Practice test 4

Question 1

As you arrive to work this morning, you look up at the building and notice a microwave antenna that is pointing another antenna on top of your company’s support building across the street. Which of the following network topologies BEST represents this network connection over the microwave link?

Point to multipoint
Point to point
Mesh
peer to peer

Answer 1

This connection is best represented by a point-to-point connection since it is being used as a Campus Area Network connection to directly connect the two buildings.

Question 2

A technician installs a new piece of hardware and now needs to add the device to the network management tool database. However, when adding the device to the tool using SNMP credentials, the tool cannot successfully interpret the results. Which of the following needs to be added to allow the network management tool to interpret the new device and control it using SNMP?

MIB
TRAP
WALK
GET

Answer 2

Management Information Base (MIB) is used for managing all entities on a network using Simple Network Management Protocol. It would allow whatever tool to correctly interpret the information received.

Question 3

A company utilizes a patching server to regularly update its PCs. After the latest round of patching, all of the older PCs with non-gigabit Ethernet cards become disconnected from the network and now require a technician to fix the issue locally at each PC. What could be done to prevent this problem next time?

Disable to automatic driver updates to PCs on the patching server.
Require the patching server to update the oldest PCs off hours.
Throttle the connection speed of the patching server to match older PCs.
Enable automatic rebooting of the PCs after patching is completed.

Answer 3

The most likely cause of this issue was a forced driver update being pushed from the update server to the older PCs, breaking their ability to use their network cards. It is best to disable automatic driver updates for PCs and have them tested first.

Question 4

Your supervisor has asked you to run a Cat 5e cable between two network switches in the server room. Which type of connector should be used with a Cat 5e cable?

DB-25

RJ-45

RS-232

RJ-11

Answer 4

A Cat 5e cable should uses a RJ-45 connector on each end of the cable. This is the standard type of connector for Cat 3, Cat 5, Cat 5e, and Cat 6a cables.

Question 5

What is used to authenticate remote workers who connect from offsite?

VTP trunking

OSPF

802.1x

Virtual PBX

Answer 5

802.1x can be used because it is designed to enhance the security of wireless local area networks (WLANs) . WLANs provide an authentication framework, allowing a user to be authenticated by a central authority. RADIUS (Remote Authentication Dial-In User Service) allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Remote users connect to one or more Remote Access Servers. The remote access servers then forward the authentication requests to the central RADIUS server. 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC). It provides an authentication mechanism to devices wishing to attach to a network. 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client that wishes to attach to the network. The authenticator is a network device, such as an Ethernet switch, wireless access point or in this case, a remote access server and the authentication server is the RADIUS server.

Question 6

You are currently working as a firewall technician. You have received a request to open up a few ports on the firewall to allow a newly VoIP system to operate properly. The installer has requested that the ports associated with SIP, RDP, H.323, and RTP be opened to allow the new system to operate properly. Which of these ports are NOT used by a typical VoIP system?

H.323

RDP

SIP

RTP

Answer 6

RDP is the protocol for the Remote Desktop Protocol and operates over port 3389. This is not used in a typical VoIP system. SIP (Session Initiation Protocol), H.323 (voice/video conferencing) protocol, and the RTP (Real-time Transport Protocol) are all used heavily in VoIP and video conferencing solutions.

Question 7

A network engineer is conducting an assessment for a customer who wants to implement an 802.11ac wireless network. Before the engineer can estimate the number of WAPs needed, it is important to reference the _______________.

Network topology

Network diagram

PoE requirements

Site survey

Answer 7

Since it is a wireless network, a review of a site survey is necessary to determine any physical advantages and disadvantages. Network topology and Network diagrams can be created once the site survey is complete and the location of the access points is determined.

Question 8

A technician wants to update the organization’s disaster recovery plans. Which of the following would allow network devices to be replaced quickly in the event of a device failure?

Proper asset tagging and labeling

Archives/backups

Vendor documentation

Network Baseline

Answer 8

Having backups of the server data would allow for a quick recovery in the event of a device failure.

Question 9

A company has implemented the capability to send all log files to a central location by utilizing an encrypted channel. The log files are sent to this location in order to be reviewed. A recent exploit has caused the company’s encryption to become unsecure. What would be required to resolve the exploit?

Install recommended updates

Configure the firewall to block port 22

Send all log files through SMTP

Utilize an FTP service

Answer 9

If the encryption is insecure, then we must look for encryption software updates or patches. If they are available, we must install them.

Question 10

Which of the following describes a design where traffic is shared between multiple network servers to provide greater throughput and reliability?

