Practice - Set A Flashcards
A company has decided to update their usage policy to allow employees to surf the web unrestricted from their work computers. Which of the following actions should the IT security team implement to help protect the network from attack as a result of this new policy?
A. Install host-based anti-malware software
B. Implement MAC filtering on all wireless access points
C. Add an implicit deny to the core router ACL
D. Block port 80 outbound on the company firewall
E. Require users to utilize two-factor authentication
A
To protect the computers from employees installing malicious software they download on the internet, antimalware should be run on all systems.
After a single machine in a company is compromised and is running malicious software (malware), the attacker can then use that single computer to proceed further into the internal network using the compromised host as a pivot point. The malware may have been implemented by an outside attacker or by an inside disgruntled employee.
An administrator notices an unused cable behind a cabinet that is terminated with a DB-9 connector. Which of the following protocols was MOST likely used on this cable?
A. RS-232
B. 802.3
C. ATM
D. Token ring
A
A DB-9 connector is used on serial cables. Serial cables use the RS-232 protocol which defines the functions of the 9 pins in a DB-9 connector. The RS-232 standard was around long before computers. It’s rare to see a new computer nowadays with a serial port but they were commonly used for connecting external analog modems, keyboards and mice to computers.
A network technician has created a network consisting of an external internet connection, a DMZ, an internal private network, and an administrative network. All routers and switches should be configured to accept SSH connections from which of the following network segments?
A. The internal network since it is private
B. The admin private network allowing only admin access
C. The DMZ only allowing access from the segment with the servers
D. The internet connection to allow admin access from anywhere
B
During a check of the security control measures of the company network assets, a network administrator is explaining the difference between the security controls at the company. Which of the following would be identified as physical security controls? (Select THREE).
A. RSA
B. Passwords
C. Man traps
D. Biometrics
E. Cipher locks
F. VLANs
G. 3DES
CDE
Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.
C: A mantrap is a mechanical physical security devices for catching poachers and trespassers. They have taken many forms, the most usual being like a large foothold trap, the steel springs being armed with teeth which met in the victim’s leg.
D: Biometric authentication is a type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. Biometric authentication is a physical security device.
E: Cipher locks are used to control access to areas such as airport control towers, computer rooms, corporate offices, embassies, areas within financial institutions, research and development laboratories, and storage areas holding weapons, controlled substances, etc. Cipher locks are physical security devices.
A customer is attempting to download a file from a remote FTP server, but receives an error that a connection cannot be opened. Which of the following should be one FIRST to resolve the problem?
A. Ensure that port 20 is open
B. Ensure that port 161 is open
C. Flush the DNS cache on the local workstation
D. Validate the security certificate from the host
A
While monitoring the network, a technician notices that the network traffic to one of the servers is extremely high. Which of the following should the technician use to verify if this is a concern?
A. Log management
B. Network diagram
C. Network baseline
D. Real time monitor
C
Which of the following integrity security mechanisms ensures that a sent message has been received intact, by the intended receiver?
A. IPSEC
B. SHA
C. DES
D. CRC
A
A device operating at Layer 3 of the OSI model uses which of the following protocols to determine the path to a different network?
A. STP
B. RTP
C. RIP
D. NTP
E. SIP
C
A technician needs to install a server to authenticate remote users before they have access to corporate network resources when working from home. Which of the following servers should the technician implement?
A. DNSSEC
B. PPP
C. RAS
D. VLAN
E. NAT
C
A client is concerned about a hacker compromising a network in order to gain access to confidential research data. Which of the following could be implemented to redirect any attackers on the network?
A. DMZ
B. Content Filter
C. Botnet
D. Honeypot
D
A technician just completed a new external website and setup access rules in the firewall. After some testing, only users outside the internal network can reach the site. The website responds to a ping from the internal network and resolves the proper public address. Which of the following could the technician do to fix this issue while causing internal users to route to the website using an internal address?
A. Configure NAT on the firewall
B. Implement a split horizon DNS
C. Place the server in the DMZ
D. Adjust the proper internal ACL
B
Split horizon DNS (also known as Split Brain DNS) is a mechanism for DNS servers to supply different DNS query results depending on the source of the request. This can be done by hardware-based separation but is most commonly done in software.
In this question, we want external users to be able to access the website by using a public IP address. To do this, we would have an external facing DNS server hosting a DNS zone for the website domain. For the internal users, we would have an internal facing DNS server hosting a DNS zone for the website domain. The external DNS zone will resolve the website URL to an external public IP address. The internal DNS server will resolve the website URL to an internal private IP address.
