Jason Dion - CompTIA Network+ N10-008 Exam Prep #6 Flashcards
You have been asked to install a media converter that connects a newly installed multimode cable to the existing Cat 5e infrastructure. Which type of media converter should you use?
A.Multi-mode to single-mode
B.Ethernet to coaxial
C.Fiber to coaxial
D.Fiber to ethernet
D.Fiber to ethernet
OBJ-1.3: A media converter is a Layer 1 device that changes one type of physical network connection to another. In this case, we are converting multimode (fiber) cable to Cat 5e (ethernet) cable.
You are troubleshooting a 3 foot long fiber patch cable that you suspect is causing intermittent connectivity between two switches. Which of the following tools should you use to measure the signal as it transmits over the fiber optic cable?
A.Optical time domain reflectometer
B.Loopback adapter
C.Cable tester
D.Fiber light meter
D.Fiber light meter
OBJ-5.2: A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located. An Optical Time Domain Reflectometer (OTDR) is used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR can identify if a fiber cable is broken and provide an approximately location for the break. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A loopback adapter is a plug that is used to test the physical port or interface on a network device.
Which of the following is an example of a valid IPv4 address?
A.00:AB:FA:B1:07:34
B.192:168:1:55
C.192.168.1.254
D.::1
C.192.168.1.254
OBJ-1.4: An IPv4 address consists of 32 bits. IPv4 addresses are written in dotted octet notation, such as 192.168.1.254. MAC addresses are written as a series of 12 hexadecimal digits, such as 00:AB:FA:B1:07:34. IPv6 addresses are written as a series of up to 32 hexadecimal digits but can be summarized using a :: symbol. The ::1 is the IPv6 address for the localhost. The other option, 192:168:1:55 is not a valid address since it uses : instead of a . in between the octets.
Your company has just hired a contractor to attempt to identify and exploit any network vulnerabilities they could find. This person has been permitted to perform these actions and only conduct their actions within the contract’s scope of work. Which of the following will be conducted by the contractor?
A.Hacktivism
B.Social engineering
C.Vulnerability scanning
D.Penetration testing
D.Penetration testing
OBJ-4.1: Penetration testing is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. Penetration testers only do this with permission of the organization that owns the system, network, or web application and within the bounds of their scope of work. The person will not attempt to exploit a weakness during vulnerability scanning. Social engineering may be used as part of a penetration test, but it does not adequately describe the scenario provided. Hacktivism is when someone is hacking an organization without permission based on their own morals and values.
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA (Wi-Fi Protected Access) with pre-shared keys, but the backend authentication system supports EAP (Extensible Authentication Protocol) and TTLS (Tunneled Transport Layer Security). What should the network administrator implement?
A.WPA2 (Wi-Fi Protected Access version 2) with a complex shared key
B.MAC (Media Access Control) address filtering with IP (Internet Protocol) filter
C.PKI (Pre-Shared Key) with user authentication
D.802.1x using EAP (Extensible Authentication Protocol) with MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2)
D.802.1x using EAP (Extensible Authentication Protocol) with MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2)
OBJ-4.1: Since the backend uses a RADIUS server for back-end authentication, the network administrator can install 802.1x using EAP with MSCHAPv2 for authentication. The Extensible Authentication Protocol (EAP) is a framework in a series of protocols that allows for numerous different mechanisms of authentication, including things like simple passwords, digital certificates, and public key infrastructure. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is a password-based authentication protocol that is widely used as an authentication method in PPTP-based (Point to Point Tunneling Protocol) VPNs and can be used with EAP.
An administrator is told they need to set up space in the breakroom where employees can relax. So, the administrator sets up several televisions with interconnected video game systems in the breakroom. What type of network did the administrator set up?
