Jason Dion - CompTIA Network+ N10-008 Exam Prep #3 Flashcards
Ted, a file server administrator at Dion Training, has noticed that many sensitive files have been transferred from a corporate workstation to an IP (Internet Protocol) address outside of the local area network. Ted looks up the IP address and determines that it is located in a foreign country. Ted contacts his company’s security analyst, verifying that the workstation’s anti-malware solution is up-to-date and the network’s firewall is properly configured. What type of attack most likely occurred to allow the exfiltration of the files from the workstation?
A.MAC (Media Access Control) spoofing
B.Zero-day
C.Session hijacking
D.Impersonation
B.Zero-day
OBJ-4.1: Since the firewall is properly configured and the anti-malware solution is up-to-date, this signifies that a zero-day vulnerability may have been exploited. A zero-day vulnerability is an unknown vulnerability, so a patch or virus definition has not been released yet. A zero-day vulnerability refers to a hole in software that is unknown to the vendor. Hackers then exploit this security hole before the vendor becomes aware and hurries to fix it. This exploit is therefore called a zero-day attack. Zero-day attacks include infiltrating malware, spyware, or allowing unwanted access to user information. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Impersonation is the act of pretending to be someone or something else. A session hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver.
You are configuring a point-to-point link and want to ensure it is configured for the most efficient use of your limited pool of available public IP addresses. Which of the following subnet masks would be BEST to use in this scenario?
A./29
B./30
C./24
D./28
B./30
OBJ-1.4: The most efficient subnet mask for a point-to-point link is actually a /31 subnet, which only provides 2 addresses. This will only work if both routers use a newer routing protocol like OSPF, IS-IS, EIGRP, or RIPv2 (or above). The most widely accepted and used method is to use a /30 subnet consisting of 4 IP addresses. The first is the network IP, the last is the broadcast, and the other 2 IPs can be assigned to the routers on either end of the point-to-point network. For the exam, if you see the option of /30 or /31, remember, they can be used for point-to-point networks.
Which of the following security features should be enabled to configure a quality of service filter to manage the traffic flow of a Cisco router or switch and protect it against a denial-of-service attack?
A.Dynamic ARP inspection
B.Router Advertisement Guard
C.Control plane policing
D.DHCP snooping
C.Control plane policing
OBJ-4.3: The Control Plane Policing, or CPP, feature allows users to configure a quality of service (or QoS) filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches against reconnaissance and denial-of-service (DoS) attacks. This helps to protect the control plane while maintaining packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch.
Students at Dion Training have been reporting extreme performance degradation across the network every Friday morning. Which of the following should the network technician review FIRST to identify the root cause of the network performance issues?
A.Link status
B.Baseline
C.Utilization
D.Bottleneck
C.Utilization
OBJ-5.5: The technician should first review the utilization on the network during the time period where network performance issues are being experienced. This will then be compared to the average performance of the network throughout the rest of the week. In turn, this could be compared against the baseline. Since the issue is only occurring during a specific time period at a recurring interval (every Friday morning), it is likely an over-utilization issue causing the decreased performance. The link status could be checked to ensure the link is up and operational, but it is unlikely to determine the root cause of the slower network performance being experienced. Bottlenecks are points within a network through which data flow becomes limited thanks to insufficient computer or network resources. But, again, since this is occurring at a specific time and interval, it is likely a high utilization which in turn is affected by any network bottlenecks that may exist. Reviewing the network utilization can help the technician identify why the slowness is being experienced every Friday, such as placing additional load on the network by streaming videos or something similar.
Dion Worldwide has created a network architecture that relies on two main data centers, one in the United States and one in Japan. Each satellite office in the United States and Canada will connect back to the American data center, while each satellite office in Asia will connect back to the Japanese data center. Both the American and Japanese data centers are interconnected, as well. Therefore, if a client in the Philippines wants to send a file to the office in Miami, it will go first to the Japanese datacenter, then route across to the American datacenter, and then to the Miami satellite office. Which of the following network topologies best describes the Dion Worldwide network?
A.Bus
B.Star
C.Ring
D.Hub and spoke
D.Hub and spoke
OBJ-1.2: A hub and spoke topology is a network topology where a central device (the hub) is connected to multiple other devices (the spokes). A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring.
Hub and spoke use a literal layer 1 device a Hub.
Star uses a layer 2 device a Switch.
