Practice Test 1 Flashcards

Question 1

Q

Which of the following backup job types reset the archive bits of the files they back up?
Full
Incremental
Differential
Supplemental

Answer

A

A and B. Incremental and differential backup jobs both use the archive bit to determine which files have changed since the previous backup job. The files that have changed are the ones that need to be backed up. The primary difference between an incremental and a differential job is that incremental backups reset the archive bit so that unchanged files are not backed up in subsequent incremental jobs. Differential backups do not reset the archive bit. Full backups do not use the archive bit to select targets because they back up all the files. A full backup does reset the archive bit after the job is completed. There is no such thing as a supplemental backup job.

Question 2

Q

You are a new hire at Adatum Corp., and this is your first day on the job. You are setting up your workstation, but you are unsure whether you are permitted to install your favorite software on the company’s computer. The Human Resources server has a large library of employee documents. Which of the following is a document that you might want to consult to determine whether personal software is allowed?
SLA
AUP
NDA
BYOD

Answer

A

B. An acceptable use policy (AUP) specifies whether and how employees can use company-owned hardware and software resources. AUPs typically specify what personal work employees can perform while on the job, what hardware and software they can install, and what levels of privacy they are permitted when using company equipment. This is the document that will most likely include the information you seek. A service level agreement (SLA) is a contract between a provider and a subscriber. A nondisclosure agreement (NDA) specifies what company information employees are permitted to discuss outside the company. Bring Your Own Device (BYOD) is a policy that specifies how employees can connect their personal devices to the company network.

Question 3

Q

You are working the help desk when a user calls and reports that she is unable to connect to the Internet. Which of the following steps would you be least likely to perform first when troubleshooting the problem?
Check the configuration of the router connecting the LAN to the Internet.
Ask the user if she can access resources on the local network.
Check to see if anyone else is experiencing the same problem.
Check the user’s job title to see if she is an important person in the company.

Answer

A

A. There are many possible causes for the problem that are more likely than a router configuration error, so this is not something you should check first. Asking if the user can access the local network attempts to isolate the problem. If she cannot, the problem could be in her computer; if she can, then the problem lies somewhere in the Internet access infrastructure. If other users are experiencing the problem, then the issue should receive a higher priority, and you will know for sure that the problem does not lie in the user’s computer. While the user’s job title might not be the first thing you check, it is a political reality that higher ranking users get preferential treatment.

Question 4

Q

Which of the following is not a means of preventing unauthorized individuals from entering a sensitive location, such as a datacenter?
Key fobs
Motion detection
Biometric scans
Identification badges

Answer

A

B. Biometric scans, identification badges, and key fobs are all mechanisms that are designed to distinguish authorized from unauthorized personnel. Motion detection cannot make this distinction and is therefore not a means of preventing unauthorized access.

Question 5

Q

You are an IT consultant who has been contracted to install new computers on a client’s Gigabit Ethernet network. You want the performance of the new computers to be as good as it can be, so you configure their network adapters to run at the full speed of 1 Gbps and to use full-duplex communication. You test the computers after installing them, and they function well. However, once the computers are in service, you begin getting complaints from the client of extremely poor network performance on the new machines. You return to the site that evening and run some ping tests, but you do not detect any problem. You call in a colleague to perform a packet analysis, and she detects large numbers of packet collisions, late collisions, cyclical redundancy check (CRC) errors, and runt frames. Which of the following could be the cause of the problem?
Damaged cables
TX/RX reversal
Duplex mismatch
Incorrect cable type

Answer

A

C. The problem is most likely the result of a duplex mismatch. There should be no collisions at all on a full-duplex network, so the problem is clearly related to the duplexing of the communications. A twisted pair Ethernet adapter, running in its original half-duplex mode, detects collisions by looking for data on both the transmit and receive pins at the same time. In full-duplex mode, however, data is supposed to be transmitted and received at the same time. When one side of a connection is configured to use full duplex, as the new computers are, and the other end is configured to use half duplex (as the network switches must be), the full-duplex communications on the one side look like collisions to the half-duplex side. The half-duplex adapter transmits a jam signal as a result of each collision, which causes the full-duplex side to receive an incomplete frame. Both sides then start to retransmit frames in a continuing cycle, causing network performance to diminish alarmingly. The ping tests do not detect a problem because ping transmits only a small amount of data in one direction at a time. All of the other options would likely cause the ping tests to fail. The solution to the problem is to configure the new computers to autonegotiate their speed and duplex modes.

Question 6

Q

Which of the following is a wireless topology that does not require the use of an access point?
Star
Ad hoc
Bus
Infrastructure

Answer

A

B. An ad hoc topology is one in which wireless computers communicate directly with one another without the need for an access point. A wireless access point is a device with a wireless transceiver that also connects to a standard cabled network. Wireless computers communicate with the access point, which forwards their transmissions over the network cable. This is called an infrastructure topology. Star and bus topologies are not used by wireless networks; they require the computers to be physically connected to the network cable.

Question 7

Q

You want to create a network in which computers from different departments are assigned to separate virtual local area networks (VLANs). You also want to be able to forward traffic between the VLANs so that each computer is capable of accessing any other computer. Which of the following will enable you to perform all these functions with a single device?
Load balancer
Virtual router
Multilayer switch
Broadband router

Answer

A

C. A multilayer switch is a network connectivity device that functions at both layer 2 and layer 3 of the Open Systems Interconnection (OSI) model. At layer 2, the data link layer, the device functions like a normal switch, providing an individual collision domain to each connected node and enabling you to create multiple VLANs. At layer 3, the network layer, the device also provides routing capabilities by forwarding packets between the VLANs. Virtual routers, load balancers, and broadband routers are strictly layer 3 devices that can route traffic but cannot create VLANs.

Question 8

Q

Which of the following are standard terms used in data loss prevention to describe specific data states? (Choose all correct answers.)
Data-on-line
Data-at-rest
Data-in-motion
Data-in-use

Answer

A

B, C, and D.
Data-at-rest is a data loss prevention term that describes data that is currently in storage while not in use. Data-in-motion is the term used to describe network traffic. Data-in-use describes endpoint actions. Data-on-line is not one of the standard data loss prevention terms.

Question 9

Q

Temporal Key Integrity Protocol (TKIP) is an encryption protocol that was introduced in the IEEE 802.11 wireless network standards to replace another protocol that was found to be easily penetrated. Which of the following 802.11 wireless security protocols uses TKIP for encryption?
AES
WEP
WPA
WPA2

Answer

A

C. Wi-Fi Protected Access (WPA) is the wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP) protocol. WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP) that was more difficult to penetrate. However, over time TKIP too became vulnerable, and WPA2 was introduced, which replaced TKIP with the Advanced Encryption Standard protocol (CCMP-AES).

Question 10

Q

You have been asked by your supervisor in the IT department to test some newly installed cable runs. She hands you the tool shown in the following figure. What is the function of the tool and how do you use it?

Reprinted from CompTIA Network+ Study Guide: Exam N10-006, third edition, by Todd Lammle (Wiley, 2015)
When you place the tool at one end of a wire, it generates a tone that can be detected at the other end.
When you touch the end of the tool to a copper cable, you can detect and measure the electrical current flowing through it.
When you connect the tool to the end of a fiber-optic cable, you can measure the length of the cable run.
When you attach the tool to the end of a twisted pair cable, it tests for crosstalk and other performance characteristics.

Answer

A

A. The device shown in the figure is a tone generator and locator, which you can use to test twisted pair wiring and detect certain basic wiring faults. By connecting the tone generator to each wire in turn and locating the tone at the other end, you can determine whether each wire is attached to the appropriate pin in the connector. This tool is not capable of performing any of the tasks described in the other options.

