Jason Dion NET+ 008 Practice Exam #1 Flashcards

Question 1

Q

** Dion Training is adding a new screen Subnet that will host a large number of VDIs and wants to assign them a small portion of their public Class C IPv4 address space. Dion Training has been assigned a Class C scope of 187.15.3.0/24. There will be a total of 105 VDI clients that will each need an IP address assigned. What is the correct CIDR notation for the new Subnet in order to accommodate the 105 VDI clients while allocating the minimum number of addresses?

/27
/28
/25
/26

Answer

A

/25

Explanation:
To answer this question you must perform basic Subnetting Calculation (Or, remember your /CIDR to Hosts numbers.
105 Clients are needed in this Scenario, but you’ll also need an address for the Network and the Broadcast too.
This means you need 107 IP Addresses Total.

IP Addresses are assigned in multiples of 2.
1, 2, 4, 8, 16, 32, 64, 128, 256.

To symbolize a CIDR block with 128 IP Addresses, we would use 2 to the 7th which equals 128 or /25.

Question 2

Q

** Which of the following is a Security concern with using a Cloud Service Provider and could result in a data breach casued by data remnants?

On-Demand
Rapid Elasticity
Resouce Pooling
Metered Services

Answer

A

Rapid Elasticity

Explanation:
Rapid Elasticity can be a security threat to your org’s data due to data remanences. Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase it. When a cloud resource is deprovisioned and returned to the cloud service provider, it can be issued to another organization for use. If the data was not properly erased from the underlying storage, it could be exposed to the other org. For this reason, all cloud-based storage drives should be encrypted by default to prevent data remanence from being read by others.

Metered Services are Pre-Paid, A-La-Carte, Pay-Per-Use, or committed offerings.

Resource Pooling refers to the concept that allows a virtual environment to allocate memory and processing capacity for a VMs use.

On-Demand refers to the fact that a consume can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

Question 3

Q

** Which of the following describes the ID of a specific native VLAN when traffic passes over a Trunk?

It becomes the priority ID for all the VLAN traffic accross the device.
It becomes the gateway of the last resort for the Switch or Router.
It becomes the default gateway for the port or ports.
It becomes the default VLAN for untagged frames.

Answer

A

It becomes the default VLAN for untagged frames.

Explanation:
Trunk ports carry all traffic, regardless of VLAN number, between all Switches in a LAN. The VLAN designation for a Trunk port is its native or default VLAN. If the Trunk port has a native VLAN that differs from the tag placed on the frame as it entered the access port, the Switch leaves the tag on the frame and sends the tagged frame along to the next Switch or Switches. If the Trunk port’s native VLAN is the same as the access ports VLAN, then the Switch drops the tag and sends the untagged frame out of the Trunk port.

Question 4

Q

** A network technician wants to centrally manage the switches and segment the switches into separate broadcast domains. The Dion Training network is currently using VLAN 1 for all of its devices and uses a single private IP address range with a 24-bit mask. Their supervisor wants VLAN 100 to be the management subnet and all of the switches must share VLAN information. Which of the following should the technician configure to meet these requirements? (Choose Two)

Configure VTP and 802.1x on all inter-Swtich connections with Native VLAN 100
Configure VTP and 802.1q on the inter-Switch connections with Native VLAN 100
Configure STP and 802.1q on the inter-Switch connections with Native VLAN 100
Configure STP and 802.1w on the inter-Switch connections with Native VLAN 100
Configure VLSM for the IP Address range.

Answer

A

Configure VTP and 802.1q on the inter-Switch connections with Native VLAN 100
Configure VLSM for the IP Address range.

Explanation:
The 801.q standard is used to define VLAN Tagging (or Port Tagging) for Ethernet frames and the accompanying procedures to be used by Bridges and Switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN Tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it.

VLSM stands for Variable Length Subnet Mask where the subnet design uses more than one mask in the same network which means more than one mask is used for different subnets of a single class A, B, or C network.

Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard and

Rapid Reconfiguration of Spanning Tree is defined in the IEEE 802.1w standard.

The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.

Question 5

Q

** A company has just installed a VoIP system on its Network. Before the installation, all of the Switches were placed with Layer 3 Multilayer Switches to allow for the VoIP devices to be placed on separate VLANs and have the packets routed accurately between them. What type of Network segmentation technique is this an example of?

Separate Public/Private Networking
Compliance Enforcement
Honeynet Implementation
Performance Optimization

Answer

A

Performance Optimization

Explanation:
Performance Optimization can help a business improve the quality of its video and audio communications over the Internet by decreasing the size of the broadcast domain through the creation of VLANs. Each VLAN can contain the VoIP devices for a single department or business unit, and traffic is routed between the VLANs using Layer 3 Multilayer Switches to increase the performance of the voice communications systems.

Compliance Enforcement involves dividing up one Network into smaller sections to better control the flow of traffic across the Network and to restrict confidential data to a specific Network segment based on a specific regulation or contractual requirement, such as PCI DSS segmentation requirements.

Honeynet is an intentionally vulnerable Network segment that is used to observe and investigate the attack techniques of a hacker or adversary.

Separate Public/Private Networking involves segmenting the Network into two portions, public and private. This is often used in cloud architectures to protect private data.

Question 6

Q

** What is the Network ID associated with the Host located at 205.12.35.26/27?

12.35.48
12.35.16
12.35.0
12.35.32

Answer

A

205.12.35.0

Explanation:
In Classless Subnets, using variable length Subnet Mask (VLSM), the Network ID is the first IP address associated within an assigned range.
In this example, the CIDR Notation is /27, so each Subnet will contain 32 IP Addresses. This means that there are eight Networks in this Class C Range -

12.35.0
12.35.32
12.35.64
12.35.96
12.35.128
12.35.160
12.35.192
12.35.224

Since the IP address provided is 205.12.35.26, it will be in the 205.12.35.0/27 Network.

Question 7

Q

** A Network admin has determined that the ingress an egress traffic of a Router’s interface are not corectly reported to the monitoring Server. Which of the following can be used to determine if the Router interface uses 64 bit VS 32 bit counters?

Port Scanner
Packet Analyzer
Syslog Server
SNMP Walk

Answer

A

SNMP Walk

Explanation:
SNMP Walk can be used to determine if the counter is using 32 bits or 64 bits by querying the OID of the endpoint (Router Interface).

Question 8

Q

** You have recently been hired as a security analyst at Dion Training. On your First Day, your supervisor begins to explain the way their Network is configured, showing you the phyiscal and logical placement of each Firewall, IDS sensor, Host-Based IPS installations, the Networked Spam Filter, and the DMZ. What best describes how these various devices are placed into the Network for the highest level of security?

