Practice Exam Questions

Question 1

ACL

Answer 1

Access Control List

used with firewalls and VLANs

only security provided for VLANs

Question 2

Hold Down Timer

Answer 2

function of a router that prevents a route from being updated for a specified length of time in seconds

Allows for the routers in a topology to have sufficient time to reach convergence and be updated when a route fails

Question 3

Physical Network DIagram

Answer 3

shows the actual physical arrangement of the components that makeup a network, including cables and hardware

Question 4

Logical Network Diagram

Answer 4

illustrates the flow of data across a network

used to show how devices communicate

usually includes subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flows and network segments

Question 5

authPriv

Answer 5

In SNMPv3 the authPriv option ensures that the communications are sent with authentication and privacy

uses MD5 and SHA for authentication

uses DES and AES for privacy and encryption

Question 6

A home user reports to a network technician that the Internet is slow when they attempt to use their smartphone or laptop with their Wi-Fi network. The network administrator logs into the admin area of the user’s access point and discovers that multiple unknown devices are connected to it. What is MOST likely the cause of this issue?

1. A successful WPS attack has occured
2. The user is experiencing ARP poisoning
3. The user is connected to a botnet
4. An evil twin has been implemented

Answer 6

1. A successful WPS attack has occurred

OBJ-4.2: Wi-Fi Protected Setup (WPS) allows users to configure a wireless network without typing in the passphrase. Instead, users can configure devices by pressing buttons or by entering a short personal identification number (PIN). Unfortunately, WPS is fairly easy to hack and unknown devices can then connect to your network without permission. This is the most likely cause of the issue described in the question. If it was an evil twin, the technician would not have been able to log in to the admin area of the device to see the connected devices. ARP poisoning consists of abusing the weaknesses in ARP to corrupt the MAC-to-IP mappings of other devices on the network. This would not affect the number of devices connected to the access point, though, only the switching of their traffic once they connect. A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them. From the description in the question, there is no evidence that the user’s laptop or smartphone are infected with malware. Even if one was infected, it is unlikely they both would be infected with the same malware since laptops and smartphones run different operating systems.

Question 7

Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line?

1. DOCSIS modem
2. Access Point
3. Analog Modem
4. Multilayer switch

Answer 7

3. Analog modem

OBJ-1.2: An analog modem is a device that converts the computer’s digital pulses to tones that can be carried over analog telephone lines and vice versa. DSL is the other type of Internet connection that uses an RJ-11 connection to a phone line. A DOCSIS modem is a cable modem and would require a coaxial cable with an F-type connector. An access point is a wireless device that connects to an existing network using twisted pair copper cables and an RJ-45 connector. A multilayer switch can use either twisted pair copper cables using an RJ-45 connector or a fiber optic cable using an MTRJ, ST, SC, or LC connector.

Question 8

A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?

1. Place the server in a screened subnet
2. Configure the firewall to support dynamic NAT
3. Implement a split-horizon or split-view DNS
4. Adjust the ACL on the firewall’s internal interface

Answer 8

2. Implement a split-horizon or split-view DNS

OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external). Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet. An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules.

Question 9

Which of the following levels would a debugging condition generate?

1. 7
2. 1
3. 0
4. 6

Answer 9

1. 7

OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Question 10

The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?

1. WPA Personal
2. WPA2 Enterprise
3. MAC filtering
4. WEP

Answer 10

1. WPA Personal

OBJ-4.3: Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client. MAC filtering does not use a password or preshared key. WEP uses a pre-shared key to secure a wireless network, but WPA uses a stronger encryption standard than WEP.

Question 11

Hybrid Topology

Answer 11

kind of network topology that is a combination of two or more network typologies

Question 12

Star Topology

Answer 12

a network topology where each individual piece of a network is attached to a central node, such as a switch.

Question 13

Bus Topology

Answer 13

a network topology in which nodes are directly connected to a common network media, such as coaxial cables, known as a bus

Question 14

Ring Topology

Answer 14

a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring

Question 15

Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network?

1. Bus
2. Ring
3. Hybrid
4. Star

Answer 15

3. Hybrid

The WAN connections are using a ring network topology, but each office is using a star topology. Therefore, the best description of this combined network is a hybrid topology.

Question 16

You just started work as a network technician at Dion Training. You have been asked to check if DHCP snooping has been enabled on one of the network devices. Which of the following commands should you enter within the command line interface?

