Missed questions Flashcards
A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem?
- IDS is blocking RADIUS
- Shared secret key is mismatched
- Username is misspelled in the device configuration file
- group policy has not propagated to the device
- Shared secret key is mismatched
Explanation
OBJ-4.1: AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems. A shared secret is a text string that serves as a password between hosts.
A technician is configuring a computer lab for the students at Dion Training. The computers need to be able to communicate with each other on the internal network, but students using computers should not be able to access the Internet. The current network architecture is segmented using a triple-homed firewall to create the following zones: ZONE INTERFACE, IP address ————————————— PUBLIC, eth0, 66.13.24.16/30 INSTRUCTORS, eth1, 172.16.1.1/24 STUDENTS, eth2, 192.168.1.1/24 What rule on the firewall should the technician configure to prevent students from accessing the Internet?
- Deny all traffic from eth1 to eth0
- Deny all traffic from eth2 to eth0
- Deny all traffic from eth0 to eth2
- Deny all traffic from eth2 to eth1
Deny all traffic from eth2 to eth0
Explanation
OBJ-4.3: By denying all traffic from the eth2 to eth0, you will block network traffic from the internal (STUDENT) network to the external (PUBLIC) network over the WAN connection. This will prevent the students from accessing the Internet by blocking all requests to the Internet. For additional security, it would be a good idea to also block all traffic from eth0 to eth2 so that inbound traffic from the internet cannot communicate with the student’s computers. But, since the outbound connections from the students to the internet are being blocked, the student will be unable to access any webpages since they cannot send a request over port 80 or 443. Additionally, by choosing this rule, we have not blocked any network traffic between the instructors and the students.
Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on? (SELECT TWO)
- GPS location
- Geo-IP
- NAC
- Port Security
GPS & NAC
Explanation
OBJ-4.3: Network Access Control is used to identify an endpoint’s characteristics when conducting network authentication. The GPS location of the device will provide the longitude and latitude of the user, which could be compared against the GPS coordinates of the building. Port security enables an administrator to configure individual switch ports to allow only a specified number of source MAC addresses to communicate using a given switchport. This would not help to locate the individual based on their location, though. Geo-IP, or geolocation and country lookup of a host based on its IP address, would identify the country of origin of the user, but not whether they are within the building’s confines. Geo-IP is also easily tricked if the user logs in over a VPN connection.
Dion Training is trying to connect two geographically dispersed offices using a VPN connection. You have been asked to configure their networks to allow VPN traffic into the network. Which device should you configure FIRST?
- Switch
- Firewall
- Modem
- Router
Firewall
Explanation
OBJ-2.1: You should FIRST configure the firewall since the firewall is installed at the network’s external boundary (perimeter). By allowing the VPN connection through the firewall, the two networks can be connected and function as a single intranet (internal network). After configuring the firewall, you will need to verify the router is properly configured to route traffic between the two sites using the site-to-site VPN connection. A modem modulates and demodulates electrical signals sent through phone lines, coaxial cables, or other types of wiring. A layer 2 switch is a type of network switch or device that works on the data link layer (OSI Layer 2) and utilizes MAC Address to determine the path through where the frames are to be forwarded. It uses hardware-based switching techniques to connect and transmit data in a local area network (LAN).
Elizabeth was replacing a client’s security device that protects their screened subnet. The client has an application that allows external users to access the application remotely. After replacing the devices, the external users cannot connect remotely to the application anymore. Which of the following devices was MOST likely misconfigured and is now causing a problem?
- Firewall
- Content filter
- DNS
- DHCP
Firewall
Explanation
OBJ-2.1: A firewall is an integral part of creating a screened subnet. If configured correctly, it can regulate exactly what traffic and users are allowed to access the server. This is different from a content filter because a content filter denies traffic to a user based on content, but not access to a server. If the firewall ruleset was not configured to allow external users to access the application remotely, the default condition is to “deny by default”. Content filtering is the use of a program to screen and/or exclude access to web pages or emails deemed objectionable. The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.
Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 54 Mbps?
- 802.11a
- 802.11ac
- 802.11n
- 802.11g
- 802.11ax
- 802.11b
802.11a
Explanation
OBJ-2.4: The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. Unfortunately, when this was first released, the radios to operate with this standard were fairly expensive, so it did not sell well or become widespread. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.
