Networking Flashcards
You have implemented a hardware firewall on a small office network. You need to ensure that all HTTP packets are automatically sent to the web server. What should you do?
A)Enable NAT.
B)Enable port triggering.
C)Enable QoS.
D)Enable port forwarding.
D)Enable port forwarding.
You should enable port forwarding. Port forwarding allows you to enable a specific port in the firewall and direct traffic that comes from outside your network to a specific IP address. For example, in this scenario, you would open port 80 on the firewall and configure port forwarding to forward all incoming traffic to the web server.
You should not enable port triggering. Port triggering allows you to open an incoming connection to one computer based on an outgoing connection.
You should not enable Network Address Translation (NAT). NAT causes your entire network to appear as a single entity on the Internet. Static NAT uses a 1-to-1 mapping between addresses on each side of a NAT device. In dynamic NAT (DNAT), the mapping of IP addresses can change. In both cases, only the IP addresses in the packets are changed. The NAT device must keep track of the IP mappings as they are assigned.
You should not enable Quality of Service (QoS). QoS allows you to limit the bandwidth available for data based on the protocol used, the IP address, or other parameters. It is usually configured on routers.
Another router feature you must understand for the A+ exams is Wi-Fi Protected Setup (WPS). This feature was intended to make secure wireless connections easier to configure. WPS is usually configured using a button on the router, a password, or a code. However, WPS is not secure enough because hackers can guess this code with a little effort.
For the A+ exam, you also need to understand Universal Plug-and-Play (UPnP) and demilitarized zones (DMZs). UPnP devices automatically configure themselves to work with other devices when they are plugged in or connected to the network. A DMZ, also referred to as a screened subnet, adds another level of security for LANs by using a firewall to isolate certain devices from the rest of the network. The resources on the DMZ are protected by the firewall and can be accessed over the Internet.
Wireless users who are using a 5 GHz wireless access point are experiencing issues when conferencing through Skype for Business. You need to improve their connectivity. What wireless settings should you configure?
A)QoS
B)Encryption
C)Channels
D)Admin password
A)QoS
You should configure the Quality of Service (QoS) settings, which allows you to prioritize different types of traffic. QoS essentially allocates bandwidth based on a priority number assigned to the type of traffic. In this instance, Skype traffic would be given a higher priority over other types of traffic, such as general Internet browsing. QoS is typically configured on the router or wireless access point.
Configuring encryption would provide enhanced security, but would not resolve the Skype for Business issue. Most wireless access points are configured with Wired Equivalent Privacy (WEP) by default. Wi-Fi Protected Access (WPA) and WPA version 2 (WPA2) provide better security than WEP, which is effectively useless.
Configuring channels would not solve the issue. The users are in the 5 GHz network, and only 2.4 GHz wireless uses channels. Whenever configuring wireless channels, you must always take into account any applicable rules and regulations. Depending on your location by state or by country, different rules and regulations will apply, and you need to be aware of them to avoid any fines or legal trouble. For instance, some governments may regulate the maximum power output allowed on networks or the specific channels you are allowed to use.
Changing the admin password would provide you with enhanced security and control. By itself, it would do nothing to resolve the user issue.
Match the frequency and speed characteristics on the left to the wireless specification on the right. Move the correct items from the left column to the column on the right to match the characteristics with the correct specification.
Frequency/Speed
2.4/5/6 GHz, up to 9.6 Gbps
5 GHz, up to 1.3 Gbps
2.4 GHz, up to 54 Mbps
5 GHz, up to 54 Mbps
2.4 GHz, up to 11 Mbps
2.4/5 GHz, up to 600 Mbps
The characteristics match with the 802.11 specifications as follows:
802.11a – 5 GHz, up to 54 Mbps
802.11b – 2.4 GHz, up to 11 Mbps
802.11g – 2.4 GHz, up to 54 Mbps
802.11n – 2.4 or 5 GHz, up to 600 Mbps
802.11ac – 5 GHz, up to 1.3 Gbps
802.11ax – 2.4 GHz, 5 GHz, or 6 GHz, up to 9.6 Gbps
802.11g devices are backwards compatible with 802.11b devices.
Which of the following would most likely be used to control a legacy system?
A)DNS
B)TCP/IP
C)SCADA
D)AAA
E)DHCP
C)SCADA
Supervisory Control and Data Acquisition (SCADA) is a system of software and hardware elements that allows organizations to control automated processes locally or at remote locations; to monitor, gather, and process data; to directly interact with devices like sensors or valves; and to record events into a log file. SCADA systems must frequently control legacy hardware or run alongside obsolete, out-of-support operating systems due to the highly specialized nature of the process being controlled.
SCADA belongs to the larger category of industrial control systems (ICS), which is a combination of electrical and mechanical components that act together to monitor, control, and safely execute an industrial process. ICS began as highly specialized, proprietary hardware and software that ran in physically secured locations without network connections. As IT evolved, legacy ICS systems had new IT capabilities layered on top to provide remote monitoring or “smart” automation. Because ICS components have extremely long lifecycles (decades instead of years), they were rarely designed to meet modern cyber security concerns. SCADA and ICS systems are frequent targets of cyber attacks.
Legacy systems are systems that are maintained to support a single device, application, or computer. Embedded systems are computer systems with dedicated functions within a larger system. The system is embedded as part of a complete device, often including hardware and mechanical parts. Microcontrollers are an example of an embedded system.
TCP/IP, DHCP, and DNS would not specifically control a legacy system. These are networking protocols, and many legacy systems are kept isolated from network connections to prevent intrusion.
Authentication, Authorization, and Accounting (AAA) is a framework of access control implemented to ensure that connecting users are valid users, they have access only to the services they need, and their actions can be tracked to ensure that their behavior is appropriate. Authentication may come in one of many forms, including username/password, biometrics, and tokens. AAA is implemented by various types of servers. Remote Authentication Dial-in User Service (RADIUS) is an example of an authentication service, as is Kerberos and Remote Access Service (RAS).
Which of these wireless networking protocols would most likely be employed in an anti-theft alarm system in a retail store?
A)RFID
B)Zigbee
C)NFC
D)Z-Wave
A)RFID
Radio Frequency Identification (RFID) would most likely be employed in an anti-theft alarm system in a retail store. RFID uses a small chip attached to or embedded in an item and radio waves to monitor the location of the chip and therefore the device. Common applications for RFID include tracking the movement of products through a warehouse, retail theft prevention, and tracking runners during marathon races with RFID chips embedded in their bibs.
Near Field Communications (NFC) allows communication between two devices that are very close together. NFC uses the 13.56 MHz radio frequency and is not dependent on Wi-Fi networks or cellular networks, such as 4G. It is often used on smartphones for contactless payments, such as waving your phone over a sensor to pay for a purchase at checkout. An NFC or tap pay device allows the payment information to be transmitted to a computer.
Zigbee is based on the IEEE 802.15.4 standard. It typically is used in large-scale medical, industrial, and scientific applications. Zigbee operates in the same 2.4 GHz frequency band as Wi-Fi. It creates a mesh network in a similar fashion to Z-Wave, but has a capacity of 64,000 devices.
Z-Wave is a technology that creates a wireless mesh network with up to 232 nodes. It is often used small scale in smart home automation, and operates in the 800–900 MHz frequency range. While there is a primary controller or hub, each device on the network communicates with the next closest device, much in the same the way that routers communicate with each other in a high-performance mesh network.
For what purpose have IP addresses in the 192.168.0.0 through 192.168.255.255 range been reserved?
A)Multicasting
B)Private networks
C)Military installations only
D)Government organizations other than the military
B)Private networks
There are three blocks of IP addresses that have been reserved by the Internet Assigned Numbers Authority (IANA) for private networks. These addresses can be used for IP addressing on a private network that does not need to be connected to the Internet. The three blocks of addresses are listed as follows:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
A computer using a private IP address cannot directly communicate with the Internet. The only way Internet communication can occur with a computer that uses an IP address in the private network range is through a proxy server. An Automatic Private IP Addressing (APIPA) address is an automatic IP address that is assigned when computers that are configured for DHCP cannot contact a DHCP server. Addresses in this range are 169.254.0.1 to 169.254.255.254. They can also be referred to as link-local addresses. In IPv6, they are ONLY referred to as a link-local addresses and start with the fe80::/10 prefix.
Which of these devices is primarily associated with wireless networks?
A)Access points
B)Switches
C)Repeaters
D)Patch panels
E)Ethernet over Power
A)Access points
Access points (or more appropriately, wireless access points) create wireless local area networks (WLANs). They provide connectivity to the network for devices with wireless functionality (often called Wi-Fi). Access points have a Service Set Identifier (SSID), which is often equated to the name of the network, and various levels of security. The portion of the network that is wireless is the connection between the access point and the end device; the access point itself is often wired into the physical network
A repeater takes a weak signal, amplifies it, and transmits the amplified signal. In wired networks, repeaters can be used to extend the segment distance beyond the100-meter limit of twisted-pair cables, or to extend a wireless signal beyond the normal range of the wireless access point.
A patch panel provides connectivity between devices on a local area network. A desktop computer, server, or printer (as examples) will be connected to the patch panel via a network cable, often called a patch cable. The patch panel will have connections in turn to one or more switches.
Ethernet over Power uses the existing electrical wiring in a house to transmit the network signal. A special adapter plugs into your existing electrical outlet. The adapter will have one or more Ethernet ports. To deploy Ethernet over Power, you would need at least two adapters. The advantage to Ethernet over Power is that you would obtain wired network speeds (up to 1 gigabit, as of this writing) without the need to run Ethernet cables. The disadvantage is that the adapters can cost $50 each.
Switches are a network device that receive and forward traffic on a local area network. Switches can be both managed and unmanaged. Managed switches are built to be controlled from a Unix-style command-line interface. Unmanaged switches are the simplest active network component that do not need to be configured, making them very flexible.
You are setting up a network segment in the Research and Development department. Due to the sensitive and proprietary nature of the work in this department, you want to ensure that only computers belonging to that department can access that network segment. Which option would you use?
A)QoS
B)DMZ
C)MAC filtering
D)NAT
C)MAC filtering
You should use MAC filtering. MAC filtering allows you to specifically configure which computers are allowed on the network, and to specify which computers are denied access to the network. You would include the MAC addresses of departmental computers on an Allow list (referred to as whitelisting). Likewise, you would include MAC addresses of computers that should not be given access on the Block list (referred to blacklisting). Some devices may only allow you to configure an allow or deny list, but not both. Whitelisting/blacklisting is a function of MAC filtering.
A demilitarized zone (DMZ) places a firewall between your private network (LAN) and the public network (the Internet) or between two networks. Devices such as web servers and mail servers are often put inside a DMZ, which is also referred to as a screened subnet.
Network Address Translation (NAT) allows traffic from a private network to reach the Internet and return. For example, assume a computer on the internal private LAN has an IP address of 192.168.1.140, and the default gateway has an IP address of 71.38.117.45. When traffic from 192.168.1.140 is sent, the gateway assigns it a port number in the ephemeral range, say 45798. The gateway router then uses its own IP address and the assigned port (71.38.117.45:45798) to route traffic to the Internet.
Quality of Service (QoS) assigns priorities to different types of network traffic. This allows the network to allocate more bandwidth to traffic with higher priority, and less bandwidth to traffic that you have designated as having a lesser importance. QoS does not affect which device is allowed to access a network.
Which of the following is a valid Automatic Private IP Addressing (APIPA) address?
A)172.16.4.36
B)10.1.1.131
C)192.168.16.45
D)169.254.2.120
D)169.254.2.120
The 169.254.2.120 address is a valid APIPA address. By default, Windows XP and Windows 7 client computers are configured to use an APIPA address if the DHCP server does down. The addresses in the APIPA range are 169.254.0.0 through 169.254.255.255. These addresses are not routable and are therefore only usable on the local subnet.
The other addresses are all part of the three private IP address ranges, as listed here:
10.0.0.0 through 10.255.255.255
172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255
To prevent the use of APIPA addresses, you should change the default settings on the Alternate Configuration tab of the Internet Protocol Version 4 Properties dialog box. On this tab, you can specifically configure a static IP address that the computer should use if the DHCP server is unavailable.
A user needs to connect to a wireless network. Which information must be provided to connect?
A)Wired Equivalent Privacy (WEP)
B)Service set identifier (SSID)
C)Access point (AP)
D)Wi-Fi Protected Access (WPA)
B)Service set identifier (SSID)
You must provide the service set identifier (SSID) to a wireless device to enable it to connect to a wireless network. The SSID in a wireless network is the name of the network to which a wireless device connects. Only one SSID can be associated with an access point. When a wireless device sends data packets over a wireless network, each data packet contains a 32-character identifier that is used to identify the wireless network. The 32-character identifier is the SSID of the wireless network. Wireless networks are differentiated by SSID. By default, the SSID is broadcast. To provide better security, you should configure the wireless access point not to broadcast the SSID.
The AP information does not need to be provided to a wireless device to enable the device to connect to a wireless network. An AP acts as a hub between the wireless devices and the local area network (LAN), which is typically a wired network. In most cases, a wireless device automatically detects and connects to an AP, and subsequently, to the wired network.
The Wired Equivalent Privacy (WEP) information does not need to be provided to a wireless device for connecting to a wireless network. WEP is a protocol used for encrypting the data packets being transmitted over the wireless network. WEP would need to be configured if a connection is being made to a secured WEP wireless network. If the wrong WEP key is entered, the network connection will fail.
The WPA information does not need to be provided to a wireless device to enable the device to connect to a wireless network. The WPA protocol offers enhanced data encryption and user authentication. A number of weaknesses in WEP, such as user authentication, were addressed by WPA. WPA would need to be configured if a connection is being made to a secured WPA wireless network.
When connecting multiple devices over a wireless network or a cellular data network, it is important to ensure that devices can connect to the network and use services. It is equally important to be able to disable the network to prevent unwanted parties from connecting, or to prevent charges for an over usage of data in the case of cellular data.
Your company has decided to implement a wireless network. The wireless network users must be able to connect to resources on your internal network, including file, print, and DHCP services. Which options should you implement? (Choose all that apply.)
A)Static IP addresses
B)Ad hoc mode
C)Infrastructure mode
D)APIPA
E)A wireless access point
C)Infrastructure mode
E)A wireless access point
Infrastructure mode allows wireless computers to connect to a LAN, a WAN, or the Internet. This means that infrastructure mode wireless computers can access all computers on the LAN, WAN, and Internet. Infrastructure mode is much more expensive to implement than ad hoc mode because you must configure wireless access points. While infrastructure mode is harder to set up and configure, its management is much easier than with ad hoc mode. To view the strength of the wireless network, open the properties dialog box for the wireless network interface card (NIC).
Ad hoc mode allows wireless computers to be configured much faster than infrastructure mode. Ad hoc mode wireless computers all participate in the same network. This means that the ad hoc wireless computers can access each other but cannot access network resources on a LAN, WAN, or the Internet. Ad hoc mode is much cheaper than infrastructure mode to implement. In addition, it is easy to set up and configure, and it can provide better performance than infrastructure mode. However, it is difficult to manage an ad hoc mode wireless network.
Static IP addresses should not be implemented because the corporate network contains a DHCP server. Static addressing refers to the manual configuration of each computer.
APIPA should not be used for the same reason. In addition, APIPA is used only if a DHCP server is not found. When implementing a wireless network that includes a wireless access point, you can often enable or disable DHCP. If you enable DHCP, devices on the network will be assigned an IP address. If you disable DHCP, the devices will need to have statically configured IP addresses.
When you implement an access point, you can configure several settings. MAC filtering will allow or deny connections based on the MAC address of the connecting device. Disabling the SSID broadcast will ensure that the SSID is not broadcasting, thereby making it a bit more difficult to connect to the wireless network. The encryption method will ensure that the password for the wireless network is protected. WPA2 is more secure than WPA, which is more secure than WEP.
What piece of equipment would help transmit an Ethernet signal to the far end of a hotel that is 400 meters (m) long?
A)Repeaters
B)Patch panel
C)Cloud-based network controller
D)Ethernet patch cable
A)Repeaters
A repeater takes a weak signal, amplifies it, and transmits the amplified signal. In wired networks, repeaters can be used to extend the segment distance beyond the100-m limitation of twisted-pair cable, or to extend a wireless signal beyond the normal range of the wireless access point.
An Ethernet patch cable is not the correct answer. Patch cables have a maximum length per segment of 100 meters.
A cloud-based network controller allows you to manage wireless access points (WAP) through a cloud service. Traditionally, an organization would manage WAPs through an on-site controller, as opposed to managing each one individually. With a cloud-based network controller, the WAPs can managed from anywhere over an Internet browser.
A patch panel provides connectivity between devices on a local area network. A desktop computer, server, or printer (as examples) will be connected to the patch panel via a network cable, often called a patch cable. The patch panel will have connections in turn to one or more switches or routers.
Switches are a network device that receive and forward traffic on a local area network. Switches can be both managed and unmanaged. Managed switches are built to be controlled from a Unix-style command-line interface. Unmanaged switches are the simplest active network component that do not need to be configured, making them very flexible.
You administer computers on a Microsoft Windows TCP/IP network. On the network, you want to use a domain name-to-Internet Protocol (IP) address name resolution system that provides a central database on a server to resolve domain names to IP addresses. Which options should you implement on your network?
A)The HOSTS file
B)The LMHOSTS file
C)The Domain Name System (DNS)
D)The Windows Internet Name Service (WINS)
C)The Domain Name System (DNS)
Of the choices presented, you should use Domain Name System (DNS) for domain name-to-IP address resolution on the network that you administer. DNS provides a centralized database of domain name-to-IP address resolutions on a server or servers that other computers on a network can use for name resolution. On a TCP/IP network that uses DNS, only the database files on the DNS servers must be updated to reflect changes that are made to domain name-to-IP address resolutions.
When computers cannot communicate on a network, the ability to ping other computers by address but not by name is an indication of a DNS problem. Client computers can be configured with static DNS server entries or can be configured to obtain the DNS server information from the DHCP server. The client-side DNS could be configured incorrectly if a DNS search results in an error. The client-side DNS settings include the primary and secondary DNS servers.
Domain names can also be resolved to IP addresses by using a HOSTS file. On a network that uses a HOSTS file, that file must exist on each computer on the network to enable domain name-to-IP address resolution. When changes are made that affect domain name-to-IP address resolution, then each HOSTS file must be manually updated. LMHOSTS files and Windows Internet Name Service (WINS) are used to resolve NetBIOS names to IP addresses on Microsoft Windows networks, such as Windows NT 4.0 networks.
Which operating frequency band is used by Bluetooth technology?
A)2.4 GHz to 2.485 GHz
B)13.56 MHz
C)860 MHz to 930 MHz
D)125 KHz to 134 KHz
A)2.4 GHz to 2.485 GHz
Bluetooth technology operates at a frequency band of 2.4 GHz to 2.485 GHz. Bluetooth allows you to establish a wireless connection between devices such as laptops, printers, mobile phones, wireless mice and keyboards, Internet of Things (IoT) devices, and other devices that support Bluetooth technology. Bluetooth devices are of five types: Class 1, Class 2, Class 3, Class 4, and Class 5.
Bluetooth Class 1 has a maximum transmission distance of 100 meters (328 feet) and a maximum transmission speed of 1 Mbps.
Bluetooth Class 2 has a maximum transmission distance of 10 meters (33 feet) and a maximum transmission speed of 3 Mbps.
Bluetooth Class 3 has a maximum transmission distance of 1 meter (3 feet) and a maximum transmission speed of 24 Mbps.
Bluetooth Class 4 has a maximum transmission distance of 0.5 meters (1.5 feet) and a maximum transmission speed of 1 Mbps.
Bluetooth Class 5 has a maximum transmission distance of 10 meters (33 feet) and a maximum transmission speed of 2 Mbps.
Keep in mind that Bluetooth can theoretically transmit farther than these stated distances. However, that increased distance comes at a significantly decreased speed. For the exam, you will need to know the speeds and distances listed here.
