Practice test 6

Question 1

A client is concerned about a hacker compromising a network in order to gain access to confidential research data. What could be implemented to redirect any attackers on the network?
•	 
DMZ
•	 
Content filter
•	 
Botnet
•	 
Honeypot

Answer 1

Explanation
A honeypot is a computer security mechanism set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data that appears to be a legitimate part of the site, but is actually isolated and monitored, and seems to contain information or a resource of value to attackers, who are then blocked.

Question 2

After upgrading a fiber link from 1Gbps, a network technician ran a speed test of the link. The test shows the link is not operating at full speed and connectivity is intermittent. The two buildings are 1,476ft (450m) apart and are connected using CM4 fiber and 10G SR SFPs. The fiber runs through the electrical and boiler rooms of each building. Which of the following is the MOST likely cause of the connectivity issues?
•
The wrong SFPs are being used

•	 
There is interference from the electrical room
•	 
CM1 fiber should be used instead
•	 
There is heat from the boiler room

Answer 2

Explanation
The process of elimination allows us to drop out interference from the electrical room and heat from the boiler room as the heat definitely doesn’t cause connectivity issues. There’s not much information on the CM1 fiber, however, SFPs will work but will not work in a GBIC port intended for SFP+.

Question 3

A network administrator is noticing slow response times from the server to hosts on the network. After adding several new hosts, the administrator realizes that CSMA/CD results in network slowness due to congestion at the server NIC. What should the network administrator do?
•
Add a honeypot to reduce traffic to the server
•
Update the Ethernet drivers to use 802.3
•
Add additional network cards to the server
•
Disable CSMA/CD on the network

Answer 3

Explanation

Adding dual NICs to the server can increase the bandwidth at the server and minimize congestion.

Question 4

A network technician is diligent about maintaining all system servers at the most current service pack level available. After performing upgrades, users experience issues with server-based applications. Which of the following should be used to prevent issues in the future?
•
Configure an automated patching server
•
Virtualize the servers and take daily snapshots
•
Configure a honeypot for application testing
•
Configure a test lab for updates

Answer 4

Explanation
To prevent the service pack issues, make sure to validate them in a test/lab environment first before going ahead and applying a new Service Pack in your production environment. While using an automated patching server is a good idea, no patches should be deployed prior to being tested in a lab first.

Question 5

A firewall technician configures a firewall in order to allow HTTP traffic as follows: Source IP     Zone     Dest IP     Zone      Port      ActionAny              Untrust     Any       DMZ       80        Allow The organization should upgrade to what technology to prevent unauthorized traffic from traversing the firewall?
•	 
HTTPS
•	 
Stateless packet inspection
•	 
Intrusion detection system
•	 
Application aware firewall

Answer 5

Explanation
Application aware firewall can analyze and verify protocols all the way up to layer 7 of the OSI reference model. It has the advantage to be aware of the details at the application layer. Since we desired to allow HTTP traffic, we must deal with the traffic at the application layer. This will prevent an attacker from sending SSH traffic over port 80, for example. By using an application aware firewall, only HTTP traffic will be allowed over port 80.

Question 6

What network device uses ACLs to prevent unauthorized access into company systems?
•	 
IDS
•	 
Firewall
 •	 
Content filter
•	 
Load balancer

Answer 6

Explanation
A firewall is a network security device which is designed to prevent systems or traffic from unauthorized access. An ACL is a list that shows which traffic or devices should be allowed into or denied from accessing the network.

Question 7

A software company is meeting with a car manufacturer to finalize discussions. In the signed document, the software company will provide the latest versions of its mapping application suite for the car manufacturer’s next generation of cars. In return, the car manufacturer will provide three specific vehicle analytics to the software company to enhance the software company’s mapping application suite. The software company can offer its enhanced mapping application to other car manufacturers but must pay the car manufacturer a royalty. Which of the following BEST describes the document used in this scenario? 
•	 
MSA
•	 
SLA
•	 
MOU
 •	 
AUP

Answer 7

Explanation

MOU is a memorandum of understanding. This is the most accurate description based on the choices given.

Question 8

A disgruntled employee executes a man-in-the-middle attack on the company network. Layer 2 traffic destined for the gateway is redirected to the employee’s computer. This type of attack is an example of:
•	 
ARP cache poisoning
 •	 
IP spoofing
•	 
Amplified DNS attack
•	 
Evil twin

Answer 8

Explanation
ARP poisoning reroutes data and allows an attacker to intercept packets of data intended for another recipient. ARP attacks can be sent from any host on the local area network and the goal is to associate the host so that any traffic meant for something else will instead go directly to the attacker’s PC.

