Net+ Exam 2

Question 1

Which of the following ports does SIP use?

5060/5061

389/636

139/445

80/443

Answer 1

5060/5061

Overall explanation
OBJ-1.5: Session Initiation Protocol (SIP) uses ports 5060 and 5061, and is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications. The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. HTTPS, the secured version of HTTP, uses port 443. The Lightweight Directory Access Protocol (LDAP) uses port 389 and is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. LDAPS, the secured version of LDAP, uses port 636. Server Message Block (SMB) uses ports 139 and 445 and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments

Question 2

Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if any of the Dion Training employees use the same Ethernet port in the conference room, they should access Dion Training’s secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?

MAC filtering

Create an ACL to allow access

Implement NAC

Configure a SIEM

Answer 2

Implement NAC

Overall explanation
OBJ-4.3: Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access. Network Access Control can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. In this scenario, implementing NAC can identify which machines are known and trusted Dion Training assets and provide them with access to the secure internal network. NAC could also determine unknown machines (assumed to be those of CompTIA employees) and provide them with direct internet access only by placing them onto a guest network or VLAN. While MAC filtering could be used to allow or deny access to the network, it cannot by itself control which set of network resources could be utilized from a single ethernet port. A security information and event management (SIEM) system provides real-time analysis of security alerts generated by applications and network hardware. An access control list could define what ports, protocols, or IP addresses the ethernet port could be utilized. Still, it would be unable to distinguish between a Dion Training employee’s laptop and a CompTIA employee’s laptop like a NAC implementation could.

Question 3

Which of the following layers is NOT used in a three-tiered data center network architecture?

Access/edge layer

Core layer

Control layer

Distribution/aggregation layer

Answer 3

Control layer

Overall explanation
OBJ-1.7: The control layer is used in software-defined networking (SDN), not the three-tiered data center network architecture. The Core Layer is considered the backbone of our network and is used to merge geographically separated networks back into one logical and cohesive unit. In general, you will have at least two routers at the core level, operating in a redundant configuration. The distribution or aggregation layer is located under the core layer and it provides boundary definition by implementing access lists and filters to define the policies for the network at large. The access or edge layer is located beneath the distribution or aggregation layer and is used to connect all the endpoint devices like computers, laptops, servers, printers, wireless access points, and others

Question 4

An outside organization has completed a penetration test for a company. One of the report items states that an attacker may have the ability to read TLS traffic from the webserver due to a software bug. What is the MOST likely mitigation for this reported item?

Implement a VPN for employees

Install an IDS on the network

Ensure patches are deployed

Configure the firewall to block traffic on port 443

Answer 4

Ensure patches are deployed

Overall explanation
OBJ-4.3: A patch is designed to correct a known bug or fix a known vulnerability. Since the server is allowing an attacker to read TLS traffic, which should be encrypted and unreadable, this is a software bug in the webserver’s code that must be fixed using a patch. An intrusion detection system is a device or software application that monitors and reports on any malicious activity or policy violations on a network or system. An IDS would not mitigate or stop the attacker from reading the TLS traffic, it would only report that it is occurring. A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules to establish a barrier between a trusted and untrusted network. If you configured the firewall to block traffic on port 443 (HTTPS/SSL/TLS), it would block all of the webserver’s legitimate users, as well. A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A VPN would not stop an attacker from being able to read the TLS traffic from the webserver.

Question 5

The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following devices would BEST handle the rerouting caused by the disruption of service?

Layer 2 switch

Proxy server

Layer 3 switch

Smart hub

Answer 5

Layer 3 switch

Overall explanation
OBJ-2.1: A layer 3 switch is the best option because, in addition to its capability of broadcast traffic reduction, it provides fault isolation and simplified security management. This is achieved through the use of IP address information to make routing decisions when managing traffic between LANs. Multicast and unicast are layer 3 messaging flows, so you need a router or layer 3 switch to route them across the network. A smart hub is a layer 1 device. A proxy server operates at layer 4, but would still require a router or layer 3 switch to route the traffic.

Question 6

Which of the following communication types are used in IPv6 to send a packet to the nearest interface that shares a common address in a routing table?

