Practice test 4 Flashcards
As you arrive to work this morning, you look up at the building and notice a microwave antenna that is pointing another antenna on top of your company’s support building across the street. Which of the following network topologies BEST represents this network connection over the microwave link?
Point to multipoint
Point to point
Mesh
peer to peer
This connection is best represented by a point-to-point connection since it is being used as a Campus Area Network connection to directly connect the two buildings.
A technician installs a new piece of hardware and now needs to add the device to the network management tool database. However, when adding the device to the tool using SNMP credentials, the tool cannot successfully interpret the results. Which of the following needs to be added to allow the network management tool to interpret the new device and control it using SNMP?
MIB
TRAP
WALK
GET
Management Information Base (MIB) is used for managing all entities on a network using Simple Network Management Protocol. It would allow whatever tool to correctly interpret the information received.
A company utilizes a patching server to regularly update its PCs. After the latest round of patching, all of the older PCs with non-gigabit Ethernet cards become disconnected from the network and now require a technician to fix the issue locally at each PC. What could be done to prevent this problem next time?
Disable to automatic driver updates to PCs on the patching server.
Require the patching server to update the oldest PCs off hours.
Throttle the connection speed of the patching server to match older PCs.
Enable automatic rebooting of the PCs after patching is completed.
The most likely cause of this issue was a forced driver update being pushed from the update server to the older PCs, breaking their ability to use their network cards. It is best to disable automatic driver updates for PCs and have them tested first.
Your supervisor has asked you to run a Cat 5e cable between two network switches in the server room. Which type of connector should be used with a Cat 5e cable?
DB-25
RJ-45
RS-232
RJ-11
A Cat 5e cable should uses a RJ-45 connector on each end of the cable. This is the standard type of connector for Cat 3, Cat 5, Cat 5e, and Cat 6a cables.
What is used to authenticate remote workers who connect from offsite?
VTP trunking
OSPF
802.1x
Virtual PBX
802.1x can be used because it is designed to enhance the security of wireless local area networks (WLANs) . WLANs provide an authentication framework, allowing a user to be authenticated by a central authority. RADIUS (Remote Authentication Dial-In User Service) allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Remote users connect to one or more Remote Access Servers. The remote access servers then forward the authentication requests to the central RADIUS server. 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC). It provides an authentication mechanism to devices wishing to attach to a network. 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client that wishes to attach to the network. The authenticator is a network device, such as an Ethernet switch, wireless access point or in this case, a remote access server and the authentication server is the RADIUS server.
You are currently working as a firewall technician. You have received a request to open up a few ports on the firewall to allow a newly VoIP system to operate properly. The installer has requested that the ports associated with SIP, RDP, H.323, and RTP be opened to allow the new system to operate properly. Which of these ports are NOT used by a typical VoIP system?
H.323
RDP
SIP
RTP
RDP is the protocol for the Remote Desktop Protocol and operates over port 3389. This is not used in a typical VoIP system. SIP (Session Initiation Protocol), H.323 (voice/video conferencing) protocol, and the RTP (Real-time Transport Protocol) are all used heavily in VoIP and video conferencing solutions.
A network engineer is conducting an assessment for a customer who wants to implement an 802.11ac wireless network. Before the engineer can estimate the number of WAPs needed, it is important to reference the _______________.
Network topology
Network diagram
PoE requirements
Site survey
Since it is a wireless network, a review of a site survey is necessary to determine any physical advantages and disadvantages. Network topology and Network diagrams can be created once the site survey is complete and the location of the access points is determined.
A technician wants to update the organization’s disaster recovery plans. Which of the following would allow network devices to be replaced quickly in the event of a device failure?
Proper asset tagging and labeling
Archives/backups
Vendor documentation
Network Baseline
Having backups of the server data would allow for a quick recovery in the event of a device failure.
A company has implemented the capability to send all log files to a central location by utilizing an encrypted channel. The log files are sent to this location in order to be reviewed. A recent exploit has caused the company’s encryption to become unsecure. What would be required to resolve the exploit?
Install recommended updates
Configure the firewall to block port 22
Send all log files through SMTP
Utilize an FTP service
If the encryption is insecure, then we must look for encryption software updates or patches. If they are available, we must install them.
Which of the following describes a design where traffic is shared between multiple network servers to provide greater throughput and reliability?
MPLS trunking
Load balancing
Multiplexing
VLAN tagging
Load Balancing is a technique used to spread work across multiple computers, network links, or other devices.