Question 11

Q

A multifactor authentication system consists of at least two different identifying criteria, typically falling into two of the following categories: something you have, something you do, something you know, and something you are. Which of the following authentication factors is an example of something you have?
A password
A fingerprint
A smartcard
A finger gesture

Answer

A

C. The term something you have refers to a physical possession that identifies a user, such as a smartcard. This type of authentication is nearly always used as part of a multifactor authentication procedure because it is possible for a smartcard or other physical possession to be lost or stolen. A fingerprint would be considered something you are, a password something you know, and a finger gesture something you do.

Question 12

Q

Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages. Used on wireless networks and point-to-point connections, EAP supports dozens of different authentication methods. Which of the following EAP variants use tunneling to provide security for the authentication process? (Choose all correct answers.)
EAP-FAST
EAP-PSK
EAP-TLS
PEAP

Answer

A

A and D. Protected Extended Authentication Protocol (PEAP) encapsulates EAP inside a tunnel created by the Transport Layer Security (TLS) protocol. Flexible Authentication via Secure Tunneling (FAST) also establishes a TLS tunnel to protect user credential transmissions. EAP-TLS uses TLS for encryption, but not for tunneling. EAP-PSK uses a preshared key to implement an authentication process that does not use encryption.

Question 13

Q

At a garage sale, you purchase some 802.11a wireless network adapter cards for desktop computers at a very low price. Your plan is to use them to expand your 802.11g home network. After installing one of the adapters in a computer, you attempt to connect to the network, but you can’t see the SSID in the list of available networks. You try installing a different adapter, thinking the first one might be broken, but the second one does not work either. What can you do to resolve the problem and connect the computer to your network?
Configure the access point to use the 5 GHz frequency.
Move the computer closer to the access point.
Manually enter the SSID in the computer’s wireless network client software.
Nothing. 802.11a equipment cannot connect to an 802.11g network.

Answer

A

D. Wireless LAN equipment built to the 802.11a standard can only use the 5 GHz frequency band. However, an 802.11g access point can only use the 2.4 GHz frequency band. Therefore, the network adapters cannot be made connect to your access point by any means.

Question 14

Q

Parity is a fault tolerance technique used by disk storage arrays in which an additional parity bit is stored for a specified number of data bits. By using the parity information, the storage subsystem can calculate the values of bits that have been lost due to a disk failure, enabling the system to re-create the lost data. Redundant array of independent disks (RAID) is a type of storage array that sometimes uses parity to provide fault tolerance. Which of the following RAID levels provide fault tolerance by using parity data? (Choose all correct answers.)
RAID 0
RAID 1
RAID 5
RAID 6
RAID 10

Answer

A

C and D. RAID is a technology for storing data on multiple hard disk drives, providing fault tolerance, increased performance, or both. The various RAID levels provide different levels of functionality and have different hardware requirements. RAID 5 and RAID 6 both combine disk striping with distributed storage of parity information. RAID 5 enables recovery from a single disk failure. RAID 6 uses redundant parity to enable recovery from a double disk failure. RAID 1 and RAID 10 both use disk mirroring to provide fault tolerance, which does not require parity data. RAID 0 uses data striping only (blocks written to each disk in turn), which does not provide any form of fault tolerance.

Question 15

Q

You are setting up an 802.11n wireless network using the 2.4 GHz frequency band. You plan to install three wireless access points. Which of the following channels should you use for your access points to avoid channel overlap that can result in interference? (Choose all correct answers.)
1
4
6
8
11

Answer

A

A, C, and E. The 2.4 GHz band used by wireless LANs (WLANs) consists of channels that are 20 (or 22) MHz wide. However, the channels are only 5 MHz apart, so it is possible for channel overlap to occur between the access points, which can result in interference. Channels 1, 6, and 11 are the only channels that are far enough apart from each other to avoid any overlap with the adjacent channels. Channels 4 and 8 are susceptible to overlap.

Question 16

Q

Your supervisor has asked you to increase the security of the servers on your network. Which of the following procedures can be considered to be server hardening techniques? (Choose all correct answers.)
Upgrading firmware
Disabling unnecessary services
Creating privileged user accounts
Disabling unused TCP and UDP ports

Answer

A

B, C, and D. Disabling services and ports that are not in use is a server hardening technique that reduces the attack surface of a server. Creating privileged user accounts that are only used for tasks that require those privileges reduces the chance that the administrative accounts will be compromised. These, therefore, are all forms of server hardening. Upgrading the UEFI or BIOS firmware on a server typically does not enhance its security, so it cannot be considered a form of server hardening.

Question 17

Q

You are working the IT help desk when a user calls to report that he cannot access the Internet, although he is able to connect to computers on the local network. At the user’s workstation, you run the ipconfig /all command and examine the output. Which of the options is the most likely explanation for the user’s problem, based on the following ipconfig results?

Windows IP Configuration

Host Name . . . . . . . . . . . . : Client12

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : PCIe Family Controller

Physical Address. . . . . . . . . : 60-EB-69-93-5E-E5

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::c955:c944:acdd:3fcb%2

IPv4 Address. . . . . . . . . . . : 192.168.23.234

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Monday, October 23, 2017 6:23:47 PM

Lease Expires . . . . . . . . . . : Saturday, November 18, 2017 9:49:24 PM

Default Gateway . . . . . . . . . : 192.168.216.99

DHCPv6 IAID . . . . . . . . . . . : 241232745

DHCPv6 Client DUID . . . . . . . : 00-01-00-01-18-10-22-0D-60-EB-69-93-5E-E5

DNS Servers . . . . . . . . . . . : 192.168.22.114

NetBIOS over Tcpip. . . . . . . . : Enabled

DHCP is not enabled.
The Subnet Mask setting is incorrect.
The Default Gateway setting is incorrect.
The DNS Servers setting is located on another network.

Answer

A

C. The Default Gateway setting should contain the address of a router on the workstation’s local network that provides access to other networks, such as the Internet. In this case, therefore, the Default Gateway address should be on the 192.168.23.0 network, but it contains an address on the 192.168.216.0 network, which is not local. Therefore, the user can only access systems on the 192.168.23.0/24 network. The Subnet Mask setting must be correct, or the user would not be able to access any other systems. Unlike the default gateway, the DNS server does not have to be on the workstation’s local network, so the address shown can be correct. DHCP does not have to be enabled for the computer to access the Internet.

Question 18

Q

Which of the following are typically examples of the Internet of Things (IoT)?
A television remote control
A key fob that unlocks your car
A smartphone home automation app
A remotely monitored cardiac pacemaker

Answer

A

C and D. A home automation app running on a smartphone and a remotely monitored cardiac pacemaker are both examples of IoT devices because they both have IP addresses and use the Internet to communicate with a controller or monitoring station. Key fobs that unlock cars and TV remote controls are typically short-range radio or infrared devices that do not use the Internet for their communications.

Question 19

Q

When an internal Windows user logs on to an Active Directory domain, which of the following protocols authenticates the user?
Kerberos
WPA2
RADIUS
EAP-TLS

Answer

A

A. Windows networks that use Active Directory Domain Services authenticate clients using the Kerberos protocol, in part because it never transmits passwords over the network, even in encrypted form. RADIUS is an authentication, authorization, and accounting service for remote users connecting to a network. Windows does not use it for internal clients. WPA2 is a security protocol used by wireless LANs. It is not used for AD DS authentication. EAP-TLS is a remote authentication protocol that AD DS networks do not use for internal clients.

Question 20

Q

You are installing an ADSL router for your company’s new branch office. The router has a switch module containing four Ethernet ports, all of which are assigned to the default VLAN1. When you plug a laptop into one of the Ethernet ports, you can access the Internet with no difficulties. You now need to connect the ADSL router to the company network so that the wireless access points on the network can provide users with Internet access through the ADSL router. However, when you plug the router into a network switch port that is assigned to VLAN4, the switch starts generating “Native VLAN mismatch detected” errors once every minute. Which of the following steps should be part of the solution you implement to stop the error messages from appearing? (Choose all correct answers.)
Create a VLAN1 on the network switch.
Configure the network switch port connected to the router to use VLAN1.
Create a VLAN4 on the ADSL router’s switch module.
Configure the router port connected to the network switch to use VLAN4.