Which type of wireless technology are OFDM, QAM, and QPSK examples of?
- RF interference
- Frequency
- Modulation
- Spectrum
Modulation
Explanation
OBJ-2.4: Modulation is the process of varying one or more properties of a periodic waveform, called the carrier signal, with a separate signal called the modulation signal that typically contains information to be transmitted. WiFi can use different digital modulation schemes for data transmission. Common types of modulation include Orthogonal frequency-division multiplexing (OFDM), Quadrature Amplitude Modulation (QAM), and Quadrature Phase-shift keying (PSK). Frequency is the number of occurrences of a repeating event per unit of time. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. Interference occurs when two radios are transmitting or receiving on the same frequencies. Spectrum refers to the range of frequencies used by a radio transmitter or receiver, such as the 2.4 GHz spectrum which includes frequencies from 2.412 GHz to 2.472 GHz in the United States.
Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine?
- tracert
- nslookup
- ip
- route
Route
Explanation
OBJ-5.3: The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.
You work for Dion Training as a physical security manager. You are concerned that the physical security at the entrance to the company is not sufficient. To increase your security, you are determined to prevent piggybacking. What technique should you implement first?
* Install CCTV to monitor the entrance
* Require all employees to wear security badges when entering the building
* Install an RFID badge reader at the entrance
* Install an access control vestibule at the entrance
Install an access control vestibule at the entrance
Explanation
OBJ-4.5: An access control vestibule, or mantrap, is a device that only allows a single person to enter per authentication. This authentication can be done by RFID, a PIN, or other methods. Once verified, the mantrap lets a single person enter through a system, such as a turnstile or rotating door. CCTV will not stop piggybacking, but it could be used as a detective control after an occurrence. Wearing security badges is useful, but it won’t stop piggybacking by a skilled social engineer. RFID badges may be used as part of your entry requirements, but it won’t stop a determined piggyback who follows an employee into the building after their authenticated RFID access has been performed.
Which of the following policies or plans would describe the access requirements for connecting a user’s laptop to the corporate network?
* Remote Access policy
* Bring your own device policy
* Password policy
* Onboarding policy
BYOD policy
Explanation
OBJ-3.2: A bring your own device (BYOD) policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops. A remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network. A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. An onboarding policy is a documented policy that describes all the requirements for integrating a new employee into the company and its cultures, as well as getting that new hire all the tools and information they need to begin their job successfully.
Which of the following remote access tools is a command-line terminal emulation program operating on port 23?
* SSH
* RDP
* VNC
* Telnet
Telnet
Explanation
OBJ-1.5: Telnet is a TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation). Telnet is unauthenticated, which means it sends data such as the username and password in plain text. For this reason, it should not be used, and SSH should be used instead. Telnet runs over TCP port 23. Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.
Jason is a network manager leading a project to deploy a SAN. He is working with the vendor’s support technician to set up and configure the SAN on the enterprise network to begin SAN I/O optimization. What should Jason provide to the vendor support technician?
* Network diagrams
* Asset management document
* Access to the data center
* Baseline documents
Network Diagrams
Explanation
OBJ-3.2: A network diagram is a visual representation of network architecture. It maps out the structure of a network with a variety of different symbols and line connections. This information will be important when deploying a Storage Area Network (SAN) on the enterprise network. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. Asset management is used to record and track an asset throughout its life cycle, from procurement to disposal. Access to the datacenter will only be required if the vendor’s support technician will be physically working in the datacenter and not performing a remote installation.
A home user reports to a network technician that the Internet is slow when they attempt to use their smartphone or laptop with their Wi-Fi network. The network administrator logs into the admin area of the user’s access point and discovers that multiple unknown devices are connected to it. What is MOST likely the cause of this issue?
* The user is connected to a botnet
* A successful WPS attack has occured
* The user is experiencing ARP poisoning
* An evil twin has been implemented
Successful WPS attack has occured
Explanation
OBJ-4.2: Wi-Fi Protected Setup (WPS) allows users to configure a wireless network without typing in the passphrase. Instead, users can configure devices by pressing buttons or by entering a short personal identification number (PIN). Unfortunately, WPS is fairly easy to hack and unknown devices can then connect to your network without permission. This is the most likely cause of the issue described in the question. If it was an evil twin, the technician would not have been able to log in to the admin area of the device to see the connected devices. ARP poisoning consists of abusing the weaknesses in ARP to corrupt the MAC-to-IP mappings of other devices on the network. This would not affect the number of devices connected to the access point, though, only the switching of their traffic once they connect. A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them. From the description in the question, there is no evidence that the user’s laptop or smartphone are infected with malware. Even if one was infected, it is unlikely they both would be infected with the same malware since laptops and smartphones run different operating systems.