UTM
Network Segmentation
Load Balancer
Defense in Depth

Answer

A

Defense in Depth

Explanation:
Defense in Depth is the concept of layering various Network appliances and configurations to create a more secure and defensible architecture. In this scenario Dion Training appears to be using various Host-Based and Network-Based devices to ensure there are multiple security layers in the Network.

Question 9

Q

** Jason wants to use his personal cell phone for Work-Related Purposes. Because of his position, Jason has access to sensitive company data, which might be stored on his cell phone during its usage. The company is concerned about this but believes that it might be acceptable with the proper security controls in place. Which of the following should be done to protect both the company and Jason if they allow him to use his personal cell phone for work-related purposes?

Establish consent to monitoring policy so that the company can audit Jason’s cell phone usage.
Establish an AUP that allows a personal phone to be used for Work-Related purposes.
Establish an NDA that states Jason cannot share confidential data with others.
Conduct Real-Time monitoring of the phone’s activity and usage.

Answer

A

Conduct Real-Time monitoring of the phone’s activity and usage.

Explanation:
All four options are good, the BEST solution is to conduct real-time monitoring of the phone’s activity since it is a technical control that could quickly identify an issue. The other options are all administrative controls (Policies), which are useful but would not actually identify if the sensitive data was leaked from Jason’s phone.

Question 10

Q

** Which of the following provides a standard nomenclature for describing Security related software flaws?

VPC
SOX
SIEM
CVE

Answer

A

CVE

Explanation:
Common Vulnerabilities and Exposures (CVE) is an element of the Security Content Automation Protocol (SCAP) that provides a standard nomenclature for describing security flaws or vulnerabilities.

SIEM is a solution that provides a Real-Time or near-real-time analysis of Security alerts generated by Network hardware and applications.

VPC is a private Network segment made available to a single cloud consume on a public cloud.

Sarbanes-Oxley Act (SOX) dictates requirements for storing and retaining documents relating to an organizations financial and business operations, including the type of ducments stored and their retention periods.

Question 11

Q

** What is considered a Classless Routing Protocol?

STP
OSPF
RIPv1
IGRP

Answer

A

OSPF

Explanation:
OSPF (Open Shortest Path First) is known as a Classless Protocol. Classless Routing Protocols are those protocols that include the Subnet Mask information when the Routing Tables or updates are exchanged.

Other Classless Routing Protocols include:

EIGRP (Enhanced Interior Gateway Routing Protocol)
RIPv2 or newer (Routing Internet Protocol)
IS-IS (Intermediate System to Intermediate System)

RIPv1 & IGRP (Interior Gateway Routing Protocol) are NOT Classless.

STP (Spanning Tree Protocol) is NOT a Routing Protocol, this is used to prevent Swtiching Loops in Bridges and Switches.

Question 12

Q

** Which encryption type MOST likely is used for securing the key exchange during a Client-to-Server VPN connection?

Kerberos
AES
TKIP
ISAKMP

Answer

A

ISAKMP

Explanation:
ISAKMP is used in IPSec, which is commonly used in securing the Key Exchange during the establishment of a client-to-server VPN Connection.

TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for Wireless LANs (WLAN).

Kerberos is a computer Network Authentication protocol that works based on Tickets to allow Nodes communicating over a non-secure Network to prove their identiy to one another in a secure manner.

AES (Advanced Encryption Standard) is a symmetric Key Encryption and is not used for Key Exchanges.

Question 13

Q

You have been asked to select the BEST WAN connection for a new Network at Dion Training. The company has stated that they must have guaranteed throughput rate on their Internet connection at all times. Based on this requirement, what type of WAN connection should you recommend?

Dial-Up
DSL
T-1
Cable Broadband

Answer

A

T-1

Explanation:
T-1 connection provides guaranteed 1.544 Mbps of throughput.

Dial-Up, DSL, and Cable Broadband do NOT provide a guaranteed throughput rate. Instead, these services provide a variable throughput rate based on Network conditions and demand in the area of your business.

Question 14

Q

You need to connect your laptop to a Router in order to add a static route. What type of cable would you use to connect to the Router’s Console port?

RG-6
Crossover
Rollover
Straight-Through

Answer

A

Rollover

Explanation:
Typically a Router or Switch’s Console Port is connected using a Rollover Cable, which has an RS-232 or DB-9 Port on one side of an RJ-45 on the other side.

RG-6 cable is a Coaxial Cable used to connect to a cable Modem or Television.

Ethernet Crossover Cable is a Network Cable used to connect two Ethernet Network devices directly.

Straight-Through is a type of twisted pair cable that is used in LAN to connect a computer to a Network Switch.

Question 15

Q

A technician is setting up a new Network and wants to create redundant paths through the Network. Which of the following should be implemented to prevent performance degredation within the Network?

ARP inspection
Spanning Tree
Port Mirroring
VLAN

Answer

A

Spanning Tree

Explanation:
Question Key Word: “…redundant paths”

STP (Spanning Tree Protocol) is a Network Protocol that builds a logical loop-free Topology for Ethernet Networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. If you have REDUNDANT links set up, it is important to utilize STP to prevent loops within the Network. If a loop occurs, the performance of the entire Network can be degraded due to Broadcast Storms.

Port Mirroing is used on a Network Switch to send a copy of Network packets seen on one Switch port to a Networking monitoring connection on another Switch port.

ARP Inspection or Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a Network. DAI allows a Network admin to intercept, log, and discard ARP packets with invalid MAC address to IP Address bindings.

VLAN (Virtual Local Area Network) is any Broadcast Domain that is partitioned and isolated in a computer Network at the Data Link Layer (OSI Layer 2).

Port Mirroring, ARP Inspection, and VLANs do NOT add any REDUNDANCY to the Network.

Question 16

Q

John is investigating a performance issue on a Server and has begun by gathering its utilization statistics. John notices that the statistics are outside of the normal, acceptable ranges. What should John do next?

Conduct a Baseline Review
Conduct a Port Scan
Archive the Logs
Conduct a Vulnerability Scan

Answer

A

Conduct a Baseline Review

Explanation:
Question Verbiage: I interpreted the question as if he already is using a Baseline and conducting a Baseline Review. But I think they key to the question is implying that he’s looking at the CURRENT baseline and needs to review it with previous Baselines based on the Explanation.

John should conduct a Baseline Review to compare the statistics he collected against the previous baseline. He can then use this information further to investigate the drop in the Server’s performance. A Baseline is a process for styding the Network at regular intervals to ensure that the Network is working as designed.