A.WAN (Wide Area Network)
B.MAN (Metro Area Network aka Metro-E)
C.LAN (Local Area Network)
D.CAN (Campus Area Network; CAN-2)
C.LAN (Local Area Network)
OBJ-1.2: Since this gaming network is within one room, it is considered a LAN. A local area network (LAN) connects computers within a small and specific area geographically. A campus area network (CAN) is a computer network that spans a limited geographic area. CANs interconnect multiple local area networks (LAN) within an educational or corporate campus. A metropolitan area network (MAN) is confined to a specific town, city, or region. It covers a larger area than a LAN but a smaller area than a WAN. A wide area network (WAN) will typically cover a larger area geographically, such as a continent, a state, or a country.
You have been asked to create a network where visitors can access the Internet without disrupting the office’s own intranet. Which of the following types of networks should you create?
A.MU-MIMO (Multi-User, Multiple-Input and Multiple-Output)
B.Guest network
C.DMZ (DeMilitarized Zone)
D.Screened subnet
B.Guest network
OBJ-4.3: Guest network allows anyone to access the Internet without having the ability to disrupt the intranet. This network should be logically isolated from the corporate intranet of the office. Generally, these guest networks will directly connect to the internet with little to no security or monitoring on that network. This is a feature known as guest network isolation. A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet. A DMZ is generally used to host servers, not wireless guests or clients. A screened subnet refers to the use of one or more logical screening routers as a firewall to define three separate subnets: an external router, that separates the external network from a perimeter network, and an internal router that separates the perimeter network from the internal network. While a screened subnet could be used to isolate a guest network, it alone would not provide any wireless capability and therefore is not the best answer to this question. Multi-user MIMO is a set of multiple-input and multiple-output technologies for multipath wireless communication, in which multiple users or terminals, each radioing over one or more antennas, communicate with one another. MU-MIMO is a part of the 802.11ac wireless standards, but it alone would not isolate the wireless users from the corporate intranet.
What is used to define how much bandwidth can be used by various protocols on the network?
A.Traffic shaping
B.Fault tolerance
C.High availability
D.Load balancing
A.Traffic shaping
OBJ-2.2: Traffic shaping, also known as packet shaping, is the manipulation and prioritization of network traffic to reduce the impact of heavy users or machines from affecting other users. Traffic shaping is used to optimize or guarantee performance, improve latency, or increase usable bandwidth for some kinds of packets by delaying other kinds. High availability (HA) is a component of a technology system that eliminates single points of failure to ensure continuous operations or uptime for an extended period. Fault tolerance refers to the ability of a system (computer, network, cloud cluster, etc.) to continue operating without interruption when one or more of its components fail. Load balancing refers to the process of distributing a set of tasks over a set of resources, intending to make their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.
A network technician wants to allow HTTP (HyperText Transfer Protocol) traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACLs (Access Control List) should the technician implement?
A.PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT ANY
B.PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT 80
C.PERMIT SRCIP:192.168.0.0/24 SPORT:80 DSTIP:192.168.0.0/24 DPORT 80
D.PERMIT SRCIP 192.168.0.0/24 SPORT:ANY DSTIP:ANY DPORT 80
D.PERMIT SRCIP 192.168.0.0/24 SPORT:ANY DSTIP:ANY DPORT 80
OBJ-4.3: This will permit traffic from the internal network (192.168.0.0/24) from any port to access the external network (any IP) to port 80 (HTTP). Since this is a stateless firewall, you must include the SPORT (source port) ANY to allow the outbound connection through the firewall.
Dion Training is considering moving its headquarters and data center to Florida, but they are worried about hurricanes disrupting their business operations. To mitigate this risk, Dion Training has signed a contract with a vendor located in a different state to provide hardware, software, and the procedures necessary for the company to recover quickly in the case of a catastrophic event, like a hurricane causing a power loss for up to 10 days. As the owner, Jason is a little concerned that this contract isn’t sufficient to mitigate enough of the risk since it only provides a solution for the first 10 days. Jason wonders, “what will we do if a major outage occurs, and our offices are not able to be used for 6-12 months?” Jason has hired you to help develop Dion Training’s long-term strategy for recovering from such an event. What type of plan should you create?
