating. After that, you can then determine how to supply backup power (UPS or redundancy).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A network administrator has set up a firewall and set up only three allow rules so that traffic can be sent over ports 21, 110, and 25. Next, they added a final rule of “deny any any” to the end of the ACL (Access Control List) to minimize the attack surface and better secure the network. Unfortunately, now the administrator is receiving complaints from users that they cannot access any web pages using their URLs (Uniform Resource Locator), such as DionTraining.com. Which of the following should the administrator do to correct this issue?

A.Add a rule to the ACL (Access Control List) to allow traffic on ports 80 and 53
B.Add a rule to the ACL to allow traffic on ports 143 and 22
C.Add a rule to the ACL to allow traffic on ports 139 and 445
D.Add a rule to the ACL to allow traffic on ports 110 and 389

A

A.Add a rule to the ACL (Access Control List) to allow traffic on ports 80 and 53

OBJ-1.5: The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. If the outbound port 80 is not open, then users will not be able to connect to a remote web server. If the outbound port 53 is not open, then the users will be unable to conduct a DNS name resolution and determine the IP address of the given web server based on its domain name. Port 22 is used for SSH/SCP/SFTP. Port 143 is used for IMAP. Port 139 and 445 are used for SMB. Port 389 is used for LDAP. Port 110 is used for POP3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

You have configured your network into multiple segments by creating multiple broadcast domains. Which of the following devices should you use to allow the different network segments to communicate with each other?

A.Switch
B.Bridge
C.Hub
D.Router

A

D.Router

OBJ-2.1: A router is used to allow different network segments and broadcast domains to communicate with each other. If you have a Layer 3 switch, this will also function as a router and allow communication to occur. Since the question didn’t specify if the switch was a layer 2 or layer 3 switch, we must assume it is a traditional layer 2 switch which cannot route traffic from one broadcast domain to the other broadcast domains. A bridge is a layer 2 device and cannot connect multiple broadcast domains. A hub is a layer 1 device and cannot connect different collision or broadcast domains together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following layers within software-defined networking focuses on providing network administrators the ability to oversee network operations, monitor traffic conditions, and display the status of the network?

A.Control layer
B.Application layer
C.Infrastructure layer
D.Management layer

A

D.Management layer

OBJ-1.7: The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations. The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements.

38
Q

You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and impacts the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why?

A.Network mapping
B.Syslog
C.NIDS (Network-based Intrusion Detection System)
D.Firewall logs

A

B.Syslog

OBJ-3.1: The Syslog server is a centralized log management solution. By looking through the Syslog server’s logs, the technician could determine which service failed on which server since all the logs are retained on the Syslog server from all of the network devices and servers. Network mapping is conducted using active and passive scanning techniques and could help determine which server was offline, but not what caused the interruption. Firewall logs would only help determine why the network connectivity between a host and destination may have been disrupted. A network intrusion detection system (NIDS) is used to detect hacking activities, denial of service attacks, and port scans on a computer network. It is unlikely to provide the details needed to identify why the network service was interrupted.

39
Q

An administrator notices an unused cable behind a cabinet that is terminated with a DB-9 connector. What protocol is likely to be used with this cable?

A.ATM (Asynchronous Transfer Mode)
B.Token ring
C.802.3 (IEEE; Ethernet)
D.RS-232 (Recommended Standard 232)

A

D.RS-232 (Recommended Standard 232)

OBJ-5.2: RS-232 is a standard for serial communication transmission of data. It formally defines the signals connecting a DTE (data terminal equipment) such as a computer terminal and a DCE (data circuit-terminating equipment or data communication equipment). A DB-9 connector is often found on a rollover or console cable and is used to connect a router to a laptop using the RS-232 serial transmission protocol for configuring a network device. IEEE 802.3 is the standard for Ethernet. Ethernet commonly uses twisted pair, fiber optic, and coaxial connections, not a DB-9 serial connector. Asynchronous Transfer Mode (ATM) uses a fiber or twisted pair cable similar to an ethernet connection. Token ring usually uses a fiber optic cable, not a DB-9 serial cable.

40
Q

Which network device can detect and alert on threats facing the network by using signatures, but cannot automatically react to the threats detected?

A.Firewall
B.IPS (Intrusion Protection System)
C.Honeypot
D.IDS (Intrusion Detection System)

A

D.IDS (Intrusion Detection System)

OBJ-2.1: An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. An IDS can detect a threat, but it cannot react or change configurations based on those threats like an IPS can. Intrusion Protection Systems (IPS) can reconfigure themselves based on the threats experienced. Firewalls maintain a static configuration and cannot change their configurations automatically to react to new threats. Firewalls use ACLs to block or allow traffic into or out of a network. A honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. A honeypot is a single machine and cannot detect threats against an entire network.

41
Q

Dion Training uses a VoIP (Voice-over Internet Protocol) conferencing solution to conduct its weekly staff meetings. When Jason is talking, some of the employees say it sounds like he is speeding up and slowing down randomly. Tamera is sitting in the office with Jason, and she says Jason is speaking at the same rate the entire time. Which of the following network performance metrics would be most useful in determining why the VoIP service is not presenting a consistent pace when delivering Jason’s voice over the network?

A.Throughput
B.Jitter
C.Bandwidth
D.Latency

A

B.Jitter

OBJ-3.2: Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients. A jitter is simply a variation in the delay of the packets, and this can cause some strange side effects, especially for voice and video calls. If you have ever been in a video conference where someone was speaking and then their voice started speeding up for 5 or 10 seconds, then returned to normal speed, you have been on the receiving end of their network’s jitter. Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance.

42
Q

Which type of wireless network utilizes the 2.4 GHz or 5 GHz frequency bands and reaches speeds of 108 Mbps to 600 Mbps?

A.802.11a
B.802.11ax
C.802.11b
D.802.11g
E.802.11n
F.802.11ac

A

E.802.11n

OBJ-2.4: The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.

