Test 1

Question 1

101. Which of the following is a system of notation that uses base 16 rather than base 10?

A. Hex
B. Octal
C. Binary
D. CIDR

Answer 1

A. Hex

hexadecimal is known as base-16, hex alone is base-6.

The question is formatted wrong.

Question 2

102. A network administrator would like to collect information from several networking devices using SNMP. Which of the following SNMP options should a network administrator use to ensure the data transferred is confidential?

A. authpriv
B. SHA
C. MD5
D. Authentication passphrase

Answer 2

A. authpriv

AuthPriv is the most correct answer. SNMPv3 defines communication with authentication and privacy (AuthPriv) as one of three mechanisms available. It uses MD5 and SHA for authentication and either DES or AES for privacy.
While both SHA and MD5 are used in the solution, they are insufficient on their own.
A passphrase would be insufficient to sustain confidentiality of the data.

Question 3

103. The IT manager at a small firm is in the process of renegotiating an SLA with the organization’s ISP. As part of the agreement, the organization will agree to a dynamic bandwidth plan to provide 150Mbps of bandwidth. However, if the ISP determines that a host on the organizationג€™s internal network produces malicious traffic, the ISP reserves the right to reduce available bandwidth to 1.5 Mbps. Which of the following policies is being agreed to in the SLA?

A. Session hijacking
B. Blocking
C. Throttling
D. Data usage limits
E. Bandwidth quotas

Answer 3

C. Throttling

Throttling: is the intentional slowing or speeding network (internet service)

Question 4

104. A network technician has just configured NAC for connections using Cat 6 cables. However, none of the Windows clients can connect to the network.
     Which of the following components should the technician check on the Windows workstations? (Choose two.)

A. Start the Wired AutoConfig service in the Services console
B. Enable IEEE 802.1q Authentication in Network Interface Card Properties
C. Enable IEEE 802.1x Authentication in Network Interface Card Properties
D. Start the Wireless AutoConfig service in the Services console
E. Enable IEEE 802.3 Ethernet IPv6 in Network Interface Card Properties

Answer 4

A. Start the Wired AutoConfig service in the Services console
C. Enable IEEE 802.1x Authentication in Network Interface Card Properties

Question 5

105. The security manager reports that individual systems involved in policy or security violations or incidents cannot be located quickly. The security manager notices the hostnames all appear to be randomly generated characters. Which of the following would BEST assist the security manager identifying systems involved in security incidents?

A. Enforce port security to require system authentication
B. Implement a standardized UNC
C. Label existing systems with current hostnames
D. Forward the DHCP logs to the security manager every day

Answer 5

B. Implement a standardized UNC

A Universal Naming Convention (UNC) format name defines the location of files and other resources that exist on a network. UNC provides a format so that each shared resource can be identified with a unique address.

Question 6

106. A building is equipped with light sensors that turn off the fluorescent lights when natural light is above a certain brightness. Users report experiencing network connection issues only during certain hours. The west side of the building experiences connectivity issues in the morning hours and the east side near the end of the day. At night the connectivity issues affect the entire building. Which of the following could be the cause of the connectivity issues?

A. Light sensors are interfering with the network
B. EMI from the lights is interfering with the network cables
C. Network wiring is run perpendicular to electrical conduit
D. Temperature changes are causing attenuation in copper cabling

Answer 6

C. Network wiring is run perpendicular to electrical conduit

Question 7

107. A network technician configures a firewalls ACL to allow outgoing traffic for several popular services such as email and web browsing. However, after the firewalls deployment, users are still unable to retrieve their emails. Which of the following would BEST resolve this issue?

A. Allow the firewall to accept inbound traffic to ports 25, 67, 179, and 3389
B. Allow the firewall to accept inbound traffic to ports 80, 110, 143, and 443
C. Set the firewall to operate in transparent mode
D. Allow the firewall to accept inbound traffic to ports 21, 53, 69, and 123

Answer 7

B. Allow the firewall to accept inbound traffic to ports 80, 110, 143, and 443

Question 8

108. A network security technician observes multiple attempts to scan network hosts and devices. All the attempts originate from a single host on the network. Which of the following threats is MOST likely involved?

A. Smurf attack
B. Rogue AP
C. Compromised system
D. Unintentional DoS

Answer 8

C. Compromised system

Question 9

109. Which of the following would be the MOST efficient subnet mask for a point-to-point link?

A. /28
B. /29
C. /31
D. /32

Answer 9

C. /31

/31 is correct for Point to Point links because you dont need a network ID or a Broadcast address.

Question 10

110. An office user cannot access local network drives but has full access to the Internet. A technician troubleshoots the issue and observes the following output of the ipconfig command:

Which of the following would MOST likely allow the network drives to be accessed?

A. Update the WLAN adapter driver
B. Disable the WLAN adapter
C. Check the wireless DHCP configuration
D. Disable the LAN adapter

Answer 10

B. Disable the WLAN adapter

If you look at the DNS Suffix you can see that one of the domains is guestwifi.local whilst the other one is comtia.net. Assuming that Guest Wifi is segmented from the rest of the corporate network, you wouldnt be able to access corporate resources on the guest wifi.