Multicast

Broadcast

Anycast

Unicast

Answer 6

Anycast

Overall explanation
OBJ-1.4: An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the “nearest” interface having that address, according to the router’s routing table. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. Multicast can be used with both IPv4 and IPv6. Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.

Question 7

A customer is trying to configure an 802.11b wireless card in an old laptop to connect to an 802.11g wireless router. When the customer scans for the wireless network’s SSID (Dion-Corp), it is not displayed within Windows. What is the MOST likely reason that the SSID is not being displayed?

The wireless router is configured with WPA2 encryption

The broadcast is disabled on the wireless router

The wireless router is not configured for DHCP support

802.11g and 802.11b use different frequencies

Answer 7

The broadcast is disabled on the wireless router

Overall explanation
OBJ-5.4: If the SSID (Secure Set Identifier) is disabled, then the wireless network name will not be broadcast to any available devices within range. Both Wireless B and G use the same frequency band (2.4 GHz) and would not cause this issue. Similarly, encryption that is enabled or disabled would not affect the SSID broadcast since the SSID is sent out in cleartext. DHCP support is used once a device connects to the network. Therefore it would not affect the SSID broadcast.

Question 8

You have been asked by your supervisor, Tamera, to ensure that you enable 802.3af on a managed switch. Which of the following features does she want you to enable?

Trunking

Port bonding

VLAN

PoE

Answer 8

PoE

Overall explanation
OBJ-2.3: The IEEE 802.3af standard defines power over Ethernet (PoE) and supports 15.4W of DC power to each device. The IEEE 802.3at standard defines PoE+ and supports 25.5W of DC power to each device. Power over Ethernet or PoE technology describes a system to safely transfer electrical power, along with data, to remote devices over standard data cables in an Ethernet network. Port bonding, or link aggregation, is part of the 802.3ad standard. Port bonding is the combining of multiple network connections in parallel by any of several methods, in order to increase throughput beyond what a single connection could sustain, to provide redundancy in case one of the links should fail, or both. VLANs are part of the 802.1q standard. A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). Trunking is also covered by the 802.1q protocol and supports VLANs.

Question 9

Which of the following IEEE specifications describes the use of network authentication?

802.3af

802.1d

802.1x

802.3ad

Answer 9

802.1x

Overall explanation
OBJ-2.3: The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af.

Question 10

The administrator modifies a rule on the firewall, and now all the FTP users cannot access the server any longer. The manager calls the administrator and asks what caused the extreme downtime for the server. In regards to the manager’s inquiry, what did the administrator forget to do first?

Schedule a maintenance window

Submit a change request

Document the changes

Provide notification of change to users

Answer 10

Submit a change request

Overall explanation
OBJ-3.2: A change request should be submitted through the change management process prior to any changes being made. Change management is a systematic approach to dealing with the transition or transformation of an organization’s goals, processes, or technologies.

Question 11

Which of the following IEEE specifications describes the use of VLANs?

802.1d

802.3af

802.1x

802.1q

Answer 11

802.1q

Overall explanation
OBJ-2.3: 802.1Q is the networking standard that supports virtual LANs on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that results from them. STP is defined in the IEEE 802.1d standard.

Question 12

Which of the following provides accounting, authorization, and authentication via a centralized privileged database, as well as challenge/response and password encryption?

TACACS+

Network access control

ISAKMP

Multi-factor authentication

Answer 12

TACACS+

Overall explanation
OBJ-4.1: TACACS+ is a AAA (accounting, authorization, and authentication) protocol to provide AAA services for access to routers, network access points, and other networking devices. TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server. Multifactor authentication is an authentication scheme that works based on something you know, something you have, something you are, something you do, or somewhere you are. These schemes can be made stronger by combining them (for example, protecting the use of a smart card certification [something you have] with a PIN [something you know]). Network Access Control (NAC) is a means of ensuring endpoint security by ensuring that all devices connecting to the network conform to a health policy such as its patch level, antivirus/firewall configuration, and other factors. Internet Security Association and Key Management Protocol (ISAKMP) is used for negotiating, establishing, modification, and deletion of SAs and related parameters in the IPSec protocol.