Question 17

Q

You are working as part of a network installation team. Your team has been asked to install Cat 5e cabling to some new offices on the building’s second floor. Currently, the office only has one network closet, which is located on the first floor. Your team spent the morning running 24 new CAT 5e cables from a patch panel in the networking closet on the first floor to a new networking closet you are outfitting on the second floor. Your team terminated these cables in a new patch panel in the 2nd-floor closet. You measured the distance from the switch in the 1st-floor closet to the new 2nd-floor patch panel and determined it was 80 meters. The team then ran cables from this patch panel to each of the new offices. Some of the offices are working properly, but others are not. You suspect that some of the cable runs are exceeding the maximum length allowed by Cat 5e cabling. What is the BEST solution to this problem?

Install a Hub in the second-floor Networking closet to increase the Signal.
Install a Repeater between the Patch Panel and each office.
Install a small Switch in each office to increase the Signal.
Install a Switch in the second-floor Networking closet to increase the Signal.

Answer

A

Install a Switch in the second-floor Networking closet to increase the Signal.

Explanation:
While a Repeater may be a good option here, a Swtich is more effective in this case since there are so many cables, and Repeaters usually only work for an individual cable.

A Hub would similarly work but would introduce a signal collision domain for all 24 computers. This would drastically decrease the perfomance of the Network.

We wouldn’t want to introduce a Switch in each office, as this is a bad security practice and an inefficient use of resources. Easier to manage and administer a single, centralized Switch in the Network Closet.

Question 18

Q

Which of the following protocols must be implemented for two Switches to share VLAN information?

MPLS
PPTP
STP
VTP

Answer

A

VTP

Explanation:
VTP (VLAN Trunking Protocol) allows a VLAN created on one Switch to be propagated to other Switches in a group of Switches in a VTP domain.

STP (Spanning Tree Protocol) is a Layer 2 protocol that runs on Bridges and Switches to ensure that you do not create loops when you have redundant paths in your Network.

MPLS (MultiProtocol Label Switching) is a routing technique in telecommunications Networks that directs data from one node to the next based on short path labels rather than long Network Addresses, thus avoiding complex lookups in a Routing Table and speeding traffic flows.

PPTP (Point-to-Point Tunneling Protocol) is an obsolete method for implenting Virtual Private Networks (VPN).

MPLS, STP, PPTP are NOT used to share VLAN information like VTP and the 802.1q standards do.

Question 19

Q

A tech is attempting to resolve an issue with users on the Network who cannot access websites like DionTraining.com and Google.com. The tech can ping their Default Gateway, DNS Servers, and the website using its IP Address successfully. The tech tries to use the command “ping diontraining.com” and receives an error message stating “Ping result could not find host diontraining.com.” Which of the following actions should the tech attempt NEXT to resolve this issue?

Use NSLOOKUP to resolve the URLs manually.
Ensure PORT 53 is enabled on the Firewall.
Ensure ICMP messages transit through the Firewall.
Update the HOST file with the URL and IP for the websites.

Answer

A

Ensure PORT 53 is enabled on the Firewall.

Explanation:
Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. When a client wants to access a website, it will make a request to the DNS server over port 53 to translate the domain name to its corresponding IP address. Since the technician is only able to access the servers using their IP addresses, this validates that the connectivity is functioning correctly but the DNS process is failing. The most likely reason for this is that port 53 is blocked at the firewall and is preventing the client from sending their requests to the DNS server.

NSLOOKUP command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The nslookup command will still need to communicate with a DNS server over port 53, though, to perform these lookups.

The ping command is used to test whether a given target is reachable across an IP network by sending an ICMP Echo Request packet and receiving an ICMP Echo Reply. Since the technician successfully used ping to communicate with the server using their IP addresses, this indicates that ICMP is not blocked by the firewall.

The HOST file is a text file containing domain names and IP addresses. The HOST file works like a local DNS lookup, but the technician would have to enter the domain name and IP for every website a user might want to access, making this an unacceptable option to solve this issue for the long term.

Question 20

Q

You have just finished installing a small Network consisting of a Router, a Firewall, and a single Computer. The computer is connected to the Firewall and the Firewall is connected to the Router. What type of physical Network topology have you created in this scenario?

Mesh
Bus
Ring
Star

Answer

A

Bus

Explanation:
This network would resemble a physical BUS Network Topology because the Router connects directly to the Firewall, and the Firewall connects directly to the Computer. This would form a single line (or BUS) from one device to the next. A BUS topology uses a single cable that connects all the included nodes and the main cable acts as the backbone for the entire Network.

Ring topology connects every device to exactly two other neighboring devices to form a “circle”. Messages in a Ring topology travel in one direction and usually rely on a token to control the flow of information.

Star topology connects all of the other nodes to a central node, usually a Switch or a Hub. Star topology is the most popular Network topology in use on LANs.

Mesh topology connects every node directly to every other node. This creates a highly efficient and redundant Network, but it is expensive to build and maintain.

Question 21

Q

There are two Switches connected using both a CAT 6 cable and a CAT5e cable. Which type of problem might occur with this setup?

Auto-sensing Ports
Switching Loop
Missing Route
Improper Cable Types

Answer

A

Switching Loop

Explanation:
Switching Loop is when there is more than one Layer 2 path exists between two endpoints. This can be prevented by using the STP (Spanning Tree Protocol = 802.1D).

CAT 6 and CAT5e are compatible with each other and can both operate at speeds up to 1000 Mbps (1 Gbps), so it is not an improper cable type issue.

Auto-Sensing Ports refers to a feature found in Network Adapters that allows them to automatically recognize the current local Network’s speed and adjust its own setting accordingly. This would not be an issue since the Switch can detect the appropriate speed to use with the CAT 6 and CAT5e cables.

Routes are used at Layer 3, but Switches are Layer 2 Devices. Therefore, Swtiches do not need to use a Route to pass traffic between each other.

Question 22

Q

A Network tech at a warehouse must implement a solution that will allow a company to track shipments as they enter and leave the facility. The warehouse workers must scan and concurrently upload large images of items to a centralized server. Which of the following technologies should they utilize to meet these requirements?

RFID
WIFI
NFC
Bluetooth

Answer

A

WIFI

Explanation:
Question Key Words = “…upload large images of items to a centralized server”
802.11ac WIFI is a very fast high-speed WIFI Network capable of 1 Gbps speeds over 5 GHz spectrum and is perfect for uploading large image files quickly over a Wireless Local Area Network.

