Net+ Exam 2 Flashcards
Which of the following ports does SIP use?
5060/5061
389/636
139/445
80/443
5060/5061
Overall explanation
OBJ-1.5: Session Initiation Protocol (SIP) uses ports 5060 and 5061, and is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications. The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. HTTPS, the secured version of HTTP, uses port 443. The Lightweight Directory Access Protocol (LDAP) uses port 389 and is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. LDAPS, the secured version of LDAP, uses port 636. Server Message Block (SMB) uses ports 139 and 445 and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments
Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if any of the Dion Training employees use the same Ethernet port in the conference room, they should access Dion Training’s secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?
MAC filtering
Create an ACL to allow access
Implement NAC
Configure a SIEM
Implement NAC
Overall explanation
OBJ-4.3: Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access. Network Access Control can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. In this scenario, implementing NAC can identify which machines are known and trusted Dion Training assets and provide them with access to the secure internal network. NAC could also determine unknown machines (assumed to be those of CompTIA employees) and provide them with direct internet access only by placing them onto a guest network or VLAN. While MAC filtering could be used to allow or deny access to the network, it cannot by itself control which set of network resources could be utilized from a single ethernet port. A security information and event management (SIEM) system provides real-time analysis of security alerts generated by applications and network hardware. An access control list could define what ports, protocols, or IP addresses the ethernet port could be utilized. Still, it would be unable to distinguish between a Dion Training employee’s laptop and a CompTIA employee’s laptop like a NAC implementation could.
Which of the following layers is NOT used in a three-tiered data center network architecture?
Access/edge layer
Core layer
Control layer
Distribution/aggregation layer
Control layer
Overall explanation
OBJ-1.7: The control layer is used in software-defined networking (SDN), not the three-tiered data center network architecture. The Core Layer is considered the backbone of our network and is used to merge geographically separated networks back into one logical and cohesive unit. In general, you will have at least two routers at the core level, operating in a redundant configuration. The distribution or aggregation layer is located under the core layer and it provides boundary definition by implementing access lists and filters to define the policies for the network at large. The access or edge layer is located beneath the distribution or aggregation layer and is used to connect all the endpoint devices like computers, laptops, servers, printers, wireless access points, and others
An outside organization has completed a penetration test for a company. One of the report items states that an attacker may have the ability to read TLS traffic from the webserver due to a software bug. What is the MOST likely mitigation for this reported item?
Implement a VPN for employees
Install an IDS on the network
Ensure patches are deployed
Configure the firewall to block traffic on port 443
Ensure patches are deployed
Overall explanation
OBJ-4.3: A patch is designed to correct a known bug or fix a known vulnerability. Since the server is allowing an attacker to read TLS traffic, which should be encrypted and unreadable, this is a software bug in the webserver’s code that must be fixed using a patch. An intrusion detection system is a device or software application that monitors and reports on any malicious activity or policy violations on a network or system. An IDS would not mitigate or stop the attacker from reading the TLS traffic, it would only report that it is occurring. A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules to establish a barrier between a trusted and untrusted network. If you configured the firewall to block traffic on port 443 (HTTPS/SSL/TLS), it would block all of the webserver’s legitimate users, as well. A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A VPN would not stop an attacker from being able to read the TLS traffic from the webserver.
The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following devices would BEST handle the rerouting caused by the disruption of service?
Layer 2 switch
Proxy server
Layer 3 switch
Smart hub
Layer 3 switch
Overall explanation
OBJ-2.1: A layer 3 switch is the best option because, in addition to its capability of broadcast traffic reduction, it provides fault isolation and simplified security management. This is achieved through the use of IP address information to make routing decisions when managing traffic between LANs. Multicast and unicast are layer 3 messaging flows, so you need a router or layer 3 switch to route them across the network. A smart hub is a layer 1 device. A proxy server operates at layer 4, but would still require a router or layer 3 switch to route the traffic.
Which of the following communication types are used in IPv6 to send a packet to the nearest interface that shares a common address in a routing table?
Multicast
Broadcast
Anycast
Unicast
Anycast
Overall explanation
OBJ-1.4: An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the “nearest” interface having that address, according to the router’s routing table. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. Multicast can be used with both IPv4 and IPv6. Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.
A customer is trying to configure an 802.11b wireless card in an old laptop to connect to an 802.11g wireless router. When the customer scans for the wireless network’s SSID (Dion-Corp), it is not displayed within Windows. What is the MOST likely reason that the SSID is not being displayed?
The wireless router is configured with WPA2 encryption
The broadcast is disabled on the wireless router
The wireless router is not configured for DHCP support
802.11g and 802.11b use different frequencies
The broadcast is disabled on the wireless router
Overall explanation
OBJ-5.4: If the SSID (Secure Set Identifier) is disabled, then the wireless network name will not be broadcast to any available devices within range. Both Wireless B and G use the same frequency band (2.4 GHz) and would not cause this issue. Similarly, encryption that is enabled or disabled would not affect the SSID broadcast since the SSID is sent out in cleartext. DHCP support is used once a device connects to the network. Therefore it would not affect the SSID broadcast.