Question 11

111. Ann, a network technician, has just installed a fiber switch in a datacenter. To run the fiber cabling, Ann plans the cable route over the top of the rack using the cable trays, down to the switch, coiling up any excess cable. As Ann configures the switch, she notices several messages in the logging buffer stating the receive signal of the SFP is too weak. Which of the following is MOST likely the cause of the errors in the logging buffer?

A. Bend radius exceeded
B. Fiber cable mismatch
C. Fiber type mismatch
D. Bad fiber switch

Answer 11

A. Bend radius exceeded

Question 12

112. Which of the following wireless connection types utilize MIMO on non-overlapping channels? (Choose two.)

A. 802.11a
B. 802.11ac
C. 802.11b
D. 802.11g
E. 802.11n

Answer 12

B. 802.11ac
E. 802.11n

Mu mimo Supports devices that use 5GHz
so 802.11ac and 802.11n are correct though typically 802.11n is dual band and seen only as mimo. A,G,B dont support mimo.

Question 13

113. A network technician is creating a new subnet for 488 host machines. The technician is told to use a class B address scheme when making the subnet and is instructed to leave as much room as possible for additional subnets of the same size. Which of the following subnets would fulfill these requirements?

A. 10.5.4.0/22
B. 10.233.2.0/23
C. 172.16.0.0/22
D. 172.18.0.0/23
E. 192.168.25.0/24

Answer 13

D. 172.18.0.0/23

Class B IP (between 128.0.0.1 - 191.255.255.254)
/23 Allows 510 Hosts 172.18.0.1 - 172.18.1.254
There’s additional subnets of the same size for future use
e.g 172.18.2.1 - 172.18.3.254 for hosts
/22 is a waste, therefore C is incorrect

Question 14

14. A network engineer is designing a new IDF in an old building. The engineer determines the equipment will fit in a two-post rack, and there is power available for this equipment. Which of the following would be the FIRST issue to remediate?

A. Air flow and cooling
B. UPS capability
C. Circuit labeling
D. Power redundancy

Answer 14

A. Air flow and cooling

They specify an “old building”. I believe the point here is to check the ventilation of the actual room where the rack will be placed.

Question 15

115. Which of the following DNS records needs to be configured for SMTP traffic?

A. MX
B. CNAME
C. AAAA
D. PTR

Answer 15

A. MX

MX is the most correct answer.
MX records are for mail exchangers.
CNAME is the canonical name record, which maps one domain to another.
AAAA records are for human names to IPv6 domains or hosts.
PTR records are for pointers, which give the hostname for an IP address (reverse lookup).

Question 16

116. In which of the following ways does a DDoS attack differ from a spoofing attack?

A. DDoS attacks target multiple networks
B. Spoofing attacks originate from a single host
C. DDoS attacks are launched from multiple hosts
D. Spoofing attacks require physical presence

Answer 16

C. DDoS attacks are launched from multiple hosts

A DDoS targets a single host or server or any part of the network from ‘multiple’ sources

Question 17

117. A user checks an IP address using an external website. The address is different than the one the user sees when opening a command prompt and typing in ipconfig/all. The user does not understand why the two tools show different IP addresses. This is BEST explained by the interworking of:

A. network devices
B. packet flow
C. public/private networks
D. traffic-routing protocols

Answer 17

C. public/private networks

NAT translation.

Question 18

118. Which of the following communication media can carry many voice, data, and video channels simultaneously over multiple frequencies?

A. Broadband
B. Baseband
C. Analog modem
D. CSMA

Answer 18

A. Broadband

Question 19

119. To replace a defective UPS, the network administrator must take the switch offline. The administrator wants to be able to perform maintenance UPS in the future without affecting the availability of the attached switch. Which of the following would BEST allow this to happen?

A. Add a redundant power supply to the switch
B. Implement stacking on the switches in the rack
C. Add a second UPS into the rack
D. Install a power converter for the switch

Answer 19

A. Add a redundant power supply to the switch

A redundant power supply is when a single piece of networking equipment operates using two or more physical power supplies. Each of the power supplies will have the capacity to run the device on its own. This makes sure that the device could operate normally even if one power supply fails.

Question 20

120. A forensic first responder arrives at the scene where an employee is suspected to have committed a computer-based crime. Which of the following should the first responder do FIRST?

A. Document the scene
B. Take pictures upon arrival
C. Secure the area
D. Implement chain of custody

Answer 20

C. Secure the area

From Mike Meyer’s book:

In general, when you are in a situation where you are the first
responder, you need to

• Secure the area
• Document the scene
• Collect evidence
• Interface with authorities

Question 21

121. A small town is attempting to attract tourists who visit larger nearby cities. A network engineer is asked to implement a network encompassing the five-block town center and nearby businesses. The inclusion of smartphones and portable devices is crucial to the plan. Which of the following is the network engineer being asked to implement?

A. LAN
B. PAN
C. MAN
D. WAN

Answer 21

C. MAN

MAN stands for metropolitan area network. It covers the largest area than LAN such as small towns, cities, etc. MAN connects two or more computers that reside within the same or completely different cities. MAN is expensive and should or might not be owned by one organization.

LAN stands for local area network. It is a group of network devices that allow communication between various connected devices. Private ownership has control over the local area network rather than the public. LAN has a short propagation delay than MAN as well as WAN. It covers the smallest area such as colleges, schools, hospitals, and so on.