Answer

A

C and D. The solution requires you to create a VLAN on the ADSL router that matches the VLAN the network switch port is using. Therefore, you should create a VLAN4 on the router’s switch module and assign an Ethernet port to it, which will be the port you use to connect the ADSL router to the network switch. There is no need to create a VLAN1 on the network switch, because all switches already have a default VLAN called VLAN1. Modifying the VLAN assignments on the network switch is not a good idea, because it might interfere with the existing VLAN strategy in place.

Question 21

Q

Which of the following steps will not help to prevent war driving attacks from compromising your wireless network? (Choose all correct answers.)
Configure your clients and access point to use WEP security.
Configure your clients and access point to use WPA2 security
Configure your access point not to broadcast its SSID.
Configure your access point to use a longer SSID.

Answer

A

A and D. Changing the length of the SSID will be no help in preventing a war driving attack. The SSID is just an identifier; its length has no effect on security. Wired Equivalent Privacy (WEP) is a security protocol that has been found to have serious weaknesses that are easily exploitable. It is not a satisfactory way to avoid attacks. On the other hand, configuring the access point not to broadcast its SSID will prevent a war driving attacker from seeing the network. Configuring your equipment to use Wi-Fi Protected Access II (WPA2) security will make it difficult for a war driver who detects your network to connect to it.

Question 22

Q

You have just created a new virtual machine using remote controls provided by a cloud service provider on the Internet. You then install Windows Server 2016 on the virtual machine and configure it to function as a web server. Which of the following cloud architectures are you using when you do this? (Choose all correct answers.)
IaaS
PaaS
SaaS
Public cloud
Private cloud
Hybrid cloud

Answer

A

A and D. Infrastructure as a Service (IaaS) provides consumers with processing, storage, and networking resources that they can use to install and run operating systems and other software of their choice. In the public cloud model, one organization functions as the provider, and another organization—in this case, you—consumes the services of the provider. Platform as a Service (PaaS) provides consumers with the ability to install applications of their choice on a server furnished by the provider. Software as a Service (SaaS) provides consumers with access to a specific application running on the provider’s servers, but the consumers have no control over the operating system, the servers, or the underlying resources. In a private cloud, the same organization that uses the cloud services is also the sole owner of the infrastructure that provides those services. A hybrid cloud is a combination of public and private infrastructure so that the consumer organization is only a partial owner of the infrastructure.

Question 23

Q

It is your first day working for a consultant that does network cable installations. Your new boss hands you a spool of Category 6 cable, a bag of little clear plastic components, and the tool shown in the following figure. He then tells you to “get started on fives and tens.” What is your new boss expecting you to do?
Image shows handy tool that has handle for grip attached to metal using screw or bolts. It has hole between metal for holding wire.
Reprinted from CompTIA Network+ Study Guide: Exam N10-006, third edition, by Todd Lammle (Wiley, 2015)
Pull cable runs
Attach keystone connectors
Install a patch panel
Create patch cables

Answer

A

D. The plier-like device is a crimper, which cable installers use to attach RJ45 connectors, like those in the bag, to lengths of bulk cable. This is the process of creating patch cables, which are used to connect computers to wall plates and patch panels to switches. Your boss is telling you to start making patch cables in five- and ten-foot lengths. You do not use a crimper to attach keystone connectors, and the boss has not given you the tools and components needed to pull cable runs or install a patch panel.

Question 24

Q

Which of the following well-known ports do you use to configure outgoing mail on a POP3 email client?
110
25
143
80

Answer

A

B. The default port for the Post Office Protocol (POP3) is 110, but that is used for incoming mail. The default port for the Simple Mail Transfer Protocol (SMTP), which is used for outgoing mail, is 25; 143 is the default port for the Internet Message Access Protocol (IMAP), a different email mailbox protocol that clients never use with POP3; and 80 is the default port for the Hypertext Transfer Protocol (HTTP), which is not used by email clients.

Question 25

Q

You are a consultant who has been hired to extend a network by a client that is still running thin Ethernet. Which of the following cable types will you have to bring with you to add thin Ethernet network segments?
RG-8
RG-58
RJ45
RJ11

Answer

A

B. The cable type used for Thin Ethernet segments is a coaxial cable called RG-58. RG-8 coaxial is used exclusively on Thick Ethernet segments. RJ45 is a type of connector used in twisted pair cabling for data networks. RJ11 is a connector type used in twisted pair cabling for telecommunications networks.

Question 26

Q

Which of the following are examples of a packet-switched network connection, as opposed to a circuit-switched network connection? (Choose all correct answers.)
Two wireless computers using an ad hoc topology
A landline voice telephone call
A smartphone connecting to a cellular tower
Computers connected by a wired LAN

Answer

A

A and D. Wireless computers in an ad hoc topology and computers connected to a wired LAN use packet switching. Their transmissions are divided into packets that are transmitted individually and then reassembled at the destination. A circuit switched network connection requires a dedicated physical connection between the communicating devices. In a landline telephone call, a dedicated circuit is established between the two callers, which remains in place for the entire duration of the call. A smartphone connection uses cell switching.

Question 27

Q

Which of the following protocols does IPsec use to provide data origin authentication by digitally signing packets before transmitting them over the network?
AH
SSL
ESP
RDP

Answer

A

A. Authentication Header (AH) is a protocol in the TCP/IP suite that provides digital integrity services, in the form of a digital signature, which ensures that an incoming packet actually originated from its stated source. Encapsulating Security Protocol (ESP) provides encryption services for IPsec. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. Remote Desktop Protocol (RDP) is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely.

Question 28

Q

You have constructed a network on which all of the computers are connected to a single switch. You then create virtual local area networks (VLANs) on the switch, corresponding to the company’s departments, and add the switch port for each user workstation and department server to the appropriate VLAN. Later, users report that while they can access their departmental servers and the workstations of other users in the same department, they cannot communicate with any of the other departments. What is the problem, and what must you do to correct it?
There is a faulty VLAN configuration on the switch. You must re-create all of the VLANs and configure each VLAN for routing.
VLANs are limited to data link layer communication only. To enable communication between the VLANs, you must install a router or a layer 3 switch on the network and configure it to route traffic between the VLANs.
The VLANs are using different data link layer protocols. You must configure the VLANs to use the same data link layer protocol in order for them to communicate with each other.
One of the VLANs is configured to filter all of the other VLAN traffic for security purposes. You must change the filter on this one VLAN.

Answer

A

B. VLANs are virtual layer 2 (data link layer) LANs defined within switches. As with physical LANs, only devices in the same VLAN can communicate with each other until a layer 3 device, such as a router or a layer 3 switch, is added to the network. Re-creating and reconfiguring the VLANs will not correct the problem. Traffic filters are usually implemented on routers, not switches. Once a router is in place, VLANs do not have to use the same data link protocol to communicate with each other.

Question 29

Q

The TCP/IP term socket consists of which of the following elements? (Choose all correct answers.)
Port number
MAC address
IP address
Subnet mask

Answer

A

A and C. The term for an IPv4 address and port number in combination, which identifies an application running on a specific host, is socket. A MAC address is an address hard-coded into a network adapter. It is not a TCP/IP element. A subnet mask is not needed to identify a host or an application running on it.