Users are reporting extreme slowness across the network every Friday. Which of the following should the network technician review first to narrow down the root cause of the problem?
A. Baseline
B. Bottleneck
C. Utilization
D. Link status
C
A company has contracted with an outside vendor to perform a service that will provide hardware, software, and procedures in case of a catastrophic failure of the primary datacenter. The Chief Information Officer (CIO) is concerned because this contract does not include a long-term strategy for extended outages. Which of the following should the CIO complete?
A. Disaster recovery plan
B. Business continuity plan
C. Service level agreement
D. First responder training
B
The RAID controller on a server failed and was replaced with a different brand. Which of the following will be needed after the server has been rebuilt and joined to the domain?
A. Vendor documentation
B. Recent backups
C. Physical IP address
D. Physical network diagram
B
If the RAID controller fails and is replaced with a RAID controller with a different brand the RAID will break. We would have to rebuild a new RAID disk, access and restore the most recent backup to the new RAID disk.
Note: RAID controller is a hardware device or software program used to manage hard disk drives (HDDs) or solid-state drives (SSDs) in a computer or storage array so they work as a logical unit. In hardware-based RAID, a physical controller is used to manage the RAID array.
A network technician is troubleshooting a problem at a remote site. It has been determined that the connection from router A to router B is down. The technician at the remote site re-terminates the CAT5 cable that connects the two routers as a straight through cable. The cable is then tested and is plugged into the correct interface. Which of the following would be the result of this action?
A. The normal amount of errors and the connection problem has been resolved.
B. The interface status will indicate that the port is administratively down.
C. The traffic will flow, but with excessive errors.
D. The interface status will show line protocol down.
D
Devices of different types are connected with a straight through cable (patch cable). In this case, it is used to connect two devices of the same type. It is for this reason that the interface will display the line protocol down status.
Multiple students within a networking lab are required to simultaneously access a single switch remotely. The administrator checks and confirms that the switch can be accessed using the console, but currently only one student can log in at a time. Which of the following should be done to correct this issue?
A. Increase installed memory and install a larger flash module.
B. Increase the number of VLANs configured on the switch.
C. Decrease the number of VLANs configured on the switch.
D. Increase the number of virtual terminals available.
D
You can set a limit of how many virtual terminals that can simultaneously be connected to a switch. Here the limit is set to one, and we should increase it. For a Cisco network device:
You can use virtual terminal lines to connect to your Cisco NX-OS device, for example a switch. Secure Shell (SSH) and Telnet create virtual terminal sessions. You can configure an inactive session timeout and a maximum sessions limit for virtual terminals.
session-limit sessions Example:
switch(config-line)# session-limit 10
Configures the maximum number of virtual sessions for the Cisco NX-OS device. The range is from 1 to 64.
Which of the following devices implements CSMA/CA virtually through the RTS/CTS protocols?
A. Firewall
B. Router
C. 802.11 AP
D. Switch
C
802.11 AP is a Wireless Access Point used in a wireless network.
If two computers on a network send data frames at the same time, a collision between the frames can occur. The frames are then discarded and the sending computers will attempt to send the data again.
Carrier sense multiple access with collision avoidance (CSMA/CA) is a protocol used in wireless networks where computers connected to the wireless network attempt to avoid collisions by transmitting data only when the channel is sensed to be “idle”. Carrier Sense Multiple Access/Collision Detect (CSMA/CD) is unreliable in wireless networks because computers connected to the wireless network often cannot see each other so CSMA/CA is a better option for avoiding collisions.
Request to Send/Clear to Send (RTS/CTS) can also be used to mediate access to the wireless network. This goes some way to alleviating the problem of computers not being able to see each other because in a wireless network, the Wireless Access Point only issues a “Clear to Send” to one node at a time.
With RTS/CTS, a Request to Send (RTS) packet is sent by the sending computer, and a Clear to Send (CTS) packet is sent by the intended receiver. This will alert all computers within range of the sender, receiver or both, to not transmit for the duration of the transmission. This is known as the IEEE 802.11 RTS/CTS exchange.
A network technician wants to allow HTTP traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACL should the technician configure? (Select TWO)
A. PERMIT SRCIP 192.168.0.0/24 SPORT:80 DSTIP:192.168.0.0/24 DPORT:80
B. PERMIT SRCIP 192.168.0.0/24 SPORT:ANY DSTIP:ANY DPORT 80
C. PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT ANY
D. PERMIT SRCIP: ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT:80
E. PERMIT SRCIP:192.168.0.0/24 SPORT:80 DSTIP:ANY DPORT:80
B
A technician is troubleshooting a point-to-point fiber-optic connection. The technician is at a remote site and has no connectivity to the main site. The technician confirms the switch and the send-and-receive light levels are within acceptable range. Both fiber SFPs are confirmed as working. Which of the following should the technician use to reveal the location of the fault?
