Practice Questions Flashcards
Which tool is most commonly used for analyzing and detecting network-based attacks?
A - Wireshark
B - PuTTY
C - Firewall
D - IPS
A Wireshark
Wireshark is used for analysis, firewall and IPS detect but aren’t used for analysis
Which is NOT an DNS record type associated with email routing and security?
A - MX
B - SPF
C - SRV
D - TXT
C - SRV
SRV links services on network
Which access control model can be used to ensure only people with the right clearance level have access to sensitive information?
A - DAC
B - MAC
C - RBAC
D - ABAC
B - MAC
Mandatory Access Control
Which is a distance-vector routing protocol used in smaller networks to route between routers?
A - FTP
B - STP
C - OSPF
D - RIP
D - RIP
Limited to 16 hops
OSPF is a link state protocol, not distance vector
How to ensure employees can only access work-related websites during working hours
A - Configure firewall to block ports used by these websites
B - Deploy proxy server with content filtering
C - Enable port mirroring to monitor employee web traffic in real time
D - Set up logging on the router to capture all employee traffic
B - Proxy Server with content filtering
Which term refers to the backup route that EIGRP uses when the primary route fails?
A - Alternate Path
B - Feasible Successor
C - Secondary Route
D - Standby Route
B - Feasible Successor
Which OSI layer is responsible for data segmentation?
Transport
What is the purpose of a network with an assigned address 10.61.54.18 and mask 255.255.255.252?
A - Network with more than 200 devices
B - Multiple IP addresses assigned to a server
C - Point-to-point link between two routers
D - Reserved for use as a broadcast address
C - Point to Point
The network only contains 4 addresses, including the network address and the broadcast address, so only 2 usable addresses. Must be point to point
Which technology should be used to connect 2 ports from an access switch to the core switch for redundancy and increased bandwidth without creating a loop?
A - Port Spanning
B - Port Mirroring
C - LACP
D - VTP
C - LACP
Link Aggregation Control Protocol
What is best to use to identify the port on a switch that an IP phone is connected? The protocol allows devices to advertise their identity and capabilities across the net.
A - DHCP
B - LLDP
C - DNS
D - SNMP
B - LLDP
Link Layer Discovery Protocol
Which technology uses an X-509 certificate to establish trust between server and client?
A - IPSec
B - PKI
C - SSH
D - WPA2
B - PKI
What to use to enable routing between VMs on different networks without using a dedicated virtual router?
A - NAT
B - NFV
C - VLAN trunking
D - Bridging the virtual NICs
B - NFV
Network Function Virtualization
Which WiFi frequency is most likely to get interference from a microwave?
A - 900 MHz
B - 2.4 GHz
C - 5 GHz
D - 6 GHz
B - 2.4 GHz
What is the primary benefit of using a CDN?
A - Balances server load
B - Caches content, decreases latency, and improve access speed
C - Automatically blocks malicious traffic
D - Reduces cost by eliminating need for multiple data centers
Content Distribution Network
B - Caches content, decreases latency, and improve access speed
Like YouTube - stream data from your local server instead of one on the other side of the world
A computer system or an application that acts as an intermediary between another computer and the Internet:
A - Bridge
B - Proxy
C - Server
D - Gateway
B - Proxy
“Intermediary”
A dedicated storage appliance that can be added to a local network:
A - SAN
B - NAS
C - SSD
D - DAS
B - NAS
Network Attached Storage
A dedicated local network that provides access to shared storage devices:
A - SDN
B - NAS
C - iSCSI
D - SAN
D - SAN
Storage Area Network
A solution that enables the replacement of traditional network hardware functionalities with software via virtualization:
A - SDN
B - VM
C - SVI
D - NFV
D - NFV
Network Function Virtualization
Characteristics of a Network Security Group (NSG)
(Select 3 answers)
A - Primarily used in traditional/non-virtualized network environments
B - Detects or prevents intrusion attempts or malicious activities within the network traffic
C - Provides firewall-like capabilities
D - Applies security rules to specific virtual NICs (more granular control)
E - Used for controlling inbound and outbound traffic in cloud computing environments
F - Applies security rules at the subnet level (less granular control)
C - Provides firewall-like capabilities
D - Applies security rules to specific virtual NICs (more granular control)
E - Used for controlling inbound and outbound traffic in cloud computing environments
Characteristics of a Network Security List (NSL)
(Select 3 answers)
A - Provides firewall-like capabilities
B - Applies security rules at the subnet level (less granular control)
C - Used for controlling inbound and outbound traffic in cloud computing environments
D - Applies security rules to specific virtual NICs (more granular control)
E - Primarily used in traditional/non-virtualized network environments
F - Detects or prevents intrusion attempts or malicious activities within the network traffic
A - Provides firewall-like capabilities
C - Used for controlling inbound and outbound traffic in cloud computing environments
F - Detects or prevents intrusion attempts or malicious activities within the network traffic
A type of network gateway that allows instances within a cloud environment to send and receive unencrypted traffic to and from the Internet:
A - NAT gateway
B - Internet Gateway
C - VPN Gateway
D - Default Gateway
B - Internet Gateway
Functions of a cloud gateway using NAT
(Select 3 answers)
A - Enables instances within a VPC to access external networks
B - Translates private IP addresses to a public IP address
C - Restricts inbound connections from external networks
D - Translates public IP addresses to a private IP address
E - Enables inbound connections from external networks
F - Prevents instances within a VPC from accessing external networks
A - Enables instances within a VPC to access external networks
B - Translates private IP addresses to a public IP address
C - Restricts inbound connections from external networks
Enables a secure, encrypted Internet connection between an on-premises network and cloud resources
A - SSH
B - IPsec
C - SSL/TLS
D - VPN
D - VPN
Provides a dedicated, private connection between an on-premises network and a cloud provider
A - Direct Connect
B - VPN
C - Leased Line
D - Fibre Channel
A - Direct Connect
Private network connection between an organization’s data center and a cloud service provider’s data center.