A.Business continuity plan
B.Incident response plan
C.Disaster recovery plan
D.Risk management plan
A.Business continuity plan
OBJ-3.2: A business continuity plan (BCP) is a plan to help ensure that business processes can continue during a time of emergency or disaster. Such emergencies or disasters might include a fire or any other case where business cannot occur under normal conditions. A disaster recovery plan is useful (and usually a piece of the large business continuity plan), but it is insufficient for the long-term strategy which is needed to support business operations during an extended outage. The key difference between a DRP and BCP is that a DRP is focused on recovering from a disaster while a BCP is focused on maintaining operations before, during, and after the disaster. Usually, a DRP is a part of an overall BCP.
Which of the following communication types cannot be used with IPv6?
A.Anycast
B.Unicast
C.Multicast
D.Broadcast
D.Broadcast
OBJ-1.4: Broadcast only works with IPv4. Broadcast communication has one sender, but it sends the traffic to every device on the network. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only sends the signal once, which is then received by multiple hosts simultaneously. Multicast can be used with both IPv4 and IPv6. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.
Which of the following BEST describes the process of documenting everyone who has physical access or possession of evidence?
A.Legal hold
B.Secure copy protocol
C.Chain of custody
D.Financial responsibility
C.Chain of custody
OBJ-3.2: Chain of custody refers to documentation that identifies all changes in the control, handling, possession, ownership, or custody of a piece of evidence. The chain of custody is an important part of documenting the evidence collected during an incident response. A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. If a legal hold notice has been given to the backup service, they will not destroy the old backup tapes until the hold is lifted. Financial responsibility is the process of managing money and other kinds of assets in a way that is productive and works in the best interest of an organization. Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts.
Which of the following communication types is used to send a direct request from one host to a server, such as when you visit a website like diontraining.com?
A.Unicast
B.Multicast
C.Broadcast
D.Anycast
A.Unicast
OBJ-1.4: Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6. Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. Multicast can be used with both IPv4 and IPv6.
The RAID (Redundant Array of Independent Disks) controller on a server failed and was replaced with a different brand. What will be needed after the server has been rebuilt and joined to the domain?
A.Physical network diagram
B.Recent backups
C.Vendor documentation
D.Static IP (Internet Protocol) address
B.Recent backups
OBJ-3.3: If the RAID controller fails and is replaced with a RAID controller with a different brand, the RAID will break. We would have to rebuild a new RAID disk and access and restore the RAID’s most recent backup. While vendor documentation and physical documentation may be helpful, they should have been consulted before the RAID was rebuilt and added to the domain. A RAID is a type of redundant storage that is directly connected to the server using data cables, therefore you do not need an IP address for the RAID itself. If you are using a storage area network (SAN), then you may need an IP address but this is usually assigned using DHCP reservations and not a static IP address.
Which of the following network issues can be prevented by configuring the split-horizon options on your network devices?
A.Routing loops
B.Duplicate addresses
C.Network collisions
D.Large routing tables
A.Routing loops
OBJ-5.5: A split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. Split-horizon does not prevent large routing tables, duplicate addresses, or network collisions, it only works to prevent routing loops.
Your company’s wireless network was recently compromised by an attacker who utilized a brute force attack against the network’s PIN (Personal Identification Number) to gain access. Once connected to the network, the attacker modified the DNS (Domain Name System) settings on the router and spread additional malware across the entire network. Which TWO of the following configurations were most likely used to allow the attack to occur?
A.WPS (Wi-Fi Protected Setup) enabled
B.Default administrative login credentials
C.Router with outdated firmware
D.WPA2 (Wi-Fi Protected Access version 2) encryption enabled
E.TKIP (Temporal Key Integrity Protocol) encryption protocols
F.Guest network enabled
A.WPS (Wi-Fi Protected Setup) enabled
B.Default administrative login credentials
OBJ-2.4: Wireless networks that rely on a PIN to connect devices use the Wi-Fi Protected Setup (WPS). It is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS relies on an 8-digit PIN, but it is easily defeated using a brute force attack due to a poor design. Once connected to the network using the WPS PIN, the attacker may have logged into the router using the default administrative login credentials and then modified the router/gateway’s DNS. Commonly, many network administrators forget to change the default username/password of their devices, leaving an easy vulnerability for an attacker to exploit.