You have been asked by your supervisor, Tamera, to ensure that you enable 802.3af on a managed switch. Which of the following features does she want you to enable?
Trunking
Port bonding
VLAN
PoE
PoE
Overall explanation
OBJ-2.3: The IEEE 802.3af standard defines power over Ethernet (PoE) and supports 15.4W of DC power to each device. The IEEE 802.3at standard defines PoE+ and supports 25.5W of DC power to each device. Power over Ethernet or PoE technology describes a system to safely transfer electrical power, along with data, to remote devices over standard data cables in an Ethernet network. Port bonding, or link aggregation, is part of the 802.3ad standard. Port bonding is the combining of multiple network connections in parallel by any of several methods, in order to increase throughput beyond what a single connection could sustain, to provide redundancy in case one of the links should fail, or both. VLANs are part of the 802.1q standard. A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). Trunking is also covered by the 802.1q protocol and supports VLANs.
Which of the following IEEE specifications describes the use of network authentication?
802.3af
802.1d
802.1x
802.3ad
802.1x
Overall explanation
OBJ-2.3: The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af.
The administrator modifies a rule on the firewall, and now all the FTP users cannot access the server any longer. The manager calls the administrator and asks what caused the extreme downtime for the server. In regards to the manager’s inquiry, what did the administrator forget to do first?
Schedule a maintenance window
Submit a change request
Document the changes
Provide notification of change to users
Submit a change request
Overall explanation
OBJ-3.2: A change request should be submitted through the change management process prior to any changes being made. Change management is a systematic approach to dealing with the transition or transformation of an organization’s goals, processes, or technologies.
Which of the following IEEE specifications describes the use of VLANs?
802.1d
802.3af
802.1x
802.1q
802.1q
Overall explanation
OBJ-2.3: 802.1Q is the networking standard that supports virtual LANs on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that results from them. STP is defined in the IEEE 802.1d standard.
Which of the following provides accounting, authorization, and authentication via a centralized privileged database, as well as challenge/response and password encryption?
TACACS+
Network access control
ISAKMP
Multi-factor authentication
TACACS+
Overall explanation
OBJ-4.1: TACACS+ is a AAA (accounting, authorization, and authentication) protocol to provide AAA services for access to routers, network access points, and other networking devices. TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server. Multifactor authentication is an authentication scheme that works based on something you know, something you have, something you are, something you do, or somewhere you are. These schemes can be made stronger by combining them (for example, protecting the use of a smart card certification [something you have] with a PIN [something you know]). Network Access Control (NAC) is a means of ensuring endpoint security by ensuring that all devices connecting to the network conform to a health policy such as its patch level, antivirus/firewall configuration, and other factors. Internet Security Association and Key Management Protocol (ISAKMP) is used for negotiating, establishing, modification, and deletion of SAs and related parameters in the IPSec protocol.
Which of the following is a connectionless protocol?
ICMP
SSH
SSL
TCP
ICMP
Overall explanation
OBJ-1.5: A connectionless protocol is a form of data transmission in which data is transmitted automatically without determining whether the receiver is ready or even whether a receiver exists. ICMP, UDP, IP, and IPX are well-known examples of connectionless protocols. TCP, SSH, and SSL are all examples of connection-oriented protocols.
A technician is troubleshooting a workstation connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology?
Document the findings and provide a plan of action
Remove the ARP entry on the user’s workstation
Identify a suitable time to resolve the connectivity issue
Duplicate the issue in a lab by adding a static ARP entry
Remove the ARP entry on the user’s workstation
Overall explanation
OBJ-5.1: Based on the network troubleshooting methodology, you should try to test your theory to determine the cause once you have established a theory of probable cause. In this scenario, the technician has a theory that the static ARP entry is the cause of the problem. Since this issue has already caused the workstation not to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn’t fix the issue, you would need to develop a new hypothesis to test. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.
Tamera is troubleshooting a mail server connectivity issue and needs to review the MX records for DionTraining.com. Which of the following tools should she utilize?
route
telnet
nslookup
arp
nslookup
Overall explanation
OBJ-5.3: The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The telnet command is used to open a command-line interface on a remote computer or server. Telnet operates in plain text mode and should never be used over an untrusted or public network.
Which of the following technologies deliver multiple voice calls over a copper wire if you have an ISDN or T-1 connection?
CSMA/CD
Time-division spread spectrum
Time-division multiplexing
Analog circuit switching
Time-division multiplexing
Overall explanation
OBJ-1.2: Time-division multiplexing allows for two or more signals or bitstreams to be transferred in what appears to be simultaneous sub-channels in one communication channel but is physically taking turns on the channel. This is the technology used in a single PRI (ISDN or T-1) service to essentially share a single cable but pass multiple voice calls over it. Analog circuit switching is used by telephone providers on the Public Switched Telephone Network (PSTN), not with ISDN or T-1 connections. Time-division spread spectrum is not a real thing, spread spectrum is used in Wi-Fi, but it is based on frequency and not time. CSMA/CD is the carrier sense multiple access collision detection that is used for ethernet access at layer 2 of the OSI model. CSMA/CD is not used with ISDN or T-1 connections.