Bypasses the public internet
Automatic and dynamic adjustment of resources based on real-time demand changes
A - Rapid elasticity
B - Adaptive Computing
C - Load Balancing
D - Resource Pooling
A - Rapid elasticity
Adaptive Computing is similar but expands resources as an app requires them where Rapid Elasticity concerns fluctuating demand for a service
Software architecture where multiple users, each with their own isolated environment and resources, are served by a single application instance
A - Virtualization
B - Multitenancy
C - Sandboxing
D - Containerization
B - Multitenancy
Network protocol for secure file transfer over SSH
A - TFTP
B - SFTP
C - Telnet
D - FTPS
B - SFTP
SFTP uses SSH for FTP on port 22
FTPS uses SSL or TLS, using port 21 for ctrl and 990 for data
Telnet: (Select 3 answers)
A - Encrypts network connection
B - Provides username & password authentication
C - Transmits data in an unencrypted form
D - Does not provide authentication
E - Enables remote login and command execution
B - Provides username & password authentication
C - Transmits data in an unencrypted form
E - Enables remote login and command execution
SMTP is used for: (Select 2 answers)
A - Sending email messages between mail servers
B - Name resolution services
C - Serving of web pages
D - Retrieving email messages from mail servers
E - Sending email messages from a client device
A - Sending email messages between mail servers
E - Sending email messages from a client device
Microsoft-proprietary protocol that provides a graphical interface for connecting to and controlling another networked host
A - VDI
B - RDP
C - SSH
D - VNC
B - RDP
Port 3389
Part of the IPsec protocol suite provides data integrity and authentication but not encryption
A - ESP
B - AH
C - IKE
D - SHA
B - AH
Authentication Header
IPsec component that provides (among other security features) data confidentiality
A - DES
B - ESP
C - AH
D - RC4
B - ESP
Encapsulating Security Payload
IPsec protocol used to set up secure connections and exchange cryptographic keys
A - TLS
B - IKE
C - ESP
D - DHE
B - IKE
Internet Key Exchange
Which port enables the FTP data connection for transferring file data?
A - UDP port 20
B - TCP port 20
C - UDP port 21
D - TCP port 21
B - TCP port 20
The FTP control connection to administer a session is established through:
A - TCP port 20
B - UDP port 20
C - TCP port 21
D - UDP port 21
C - TCP port 21
The SSH protocol runs on:
A - TCP port 21
B - UDP port 22
C - TCP port 20
D - TCP port 22
D - TCP port 22
Unblocking TCP port 22 enables which type(s) of traffic?
(Select all that apply)
A - FTPS
B - SSH
C - SFTP
D - FTP
E - Telnet
B - SSH
C - SFTP
SFTP is an extension of SSH and runs by default on TCP port 22
A DHCP server runs on UDP port:
A - 66
B - 67
C - 68
D - 69
B - 67
67 - listen for client requests
68 - DHCP communication
A DHCP client runs on UDP port:
A - 66
B - 67
C - 68
D - 69
C - 68
An SNMP agent receives requests on UDP port:
A - 160
B - 161
C - 162
D - 163
B - 161
UDP 161 - Mgr polls Agents
UDP 162 - Agents send Traps to Mgr
An SNMP management station receives SNMP notifications from agents on UDP port:
A - 160
B - 161
C - 162
D - 163
C - 162
TCP port 389 is the default network port for:
A - RDP
B - LDAP
C - SMB
D - LDAPS
B - LDAP
TCP port 445 is assigned to:
A - HTTPS
B - SMB
C - IMAP
D - LDAPS
B - SMB
The Syslog protocol runs on UDP port:
A - 445
B - 514
C - 587
D - 636
B - 514
Which TCP port is used by the SMTP protocol for secure email transmission over TLS?
A - 445
B - 514
C - 587
D - 636
C - 587
A network administrator wants to secure the existing access to a directory service with SSL/TLS encryption. Which of the TCP ports listed below needs to be opened to implement this change?
A - 587
B - 389
C - 636
D - 514
C - 636
Which of the TCP/UDP ports listed below is used for non-encrypted SIP traffic?
A - 6051
B - 5060
C - 6050
D - 5061
B - 5060
Which TCP port is used by SIP over TLS?
A - 5061
B - 6050
C - 5060
D - 6051
A - 5061
Which of the following answers refer(s) to the IEEE 802.11a standard?
(Select all that apply)
A - 2.4 GHz frequency band
B - Maximum speed: 11 Mbps
C - 5 GHz frequency band
D - Maximum speed: 54 Mbps
E - 6 GHz frequency band
F - Maximum speed: 600 Mbps
C - 5 GHz frequency band
D - Maximum speed: 54 Mbps
Characteristic features of the IEEE 802.11b standard include:
(Select all that apply)
A - 2.4 GHz frequency band
B - Maximum speed: 11 Mbps
C - 5 GHz frequency band
D - Maximum speed: 54 Mbps
E - 6 GHz frequency band
F - Maximum speed: 600 Mbps
A - 2.4 GHz frequency band
B - Maximum speed: 11 Mbps
Which of the answers listed below refer(s) to the IEEE 802.11g standard?
(Select all that apply)
A - 2.4 GHz frequency band
B - Maximum speed: 11 Mbps
C - 5 GHz frequency band
D - Maximum speed: 54 Mbps
E - 6 GHz frequency band
F - Maximum speed: 600 Mbps
A - 2.4 GHz frequency band
D - Maximum speed: 54 Mbps
Which of the following answers refer(s) to the IEEE 802.11n standard?
(Select all that apply)
A - Wi-Fi 4
B - 2.4 GHz frequency band
C - Maximum speed of up to 54 Mbps
D - Wi-Fi 5
E - 5 GHz frequency band
F - Maximum speed of up to 600 Mbps
G - Wi-Fi 6
H - 6 GHz frequency band
I - Maximum speed: 6.9 Gbps
A - Wi-Fi 4
B - 2.4 GHz frequency band
E - 5 GHz frequency band
F - Maximum speed of up to 600 Mbps
Which of the answers listed below refer(s) to Wi-Fi 5?
(Select all that apply)
A - IEEE 802.11n standard
B - 2.4 GHz frequency band
C - Maximum speed: 600 Mbps
D - IEEE 802.11ac standard
E - 5 GHz frequency band
F - Maximum speed: 6.9 Gbps
G - IEEE 802.11ax standard
H - 6 GHz frequency band
I - Maximum speed: 9.6 Gbps
D - IEEE 802.11ac standard
E - 5 GHz frequency band
F - Maximum speed: 6.9 Gbps
Which of the following answers refer(s) to Wi-Fi 6?
