Obj 5.X

Question 1

An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following:

DIONRTR01# show interface eth 1/1

GigabitEthernet 1/1 is up, line is up

Hardware is GigabitEthernet, address is 000F.33CC.F13A

Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx

Member of L2 VLAN 1, port is untagged, port state is forwarding

Which of the following actions should be taken to improve the network performance for this WAN connection?

Shutdown and then re-enable this interface
Replace eth1/1 with a 1000Base-T transceiver
Assign the interface a 802.1q tag to its own VLAN
Configure the interface to use full-duplex

Answer 1

The correct answer is Assign the interface a 802.1q tag to its own VLAN. In this scenario, the WAN connection might be experiencing congestion or performance degradation due to other traffic sharing the same VLAN (VLAN 1 in this case). By tagging the interface with a unique VLAN using 802.1q, the administrator can isolate the WAN traffic, which should help improve performance by reducing interference from other network traffic.

The other options are incorrect because they either wouldn’t solve the problem or aren’t relevant. Shutting down and re-enabling the interface might temporarily reset the connection but would not address the underlying issue of shared VLAN traffic. Replacing eth1/1 with a 1000Base-T transceiver is unnecessary since the interface is already operating at 1 Gbps, which exceeds the 250 Mbps WAN circuit capacity. Configuring the interface to use full-duplex is already done, as shown by the “actual fdx” (full-duplex) status in the interface output, so it wouldn’t improve performance.

Question 2

You are troubleshooting a network connectivity issue on a student’s workstation at Dion Training. You check the details for the 802.11ac wireless network interface card and it reports the current RSSI level is -95 dB. Which of the following issues would cause this RSSI level?

Insufficient wireless coverage
Incorrect passphrase
Wrong SSID
Encryption protocol mismatch

Answer 2

The issue causing the RSSI level of -95 dB is insufficient wireless coverage. RSSI (Received Signal Strength Indicator) values below -70 dB typically indicate poor signal strength, and -95 dB is quite low. This suggests that the workstation is far from the wireless access point or that there are significant obstacles, like walls or interference, degrading the signal.

The other options are less likely to directly affect the RSSI level. An incorrect passphrase would prevent the workstation from connecting to the network entirely, but it wouldn’t affect the signal strength measurement if it were connected. A wrong SSID would also result in connection issues but would not yield an RSSI reading, as the device wouldn’t be trying to connect to the network. An encryption protocol mismatch could lead to connection problems, but similar to the previous options, it would not affect the RSSI level if the device is not successfully connecting to the network.

Question 3

A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem?

The switchport is configured for 802.1q trunking
APIPA has been misconfigured on the VLAN’s switch
The workstation’s NIC has a bad SFP module
The workstation’s OS updates have not been installed

Answer 3

The correct answer is The switchport is configured for 802.1q trunking. If the switchport is configured for 802.1q trunking instead of being set as an access port for a specific VLAN, the workstation might not receive the correct DHCP information and instead be assigned an APIPA (Automatic Private IP Addressing) address. This would explain why the workstation cannot communicate with the VLAN gateway, while other PCs on the same VLAN can.

The other options are incorrect because they do not directly relate to the problem at hand. APIPA misconfiguration on the switch is not likely, as APIPA is automatically assigned by the workstation when it cannot reach a DHCP server. A bad SFP module would prevent any network connection, but here the workstation still has basic network access (via APIPA). OS updates not being installed would not prevent the device from getting a DHCP address or communicating with the gateway if the network configuration were correct.

Question 4

A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?

Place the server in a screened subnet or DMZ
Adjust the ACL on the firewall’s internal interface
Implement a split-horizon or split-view DNS
Configure the firewall to support dynamic NAT

Answer 4

The correct answer is Implement a split-horizon or split-view DNS. This solution allows internal users to resolve the website using its internal IP address while external users resolve it to the public IP address. By configuring the DNS server to provide different responses based on the source of the request, internal users can access the site directly without going through the firewall, thus resolving the issue.

The other options are incorrect for the following reasons. Placing the server in a screened subnet or DMZ can improve security and separation, but it does not address the issue of internal users accessing the website through its public IP. Adjusting the ACL on the firewall’s internal interface might allow access but does not change the way internal users resolve the website’s address. Configuring the firewall to support dynamic NAT would allow internal users to reach the public internet but would not provide a way for them to access the website via its internal IP address, which is what is needed in this scenario.

Question 5

Scott is a brand new network technician at Dion Training. He has been told to remote into the edge switch from his desk and enable DHCP snooping. Which of the following commands should he use?

TFTP server
ip
nmap
telnet

Answer 5

The correct answer is telnet. Scott should use the telnet command to remotely access the edge switch from his desk. Telnet allows him to establish a command-line interface session with the switch, where he can enter the necessary commands to enable DHCP snooping.

The other options are incorrect for the following reasons. TFTP server is used for file transfers, not for remote access to network devices. ip is not a standalone command that enables remote access; it’s part of various commands related to IP configuration. nmap is a network scanning tool used to discover hosts and services on a network, not for accessing or configuring devices like a switch. Therefore, telnet is the appropriate choice for Scott’s task.

Question 6

Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine?

nslookup
tracert
route
ip

Answer 6

The correct answer is route. Rick would use the route command to configure static routing on the Windows machine. This command allows him to add, delete, or modify routes in the routing table, enabling the jumpbox to control its communication with specific networks and systems.