1. show route
2. show interface
3. show config
4. show diagnostic

Answer 16

3. show config

OBJ-5.3: The “show configuration” command is used on a Cisco networking device to display the device’s current configuration. This would show whether or not the DHCP snooping was enabled on this device. The “show interface” command is used on a Cisco networking device to display the statistics for a given network interface. The “show route” command is used on a Cisco networking device to display the current state of the routing table for a given network device. The “show diagnostic” command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device.

Question 17

Microsoft SQL port

Answer 17

port 1433

Question 18

MySQL port

Answer 18

port 3306

Question 19

SQLnet port

Answer 19

port 1521

Question 20

Jason is a network manager leading a project to deploy a SAN. He is working with the vendor’s support technician to set up and configure the SAN on the enterprise network. To begin SAN I/O optimization, what should Jason provide to the vendor support technician?

1. Access to the data center
2. Asset management document
3. Baseline documents
4. Network diagrams

Answer 20

4. Network diagrams

OBJ-3.2: A network diagram is a visual representation of network architecture. It maps out the structure of a network with a variety of different symbols and line connections. This information will be important when deploying a Storage Area Network (SAN) on the enterprise network. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. Asset management is used to record and track an asset throughout its life cycle, from procurement to disposal. Access to the datacenter will only be required if the vendor’s support technician will be physically working in the datacenter and not performing a remote installation.

Question 21

A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?

1. Analyze packet captures
2. Review the ID3 logs on the network
3. Utilize netstat to locate active connections
4. Use Nmap to query known ports

Answer 21

1. Analyze packet captures

OBJ-5.3: Packet captures contain every packet that is sent and received by the network. By using a program like Wireshark to analyze the packet captures, you can see what kind of information and metadata is contained within the packets. By conducting this type of packet analysis, an attacker (or cybersecurity analyst) can determine if software versions are being sent as part of the packets and their associated metadata.

Question 22

Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue?

1. nslookup
2. route print
3. nbtstat -R
4. ipconfig /flushdns

Answer 22

3. nbtstat -R

OBJ-5.3: Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the “nbtstat -R” command to purge and reload the cached name table from the LMHOST file on their Windows workstation. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.

Question 23

NAC

Answer 23

Network Access Control

used to identify an endpoint’s characteristics when conducting network authentication

Question 24

BGP

Answer 24

Border Gateway Protocol

standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the internet

If a WAN link goes down, BGP with route data through another WAN link if available

Question 25

OSPF

Answer 25

Open Shortest Path First

link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm.

It is an Interior Gateway Protocol (IGP)

Question 26

VRRP

Answer 26

Virtual Router Redundancy Protocol

a computer network protocol that provides for automatic assignment of available IP routers to participating hosts.

This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.

Question 27

Which of the following applies to data as it travels from Layer 1 to Layer 7 of the OSI model?

1. Tagging
2. De-encapsulation
3. Tunneling
4. Encapsulation

Answer 27

2. De-encapsulation

OBJ-1.1: Data encapsulation and de-encapsulation in a computer network is a necessary process. De-encapsulation in networking is performed at the receiver side or destination side as data moves from layer 1 to layer 7 of the OSI model. As information travels up the layers of the OSI layer, information added from the sender’s encapsulation process is removed layer by layer. Data encapsulation, on the other hand, is performed at the sender side while the data packet is transmitted from source host to destination host. This is a process through which information is added to the data as it moved from layer 7 to layer 1 of the OSI model before the data is sent over the network to the receiver. Tagging is used in 802.1q to identify ethernet traffic as part of a specific VLAN. This occurs at Layer 2 of the OSI model and remains at Layer 2 of the OSI model. Tunneling is the process by which VPN packets reach their intended destination. This normally occurs using the IPsec or TLS protocols and occurs at Layer 2 of the OSI model.

Question 28

A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem?

1. IDS is blocking RADIUS
2. Shared secret key is mismatched
3. Group policy has not propagated to the device
4. Username is misspelled in the device config file

Answer 28

2. Shared secret key is mismatched

OBJ-4.1: AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems. A shared secret is a text string that serves as a password between hosts.

Question 29

RST flag (TCP)

Answer 29

reset flag

A reset (RST) flag is used to terminate the connection. This type of termination of the connection is used when the sender feels that something has gone wrong with the TCP connection or that the conversation should not have existed in the first place. For example, if a system receives information that is outside of an established session, it will send a RST flag in response

Question 30

FIN flag (TCP)

Answer 30

finish flag

A finish (FIN) flag is used to request that the connection be terminated. This usually occurs at the end of a session and allows for the system to release the reserved resources that were set aside for this connection

Question 31

SYN flag (TCP)

Answer 31

synchronization flag

A synchronization (SYN) flag is set in the first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake. Once received, the receiver sends back a SYN and ACK flag set in a packet which is then sent back to the initiator to confirm they are ready to initiate the connection.