Thomas has a server that streams media to the local network and the device is currently visible on the network. All of the workstations on the LAN can ping the device and all the firewalls are currently turned off. The goal is for the streaming media server to be able to allow different workstations to watch the stream if they choose to subscribe to it.The streaming device appears to be functioning properly, but the media won’t stream when requested. Which of the following TCP/IP technologies is MOST likely not implemented properly?
Anycast • Unicast • Multicast * Broadcasts
Explanation
Multicast is not implemented properly because that is the TCP/IP technology that sends out the packets to the requested devices when streaming to multiple workstations from a single streaming media server. As opposed to broadcast (one-to-all), which sends out packets to all devices, multicast (one-to-many-of-many/many-to-many-of-many) only sends packets to many that are specifically requested but not all. Multicast would need to be implemented to route the network device to the LAN so that streaming can function properly.
A network administrator has set up a firewall and entered only three rules allowing network traffic over ports 21, 110, and 25 in an effort to minimize the attack surface and to better secure the network. Unfortunately, now the administrator is receiving complaints from users who are reporting that they cannot access any web pages using their URLs, such as DionTraining.com. Which of the following should the administrator do to correct this issue?
Add a rule to the ACL to allow traffic on ports 137 and 66
Add a rule to the ACL to allow traffic on ports 143 and 22
Add a rule to the ACL to allow traffic on ports 80 and 53
Add a rule to the ACL to allow traffic on ports 445 and 173
Port 80 is used for HTTP traffic. It must be open to allow the web browser to make a request from the network to the web server. Port 53 is needed to reach the DNS servers in order to determine the IP address for a given URL or domain name (such resolving DionTraining.com to its IP address).
A network technician has received reports of an Internet-based application that has stopped functioning. Employees reported that after updating the Internet browsers, the application began to fail. Many users rolled back the update, but this did not correct the issue. Which of the following should the company do to reduce this type of action from causing network problems in the future?
Verify the update hashes match those on the vendor’s website
Segment the network and create a test lab for all updates before deployment
Coordinate the Internet Server update to coincide with the users’ updates
Implement a disaster recovery plan with a hot site to allow users to continue working
Explanation
Segmented networks would ensure every system isn’t updated at the same time and would be updated in groups. The test lab would ensure proper functionality prior to deployment or would allow you to work through the technical difficulties prior to deployment.
What should be considered when troubleshooting the coverage and signal strength of a 802.11n WLAN?
Building materials in the area
Temperature
Humidity
Malware
Explanation
Some building materials are more dense than others. The denser the object, the more you will have a degradation of signal. For optimal signal, a LoS (Line of sight) of 25 feet or less is advised as well.
A network technician is asked to redesign an Ethernet network before some new monitoring software is added to each workstation on the network. The new software will broadcast statistics from each host to a monitoring server for each of the five departments in the company. The added network traffic is a concern of management that must be addressed. How should the technician design the new network?
Place each department in a separate VLAN
Add a router and create a segment for all the monitoring host stations
Increase the collision domains to compensate for the added broadcasts
Increase the number of switches on the network to reduce broadcasts
Explanation
Placing each of the departments on separate VLANs will help minimize the added network traffic. VLANs work by taking multiple physical hosts and LANs and configuring them to act as if they were attached to the same Ethernet switch.
What anti-malware solution should be implemented to deter attackers from loading custom files onto a distributed target platform?
Network-based anti-malware
Signature-based anti-malware
Host-based anti-malware
Cloud-based anti-malware
Explanation
The network-based anti-malware can keep the system secure by testing all communications to/from a distributed target platform.
Which encryption type MOST likely is used for securing the key exchange during a client-to-server VPN connection?
Kerberos
AES
ISAKMP
TKIP
Explanation
ISAKMP is used in IPSec, which is commonly used in securing the key exchange during the establishment of a client-to-server VPN connection.
A network technician receives the following alert from a network device: “High utilizations threshold exceeded on gi1/0/24 : current value 8463257.54” What is being monitored to trigger the alarm?
Network device memory
Speed and duplex mismatch
Network device CPU
Interface link status
Explanation
This is an error message that indicates that threshold of high utilization of network interface, in this case interface gi1/0/24, has been exceeded. The message has been triggered on the interface link status. (Note: gi1/0 would be a gigabyte interface.)