43
Q

The fiber-optic connection between two of the Dion Training offices was broken. A network technician used a fusion splicer to repair the cable, but now the connection is experiencing reduce transmission efficiency, slower connection speed, and intermittent downtime. Which of the following is the MOST likely reason for these issues?

A.Low optical link budget
B.Missing route
C.Asymmetrical routing
D.Switching loop

A

A.Low optical link budget

OBJ-5.5: An optical link budget is a calculation that considers all the anticipated losses along the length of a fiber optic connection. Signal loss across a fiber optic cable occurs naturally due to the distance of the cable, as well as from losses due to multiplexing, bends in the cable, imperfect connections, patches, or splices along the fiber optic cable. If the circuit is designed with a low optical link budget and subsequently needs to be repaired or spliced, it would create a fiber connection that becomes too weak to pass the light across the entire fiber optic cable. Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path). A missing route occurs when the dynamic or static routes in a router do not contain a route needed for specific traffic being routed. A switching loop or bridge loop occurs in computer networks when there are more than one layer 2 paths between two endpoints (e.g. multiple connections between two network switches or two ports on the same switch connected to each other). In this scenario, none of the routing or switching was changed due to the broken cable, therefore the issue is not a missing route, switching loop, or asymmetrical routing.

44
Q

While monitoring the network, you notice that the network traffic to one of the servers is extremely high. Which of the following should you utilize to verify if this is a concern?

A.Real-time monitor
B.Log management
C.Network baseline
D.Network diagram

A

C.Network baseline

OBJ-3.1: High network traffic can be a sign of a possible attack conducted either by an insider or someone out of the network to steal relevant information. By reviewing the network baseline, you can determine if the traffic is actually high and if any network configurations are out of the baseline, causing the issue. By knowing what “normal” looks like, you can then more easily identify the abnormal. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.

45
Q

You are creating a wireless link between two buildings in an office park utilizing the 802.11ac standard. The antenna chosen must have a small physical footprint and be lightweight as it will be mounted outside the building. Which type of antenna should you install?

A.Omni-directional patch antenna
B.Directional patch antenna
C.Directional whip antenna
D.Omni-directional whip antenna

A

B.Directional patch antenna

OBJ-2.4: A patch antenna is a type of radio antenna with a low profile, which can be mounted on a flat surface. A patch antenna is typically mounted to a wall or a mast and provides coverage in a limited angle pattern. Patch antennas can be directional or omnidirectional, but a directional antenna should be used for a connection between two buildings within line of sight of each other. A Yagi or directional antenna could also be used, but if the distance is smaller than about 300 feet between the buildings, a patch antenna would be sufficient. A Yagi would be utilized for longer distances instead, but these do weigh more and have a larger footprint. A whip antenna is a vertical omnidirectional antenna that is usually utilized in indoor environments. A whip antenna is omnidirectional and cannot be used for directional use cases.

46
Q

Which of the following WAN (Wide Area Network) technologies would MOST likely be used to connect several remote branches that have no fiber, microwave, or satellite connections available?

A.WiMAX (Worldwide Interoperability for Microwave Access)
B.POTS (Plain Old Telephone Service)
C.OC-3 (Optical Carrier 3)
D.Starlink

A

B.POTS (Plain Old Telephone Service)

OBJ-1.2: POTS (Plain Old Telephone System) is connected to almost every facility in the United States. DSL and dial-up services can be received over POTS. OC-3 is a type of fiber connection. WiMAX is a type of microwave connection. Starlink is a type of satellite connection.

47
Q

A technician is called to investigate a connectivity issue to a remote office connected by a fiber optic cable. Using a light meter, it is determined that there is excessive dB loss. The installation has been working for several years. The switch was recently moved to the other side of the room and a new patch cable was installed. Which of the following is most likely the reason for the excessive dB (deciBel) loss?

A.Distance limitations
B.Dirty connectors
C.Wavelength mismatch
D.Bend radius limitations

A

B.Dirty connectors

OBJ-5.2: When fiber optic connectors become dirty, signal loss can cause severe problems and performance issues. Something as simple as oil from a technician’s hand can render a fiber connector dirty and cause a loss of signal. The technician will need to use appropriate cleaning cloth to clean the dirty connectors and restore the service. Since the switch was only moved to the other side of the room, it is unlikely that it now exceeds the distance limitations for a fiber cable since those are measured in hundreds of meters. The question does not mention that the cable was bent or moved around a corner, therefore it is unlikely to be a bend radius limitation affecting the signal. Fiber optic cables use different wavelengths depending on the type of fiber optic cable being used. Multimode fibers use 850 or 1300 nanometer wavelengths, whereas single-mode fibers use 1550 nanometer wavelengths. It is unlikely that the wrong patch cable was used as most organizations only implement a single type of fiber infrastructure to minimize the number and type of cables needed to support them.

48
Q

A network technician needs to connect two switches. The technician needs a link between them that is capable of handling 10 Gbps of throughput. Which of the following media would BEST meet this requirement?

A.Fiber optic cable
B.Coax cable
C.Cat 3 cable
D.Cat5e cable

A

A.Fiber optic cable

OBJ-1.3: To achieve 10 Gbps, you should use Cat 6a, Cat 7, Cat 8, or a fiber optic cable. Since fiber optic was the only option listed here, it is the best answer. A Cat 5e can only operate up to 100 meters at 1 Gbps. A Cat 3 cable can only operate at 100 meters at 10 Mbps. A traditional ethernet coaxial cable network can only operate at 10 Mbps, but newer MoCA coaxial ethernet connections can reach speeds of up to 2.5 Gbps.

49
Q

What is the broadcast address associated with the host located at 192.168.0.123/29?