The 125 KHz to 134 KHz operating frequency band is used by low frequency (LF). LF is typically used as a frequency range for radio frequency identification (RFID). LF has a read range of up to .5 meters and is used in animal tracking, access control, or vehicle immobilizers. The 13.56 MHz operating frequency band is used by high frequency (HF). HF is typically used as a frequency range for RFID. HF has a read range of up to 1 meter and is used in item tracking or smart cards. The 860 MHz to 930 MHz operating frequency band is used by ultrahigh frequency (UHF). UHF is also used as a frequency range for RFID. UHF has a read range of up to 3 meters and is used in automated toll collection or parking lot access.
Which IP address is used by a Class A private network?
A)172.16.0.0
B)127.0.0.1
C)10.0.0.0
D)192.168.0.0
C)10.0.0.0
The 10.0.0.0 address is a Class A IP address for private networks. Private network IP addresses cannot be used on the Internet. The 172.16.0.0 address is a Class B IP address for private networks. The 192.168.0.0 address is a Class C IP address for private networks.
The 127.0.0.1 address is not reserved for private networks. This IP address is the software loopback address.
What is the maximum data transmission speed for Bluetooth technology?
A)100 Mbps
B)54 Mbps
C)11 Mbps
D)3 Mbps
D)3 Mbps
The maximum data transmission speed for Bluetooth is 3 Mbps. Bluetooth is used for short-range wireless connections. For example, Bluetooth will be used to connect wireless devices, such as the keyboard and mouse, to the computer.
p. 394 A+ Complete Study Guide
Jeffrey wants to purchase some software for his department from Dreamsuites.com. After researching company policies, you inform him that he can only make the purchase if it is from a secure site. Which port and protocol qualify as secure?
A)Port 80 HTTP
B)Port 110 POP3
C)Port 23 Telnet
D)Port 443 HTTPS
D)Port 443 HTTPS
Port 443, also known as Hypertext Transfer Protocol Secure (HTTPS), is used for secure web browsing. Data that is communicated through this port is less likely to be hacked or intercepted due to the way it establishes connections. You will almost always find this port active on web servers and e-commerce sites due to its high-level security feature that does not keep any window open and hides private data. HTTPS uses the Secure Socket Layer (SSL) protocol and asks for authentication between the client and server.
p. 344 A+ Complete Study Guide
Hypertext Transfer Protocol (HTTP) uses port 80 for regular web browsing and is not secure.
Telnet uses port 23 and is not secure. Its primary use is to communicate back and forth between clients and servers to remotely manage the server.
Post Office Protocol version 3 (POPv3) is used by email clients to retrieve mail through the TCP/IP connection. It operates over port 110. Apple Filing Protocol (AFP), formerly Apple Talk, is used exclusively in Apple and Mac computers to communicate through TCP/IP and operates over port 427 or 528. Common Internet File System (CIFS), which uses Server Message Block (SMB), operates at the Application layer of the OSI model and shares resources, such as files, printers, and various networking nodes, on a network. CIFS/SMB uses UDP ports 137 and 138 and TCP ports 139 and 445.
Transmission Control Protocol (TCP) is one of the main protocols used by internet-based applications. TCP provides reliable and properly ordered data flows that is also capable of checking data delivery for any errors that may have occurred.
You administer a TCP/IP network. You want to enable the hosts on your network to be automatically configured with IP configurations such as an IP address, subnet mask, and default gateway address. The IP configurations should be leased to the clients for a limited period. Which protocol should you use to accomplish this task?
A)BOOTP
B)SMTP
C)DHCP
D)HTTP
E)IPP
C)DHCP
You should use Dynamic Host Configuration Protocol (DHCP) to automatically configure the hosts on your network with IP configurations. DHCP was designed to automatically configure frequently moved, fully boot-capable computers, such as laptop computers, with IP configurations. You can use DHCP to configure such IP settings as IP address, subnet mask, and default gateway address. Typically, DHCP information is leased to a client for a limited period. DHCP clients usually release DHCP information when they are shut down. When a DHCP client retrieves IP configurations from a DHCP server, the DHCP client does not necessarily have the same IP configurations that it was configured with on previous occasions.
p. 341 A+ Complete Study Guide
BOOTstrap Protocol (BOOTP) is a host configuration protocol that was designed before DHCP. BOOTP was designed to configure diskless workstations with IP configurations. BOOTP does not lease IP configuration as DHCP does. Instead, a BOOTP server permanently assigns IP configurations to a BOOTP client. When a BOOTP client is started, the BOOTP server always assigns the same IP configurations to the BOOTP client.
Hypertext Transfer Protocol (HTTP) is used to transfer web pages on a TCP/IP network.
Simple Mail Transfer Protocol (SMTP) is used to transfer email messages on a TCP/IP network.
Internet Printing Protocol (IPP) is used to enable network printing through a TCP/IP network such as the Internet.
Transmission Control Protocol (TCP) is one of the main protocols that are used by internet-based applications. TCP provides reliable and properly ordered data flows that is also capable of checking data delivery for any errors that may have occurred.
HTTP, SMTP, and IPP are not used to automatically configure hosts on a TCP/IP network with IP settings.
You administer computers on a Microsoft Windows TCP/IP network. On the network, you want to use a domain name-to-Internet Protocol (IP) address name resolution system that provides a central database on a server to resolve domain names to IP addresses. Which options should you implement on your network?
A)The LMHOSTS file
B)The Domain Name System (DNS)
C)The Windows Internet Name Service (WINS)
D)The HOSTS file
B)The Domain Name System (DNS)
Of the choices presented, you should use Domain Name System (DNS) for domain name-to-IP address resolution on the network that you administer. DNS provides a centralized database of domain name-to-IP address resolutions on a server or servers that other computers on a network can use for name resolution. On a TCP/IP network that uses DNS, only the database files on the DNS servers must be updated to reflect changes that are made to domain name-to-IP address resolutions.
p.360 A+ Complete Study Guide
When computers cannot communicate on a network, the ability to ping other computers by address but not by name is an indication of a DNS problem. Client computers can be configured with static DNS server entries or can be configured to obtain the DNS server information from the DHCP server. The client-side DNS could be configured incorrectly if a DNS search results in an error. The client-side DNS settings include the primary and secondary DNS servers.
Domain names can also be resolved to IP addresses by using a HOSTS file. On a network that uses a HOSTS file, that file must exist on each computer on the network to enable domain name-to-IP address resolution. When changes are made that affect domain name-to-IP address resolution, then each HOSTS file must be manually updated. LMHOSTS files and Windows Internet Name Service (WINS) are used to resolve NetBIOS names to IP addresses on Microsoft Windows networks, such as Windows NT 4.0 networks.
Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column on the right to match the protocol with the correct default port.
HTTPS
RDP
IMAP
FTP
POP3
Port 21
Port 110
Port 143
Port 443
Port 3389
The protocols given use these default ports:
Port 21 – FTP
Port 110 – POP3
Port 143 – IMAP
Port 443 – HTTPS
Port 3389 – RDP
FTP also uses port 20, but it was not listed in this scenario.
Your company has both a wired and a wireless network. You have been asked to increase the security of the wireless network. Which of the following options should you implement?
A)SSID broadcast
B)Rogue access points
C)War driving
D)MAC filtering
D)MAC filtering
Media Access Control (MAC) filtering is a way to increase security in a wireless network. With this filtering, the MAC address of each network interface card (NIC) that attempts to connect to the network is checked. Only MAC addresses that are specifically allowed to connect are granted connection. When configuring MAC filtering, you should set up an access control list (ACL). MAC filtering is configured on the wireless access point or wireless router.
A service set identifier (SSID) broadcast actually decreases security in a wireless network. If the SSID is broadcast, any wireless NICs in the proximity can locate the network. If you disable SSID broadcast, you increase the security of your network, and users will have to type in the SSID to connect to the network.
War driving is a technique used to discover wireless networks. Once intruders locate your wireless network, they attempt to hack into your system.
Rogue access points are wireless access points that have been connected to your network without authorization. This decreases the security of your network.
Radio frequency interference (RFI) can cause wireless network problems. It can come from cordless phones, microwaves, and other equipment. For example, if your wireless network is frequently dropping connections, you could have a cordless phone interfering with the wireless access point.
You are setting up an 802.11a wireless network in a small office environment that includes three wireless access points. The wireless access points are at least 15 meters apart and are configured for automatic channel setting. Each time you turn the wireless access points on, they choose the same channel. You need to ensure that the access points choose separate channels to prevent interference, using the least amount of administrative effort. What should you do?
A)Start each wireless access point at a separate time.
B)Reduce the signal strength on each access point.
C)Increase the distance between the wireless access points to at least 20 meters.
D)Manually configure each of the access points to use channels 1, 6, and 11, respectively.
A)Start each wireless access point at a separate time.
You should start each wireless access point at a separate time. This will allow each access point to select a channel. Then, when the next access point is booted, it will detect the other access points’ channels and use another channel besides the ones detected. 802.11a wireless access points have eight available nonoverlapping channels: 36, 40, 44, 48, 52, 56, 60, and 64. 802.11a products need to be configured for automatic channel selection. Therefore, you cannot manually configure the channel. With the automatic channel selection feature, 802.11a wireless access points can detect other access points and configure their channel accordingly. This is the reason that it is important to start 802.11a wireless access points at a separate time. The suggested range for 802.11a wireless access points is 30 meters in an open space and 10 meters in an office environment.
You should not increase the distance between the wireless access points to at least 20 meters. For 802.11a wireless access points, the suggested distance in an office environment is 10 meters.
You should not manually configure each of the access points to use channels 1, 6, and 11, respectively. These are the nonoverlapping channels used by 802.11b and 802.11g devices. You should alternate between these three channels when using 802.11b or 802.11g wireless access points. The suggested range for 802.11b and 802.11g wireless access points is 120 meters in an open space and 30 meters in an office environment.
You should not reduce the signal strength on each access point. This would require more administrative effort than is necessary to fix your problem. In addition, reducing the signal strength could cause problems for some wireless clients that are now outside the new range. It is much simpler to turn the wireless access points on at different times. The nonoverlapping channels for the other 2.4 GHz wireless deployments are as follows:
802.11b – channels 1, 6, 11, and 14 in the United States
802.11g/n – channels 1, 6, and 11 in the United States
What is the operating range for Class 2 Bluetooth devices at the maximum transmission speed?
A)200 meters or 656 feet
B)10 meters or 33 feet
C)100 meters or 328 feet
D)1 meter or 3 feet
B)10 meters or 33 feet
The operating range for Class 2 Bluetooth devices is up to 10 meters or 33 feet at the maximum transmission speed. Bluetooth allows you to establish a wireless connection between devices such as laptops, printers, mobile phones, wireless mice and keyboards, Internet of Things (IoT) devices, and other devices that support Bluetooth technology.
There are four more classes for Bluetooth devices: Class 1, Class 3, Class 4, and Class 5. Class 1 Bluetooth devices have an operating range of up to 100 meters or 300 feet. Class 3 Bluetooth devices have an operating range of up to 1 meter or 3 feet. Class 4 Bluetooth devices have an operating range of up to 0.5 meters or 1.5 feet. Class 5 Bluetooth devices have an operating range of up to 10 meters or 33 feet.
Which well-known UDP port does DNS use?
A)161
B)80
C)53
D)110
C)53
Ports allow more than one service or application to communicate at the same time between computers. The Domain Name System (DNS) service uses port 53 to communicate information between name servers. DNS uses both TCP port 53 and UDP port 53. Administrators can assign additional ports for communication on an intranet and through the Internet. There are a total of 65,536 ports from which to choose. Of these, only 1,024 ports are considered well known and, therefore, reserved for a particular service.
Port 80 is used by Hypertext Transfer Protocol (HTTP) for browsing the World Wide Web.
Port 110 is used by Post Office Protocol Version 3 (POP3) for email.
Port 161 is used by Simple Network Management Protocol (SNMP) for network diagnostics.
For the A+ exam, you need to know the following common ports:
20, 21 – FTP
22 – SSH
23 – Telnet
25 – SMTP
53 – DNS
80 – HTTP
110 – POP3
143 – IMAP
443 – HTTPS
3389 – RDP
137-139 – NetBIOS
445 – SMB/CIFS
427 – SLP
548 – AFP
67/68 – DHCP
389 – LDAP
161/162 – SNMP
Which TCP/IP configuration information must a computer on a network have before it can communicate with the Internet? (Choose three.)
A)TCP/IP address
B)FTP server address
C)Subnet mask
D)Public key
E)Proxy server address
F)MAC address of router
G)Default gateway
A)TCP/IP address
C)Subnet mask
G)Default gateway
Before any computer on a network can communicate with the Internet, it will need an IP address, a default gateway, and a subnet mask. You can supply this information manually (often referred to as a static IP address), or you can use a DCHP server to supply this information automatically (often referred to as a dynamic IP address). If a computer is configured to obtain an IP address automatically, it will contact a DHCP for all client-side DHCP information.
The IP address is a 32-digit binary number that is needed to identify each device, or host, on the Internet. The IP address provides a logical address for each device.
The subnet mask is used to block out a portion of the IP address. The purpose of the blocking is to distinguish the network ID from the host ID. It is also used to identify whether the IP address of the destination host is on a local network or on a remote network. Subnet mask addresses are 32-bit numbers. Every host on a TCP/IP network will need to be configured with a subnet mask. Use the default subnet mask if you are not dividing your network into subnets. You will need to create custom subnet addresses if your networks are to be divided into subnets.
The default gateway is the address of the default router. While you can configure a static IP address, meaning that the IP address is manually entered in the computer’s settings, it is considered a best practice to configure the computer to obtain an IP address automatically using Dynamic Host Configuration Protocol (DHCP). Another important part of the IP settings includes configuring the address of the Domain Name System (DNS) server.
While performing routine maintenance on your company’s firewall, you discover that port 3389 is open. Which service uses this port?
A)Remote Assistance
B)Hypertext Transfer Protocol
C)Secure Hypertext Transfer Protocol
D)File Transfer Protocol
A)Remote Assistance
Port 3389 is used by the Remote Desktop Protocol (RDP). RDP is the protocol used by Remote Assistance and Remote Desktop in Windows. If this port is closed on your firewall, you will not be able to give remote assistance to remote users.
File Transfer Protocol (FTP) uses ports 20 and 21. FTP is a tool that allows a user to transfer files over a network. These ports should only be left open if you specifically use FTP.
Hypertext Transfer Protocol (HTTP) uses port 80. HTTP is the protocol used by web pages. Secure Hypertext Transfer Protocol (HTTPS) uses port 443. HTTPS is the protocol used by secure web pages. Post Office Protocol (POP) version 3 uses port 110. POP3 is a mail protocol that retrieves email from an email server. On most networks, this port is open.
Telnet uses port 23. Telnet is a tool that allows a user to connect to other computers.
Simple Mail Transfer Protocol (SMTP) uses port 25. SMTP is a mail protocol commonly used for outgoing email. On most networks, this port is open.
Network News Transfer Protocol (NNTP) uses port 119. NNTP is a news protocol. Internet Message Access Protocol (IMAP) uses port 143. IMAP is a mail protocol.
Which of the following is NOT an Internet appliance?
A)UTM
B)IPS
C)DNS
D)Load balancer
E)IDS
F)Spam gateway
C)DNS
Domain Name System (DNS) is not an Internet appliance. It provides a mapping of IP addresses to domain names. It is analogous to an address book or a telephone directory.
Internet appliances, according to the CompTIA A+ exam guide, include UTM, IDS, spam gateways, load balancers, proxy servers, and IPS devices. Unified Threat Management (UTM) devices are Internet appliances. They provide a single point on the network from which multiple security functions are managed. This single point of presence is in contrast to several independent software and devices, such as antivirus, antispam, firewall, IDS, and IPS.
Spam gateways are installed behind a firewall and examine all incoming mail to filter out email that is likely to be fraudulent or a phishing email. These gateways can help minimize the risks that spam can pose to organizations. Load balancers are a used by organizations to ensure that servers do not become overburdened from their workload and go down, causing loss of availability. Multiple servers participate in a load-balanced solution, thereby distributing the load.
A proxy server acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service. The proxy server may exist in a firewall server or on a separate server, which forwards requests through the firewall. A proxy server caches web data and images.
An intrusion detection system (IDS) is an Internet appliance. It typically sits outside the network and watches packets coming through the network and sets off an alarm if a packet (or series of packets) contains something that violates a defined set of rules. An intrusion prevention system (IPS) is an Internet appliance that sits inline in the network. While it performs many of the same duties as an IDS, an IPS also prevents the offending traffic instead of just detecting it.
Which address is a MAC address?
A)124.24.0.2
B)ACA1:1345:1::123.23.0.1
C)122A::ABCA:0:0:2100
D)1234:EF14:45:ADD1:EA23:222:1290:A
E)00120193:06F1A345CA11
F)AD-4F-C1-A9-12-CB
F)AD-4F-C1-A9-12-CB
The address AD-4F-C1-A9-12-CB is a media access control (MAC) address. A MAC address is assigned to each network interface card (NIC). A MAC address is a 12-digit hexadecimal number. Each pair of hexadecimal numbers is referred to as an octet, and the octets are usually separated by dash (-) characters when a MAC address is represented in text. The first three octets in a MAC address identify the NIC manufacturer, and the last three octets act as a serial number to identify the individual NIC.
The address 124.24.0.2 is an Internet Protocol version 4 (IPv4) address. An IPv4 address consists of four 8-digit binary numbers, or octets, separated by periods. A decimal number between 0 and 255 inclusive represents each octet in an IPv4 address.
The address 00120193:06F1A345CA11 is an Internetwork Packet Exchange (IPX) address. The six digits before the colon (:) character represent the IPX network address, and the last 12 digits after the colon character represent the node address, which is derived from the MAC address of the NIC.
The addresses 1234:EF14:45:ADD1:EA23:222:1290:A, 122A::ABCA:0:0:2100, and ACA1:1345:1::123.23.0.1 are IP version 6 (IPv6) addresses. An IPv6 address is a 128-bit number. The preferred representation of an IPv6 address contains eight sections of hexadecimal numbers. Each section is separated from the other sections by a colon, as in the address 1234:EF14:45:ADD1:EA23:222:1290:A. Each section contains up to four numbers, but leading zeros in each section do not need to be represented. For example, the last section of the IPv6 address 1234:EF14:45:ADD1:EA23:222:1290:A is actually :000A. The IPv6 address 122A::ABCA:0:0:2100 is a compressed format IPv6 address. In a compressed format address, the double colon (::) symbol represents complete sections of zeros. Only one double colon character can appear in a compressed IPv6 address. For example, the IPv6 compressed address 122A::ABCA:0:0:2100 is actually 122A:0:0:0:ABCA:0:0:2100 in uncompressed format. The IPv6 address ACA1:1345:1::123.23.0.1 is a mixed IPv6 address that is designed to support IPv4 addressing. The first six sections of a mixed IPv6 address are written in the hexadecimal notation common to IPv6 addresses. The last four sections of the mixed IPv6 address are a dotted-decimal representation of an IPv4 address. In this example, 123.23.0.1 is the dotted-decimal IPv4 portion of the IPv6 mixed address. Note that this address is also compressed.
Your company has a wireless network for its small office network. The wireless network does not broadcast its service set identifier (SSID). You configure a user’s Windows 10 computer to connect to the wireless network by manually setting the SSID. You need to ensure that the user’s computer does not send probe requests to discover if the wireless network is in range. What should you do?
A)Ensure the Connect automatically when this network is in range option on the Connections tab of the Wireless Network Properties page is cleared.
B)Ensure the Connect even if the network is not broadcasting option on the Connections tab of the Wireless Network Properties page is selected.
C)Ensure the Connect even if the network is not broadcasting option on the Connections tab of the Wireless Network Properties page is cleared.
D)Ensure the Connect automatically when this network is in range option on the Connections tab of the Wireless Network Properties page is selected.
C)Ensure the Connect even if the network is not broadcasting option on the Connections tab of the Wireless Network Properties page is cleared.