MPLS trunking

Load balancing

Multiplexing

VLAN tagging

Answer 10

Load Balancing is a technique used to spread work across multiple computers, network links, or other devices.

Question 11

Thomas has a server that streams media to the local network and the device is currently visible on the network. All of the workstations on the LAN can ping the device and all the firewalls are currently turned off. The goal is for the streaming media server to be able to allow different workstations to watch the stream if they choose to subscribe to it.The streaming device appears to be functioning properly, but the media won’t stream when requested. Which of the following TCP/IP technologies is MOST likely not implemented properly?

Anycast
•	 
Unicast
• 
Multicast
*	 
Broadcasts

Answer 11

Explanation
Multicast is not implemented properly because that is the TCP/IP technology that sends out the packets to the requested devices when streaming to multiple workstations from a single streaming media server. As opposed to broadcast (one-to-all), which sends out packets to all devices, multicast (one-to-many-of-many/many-to-many-of-many) only sends packets to many that are specifically requested but not all. Multicast would need to be implemented to route the network device to the LAN so that streaming can function properly.

Question 12

A network administrator has set up a firewall and entered only three rules allowing network traffic over ports 21, 110, and 25 in an effort to minimize the attack surface and to better secure the network. Unfortunately, now the administrator is receiving complaints from users who are reporting that they cannot access any web pages using their URLs, such as DionTraining.com. Which of the following should the administrator do to correct this issue?

Add a rule to the ACL to allow traffic on ports 137 and 66

Add a rule to the ACL to allow traffic on ports 143 and 22

Add a rule to the ACL to allow traffic on ports 80 and 53

Add a rule to the ACL to allow traffic on ports 445 and 173

Answer 12

Port 80 is used for HTTP traffic. It must be open to allow the web browser to make a request from the network to the web server. Port 53 is needed to reach the DNS servers in order to determine the IP address for a given URL or domain name (such resolving DionTraining.com to its IP address).

Question 13

A network technician has received reports of an Internet-based application that has stopped functioning. Employees reported that after updating the Internet browsers, the application began to fail. Many users rolled back the update, but this did not correct the issue. Which of the following should the company do to reduce this type of action from causing network problems in the future?

Verify the update hashes match those on the vendor’s website

Segment the network and create a test lab for all updates before deployment

Coordinate the Internet Server update to coincide with the users’ updates

Implement a disaster recovery plan with a hot site to allow users to continue working

Answer 13

Explanation
Segmented networks would ensure every system isn’t updated at the same time and would be updated in groups. The test lab would ensure proper functionality prior to deployment or would allow you to work through the technical difficulties prior to deployment.

Question 14

What should be considered when troubleshooting the coverage and signal strength of a 802.11n WLAN?

Building materials in the area

Temperature

Humidity

Malware

Answer 14

Explanation
Some building materials are more dense than others. The denser the object, the more you will have a degradation of signal. For optimal signal, a LoS (Line of sight) of 25 feet or less is advised as well.

Question 15

A network technician is asked to redesign an Ethernet network before some new monitoring software is added to each workstation on the network. The new software will broadcast statistics from each host to a monitoring server for each of the five departments in the company. The added network traffic is a concern of management that must be addressed. How should the technician design the new network?

Place each department in a separate VLAN

Add a router and create a segment for all the monitoring host stations

Increase the collision domains to compensate for the added broadcasts

Increase the number of switches on the network to reduce broadcasts

Answer 15

Explanation
Placing each of the departments on separate VLANs will help minimize the added network traffic. VLANs work by taking multiple physical hosts and LANs and configuring them to act as if they were attached to the same Ethernet switch.

Question 16

What anti-malware solution should be implemented to deter attackers from loading custom files onto a distributed target platform?

Network-based anti-malware

Signature-based anti-malware

Host-based anti-malware

Cloud-based anti-malware

Answer 16

Explanation
The network-based anti-malware can keep the system secure by testing all communications to/from a distributed target platform.

Question 17

Which encryption type MOST likely is used for securing the key exchange during a client-to-server VPN connection?

Kerberos

AES

ISAKMP

TKIP

Answer 17

Explanation
ISAKMP is used in IPSec, which is commonly used in securing the key exchange during the establishment of a client-to-server VPN connection.

Question 18

A network technician receives the following alert from a network device: “High utilizations threshold exceeded on gi1/0/24 : current value 8463257.54” What is being monitored to trigger the alarm?

Network device memory

Speed and duplex mismatch

Network device CPU

Interface link status

Answer 18

Explanation
This is an error message that indicates that threshold of high utilization of network interface, in this case interface gi1/0/24, has been exceeded. The message has been triggered on the interface link status. (Note: gi1/0 would be a gigabyte interface.)