A.192.168.0.191
B.192.168.0.127
C.192.168.0.63
D.192.168.0.255

A

B.192.168.0.127

OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /29, so each subnet will contain 8 IP addresses. Since the IP address provided is 192.168.0.123, the broadcast address will be 192.168.0.127.

50
Q

Review the following packet captured at your NIDS:

23:12:23.154234 IP 86.18.10.3:54326 > 71.168.10.45:3389
Flags [P.], Seq 1834:1245, ack1, win 511, options
[nop,nop TS val 263451334 erc 482862734, length 125

After reviewing the packet above, you discovered there is an unauthorized service running on the host. Which of the following ACL (Access Control List) entries should be implemented to prevent further access to the unauthorized service while maintaining full access to the approved services running on this host?

A.DENY IP HOST 86.18.10.3 EQ 3389
B.DENY TCP ANY HOST 86.18.10.3 EQ 25
C.DENY IP HOST 71.168.10.45 EQ 25
D.DENY TCP ANY HOST 71.168.10.45 EQ 3389

A

D.DENY TCP ANY HOST 71.168.10.45 EQ 3389

OBJ-3.1: Since the question asks you to prevent unauthorized service access, we need to block port 3389 from accepting connections on 71.168.10.45 (the host). This option will deny ANY workstation from connecting to this machine (host) over the Remote Desktop Protocol service that is unauthorized (port 3389).

51
Q

Edward’s bank recently suffered an attack where an employee made an unauthorized modification to a customer’s bank balance. Which tenet of cybersecurity was violated by this employee’s actions?

A.Integrity
B.Availability
C.Authentication
D.Confidentiality

A

A.Integrity

OBJ-4.1: The CIA Triad is a security model that helps people think about various parts of IT security. Integrity ensures that no unauthorized modifications are made to the information. The attack described here violates the integrity of the customer’s bank account balance. Confidentiality is concerned with unauthorized people seeing the contents of the data. In this scenario, the employee is authorized to see the bank balance but not change its value. Availability is concerned with the data being accessible when and where it is needed. Again, this wasn’t affected by the employee’s actions. Authentication is concerned with only authorized people accessing the data. Again, this employee was authorized to see the balance.

52
Q

Which of the following errors would be received if raw data is accidentally changed as it transits the network?

A.Runt
B.CRC (Cyclic Redundancy Checksum) error
C.Giant
D.Encapsulation error

A

B.CRC (Cyclic Redundancy Checksum) error

OBJ-3.1: Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network. The CRC number in the interface statistics is the number of packets that were received that failed the cyclic redundancy checksum, or CRC check upon receipt. If the checksum generated by the sender doesn’t match the one calculated by this interface upon receipt, a CRC error is counted and the packet is rejected. Encapsulation is a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame. Thus, encapsulation is the process of enclosing one type of packet using another type of packet. A giant is any ethernet frame that exceeds the 802.3 frame size of 1518 bytes. A runt is an ethernet frame that is less than 64 bytes in size.

53
Q

Which of the following network devices is used to separate collision domains?

A.Switch
B.Access point
C.Repeater
D.Hub

A

A.Switch

OBJ-2.1: A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub operates at the physical layer (Layer 1) of the OSI model. All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD. A wireless access point is a networking device that allows other Wi-Fi devices to connect to a wired network. A wireless access point operates at the physical layer (Layer 1) of the OSI model to extend the wired network into the wireless domain. A repeater is a networking device that receives a signal and then rebroadcasts it to extend the distance covered by a network. A repeater can operate either as a wired or wireless repeater.

54
Q

What port number does LDAPS (Lightweight Directory Access Protocol Secure) utilize?

A.389
B.3389
C.636
D.1433

A

C.636

OBJ-1.5: The Lightweight Directory Access Protocol Secure (LDAPS) uses port 636 and is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network that is encrypted using an SSL connection. The Lightweight Directory Access Protocol (LDAP) uses port 389 and is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Microsoft SQL uses ports 1433 and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

55
Q

A technician is concerned about security and is asked to set up a network management protocol. Which network management protocol will provide the best security?

A.SNMPv3 (Simple Network Management Protocol version 3)
B.SLIP (Serial Line Internet Protocol)
C.SNMPv2 (Simple Network Management Protocol version 2)
D.TKIP (Temporal Key Integrity Protocol)

A

A.SNMPv3 (Simple Network Management Protocol version 3)

OBJ-4.3: Simple Network Management Protocol (SNMP) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Three significant versions of SNMP have been created, with SNMPv3 being the most secure. The Serial Line Internet Protocol (SLIP) is an encapsulation of the Internet Protocol designed to work over serial ports and router connections. Temporal Key Integrity Protocol (TKIP) is used as a method of encryption with 802.11 networks that rely on WPA. SLIP and TKIP are not considered management protocols.

56
Q

The Chief Information Officer (CIO) in your company has been trying to convince the Chief Security Officer (CSO) that the company should move its data to a SaaS solution to save some money in the budget. The CSO is hesitant to move all of the company’s data because she is concerned with the risk involved in moving the corporation’s sensitive data to a SaaS solution. The CSO has been asked for a reason behind her fears. Which of the following might be her response?

A.Migrating to a SaaS solution will put us at a higher risk of exposure to malware and hackers
B.Migrating our data to a SaaS solution will result in decreased performance in our internal network
C.Migrating all our data to a SaaS solution ill result in a loss of full control over our data and resources
D.The SaaS solution is incompatible with our current network

A

C.Migrating all our data to a SaaS solution ill result in a loss of full control over our data and resources

OBJ-1.8: Migrating all corporate data to a SaaS solution will lose full control over the data and its protection. If the company intends to move sensitive data to a cloud-based solution, it should seek out a private cloud solution or a PaaS/IaaS solution instead since it will allow them to retain much more control over their data. There is no evidence that cloud solutions are more exposed than on-premise solutions to malware and hackers. Since the proposal is to migrate information out of the internal network, this should not decrease performance but instead increase it. Also, since a SaaS is proposed, there are no incompatibility issues since SaaS solutions are almost always web-based solutions, and therefore compatible with any web browser.

