Net+ Exam 1

Question 1

Janet is a system administrator who is troubleshooting an issue with a DNS server. She notices that the security logs have filled up and must be cleared from the event viewer. She recalls this being a daily occurrence. Which of the following would BEST resolve this issue?

A. Log in to the dns server every hour to check if the logs are full

B. Delete the logs when full

C. Install an event management tool

D. Increase the maximum log size

Answer 1

C. Install an event management tool

Question 2

Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine?

1. tracert
2. ip
3. route
4. nslookup

Answer 2

route

Overall explanation
OBJ-5.3: The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.

Question 3

You have just finished installing a new web application and need to connect it to your Microsoft SQL database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?

1. 1433
2. 3306
3. 1521
4. 3389

Answer 3

1433

Overall explanation
OBJ-1.5: Microsoft SQL uses ports 1433, and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). SQLnet uses ports 1521 and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Question 4

Which of the following types of network documentation would provide a drawing of the network cabling imposed over the floorplan for an office building?

1. Site survey report
2. Wiring diagram
3. Physical network diagram
4. Logical network diagram

Answer 4

Wiring Diagram

Overall explanation
OBJ-3.2: A physical network diagram provides an overview of the physical components of a network, including devices, cables, and their interconnections. It typically includes information about the location of network devices, such as routers, switches, and servers. A logical diagram is used to illustrate the flow of data across a network and is used to show how devices communicate with each other. These logical diagrams usually include the subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments in a given network. Wiring diagrams are used to clearly label which cables are connected to which ports. The more in-depth wiring diagrams will include a floorplan or rack diagram, so you can see how the cables are run in the physical environment. A wireless site survey is the process of planning and designing a wireless network to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, and quality of service (QoS). The site survey report will contain a floorplan of the areas surveyed with the wireless coverage areas and signal strengths notated on it.

Question 5

Jason is a network manager leading a project to deploy a SAN. He is working with the vendor’s support technician to set up and configure the SAN on the enterprise network to begin SAN I/O optimization. What should Jason provide to the vendor support technician?

1. Network diagrams
2. Asset management document
3. Access to the data center
4. Baseline documents

Answer 5

Network diagrams

Overall explanation
OBJ-3.2: A network diagram is a visual representation of network architecture. It maps out the structure of a network with a variety of different symbols and line connections. This information will be important when deploying a Storage Area Network (SAN) on the enterprise network. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. Asset management is used to record and track an asset throughout its life cycle, from procurement to disposal. Access to the datacenter will only be required if the vendor’s support technician will be physically working in the datacenter and not performing a remote installation.

Question 6

What ports do FTP and SFTP utilize?

1. 22, 23
2. 20, 21
3. 21, 23
4. 21, 22

Answer 6

21, 22

Overall explanation
OBJ-1.5: FTP (File Transfer Protocol) uses ports 20 and 21. SFTP (Secure File Transfer Protocol) uses port 22. Port 23 is used by Telnet. If this were a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up. (It might also have 4-6 different pairs to match up.)

Question 7

Which of the following levels would an error condition generate?
Correct answer

3

5

1

7

Answer 7

3

Overall explanation
OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Question 8

A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?

1. Utilize netstat to locate active connections
2. Analyze packet captures
3. Review the ID3 logs on the network
4. Use Nmap to query known ports

Answer 8

2. Analyze packet captures

Overall explanation
OBJ-5.3: Packet captures contain every packet that is sent and received by the network. By using a program like Wireshark to analyze the packet captures, you can see what kind of information and metadata is contained within the packets. By conducting this type of packet analysis, an attacker (or cybersecurity analyst) can determine if software versions are being sent as part of the packets and their associated metadata.

Question 9

Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera’s security concerns? (Select TWO)

1. Disable wireless connectivity to the thermostat to ensure a hacker cannot access it
2. Upgrade the firmware of the wireless access point to the latest version to improve the security of the network
3. Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password
4. Enable two-factor authentication on the device’s website (if supported by the company)
5. Configure the thermostat to use a segregated part of the network by installing it into a screened subnet
6. Configure the thermostat to use the WEP encryption standard for additional confidentiality

Answer 9

3 and 5

Overall explanation
OBJ-2.1: The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network. While enabling two-factor authentication on the device’s website is a good practice, it will not increase the IoT device’s security. While disabling the wireless connectivity to the thermostat will ensure it cannot be hacked, it also will make the device ineffective for the customer’s normal operational needs. WEP is considered a weak encryption scheme, so you should use WPA2 over WEP whenever possible. Finally, upgrading the wireless access point’s firmware is good for security, but it isn’t specific to the IoT device’s security. Therefore, it is not one of the two BEST options.