WAN stands for wide area network. It covers a large area than LAN as well as a MAN such as country/continent etc. WAN is expensive and should or might not be owned by one organization. PSTN or satellite medium is used for wide area networks.

Question 22

122. An employee wishes to use a personal cell phone for work-related purposes, including storage of sensitive company data, during long business trips. Which of the following is needed to protect BOTH the employee and the company?

A. An NDA ensuring work data stored on the personal phone remains confidential
B. An AUP covering how a personal phone may be used for work matters
C. A consent to monitoring policy covering company audits of the personal phone
D. Real-time remote monitoring of the phoneגs activity and usage

Answer 22

D. Real-time remote monitoring of the phoneג€™s activity and usage

Question 23

123. Which of the following protocols can be both connection-oriented and connectionless?

A. 20 FTP
B. 53 DNS
C. 67 DHCP
D. 80 HTTP

Answer 23

B. 53 DNS

DNS is the most correct answer, using both TCP and UDP ports 53 natively.
FTP uses TCP port 20 and 21.
DHCP uses UDP ports 67 and 68.
HTTP uses TCP port 80, but can also use UDP if adapted to do so. DNS remains the most correct answer because HTTP must be adapted to support UDP, while DNS has always supported both.

Question 24

124. Which of the following BEST describes the differences between VLAN hopping and session hijacking?

A. VLAN hopping involves the unauthorized transition from one VLAN to another to gain additional access. Session hijacking involves overriding a users web connection to execute commands
B. VLAN hopping is a brute force attack executed to gain additional access. Session hijacking involves physically disrupting a network connection
C. VLAN hopping involves overriding a user network connection to execute malicious commands. Session hijacking involves compromising a host to elevate privileges
D. VLAN hopping is the act of exploiting poor VLAN tagging. Session hijacking is a web-based attack aimed at privilege escalation

Answer 24

A. VLAN hopping involves the unauthorized transition from one VLAN to another to gain additional access. Session hijacking involves overriding a users web connection to execute commands

Question 25

125. An analyst is developing a proof of concept of a wireless-based attack as part of a penetration test against an organizations network. As part of the attack, the analyst launches a fake access point matching the SSID of the organizations guest access network. When a user connects to the fake access point, the analyst allows the traffic to flow through the access point to the legitimate site while the data traversing the network is logged for the latest analysis and exploitation. Which of the following attacks has the analyst successfully performed in this scenario?

A. Bluesnarfing
B. Session hijacking
C. MAC spoofing
D. VLAN hopping
E. Man-in-the-middle

Answer 25

E. Man-in-the-middle

Question 26

126. A network administrator receives a call from the sales department requesting ports 20 and 21 be opened on the company’s firewall to allow customers to retrieve a large file. Which of the following should the administrator perform BEFORE making the needed changes? (Choose two.)

A. Document the reason for the request
B. Scan the file for malware to protect the sales departments computers
C. Follow the company’s approval process for the implementation
D. Install a TFTP server for the customers to use for the transfer
E. Create a honeypot to store the file on for the customers to use
F. Write the SLA for the sales department authorizing the change

Answer 26

A. Document the reason for the request

C. Follow the company’s approval process for the implementation

Question 27

127. A user reports that a laptop cannot connect to the Internet despite the fact the wireless Internet was functioning on it yesterday. The user did not modify the laptop in any way, and the wireless Internet is functional on other users laptops. Which of the following issues should be reviewed to help the user to connect to the wireless network?

A. Wireless switch toggled off
B. WAP settings
C. WLAN IP address out of scope
D. Wireless controller misconfiguration

Answer 27

A. Wireless switch toggled off

Question 28

128. A network administrator wants to increase the confidentiality of the system by hardening the authentication process. Currently, the users log in using usernames and passwords to access the system. Which of the following will increase the authentication factor to three?

A. Adding a fingerprint reader to each workstation and providing a RSA authentication token
B. Adding a fingerprint reader and retina scanner
C. Using a smart card and RSA token
D. Enforcing a stronger password policy and using a hand geometry scan

Answer 28

A. Adding a fingerprint reader to each workstation and providing a RSA authentication token

There are three common factors used for authentication: Something you know (such as a password)
Something you have (such as a smart card)
Something you are (such as a fingerprint or other biometric method)

Question 29

129. A network technician is building a network for a small office. The office currently has cable TV and now requires access to the Internet without adding any cabling other than what is already in place. Which of the following solutions should the technician install to meet these requirements?

A. DOCSIS modem
B. Wireless router
C. DSL modem
D. Access point

Answer 29

A. DOCSIS modem

Question 30

130. A network engineer arrives at work and discovers that many users are having problems when attempting to connect to the company network shared drives. The network operations center (NOC) technician just completed server upgrades the night before. To which of the following documents should the NOC technician refer to determine what potentially caused the connectivity problem?

A. Network maps
B. Cable management
C. Release notes
D. Change management

Answer 30

D. Change management

Question 31

131. Which of the following VPN protocols establishes a secure session that can be initiated using a browser?

A. IPSec
B. SSL VPN
C. PTP
D. PPTP

Answer 31

B. SSL VPN

Question 32

A technician is setting up a public guest network for visitors to access the Internet that must be separate from the corporate network. Which of the following are the BEST steps for the technician to take with minimum overhead configuration? (Choose two.)