Question 13

Which of the following is a connectionless protocol?

ICMP

SSH

SSL

TCP

Answer 13

ICMP

Overall explanation
OBJ-1.5: A connectionless protocol is a form of data transmission in which data is transmitted automatically without determining whether the receiver is ready or even whether a receiver exists. ICMP, UDP, IP, and IPX are well-known examples of connectionless protocols. TCP, SSH, and SSL are all examples of connection-oriented protocols.

Question 14

A technician is troubleshooting a workstation connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology?

Document the findings and provide a plan of action

Remove the ARP entry on the user’s workstation

Identify a suitable time to resolve the connectivity issue

Duplicate the issue in a lab by adding a static ARP entry

Answer 14

Remove the ARP entry on the user’s workstation

Overall explanation
OBJ-5.1: Based on the network troubleshooting methodology, you should try to test your theory to determine the cause once you have established a theory of probable cause. In this scenario, the technician has a theory that the static ARP entry is the cause of the problem. Since this issue has already caused the workstation not to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn’t fix the issue, you would need to develop a new hypothesis to test. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

Question 15

Tamera is troubleshooting a mail server connectivity issue and needs to review the MX records for DionTraining.com. Which of the following tools should she utilize?

route

telnet

nslookup

arp

Answer 15

nslookup

Overall explanation
OBJ-5.3: The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The telnet command is used to open a command-line interface on a remote computer or server. Telnet operates in plain text mode and should never be used over an untrusted or public network.

Question 16

Which of the following technologies deliver multiple voice calls over a copper wire if you have an ISDN or T-1 connection?

CSMA/CD

Time-division spread spectrum

Time-division multiplexing

Analog circuit switching

Answer 16

Time-division multiplexing

Overall explanation
OBJ-1.2: Time-division multiplexing allows for two or more signals or bitstreams to be transferred in what appears to be simultaneous sub-channels in one communication channel but is physically taking turns on the channel. This is the technology used in a single PRI (ISDN or T-1) service to essentially share a single cable but pass multiple voice calls over it. Analog circuit switching is used by telephone providers on the Public Switched Telephone Network (PSTN), not with ISDN or T-1 connections. Time-division spread spectrum is not a real thing, spread spectrum is used in Wi-Fi, but it is based on frequency and not time. CSMA/CD is the carrier sense multiple access collision detection that is used for ethernet access at layer 2 of the OSI model. CSMA/CD is not used with ISDN or T-1 connections.

Question 17

Which of the following layers within software-defined networking focuses on resource requests or information about the network?

Application layer

Infrastructure layer

Management plane

Control layer

Answer 17

Application layer

Overall explanation
OBJ-1.7: The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.

Question 18

Which of the following encryption types was used by WPA to better secure wireless networks than WEP?

CCMP

IV

AES

TKIP

Answer 18

TKIP

Overall explanation
OBJ-2.4: Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.

Question 19

An organization has hired you to upgrade its wired computer network. The network currently uses static routing for the internal network, but the organization wants to reconfigure it to use a dynamic routing protocol. The new dynamic routing protocol must support both IPv4 and VLSM. Based on the requirements provided, which of the following routing protocols should you enable and configure?

OSPF

VRRP

RIPv1

HSRP

Answer 19

OSPF

Overall explanation
OBJ-2.2: Only OSPF supports IPv4 and VLSM (Variable Length Subnet Mask) from the options provided in this question. Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP). VRRP, RIPv1, and HSRP do not support VLSM. The Virtual Router Redundancy Protocol is a computer networking protocol that provides for automatic assignment of available Internet Protocol routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. The Hot Standby Router Protocol is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway. The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from source to destination. While RIPv1 does not support VLSM, RIPv2 does support VLSM but was not an option in this question.

Question 20

Dion Training installed a new router 183 days ago and it stopped working today due to a faulty power supply. The network technicians replaced the power supply and the router was returned to service within 4 hours. Which of the following terms would BEST represent the 183 days in this scenario?