57
Q

Which cellular technology utilizes new frequency bands to reach proposed speeds of up to 70 Gbps?

A.4G
B.5G
C.3G
D.LTE (Long Term Evolution)

A

B.5G

OBJ-2.4: 5G cellular technology is made up of three different types: low-band, mid-band, and high-band mmWave technology. Low-band 5G reaches an average speed of 55 Mbps with a theoretical speed of 150 Mbps. Mid-band 5G reaches an average speed of 150 Mbps with a theoretical speed of 1.5 Gbps. High-band 5G reaches an average speed of 3 Gbps with a theoretical speed of up to 70 Gbps. 5G cellular technology is made up of three different types: low-band, mid-band, and high-band mmWave technology. Low-band 5G reaches an average speed of 55 Mbps with a theoretical speed of 150 Mbps. Mid-band 5G reaches an average speed of 150 Mbps with a theoretical speed of 1.5 Gbps. High-band 5G reaches an average speed of 3 Gbps with a theoretical speed of up to 70 Gbps. 4G cellular technology is made up of LTE and LTA-A. Long Term Evolution (LTE) is a packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE has a theoretical speed of 150 Mbps and a real-world speed of around 20 Mbps. LTE Advanced (LTE-A) has a theoretical speed of 300 Mbps and a real-world speed of around 40 Mbps.

58
Q

A company is installing several APs (Access Point) for a new wireless system that requires users to authenticate to the domain. The network technician would like to authenticate to a central point. What solution would be BEST to achieve this?

A.RADIUS (Remote Authentication Dial-In User Service)
B.Proxy server
C.LACP (Link Aggregation Control Protocol)
D.Network controller

A

A.RADIUS (Remote Authentication Dial-In User Service)

OBJ-4.1: A Remote Authentication Dial-in User Service (RADIUS) server provides AAA management for users connecting to a wired or wireless network, which includes the ability to authenticate users. Link Aggregation Control Protocol (LACP) is an open standard of Ethernet link aggregation. A proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. A network controller is software that orchestrates network functions by acting as an intermediary between the business and the network infrastructure.

59
Q

You are working as a network technician and need to create several Cat 5e network cables to run between different computers and the network jacks on the wall. The connections between the switch, the patch panel, and the wall jacks have already been installed and tested. Which of the following tools would NOT be necessary to complete this task?

A.Punchdown tool
B.Cable tester
C.Wire stripper
D.Cable crimper

A

A.Punchdown tool

OBJ-5.2: A punchdown tool is used to connect a network cable (such as Cat 5e) to a patch panel, 110-block, or the inside portion of a wall jack, therefore it is not needed for this task. A wire stripper is used to remove the outer plastic shielding from the Cat 5e cable so that you can reach the inner wiring pairs. The cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A cable crimper is used to join the internal wires of a twisted pair cable with metallic pins houses inside a plastic connector, such as an RJ-45 connector.

60
Q

Dion Training believes there may be a rogue device connected to their network. They have asked you to identify every host, server, and router currently connected to the network. Which of the following tools would allow you to identify which devices are currently connected to the network?

A.IP (Internet Protocol) scanner
B.Port scanner
C.Protocol analyzer
D.NetFlow analyzer

A

A.IP (Internet Protocol) scanner

OBJ-5.3: An IP scanner is used to monitor a network’s IP address space in real-time and identify any devices connected to the network. Essentially, the tool will send a ping to every IP on the network and then creates a report of which IP addresses sent a response. A NetFlow analyzer is used to perform monitoring, troubleshooting, inspection, interpretation, and synthesis of network traffic flow data. A port scanner is used to determine which ports and services are open and available for communication on a target system. A protocol analyzer is used to capture, monitor, and analyze data transmitted over a communication channel

61
Q

An attacker is using double tagging to conduct a network exploit against your enterprise network. Which of the following types of attacks is being conducted?

A.DNS (Domain Name System) poisoning
B.VLAN hopping (Virtual Local Area Network)
C.ARP spoofing (Address Resolution Protocol)
D.Rogue DHCP (Dynamic Host Configuration Protocol)

A

B.VLAN hopping (Virtual Local Area Network)

OBJ-4.2: VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver’s cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. … Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.

62
Q

Christina recently purchased a new Android smartphone and is going on a trip. At the airport, she found a public wireless network called “FreeAirportWiFi” and connects to it. She noticed a question mark (?) icon showing in the toolbar next to the Wi-Fi (Wireless Fidelity; IEEE 802.11) icon. Christina attempts to open a webpage but gets an error of “The page cannot be displayed.” She begins to troubleshoot the device by verifying that the airplane mode is disabled, Bluetooth is enabled, and tethering is enabled. Next, Christina attempts to make a phone call, which works without any issues. Which of the following is MOST likely the issue with Christina’s smartphone?

A.The smartphone is connected to the FreeAirportWifi but is not authenticated yet
B.The smartphone can only support 3G data networks
C.The smartphone’s SIM (Subscriber Identity Module) card is deactivated
D.The smartphone does not have a valid data plan enabled

A

A.The smartphone is connected to the FreeAirportWifi but is not authenticated yet

OBJ-5.4: When an Android smartphone is connected to the Wi-Fi but shows a question mark (?) next to the Wi-Fi’s radio icon, this indicates that there is a lack of internet connectivity on the current wireless network. It appears that Christina’s smartphone is fully connected to the FreeAirportWiFi, but she has not completed the authentication. These types of public wireless networks often have a captive portal or redirect page with the Acceptable Use Policy that must be accepted before giving the smartphone full connectivity to the internet. Once the acceptance is made to the captive portal, the smartphone is logically connected to the internet, and the question mark will be removed.