A home user reports that a speed test website shows the following information: Download speed: 33.3Mbps
Upload speed: 10.2Mbps Which of the following is the best interpretation of the results?
The home PC is receiving data at 33.3 Mbps and sending data at 10.2 Mbps.
The home PC downloaded 33.3 MB of data to the website and uploaded 10.2 MB of data to the website.
The website upload bandwidth is saturated and it does not match the download speed.
The website is downloading data to its server at 33.3 Mbps and uploading data from its server at 10.2 Mbps.
Explanation
This connection is an asymmetric connection, like a cable modem or DSL, where upload and download speeds do not match
A small real estate office has about 15 workstations and would like to use DHCP to assign classful IP addresses to each workstation. The subnet only has one octet for the host portion of each device. Which of the following IP addresses could be assigned as the default gateway?
- 0.0.1
- 16.0.1
- 254.0.1
- 168.0.1
Explanation
A non-routable IP address (in this case 192.168.0.1), also known as a private IP address, is not assigned to any one organization and does not need to be assigned by an Internet Service Provider. Since the question wants a classful IP addressing scheme to be assigned to devices, and only one octet being available for the host portion, it would need to be a Class C address. The only Class C address to choose is 192.168.0.1 based on the options provided. The IP 10.0.0.1 is a Class A address. The IP 172.16.0.1 is a Class B address. The IP 169.254.0.01 is an APIPA (reserved) address.
Which of the following devices does a CSU/DSU connect?
A local network to a VPN
A cable modem to a wireless router
A T1 line to a network router
An analog line to a network router
Explanation
A CSU/DSU device is designed to connect a terminal device to a T1 line. The terminal device or Data Terminal Equipment (DTE) such as a router will connect to the T1 line via CSU/DSU (Channel Service Unit/Data Service Unit).
Which of the following should be implemented to allow wireless network access for clients in the lobby using a password key?
RADIUS
IPSec
WPA2
Firewall
Explanation
WPA2 allows the use of a preshared key for wireless network access.
Which WAN technology relies on virtual circuits and point-to-multipoint connections?
PRI
Frame relay
MPLS
ISDN
Explanation
Frame Relay is a WAN technology that specifies the physical and data link layers of digital telecommunications channels using a packet switching methodology. It supports the use of virtual circuits and point-to-multipoint connections. It is commonly used to connect multiple smaller corporate office locations back to a larger centralized headquarters.
Which of the following network topologies requires that all nodes have a point-to-point connection with each and every other node in the network?
Ring
Mesh
Bus
Star
Explanation
A mesh network is a network topology in which each node relays data for the network. Because of this, physical mesh networks are very expensive to implement and not often used.
A network architect is designing a highly-redundant network with a distance vector routing protocol in order to prevent routing loops. The architect has configured the routers to advertise failed routes with the addition of an infinite metric. What method should the architect utilize?
Route poisoning
Spanning tree
Split horizon
Hold down timers
Explanation
The Route poisoning setting in Cisco’s Split Horizon is what prevents routing loops and shows the failed routes.
A wireless networking technician has completed a survey of a wireless network and documented the detected signal strengths in various locations. This document is known as ______________.
Heat map
Bandwidth survey
Network baseline
Logical Network map
Explanation
A heat map will show the signal strengths of wireless network signals in various locations. Technicians will document this information and use it as a tool during troubleshooting and optimization efforts.
Which of the following is the BEST encryption to use from the options below to meet your manager’s requirements for the new visitors’ Wireless Network?
WPA2-CCMP
WEP
WPA
WPA2-TKIP
Open
Explanation
Since your manager has requested that the visitors not be required to configure anything on their devices, the only option you can choose is Open. This option presents NO security for the visitor’s wireless network, but it also requires no setup on the user’s devices. All of the other options would require some sort of pre-shared key and setup to allow the visitor to use the network.
A technician is installing a network firewall and would like to block all WAN to LAN traffic that is using ports other than the default ports for Internet and email connectivity. What rule should the technician verify FIRST?
An implicit deny is enabled
All inbound traffic is blocked
All outbound traffic is blocked
A DMZ has been created
Explanation
Implicit deny only allows certain traffic through that is specified by certain ports.
The corporate network uses a centralized server to manage credentials for all of its network devices. What type of server is MOST likely being used in this configuration?