What is true concerning jumbo frames?
* They are commonly used on a SAN
* Their MTU size is less than 1500
* They are commonly used with a NAS
* They are commonly used with DHCP
Commonly used on a SAN
Explanation
OBJ-2.3: Jumbo frames are Ethernet frames whose MTU is greater than 1500. To increase performance, you should use jumbo frames only when you have a dedicated network or VLAN, and you can configure an MTU of 9000 on all equipment. Because of this, jumbo frames are most commonly used in a storage area network (SAN).
Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera’s security concerns? (Select TWO)
- Configure the thermostat to use a segregated part of the network by installing it into a screened subnet
- Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password
- Upgrade the firmware of the wireless access point to the latest version to improve the security of the network
- Enable two-factor authentication on the device’s website(if supported by the company)
- Configure the thermostat to use the WEP encryption standard for additional confidentiality
- Disable wireless connectivity to the thermostat to ensure a hacker cannot access it
(A) Configure the thermostat to use a segregated part of the network by installing it into a screened subnet and (B) Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password
Explanation
OBJ-2.1: The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network. While enabling two-factor authentication on the device’s website is a good practice, it will not increase the IoT device’s security. While disabling the wireless connectivity to the thermostat will ensure it cannot be hacked, it also will make the device ineffective for the customer’s normal operational needs. WEP is considered a weak encryption scheme, so you should use WPA2 over WEP whenever possible. Finally, upgrading the wireless access point’s firmware is good for security, but it isn’t specific to the IoT device’s security. Therefore, it is not one of the two BEST options.
You are conducting a wireless penetration test against a WPA2-PSK network. Which of the following types of password attacks should you conduct to verify if the network is using any of the Top 1000 commonly used passwords?
* Dictionary
* Brute-force
* Spraying
* Hybrid
Dictionary
Explanation
OBJ-4.2: A dictionary attack is a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file. A brute-force attack consists of an attacker submitting every possible combination for a password or pin until they crack it. Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords. A hybrid attack merges a dictionary attack and a brute-force attack, but provides keywords from a list to use during the brute-force attack modifying the suffixes or prefixes.
Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network?
* Star
* Bus
* Hybrid
* Ring
Hybrid
Explanation
OBJ-1.2: A hybrid topology is a kind of network topology that is a combination of two or more network topologies, such as mesh topology, bus topology, and ring topology. A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring. The WAN connections are using a ring network topology, but each office is using a star topology. Therefore, the best description of this combined network is a hybrid topology.
Which of the following applies to data as it travels from Layer 1 to Layer 7 of the OSI model?
* Encapsulation
* Tagging
* De-encapsulation
* Tunneling
De-encapsulation
Explanation
OBJ-1.1: Data encapsulation and de-encapsulation in a computer network is a necessary process. De-encapsulation in networking is performed at the receiver side or destination side as data moves from layer 1 to layer 7 of the OSI model. As information travels up the layers of the OSI layer, information added from the sender’s encapsulation process is removed layer by layer. Data encapsulation, on the other hand, is performed at the sender side while the data packet is transmitted from source host to destination host. This is a process through which information is added to the data as it moved from layer 7 to layer 1 of the OSI model before the data is sent over the network to the receiver. Tagging is used in 802.1q to identify ethernet traffic as part of a specific VLAN. This occurs at Layer 2 of the OSI model and remains at Layer 2 of the OSI model. Tunneling is the process by which VPN packets reach their intended destination. This normally occurs using the IPsec or TLS protocols and occurs at Layer 2 of the OSI model.
Which of the following levels would a debugging condition generate?
* 1
* 7
* 6
* 0
7
Explanation
OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.
Your company is currently using a 5 GHz wireless security system, so your boss has asked you to install a 2.4 GHz wireless network to use for the company’s computer network to prevent interference. Which of the following can NOT be installed to provide a 2.4 GHz wireless network?