Question 30

Q

You are installing a cable modem to provide your home network with access to the Internet through your cable television provider. The cable modem is a multifunction device that the cable company says provides everything you need for a home network. Which of the following network functions does a home cable modem typically provide? (Choose all correct answers.)
DHCP server
Wireless access point
Broadband router
Ethernet switch
Proxy server
RADIUS server

Answer

A

A, B, C, and D. A cable modem must function as a broadband router to provide access to the cable provider’s network. Many cable modems are also wireless access points, enabling users to construct a LAN without a cable installation. Many cable modems have switched Ethernet ports for connections to wired devices, such as printers and computers. Most cable modems use DHCP to assign IP addresses to devices on the home network. Cable modems for home use typically do not function as proxy servers or Remote Authentication Dial-In User Service RADIUS servers, which are devices generally used on large networks.

Question 31

Q

Which of the following Domain Name System (DNS) resource records is not used for forward name resolution?
PTR
CNAME
AAAA
MX

Answer

A

A. Like A and AAAA records, which are used for forward name resolution, Pointer (PTR) records contain hostnames and IP addresses. However, PTR records are used only for reverse name resolution—that is, resolving IP addresses into hostnames. A Mail Exchange (MX) record specifies the mail server that the domain should use. Canonical name (CNAME) records specify aliases for a given hostname. An AAAA resource record maps a hostname to an IPv6 address for name resolution purposes. All of these records except PTR are used for forward name resolution.

Question 32

Q

Which of the following are tasks that can be performed by a protocol analyzer that could provide potential intruders with information about the network? (Choose all correct answers.)
A protocol analyzer can decrypt protected information in packets captured from the network.
A protocol analyzer can detect open ports on network systems and launch attacks against them.
A protocol analyzer can display the IP addresses of the systems on the network.
A protocol analyzer can display the application data in packets captured from the network.

Answer

A

C and D. Protocol analyzers capture packets from the network and interpret their contents, which can include displaying the application layer payload. Depending on the application, the payload can conceivably include confidential information, such as passwords. Protocol analyzers also display the IP addresses of the systems involved in packet transmissions. Although this in itself might not be a great security threat, intruders might use the IP address information to launch other types of attacks. Protocol analyzers cannot decrypt the protected information they find in captured packets. Vulnerability scanners detect open ports and launch attacks against them; protocol analyzers do not do this.

Question 33

Q

Which of the following services are provided by a RADIUS server? (Choose all correct answers.)
Attenuation
Authentication
Assistance
Authorization
Accounting

Answer

A

B, D, and E. A Remote Authentication Dial-In User Service (RADIUS) server, also known as an AAA server, provides authentication, authorization, and accounting services. Assistance and attenuation are not functions provided by RADIUS or AAA servers.

Question 34

Q

Some users are having a problem connecting to an application server on their local network. You go to their department and start to troubleshoot the problem by testing connectivity using the ping tool at one of the user workstations. You discover that you can ping the server successfully using its computer name, but pinging the computer’s fully qualified domain name (FQDN) fails. As a result of these tests, which of the following can you determine is the most likely source of the problem?
EMI
DHCP
DNS
ACL

Answer

A

C. Only Domain Name System (DNS) servers perform FQDN resolutions, so that is likely to be the source of the problem. It is possible to successfully ping a device on the local network using its computer name without the use of DNS. Dynamic Host Configuration Protocol (DHCP) cannot be the problem, or you would not be able to ping the server at all. Electromagnetic interference (EMI) would inhibit all network communication, and access control lists (ACLs) have no effect on ping tests.

Question 35

Q

You have been given the job of devising a plan to provide a 500-node private internetwork with access to the Internet. The primary objective of the project is to provide all of the network users with access to web and email services while keeping the client computers safe from unauthorized users on the Internet. There are two secondary objectives for the project: one is to provide a means of monitoring and regulating the users’ Internet activities, and the other is to avoid having to manually configure IP addresses on each one of the client computers. You submit a proposal that calls for the use of private IP addresses on the client computers and a series of proxy servers with public, registered IP addresses, which are connected to the Internet. Which of the following statements about your proposed Internet access solution is true?
The proposal satisfies the primary objective and both of the secondary objectives.
The proposal satisfies the primary objective and one of the secondary objectives.
The proposal satisfies the primary objective but neither of the secondary objectives.
The proposal fails to satisfy both the primary and secondary objectives.

Answer

A

B. Proxy servers provide network users with access to Internet services, and the unregistered IP addresses on the client computers protect them from unauthorized access by users on the Internet, which satisfies the primary objective. The proxy servers also make it possible for network administrators to monitor and regulate users’ access to the Internet, which satisfies one of the two secondary objectives. However, proxy servers are not capable of assigning IP addresses to the client computers, and the proposal makes no mention of a Dynamic Host Configuration Protocol (DHCP) server or any another automatic TCP/IP configuration mechanism. Therefore, the proposal does not satisfy the other secondary objective.

Question 36

Q

Which of the following cloud service models provides the consumer with the least amount of control over the cloud resources?
IaaS
PaaS
SaaS
IaaS, PaaS, and SaaS all provide the same degree of control.

Answer

A

C. Software as a Service (SaaS) provides the least amount of control. Consumers receive access to a specific application running on the provider’s servers, but they have no control over the operating system, the servers, or the underlying resources. The Infrastructure as a Service (IaaS) model provides the consumers with the most control, as the provider furnishes processing, storage, and networking resources that the consumer can use as needed. Platform as a Service (PaaS) provides consumers with the ability to install applications of their choice on a server furnished by the provider, but they have only limited control over the server and no control over the underlying resources.

Question 37

Q

The jumbo frame capability is associated with which networking protocol?
Ethernet
Internet Protocol (IP)
Point-to-Point Protocol (PPP)
Transmission Control Protocol (TCP)

Answer

A

A. Ethernet uses jumbo frames at the data link layer to transfer large amounts of data more efficiently. Ethernet typically restricts frame size to 1,500 bytes, but jumbo frames enable Ethernet systems to create frames up to 9,000 bytes. PPP does not support the use of jumbo frames. Frames are protocol data units associated only with the data link layer, so they do not apply to IP and TCP, which operate at the network and transport layers, respectively.

Question 38

Q

You are working your company’s IT help desk, where you are required to follow a specific troubleshooting protocol when handling calls from users. In which of the following troubleshooting steps would you create a trouble ticket?
Establish a theory of probable cause
Verify full system functionality and, if applicable, implement preventive measures
Identify the problem
Test the theory to determine cause
Document findings, actions, and outcomes
Implement the solution or escalate as necessary
Establish a plan of action to resolve the problem and identify potential effects

Answer

A

C. The first step in the troubleshooting protocol involves identifying the problem by questioning the user and creating a trouble ticket. You complete the other steps in the troubleshooting protocol after the trouble ticket has been prioritized.

Question 39

Q

You are working your company’s help desk when a user calls to report that he can’t access any of the data on his computer. He says that a message has appeared on his screen stating that all of his data has been encrypted by the FBI and that it will be decrypted only after he pays $768 in Bitcoin to an unknown address. The user wants to know if he is responsible for making the payment. Which of the following types of attacks has the user experienced?
Denial of service
War driving
Ransomware
ARP poisoning

Answer

A

C. The user has experienced a ransomware attack. Ransomware is a type of attack in which a user’s access to his or her data is blocked unless a certain amount of money is paid to the attacker. The blockages can vary from simple screen locks to data encryption. War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks. Denial of service is a type of attack that overwhelms a computer with traffic, preventing it from functioning properly. ARP poisoning is the deliberate insertion of fraudulent information into the ARP cache stored on computers and switches.