Question 9

Which storage network technology utilizes file-level storage to function properly?
•	 
iSCSI
•	 
FCoE
•	 
NAS
 •	 
SAN

Answer 9

Explanation
A NAS uses file-level storage, while the others all use block-level storage. Block-level storage is a type of storage commonly deployed by larger businesses and enterprises in storage area networks (SANs) and similar large-scale storage systems. Each block in a block-level storage system can be controlled as an individual hard drive, and the blocks are managed by a server operating system. Block-level storage protocols like iSCSI, Fibre Channel and FCoE (Fibre Channel over Ethernet) are utilized to make the storage blocks visible and accessible by the server-based operating system.

Question 10

A network technician is selecting the best way to protect a branch office from as many different threats from the Internet as possible using a single device. Which of the following should meet these requirements?
•	 
Configure a network-based firewall
•	 
Configure a firewall with UTM
 •	 
Configure a host-based firewall
•	 
Configure a host-based intrusion detection system

Answer 10

Explanation
Since this is a branch office and you want to protect yourself from as many threats as possible, using a Unified Threat Management firewall would be best. It will protect you from the most things using a single device. A network-based firewall protects everything on the other side of the Internet (your network). Host-based firewalls are great too but the network-based firewall is configured once to protect all devices.

Question 11

Today, your company's network started to experience network connectivity issues for various workstations around the company. As you begin troubleshooting, you identify that all the workstations receive their connectivity from a single switch on the 3rd floor of the office building. You start searching the 3rd floor for the cause of this issue and find a small wired router plugged into a network jack in the office of the Sales manager. From this small wired router, he has connected his workstation and a small Smart TV so he can watch Netflix while working. You ask the sales manager when he brought in the new router and he says he just hooked it up this morning. What type of issue did the sales manager accidentally introduced into the network by installing the router?
•	 
Evil twin
•	 
VLAN mismatch
•	 
Network loop
•	 
Rogue DHCP server

Answer 11

Explanation
Routers usually contain their own DHCP servers. When the sales manager installed the wired router, he inadvertently introduced a secondary DHCP server into the network. This could cause the same IP addresses to be assigned to two different workstations, resulting in connectivity issues for those workstations. Had the sales manager installed a simple hub or switch, this would not have caused any issues. Because this is a wired router, it cannot be an evil twin since evil twins are wireless access points. Also, we have no indication of a VLAN mismatch, since this would only affect the workstations connected to this router. Similarly, we have no indication of a network loop, so this network might already be implementing good practices by utilizing a STP to prevent them.

Question 12

Your company has just installed a brand new email server, but during the initial tests you determined that the server is unable to send emails to another server. You decided to check the firewall's ACL to see if the server's outgoing email is being blocked. Which of the following ports should you ensure is open and not blocked by the firewall?
•	 
143
•	 
995
•	 
25
 •	 
110

Answer 12

Explanation
Port 25 is the designated port for the Simple Mail Transfer Protocol. SMTP is used for outbound email, including mail relay functionality.

Question 13

The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following devices would BEST handle the rerouting caused by the disruption of service?
•	 
Layer 3 switch
 •	 
Proxy server
•	 
Layer 2 switch
•	 
Smart hub

Answer 13

Explanation
A layer 3 switch is the best option because in addition to its capability of broadcast traffic reduction, it provides fault isolation and simplified security management. This is achieved through the use of IP address information to make routing decisions when managing traffic between LANs.

Question 14

During a business trip, Bobby connects to the wireless network at the hotel to send emails to some of his clients. The next day, Bobby notices that additional emails have been sent out from his account without consent. Which of the following protocols was MOST likely used to compromise the Bobby's email password utilizing a network sniffer?
•	 
SSL
•	 
HTTP
 •	 
TFTP
•	 
DNS

Answer 14

Explanation
HTTP is an unsecured protocol and information is passed without encryption. If the user signed into their webmail over HTTP instead of HTTPS, a network sniffer could compromise the username and password. Additionally, if the user was using an email client, then the SMTP connection could have been compromised, but since that wasn’t an option in this question, we must assume Bobby used a webmail client over HTTP instead.

Question 15

A desktop computer is connected to the network and receives an APIPA address but is unable to reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet are able to reach the Internet. What is the MOST likely source of the problem?
•	 
802.1q is configured on the switch port
 •	 
APIPA has been misconfigured on the VLAN
•	 
Bad SFP in the PC's 10/100 NIC
•	 
OS updates have not been installed

Answer 15

Explanation
APIPA addresses are self-configured and are used when the client is unable to get proper IP configuration from a DHCP server. One possible source of this problem is a misconfigured switch port that the computer is connected to. The 802.1q protocol is used to configure VLAN trunking and should be configured on the trunk port, not the on switch port.