Question 19

A home user reports that a speed test website shows the following information: Download speed: 33.3Mbps
Upload speed: 10.2Mbps Which of the following is the best interpretation of the results?

The home PC is receiving data at 33.3 Mbps and sending data at 10.2 Mbps.

The home PC downloaded 33.3 MB of data to the website and uploaded 10.2 MB of data to the website.

The website upload bandwidth is saturated and it does not match the download speed.

The website is downloading data to its server at 33.3 Mbps and uploading data from its server at 10.2 Mbps.

Answer 19

Explanation

This connection is an asymmetric connection, like a cable modem or DSL, where upload and download speeds do not match

Question 20

A small real estate office has about 15 workstations and would like to use DHCP to assign classful IP addresses to each workstation. The subnet only has one octet for the host portion of each device. Which of the following IP addresses could be assigned as the default gateway?

10. 0.0.1
11. 16.0.1
12. 254.0.1
13. 168.0.1

Answer 20

Explanation
A non-routable IP address (in this case 192.168.0.1), also known as a private IP address, is not assigned to any one organization and does not need to be assigned by an Internet Service Provider. Since the question wants a classful IP addressing scheme to be assigned to devices, and only one octet being available for the host portion, it would need to be a Class C address. The only Class C address to choose is 192.168.0.1 based on the options provided. The IP 10.0.0.1 is a Class A address. The IP 172.16.0.1 is a Class B address. The IP 169.254.0.01 is an APIPA (reserved) address.

Question 21

Which of the following devices does a CSU/DSU connect?

A local network to a VPN

A cable modem to a wireless router

A T1 line to a network router

An analog line to a network router

Answer 21

Explanation
A CSU/DSU device is designed to connect a terminal device to a T1 line. The terminal device or Data Terminal Equipment (DTE) such as a router will connect to the T1 line via CSU/DSU (Channel Service Unit/Data Service Unit).

Question 22

Which of the following should be implemented to allow wireless network access for clients in the lobby using a password key?

RADIUS

IPSec

WPA2

Firewall

Answer 22

Explanation

WPA2 allows the use of a preshared key for wireless network access.

Question 23

Which WAN technology relies on virtual circuits and point-to-multipoint connections?

PRI

Frame relay

MPLS

ISDN

Answer 23

Explanation
Frame Relay is a WAN technology that specifies the physical and data link layers of digital telecommunications channels using a packet switching methodology. It supports the use of virtual circuits and point-to-multipoint connections. It is commonly used to connect multiple smaller corporate office locations back to a larger centralized headquarters.

Question 24

Which of the following network topologies requires that all nodes have a point-to-point connection with each and every other node in the network?

Ring

Mesh

Bus

Star

Answer 24

Explanation
A mesh network is a network topology in which each node relays data for the network. Because of this, physical mesh networks are very expensive to implement and not often used.

Question 25

A network architect is designing a highly-redundant network with a distance vector routing protocol in order to prevent routing loops. The architect has configured the routers to advertise failed routes with the addition of an infinite metric. What method should the architect utilize? Route poisoning Spanning tree Split horizon Hold down timers

Answer 25

Explanation | The Route poisoning setting in Cisco's Split Horizon is what prevents routing loops and shows the failed routes.

Question 26

A wireless networking technician has completed a survey of a wireless network and documented the detected signal strengths in various locations. This document is known as ______________. Heat map Bandwidth survey Network baseline Logical Network map

Answer 26

Explanation A heat map will show the signal strengths of wireless network signals in various locations. Technicians will document this information and use it as a tool during troubleshooting and optimization efforts.

Question 27

Which of the following is the BEST encryption to use from the options below to meet your manager's requirements for the new visitors' Wireless Network? WPA2-CCMP WEP WPA WPA2-TKIP Open

Answer 27

Explanation Since your manager has requested that the visitors not be required to configure anything on their devices, the only option you can choose is Open. This option presents NO security for the visitor's wireless network, but it also requires no setup on the user's devices. All of the other options would require some sort of pre-shared key and setup to allow the visitor to use the network.

Question 28

A technician is installing a network firewall and would like to block all WAN to LAN traffic that is using ports other than the default ports for Internet and email connectivity. What rule should the technician verify FIRST? An implicit deny is enabled All inbound traffic is blocked All outbound traffic is blocked A DMZ has been created

Answer 28

Explanation | Implicit deny only allows certain traffic through that is specified by certain ports.