A technician is troubleshooting a newly installed WAP (Wireless Access Point) that is sporadically dropping connections to devices on the network. Which of the following should the technician check FIRST during troubleshooting?
A.Encryption type
B.WAP (Wireless Access Point) SSID (Secure Set IDentifier)
C.WAP placement
D.Bandwidth saturation
C.WAP placement
OBJ-5.4: For optimal network performance, the placement of the Wireless Access Point (WAP) guidelines should be taken into consideration to ensure that the building’s construction doesn’t cause interference with the wireless signals. To determine if adequate coverage and signal strength is being received in the building, you can conduct a wireless site survey. The service set identifier (SSID) is a group of wireless network devices which share a common natural language label, such as a network name. The SSID would not affect the devices and cause sporadic connection drops. Bandwidth saturation is a phenomenon that occurs when all of a circuit’s available bandwidth in a given direction is being utilized by a large upload or download which can result in high latency and performance issues. Bandwidth saturation would not cause the wireless connection to drop, though. Encryption type refers to the type of security used on a wireless network, such as WEP, WPA, WPA2, or WPA3. The security type used on a network would not cause sporadic drops of the network connection, though.
Dion Training just released a new corporate policy that dictates all access to network resources will be controlled based on the user’s job functions and tasks within the organization. For example, only people working in Human Resources can access employee records, and only the people working in finance can access customer payment histories. Which of the following security concepts is BEST described by this new policy?
A.Defense in depth
B.Zero trust
C.Least privilege
D.AUP (Acceptable Use Policy)
C.Least privilege
OBJ-4.1: Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints. Zero-trust is a security framework that requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered to protect valuable data and information. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used.
A network technician just finished configuring a new interface on a router, but the client workstations do not receive the addressing information from the new interface. Which of the following should be added or changed to allow the workstations to connect to the new interface?
A.IP (Internet Protocol) helper
B.DHCP (Dynamic Host Configuration Protocol) lease time
C.MX (Mail eXchange) record
D.TTL (Time-To-Live)
A.IP (Internet Protocol) helper
OBJ-1.6: DHCP IP Helper addresses enable a single DHCP server to provide DHCP IP addresses to every PC on the network, regardless of whether they are on the same broadcast domain as the DHCP server or not. DHCP IP Helper addresses are IP addresses configured on a routed interface such as a VLAN Interface or a routers Ethernet interface that allows that specific device to act as a “middle man” which forwards BOOTP (Broadcast) DHCP request it receives on an interface to the DHCP server specified by the IP Helper address via unicast. Adding an IP Helper address to the new interface on the router will allow the DHCP broadcast requests to be forwarded to the workstations. Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. An MX record in DNS is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic. The DHCP lease time is the amount of time a dynamic IP can be used by a client prior to requiring it to be renewed.
A network technician receives the following alert from a network device: “High utilization threshold exceeded on gi1/0/24: current value 88%” What is being monitored to trigger the alarm?
A.Disk space utilization
B.Port utilization
C.Memory utilization
D.Processor utilization
B.Port utilization
OBJ-5.5: This is an error message that indicates that the threshold of high utilization of network interface or port, in this case, interface gi1/0/24, has been exceeded. The message has been triggered on the interface link status since gi1/0 is a gigabit interface. Network devices can be configured with alarms that will send a message or alert when high utilization or low utilization past a given setpoint occurs. For example, it is common to set the high utilization setpoint to 70% and the low utilization setpoint to 30%.
Which of the following type of sites would contain little to no hardware and could take days or weeks to become ready for use during a disaster?