RTO

RPO

MTTR

MTBF

Answer 20

MTBF

Overall explanation
OBJ-3.3: The mean time between failures (MTBF) measures the average time between when failures occur on a device. The mean time to repair (MTTR) measures the average time it takes to repair a network device when it breaks. The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in continuity. The recovery point objective (RPO) is the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or tolerance.

Question 21

Your company has several small branch offices around the country, but you work as a network administrator at the centralized headquarters building. You need the capability of being able to remotely access any of the remote site’s routers to configure them without having to fly to each location in person. Your company’s CIO is worried that allowing remote access could allow an attacker to gain administrative access to the company’s network devices. Which of the following is the MOST secure way to prevent this from occurring while still allowing you to access the devices remotely?

Configure the remote router’s ACLs to only permit Telnet traffic

Configure the remote router’s ACLs to only permit HTTP traffic

Install an out-of-band modem

Create an out-of-band management network

Answer 21

Create an out-of-band management network

Overall explanation
OBJ-4.4: You should create an out-of-band management network and use an SSH (console) connection to reach the routers. Out-of-band (OOB) management is a method of remotely controlling and managing critical IT assets and network equipment using a secure connection through a secondary interface that is physically separate from the primary network connection. Telnet and HTTP are not encrypted channels and should not be used for remote connections. Using a modem is also a bad security practice since these are subject to war dialing and provide slow connectivity speeds.

Question 22

A wireless networking technician has completed an assessment of a wireless network and documented the detected signal strengths in various locations. Which of the following best describes this document?

Site survey report

Network baseline

Audit report

Logical network diagram

Answer 22

Site survey report

Overall explanation
OBJ-3.2: A wireless site survey report will usually take the form of a floorplan with a color-coded series of rings on it to show the signal strengths of wireless network signals in various locations. This is often referred to as a “heat map” by technicians. The technician performing the survey will document this information and use it as a tool during troubleshooting and optimization efforts concerning the wireless coverage in a specific office or building. A logical network diagram illustrates the flow of information through a network and shows how devices communicate with each other. It typically includes elements like subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments. Network baselining is the act of measuring and rating the performance of a network in real-time situations. Providing a network baseline requires testing and reporting of the physical connectivity, normal network utilization, protocol usage, peak network utilization, and average throughput of the network usage. A network audit entails collecting data, identifying threats and areas of weakness, and compiling a formal audit report. This report is then sent on to network administrators and other relevant parties.

Question 23

Jason, a network technician, is troubleshooting a single-mode fiber that provides network connectivity to a remote site. He sees that the link light is off on the router’s network interface, and suspects that the fiber may have a break somewhere between his router and the remote site. Single-mode fiber is not providing network connectivity to a remote site. Which of the following tools could be used to identify the location of the break in the fiber?

Media converter

OTDR

Tone generator

Light meter

Answer 23

OTDR

Overall explanation
OBJ-5.2: An Optical Time Domain Reflectometer (OTDR) is used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR can identify if a fiber cable is broken and provide an approximate location for the break in meters or feet. A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located. A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A tone generator is used with copper cables, not fiber optic cables. A media converter is a layer 1 networking device that connects two different media types, such as a copper twisted pair cable and a fiber optic cable.

Question 24

A technician is tasked with troubleshooting a network’s slowness. While troubleshooting, the technician is unable to ping any external websites. Users report they can access the sites using the web browsers. What is the MOST likely cause of the failed pings?

TACACS+ is misconfigured on this network

Jumbo frames are not enabled on the network

ICMP traffic being blocked by the firewall

A VLAN hopping attack is being conducted

Answer 24

ICMP traffic being blocked by the firewall

Overall explanation
OBJ-5.3: Many companies block ICMP at the firewall, causing ping to fail since it relies on ICMP. If the user can access the site in the web browser but cannot when using ping, then ICMP is most likely being blocked by the firewall. Jumbo frames are any frames larger than 1500 bytes, which is the default MTU size on most networks. VLANs are logical segments of the local area network. TACACS+ is used for remote authentication.

Question 25

Which of the following components is used by an agent to send a complete set of key-pair values about a significant event or condition that is occurring in real-time by providing a full list of variables and values for a given device to a manager?