Question 29

The corporate network uses a centralized server to manage credentials for all of its network devices. What type of server is MOST likely being used in this configuration? Kerberos RADIUS DNS FTP

Answer 29

Explanation RADIUS is used to centrally manage credentials for network devices. TACACS is an older username and login system that uses authentication to determine access, while RADIUS combines authorization AND authentication. For this question, either RADIUS or TACACS would be an acceptable answer.

Question 30

A network technician needs to protect IP-based servers in the network DMZ from an intruder trying to discover them. What should the network technician do to protect the network from ping sweeps? Block echo replies inbound to the DMZ Disable UDP on the servers Disable TCP/IP on the server Block ICMP at the firewall

Answer 30

Explanation All ping requests are based on Internet Control Message Protocol. Blocking ICMP communication at the firewall would stop the firewall from communicating with any ping sweeps that would occur.

Question 31

A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password has been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all the networking devices, which of the following should the technician do to prevent the password from being sniffed on the network again? Copy all configurations to routers using TFTP for security Ensure the password is 10 characters, containing letters and numbers Only allow administrators to access routers using port 22 Use SNMPv1 for all configurations involving the router

Answer 31

Explanation Port 22 uses SSH to authenticate a remote computer or user, or in this case, an administrator. Even if the router has been compromised, the new full rights user would not be able to access their new account without the SSH key, which could only be provided by a true administrator. Telnet uses port 23 and passes all information as unencrypted traffic on the network. Telnet should always be disabled for security reasons and SSH (which uses encryption) should be used instead.

Question 32

Your co-worker has just installed an unmanaged 24-port switch. He is concerned with the amount of broadcast traffic that may exist when using this device. How many broadcast domains are created when using this single 24-port switch? 0 24 1 2

Answer 32

Explanation A single 24-port unmanaged switch will have only 1 broadcast domains. Broadcast domains are split up by routers and VLANs. Since this is an unmanaged switch, it will only have a single broadcast domain, but it will have 24 collision domains.

Question 33

A network administrator is configuring a VLAN across multiple switches. The administrator wants to configure the VLAN once and have that configuration propagate to all of the switches in the network. Which of the following should the administrator do? Configure the switches to utilize IGRP Implement port bonding on the switches Configure the switches to utilize STP Configure the switches to utilize VTP

Answer 33

Explanation | VLAN Trunking Protocol (VTP) shares VLAN information to all switches in a network.

Question 34

A technician is setting up a new network and wants to create redundant paths through the network. Which of the following should be implemented to prevent performance degradation within the network? Port mirroring Spanning tree ARP inspection VLAN

Answer 34

Explanation The Spanning Tree Protocol (STP) is a network protocol that builds a logical loop-free topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. If you have redundant links setup, it is important to utilize STP to prevent loops within the network.

Question 35

While installing new network equipment, a network administrator wants to add infrastructure to keep the cables organized in the environment. The administrator also needs cables to be easily removed or added due to the constantly changing environment. Which of the following should be added to the network's cable distribution plant to achieve this goal? Cable ties Ladder trays Raised floor Hook and loop straps

Answer 35

Explanation Ladder trays are a cost-effective alternative and allow for easy installation of cables by electricians as well as future access for adding or removing cable runs.

Question 36

You are assisting the company with developing a new business continuity plan. What would be the BEST recommendation to add to the BCP? Perform recurring vulnerability scans Physically secure all network equipment Maintain up-to-date configuration backups Build redundant links between core devices

Answer 36

Explanation The business continuity plan focuses on the tasks carried out by an organization to ensure that critical business functions continue to operate during and after a disaster. By keeping redundant links between core devices, critical business services can be kept running if one link is unavailable during a disaster. Some of the other options are good ideas, too, but this is the BEST choice.

Question 37

You have been asked by the physical security manager to assist with his risk assessment of his proposed security measures. He is concerned that during a power outage, the server room might be the target of an attack. Luckily, he has many different protection measures in place to keep intruders out of the server room. During a power outage, which of the following security controls would still be usable? Motion detectors Biometric scanners Door locks CCTV

Answer 37

Explanation A traditional door lock doesn't require power to operate, therefore it will still provide protection to the keep the intruder out of the server room. The other options all require power to function and operate.

Question 38

You have been hired by a company to upgrade their aging network. The network currently uses static routing for the internal network, but the organization wants to reconfigure it to use a dynamic routing protocol. The new dynamic routing protocol must support IPv4 and VLSM, at a minimum. Based on the requirements provided, which of the following routing protocols should you enable and configure? HSRP VRRP RIPv1 OSPF

Answer 38

Explanation Of the options provided, only OSPF supports IPv4 and VLSM (Variable Length Subnet Mask). The other protocols do not support VLSM. (Note: RIPv2 and above does in fact support VLSM.