(Select all that apply)
A - IEEE 802.11n standard
B - 2.4 GHz frequency band
C - Maximum speed: 600 Mbps
D - IEEE 802.11ac standard
E - 5 GHz frequency band
F - Maximum speed: 6.9 Gbps
G - IEEE 802.11ax standard
H - 6 GHz frequency band
I - Maximum speed: 9.6 Gbps
B - 2.4 GHz frequency band
E - 5 GHz frequency band
G - IEEE 802.11ax standard
I - Maximum speed: 9.6 Gbps
Which of the answers listed below refer to Wi-Fi 6E?
(Select all that apply)
A - IEEE 802.11n standard
B - Maximum speed: 600 Mbps
C - IEEE 802.11ac standard
D - Maximum speed: 6.9 Gbps
E - IEEE 802.11ax standard
F - Maximum speed: 9.6 Gbps
E - IEEE 802.11ax standard
F - Maximum speed: 9.6 Gbps
Which of the following frequency bands are supported by Wi-Fi 6E-compatible devices?
A - 2.4 GHz
B - 5 GHz
C - 6 GHz
All of the above
Amendment to the IEEE 802.11 standard, introduced to address spectrum and power management issues in wireless networks
A - 802.11h
B - 802.11k
C - 802.11s
D - 802.11x
A - 802.11h
A shared secret authentication method used in WPA and WPA2
A - IKE
B - SAE
C - MFA
D - PSK
D - PSK
Pre-Shared Key
Which of the following wireless security protocols uses a pre-shared key for authentication and encryption?
A - 802.1X
B - WPA3-SAE
C - TKIP
D - WPA2-Enterprise
E - None of the above
E - None of the above
Which of the names listed below refers to 10-gigabit Ethernet over twinaxial cable?
A - 10GBASE-LR
B - 10GBASE-T
C - 10GBASE-SR
D - 10GBASE-CR
D - 10GBASE-CR
Short-range Ethernet over multimode fiber
(Select 2 answers)
A - 10GBASE-CR
B - 1000BASE-LX
C - 10GBASE-SR
D - 1000BASE-SX
E - 10GBASE-LR
C - 10GBASE-SR
D - 1000BASE-SX
Long-range Ethernet over single-mode fiber
(Select 2 answers)
A - 10GBASE-LR
B - 1000BASE-SX
C - 10GBASE-CR
D - 1000BASE-LX
E - 10GBASE-SR
A - 10GBASE-LR
D - 1000BASE-LX
What are the characteristic traits of single-mode fiber optics?
(Select 3 answers)
A - Supports transmission distances of up to 2 km
B - Typically costs more than multimode fiber optics
C - Uses LED as the source of light
D - Supports transmission distances of up to 100 km or more
E - Uses laser as the source of light
F - Typically costs less than multimode fiber optics
B - Typically costs more than multimode fiber optics
D - Supports transmission distances of up to 100 km or more
E - Uses laser as the source of light
Which of the following answers accurately describe(s) DAC cable?
(Select all that apply)
A - Long-distance cable runs
B - A cabling type commonly used in data centers
C - Low-speed connections
D - Commonly implemented using twinaxial cabling
E - Short-range cable runs
F - General-purpose network cabling
G - High-speed connections
Direct Attach Copper cable
B - A cabling type commonly used in data centers
D - Commonly implemented using twinaxial cabling
E - Short-range cable runs
G - High-speed connections
Which of the following answers refer to the characteristics of multimode fiber optics?
(Select 3 answers)
A - Uses laser as the source of light
B - Supports transmission distances of up to 2 km
C - Typically costs more than single-mode fiber optics
D - Supports transmission distances of up to 100 km or more
E - Typically costs less than single-mode fiber optics
F - Uses LED as the source of light
B - Supports transmission distances of up to 2 km
E - Typically costs less than single-mode fiber optics
F - Uses LED as the source of light
Maximum data transfer rate for Cat 7 cabling over a standard 100-meter cable segment length
A - 10 Gbps
B - 25 Gbps
C - 40 Gbps
D - 100 Gbps
C - 40 Gbps
Characteristics of Category 8 (Cat 8) cabling
(Select all that apply)
A - Long-distance, high-speed links
B - 25GBASE-T
C - Optimized for datacenter equipment
D - 40GBASE-T
E - Short-distance (approx. 30 meters), high-speed links
F - 100GBASE-T
G - General-purpose network cabling
B - 25GBASE-T
C - Optimized for datacenter equipment
D - 40GBASE-T
E - Short-distance (approx. 30 meters), high-speed links
Two-layer, full-mesh topology commonly used in data centers
A - Spine and leaf
B - Client-server
C - Point-to-multipoint
D - Collapsed core
A - Spine and leaf
Distribution layer of the three-tier hierarchical model
Select 2 answers
A - Acts as an intermediary between the core and access layers
B - Provides direct connectivity to end devices
C - Handles high-speed traffic between different parts of the network
D - Manages physical connections and cabling
E - Provides routing, filtering, and traffic management functions
A - Acts as an intermediary between the core and access layers
E - Provides routing, filtering, and traffic management functions
Access layer of the three-tier hierarchical model
Select 3 answers
A - Ensures that critical traffic receives priority over less important traffic (QoS)
B - Acts as an intermediary between the core and distribution layers
C - Implements security measures to control network access
D - Provides the physical or wireless connections for end devices to access the network
E - Handles high-speed traffic between different parts of the network
A - Ensures that critical traffic receives priority over less important traffic (QoS)
C - Implements security measures to control network access
D - Provides the physical or wireless connections for end devices to access the network
Traffic flow between external networks (such as the Internet) and internal network resources (like servers or data centers)
A - Inter-network traffic
B - East-west traffic
C - Cross-network traffic
D - North-south traffic
D - North-south traffic
Traffic flow between devices within the same data center or network
A - Intra-network traffic
B - East-west traffic
C - Cross-network traffic
D - North-south traffic
B - East-west traffic
APIPA uses the address block range
A - 169.254.0.0 to 169.254.255.255
B - 172.16.0.0 to 172.31.255.255
C - 192.168.0.0 to 192.168.255.255
D - 127.0.0.0 to 127.255.255.255
A - 169.254.0.0 to 169.254.255.255
Which RFC describes the concept of private IP addressing?