Question 10

You are conducting a wireless penetration test against a WPA2-PSK network. Which of the following types of password attacks should you conduct to verify if the network is using any of the Top 1000 commonly used passwords?

1. Hybrid
2. Dictionary
3. Brute-force
4. Spraying

Answer 10

Dictionary

Overall explanation
OBJ-4.2: A dictionary attack is a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file. A brute-force attack consists of an attacker submitting every possible combination for a password or pin until they crack it. Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords. A hybrid attack merges a dictionary attack and a brute-force attack, but provides keywords from a list to use during the brute-force attack modifying the suffixes or prefixes.

Question 11

What type of cloud model would allow the sharing of resources by multiple organizations to create a service that benefits all of its members?

1. Community Cloud
2. Private Cloud
3. Hybrid Cloud
4. Public Cloud

Answer 11

1. Community Cloud

Overall explanation
OBJ-1.8: A community cloud in computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns, whether managed internally or by a third party and hosted internally or externally. Community Cloud is a hybrid form of private cloud. They are multi-tenant platforms that enable different organizations to work on a shared platform. Community Cloud may be hosted in a data center, owned by one of the tenants, or by a third-party cloud services provider and can be either on-site or off-site. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A private cloud contains services offered either over the Internet or a private internal network and only to select users instead of the general public. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud.

Question 12

You work for Dion Training as a physical security manager. You are concerned that the physical security at the entrance to the company is not sufficient. To increase your security, you are determined to prevent piggybacking. What technique should you implement first?

Install an RFID badge reader at the entrance

Require all employees to wear security badges when entering the building

Install CCTV to monitor the entrance

Install an access control vestibule at the entrance

Answer 12

Install an access control vestibule at the entrance

Overall explanation
OBJ-4.5: An access control vestibule, or mantrap, is a device that only allows a single person to enter per authentication. This authentication can be done by RFID, a PIN, or other methods. Once verified, the mantrap lets a single person enter through a system, such as a turnstile or rotating door. CCTV will not stop piggybacking, but it could be used as a detective control after an occurrence. Wearing security badges is useful, but it won’t stop piggybacking by a skilled social engineer. RFID badges may be used as part of your entry requirements, but it won’t stop a determined piggyback who follows an employee into the building after their authenticated RFID access has been performed.

Question 13

You just started work as a network technician at Dion Training. You have been asked to check if DHCP snooping has been enabled on one of the network devices. Which of the following commands should you enter within the command line interface?

1. show interface
2. show config
3. show route
4. show diagnostic

Answer 13

2. show config

Overall explanation
OBJ-5.3: The “show configuration” command is used on a Cisco networking device to display the device’s current configuration. This would show whether or not the DHCP snooping was enabled on this device. The “show interface” command is used on a Cisco networking device to display the statistics for a given network interface. The “show route” command is used on a Cisco networking device to display the current state of the routing table for a given network device. The “show diagnostic” command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device.

Question 14

Your company wants to create highly available datacenters. Which of the following will allow the company to continue maintaining an Internet presence at all sites if the WAN connection at their own site goes down?

1. OSPF
2. BGP
3. Load balancer
4. VRRP

Answer 14

2. BGP

Overall explanation
OBJ-2.2: If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available. Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP), therefore it will not help be able to reroute the organization’s WAN connections. The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. VRRP is used for your internal clients and will not affect the routing of traffic between WANs or autonomous systems. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle. A load balancer would work at one site, but would not allow routing of the WAN connections at all the other sites since they rely on autonomous systems and BGP is used to route traffic between autonomous systems.

Question 15

What is true concerning jumbo frames?

1. They are commonly used with DHCP
2. They are commonly used with a NAS
3. They are commonly used on a SAN
4. Their MTU size is less than 1500

Answer 15

They are commonly used on a SAN

Overall explanation
OBJ-2.3: Jumbo frames are Ethernet frames whose MTU is greater than 1500. To increase performance, you should use jumbo frames only when you have a dedicated network or VLAN, and you can configure an MTU of 9000 on all equipment. Because of this, jumbo frames are most commonly used in a storage area network (SAN).

