Maandag 1-300

Question 1

At which of the following OSI model layers would a technician find an IP header?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4

Answer 1

Answer: C

Explanation:
Network layer, layer 3.

The most significant protocol at layer 3 (also called the network layer) is the Internet Protocol, or IP. IP is the standard for routing packets across interconnected networks–hence, the name internet

Question 2

An IT technician suspects a break in one of the uplinks that provides connectivity to the core switch. Which of the following command-line tools should the technician use to determine where the incident is occurring?

A. nslookup
B. show config
C. netstat
D. show interface
E. show counters

Answer 2

Answer: D

Explanation:
show interface will allow one to see the uplink states of each port

Question 3

A network requirement calls for segmenting departments into different networks. The campus network is set up with users of each department in multiple buildings. Which of the following should be configured to keep the design simple and efficient?

A. MDIX
B. Jumbo frames
C. Port tagging
D. Flow control

Answer 3

Answer: C

Explanation:
Port Tagging is the best answer. Port tagging is used for connecting switches that may be on different networks (trunking)

Question 4

A rogue AP was found plugged in and providing Internet access to employees in the break room. Which of the following would be BEST to use to stop this from happening without physically removing the WAP?

A. Password complexity
B. Port security
C. Wireless client isolation
D. Secure SNMP

Answer 4

Answer: B

Explanation:
B, Port security, would be the best option to use to stop the rogue AP in this scenario. Port security is a feature that can be used to limit the number of devices that can be connected to a switchport. By configuring port security on the switchport to which the rogue AP is connected, the network administrator can ensure that only authorized devices are able to connect to the network and receive an IP address. This would prevent unauthorized devices, such as the rogue AP, from providing Internet access to employees in the break room.

Question 5

A systems administrator is configuring a firewall using NAT with PAT. Which of the following would be BEST suited for the LAN interface?

A. 172.15.0.0/18
B. 172.18.0.0/10
C. 172.23.0.0/16
D. 172.28.0.0/8
E. 172.32.0.0/14

Answer 5

Answer: C

Explanation:
Network address translation (NAT) and Port address translation (PAT) are often used to translate between global and private ip addresses. Private address for Class B is 172.16.0.0 to 172.31.255.255. Only 172.23.0.0/16 fit the range.

Question 6

After a firewall replacement, some alarms and metrics related to network availability stopped updating on a monitoring system relying on SNMP. Which of the following should the network administrator do FIRST?

A. Modify the device’s MIB on the monitoring system.
B. Configure syslog to send events to the monitoring system.
C. Use port mirroring to redirect traffic to the monitoring system.
D. Deploy SMB to transfer data to the monitoring system.

Answer 6

Answer: A

Explanation:
Modify the device’s MIB on the monitoring system.

Question 7

The management team has instituted a 48-hour RTO as part of the disaster recovery plan. Which of the following procedures would meet the policy’s requirements?

A. Recover all systems to a loss of 48 hours of data.
B. Limit network downtime to a maximum of 48 hours per year.
C. Recover all systems within 48 hours.
D. Require 48 hours of system backup maintenance.

Answer 7

Answer: C

Explanation:

Recovery time objective (RTO) is the period following a disaster that an individual IT system may remain offline. This represents the maximum amount of time allowed to identify that there is a problem and then perform recovery (restore from backup or switch in an alternative system, for instance).

Question 8

A network technician is troubleshooting an application issue. The technician is able to recreate the issue in a virtual environment. According to the troubleshooting methodology, which of the following actions will the technician most likely perform NEXT?

A.Gather information from the initial report.
B.Escalate the issue to a supervisor.
C.Implement a solution to resolve the issue.
D.Establish a theory of probable cause.

Answer 8

Answer: D

Explanation:
According to the troubleshooting methodology, the technician will most likely perform the next step of “Establishing a theory of probable cause” after being able to recreate the issue in a virtual environment.

Question 9

Which of the following types of datacenter architectures will MOST likely be used in a large SDN and can be extended beyond the datacenter?

A. iSCSI
B. FCoE
C. Three-tiered network
D. Spine and leaf
E. Top-of-rack switching

Answer 9

Answer: C

Question 10

A network administrator is trying to identify a device that is having issues connecting to a switchport. Which of the following would BEST help identify the issue?

A. A syslog server
B. Change management records
C. A rack diagram
D. The security log

Answer 10

Answer: C

Explanation:
would provide the IP address of switching, the VLAN assigned to ports and tech could confirm PC on correct subnet and GW.