Question 32

ACK flag (TCP)

Answer 32

acknowledge flag

the initial sender replies with an ACK flag set in a packet so that the three-way handshake can be completed and data transmission can begin.

Question 33

An offsite tape backup storage facility is involved with a forensic investigation. The facility has been told they cannot recycle their outdated tapes until the conclusion of the investigation. Which of the following is the MOST likely reason for this?

1. A chain of custody breach
2. The process of discovery
3. A notice of legal hold
4. A data transport request

Answer 33

3. A notice of legal hold

OBJ-3.2: A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. If a legal hold notice has been given to the backup service, they will not destroy the old backup tapes until the hold is lifted. The process of discovery is the formal process of exchanging information between the parties about the witnesses and evidence they will present at trial. The chain of custody is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. A data transport request is a formalized request to initiate a data transfer by establishing a circuit or connection between two networks.

Question 34

A network technician must allow HTTP traffic from the Internet over port 80 to an internal server running HTTP over port 81. Which of the following is this an example of?

1. Port forwarding
2. Dynamic DNS
3. Dynamic NAT
4. Static NAT

Answer 34

1. Port forwarding

OBJ-1.4: Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. Port Address Translation (PAT) is a type of dynamic NAT that can map multiple private IP addresses to a single public IP address by using port forwarding. Static NAT (Network Address Translation) is a one-to-one mapping of a private IP address to a public IP address. Dynamic NAT can be defined as mapping a private IP address to a public IP address from a group of public IP addresses known as the NAT pool. Dynamic NAT establishes a one-to-one mapping between a private IP address to a public IP address. Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real-time, with the active DDNS configuration of its configured hostnames, addresses, or other information. Since this question focused on the relationship between port 80 at the gateway or public IP address being mapped to port 81 on the internet server, this is an example of port forwarding that was configured on the gateway or firewall of this network.

Question 35

Which type of network device operates at layer 1 of the OSI model and requires connected devices to operate at half-duplex using CSMA/CD?

1. Switch
2. Hub
3. Bridge
4. Router

Answer 35

2. Hub

OBJ-2.1: A hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub operates at the physical layer (Layer 1) of the OSI model. All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain.

Question 36

Which type of wireless technology are OFDM, QAM, and QPSK examples of?

1. Frequency
2. Spectrum
3. Modulation
4. RF interference

Answer 36

3. Modulation

OBJ-2.4: Modulation is the process of varying one or more properties of a periodic waveform, called the carrier signal, with a separate signal called the modulation signal that typically contains information to be transmitted. WiFi can use different digital modulation schemes for data transmission. Common types of modulation include Orthogonal frequency-division multiplexing (OFDM), Quadrature Amplitude Modulation (QAM), and Quadrature Phase-shift keying (PSK). Frequency is the number of occurrences of a repeating event per unit of time. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. Interference occurs when two radios are transmitting or receiving on the same frequencies. Spectrum refers to the range of frequencies used by a radio transmitter or receiver, such as the 2.4 GHz spectrum which includes frequencies from 2.412 GHz to 2.472 GHz in the United States.

Question 37

You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment?

1. 77.81.12.13
2. 77.81.12.14
3. 77.81.12.15
4. 77.81.12.12

Answer 37

4. 77.81.12.12

OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /30, so each subnet will contain 4 IP addresses. Since the IP address provided is 77.81.12.14/30, the network ID is 77.81.12.12/30, the first router is 77.81.12.13/30, the second router is 77.81.12.14/30, and the broadcast address is 77.81.12.15/30.

Question 38

You are currently troubleshooting a network connection error. When you ping the default gateway, you receive no reply. You checked the default gateway, and it is functioning properly, but the gateway cannot connect to any of the workstations on the network. Which of the following layers could be causing this issue?

1. Transport
2. Physical
3. Presentation
4. Session

Answer 38

2. Physical

OBJ-1.1: Ping requests occur at layer 3 (Network Layer). Therefore, the problem could exist in layer 1 (physical), layer 2 (data link), or layer 3 (network). Since Physical (layer 1) is the only choice from layers 1-3 given, it must be the correct answer. Also, since the gateway cannot reach any of the other devices on the network, it is most likely a cable (physical) issue between the gateway and the network switch.