A - RFC 4949
B - RFC 1918
C - RFC 1208
D - RFC 1983
B - RFC 1918
IPv4 address range used for loopback addresses
A - 128.0.0.0 – 128.255.255.255 (128.0.0.0/8)
B - 0.0.0.0 – 0.255.255.255 (0.0.0.0/8)
C - 169.254.0.0 – 169.254.255.255 (169.254.0.0/16)
D - 127.0.0.0 – 127.255.255.255 (127.0.0.0/8)
D - 127.0.0.0 – 127.255.255.255 (127.0.0.0/8)
The operational status of a NIC can be checked by pinging:
Select all that apply
A - FE80::/10
B - ::/127
C - localhost
D - ::1
E - 127.0.0.1
F - 0:0:0:0:0:0:0:1
C - localhost
E - 127.0.0.1
D - ::1
Increases the efficiency of IP address space management by allowing network administrators to divide networks into subnets of different sizes
A - DHCP
B - VLAN
C - IPAM
D - VLSM
D - VLSM
Variable Length Subnet Mask
What are the characteristic features of the
192.168.0.0 - 192.168.255.255 (192.168.0.0/16)
IPv4 address space?
Select 2 answers
A - Class A range
B - Public IP address range
C - Class B range
D - Non-routable (private) IP address range
E - Class C range
D - Non-routable (private) IP address range
E - Class C range
Which of the following answers refer to the IPv4 multicast address block?
Select 2 answers
A - 128 - 191
B - Class B range
C - 192 - 223
D - Class C range
E - 224 - 239
F - Class D range
E - 224 - 239
F - Class D range
Which of the answers listed below refer to
172.16.0.0 - 172.31.255.255 (172.16.0.0/12) ?
Select 2 answers
A - Class A range
B - Public IP address range
C - Class B range
D - Non-routable (private) IP address range
E - Class C range
C - Class B range
D - Non-routable (private) IP address range
What are the characteristic features of
192.168.0.0 - 192.168.255.255 (192.168.0.0/16) ?
Select 2 answers
A - Class A range
B - Public IP address range
C - Class B range
D - Non-routable (private) IP address range
E - Class C range
D - Non-routable (private) IP address range
E - Class C range
How to calculate the number of available hosts in a subnet
Hosts = 2^(32-N) - 2
Where N = number of Network Bits (CIDR /#)
What is the binary representation of the 255.255.128.0 subnet mask?
11111111.11111111.10000000.00000000
What is the first valid host address for a node residing in the 10.119.136.143/20 network?
10.119.128.1
What is the CIDR notation for 255.255.224.0 subnet mask?
/19
What is the binary notation of the decimal number 252?
11111100
How many usable IP addresses can be assigned to hosts on a /26 subnet?
62
What is the network address for the 192.168.223.15 255.255.255.252 host?
192.168.223.12
What is the broadcast address for the 46.28.247.109/10 network?
46.63.255.255
What is the maximum valid range for IP addresses that can be assigned to hosts on the 134.170.185.46 255.255.128.0 network?
134.170.128.1 - 134.170.255.254
What is the broadcast address for the 192.168.50.155/20 network?
192.168.63.255
What is the maximum number of subnets and hosts per subnet for the 192.168.50.247 255.255.255.224 network?
8 subnets, 30 hosts per subnet
What is the binary representation of the 255.254.0.0 subnet mask?
11111111.11111110.00000000.00000000
What is the decimal notation of the binary number 11100000?
224
What is the maximum valid range for IP addresses that can be assigned to hosts on the 192.168.100.248 255.255.255.248 network?
192.168.100.249 - 192.168.100.254
What is the dot-decimal representation of a /13 subnet mask?
255.248.0.0
What is the CIDR notation of the 255.192.0.0 subnet mask?
/10
What is the last usable host IP address on the 192.168.32.9/30 network?
192.168.32.10
What is the maximum number of hosts per subnet for the 10.47.255.1/20 network?
4094 hosts
What is the network address for the 154.24.67.147/22 host?
154.24.64.0
What is the last usable host IP address for the 172.45.120.0/23 network?
172.45.121.254
What is the first usable host IP address on the 172.26.56.110/27 network?
172.45.121.254
What is the first usable host IP address on the 172.26.56.110/27 network?
172.26.56.97
What is the CIDR notation of the 255.255.255.224 subnet mask?
/27
An IPv6 link-local address is an equivalent of IPv4’s:
A - APIPA address
B - Routable IP address
C - Public IP address
D - MAC address
A - APIPA address
Compress FE80:00A7:0000:0000:02AA:0000:4C00:FE9A
FE80:A7::2AA:0:4C00:FE9A
IPv6 link-local address
FE80::/10
IPv6 address range for Globally-Routable addresses
between 2000 and 3FFF (or simply with a 2 or 3 as the first digit)
Technique that encapsulates IPv6 packets within IPv4 headers, allowing IPv6 traffic to traverse IPv4 networks
A - NAT64
B - Dual stack IP
C - Tunneling
D - DHCPv6
C - Tunneling
IPv6 loopback address
::1
Which of the following statements describes IaC playbooks?
A - A set of user roles and permissions used to enforce access control and security policies
B - Step-by-step instructions for automating processes such as deployments, configurations, or updates
C - Dynamic content or configurations, which can be filled in with specific values at runtime
D - Scripts used to automate repetitive system administration tasks and functions
B - Step-by-step instructions for automating processes such as deployments, configurations, or updates
Which of the answers listed below refers to IaC templates?
A - Step-by-step instructions for automating processes such as deployments, configurations, or updates
B - A set of user roles and permissions used to enforce access control and security policies
C - Scripts used to automate repetitive system administration tasks and functions
D - Dynamic content or configurations, which can be filled in with specific values at runtime
D - Dynamic content or configurations, which can be filled in with specific values at runtime
Which IaC automation component enables the real-time retrieval, storage, and management of configuration data?
A - Configuration templates
B - Dynamic repositories
C - State files
D - Version control systems
B - Dynamic repositories
Match Routing Type with Protocol
Distance Vector EIGRP
Link State ISIS
Path Vector RIP
Hybrid OSPF
BGP
Distance Vector RIP
Link State OSPF, ISIS
Path Vector BGP
Hybrid EIGRP
Which of the following answers can be used to describe FHRP?