Question 16

What is the lowest layer (bottom layer) of a bare-metal virtualization environment?

1. Guest operating system
2. Physical hardware
3. Host operating system
4. Hypervisor

Answer 16

Physical hardware

Overall explanation
OBJ-1.2: The bottom layer is physical hardware in this environment. It is what sits beneath the hypervisor and controls access to guest operating systems. The bare-metal approach doesn’t have a host operating system. A hypervisor is a program used to run and manage one or more virtual machines on a computer. A host operating system is an operating system that is running the hypervisor. A host operating system is an operating system that is running the hypervisor.

Question 17

A technician needs to ensure wireless coverage in the green space near the center of the college campus. The antenna is being installed in the middle of the field on a pole. Which type of antenna should be installed to ensure maximum coverage?

1. Unidirectional
2. Yagi
3. Omnidirectional
4. Bi-directional

Answer 17

Omnidirectional

Overall explanation
OBJ-2.4: Omnidirectional antennas send the signal out equally in all directions. Therefore, it will provide the best coverage since it is located in the center of the field. Unidirectional antennas transmit the signal in only one direction and would not provide adequate coverage. Bidirectional antennas transmit the signal in only two directions and would not provide adequate coverage. A Yagi antenna is a type of unidirectional antenna that can focus the transmission over a longer distance but would not be appropriate in this case since you need 360-degree coverage.

Question 18

A third-party vendor has just released patches to resolve a major vulnerability. There are over 100 critical devices that need to be updated. What action should be taken to ensure the patch is installed with minimal downtime?

1. Configure endpoints to automatically download and install the patches
2. Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and then immediately install it in the production environment
3. Test the patch in a lab environment and then install it in the production network during the next scheduled maintenance
4. Download and install all patches in the production network during the next scheduled maintenance period

Answer 18

Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and then immediately install it in the production environment

Overall explanation
OBJ-3.2: Patches should always be tested first. Once successfully tested, deployment to the production environment can then be accomplished.

Question 19

What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them?

1. RST
2. FIN
3. SYN
4. ACK

Answer 19

RST

Overall explanation
OBJ-1.1: A reset (RST) flag is used to terminate the connection. This type of termination of the connection is used when the sender feels that something has gone wrong with the TCP connection or that the conversation should not have existed in the first place. For example, if a system receives information that is outside of an established session, it will send a RST flag in response. A finish (FIN) flag is used to request that the connection be terminated. This usually occurs at the end of a session and allows for the system to release the reserved resources that were set aside for this connection. A synchronization (SYN) flag is set in the first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake. Once received, the receiver sends back a SYN and ACK flag set in a packet which is then sent back to the initiator to confirm they are ready to initiate the connection. Finally, the initial sender replies with an ACK flag set in a packet so that the three-way handshake can be completed and data transmission can begin.

Question 20

Which of the following ports is used by LDAP by default?

1. 427
2. 3389
3. 53
4. 389

Answer 20

389

Overall explanation
OBJ-1.5: The lightweight directory access protocol (LDAP) is a protocol used to access and update information in an X.500-style network resource directory. LDAP uses port 389. The service location protocol (SLP) is a protocol or method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. This is an alternative protocol to LDAP in newer networks. SLP uses port 427. The remote desktop protocol (RDP) is a protocol used for the remote administration of a host using a graphical user interface. RDP operates over TCP port 3389. The domain name system (DNS) protocol is the protocol used to provide names for an IP address based on their mappings in a database using TCP/UDP port 53.

Question 21

You are configuring a network to utilize SNMPv3 to send information from your network devices back to an SNMP manager. Which of the following SNMP options should you enable to ensure the data is transferred confidentially?

1. authNoPriv
2. authProtect
3. authPriv
4. authEncrypt

Answer 21

authPriv

Overall explanation
OBJ-3.1: In SNMPv3, the authPriv option ensures that the communications are sent with authentication and privacy. This uses MD5 and SHA for authentication and DES and AES for privacy and encryption.

Question 22

Which of the following levels would a debugging condition generate?

1. 1
2. 6
3. 7
4. 0

Answer 22

7

Overall explanation
OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Question 23

Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 54 Mbps?