The other options are incorrect for the following reasons. nslookup is used to query DNS records and resolve domain names to IP addresses, but it does not configure routing. tracert (or traceroute) is used to determine the path packets take to a specific destination, which helps in diagnosing network connectivity issues, but it also does not change routing configurations. ip is not a standalone command in Windows for routing; it’s part of various commands in Linux/Unix environments. Thus, route is the appropriate command for configuring static routing on a Windows machine.

Question 7

A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?

Use Nmap to query known ports
Analyze packet captures
Review the ID3 logs on the network
Utilize netstat to locate active connections

Answer 7

Packet captures contain every packet that is sent and received by the network. By using a program like Wireshark to analyze the packet captures, you can see what kind of information and metadata is contained within the packets. By conducting this type of packet analysis, an attacker (or cybersecurity analyst) can determine if software versions are being sent as part of the packets and their associated metadata.

Question 8

Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue?

C:\windows\system32> ipconfig /flushdns
C:\windows\system32> nbtstat –R
C:\windows\system32> nslookup
C:\windows\system32> route print

Answer 8

The correct answer is C:\windows\system32> nbtstat –R. This command refreshes the NetBIOS name cache, which can help resolve issues related to accessing a server by its hostname, especially in environments where NetBIOS is used for name resolution. If the new server’s hostname is not resolving correctly, this command can refresh the mappings and allow Michael to access the server.

The other options are incorrect for the following reasons. C:\windows\system32> ipconfig /flushdns clears the DNS resolver cache, which is useful if there are stale DNS records, but it may not affect NetBIOS name resolution. C:\windows\system32> nslookup is used to query DNS servers directly to resolve domain names to IP addresses, but it does not refresh the name resolution cache. C:\windows\system32> route print displays the current routing table but does not assist in resolving hostname connectivity issues. Therefore, using nbtstat –R is the most appropriate command to troubleshoot the connectivity problem.

Question 9

You just started work as a network technician at Dion Training. You have been asked to check if DHCP snooping has been enabled on one of the network devices. Which of the following commands should you enter within the command line interface?

show diagnostic
show config
show route
show interface

Answer 9

The correct answer is show config. This command is typically used to display the current configuration of a network device, including whether DHCP snooping is enabled. By reviewing the configuration, you can determine if DHCP snooping is active and check its settings.

The other options are incorrect for the following reasons. show diagnostic is not a standard command used to check DHCP snooping; it generally provides diagnostic information about the device’s hardware and performance. show route displays the routing table, which is not related to DHCP settings. show interface provides information about the interfaces on the device, such as status and statistics, but does not specifically indicate DHCP snooping status. Therefore, show config is the appropriate command to verify if DHCP snooping is enabled.

Question 10

A network technician determines that two dynamically assigned workstations have duplicate IP addresses. What command should the technician use to correct this issue?

ipconfig /release | ipconfig /renew
ipconfig /dhcp
ipconfig /renew
ipconfig /all

Answer 10

The correct answer is ipconfig /release | ipconfig /renew. This command sequence first releases the current IP address assigned to the workstation and then requests a new IP address from the DHCP server. By doing this, it ensures that the workstation no longer retains the duplicate IP address and obtains a unique address, thus resolving the conflict.

The other commands are incorrect for the following reasons. ipconfig /dhcp is not a valid command and will not resolve IP address conflicts. ipconfig /renew by itself would only attempt to renew the current lease without releasing the duplicate address first, which could potentially still result in an IP conflict. ipconfig /all displays detailed information about the current IP configuration but does not take any action to resolve IP address conflicts. Therefore, the correct command to resolve the duplicate IP addresses is ipconfig /release | ipconfig /renew.

Question 11

You are working as a network technician running new unshielded twisted pair cables from the intermediate distribution frame to the individual offices on the same floor. The cable comes in 1000 foot spools. Which of the following tools should you use to break the cable into shorter distances?

Punchdown tool
Cable snip
Cable stripper
Cable crimper

Answer 11

The correct answer is Cable snip.

Explanation:
- Cable snip: This tool is specifically designed to cut cables to the desired length. It’s suitable for unshielded twisted pair (UTP) cables, allowing you to create shorter segments as needed.

• Punchdown tool: Used to insert and secure wires into a punchdown block or keystone jack, not for cutting cable.
• Cable stripper: Used to remove the outer insulation of the cable to expose the inner wires but not for cutting the cable itself.
• Cable crimper: Used for attaching connectors (like RJ-45) to the ends of cables but not for cutting.

Using a cable snip is the most appropriate choice for breaking the cable into shorter lengths.

Question 12

Dion Training has a single-mode fiber-optic connection between its main office and its satellite office located 30 kilometers away. The connection stopped working, so a technician used an OTDR and found that there is a break in the cable approximately 12.4 kilometers from the main office. Which of the following tools is required to fix this fiber optic connection?

Cable crimper
Cable snips
Media converter
Fusion splicer

Answer 12

The correct tool to fix this fiber-optic connection is the fusion splicer.

A fusion splicer is specifically designed to repair fiber-optic cables by fusing or welding the ends of the optical fibers back together. This is important in cases where a break or cut is detected in the cable, as in the scenario with the fiber break 12.4 kilometers from the main office. The fusion splicer ensures a strong and low-loss connection that restores the integrity of the fiber link.

For the exam, you need to remember that fusion splicers are used to repair fiber-optic cables, especially when precision and minimal signal loss are crucial.

Question 13

A network engineer is designing an 802.11g wireless network that uses three wireless access points for complete coverage. Which of the following channel selections would result in the LEAST amount of interference between each access point?