Question 16

A technician is troubleshooting a desktop connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology?
•
Remove the ARP entry on the user’s desktop
•
Identify a suitable time to resolve the issue on the affected desktop
•
Duplicate the issue in a lab by removing the ARP entry
•
Document the findings and provide a plan of action

Answer 16

Explanation
Based on the troubleshooting methodology, once you have come up with a probable cause (the static ARP entry), you should try to test your hypothesis. Since this issue has already cause the workstation to not be able to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn’t fix the issue, you would need to then come up with a new hypothesis, and test it as well.

Question 17

Your company just moved into a beautiful new building. The building has been built with large glass windows that cover most of the walls and ceiling to provide natural light to be visible throughout the offices. You have noticed that your cell phone gets really poor cellular connectivity when inside the building. What is the MOST likely cause of the poor cellular service within the building?
•	 
Frequency mismatch
•	 
Channel overlap
•	 
Absorption
•	 
Reflection

Answer 17

Explanation
A cellular signal is comprised of radio waves. Just like light, radio waves can bounce off of certain surfaces and materials. Metal and glass are considered highly reflective materials which can cause poor cellular service and connectivity within office buildings that use intricately designed glass walls and ceilings. If a large amount of reflection occurs, signals can be weakened and also cause interference at the receiver’s device.

Question 18

When a switch has multiple paths to reach the root bridge, what state is the port with the LEAST desirable path placed by the spanning tree protocol?
•	 
Forwarding
•	 
Bonding
•	 
Blocking
 •	 
Listening

Answer 18

Explanation

Blocking is the state in the spanning tree protocol that prevents looping in the network.

Question 19

Users are reporting extreme slowness across the network every Friday. What should the network technician review first to narrow down the root cause of the problem?
•	 
Baseline
•	 
Bottleneck
•	 
Utilization
 •	 
Link status

Answer 19

Explanation
Reviewing the network utilization can help the technician identify why the slowness is being experienced every Friday, such as users placing additional load on the network by streaming videos or something similar.

Question 20

Last night, your company's system administrators conducted a server upgrade. This morning, several users are having issues accessing the company's share drive on the network. You have been asked to troubleshoot the problem. What document should you look at first to create a probable theory for the cause of the issue?
•	 
Change management documentation
 •	 
Release notes for the server software
•	 
Physical network diagram
•	 
Cable management plan

Answer 20

Explanation
Since everything worked before the server upgrade and doesn’t now, it would be a good idea to first look at the change management documentation that authorized the change/upgrade. This should include the specific details of what was changed and what things may have been affected by the change. This is the best place to start when determining what changed since yesterday.

Question 21

Dion Training Solutions is launching their brand new website. The website needs to be continually accessible to our students and reachable 24x7. Which networking concept would BEST ensure that the website remains up at all times?
•	 
Snapshots
•	 
Warm site
•	 
Cold site
•	 
High availability

Answer 21

Explanation
High availability is a concept that uses redundant technologies and processes to ensure that a system is up and accessible to the end users at all times. Snapshots, warm sites, and cold sites may be useful for recovering from a disaster-type event, but they will not ensure high availability.

Question 22

Which of the following concepts is the MOST important for a company's long-term health in the event of a disaster?
•	 
Vulnerability scanning
•	 
Implementing acceptable use policy
•	 
Offsite backups
 •	 
Uninterruptible power supplies

Answer 22

Explanation
In case of a disaster, you must protect your data. Some of the most common strategies for data protection include backups made to tape and sent off site at regular intervals. All of the other options are good, too, but the MOST important is a good backup copy of your company’s data.

Question 23

You work for a small company that wants to add a share drive to their network. They are looking for a simple solution that will easily integrate into the existing network, will be easy to configure, and can share files with all the network clients over TCP/IP. Which of the following is the BEST recommended storage solution for this network?
•	 
Fibre Channel
•	 
NAS
 •	 
iSCSI
•	 
FCOE

Answer 23

Explanation
A network-attached storage (NAS) device is a self-contained computer that connects to a home or business network and can share files over TCP/IP. It is a rapidly growing choice for data storage and can provide data access to numerous users on a network. A NAS consists of hard disk for storage of files and usually utilizes a RAID system for redundancy and/or performance.

Question 24

After an employee connected one of the switch ports on a SOHO router to the wall jack in the office, other employees in the building started losing network connectivity. Which of the following could be implemented on the company’s switch to prevent this type of loss of connection?
•	 
Loop prevention
 •	 
ARP inspections
•	 
DHCP snooping
•	 
MAC address filtering

Answer 24

Explanation
It appears the connection of the SOHO router to the company network has caused a loop in the network, causing the loss of connectivity to other users. If the company network implements a loop prevention mechanism, such as Spanning Tree Protocol (STP), this will prevent a loop from occurring.