A. OTDR
B. Light meter
C. Tone generator
D. CSU/DSU
A
Which of the following ports is used to provide secure sessions over the web by default?
A. 22
B. 25
C. 80
D. 5004
A
A technician has punched down only the middle two pins (pins 4 and 5) on an ethernet patch panel. The technician has cabled this port to be used with which of the following?
A. 10baseT
B. POTS
C. 568B
D. 568A
B
A technician is connecting a NAS device to an Ethernet network. Which of the following technologies will be used to encapsulate the frames?
A. HTTPS
B. Fibre channel
C. iSCSI
D. MS-CHAP
C
A NAS or a SAN will use either iSCSI or Fiber Channel. In this question, the NAS is connected to an Ethernet network. Therefore, iSCSI will most likely be used (Fiber Channel over Ethernet (FCoE) can be used but is less common). ISCSI means Internet SCSI. ISCSI uses TCP (Transmission Control Protocol) which enables it to be used over TCP/IP networks such as Ethernet.
For Fiber channel, a separate Fiber Channel network would be required unless FCoE is used.
Peter, a network technician, is setting up a DHCP server on a LAN segment. Which of the following options should Peter configure in the DHCP scope, in order to allow hosts on that LAN segment using dynamic IP addresses, to be able to access the Internet and internal company servers? (Select THREE).
A. Default gateway
B. Subnet mask
C. Reservations
D. TFTP server
E. Lease expiration time of 1 day
F. DNS servers
G. Bootp
ABF
The question states that the client computers need to access the Internet as well as internal company servers. To access the Internet, the client computers need to be configured with an IP address with a subnet mask (answer B) and the address of the router that connects the company network to the Internet. This is known as the ‘default gateway’ (answer A).
To be able to resolve web page URLs to web server IP addresses, the client computers need to be configured with the address of a DNS server (answer F).
Which of the following PDUs is used by a connectionless protocol?
A. Frames
B. Segments
C. Streams
D. Datagram
D
A contractor is setting up and configuring conference rooms for a convention. The contractor sets up each room in the conference center to allow wired Internet access going to individual tables. The contractor measured the distance between the hotel’s patch panel to the jack, and the distance is within Cat 5e specifications. The contractor is concerned that the room will be out of specification if cables are run in each room from the wall jacks. Which of the following actions should the contractor take to ensure the cable runs meet specifications and the network functions properly?
A. Place a switch at the hotel’s patch panel for connecting each room’s cables
B. Place a switch on each table to ensure strong connectivity
C. Place repeaters between the patch panel and the rooms
D. place a switch at the wall jack and run the cables in the room from there
A
A technician installs a new piece of hardware and now needs to add the device to the network management tool database. However, when adding the device to the tool using SNMP credentials, the tool cannot successfully interpret the results. Which of the following would need to be added to the network management tool to allow it to interpret the new device and control it using SNMP?
A. TRAP
B. GET
C. MIB
D. WALK
C
A client reports that half of the office is unable to access a shared resource. Which of the following should be used to troubleshoot the issue?
A. Data backups
B. Network diagrams
C. Baseline information
D. Vendor documentation
B
A network technician is troubleshooting a network connection error, when pinging the default gateway no reply is received. The default gateway is found to be functioning properly but cannot connect to any workstations. At which of the following OSI layers could the problem exist? (Select TWO)
A. Presentation
B. Transport
C. Session
D. Data link
E. Application
F. Physical
DF
A network engineer is dispatched to an employee office to troubleshoot an issue with the employee’s laptop. The employee is unable to connect to local and remote resources. The network engineer flips the laptop’s wireless switch on to resolve the issue. At which of the following layers of the OSI model was the issue resolved?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
E. Layer 7
A
The bottom layer of the OSI reference model is Layer 1, the physical layer.
The physical layer is the layer that defines the hardware elements of a network. These elements include:
Network Interface Cards
Network topology Network cabling
The type of signals used for data transmissions
In this question, the network engineer flipped the laptop’s wireless switch on to resolve the issue. The laptop was unable to connect to the wireless network because the wireless network interface card was switched off. Switching the wireless network interface card on enabled the laptop to connect to the wireless network. The wireless network interface card is a physical layer device.
Which of the following protocols is used to encapsulate other network layer protocols such as multicast and IPX over WAN connections?