802.11b

802.11g

802.11n

802.11a

802.11ax

802.11ac

Answer 23

802.11a

Overall explanation
OBJ-2.4: The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. Unfortunately, when this was first released, the radios to operate with this standard were fairly expensive, so it did not sell well or become widespread. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.

Question 24

Scott is a brand new network technician at Dion Training. He has been told to remote into the edge switch from his desk and enable DHCP snooping. Which of the following commands should he use?

nmap

telnet

TFTP server

ip

Answer 24

telnet

Overall explanation
OBJ-5.3: The telnet command is used to open a command-line interface on a remote computer or server. Telnet operates in plain text mode and should never be used over an untrusted or public network. While it would be better for Scott to use SSH for security reasons, telnet is still the best answer based on the options presented in this question. Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network’s clients, servers, and devices. A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface.

Question 25

Your company is currently using a 5 GHz wireless security system, so your boss has asked you to install a 2.4 GHz wireless network to use for the company’s computer network to prevent interference. Which of the following can NOT be installed to provide a 2.4 GHz wireless network?

802.11b

802.11g

802.11n

802.11ac

Answer 25

802.11ac

Overall explanation
OBJ-2.4: Wireless networks are configured to use either 2.4 GHz or 5.0 GHz frequencies, depending on the network type. 802.11a and 802.11ac both utilize a 5.0 GHz frequency for their communications. 802.11b and 802.11g both utilize a 2.4 GHz frequency for their communications. 802.11n and 802.11ax utilize either 2.4 GHz, 5.0 GHz, or both, depending on the Wi-Fi device’s manufacturer. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 5.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds.

Question 26

Which of the following technologies combines the functionality of a firewall, malware scanner, and other security appliances into one device?

IDS

IPS

Syslog

UTM

Answer 26

UTM

Overall explanation
OBJ-2.1: A Unified Threat Management (UTM) appliance enforces a variety of security-related measures, combining the work of a firewall, malware scanner, and intrusion detection/prevention. A UTM centralizes the threat management service, providing simpler configuration and reporting than isolated applications spread across several servers or devices. An intrusion detection system (IDS) is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system. Unlike an IPS, which can stop malicious activity or policy violations, an IDS can only log these issues and not stop them. An intrusion prevention system (IPS) conducts the same functions as an IDS but can also block or take actions against malicious events. A Syslog server is a server that collects diagnostic and monitoring data from the hosts and network devices across a given network.

Question 27

Andy is a network technician who is preparing to configure a company’s network. He has installed a firewall to segment his network into an internal network, a DMZ or screen subnet, and an external network. No hosts on the internal network should be directly accessible by their IP address from the Internet, but they should be able to reach remote networks if they have been assigned an IP address within the network. Which of the following IP addressing solutions would work for this particular network configuration?

APIPA

Classless

Teredo tunneling

Private

Answer 27

Private

Overall explanation
OBJ-1.4: A private IP address is an IP address reserved for internal use behind a router or other Network Address Translation (NAT) devices, apart from the public. Private IP addresses provide an entirely separate set of addresses that still allow access to a network without taking up a public IP address space. Automatic Private IP Addressing (APIPA) is a feature in operating systems (such as Windows) that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn’t reachable. Classless IP addressing solutions allow for the use of subnets that are smaller than the classful subnets associated with Class A, Class B, or Class C networks. Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network.

Question 28

You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment?

77.81.12.13

77.81.12.12

77.81.12.14

77.81.12.15

Answer 28

77.81.12.12

Overall explanation
OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /30, so each subnet will contain 4 IP addresses. Since the IP address provided is 77.81.12.14/30, the network ID is 77.81.12.12/30, the first router is 77.81.12.13/30, the second router is 77.81.12.14/30, and the broadcast address is 77.81.12.15/30.

Question 29

Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on? (SELECT TWO)

GPS location

Port security

NAC

Geo-IP

Answer 29

GPS & NAC

Overall explanation
OBJ-4.3: Network Access Control is used to identify an endpoint’s characteristics when conducting network authentication. The GPS location of the device will provide the longitude and latitude of the user, which could be compared against the GPS coordinates of the building. Port security enables an administrator to configure individual switch ports to allow only a specified number of source MAC addresses to communicate using a given switchport. This would not help to locate the individual based on their location, though. Geo-IP, or geolocation and country lookup of a host based on its IP address, would identify the country of origin of the user, but not whether they are within the building’s confines. Geo-IP is also easily tricked if the user logs in over a VPN connection.