Question 39

Which of the following technologies deliver multiple voice calls over a copper wire if you have an ISDN or T-1 connection?

1. Analog circuit switching
2. CSMA/CD
3. Time-division spread spectrum
4. Time-division multiplexing

Answer 39

4. Time-division multiplexing

OBJ-1.2: Time-division multiplexing allows for two or more signals or bitstreams to be transferred in what appears to be simultaneous sub-channels in one communication channel but is physically taking turns on the channel. This is the technology used in a single PRI (ISDN or T-1) service to essentially share a single cable but pass multiple voice calls over it. Analog circuit switching is used by telephone providers on the Public Switched Telephone Network (PSTN), not with ISDN or T-1 connections. Time-division spread spectrum is not a real thing, spread spectrum is used in Wi-Fi, but it is based on frequency and not time. CSMA/CD is the carrier sense multiple access collision detection that is used for ethernet access at layer 2 of the OSI model. CSMA/CD is not used with ISDN or T-1 connections.

Question 40

Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if any of the Dion Training employees use the same Ethernet port in the conference room, they should access Dion Training’s secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?

1. Create an ACL to allow access
2. Configure a SIEM
3. MAC filtering
4. Implement NAC

Answer 40

4. Implement NAC

OBJ-4.3: Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access. Network Access Control can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. In this scenario, implementing NAC can identify which machines are known and trusted Dion Training assets and provide them with access to the secure internal network. NAC could also determine unknown machines (assumed to be those of CompTIA employees) and provide them with direct internet access only by placing them onto a guest network or VLAN. While MAC filtering could be used to allow or deny access to the network, it cannot by itself control which set of network resources could be utilized from a single ethernet port. A security information and event management (SIEM) system provides real-time analysis of security alerts generated by applications and network hardware. An access control list could define what ports, protocols, or IP addresses the ethernet port could be utilized. Still, it would be unable to distinguish between a Dion Training employee’s laptop and a CompTIA employee’s laptop like a NAC implementation could.

Question 41

A network administrator needs to install a centrally located firewall that needs to block specific incoming and outgoing IP addresses without denying legitimate return traffic. Which type of firewall should the administrator install?

1. A host-based stateless firewall
2. A host-based stateful firewall
3. A stateless network-based firewall
4. A stateful network-based firewall

Answer 41

4. A stateful network-based firewall

OBJ-2.1: A stateful firewall enhances security through packet filtering, and these types of firewalls also keep track of outbound requests and open the port for the returning traffic to enter the network. Since a centrally located firewall was required by the question, a network-based firewall should be chosen instead of a host-based firewall.

Question 42

Which of the following layers within software-defined networking focuses on resource requests or information about the network?

1. Control layer
2. Infrastructure layer
3. Management layer
4. Application layer

Answer 42

4. Application layer

OBJ-1.7: The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.

Question 43

What is the broadcast address associated with the host located at 201.58.12.245/28?

Answer 43

201.58.12.255

OBJ-1.4: In classless subnets using variable-length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /28, so each subnet will contain 16 IP addresses. Since the IP address provided is 201.58.12.245, the broadcast address will be 201.58.12.255.

Question 44

A technician is troubleshooting a workstation connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology?

1. Identify a suitable time to resolve the connectivity issue
2. Remove the ARP entry on the user’s workstation
3. Document the findings and provide a plan of action
4. Duplicate the issue in a lab by adding static ARP entry

Answer 44

2. Remove the ARP entry on the user’s workstation

OBJ-5.1: Based on the network troubleshooting methodology, you should try to test your theory to determine the cause once you have established a theory of probable cause. In this scenario, the technician has a theory that the static ARP entry is the cause of the problem. Since this issue has already caused the workstation not to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn’t fix the issue, you would need to develop a new hypothesis to test. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

Question 45

Which of the following types of fire suppression systems utilizes a sprinkler system with water to extinguish a fire but requires both an actuator and the sprinklers to be tripped prior to water being released?

1. HVAC system
2. Clean agent system
3. Wet pipe system
4. Pre-action system

Answer 45

4. Pre-action system

OBJ-3.3: A fire suppression system is an engineered set of components that are designed to extinguish an accidental fire in a workplace or datacenter. A pre-action system minimizes the risk of accidental release from a wet pipe system. With a pre-action system, both a detector actuation like a smoke detector and a sprinkler must be tripped prior to water being released. A wet pipe system is the most basic type of fire suppression system, and it involved using a sprinkler system and pipes that always contain water in the pipes. Special suppression systems, like a clean agent system, use either a halocarbon agent or inert gas. When releases, the agents will displace the oxygen in the room with the inert gas and suffocates the fire. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter.