Adjacent access points should be assigned channels 2, 6, and 10 with a 20MHz channel width
Adjacent access points should be assigned channels 1, 6, and 11 with a 20MHz channel width
Adjacent access points should be assigned channels 4, 8, and 12 with a 40MHz channel width
Adjacent access points should be assigned channels 7, 9, and 11 with a 40MHz channel width

Answer 13

The best option to reduce interference in an 802.11g wireless network is to assign channels 1, 6, and 11 with a 20MHz channel width.

Channels 1, 6, and 11 are non-overlapping in the 2.4GHz spectrum, which minimizes interference when using multiple access points. Other channels, such as 2, 4, 7, 8, 9, 10, and 12, overlap with neighboring channels and can cause interference, especially in networks with closely placed access points.

For the exam, remember that channels 1, 6, and 11 are the standard non-overlapping channels used in 2.4GHz networks like 802.11g for minimizing interference.

Question 14

Tamera is troubleshooting a mail server connectivity issue and needs to review the MX records for DionTraining.com. Which of the following tools should she utilize?

telnet
route
nslookup
arp

Answer 14

Tamera should use nslookup to review the MX records for DionTraining.com.

Nslookup is a tool used to query DNS servers and retrieve domain-related information, such as MX (Mail Exchange) records, which specify the mail servers responsible for receiving email for a domain. For the exam, it’s important to know that nslookup is used to check DNS records like MX, A, CNAME, and others.

Telnet and route are used for different types of connectivity tests, and arp is used to view the local ARP cache, which is unrelated to DNS records.

Question 15

A technician is tasked with troubleshooting a network’s slowness. While troubleshooting, the technician is unable to ping any external websites. Users report they can access the sites using the web browsers. What is the MOST likely cause of the failed pings?

ICMP traffic being blocked by the firewall
A VLAN hopping attack is being conducted
Jumbo frames are not enabled on the network
TACACS+ is misconfigured on this network

Answer 15

1. The correct answer is ICMP traffic being blocked by the firewall. Firewalls often block ICMP traffic to prevent ping-based attacks, which would explain why the technician can’t ping external websites. However, users can still access the websites through web browsers since HTTP or HTTPS traffic (ports 80 and 443) is not blocked.
2. A VLAN hopping attack would not cause an issue with pinging external sites in this scenario. Jumbo frames are not related to ICMP traffic or network slowness in this context. TACACS+ misconfiguration relates to authentication and would not impact ping traffic or user web access directly.

Question 16

You have installed and configured a new wireless router. The clients and hosts can ping each other. The network uses a fiber optic WAN connection with 1 Gbps throughput. The wired clients have fast connections, but the wireless clients are displaying high latency when a ping is performed. The wireless clients are also only receiving 300 Mbps when downloading files from the Internet. Which of the following is MOST likely the cause of the slow speeds experienced by the wireless clients?

A fiber connection does not support wireless
The wireless access point is experiencing RF interference
The network should use 802.11g WAPs to increase throughput
A high signal-to-noise ratio on the wireless network

Answer 16

1. The correct answer is The wireless access point is experiencing RF interference. RF interference can cause high latency and slower data rates for wireless clients, even though the wired clients perform well.
2. A fiber connection supports the wired backbone, but it has no direct influence on wireless performance. 802.11g WAPs would actually decrease throughput, as they support a maximum speed of 54 Mbps, much slower than the 300 Mbps seen here. A high signal-to-noise ratio would indicate good signal quality, not a problem. It’s a low signal-to-noise ratio that causes issues, but this is not specified as the problem here.

Question 17

A customer is trying to configure an 802.11b wireless card in an old laptop to connect to an 802.11g wireless router. When the customer scans for the wireless network’s SSID (Dion-Corp), it is not displayed within Windows. What is the MOST likely reason that the SSID is not being displayed?

802.11g and 802.11b use different frequencies
The wireless router is not configured for DHCP support
The wireless router is configured with WPA2 encryption
The broadcast is disabled on the wireless router

Answer 17

1. The correct answer is The broadcast is disabled on the wireless router. If the SSID broadcast is disabled, the network won’t be visible in a scan, even if the wireless standards (802.11b and 802.11g) are compatible.
2. 802.11g and 802.11b use the same 2.4 GHz frequency, so they are compatible. WPA2 encryption would not prevent the SSID from showing up; it would only prevent the connection if the old laptop’s wireless card didn’t support WPA2. DHCP support is unrelated to the visibility of the SSID and affects IP address assignment after connection, not the scanning process.The correct answer is The broadcast is disabled on the wireless router.

Question 18

While troubleshooting, a technician notices that some clients using FTP still work and that pings to the local routers and servers are working. The technician tries to ping all known nodes on the network, and they reply positively, except for one of the servers. The technician notices that ping works only when the hostname is used but not when FQDN is used. What server is MOST likely offline?

DHCP server
Domain controller
WINS server
DNS server

Answer 18

The correct answer is DNS server.

When pings work using the hostname but fail with the Fully Qualified Domain Name (FQDN), it indicates that the device can resolve the hostname to an IP address but cannot resolve the FQDN. This situation typically points to an issue with the DNS server, which is responsible for translating FQDNs into IP addresses. If the DNS server is offline or misconfigured, clients will not be able to resolve FQDNs, leading to the issue described.

For the exam, remember that DNS is crucial for name resolution in a network. If clients can ping hosts by hostname but not by FQDN, the DNS server should be investigated for potential problems.