63
Q

A college needs to provide wireless connectivity in a cafeteria with a minimal number of WAPs (Wireless Access Point). What type of antenna will provide the BEST coverage?

A.Low gain omnidirectional antenna
B.High gain directional antenna
C.High gain omnidirectional antenna
D.Low gain directional antenna

A

C.High gain omnidirectional antenna

OBJ-2.4: Omni-directional antennas broadcast radio frequencies in all directions creating a large sphere of coverage. The antenna has the capability to send and receive signals in a circumference around the antenna. Directional antennas broadcast radio frequencies in a single direction (unidirectional) or two directions (bidirectional) to create a zone or area of coverage. High gain antennas put out increase signal strengths and can reach further distances with fewer wireless access points (WAPs) than low gain antennas. Low gain antennas spread the power out across a wider volume in space, but the signal reaching the receivers is weaker and harder to process.

64
Q

When installing a network cable with multiple strands, a network technician pulled the cable past a sharp edge. This resulted in the copper conductors on several of the wire strands being exposed. If these exposed conductors come into contact with each other, they can form an electrical connection. Which of the following conditions would result in this scenario?

A.Short
B.Crosstalk
C.Electrostatic Discharge
D.Open

A

A.Short

OBJ-5.2: A short is an electrical term that is an abbreviation for a short circuit. A short generally means that an unintended connection between two points is allowing current to flow where it should not. In this scenario, the short is caused by the damaged cable in which two or more of the conductors are connected. This has caused the cable to fail and will report as “short” when using a cable tester. An open is reported when there is no connection between the two ends of a cable or wire. This can occur when a wire or cable is accidentally cut in half. An open is the opposite of a short. Electrostatic discharge is the sudden flow of electricity between two electrically charged objects. Crosstalk is the coupling of voltage to an adjacent line through mutual coupling composed of a mutual inductance, a coupling capacitance, or both. Crosstalk occurs within a twisted pair cable when the pairs become untwisted or no shielding or insulation remains.

65
Q

What is the broadcast address associated with the host located at 172.16.200.130/26?

A.172.16.200.158
B.172.16.200.191
C.172.16.200.159
D.172.16.200.190

A

B.172.16.200.191

OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /26, so each subnet will contain 64 IP addresses. Since the IP address provided is 172.16.200.130, the broadcast address will be 172.16.200.191.

66
Q

Dion Training is concerned about an attacker gaining access to their network and gaining access to their confidential financial data. What could be implemented to attempt to redirect an attacker to a different server that doesn’t contain any real financial data?

A.Content filter
B.Botnet
C.Honeypot
D.DMZ (DeMilitarized Zone)

A

C.Honeypot

OBJ-4.1: A honeypot is a computer security mechanism set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data that appears to be a legitimate part of the site but is actually isolated and monitored and seems to contain information or a resource of value to attackers, who are then tricked into spending their time attacking the honeypot instead of your real servers. A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet. A content filter is a device that screens and/or excludes access to web pages or emails that have been deemed objectionable. A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them.

67
Q

What port number does POP3 utilize?

A.143
B.110
C.993
D.995

A

B.110

OBJ-1.5: Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Post Office Protocol version 3 over SSL (POP3 over SSL) uses port 995 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server that operates using an SSL or TLS encrypted tunnel. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Internet Message Access Protocol (IMAP) over SSL uses port 993 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection.

68
Q

What is an example of a signaling protocol used to initiate, maintain, and terminate a real-time VoIP session?

A.TFTP (Trivial File Transfer Protocol)
B.SIP (Session Initiation Protocol)
C.VRRP (The Virtual Router Redundancy Protocol)
D.RDP (Remote Desktop Protocol)

A

B.SIP (Session Initiation Protocol)

OBJ-1.5: SIP (Session Initiation Protocol) is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications. SIP uses ports 5060 and 5061. VRRP (Virtual Router Redundancy Protocol) is a protocol used for the automatic assignment of available Internet Protocol (IP) routers to participating hosts in order to increase the availability and reliability of routing paths via automatic default gateway selections. VRRP uses port 112. RDP (Remote Desktop Protocol) provides users with a graphical interface to connect to another computer over a network connection. RDP uses port 3389. TFTP (Trivial File Transfer Protocol) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. TFTP uses port 69. and SIP is a session initiation protocol. SIP is a signaling protocol used on the application layer.

69
Q

A technician has installed an 802.11n network, and most users can see speeds of up to 300Mbps. A few of the users have an 802.11n network card but cannot get speeds higher than 108Mbps. What should the technician do to fix the issue?

A.Rollback the firmware on the WLAN (Wireless Local Area Network) card
B.Upgrade the OS (Operating System) version to 64-bit
C.Upgrade WLAN card driver
D.Install a vulnerability patch

A

C.Upgrade WLAN card driver

OBJ-5.4: Wireless N networks can support up to 600Mbps with the network cards’ proper software drivers. Without them, they can only achieve 108Mbps since they cannot communicate with the increased data compression rates. Wireless network interface card drivers are software programs installed on your hard disk that allow your operating system to communicate with your wireless and network adapters. Wireless and network driver problems usually occur due to missing, outdated, or corrupt drivers.

70
Q

A network technician must replace a faulty network interface card on Dion Training’s web server. The server currently uses a multimode fiber optic cable to connect to a switchport on a fiber-optic network switch. Which of the following types of NICs NIC (Network Interface Controller) should the technician install on the server?

A.10GBase-SR (Short Range)
B.1000Base-FX (Over Fiber)
C.1000Base-LR (Long Range)
D.1000Base-T (Twisted Pair)

A

A.10GBase-SR (Short Range)

OBJ-5.2: 10GBase-SR is a 10 Gigabit Ethernet LAN standard for use with multimode fiber optic cables using short-wavelength signaling. 1000Base-T is a standard for Gigabit Ethernet over copper wiring. 1000Base-FX and 1000Base-LR are standard for Gigabit Ethernet over single-mode fiber optic cabling. For the exam, remember the memory aid, “S is not single,” which means that if the naming convention contains Base-S as part of its name then it uses a multimode fiber cable.