OID

MIB

Verbose trap

Granular trap

Answer 25

Verbose trap

Overall explanation
OBJ-3.1: The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. A verbose trap may contain all the information about a given alert or event as its payload. A granular trap contains a unique object identifier (OID) number and a value for that OID. A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network. A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol. The management information base (MIB) is a translation file that is used to describe the structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers (OID).

Question 26

A network administrator recently set up a network computer lab and discovered some connectivity issues. The administrator can ping the fiber uplink interface, but none of the new workstations plugged into the switch are responding to the technician’s ICMP requests. Which of the following actions should the technician perform next?

Determine if port security is enabled on the ports

Verify that the uplink interface is configured correctly

Verify the ports on the switch are full-duplex

Determine if the link lights are lit for the ports

Answer 26

Determine if the link lights are lit for the ports

Overall explanation
OBJ-5.2: A technician can use the LEDs on the switchports to quickly monitor activity and performance for the interfaces. By determining if the link lights are lit for the ports, the administrator can verify if there is any activity on the network, if the ports are enabled, and if the Layer 1 components are working properly. Additionally, some switches have LEDs to indicate if the switchport is operating in half-duplex or full-duplex, and the speed of the link.

Question 27

Which of the following is the BEST way to regularly prevent different security threats from occurring within your network?

Penetration testing

Business continuity training

Disaster recovery planning

User training and awareness

Answer 27

User training and awareness

Overall explanation
OBJ-4.5: An enterprise network’s end users are the most vulnerable attack vector. Studies have shown that an investment in end-user cybersecurity awareness training has the best return on investment of any risk mitigation strategy. While a penetration test might detect various threats and vulnerabilities in your network, it does not prevent them from occurring. Disaster recovery planning creates a disaster recovery plan, which is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. Business continuity training will teach employees what to do in the case of a business continuity plan execution. A business continuity plan defines how an organization will continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident. Only end-user awareness training mitigates the biggest network vulnerability we have: our users.

Question 28

Your network relies on the use of ATM cells. At which layer of the OSI model do ATM cells operate?

Data link

Network

Session

Transport

Answer 28

Data link

Overall explanation
OBJ-1.1: In the data link layer (layer 2) of the OSI model, the basic unit of transfer is called a frame. In an ATM network, though, these frames are called cells and are of a fixed (53 octets or bytes) length that allows for faster switching of the cells across the network.

Question 29

You typed IPCONFIG at the command prompt and find out your IP is 192.168.1.24. You then go to Google.com and search for “what is my IP,” and it returns a value of 35.25.52.11. How do you explain why your computer has two different IP addresses?

This is caused by the way traffic is routed over the internet

This is caused because your gateway is conducting NAT or PAT

This is caused by how a switch handles IP addresses

This is caused because of the way routers handle IP addresses

Answer 29

This is caused because your gateway is conducting NAT or PAT

Overall explanation
OBJ-1.4: Your computer network uses a private IP address for machines within the network and assigns a public IP address for traffic being routed over the network using either NAT or PAT. Most small office home office (SOHO) networks utilize a single public IP for all of their devices and use a technique known as PAT to associate the public IP with each internal client’s private IP when needed. Network Address Translation (NAT) and Port Address Translation (PAT) allow multiple devices on a LAN to be mapped to a single public IP address to conserve IP address. In NAT, private IP addresses are translated into public IP addresses. In PAT, private IP addresses are translated into a single public IP address and their traffic is segregated by port numbers.

Question 30

You have installed and configured a new wireless router. The clients and hosts can ping each other. The network uses a fiber optic WAN connection with 1 Gbps throughput. The wired clients have fast connections, but the wireless clients are displaying high latency when a ping is performed. The wireless clients are also only receiving 300 Mbps when downloading files from the Internet. Which of the following is MOST likely the cause of the slow speeds experienced by the wireless clients?