You should ensure the Connect even if the network is not broadcasting option on the Connections tab of the Wireless Network Properties page is cleared. If this option is enabled, probe requests are sent to discover if a non-broadcast network is in range.
You should not change the configuration of the Connect automatically when this network is in range option. This option ensures that the connection is reestablished when the wireless network is detected.
When you disable automatic configuration of an SSID, the SSID is not automatically transmitted to all computers within the wireless network range. This provides a low level of security. The only way to connect to the wireless network is to enter the SSID manually.
You use a computer named Wkst1 on a TCP/IP network, which is installed with an application that uses UDP to send a file from your computer to a computer named Wkst2. Data collisions occur, and several data packets are lost during transmission. What will most likely occur as a result of losing the packets during transmission? (Choose two.)
A)The protocol will automatically retransmit the packets.
B)The protocol will drop the packets.
C)The application will automatically retransmit the packets.
D)The application will drop the packets.
B)The protocol will drop the packets.
C)The application will automatically retransmit the packets.
User Datagram Protocol (UDP) is a connectionless protocol; thus, it will drop the packets and will not automatically retransmit them. Because an application is not typically responsible for transmitting data packets across a network, the application in this scenario cannot drop the packets. Instead, an application that uses UDP will usually detect that UDP has dropped packets, and the application will retransmit any dropped packets.
Other connectionless protocols, such as IP and Internetwork Packet Exchange (IPX), function similarly to UDP. For example, if the application in this scenario were using IPX to transmit data, then IPX would drop the lost packets and the application would retransmit the dropped packets. A connection-oriented protocol, such as TCP or Sequenced Packet Exchange (SPX), will automatically retransmit dropped packets without the intervention of a higher-level protocol or application.
Why would you implement a KVM switch?
A)To reduce device needs in a data center
B)To protect an internal network
C)To cache web data and images
D)To segment a network
A)To reduce device needs in a data center
You would implement a KVM switch to reduce device needs in a data center. A KVM switch allows a user to connect a single keyboard, video display device, and mouse to multiple computers. KVM switches include multiple input connectors, including PS2, VGA, and USB connectors.
A switch segments a network. A firewall protects an internal network. A proxy server caches web data and images.
Which of these has helped reduce wiring, weight, and cost in industrial applications?
A)PAN
B)SAN
C)CAN
D)MAN
C)CAN
A controller area network (CAN) is used in industrial applications, originally in automotive systems. It replaces bulky wiring systems, reducing weight and cost. A CAN builds a network between controllers, allowing them to share information. A railway application, for example, might be a sensor that detects whether or not a door is closed, and locks the brakes until the sensor indicates the door is closed.
A storage area network (SAN) creates a network among a pool of storage devices. It may be thought of as a RAID array that uses network connections as opposed to data cables. The SAN pool appears as a single drive letter to the client. A key feature of SAN is multipathing. In a SAN, the physical path between a server and a storage device can fail, and if there is only one pathway available, this failure can cause a network crash. However, SAN multipathing avoids this issue by establishing multiple routes between the hardware so it can route data through multiple paths in the case of a failure.
A personal area network (PAN) is a network of devices that are in close proximity to a person, no more than a couple of meters away. Devices that can be part of PANs include wireless headphones, wearable technology, and printers.
A metropolitan area network (MAN) connects several LANS together in an area roughly the size of a city. An example of a MAN might be a large hospital with several satellite offices in various neighborhoods around the city.
CAN can also mean campus area network. This type of network encompasses a large campus that is usually located within a several-block radius. This type of CAN connects several LANs into a single CAN. Then multiple CANs can be connected using a MAN or WAN.
You are designing a new computer system for a group of doctors. The group has a central office, where all the medical records will be stored electronically, and several satellite offices around the city. Storage procedures must follow HIPAA guidelines. The satellite offices will have computers in the administrative areas as well as the examination rooms. Which type of system should you install in the examination rooms?
A)Tablet
B)Thick client
C)Server
D)Thin client
D)Thin client
You should install thin clients in the examination rooms. The computers there will not store any data, but rather serve as a means to collect patient data. The data will be stored on the server at the central office. Because the exam-room computers do not need extensive functionality or an array of productivity applications, thin clients would be sufficient. Thin client computers typically have limited functionality, and they may not even have an operating system.
Thick client computers can have an extensive set of applications, and would allow the user to perform operations that a thin client would not. In addition, thick clients perform the majority of their operations on the local client machine instead of on the server. If you installed thick clients in the examination rooms, data would be stored on those machines. If the machines were ever stolen, then the data could be compromised, which is a violation of HIPAA regulations.
Servers would not be the best choice for the examination room. Servers should be installed at the central office, where all the records are stored electronically.
Tablets may not be the most secure option. They can easily be left in the examination room and forgotten by the nurse, doctor, or medical assistant. It would be an easy matter for the patient to walk out with a tablet that was left behind.
Which properties are true regarding IPv6? (Choose two.)
A)It has 4 billion available addresses.
B)It uses 128-bit addresses.
C)It has 340 undecillion available addresses.
D)It uses 32-bit addresses.
B)It uses 128-bit addresses.
C)It has 340 undecillion available addresses.
IPv6 uses 128-bit IP addresses and allows for the use of 340 undecillion addresses. IPv4 uses 32-bit addresses and allows for the use of 4 billion addresses.
When designing a network, which network configuration concept would you use to easily configure the IP address of printers, projectors, routers, or wireless access points?
A)DHCP reservations
B)Link-local addresses
C)NAT
D)VLAN domain
A)DHCP reservations
Dynamic Host Configuration Protocol (DHCP) reservations allow you to assign a relatively permanent IP address to a specific device. When the reservation is created, the IP address is assigned to the device’s MAC address. When the device sends out a DHCP query, the reservation is assigned based on the information in its record. It is often advantageous to assign a permanent IP address to devices like wireless access points, printers, servers, and routers. You can also create a pool of reserved address, such as 192.168.1.200 through 192.168.1.250, to allow for future static assignments.
p 356 A+ Complete Study Guide**
A virtual LAN (VLAN) allows you to segregate network traffic based on the switch port connections. As an example, if computers in the Marketing department are connected to ports 3, 6, 12, and 14, those ports can be assigned to VLAN100. If computers in the Accounting department are connected to ports 4, 15, 17, and 20, those ports can be assigned to VLAN200. Computers on VLAN100 would not be able to communicate with VLAN200, and vice versa. VLAN assignments can span multiple switches, but each switch port can only belong to one VLAN. By default, all switch ports are assigned to VLAN1.
Link local addresses in IPv6 begin with FE80::. In IPv6, link-local addressing functions much in the same way that Automatic Private IP Addressing (APIPA) does in IPv4, but link-local addresses are created whether or not DHCP is present. In IPv4, an IP address of 169.254.x.x will be assigned when DHCP server is not available. An APIPA address allows the computer to communicate with other devices on the network. Link-local and APIPA addresses are not routable addresses.
Network Address Translation (NAT) allows for the use of a private, non-routable IP address in an internal network. Upon receiving the outbound traffic from the internal network, the router substitutes a routable public IP address and forwards the traffic. When the traffic comes back to the router, the router translates the public address back to the private address and forwards the traffic back to the device on the internal network. Private address are IP addresses that are solely used within a local area network to differentiate different network devices when sending and receiving data streams. Public addresses are Internet-facing addresses that allow devices to communicate with each other that are on separate networks through an internet connection. The most common type of NAT is Port Address Translation (PAT), where the private IP address is assigned an ephemeral port number, and that number is appended to the router’s public IP address.
Which IP address is used by Class B private networks?
A)192.168.0.0
B)127.0.0.1
C)172.16.0.0
D)10.0.0.0
C)172.16.0.0
Private IP addresses are not valid on the Internet whereas, public IP addresses are valid as nodes on the Internet. They can be resolved and routed across the Internet from one point to another unlike private IP.
The following IPv4 address ranges are reserved for private networks:
Class A network:
10.0.0.0 - 10.255.255.255
(10/8 prefix) range
Used for large network that requires a bigger pool of 16 million private IP addresses
Class B network:
172.16.0.0 - 172.31.255.255
(172.16/12 prefix) range
Used for medium-sized network that requires 65000 private IP addresses
Class C network:
192.168.0.0 - 192.168.255.255
The 172.16.0.0 address is used by Class B private networks. Private network IP addresses are those addresses that are reserved for use on private networks and cannot be used on the Internet. The valid IP address ranges for private networks are 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255. If you plan to deploy a private IP address range on your network and need to provide Internet access as well, a Network Address Translation (NAT) server will be needed.
The 10.0.0.0 address is a Class A IP address for private networks. The 192.168.0.0 address is a Class C IP address for private networks.
The 127.0.0.1 address is the software loopback address. The following are the five valid IPv4 address classes:
Class A – 1.0.0.0 to 126.0.0.0
Class B – 128.0.0.0 to 191.255.0.0
Class C – 192.0.1.0 to 223.255.255.0
Class D – 224.0.0.0 to 239.255.255.255
Class E – 240.0.0.0 to 255.255.255.255
Classes A, B, and C are valid addresses used on IP networks. Class D addresses are reserved for multicasting. Class E addresses are considered experimental or research addresses and should never be used. All of the ranges that are not part of the private reserved IP address are public addresses.
You are unable to access your company’s website using its fully qualified domain name (FQDN). However, if you use the IP address of the website, you can access the home page.
What may be the cause of the problem?
A)The DHCP scope is configured incorrectly.
B)The company’s website is down.
C)The Domain Name System (DNS) server is down.
D)The DHCP server is down.
C)The Domain Name System (DNS) server is down.
Which protocol is used by Active Directory?
A)LDAP
B)SMB
C)SFTP
D)SSH
A)LDAP
Lightweight Directory Access Protocol (LDAP) is used by Active Directory. It is used by applications to access directories. By default, it uses port 389.
Server Message Block (SMB) is the application that was responsible for the NetBIOS naming service. NetBIOS names were managed by the old Microsoft WINS servers. It uses ports 137-139 and 445.
Secure File Transfer Protocol (SFTP) is a secure version of File Transfer Protocol (FTP) that uses an SSH tunnel. While FTP uses port 20 and 21, SFTP uses port 22.
Secure Shell (SSH) is a secure remote terminal application that works over the Internet. SSH uses port 22.
Match the IPv6 addresses on the left with the IPv6 address type to which each belongs. Each address will only match to a single address type, and each address type will only have a single address.
::1/128
fc00::/7
fe80::/10
APIPA
Private
Loopback
The IPv6 address types should be matched with the given IPv6 addresses as follows:
APIPA – fe80::/10
Private – fc00::/7
Loopback – ::1/128
An Internet Protocol Version 6 address (IPv6 address) is a numeric label that is used to identify and locate a network interface of a computer or a network node participating in a computer network using IPv6. IP addresses are included in the packet header to indicate the source and the destination of each packet. The IP address of the destination is used to make decisions about routing IP packets to other networks.
IPv6 is the successor to the first addressing infrastructure of the Internet, Internet Protocol version 4 (IPv4). In contrast to IPv4, which defined an IP address as a 32-bit value, IPv6 addresses have a size of 128 bits. Therefore, in comparison, IPv6 has a vastly enlarged address space.
A user who is obviously inexperienced calls in and tells you the following: “My cable TV was just installed. I went to the computer store and bought a device to help me get on the Internet. After I put it together, it looks like an upside-down spider. There are some lights blinking on it, but my computer won’t let me see Facebook.” What is the most likely cause of the user’s issue?
A)Router/switch functionality
B)Wired Wireless Encryption
C)NIC configuration
D)Cable/DSL Modem configuration
A)Router/switch functionality
You will most likely need to assist the user with router/switch functionality. The user is most likely describing an 802.11ac router with a built-in switch. For most small office home office (SOHO) routers, router/switch functionality can be accomplished by running an Ethernet patch cable from a desktop or laptop computer to the router. The IP address (usually 192.168.1.1) is often printed on the bottom of the router, as well as the default username and password. Once you have the IP address, username, and password, open a browser and type in the address. In most circumstances, you will be asked for the username and password. If you entered the IP address, username, and password correctly, you will be able to see the interface used to configure the router/switch functionality you require.
The user is not describing an issue with wired or wireless NIC configuration. In Windows 10, NICs can be configured by going to Control Panel > Network and Internet > Network and Sharing Center > View network status and tasks > Change adapter settings, and then selecting the adapter, typically labeled Ethernet. When you right-click the adapter, you will see a pop-up menu where you can adjust the most common settings.
Configuring wireless encryption would provide enhanced security, but would not help with the initial configuration issue being described.
Cable/DSL modem is not the most likely answer. Cable and DSL modems do not have multiple antennas for wireless. They typically serve as the default gateway for a SOHO network. Cable modems are a type of network bridge that allows for data communication via radio frequency channels to deliver broadband internent access in the form of cabling. DSL is a family of technologies that are used to transmit digital data over telephone lines.
Which improvements does IPv6 provide over the current IP addressing scheme? (Choose two.)
A)The IP address size increased from 128 bits to 156 bits with simpler auto-configuration of addresses.
B)Some header fields have been dropped or made optional.
C)A new type of address is used to deliver a packet to a specific address node.
D)Header fields have been made mandatory to reduce processing requirements.
E)The IP address size is increased from 64 bits to 128 bits with simpler auto-configuration of addresses.
F)The IP header options allow more efficient forwarding and less rigid length limits.
B)Some header fields have been dropped or made optional.
F)The IP header options allow more efficient forwarding and less rigid length limits.
IPv6 (version 6) or IPng (next generation) offers the following improvements over IPv4:
IP address size increases from 32 bits to 128 bits.
Some of the header fields have been dropped.
Version 6 has less rigid length limits and the ability to introduce new options.
Packets will indicate particular traffic type.
Support will be provided for data integrity and confidentiality.
The IPv6 header is 40 fixed bytes and has eight fields of information.
You want to set up a wireless network that uses the 5 GHz band. Which two wireless specifications could you use? (Choose two.)
A)802.11n
B)802.11b
C)802.11ac
D)802.11g
A)802.11n
C)802.11ac
Specification Frequency Speed
802.11a 5 GHz up to 54 Mbps
802.11b 2.4 GHz up to 11 Mbps
802.11g 2.4 GHz up to 54 Mbps
802.11n (WiFi 4) 2.4 GHz or 5 GHz up to 600 Mbps
802.11ac (WiFi 5) 5 GHz up to 1,300 Mbps (1.3 Gbps) in 5 GHz
with multiple access points
802.11ax (WiFi 6) 2.4 GHz, 5 GHz, or 6 GHz up to 9.6 Gbps, commonly 600 Mbps
What are the first two octets of a Class B private IP address?
A)192.168. through 192.254.
B)10.0. through 10.192.
C)172.0. through 172.15.
D)172.16. through 172.31.
D)172.16. through 172.31.
The first two octets of a class B private address would range from 172.16 through 172.31. Class B private addresses range from 172.16.x.x through 172.31.x.x.
The private address ranges are:
- Class A – 10.0.0.0 through 10.255.255.255
- Class B – 172.16.0.0 through 172.31.255.255
- Class C – 192.168.0.0 through 192.168.255.255
Which of these would a hospital group use to connect its various neighborhood offices to the main facility when all are located within the same city or region?
A)MAN
B)WLAN
C)WAN
D)LAN
A)MAN
A metropolitan area network (MAN) would be used by the hospital to connect its various neighborhood offices to the main facility when all are located within the same city or region. MANs connect several LANS together in an area roughly the size of a city.
A local area network (LAN) covers a small geographic area. Typically, a LAN is confined to a campus, a single building, a floor of a building, or an area with in a building.
A wireless local area network (WLAN) is limited in size by the area(s) served by the access point(s).
A wide area network (WAN) uses routers (or a collection of routers) to connect LANs that are dispersed over a large geographic area. An example would be a company with office locations in Boston, Miami, Chicago, Dallas, Denver, and San Francisco. Each office has its own LAN, and routers are used to provide connections between the offices. By building the WAN, the offices can share resources and data.
Another type of network topology that you should be familiar with for the Network+ exam is a software-defined wide area network (SDWAN). A SDWAN was created to address modern IT challenges, and was designed to lower operational costs while also improving resource usage during multisite deployments. With a SDWAN, network administrators can use bandwidth more efficiently and can help ensure high levels of performance for critical applications without reducing security or privacy. SDWANs can exist in both cloud and on-premises infrastructures by using virtual WAN architecture.
You administer your company’s 100BaseTX Ethernet network. TCP/IP is the networking protocol used on the network. You want the routers on the network to send you notices when they have exceeded specified performance thresholds. Which protocol should you use to enable the routers to send the notices?
A)SNMP
B)SMTP
C)Telnet
D)ARP
A)SNMP
Of the protocols presented, you should use Simple Network Management Protocol (SNMP) to enable the routers to notify you when they exceed specified performance thresholds. SNMP is a protocol in the Transmission Control Protocol/Internet Protocol (TCP/IP) suite that enables the collection of data about various devices connected to a TCP/IP network, including bridges, hubs, and routers. Each SNMP-compatible device has a Management Information Base (MIB) database that defines the type of information that can be collected about the device. You can also configure SNMP traps to analyze network performance and network problems. A trap is a message that an SNMP-compatible device sends when the device has exceeded a performance threshold. You can configure SNMP to send traps to the network management software you are using, to your email address, or to another destination.
Address Resolution Protocol (ARP) is used on a TCP/IP network to resolve Internet Protocol (IP) addresses to media access control (MAC) addresses. TCP/IP uses IP addresses to identify hosts, whereas Ethernet uses MAC addresses to identify network nodes. For Ethernet and TCP/IP to interoperate, a host’s IP address must be resolved to a MAC address. You cannot use ARP to notify you when network devices have exceeded performance thresholds.
Simple Mail Transfer Protocol (SMTP) is used to transfer email messages from email clients to email servers. SMTP is also used to transfer email messages between email servers. SMTP will not send traps when network devices have exceeded performance thresholds.
Telnet is a terminal emulation protocol. You can use Telnet to establish a remote session with a server from a local host through a terminal window to issue commands on the remote server. Telnet client software provides you with a text-based interface and a command line from which you can issue commands on a server that supports the Telnet protocol. Telnet will not send notices when network devices have exceeded established performance thresholds.
Match the characteristics on the left to the appropriate column on the right. A characteristic may apply to IoT only, to SCADA only, to both, or to neither. You may drag and drop each characteristic as many times as required, once, or not at all.
Characteristics
Incorporates remote sensors
Governs critical infrastructure like utilities, transportation, and water treatment
Collects and analyzes data using WiFi, Bluetooth, and cloud computing
Collects and analyzes data using field units, HMIs, and microprocessors
Powers home automation and wearable technology
Gains on-board computing power from microcontrollers
Designed for easy firmware updates and frequent security patching
IoT
SCADA
Internet of Things (IoT):
Incorporates remote sensors
Powers home automation and wearable technology
Collects and analyzes data using Wi-Fi, Bluetooth, and cloud computing
Gains on-board computing power from microcontrollers
Supervisory Control and Data Acquisition (SCADA):
Incorporates remote sensors
Governs critical infrastructure like utilities, transportation, and water treatment
Collects and analyzes data using field units, HMIs, and microprocessors
Both SCADA and IoT devices use remote sensors to collect environmental data. SCADA is designed to collect field data, transmit it to a centralized location, and display it to an operator through a human-readable interface. A frequent use for IoT is to automate climate control and security systems, which means devices must detect temperature, light levels, and movement.
SCADA is a system of software and hardware elements that allows organizations to control automated processes locally or at remote locations; to monitor, gather, and process data; to directly interact with devices like sensors or valves; and to record events into a log file. SCADA is part of the larger category of industrial control systems (ICS), which is a combination of electrical and mechanical components that act together to monitor, control, and safely execute an industrial process in an area like mining, utilities, manufacturing, or transportation.
The main components of SCADA are field instrumentation (including sensors), field controllers, human-machine interfaces (HMIs), a network connection, and a means of aggregating the collected data, whether remotely or on-premises. Microprocessors in the field instruments convert the sensor input into usable data.