A. Enable SSID broadcasting to identify the guest network
B. Configure visitor devices to use static IP addresses
C. Enable two-factor authentication on visitor devices
D. Configure the access point to use WPA2-AES encryption
E. Ensure the access point is not running in mixed mode

Answer 32

A. Enable SSID broadcasting to identify the guest network

E. Ensure the access point is not running in mixed mode

Question 33

133. When choosing a type of storage that integrates with the existing network infrastructure, the storage must be easily configurable to share files and can communicate with all existing clients over TCP/IP. Which of the following is the BEST technology for the network administrator to implement?

A. iSCSI
B. Fibre Channel
C. NAS
D. DAS

Answer 33

C. NAS

Question 34

134. A network technician is installing a new network switch is looking for an appropriate fiber optic patch cable. The fiber optic patch panel uses a twist-style connector. The switch uses a SFP module. Which of the following connector types should the fiber patch cable have?

A. LC
B. ST
C. SC
D. MTRJ
E. MTP

Answer 34

B. ST

ST (Straight Tip) connections twist similar to BNC

ST connectors: These connectors are the most common type of commercial fiber optic connector. These connectors utilize an exposed plastic tube housing the optical fiber. This requires a connection to a matching cable on the other side, incorporating a connector that mates to the other. These combine in a spring-loaded twist, reminiscent of BNC connectors, and are noted for their reliability. ST connector is very popular in communication applications, such as LANs and CCTV systems.

Question 35

135. Which of the following WAN technologies utilizes the concept of virtual circuits and point-multipoint connections?

A. ISDN
B. MPLS
C. PRI
D. Broadband cable
E. Frame relay

Answer 35

E. Frame relay

Answer is fram relay, remember to answer what comptia wants you to hear. When they talk about MPLS they will mention labels

Question 36

136. A network administrator wishes to ensure there are no unnecessary open communication paths into a server. Using a port scanner, the administrator finds that ports are reported as closed. Which of the following BEST explains this response?

A. The ports belong to an active system and are denying requests
B. The ports are associated with deprecated services
C. The ports do not belong to a live system
D. The ports replied with a SYN/ACK response

Answer 36

B. The ports are associated with deprecated services

B is correct. Popular port scanner “Nmap” defines a closed port as follows:

“A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it.”

Question 37

137. Users are reporting issues with slow connection speeds and a loss of connectivity on the newly installed wireless network. The issues are intermittent but seem to occur most often around midday. Which of the following is the MOST likely cause?

A. There is interference from small appliances
B. The signal coverage area is too small
C. Not enough DHCP addresses have been allotted
D. The DNS cache on the users computers has become corrupt

Answer 37

C. Not enough DHCP addresses have been allotted

An exhausted DHCP pool would also suggest a lot of users taking up bandwidth which would cause slow speeds. The exhausted DHCP pool would prevent others from accessing the network all together.

Question 38

138. A user reports difficulties connecting a PC to a wired network. The PC connects to an IP phone, which is working correctly. A network technician can verify that other devices successfully connect to the phone. At which of the following layers of the OSI model is the problem MOST likely located?

A. Network
B. Physical
C. Transport
D. Application

Answer 38

A. Network

Looks like physical layer but it does not say any cable but the wired network (device). So, network is the issue.

Question 39

139. Which of the following physical security controls is MOST likely to be susceptible to a false positive?

A. Identification card
B. Biometric device
C. Proximity reader
D. Video camera

Answer 39

C. Proximity reader

a proximity reader will grant access to a user with proximity card that it recognizes. It doesn’t need to know if the user is legitimate or not.

Question 40

140. An assistant systems analyst reports the following findings of an investigation of slow Internet connections in a remote office to the senior systems analyst:

Which of the following devices is causing the issue?
A. Router
B. Firewall
C. Switch 1
D. Switch 2

Answer 40

B. Firewall

Question 41

141. A small business developed an in-house application that is very sensitive to network latency when communicating between servers. Due to a lack of funds, the business had to build its own network for workstations and servers. Now a network administrator must redesign the network due to performance issues with the application. Which of the following would be the MOST cost effective for the administrator to recommend?

A. Create Ethernet VLANs
B. Disable autonegotiation on the servers
C. Install 10Gb Ethernet NICs in the servers
D. Install Fibre Channel for the server network

Answer 41

C. Install 10Gb Ethernet NICs in the servers

Two factors are involved and must be considered together: network latency and cost-effective. A is cost-effective but doesn’t solve the issue of network latency. C solves the issue of network latency and it’s equally cost-effective.

Question 42

142. A network technician is configuring a firewall access list to secure incoming connections to an email server. The internal address of this email server is
     192.168.1.143. The firewall should allow external email servers to send email to the email server. The email server also supports client access via a web browser.
     Only secure protocols should be used, and only the necessary ports should be open. Which of the following ACL rules should be configured in the firewallג€™s WAN port? (Choose two.)