Question 25

During a recent penetration test, it was discovered that your company's wireless network can be reached from the parking lot. The Chief Security Officer has submitted a change request to your network engineering team to solve this issue because he wants to ensure that the wireless network is only accessible from within the building. Based on these requirements, which of the following settings should be changed to ensure the wireless signal doesn't extend beyond the interior of your building while maintaining a high level of availability to your users?
•	 
Power level
•	 
Channel
•	 
Frequency
•	 
Encryption

Answer 25

Explanation
The power level should be reduced for the radio transmitted in the wireless access points. With a reduced power level, the signal will not travel as far and this can ensure the signal remains within the interior of the building only. The other options, if changed, would affect the availability of the network to the currently configured users and their devices.

Question 26

A technician wants to implement a network for testing remote devices before allowing them to connect to the corporate network. What could the technician implement to meet this requirement?
•	 
High availability
•	 
MAN network
•	 
Quarantine
 •	 
Honeynet

Answer 26

Explanation
Quarantine is where devices that do not meet the standards for the regular network can be placed. In this area, they can be checked before connecting to the main network.

Question 27

Company policies require that all network infrastructure devices send system level information to a centralized server. Which of the following should be implemented to ensure the network administrator can review device error information from one central location?
•	 
TACACS+ server
•	 
Single sign-on
•	 
Syslog server
 •	 
Wifi analyzer

Answer 27

Syslog is a protocol designed to send log entries generated by a device or process called a facility across an IP network to a message collector, called a syslog server. A syslog message consists of an error code and the severity of the error. A syslog server would enable the network administrator to view device error information from a central location.

Question 28

A common technique used by malicious individuals to perform a man-in-the-middle attack on a wireless network is:
•	 
ARP cache poisoning
•	 
Amplified DNS attacks
•	 
Sessions hijacking
•	 
Creating an evil twin

Answer 28

Explanation

Evil Twin access points are the most common way to perform a man-in-the-middle attack on a wireless network.

Question 29

A network administrator is following the best practices to implement firewalls, patch management, and policies on his network. Which of the following should be performed to verify that the security controls are in place?
•	 
Penetration testing
 •	 
AAA authentication testing
•	 
Disaster recovery testing
•	 
Single point of failure testing

Answer 29

Explanation
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or web application in order to find vulnerabilities that an attacker could exploit. It can be used to ensure all security controls are properly configured and in place.

Question 30

Dion Training has just installed a new web server and created an A record for DionTraining.com. When users try entering www.DionTraining.com, though, they get an error. You tell their network administrator that the problem is because he forgot to add the appropriate DNS record to create an alias for www to the root of the domain. Which type of DNS record should be added to fix this issue?
•	 
PTR
•	 
NS
•	 
CNAME
 •	 
AAAA

Answer 30

Explanation
CNAME records can be used to alias one name to another. CNAME stands for Canonical Name. A common example is when you have both diontraining.com and www.diontraining.com pointing to the same application and hosted by the same server.

Question 31

You typed IPCONFIG at the command prompt and find out your IP is 192.168.1.24. You then go to Google.com and search for “what is my IP”, and it returns a value of 35.25.52.11. How do you explain the different values for the IP addresses?
•
This is caused by the way traffic is routed over the internet
•
This is caused by how a switch handles IP addresses
•
This is caused because of the way routers handle IP addresses
•
This occurs because your network uses a private IP address internal but a public IP address over the internet

Answer 31

Explanation
Your computer network is using a private IP address for machines within the network and assigns a public IP address for traffic being routed over the network. Most small office home office (SOHO) networks utilize a single public IP for all of their devices and use a technique known as NAT to associate the public IP with each internal client’s private IP when needed.

Question 32

An administrator is told they need to set up a space in the breakroom where employees can relax. So, the administrator sets up several televisions with interconnected video game systems in the breakroom. What type of network did the administrator setup?
•	 
CAN
•	 
MAN
•	 
WAN
•	 
LAN

Answer 32

Explanation
Since this gaming network is within one room, it is considered a LAN. All the other answers require a larger geographical area.

Question 33

Which of the following is used to connect Cat5e or above networks in an MDF or IDF?
•	 
66 block
•	 
110 block
 •	 
F-connector
•	 
RJ-11

Answer 33

Explanation
A 110 block is a type of punch block used to terminate runs of on-premises wiring in a structured cabling system. The designation 110 is also used to describe a type of insulation displacement contact (IDC) connector used to terminate twisted pair cables, which uses a punch-down tool similar to the older 66 block. 110 blocks provide more spacing between the terminals and are designed for Cat 5 networks to eliminate crosstalk between the cables.

Question 34

Which network device operates at Layer 1?
•	 
Hub
•	 
Bridge
•	 
Router
•	 
Firewall

Answer 34

Explanation
A hub is a layer 1 device and operates at the physical layer. Cables, hubs, repeaters, and wireless access points are all examples of layer 1, or physical layer, devices.