Kerberos
RADIUS
DNS
FTP
Explanation
RADIUS is used to centrally manage credentials for network devices. TACACS is an older username and login system that uses authentication to determine access, while RADIUS combines authorization AND authentication. For this question, either RADIUS or TACACS would be an acceptable answer.
A network technician needs to protect IP-based servers in the network DMZ from an intruder trying to discover them. What should the network technician do to protect the network from ping sweeps?
Block echo replies inbound to the DMZ
Disable UDP on the servers
Disable TCP/IP on the server
Block ICMP at the firewall
Explanation
All ping requests are based on Internet Control Message Protocol. Blocking ICMP communication at the firewall would stop the firewall from communicating with any ping sweeps that would occur.
A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password has been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all the networking devices, which of the following should the technician do to prevent the password from being sniffed on the network again?
Copy all configurations to routers using TFTP for security
Ensure the password is 10 characters, containing letters and numbers
Only allow administrators to access routers using port 22
Use SNMPv1 for all configurations involving the router
Explanation
Port 22 uses SSH to authenticate a remote computer or user, or in this case, an administrator. Even if the router has been compromised, the new full rights user would not be able to access their new account without the SSH key, which could only be provided by a true administrator. Telnet uses port 23 and passes all information as unencrypted traffic on the network. Telnet should always be disabled for security reasons and SSH (which uses encryption) should be used instead.
Your co-worker has just installed an unmanaged 24-port switch. He is concerned with the amount of broadcast traffic that may exist when using this device. How many broadcast domains are created when using this single 24-port switch?
0
24
1
2
Explanation
A single 24-port unmanaged switch will have only 1 broadcast domains. Broadcast domains are split up by routers and VLANs. Since this is an unmanaged switch, it will only have a single broadcast domain, but it will have 24 collision domains.
A network administrator is configuring a VLAN across multiple switches. The administrator wants to configure the VLAN once and have that configuration propagate to all of the switches in the network. Which of the following should the administrator do?
Configure the switches to utilize IGRP
Implement port bonding on the switches
Configure the switches to utilize STP
Configure the switches to utilize VTP
Explanation
VLAN Trunking Protocol (VTP) shares VLAN information to all switches in a network.
A technician is setting up a new network and wants to create redundant paths through the network. Which of the following should be implemented to prevent performance degradation within the network?
Port mirroring
Spanning tree
ARP inspection
VLAN
Explanation
The Spanning Tree Protocol (STP) is a network protocol that builds a logical loop-free topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. If you have redundant links setup, it is important to utilize STP to prevent loops within the network.
While installing new network equipment, a network administrator wants to add infrastructure to keep the cables organized in the environment. The administrator also needs cables to be easily removed or added due to the constantly changing environment. Which of the following should be added to the network’s cable distribution plant to achieve this goal?
Cable ties
Ladder trays
Raised floor
Hook and loop straps
Explanation
Ladder trays are a cost-effective alternative and allow for easy installation of cables by electricians as well as future access for adding or removing cable runs.
You are assisting the company with developing a new business continuity plan. What would be the BEST recommendation to add to the BCP?
Perform recurring vulnerability scans
Physically secure all network equipment
Maintain up-to-date configuration backups
Build redundant links between core devices
Explanation
The business continuity plan focuses on the tasks carried out by an organization to ensure that critical business functions continue to operate during and after a disaster. By keeping redundant links between core devices, critical business services can be kept running if one link is unavailable during a disaster. Some of the other options are good ideas, too, but this is the BEST choice.
You have been asked by the physical security manager to assist with his risk assessment of his proposed security measures. He is concerned that during a power outage, the server room might be the target of an attack. Luckily, he has many different protection measures in place to keep intruders out of the server room. During a power outage, which of the following security controls would still be usable?
Motion detectors
Biometric scanners
Door locks
CCTV
Explanation
A traditional door lock doesn’t require power to operate, therefore it will still provide protection to the keep the intruder out of the server room. The other options all require power to function and operate.
You have been hired by a company to upgrade their aging network. The network currently uses static routing for the internal network, but the organization wants to reconfigure it to use a dynamic routing protocol. The new dynamic routing protocol must support IPv4 and VLSM, at a minimum. Based on the requirements provided, which of the following routing protocols should you enable and configure?
HSRP
VRRP
RIPv1
OSPF
Explanation
Of the options provided, only OSPF supports IPv4 and VLSM (Variable Length Subnet Mask). The other protocols do not support VLSM. (Note: RIPv2 and above does in fact support VLSM.