A. Permit 192.168.1.143.25
B. Permit 192.168.1.143.80
C. Permit 192.168.1.143.110
D. Permit 192.168.1.143.143
E. Permit 192.168.1.143.443
F. Permit 192.168.1.143.587

Answer 42

E. Permit 192.168.1.143.443
F. Permit 192.168.1.143.587

Port 587 is the default port for SMTP submission on the modern web. While you can use other ports for submission (more on those next), you should always start with port 587 as the default and only use a different port if circumstances dictate (like your host blocking port 587 for some reason).
Port 587 also supports TLS, which means that you can securely submit mail.

Port 443 for secure protocols to supports client access via a web browser, port 443 the standard port for HTTPS traffic.
On the modern web, there’s not a single SMTP port. Instead, there are four common SMTP ports:25,587,465,2525

Question 43

143. A network administrator is testing connectivity at a new corporate site. The site has a wireless guest as well as a wired employee network. After verifying connectivity, the administrator checks link speeds by using a speed testing website. The speed testing website shows lower download and upload speeds for the wired network than the wireless network. Which of the following is the MOST likely explanation?

A. There is less local congestion on the wireless network
B. The testing server for the wired network was farther away
C. The firewall is configured to throttle traffic to specific websites
D. The wireless access points were misconfigured

Answer 43

A. There is less local congestion on the wireless network

“The site has a wireless guest as well as a wired employee network.”

That is the important line. A guest wireless is going to have less traffic than the wired employee. That’s why they chose those two networks. Also, having a testing site farther away isn’t going to change the speed, only the latency.

Question 44

144. A technician replaces a failed router with a spare that has been in inventory for some time. After attempting to enable HTTPS on the spare router, the technician discovers the feature is unavailable. The support office was able to connect to the previous router. Which of the following actions should the technician perform to enable HTTPS access for the support team?

A. Reboot the router
B. Enable HTTP on the router
C. Update the firmware of the spare router
D. Perform a factory reset on the router

Answer 44

C. Update the firmware of the spare router

Key phrases for this question: “has been in inventory for some time”, and “the feature is
unavailable”.
In addition, if the office was able to connect to HTTPS on the router that was replaced, then they should be able to connect to the spare. Simply perform a firmware update.

Question 45

145. A technician is trying to configure a previously owned WAP. The technician successfully logs into the administrative console and attempts to input the IP address on the WAP. However, the WAP is not accepting the command. Which of the following is causing the problem?

A. The WAP antenna is damaged
B. The WAP transmitter light is dim
C. The terminal emulation software is misconfigured
D. The LWAPP image is installed on the WAP

Answer 45

D. The LWAPP image is installed on the WAP

When the LWAPP firmware is installed the only way for manage the AP is with Controller. So you can still login to the device, but not alter it.

Question 46

147. A technician has installed a Linux server in the tax office. The server can access most of the resources on the network, but it cannot connect to another server that has a share for backup. The technician learns that the target server is on a different subnet. Which of the following tools should the technician use to ensure the
     Linux server can reach the backup location?

A. netstat
B. traceroute
C. route
D. dig
E. ifconfig

Answer 46

B. traceroute

I believe in this case, ensure means “How do we know that Linux server can reach the target server?” Well, if traceroute is successful, you just ensured that it reached.

Question 47

148. Which of the following WAN technologies provides a guaranteed throughput rate?

A. DSL
B. T-1
C. Cable broadband
D. Dial-up

Answer 47

B. T-1

Question 48

149. Which of the following is the SHORTEST way to write 2001:0000:0d58:0000:0000:0095:7565:0001 in proper IPv6 shorthand?

A. 2001::d58::95:7565:1
B. 2001:0:d58:0:0:95:7565:1
C. 2001:0:d58::95:7565:1
D. 2001:0:0d58::95:7565:1

Answer 48

C. 2001:0:d58::95:7565:1

For anyone wondering, it’s C and not A because you can’t use the :: twice

Question 49

150. A network administrator needs to transmit traffic to geographically diverse sites to improve performance. Which of the following devices would BEST direct traffic to the remote sites?

A. Hub
B. Bridge
C. Switch
D. Router

Answer 49

D. Router

Question 50

151. Which of the following should a technician investigate when using a network baseline to troubleshoot?

A. Tracing a network wire connectivity issue from the datacenter to a host.
B. Determining if the server performance is degraded.
C. Changes that have been made to the network configuration.
D. Location of networking equipment in a rack.

Answer 50

B. Determining if the server performance is degraded.

The only way to know when a problem is brewing on your network
is to know how things perform when all’s well with the network.
Part of any proper performance monitor is the facility to create a
baseline: a log of performance indicators such as CPU usage,
network utilization, and other values to give you a picture of your
network and servers when they are working correctly. A major
change in these values can point to problems on a server or the
network as a whole.

Question 51

152. A technician needs to upgrade a SOHO wireless routers firmware. The technician resets the router to factory settings and installs the new firmware. The technician enters the DHCP information and sets the SSID. Which of the following configurations would provide the MOST protection from advance hackers?

A. Disable the broadcasting of the SSID.
B. Enable WPA2 authentication for all hosts.
C. Use private addressing for the DHCP scope.
D. Install unidirectional antennas.

Answer 51

B. Enable WPA2 authentication for all hosts.

Question 52

153. A technician notices clients are receiving a 169.254.x.x IP address following the upgrade of a server. Which of the following ports should the technician check on the local server firewall?