Question 40

Q

Which of the following wide area network (WAN) services provide unequal amounts of upstream and downstream bandwidth? (Choose all correct answers.)
SDSL
CATV
ADSL
ISDN

Answer

A

B and C. The word asymmetric in Asymmetric Digital Subscriber Line (ADSL) means that the service provides different amounts of bandwidth in each direction. In nearly all cases, asymmetric WAN services provide more downstream bandwidth than upstream. Cable television (CATV) networks are also asymmetrical. The word symmetric in Symmetric Digital Subscriber Line (SDSL) means that the service provides equal amounts of bandwidth in both directions. Integrated Services Digital Network (ISDN) is also symmetrical.

Question 41

Q

Network cable runs generally connect office endpoints, such as wall plates, to a central cabling nexus, which is typically where the runs are joined to a backbone network that links them together. Which of the following are terms for such places where network cabling connections are found? (Choose all correct answers.)
RDP
IDF
MDF
MTBF

Answer

A

B and C. A large enterprise network will—at minimum—have demarcation points for telephone services and a connection to an Internet service provider’s network. In many cases, these services enter the building in the same equipment room that houses the backbone switch, which enables all the devices on the network to access those resources. This room is then called the main distribution frame (MDF). An intermediate distribution frame (IDF) is a place where localized telecommunications equipment, such as the interface between the horizontal cabling and the backbone, is located. For example, an enterprise network housed in a single building might have its MDF in the basement and an IDF on each floor. Mean Time Between Failures (MTBF) and Remote Desktop Protocol (RDP) are not network cabling locations.

Question 42

Q

Your supervisor has asked you to call the cabling contractor your company uses and make an appointment to install some new twisted pair cable runs. In addition to asking how many cables you need pulled, the contractor asks you if you need plenum or PVC. Under which of the following conditions might the local building code require that a data network use plenum cable?
When cable runs exceed the maximum length specified by the physical layer specification
When cables must run through air-conditioning ducts
When cables run near to devices that generate electromagnetic interference (EMI)
When multiple cables run through the same conduit

Answer

A

B. A plenum space is an area of a building that provides air circulation as part of its heating or cooling system, such as a heating or air-conditioning duct. Plenum cables have a sheath made of a fire-retardant material that does not outgas toxic fumes when it burns. When network cables are installed in plenum spaces, many local building codes require that installers use plenum-rated cables conforming to specific standards. Plenum cables provide no benefit when installed near other cables, or EMI sources, or when they exceed specified lengths.

Question 43

Q

Which of the following is not a term for the process of combining the bandwidth of two or more network adapters to increase the overall speed of the connection and provide fault tolerance?
Port aggregation
Link aggregation
Bonding
Clustering
NIC teaming

Answer

A

D. Clustering refers to the combination of multiple servers—not network adapters—into a single unit to enhance performance and provide fault tolerance. Bonding, link aggregation, port aggregation, and NIC teaming are all terms for the same basic technology, in which the bandwidth of multiple network adapter connections is joined to speed up transmissions. The technology also enables the network communication to continue if one of the adapters fails or is disconnected.

Question 44

Q

ou have been asked by the director of the IT department to review the security status of the network device administration procedures currently in use. You know that network device hardening has as one of its first principles the use of secure protocols over insecure ones. Which of the following suggestions are examples of this principle that you should suggest to the director? (Choose all correct answers.)
Use WEP instead of WPA2.
Use TKIP instead of AES.
Use HTTPS instead of HTTP.
Use SSH instead of Telnet.

Answer

A

C and D. Secure Shell (SSH) and Telnet are both remote terminal programs, but Telnet clients pass instructions (including passwords) to the target server in clear text, whereas SSH uses encrypted transmissions. In the same way, Hypertext Transfer Protocol Secure (HTTPS) is the encrypted version of HTTP. In both of these cases, the substitute is more secure and should be suggested to the director. However, Temporal Key Integrity Protocol (TKIP) provides encryption that is less secure than Advanced Encryption Standard (AES), and Wired Equivalent Protocol (WEP) is less secure than Wi-Fi Protected Access II (WPA2).

Question 45

Q

The Simple Network Management Protocol (SNMP) works by processing information gathered from agents installed or embedded in network devices and displaying the information on a central console. Which of the following is the term used for the database in which SNMP agents store information about their properties?
MIB
Trap
Syslog
SIEM

Answer

A

A. A management information base (MIB) is the database on an SNMP agent in which ASN.1 information about the properties of the managed device is stored. The other three options do not perform this function. A trap is an alert message that SNMP agents send to the network management console when an exceptional event occurs. Syslog is a standard for message logging components. Security information and event management (SIEM) is a combination tool that uses information gathered from logs and network devices to provide a real-time analysis of the network’s security condition.

Question 46

Q

When a web browser connects to a web server using an address with the https:// prefix, the connection is secured using Transmission Control Protocol (TCP) and an encryption protocol. Which of the following are protocols that are typically used to secure communication between web servers and web browsers? (Choose all correct answers.)
TLS
SSH
DTLS
SSL

Answer

A

A and D. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. Transport Layer Security (TLS) is an updated security protocol that is designed to replace SSL. Datagram Transport Layer Security (DTLS) is a security protocol that provides the same basic functions as TLS but for User Datagram Protocol traffic instead of TCP. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers; it does not provide web server/browser security.

Question 47

Q

A perimeter network is a segment that is exposed to the Internet and separated from the internal network by a firewall. Administrators typically use a perimeter network for servers that must be accessible by outside users, such as web and email servers. Which of the following is another term for a perimeter network?
PEAP
DMZ
VLAN
TKIP

Answer

A

B. Another term for a perimeter network is a DMZ, or demilitarized zone. A virtual LAN (VLAN) is a logical network segment created within a switch. Protected Extensible Authentication Protocol (PEAP) is an authentication protocol, and Temporal Key Integrity Protocol (TKIP) is an encryption algorithm. These three options are not terms for a perimeter network.

Question 48

Q

Which of the following types of traffic is not exchange by Remote Desktop clients and servers using the Remote Desktop Protocol (RDP)?
Keystrokes
Mouse movements
Display information
Application data

Answer

A

D. RDP is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP does not carry actual application data; it just transfers keystrokes, mouse movements, and graphic display information.

Question 49

Q

You have been engaged to design a wireless LAN for a site you have never seen. For that reason, you want the LAN to be able to support both the 2.4 GHz and 5 GHz frequencies. Which of the following IEEE 802.11 wireless LAN standards should you look for when you are shopping for equipment that supports both frequencies?

11a
11b
11g
11n
11ac

Answer

A

D. Only the 802.11n standard defines wireless LAN devices that can support both the 2.4 GHz and 5 GHz frequencies. The 802.11a and 802.11ac standards support only 5 GHz, and the 802.11b and 802.11g standards support only 2.4 GHz.

Question 50

Q

Which of the following settings is typically not included in an account lockout policy?
Account lockout threshold
Reset account lockout threshold counter
Time allowed between attempts
Account lockout duration

Answer

A

C. Account lockout policies typically do not include a setting that regulates the amount of time allowed between logon attempts. The other options describe settings that are usually included in an account lockout policy. An account lockout threshold setting specifies the number of incorrect logon attempts that are permitted before the account is locked out. An account lockout duration setting specifies the amount of time that an account remains locked out. A reset account lockout threshold counter setting specifies the amount of time before the number of incorrect attempts is reset to zero.

Question 51

Q

You have been asked to evaluate the security provided by the cryptographic algorithms in use on your network. Which of the following are not cryptographic algorithms used for file hashing? (Choose all correct answers.)
RC4
MD5
AES
SHA

Answer

A

A and C. Secure Hash Algorithm (SHA) and Message Digest 5 (MD5) are file hashing algorithms, used to test data integrity by calculating a hash value before transmitting a file over the network. After the transmission, the receiving system performs the same calculation. If the values match, then the data is intact. RC4 and Advanced Encryption Standard (AES) are both cryptographic algorithms, but they are not used for file hashing.