* 802.11n
* 802.11ac
* 802.11b
* 802.11g
802.11ac
Explanation
OBJ-2.4: Wireless networks are configured to use either 2.4 GHz or 5.0 GHz frequencies, depending on the network type. 802.11a and 802.11ac both utilize a 5.0 GHz frequency for their communications. 802.11b and 802.11g both utilize a 2.4 GHz frequency for their communications. 802.11n and 802.11ax utilize either 2.4 GHz, 5.0 GHz, or both, depending on the Wi-Fi device’s manufacturer. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 5.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds.
Which of the following types of network documentation would provide a drawing of the network cabling imposed over the floorplan for an office building?
* Wiring diagram
* Site survey report
* Logical network diagram
* Physical network diagram
Physical network diagram
Explanation
OBJ-3.2: A physical network diagram is used to show the actual physical arrangement of the components that make up the network, including cables and hardware. A logical diagram is used to illustrate the flow of data across a network and is used to show how devices communicate with each other. These logical diagrams usually include the subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments in a given network. Wiring diagrams are used to clearly label which cables are connected to which ports. The more in-depth wiring diagrams will include a floorplan or rack diagram, so you can see how the cables are run in the physical environment. A wireless site survey is the process of planning and designing a wireless network to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, and quality of service (QoS). The site survey report will contain a floorplan of the areas surveyed with the wireless coverage areas and signal strengths notated on it.
What is the network ID associated with the host located at 192.168.0.123/29?
* 192.168.0.64
* 192.168.0.120
* 192.168.0.96
* 192.168.0.112
192.168.0.120
Explanation
OBJ-1.4: In classless subnets using variable-length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /29, so each subnet will contain 8 IP addresses. Since the IP address provided is 192.168.0.123, it will be in the 192.168.0.120/29 network.
A client has asked you to provide their local office with the BEST solution for a wireless network based on their requirements. The client has stated that their users will need a wireless network that provides a maximum of 54 Mbps of bandwidth and operates in the 2.4GHz frequency band. Which of the following wireless network types should you install to meet their needs?
* 802.11g
* 802.11ac
* 802.11a
* 802.11b
802.11g
Explanation
OBJ-2.4: 802.11g provides transmission over short distances at up to 54 Mbps in the 2.4 GHz band. It is backward compatible with 802.11b (which only operates at 11 Mbps). While an 802.11ac network would be the fastest solution, it does not operate in the 2.4 GHz frequency band. 802.11a operates in the 5 GHz frequency band at up to 54 Mbps. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. The 2.4 GHz frequency band is used by 802.11b, 802.11g, and 802.11n. The 5 GHz frequency band is used by 802.11a, 802.11n, 802.11ac, and 802.11ax. The 6 GHz frequency band is used by Wi-Fi 6E under the 802.11ax standard.
What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them?
* FIN
* ACK
* SYN
* RST
RST
Explanation
OBJ-1.1: A reset (RST) flag is used to terminate the connection. This type of termination of the connection is used when the sender feels that something has gone wrong with the TCP connection or that the conversation should not have existed in the first place. For example, if a system receives information that is outside of an established session, it will send a RST flag in response. A finish (FIN) flag is used to request that the connection be terminated. This usually occurs at the end of a session and allows for the system to release the reserved resources that were set aside for this connection. A synchronization (SYN) flag is set in the first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake. Once received, the receiver sends back a SYN and ACK flag set in a packet which is then sent back to the initiator to confirm they are ready to initiate the connection. Finally, the initial sender replies with an ACK flag set in a packet so that the three-way handshake can be completed and data transmission can begin.
You just heard of a new ransomware attack that has been rapidly spreading across the internet that takes advantage of a vulnerability in the Windows SMB protocol. To protect your network until Microsoft releases a security update, you want to block the port for SMB at your firewall to prevent becoming a victim of this attack. Which of the following ports should you add to your blocklist?
* 445
* 123
* 514
* 143
445
Explanation
OBJ-1.5: Server Message Block (SMB) uses ports 139 and 445, and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments. When the WannaCry ransomware was spreading rapidly across the internet, you could help protect your organization’s network by blocking ports 139 and 445 at your firewall to prevent your machines from getting infected over the internet. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.
You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment?
* 77.81.12.12
* 77.81.12.13
* 77.81.12.15
* 77.81.12.14
77.81.12.12
Explanation
OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /30, so each subnet will contain 4 IP addresses. Since the IP address provided is 77.81.12.14/30, the network ID is 77.81.12.12/30, the first router is 77.81.12.13/30, the second router is 77.81.12.14/30, and the broadcast address is 77.81.12.15/30.