(Select 3 answers)
A - Virtual IP address shared among several routers
B - Automatic failover between devices
C - Redundancy for gateway devices
D - Static IP address assignment to all routers
E - Load balancing across all active routers
A - Virtual IP address shared among several routers
B - Automatic failover between devices
C - Redundancy for gateway devices
Which of the following answers refer link-state routing protocols?
(Select 3 answers)
A - Routers periodically share their routing tables with immediate neighbors to maintain up-to-date route information
B - Each router maintains a complete map of the network topology
C - Routers send updates only when there are network changes, reducing unnecessary traffic
D - Converge quickly after network changes, improving reliability in larger networks
E - Routes are determined based on the shortest distance, typically measured in hops
B - Each router maintains a complete map of the network topology
C - Routers send updates only when there are network changes, reducing unnecessary traffic
D - Converge quickly after network changes, improving reliability in larger networks
Which of the answers listed below describe the features of path-vector routing protocols?
(Select 2 answers)
A - Combines distance-vector and link-state features
B - Used for inter-domain routing between ASs, such as in the Internet
C - Routers store and share the full path (sequence of ASs) to each destination, rather than simple distance metrics
D - Primarily used for intra-domain routing within a single AS
E - Routes are determined based on the shortest distance, typically measured in hops
B - Used for inter-domain routing between ASs, such as in the Internet
C - Routers store and share the full path (sequence of ASs) to each
Which of the following is an example of a distance-vector routing protocol?
A - EIGRP
B - BGP
C - OSPF
D - RIP
E - IS-IS
D - RIP
Which of the following is an example of a link-state routing protocol?
A - EIGRP
B - BGP
C - OSPF
D - RIP
E - IS-IS
C - OSPF
E - IS-IS
Which of the following is an example of a hybrid routing protocol?
A - EIGRP
B - BGP
C - OSPF
D - RIP
E - IS-IS
A - EIGRP
Which of the following is an example of a path-vector routing protocol?
A - EIGRP
B - BGP
C - OSPF
D - RIP
E - IS-IS
B - BGP
Which of the following terms refers to a logical grouping of computers that allows computer hosts to act as if they are attached to the same broadcast domain regardless of their physical location?
A - VPN
B - Intranet
C - Screened subnet
D - VLAN
D - VLAN
Which feature should the administrator use to centrally store and maintain a record of all configured VLANs?
A - VLAN database
B - MAC address table
C - Network topology map
D - IP routing table
A - VLAN database
A logical interface that enables communication between devices that belong to different VLANs (inter-VLAN routing)
A - NAT
B - SVI
C - VTP
D - STP
B - SVI
Which of the following solutions enables combining several physical ports of a switching device into a single logical channel?
A - RSTP
B - VRRP
C - LACP
D - HSRP
C - LACP
Link Aggregation Control Protocol
Which of the following refers to a network protocol designed to enhance network convergence speed and prevent switching loops?
A - RTP
B - SRTP
C - STP
D - RSTP
D - RSTP
Rapid Spanning Tree Protocol is an enhanced version of STP, offering faster convergence times and improved network stability
A single non-standard Ethernet frame that allows for a much larger maximum payload size is called:
A - Giant frame
B - STP frame
C - Jumbo frame
D - Magic packet
C - Jumbo frame
Which of the acronyms listed below refers to a cable rack type that interconnects wiring between the MDF and end devices within a specific area or floor?
A - DCI
B - PDU
C - DTE
D - IDF
D - IDF
Intermediate Distribution Frame
Which of the following handles the flow of hot air within the equipment rack?
A - Rack-mounted filter
B - Port-side exhaust
C - Air deflector
D - Cross-flow ventilation
B - Port-side exhaust
A type of design in which a network equipment’s ports face the cold aisle enabling direct and unobstructed flow of cool air into the equipment is referred to as:
A - Front-to-back cooling
B - Vertical airflow design
C - Port-side intake
D - Cold aisle containment
C - Port-side intake
Which of the following answers refers to a device designed to supply (and monitor the quality of) electric power to multiple outlets?
A - PSU
B - RPS
C - PDU
D - SVC
C - PDU
Power Distribution Unit
An agreement between a service provider and users defining the nature, availability, quality, and scope of the service to be provided is referred to as:
A - SOW
B - MSA
C - SLA
D - MOU
C - SLA
Service Level Agreement
Which of the following terms refers to an agreement that specifies performance requirements for a vendor?
A - MSA
B - SLA
C - MOU
D - SOW
B - SLA
Service Level Agreement
An SNMP community string provides the functionality of a(n):
A - Session token
B - Password
C - Encryption key
D - Device ID
B - Password
Core functionalities of SIEM
A - Monitors bandwidth usage across the network
B - Conducts vulnerability assessments
C - Enforces security policies on endpoints
D - Collects, aggregates, and analyzes log data
D - Collects, aggregates, and analyzes log data
Security Information and Event Management
Examples of protocols specifically designed to provide confidentiality and privacy for DNS data include:
(Select all that apply)
A - DNSSEC
B - DoH
C - DTLS
D - DoT
E - SSL/TLS
B - DoH
D - DoT
DNS over HTTPS
DNS over TLS
Which of the following can be used on a local machine to override DNS settings?
A - NIC settings
B - Hosts file
C - DNS cache
D - Routing table
B - Hosts file
simple text file that maps hostnames (like “www.example.com”) to IP addresses
Which of the answers listed below refers to a dedicated, secure system that acts as an intermediary to access devices or systems in a different, typically more secure, network segment?
A - Jump box/host
B - Authentication server
C - Network firewall
D - Access gateway
A - Jump box/host
Also known as a Bastion Host
The practice of managing devices through the same network channels that are used for regular data traffic is called
A - In-path management
B - Inline management
C - In-band management
D - Integrated management
C - In-band management
Which of the answers listed below can be used to describe self-signed digital certificates? (Select 3 answers)
A - Backed by a well-known and trusted third party
B - Not trusted by default by web browsers and other applications
C - Used in trusted environments, such as internal networks and development environments
D - Suitable for websites and other applications that are accessible to the public
E - Trusted by default by web browsers and other applications
F - Not backed by a well-known and trusted third party
B - Not trusted by default by web browsers and other applications
C - Used in trusted environments, such as internal networks and development environments
F - Not backed by a well-known and trusted third party
Which of the following answers refers to a framework for managing access control to digital resources?