A major weakness of both IoT devices and SCADA is that neither was designed to accommodate secure networking, easy firmware updates, or regular security patching. These are typically after-market considerations handled by third-party applications, not the device or component manufacturers. ICS began as highly specialized hardware and software that ran in physically secured locations without network connections. As IT evolved, legacy ICS systems had new IT capabilities layered on top to provide remote monitoring or “smart” automation. Because ICS components have extremely long lifecycles (decades instead of years), they did not anticipate modern cyber security concerns. For that reason, SCADA and IoT systems are targeted by unique cyber attacks.
An Internet of Things (IoT) device is a “smart” device with an embedded microcontroller and connectivity features. The purpose of IoT is to add automation, data collection, and remote control capabilities to physical objects like doorbells, cameras, speakers, appliances, houses, and cars. IoT has rapidly expanded past the consumer market to find uses in industry, healthcare, and transportation as well. A networked IoT technology consists of four main components:
Sensing Technology: Sensors integrated in the devices gather data from their environment, such as temperature, gases, location, the operation of some industrial machines, or human biometric data.
IoT Gateways: Gateways bridge the gap between IoT devices (internal network) and end users (external network). The gateway sends the data acquired by the sensors in the IoT device to the connected user or the cloud.
Cloud Server/Data Storage: The gathered data comes in the cloud after passing via the gateway, where it is stored and subjected to data analysis. The user receives the processed data through an application UI and has the option to take various actions based on the resulting data.
Mobile App: The end user monitors, controls, retrieves data, and takes a particular action on IoT devices from a remote location using remote controls such as mobile phones, tablets, computers, and other devices that have a mobile app loaded.
IoT devices use a number of different protocols to communicate, including:
Bluetooth Low Energy (BLE)
Light-Fidelity (Li-Fi)
Near Field Communication (NFC)
QR codes and barcodes
Radio Frequency Identification (RFID)
Thread
Wi-Fi and Wi-Fi Direct
Z-wave
ZigBee
ANT
You have a single switch, and you need to separate the network traffic for the Marketing and Accounting departments. What would be the easiest way to accomplish this?
A)VLAN
B)Reservation
C)NAT
D)Link-local address
A)VLAN
A virtual LAN (VLAN) allows you to segregate network traffic based on the switch port connections. As an example, if computers in the Marketing department are connected to ports 3, 6, 12 and 14, those ports can be assigned to VLAN100. If computers in the Accounting department are connected to ports 4, 15, 17, and 20, they can be assigned to VLAN200. In this configuration, computers on VLAN100 would be segregated from computers on VLAN200. VLAN assignments can span multiple switches, but each switch port can only belong to one VLAN. By default, all switch ports are assigned to VLAN1.
Link local addresses in IPv6 begin with FE80::. In IPv6, link-local addressing functions much in the same way that Automatic Private IP Addressing (APIPA) does in IPv4, but link-local addresses are created whether or not DHCP is present. In IPv4, an IP address of 169.254.x.x will be assigned when DHCP server is not available. An APIPA address allows the computer to communicate with other devices on the network. Link-local and APIPA addresses are not routable addresses.
DHCP reservations allow you to assign a relatively permanent IP address to a specific device. When the reservation is created, the IP address is assigned to the device’s MAC address. When the device sends out a DHCP query, the reservation is assigned based on the information in its record. It is often advantageous to assign a static IP address to devices like wireless access points, printers, servers, and routers. You can also create a pool of reserved address, such as 192.168.1.200 through 192.168.1.250, to allow for future static assignments.
Network Address Translation (NAT) allows for the use of a private, non-routable IP address in an internal network. Upon receiving the outbound traffic from the internal network, the router substitutes a routable public IP address and forwards the traffic. When the traffic comes back to the router, the router translates the public address back to the private address and forwards the traffic back to the device on the internal network. Private address are IP addresses that are solely used within a local area network to differentiate different network devices when sending and receiving data streams. Public addresses are Internet-facing addresses that allow devices to communicate with each other that are on separate networks through an internet connection. The most common type of NAT is Port Address Translation (PAT), where the private IP address is assigned an ephemeral port number, and that number is appended to the router’s public IP address.
What is the purpose of a pointer (PTR) DNS record?
A)It maps an IP address to a hostname.
B)It contains an alias for an existing A record.
C)It contains information regarding a particular DNS zone’s start of authority.
D)It helps filter spam email.
E)It maps a hostname to an IPv4 address.
F)It maps a domain name to an e-mail server.
G)It maps a hostname to an IPv6 address.
A)It maps an IP address to a hostname.
A pointer (PTR) record maps an IP address to a hostname.
A host or address (A) record maps a hostname to an IPv4 address. An AAAA record maps a hostname to an IPv6 address. A mail exchange (MX) record maps a domain name to an e-mail server. A canonical name (CNAME) record contains an alias for an existing A record. A start of authority (SOA) record contains information regarding a particular DNS zone’s start of authority.
A Domain Name System (DNS) server is the authority for a DNS zone, which contains DNS records. DNS servers allow users to request access to devices using either the devices’ hostname or IP address. A DNS server stores fully qualified domain name (FQDN) to IP address mappings. This server allows clients to use the easier-to-remember FQDNs to access remote devices.
Dynamic DNS is an implementation of DNS that allows real-time updates to DNS records. With Dynamic DNS (DDNS), devices can automatically update their DNS records or allow a DHCP server to implement the updates on behalf of the DNS client.
Text (TXT) records contain human-readable text and are designed to help with fraudulent phishing emails by filtering out emails that are spoofed. Within TXT records, there are three important components that help with spam management. The DomainKeys Identified Mail (DKIM) validates that an email sent from a domain was authorized by the owner of the domain. The Sender Policy Framework (SPF) looks at the addresses of the last SMTP server and verifies that the IP address and SMTP server match to detect spoofing attacks. Lastly, the Domain-based Message Authentication, Reporting, and Conformance (DMARC) system is used to give email domain owners the ability to protect their domain from unauthorized use to prevent spoofing attacks.
What is the network prefix that is used to denote an unsubnetted Class C IP address?
A)/8
B)/24
C)/32
D)/16
B)/24
The network prefix /24 is used to denote an unsubnetted Class C IP address. Class-based IP addresses were the first types of addresses assigned on the Internet. The first octet of a Class A IP address is from 1 through 126 in decimal notation, and the first octet of a Class A IP address is the network address. The first octet of a Class B IP address is from 128 through 191 in decimal notation, and the first two octets of a Class B IP address are the network address. The first octet of a Class C IP address is from 191 through 223, and the first three octets of a Class C IP address are the network address.
Each class has a default subnet mask. The default subnet mask for a Class A subnet is 255.0.0.0. The default subnet mask for a Class B network is 255.255.0.0. The default subnet mask for a Class C network is 255.255.255.0.
Subnetting was introduced to enable more efficient use of the IP address space. In subnetting, some host bits of a class-based IP address are used as network address bits to enable smaller groupings of IP addresses to be created than the groupings offered by class-based IP addresses. For example, you have an office with 200 computers that reside on four separate networks consisting of 50 computers each. If each network has been assigned its own Class C IP address range, then 204 IP addresses will not be used in each range, for a total of 816 wasted IP addresses.
With subnetting, a single Class C IP address range can provide IP addresses for the hosts on all four networks. If you subnetted a single Class C IP address range, then only 48 IP addresses would be wasted.
A subnet mask is a 32-bit binary number that can be compared to an IP address to determine which part of the IP address is the host address and which part of the IP address is the network address. Every 1 bit in a subnet mask indicates a bit in the network address, and every 0 bit in the subnet mask indicates a bit in the host address. For example, on a network that uses an unsubnetted Class C IP address range, the IP address 192.168.0.1 has a subnet mask of 255.255.255.0. In binary notation, 255 is represented as 11111111. In binary notation, the subnet mask 255.255.255.0 is represented as 11111111 11111111 11111111 00000000.
The binary representation of the IP address 192.168.0.1 is:
11000000 10101000 00000000 00000001
The following is a comparison of the binary subnet mask and the binary IP address:
11111111 11111111 11111111 00000000 Subnet Mask
11000000 10101000 00000000 00000001 IP Address
From this comparison, you can see that the first 24 bits of the IP address, or 192.168.0 in decimal notation, are the network address, and the last eight bits of the IP address, or 1 in decimal notation, are the host address.
Another method, called a network prefix, is also used to determine which part of an IP address is the network address and which part of an IP address is the host address. The network prefix method appends a slash (/) character and a number after the IP address, as in the following example:
192.168.0.1/24
In this example, the network prefix indicates that the first 24 bits of the IP address, or 192.168.0 in decimal notation, are the network address, and the last eight bits of the IP address are the host address.
A range of IP addresses can be expressed very simply with Classless Inter-Domain Routing (CIDR) notation. CIDR notation looks like an IP address followed by a slash with a number–for example, 192.168.0.0/24. The number after the slash is the bit mask for the network. Simply put, it tells you how many bits are the same for each IP on the subnet. This also tells you which parts of the IP addresses can vary, and that gives you the range. 192.168.0.0/24 indicates that the first 24 bits are all the same on this range of IP addresses. The CIDR notation for the range of IP addresses from 192.168.0.0 through 192.168.0.255 is 192.168.0.0/24. The CIDR notation for the 128.1.0.1 through 191.255.255.254 range is 128.1.0.1/2. The CIDR notation for the 69.4.128.0 through 69.4.159.255 is 69.4.128.0/19.
You work as a network technician for an accredited university that has recently decided to upgrade its wireless network capabilities for its campus. The current configuration has many dead zones. The campus stretches several kilometers and experiences significant foot traffic from students, staff, and visitors.
The upgraded network must cover the campus without sacrificing performance. The university has given your team a large budget to implement these upgrades. Which factors should you consider when implementing a long-range wireless network? (Choose three.)
A)Antenna type
B)Power considerations
C)Ethernet jack locations
D)Regulatory requirements
A)Antenna type
B)Power considerations
D)Regulatory requirements
You should consider all of these factors except ethernet jack locations when implementing a long-range wireless network.
The power requirements for long-range networks that span several kilometers is very intensive and can become expensive to implement. Understanding these requirements is critical as you must ensure that the wireless system has sufficient power to continuously operate without exceeding power draw regulations.
Governmental regulations are unavoidable and must be taken into consideration when operating any form of wireless network. Depending on location, there may be a variety of federal, state, and local laws that you will need to comply with. These regulations can dictate which wireless frequencies can be used, how much power a wireless network can draw, and which types of antennas can/cannot be used.
Antenna considerations are another important factor. Both antenna placement as well as the type of antennas used can drastically change the effectiveness of your wireless network. A standard wireless antenna only has a range of 30 meters indoors and 100 meters outdoors, whereas a directional antenna can improve the range of a network to many kilometers within line of sight. Different antennas provide different benefits and drawbacks when it comes to coverage, power consumptions, and cost.
Ethernet jack locations would not be a factor, as this is a wireless network.
Wireless devices use radio frequencies to transmit data and communicate over a network. For wireless frequencies, between 300 Megahertz (Mhz) and 6 Gigahertz (GHz) provides the optimal communications for modern data transmissions. The Federal Communications Commission (FCC) has licensed radio frequencies within this range to different users and organizations for a fee for the exclusive right to transmit on their assigned frequency within a geographic area in return for no interference. However, organizations can choose to still use airwaves without consulting the FCC and become unlicensed users. Currently there are very few bands that can be utilized by unlicensed groups, which often results in interference occurring from other unlicensed groups using the same frequencies. Whenever implementing a wireless network, it is important to understand what frequencies you will be using, as licensed ones cost more but provide the best performance, and unlicensed ones cost nothing but are often associated with slow performance.
You have deployed several 802.11b wireless networks at your company’s location. Recently, users complained that they were having trouble connecting to the wireless networks. After surveying the area with a Wi-Fi analyzer, you determine that each wireless network is using different non-overlapping channels. You suspect that the problem is being caused by interference. Which device can cause interference with the WLANs?
A)Cell phones
B)Electrical wiring
C)Cable TV cabling
D)Microwave ovens
D)Microwave ovens
Microwave ovens can cause interference for 802.11b wireless local area networks (WLANs) that operate in the 2.4-GHz frequency band. Microwave ovens operate at the 2.45-GHz frequency band and can cause interference when used in areas where 802.11b WLANs are deployed.
Most medical equipment that uses radio frequencies operates in the 2.4-GHz ISM frequency band. Therefore, when doing a site survey, you must consider the interference by microwave ovens, cordless phones, fluorescent lights, and other devices that operate in the 2.4-GHz ISM frequency band, and you should plan the positions of the access points to avoid interference.
Pools of water, trees, and construction materials, such as steel and wood, may absorb the radio frequency signals from 802.11b 2.4-GHz WLANs. Objects with water content should be avoided to prevent signal absorption problems.
Cellular phones and cable TV cabling do not cause interference with 802.11b WLANs. Keep in mind that wireless networks can be affected by other wireless devices, metal, and water.
To overcome interference, you may need to increase the signal strength on the wireless access point. Intermittent wireless can also result from a faulty internal wireless card. Check the internal cable connections for the wireless card if none of the other troubleshooting techniques has solved the problem.
A Wi-Fi analyzer (or wireless locator) is a tool that finds nearby wireless networks and displays information about their channels/frequencies, including physical locations, signal levels, SSIDs, and channels in use. A Wi-Fi analyzer can be an app installed on your laptop or phone, or a standalone device with a built-in antenna. Some may display a map of the wireless network showing connected devices.
Which of the following server roles is responsible for the assignment of IP addresses?
A)DHCP server
B)Web server
C)Proxy server
D)DNS server
A)DHCP server
A Dynamic Host Configuration Protocol (DHCP) server is responsible for the assignment of IP addresses. IP addresses may be assigned at random (dynamically) or by permanent assignment (static) based on a pool of available addresses.
A web server hosts web pages, web services, and web applications.
A proxy server acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service. The proxy server may exist in a firewall server or on a separate server, which forwards requests through the firewall. A proxy server caches web data and images.
The Domain Name System (DNS) server maintains the mapping of the relationship between the name of a domain (www.whatever.com) and the corresponding IP address where the domain is hosted. It is analogous to a telephone directory or an address book.
For the A+ exam you must also understand the following server roles:
- File server (also referred to as fileshare server) – makes documents, spreadsheets, and other files available over the network.
- Print server – manages access to printers over the network. Print jobs are sent to the printer using the printer’s IP Address.
- Mail server – manages user e-mail accounts, serves as a central collection point for incoming emails, delivers e-mail to individual user accounts, and forwards outgoing emails. Examples of mail servers include Microsoft Exchange, Gmail, and Outlook.
- Authentication server – validates the credentials of a user or device attempting to access the network. Authentication may come in one of many forms, including username/password, biometrics, and tokens. RADIUS is an example of an authentication server. These servers can provide Authentication, authorization, accounting (AAA) services to ensure that connecting users are valid users, have access only to the services they need, and can track their actions to ensure that their behavior is appropriate.
- Syslog Server – Syslog, or System Logging Protocol is a standard protocol that is used to send system log or event messages to a designated server, creating a centralized location where administrators can monitor and respond to any notable events.
You are a desktop administrator for Nutex Corporation. A user reports that he is unable to access network resources. You notice a break in the network cable. You need to create a new network cable to connect the computer to the RJ-45 jack in the wall. What should you use to connect the end of the cable to an RJ-45 connector?
A)Pliers
B)Optical tester
C)Time-domain reflectometer
D)Wire crimper
D)Wire crimper
Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column on the right to match the protocol with the correct default port.
Protocols
FTP
DNS
HTTP
Telnet
SMTP
Default Ports
Port 20
Port 23
Port 25
Port 53
Port 80
The protocols given use these default ports:
Port 20 – FTP
Port 23 – Telnet
Port 25 – SMTP
Port 53 – DNS
Port 80 – HTTP
FTP also uses port 21, but it was not listed in this scenario.
Which type of address does a hardware vendor assign?
A)Logical network address
B)Physical Internet address
C)Internet zip code
D)Physical device address
D)Physical device address
The physical device, or hardware, address is also referred to as the Media Access Control (MAC) address. A MAC address is a unique number that is assigned to a network interface card (NIC) when the card is manufactured. No two computers on a network can have the same MAC address.
The Data Link layer of the OSI model uses these addresses to communicate between devices on local network segments. Although these addresses are considered permanently assigned, some protocols enable them to be changed. An example of a MAC address is 00-AA-00-62-A1-09.
A user contacts you regarding an end-user device configuration issue. He is installing a new smart-home device that will replace an older device. The old device has two large wires and is marked 100 VAC. The new device has many wires in multiple colors. What is the user trying to install?
A)Security camera
B)Door lock
C)Light switch
D)Thermostat
D)Thermostat
The user is trying to install a smart thermostat. Smart thermostats are IoT devices that work with low-voltage systems, characterized by several wires in multiple colors. Low-voltage systems typically use 50 volts of electricity or less. Older high-voltage systems use only two or four wires, often labeled as 110 volts AC (110 VAC), 115 volts AC (115 VAC), or 120 volts AC (120 VAC). Smart thermostats are not compatible with older high-voltage systems.
Smart light switches are relatively easy to install. Usually, it is simply a matter of removing the old light switch and installing the new one. Light switches typically have a hot (black) wire, a neutral (white) wire, and a copper ground wire and use 110-120 volts in North America. One thing to keep in mind is that the smart light switch takes up more space in the junction box than a standard light switch. Another issue to consider is that a metal junction box may interfere with Zigbee and Z-wave signals.
Smart security cameras do not normally require wires other than the power connection. All of their communication is wireless.
Smart door locks typically attach to a controller panel mounted on the interior side of the door using one or two wires. An all-mechanical lock that is not a smart lock would not typically have wires coming from it.
Other items to consider in IoT device configuration include voice-enabled smart speaker/digital assistants. At the time of this writing, such items include Google Home, Google Assistant, Apple HomePod, and Amazon Alexa.
Your company wants employees to be able to securely connect to the corporate network from remote locations over the Internet. Which type of connection should you set up?
A)IMEI
B)VPN
C)IMAP
D)IMSI
B)VPN
To securely connect to a corporate network from remote locations over the Internet, you should set up a virtual private network (VPN).
To set up a VPN connection on an iPhone, go to Settings > General > VPN. Choose Add VPN Configuration, and enter the settings provided to you by the VPN administrator.
To configure a VPN connection on an Android device, using the integrated VPN, you should select Wireless and Network Settings under Menu. Then select VPN. In the VPN Screen, select Add VPN Network. Provide the VPN Name and the IP address of the VPN Server, and then save the configuration. When you wish to connect to the VPN, supply the appropriate login credentials and select Connect.
Which of the following is an example of an IPv6 address?
A)192.1.0.1
B)00-0C-F1-56-98-AD
C)fe80::200:f8ff:fe21:67cf
D)127.0.0.1
C)fe80::200:f8ff:fe21:67cf
An example of an IPv6 address is fe80::200:f8ff:fe21:67cf.
An example of an IPv4 address is 127.0.0.1 and 192.1.0.1.
An example of a MAC address, which is hard-coded into the network interface card (NIC) by the manufacturer, is 00-0C-F1-56-98-AD.
You are setting up a network segment in the Research and Development department. Due to the sensitive and proprietary nature of the work in this department, you want to ensure that only computers belonging to that department can access that network segment. Which option would you use?
A)NAT
B)MAC filtering
C)QoS
D)DMZ
B)MAC filtering
You should use MAC filtering. MAC filtering allows you to specifically configure which computers are allowed on the network, and to specify which computers are denied access to the network. You would include the MAC addresses of departmental computers on an Allow list (referred to as whitelisting). Likewise, you would include MAC addresses of computers that should not be given access on the Block list (referred to blacklisting). Some devices may only allow you to configure an allow or deny list, but not both. Whitelisting/blacklisting is a function of MAC filtering.