1. Device needs to be connected for syslog
2. If the device is not connected or having issues that will not be able to send the logs to the log servers. Also, the technician is trying to identify the device that we could see by checking the rack diagram.

Question 11

A network administrator is troubleshooting the communication between two Layer 2 switches that are reporting a very high runt count. After trying multiple ports on both switches, the issue persists. Which of the following should the network administrator perform to resolve the issue?

A. Increase the MTU size on both switches.
B. Recertify the cable between both switches.
C. Perform a factory reset on both switches.
D. Enable debug logging on both switches.

Answer 11

Answer: B

Explanation:
Increasing MTU will increase more Runts and CRCs. This is a Cabling issue.

Question 12

Which of the following would be used to enforce and schedule critical updates with supervisory approval and include backup plans in case of failure?

A. Business continuity plan
B. Onboarding and offboarding policies
C. Acceptable use policy
D. System life cycle
E. Change management

Answer 12

Answer: E

Explanation:
Business continuity plan is for after an emergency.

When are talking about backup plans they are talking about backup plans if the change/patch fails. Most places would call this a backout plan but they are calling it a backup plan.

Question 13

To access production applications and data, developers must first connect remotely to a different server. From there, the developers are able to access production data. Which of the following does this BEST represent?

A. A management plane
B. A proxy server
C. An out-of-band management device
D. A site-to-site VPN
E. A jump box

Answer 13

Answer: E

Explanation:
A jump box (also known as a jump server or a bastion host) is a dedicated server or virtual machine that provides secure access to other systems on a network. In the scenario described in the question, the jump box is the server that the developers connect to remotely in order to access production applications and data.

The purpose of the jump box is to provide an additional layer of security by restricting direct access to the production servers. This helps to protect the production servers from potential security threats that could be introduced through the developers’ remote connections.

Question 14

A malicious user is using special software to perform an on-path attack. Which of the following best practices should be configured to mitigate this threat?

A. Dynamic ARP inspection
B. Role-based access
C. Control plane policing
D. MAC filtering

Answer 14

Answer: A

Explanation:

Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. This capability protects the network from certain “man-in-the-middle” attacks.

Question 15

Which of the following compromises Internet-connected devices and makes them vulnerable to becoming part of a botnet? (Choose two.)

A. Deauthentication attack
B. Malware infection
C. IP spoofing
D. Firmware corruption
E. Use of default credentials
F. Dictionary attack

Answer 15

Answer: BE

Explanation:
an attacker must install malware that opens a backdoor

remote connection by using the default credentials.

Question 16

A network administrator is troubleshooting an issue with a new Internet connection. The ISP is asking detailed questions about the configuration of the router that the network administrator is troubleshooting. Which of the following commands is the network administrator using? (Choose two.)

A. tcpdump
B. show config
C. hostname
D. show route
E. netstat
F. show ip arp

Answer 16

Answer: BD

Explanation:
B. show config: This command displays the current configuration of the router, including settings for interfaces, IP addresses, routing protocols, access control lists (ACLs), and more. It helps the ISP understand how the router is set up.

D. show route: This command displays the routing table of the router, showing the paths and next-hop addresses for different IP destinations. It provides insights into how traffic is being routed within the network.

Question 17

A technician is troubleshooting a connectivity issue with an end user. The end user can access local network shares and intranet pages but is unable to access the internet or remote resources. Which of the following needs to be reconfigured?

A. The IP address
B. The subnet mask
C. The gateway address
D. The DNS servers

Answer 17

Answer: C

Explanation:
Gateway. It’s not DNS because you could still access remote resources by IP if DNS wasn’t working/configured for name resolution.

Question 18

A technician knows the MAC address of a device and is attempting to find the device’s IP address. Which of the following should the technician look at to find the
IP address? (Choose two.)

A. ARP table
B. DHCP leases
C. IP route table
D. DNS cache
E. MAC address table
F. STP topology

Answer 18

Answer: AB

Explanation:
A. ARP table

B. DHCP leases.

Question 19

A technician is monitoring a network interface and notices the device is dropping packets. The cable and interfaces, however, are in working order. Which of the following is MOST likely the cause?

A. OID duplication
B. MIB mismatch
C. CPU usage
D. Encapsulation errors

Answer 19

Answer: C

Explanation:
overworking CPU or max Ram, general the encapsulation failed error message indicates that the router has a layer 3 packet to forward and is lacking some element of the layer 2 header that it needs to be able to forward the packet toward the next hop.