Question 19

It has been determined by network operations that there is a severe bottleneck on its mesh topology network. The field technician has chosen to use log management and found that one router makes routing decisions slower than the others on the network. Which of the following types of issues would you classify this as?

Network device power issues
Network device CPU issues
Delayed RADIUS responses
Storage area network issues

Answer 19

1. The correct answer is Network device CPU issues. If a router is making slower routing decisions compared to others, it indicates that the router’s CPU may be overwhelmed, struggling to process routing data efficiently, causing a bottleneck in the network.
2. Network device power issues would likely cause the router to fail or shut down, not just slow down routing decisions. Delayed RADIUS responses are related to authentication and would not directly affect routing speed. Storage area network issues are unrelated to routing performance in a mesh topology and deal with storage, not network traffic routing.

Question 20

A technician is troubleshooting a workstation connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology?

Remove the ARP entry on the user’s workstation
Duplicate the issue in a lab by adding a static ARP entry
Identify a suitable time to resolve the connectivity issue
Document the findings and provide a plan of action

Answer 20

The correct answer is to remove the ARP entry on the user’s workstation. When troubleshooting, the technician should take direct action to resolve the suspected issue. If a static ARP entry is causing connectivity problems, removing it can help restore normal operation and verify whether the issue is indeed related to the static ARP configuration.

The other options are less appropriate at this stage of troubleshooting. Duplicating the issue in a lab may be useful for understanding the problem better but is not an immediate step to resolve the current issue. Identifying a suitable time to resolve the connectivity issue may delay addressing the problem and does not provide an immediate solution. Finally, documenting findings and providing a plan of action is an important part of troubleshooting but should come after taking steps to resolve the current issue.

Question 21

You are troubleshooting a cable modem for a home user’s network. The connection speeds are much lower than you expected. You suspect the coaxial cable between the wall jack and the cable modem is faulty. Based on your research, a coaxial cable used in data networks should have an impedance of 50 ohms. Which of the following tools should you use to measure the resistance of the coaxial cable?

Cable certifier
Multimeter
Spectrum analyzer
Cable tester

Answer 21

The correct answer is a Multimeter. A multimeter can measure the resistance of a coaxial cable, which would help determine if the cable’s impedance matches the required 50 ohms. This would allow you to confirm if the cable is faulty or not.

The other options are incorrect. A cable certifier is used for testing if a cable meets specific performance standards, but it does not measure resistance directly. A spectrum analyzer measures signal frequencies and power levels, not cable impedance. A cable tester checks for continuity and wiring errors but doesn’t measure resistance or impedance.

Question 22

An end-user receives a new computer and now is unable to connect to the MySQL database over the Dion Training local area network. Other users can successfully connect. The network technician can successfully ping the database server but still is unable to connect. Which of the following is the most likely reason for this issue?

The route to the database server’s subnet is missing
A host-based firewall on the user’s computer is blocking port 3306
The database server is configured with the wrong default gateway address
The end user’s network interface card is defective

Answer 22

The most likely reason for this issue is that a host-based firewall on the user’s computer is blocking port 3306. MySQL databases typically use port 3306, and if the firewall is not configured to allow traffic on that port, the connection will be blocked even if the user can successfully ping the server.

The other options are less likely. If the route to the database server’s subnet was missing, other users would also have trouble connecting. A wrong default gateway on the database server would affect multiple users, not just one. A defective network interface card would prevent the user from connecting to the network at all, not just the database.

Question 23

Jason, a network technician, is troubleshooting a single-mode fiber that provides network connectivity to a remote site. He sees that the link light is off on the router’s network interface, and suspects that the fiber may have a break somewhere between his router and the remote site. Single-mode fiber is not providing network connectivity to a remote site. Which of the following tools could be used to identify the location of the break in the fiber?

OTDR
Media converter
Light meter
Tone generator

Answer 23

The tool that could be used to identify the location of the break in the single-mode fiber is an Optical Time-Domain Reflectometer (OTDR). An OTDR is specifically designed to test and troubleshoot fiber optic cables by sending a pulse of light down the fiber and measuring the light that is reflected back. It can provide information about the distance to any faults, breaks, or other issues in the fiber, making it highly effective for identifying the exact location of a break.

A media converter is used to convert signals between different types of media, such as from fiber to copper, but it won’t help in locating a break in the fiber itself. A light meter measures the power of the light signal in the fiber, which can indicate issues but does not provide location details. A tone generator is typically used for copper cabling to trace cables and identify them but is not applicable for fiber optics. Therefore, the OTDR is the most suitable tool for this situation.

Question 24

A network administrator recently set up a network computer lab and discovered some connectivity issues. The administrator can ping the fiber uplink interface, but none of the new workstations plugged into the switch are responding to the technician’s ICMP requests. Which of the following actions should the technician perform next?

Verify that the uplink interface is configured correctly
Verify the ports on the switch are full-duplex
Determine if port security is enabled on the ports
Determine if the link lights are lit for the ports

Answer 24

The correct action for the technician to perform next is Determine if the link lights are lit for the ports. Checking the link lights is a fundamental step in troubleshooting connectivity issues. If the link lights are not lit, it indicates a physical layer problem, such as a bad cable, a port not functioning, or a workstation not connecting properly to the switch.

The other options may also be relevant but should follow the initial physical check. Verifying the uplink interface is configured correctly can be important, but since the fiber uplink is responding, this may not be the immediate issue. Verifying the ports on the switch are full-duplex could help in performance troubleshooting but is less critical at this stage. Determining if port security is enabled on the ports is also a valid consideration, but checking the physical connection is the best next step to confirm whether the devices are properly connected.