A. MPLS
B. ESP
C. GRE
D. PPP
C
A network technician has received comments from several users that cannot reach a particular website. Which of the following commands would provide the BEST information about the path taken across the network to this website?
A. ping
B. netstat
C. telnet
D. tracert
D
The tracert command is used to determine the amount of hops a packet takes to reach a destination. It makes use of ICMP echo packets to report information at
every step in the journey. This is how the path taken across the network is obtained.
A user is unable to connect to a server in another building. A technician is troubleshooting the issue and determines the following:
1) Client PC 1 has an IP address if 192.168.10.25/25
2) PC 1 can successfully ping its gateway of 192.168.10.1/25 which is an interface of router A
3) Server A is named ‘BLDGBFILESRVR01’ and has an IP address of 192.168.10.145/25
4) PC 2 with an IP address of 192.168.10.200/25 can successfully ping server A
However, when PC 1 pings server A, it receives a destination host unreachable responds. Which of the following is the MOST likely cause?
A. Link from router A to PC 1 are on different subnets
B. Link from router A to server A is down
C. Link from PC 1 to router A has duplex issues
D. Link from server A top PC 2 is down
B
PC 1 cannot connect to Server A. PC 1 and Server A are on different subnets that are connected by Router A. PC 1 can connect to Router A; therefore there is no problem with the link or IP address configuration between PC 1 and Router A.
PC 2, which is on the same subnet as Server A, can connect to Server A; therefore Server A is up.
As PC 1 can connect to Router A but cannot connect to Server A, and Server A is up; the problem must be the connection (link) between Router A and Server A.
A technician logs onto a system using Telnet because SSH is unavailable. SSH is enabled on the target device, and access is allowed from all subnets. The technician discovers a critical step was missed. Which of the following would allow SSH to function properly?
A. Perform file hashing
B. Generate new keys
C. Update firmware
D. Change default credentials
B
A network technician was tasked to install a network printer and share it to a group of five human resource employees. The technician plugged the device into a LAN jack, but was unable to obtain an IP address automatically. Which of the following is the cause of the problem?
A. DNS
B. Wrong TCP port
C. Split horizon
D. DHCP scope
D
Which of the following devices should a network administrator configure on the outermost part of the network?
A. Media converter
B. Switch
C. Modem
D. Firewall
D
A company has seen an increase in ransomware across the enterprise. Which of the following should be implemented to reduce the occurrences?
A. ARP inspection
B. Intrusion detection system
C. Web content filtering
D. Port filtering
C
Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
The best way to avoid ransomware include proactive measures like the following: Don’t click on any URL or open an attachment you are not expecting.
Implement an email content filtering service Install a web content filtering service
Invest in leading end point security software solutions
Jane, a network technician, has just installed a fiber switch in a datacenter. To run the fiber cabling, Jane plans the cable route over the top of the rack using the cable trays, down to the switch, coiling up any excess cable. As Jane configures the switch, she notices several messages in the logging buffer stating the receive signal of the SFP is too weak. Which of the following is MOST likely the cause of the errors in the logging buffer?
A. Bend radius exceeded
B. Fiber cable mismatch
C. Fiber type mismatch
D. Bad fiber switch
A
A technician add memory to a router, but that memory is never recognized by the router. The router is then powered down, and the technician relocates all of the memory to different modules. On startup, the router does not boot and displays memory errors. Which of the following is MOST likely the cause?
A. VTP
B. Driver update
C. ESD
D. Halon particles
B
When a client calls and describes a problem with a computer not being able to reach the Internet, in which of the following places of the OSI model would a technician begin troubleshooting?
A. Transport layer
B. Physical layer
C. Network layer
D. Session layer
B
The bottom layer of the OSI reference model is Layer 1, the physical layer.
The physical layer is the layer that defines the hardware elements of a network. These elements include:
Network Interface Cards Network topology Network cabling
The type of signals used for data transmissions
When troubleshooting a network connectivity issue, the first thing you would check is the computer’s network cabling, the network card etc. In other words, the computer’s physical connection to the network.
Jane, a network technician, was asked to remove a virus. Issues were found several levels deep within the directory structure. To ensure the virus has not infected the .mp4 files in the directory, she views one of the files and believes it contains illegal material. Which of the following forensics actions should Jane perform?
A. Erase the files created by the virus
B. Stop and escalate to the proper authorities
C. Check the remaining directories for more .mp4 files
D. Copy the information to a network drive to preserve the evidence
B
Computer forensics is about legal evidence found in computers and digital storage.
A plan should include first responders securing the area and then escalating to senior management and authorities when required by policy or law.