A demilitarized zone (DMZ) places a firewall between your private network (LAN) and the public network (the Internet) or between two networks. Devices such as web servers and mail servers are often put inside a DMZ, which is also referred to as a screened subnet.
Network Address Translation (NAT) allows traffic from a private network to reach the Internet and return. For example, assume a computer on the internal private LAN has an IP address of 192.168.1.140, and the default gateway has an IP address of 71.38.117.45. When traffic from 192.168.1.140 is sent, the gateway assigns it a port number in the ephemeral range, say 45798. The gateway router then uses its own IP address and the assigned port (71.38.117.45:45798) to route traffic to the Internet.
Quality of Service (QoS) assigns priorities to different types of network traffic. This allows the network to allocate more bandwidth to traffic with higher priority, and less bandwidth to traffic that you have designated as having a lesser importance. QoS does not affect which device is allowed to access a network.
How many bits are in a MAC address?
A.24
B.36
C.48
D.64
C. MAC addresses are 48-bit.
What is the minimum Cat level cable required for a 1000BASE-T network?
A.Cat 1
B.Cat 5
C.Cat 5e
D.Cat 6
B. 1000BASE-T networks need Cat 5 or better UTP.
Which of the following is an example of a hybrid topology?
A.Bus
B.Ring
C.Star
D.Star bus
D. A star bus topology, like the one used with Ethernet networks, is a hybrid topology.
A typical Cat 6 cable uses which connector?
A.RJ11
B.RJ45
C.Plenum
D.PVC
B. Cat 6 cables use an RJ45 connector.
Why would you use STP over UTP cabling?
A.Cheaper.
B.Easier to install.
C.Better to avoid interference.
D.They’re interchangeable terms.
C. Shielded twisted pair cabling handles interference from other electronics much better than unshielded twisted pair.
What kind of frame gets received by all NICs in a LAN?
A.Cat 7
B.Broadcast
C.WAN
D.SC, ST, or LC
B. All NICs in a LAN will receive broadcast frames.
Which TCP/IP protocol, designed to download email, allows for multiple clients to be simultaneously connected to the same mailbox?
A.SMTP
B.POP3
C.IMAP
D.SMB
C. Internet Message Access Protocol (IMAP) is a secure protocol designed to download email. It has several advantages over the older Post Office Protocol 3 (POP3). First, IMAP4 works in connected and disconnected modes. Second, it lets you store the email on the server, as opposed to POP3, which requires you to download it. Third, IMAP4 allows multiple clients to be simultaneously connected to the same inbox. Simple Mail Transfer Protocol (SMTP) is used for sending mail, and Server Message Block (SMB) is used in sharing files across a network.
You are using your laptop on the company network. In your web browser, you type www.google.com and press Enter. The computer will not find Google. You open the browser on your phone, and using your cellular connection, you can open Google without a problem. Your laptop finds internal servers and can print without any issues. What is the most likely reason you can’t open Google?
A.DNS server problem
B.DHCP server problem
C.Missing subnet mask
D.Duplicate IP address
A. The Domain Name System (DNS) server is responsible for resolving hostnames, such as www.google.com, to IP addresses to enable communication. If it’s not working properly or you can’t connect to it, you won’t be able to browse the Internet using friendly website names. Dynamic Host Configuration Protocol (DHCP) is used to assign IP addresses to network clients. The subnet mask might be incorrect, but it wouldn’t be missing, and a duplicate IP address would provide an error message stating that.
Which one of the following TCP/IP protocols was designed as a replacement for Telnet?
A.SMB
B.SSH
C.SFTP
D.FTPS
B. Secure Shell (SSH) can be used to set up a secure session over port 22 for remote logins or for remotely executing programs and transferring files. Because it’s secure, it was originally designed to be a replacement for the unsecure telnet command. Server Message Block (SMB), File Transfer Protocol (FTP), and FTP Secure (FTPS) protocols are used for sharing files across a network.
Which of the following network connectivity devices operates at Layer 2 of the OSI model?
A.Hub
B.Switch
C.Cable
D.Router
B. A switch operates at layer 2 of the open systems interconnection (OSI) model. Layers of the OSI model are (1) physical, (2) datalink, (3) network, (4) transport, (5) session, (6) presentation, and (7) application. The physical layer encompasses transmission media such as unshielded twisted pair (UTP), shielded twisted pair (STP), fiber optic, and so on. The datalink layer deals with transmitting frames on a LAN, so it includes the network interface card (NIC) and switch. Routers operate on OSI layer 3, because they transmit data between networks. Hubs work on OSI layer 1 because they merely connect devices in the same collision domain without regard to packet header information. The OSI model is not listed as an objective on the CompTIA A+ exam, but understanding it will help you understand network communications.
Which of the following TCP/IP protocols is connection-oriented and attempts to guarantee packet delivery?
A.IP
B.TCP
C.UDP
D.ICMP
B. Transmission Control Protocol (TCP) guarantees packet delivery through the use of a virtual circuit and data acknowledgments, and User Datagram Protocol (UDP) does not. Because of this, TCP is often referred to as connection-oriented, whereas UDP is connectionless. Internet Protocol (IP) is used to get packets to their destination across the Internet, and Internet Control Message Protocol (ICMP) is used by connectivity devices to diagnose problems and send messages.
Which TCP/IP protocol allows a user to log into a remote computer and manage files as if they were logged in locally?
A.FTP
B.SFTP
C.SMB
D.RDP
D. Remote Desktop Protocol (RDP) is a replacement for the older Telnet protocol, which is not secure. RDP, as its name implies, lets users log into a local machine and use a remote machine almost as if they were sitting at it. RDP uses port 3389. File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), also called Secure Shell (SSH) FTP, and Server Message Block (SMB) protocols are all used for sharing files across a network.
Which Wi-Fi standard is the fastest, operating in both the 2.4 and 5 GHz frequencies?
A.802.11a
B.802.11ac
C.802.11ax
D.802.11n
C. 802.11ax (Wi-Fi 6) is considered a replacement for 802.11ac (Wi-Fi 5). 802.11ac operates in the 5 GHz frequency, while 802.11ax can operate between 1 and 7.125 GHz frequencies, encompassing the 2.4 GHz and 5 GHz bands. 802.11ac can send data at over 1 Gbps, while 802.11ax can be several times that. 802.11a was adopted in 1999. It operates at 54 Mbps in the 5 GHz frequency band. 802.11n was adopted in 2008. It operates at 600 Mbps in both the 2.4 GHz and 5 GHz ranges.
Bob has a device that operates at 5 GHz. He is unable to connect his device to a LAN that he hasn’t accessed before, although he has verified that he has the correct password. What type of network might pose this problem?
A.802.11g
B.802.11n
C.802.11ac
D.802.11ax
A. If Bob is trying to connect to an 802.11g network, his device will not be able to connect because 802.11g operates on the 2.4 GHz frequency only. 802.11n and 802.11ax both operate on 2.4 GHz and 5 GHz. 802.11ac operates only on the 5 GHz frequency.
Which TCP/IP protocol is used to provide shared access to files and printers on the network?
A.FTP
B.SSH
C.SMB
D.SMTP
C. Server Message Block (SMB) is a protocol used to provide shared access to files, printers, and other network resources. In a way, it functions a bit like File Transfer Protocol (FTP), only with a few more options, such as the ability to connect to printers and more management commands. Secure Shell (SSH) uses encryption to create a secure contact between two computers, and Simple Mail Transfer Protocol (SMTP) is used for sending email.
What port does the Telnet protocol use?
A.21
B.22
C.23
D.25
C. Telnet lets users log into another machine and “see” the remote computer in a window on their screen. Although this vision is text only, users can manage files on that remote machine just as if they were logged in locally. Telnet uses port 23. Telnet has been largely replaced by Secure Shell (SSH), and SSH (over port 22) is more secure than Telnet. Port 21 is used by File Transfer Protocol (FTP), and port 25 is used by Simple Mail Transfer Protocol (SMTP).
Some of your network users are concerned about submitting confidential information to an online website. What should you tell them?
A.It’s fine, because all Internet traffic is encrypted.
B.If the website address starts with TLS://, it should be OK to submit confidential information to a trusted site.
C.If the website address starts with HTTPS://, it should be OK to submit confidential information to a trusted site.
D.Don’t ever submit confidential information to any online website.
C. Internet traffic is not encrypted by default. Websites that are secure and encrypt their transmissions will start with HTTPS:// rather than HTTP://. These sites can be trusted to encrypt the data, and their identity is verified.
Which TCP/IP Internet layer protocol is responsible for delivering error messages if communication between two computers fails?
A.ICMP
B.IP
C.TCP
D.UDP
A. The main Internet layer protocol is Internet Protocol (IP), and it’s the workhorse of TCP/IP. Another key protocol at this layer is Internet Control Message Protocol (ICMP), which is responsible for delivering error messages. If you’re familiar with the ping utility, you’ll know that it utilizes ICMP to send and receive packets. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are both communication protocols; TCP guarantees delivery but UDP does not.
Which type of IPv6 address identifies a single node on the network?
A.Multicast
B.Anycast
C.Unicast
D.Localcast
C. There are three types of addresses in IPv6: unicast, anycast, and multicast. A unicast address identifies a single node on the network. An anycast address refers to one that has been assigned to multiple nodes, and a packet will be delivered to one of them. A multicast address is one that identifies multiple hosts, and a packet will be sent to all of them.
What type of network covers large geographical areas and often supports thousands of users, often using lines owned by other entities?
A.LAN
B.WAN
C.PAN
D.MAN
B. A wide area network (WAN) covers large geographical areas and often supports thousands of users. A WAN can be for different locations of a single company, or a WAN may connect several different companies together to share information. WAN lines are often leased from a WAN provider. The Internet is considered to be a very large WAN. A local area network (LAN) covers a relatively small area such as a home or business. A personal area network (PAN) is usually used by one person and consists of their computer and its Bluetooth devices. A metropolitan area network (MAN) is similar to a WAN, but the area covered is much smaller, such as a university or a city.
Which TCP/IP protocol, developed by Microsoft, uses port 3389 to connect to a remote computer?
A.RDP
B.SMB
C.CIFS
D.Telnet
A. Developed by Microsoft, the Remote Desktop Protocol (RDP) allows users to connect to remote computers and run programs on them as if they were sitting at the computer. It uses port 3389. A port is associated with a specific protocol and must be “opened” on a router to allow traffic from the program or protocol to enter the LAN. The combination of an IP address and a port is considered a socket. The IP address gets the data to the right destination, and the port number tells the transmission layer of the OSI model which application the data is to be sent to. Server Message Block (SMB) and Common Internet File System (CIFS) are used in sharing files across a network. Telnet is an unsecure protocol that has been largely replaced by the Secure Shell (SSH) protocol.
What port does the SSH protocol use?
A.21
B.22
C.23
D.25
B. Secure Shell (SSH) can be used to set up a secure session for remote logins or for remotely executing programs and transferring files. SSH uses port 22. SSH has largely replaced the insecure Telnet, which uses port 23. Port 21 is used by File Transfer Protocol (FTP), and port 25 is used by Simple Mail Transfer Protocol (SMTP).
Which of the following IP addresses is not routable on the Internet?
A.10.1.1.1
B.11.1.1.1
C.12.1.1.1
D.13.1.1.1
A. Private IP addresses are not routable on the Internet. IPv4 network numbers were arranged in classes, and classes A, B, and C each have their own private range. The private IP address range for Class A networks is 10.0.0.0/8. The /8 means that the first 8 bits of the subnet mask denote the network number. Expressing a subnet mask this way is known as CIDR (pronounced cider) notation. CIDR stands for classless interdomain routing. While the term CIDR doesn’t appear on the objectives for this CompTIA A+ exam, you may still run into it while working in IT.
Which network connectivity device does not forward broadcast messages, thereby creating multiple broadcast domains?
A.Hub
B.Switch
C.Bridge
D.Router
D. One of the key features of routers is that they break up broadcast domains. Broadcast traffic from one port of the router will not get passed to the other ports, which greatly reduces network traffic. Bridges, hubs, and switches will all forward broadcast packets.
What type of address does a router use to get data to its destination?
A.IP
B.MAC
C.Memory
D.Loopback
A. Routers are OSI model Layer 3 devices. They keep a chart containing the IP address of the device connected to each port, whether that device is a computer or another router’s external address. A media access control (MAC) address is the address of a network interface card (NIC). Memory addresses identify where information is stored, and a loopback address is used to test TCP/IP on the local host. The loopback address for IPv4 is 127.0.0.1, and for IPv6 it is ::1.
You have a desktop computer that is behaving erratically on the network. The wired connection will often disconnect without warning. Which tool should you use to troubleshoot the network adapter?
A.Multimeter
B.Tone generator and probe
C.Loopback plug
D.Cable tester
C. A loopback plug is for testing the ability of a network adapter to send and receive. The plug gets plugged into the network interface card (NIC), and then a loopback test is performed using troubleshooting software. You can then tell whether the card is working properly. Multimeters are used for testing power supplies and wall outlets, a tone generator and probe help the technician to find a specific wire, and a cable tester checks that an Ethernet wire was configured correctly and that it can make an end-to-end connection.
Your company just expanded and is leasing additional space in an adjacent office building. You need to extend the network to the new building. Fortunately, there is a conduit between the two. You estimate that the cable you need to run will be about 300 meters long. What type of cable should you use?
A.CAT-5e
B.CAT-7
C.CAT-8
D.MMF
D. Category 5, 6, and 7 UTP cables are limited to 100 meters, while Category 8 is limited to only 100 feet, so none of the UTP cables listed will work. You need fiber, and multimode fiber (MMF) can span distances of 300 meters. MMF is also known as OM1, OM2, OM3, OM4, and OM5. OM stands for optical mode. Specifications for each type of multimode fiber are available in the ISO/IEC 11801 standard.
You want to ensure that client computers can download email from external email servers regardless of the protocol their email client uses. Which ports do you open on the firewall to enable this? (Choose two.)
A.23
B.25
C.110
D.143
C, D. Simple Mail Transfer Protocol (SMTP, port 25), Post Office Protocol 3 (POP3, port 110), and Internet Message Access Protocol (IMAP, port 143) are all email protocols. SMTP is for sending email. POP3 and IMAP are for downloading (receiving) email. Port 23 is used by Telnet. Option B is incorrect because the question specifically asks about downloading (not sending) email.
Which networking device is capable of reading IP addresses and forwarding packets based on the destination IP address?
A.Hub
B.Switch
C.NIC
D.Router
D. Routers operate at the Network layer (Layer 3) of the OSI model. Because of this, they make their decisions on what to do with traffic based on logical addresses, such as an Internet Protocol (IP) address. Switches use media access control (MAC) addresses and are OSI Layer 2 devices. Hubs and NICs operate primarily at the physical layer (Layer 1). The OSI model is not listed as an objective on the CompTIA A+ exam, but understanding it will help you understand network communications
Which network device is designed to be a security guard, blocking malicious data from entering your network?
A.PoE injector
B.EoP device
C.Firewall
D.Router
C. A firewall is a hardware or software solution that serves as your network’s security guard. Firewalls can protect you in two ways: they protect your network resources from hackers lurking in the dark corners of the Internet, and they can simultaneously prevent computers on your network from accessing undesirable content on the Internet or sending out data that they shouldn’t. PoE stands for Power over Ethernet, and EoP stands for Ethernet over Power. Neither has to do with protection. While a router may incorporate a firewall, it is not, by itself, a firewall. Routers are responsible for communications with other networks or broadcast domains. A firewall may be a discrete physical network appliance or software incorporated into another device like a router.
You are manually configuring TCP/IP hosts on the network. What configuration parameter specifies the internal address of the router that enables Internet access?
A.Subnet mask
B.DHCP server
C.DNS server
D.Default gateway
D. The default gateway is the address to the network’s router on the LAN side of the router. The router allows the host to communicate with hosts who are not on the local network. The default gateway is also called the router’s internal address. The ipconfig /all command can be used to see the default gateway address that the local computer is currently configured to use. The router will also have an external address, which is used to communicate with networks outside the LAN. Virtually all modern routers use a process called network address translation (NAT), which will substitute the router’s external address for a host’s IP address when requesting information from a remote network. The router knows which host requested the information and will pass it on to the correct host when it is received. This is one of the ways that the router protects the local hosts from the outside world.
Which of the following devices will be found in a telecommunications room and provides a means to congregate horizontal wiring, terminating each run in a female port?
A.Patch panel
B.Multiplexer
C.Rack U
D.Demarcation point
A. A patch panel can be found in a telecommunications room (also called a wiring closet), usually mounted in a networking rack. On the back will be connections to “punch down” wires into. On the front will be a female port, usually an RJ45 type. A multiplexer is a device that aggregates several connections into one. A rack U is simply a measurement of the height of a device mounted into a rack (e.g., my patch panel is 4U). Each U is equal to 1.75 inches. The demarcation point is where responsibility for a network changes from the ISP to its customer.
What type of network is most commonly associated with Bluetooth devices such as wireless keyboards, mice, and headphones, and covers a small area?
A.LAN
B.WAN
C.PAN
D.MAN
C. A personal area network (PAN) is a small-scale network designed around one person within a limited boundary area. The term generally refers to networks that use Bluetooth technology. A local area network (LAN) covers a larger area such as a house or perhaps one floor of a building and likely uses the Ethernet protocol. A metropolitan area network (MAN) covers a larger area such as a city or university campus, and a wide area network (WAN) covers a very large geographic area such as one connecting distant cities or different countries.
When troubleshooting a network connectivity issue, you discover that the local computer has an IPv4 address of 169.254.2.2. What do you immediately know about this local computer?
A.It is working fine.
B.It can’t find a DHCP server.
C.It isn’t on the network.
D.It has an invalid IP address.
B. The 169.254.0.0/16 range in IPv4 is the automatic private IP addressing (APIPA) range. APIPA comes into play when the host is unable to locate a Dynamic Host Configuration Protocol (DHCP) server, and the network connection is configured to acquire an IP address dynamically. Since the computer is unable to get a dynamic IP address from the DHCP server, the operating system automatically assigns a random IP address in the APIPA range.
Which of the following IPv6 addresses is automatically assigned by the host when it boots and is only usable on the broadcast domain that it exists in?
A.2000::/3
B.FC00::/7
C.FE80::/10
D.FF00::/8
C. An IPv6 address in the FE80::/10 range is called a link-local address and is similar to an IPv4 automatic private IP addressing (APIPA) address. (The 169.254.0.0/16 range in IPv4 is the APIPA range, used for automatic configuration if the host can’t locate a Dynamic Host Configuration Protocol [DHCP] server.) Link-local addresses are generated by the PC when it boots up. Packets using a link-local address cannot be forwarded by a router.
You need to configure a wireless router for an office network. The office manager wants new devices to be able to automatically join the network and announce their presence to other networked devices. Which service should you enable to allow this?
A.DHCP
B.NAT
C.QoS
D.UPnP
D. Universal Plug and Play (UPnP) is a standard designed to simplify the process of connecting devices to a network and to enable those devices to automatically announce their presence to other devices on the network. In a truly secure environment, UPnP would be disabled, but it is often left enabled on home networks. Dynamic Host Configuration Protocol (DHCP) automatically assigns an IP address to a device when it is powered on, attached to a network, and configured to obtain an address dynamically. Network address translation (NAT) is a feature of routers used to hide the IP addresses of computers on the local network side of the router from the other networks and computers on the outside of the network. Quality of Service (QoS) can be configured to give desired devices preference over others for using network bandwidth.
You are troubleshooting a computer with an IPv6 address that is in the FE80::/10 range. Which of the following statements are true? (Choose two.)
A.The computer will not be able to get on the Internet using that IP address.
B.The computer will be able to get on the Internet using that IP address.
C.The computer is configured with a link-local unicast address.
D.The computer is configured with a global unicast address.
A, C. Addresses in the FE80::/10 range are link-local unicast addresses. A link-local address is assigned to each IPv6 interface but is not routable on the Internet. If this is the only address the host has, it will not be able to get on the Internet.
You have set up your web server to function as an FTP server as well. Users on the Internet complain that they are not able to access the server using FTP clients. What port should they be trying to access the server on?