A fiber connection does not support wireless

The wireless access point is experiencing RF interference

The network should use 802.11g WAPs to increase throughput

A high signal-to-noise ratio on the wireless network

Answer 30

The wireless access point is experiencing RF interference

Overall explanation
OBJ-5.4: If interference in the wireless spectrum occurs, more retransmissions will be needed (and thereby slowing speeds experienced and increasing latency). A high signal-to-noise ratio is a good thing on wireless networks and leads to faster speeds and lower retransmissions. The fiber connection itself is only used for the WAN connection, therefore you can use wired or wireless infrastructure for your internal LAN and connect the LAN to the WAN connection at the router. The wireless network is already getting throughputs of 300 Mbps, so it must be using 802.11n, 802.11ac, or 802.11ax for its wireless access points. If you switched to 802.11g, you would slow down the wireless network more since it has a maximum throughput of 54 Mbps.

Question 31

A user’s smartphone is displaying text in other languages in their web browser when accessing the company’s main website. Which of the following is the MOST likely cause of the issue?

On-path attack

Reflective DNS attacks

Deauthentication attack

Denial-of-service attack

Answer 31

On-path attack

Overall explanation
OBJ-4.2: An on-path attack (previously known as a man-in-the-middle attack) is a general term when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or impersonate one of the parties, making it appear as if a normal exchange of information is occurring. For example, if your user and server are both in the United States (English language), but the attacker is performing the on-path attack from Russia, then the server will utilize the Russian language in the text since it sees the connection coming from a Russian IP address. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point by sending a deauthentication frame to the victim’s machine.

Question 32

Which of the following components is used to identify a variable that may be set or read using SNMP?

MIB

Verbose trap

Granular trap

OID

Answer 32

OID

Overall explanation
OBJ-3.1: The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol. The management information base (MIB) is a translation file that is used to describe the structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers (OID). A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. A granular trap contains a unique object identifier (OID) number and a value for that OID. A verbose trap may contain all the information about a given alert or event as its payload. A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network.

Question 33

Which of the following network performance metrics is used to represent the theoretical maximum rate of data transfer from a source to a destination in a given amount of time under ideal conditions?

Throughput

Bandwidth

Latency

Jitter

Answer 33

Bandwidth

Overall explanation
OBJ-3.2: Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance. Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients.

Question 34

Which of the following is the correct order of the following Fiber Connectors shown?

ST, SC, LC (single), LC (duplex), FC

SC, ST, FC, LC (single), LC (duplex)

FC, LC (single), LC (duplex), SC, ST

LC (single), LC (duplex), FC, ST, SC

Answer 34

ST, SC, LC (single), LC (duplex), FC

Overall explanation
OBJ-1.3: The correct order of the Fiber connections shown is ST, SC, LC (single), LC (duplex), and FC. If this were a real question on the exam, you would have the words provided in a list, and you would drag them below the appropriate fiber connector’s drawing.

Question 35

You have just finished installing a new web application and need to connect it to your SQLnet database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?

1521

3306

1433

3389

Answer 35

1521

Overall explanation
OBJ-1.5: SQLnet uses ports 1521, and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Microsoft SQL uses ports 1433 and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection

Question 36

A network administrator needs to install a centrally located firewall that needs to block specific incoming and outgoing IP addresses without denying legitimate return traffic. Which type of firewall should the administrator install?

A stateful network-based firewall

A stateless network-based firewall

A host-based stateless firewall

A host-based stateful firewall

Answer 36

A stateful network-based firewall

Overall explanation
OBJ-2.1: A stateful firewall enhances security through packet filtering, and these types of firewalls also keep track of outbound requests and open the port for the returning traffic to enter the network. Since a centrally located firewall was required by the question, a network-based firewall should be chosen instead of a host-based firewall.

Question 37

A disgruntled employee executes an on-path attack on the company’s network. Layer 2 traffic destined for the gateway is now being redirected to the employee’s computer. What type of attack is this an example of?

IP spoofing

Reflective DNS

Evil twin

ARP spoofing

Answer 37

ARP spoofing

Overall explanation
OBJ-4.2: ARP spoofing (also known as ARP poisoning) is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user’s knowledge. IP spoofing is the creation of Internet Protocol (IP) packets that have a modified source address to either hide the identity of the sender, impersonate another computer system, or both.

Question 38

The network administrator is troubleshooting the switchports for a file server with dual NICs. The file server needs to be configured for redundancy, and the dual NICs need to be combined for maximum throughput. What feature on the switch should the network administrator ensure is enabled for best results?