Question 35

You have been asked to connect a laptop directly to a router in order to gain access to the internet. Unfortunately, this router is old and doesn't support MDIX on its ports. What type of cable should you use to connect the computer to the router?
•	 
Console
•	 
Rollover
•	 
Crossover
•	 
Patch

Answer 35

Explanation
Since you are connecting two DTE (Data Terminating Equipment) devices and the router doesn’t support MDIX, you will need a crossover cable to allow the computer and router to communicate. If you instead connected a switch (Data Communication Equipment) in between these two devices, then you could use a patch or straight-through cable instead.

Question 36

Which of the following communication technologies are used by video conferencing systems to synchronize video streams and reduce bandwidth being sent by a central location to subscribed devices?
•	 
Anycast
•	 
Unicast
•	 
CoS
•	 
Multicast

Answer 36

Explanation
Multicasting is a technique used for a one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only has to send the signal once, which is then received by multiple hosts simultaneously. Multicast is supported by both IPv4 and IPv6.

Question 37

There are two switches connected using both a CAT6 cable and a CAT5e cable. Which type of problem might occur with this setup?
•	 
Missing route
•	 
Auto sensing ports
•	 
Improper cable types
•	 
Switching loop

Answer 37

Explanation
A switching loop is when there is more than one Layer 2 path between two endpoints. This can be prevented by using the STP (Spanning Tree Protocol).

Question 38

A client reports that half of the marketing department is unable to access network resources. The technician determines that the switch has failed and needs replacement. What would be the MOST helpful in regaining connectivity?
•	 
VLAN configuration
•	 
Network Diagram
•	 
Configuration backup
 •	 
Router image

Answer 38

Explanation
If you have a configuration backup of the switch, a new piece of hardware (new switch) can be installed quickly and the configuration can be restored to the new switch.

Question 39

Which type of antenna broadcasts an RF signal in a specific direction with a narrow path?
•	 
Omni-directional
•	 
Unidirectional
 •	 
Patch
•	 
Bi-directional

Answer 39

Explanation
Unidirectional is one direction. It focuses the broadcasting from the antenna in a single direction instead of all directions, focusing the transmission and making the signal stronger. A specific type of unidirectional antenna is known as a Yagi antenna, and this may be a term you may also see used on the Network+ certification exam.

Question 40

A technician has been troubleshooting a network problem, has determined the most likely cause of the issue, and implemented a solution. What is the NEXT step to be taken?
•	 
Document the findings, actions, and outcomes
•	 
Duplicate the problem if possible
•	 
Verify system functionality
 •	 
Make an archival backup

Answer 40

Explanation
Verifying system functionality occurs directly after the implementation of a solution. It is to ensure that your plan of action and your theory did in fact fix the problem. Documenting findings is the final step taken AFTER verifying the system.

Question 41

The service desk has received a large number of calls this morning complaining about how slow the network is responding when trying to connect to the internet. You are currently at one of the user’s workstations and conducted a ping to Google.com, but the results showed that the response time was too slow and there was too much latency in the route between the workstation and Google.com. You then attempted to ping some of the network printers and other local servers on the network. The results showed acceptable response times. What should you try to do NEXT?
•
Reboot the email server
•
Scan the user’s workstation for malware
•
Replace the cable between the user’s workstation and the wall jack
•
Check the change control system to determine if any networking equipment was recently replaced

Answer 41

Explanation
Since the ping command showed acceptable results when testing internally, you can assume the user’s cable and workstation are not the issue. Also, the scenario never mentioned an email server, so rebooting that would not solve anything. Instead, you should try to identify what has changed since yesterday. By checking what has changed through the change control system, you can identify possible issues. Generally, if everything was fine yesterday, and it doesn’t work right today, you should ask yourself, “what changed?”

Question 42

Various hypervisor guests are configured to use different VLANs in the same virtualization environment through what device?
•	 
Virtual router
•	 
Virtual firewall
•	 
NIC teaming
•	 
Virtual switch

Answer 42

Explanation

Virtual switches can act like real switches, but are configured in the Hyper-V environment.

Question 43

It has been determined by network operations that there is a severe bottleneck on the company's mesh topology network. The field technician has chosen to use log management and found that one router is making routing decisions slower than the others on the network. What is this an example of?
•	 
Network device power issues
•	 
Network device CPU issues
 •	 
Storage area network issues
•	 
Delayed responses from RADIUS

Answer 43

Routing decisions must be processed by the router, which relies on the networking device’s CPU.