A.21
B.22
C.23
D.80
A. The File Transfer Protocol (FTP) is optimized for downloading files from servers. It uses port 21. Secure Shell (SSH) uses port 22, Telnet uses port 23, and Hypertext Transfer Protocol (HTTP) uses port 80.
Which TCP/IP protocol allows you to access data such as employee phone numbers and email addresses that are stored within an information directory?
A.SNMP
B.SMTP
C.CIFS
D.LDAP
D. The Lightweight Directory Access Protocol (LDAP) is a directory services protocol based on the X.500 standard. LDAP is designed to access information stored in an information directory typically known as an LDAP directory or LDAP database. This often includes employee phone numbers and email addresses. Simple Network Management Protocol (SNMP) is used in network monitoring, Simple Mail Transfer Protocol (SMTP) is used in sending email, and Common Internet File System (CIFS) is a filesystem for providing shared access between diverse clients.
What port is associated with the LDAP protocol?
A.22
B.139
C.389
D.3389
C. Lightweight Directory Access Protocol (LDAP) is designed to access information stored in an information directory typically known as an LDAP directory or LDAP database. LDAP uses port 389. Port 22 is used by Secure Shell (SSH,) 139 is used by NetBIOS, and 3389 is used by the Remote Desktop Protocol (RDP.)
You are configuring network hosts with static IP addresses. You have chosen to use a Class B network address. What is the default subnet mask that you should configure on the hosts?
A.255.0.0.0
B.255.255.0.0
C.255.255.255.0
D.255.255.255.255
B. The default subnet mask for Class B networks is 255.255.0.0, or written in shorthand, /16. The default subnet mask for Class A networks is 255.0.0.0, or written in shorthand, /8, and for Class C it is 255.255.255.0, or written in shorthand, /24. 255.255.255.255 is an IPv4 broadcast address. As a subnet mask it is represented as /32 (in shorthand) in the classless interdomain routing (CIDR) notation.
You are installing a new network and working in a telecommunications room. You need to attach several network cables to a 110 block. Which tool should you use to perform this task?
A.Crimper
B.Cable stripper
C.Cable tester
D.Punchdown tool
D. If you’re working on a larger network installation, you might use a punchdown tool. It’s not a testing tool but one that allows you to connect (that is, punch down) the exposed ends of a twisted pair wire into wiring harnesses, such as a 110 block or patch panel. A crimper is used to connect wires to an RJ45 connector, a cable striper removes the outer cover from wires, and a cable tester is used to verify the integrity of a cable.
Which of the following are public IPv4 addresses? (Choose two.)
A.69.252.80.71
B.144.160.155.40
C.172.20.10.11
D.169.254.1.100
A, B. IPv4 specifies private (nonroutable) IP address ranges for each class as follows: Class A: 10.0.0.0 to 10.255.255.255, Class B: 172.16.0.0 to 172.31.255.255, and Class C: 192.168.0.0. to 192.168.255.255. Other nonroutable numbers are 127.0.0.1, which is the loopback address, and 169.254.0.0 to 169.254.255.255, which is the automatic private IP addressing (APIPA) range. Class A addresses have a first octet from 0 to 127. Class B’s first octet ranges from 128 to 191. Class C’s first octet ranges from 192 to 223. Numbers above Class C are reserved.
Which TCP/IP protocol uses port 445?
A.FTP
B.SSH
C.SMB
D.SNMP
C. Server Message Block (SMB) is a protocol used to provide shared access to files, printers, and other network resources. It originally ran on NetBIOS over UDP using ports 137/138 and over TCP using ports 137 and 139, but it’s now part of the TCP/IP stack and uses port 445. Running on NetBIOS allows SMB to facilitate file sharing on a single network, while being part of TCP/IP allows it to facilitate file sharing across the Internet. By itself, SMB is not secure, so it needs other network appliances or software to secure the data being sent over its port(s). File Transfer Protocol (FTP) uses ports 20/21, Secure Shell (SSH) uses port 22, and Simple Network Management Protocol (SNMP) uses ports 161/162.
For IPv6, which of the following statements are true? (Choose two.)
A.Each IPv6 interface can have only one address.
B.Each IPv6 interface is required to have a link-local address.
C.IPv6 addresses are incompatible with IPv4 networks.
D.IPv6 does not use broadcasts.
B, D. Each IPv6 interface can and often does have multiple addresses assigned to it. IPv6 is backward compatible with IPv4 by using tunneling, dual stack, or translation. IPv6 uses multicast addresses in place of broadcast addresses, and a link-local address is established either automatically when a computer boots up or by manually configuring it, but either way the link-local address must be present.
Which network connectivity device is seldom used in modern networks, except to extend a network?
A.Bridge
B.Hub
C.Switch
D.Router
B. Hubs were once used extensively in Ethernet networks, but they have fallen out of favor because they have a large disadvantage when compared to switches. A hub forms a single collision domain with all of their ports. On a switch, each port is its own collision domain. A switch keeps a table of its ports and the media access control (MAC) address that can be reached from each port. A switch will only forward a packet to a specific port, whereas a hub will forward a packet to all of its ports. The exception is that a broadcast packet will be sent to all switch ports. Switches are faster and more accurate than hubs and are used almost exclusively as the connectivity device within a local area network (LAN.)
There is a TCP/IP protocol that should only be used locally because it has virtually no security. It may be used as a part of a preboot execution environment (PXE) or with thin clients booting from a network drive. It uses very little memory and is good for transferring boot files or configuration data between computers on a LAN, and it is connectionless. Which file transfer protocol is this?
A.FTP
B.TFTP
C.FTPS
D.SMTP
B. The Trivial File Transfer Protocol (TFTP) is a very simple connectionless protocol. It has little overhead, meaning that it doesn’t take much memory to run it. This makes it perfect for booting a thin client across a network. It can be used to transfer the needed boot files to devices that don’t have hard drives. It should not be used to transfer files across the Internet because it is not secure. File Transfer Protocol (FTP) is more robust than TFTP. File Transfer Protocol Secure (FTPS) is a secure version of FTP. Simple Mail Transfer Protocol (SMTP) is used to send email messages.
Which of the following IPv6 addresses is equivalent to 127.0.0.1 in IPv4?
A. ::0
B. ::1
C. ::127
D. 2000::/3
B. 127.0.0.1 is the IPv4 loopback address, used to ping the local network interface. The IPv6 equivalent is ::1.
You are asked to perform consulting work for a medium-sized company that is having network connectivity issues. When you examine the patch panel, you notice that none of the dozens of UTP cables are labeled. Which tool can you use to identify which cable goes to which workstation?
A.Cable tester
B.Loopback plug
C.Punchdown tool
D.Tone generator and probe
D. If you need to trace a wire in a wall from one location to another, a tone generator and probe is the right tool to use. To use it, attach one end to one end of the cable, such as the end at the computer. Then go to the patch panel with the other end of the probe to locate the cable. These tools are lifesavers when the cables are not properly labeled. A cable tester is used to confirm the integrity of a cable and verity that it is wired correctly. A loopback plug is used to test a network interface card (NIC,) and a punchdown tool is used to terminate wires into a patch panel.
Which TCP/IP protocol is responsible for dynamically assigning IP addresses to client computers?
A.DNS
B.DHCP
C.RDP
D.LDAP
B. Dynamic Host Configuration Protocol (DHCP) dynamically assigns IP addresses and other IP configuration information to network clients. The Domain Name System (DNS) translates human-readable names to their associated IP addresses, the Remote Desktop Protocol (RDP) allows a user to access a computer remotely as if they were sitting there, and Lightweight Directory Access Protocol (LDAP) is used for retrieving information from a database.
Which networking device has multiple ports, each of which is its own collision domain, and examines the header of the incoming packet to determine which port the packet gets sent to?
A.Hub
B.Switch
C.Bridge
D.Router
B. Switches provide centralized connectivity for a LAN. Switches examine the header of incoming packets and forward each to only the port whose associated media access control (MAC) address matches the receiving MAC address in the header. Hubs are seldom used now because the entire hub is one collision domain and when a packet is received, the hub sends the packet out to all of its ports indiscriminately. Bridges are used to connect different networks to work as one, and routers are used to forward packets from one network to other networks.
Which TCP/IP port will an email client use to push email to its email server?
A.23
B.25
C.110
D.143
B. Email is pushed from clients to servers using the Simple Mail Transfer Protocol (SMTP). SMTP uses port 25. When trying to remember if SMTP is sending or receiving email, think S for Send. Port 23 is used by Telnet, now considered insecure and obsolete. Port 110 is used by POP3 (Post Office Protocol 3), and port 143 is used by IMAP (Internet Mail Access Protocol), both of which are used to retrieve email.
A technician is going to set up a Wi-Fi network using standard omnidirectional antennae. Because of the building configuration, transmitting signals for the greatest distance is the technician’s primary criterion. Which standard should they choose?
A.802.11a
B.802.11g
C.802.11n
D.802.11ac
C. Of the Wi-Fi standards listed, 802.11n has the longest range by default, at roughly 70 meters indoors and 250 meters outdoors. 802.11ac is newer and faster than 802.11n, but it transmits exclusively in the 5 GHz range, which restricts its functional distance. 802.11a, which is legacy and uses the 5 GHz frequency range, could only send a signal about 30 meters, and 802.11g, which is also legacy but uses the 2.4 GHz frequency range, could only send a signal about 50 meters.
You are troubleshooting an intermittently failing Cat 6 network connection. You suspect that there is a short in the connection. Which tool can you use to determine this?
A.Tone generator and probe
B.Loopback plug
C.Cable tester
D.Crimper
C. A cable tester typically uses lights to indicate that the cable is working correctly, and if there is a short, then the indicators for two wires would light up at the same time. Cable testers can range from basic ones that are only a few dollars to very sophisticated ones that are hundreds of dollars. Some of the better ones can tell you how many feet from you that the problem in the cable occurs. A tone generator and probe are used to trace a wire or find a specific wire from a group, a loopback plug is used to test a network interface card (NIC), and a crimper attaches a network wire to its terminator, usually an RJ45 plug.
What marks the boundary of a IPv4 broadcast domain?
A.Hub
B.Switch
C.Router
D.Modem
C. Hubs send every communication they receive out every connected port. Switches will send broadcast packets out every port, but otherwise will send packets to a specific port based on the MAC address. A router will not forward any broadcast packet; therefore a router is the boundary of an IPv4 broadcast domain. A modem (modulator/demodulator) converts signals from one type to another, such as from an analog signal to a digital one.
Which TCP/IP protocol gathers and manages network performance information using devices called agents?
A.SNMP
B.SMTP
C.LDAP
D.SMB
A. Simple Network Management Protocol (SNMP) gathers and manages network performance information. A management device called an SNMP server can be set up to collect data from these devices (called agents) and ensure that your network is operating properly. SMTP is a mail protocol, LDAP is for accessing database information, and SMB is for file sharing.
You are installing an 802.11n Wi-Fi network with five wireless access points. The access points are set up so their ranges overlap each other. To avoid communications issues, what principle should you follow when configuring them?
A.Configure all access points to use the same channel.
B.Configure all access points to use adjacent channels.
C.Configure all access points to use nonoverlapping channels.
D.Channel configuration will not cause communications issues.
C. When setting up wireless access points, it’s good practice to have their ranges overlap to ensure that there is no loss of communication when roaming in the network’s area. However, to avoid problems, it’s best to set up the access points with nonoverlapping channels; in this way, the overlapping ranges ensure continuous signal coverage while the nonoverlapping channels avoid interference from one WAP to another in the overlapping areas.
You need to configure email settings for use with IMAP. Which port will you be configuring?
A.25
B.80
C.110
D.143
D. Internet Mail Access Protocol (IMAP) is used to download mail via port 143. Port 80 is for unsecured web page traffic. Ports 25 and 110 are email ports, but they are associated with SMTP and POP3, respectively.
You have been asked to install a Wi-Fi network in a building that is approximately 100 meters long and 25 meters wide. Because of cost considerations, you will be using 802.11ac. At a minimum, how many wireless access points will you need?
A.Two
B.Three
C.Four
D.Six
B. The 802.11ac standard has an indoor range of approximately 35 meters. At a minimum, you will need three access points. Depending on coverage and indoor interference, such as thick walls, you might need more.
What two tools will you need to connect an RJ45 connector to an appropriate cable? (Choose two.)
A.Punchdown tool
B.Network tap
C.Crimper
D.Cable stripper
C, D. Punchdown tools are used to connect unshielded twisted pair (UTP) and shielded twisted pair (STP) to a patch panel. A network tap is used to monitor network traffic. The crimper and cable stripper are both needed to add an RJ45 connector to the end of a twisted pair cable. Often both tools are included in one. The stripper removes the outer insulation from the group of wires so that they can be individually inserted into the RJ45 jack. Once the wires are properly inserted, the crimping tool is used to force metal teeth into each wire so that an electrical connection can be made.
You are installing network cabling in a drop ceiling of an office space. The ceiling area is used to circulate breathable air. What type of cable must you install?
A.Coaxial
B.UTP
C.Fiber-optic
D.Plenum
D. The cable can be any of the three major types, coaxial, twisted pair, or fiber, but it needs to be plenum rated. Normal cables have a PVC coating, which produces a poisonous gas when burned. Plenum-rated cables have a Teflon coating, which is not toxic when burned.
Which of the following IP addresses is not a private address and therefore is routable on the Internet?
A.10.1.2.3
B.172.18.31.54
C.172.168.38.155
D.192.168.38.155
C. The private IP address ranges are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. The address 172.168.38.155 is outside the private IP address range and is a public (routable) address.
You are configuring a wireless 802.11ax router. The office manager insists that you configure the router such that traffic from her computer receives higher priority on the network than other users’ traffic. Which setting do you need to configure to enable this?
A.QoS
B.UPnP
C.Screened subnet
D.Port forwarding
A. By configuring Quality of Service (QoS), an administrator can set different priorities for one or more types of network traffic based on different applications, data flows, or users. UPnP allows devices to identify and connect to other devices on a network. A screened subnet is a secure area established using a router or routers to protect an internal network from traffic coming to a web-facing server. Port forwarding is configured on a router to send specific traffic to a specific device on a network.
If you are connecting to a website that encrypts its connection using TLS, what port does that traffic travel on?
A.21
B.80
C.143
D.443
D. To encrypt traffic between a web server and client securely, Hypertext Transfer Protocol Secure (HTTPS) can be used. HTTPS connections are secured using either Secure Sockets Layer (SSL) or Transport Layer Security (TLS). HTTPS uses port 443. Port 21 is used by File Transfer Protocol (FTP), port 80 is used by Hypertext Transfer Protocol (HTTP), and port 143 is used by Internet Mail Access Protocol (IMAP).
Your network is currently running a mix of 802.11b and 802.11g devices. At the end of the year, you have extra budget to upgrade some, but not all, of the wireless infrastructure. You want to upgrade to the newest technology possible but still maintain backward compatibility. Which standard should you choose?
A.802.11g
B.802.11ac
C.802.11ax
D.802.11r
C. 802.11b/g transmits in the 2.4 GHz frequency, as does 802.11n, so they are compatible. The newer 802.11ac is a 5 GHz standard and therefore is not backward compatible with 802.11b/g. 802.11ax transmits in both the 2.4 GHz and 5 GHz frequencies, up to 7 GHz.
Which of the following shorthand notations corresponds to the CIDR subnet mask 255.255.224.0?
A./19
B./20
C./21
D./22
A. A subnet mask of 255.255.224.0 has 8 bits in each of the first 2 octets set to on, and it has 3 bits in the third octet on. Therefore, it corresponds to /19 in shorthand. In the binary number system (base two), each bit has two possible values, 0 or 1. Each bit in an octet going from right to left increments by an exponent of two, making the bits of the octets worth the decimal values as follows: | 128 |64 |32 |16 | 8 | 4 | 2 | 1 |. Bits for the subnet mask are always used from left to right, so one bit would be equal to a decimal value of 128. Two bits would be equal to a decimal value of 192 (128 + 64). Three bits would be equal to a decimal value of 224 (128 + 64 + 32), and so on. When all 8 bits of the octet are used for the subnet mask, the equivalent decimal value is 255. For this example, the first 2 octets (8 bits each) are completely on, and in the third octet, only 3 bits are on, making a total of 19 bits in the subnet mask turned on to indicate the network number (8 + 8 + 3 = 19).
You are configuring hosts on a network running IPv4. Which elements are required for the computer to connect to the network?
A.IP address
B.IP address and subnet mask
C.IP address, subnet mask, and default gateway
D.IP address, subnet mask, default gateway, and DNS server address
B. To communicate on an IPv4 network, a host must be configured with a valid IP address and a subnet mask. A default gateway is needed only if the host will connect to a remote network. DNS servers are optional but useful, because they resolve hostnames to IP addresses.
You work at a tech support company and a customer called reporting that they received an error, something about a duplicate IP address. Why are they getting this message? (Choose two.)
A.All hosts on a network must have a unique IP address.
B.A PC is manually configured with an IP that is in the DHCP scope.
C.A PC is manually configured with an IP that is not in the DHCP scope.
D.None of the PCs have been manually configured.
A, B. No two nodes on any network, whether IPv4 or IPv6, can have the same IP address because the host portion (or interface ID) of the IP address is what identifies the individual computer on the network. If the network has some machines manually configured, which is generally done with servers, and the remainder of the computers are configured to use Dynamic Host Configuration Protocol (DHCP), you would need to ensure that the manually configured numbers are outside of the DHCP scope (the numbers the DHCP server will automatically assign) but within the bounds of the network. For example, in an IPv4 network, if the network number is 200.100.1.0, the router, which is also acting as a default gateway, might be assigned 200.100.1.1, and numbers from 200.100.1.2 through 200.100.1.20 could be reserved for static configuration on devices that need an IP address that does not change. The DHCP scope would need to not include those numbers. If the network needed an available 180 IP addresses, then 200.100.1.21 to 200.100.1.200 could be safely assigned to the DHCP scope, avoiding any IP address duplication.
You’re setting up a network for a customer. The network uses a DHCP server, but the customer needs an IP address for their print server that does not change. What are two possible solutions? (Choose two.)
A.Let the DHCP server assign a number because once assigned, it will not change.
B.Manually configure the print server to have a static IP address.
C.Configure a reserved IP address on the DHCP server for the print server.
D.Static and dynamic IP addresses can’t exist on the same network. You’ll have to manually configure everything.
B, C. Certain devices on a network, such as printers and servers, should have an IP address that doesn’t change (static) so that the other nodes on the network can always find the device. Option A is incorrect because if the DHCP lease on the IP address expires, the print server would be assigned a different IP address the next time it logs in. A static IP could be configured on the printer server, or the IP address could be configured as reserved on the DHCP server for that print server. Either choice would work. Static and dynamic IP addresses almost always exist on the same network, because each is needed to have a network that runs smoothly.
Which obsolete Wi-Fi encryption standard uses a static key, which is commonly 10, 26, or 58 characters long?
A.WPA3
B.WPA2
C.TKIP
D.WEP
D. Wired Equivalent Privacy (WEP) was one of the first security standards for wireless devices. It uses a static key; the keys are commonly 10, 26, or 58 hexadecimal characters long. WEP was depreciated in 2004 because it was no longer secure and was replaced temporarily by WPA, which was quickly replaced by WPA2. WPA3 is the current and most secure standard.
You’ve been asked to set up a device that will be monitored using an SNMP agent and manager. What port will the SNMP manager use when polling the agent?
A.TCP 143
B.UDP 143
C.TCP 161
D.UDP 161
D. Simple Network Management Protocol (SNMP) uses UDP port 161. User Datagram Protocol (UDP) is considered connectionless, so it does not guarantee delivery of data packets and has a lower network overhead than Transmission Control Protocol (TCP), a connection-oriented protocol, does. Port 143 is used for IMAP.
Because of a recent security breach, your IT team shut down several ports on the external firewall. Now, users can’t get to websites by using their URLs, but they can get there by using IP addresses. What port(s) does the IT team need to open back up to enable Internet access via URLs?