Question 25

Dion Training’s remote office is experiencing poor network performance. You have been asked to look at the traffic patterns for the remote office and compare them to the network performance baselines. Which of the following tools should you utilize?

IP scanner
Terminal emulator
Spectrum analyzer
NetFlow analyzer

Answer 25

1. The correct answer is NetFlow analyzer. A NetFlow analyzer is designed to monitor and analyze traffic patterns, providing detailed insights into network performance. By using this tool, you can compare the current traffic data to performance baselines to identify any anomalies or bottlenecks in the network.
2. IP scanner is typically used to discover devices on a network and is not helpful for analyzing traffic patterns. Terminal emulator is used for accessing remote devices, not for analyzing traffic. Spectrum analyzer is used for wireless signal analysis, not for traffic patterns on a wired network.

Question 26

A network technician must replace a faulty network interface card on Dion Training’s web server. The server currently uses a multimode fiber optic cable to connect to a switchport on a fiber-optic network switch. Which of the following types of NICs should the technician install on the server?

1000Base-T
10GBase-SR
1000Base-LR
1000Base-FX

Answer 26

10GBase-SR

10GBase-SR is a 10 Gigabit Ethernet LAN standard for use with multimode fiber optic cables using short-wavelength signaling. 1000Base-T is a standard for Gigabit Ethernet over copper wiring. 1000Base-FX and 1000Base-LR are standard for Gigabit Ethernet over single-mode fiber optic cabling. For the exam, remember the memory aid, “S is not single,” which means that if the naming convention contains Base-S as part of its name then it uses a multimode fiber cable.

Question 27

Dion Training believes there may be a rogue device connected to their network. They have asked you to identify every host, server, and router currently connected to the network. Which of the following tools would allow you to identify which devices are currently connected to the network?

Protocol analyzer
Port scanner
NetFlow analyzer
IP scanner

Answer 27

The correct answer is IP scanner. An IP scanner is specifically designed to identify devices connected to a network by scanning the available IP addresses and returning information about active hosts. It can provide details such as device IP addresses, hostnames, and sometimes MAC addresses, allowing you to effectively detect rogue devices on the network.

The other options are less suited for this task. A protocol analyzer captures and analyzes network traffic but may not provide a straightforward list of connected devices. It focuses more on examining the data packets flowing through the network rather than identifying devices. A port scanner checks for open ports on specific devices but does not inherently list all devices on the network. Lastly, a NetFlow analyzer is used to analyze flow data for network traffic patterns but does not directly list connected devices. Therefore, an IP scanner is the best choice for identifying all hosts, servers, and routers on the network.

Question 28

Students at Dion Training have been reporting extreme performance degradation across the network every Friday morning. Which of the following should the network technician review FIRST to identify the root cause of the network performance issues?

Bottleneck
Link status
Utilization
Baseline

Answer 28

The correct answer is Utilization. Reviewing network utilization first is crucial because it helps determine if the network is being overloaded, which could be causing the performance degradation reported by the students. By checking utilization metrics, the technician can identify if there are spikes in traffic or if specific devices are consuming excessive bandwidth during the times of reported issues.

The other options are important as well but may not provide immediate insight into the root cause. A bottleneck indicates a point where the network performance is limited, but identifying that requires first understanding utilization levels. Link status checks whether connections are active and functioning properly, which is also essential but may not directly address the performance degradation if the links are indeed operational. Finally, a baseline provides a reference for normal network performance but won’t help identify current issues unless compared to real-time utilization data. Therefore, assessing utilization is the best starting point.

Question 29

A technician is called to investigate a connectivity issue to a remote office connected by a fiber optic cable. Using a light meter, it is determined that there is excessive dB loss. The installation has been working for several years. The switch was recently moved to the other side of the room and a new patch cable was installed. Which of the following is most likely the reason for the excessive dB loss?

Distance limitations
Bend radius limitation
Wavelength mismatch
Dirty connectors

Answer 29

Dirty Connectors

When fiber optic connectors become dirty, signal loss can cause severe problems and performance issues. Something as simple as oil from a technician’s hand can render a fiber connector dirty and cause a loss of signal. The technician will need to use appropriate cleaning cloth to clean the dirty connectors and restore the service. Since the switch was only moved to the other side of the room, it is unlikely that it now exceeds the distance limitations for a fiber cable since those are measured in hundreds of meters. The question does not mention that the cable was bent or moved around a corner, therefore it is unlikely to be a bend radius limitation affecting the signal. Fiber optic cables use different wavelengths depending on the type of fiber optic cable being used. Multimode fibers use 850 or 1300 nanometer wavelengths, whereas single-mode fibers use 1550 nanometer wavelengths. It is unlikely that the wrong patch cable was used as most organizations only implement a single type of fiber infrastructure to minimize the number and type of cables needed to support them.

Question 30

A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. Which of the following is MOST likely the cause of the connectivity issue?

Bad power supply
Cable short
Attenuation
Misconfigured DNS

Answer 30

The correct answer is Cable short. Since the VoIP phone works without issues in the old cubicle but reboots when connected in the new cubicle, it suggests that the problem lies within the cabling or the connection at the new location. A cable short can cause power fluctuations or interruptions in the data signal, leading to the phone rebooting.