Question 20

A network administrator needs to provide remote clients with access to an internal web application. Which of the following methods provides the HIGHEST flexibility and compatibility while encrypting only the connection to the web application?
A. Clientless VPN
B. Virtual desktop
C. Virtual network computing
D. mGRE tunnel

Answer 20

Answer: A

Explanation:
Clientless VPN provides secure remote access to common enterprise web applications.

Question 21

A network engineer receives the following when connecting to a switch to configure a port: telnet 10.1.200.1
Connecting to 10.1.200.1..Could not open connection to the host, on port 23: Connect failed.
Which of the following is the MOST likely cause for the failure?

A. The network engineer is using the wrong protocol.
B. The network engineer does not have permission to configure the device.
C. SNMP has been secured with an ACL.
D. The switchport the engineer is trying to configure is down.

Answer 21

Answer: A

Explanation:
A because many securely configured firewalls block Telnet because of the protocol’s unsecurity; therefore, it’s the wrong protocol. SSH (port 22) would be the correct one.

Question 22

A company streams video to multiple devices across a campus. When this happens, several users report a degradation of network performance. Which of the following would MOST likely address this issue?

A. Enable IGMP snooping on the switches.
B. Implement another DHCP server.
C. Reconfigure port tagging for the video traffic.
D. Change the SSID of the APs.

Answer 22

Answer: A

Explanation:

1. At layer 2, if a switch is not multicast-aware, it will treat multicast transmissions as broadcasts and flood them across all ports in the broadcast domain. This can consume a lot of bandwidth and slow down the network. This problem becomes particularly acute if the switch floods multicast traffic to virtual LANs (VLANs) that do not need to receive it. To combat this, IGMP snooping can be enabled as a global option on a switch and as a per-VLAN option. IGMP snooping means the switch reads IGMP messages and can determine if the host on an access port or one or more hosts in a VLAN have joined a multicast group. Multicast traffic is filtered from ports and VLANs that have no hosts participating in the multicast group.

Question 23

A technician is trying to determine whether an LACP bundle is fully operational. Which of the following commands will the technician MOST likely use?

A. show interface
B. show config
C. show route
D. show arp

Answer 23

Answer: A

Explanation:
LACP, a subcomponent of IEEE 802.3ad, provides additional functionality for link aggregation groups (LAGs). Use the link aggregation feature to aggregate one or more Ethernet interfaces to form a logical point-to-point link, known as a LAG, virtual link, or bundle.

Question 24

Which of the following connectors and terminations are required to make a Cat 6 cable that connects from a PC to a non-capable MDIX switch? (Choose two.)

A. TIA-568-A - TIA-568-B
B. TIA-568-B - TIA-568-B
C. RJ11
D. RJ45
E. F-type

Answer 24

Answer: B D

Question 25

A company wants to set up a backup data center that can become active during a disaster. The site needs to contain network equipment and connectivity. Which of the following strategies should the company employ?

A. Active-active
B. Warm
C. Cold
D. Cloud

Answer 25

Answer: B

Explanation:
1. B. Active-active refers to more than one NIC being active at the same time. In my opinion, this question is referring to a recovery site (hot, warm, cold, cloud)

2. Warm, Hardware and connections, but no data.

Question 26

A technician performed a manual reconfiguration of a firewall, and network connectivity was reestablished. Some connection events that were previously sent to a syslog server are no longer being generated by the firewall. Which of the following should the technician perform to fix the issue?

A. Adjust the proper logging level on the new firewall.
B. Tune the filter for logging the severity level on the syslog server.
C. Activate NetFlow traffic between the syslog server and the firewall.
D. Restart the SNMP service running on the syslog server.

Answer 26

Answer: A

Explanation:
If the syslog server is no longer receiving previous messages from the firewall after changes were done to the firewall, I think it makes more sense to adjust something on the firewall so those messages get sent to the syslog server again.

Question 27

A systems operator is granted access to a monitoring application, configuration application, and timekeeping application. The operator is denied access to the financial and project management applications by the system’s security configuration. Which of the following BEST describes the security principle in use?

A. Network access control
B. Least privilege
C. Multifactor authentication
D. Separation of duties

Answer 27

Answer: B

Explanation:
B. Least privilege is the correct answer.