A.20/21
B.53
C.67/68
D.80
B. Clients are unable to get to the DNS server, which resolves hostnames (or URLs) to IP addresses. DNS uses port 53. Ports 20 and 21 are used for File Transfer Protocol (FTP). Ports 67 and 68 are used by Dynamic Host Configuration Protocol (DHCP). Port 80 is used for Hypertext Transfer Protocol (HTTP), and port 443 is HTTP Secure (HTTPS).
All your network hosts are configured to use DHCP. Which IP address would indicate that a host has been unable to locate a DHCP server?
A.192.168.1.1
B.10.1.1.1
C.172.16.1.1
D.169.254.1.1
D. Automatic Private IP Addressing (APIPA) is a TCP/IP standard used to automatically configure IP-based hosts that are unable to reach a Dynamic Host Configuration Protocol (DHCP) server. APIPA addresses are in the 169.254.0.0/16 range. If you see a computer that has an IP address beginning with 169.254, you know that it has configured itself.
You have reason to believe that several network users are actively browsing prohibited content on unsecured sites on the Internet. Which port can you disable on the firewall to immediately stop access to these websites?
A.53
B.67
C.80
D.443
C. Normal (unsecured) websites are accessed on port 80, which is the port that Hypertext Transfer Protocol (HTTP) uses. Shut it down, and no one will be able to access websites, except secure sites that use HTTPS, which is on port 443.
Which TCP/IP protocol is designed to help resolve hostnames to IP addresses?
A.ARP
B.RARP
C.DHCP
D.DNS
D. The Domain Name System (DNS) is responsible for resolving hostnames to IP addresses. This is used millions of times daily on the Internet; when someone types in a website name, such as www.sybex.com, DNS will resolve that to an IP address to enable communication. Address Resolution Protocol (ARP) maps Internet addresses to hardware addresses. Reverse ARP (RAPR) does the opposite, and Dynamic Host Configuration Protocol (DHCP) assigns IP addresses to hosts automatically.
Your customer will be moving their small office to a remote mountain village where there is no cable Internet access. They have heard that there is a wireless option available in the area that is faster than satellite but that requires an antenna and line-of-sight to a tower. What option have they heard about?
A.Satellite
B.DSL
C.WISP
D.Cellular hotspot
C. Wireless Internet Service Providers (WISPs) use fixed wireless technology, which requires antennas to send radio waves between your location and a fixed hub on a tower or other tall structure similar to a cellular tower. Download speeds can be up to 1 Gbps. Satellite is an option in very remote areas but has the latency involved with traveling thousands of miles between the connection to the satellite and back again. Digital Subscriber Line (DSL) uses telephone lines to create an Internet connection, but many carriers no longer offer DSL. A cellular hotspot can be used in many remote locations but depends on connection to a cellular tower and is not as fast as satellite.
Which TCP/IP host-to-host protocol makes its best effort to deliver data but does not guarantee it?
A.IP
B.TCP
C.UDP
D.ICMP
C. The two host-to-host protocols are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP guarantees packet delivery through the use of a virtual circuit and data acknowledgments, and UDP does not. Because of this, TCP is often referred to as connection-oriented, whereas UDP is connectionless. IP and ICMP are not considered host-to-host protocols.
Short for User Datagram Protocol and defined in RFC 768, UDP is a network communications protocol. Also called UDP/IP, it is an alternative to TCP/IP that sacrifices reliability for speed and simplicity.
Like TCP, UDP transfers packets using IP (Internet Protocol). However, it differs in what data the packets contain, and how the packets are handled by the sender and receiver.
You are installing a wireless network for a small company. The management wants to have 1 Gbps or better wireless transmission rates. Which of the following standards will allow you to provide this? (Choose two.)
A.802.11ac
B.802.11ax
C.802.11g
D.802.11n
A, B. 802.11a and 802.11g provide throughput that is only 54 Mbps, 802.11n (Wi-Fi 4) provides throughput over 100 Mbps (theoretically up to 300 Mbps), but 802.11ac (Wi-Fi 5) and 802.11ax (Wi-Fi 6) have far surpassed these standards with throughputs, over 1 Gbps and multiple Gbps, respectively.
Which of these standards operate in both the 2.4 GHz and 5 GHz frequencies? (Choose two.)
A.802.11ac
B.802.11ax
C.802.11g
D.802.11n
B, D. 802.11ac operates in the 5 GHz frequency only. 802.11g is only 2.4 GHz. 802.11n and 802.11ax operate in both frequencies.
What legacy network protocol allows NetBIOS-dependent computer applications to communicate over TCP/IP?
A.TFTP
B.HTTPS
C.NetBT
D.BGP
C. NetBIOS over TCP/IP (NetBT) is for older applications still reliant on NetBIOS, the legacy network protocol intended for very small networks. NetBT lets such applications communicate over TCP/IP. Trivial File Transfer Protocol (TFTP) is a basic connectionless protocol that allows file transfer functions without user interaction. Hypertext Transfer Protocol Secure (HTTPS) is a secure connection-oriented protocol that runs over port 443.
Which of the following features does not require a managed network switch?
A.Priority of traffic
B.VLAN configuration
C.Direct packets out the proper port
D.Port mirroring
C. An unmanaged switch will simply perform the basic task a switch should do: direct network traffic out the correct destination port. Prioritizing traffic, configuring virtual LANs (VLANs), and mirroring ports are all jobs that are done using managed switches.
The senior network administrator struggles to configure company network devices spanning several cities. It’s a challenge because they are required to be on premises for the network infrastructure of each building. What would be a cost-effective solution?
A.Employ network administrators at each building.
B.Go to a flat network.
C.Train a local sales associate.
D.Employ a cloud-based network controller.
D. Migrating network configuration to the cloud would allow the network administrator to perform their duties without requiring travel.
What port(s) does DHCP use?
A.67/68
B.137/139
C.80
D.445
A. DHCP uses ports 67/68. Ports 137/139 are for NetBIOS/NetBT. Port 80 is for HTTP, and port 445 is for SMB.
What is the maximum distance allowed between a power over Ethernet injector and the Ethernet device running on a 1000BaseT network?
A.50 meters
B.100 meters
C.250 meters
D.450 meters
B. The distance for Power over Ethernet (PoE) is limited by the maximum distance set by the Ethernet cabling: 100 meters (328 feet). The power injector, the device that sources the electrical power to certain wires in the cable, can be as much as 100 meters from the powered device. The injector also needs to have sufficient power to match device needs, and devices must be compatible. PoE devices such as powered switches can provide a few watts or well over 100 watts, depending on the device.
Which of the following protocols uses port 137 and 139?
A.DNS
B.SMB
C.NetBT
D.SSH
C. NetBT is NetBIOS over TCP/IP, an older protocol for applications that still rely on NetBIOS. It uses ports 137 and 139, and it’s still on the CompTIA A+ certification objectives. DNS uses port 53, SMB uses port 445, and SSH uses port 22.
When setting up a small office, home office (SOHO) network, how do the end-user devices know what IP address they need to use to connect with the network?
A.The network switch broadcasts configuration settings.
B.Devices utilize service location protocol.
C.The NIC is set with a static address or DHCP-served.
D.End users configure IP addresses as needed.
C. The end-user devices are configured to at least request a DHCP-assigned IP address or they are preconfigured with a static IP, gateway, subnet mask, and DNS information.
You’ve been asked to set up a wireless network for a SOHO that will only allow five specific devices to connect. How do you accomplish this?
A.Disable the router’s SSID.
B.Configure port forwarding.
C.Set a DHCP scope with only five addresses.
D.Configure MAC address filtering.
D. MAC address filtering uses the physical address of a NIC to determine whether or not to allow a device to connect to the router. Disabling the SSID will hide the network from neighbors, but it won’t keep them from connecting if they discover the network. Port forwarding redirects requests for a specific port to a specific device on the network. The DHCP scope can be set up to only allow five machines to connect, but it may not be the right five machines.
What is the most likely way for a homeowner’s IoT devices to connect to their wireless network?
A.DNS
B.AD
C.SSO
D.DHCP
D. Unless an Internet of Things (IoT) device possesses an end-user accessible management interface, that device will likely connect at least initially using Dynamic Host Configuration Protocol (DHCP) to obtain an IP address. Domain Name System (DNS) resolves names like Wiley.com to an IP address. AD is Active Directory, which is a Microsoft client-server security solution, and Single Sign-On (SSO) allows a user to enter their credentials once to access several resources.
What communication technology allows for low-power, passive reading of a small tag or patch on an object that may be a few feet to dozens of feet away?
A.RFID
B.NFC
C.Wi-Fi
D.RFI
A. Radio frequency identification (RFID) can be implemented to detect and read a “passive” (no power) tag that is essentially an antenna as it passes within a few feet in range. RFID tags are often used in industry and retail for inventory tracking. The distance for RFID implementation depends on the size and polarization of the antenna, and the frequency and power used, among other features. NFC requires a distance of only a few centimeters. Wi-Fi is 802.11-based wireless networking. Radio frequency interference (RFI) is a nuisance that can disrupt network communications.
What type of server provides Internet access to company-provided information such as how to contact a company, products or services for sale, and other information?
A.FTP server
B.Proxy server
C.File server
D.Web server
D. A web server consists of hardware and software used to provide information to remote clients via the Internet. The main protocols for web servers are HTTP and HTTPS, but they can use other protocols as well. File Transfer Protocol (FTP) servers are used for downloading files quickly, and while they may have a graphical user interface (GUI), they have much less overhead than a web server. Proxy servers are a security measure between an internal user and the web and are used to monitor and filter information going into or out of a network. File servers are often used on a LAN to provide access to the same files by multiple users.
A friend is showing you how they can control their thermostat at home from their cell phone while at work. What type of device do they have at home?
A.IoT
B.SQL
C.DoS
D.EFS
A. Internet of Things (IoT) devices allow a multitude of personal and industrial devices to connect and communicate over the Internet. Structured Query Language (SQL) is a method of retrieving information from a database. Denial of service (DoS) is a type of network attack, and Encrypting File System (EFS) allows the user to encrypt individual files, folders, or volumes.
What server would function as a central repository of documents and provide network shared file storage for internal users?
A.FTP server
B.Proxy server
C.File server
D.Web server
C. The file server is a centralized repository for users, typically company employees. File Transfer Protocol (FTP) servers are used for downloading files quickly, and while they may have a graphical user interface (GUI), they have much less overhead than a web server. Proxy servers are a security measure between an internal user and the web, and they are used to filter information going into or out of a network, whereas web servers may provide information about a company or its products to the general public.
You work as a network administrator for a school district. The district is required to provide access to the Internet for students but also required to protect the network and the students from malicious network traffic and inappropriate websites. What type of server do you need to configure?
A.FTP server
B.Proxy server
C.File server
D.Web server
B. Proxy servers act as a gateway through which Internet access requests are handled, monitored, and, if need be, filtered. File Transfer Protocol (FTP) servers are used for downloading files quickly, and while they may have a graphical user interface (GUI), they have much less overhead than a web server. File servers are often used on a LAN to provide access to the same files by multiple users, whereas web servers may provide information about a company or its products to the general public.
What type of server can host files for easy access and downloading, similar to how a web server serves web pages?
A.FTP server
B.Proxy server
C.File server
D.DNS server
A. The File Transfer Protocol (FTP) server hosts files for easy access, allowing users to browse it and download and upload files. Proxy servers monitor and filter traffic into and out of a network. File servers are a repository of files accessed by multiple users on a network. A DNS server resolves human-readable names such as Wiley.com to an IP address.
What server is used to resolve domain names to IP addresses to facilitate web browsing or locating a directory resource on the network?
A.Syslog server
B.DNS server
C.Print server
D.Authentication server
B. If a user types www.sybex.com into a web browser, the Domain Name System (DNS) server will resolve the domain name to an IP address. Similarly, DNS servers will resolve a fully qualified domain named (FQDN) network directory resource on the network to make locating that resource possible. Syslog servers provide a repository of events on the network to aid in network management. Print servers provide and manage access to one or more printers by multiple users on a network, and an authentication server verifies identity before granting access to resources on a network.
What server is accessed each time it’s necessary to challenge and validate a user’s credentials in order for the user to access a network resource?
A.Syslog server
B.DNS server
C.Print server
D.Authentication server
D. The authentication server facilitates the challenge/response service for validating someone’s credentials. Syslog servers provide a repository of events on the network to aid in network management. DNS servers resolve URLs to IP addresses, and print servers provide and manage access to one or more printers by multiple users on a network.
What service can collect and journal all the system-generated messages produced by servers and network devices?
A.Syslog server
B.DNS server
C.Print server
D.Authentication server
A. The syslog server operates with the Syslog protocol, which is used by many different operating systems and devices. These system-generated messages vary from the mundane “System started” to critical alerts. DNS servers resolve domain names to IP addresses. Print servers facilitate and manage printing by multiple users to one or more printers on a network, and authentication servers verify identity before granting access to a resource.
You’re configuring your phone to download and upload email. What type of server are you configuring your phone to use?
A.Web server
B.Authentication server
C.Mail server
D.FTP server
C. Mail servers are used to send, receive, and sometimes store and manage emails. They operate on ports 25, 110, and 143. Often devices will need to be configured with the name or IP of the server and the proper protocol or port for sending and receiving email. Web servers provide web pages over the Internet. Authentication servers verify identify before allowing access to resources, and FTP servers are used to quickly locate, download, and upload files.
Which of the following are connection-oriented protocols? (Choose two.)
A.DHCP
B.TFTP
C.HTTPS
D.SSH
C, D. Connection-oriented protocols work over TCP, which guarantees delivery of packets. This guarantee requires greater resources than UDP, which is connectionless, therefore not requiring that a packet be resent if not received. HTTPS and SSH are connection-oriented protocols, whereas Trivial File Transfer Protocol (TFTP) and DHCP are connectionless protocols.
A company wanting to monitor network traffic or host system behavior to identify suspect activity will install what type of service?
A.Proxy server
B.IDS
C.UTM
D.ATM
B. An intrusion detection system (IDS) will monitor and alert you on suspect behavior. The IDS can be a network-based device or host-based, meaning it runs as a process in the background. Proxy servers are used to control traffic into and out of a network. Unified Threat Management (UTM) provides multiple security features on a single appliance. ATM (Asynchronous Transfer Mode) has to do with transferring different types of traffic (i.e., voice and data) over the same communication lines at the same time.
What is the primary difference between an IDS and an IPS?
A.IDS works both on a host and a network.
B.IDS will not actively alert on suspect activity.
C.IPS works in pairs.
D.IPS will actively react to suspect activity.
D. The intrusion detection system (IDS) will alert on suspect activity, but it will not react or actively attempt to block the activity. The intrusion prevention system (IPS), however, should attempt to block the activity.
Managing security on your growing network has become difficult, so you ask your peers what they are doing to manage their networks. They recommend a device that will allow you to manage your security in one place. What have they recommended?
A.IDS
B.IPS
C.UTM
D.UTP
C. Unified Threat Management (UTM) systems can be hardware networking devices, virtual devices, or an off-premises service. UTM’s role is to combine several security features and services into a single device, allowing for easier management and compatibility. IDSs (intrusion detection systems) will only notify an admin if a threat is detected. Intrusion protection systems (IPSs) will detect and respond to security threats. UTP is unshielded twisted pair, a type of network cabling.
A switch is overheating, and the SNMP agent is sending an SNMP trap to an SNMP manager. Which of the following are true? (Choose two.)
A.It is a managed switch.
B.It is an unmanaged switch.
C.It is communicating on port 161.
D.It is communicating on port 162.
A, D. A Simple Network Management Protocol (SNMP) trap is unrequested information being sent from an SNMP agent, in this case running on a managed switch. SNMP traps are sent via port 162.
Your cousin is a nature photographer, traveling the country and living in their Class A motorhome. Much of the time their motorhome is parked in a national park, but seldom is Wi-Fi available. Your cousin uploads photos from their camera to a laptop, modifies them, and needs to upload them to their publisher, various magazines, and their website on a regular basis. What is a viable networking option for your cousin?
A.Satellite
D.Cellular
C.WISP
D.DSL
B. Cellular is the only type of network connection that allows for the type of mobility that this photographer needs. A cellular hotspot device from a mobile provider would work well. Satellite would require repositioning of the dish on a regular basis and may not work well because of obstructions. WISP requires being within a few miles of a tower and line-of-sight between the antenna and tower, so that wouldn’t work well either. DSL requires a stationary phone line.
You are a network administrator. Currently there is no wireless access to the business network, but the company is purchasing tablets so that employees can take their work with them as they move around the facility. What device will you install so that employees will be able to connect to the wired network with wireless devices?
A.Ethernet router
B.Proxy server
C.WAP
D.NFC hub
C. You need to add a wireless access point (WAP), which will have an RJ45 port to connect to the company server and Wi-Fi antennas to provide wireless connectivity. An Ethernet router is wired. A proxy server is a security device. NFC, although wireless and using radio waves, is for connecting devices within a few centimeters of each other.
Last weekend you installed and booted several more computers to be ready for Monday morning. Later Monday morning you hear from employees as they come in that they cannot log in. Their desktops don’t seem to want to connect. You investigate and find that each faulty workstation has a 169.254.x.x IP address. What might you look at next?
A.DHCP scope
B.LAN connector broken
C.Windows patch unable to install
D.Corrupted Registry
A. With many new systems added and already booted, it is likely that the DHCP scope, which is a valid range of IP addresses that are available to client-based systems on a particular subnet, is now too small for the number of systems requesting IP addresses. Expand the DHCP scope to solve the problem.
What network segmentation technique reduces broadcast domains and provides a layer of security between users on the same network?
A.VPN
B.VLAN
C.UPS
D.SQL
B. Virtual LANs, or VLANs, will segment your network into smaller broadcast domains. Multiple VLANs can exist on the same physical switch. Traffic is isolated to only the paths determined by how you have identified VLANs on your managed switches. A VPN (virtual private network) uses tunneling protocols to secure a private connection across a public network. A UPS (uninterruptable power supply) is a battery backup with other features used to maintain power to a device when the main power goes down, and SQL (Structured Query Language) is used to retrieve information from a database.
One of your network users must work remotely from their office on an extremely confidential project. Their team is concerned about security so they call you, the IT department head, to see what can be done. What will you set up between this network user and the company server so that the communications are secure?
A.VPN
B.SDN
C.VLAN
D.SRAM
A. A virtual private network (VPN) uses encryption to secure a transmission across a public network. SDN (software-defined networking) is a network architecture designed to make managing a network easier and more flexible. A VLAN separates a LAN into separate broadcast domains and is used for security purposes. SRAM, or static RAM, is often found in processor cache.
Which of the following components is not typically found in a wireless LAN (WLAN)?
A.WLAN router
B.WLAN gateway
C.WLAN server
D.WLAN client
C. Wireless LAN (WLAN) networks commonly have three types of nodes: a client, a router, and a gateway. They typically don’t include a server and often are of fluid nature, where devices come and go as needed. They may include a printer. A WLAN can be used to connect wireless users to a wired network.
You need to configure dynamic IP addressing on your network to cut down on management time. How will you do this? (Choose two.)
A.Enable DHCP settings on the router.
B.Configure each NIC to obtain an IP address automatically.
C.Configure each NIC to a specific IP address.
D.Configure each NIC to obtain DNS server addresses automatically.
A, B. A NIC can be configured either with a specific (static) IP address, or to obtain an IP address from an available Dynamic Host Configuration Protocol (DHCP) server. Many routers have the capability to provide DHCP services. When a device with a properly configured NIC attempts to join a network, a request for an address will be sent to the DHCP server, and the DHCP server will lease an address to that device, if one is available.
Your network admin needs to add a computer to an IPv6 subnet. Which of the following IPv6 addresses is on the same subnet as 2601:0:0:0f:1a:308c:2acb:fee2?