Question 46

You typed IPCONFIG at the command prompt and find out your IP is 192.168.1.24. You then go to Google.com and search for “what is my IP,” and it returns a value of 35.25.52.11. How do you explain why your computer has two different IP addresses?

Answer 46

This is because your gateway is conducting NAT or PAT

OBJ-1.4: Your computer network uses a private IP address for machines within the network and assigns a public IP address for traffic being routed over the network using either NAT or PAT. Most small office home office (SOHO) networks utilize a single public IP for all of their devices and use a technique known as PAT to associate the public IP with each internal client’s private IP when needed. Network Address Translation (NAT) and Port Address Translation (PAT) allow multiple devices on a LAN to be mapped to a single public IP address to conserve IP address. In NAT, private IP addresses are translated into public IP addresses. In PAT, private IP addresses are translated into a single public IP address and their traffic is segregated by port numbers.

Question 47

You have installed and configured a new wireless router. The clients and hosts can ping each other. The network uses a fiber optic WAN connection with 1 Gbps throughput. The wired clients have fast connections, but the wireless clients are displaying high latency when a ping is performed. The wireless clients are also only receiving 300 Mbps when downloading files from the Internet. Which of the following is MOST likely the cause of the slow speeds experienced by the wireless clients?

1. The wireless access point is experiencing RF interference
2. The network should use 802.11g WAPs to increase the throughput
3. A high signal-to-noise ratio on the wireless network
4. A fiber connection does not support wireless

Answer 47

1. The wireless access point is experiencing RF interference

OBJ-5.4: If interference in the wireless spectrum occurs, more retransmissions will be needed (and thereby slowing speeds experienced and increasing latency). A high signal-to-noise ratio is a good thing on wireless networks and leads to faster speeds and lower retransmissions. The fiber connection itself is only used for the WAN connection, therefore you can use wired or wireless infrastructure for your internal LAN and connect the LAN to the WAN connection at the router. The wireless network is already getting throughputs of 300 Mbps, so it must be using 802.11n, 802.11ac, or 802.11ax for its wireless access points. If you switched to 802.11g, you would slow down the wireless network more since it has a maximum throughput of 54 Mbps.

Question 48

You have just finished installing a new web application and need to connect it to your SQLnet database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?

1. 1433
2. 3306
3. 1521
4. 3389

Answer 48

3. 1521

OBJ-1.5: SQLnet uses ports 1521, and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Microsoft SQL uses ports 1433 and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Question 49

Dion Training has created a guest wireless network for students to use during class. This guest network is separated from the corporate network for security. Which of the following should be implemented to require the least amount of configuration for a student to access the Internet over the guest network?

1. Enable SSID broadcast for the guest wireless network
2. Configure WEP with PSK
3. Enable 2FA on student’s device
4. Configure the access point to 802.1x for auth

Answer 49

1. Enable SSID broadcast for the guest wireless network

OBJ-2.4: Since security was not listed as a requirement for the guest wireless network, it would be easiest not to set up any encryption, passwords, or authentication mechanisms on the network. Instead, you should enable the SSID broadcast for the guest network so students can easily find and connect to it. Using two-factor authentication, 802.1x, or WEP would require the students to complete additional configurations prior to connecting to the guest network.

Question 50

A user’s smartphone is displaying text in other languages in their web browser when accessing the company’s main website. Which of the following is the MOST likely cause of the issue?

1. DoS attack
2. On-path attack
3. Reflective DNS attacks
4. Deauth attack

Answer 50

2. On-path attack

OBJ-4.2: An on-path attack (previously known as a man-in-the-middle attack) is a general term when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or impersonate one of the parties, making it appear as if a normal exchange of information is occurring. For example, if your user and server are both in the United States (English language), but the attacker is performing the on-path attack from Russia, then the server will utilize the Russian language in the text since it sees the connection coming from a Russian IP address. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point by sending a deauthentication frame to the victim’s machine.

Question 51

Jason, a network technician, is troubleshooting a single-mode fiber that provides network connectivity to a remote site. He sees that the link light is off on the router’s network interface, and suspects that the fiber may have a break somewhere between his router and the remote site. Single-mode fiber is not providing network connectivity to a remote site. Which of the following tools could be used to identify the location of the break in the fiber?