RFID (Radio Frequency Identification) uses electromagnetic fields to automatically identify and track tags attached to objects. The warehouse might want to also use RFID to allow for the accurate scanning of items using RFID Tags, RFID can’t upload large images of the items to a centralized server since it is limited to 2 KB of data per RFID tag.

Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves.

NFC (Near Field Communication) is a set of communication protocols for communication between two electric devices over a distance of 4 cm or less.

Question 23

Q

Which of the following policies or plans would dictate how an organization would respond to an unplanned outage of their primary internet connection?

Business Continuity Plan
Disaster Recovery Plan
Incident Response Plan
System Life Cycle Plan

Answer

A

Business Continuity Plan

Explanation:
Business Continuity Plan is a document that outlines how a business will continue operating during an unplanned service disuption. It is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human capital and business partners, and essentially every other aspect of the business that might be affected.

Disaster Recovery plan is a document, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like Natural Disasters, Power Outages, Cyber Attacks, and other disruptive events.

Incident Response Plan contains a set of instructions to help our Network and System admins detect, respond to, and recover from Network Security incidents. These types of plans address issues like Cybercrime, data loss, and Service Outtages that threaten daily work.

Question 24

Q

Which of the following features is supported by Kerberos but not by RADIUS?

Services for Authentication
XML for cross-platform interoperability
Single Sign-On Capability
Tickets used to identify Authenticated Users

Answer

A

Tickets used to identify Authenticated Users

Explanation:
Kerberos is ALL ABOUT Tickets. Kerberos uses a system of Tickets to allow nodes to communicate over a non-secure Network and securely prove their identity. Kerberos is a computer Network Authentication protocol that works based on Tickets to allow nodes communicating over a non-secure Network to prove their identity to one another in a secure mananger. Kerberos is used in Windows Active Directory domains for authentication.

RADIUS (Remote Authentication Dial-In User Service) is used to manage remote and wireless Authentication Infrstructure. Users supply Authentication information to RADIUS Client devices, such as a Wireless Access Point. The Client device then passes the Authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the Request. – DOES NOT USE TICKETS.

Question 25

Q

Which of the following Network performance metrics is used to represent variable delay experienced by a client when receiving packets from a sender?

Latency
Bandwidth
Jitter
Throughput

Answer

A

Jitter

Explanation:
Jitter = is a Network condition that occurs when a time delay in the sending of data packets over a Network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your Networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients.

Latency = is the measure of time that it takes for data to reach its destination across a Network. Usually, we measure Network Latency as the round-trip time from a workstation to the distant end and back.

Throughput = is an actual measure of how much data is successfully transferred across a given Network.

Bandwidth = is the max rate of data transfer across a given Network.

Question 26

Q

Last night, your company’s system administrators conducted a Server upgrade. This morning, several users are having issues accessing the company’s shared drive on the Network. You have been asked to troubleshoot the problem. What document should you look at FIRST to create a probable theory for the cause of the issue?

Release Notes from the Server Software
Physical Network Diagram
Change Management Documentation
Cable Management Plan

Answer

A

Change Management Documentation

Explanation:
Since everything worked before the Server Upgrade and doesn’t now, it would be a good idea to FIRST look at the CHange Management Documentation that authorized the Change/Upgrade. This should include the specific details of what was changed and what things may have been affected by the change. This is the best place to start when determining what changed since yesterday. Change Management is a systemic approach to dealing with the transition or transformation of an organization’s goals, processes, or technologies.

Question 27

Q

A network administrator is tasked with building a wireless network in a new building located next door to your company’s office building. The wireless clients should not be able to communicate with other wireless clients but should be able to communicate with any wired users on the network. The users must be able to seamlessly migrate between the buildings while maintaining a constant connection to the LAN. How should the administrator configure the new wireless network in this new building?

Use different SSIDs on the same channels with VLANs.
Use the same SSIDs on different channels and AP isolation.
Use different SSIDs on different channels and VLANs.
Use the same SSIDs on the same channels with AP isolation.

Answer

A

Use the same SSIDs on different channels with AP isolation.

Explanation:
For users to be able to seamlessly migrate between the two bulidings, both Access Points (AP) must use the same SSIDs.
To prevent frequency interference though, each device needs to select a different and non-overlapping channel to utilize.
Finally, the AP isolation should be enabled. AP isolation is a technique for preventing mobile devices connected to an AP from communicating directly with each other.

Question 28

Q

Which of the following levels would an alert condition generate?

2
0
3
1

Answer

A

1

Explanation:
The severity levels range from 0 to 7, with 0 being the most severe and seven being the least severe.

Level 0 is used for an Emergency and is considered the most sever condition because the system has become unstable.
Level 1 is used for an Alert Condition and means that there is a condition that should be corrected immediately.
Level 2 is used for a Critical Condition, and it means that there is a failure in the system’s primary application and it requires immediate attention.
Level 3 is used for an Error Condition, and means that something is happening to the system that is preventing the proper function.
Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon.
Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions.
Level 6 is used for information conditions and it is a normal operating message that requires NO ACTION.
Level 7 is used for debugging conditions and is just information that is useful to devs as they are debugging their Networks and Apps.

Question 29

Q

Your physical security manager, Janice, wants to ensure that she can detect any unauthorized access to the data center. Which technology should be used to meet her requirement?

Biometric Access
Access Badge Reader
Smart Card
Video Surveillance

Answer

A

Video Surveillance

Explanation:
If she were trying to prevent access from occuring, the other three options would provide that. Still, they cannot detect unauthorized access in the event that an attacker stole a valid Smart Card or Access Badge.

A Biometric Lock is any lock that can be activated by biometric features, such as fingerprint, voiceprint, or retina scan. Biometric locks make it more difficult for someone to counterfeit the key used to open the lock or a user’s account.

Smart Card, Chip Card, PIV Card, or Integrated Circuit Card is a physical, electronic authorization device used to control access to a resource. It is typically a plastic credit card sized card with an embedded integrated circuit chip.

Question 30

Q

Nathan has just purchased a domain name and created an A Record to bind his domain name to an IP address. Which of the following tools should he use to verify the record was created propertly?

dig
ipconfig
arp
tcpdump

Answer

A

dig

Explanation:
DIG = command is used to query the Domain Name SYstem (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information.

ARP = command is used to view and modify the local Address Resolution Protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the Network.

TCPDUMP = is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (PCAP) file.

IPCONFIG = is used on Windows Devices to display the current TCP/IP Network configuration and refresh the DHCP and DNS settings on a given host.