You have been asked to run a cable between a drop ceiling and a standard ceiling and ensure it meets the fire safety requirements for your local government. The cable will be used to support a 10GBaseT network connection for up to 100 meters. Which of the following cables should you use to meet these requirements?
Plenum Cat 5e
Plenum Cat 6a
PVC Cat 6a
PVC Cat 5e
Cat6a can also support 10Gbps for up to 100 meters using 10GBaseT. Cat 5e can only support 1000BaseT (1 Gbps) connections. Since we are concerned with the fire safety rating of the cable, we should use a Plenum cable, not a PVC cable.
Which of the following WAN connection types might an Amplitude Modulation (AM) radio station have a detrimental effect on and cause interference?
SONET
DOCSIS
Metro-Ethernet
Frame relay
Explanation
DOCSIS is how cable modems operate by sending radio frequency waves over coaxial cables. AM frequencies can interfere with DOCSIS. The other answers all rely on networks, such as fiber, which are immune to radio frequency interference.
You are about to perform a major configuration upgrade to a network device. What should you have prepared in case the upgrade fails?
Rollback plan
Vulnerability report
Business continuity plan
Baseline report
Explanation
The purpose of a rollback plan is to document at every point during the deployment of a change or upgrade where you can stop the deployment and return to a known-good state.
Which of the following wireless characteristic does channel bonding improve?
Coverage area
Signal strength
Connection speed
Encryption strength
Explanation
Channel Bonding is used to reduce redundancy or increase throughput, directly affecting the connection speed of a wireless connection. Signal strength only refers to the maximum transmitted power by an antenna.
What is BEST used to perform a one-time temporary posture assessment in a NAC environment?
Host-based firewall
Intrusion prevention system
Non-persistent agent
Antivirus
Explanation
A non-persistent agent is used to access the device during one-time check-in at login. This is beneficial in BYOD (Bring Your Own Device) policies.
You are troubleshooting your company’s T-1 connection to your ISP. The ISP has asked you to place a loopback on the device which connects your T-1 line to their central office. Which of the following devices should you connect the loopback plug on?
Fiber optic modem
Channel remote module
Channel service unit
Digital subscriber line modem
Explanation
The CSU/DSU terminates a T1 line at the customer’s site. Therefore, the CSU (Channel Service Unit) should have the loopback plug attached to test the connection.
You are assisting a member of your organization’s security team during an incident response. The team member asks you to determine if there are any strange TCP connections occurring on a given workstation. You open the command prompt on the workstation. Which of the following tools would provide you with information on any TCP connections that currently exist on the workstation?
route
netstat
tracert
arp
Explanation Netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface and network protocol statistics. It is useful when trying to determine if a workstation is attempting outbound connections due to malware (beaconing activity), or has ports open and listening for inbound connections.
Which network device operates at Layer 2?
Router
Switch
Firewall
Repeater
Explanation
A basic switch operates at Layer 2 of the OSI model. For the exam, unless they mention a “multilayer switch” or “layer 3 switch”, always assume they are referencing a basic layer 2 switch.
A technician just completed a new external website and setup access rules in the firewall. After some testing, only users outside the internal network can reach the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using an internal IP address?
Place the server in the DMZ
Configure NAT on the firewall
Implement a split horizon DNS
Adjust the proper internal ACL
Explanation
Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for internal and external networks as a means of security and privacy management.
Exploiting a weakness in a user’s wireless headset to compromise the mobile device is known as what?
Multiplexing
Smurfing
Bluejacking
Zero-day attack
Explanation
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptop computers or sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another.
A company is experiencing accessibility issues reaching services on a cloud-based system. What monitoring tools should be used to locate possible outages?
Network analyzer
Network sniffer
Packet analyzer
Protocol analyzer
Explanation
A network analyzer is a useful tool, helping you do things like track traffic and malicious usage on the network. A software tool like Wireshark is a network analyzer and protocol analyzer.
Over the past week, the users of your network have reported that the network has been operating slowly. You have made some changes to the network to attempt to increase its speed and responsiveness, but your supervisor is requesting that you provide some proof that the network is actually faster and doesn’t just “feel” faster. Which of the following should you use to prove that the current configuration has improved the speed of the network?