You are configuring a network to utilize SNMPv3 to send information from your network devices back to an SNMP manager. Which of the following SNMP options should you enable to ensure the data is transferred confidentially?
* authProtect
* authPriv
* authEncrypt
* authNoPriv
authPriv
Explanation
OBJ-3.1: In SNMPv3, the authPriv option ensures that the communications are sent with authentication and privacy. This uses MD5 and SHA for authentication and DES and AES for privacy and encryption.
Which type of wireless network utilizes the 2.4 GHz frequency band and reaches speeds of up to 54 Mbps?
* 802.11g
* 802.11n
* 802.11a
* 802.11ac
* 802.11b
* 802.11ax
802.11g
Explanation
OBJ-2.4: The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.
Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue?
* C:\windows\system32> nbtstat -R
* C:\windows\system32> ipconfig/flushdns
* C:\windows\system32> route print
* C:\windows\system32> nslookup
C:\windows\system32> nbtstat -R
Explanation
OBJ-5.3: Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the “nbtstat -R” command to purge and reload the cached name table from the LMHOST file on their Windows workstation. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.
Lynne is a home user who would like to share music throughout the computers in her house using an external USB hard drive connected to a router that she purchased over a year ago. The manufacturer states that the router can recognize drives up to 4TB in size, but she cannot get her 3TB hard drive to show up on the network. Which of the following should Lynne do to solve this issue?
* Load the latest hardware drivers for her USB drive
* Download a new music player on her computers
* Flash the latest firmware for her router
* Install the latest OS on her computers
Flash the latest firmware for her router
Explanation
OBJ-5.5: Routers can be updated by conducting a firmware flash. This is similar to upgrading or patching your computer’s operating system or even updating a device driver. By flashing the firmware, it can provide the ability to communicate with newer devices and remove known software vulnerabilities from the device.
Your company wants to create highly available datacenters. Which of the following will allow the company to continue maintaining an Internet presence at all sites if the WAN connection at their own site goes down?
* OSPF
* Load balancer
* VRRP
* BGP
BGP
Explanation
OBJ-2.2: If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available. Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP), therefore it will not help be able to reroute the organization’s WAN connections. The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. VRRP is used for your internal clients and will not affect the routing of traffic between WANs or autonomous systems. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle. A load balancer would work at one site, but would not allow routing of the WAN connections at all the other sites since they rely on autonomous systems and BGP is used to route traffic between autonomous systems.
An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted if this change is not immediate. The request comes directly from management and was just approved through the emergency change management process. Which of the following should the technician do?
* Wait until the maintenance window and make the requested change
* Send out a notification to the company about the change
* First document the potential impacts and procedures related to the change
* Make the change, document the requester, and document all network changes
Make the change, document the requester, and document all network changes
Explanation
OBJ-3.2: The best answer is to make the change, document the requester, and document all the network changes. All changes to the enterprise network should be approved through the normal change management processes. If there is an urgent need, there is an emergency change management process that can be used for approval. This is known as an emergency change approval board (ECAB). An ECAB can be executed extremely quickly to gain approval, and then the documentation can be completed after the change is made when using the emergency change management processes.
A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?
* Implement a split-horizon or split-view DNS
* Adjust the ACL on the firewall’s internal interface
* Configure the firewall to support dynamic NAT
* Place the server in a screened subnet or DMZ
Implement a split-horizon or split-view DNS
Explanation
OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external). Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet. An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules.
A third-party vendor has just released patches to resolve a major vulnerability. There are over 100 critical devices that need to be updated. What action should be taken to ensure the patch is installed with minimal downtime?
* Test the patch in a lab environment and then install it in the production network during the next scheduled maintenance
* Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and then immediately install it in the production environment
* Download and install all patches in the production network during the next scheduled maintenance period
* Configure endpoints to automatically download and install the patches
Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and then immediately install it in the production environment
Explanation
OBJ-3.2: Patches should always be tested first. Once successfully tested, deployment to the production environment can then be accomplished.
A network administrator updated an Internet server to evaluate some new features in the current release. A week after the update, the Internet server vendor warns that the latest release may have introduced a new vulnerability, and a patch is not available for it yet. Which of the following should the administrator do to mitigate this risk?