Question 39

You have been asked to run a cable between a drop ceiling and a standard ceiling and ensure it meets the fire safety requirements for your local government. The cable will be used to support a 10GBaseT network connection for up to 100 meters. Which of the following cables should you use to meet these requirements? Plenum Cat 5e Plenum Cat 6a PVC Cat 6a PVC Cat 5e

Answer 39

Cat6a can also support 10Gbps for up to 100 meters using 10GBaseT. Cat 5e can only support 1000BaseT (1 Gbps) connections. Since we are concerned with the fire safety rating of the cable, we should use a Plenum cable, not a PVC cable.

Question 40

Which of the following WAN connection types might an Amplitude Modulation (AM) radio station have a detrimental effect on and cause interference? SONET DOCSIS Metro-Ethernet Frame relay

Answer 40

Explanation DOCSIS is how cable modems operate by sending radio frequency waves over coaxial cables. AM frequencies can interfere with DOCSIS. The other answers all rely on networks, such as fiber, which are immune to radio frequency interference.

Question 41

You are about to perform a major configuration upgrade to a network device. What should you have prepared in case the upgrade fails? Rollback plan Vulnerability report Business continuity plan Baseline report

Answer 41

Explanation The purpose of a rollback plan is to document at every point during the deployment of a change or upgrade where you can stop the deployment and return to a known-good state.

Question 42

Which of the following wireless characteristic does channel bonding improve? Coverage area Signal strength Connection speed Encryption strength

Answer 42

Explanation Channel Bonding is used to reduce redundancy or increase throughput, directly affecting the connection speed of a wireless connection. Signal strength only refers to the maximum transmitted power by an antenna.

Question 43

What is BEST used to perform a one-time temporary posture assessment in a NAC environment? Host-based firewall Intrusion prevention system Non-persistent agent Antivirus

Answer 43

Explanation A non-persistent agent is used to access the device during one-time check-in at login. This is beneficial in BYOD (Bring Your Own Device) policies.

Question 44

You are troubleshooting your company's T-1 connection to your ISP. The ISP has asked you to place a loopback on the device which connects your T-1 line to their central office. Which of the following devices should you connect the loopback plug on? Fiber optic modem Channel remote module Channel service unit Digital subscriber line modem

Answer 44

Explanation The CSU/DSU terminates a T1 line at the customer's site. Therefore, the CSU (Channel Service Unit) should have the loopback plug attached to test the connection.

Question 45

You are assisting a member of your organization's security team during an incident response. The team member asks you to determine if there are any strange TCP connections occurring on a given workstation. You open the command prompt on the workstation. Which of the following tools would provide you with information on any TCP connections that currently exist on the workstation? route netstat tracert arp