Eduardo, a network technician, needs to protect IP-based (Internet Protocol) servers in the network DMZ (DeMilitarized Zone) from an intruder trying to discover them. What should the network technician do to protect the DMZ from ping sweeps?
A.Disable UDP on the servers in the DMZ
B.Disable TCP/IP (Transmission Control Protocol/Internet Protocol) on the servers in the DMZ
C.Block all ICMP (Internet Control Message Protocol) traffic to and from the DMZ
D..Block inbound echo replies to the DMZ
C.Block all ICMP (Internet Control Message Protocol) traffic to and from the DMZ
OBJ-4.3: A ping sweep is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers). A ping sweep occurs when a ICMP echo request message is sent to each target in a network and then waits for the ICMP echo replies to report if the target was available or not. To disable ping sweeps on a network, administrators can block ICMP echo requests from outside sources or block any outbound ICMP echo replies from being transmitted from their network. If you only blocked inbound echo replies to the DMZ, it would still allow an attacker to send an inbound echo request and the servers to send an outbound echo reply which would not stop the ping sweep from occurring. Ping sweeps are conducted using ICMP by default, not UDP, therefore disabling UDP on the servers will not stop a ping sweep. If you disable TCP/IP on the server in the DMZ, you will prevent them from operating properly and impose a self-created denial-of-service against your own servers.
Which type of wireless network utilizes the 2.4 GHz frequency band and reaches up to 11 Mbps speeds?
A.802.11ax
B.802.11b
C.802.11n
D.802.11ac
E.802.11g
F.802.11a
B.802.11b
OBJ-2.4: The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. Even though 802.11a was a faster standard, the 802.11b standard gained more widespread adoption due to the low cost of manufacturing the radios for use in the 2.4 GHz frequency band. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.
Over the past week, your network users have reported that the network has been operating slowly. You have made some changes to the network to increase its speed and responsiveness, but your supervisor is requesting that you prove that the network is actually faster and doesn’t just “feel” faster. Which of the following should you use to prove that the current configuration has improved the network’s speed?
A.Present him with a physical network diagram that shows the changes you made
B.Present him with a logical network diagram showing the configuration changes
C.Provide him a copy the approved change request for your configuration changes
D.Show him the results of a new performance baseline assessment
D.Show him the results of a new performance baseline assessment
OBJ-3.1: The only way to prove to your supervisor that the network is actually faster and more responsive is to conduct a new performance baseline and compare it to the results of the baseline that was created before the changes. By comparing the “current” speed against the “previous” baseline’s speed, you can definitely prove if the network is indeed faster due to your configuration changes. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.
You are setting up uplink ports for multiple switches to communicate with one another. All of the VLANs should communicate from the designated server switch. Which of the following should be set on the trunk ports if VLAN 1 is not the management VLAN?
A.802.1q
B.802.1x
C.802.1af
D.802.1d
C.802.1q
OBJ-2.3: The IEEE 801.q standard is used to define VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.
Which of the following describes the process of layer protective measures in the network to protect valuable data and information?
A.Zero trust
B.Least privilege
C.Acceptable use policy
D.Defense in depth
D.Defense in depth
OBJ-4.1: Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information. An acceptable use policy (AUP) is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. Zero-trust is a security framework that requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints.
Jonah is conducting a physical penetration test against Dion Training. He walks up to the access control vestibule and tells an employee standing there. He says, “I forgot my access card on my desk when I left for lunch, would you mind swiping your badge for me so I can go to my desk and retrieve my access card?” What type of social engineering attack is Jonah attempting?
A.Tailgating
B.Piggybacking
C.Shoulder surfing
D.Phishing
B.Piggybacking
OBJ-4.2: Piggybacking attack is a social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises. The big difference between tailgating and piggybacking is permission. Tailgating is when an unauthorized person physically follows an authorized person into a restricted corporate area or system. With tailgating, the authorized person doesn’t know the unauthorized person is walking behind them. With Piggybacking, the authorized person will allow the unauthorized person to enter the secure area using the authorized person’s access credentials. Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers, passwords and other confidential data by looking over the victim’s shoulder. Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the back-end authentication system supports EAP (Extensible Authentication Protocol) and TTLS (Tunneled Transport Layer Security). What should the network administrator implement?