Question 31

Q

Which of the following types of telecommunication links is used to provide high-speed internet service over a traditional phone line?

DSL
Satellite
Leased Line
Cable

Question 32

Q

A client reports that half of the office is unable to access a shared printer on the Network. Which of the following should the Network tech use to troubleshoot the issue?

Network Diagrams
Vendor Documentation
Data Backups
Baseline Information

Answer

A

Network Diagrams

Question 33

Q

Which of the following remote acces sprotocols should you use to connect to a Windows 2019 Server and control it with your mouse and keyboard from your workstation?

RDP
VNC
SSH
Telnet

Answer

A

RDP (Remote Desktop Protocol)

Explanation:
RDP (remote desktop protocol) is a Windows feature that allows a remote user to initiate a connection at any time and sign on to the local machine using an authorized account. This connection allows a Windows administrator to see and control what is on a remote computer’s screen. RDP authentication and session data are always encrypted. This means that a malicious user with access to the same network cannot intercept credentials or interfere or capture anything transmitted during the session.

Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system.

Telnet uses port 23 to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection but sends its data in plaintext making it an insecure protocol.

Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it.

Question 34

Q

Which of the following weaknesses exist in WPS-enabled wireless Networks?

Brute Force occurs within 11,000 combinations.
Utilizes a 24-bit initialization vector.
Utilizes TKIP to secure the authentication handshake.
Utilizes a 40-bit encryption key

Answer

A

Brute Force occurs within 11,000 combinations.

Explanation:
The most prominent attack against WPS0-enabled wireless networks involves brute-forcing the 8-digit PIN that client uses to enroll their devices without knowing the pre-shared key. WPS checks each half of the PIN individually, reducing the number of possible combinations from a maximum of 100,000,000 to only 11,000. This only takes a few minutes to crack on most modern computers, as long as the WAP doesn’t have a lockout after a certain number of failures. The lockout mechanism may also be triggered based on the client’s MAC, so you can often spoof MAC to bypass this defense.

Question 35

Q

What describes an IPv6 address of ::1?

Public
Broadcast
Multicast
Loopback

Question 36

Q

Which of the following IEEE Specifications describes the use of Power over Ethernet (PoE)?

1x
1d
3ad
3af

Answer

A

802.3af

Explanation:
PoE = 802.3af

STP (Spanning Tree Protocol) = 802.1d

LACP (Link Aggregation Control Protocol) = 802.3ad

Network Authentication Protocol = 802.1x (RADIUS/Enterprise/Port-Based Network Access Control (PNAC))

Question 37

Q

A network technician has just installed a new point-to-point 200-meter single-mode fiber link between two local routers within the Dion Training offices. The fiber has been connected to each router, but the interface fails to come up. The network technician has double-checked the interface configuration on both routers, both SFPs have been hard looped to confirm they are functioning, connectors on both ends of the links have been cleaned, and there is sufficient power. What is the MOST likely cause of the problem?

Distance Limitations
Wrong IP Address
Wavelength Mismatch
Duplex Mismatch

Answer

A

Wavelength Mismatch

Explanation:
Wavelength Mismatch occurs when two different transceivers are used at each end of the cable. For example, if one SFP uses a 1310nm transceiver and the other end uses a 850 nm transceiver, they will be unable to communicate properly and the link will remain down.

Duplex Mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half-duplex while the other one operates in full-duplex. The effect of a duplex mismatch is a link that operates inefficiently.

All networking cables have a limited supported distance. For example, copper cables must be less than 100 meters. Single-mode fiber cables can be up to 40 kilometers, therefore the issue is not a distance limitation in this scenario.

The link is established before an IP address is assigned by DHCP. In this scenario, the link is not being established, therefore it cannot be a wrong IP address being assigned to the interfaces.

Question 38

Q

Which of the following is a logical host on the Network that is configured with known vulnerabilities so that an attacker’s techniques can be studied in order to improve your Network defenses?

Honeypot
Virtual Terminal
Botnet
CVE

Answer

A

Honeypot

Acronym:
CVE = Common Vulnerabilities and Exposures

Question 39

Q

You have just moved into a new apartment in a large building. Your wireless network is acting strangely, so you are worried that it may be due to interference from the numerous other wireless networks in each of the other apartments in this building. You want to determine what wireless signals are within the walls of your apartment and their relative strength. What technique should you utilize to determine whether the nearby wireless networks are causing interference with your own Wi-Fi network?

Perform a Site Survey
Perform a Port Scan
Perform a Bandwidth SPeed Test
Perform a Packet Capture

Answer

A

Perform a Site Survey

Question 40

Q

Which type of threat actor can accidently or inadvertently cause a security incident in your organization?

APT
Organized Crime
Insider Threat
Hactivist

Answer

A

Insider Threat

Acronym:
APT = Advanced Persistent Threat is a type of threat actor that can obtain, maintain, and diversify access to Network systems using exploits and malware.

Question 41

Q

What device is used to configure various hypervisor guests to use different VLANs in the same virtualization environment?

Virtual Router
NIC Teaming
Virtual Switch
Virtual Firewall

Answer

A

Virtual Switch

Question 42

Q

Which of the following should be implemented to allow Wireless Networks access for clients in the lobby using a shared password as the Key?

Geofencing
IPsec
Firewall
WPA2

Answer

A

WPA2 (WIFI Protected Access v2)

Question 43

Q

What would be used in an IP-based video conferencing deployment?

RS-232
56k Modem
CODEC
NFC

Answer

A

CODEC

Explanation:
The term “codec” is a concatenation of “encoder” and “decoder.” In video conferencing, a codec is a software (or can be hardware) that compresses (encodes) raw video data before it is transmitted over a network. Generally, audio/video conferencing systems utilize the H.323 protocol with various codecs like H.263 and H.264 to operate.

A 56k modem is a legacy device, also called a dial-up modem. These devices are too slow to allow an IP-based video conferencing system deployment.

RS-232 is a standard protocol used for serial communication, and is too slow to support IP-based video conferencing systems.

Near Field Communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 4cm or less to initiate a connection. NFC is not used with IP-based video conferencing systems.

Question 44

Q

Which of the following policies or plans would dictate which type of Virtual Private Network (VPN) connections will be authorized for use by an organization’s employees?

Acceptable Use Policy
Remote Access Policy
Password Policy
Data Loss Prevention Policy

Answer

A

Remote Access Policy

Explanation:
Remote Access Policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network.

Password Policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords.

Acceptable Use Policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used.