A. ports 20 and 21
B. ports 67 and 68
C. ports 80 and 443
D. port 123 and 8080

Answer 52

B. ports 67 and 68

Addresses starting with 169.x.x.x are APIPA addresses. APIPA addresses are assigned when DHCP fails to assign an address first. Ports 67 and 68 are DHCP ports that need to be turned on for DHCP to work.

Question 53

154. Which of the following datacenter security methodologies is MOST likely to remain usable during a network outage?

A. biometric scanners
B. door locks
C. video surveillance
D. motion detectors

Answer 53

B. door locks

Door locks is the most correct answer. No level of network outage will ever impact a traditional door and lock.
All other answers may rely on network resources or reporting mechanisms that could be compromised or delayed in the event of a network outage.

Question 54

155. A network technician is implementing a solution on the network to hide the workstation internal IP addresses across a WAN. Which of the following is the technician configuring?

A. QoS
B. DMZ
C. RIP
D. NAT

Answer 54

D. NAT

Network address translation (NAT), don’t forget it makes private IP’s into a pubic one (personal network to the internet). While Port address translation does very similar things, making private IP’s into public IP’s but with the help of ports.

Question 55

156. Employees want the ability to use personal devices on the guest network while working out at the company gym. In order to meet the request, which of the following policies requires employee adherence?

A. AUP
B. SLA
C. NDA
D. MOU

Answer 55

A. AUP

Stands for “Acceptable Use Policy.” An AUP is list of rules you must follow in order to use a website or Internet service. It is similar to a software license agreement (SLA), but is used specifically for Internet services.

Question 56

Which of the following BEST describes the BGP routing protocol?

A. distance vector
B. hybrid
C. static
D. link state

Answer 56

B. hybrid

BGP - Border Gateway Protocol is considered a hybrid protocol in the CompTIA objectives as it employs elements of both Link-state and distance-vector protocols. Technically it is classified as an advanced protocol.

Question 57

158. A customer is reporting difficulty connecting some devices after replacing a wireless router with a new wireless 802.11ac router. The SSID, encryption and password are the same as the previous router. A technician goes on-site and notices the devices that are no longer connecting appear to be several years ago. Which of the following is MOST likely the problem?

A. the password needs to be re-entered.
B. there is a security type mismatch.
C. there is insufficient antenna power.
D. there is a frequency mismatch.
E. the channel has changed.

Answer 57

D. there is a frequency mismatch.

802.11ac utilizes 5 GHz and since it is already ‘several’ years. The devices that are connected to the replaced WAP are probably 802.11b/g compliant devices. cheers!

Question 58

159. SIM Question

Multiple users are reporting that they are unable to access the network. The ENTIRE network is shown in the diagram. PCs are not statically assigned IP addresses. The following devices will display settings:
✑ WorkstationA
✑ WorkstationB
✑ WorkstationC
✑ WorkstationD

WorkstationE -

✑ WorkstationF
✑ WorkstationG
✑ Laptop1
✑ Laptop2
✑ DHCP server1
✑ DHCP server2
Instructions:
Review the settings and select the box in the diagram that identifies the device causing the issue. Only one device can be selected at a time.
After checking the device that is causing the issue, select the second tab in the lower left hand corner. Identify the reason as to why some users are unable to access the network.
When the simulation is complete, select the Done button to submit.

Part 2 -
Identify the reason as to why some users are unable to access the network.
A. Workstation(s) are plugged into switch ports configured with half duplex.
B. The site-to-site router was configured with the incorrect ACL.
C. The DHCP server scope is full and is not providing IP addresses.
D. WAN and LAN ports are reversed on the router.
E. STP has disabled some of the ports on the switch.
F. The NIC driver is not installed.
G. A wireless client is unable to associate to the AP.

Answer 58

The secret to this question is why does Workstation C have APIPA (169.254.200.67). SOHO Router 1 has its interfaces plugged into the wrong network segments. The correct answer is SOHO Router 1 should be checked in Part 1, and “D” The WAN/LAN ports are reversed on the router should be selected in Part 2.

D. WAN and LAN ports are reversed on the router.

or

G. A wireless client is unable to associate to the AP.

Question 59

160. Which of the following should be performed to verify that unnecessary services are disabled on all switches in an environment?

A. Packet capturing
B. Port scanning
C. Log scanning
D. Baseline review

Answer 59

B. Port scanning

Question 60

161. A technician is sent to a remote office to set up a device to connect to the Internet. The company standards document requires stateful inspection. Which of the following should the technician install?

A. Router
B. Multiplayer switch
C. Firewall
D. Bridge

Answer 60

C. Firewall

“stateful inspection” = firewall.

Question 61

162. A technician is assigned to secure a basic wireless network. Which of the following authentication protocols should the technician use to perform this task?
     (Choose two.)

A. RDP
B. SNMP
C. WPA2
D. EAP
E. SSL

Answer 61

C. WPA2
D. EAP

WPA2 and EAP are the most correct answers.
WPA2 is the only wireless security protocol on the list.
Extensible Authentication Protocol is used by WPA2 to enhance its security features in a granular way.
Remote Desktop Protocol is used for remote access to hosts, and has no ability to secure a network, wired or wireless.
Simple Network Management Protocol is used for collecting and manipulating network information to form a baseline that is used in a general report. This is used to determine overall network health. Can send alarms but does not solidify wireless security.
Secure Sockets Layer is used for establishing authenticated and encrypted links between networked computers. While a secure technology, it does not have the innate capacity to secure a wireless network.