A.PKI (Public Key Infrastructure) with user authentication
B.802.1x using PAP (Password Authentication Protocol)
C.WPA2 (Wi-Fi Protected Access version 2) with a pre-shared key
D.MAC (Media Access Control) address filtering with IP filtering
B.802.1x using PAP (Password Authentication Protocol)
OBJ-4.3: The network administrator can utilize 802.1x using EAP-TTLS with PAP for authentication since the backend system supports it. Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. MAC address filtering does not filter based on IP addresses, but instead, it filters based on the hardware address of a network interface card, known as a MAC address. WPA2 is a secure method of wireless encryption that relies on the use of a pre-shared key or the 802.1x protocol. In the question, though, it states that the system only supports WPA, therefore WPA2 cannot be used. PKI with user authentication would be extremely secure, but it is only used with EAP-TLS, not EAP-TTLS. EAP-TTLS only works with credential-based authentication, such as a username and password. Therefore, 802.1x using PAP is the best answer.
You just bought a new wireless access point and connected it to your home network. What type of network have you created?
A.PAN (Personal Area Network)
B.WLAN (Wireless Local Area Network)
C.WAN (Wide Area Network)
D.MAN (Metro Area Network aka Metro-E)
WLAN (Wireless Local Area Network)
OBJ-1.2: A wireless local area network (WLAN) connects computers within a small and specific area geographically using Wi-Fi. Since your wireless access point is simply extending your wired local area network to the wireless domain, it is still a local area network but is now called a wireless local area network, or WLAN. A personal area network (PAN) is centered around a short distance, usually around a person or up to a few meters. PANs are heavily used with Bluetooth and NFC. A metropolitan area network (MAN) is confined to a specific town, city, or region. It covers a larger area than a LAN but a smaller area than a WAN. A wide area network (WAN) will typically cover a larger area geographically, such as a continent, a state, or a country.
A company is setting up a brand new server room and would like to keep the cabling infrastructure out of sight but still accessible to the network administrators. Infrastructure cost is not an issue. Which of the following should be installed to meet the requirements?
A.Cable trays
B.Patch panels
C.Conduit
D.Raised floor
D.Raised floor
OBJ-1.3: Raised floors allow the cabling to be placed under the floor, but still accessible to the network administrators. A conduit is a tube through which power or data cables pass. Conduits are usually metal or plastic pipes, and it makes accessing the cables difficult when maintenance is going to be performed. Cable trays are a mechanical support system that can support electrical cables used for power distribution, control, and communication. Cable trays can be installed on the ceiling or under the floor if you are using a raised floor system. If cable trays are installed in the ceiling, they can be difficult to reach and work on. Patch panels are useful in a cable distribution plant, but they will not allow the cables to be distributed throughout the entire work area. A patch panel is a piece of hardware with multiple ports that helps organize a group of cables. Each of these ports contains a wire that goes to a different location. Patch panels and cable trays may be used to form the backbone of your cable distribution plant, but to meet the requirements of the question you should use raised floors in conjunction with these.
Your office is located in a small office park, and you are installing a new wireless network access point for your employees. The companies in the adjacent offices are using Wireless B/G/N routers in the 2.4 GHz spectrum. Your security system uses the 5 GHz spectrum, so you have purchased a 2.4 GHz wireless access point to ensure you don’t cause interference with the security system. To maximize the distance between channels, which set of channels should you configure for use on your access points?
A.1,6,11
B.3,6,9
C.1,7,13
D.2,6,10
A.1,6,11
OBJ-2.4: Wireless access points should always be configured with channels 1, 6, or 11 to maximize the distance between channels and prevent overlaps. Each channel on the 2.4 GHz spectrum is 20 MHz wide. The channel centers are separated by 5 MHz, and the entire spectrum is only 100 MHz wide. This means the 11 channels have to squeeze into the 100 MHz available, and in the end, overlap. Channels 1, 6, and 11, however, are far enough from each other on the 2.4GHz band that they have sufficient space between their channel centers and do not overlap.
A network architect is designing a highly redundant network with a distance vector routing protocol to prevent routing loops. The architect wants to configure the routers to advertise failed routes with the addition of an infinite metric. What should the architect configure to achieve this?
A.Hold down timers
B.Spanning tree
C.Route poisioning
D.Split horizon
C.Route poisioning
OBJ-2.2: Route poisoning is a method to prevent a router from sending packets through a route that has become invalid within computer networks. This is achieved by changing the route’s metric to a value that exceeds the maximum allowable hop count so that the route is advertised as unreachable. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks and operates at layer 2 of the OSI model. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. A split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. A hold down timer is a function of a router that prevents a route from being updated for a specified length of time (in seconds). A hold down timer allows for the routers in a topology to have sufficient time to reach convergence and be updated when a route fails.