A.2601::of:308c:47:4321
B.2601::0f:ab:cd:123:4a
C.fe80:ab:bc:0f:1a:308c:2abc:fee5
D.2601:0:0:0x::2acb:ac01
B. Option B, 2601::0f:ab:cd:123:4a, and the address in the question both have a subnet of 0f. IPv6 addresses consist of 128 bits, divided by colons (:) into 8 hextets. Therefore, each hextet represents 16 bits. Leading 0s can be omitted, and in one place in each address, consecutive groups of 0s can be omitted, represented by double colons (::). The last 64 bits (4 hextets) of an IPv6 address are the Interface ID, identifying the unique computer. The first 64 bits are called the prefix. ISPs and very large organizations are assigned /48 prefixes. The next 16-bits (the fourth hextet) are used to define subnets. Option A has a fourth hextet of 0. Option C is a link-local address. Option D is an invalid number because hex numbers only go to letter f.
Dylan is troubleshooting his IPv4 network. The network’s subnet mask is 255.255.192.0. Which of the following IP addresses is not on the same network as the others?
A.130.200.65.5
B.130.200.130.1
C.130.200.100.4
D.130.200.125.5
B. The third octet’s subnet mask of 192 means that the first 2 bits of the octet are used to identify the network number, so the network can be broken down into four subnets using those first 2 bits of the octet. The subnets would be 00000000, 01000000, 10000000, and 11000000. IP addresses within each range would be 0 to 63, 64 to 127, 128 to 191, and 192 to 255. The first and last IP in each range would not be used because they would represent the subnet itself and the broadcast numbers. Options A, C, and D all fall in the second subnet’s range. Option B is in the third subnet.
Which of the following is a PoE standard?
A.802.3bt
B.802.3b
C.802.11
D.802.11ax
A. The PoE standards are IEEE 802.3af (PoE), 802.3at (PoE+), and 802.3bt (PoE++). A main difference between the standards is how much power per port can be provided. 802.3af can supply up to 15.4 watts per port, 802.3at can provide up to 30 watts per port, and 802.3bt can provide 60 watts (Type 3) or 100 watts (Type 4). The power that actually reaches the devices is less due to voltage loss over distance. 802.3b is a legacy broadband Ethernet standard. 802.11 and802.11ax are Wi-Fi standards.
Your friend has purchased a PoE device for their home. It is a type 2 device. Which of the following PoE switches will be compatible with this device? (Choose two,)
A.802.3af-compliant switch
B.802.3at-compliant switch
C.802.3bt-compliant switch
D.802.11b-compliant switch
B, C. PoE devices providing power are backward compatible with older devices, meaning that while 802.3bt is rated at 60W for Type 3 and 10W for Type 4, an 802.3bt device will work with an 802.3at (Type 2) device. Option A would not provide enough power for your friend’s device. Option D is a Wi-Fi standard, not a PoE standard.
Which of the following is true of an ONT? (Choose two.)
A.It stands for optical network terminator.
B.It converts fiber-optic light signals to electrical (Ethernet) signals.
C.It is user installed.
D.It requires external power to work properly.
B, D. ONT (optical network terminal) is installed by a fiber-optic ISP, and it’s typically a small box on an outside wall. The terminal is a transducer, converting between copper/electrical signals and fiber-optic/light signals. It does require power, and the terminal may have an indicator light to signal whether it is receiving power.
Which of the following is not a benefit of software-defined networking (SDN)?
A.Dynamic load balancing
B.Reduced infrastructure costs
C.Requires a cloud-based network
D.Centrally manage physical and virtual routers
C. Software-defined networking (SDN) has many advantages over traditional networking. It can work with virtual and physical networks using SDN-compatible devices, providing centralized control of the entire network and the ability to reconfigure networks often without having to physically touch a router or switch.
You are working with your customer, a doctor’s office, to develop a network that will allow the doctor’s staff to work with their tablet PCs in any room of the office without having to worry about network cabling. What type of network will you establish for the doctor’s office?
A.LAN
B.VLAN
C.WLAN
D.WAN
C. A wireless LAN (WLAN) would be the best solution for this office. A WLAN is a group of devices in the same location that communicate via radio waves instead of cables. WLANS can have multiple wireless access points (WAPs), preferably overlapping so that users won’t experience signal drop. Wi-Fi is a type of WLAN. A LAN is incorrect because it would require disconnecting and reconnecting cables in each room. A VLAN (virtual LAN) is established using security protocols to segregate a network. WAN is incorrect because this is a network in a single office, not geographically distant computers.
Which of the following is a network of storage devices that a server can access as if it were a locally connected drive?
A.NAS
B.SAS
C.SAN
D.WAN
C. A storage area network (SAN) is a high-speed network whose purpose is to provide fast access by servers to storage. Network attached storage (NAS) differs from a SAN in that it is not a separate high-speed network but a single storage device attached to a LAN. SAS is statistical analysis software, and WAN is wide area network.
Which of the following is true of a network TAP? (Choose two.)
A.TAP stands for terminal access point.
B.It is solely used by hackers to intercept packets.
C.It is part of a router.
D.It allows network admins to monitor network traffic
A, D. A network terminal access point (TAP) connects to a network in an area of concern and creates a copy of traffic, sending it on to monitoring devices. It can be an integral part of network management. TAPs can be active or passive. Passive TAPs do not require power or management, but active TAPs do.
What software runs on a machine where data files to be accessed are housed and controls access to those files as requested by a client?
A.CAL
B.Fileshare server
C.Fileshare client
D.SAN
B. A fileshare server handles requests from fileshare clients for access to data stored on the server. The fileshare server resides on the same machine as the data. A client access license (CAL) is a license allowing one machine to connect to a server, and SAN is a storage area network, both of which are unrelated to the question.
A friend is having some issues with the wireless network in their apartment dropping the connection or running very slowly. What tool can be used to determine the best channel to use?
A.WAP
B.Wi-Fi analyzer
C.Toner probe
D.Cable tester
B. A wireless access point (WAP) provides wireless LAN (WLAN) connectivity, but it may not help with the problems on this network. Your friend needs to determine what wireless channel has the least traffic and configure their Wi-Fi to use that channel. For that they need a Wi-Fi analyzer, which can be a separate device or as simple as an app on a smartphone. A toner probe is used to figure out which network cable is connected when they are not labeled, and a cable tester determines if the cable’s wires are connected properly.
Using which Wi-Fi channels does not require that your router has Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) built into the router?
A.Channels 36 to 48
B.Channels 52 to 64
C.Channels 100 to 144
D.Channels 149-165
A. Channels 36 to 48 are set aside for domestic use. All channels above that require a router to have DFS and TPC. DFS will automatically switch to a different channel when weather radar and radar system signals are detected. TPC can be used to force clients to lower power so that they won’t interfere with nearby users or access points on the same channel. Channel 165 is set aside for industrial, scientific, and medical (ISM) use. In the United States, the FCC and IEEE are the authorities that approve channel uses.
What is the host number in an IP address of 192.168.2.200 and a subnet mask of 255.255.255.0?
A.192.168
B.192.168.2
C.2.200
D.200
D. When an IP address and subnet mask are converted to the binary numbers that the computer sees, wherever there is a 1 in the subnet mask, that tells the computer that the corresponding bit in the IP address is part of the network number. Wherever there is a 0 in the subnet mask, the corresponding bit in the IP address is part of the host number. The address in the question, 192.168.2.200/24, is a Class C private address, where, in the subnet mask, the first three octets (24 bits) are all 1s, and the last octet (8 bits) are 0s. So, the first three decimal numbers of the IP address, which is expressed in dotted decimal notation, are the network number, (192.168.2) and the last octet (.200) is the host (individual computer) address. Network numbers will always go from left to right with no breaks between.
What are the three A’s employed by authentication servers?
A.Authentication, activation, acceptance
B.Authorization, access, allocation
C.Accept, access, accounting
D.Authentication, authorization, accounting
D. Authentication servers provide the AAA framework for security. Authentication requires that an entity prove who they are before gaining access. Authorization grants the authenticated user access to resources. Accounting tracks user activity.
Which Internet appliance is used to distribute incoming traffic over resources, such as multiple web servers?
A.Proxy servers
B.Spam gateways
C.Load balancers
D.UTM device
C. Load balancers do as their name implies. Rather than allow all incoming traffic on a port to go to one server or device, the traffic is distributed among devices. Proxy servers monitor incoming and outgoing packets, filtering them out based on specified criteria. Spam gateways don’t allow spam in; rather they are used to filter it out. Unified threat management (UTM) can employ an appliance or be software-driven, or even an outside service that monitors and manages malicious activities against a network.
What type of system, consisting of both hardware and software, is used to control and monitor industrial machines and processes?
A.SCADA
B.IrDA
C.UTM
D.RADIUS
A. Supervisory Control and Data Acquisition (SCADA) systems consist of both hardware and software. Hardware is used to gather information, which is sent to a computer running software that analyzes the data and logs events. SCADA can also initiate alarms when specified conditions exist. Infrared Data Association (IrDA) is network communications via infrared light. Unified threat management (UTM) is an appliance, software, or service that combines all malware security in one place. Remote Authentication Dial-In User Service (RADIUS) is a protocol for authentication servers that encrypts transmissions between client and server.
Your friend owns a restaurant and provides free Wi-Fi to their clientele. Lately they have been receiving complaints that the Wi-Fi isn’t working. It seems to work for customers already connected but not for people trying to connect. What can be configured on the router to release an IP address and make it available for other users after a couple of hours?
A.MAC address filtering
B.Port forwarding
C.DHCP lease duration
D.SSID broadcast
C. A DHCP server will “lease” an IP address to a client for a specified period of time. The default is usually 24 hours. In a SOHO where there are few new users, the lease time could be longer, but in a restaurant where many people come and go each hour, the DHCP scope might not have enough addresses to accommodate that many users. Setting the lease time to a shorter duration will release the IP address and make it available for a new user. MAC address filtering only allows connection from computers with specific MAC addresses and would greatly limit connectivity. Port forwarding sends traffic for a specific port to a specified computer on the network. The SSID is the wireless network name and can be broadcast so that it is easily found, or it can be hidden.
What type of address is known as a DNS AAAA address?
A.IPv4
B.IPv6
C.MAC
D.Physical
B. The Domain Name System (DNS) uses two types of records to resolve domain names to IP addresses. Type A records resolve the domain name to IPv4 addresses. Type AAAA records resolve domain names to IPv6 addresses. MAC and Physical addresses are two names for the NIC address.
What type of entry in a DNS record can be used for load balancing of incoming mail?
A.MX
B.DX
C.AAAA
D.TXT
A. Multiple Mail Exchanger (MX) records can be set up for a domain that specify different mail servers for load balancing. Direct Connect (DX) is an Amazon Web Services dedicated connection between client and AWS. AAAA signifies an IPv6 address in a DNS record, and TXT DNS records let an administrator specify text in their DNS record. These text records can be used to prevent email spam.
What type of DNS record contains a list of users (IP addresses) that are authorized to send email on behalf of a domain?
A.DKIM
B.SPF
C.DMARC
D.A
B. Sender Policy Framework (SPF) is a technique to prevent email address spoofing. It is done using a TXT entry in a domain’s DNS service. DomainKeys Identified Mail (DKIM) performs a similar function, but it uses a digital signature. Domain-Based Message Authentication, Reporting, and Conformance (DMARC) uses SPF or DKIM and in addition requires that the sender’s domain be the same as the DNS domain name. Domain administrators can specify to quarantine or reject emails that fail DMARC. To use DMARC, a DMARC record must exist in the DNS.
What is the interface ID of the IP address 2001::1a3:f1a:308:833?
A.2001:0:0:0:
B.2001
C.1a3:f1a:308:833
D.833
C. This is an IPv6 address. It is 128 bits long, and the last 64 bits are the interface ID, which identifies the individual computer. Since there are eight groups of hex numbers, that means the rightmost four groups are the interface ID. Any leading zeros in an IPv6 address can be omitted, and the :: can be used once in an address to replace consecutive groups of all zeros, so the number in the question fully expanded would be 2001:0000:0000:0000:01a3:0f1a:0308:0833. The interface ID is therefore 1a3:f1a:308:833. The leftmost three sections identify the network, and the fourth identifies the subnet. In this example, 2001:0:0 is the site prefix and 0 is the subnet ID. IPv6 addresses do not need a subnet mask like IPv4 addresses do.
What two terms are used to identify an Internet provider that may connect to the Internet using T1 or T3 lines, or fiber optic, for example, and uses point-to-point millimeter-wave or microwave links between its towers for its backbone or to extend its service area, and point-to-multipoint wireless to provide Internet access to its customers?
A.WISP
B.ISP
C.Demarcation point
D.Long-range fixed wireless
A, D. For decades now, wireless Internet service providers (WISPs) have been established by groups of individuals or small companies to provide Internet access to areas where it is not profitable for large commercial Internet providers to run, such as very rural areas. They are also called long-range fixed wireless providers. The first one was established in 1992 in the Midwest of the United States. Now there are thousands of them all over the world. In some areas of the world, where there is little or no wired infrastructure, WISPs are the only way that people can get Internet connectivity. A WISP connects to the Internet using either leased lines or microwaves, generally uses point-to-point microwaves between its towers, and uses point-to-multipoint connections between the final tower and users. An ISP is an Internet service provider, and a demarcation point is the place in a customer’s premises where the responsibility for the network changes from the ISP to the customer.
Your friend is again considering the network configuration in their apartment. They’ve asked you the difference between channels on the 2.4 GHz and 5 GHz networks that are available on their Internet connection. What will you tell them? (Choose two.)
A.If they are using the 2.4 GHz network, they should choose channel 1, 6, or 11 because they don’t overlap each other.
B.The 5 GHz network channels provide greater bandwidth, so data could be transferred faster, but they may have more interference with their neighbors.
C.The 5 GHz frequency is considered obsolete, so the 2.4 GHz frequency should be used.
D.All of the 5 GHz frequencies overlap, so there will be greater interference.
A, B. Option A is true. Channels 1, 6, and 11 are the only ones that don’t overlap in a 2.4 GHz network. Option B is also true. Each channel in a 2.4 GHz network is only about 5 MHz wide, while in a 5 GHz network the minimum is 20 MHz, but it can be configured to use 40 MHz or 80 MHz by combining channels. Option C is false. The 2.4 GHz frequency supports older devices; the 5 GHz frequency is newer. While 2.4 GHz channels overlap with the exception of 1, 6, and 11, 5 GHz channels don’t overlap. Your friend needs to choose a frequency and channel that are compatible with their devices, but the router may automatically configure the channel if using the 5 GHz frequency.
Which IEEE Wi-Fi standard is also known as Wi-Fi 6?
A.802.11a
B.802.11ac
C.802.11ax
D.802.11n
C. The Institute of Electrical and Electronics Engineers (IEEE) 802.11ax standard is now known as Wi-Fi 6, and is considered a replacement for 802.11ac (Wi-Fi 5). 802.11n is designated as Wi-Fi 4. Prior IEEE standards (802.11b, 802.11a, and 802.11g) are not designated with official Wi-Fi X nomenclature, but working backward in time, 802.11g would be Wi-Fi 3, 802.11a would be Wi-Fi 2, and 802.11b would be Wi-Fi 1. The CompTIA A+ objectives only ask that you know what Wi-Fi 5 and Wi-Fi 6 are.
You want to set up a wireless network with data throughput of 54 Mbps. Which two wireless specifications will provide a data throughput of 54 Mbps? (Choose two.)
A)802.11g
B)802.11
C)802.11a
D)802.11b
A)802.11g
C)802.11a
Which TCP/IP configuration information must a computer on a network have before it can communicate with the Internet? (Choose three.)
A)MAC address of router
B)FTP server address
C)Subnet mask
D)Default gateway
E)Proxy server address
F)TCP/IP address
G)Public key
C)Subnet mask
D)Default gateway
F)TCP/IP address
A user who is obviously inexperienced calls in and tells you the following: “My cable TV was just installed. I went to the computer store and bought a device to help me get on the Internet. After I put it together, it looks like an upside-down spider. There are some lights blinking on it, but my computer won’t let me see Facebook.” What is the most likely cause of the user’s issue?
A)Wired Wireless Encryption
B)NIC configuration
C)Cable/DSL Modem configuration
D)Router/switch functionality
D)Router/switch functionality
Which statement is TRUE concerning DHCP?
A)DHCP is used to automate IP address assignment.
B)DHCP is used to resolve NetBIOS names to IP addresses.
C)DHCP is used to verify the IP address on a Windows-based computer.
D)DHCP is used to resolve host names to IP addresses.
A)DHCP is used to automate IP address assignment.
DHCP is a protocol that automatically assigns a unique IP address to each device that connects to a network.
Dynamic Host Configuration Protocol (DHCP) is a standards-based networking protocol that is used to automate the assignment of IP addresses to DHCP client devices. DHCP is a client/server protocol that uses two components, one on the server and one on the client. The server-side component stores a pool of available IP addresses. The client-side component requests a TCP/IP configuration from an available DHCP server. Several server operating systems support the DHCP server service, including Windows, UNIX, and Linux. Most desktop operating systems support the DHCP client service.
Domain Name System (DNS) is a network service that is used to resolve host names to IP addresses. DNS is used extensively on the Internet; for example, DNS can be used to resolve the host name www.verigon.com to that web server’s corresponding IP address.
Which radio frequency band does the 802.11b standard use?
A)4.3 GHz
B)1.9 GHz
C)2.4 GHz
D)5.0 GHz
C)2.4 GHz
You are an IT technician at your company. The company has two small offices in different cities. The company’s head office contains a DNS server and a DHCP server. The branch office does not contain a DHCP server. A user travels frequently between the head office and the branch office. You are configuring the IP address on this user’s laptop. You must ensure that the user is able to connect to the Internet from both offices. How should you configure the Internet Protocol (TCP/IP) Properties dialog box on the user’s laptop while expending the least administrative effort?
A)Configure a static IP address from the head office network range on the General tab. Configure a static IP address from the branch office network range on the Alternate Configuration tab.
B)Configure the General tab and the Alternate Configuration tab to use a static IP address from the branch office network range.
C)Configure the General tab to use the DHCP server at the head office. Configure a static IP address from the branch office network range on the Alternate Configuration tab.
D)Configure the General tab and the Alternate Configuration tab to use the DHCP server.
C)Configure the General tab to use the DHCP server at the head office. Configure a static IP address from the branch office network range on the Alternate Configuration tab.
Which type of address does a hardware vendor assign?
A)Internet zip code
B)Physical device address
C)Physical Internet address
D)Logical network address
B)Physical device address
The physical device, or hardware, address is also referred to as the Media Access Control (MAC) address. A MAC address is a unique number that is assigned to a network interface card (NIC) when the card is manufactured. No two computers on a network can have the same MAC address.
For what purpose have IP addresses in the 192.168.0.0 through 192.168.255.255 range been reserved?
A)Military installations only
B)Private networks
C)Government organizations other than the military
D)Multicasting
B)Private networks
There are three blocks of IP addresses that have been reserved by the Internet Assigned Numbers Authority (IANA) for private networks. These addresses can be used for IP addressing on a private network that does not need to be connected to the Internet. The three blocks of addresses are listed as follows:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Which applications use UDP?
A)NFS, TFTP, SNMP
B)ARP, NFS, FTP, SMTP
C)ICMP, ARP, FTP
D)NFS, FTP, TFTP
A)NFS, TFTP, SNMP
User Datagram Protocol (UDP) provides two services that Internet Protocol (IP) does not: a port number to help distinguish different user requests and, optionally, a checksum capability to verify that the data arrived intact. UDP works at the Transport layer of the OSI model.
Network applications that want to save processing time use UDP because they have very small data units to exchange, and therefore require a small amount of reassembly. The Trivial File Transfer Protocol (TFTP), Network File System (NFS), and Simple Network Management Protocol (SNMP) use UDP instead of Transmission Control Protocol (TCP). TFTP is a network application that is simpler than File Transfer Protocol (FTP), but less capable. It is used when user authentication and directory visibility are not required. TFTP, FTP, NFS, and SNMP all work at the Application layer of the OSI model.