Question 62

163. A technician is investigating the cause of a network outage. Which of the following documents should be checked to rule out configuration issues?

A. Change management records
B. Inventory management
C. Network log files
D. Logical diagrams

Answer 62

A. Change management records

A seems to make the most sense (in CompTIA’s perspective) as checking the change management documentation would state what recent equipment or configuration changes were recently made that might’ve affected the network. The network log files would list logical topology changes, but most likely wouldn’t list any recent physical changes with networking equipment. Thus, A makes the most sense.

Question 63

164. A junior network technician receives a help desk ticket from an end user who is having trouble accessing a web application that was working the previous day.
     After talking with the end user and gathering information about the issue, which of the following would be the most likely course of action for the technician to perform NEXT?

A. Establish a theory of probable cause.
B. Escalate the ticket to a senior technician.
C. Implement the solution.
D. Document the findings and outcomes.

Answer 63

A. Establish a theory of probable cause.

Question 64

165. A system administrator receives reports from users of odd behavior in regard to a recently installed server. While reviewing the server network configuration, the systems administrator does both a forward and a reverse DNS lookup on the host, along with the network adapter configuration.

Which of the following is the problem identified in the output above?
A. There is no reverse DNS entry for this host.
B. The server IP address is incorrectly configured.
C. The DNS lookup entry is incorrectly configured.
D. The reverse DNS entry is pointing to a different host.

Answer 64

C. The DNS lookup entry is incorrectly configured.

first commandline is a DNS query of what IP address is stored for server.company.com

$host server.company.com

it gives the result 129.168.0.100 (note the first octet is 129, not 192)

the scond command is a reverse DNS, called ARP, looking for the name that is associated with an it yields a result of web.company.com

the last command ifconfig is a command run on the server locally to see what IP it is configured with and it yields 192.168.0.100

so the conclusion is the server on itself is configured with 192.168.0.100 and in DNS it is configured as 129.168.0.100

since DNS is the master record file for all network devices, the issue seen is that the DNS record for this machine (in DNS) is wrong.

Question 65

166. A network technician at a small office upgrades the LAN switch. After the upgrade, a user reports being unable to access network resources. When the technician checks the switchport, the LED light is not lit. Which of the following should the technician check FIRST?

A. The device is using the correct cable type.
B. The switchport is functioning properly.
C. The device is connected to the switch.
D. The switch is connected to the router.

Answer 65

C. The device is connected to the switch.

Question 66

167. A network administrator wants to employ a username and password authentication system for guest WiFi. Which of the following is the BEST option to provide this type of authentication?

A. Port security
B. MAC filtering
C. Network access control
D. Captive portal

Answer 66

D. Captive portal

Question 67

168. A technician is responsible for configuring a new firewall. The hardware team has already installed, powered, and connected the system. Which of the following types of documentation should the technician utilize to complete the task?

A. Rack diagram
B. IDF/MDF documentation
C. Network performance baseline
D. Logical and physical diagrams

Answer 67

D. Logical and physical diagrams

If someone assigned you a task to configure the Firewall, you as a technician don’t magically know where exactly in the network the Firewall has been placed. Especially considering you did not plan for and install the device yourself.

You would need to refer to the physical and logical diagram to determine where the Firewall is in the network layout to be able to proceed with configuring it properly. You might be able to puzzle this out by examining rack diagrams and MDF/IDF documentation, but that to me seems to be the wrong way to go about it.

Only once everything is configured would you then take your baselines.

Question 68

169. Which of the following storage network technologies inherently leverages block-level storage?

A. NAS
B. SAN
C. FCoE
D. iSCSI
E. FTP

Answer 68

B. SAN

SAN used to block-level technology while,
NAS provide file level access.
I used to put this is mind like “SUN BLOCK”

Question 69

170. Which of the following networking devices operates at Layer1?

A. Router
B. Firewall
C. Hub
D. Bridge

Answer 69

C. Hub

Question 70

171. A disgruntled employee decides to leak critical information about a companys new product. The employee places keyloggers on the departments computers, allowing the information to be sent out to the Internet. Which of the following attacks is occurring?

A. Man-in-the-middle
B. Logic bomb
C. Insider threat
D. Social engineering

Answer 70

C. Insider threat

Question 71

172. A network technician needs to set up an access method for Ann, a manager, to work from home. Ann needs to locally mapped corporate resources to perform her job. Which of the following would provide secure access to the corporate resources?

A. Utilize an SSH connection to the corporate server.
B. Use TFTP to transfer files to corporate resources.
C. Allow RDP through an external firewall.
D. Connect utilizing client-to-site VPN.

Answer 71

D. Connect utilizing client-to-site VPN.

its very tpical with the VPN logon process that as you log on, the usual logon scripts run on your machine and map the network shares provided on the corporate network to local “logical” drives on your machine. So lets say you are in accounting and there is a share on the accounting server called “accounting-share”, well when you logon to VPN succescully there will be a script or commmand that runs in the background to create a logical drive like “M:" on your local machine and then point it to the network share… hope this explains it…

Question 72

173. Which of the following DNS record types is an alias?

A. CNAME
B. PTR
C. NS
D. SRV

Answer 72

A. CNAME

Question 73

174. A recently constructed building makes use of glass and natural light. Users in the building are reporting poor cellular connectivity and speeds. Which of the following is MOST likely the cause?