A - PAM
B - SSO
C - IAM
D - MFA
C - IAM
Identity and Access Management
Which of the answers listed below refers to a markup language used to exchange authentication and authorization data?
A - JSON
B - XML
C - SAML
D - XHTML
C - SAML
Security Assertion Markup Language
Which of the following answers refers to a AAA protocol primarily used for managing access to network devices?
A - SNMP
B - TACACS+
C - SSH
D - RADIUS
B - TACACS+
Terminal Access Controller Access-Control System
The purpose of PCI DSS is to provide protection for:
A - Credit cardholder data
B - Licensed software
C - User passwords
D - Personal health information
A - Credit cardholder data
Payment Card Industry - Data Security Standard
Which of the answers listed below refers to a specific type of ICS?
A - SoC
B - CMS
C - SCADA
D - RTOS
C - SCADA
Supervisory Control and Data Acquisition
Which of the acronyms listed below refers to a technology that encompasses all hardware and software systems used for monitoring and controlling physical devices, processes, and industrial operations?
A - IIoT
B - OT
C - SCADA
D - ICS
B - OT
Operational Technology
Which operational state indicates that a port has been shut down by the switch due to network errors, security violations, or configuration issues?
A - Blocking
B - Error disabled
C - Administratively down
D - Suspended
B - Error disabled
Which port interface status indicates that a switch port is temporarily inactive due to network conditions, configuration settings, or security policies?
A - Standby
B - Disabled
C - Suspended
D - Dormant
C - Suspended
Which troubleshooting step would NOT be helpful in resolving the issue of the total power consumption of connected PoE devices exceeding the available power budget of a PoE switch?
A - Checking the total power budget of the PoE switch and the power requirements of all connected devices
B - Using a multimeter to measure and verify the power consumption of individual devices
C - Disconnecting non-essential PoE devices to reduce the load on the power budget
D - Upgrading to a PoE switch with a higher power budget or adding an external PoE injector if necessary
E - Ensuring the switch’s firmware is up to date, as it can improve power consumption metrics in some cases
B - Using a multimeter to measure and verify the power consumption of individual devices
A bridge ID is a unique identifier (a combination of a switch’s priority value and its MAC address) used to determine the root bridge in a network. Based on its bridge ID, which of the devices listed below would be selected as the root bridge?
Switch A: 40960-00:0A:95:9D:68:16
Switch B: 32768-00:0A:95:9D:68:17
Switch C: 40960-00:0A:95:9D:68:18
Switch D: 32768-00:0A:95:9D:68:19
Switch B: 32768-00:0A:95:9D:68:17
Which of the following answers refers to a switch port that has the lowest path cost to the root bridge on a particular network segment?
A - Default port
B - Priority port
C - Designated port
D - Active port
C - Designated port
The port on a non-root bridge switch with the best path cost to the root bridge is referred to as:
A - Designated port
B - Root port
C - Default port
D - Forwarding port
B - Root port
Which of the following answers refers to a switch port that has been manually shut down and does not forward any type of traffic?
A - Suspended port
B - Disabled port
C - Blocked port
D - Non-active port
B - Disabled port
Inactive switch ports that are not part of the best path are said to be in:
A - Standby state
B - Idle state
C - Listening state
D - Blocking state
D - Blocking state
Which of the answers listed below describes a switch port in the blocking state?
A - Prepares to forward traffic and listens for BPDU messages, but does not forward frames
B - Learns MAC addresses to populate the MAC table, but does not forward frames
C - Forwards traffic and updates the MAC table, actively participating in network communication
D - Does not forward traffic and only listens to BPDU messages to prevent loops
D - Does not forward traffic and only listens to BPDU messages to prevent loops
Which of the following answers refers to a command-line packet capturing utility?
A - netcat
B - tcpreplay
C - nmap
D - tcpdump
D - tcpdump
Which netstat parameter allows displaying all active TCP connections and the TCP/UDP ports on which the computer is listening?
-a
-p
-e
-r
-a
Which of the following netstat parameters allows displaying the names of applications and executable file components that are accessing the network?
-a
-n
-b
-p
-b
The arp command can be used to perform what kind of resolution?
A - IP to FQDN
B - MAC to IP
C - IP to MAC ( Missed)
D - FQDN to IP
C - IP to MAC ( Missed)
Which of the following answers refers to a vendor-neutral protocol used for network devices to advertise their identity, capabilities, and neighbors on a LAN?
A - LACP
B - Syslog
C - LLDP
D - SNMP
C - LLDP
Link Layer Discovery Protocol
Which of the answers listed below refers to a Cisco-proprietary network protocol used by Cisco devices to share information about directly connected devices, such as device identity, capabilities, and IP address information?
A - LLDP
B - NDP
C - CDP
D - LACP
C - CDP
Cisco Discovery Protocol
A Wi-Fi analyzer is not designed for:
A - Measuring the strength of the Wi-Fi signal ( Your answer)
B - Detecting interference from other devices or networks
C - Analyzing wireless channel usage
D - Capturing and inspecting network traffic data
D - Capturing and inspecting network traffic data
Which of the following commands displays the MAC address table of a switch or router, showing which MAC addresses are associated with which ports?
A - ip link show
B - arp -a
C - show mac-address-table
D - getmac
C - show mac-address-table
Which of the commands listed below would be useful for diagnosing and troubleshooting issues on devices with PoE capabilities?
A - show voltage
B - show power
C - show wattage
D - show load
B - show power
At which OSI layers is the protocol data unit referred to simply as data?
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Application Layer
Presentation Layer
Session Layer
A dedicated storage appliance that can be added to a local network is known as:
SAN
NAS
SSD
DAS
NAS
A share drive
A dedicated local network consisting of devices providing data access is called:
SDN
NAS
iSCSI
SAN
SAN
SharePoint
One of the key benefits provided by a CDN is the improvement of:
Content load times
Host security
User management process
Network storage capacity
Content load times
Content Delivery Network
Caches data at the outer edge of the network for faster delivery outside the network
SFTP vs FTPS
SFTP:
- FTP using SSH
FTPS
- FTP using SSL/TLS
Which of the answers listed below can be used to describe the concept of a Network Security Group (NSG)?