Present him with a logical network diagram showing the configuration changes
Provide him a copy of the approved change request for your configuration changes
Present him with a physical network diagram that shows the changes you made
Show him the results of a new performance baseline assessment
Explanation
The only way to prove to your supervisor that the network is actually faster and more responsive is to conduct a new performance baseline and compare it to the results of the baseline that was created prior to the changes. By comparing the “current” speed against the “previous” baseline’s speed, you can definitely prove if the network is indeed faster as a result of your configuration changes.
A technician is configuring a computer lab at a school. The computers need to be able to communicate with each other, but students using the computers should not be able to access the Internet. What rule on the firewall should the technician configure to prevent student access to the Internet?
Block all LAN to LAN traffic
Block all WAN to LAN traffic
Block all WLAN to WAN traffic
Block all LAN to WAN traffic
Explanation
By blocking all traffic from the LAN to WAN, it will prevent the students from accessing the Internet by blocking all requests to the Internet.
You are working as part of a network installation team. Your team has been asked to install Cat 5e cabling to some new offices on the second floor of the building. Currently, the office only has one network closet which is located on the first floor. Your team spent the morning running 48 new CAT 5e cables from a patch panel in the networking closet on the first floor to a new networking closet you are outfitting on the second floor. Your team terminated these cables in a new patch panel in the 2nd floor closet. You measured the distance from the switch in the 1st floor closet to the new second floor patch panel and determined it was 80 meters. The team then ran cables from this patch panel to each of the new offices. Some of the offices are working properly, but others are not. You suspect that some of the cable runs are exceeding the maximum length allowed by Cat 5e cabling. What is the BEST solution to this problem?
Install a switch in the second floor networking closet to increase the signal
Install a hub in the second floor networking closet to increase the signal
Install a repeater between the patch panel and each office
Install a small switch in each office to increase the signal
Explanation
The best option is to install a switch in the networking closet on the second floor which can connect to the cables coming from the first floor closet and then to the cables on the second floor patch panel. This will act as a repeater to boost the signal strength over the Cat5e cable, effectively resetting the cable length to 0 meters before leaving the closet. While a repeater may be a good option, a switch is more effective in this case since there are so many cables and repeaters usually only work for an individual cable. A hub would similarly work, but would introduce a signal collision domain for 48 computers. This would drastically decrease the performance of the network. Finally, we don’t want to include a switch in each office, as this is a bad security practice and an inefficient use of resources. It is easier to manage and administer a single, centralized switch in the network closet.
Explanation
The best option is to install a switch in the networking closet on the second floor which can connect to the cables coming from the first floor closet and then to the cables on the second floor patch panel. This will act as a repeater to boost the signal strength over the Cat5e cable, effectively resetting the cable length to 0 meters before leaving the closet. While a repeater may be a good option, a switch is more effective in this case since there are so many cables and repeaters usually only work for an individual cable. A hub would similarly work, but would introduce a signal collision domain for 48 computers. This would drastically decrease the performance of the network. Finally, we don’t want to include a switch in each office, as this is a bad security practice and an inefficient use of resources. It is easier to manage and administer a single, centralized switch in the network closet.
A technician needs to limit the amount of broadcast traffic on a network and allow different segments to communicate with each other. Which of the following should the technician install to satisfy this requirement?
Add a router and enable OSPF
Add a bridge between two switches
Add a firewall and implement proper ACL
Add a multilayer switch and create a VLAN
Explanation
By adding a multilayer (layer 3) switch, the technician can improve network routing performance and reduce broadcast traffic. Creating a VLAN provides LAN segmentation, as well, within the network and the multilayer switch can conduct the routing between VLANs as needed.
Which of the following must be added to a VLAN with a gateway in order to add security to it?
- 1w
- 1d
A RADIUS server
An ACL
Explanation
VLANs can be protected with an ACL. Without a properly configured ACL, there is no additional security provided by a VLAN.
You are working for a brand new startup company who allows you to use your own laptop, tablet, or other devices while at work. The company does provide some rules and guidelines that you must follow based on their policy. Which of the following policies should you look at to ensure you understand these rules and guidelines?
MOU
NDA
BYOD
SOP
Explanation
BYOD (Bring Your Own Device) refers to the policy of permitting employees to bring personally owned devices to their workplace, and to use those devices to access privileged company information and applications.
Your company is experiencing slow network speeds of about 54Mbps on their wireless network. You have been asked to perform an assessment on the existing wireless network and recommend a solution. You have recommended that the company upgrade to a 802.11n or 802.11ac wireless infrastructure to obtain higher network speeds. Which of the following technologies allows an 802.11n or 802.11ac network to achieve faster speeds?