Question 52

Q

Which of the following are not technical terms associated with Integrated Service Digital Network (ISDN)? (Choose all correct answers.)
2B+D
Primary Rate Interface (PRI)
Digital Subscriber Line (DSL)
Basic Rate Interface (BRI)
T-1

Answer

A

C and E. Digital Subscriber Line is a wide area networking service that uses the public switched telephone network, but it is not associated with ISDN. A T-1 is a leased telephone line that is also not associated with ISDN. 2B+D is a term for the ISDN Basic Rate Interface (BRI) service. B channels are 64 Kbps circuits that carry user data. A single D channel carries control and synchronization information. Primary Rate Interface is another type of ISDN service that has 23 B channels instead of two.

Question 53

Q

You are in the process of troubleshooting a user’s computer that is malfunctioning. Which step of the troubleshooting model involves replacing computer components until you have identified a faulty hardware device?
Establish a plan of action to resolve the problem
Duplicate the problem
Gather information
Verify full system functionality
Test the theory to determine the cause
Document findings, actions, and outcomes
Establish a theory of probable cause

Answer

A

E. After you have established a theory of probable cause, you can try to test the theory by replacing hardware components one by one until you find the faulty device. All of the other options are steps that come either earlier or later in the troubleshooting process.

Question 54

Q

An insider threat is most likely to be detectable by which of the following types of physical security?
Motion detection
Smartcards
Biometrics
Video surveillance

Answer

A

D. An insider threat by definition originates with an authorized user. Therefore, smartcards, motion detection, and biometrics will only detect the presence of someone who is authorized to enter sensitive areas. Video surveillance, however, can track the activities of anyone, authorized or not.

Question 55

Q

Which of the following message types does a Dynamic Host Configuration Protocol (DHCP) client use to locate a DHCP server?
DHCPREQUEST
DHCPDISCOVER
DHCPOFFER
DHCPRENEW

Answer

A

B. In the DHCP address allocation process, the client begins the transaction by broadcasting DHCPDISCOVER messages to locate DHCP servers. The servers then reply with DHCPOFFER messages containing addresses. Then, the client sends a DHCPREQUEST message to one server accepting an offered address, to which the server replies with a DHCPACK. DHCPRENEW messages are not used during the address allocation process.

Question 56

Q

A protocol analyzer is a tool that captures packets from a network and examines their contents. Which of the following Unix/Linux tools is a protocol analyzer?
nmap
tcpdump
pathping
iptables

Answer

A

B. The Unix/Linux tcpdump utility is a protocol analyzer. It is a command-line tool that captures network packets and displays their contents. The iptables, nmap, and pathping utilities cannot capture and analyze packets. iptables manages Unix/Linux kernel firewall rules, nmap is a port scanner, and pathping is a Windows route tracing tool.

Question 57

Q

A storage area network (SAN) typically takes the form of a dedicated network used to provide servers with access to hard disk arrays and other storage devices. Which of the following statements about the differences between a SAN and network attached storage (NAS) are true? (Choose all correct answers.)
NAS devices typically provide a filesystem, while SAN devices do not.
NAS provides file-level storage access, whereas a SAN provides block-level storage access.
NAS devices typically contain integrated iSCSI targets.
SAN devices have an operating system, whereas NAS devices do not.

Answer

A

A and B. NAS devices are self-contained file servers that connect directly to a standard IP network. A NAS device provides file-level access to its storage devices, and it includes an operating system and a filesystem. NAS devices are typically not iSCSI targets.

Question 58

Q

Your supervisor has just informed you that the CIO has hired an outside consultant to perform penetration testing on the company network. Which of the following best describes what you can expect the consultant to do?
Evaluate the security conditions on the network
Create computers or networks that are alluring targets for intruders
Attempt to compromise the network’s security measures
Implement a new companywide security protocol

Answer

A

C. Penetration testing is when an outside consultant is engaged to attempt an unauthorized access to protected network resources. Testing by an internal administrator familiar with the security barriers would not be a valid test. Although having a consultant examine the network’s security from within can be useful, this is not a penetration test. Computers or networks that are alluring targets for intruders are called honeypots or honeynets. Implementation of a new security protocol can only come after the current security situation has been evaluated.

Question 59

Q

Your company is a contractor for the government that regularly works with highly sensitive defense data. To prevent this data from being compromised, the company’s datacenter has various special security measures installed. All of the servers have crimped metal tags holding the cases closed. All of the hardware racks are locked in clear-fronted cabinets. All of the cable runs are installed in transparent conduits. These are all examples of which of the following types of physical security measure?
Geofencing
Port security
Tamper detection
Asset tracking

Answer

A

C. All of the mechanisms listed are designed to make any attempts to tamper with or physically compromise the hardware devices immediately evident. These mechanisms are therefore various forms of tamper detection. Asset tracking is for locating and identifying hardware. Geofencing is a wireless networking technique for limiting access to a network. Port security refers to network switch ports. These options do not apply to the specified mechanisms.

Question 60

Q

In the public key infrastructure (PKI), users and computers are issued a key pair, consisting of public and a private key. Which of the following statements about a public key infrastructure are true? (Choose all correct answers.)
Data encrypted with the public key can only be decrypted using that public key.
Data encrypted with the public key can only be decrypted using the private key.
Data encrypted with the private key can only be decrypted using the public key.
Data encrypted with the private key can only be decrypted using that private key.

Answer

A

B and C. In a PKI, data encrypted with the private key can only be decrypted using the public key. Therefore, anyone receiving data encrypted with the private key can obtain the public key and decrypt it, confirming that the data originated with the private key holder. Because the public key is freely available, anyone can encrypt data using the public key and be certain that only the private key holder can decrypt it.

Question 61

Q

Which of the following is the worldwide standard (exclusive of North America) for synchronous data transmissions that defines data rates designated by optical carrier levels, such as OC-3, OC-12, OC-48, and OC-192?
SDH
SONET
ISDN
ATM

Answer

A

A. The Synchronous Digital Hierarchy (SDH) standard defines a base data transfer rate of 51.84 Mbps, which is multiplied at the various optical carrier levels. An OC-3 connection therefore runs 155.52 Mbps, an OC-12 at 622.08 Mbps, and so forth. SDH is the standard for the entire world, except for the United States and Canada. The North American standard is called Synchronous Optical Networking (SONET). Integrated Services Digital Network (ISDN) is a service that combines voice and data services using the Public Switched Telephone Network (PSTN), and Asynchronous Transfer Mode (ATM) is cell-switched protocol defining a combined voice, data, and video service.

Question 62

Q

Your supervisor has given you a Class C network IP address and has asked you to create a network with 8 subnets and 30 hosts per subnet. Which of the following subnet masks will you have to use?

255.255.128
255.255.192
255.255.224
255.255.240
255.255.248
255.255.252

Answer

A

C. To create a network with 8 subnets and 30 hosts per subnet, you must allocate 3 of the 8 bits in the last octet for use as a subnet identifier. This results in a binary value of 11100000 for the last octet in the subnet mask, which converts to a decimal value of 224. Therefore, the correct subnet mask value is 255.255.255.224. Values for the last octet that are lower than 224 would not enable you to create 8 subnets. Values higher than 224 would not enable you to create 30 host addresses.

Question 63

Q

You are a consultant working at a client site. The client has supplied you with the SSID and the passphrase for the company’s wireless network so that you can connect to it with your laptop. However, you are unable to establish a connection. Which of the following security measures might be preventing you from connecting your laptop to the network?
Geofencing
MAC filtering
Using WPA2
Disabling SSID broadcasts

Answer

A

B. MAC filtering takes the form of an access control list (ACL) on the wireless network’s access points, listing the MAC addresses of all the devices that are permitted to access the network. If the MAC address of your laptop is not included in the ACL, you will be unable to connect to the network. Geofencing is intended to prevent users outside the office from accessing the network. You are inside, so this should not be the problem. You have been given the passphrase for the network, so you should be able to configure the WPA2 protocol on your laptop. You have been given the SSID of the network, so you should be able to connect by manually entering it, even if the access points are not broadcasting the SSID.