Data Loss Prevention Policy is a document that defines how organizations can share and protect data. It guides how data can be used in decision-making without it being exposed to anyone who should not have access to it. The goal of a data loss prevention policy is to minimize accidental or malicious data loss.

Question 45

Q

In which type of non-technical attack does an attacker attempt to trick a user into providing sensitive information?

Evil Twin
On-Path
Bluesnarfing
Social Engineering

Answer

A

Social Engineering

Question 46

Q

You are troubleshooting a network connectivity issue for clients on the Dion Training corporate network. You have identified a rogue DHCP server connected to the network by one of the employees. Which of the following symptoms would most likely be observed due to this rogue DHCP server operating on the network?

Duplicate MAC Addresses
Collisions
Multicast Flooding
Duplicate IP Addresses

Answer

A

Duplicate IP Addresses

Question 47

Q

An analyst reviews a triple-homed firewall configuration that connects to the internet, a private network, and one other network. Which of the following would best describe the third network connected to this firewall?

Staging Environment
Availability Zone
Screened Subnet
Data Zone

Answer

A

Screened Subnet

Question 48

Q

Your company has decided to begin moving some of its data into the cloud. Currently, your company’s network consists of both on-premise storage and some cloud-based storage. Which of the following types of clouds is your company currently using?

Hybrid
Private
Public
Community

Question 49

Q

Which of the following needs to be configured to allow Jumbo Frames on a Network?

IPS
MIB
MTU
MAC

Answer

A

MTU (Maximum Transmission Unit)

Explanation:
MTU is the largest unit that can be transmitted across a network. If the MTU is set at a value above 1500, the network is configured to support jumbo frames.

A media access control address is a unique identifier assigned to a network interface controller for use as a network address in communications within a network segment.

Management information base (MIB) is a collection of definitions which define the properties of the managed object within the device to be managed (such as a router, switch, etc.).

An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats.

Question 50

Q

Which of the following policies or plans would dictate the complexity requirements for a Wireless Network’s shared secret Key?

Acceptable Use Policy
Remote Access Policy
Password Policy
Data Loss Prevention Policy

Answer

A

Password Policy

Question 51

Q

The corporate Network uses a centralized server to manage credentials for all of its Network devices. What type of server is MOST Likely being used in this configuration?

DNS
RADIUS
FTP
Kerberos

Answer

A

RADIUS

Explanation:
RADIUS is used to manage credentials for network devices centrally. Remote Authentication Dial-In User Service is a networking protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service.

TACACS+ is an older username and login system that uses authentication to determine access, while RADIUS combines authorization AND authentication. For this question, either RADIUS or TACACS would be an acceptable answer.

Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos is used in Windows Active Directory domains for authentication.

The domain name system (DNS) protocol is the protocol used to provide names for an IP address based on their mappings in a database using TCP/UDP port 53.

The file transfer protocol (FTP) is the protocol used to transfer files across the internet over ports 20 and 21.

Question 52

Q

Dion Training wants to purchase an email marketing solution to better communicate with their students. A promising new startup has a new offering to provide access to their product from a central location rather than requiring Dion Training to host the product on their internal network. Dion Training wants to ensure that their sensitive corporate information is not accessible by any startup’s other clients. Which type of cloud server should Dion Training look to purchase to meet these needs?

Public SaaS
Community IaaS
Hybrid IaaS
Private SaaS

Answer

A

Private SaaS

Explanation:
SaaS (Software as a Service) is a cloud model whereby a service provider provides a software service and makes the service available to customers over the Internet. Examples of SaaS solutions include Microsoft Office 365, Microsoft Exchange Online, and Google Docs.

Because of the concerns with sensitive corporate information being processed by the SaaS, Dion Training should ensure a Private SaaS is chosen. A private cloud is a particular model of cloud computing that involves a distinct and secure cloud-based environment in which only the specified client (Dion Training in this case) can operate.

A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume.

A community cloud is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally.

A hybrid cloud uses a mix of on-premises, private cloud, and third-party, public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud.

Question 53

Q

Timothy, a network technician, receives a phone call from an end-user who states their laptop cannot connect to the corporate wireless network. Which of the following should the technician do FIRST according to the troubleshooting methodology?

Implement the Solution
Verify full system functionality
Establish a plan of action
Identify the Problem

Answer

A

Identify the Problem

Explanation:
The troubleshooting steps are to
(1) Identify the problem,
(2) Establish a theory of probable cause,
(3) Test the theory to determine the cause,
(4) Establish a plan of action to resolve the problem and identify potential effects,
(5) Implement the solution or escalate as necessary,
(6) Verify full system functionality and if applicable implement preventative measures, and
(7) Document findings, actions, outcomes, and lessons learned.

At this point, the technician does not have enough information to clearly identify the problem. The technician should continue to identify the problem by gathering information, questioning the user, identifying the symptoms, determining if anything has changed, and attempting to duplicate the problem to verify the issue. Once the problem is clearly identified, the technician will establish a theory of probable cause and continue their troubleshooting efforts.

Question 54

Q

You are a network administrator troubleshooting an issue with a newly installed web server. The web server is available to internal network users, but users outside the internal network (Internet users) cannot reach the server. You run an IPCONFIG and receive the configuration below:

(** Dion suggests knowing this because it involves a Simulated PBQ on the NET+ 008 Exam**)

IP: 192.168.0.10
NETMASK: 255.255.254.0
GATEWAY: 192.168.0.2
DNS: 10.10.0.255

NAT has not been configured on the border Firewall
The gateway IP has been misconfigured.
The configured DNS server is not reachable by the Webserver.
The Layer 3 Switch port connecting the Webserver is blocking port 80

Answer

A

NAT has not been configured on the border Firewall

Explanation:
The most likely cause is that the NAT has not been properly configured on the border firewall. This would cause the internal network users to access the web servers still (since internal traffic doesn’t have to transit the firewall), but would still prevent Internet users from accessing the webserver.

The subnet mask provided of 255.255.254.0 represents a /23 CIDR network, therefore the IP and the gateway are on the same subnet and the gateway is not the issue.

The layer 3 switch cannot be the issue either, because if it blocked port 80 then the internal users would have been blocked, too.

The web server does not need to access the DNS server, since the webserver is the target being accessed and not the system initiating the connection.

Question 55

Q

Which of the following protocols are designed to avoid loops on a Layer 2 Network?