The other options are less likely to be the cause. A bad power supply would generally affect the phone regardless of its location, as it would consistently malfunction. Attenuation refers to signal loss over distance, but since the phone worked fine in the previous location, it’s unlikely to be the issue unless there is an extremely poor connection or cabling. Lastly, misconfigured DNS would impact the phone’s ability to resolve addresses or connect to services but would not typically cause the device to reboot randomly. Thus, the evidence strongly points to a cable short in the new cubicle as the most likely cause.

Question 31

Due to numerous network misconfiguration issues in the past, Dion Training adopted a policy that requires a second technician to verify any configuration changes before they are applied to a network device. When the technician inspects a newly proposed configuration change from a coworker, she determines that it would improperly configure the AS number on the device. Which of the following issues could have resulted from this configuration change if it was applied?

BGP routing issues would have occurred
A frequency mismatch would have occurred
Wireless coverage area would be decreased
Spanning tree ports would have entered flooding mode

Answer 31

The correct answer is BGP routing issues would have occurred. The Autonomous System (AS) number is a critical identifier used in Border Gateway Protocol (BGP) to establish connections between different networks on the internet. If the AS number is misconfigured, it can lead to routing issues, such as incorrect route advertisements or a failure to establish BGP sessions with peers. This misconfiguration could result in loss of connectivity to external networks or improper routing of traffic, ultimately disrupting the network’s ability to communicate effectively with other ASes.

The other options are incorrect. A frequency mismatch pertains to wireless networking, specifically when devices operate on different frequencies and cannot communicate effectively, which is not relevant to AS numbers. A decrease in the wireless coverage area also does not relate to AS numbers, as this typically involves issues with access points or signal strength. Finally, if spanning tree ports enter flooding mode, it indicates a loop or misconfiguration in a Layer 2 switching environment, unrelated to AS number configuration. Therefore, BGP routing issues would be the most significant concern arising from an improper AS number configuration.

Question 32

A workstation is unable to connect to a file server on a 100BASE-TX network. The technician begins to troubleshoot the issue and has gathered the following information:

Workstation01 has an IP address of 10.0.1.25/25

Workstation01 can ping the default gateway (RouterA, Ethernet0/0) using its IP address 10.0.1.1/25

The file server (DIONTRAININGFS01) has an IP address of 10.0.1.145/25

Workstation01 cannot ping the IP address assigned to DIONTRAININGFS01

Workstation02 with an IP address of 10.0.1.200/25 can successfully ping DIONTRAININGFS01

When Workstation01 attempted to ping DIONTRAININGFS01, it received a “destination host unreachable” error message.

Which of the following is the MOST likely explanation for the connectivity issue between Workstation01 and DIONTRAININGFS01?

The link from Workstation01 to Router A has a wavelength mismatch
Workstation 02 and DIONTRAININGFS01 are on different subnets
The link from Workstation01 to RouterA has duplex issues
Workstation 01 and DIONTRAININGFS01 are on different subnets

Answer 32

Workstation 01 and DIONTRAININGFS01 are on different subnets

Since the IPs listed are all using /25 for their CIDR notation, you should be able to determine that they are on two separate subnets (10.0.1.1 - 10.0.1.126 and 10.0.1.129 - 10.0.1.254). This indicates that Workstation02 and DIONTRAININGFS01 are on different subnets. This can be solved by adding a route in RouterA to pass traffic between the two subnets. Since the network is a 100BASE-TX network, it cannot be a wavelength mismatch because 100BASE-TX networks use copper media and not fiber media for data transmission. Workstation02 and DIONTRAININGFS01 are on the same subnet (10.0.1.129/25). Based on the question, there are no indications that Workstation01 to RouterA has a duplexing issue.

Question 33

The fiber-optic connection between two of the Dion Training offices was broken. A network technician used a fusion splicer to repair the cable, but now the connection is experiencing reduce transmission efficiency, slower connection speed, and intermittent downtime. Which of the following is the MOST likely reason for these issues?

Missing route
Low optical link budget
Switching loop
Asymmetrical routing

Answer 33

The correct answer is low optical link budget. An optical link budget measures the amount of light power available for transmission across a fiber-optic connection. If the fusion splicer did not make a proper connection or if the splice loss was too high, this would result in reduced signal strength. This situation can lead to issues such as slower connection speeds, reduced transmission efficiency, and intermittent downtime, all of which are symptoms of insufficient light reaching the receiving end of the fiber.

The other options are less relevant in this scenario. A missing route pertains to IP routing issues rather than physical layer problems in fiber optics. Switching loops occur in Layer 2 networks and can cause broadcast storms but are unrelated to fiber-optic connections specifically. Finally, asymmetrical routing involves different paths for incoming and outgoing traffic, which can lead to performance issues but is not likely to be the direct cause of physical layer problems following a fiber splice. Therefore, the most probable cause of the issues experienced after the fiber repair is a low optical link budget.

Question 34

When installing a network cable with multiple strands, a network technician pulled the cable past a sharp edge. This resulted in the copper conductors on several of the wire strands being exposed. If these exposed conductors come into contact with each other, they can form an electrical connection. Which of the following conditions would result in this scenario?

Electrostatic Discharge
Short
Open
Reversed Pair

Answer 34

The correct answer is short. A short occurs when two electrical conductors make contact with each other, allowing current to flow along an unintended path. In this scenario, if the exposed copper conductors from the network cable touch, they would create a short circuit, potentially causing network communication failures or even damaging devices connected to the cable.

The other options are incorrect in this context. Electrostatic Discharge (ESD) refers to a sudden flow of electricity between two electrically charged objects and is not directly related to the physical contact of conductors. An open condition occurs when a circuit is broken, preventing current from flowing, which would not happen in the case of exposed conductors making contact. A reversed pair refers to the incorrect pairing of conductors within a cable, which can lead to data transmission errors but does not involve direct contact between conductors. Thus, the situation described is best characterized as a short.