71
Q

What access control model will a network switch utilize if it requires multilayer switches to use authentication via RADIUS (Remote Authentication Dial-In User Service) / TACACS+ (Terminal Access Controller Access Control Server)?

A.802.1x
B.802.11ac
C.802.1q
D.802.3af

A

A.802.1x

OBJ-2.3: If you are using RADIUS/TACACS+ with the switch, you will need to use 802.1x for the protocol. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.

72
Q

Which of the following is a connection-oriented protocol?

A.ICMP (Internet Control Message Protocol)
B.TCP (Transmission Control Protocol)
C.NetBIOS (Network Basic Input/Output System)
D.UDP (User Datagram Protocol)

A

B.TCP (Transmission Control Protocol)

OBJ-1.5: A connection-oriented protocol is a form of data transmission in which data is transmitted and confirmed that it is received by the receiver. If it isn’t received, the data is retransmitted. Examples of connection-oriented protocols include TCP, SSH, and SSL. A connectionless protocol is a form of data transmission in which data is transmitted automatically without determining whether the receiver is ready or even whether a receiver exists. ICMP, UDP, IP, and IPX are well-known examples of connectionless protocols.

73
Q

You are working as a network technician running new unshielded twisted pair cables from the intermediate distribution frame to the individual offices on the same floor. The cable comes in 1000 foot spools. You just cut the cable off of the spool and need to prepare it for connection to the backside of the patch panel. Which of the following tools should you use to remove the outer insulation on the UTP (Unshielded Twisted Pair) cable?

A.Punchdown tool
B.Cable crimper
C.Cable stripper
D.Cable snip

A
74
Q

A network administrator wants to separate web servers on the network logically. Which of the following network device will need to be configured?

A.HIDS (Host-based Intrusion Detection System)
B.Hub
C.Switch
D.IPS (Intrusion Protection System)

A

C.Switch

OBJ-2.1: Logical separation of network devices is accomplished using VLANs, which are configured on the network switches. A hub is a layer 1 device and provides no logical separation. An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats. A host-based intrusion detection system is a form of network security that works to detect identified threats. Neither a IPS nor HIDS can logically separate the web servers on the network.

75
Q

Due to numerous network misconfiguration issues in the past, Dion Training adopted a policy that requires a second technician to verify any configuration changes before they are applied to a network device. When the technician inspects a newly proposed configuration change from a coworker, she determines that it would improperly configure the AS number on the device. Which of the following issues could have resulted from this configuration change if it was applied?

A.A frequency mismatch would have occurred
B.Wireless coverage area would be decreased
C.BGP (Border Gateway Protocol) routing issues would have occurred
D.Spanning tree ports would have entered flooding mode

A

C.BGP (Border Gateway Protocol) routing issues would have occurred

OBJ-5.5: BGP (Border Gateway Protocol) is used to route data between autonomous systems (AS). A collection of networks within the same administrative domain is called an autonomous system (AS). The routers within an AS to use an interior gateway protocol, such as the Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF) protocol, exchange routing information among themselves. Autonomous systems operate at layer 3 and are focused on wired networks. Therefore, the frequency mismatch, decreased wireless coverage areas, and spanning tree ports would not be affected by the improper configuration of an AS number on a device.

76
Q

Which of the following open-source remote access tools allows users to connect to their desktop remotely, see what is on their screen, and control it with their mouse and keyboard?

A.SSH (Secure SHell)
B.RDP (Remote Desktop Protocol)
C.Telnet
D.VNC (Virtual Network Computing)

A

D.VNC (Virtual Network Computing)

OBJ-4.4: VNC (virtual network computing) is a remote access tool and protocol. It is used for screen sharing on Linux and macOS. RDP is not open-source. SSH and telnet are text-based remote access tools. Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Telnet uses port 23 to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection but sends its data in plaintext making it an insecure protocol.

77
Q

Which of the following network performance metrics is used to represent the round-trip time it takes for a packet to be sent by a device to a server and then a response received from that destination server?

A.Throughput
B.Jitter
C.Latency
D.Bandwidth

A

C.Latency

OBJ-3.2: Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance. Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients.

78
Q

You are assisting the company with developing a new business continuity plan. What would be the BEST recommendation to add to the BCP?

A.Build redundant links between core devices
B.Physically secure all network equipment
C.Perform recurring vulnerability scans
D.Maintain up-to-date configuration backups

A

A.Build redundant links between core devices

OBJ-3.2: The business continuity plan focuses on the tasks carried out by an organization to ensure that critical business functions continue to operate during and after a disaster. By keeping redundant links between core devices, critical business services can be kept running if one link is unavailable during a disaster. Some of the other options are good ideas, too, but this is the BEST choice to maintain a high availability network that can continue to operate during periods of business disruption.

79
Q

You have been dispatched to investigate some sporadic network outages. After looking at the event logs for the network equipment, you found that the network equipment has been restarting at the same time every day. What should you implement to correct this issue?

A.Airflow management
B.Surge protector
C.Grounding bar
D.UPS (Uninterruptible Power Supply)

A

D.UPS (Uninterruptible Power Supply)

OBJ-3.3: An uninterruptible power supply (UPS) is a battery system that can supply short-term power to electrical units. Since all the devices are restarting simultaneously, it is likely due to a power outage. In this case, a UPS would continue to supply power to the network equipment during power failures or under-voltage events.

80
Q

A network administrator wants to increase the speed and fault tolerance of a connection between two network switches. To achieve this, which protocol should the administrator use?