Question 64

Q

You have just finished installing a new Category 5e cable run yourself for the first time. After attaching keystone connectors to both ends of the cable, you mount the office-side connector to a wall plate and mount the datacenter connector into a patch panel. Then you take a patch cable and connect the patch panel port to an open port in one of the network switches. However, the LED on the switch port does not light as it is supposed to. What should you do next?
Repull the cable run using Category 6 cable.
Check the cable run for wiring faults.
Make sure the switch port is not disabled.
Plug a computer into the wall plate.

Answer

A

D. For the link pulse LED on the switch port to light up, there must be an active connection between the switch and a functioning computer at the other end. Plugging a running computer into the wall plate will enable the Ethernet adapters at both end of the connection to communicate, causing the LED to light. None of the other options will cause the LED to light.

Answer 65

A

B. The Ethernet (or IEEE 802.3) protocol at the data link layer uses MAC addresses to identify computers on the local network. Media access control (MAC) addresses are coded into the firmware of physical network interface adapters by the manufacturer. The physical layer deals with signals and is not involved in addressing. The IP protocol at the network layer has its own addressing system. The transport layer protocols are not involved in addressing

Answer 66

A

C. The Cisco symbol shown in the figure is used in network diagrams to represent a router, as symbolized by the arrows pointing both in and out. This symbol is not used to represent a hub, a switch, or a gateway.

Answer 67

A

B and D. By inserting modified entries into a device’s ARP cache, an attacker can cause traffic to be diverted from the correct destination to a system controlled by the attacker. This can enable the attacker to intercept traffic intended for another destination. In a man-in-the-middle attack, the attacker can read the intercepted traffic and even modify it before sending it on to the correct destination. In a session hijacking attack, the attacker can use the intercepted traffic to obtain authentication information, including passwords. Neither of the other two options is facilitated by ARP poisoning. An evil twin is a fraudulent access point on a wireless network. Social engineering is a form of attack in which an innocent user is persuaded by an attacker to provide sensitive information via email or telephone.

Answer 68

A

D. A honeypot is a computer configured to function as bait for attackers, causing them to waste their time penetrating a resource that provides no significant access. This is also a technique that enables the target to gather information about the attackers. A demilitarized zone (DMZ) is a network segment on which administrators locate servers that must be accessible from the Internet but that are separated from the internal network by a firewall. A root guard provides protection to switch ports. Spoofing is an attack technique in which an intruder modifies packets to assume the appearance of another user or computer.

Answer 69

A

A. A repeater is a physical layer device that regenerates incoming signals and retransmits them. A hub is a type of repeater that receives data through any one of its multiple ports and retransmits the data out through all of its other ports. Bridges and switches are data link layer devices, and routers are network layer devices. None of these three can be described as a multiport repeater.

Answer 70

A

D. A port scanner examines a system for open ports or endpoints that are accessible from the network using the TCP or UDP protocol, which intruders can conceivably exploit to gain access to the system. Port scanners do not list user processes, hardware ports, numbers of packets, or IP addresses.

Answer 71

A

A and E. A storage area network (SAN) is a network that is dedicated to carrying traffic between servers and storage devices. SANs can use specialized network protocols, such as Fibre Channel in this case, or standard Gigabit Ethernet. A local area network (LAN) is a connected group of computers, usually inside a single room or building. In this case, the cluster has one LAN connecting the nodes together and another providing other users with access to the cluster. A personal area network (PAN) provides communication among devices associated with a single person, such as smartphones. A wide area network (WAN) is a network that connects devices or networks at different geographic locations. A metropolitan area network (MAN) is a type of WAN that connects devices within a limited geographic area. The cluster is not connected to a PAN, WAN, or MAN.

Answer 72

A

C. Since only one user is reporting the problem and he has admitted to making changes to his IP configuration, you should start by checking the workstation configuration using the ipconfig command. If the routers, the switches, or the DNS server were causing the problem, more than one user would be affected, and there would be additional users calling the help desk.

Answer 73

A

C. Because your colleague can connect to WebServ1 successfully, the problem is not an unresponsive service or blocked ports on the server. The problem is not a name resolution failure because you can successfully ping WebServ1 by name. Therefore, of the options listed, the only possible problem must be that the firewall on your workstation is configured to block the remote desktop client’s traffic.

Answer 74

A

C. The device shown in the figure is a punchdown tool, which you use to connect unshielded twisted pair cable ends to the keystone connectors used in modular wall plates and patch panels. After lining up the individual wires in the cable with the connector, you use the tool to press each wire into its slot. The tool also cuts the wire sheath to make an electrical contact and trims the end of the wire. This tool is not capable of performing any of the tasks described in the other options.

Answer 75

A

A, B, and C. The 5 GHz frequency has 23 channels available in the United States, whereas the 2.4 GHz frequency has only 11. Many household devices, such as cordless telephones, use the 2.4 GHz frequency band, but relatively few devices use the 5 GHz band. Higher frequencies typically support faster transmission speeds, because with all other conditions equal, they can carry more data in the same amount of time. The 5 GHz frequency typically has a shorter range than 2.4 GHz, because it is less able to penetrate barriers.

Answer 76

A

C. The device shown in the figure is a butt set, a basic tool of telephone installers and line workers. By connecting the clips to pins in a punchdown block, you can access telephone circuits in order to test them or place telephone calls. The device shown is not a crimper, a tone generator and locator, or a punchdown tool.

Answer 77

A

A. The File Transfer Protocol (FTP) uses two port numbers. It uses the first, port 21, for a control connection that remains open during the entire client-server session. The second port, 20, is for a data connection that opens only when the protocol is actually transferring a file between the client and the server. Network Time Protocol (NTP), Simple Network Management Protocol (SNMP), and Hypertext Transfer Protocol (HTTP) all use a single port on the server.

Answer 78

A

A. The 13-bit prefix indicated in the network address will result in a mask with 13 ones followed by 19 zeroes. Broken into 8-bit blocks, the binary mask value is as follows:
11111111 11111000 00000000 00000000
Converted into decimal values, this results in a subnet mask value of 255.248.0.0.

Answer 79

A

B. The failure to detect a tone on the eighth wire indicates that there is either a break in the wire somewhere inside the cable or a bad pin connection in one or both connectors. This type of fault is called an open circuit. None of the other three options are faults that manifest as described. A short circuit is when a wire is connected to two or more pins at one end of the cable. A split pair is a connection in which two wires are incorrectly mapped in exactly the same way on both ends of the cable. Crosstalk is a type of interference caused by signals on one wire bleeding over to other wires.

Answer 80

A

B and D. The session layer is responsible for creating and maintaining a dialog between end systems. This dialog can be a two-way alternate dialog that requires end systems to take turns transmitting, or it can be a two-way simultaneous dialog in which either end system can transmit at will. The session layer functions are called dialog control and dialog separation. Data encryption is performed at the presentation layer, and datagram routing occurs at the network layer.

Answer 81

A

A. When individual packets in a data stream are delayed, due to network congestion, different routing, or queuing problems, the resulting connectivity problem is called jitter. While this condition might not cause problems for asynchronous applications, real-time communications, such as Voice over IP or streaming video, can suffer interruptions from which the phenomenon gets its name. Latency describes a generalized delay in network transmissions, not individual packet delays. Attenuation is the weakening of a signal as it travels through a network medium. A bottleneck is a condition in which all traffic is delayed, due to a faulty or inadequate component. None of these three options would account for the problems reported by the users.