Question 30

A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem?

1. Username is misspelled in the device configuration file
2. IDS is blocking RADIUS
3. Group policy has not propagated to the device
4. Shared secret key is mismatched
   .

Answer 30

Shared secret key is mismatched

Overall explanation
OBJ-4.1: AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems. A shared secret is a text string that serves as a password between hosts

Question 31

What is the network ID associated with the host located at 192.168.0.123/29?

1. 192.168.0.64
2. 192.168.0.120
3. 192.168.0.96
4. 192.168.0.112

Answer 31

192.168.0.120

Overall explanation
OBJ-1.4: In classless subnets using variable-length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /29, so each subnet will contain 8 IP addresses. Since the IP address provided is 192.168.0.123, it will be in the 192.168.0.120/29 network.

Question 32

The UPS that provides backup power to your server is malfunctioning because its internal battery has died. To replace the battery, you must shut down the server, unplug it from the UPS, and unplug the UPS from its power source (the wall outlet). You perform these actions but think that there has to be a better way to increase the server’s availability in the future. Which of the following recommendations would BEST increase the server’s availability based on your experience with this UPS battery replacement?

1. Install a surge protector instead
2. Replace the UPS with a generator
3. Install a second UPS in the rack
4. Add a redundant power supply to the server

Answer 32

Add a redundant power supply to the server

Overall explanation
OBJ-3.3: The BEST recommendation would be to install a redundant power supply in the server. Adding a second UPS would not solve the problem if the server still only has one power supply available. Switching from a UPS to a generator will not solve this issue, either, because generators also require scheduled maintenance and downtimes. Finally, adding a surge protector won’t provide power when you need to power off a UPS for a battery replacement.

Question 33

Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue?

1. C:\windows\system32> nslookup
2. C:\windows\system32> nbtstat –R
3. C:\windows\system32> route print
4. C:\windows\system32> ipconfig /flushdns

Answer 33

C:\windows\system32> nbtstat –R

Overall explanation
OBJ-5.3: Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the “nbtstat -R” command to purge and reload the cached name table from the LMHOST file on their Windows workstation. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.

Question 34

A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?

1. Place the server in a screened subnet or DMZ
2. Implement a split-horizon or split-view DNS
3. Configure the firewall to support dynamic NAT
4. Adjust the ACL on the firewall’s internal interface

Answer 34

Implement a split-horizon or split-view DNS

Overall explanation
OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external). Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet. An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules.

Question 35

A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem?

1. The workstation’s NIC has a bad SFP module
2. APIPA has been misconfigured on the VLAN’s switch
3. The workstation’s OS updates have not been installed
4. The switchport is configured for 802.1q trunking

Answer 35

The switchport is configured for 802.1q trunking

Overall explanation
OBJ-5.5: If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address. APIPA is not configured on the VLAN’s switch, it is configured by default on client and server devices, such as the workstation in this scenario. A small form-factor pluggable (SFP) transceiver is used on routers as a hot-pluggable network interface module, they are not used in workstations. The workstation’s OS update status is unlikely to cause the network connectivity issue, but a network interface driver might. Therefore, the most likely cause of this issue is the switchport was configured as a trunking port instead of an access port.

Question 36

Lynne is a home user who would like to share music throughout the computers in her house using an external USB hard drive connected to a router that she purchased over a year ago. The manufacturer states that the router can recognize drives up to 4TB in size, but she cannot get her 3TB hard drive to show up on the network. Which of the following should Lynne do to solve this issue?

1. Load the latest hardware drivers for her USB drive
2. Download a new music player on her computers
3. Install the latest OS on her computers
4. Flash the latest firmware for her router

Answer 36

Flash the latest firmware for her router

Overall explanation
OBJ-5.5: Routers can be updated by conducting a firmware flash. This is similar to upgrading or patching your computer’s operating system or even updating a device driver. By flashing the firmware, it can provide the ability to communicate with newer devices and remove known software vulnerabilities from the device.

Question 37

An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following:

DIONRTR01# show interface eth 1/1

GigabitEthernet 1/1 is up, line is up

Hardware is GigabitEthernet, address is 000F.33CC.F13A

Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx

Member of L2 VLAN 1, port is untagged, port state is forwarding

Which of the following actions should be taken to improve the network performance for this WAN connection?