A.LDAP (Lightweight Directory Access Protocol)
B.LLDP (Link Layer Discovery Protocol)
C.L2TP (The Layer 2 Tunneling Protocol)
D.LACP (Link Aggregation Control Protocol )

A

D.LACP (Link Aggregation Control Protocol )

OBJ-3.3: The Link Aggregation Control Protocol (LACP) provides a method to control the bonding of several physical ports to form a single logical channel. The LACP is defined in the 802.3ad standard. The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.

81
Q

A workstation is unable to connect to a file server on a 100BASE-TX network. The technician begins to troubleshoot the issue and has gathered the following information: 1) Workstation01 has an IP address of 10.0.1.25/25 2) Workstation01 can ping the default gateway (RouterA, Ethernet0/0) using its IP address 10.0.1.1/25 3) The file server (DIONTRAININGFS01) has an IP address of 10.0.1.145/25 4) Workstation01 cannot ping the IP address assigned to DIONTRAININGFS01 5) Workstation02 with an IP address of 10.0.1.200/25 can successfully ping DIONTRAININGFS01 When Workstation01 attempted to ping DIONTRAININGFS01, it received a “destination host unreachable” error message. Which of the following is the MOST likely explanation for the connectivity issue between Workstation01 and DIONTRAININGFS01?

A.The link from Workstation01 to RouterA has duplex issues
B.Workstation01 and DIONTRAININGFS01 are on different subnets
C.The link from Workstation01 to Router A has a wavelength mismatch
D..Workstation02 and DIONTRAININGFS01 are on different subnets

A

B.Workstation01 and DIONTRAININGFS01 are on different subnets

OBJ-5.5: Since the IPs listed are all using /25 for their CIDR notation, you should be able to determine that they are on two separate subnets (10.0.1.1 - 10.0.1.126 and 10.0.1.129 - 10.0.1.254). This indicates that Workstation02 and DIONTRAININGFS01 are on different subnets. This can be solved by adding a route in RouterA to pass traffic between the two subnets. Since the network is a 100BASE-TX network, it cannot be a wavelength mismatch because 100BASE-TX networks use copper media and not fiber media for data transmission. Workstation02 and DIONTRAININGFS01 are on the same subnet (10.0.1.129/25). Based on the question, there are no indications that Workstation01 to RouterA has a duplexing issue.

82
Q

Which of the following cloud services should an organization choose in order to deliver virtual desktops to end-users over the Internet on a per-user license basis?

A. DaaS (Desktop-as-a-Service)
B. SaaS (Software-as-a-Service)
C. IaaS (Infrastructure-as-a-Service)
D. PaaS (Platform-as-a-Service)

A

A. DaaS (Desktop-as-a-Service)

OBJ-1.8: Desktop as a Service (DaaS) is a cloud computing offering where a service provider delivers virtual desktops to end-users over the Internet, licensed with a per-user subscription. DaaS is often combined with Virtual Desktop Infrastructure. Platform as a Service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. Infrastructure as a Service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on-demand, on a pay-as-you-go basis. Software as a Service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider.

83
Q

(This is a simulated Performance-Based Question. If this was the real certification exam, you would be asked to drag-and-drop the correct antennas onto the APs.)

Your company has purchased a new building down the street for its executive suites. You have been asked to select an antenna for AP1, AP2, and AP3 to establish a wireless connection inside the main building for visitors to use.

Which of the following is the BEST antenna configuration that will control the signal propagation and keep the wireless signal from broadcasting outside the main building?

A.5 dB Directional Right for AP1, 5 dB Omnidirectional for AP2, and 5 dB Directional Left for AP3
B.5 dB Omnidirectional for AP1, 5 dB Directional Left for AP2, and 5 dB Directional Right for AP3
C.5 dB Directional Right for AP1, 5 dB Directional Left for Ap2, and 5 dB Omnidirectional AP3
D.5 dB Directional Left for AP1, 5 dB Omnidirectional for AP2, and 5 dB Directional Right for AP3

A

A.5 dB Directional Right for AP1, 5 dB Omnidirectional for AP2, and 5 dB Directional Left for AP3

OBJ-5.4: For the best security and to keep the signal within the building walls, you should only use an omnidirectional antenna with AP2 and use directional antennas for AP1 and AP3. Using a Directional Right antenna on a left wall (AP1) and a Directional Left antenna on the right wall (AP3) helps keep the wireless signals inside the building. It prevents security issues associated with your wireless signals being accessible from outside the building.

84
Q

A company is having a new T1 line installed. Which of the following does this connection MOST likely terminate?

A.IDF
B.Demarcation point
C.Patch panel
D.Krone block

A

B.Demarcation point

OBJ-1.2: The telecom company usually terminates the circuits at the Main Distribution Facility (MDF) at the demarcation point. A main distribution frame (MDF or main frame) is a signal distribution frame for connecting equipment (inside plant) to cables and subscriber carrier equipment (outside plant). An intermediate distribution frame (IDF) is a distribution frame in a central office or customer premises, which cross connects the user cable media to individual user line circuits and may serve as a distribution point for multipair cables from the main distribution frame (MDF) to individual cables connected to equipment in areas remote from these frames. A Krone block is an insulation-displacement connector for telecommunications networks used in Europe and is similar to a 110 punch down block. A patch panel is a device or unit featuring a number of jacks, usually of the same or similar type, for the use of connecting and routing circuits for monitoring, interconnecting, and testing circuits in a convenient, flexible manner. Since a T1 line is provided by a telecommunications service provider, it should terminate at your demarcation point.

85
Q

You are working at the service desk as a network security technician and just received the following email from an end-user who believes a spear phishing campaign is being attempted against them:

from: nobodyreal@wewillscamyou.com
to : somename@whocares.com

Dear Winner,

You have won a brand-new iPhone! Just click the following link to provide your address so we can ship it out to you this afternoon:
http://www.didyoureallythinkyouwontafreesmartphoneyouputz.io:8080/claim.php

What should you do to prevent any other employees from accessing the link in the email above while still allowing them access to any other web pages at the domain freesmartphone.io?