* Enable the host-based firewall on the Internet server
* Utilize WAF to restrict malicious activity to the Internet server
* Enable HIPS to protect the server until the patch is released
* Downgrade the server and defer the new feature testing
Downgrade the server and defer the new feature testing
Explanation
OBJ-4.3: Since the vendor stated that the new version introduces vulnerabilities in the environment, it is best to downgrade the server to the older and more secure version until a patch is available.
A network technician determines that two dynamically assigned workstations have duplicate IP addresses. What command should the technician use to correct this issue?
* ipconfig/release | ipconfig /renew
* ipconfig /renew
* ipconfig /dhcp
* ipconfig /all
ipconfig/release | ipconfig /renew
Explanation
OBJ-5.3: The ipconfig tool displays all current TCP/IP network configuration values on a given system. The ipconfig also can release and renew a DHCP-received IP on a workstation. The first thing to do is release the IP address using the command ipconfig /release. Next, the technician should dynamically assign another IP address using the command ipconfig /renew. These commands could be each entered individually or combined using the pipe (|) syntax as shown in this question. The ipconfig /all option would be used to display the assigned IP addresses. The ipconfig /renew option would be used to renew an existing DHCP lease and not request a new IP address.
An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following: DIONRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line is up Hardware is GigabitEthernet, address is 000F.33CC.F13A Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Member of L2 VLAN 1, port is untagged, port state is forwarding Which of the following actions should be taken to improve the network performance for this WAN connection?
* Assign the interface a 802.1q tag to its own VLAN
* Shutdown and then re-enable this interface
* Replace eth1/1 with a 1000Base-T transceiver
* Configure the interface to use full-duplex
Assign the interface a 802.1q tag to its own VLAN
Explanation
OBJ-5.5: The WAN interface (eth 1/1) is currently untagged and is being assigned to the default VLAN (VLAN 1). If there are numerous devices in the default VLAN, the VLAN may be overloaded or oversubscribed leading to a reduction in the network performance. To solve this issue, you would assign the WAN interface to a VLAN with less traffic or to its own VLAN. By adding an 802.1q tag (VLAN tag) to the interface, you can assign it to its own individual VLAN and eliminate potential overloading or oversubscription issues. The interface is already set to full-duplex (fdx) and it operating in full-duplex (fdx). Therefore, the issue is not a duplexing mismatch. The configuration shows that the interface is already using a GigabitEthernet, so you do not need to replace the transceiver with a 1000Base-T module. Also, the physical layer is working properly and a link is established, as shown by the output “GigabitEthernet 1/1 is up”, showing the current transceiver is functioning properly at 1 Gbps. While issuing the shutdown command and then re-enabling the interface could clear any errors, based on the interface status shown we have no indications that errors are being detected or reported.
Dion Training utilizes a wired network throughout the building to provide network connectivity. Jason is concerned that a visitor might plug their laptop into a CAT 5e wall jack in the lobby and access the corporate network. What technology should be utilized to prevent users from gaining access to network resources if they can plug their laptops into the network?
* UTM
* NAC
* VPN
* DMZ
NAC
Explanation
OBJ-4.1: Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology, the user or system authentication, and network security enforcement. NAC restricts the data that each particular user can access and implements anti-threat applications such as firewalls, anti-virus software, and spyware detection programs. NAC also regulates and restricts the things individual subscribers or users can do once they are connected. If a user is unknown, the NAC can quarantine the device from the network upon connection. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted network such as the Internet. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Unified threat management (UTM) provides multiple security features (anti-virus, anti-spam, content filtering, and web filtering) in a single device or network appliance.
Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 3.5 Gbps?
* 802.11ax
* 802.11n
* 802.11b
* 802.11a
* 802.11ac
* 802.11g
802.11ac
Explanation
OBJ-2.4: The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth.
When a criminal or government investigation is underway, what describes the identification, recovery, or exchange of electronic information relevant to that investigation?
* Encryption
* First responder
* eDiscovery
* Data transport
eDiscovery
Explanation
OBJ-3.2: By process of elimination, you can easily answer this question. Data transport is the transport of data, while the first responder is the first person to arrive on the scene. Encryption is a method of putting data into a tunnel so that it is completely secure. This leaves us with eDiscovery. eDiscovery is the term that refers to the process of evidence collection through digital forensics. eDiscovery is conducted during an incident response.