1. OTDR
2. Tone generator
3. Media converter
4. Light meter

Answer 51

1. OTDR

OBJ-5.2: An Optical Time Domain Reflectometer (OTDR) is used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR can identify if a fiber cable is broken and provide an approximate location for the break in meters or feet. A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located. A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A tone generator is used with copper cables, not fiber optic cables. A media converter is a layer 1 networking device that connects two different media types, such as a copper twisted pair cable and a fiber optic cable.

Question 52

Which of the following encryption types was used by WPA to better secure wireless networks than WEP?

1. TKIP
2. IV
3. AES
4. CCMP

Answer 52

1. TKIP

OBJ-2.4: Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.

Question 53

Which of the following network performance metrics is used to represent the theoretical maximum rate of data transfer from a source to a destination in a given amount of time under ideal conditions?

1. Bandwidth
2. Throughput
3. Jitter
4. Latency

Answer 53

1. Bandwidth

OBJ-3.2: Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance. Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients.

Question 54

Which of the following communication types are used in IPv6 to send a packet to the nearest interface that shares a common address in a routing table?

1. Multicast
2. Anycast
3. Broadcast
4. Unicast

Answer 54

2. Anycast

OBJ-1.4: An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the “nearest” interface having that address, according to the router’s routing table. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. Multicast can be used with both IPv4 and IPv6. Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.

Question 55

Your company has several small branch offices around the country, but you work as a network administrator at the centralized headquarters building. You need the capability of being able to remotely access any of the remote site’s routers to configure them without having to fly to each location in person. Your company’s CIO is worried that allowing remote access could allow an attacker to gain administrative access to the company’s network devices. Which of the following is the MOST secure way to prevent this from occurring while still allowing you to access the devices remotely?

Answer 55

create an out-of-band management network

OBJ-4.4: You should create an out-of-band management network and use an SSH (console) connection to reach the routers. Out-of-band (OOB) management is a method of remotely controlling and managing critical IT assets and network equipment using a secure connection through a secondary interface that is physically separate from the primary network connection. Telnet and HTTP are not encrypted channels and should not be used for remote connections. Using a modem is also a bad security practice since these are subject to war dialing and provide slow connectivity speeds.

Question 56

Which of the following layers is NOT used in a three-tiered data center network architecture?

1. Distribution/aggregation layer
2. Access/edge layer
3. Core layer
4. Control layer

Answer 56

4. Control layer

OBJ-1.7: The control layer is used in software-defined networking (SDN), not the three-tiered data center network architecture. The Core Layer is considered the backbone of our network and is used to merge geographically separated networks back into one logical and cohesive unit. In general, you will have at least two routers at the core level, operating in a redundant configuration. The distribution or aggregation layer is located under the core layer and it provides boundary definition by implementing access lists and filters to define the policies for the network at large. The access or edge layer is located beneath the distribution or aggregation layer and is used to connect all the endpoint devices like computers, laptops, servers, printers, wireless access points, and others.

Question 57

Dion Training is concerned with the threat of an attacker modifying the MAC address to IP bindings within the local area network. Which of the following could be enabled on the company’s network to prevent this from occurring?

Answer 57

Dynamic ARP inspection

OBJ-4.3: Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). Port mirroring, ARP inspection, and VLANs do not add any redundancy to the network. DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure. When DHCP servers are allocating IP addresses to the LAN clients, DHCP snooping can be configured on LAN switches to prevent malicious or malformed DHCP traffic or rogue DHCP servers. The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform.

Question 58

A disgruntled employee executes an on-path attack on the company’s network. Layer 2 traffic destined for the gateway is now being redirected to the employee’s computer. What type of attack is this an example of?

Answer 58

ARP spoofing

OBJ-4.2: ARP spoofing (also known as ARP poisoning) is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user’s knowledge. IP spoofing is the creation of Internet Protocol (IP) packets that have a modified source address to either hide the identity of the sender, impersonate another computer system, or both.

Question 59

The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following devices would BEST handle the rerouting caused by the disruption of service?

1. Layer 2 switch
2. Smart hub
3. Proxy server
4. Layer 3 switch

Answer 59

4. Layer 3 switch

OBJ-2.1: A layer 3 switch is the best option because, in addition to its capability of broadcast traffic reduction, it provides fault isolation and simplified security management. This is achieved through the use of IP address information to make routing decisions when managing traffic between LANs. Multicast and unicast are layer 3 messaging flows, so you need a router or layer 3 switch to route them across the network. A smart hub is a layer 1 device. A proxy server operates at layer 4, but would still require a router or layer 3 switch to route the traffic.