Thanks a heap,
Free Smart Phone, LLC

A.Add DENY IP ANY ANY EQ 8080 to the IPS Filter
B.Add DENY TCP http://www.didyoureallythinkyouwontafreesmartphoneyouputz.io to the firewall ACL
C.Add http://www.didyoureallythinkyouwontafreesmartphoneyouputz.io:8080/claim.php to the browser’s group policy blocklist
D.Add http://www.didyoureallythinkyouwontafreesmartphoneyouputz.io:8080/claim.php to the load balancer

A

C.Add http://www.didyoureallythinkyouwontafreesmartphoneyouputz.io:8080/claim.php to the browser’s group policy blocklist

OBJ-4.2: There are two ways to approach this question. First, you can consider which is the right answer (if you know it). By adding the full URL of the phishing link to the browser’s group policy blocklist, the specific webpage will be blocked from being accessed by the employees while allowing the rest of the freesmartphone.io domain to be accessible. Now, why not just block the entire domain? Well, maybe the rest of the domain isn’t suspect, but just this one page is. (For example, maybe someone is using a legitimate site like GitHub to host their phishing campaign. Therefore, you only want to block their portion of GitHub.) The second approach to answering this question would be to rule out the incorrect answers. If you used DENY TCP to the firewall ACL answer, you would block all access to the domain, blocking legitimate traffic as well as possible malicious activity. If you used the DENY IP ANY ANY to filter traffic at the IPS, you would block any IP traffic to ANY website over port 8080. If you added the link to the load balancer, this would not block it either. Therefore, we are only left with the correct answer of using a group policy in this case.

86
Q

Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise?

A.IaC (Infrastructure-as-Code)
B.IaaS (Infrastructure-as-a-Service)
C.SDN Software-Defined Networking
D.SaaS (Software-as-a-Service)

A

A.IaC (Infrastructure-as-Code)

OBJ-1.8: Infrastructure as Code (IaC) is designed with the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities. SDN uses software to define networking boundaries but does not necessarily handle server architecture in the same way that IaC can. Infrastructure as a Service (IaaS) is a computing method that uses the cloud to provide any or all infrastructure needs. Software as a Service (SaaS) is a computing method that uses the cloud to provide users with application services.

87
Q

A technician needs to limit the amount of broadcast traffic on a network and allow different segments to communicate. Which of the following should the technician install to satisfy this requirement?

A.Add a multilayer switch and create a VLAN (Virtual Local Area Network)
B.Add a firewall and implement proper ACL (Access Control List)
C.Add a router and enable OSPF
D.Add a bridge between two switches

A

OBJ-2.1: By adding a multilayer (layer 3) switch, the technician can improve network routing performance and reduce broadcast traffic. Creating a VLAN provides LAN segmentation, as well, within the network and the multilayer switch can conduct the routing between VLANs as needed. Just adding a single router would only create two broadcast domains, but adding the multilayer switch and configuring VLANs would allow you to add as many broadcast domains as you need. Each VLAN is its own broadcast domain. A bridge is a layer 2 device, it does not break apart broadcast domains. A firewall isn’t designed to break apart broadcast domains, this is a job for a router or a layer 3 switch.

88
Q

Which of the following types of agreements is used to document the commitment between a provider and client in terms of quality and availability?

A.AUP (Acceptable Use Policy)
B.MOU (Memorandum Of Understanding)
C.NDA (Non-Disclosure Agreement)
D.SLA (Service-Level Agreement)

A

D.SLA (Service-Level Agreement)

OBJ-3.2: A service level agreement (SLA) is a documented commitment between a service provider and a client, where the quality, availability, and responsibilities are agreed upon by both parties. A non-disclosure agreement (NDA) is a documented agreement between two parties that define what data is considered confidential and cannot be shared outside of that relationship. An NDA is used to protect an organization’s intellectual property. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is a non-binding agreement between two or more organizations to detail what common actions they intend to take.

89
Q

Your mother says there is something wrong with her computer, but unfortunately, she doesn’t know how to fix it. She asks if you can remotely connect to her computer and see if you can fix it. Which of the following technologies would BEST allow you to remotely access her computer and interact with her Windows 10 laptop?

A.Telent
B.RDP (Remote Desktop Protocol)
C.VPN (Virtual Private Network)
D.SSH (Secure SHell)

A

B.RDP (Remote Desktop Protocol)

OBJ-4.4: Remote Desktop Protocol (RDP) is a Microsoft protocol designed to facilitate application data transfer security and encryption between client user devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer. Whether across the house or the country, you can now help solve your mother’s computer problems anytime with RDP. Telnet should not be used in a network due to its weak security posture. Telnet transmits all of the data in plain text (without encryption), including usernames, passwords, commands, and data files. For this reason, it should never be used in production networks and has been replaced by SSH in most corporate networks. SSH (Secure Shell) is used to remotely connect to a network’s switches and routers to configure them securely. SSH is typically used for logging into a remote machine and executing commands, but it also supports tunneling, forwarding TCP ports, and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model. A remote-access VPN connection allows an individual user to connect to a private network from a remote location using a laptop or desktop computer connected to the internet. A remote-access VPN allows individual users to establish secure connections with a remote computer network. Once established, the remote user can access the corporate network and its capabilities as if they were accessing the network from their own office spaces.

90
Q

You are working as a network technician and have been asked to troubleshoot an issue with a workstation. You have just established a theory of probable cause. Which of the following steps of the CompTIA troubleshooting methodology should you perform NEXT?

A.Establish a plan of action to resolve the problem
B.Identify the problem
C.Test the theory to determine the cause
D.Verify full system functionality

A

C.Test the theory to determine the cause

OBJ-5.1: The next step would be to “test the theory to determine the cause” since you just finished the “establish a theory of probable cause” step. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.