RIPv2
802.1d
OSPF
802.1q

Answer

A

802.1d

Explanation:

1d = Spanning Tree Protocol (STP)
1q = VLANs

RIPv2 is a distance-vector Routing Protocol for local and WAN, and does not prevent or avoid loops by default.
OSPF is Open Shortest Path First, is a Layer 3 Link-State Routing Protocol that was developed for IP Networks based on Shortest Path First.
RIP and OSPF rely on Split Horizon and Route Poisoning to avoid Layer 3 Loops.

Question 56

Q

Which media access control technology will listen to a cable to ensure there is no traffic being transmitted before sending its traffic but will implement a back-off timer if a collision does occur?

Demand Priority
CSMA/CA
CSMA/CD
Token

Answer

A

CSMA/CD (Carrier Sense Multiple Access with Collision Detection)

Question 57

Q

What ports do SMTP and SNMP utilize?

(** Dion suggests that this is a simulated PBQ drag and drop where you will be required to MATCH Ports with the Protocols. Know your Ports/Protocols for the NET+ 008 Exam!!**)

161, 443
445, 3389
23, 25
25, 161

Answer

A

25, 161

Explanation:
SMTP = 25 (Simple Mail Transfer Protocol) Server to Server Email
SNMP = 161/162 (Simple Network Management Protocol)
Telnet = 23
SMB = 445 (Server Message Block)
RDP = 3389 (Remote Desktop Protocol)
HTTPS = 443 (Hypertext Transfer Protocol via SSL/TLS)

Question 58

Q

Your boss is looking for a recommendation for a cloud solution that will only allow your company’s employees to use the service while preventing anyone else from accessing it. What type of cloud model would you recommend to ensure the contents are best secured from those outside your company?

Community Cloud
Public Cloud
Private Cloud
Hybrid Cloud

Answer

A

Private Cloud

Question 59

Q

Today, your company’s network started to experience network connectivity issues for various workstations around the company. As you begin troubleshooting, you identify that all the workstations receive their connectivity from a single switch on the 3rd floor of the office building. You start searching the 3rd floor for the cause of this issue and find a small wired router plugged into a network jack in the sales manager’s office. From this small wired router, he has connected his workstation and a small Smart TV to watch Netflix while working. You question the sales manager about when he brought in the new router. He states that he just hooked it up this morning. What type of issue did the sales manager accidentally introduced into the network by installing the router?

Switching Loop
Rogue DHCP Server
Evil Twin
VLAN Mismatch

Answer

A

Rogue DHCP Server

Question 60

Q

Tim, a network administrator, is configuring a test lab that consists of three routers using RIP for dynamic routing. He connects the routers in a full mesh topology. When he attempts to ping Router 1 from Router 3 using its IP address, he receives a “Destination Unreachable” error message. Which of the following is the most likely reason for the connectivity error?

Denial of Service Attack
Improper DNS Settings
Split-Horizon is Misconfigured
RADIUS Authentication Errors

Answer

A

Split-Horizon is Misconfigured

Explanation:
Split horizon is a method used by distance vector protocols to prevent network routing loops. With split horizon, if a router receives routing information from another router, the first router will not broadcast that information back to the second router, thus preventing routing loops from occurring. If it is misconfigured, the routers could suffer a routing loop which would produce the error message received when trying to communicate with each other.

The other options would not cause a communication error between the three internal routers when testing the connectivity using their IP addresses.

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.

The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network and maps a domain name to an IP address.

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Question 61

Q

Dion Training has a single switch that services every room within its offices. The switch contains 48 ports, but Jason wants to divide the ports based on functional areas, such as web development, instruction support, and administration. Which technology should Jason utilize to divide the physical switch into three logically divided areas?

VPN
VLAN
DSL
NAT

Answer

A

VLAN (Virtual Local Area Network)

Question 62

Q

You are working as a service desk analyst. This morning, you have received multiple calls from users reporting that they cannot access websites from their work computers. You decide to troubleshoot the issue by opening up your command prompt on your Windows machine and running a program to determine where the network connectivity outage is occurring. This tool tests the end-to-end connection and reports on each hop found in the connection. Which tool should you use to determine if the issue is on the intranet portion of your corporate network or if it is occurring due to a problem with your ISP?

nslookup
ping
tracert
netstat

Answer

A

tracert

Explanation:
Tracert is a command-line utility used to trace an IP packet’s path as it moves from its source to its destination. While using ping will tell you if the remote website is reachable or not, it will not tell you where the connection is broken. Tracert performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help to identify if the connectivity issue lies within your intranet or is a problem with the ISP’s connection.

The nslookup tool is used to troubleshoot DNS issues.

The netstat tool is used to display network statistics and active connections.

The ping tool is used to test an end-to-end connection, but it will not provide any data on the hops found in the connection.

Question 63

Q

Dion Training has configured a new web server and connected it to their screened subnet. A network technician wants to ensure the server is properly hardened and that it only allows inbound HTTPS requests while blocking any HTTP requests. Which of the following tools should the technician utilize?

nslookup
NetFlow Analyzer
Port Scanner
IP Scanner

Answer

A

Port Scanner

Explanation:
A port scanner is used to determine which ports and services are open and available for communication on a target system. The port scanner will scan the server and display any open ports. If the technician finds that port 443 (HTTPS) is open and all other ports are closed, then they know the server has been properly hardened.

A NetFlow analyzer is used to perform monitoring, troubleshooting, inspection, interpretation, and synthesis of network traffic flow data.

An IP scanner is used to monitor a network’s IP address space in real-time and identify any devices connected to the network.

The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode.

Question 64

Q

A company owns four kiosks that are near a shopping center. The owner is concerned about someone accessing the Internet via the kiosk’s wireless network. What should be implemented to provide wireless access only to the employees working at the kiosk?

Firewall
Host-Based Antivirus
Web Filtering
MAC Filtering

Answer

A

MAC Filtering

Answer 62

A

Hot Sites or Cold Sites

Explanation:
Question Key Words: “…catastrophic disaster such as a Fire, Tornado, or Earthquake”
Which indicates that the site impacted by these catastrophic disasters would be total damaged and unusable, which implies that it would have to be a solution provided off site, or all together an alternate Site which goes to the uses of Hot, Warm, Cold Sites.

Generators, Fire Supression and UPS/Battery Backups do nothing against catastrophic diasters such as Tornado/Earthquakes.