Question 35

An administrator notices an unused cable behind a cabinet that is terminated with a DB-9 connector. What protocol is likely to be used with this cable?

Token ring
RS-232
802.3
ATM

Answer 35

The correct answer is RS-232. A DB-9 connector is commonly associated with RS-232 serial communication, which is used for connecting various types of devices, such as modems, printers, and network equipment for configuration or management purposes. RS-232 is a standard for serial communication that allows for point-to-point connections.

The other options are incorrect in this context. Token Ring refers to a network protocol and topology that uses a different type of connector and does not utilize DB-9 connectors. 802.3 pertains to Ethernet networking standards, which typically use RJ-45 connectors, not DB-9. ATM (Asynchronous Transfer Mode) is a networking technology that uses a completely different set of standards and cabling, also not associated with DB-9 connectors. Therefore, RS-232 is the most likely protocol associated with the DB-9 terminated cable.

Question 36

You are working as a network technician and need to create several Cat 5e network cables to run between different computers and the network jacks on the wall. The connections between the switch, the patch panel, and the wall jacks have already been installed and tested. Which of the following tools would NOT be necessary to complete this task?

Cable crimper
Wire stripper
Cable tester
Punchdown tool

Answer 36

The tool that would NOT be necessary to complete the task of creating several Cat 5e network cables is the Punchdown tool. A punchdown tool is used to terminate cables into patch panels or wall jacks by pushing the wires into the slots. Since the connections to the patch panel and wall jacks have already been installed and tested, you won’t need this tool for making the cables.

The cable crimper is necessary for attaching connectors to the ends of your Cat 5e cables. The wire stripper is needed to strip the insulation off the wires before crimping the connectors on. Lastly, a cable tester is essential to ensure that the newly made cables are functioning correctly once you’ve completed the connections. Therefore, while the crimper, stripper, and tester are all needed, the punchdown tool is not required for this particular task.

Question 37

Which of the following is likely to occur if twenty ethernet clients are connected to a hub in a local area network?

Asymmetric routing
Collisions
Broadcast storm
Duplicate MAC address

Answer 37

If twenty Ethernet clients are connected to a hub in a local area network, the most likely occurrence is collisions. Hubs operate at the physical layer of the OSI model and do not manage traffic intelligently; they simply forward all incoming packets to all ports. This means that when multiple clients attempt to send data simultaneously, the signals can collide, leading to data loss. Collisions are a common issue in networks using hubs, especially when the number of connected clients increases, as it significantly raises the chances of simultaneous transmissions.

Asymmetric routing refers to routing where different paths are taken for outgoing and incoming traffic, which is not directly related to the scenario described. A broadcast storm can occur if there is excessive broadcast traffic in the network, but simply connecting multiple clients to a hub does not guarantee that this will happen. Duplicate MAC addresses can occur in a network but are typically the result of configuration issues rather than a direct consequence of connecting multiple clients to a hub. Therefore, collisions are the most relevant issue in this context.

Question 38

Johnny is trying to download a file from a remote FTP server but keeps receiving an error that a connection cannot be opened. Which of the following should you do FIRST to resolve the problem?

Validate the security certificate from the host
Flush the DNS cache on the local workstation
Ensure that port 20 is open
Ensure that port 161 is open

Answer 38

To resolve the problem of Johnny receiving an error that a connection cannot be opened when trying to download a file from a remote FTP server, the first step should be to ensure that port 20 is open. FTP uses two ports: port 21 for the command channel and port 20 for the data transfer channel. If port 20 is blocked or not open, the data transfer will fail, preventing Johnny from downloading the file.

Validating the security certificate is not relevant for standard FTP connections, as they typically do not use SSL/TLS unless it’s FTPS. Flushing the DNS cache could help if there were name resolution issues, but it is not the first action to take when the problem pertains to connectivity specifically. Ensuring that port 161 is open is unnecessary in this context because that port is associated with SNMP, which is unrelated to FTP. Therefore, focusing on ensuring that port 20 is open is the most direct approach to address the connectivity issue.

Question 39

Which of the following tools would allow you to detect running services, applications, or operating systems on the network’s clients, servers, or devices by sending specifically crafted packets to them and analyzing their responses?

tcpdump
Protocol analyzer
ping
nmap

Answer 39

The correct tool for detecting running services, applications, or operating systems on the network’s clients, servers, or devices by sending specifically crafted packets and analyzing their responses is nmap. Nmap, or Network Mapper, is a powerful open-source tool used for network discovery and security auditing. It can provide detailed information about devices on a network, including open ports, services running, and the operating system in use, by sending crafted packets and interpreting the responses.

Tcpdump is a packet analysis tool that captures network packets but does not analyze the responses to identify services or applications running on devices. A protocol analyzer, while it can analyze traffic, may not have the specific scanning capabilities of nmap designed for service detection. Ping is a basic network utility used to check the reachability of a host and measure round-trip time, but it does not provide detailed information about services or operating systems. Thus, nmap is the most suitable choice for this purpose.

Question 40

A network technician is troubleshooting connectivity problems between switches but suspects the ports are not properly labeled. What option will help to identify the switches connected to each port quickly?