Scott is a brand new network technician at Dion Training. He has been told to remote into the edge switch from his desk and enable DHCP snooping. Which of the following commands should he use?
* nmap
* ip
* TFTP server
* telent
telnet
Explanation
OBJ-5.3: The telnet command is used to open a command-line interface on a remote computer or server. Telnet operates in plain text mode and should never be used over an untrusted or public network. While it would be better for Scott to use SSH for security reasons, telnet is still the best answer based on the options presented in this question. Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network’s clients, servers, and devices. A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface.
What is a common technique used by malicious individuals to perform an on-path attack on a wireless network?
* Session hijacking
* An evil twin
* Amplified DNS attacks
* ARP spoofing
An evil twin
Explanation
OBJ-4.2: An evil twin is the most common way to perform an on-path attack on a wireless network. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user’s knowledge. A man-in-the-middle or on-path attack consists of sitting between the connection of two parties and either observing or manipulating traffic. This could be through interfering with legitimate networks or creating fake networks that the attacker controls. ARP spoofing, session hijacking, and amplified DNS attacks are not techniques specific to attacking wireless networks.
Your company is experiencing slow network speeds of about 54Mbps on their wireless network. You have been asked to perform an assessment of the existing wireless network and recommend a solution. You have recommended that the company upgrade to an 802.11n or 802.11ac wireless infrastructure to obtain higher network speeds. Which of the following technologies allows an 802.11n or 802.11ac network to achieve a speed greater than 54 Mbps?
* MIMO
* WPA2
* PoE
* LWAPP
MIMO
Explanation
OBJ-2.4: One way 802.11n and 802.11ac networks achieve superior throughput and speeds by using multiple-input multiple-output (MIMO) and multi-user MIMO (MU-MIMO), respectively. MIMO uses multiple antennas for transmission and reception, which results in higher speeds than 802.11a and 802.11g networks, which can only support up to 54 Mbps of throughput. Wireless N and Wireless AC networks also utilize the 5 GHz frequency band, allowing them to achieve speeds greater than 54 Mbps. WPA2 is a wireless encryption standard and can be used with Wireless G, N, AC, or AX. Using WPA2 does not increase the speed of the wireless network. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. PoE does not affect the speed of a wireless network. Lightweight Access Point Protocol (LWAPP) is the name of a protocol that can control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring, or troubleshooting a large network. LWAPP does not affect the speed of a wireless network.
(This is a simulated Performance-Based Question. On the real exam, you may be given a chart with numerous ports and protocols and be asked to drag and drop them to match the ports with the protocols.) What ports do FTP and SFTP utilize?
* 22, 23
* 20, 21
* 21, 22
* 21, 23
21, 22
Explanation
OBJ-1.5: FTP (File Transfer Protocol) uses ports 20 and 21. SFTP (Secure File Transfer Protocol) uses port 22. Port 23 is used by Telnet. If this were a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up. (It might also have 4-6 different pairs to match up.)
A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem?
* The workstation’s NIC has a bad SFP module
* The switchport is configured for 802.1q trunking
* The workstation’s OS updates have not been installed
* APIPA has been misconfigured on the VLAN’s switch
The switchport is configured for 802.1q trunking
Explanation
OBJ-5.5: If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address. APIPA is not configured on the VLAN’s switch, it is configured by default on client and server devices, such as the workstation in this scenario. A small form-factor pluggable (SFP) transceiver is used on routers as a hot-pluggable network interface module, they are not used in workstations. The workstation’s OS update status is unlikely to cause the network connectivity issue, but a network interface driver might. Therefore, the most likely cause of this issue is the switchport was configured as a trunking port instead of an access port.
Which of the following ports is used by LDAP by default?
* 3389
* 427
* 389
* 53
389
Explanation
OBJ-1.5: The lightweight directory access protocol (LDAP) is a protocol used to access and update information in an X.500-style network resource directory. LDAP uses port 389. The service location protocol (SLP) is a protocol or method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. This is an alternative protocol to LDAP in newer networks. SLP uses port 427. The remote desktop protocol (RDP) is a protocol used for the remote administration of a host using a graphical user interface. RDP operates over TCP port 3389. The domain name system (DNS) protocol is the protocol used to provide names for an IP address based on their mappings in a database using TCP/UDP port 53.
The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?