Your co-worker has just installed an unmanaged 24-port switch. He is concerned with the amount of broadcast traffic that may exist when using this device. How many broadcast domains are created when using this single 24-port switch?
A.2
B.1
C.24
D.0
B.1
OBJ-2.1: A single 24-port unmanaged switch will have only 1 broadcast domain. Routers and VLANs split up broadcast domains. Since this is an unmanaged switch, it will only have a single broadcast domain, but it will have 24 collision domains. If this was a managed layer 3 switch, it could provide routing functions and break apart the broadcast domains. But, since this was an unmanaged switch, there must be only 1 broadcast domain on this switch.
What happens when convergence on a routed network occurs?
A.All routers are using hop count as the metric
B.All routers use route summarization
C.All routers learn the route to all connected networks
D.All routers have the same routing table
C.All routers learn the route to all connected networks
OBJ-2.2: Routers exchange routing topology information with each other by using a routing protocol. When all routers have exchanged routing information with all other routers within a network, the routers have converged. In other words: In a converged network, all routers “agree” on what the network topology looks like.
A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. Which of the following is MOST likely the cause of the connectivity issue?
A.Misconfigured DNS (Domain Name System; phone book of the internet)
B.Cable short
C.Attenuation
D.Bad power supply
B.Cable short
OBJ-5.2: Since the scenario states the VoIP phone works properly from the old desk, it is properly configured and the hardware itself works. This indicates the problem must be caused by the new desk which contains a different network cable from the switch to the wall jack in the cubicle. This is most likely a bad cable, such as one with a short in it. To verify this theory, the technician should use a cable tester to verify if the cable does have a short or not. While attenuation is a possible cause of the problem described, it is unlikely since the employee only moved a few desks (10-15 feet), and is not a large enough distance to cause significant attenuation issues.
Which parameter must be adjusted to enable a jumbo frame on a network device?
A.Duplex
B.Speed
C.TTL (Time-To-Live)
D.MTU (Maximum Transmission Unit)
D.MTU (Maximum Transmission Unit)
OBJ-1.1: A jumbo frame is an Ethernet frame with a payload greater than the standard maximum transmission unit (MTU) of 1,500 bytes. Jumbo frames are used on local area networks that support at least 1 Gbps and can be as large as 9,000 bytes. By adjusting the MTU on a given network device’s interface, you can enable or prevent jumbo frames from being used in the network. Time to live (TTL) refers to the amount of time or “hops” that a packet is set to exist inside a network before being discarded by a router. Duplex refers to if network devices can listen and transmit at the same time (full-duplex), or if they can only do one or the other (half-duplex). Speed is the bit rate of the circuit and is often measured in multiples of bits per second (bps).
(This is a simulated Performance-Based Question.) The results of the cable certifier are shown below:
Cable Test Results
1,2 Open 3ft
3,6 Short 3ft
4,5 Open 3ft
7,8 Open 3ft
Using the results provided, was the cable properly crimped or not?
A.Cable was properly crimped
B.Cable was not properly crimped
B.Cable was not properly crimped
OBJ-5.2: Cable certifiers can provide a “pass” or “fail” status following the industry standards and can also show detailed information such as “open,” “short,” or the length of the cable. When a short is detected, but the cable’s full length is shown (3 ft), this indicates the cable was incorrectly crimped. In this case, it appears that pin 3 and pin 6 are both crimped into the same position in the RJ-45 connector, causing the short. An open indicates that the electrical signal is not reaching the other end of the cable. A short indicates that the electrical signal is crossing two wires at the same time. Both of these are indications of a incorrectly crimped cable.
A company is implementing enhanced user authentication for system administrators accessing the company’s confidential servers. They intend to use two-factor authentication to accomplish this. Which of these BEST represents two-factor authentication?
A.Fingerprint scanner and retina scan
B.ID (IDentification) badge and keys
C.Password and key fob
D.Username and password
C.Password and key fob
OBJ-4.1: Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by using a combination of two different factors: (1) something you know, (2) something you have, or (3) something you are. Out of the options provided, only a key fob (something you have) and a password (something you know) meet the requirements of 2FA. If you have two factors from the same type/category, like something you know (username and password), this is only considered a single factor of authentication.