A.Warm site
B.Cold site
C.Cloud site
D.Hot site
B.Cold site
OBJ-3.3: A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization’s enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment.
(This is a simulated Performance-Based Question. If this was the real certification exam, you would be asked to drag-and-drop the correct encryption onto the APs.)
Your company has purchased a new building down the street for its executive suites. You have been asked to choose the best encryption for AP4 and AP5 to establish a secure wireless connection between the main building and the executive suites.
Which of the following is the BEST encryption from the options below to maximize network security between AP4 and AP5?
A.WEP (Wired Equivalent Privacy)
B.WPA2-CCMP (Wi-Fi Protected Access version 2 - Counter Mode Cipher Block Chaining Message Authentication Code Protocol)
C.Open
D.WPA (Wi-Fi Protected Access)
E.WPA2-TKIP (Wi-Fi Protected Access 2-Temporal Key Integrity Protocol)
B.WPA2-CCMP (Wi-Fi Protected Access version 2 - Counter Mode Cipher Block Chaining Message Authentication Code Protocol)
OBJ-2.4: WPA2-CCMP is the most secure option. Open provides no encryption or confidentiality. WEP is considered weak and breakable within minutes by an attacker. WPA is weak due to its TKIP implementation, and this weakness is carried over into WPA2-TKIP. Therefore, WPA2-CCMP is the most secure and provides the required level of confidentiality for this scenario. CCMP stands for Counter Mode CBC-MAC Protocol. CCMP, also known as AES CCMP, is the encryption mechanism that has replaced TKIP, and it is the security standard used with WPA2 wireless networks.
A network technician has received reports of an Internet-based application that has stopped functioning. Employees reported that after updating the Internet browsers, the application began to fail. Many users rolled back the update, but this did not correct the issue. What should the company do to reduce this type of action from causing network problems in the future?
A.Verify the update hashes match those on the vendor’s website
B.Coordinate the Internet server’s update to coincide with the users’ updates
C.Implement a disaster recovery plan with a hot site to allow users to continue working
D.Segment the network and create a test lab for all updates before deployment
D.Segment the network and create a test lab for all updates before deployment
OBJ-3.2: Segmented networks would ensure every system isn’t updated simultaneously and would be updated in groups. This is a common configuration known as “patch rings”, where smaller groups of end-users have their machines updated to minimize the number of people affected at one time. The test lab would ensure proper functionality before deployment or would allow you to work through the technical difficulties before deployment.
You have been asked to create an allow statement on the firewall’s ACL (Access Control List) to allow NTP (Network Time Protocol) traffic to pass into the network. Which port should be included in your permit statement?
A.636
B.143
C.123
D.69
C.123
OBJ-1.5: Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Trivial File Transfer Protocol (TFTP) uses port 69 and is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. The Lightweight Directory Access Protocol (LDAP) uses port 389 and is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. The encrypted version of LDAP, LDAP Secure (LDAPS) uses port 636.
An attacker has configured their machine to report itself as a switch when connected to a wired network in an attempt to exploit your enterprise network. Which of the following types of attacks is being conducted?
A.Rogue DHCP (Dynamic Host Configuration Protocol)
B.VLAN (Virtual Local Area Network) hopping
C.DNS (Domain Name System) poisoning
D.ARP (Address Resolution Protocol) spoofing
B.VLAN (Virtual Local Area Network) hopping
OBJ-4.2: VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver’s cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.
During a recent penetration test, it was discovered that your company’s wireless network could be reached from the parking lot. The Chief Security Officer has submitted a change request to your network engineering team to solve this issue because he wants to ensure that the wireless network is only accessible from within the building. Based on these requirements, which of the following settings should be changed to ensure the wireless signal doesn’t extend beyond your building’s interior while maintaining a high level of availability to your users?
A.Encryption
B.Frequency
C.Channel
D.Power level
D.Power level
OBJ-4.3: The power level should be reduced for the radio transmitter in the wireless access points. With a reduced power level, the signal will not travel as far. You can ensure the signal remains within the building’s interior only by conducting a site survey and adjusting the power levels of each wireless access point. The other options, if changed, would affect the availability of the network, and it would not dramatically affect the distance the signal travels.