Question 28

Users in a branch can access an in-house database server, but it is taking too long to fetch records. The analyst does not know whether the issue is being caused by network latency. Which of the following will the analyst MOST likely use to retrieve the metrics that are needed to resolve this issue?

A. SNMP
B. Link state
C. Syslog
D. QoS
E. Traffic shaping

Answer 28

Answer: A

Explanation:

Based on the fact that it is configured to probe and measure how traffic is flowing across the network with SNMP metric data such as response times, latency, jitter, packet loss, and device health metrics.

Question 29

At which of the following OSI model layers does an IMAP client run?

A. Layer 2
B. Layer 4
C. Layer 6
D. Layer 7

Answer 29

Answer: D

Question 30

To comply with an industry regulation, all communication destined to a secure server should be logged and archived on a storage device. Which of the following can be configured to fulfill this requirement?

A. QoS traffic classification
B. Port mirroring
C. Flow control
D. Link Aggregation Control Protocol

Answer 30

Answer: B

Explanation:
Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port.

Question 31

A technician is consolidating a topology with multiple SSIDs into one unique SSID deployment. Which of the following features will be possible after this new configuration?

A. Seamless roaming
B. Basic service set
C. WPA
D. MU-MIMO

Answer 31

Answer: A

Question 32

A company is moving to a new building designed with a guest waiting area that has existing network ports. Which of the following practices would BEST secure the network?

A. Ensure all guests sign an NDA.
B. Disable unneeded switchports in the area.
C. Lower the radio strength to reduce Wi-Fi coverage in the waiting area.
D. Enable MAC filtering to block unknown hardware addresses.

Answer 32

Answer: D

Explanation:
I would go for D also on the basis that the ‘Needed’ ports aren’t protected as users can unplug/plug their own device in.

Question 33

Which of the following protocols would enable a company to upgrade its internet connection by acquiring its own public IP prefixes and autonomous system number?

A. EIGRP
B. BGP
C. IPv6
D. MPLS

Answer 33

Answer: B

Explanation:
1. Public BGP routing prefixes must be registered. There is no requirement anywhere to register EIGRP AS numbers, since it is an Interior Gateway Protocol (IGP) like RIP and OSPF.
2. AS or autonomous system is used within BGP protocol

Question 34

Several employees have expressed concerns about the company monitoring their internet activity when they are working from home. The company wants to mitigate this issue and reassure employees that their private internet activity is not being monitored. Which of the following would satisfy company and employee needs?

A. Split tunnel
B. Full tunnel
C. Site-to-site tunnel
D. Virtual desktop

Answer 34

Answer: D

Explanation:

We run a split tunnel VPN for work and I assure you I can monitor them just fine if they are using their work laptops. I think this is more about running a virtual desktop purely for work purposes (which is potentially monitored) and then you go do your own personal stuff on your own computer

Question 35

Which of the following can be used to decrease latency during periods of high utilization of a firewall?

A. Hot site
B. NIC teaming
C. HA pair
D. VRRP

Answer 35

Answer: C

Explanation:

An HA pair is a group of two firewalls that are configured to work together to provide high availability and failover protection. If one firewall becomes unavailable, the other firewall can take over and continue providing network services. This can help to decrease latency during periods of high utilization because the workload is distributed across two firewalls rather than being handled by a single device.

Question 36

A device is connected to a managed Layer 3 network switch. The MAC address of the device is known, but the static IP address assigned to the device is not.
Which of the following features of a Layer 3 network switch should be used to determine the IPv4 address of the device?

A. MAC table
B. Neighbor Discovery Protocol
C. ARP table
D. IPConfig
E. ACL table

Answer 36

Answer: C

Explanation:
ARP table

The ARP (Address Resolution Protocol) table on a Layer 3 network switch maintains a mapping between a device’s MAC address and its assigned IPv4 address. By checking the ARP table, the network technician can determine the IPv4 address assigned to the device.

Question 37

A help desk technician is concerned that a client’s network cable issues may be causing intermittent connectivity. Which of the following would help the technician determine if this is the issue?

A. Run the show interface command on the switch.
B. Run the traceroute command on the server.
C. Run iperf on the technician’s desktop.
D. Ping the client’s computer from the router.
E. Run a port scanner on the client’s IP address

Answer 37

Answer: A

Explanation:
A. Run the show interface command on the switch.

The “show interface” command on the switch will provide detailed information on the status of the interface and any errors or issues that may be occurring. This can help the technician determine if there are any cable issues causing intermittent connectivity.