Question 44

A network technician needs to set up two public-facing web servers and wants to ensure that if they are compromised, the intruder cannot access the company's intranet. Which of the following methods should the technician use?
•	 
Place them behind a honeypot
•	 
Place them in a separate subnet
•	 
Place them between two identical firewalls
•	 
Place them in the demilitarized zone

Answer 44

Explanation
A demilitarized zone (DMZ) is a sub-network inside a network and acts as a semi-trusted zone. It is used for servers that need to be public-facing, such as web, mail, FTP, and VoIP servers. The DMZ is treated as an untrusted zone by both the internet (public) and the intranet (private) zones.

Question 45

A network administrator has determined that the ingress and egress traffic of a router’s interface are not being correctly reported to the monitoring server. Which of the following can be used to determine if the router interface uses 64b vs 32b counters?
•	 
SNMP walk
 •	 
Packet analyzer
•	 
Syslog server
•	 
Port Scanner

Answer 45

Explanation
SNMPWalk can be used to determine if the counter is using 32 bits or 64 bits by querying the OID of the endpoint (router interface). This is a complex topic that is actually beyond the scope of the Network+ exam (how to use SNMPWalk), and usually serves as a type of in-depth question that CompTIA might ask to determine if a candidate has actual real-world experience in networking or just studied from a textbook. Some instructors like to claim that CompTIA uses these types of questions to determine if someone is cheating, because only people who studied from a “brain dump” are likely to get this question correct! The reason you are seeing this type of question is to remind you that it is ok if you don’t know all the answers on test day. Just take your best guess, and then move on!

Question 46

You are troubleshooting a recently installed NIC on a workstation and decided to ping the NIC's loopback address. Which of the following IPv4 addresses should you ping?
•	 
10.0.0.1
•	 
127.0.0.1
 •	 
172.16.1.1
•	 
192.168.1.1

Answer 46

Explanation
The loopback address is 127.0.0.1 in IPv4, and it is reserved for troubleshooting and testing. The loopback address is used to receive a test signal to the NIC and its software/drivers in order to diagnose problems. Even if the network cable is unplugged, you should be able to successfully ping your loopback address.

Question 47

A user is receiving certificate errors in other languages in their web browser when trying to access the company's main intranet site. Which of the following is the MOST likely cause of the issue?
•	 
DoS
•	 
Reflective DNS
•	 
Man-in-the-middle
(Correct)
•	 
ARP poisoning

Answer 47

Explanation
A man-in-the-middle attack is a general term for when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is occurring.

Question 48

Which of the following is a DNS record type?
•	 
TTL
•	 
DHCP
•	 
PTR
 •	 
LDAP

Answer 48

Explanation
There are several types of DNS records, including A, AAAA, CNAME, PTR, SVR, and TXT. PTR records are used for the Reverse DNS (Domain Name System) lookup. Using the IP address you can get the associated domain/hostname. An A record should exist for every PTR record.

Question 49

Michael is a system administrator who is troubleshooting an issue with remotely accessing a new server on the local area network. He is using an LMHOST file, which contains the hostname and IP address of the new server. The server that he cannot remotely access to is located on the same LAN as another server that he can successfully remote to. What output from the command line would BEST resolve the issue?
•
C:\windows\system32> ipconfig /flushdns Windows IP configuration Successfully flushed DNS resolver cache
•
C:\windows\system32> ipconfig /registerdns Windows IP configuration Registration of the DNS resource records for all adapters has been initiated. Any errors will be reported in the event viewer in 15 minutes.
•
C:\windows\system32> nslookup Default server: unknownAddress: 2.2.2.2
•
C:\windows\system32> nbtstat –R Successful purge and reload of the NBT remote cache table

Answer 49

Explanation
Since he is using a local LMHOST file, it is bypassing the DNS of the machine, and flushing the DNS will not solve the problem. In this case, purging the contents of the NetBIOS name cache and then reloads the #PRE-tagged entries from the Lmhosts file.

Question 50

cache and then reloads the #PRE-tagged entries from the Lmhosts file.
Question 57: Skipped
Which attack utilizes a wireless access point which has been made to look as if it belongs to the network in order to eavesdrop on the wireless traffic?
•	 
Evil twin
 •	 
Rogue access point
•	 
WEP attack
•	 
War driving

Answer 50

Explanation
An Evil Twin is meant to mimic a legitimate hotspot provided by a nearby business, such as a coffee shop that provides free Wi-Fi access to its patrons.

Question 51

You have been asked to troubleshoot a router which uses label-switching and label-edge routers to forward traffic. Which of the following types of protocols should you be familiar with in order to troubleshoot this device?
•	 
BGP
•	 
OSPF
•	 
IS-IS
•	 
MPLS

Answer 51

Explanation
Multi-protocol label switching (MPLS) is a mechanism used within computer network infrastructures to speed up the time it takes a data packet to flow from one node to another. The label-based switching mechanism enables the network packets to flow on any protocol.