* MAC filtering
* WPA personal
* WPA2 Enterprise
* WEP
WPA personal
Explanation
OBJ-4.3: Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client. MAC filtering does not use a password or preshared key. WEP uses a pre-shared key to secure a wireless network, but WPA uses a stronger encryption standard than WEP.
Which of the following levels would an error condition generate?
* 5
* 7
* 1
* 3
3
Explanation
OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.
You have just finished installing a new web application and need to connect it to your Microsoft SQL database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?
* 3389
* 1433
* 3306
* 1521
1433
Explanation
OBJ-1.5: Microsoft SQL uses ports 1433, and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). SQLnet uses ports 1521 and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.
A company owns four kiosks that are near a shopping center. The owner is concerned about someone accessing the Internet via the kiosk’s wireless network. What should be implemented to provide wireless access only to the employees working at the kiosk?
* Host-based antivirus
* MAC filtering
* Firewall
* Web Filtering
MAC filtering
Explanation
OBJ-4.3: MAC Filtering will control access to the network by restricting access to only certain devices. MAC address filtering allows you to block traffic coming from certain known machines or devices. The router uses the MAC address of a computer or device on the network to identify it and block or permit access. Traffic coming in from a specified MAC address will be filtered depending upon the policy. In this scenario, you should implement an allow list that only allows approved MAC addresses to connect to and communicate over the wireless network.
Tim, a network administrator, is configuring a test lab that consists of three routers using RIP for dynamic routing. He connects the routers in a full mesh topology. When he attempts to ping Router 1 from Router 3 using its IP address, he receives a “Destination Unreachable” error message. Which of the following is the most likely reason for the connectivity error?
* Split-horizon is misconfigured
* Improper DNS settings
* Denial of service attack
* RADIUS authentication errors
Split-horizon is misconfigured
Explanation
OBJ-5.5: Split horizon is a method used by distance vector protocols to prevent network routing loops. With split horizon, if a router receives routing information from another router, the first router will not broadcast that information back to the second router, thus preventing routing loops from occurring. If it is misconfigured, the routers could suffer a routing loop which would produce the error message received when trying to communicate with each other. The other options would not cause a communication error between the three internal routers when testing the connectivity using their IP addresses. A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network and maps a domain name to an IP address. Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.
Which encryption type MOST likely is used for securing the key exchange during a client-to-server VPN connection?
* Kerberos
* AES
* TKIP
* ISAKMP
ISAKMP
Explanation
OBJ-4.4: ISAKMP is used in IPsec, which is commonly used in securing the key exchange during the establishment of a client-to-server VPN connection. TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The Advanced Encryption Standard (AES) is a symmetric key encryption and is not used for key exchanges.
You are about to perform a major configuration upgrade to a network device. What should you have prepared in case the upgrade fails?
* Vulnerability report
* Business continuity plan
* Rollback plan
* Baseline report
Rollback plan
Explanation
OBJ-3.2: The purpose of a rollback plan is to document at every point during the deployment of a change or upgrade where you can stop the deployment and return to a known good state.
Which of the following features is supported by Kerberos but not by RADIUS?
* Tickets used to identify authenticated users
* services for authentication
* XML for cross-platform interoperability
* Signle sign-on capability
Tickets used to identify authenticated users
Explanation
OBJ-4.1: Whether you learned the in-depth details of each of these protocols during your studies or not, you should be able to answer this question by remembering that Kerberos is all about ‘tickets.’ Kerberos uses a system of tickets to allow nodes to communicate over a non-secure network and securely prove their identity. Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos is used in Windows Active Directory domains for authentication. Single sign-on (SSO) is a type of mutual authentication for multiple services that can accept the credential from one domain or service as authentication for other services. The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request.
Which of the following types of traffic flows describes network traffic that is entering your datacenter through the firewall or router?
* North
* East
* South
* West
South
Explanation
OBJ-1.7: North-South traffic or communication refers to traffic that enters or leaves the data center from a system physically residing outside the datacenter. North traffic is traffic exiting the datacenter. South traffic is traffic entering the data center. In both cases, the data is exiting or entering the data center through a firewall or other network infrastructure boundary device, such as a router. East-West traffic or communication refers to data flow within a datacenter. For example, if we are using a spine and leaf architecture, any data flow between the various servers in the datacenter, even if it goes between different leaves, would be considered east-west traffic.