Answer 45

``` Explanation Netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface and network protocol statistics. It is useful when trying to determine if a workstation is attempting outbound connections due to malware (beaconing activity), or has ports open and listening for inbound connections. ```

Question 46

Which network device operates at Layer 2? Router Switch Firewall Repeater

Answer 46

Explanation A basic switch operates at Layer 2 of the OSI model. For the exam, unless they mention a "multilayer switch" or "layer 3 switch", always assume they are referencing a basic layer 2 switch.

Question 47

A technician just completed a new external website and setup access rules in the firewall. After some testing, only users outside the internal network can reach the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using an internal IP address? Place the server in the DMZ Configure NAT on the firewall Implement a split horizon DNS Adjust the proper internal ACL

Answer 47

Explanation Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for internal and external networks as a means of security and privacy management.

Question 48

Exploiting a weakness in a user's wireless headset to compromise the mobile device is known as what? Multiplexing Smurfing Bluejacking Zero-day attack

Answer 48

Explanation Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptop computers or sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another.

Question 49

A company is experiencing accessibility issues reaching services on a cloud-based system. What monitoring tools should be used to locate possible outages? Network analyzer Network sniffer Packet analyzer Protocol analyzer

Answer 49

Explanation A network analyzer is a useful tool, helping you do things like track traffic and malicious usage on the network. A software tool like Wireshark is a network analyzer and protocol analyzer.

Question 50

Over the past week, the users of your network have reported that the network has been operating slowly. You have made some changes to the network to attempt to increase its speed and responsiveness, but your supervisor is requesting that you provide some proof that the network is actually faster and doesn't just "feel" faster. Which of the following should you use to prove that the current configuration has improved the speed of the network? Present him with a logical network diagram showing the configuration changes Provide him a copy of the approved change request for your configuration changes Present him with a physical network diagram that shows the changes you made Show him the results of a new performance baseline assessment

Answer 50

Explanation The only way to prove to your supervisor that the network is actually faster and more responsive is to conduct a new performance baseline and compare it to the results of the baseline that was created prior to the changes. By comparing the "current" speed against the "previous" baseline's speed, you can definitely prove if the network is indeed faster as a result of your configuration changes.

Question 51

A technician is configuring a computer lab at a school. The computers need to be able to communicate with each other, but students using the computers should not be able to access the Internet. What rule on the firewall should the technician configure to prevent student access to the Internet? Block all LAN to LAN traffic Block all WAN to LAN traffic Block all WLAN to WAN traffic Block all LAN to WAN traffic

Answer 51

Explanation By blocking all traffic from the LAN to WAN, it will prevent the students from accessing the Internet by blocking all requests to the Internet.

Question 52

You are working as part of a network installation team. Your team has been asked to install Cat 5e cabling to some new offices on the second floor of the building. Currently, the office only has one network closet which is located on the first floor. Your team spent the morning running 48 new CAT 5e cables from a patch panel in the networking closet on the first floor to a new networking closet you are outfitting on the second floor. Your team terminated these cables in a new patch panel in the 2nd floor closet. You measured the distance from the switch in the 1st floor closet to the new second floor patch panel and determined it was 80 meters. The team then ran cables from this patch panel to each of the new offices. Some of the offices are working properly, but others are not. You suspect that some of the cable runs are exceeding the maximum length allowed by Cat 5e cabling. What is the BEST solution to this problem? Install a switch in the second floor networking closet to increase the signal Install a hub in the second floor networking closet to increase the signal Install a repeater between the patch panel and each office Install a small switch in each office to increase the signal Explanation The best option is to install a switch in the networking closet on the second floor which can connect to the cables coming from the first floor closet and then to the cables on the second floor patch panel. This will act as a repeater to boost the signal strength over the Cat5e cable, effectively resetting the cable length to 0 meters before leaving the closet. While a repeater may be a good option, a switch is more effective in this case since there are so many cables and repeaters usually only work for an individual cable. A hub would similarly work, but would introduce a signal collision domain for 48 computers. This would drastically decrease the performance of the network. Finally, we don't want to include a switch in each office, as this is a bad security practice and an inefficient use of resources. It is easier to manage and administer a single, centralized switch in the network closet.

Answer 52

Explanation The best option is to install a switch in the networking closet on the second floor which can connect to the cables coming from the first floor closet and then to the cables on the second floor patch panel. This will act as a repeater to boost the signal strength over the Cat5e cable, effectively resetting the cable length to 0 meters before leaving the closet. While a repeater may be a good option, a switch is more effective in this case since there are so many cables and repeaters usually only work for an individual cable. A hub would similarly work, but would introduce a signal collision domain for 48 computers. This would drastically decrease the performance of the network. Finally, we don't want to include a switch in each office, as this is a bad security practice and an inefficient use of resources. It is easier to manage and administer a single, centralized switch in the network closet.