What can be issued from the command line to find the layer 3 hops to a remote destination?
A.nslookup
B.netstat
C.traceroute
D.ping
C.traceroute
OBJ-5.3: Traceroute will determine every hop between the host and the destination using ICMP. Traceroute is used for Linux and UNIX systems. Tracert is used for Windows systems. The traceroute command will issue a series of pings from the host to the destination, incrementing the time to live (TTL) by one each time. As each packet passes through a router or firewall, the TTL is decreased by one. If the TTL for a packet reaches zero, it will send an error message back to the host. By doing this, the host can map out each hop in the network from the host to the destination. The netstat command is used to display the network statistics. The nslookup command is used to display and troubleshoot DNS records. The ping command is used to test the end to end connectivity between a host and a destination. The netstat, nslookup, and ping commands cannot be used to find the layer 3 hops to a remote destination.
You are trying to connect to a router using SSH (Secure SHell) to check its configuration. Your attempts to connect to the device over SSH keep failing. You ask another technician to verify that SSH is properly configured, enabled on the router, and allows access from all subnets. She attempts to connect to the router over SSH from her workstation and confirms all the settings are correct. Which of the following steps might you have missed in setting up your SSH client preventing you from connecting to the router?
A.Perform file hashing
B.Update firmware
C.Change default credentials
D.Generate a new SSH (Secure SHell) key
D.Generate a new SSH (Secure SHell) key
OBJ-4.4: When configuring your SSH connection, you must ensure that a key is established between your client and the server. If you never set up an SSH key, you will need to generate a new key to get SSH to connect properly. Since the other technician was able to connect on her machine, we can rule out a SSH server issue, so it must be an issue with your account or client. The only option that relates solely to your account or client is the possibility that a key was not properly generated for your client.
The physical security manager has asked you to assist with the risk assessment of some proposed new security measures. The manager is concerned that during a power outage, the server room might be targeted for attack. Luckily, they have many different protection measures in place to keep intruders out of the server room. During a power outage, which of the following security controls would still be usable?
A.Door locks
B.Video surveillance
C.Biometric scanners
D.Motion detectors
A.Door locks
OBJ-4.5: A traditional door lock doesn’t require power to operate. Therefore, it will still protect the facility and keep the intruder out of the server room. The other options all require power to function and operate. A biometric lock is any lock that can be activated by biometric features, such as a fingerprint, voiceprint, or retina scan. Biometric locks make it more difficult for someone to counterfeit the key used to open the lock or a user’s account. A smart card is a form of hardware token. Closed-circuit television is a type of video surveillance where video cameras transmit a signal to a specific place using a limited set of monitors. A motion detector is an electrical device that utilizes a sensor to detect nearby motion. Such a device is often integrated as a component of a system that automatically performs a task or alerts a user of motion in an area. They form a vital component of security, automated lighting control, home control, energy efficiency, and other useful systems.
(This is a simulated Performance-Based Question. If this was the real exam, you would click on each device to open up its Network Properties to determine their current settings.)
After some recent changes to the network, several users are complaining that they cannot access the servers. You have been provided with the Internet Protocol Version 4 (IPv4) Properties for PC1, PC2, PC3, and PC4.
PC1
TCP/IPv4 Properties
General
Use the following IP address
IP address:192.168.1.129
Subnet mask:255.255.255.0
Default gateway:192.168.1.1
Use the following DNS server addresses
Preferred DNS server:192.168.8.18
PC2
TCP/IPv4 Properties
General
Use the following IP address
IP address:192.168.2.129
Subnet mask:255.255.255.0
Default gateway:192.168.2.1
Use the following DNS server addresses
Preferred DNS server:192.168.8.18
PC3
TCP/IPv4 Properties
General
Use the following IP address
IP address:192.168.3.129
Subnet mask:255.255.255.128
Default gateway:192.168.3.1
Use the following DNS server addresses
Preferred DNS server:192.168.8.18
PC4
TCP/IPv4 Properties
General
Use the following IP address
IP address:192.168.24.129
Subnet mask:255.255.255.0
Default gateway:192.168.24.1
Use the following DNS server addresses
Preferred DNS server:192.168.8.18
Which of the following actions should you perform to fix the issue and ensure the computers can communicate with the servers again?