(Select 3 answers)
A - Primarily used in traditional/non-virtualized network environments
B - Detects or prevents intrusion attempts or malicious activities within the network traffic
C - Provides firewall-like capabilities
D - Applies security rules to specific virtual NICs (more granular control)
E - Used for controlling inbound and outbound traffic in cloud computing environments
F - Applies security rules at the subnet level (less granular control)
C - Provides firewall-like capabilities
D - Applies security rules to specific virtual NICs (more granular control)
E - Used for controlling inbound and outbound traffic in cloud computing environments
NSG - More Granular - Rules to individual NICs
Which of the following answers refer to the characteristics of a Network Security List (NSL)?
(Select 3 answers)
A - Provides firewall-like capabilities
B - Applies security rules at the subnet level (less granular control)
C - Used for controlling inbound and outbound traffic in cloud computing environments
D - Applies security rules to specific virtual NICs (more granular control)
E - Primarily used in traditional/non-virtualized network environments
F - Detects or prevents intrusion attempts or malicious activities within the network traffic
A - Provides firewall-like capabilities
B - Applies security rules at the subnet level (less granular control)
C - Used for controlling inbound and outbound traffic in cloud computing environments
NSL - Less Granular - Rules at Subnet Level
Which of the statements listed below describe the functions of a cloud gateway using NAT?
(Select 3 answers)
A - Enables instances within a VPC to access external networks
B - Translates private IP addresses to a public IP address
C - Restricts inbound connections from external networks
D - Translates public IP addresses to a private IP address
E - Enables inbound connections from external networks
F - Prevents instances within a VPC from accessing external networks
A - Enables instances within a VPC to access external networks
B - Translates private IP addresses to a public IP address
C - Restricts inbound connections from external networks
Which of the terms listed below refers to the automatic and dynamic adjustment of resources based on real-time demand changes?
A - Rapid elasticity
B - Adaptive computing
C - Load balancing
D - Resource pooling
A - Rapid elasticity
Telnet: (Select 3 answers)
A - Encrypts network connection
B - Provides username & password authentication
C - Transmits data in an unencrypted form
D - Does not provide authentication
E - Enables remote login and command execution
B - Provides username & password authentication
C - Transmits data in an unencrypted form ( Your answer)
E - Enables remote login and command execution ( Your answer)
Which port enables the FTP data connection for transferring file data?
UDP port 20
TCP port 20
UDP port 21
TCP port 21
TCP port 20
The FTP control connection to administer a session is established through:
TCP port 20
UDP port 20
TCP port 21
UDP port 21
TCP port 21
An SNMP agent receives requests on UDP port:
160
161
162
163
161
An SNMP management station receives SNMP notifications from agents on UDP port:
160
161
162
163
162
TCP port 389 is the default network port for:
RDP
LDAP
SMB
LDAPS
LDAP
TCP port 445 is assigned to:
HTTPS
SMB
IMAP
LDAPS
SMB
The Syslog protocol runs on UDP port:
445
514
587
636
514
Which TCP port is used by the SMTP protocol for secure email transmission over TLS?
445
514
587
636
587
A network administrator wants to secure the existing access to a directory service with SSL/TLS encryption. Which of the TCP ports listed below needs to be opened to implement this change?
587
389
636
514
636
Which of the following services runs on TCP port 1433?
SMTPS
SIP
IMAPS
SQL Server
SQL Server
Which of the TCP/UDP ports listed below is used for non-encrypted SIP traffic?
6051
5060
6050
5061
5060
Which TCP port is used by SIP over TLS?
5061
6050
5060
6051
5061
Which of the following protocols is used by network devices to send error messages and operational information, enabling administrators to diagnose and troubleshoot issues with IP packet delivery?
CCMP
RSTP
ICMP
SNMP
ICMP
The IEEE 802.3 is a collection of standards for:
Token ring LANs
Wired Ethernet
Cable modems
Wireless Ethernet
Wired Ethernet
Which of the answers listed below refer(s) to the IEEE 802.11g standard? (Select all that apply)
2.4 GHz frequency band
Maximum speed: 11 Mbps
5 GHz frequency band
Maximum speed: 54 Mbps
6 GHz frequency band
Maximum speed: 600 Mbps
2.4 GHz frequency band
Maximum speed: 54 Mbps
Which of the following answers refer(s) to the IEEE 802.11n standard? (Select all that apply)
Wi-Fi 4
2.4 GHz frequency band
Maximum speed of up to 54 Mbps
Wi-Fi 5
5 GHz frequency band
Maximum speed of up to 600 Mbps
Wi-Fi 6
6 GHz frequency band
Maximum speed: 6.9 Gbps
Wi-Fi 4
2.4 GHz frequency band
5 GHz frequency band
Maximum speed of up to 600 Mbps
Which of the answers listed below refer(s) to Wi-Fi 5? (Select all that apply)
IEEE 802.11n standard
2.4 GHz frequency band
Maximum speed: 600 Mbps
IEEE 802.11ac standard
5 GHz frequency band
Maximum speed: 6.9 Gbps
IEEE 802.11ax standard
6 GHz frequency band
Maximum speed: 9.6 Gbps
IEEE 802.11ac standard
5 GHz frequency band
Maximum speed: 6.9 Gbps
Which of the following answers refer(s) to Wi-Fi 6? (Select all that apply)
IEEE 802.11n standard
2.4 GHz frequency band
Maximum speed: 600 Mbps
IEEE 802.11ac standard
5 GHz frequency band
Maximum speed: 6.9 Gbps
IEEE 802.11ax standard
6 GHz frequency band
Maximum speed: 9.6 Gbps
2.4 GHz frequency band
5 GHz frequency band
IEEE 802.11ax standard
Maximum speed: 9.6 Gbps
Which of the answers listed below refer to Wi-Fi 6E? (Select 2 answers)
IEEE 802.11n standard
Maximum speed: 600 Mbps
IEEE 802.11ac standard
Maximum speed: 6.9 Gbps
IEEE 802.11ax standard
Maximum speed: 9.6 Gbps
IEEE 802.11ax standard
Maximum speed: 9.6 Gbps
Which of the names listed below refers to 10-gigabit Ethernet over twinaxial cable?