You are having lunch at a local restaurant which has free Wi-Fi (Wireless Fidelity; IEEE 802.11) for its customers. There is not a captive portal and there is no password needed to connect to the network, but the restaurant has an automated method of disconnecting users after 30 minutes. As you are eating your lunch, you notice that 30 minutes have passed, but you want to reconnect to the wireless network. Which of the following techniques would allow you to reconnect?
A.Brute-force attack
B.IP (Internet Protocol) spoofing
C.Dictionary attack
D.MAC (Media Access Control) spoofing
D.MAC (Media Access Control) spoofing
OBJ-4.2: MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. Public wireless networks can be configured to use MAC filtering to block access to devices once they reach a certain time limit. It appears that after 30 minutes, the restaurant’s wireless access points are adding your MAC address to the block list. If you change your MAC address through MAC spoofing, you can reconnect to the network for another 30 minutes without any issues. Since the wireless network provides the IP address, IP spoofing would not successfully allow you to reconnect since the MAC filtering would block your access before obtaining an IP. IP spoofing is a method of modifying the source address in the packet header to make the receiving computer system think the packet is from a trusted source, such as another computer on a legitimate network, and accept it. A dictionary attack is a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file. A brute-force attack consists of an attacker submitting every possible combination for a password or pin until they crack it.
Which of the following errors would be received if an ethernet frame greater than 1518 bytes is received by a switch?
A.Run
B.Encapsulation error
C.Giant
D.CRC (Cyclic Redundancy Checksum) error
C.Giant
OBJ-3.1: A giant is any ethernet frame that exceeds the 802.3 frame size of 1518 bytes. A runt is an ethernet frame that is less than 64 bytes in size. Encapsulation is a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame. Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network.
Dion Training has just installed a web server for a new domain name. Which of the following DNS (Domain Name System) records would need to be created to allow users to reach the website using its domain name and then redirect clients to the proper IPv6 address for the server?
A.MX (Mail eXchange)
B.AAAA (indicates the IPv6 address of a given domain)
C.SOA (Start Of Authority)
D.A (indicates the IPv4 address of a given domain)
B.AAAA (indicates the IPv6 address of a given domain)
OBJ-1.6: An AAAA record associates your domain name with an IPv6 address. An A record associates your domain name with an IPv4 address. An MX record is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic. A Start of Authority (SOA) resource record indicates which Domain Name Server (DNS) is the best source of information for the specified domain.
A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password have been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all the networking devices, which of the following should the technician do to prevent the password from being sniffed on the network again?
A.Copy all configurations to routers using TFTP (Trivial File Transfer Protocol) for security
B.Only allow administrators to access routers using port 22
C.Use SNMPv1 (Simple Network Management Protocol) for all configurations involving the router
D.Ensure the password is 10 characters, containing letters and numbers
B.Only allow administrators to access routers using port 22
OBJ-4.3: Port 22 uses SSH to authenticate a remote computer or user, or in this case, an administrator. Even if the router has been compromised, the new full rights user will not access their new account without the SSH key, which could only be provided by a true administrator. Telnet uses port 23 and passes all information as unencrypted traffic on the network. Telnet should always be disabled for security reasons, and SSH (which uses encryption) should be used instead.
Your deep packet inspection firewall is dropping portions of your packet flow as it enters or leaves the network. The network is configured to use HSRP (Hot Standby Router Protocol) to load balance the network traffic across two network devices in a high availability cluster. Which of the following issues would cause your network security devices, such as your firewalls, to drop packet flows and cause intermittent network connectivity to your clients?