Answer 82

A

C. The 802.11ac standard defines a wireless LAN running at speeds of up to 1.3 gigabits per second (Gbps). None of the other 802.11 standards define networks running at speeds beyond 600 Mbps. There is no currently ratified IEEE 802.11 standard that enables speeds of 2.6 Gbps.

Answer 83

A

B and D. Network address translation (NAT) is a network layer service, typically integrated into a router, that converts the private IP addresses in all of a client’s Internet transmissions to a registered IP address. NAT therefore works for all applications. A proxy server is an application layer device that performs the same type of conversion but only for specific applications. A Remote Authentication Dial-In User Service (RADIUS) server can provide authentication, authorization, and accounting services for remote access servers, but it does not convert IP addresses. A unified threat management (UTM) appliance typically performs virtual private network (VPN), firewall, and antivirus functions. It too does not convert IP addresses.

Answer 84

A

A and B. 1.1.1.0 and 9.34.0.0 are both valid IPv4 network addresses. IPv4 addresses with first byte values from 224 to 239 are Class D addresses, which are reserved for use as multicast addresses. Therefore, the user cannot use 229.6.87.0 for his network. 103.256.77.0 is an invalid address because the value 256 cannot be represented by an 8-bit binary value.

Answer 85

A

B. Distance vector protocols rely on hop counts—that is, the number of routers between a source and a destination—to evaluate the efficiency of routes. Link state protocols use a different type of calculation, usually based on Dijkstra’s algorithm. The terms interior gateway protocol and edge gateway protocol do not refer to the method of calculating routing efficiency.

Answer 86

A

A and C. Any type of fiber-optic cable will satisfy the client’s requirements. Fiber-optic cable supports the required 1000 Mbps data rate and can connect networks that are 500 meters apart. Fiber-optic cable is also immune to EMI. Although both multimode and single-mode fiber would meet the corporation’s general needs, multimode is substantially less expensive than single-mode fiber. Twisted pair wiring (STP or UTP) meets the data rate, but it does not support connections longer than 100 meters. Thin coaxial cable does not support the data rate or distances longer than 185 meters.

Answer 87

A

C and D. An incorrect frequency, SSID, or WPA2 passphrase would prevent the user’s laptop from ever connecting to the network, so these cannot be the cause of the problem. Greater distance from the access point or interference from intervening walls can both cause a weakening of wireless signals, which can result in the intermittent connectivity that the user is experiencing.

Answer 88

A

A, C, and E. Static routes are not automatically added to the routing table by routing protocols and do not automatically adapt to changes in the network. They are therefore not recommended for large internetworks with redundant paths between networks. Administrators must manually add, modify, or delete static routes when a change in a network occurs. For this reason, static routes are recommended only for use in small networks without multiple paths to each destination.

Answer 89

A

C. Network layer protocols specify logical addresses, such as IP addresses, for end system communication. They also use those addresses to route packets to destinations on other networks. The physical layer defines standards for physical and mechanical characteristics of a network. The data link layer uses media access control (MAC) or hardware addresses, not logical addresses. The transport layer uses port numbers, not logical addresses. Session layer protocols create and maintain a dialog between end systems. Presentation layer protocols are responsible for the formatting, translation, and presentation of information. The application layer provides an entry point for applications to access the protocol stack and prepare information for transmission across a network.

Answer 90

A

C. The use of an incorrect wireless security protocol is a well-known source of errorless connection failures, so checking this will most likely enable you to discover the source of the problem. Channel overlap is a problem that you would check and resolve at the access point, not at the users’ workstations. It is not possible to change the frequency on the access point because the 802.11g standard only supports the 2.4 GHz frequency. Although signal interference could conceivably be the cause for a connection failure, the users can see the network’s SSID, so this is not likely to be the problem.

Answer 91

A

A, B, and C. Fibre Channel requires a dedicated network using fiber-optic cable. iSCSI traffic can coexist with standard LAN traffic on a single network, although some type of quality of service (QoS) mechanism is frequently recommended. Because it runs on any IP network, iSCSI traffic is routable, and it is far less expensive to implement than Fibre Channel. iSCSI does not include its own flow control mechanism, so this option is incorrect. It runs over a TCP connection, which is the protocol responsible for flow control.

Answer 92

A

B, C, and E. When a client sends a name resolution query to its DNS server, it uses a recursive request so that the server will assume the responsibility for resolving the name. The only other use of recursive requests is in the case of a forwarder, which is configured to pass that responsibility on to another DNS server. The client’s DNS server uses iterative queries when sending name resolution requests to root domain servers and authoritative servers for the com and adatum.com domains.

Answer 93

A

D. To access the Internet, the workstation’s routing table must include a default gateway entry. The default gateway is a router on the local network that provides access to other networks, such as the Internet. To manually create a default gateway entry in the routing table, you use the route add command with a Network Destination value of 0.0.0.0, a MASK value of 0.0.0.0, and the address of a router on the local network (in this case 192.168.2.99). The entry must also have a METRIC value that is lower than the other entries in the table so that it will be used first.

Answer 94

A

A, B, and D. Thin Ethernet networks use BNC connectors. Thick Ethernet networks use N-type connectors. All unshielded twisted pair (UTP) Ethernet networks use RJ45 connectors. You will not need F-type or DB-9 connectors. F-type connectors are used with coaxial cable but are typically used for cable television installations. DB-9 connectors are commonly used for serial communications ports.

Answer 95

A

A. Geofencing is the generic term for a technology that limits access to a network or other resource based on the client’s location. It is therefore best described as somewhere you are. A finger gesture would be considered something you do, a password something you know, and a smartcard something you have.

Answer 96

A

A. Hot, warm, and cold backup sites differ in the hardware and software they have installed. A cold site is just a space at a remote location. The hardware and software must be procured and installed before the network can be restored. It is therefore the least expensive and takes the most time. A warm site has hardware in place that must be installed and configured. A hot site has all of the necessary hardware installed and configured. A warm site is more expensive than a cold site, and a hot site is the most expensive and takes the shortest amount of time to be made operational.

Answer 97

A

A. A host-to-site VPN is a remote access solution, enabling users to access the corporate network from home or while traveling. A site-to-site VPN enables one network to connect to another, enabling users on both networks to access resources on the other one. This is usually a more economical solution for branch office connections than a wide area network (WAN) link. A host-to-host VPN enables two individual users to establish a protected connection to each other. An extranet VPN is designed to provide clients, vendors, and other outside partners with the ability to connect to your corporate network with limited access.

Answer 98

A

B. Frame relay is a packet switching service that uses a single leased line to replace multiple leased lines by multiplexing traffic through a cloud. A fractional T-1 is part of a leased line that connects two points, so there is no switching involved and no cloud. Asynchronous Transfer Mode (ATM) uses a switched fabric, but it is not referred to as a cloud. SONET is a physical layer standard that defines fiber-optic connections; it does not call for switching or use the term cloud.

Answer 99

A

D. Performance Monitor is a Windows application that can create logs of specific system and network performance statistics over extended periods of time. Such a log created on a new computer can function as a baseline for future troubleshooting. Event Viewer is a Windows application for displaying system log files; it cannot create a performance baseline. Syslog is a log compilation program originally created for Unix systems; it does not create performance baselines. Network Monitor is a protocol analyzer. Although it can capture a traffic sample that can function as a reference for future troubleshooting efforts, this cannot be called a performance baseline.

Answer 100

A

C. Although a DoS attack typically involves traffic flooding, any attack that prevents a server from functioning can be called a DoS attack. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning. This can be a physical attack that actually damages the server hardware, or the attacker can disable the server by altering its software or configuration settings. Flood-based attacks include the distributed denial-of-service (DDoS) attack, in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website in an attempt to overwhelm it and prevent it from functioning. An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses that overwhelm the target.

Brainscape's Knowledge GenomeTM

Practice Test 1 Flashcards

Brainscape's Knowledge Genome^TM