10GBASE-LR
10GBASE-T
10GBASE-SR
10GBASE-CR
10GBASE-CR
Which of the following answers refer to short-range Ethernet over multimode fiber? (Select 2 answers)
10GBASE-CR
1000BASE-LX
10GBASE-SR
1000BASE-SX
10GBASE-LR
10GBASE-SR
1000BASE-SX
Which of the answers listed below refer to long-range Ethernet over single-mode fiber? (Select 2 answers)
10GBASE-LR
1000BASE-SX
10GBASE-CR
1000BASE-LX
10GBASE-SR
10GBASE-LR
1000BASE-LX
Which of the following answers accurately describe(s) DAC cable? (Select all that apply)
Long-distance cable runs
A cabling type commonly used in data centers
Low-speed connections
Commonly implemented using twinaxial cabling
Short-range cable runs
General-purpose network cabling
High-speed connections
A cabling type commonly used in data centers
Commonly implemented using twinaxial cabling
Short-range cable runs
High-speed connections
Which of the following answers refer(s) to the characteristics of Category 8 (Cat 8) cabling? (Select all that apply)
A - Long-distance, high-speed links
B - 25GBASE-T
C - Optimized for data center equipment
D - 40GBASE-T
E - Short-distance (approx. 30 meters), high-speed links
F - 100GBASE-T
G - General-purpose network cabling
B - 25GBASE-T
C - Optimized for data center equipment
D - 40GBASE-T
E - Short-distance (approx. 30 meters), high-speed links
What are the speed/distance limitations of twinaxial cabling?
(3 speed/distance pairs)
10 Gbps at a distance of up to 10 meters
40 Gbps at a distance of up to 7 meters
100 Gbps at a distance of up to 5 meters
Which of the answers listed below refers to a two-layer, full-mesh topology commonly used in data centers?
Spine and leaf
Client-server
Point-to-multipoint
Collapsed core
Spine and leaf
Which of the answers listed below refer to the distribution layer of the three-tier hierarchical model? (Select 2 answers)
A - Acts as an intermediary between the core and access layers
B - Provides direct connectivity to end devices
C - Handles high-speed traffic between different parts of the network
D - Manages physical connections and cabling
E - Provides routing, filtering, and traffic management functions
A - Acts as an intermediary between the core and access layers
E - Provides routing, filtering, and traffic management functions
Which of the following acronyms refers to a cybersecurity framework that combines networking and security functions into a single cloud-based service?
SASE
SWG
SSE
SD-WAN
SASE
Secure Access Service Edge
Which of the answers listed below refers to a framework focused exclusively on delivering cloud-based security services?
SASE
SSE
SOAR
SIEM
SSE
Security Service Edge
Which of the following answers lists the broadcast address for the
192.168.50.155/20 network?
192.168.31.255
192.168.47.255
192.168.63.255
192.168.79.255
192.168.63.255
Which VXLAN feature enables the creation of a single, unified network that spans multiple locations?
Frame tagging
Layer 2 encapsulation
IP tunneling
Zero-touch provisioning
Layer 2 encapsulation
Which of the answers listed below refers to IaC templates?
A - Step-by-step instructions for automating processes such as deployments, configurations, or updates
B - A set of user roles and permissions used to enforce access control and security policies
C - Scripts used to automate repetitive system administration tasks and functions
D - Dynamic content or configurations, which can be filled in with specific values at runtime
D - Dynamic content or configurations, which can be filled in with specific values at runtime
Which of the answers listed below does not describe the characteristics of a distance-vector protocol?
A - Routes are determined based on the shortest distance, typically measured in hops
B - Simple setup, slower convergence time
C - Routers periodically share their routing tables with immediate neighbors to maintain up-to-date route information
D - Each router maintains a complete map of the network topology
D - Each router maintains a complete map of the network topology
A type of VLAN used to handle untagged frames on a trunk port is known as:
Default VLAN
Trunk VLAN
Data VLAN
Native VLAN
Native VLAN
Which of the following wireless security protocols uses a pre-shared key for authentication and encryption?
802.1X
WPA3-SAE
TKIP
WPA2-Enterprise
None of the above
None of the above
Which of the acronyms listed below refers to a cable rack type that interconnects wiring between the MDF and end devices within a specific area or floor?
DCI
PDU
DTE
IDF
IDF
Intermediate Distribution Frame
Which of the following answers refers to a framework for managing access control to digital resources?
PAM
SSO
IAM
MFA
IAM
Identity Access Management
Which of the following terms refers to a broad category of control and automation systems used in industrial settings to monitor and control physical processes and machinery?
ICS
SCADA
OT
IIoT
ICS
Industrial Control System
Which of the acronyms listed below refers to a technology that encompasses all hardware and software systems used for monitoring and controlling physical devices, processes, and industrial operations?
IIoT
OT
SCADA
ICS
OT
Operational Technology
A network security technique that controls access to specific websites or categories of websites by blocking or allowing access based on the website address is known as:
Domain blacklisting
URL filtering
Web address exclusion
Content filtering
URL filtering
Which of the answers listed below refers to a network security technique that involves inspecting data streams for specific criteria, such as keywords, file types, or patterns that could indicate inappropriate, harmful, or malicious content?
Packet filtering
Stateful inspection
Content filtering
Malware inspection
Content filtering
Which of the following answers refers to a network security solution providing a single point of protection against various types of threats?
IDP
AV
UTM
NGFW
UTM
Unified Threat Management
Which of the following answers refers to a switch port that has the lowest path cost to the root bridge on a particular network segment?
Default port
Priority port
Designated port
Active port
Designated port
Which of the following answers refers to a vendor-neutral protocol used for network devices to advertise their identity, capabilities, and neighbors on a LAN?
LACP
Syslog
LLDP
SNMP
LLDP
Link Layer Discovery Protocol
Which of the answers listed below refers to a Cisco-proprietary network protocol used by Cisco devices to share information about directly connected devices, such as device identity, capabilities, and IP address information?
LLDP
NDP
CDP
LACP
CDP
Cisco Discovery Protocol
Which command on a router or switch would be used to display the mapping between IP addresses and MAC addresses?
show interface
show config
show arp
show mac-address-table
show arp
Which of the commands listed below would be useful for diagnosing and troubleshooting issues on devices with PoE capabilities?
show voltage
show power
show wattage
show load
show power