A.Change PC3’s IP address to 192.168.3.200
B.Change PC3’s subnet mask to 255.255.255.0
C.Change PC4’s subnet mask to 255.255.255.128
D.Change the DNS server on PC1,PC2,PC3, and PC4 to 8.8.8.8
B.Change PC3’s subnet mask to 255.255.255.0
OBJ-5.5: PC3’s IP is 192.168.3.129, but its subnet mask is 255.255.255.128. This means that the 192.168.3.0/24 network is split into two (192.168.3.0/25 and 192.168.3.128/25). The current configuration means that PC3 is not on the same subnet as its default gateway and causes the connectivity issue. If you change the subnet mask to 255.255.255.0, both PC3 and its default gateway will be on the same subnet, and connectivity will be restored. If you get a question like this on exam day, you will only get the network diagram first. As you click on each PC, its settings will be shown as a popup, and you will be able to change the settings using your mouse and keyboard.
Which of the following levels would an information condition generate?
A.6
B.7
C.0
D.1
A.6
OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.
Company policies require that all network infrastructure devices send system-level information to a centralized server. Which of the following should be implemented to ensure the network administrator can review device error information from one central location?
A.TACACS+ (Terminal Access Controller Access Control Server) server
B.Syslog server
C.Single sign-on
D.Wi-Fi analyzer
B.Syslog server
OBJ-3.1: System Logging Protocol (Syslog) uses port 514, and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.
Your company’s corporate headquarters provided your branch office a portion of their Class C subnet to use at a new office location. You must allocate the minimum number of addresses using CIDR (Classless Inter-Domain Routing or supernetting) notation in order to accommodate each department’s needs. What is the correct CIDR notation for the Human Resources (HR) department’s subnet, which requires 25 devices?
A./26
B./30
C./27
D./28
E./29
F./25
C./27
OBJ-1.4: Since the Human Resources (HR) department needs 25 devices plus a network ID and broadcast IP, it will require 27 IP addresses. The smallest subnet that can fit 27 IPs is a /27 (32 IPs). A /27 will borrow 3 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^5 available host IP addresses, or 32 total IP addresses. Of the 32 IP addresses, there are 30 available for clients to use, one for the network ID, and one for the broadcast address.
You have been asked to troubleshoot a router which uses label-switching and label-edge routers to forward traffic. Which of the following types of protocols should you be familiar with to troubleshoot this device?
A.MPLS (Multi-Protocol Label Switching)
B.OSPF (Open Shortest Path First)
C.EIGRP (Enhanced Interior Gateway Routing Protocol)
D.BGP (Border Gateway Protocol)
A.MPLS (Multi-Protocol Label Switching)
OBJ-1.2: Multi-protocol label switching (MPLS) is a mechanism used within computer network infrastructures to speed up the time it takes a data packet to flow from one node to another. The label-based switching mechanism enables the network packets to flow on any protocol. Border Gateway Protocol (BGP) refers to a gateway protocol that enables the internet to exchange routing information between autonomous systems (AS). Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. BGP, OSPF, and EIGRP do not use label-switching technology.
A coworker is sitting next to you while you log into your workstation. They carefully glance over at your keyboard as you are entering your password without you noticing. What type of social engineering attack are they conducting?
A.Phishing
B.Shoulder surfing
C.Tailgating
D.Piggybacking
B.Shoulder surfing
OBJ-4.2: Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers, passwords, and other confidential data by looking over the victim’s shoulder. Piggybacking is when an unauthorized person physically follows an authorized person into a restricted corporate area or system. Tailgating attack is a social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises. The big difference between tailgating and piggybacking is permission. With piggybacking, the authorized person doesn’t know the unauthorized person is walking in behind them. With tailgating, the authorized person will allow the unauthorized person to enter the secure area using the authorized person’s access credentials. Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
Which of the following network devices is used to separate collision domains?
A.Bridge
B.Hub
C.Media converter
D.Access point
A.Bridge
OBJ-2.1: A bridge is networking hardware that forwards traffic between network segments at the data link layer (Layer 2) of the OSI model using MAC addresses. Each switchport on a bridge is a separate collision domain, but all switchports are in a common broadcast domain. A hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub operates at the physical layer (Layer 1) of the OSI model. All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD. A wireless access point is a networking device that allows other Wi-Fi devices to connect to a wired network. A wireless access point operates at the physical layer (Layer 1) of the OSI model to extend the wired network into the wireless domain. A media converter is a networking device that transparently converts Ethernet or other communication protocols from one cable type to another type, such as from copper to fiber or twisted pair to coaxial. A media converter operates at the physical layer (Layer 1) of the OSI model.