Question 52

What is the BEST way to secure the most vulnerable attack vector for a network?
•
Update all antivirus definitions on workstations and servers
•
Use biometrics and SSO for authentication
•
Remove unneeded services running on the servers
•
Provide end-user awareness training for office staff

Answer 52

Explanation

Users are our most vulnerable attack vector, proper training can help reduce the risk.

Question 53

Which protocol is used to encapsulate other network layer protocols such as multicast and IPX over WAN connections?
•	 
MPLS
•	 
ESP
•	 
GRE
 •	 
PPP

Answer 53

Explanation
Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks.

Question 54

Which of the following BEST describes the process of documenting everyone who has physical access or possession of evidence?
•	 
Legal hold
•	 
Chain of custody
 •	 
Secure copy protocol
•	 
Financial responsibility

Answer 54

Explanation
Chain of custody refers to documentation that identifies all changes in the control, handling, possession, ownership, or custody of a piece of evidence.

Question 55

Johnny is trying to download a file from a remote FTP server, but keeps receiving an error that a connection cannot be opened. Which of the following should you do FIRST to resolve the problem?
•
Ensure that port 20 is open
•
Ensure that port 161 is open
•
Flush the DNS cache on the local workstation
•
Validate the security certificate from the host

Answer 55

Explanation
Executing an FTP port connection through a client is a two-stage process requiring the use of two different ports. Once the user enters the name of the server and the login credentials in the authorization fields of the FTP client, the FTP connection is attempted over port 20. For FTP to function properly, you should have both ports 20 and 21 open.

Question 56

A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. What is the cause of the problem?
•	 
Attenuation
•	 
Bad UPS
•	 
Cable short
 •	 
Misconfigured DNS

Answer 56

Explanation
Since the VoIP phone works in one cubicle but not another one that is very close, it is likely the new cubicle has a short in the cable running to the network jack or from the jack to the VoIP phone. The network technician should test the new cubicle’s network jack to ensure there isn’t an issue with the wiring.

Question 57

You are working as a forensic investigator for the police. The police have a search warrant to capture a suspect's workstation as evidence for an ongoing criminal investigation. As you enter the room with the policeman, he arrests the suspect and handcuffs him. What should you do FIRST?
•	 
Turn off the workstation
•	 
Document the scene
•	 
Implement the chain of custody
•	 
Secure the area

Answer 57

Explanation
As a forensic investigator, you should always ‘secure the area’ before you take any other actions. This includes ensuring that no other people are in the area to disrupt your forensic collection (such as the suspect or their accomplices), ensuring the workstation isn’t unplugged from the network or the power, and other actions to prevent the evidence from being tampered with.

Question 58

Dion Training Solutions wants to migrate their email server from an on-premise solution to a vendor-hosted web-based solution like G Suite or Gmail. Which of the following types of cloud models best describes this proposed solution?
•	 
IaaS
•	 
PaaS
•	 
SaaS
 •	 
SAN

Answer 58

Explanation
Software as a Service (SaaS) uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the client’s side. Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins. The G Suite and Gmail solutions for business are a good example of a SaaS solution.

Question 59

When troubleshooting a T1 connection, the service provider’s technical support representative instructs a network technician to place a special device into the CSU/DSU. Using this device, the provider is able to verify that communications are reaching the CSU/DSU. What was used by the network technician?
•	 
Cable analyzer
•	 
Toner probe
•	 
OTDR
•	 
Loopback plug

Answer 59

Explanation
A loopback plug, also known as a loopback adaptor or a loopback cable, is a device used to test ports (such as serial, parallel, USB, and network ports) to identify network and network interface card (NIC) issues. Loopback plug equipment facilitates the testing of simple networking issues and is available at very low costs.

Question 60

You are trying to select the BEST network topology for a new network based on the following requirements. The design must include redundancy using a minimum of two cables to create the network. The network should not be prone to congestion, therefore each device must wait for its turn to communicate on the network by passing around a token. Which of the following topologies would BEST meet the client's requirements?
•	 
Star
•	 
Bus
•	 
Mesh
•	 
Ring

Answer 60

Explanation
A ring topology is a local area network (LAN) in which the nodes (workstations or other devices) are connected in a closed loop configuration. Ring topologies aren’t used heavily in local area networks anymore, but they are still commonly found in wide area network connections as a FDDI ring. A FDDI ring is a Fiber Distributed Data Interface ring, which allows for a network that can communicate up to 120 miles in range, uses a ring-based token network as its basis, and uses two counter-rotating token ring topologies to comprise the single network. This provides redundancy for the network because if one cable is broken or fails, the other can maintain the network operations. The token is used to control which device can communicate on the network, preventing any congestion or collisions.