LWAPP
MIMO
WPA2
PoE
Explanation
One way 802.11n and 802.11ac networks achieve superior throughput and speeds is by using a technology called multiple input, multiple output (MIMO). MIMO uses multiple antennas for transmission and reception, which in turn results in higher speeds than 802.11a and 802.11g networks which can only support up to 54 mbps of throughput.
Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?
CSMA/CA
SSL certificates
WPA2 security key
RADIUS
Explanation
Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication.
You have configured your network into multiple segments by creating multiple broadcast domains. Which of the following devices should you use to allow the different network segments to communicate with each other?
Router
Switch
Bridge
Hub
Explanation
A router is used to allow different network segments and broadcast domains to communicate with each other. If you have a Layer 3 switch, this will also function as a router and allow communication to occur. Since the question didn’t specify if the switch was a layer 2 or layer 3 switch, we must assume it is a traditional layer 2 switch which cannot route traffic from one broadcast domain to the other broadcast domains.
A network technician needs to identify active services that should be disabled on the network. What tool would BEST accomplish this?
Port scanner
Packet analyzer
Interface monitoring tool
Content filter
Explanation
Port Scanner will scan for what ports are open or closed enabling certain services or not. Such as if port 22 is open, that means Secure Shell service is enabled. Or if port 25 is open then the SMTP service is enabled.
You are conducting a port scan of an older server on your network to determine what services are being run on it. You find that port 80 and 443 are open, but port 20 and 21 are reported as closed. All other ports are reported as FILTERED. Based on this report, what can you determine about the server?
The server is offline and not responding
The service is running a FTP server and it is denying any other service requests
The server is running as a web server and is denying any other service requests
The server is behind a firewall and is blocked from receiving any traffic
Explanation
When a port scanner returns a result of CLOSED, it means the service is denying the inbound traffic on that port. In this case, it is denying FTP traffic on ports 20 and 21. This server is running a web server (port 80 and 443), but those are showing as OPEN and receiving traffic. All the FILTERED ports are being blocked by the network firewall.
A technician is troubleshooting a newly-installed WAP that is sporadically dropping connections to devices on the network. Which of the following should the technician check FIRST during troubleshooting?
WAP placement
(Correct)
Bandwidth saturation
WAP SSID
Encryption type
Explanation
For optimal network performance, the placement of the Wireless Access Point (WAP) guidelines should be taken into consideration to ensure that the building’s construction doesn’t cause interference with the wireless signals.
(This is a simulated Performance-Based Question.) What is the correct color scheme for Pin 1 to Pin 8 for a T-568A connector?
blue, white/blue, orange, white/brown, brown, white/green, green, orange/white
white/green, green, orange/white, blue, white/blue, orange, white/brown, brown
white/green, green, white/orange, orange, blue, white/blue, white/brown, brown
white/orange, orange, white/green, blue, white/blue, green, white/brown, brown
Explanation
You need to have the T-568-A and T-568-B standards memorized before test day, because you may be asked to perform a drag and drop exercise of placing the right colored wires into the right pin numbers based on a T-568A or T-568B connector. Remember, a straight through cable will have T-568B one both ends. If you are asked to make a cross-over cable, you need a T-568A on one side and a T-568B on the other side.
An administrator’s router with multiple interfaces uses OSPF. When looking at the router’s status, it is discovered that one interface is not passing traffic. Given the information below, what would resolve this issue? Output: Fast Ethernet 0 is up, line protocol is down Int ip address is 10.20.130.5/25 MTU 1500 bytes, BW 10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set Keep alive 10 Full duplex, 100Mb/s, 100 Base Tx/Fx Received 1052993 broadcasts 0 input errors 0 packets output, 0 bytes 0 output errors, 0 collisions, 0 resets
Set OSPF to area 0
Put the IP address in the right broadcast domain
Enable the connecting port
Set the loopback address
Replace the line card
Explanation
Since the line protocol is down, you will need to enable the connecting port to restore the connection.
On which type of cable is an F-connector is used?
MMF
RG6
SMF
Cat 5
Explanation
An F connector is a coaxial RF connector commonly used for cable television with an RG6 cable. RG6 is a type of coaxial cable used to transmit audio and video signals to devices such as television sets.
Your company hosts all of the company’s virtual servers internally in your own datacenter. In the event of total failure or disaster, though, the server images can be restored on a cloud provider and accessed through a VPN. Which of the following types of cloud services is your company using in this scenario?