A.Collision
B.Broadcast storm
C.Asymmetric routing
D.Multicast flooding
C.Asymmetric routing
OBJ-5.5: Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path). Remember, asymmetric routing doesn’t cause any routing issues necessarily, but they do cause issues with dropped packet flows by our security devices like firewalls and unified threat management systems, so you need to consider this in the design of your network architectures to prevent this issue from occurring. If you don’t, then packet flow drops will occur and your clients can experience network intermittent connectivity. Multicast flooding occurs because no specific host is associated with the multicast MAC address in the content-addressable memory (CAM) table of a switch. A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment. A broadcast storm is the result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic.
Dion Training’s network technicians are about to upgrade a Cisco 3900-series router, but they first want to create a copy of the router’s configuration and IOS (Internetworking Operating System) files to serve as a backup. Which of the following tool should the technicians utilize?
A.show route
B.traceroute
C.tcpdump
D.TFTP (Trivial File Transfer Protocol) server
D.TFTP (Trivial File Transfer Protocol) server
OBJ-5.3: A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. The “show route” command is used on a Cisco networking device to display the current state of the routing table for a given network device. The traceroute command is used on Linux, Unix, and OS X devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.
A network technician has received a report that workstations are unable to gain access to the network. During the troubleshooting process, the technician discovers that the switch connecting these workstations has failed. Which of the following is the QUICKEST option to configure a replacement switch with a secure configuration?
A.Baseline
B.Syslog (System Logging)
C.Archive
D.Image
D.Image
OBJ-3.3: To image a switch, you can make a backup of the configuration and deploy it to a new/different switch. An image can contain the firmware and its configurations. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. An archive is a backup of the configurations for the network device. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.
Which of the following network devices can be used to detect and prevent an identified threat based on its signature?
A.IDS (Intrusion Detection System)
B.IPS (Intrusion Protection System)
C.Router
D.Switch
B.IPS (Intrusion Protection System)
OBJ-2.1: An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent identified threats. An Intrusion Detection System (IDS) is a network security/threat prevention technology that examines network traffic flows to detect and alert upon identified threats. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain.
Your company’s corporate headquarters provided your branch office a portion of their Class C subnet to use at a new office location. You must allocate the minimum number of addresses using CIDR (Classless Inter-Domain Routing or supernetting) notation in order to accommodate each department’s needs. What is the correct CIDR notation for the Finance department’s subnet, which requires 32 devices?
A./25
B./28
C./26
D./27
E./30
F./29
C./26
OBJ-1.4: Since the Finance department needs 32 devices plus a network ID and broadcast IP, it will require 34 IP addresses. The smallest subnet that can fit 34 IPs is a /26 (64 IPs). A /26 will borrow 2 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^6 available host IP addresses, or 64 total IP addresses. Of the 64 IP addresses, there are 62 available for clients to use, one for the network ID, and one for the broadcast address.
Your company has been asked by a local charity that supports underprivileged youth if they would help to build an internet café for their students. Because the charity doesn’t have any funding for this project, your company has decided to donate their old workstations and networking equipment to create the network. All of the workstations, routers, and switches have been tested before installation. The company has decided to reuse some old network cables to connect the computers to the switches to save money. When you arrive at the new internet cafe, you are told that everything is working except unlucky computer #13 can’t connect to the network. You attempt to plug the network cable into another computer, but then that computer cannot connect to the network. Confused, you try connecting the cable directly between two computers, and now they can communicate directly with each other. What is wrong with this cable?
A.The cable is a straight-through cable but should be a crossover cable
B.The cable is a console cable but should be a straight-through cable
C.The cable is a crossover cable but should be a straight-through cable
D.The cable is a rollover cable but should be a crossover cable
C.The cable is a crossover cable but should be a straight-through cable
OBJ-5.2: Since the cable only worked when connecting two computers directly together, it is a crossover cable. Crossover cables are used to connect two of the same devices (computer to computer, or router to router) by switching the transmit and receiving pins in the cable’s jack. Since you are trying to connect a computer to a switch, you need to have a straight-through cable instead. A rollover or console cable is used to connect a computer to a router’s console port, not a computer to a switch.