Question 53

A technician needs to limit the amount of broadcast traffic on a network and allow different segments to communicate with each other. Which of the following should the technician install to satisfy this requirement? Add a router and enable OSPF Add a bridge between two switches Add a firewall and implement proper ACL Add a multilayer switch and create a VLAN

Answer 53

Explanation By adding a multilayer (layer 3) switch, the technician can improve network routing performance and reduce broadcast traffic. Creating a VLAN provides LAN segmentation, as well, within the network and the multilayer switch can conduct the routing between VLANs as needed.

Question 54

Which of the following must be added to a VLAN with a gateway in order to add security to it? 802. 1w 802. 1d A RADIUS server An ACL

Answer 54

Explanation VLANs can be protected with an ACL. Without a properly configured ACL, there is no additional security provided by a VLAN.

Question 55

You are working for a brand new startup company who allows you to use your own laptop, tablet, or other devices while at work. The company does provide some rules and guidelines that you must follow based on their policy. Which of the following policies should you look at to ensure you understand these rules and guidelines? MOU NDA BYOD SOP

Answer 55

Explanation BYOD (Bring Your Own Device) refers to the policy of permitting employees to bring personally owned devices to their workplace, and to use those devices to access privileged company information and applications.

Question 56

Your company is experiencing slow network speeds of about 54Mbps on their wireless network. You have been asked to perform an assessment on the existing wireless network and recommend a solution. You have recommended that the company upgrade to a 802.11n or 802.11ac wireless infrastructure to obtain higher network speeds. Which of the following technologies allows an 802.11n or 802.11ac network to achieve faster speeds? LWAPP MIMO WPA2 PoE

Answer 56

Explanation One way 802.11n and 802.11ac networks achieve superior throughput and speeds is by using a technology called multiple input, multiple output (MIMO). MIMO uses multiple antennas for transmission and reception, which in turn results in higher speeds than 802.11a and 802.11g networks which can only support up to 54 mbps of throughput.

Question 57

Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue? CSMA/CA SSL certificates WPA2 security key RADIUS

Answer 57

Explanation | Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication.

Question 58

You have configured your network into multiple segments by creating multiple broadcast domains. Which of the following devices should you use to allow the different network segments to communicate with each other? Router Switch Bridge Hub

Answer 58

Explanation A router is used to allow different network segments and broadcast domains to communicate with each other. If you have a Layer 3 switch, this will also function as a router and allow communication to occur. Since the question didn't specify if the switch was a layer 2 or layer 3 switch, we must assume it is a traditional layer 2 switch which cannot route traffic from one broadcast domain to the other broadcast domains.

Question 59

A network technician needs to identify active services that should be disabled on the network. What tool would BEST accomplish this? Port scanner Packet analyzer Interface monitoring tool Content filter

Answer 59

Explanation Port Scanner will scan for what ports are open or closed enabling certain services or not. Such as if port 22 is open, that means Secure Shell service is enabled. Or if port 25 is open then the SMTP service is enabled.

Question 60

You are conducting a port scan of an older server on your network to determine what services are being run on it. You find that port 80 and 443 are open, but port 20 and 21 are reported as closed. All other ports are reported as FILTERED. Based on this report, what can you determine about the server? The server is offline and not responding The service is running a FTP server and it is denying any other service requests The server is running as a web server and is denying any other service requests The server is behind a firewall and is blocked from receiving any traffic

Answer 60

Explanation When a port scanner returns a result of CLOSED, it means the service is denying the inbound traffic on that port. In this case, it is denying FTP traffic on ports 20 and 21. This server is running a web server (port 80 and 443), but those are showing as OPEN and receiving traffic. All the FILTERED ports are being blocked by the network firewall.

Question 61

A technician is troubleshooting a newly-installed WAP that is sporadically dropping connections to devices on the network. Which of the following should the technician check FIRST during troubleshooting? WAP placement (Correct) Bandwidth saturation WAP SSID Encryption type

Answer 61

Explanation For optimal network performance, the placement of the Wireless Access Point (WAP) guidelines should be taken into consideration to ensure that the building's construction doesn't cause interference with the wireless signals.

Question 62

(This is a simulated Performance-Based Question.) What is the correct color scheme for Pin 1 to Pin 8 for a T-568A connector? blue, white/blue, orange, white/brown, brown, white/green, green, orange/white white/green, green, orange/white, blue, white/blue, orange, white/brown, brown white/green, green, white/orange, orange, blue, white/blue, white/brown, brown white/orange, orange, white/green, blue, white/blue, green, white/brown, brown

Answer 62

Explanation You need to have the T-568-A and T-568-B standards memorized before test day, because you may be asked to perform a drag and drop exercise of placing the right colored wires into the right pin numbers based on a T-568A or T-568B connector. Remember, a straight through cable will have T-568B one both ends. If you are asked to make a cross-over cable, you need a T-568A on one side and a T-568B on the other side.

Question 63

An administrator’s router with multiple interfaces uses OSPF. When looking at the router’s status, it is discovered that one interface is not passing traffic. Given the information below, what would resolve this issue? Output: Fast Ethernet 0 is up, line protocol is down Int ip address is 10.20.130.5/25 MTU 1500 bytes, BW 10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set Keep alive 10 Full duplex, 100Mb/s, 100 Base Tx/Fx Received 1052993 broadcasts 0 input errors 0 packets output, 0 bytes 0 output errors, 0 collisions, 0 resets Set OSPF to area 0 Put the IP address in the right broadcast domain Enable the connecting port Set the loopback address Replace the line card