Community PaaS
Private SaaS
Hybrid SaaS
Public IaaS
Explanation
Infrastructure as a Service (IaaS) is the foundation of cloud computing. Rather than purchasing or leasing space in expensive datacenter, labor, real estate, and all of the utilities to maintain and deploy computer servers, cloud networks, and storage, cloud buyers rent space in a virtual data center from an IaaS provider. They have access to the virtual data center via the Internet. This type of cloud computing provides the “raw materials” for IT, and users usually only pay for the resources they consume, including (but not limited to) CPU cores, RAM, hard disk or storage space, and data transfer. Since this cloud provider is available to all companies to use, much like Microsoft Azure or Amazon Web Services, this is an example of a Public IaaS or Public Cloud.
You are installing a Small Office/Home Office (SOHO) network consisting of a router with 2 ports, a switch with 8 ports, and a hub with 4 ports. The router has one port connected to a cable modem and one port connected to switch port #1. The hub’s first port is connected to switch port #2. Based on the description provided, how many collision domains exist in this network?
11
9
8
3
Explanation
Based on the description provided, there are 9 collision domains. Each port on the router is a collision domain (2), each port on the switch is a collision domain (8), and all of the ports on the hub make up a single collision domain (1). But, since one of the ports on the router is connected to one of the ports on the switch, they are in the same collision domain (-1). Similarly, the hub and the switch share a common collision domain with their connection to each other over the switch port (-1). This gives us 9 collision domains total: the 8 ports on the switch, and the 1 port on the route that is used by the cable modem.
You are working as a network technician and need to create several Cat 5e network cables to run between different computers and the network jacks on the wall. The connections between the switch and the patch panel, and the patch panel and the wall jacks have already been installed and tested. Which of the following tools would NOT be necessary to complete this task?
RJ-45 connectors
Wire stripper
Punchdown tool
Cable crimper
Explanation
A punchdown tool is used to connect a network cable (such as Cat 5e) to a patch panel, 110-block, or the inside portion of a wall jack, therefore it is not needed for this task. A wire stripper is used to remove the outer plastic shielding from the Cat 5e cable so that you can reach the inner wiring pairs. The RJ-45 connectors are used to make the connection between the cable and a network jack, and the cable crimper is used to ensure the RJ-45 connector stays attached to the end of the Cat 5e cable.
A company-wide audit revealed employees are using company laptops and desktops for personal use. To prevent this from occurring, in which document should the company incorporate the phrase “Company-owned IT assets are to be used to perform authorized company business only”?
SLA
MSA
MOU
AUP
Explanation
Acceptable Use Policy dictates what types of actions an employee can or cannot do with company-issued IT equipment.
An administrator has configured a new 100Mbps WAN circuit, but speed testing shows poor performance when downloading larger files. The download initially reaches close to 100Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the router interface and sees the following:
NETRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line is up
Hardware is GigabitEthernet, address is 000F.33CC.F13AConfigured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
Member of L2 VLAN 1, port is untagged, port state is forwarding
What is the issue?
Reset the statistics counter for this interface
Shutdown and restart the router
Shutdown and then re-enable this interface
Remove default 802.1q tag and set to server VLAN
Explanation
Since the VLAN port is untagged, it can be slowing down performance. It is recommended to remove the default VLAN tag and setup a server VLAN to increase performance.
You have been dispatched to investigate some sporadic network outages. After looking at the event logs for the network equipment, you found that the network equipment has been restarting at the same time every day. What should you implement to correct this issue?
Grounding bar
UPS
Surge protector
Air flow management
Explanation
An Uninterruptible power supply (UPS) is a battery system that can supply short term power to electrical units. Since all the devices are restarting at the same time, it is likely due to a power outage. In this case, a UPS would continue to supply power to the network equipment during outages or blackouts.
A network technician has configured a point-to-point interface on a router. Once the fiber optic cables have been run, though, the interface will not come up. The technician has cleaned the fiber connectors and used an optical power meter to confirm that light is passing in both directions without excessive loss. What is the MOST likely cause of this issue?
Distance limitation
Wavelength mismatch
EMI
Cross-talk
Explanation
Wavelength mismatch is when one or more wavelengths in a fiber optic cable are unequal and cannot be measured using an optical power meter. Cross-talk and EMI are both elements that are irrelevant to Fiber optics.