Question 61

While monitoring the network, you notice that the network traffic to one of the servers is extremely high. Which of the following should you utilize to verify if this is a concern?
•	 
Log management
•	 
Network diagram
•	 
Network baseline
 •	 
Real-time monitor

Answer 61

Explanation
High network traffic can be a sign of a possible attack conducted either by an insider or someone out of the network to steal relevant information. By reviewing the network baseline, you can determine if the traffic is actually high and if any configurations of the network are out of baseline causing the issue. By knowing what “normal” looks like, you can then more easily identify the abnormal.

Question 62

A small office has an Internet connection that drops out at least two times per week. It often takes until the next day for the service provider to come out and fix the issue. What should you create with the service provider to reduce this downtime in the future?
•	 
NDA
•	 
SLA
 •	 
SOW
•	 
MOU
Explanation
A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end user that defines the level of service expected from the service provider. SLAs are output-based that their purpose is specifically to define what the customer will receive. If the customer requires faster response times, it should be in the SLA.

Answer 62

Explanation
A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end user that defines the level of service expected from the service provider. SLAs are output-based that their purpose is specifically to define what the customer will receive. If the customer requires faster response times, it should be in the SLA.

Question 63

You are performing a high-availability test of a system. As part of the test, you create an interruption on the fiber connection to the network, but the network traffic was not re-routed automatically. Which type of routing is the system utilizing?
•	 
Static
 •	 
Dynamic
•	 
Hybrid
•	 
Loop

Answer 63

Explanation
Static routes must be configured and re-routed manually during an issue. Dynamic and Hybrid would reroute automatically during a network interruption.

Question 64

A technician receives a report that a user’s workstation is experiencing no network connectivity. The technician investigates and notices the patch cable running from the back of the user’s VoIP phone is routed directly under the rolling chair and has been repeatedly smashed. What is the likely cause of the problem?
•	 
Cross-talk
 •	 
Cable was not properly crimped
•	 
Excessive collisions
•	 
Split pairs

Answer 64

Explanation
Cross-talk and EMI occur when signals experience interference. Since the cable has been repeatedly run over, its shielding could be damaged since the cable is no longer made up of the same consistency and cross-talk could occur between the pairs.

Question 65

You want to install a perimeter device on the network that will help ensure FTP commands are not being sent out over port 25. Which of the following devices would allow for deep packet inspection to catch this type of activity?
•	 
Layer 7 firewall
 •	 
Web proxy
•	 
Layer 3 switch
•	 
Protocol analyzer

Answer 65

Explanation
Layer 7 firewalls are application-filtering firewalls. FTP traffic does not usually travel over port 25, and should travel over port 21. By using a Layer 7 firewall, the device can perform a deep packet inspection (DPI) to identify which application or protocol is actually being used to send traffic over a given port.

Question 66

Andy is a network technician who is preparing to configure a company's network. He has installed a firewall to allow for an internal DMZ and an external network. No hosts on the internal network should be directly accessible by their IP address from the Internet, but they should be able to reach remote networks if they have been assigned an IP address within the network. Which of the following IP addressing solutions would work for this particular network configuration?
•	 
Teredo tunneling
•	 
Private
 •	 
APIPA
•	 
Classless

Answer 66

Explanation
A private IP address is an IP address that’s reserved for internal use behind a router or other Network Address Translation (NAT) devices, apart from the public. Private IP addresses provide an entirely separate set of addresses that still allow access on a network but without taking up a public IP address space.

Question 67

Which of the following is the BEST way to prevent different types of security threats from occurring within your network on a regular basis?
•	 
Disaster recovery planning
•	 
User training and awareness
 •	 
Penetration testing
•	 
Business continuity training

Answer 67

Explanation
Users are the biggest vulnerability on your network. Therefore, increasing user training can decrease the number of security threats that are realized on your networks. According to industry best practices, you should conduct end user security awareness training at least annually (if not more frequently).

Question 68

A network technician just finished configuring a new interface on a router, but the client workstations are not receiving the addressing information from the new interface. Which of the following should be added or changed to allow the workstations to connect to the new interface?
•	 
TTL
•	 
MX record
•	 
IP helper
 •	 
DHCP lease time

Answer 68

Explanation
DHCP IP Helper addresses enable a single DHCP server to provide DHCP IP addresses to every PC on the network, regardless of whether they are on the same broadcast domain as the DHCP server or not. DHCP IP Helper addresses are IP addresses configured on a routed interface such as a VLAN Interface or a routers Ethernet interface that allows that specific device to act as a “middle man” which forwards BOOTP (Broadcast) DHCP request it receives on an interface to the DHCP server specified by the IP Helper address via unicast. By adding an IP Helper address to the new interface on the router, it will allow the DHCP broadcast requests to be forwarded to the workstations.