Answer 63

Explanation | Since the line protocol is down, you will need to enable the connecting port to restore the connection.

Question 64

On which type of cable is an F-connector is used? MMF RG6 SMF Cat 5

Answer 64

Explanation An F connector is a coaxial RF connector commonly used for cable television with an RG6 cable. RG6 is a type of coaxial cable used to transmit audio and video signals to devices such as television sets.

Question 65

Your company hosts all of the company's virtual servers internally in your own datacenter. In the event of total failure or disaster, though, the server images can be restored on a cloud provider and accessed through a VPN. Which of the following types of cloud services is your company using in this scenario? Community PaaS Private SaaS Hybrid SaaS Public IaaS

Answer 65

Explanation Infrastructure as a Service (IaaS) is the foundation of cloud computing. Rather than purchasing or leasing space in expensive datacenter, labor, real estate, and all of the utilities to maintain and deploy computer servers, cloud networks, and storage, cloud buyers rent space in a virtual data center from an IaaS provider. They have access to the virtual data center via the Internet. This type of cloud computing provides the “raw materials” for IT, and users usually only pay for the resources they consume, including (but not limited to) CPU cores, RAM, hard disk or storage space, and data transfer. Since this cloud provider is available to all companies to use, much like Microsoft Azure or Amazon Web Services, this is an example of a Public IaaS or Public Cloud.

Question 66

You are installing a Small Office/Home Office (SOHO) network consisting of a router with 2 ports, a switch with 8 ports, and a hub with 4 ports. The router has one port connected to a cable modem and one port connected to switch port #1. The hub's first port is connected to switch port #2. Based on the description provided, how many collision domains exist in this network? 11 9 8 3

Answer 66

Explanation Based on the description provided, there are 9 collision domains. Each port on the router is a collision domain (2), each port on the switch is a collision domain (8), and all of the ports on the hub make up a single collision domain (1). But, since one of the ports on the router is connected to one of the ports on the switch, they are in the same collision domain (-1). Similarly, the hub and the switch share a common collision domain with their connection to each other over the switch port (-1). This gives us 9 collision domains total: the 8 ports on the switch, and the 1 port on the route that is used by the cable modem.

Question 67

You are working as a network technician and need to create several Cat 5e network cables to run between different computers and the network jacks on the wall. The connections between the switch and the patch panel, and the patch panel and the wall jacks have already been installed and tested. Which of the following tools would NOT be necessary to complete this task? RJ-45 connectors Wire stripper Punchdown tool Cable crimper

Answer 67

Explanation A punchdown tool is used to connect a network cable (such as Cat 5e) to a patch panel, 110-block, or the inside portion of a wall jack, therefore it is not needed for this task. A wire stripper is used to remove the outer plastic shielding from the Cat 5e cable so that you can reach the inner wiring pairs. The RJ-45 connectors are used to make the connection between the cable and a network jack, and the cable crimper is used to ensure the RJ-45 connector stays attached to the end of the Cat 5e cable.

Question 68

A company-wide audit revealed employees are using company laptops and desktops for personal use. To prevent this from occurring, in which document should the company incorporate the phrase “Company-owned IT assets are to be used to perform authorized company business only"? SLA MSA MOU AUP

Answer 68

Explanation | Acceptable Use Policy dictates what types of actions an employee can or cannot do with company-issued IT equipment.

Question 69

An administrator has configured a new 100Mbps WAN circuit, but speed testing shows poor performance when downloading larger files. The download initially reaches close to 100Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the router interface and sees the following: NETRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line is up Hardware is GigabitEthernet, address is 000F.33CC.F13AConfigured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Member of L2 VLAN 1, port is untagged, port state is forwarding What is the issue? Reset the statistics counter for this interface Shutdown and restart the router Shutdown and then re-enable this interface Remove default 802.1q tag and set to server VLAN

Answer 69

Explanation Since the VLAN port is untagged, it can be slowing down performance. It is recommended to remove the default VLAN tag and setup a server VLAN to increase performance.

Question 70

You have been dispatched to investigate some sporadic network outages. After looking at the event logs for the network equipment, you found that the network equipment has been restarting at the same time every day. What should you implement to correct this issue? Grounding bar UPS Surge protector Air flow management

Answer 70

Explanation An Uninterruptible power supply (UPS) is a battery system that can supply short term power to electrical units. Since all the devices are restarting at the same time, it is likely due to a power outage. In this case, a UPS would continue to supply power to the network equipment during outages or blackouts.

Question 71

A network technician has configured a point-to-point interface on a router. Once the fiber optic cables have been run, though, the interface will not come up. The technician has cleaned the fiber connectors and used an optical power meter to confirm that light is passing in both directions without excessive loss. What is the MOST likely cause of this issue? Distance limitation Wavelength mismatch EMI Cross-talk

Answer 71

Explanation Wavelength mismatch is when one or more wavelengths in a fiber optic cable are unequal and cannot be measured using an optical power meter. Cross-talk and EMI are both elements that are irrelevant to Fiber optics.