1. Configure the interface to use full-duplex
2. Assign the interface a 802.1q tag to its own VLAN
3. Shutdown and then re-enable this interface
4. Replace eth1/1 with a 1000Base-T transceiver

Answer 37

Assign the interface a 802.1q tag to its own VLAN

Overall explanation
OBJ-5.5: The WAN interface (eth 1/1) is currently untagged and is being assigned to the default VLAN (VLAN 1). If there are numerous devices in the default VLAN, the VLAN may be overloaded or oversubscribed leading to a reduction in the network performance. To solve this issue, you would assign the WAN interface to a VLAN with less traffic or to its own VLAN. By adding an 802.1q tag (VLAN tag) to the interface, you can assign it to its own individual VLAN and eliminate potential overloading or oversubscription issues. The interface is already set to full-duplex (fdx) and it operating in full-duplex (fdx). Therefore, the issue is not a duplexing mismatch. The configuration shows that the interface is already using a GigabitEthernet, so you do not need to replace the transceiver with a 1000Base-T module. Also, the physical layer is working properly and a link is established, as shown by the output “GigabitEthernet 1/1 is up”, showing the current transceiver is functioning properly at 1 Gbps. While issuing the shutdown command and then re-enabling the interface could clear any errors, based on the interface status shown we have no indications that errors are being detected or reported.

Question 38

You are working as a wireless networking technician and have been sent to a user’s home to install a brand new 802.11ac wireless access point to replace their old access point. To ensure all of the current devices on the network will automatically connect to the new network, you set the SSID, encryption type, and password to the same ones as the existing access point. You turn the new access point on and notice most of the devices connect automatically, but one older wireless printer won’t connect. You notice that the printer is about 7 years old, but the user says it has always worked great over the old wireless network. What is the MOST likely reason that the printer will not connect to the new access point?

1. The access point and the wireless printer have a frequency mismatch
2. The incorrect channel is configured on the access point
3. The transmit power on the access point is too low
4. The wireless printer is configured with the wrong password

Answer 38

The access point and the wireless printer have a frequency mismatch

Overall explanation
OBJ-5.4: Wireless B/G networks utilize 2.4 GHz, while Wireless AC uses 5.0 GHz. Wireless N can support both 2.4 GHz and 5.0 GHz frequencies. The most likely cause of the issue is that the older access point supported both 2.4 GHz (for older devices) and 5.0 GHz (for newer devices). Since you installed a brand new 802.11ac access point, it is only broadcasting at 5.0 GHz and is preventing the older printer from connecting due to a frequency mismatch. Since the other devices are all connected to it without any issues, it is unlikely to be an issue with the transmission power or the password. With Wireless AC, the channel is automatically configured by the access point by default since there are 24 non-overlapping channels to choose from, making it an unlikely source of this issue.

Question 39

Which of the following applies to data as it travels from Layer 1 to Layer 7 of the OSI model?

1. Tagging
2. Encapsulation
3. De-encapsulation
4. Tunneling

Answer 39

De-encapsulation

Overall explanation
OBJ-1.1: Data encapsulation and de-encapsulation in a computer network is a necessary process. De-encapsulation in networking is performed at the receiver side or destination side as data moves from layer 1 to layer 7 of the OSI model. As information travels up the layers of the OSI layer, information added from the sender’s encapsulation process is removed layer by layer. Data encapsulation, on the other hand, is performed at the sender side while the data packet is transmitted from source host to destination host. This is a process through which information is added to the data as it moved from layer 7 to layer 1 of the OSI model before the data is sent over the network to the receiver. Tagging is used in 802.1q to identify ethernet traffic as part of a specific VLAN. This occurs at Layer 2 of the OSI model and remains at Layer 2 of the OSI model. Tunneling is the process by which VPN packets reach their intended destination. This normally occurs using the IPsec or TLS protocols and occurs at Layer 2 of the OSI model.

Question 40

A client has asked you to provide their local office with the BEST solution for a wireless network based on their requirements. The client has stated that their users will need a wireless network that provides a maximum of 54 Mbps of bandwidth and operates in the 2.4GHz frequency band. Which of the following wireless network types should you install to meet their needs?