Perform a packet capture on each switch’s uplink port
Configure each uplink to send LACP discovery units
Enable a discovery protocol on the network devices
Configure TACACS+ on each network device

Answer 40

The best option to quickly identify the switches connected to each port is to enable a discovery protocol on the network devices. Discovery protocols like Cisco’s CDP (Cisco Discovery Protocol) or LLDP (Link Layer Discovery Protocol) allow network devices to advertise their identities and capabilities to other devices on the network. By enabling such a protocol, the network technician can gather information about connected devices, including their names, interfaces, and IP addresses, which simplifies the process of troubleshooting and identifying connectivity issues.

Performing a packet capture on each switch’s uplink port could provide detailed information about the traffic but would be time-consuming and less effective for identifying connected devices. Configuring each uplink to send LACP discovery units is related to link aggregation and would not assist in identifying connected switches. Configuring TACACS+ is related to authentication and access control rather than identifying network topology or connectivity. Therefore, enabling a discovery protocol is the most efficient approach in this scenario.

Question 41

Which of the following tools is used to identify why an 802.11g network is intermittently dropping network traffic?

Multimeter
Cable tester
Tone generator and probe
WiFi analyzer

Answer 41

The tool best suited to identify why an 802.11g network is intermittently dropping network traffic is a WiFi analyzer. A WiFi analyzer can monitor and analyze the wireless network’s performance, providing insights into signal strength, interference, channel utilization, and other factors that may be contributing to the intermittent connectivity issues. It can help identify sources of interference from other networks, devices, or obstacles that might be affecting the wireless signal quality.

A multimeter is typically used for measuring electrical parameters, not for analyzing network performance. A cable tester is useful for checking the integrity of wired connections but is not applicable to wireless networks. A tone generator and probe are used for tracing cables in a wired environment, which wouldn’t help with wireless connectivity issues. Therefore, the WiFi analyzer is the most effective tool for troubleshooting intermittent wireless network problems.

Question 42

You are trying to connect to another server on the network but are unable to ping it. You have determined that the other server is located on the 10.0.0.1/24 network, but your workstation is located on the 192.168.1.1/24 network. Which of the following tools should you use to begin troubleshooting the connection between your workstation and the server?

traceroute
dig
netstat
ifconfig

Answer 42

To begin troubleshooting the connection between your workstation and the server located on the 10.0.0.1/24 network, the best tool to use is traceroute. This tool will help you determine the path your packets take to reach the destination server, showing you each hop along the route. Since your workstation and the server are on different subnets, traceroute can reveal where the connectivity issue occurs, such as whether it’s failing to reach the router or encountering problems further along the path.

Using dig is more appropriate for querying DNS information and wouldn’t help with connectivity issues between different subnets. Netstat provides information about network connections, routing tables, and interface statistics but does not directly assist with troubleshooting the path to another server. Lastly, ifconfig (or its modern equivalent, ip) is useful for checking the configuration of your network interfaces, but it won’t provide insight into the connectivity path between your workstation and the server. Therefore, traceroute is the most effective initial troubleshooting tool in this scenario.

Question 43

Students at Dion Training are working on a networking lab that requires a single switch to be remotely accessed by many students simultaneously. The instructor verifies that the switch can be accessed using the console, but the switch is only letting one student log in to the device at a time. Which of the following configurations should the instructor implement to fix this issue?

Increase installed memory and install a larger flash module
Clear the ARP cache and flush the DNS cache on the switch
Increase the number of virtual terminals available
Increase the number of VLANs configured on the switch

Answer 43

To allow multiple students to remotely access the switch simultaneously, the instructor should increase the number of virtual terminals available. Each virtual terminal (vty) line on a switch allows for a separate remote access session, so by configuring more vty lines, the switch can accommodate more simultaneous remote connections.

Increasing installed memory or flash might enhance the switch’s overall performance, but it wouldn’t specifically address the limitation on remote logins. Clearing the ARP cache or flushing the DNS cache would have no effect on remote access capabilities. Adding more VLANs would be useful for segmentation and managing traffic but does not directly impact the number of simultaneous remote logins. Thus, increasing the number of vty lines is the most effective solution to resolve the issue of limited simultaneous access.

Question 44

Jason is flying home from a conference and attempts to connect to the airplane’s onboard wireless network to check his email. He selects the InflightWiFi from the list of network names, his web browser opens, and then a 404 “page not found” error is displayed. Which of the following issues is likely the source of this error?

Captive portal issue
Insufficient wireless coverage
Incorrect passphrase
Wrong SSID

Answer 44

The issue is likely a captive portal issue. Many inflight Wi-Fi networks require users to pass through a captive portal, where they need to accept terms or log in before accessing the internet. If there’s a problem with the portal’s configuration or connectivity, the browser may show a 404 error instead of the login or welcome page.

Insufficient wireless coverage could lead to poor connectivity but wouldn’t typically cause a 404 error on a captive portal page. An incorrect passphrase would prevent connection to the network altogether, while selecting the wrong SSID would connect him to a different network but wouldn’t result in a 404 error specific to the inflight network’s portal.

Question 45

Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?

RADIUS
WPA2 security key
SSL certificates
CSMA/CA

Answer 45

The most likely cause of the issue is RADIUS. Many captive portals use a RADIUS server to authenticate users when they connect to the network. If there’s an issue with the RADIUS server configuration, or if it’s down, users would be unable to authenticate successfully through the captive portal.

A WPA2 security key issue would prevent users from connecting to the network at all, not just from authenticating on the captive portal. SSL certificates could affect the security of the portal connection but wouldn’t directly prevent authentication. CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) is a protocol to avoid data collisions in wireless networks and would not impact authentication to a captive portal.