BPDU

LACP

Load balancing

Spanning tree

Answer 38

LACP

Overall explanation
OBJ-2.3: The Link Aggregation Control Protocol (LACP) is the 802.3ad protocol is used to group numerous physical ports to make one high bandwidth path. This method can increase bandwidth and therefore, throughput. LACP can also provide network redundancy and load balancing. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. A Bridge Protocol Data Unit (BPDU) is used by STP to prevent the bridge loops. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

Question 39

While troubleshooting, a technician notices that some clients using FTP still work and that pings to the local routers and servers are working. The technician tries to ping all known nodes on the network, and they reply positively, except for one of the servers. The technician notices that ping works only when the hostname is used but not when FQDN is used. What server is MOST likely offline?

DHCP server

Domain controller

WINS server

DNS server

Answer 39

DNS server

Overall explanation
OBJ-5.5: The DNS Server translates Fully Qualified Domain Names (FQDN) to IP addresses. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. A WINS server is a Microsoft Windows-based server running the Windows Internet Name Service (WINS) that can accept NetBIOS name registrations and queries. WINS servers maintain a database of NetBIOS name to IP address mappings for WINS clients on the network and speed up NetBIOS name resolution by eliminating broadcasts. Since the technician can ping the server using its hostname, the WINS server is working properly. Since the technician cannot ping the server using its fully qualified domain name (FQDN), the DNS server is likely offline.

Question 40

Which type of antenna broadcasts an RF signal in a specific direction with a narrow path?

Unidirectional

Patch

Omnidirectional

Bidirectional

Answer 40

Unidirectional

Overall explanation
OBJ-2.4: Directional antennas broadcast radio frequencies in a single direction (unidirectional) or two directions (bidirectional) to create a zone or area of coverage. Unidirectional antennas focus the broadcast signal in a single direction instead of all directions, focusing the transmission and making the signal stronger. A specific type of unidirectional antenna is known as a Yagi antenna. Omnidirectional antennas broadcast radio frequencies in all directions creating a large sphere of coverage. The antenna has the capability to send and receive signals in a circumference around the antenna. A patch antenna is a type of antenna with a low profile that can be mounted on a surface. A patch antenna can be omnidirectional, bidirectional, or unidirectional, therefore it is not the best answer to this question and unidirectional should be chosen instead.

Question 41

What remediation strategies are the MOST effective in reducing the risk to an embedded ICS from a network-based compromise? (Select TWO)

NIDS

Patching

Segmentation

Disabling unused services

Answer 41

Segmentation

Disabling unused services

Overall explanation
OBJ-2.1: Segmentation is the best method to reduce the risk to an embedded ICS system from a network-based compromise. Additionally, you could disable unused services to reduce the footprint of the embedded ICS. Many of these embedded ICS systems have a large number of default services running. So, by disabling the unused services, we can better secure these devices. By segmenting the devices off the main portion of the network, we can also better protect them. A NIDS might detect an attack or compromise, but it would not reduce the risk of the attack succeeding since it can only detect it. Patching is difficult for embedded ICS devices since they usually rely on customized software applications that rarely provide updates.

Question 42

An end-user receives a new computer and now is unable to connect to the MySQL database over the Dion Training local area network. Other users can successfully connect. The network technician can successfully ping the database server but still is unable to connect. Which of the following is the most likely reason for this issue?

The end user’s network interface card is defective

The database server is configured with the wrong default gateway address

A host-based firewall on the user’s computer is blocking port 3306

The route to the database server’s subnet is missing

Answer 42

A host-based firewall on the user’s computer is blocking port 3306

Overall explanation
OBJ-5.5: MySQL uses ports 3306, and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Since the network technician can pin the MySQL server, it indicates that the route is not missing, the database server is configured with the proper gateway, and the network interface card is not defective. Instead, it is likely that the end user’s computer has a host-based firewall installed, like Windows Defender, and it is blocking outbound requests over port 3306 (MySQL). A change in the firewall settings to allow access to the specified ports will fix the problem. It appears the default firewall on this new computer is blocking the port used to communicate with the database server.