1. 802.11g
2. 802.11ac
3. 802.11b
4. 802.11a

Answer 40

802.11g

Overall explanation
OBJ-2.4: 802.11g provides transmission over short distances at up to 54 Mbps in the 2.4 GHz band. It is backward compatible with 802.11b (which only operates at 11 Mbps). While an 802.11ac network would be the fastest solution, it does not operate in the 2.4 GHz frequency band. 802.11a operates in the 5 GHz frequency band at up to 54 Mbps. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. The 2.4 GHz frequency band is used by 802.11b, 802.11g, and 802.11n. The 5 GHz frequency band is used by 802.11a, 802.11n, 802.11ac, and 802.11ax. The 6 GHz frequency band is used by Wi-Fi 6E under the 802.11ax standard.

Question 41

Which type of wireless technology are OFDM, QAM, and QPSK examples of?

1. Modulation
2. RF interference
3. Frequency
4. Spectrum

Answer 41

Modulation

Overall explanation
OBJ-2.4: Modulation is the process of varying one or more properties of a periodic waveform, called the carrier signal, with a separate signal called the modulation signal that typically contains information to be transmitted. WiFi can use different digital modulation schemes for data transmission. Common types of modulation include Orthogonal frequency-division multiplexing (OFDM), Quadrature Amplitude Modulation (QAM), and Quadrature Phase-shift keying (PSK). Frequency is the number of occurrences of a repeating event per unit of time. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. Interference occurs when two radios are transmitting or receiving on the same frequencies. Spectrum refers to the range of frequencies used by a radio transmitter or receiver, such as the 2.4 GHz spectrum which includes frequencies from 2.412 GHz to 2.472 GHz in the United States.

Question 42

Which of the following terms represents the maximum amount of data, as measured in time, that an organization is willing to lose during an outage?

1. MTTR
2. MTBF
3. RPO
4. RTO

Answer 42

RPO

Overall explanation
OBJ-3.3: The recovery point objective (RPO) is the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or tolerance. The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in continuity. The mean time to repair (MTTR) measures the average time it takes to repair a network device when it breaks. The mean time between failures (MTBF) measures the average time between when failures occur on a device.

Question 43

Dion Training utilizes a wired network throughout the building to provide network connectivity. Jason is concerned that a visitor might plug their laptop into a CAT 5e wall jack in the lobby and access the corporate network. What technology should be utilized to prevent users from gaining access to network resources if they can plug their laptops into the network?

1. VPN
2. DMZ
3. UTM
4. NAC

Answer 43

NAC

Overall explanation
OBJ-4.1: Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology, the user or system authentication, and network security enforcement. NAC restricts the data that each particular user can access and implements anti-threat applications such as firewalls, anti-virus software, and spyware detection programs. NAC also regulates and restricts the things individual subscribers or users can do once they are connected. If a user is unknown, the NAC can quarantine the device from the network upon connection. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted network such as the Internet. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Unified threat management (UTM) provides multiple security features (anti-virus, anti-spam, content filtering, and web filtering) in a single device or network appliance.

Question 44

You just heard of a new ransomware attack that has been rapidly spreading across the internet that takes advantage of a vulnerability in the Windows SMB protocol. To protect your network until Microsoft releases a security update, you want to block the port for SMB at your firewall to prevent becoming a victim of this attack. Which of the following ports should you add to your blocklist?

1. 445
2. 514
3. 123
4. 143

Answer 44

445

Overall explanation
OBJ-1.5: Server Message Block (SMB) uses ports 139 and 445, and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments. When the WannaCry ransomware was spreading rapidly across the internet, you could help protect your organization’s network by blocking ports 139 and 445 at your firewall to prevent your machines from getting infected over the internet. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

Question 45

Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network?

1. Hybrid
2. Ring
3. Bus
4. Star

Answer 45

Hybrid

Overall explanation
OBJ-1.2: A hybrid topology is a kind of network topology that is a combination of two or more network topologies, such as mesh topology, bus topology, and ring topology. A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring. The WAN connections are using a ring network topology, but each office is using a star topology. Therefore, the best description of this combined network is a hybrid topology.

Question 46

Which type of wireless network utilizes the 2.4 GHz frequency band and reaches speeds of up to 54 Mbps?

1. 802.11ac
2. 802.11b
3. 802.11g
4. 802.11n
5. 802.11ax
6. 802.11a

Answer 46

802.11g

Overall explanation
OBJ-2.4: The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AX uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AX uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AX uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AX also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.