A new network administrator is hired to replace a consultant who ran the network for several months and whose contract was just canceled. After a month of working on the network, the new network administrator realized some network issues and configuration changes in the server settings. The log files on the servers do not contain any error messages related to the issues or changes. What could be the problem?
A.A TACACS+ (Terminal Access Controller Access Control Server) or RADIUS (Remote Authentication Dial-In User Service)misconfiguration is causing logs to be erased
B.A backdoor has been installed to grant someone access to the network
C.The last ACL (Access Control List) on the firewall is set to DENY ANY ANY
D.The server was the victim of a brute force password attack
B.A backdoor has been installed to grant someone access to the network
OBJ-4.2: A hacker or the previous administrator (consultant) left a piece of software or an SSH protocol to allow themselves access to the network and change the server settings. The consultant may be disgruntled that their contract was canceled and that the new network administrator was hired to replace them. The last ACL on the firewall should be set to DENY ANY ANY, as this is a form of implicit deny and considered a best practice in network security. A brute force password attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. If a brute force password attack was used, there would be numerous failed login attempts showing in the security log files on the servers. TACACS+ and RADIUS misconfigurations would lead to authentication issues, not to log erasures.
You are working for a brand new startup company who recently moved into an old office building because the CEO liked the “charm” of the place. You have been tasked with converting a small janitorial closet into an IDF to support the new office network. You measure the closet and determine that you can install a two-post rack inside of it, and all your necessary networking equipment will fit in the two-post rack. You test the power outlet installed in the closet, and it is sufficient for your needs. What is the NEXT thing you should be concerned with to ensure this closet can be used as your IDF (Intermediate Distribution Frame)?
A.Can I install a UPS (Uninterruptible Power Supply) in this closet?
B.How will I label the cables during installation?
C.Is there redundant power available?
D.Is there adequate airflow and cooling in the closet?
D.Is there adequate airflow and cooling in the closet?
OBJ-3.3: Since you are converting an old closet into an IDF, you need to ensure you have 3 main things: Power, Space, and Cooling. You already verified there were adequate power and space, so you need to determine if there are adequate airflow and cooling to prevent the equipment from overheating. After that, you can then determine how to supply backup power (UPS or redundancy).
A network administrator has set up a firewall and set up only three allow rules so that traffic can be sent over ports 21, 110, and 25. Next, they added a final rule of “deny any any” to the end of the ACL (Access Control List) to minimize the attack surface and better secure the network. Unfortunately, now the administrator is receiving complaints from users that they cannot access any web pages using their URLs (Uniform Resource Locator), such as DionTraining.com. Which of the following should the administrator do to correct this issue?
A.Add a rule to the ACL (Access Control List) to allow traffic on ports 80 and 53
B.Add a rule to the ACL to allow traffic on ports 143 and 22
C.Add a rule to the ACL to allow traffic on ports 139 and 445
D.Add a rule to the ACL to allow traffic on ports 110 and 389
A.Add a rule to the ACL (Access Control List) to allow traffic on ports 80 and 53
OBJ-1.5: The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. If the outbound port 80 is not open, then users will not be able to connect to a remote web server. If the outbound port 53 is not open, then the users will be unable to conduct a DNS name resolution and determine the IP address of the given web server based on its domain name. Port 22 is used for SSH/SCP/SFTP. Port 143 is used for IMAP. Port 139 and 445 are used for SMB. Port 389 is used for LDAP. Port 110 is used for POP3.
You have configured your network into multiple segments by creating multiple broadcast domains. Which of the following devices should you use to allow the different network segments to communicate with each other?
A.Switch
B.Bridge
C.Hub
D.Router
D.Router
OBJ-2.1: A router is used to allow different network segments and broadcast domains to communicate with each other. If you have a Layer 3 switch, this will also function as a router and allow communication to occur. Since the question didn’t specify if the switch was a layer 2 or layer 3 switch, we must assume it is a traditional layer 2 switch which cannot route traffic from one broadcast domain to the other broadcast domains. A bridge is a layer 2 device and cannot connect multiple broadcast domains. A hub is a layer 1 device and cannot connect different collision or broadcast domains together.