Answer 63

A

Coaxial to Fiber

Explanation:
Question Key Words: “…RG-6 cable to the existing singlemode cable…”
Singlemode = Fiber
RG-6 = Coaxial

Answer 64

A

APIPA (Automatic Private IP Addressing)

Answer 65

A

PTR

Explanation:
DNS Record Types to know:
- A = Maps a host name to an IPv4 Address
- AAAA = Maps a host name to an IPv6 Address
- CNAME = Maps an Additional host name to an existing host Record
- PTR = are used for Reverse DNS Lookups
- MX = maps a mail server name to a domain
- SVR = specifies location data, IE: port numbers for specified services.
- TXT = provides the ability to associate other services, sometimes your mail service, to your domain
- SOA = stores important information about the DNS zone for your domain, each zone must have an SOA record

DHCP = Dynamic Host Configuration Protocol, NOT a DNS Record type.
LDAP = Lightweight Directory Access Protocol, NOT a DNS Record type.
TTL = Time To Live, NOT a DNS Record type.

Answer 66

A

The bend radius of the cable has been exceeded.

Explanation:
The most likely explanation for this issue is the coiled up the excess cable was wound too tightly and exceeded the bend radius for the cable. Bend radius is the measure of how sharply a cable can safely bend without causing damage by creating micro cracks on the glass fibers. By tightly coiling the cable, the cable may have broken or cracked the fiber connected to the transmit portion of the SFP.

It is unlikely that the SFP failed since only the transmit portion is registering as weak.

If you used the wrong type of cable (MTRJ vs. ST), you would not have been able to connect it to the SFP module as it wouldn’t fit.

Similarly, if you used an MMF instead of an SMF cable, you would not receive a weak connection but would instead get no connection.

Answer 67

A

Rollback Plan

Answer 68

A

netstat

Explanation:
Netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (incoming and outgoing), routing tables, and several network interface and network protocol statistics. It is useful when determining if a workstation is attempting outbound connections due to malware (beaconing activity) or has ports open and listening for inbound connections.

The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.

The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network.

The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.

Answer 69

A

/26

Explanation:
Since the Sales department needs 55 devices plus a network ID and broadcast IP, it will require 57 IP addresses. The smallest subnet that can fit 57 IPs is a /26 (64 IPs).
A /26 will borrow 2 host bits and assign those to the network portion of the subnet mask.
This would create a subnet with 2^6 available host IP addresses, or 64 total IP addresses.
Of the 64 IP addresses, there are 62 available for clients to use, one for the network ID, and one for the broadcast address.

Answer 70

A

South

Explanation:
North-South traffic or communication refers to traffic that Enters or Leaves the Data Center from a System physically residing outside the Datacenter.

North Traffic is traffic exiting the datacenter.
South Traffic is traffic entering the data center from the outside.

East-West traffic or communication refers to data flow within the datacenter.

Answer 71

A

The Spanning Tree Protocol uses PBDU to detect loops in Network topologies.

Explanation:
The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. The Spanning Tree Protocol operates at Layer 2 of the OSI model to detect switching loops. STP is defined in the IEEE 802.1d standard.

The Link Aggregation Control Protocol (LACP) enables you to assign multiple physical links to a logical interface that will appear as a single link to a route processor. LACP is used to combine multiple network connections in parallel to increase throughput beyond what a single connection could sustain and to provide redundancy in case one of the links should fail. LACP is defined in the IEEE 802.3ad standard.

Split Horizon is used by Routing Protocols at Layer 3 to prevent Routing loops, and it does not affect Switching loops.

Answer 72

A

Hub

Explanation:
A hub is a layer 1 device and operates at the physical layer.
Cables, Hubs, Repeaters, and Wireless Access Points are all examples of Layer 1, or Physical Layer, devices.
The Physical Layer defines electrical and physical specifications for devices.
The Physical Layer defines the relationship between a device and a transmission medium, such as a copper or optical cable.

A Bridge is a Layer 2 device.
A Switch is a Layer 2 device, but Multilayer Switches (VLANs) operate on Layer 3 as well.
A Firewall is a Layer 3 through Layer 7 device, depending on the type of Firewall.

Answer 73

A

SOA (Start of Authority)

Explanation:
Start of Authority (SOA) resource record indicates which Domain Name Server (DNS) is the best source of information for the specified domain.

AAAA record associates your domain name with an IPv6 address.

A record associates your domain name with an IPv4 address.

MX record is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic.

Answer 74

A

10.10.10.255

Explanation:
In classless subnets using variable-length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /25, so each subnet will contain 128 IP addresses. Since the IP address provided is 10.10.10.200, the broadcast address will be 10.10.10.255.

Answer 75

A

UC Gateway

Answer 76

A

TLS (Transport Layer Security)

Answer 77

A

Anycast

Explanation:
Broadcast only works with IPv4

Multicast, Anycast, Unicast works with IPv6.

Multicast and Unicast works with both IPv4 and IPv6.

Answer 78

A

Implement Load Balancing and provide High Availability

Answer 79

A

SCADA/ICS

Explanation:
Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS) are used in manufacturing and assembly-line networks.
SCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime.
Industrial control system (ICS) is a collective term used to describe different types of control systems and associated instrumentation, which includes the devices, systems, networks, and controls used to operate and/or automate industrial processes.

Network Function Virtualization (NFV) is a way to reduce cost and accelerate service deployment for network operators by decoupling functions like a firewall or encryption from dedicated hardware and moving them to virtual servers.

Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration.

Channel Service Unit/Data Service Unit (CSU/DSU) is a hardware device about the size of an external modem that converts digital data frames from the communications technology used on a local area network (LAN) into frames appropriate to a wide-area network (WAN) and vice versa.

Answer 80

A

25

Explanation:
Question Key Words: “….server cannot send emails to another server…”
SMTP = Simple Mail Transfer Protocol, PORT 25, is Mail Transfer between Servers.

110 = POP3, Protocol for Receiving Mail
143 = IMAP, Protocol for Receiving and Organizing Mail

22 = SSH (Secure Shell) has nothing to do with Mail.

Answer 81

A

Verify system functionality

Answer 82

A

AUP

Acronyms:
AUP = Acceptable Use Policy
MOU = Memorandum of Understanding
NDA = Non Disclosure Agreement
SLA = Service Level Agreement

Answer 83

A

DMZ

Acronyms:
VPN = Virtual Private Network
EAP = Extensible Authentication Protocol
VNC = Virtual Network Computing
DMZ = Demilitarization Zone

Answer 84

A

Identify the problem

Answer 85

A

Open

(Dion suggests that this is part of a PBQ that you may see on the NET+ 008 where you will be asked to drag and drop the Correct Encryption into the AP’s that are displayed in a Picture. So know your Wireless Encryptions!!!)

Brainscape's Knowledge GenomeTM

Jason Dion NET+ 008 Practice Exam #1 Flashcards

Brainscape's Knowledge Genome^TM