A. Absorption
B. Channel overlap
C. Reflection
D. Frequency mismatch

Answer 73

C. Reflection

Reflection/Refraction:
Is when a signal passes through an object and exists at a different angle. The presence of glass or water (especially during weather) can cause this.

Question 74

175. A network technician is working on a new switch implementation to expand the network. Which of the following is the BEST option to ensure the implementation goes according to business requirements?

A. AUP
B. NDA
C. SOP
D. SLA

Answer 74

C. SOP

SOP = Standard Operating Procedure, keyword: implementation

Question 75

176. A technician is utilizing SNMPv3 to monitor network statistics. Which of the following actions would occur immediately of a serverג€™s utilization spikes above the prescribed value?

A. A trap message is sent via UDP to the monitoring workstation.
B. The SET function pushes an alert to the MIB database.
C. The object identifier is modified and reported during the next monitoring cycle.
D. A response message is sent from the agent to the manager.

Answer 75

A. A trap message is sent via UDP to the monitoring workstation.

“An NMS can tell an agent to make changes to the information it queries and sends through a Set PDU, specifically SetRequest”
“An agent can send a Trap with or without prior action from the SNMP manager.”
-Mike Meyers, Network+, page 702-703

In this question, there isn’t a change being requested (therefore it’s not Set). It’s a Trap message letting the technician know that a prescribed value or threshold has been exceeded. An example the book uses is a printer letting technicians automatically know when it is out of ink.

Question 76

177. In which of the following scenarios should a technician use a cross-over cable to provide connectivity?

A. PC to switch
B. Switch to AP
C. Router to switch
D. Router to modem
E. PC to PC

Answer 76

E. PC to PC

Question 77

178. 802.11n clients currently have no way to connect to the network. Which of the following devices should be implemented to let the clients connect?

A. Router
B. Range extender
C. VoIP endpoint
D. Access point

Answer 77

D. Access point

Question 78

179. A network technician is setting up a new router. Since it is exposed to the public, which of the following are the BEST steps the technician should take when setting up this device? (Choose two.)

A. Disable unnecessary services.
B. Use private IP addresses.
C. Allow remote management access.
D. Disable the console port.
E. Enable encryption.
F. Upgrade to the latest firmware.

Answer 78

A. Disable unnecessary services.
F. Upgrade to the latest firmware.

It can be assumed that upgrading to the latest firmware will (for the most part) prevent attackers from accessing a router that is not fully updated and there may be exploits in outdated firmware. Hence, updating it to the latest version. As for disabling the unnecessary services, again, it isn’t implied, but there could be paths or vectors that attackers could detect through running services on the router and use that to get in.

Question 79

180. A network technician is configuring user access to a VPN concentrator and has been advised to use a protocol that supports encryption over UDP. Which of the following protocols has the technician MOST likely configured for client use?

A. TFTP
B. DTLS
C. DNS
D. SNMP

Answer 79

B. DTLS

DTLS VPNS
Datagram TLS (DTLS) VPNs optimize connections for delaysensitive applications, such as voice and video over a VPN. After establishing a traditional TLS tunnel, DTLS VPNs use UDP datagrams rather than TCP segments for communication.

TFTP - Port 69 simple FTP service that is unencrypted
DNS - Port 53 Domain Name System
SNMP - Port 161 Simple Network Management Protocol

Question 80

181. A switch has detected duplicate broadcast messages sourced from a second port. The broadcasts continue to be transmitted and duplicated until the amount of traffic causes severe performance issues. Which of the following should be configured to prevent this?

A. BPDU guard
B. DHCP snooping
C. ARP protection
D. Spanning tree

Answer 80

D. Spanning tree

The source of the broadcasts is from a second port, so from inside the network. ARP poisoning is a MITM attack and comes from outside the network. What is happening here is a routing loop. To prevent routing loops you use STP.

Question 81

182. A Chief Information Officer (CIO) is concentrated about an attacker gaining administrative access to the companys network devices. Which of the following is the MOST secure way to prevent this?

A. ACL allowing only HTTP
B. ACL allowing only Telnet
C. Out-of-band modem
D. Out-of-band console router

Answer 81

D. Out-of-band console router

Out of Band management uses a dedicated wire connection between the Network admin’s computer and a critical device.

Question 82

183. The Chief Executive Officers (CEOs) tablet cannot connect to the wireless network from the corner office. A network technician verified the tablet can connect to the wireless network in other areas of the building. The distance between the office and the 802.11ac WAP is 150ft (46m), and there are a few cubicles in between. Which of the following is the MOST likely cause of the tablet not connecting?

A. Absorption
B. Reflection
C. Distance
D. Refraction
E. Attenuation

Answer 82

C. Distance

The correct answere is C. Distance.
802.11ac has maximum range 35 m, and it operates in 5Ghz frequencey band only.

Question 83

184. A company has two geographically separate locations that need to connect using a VPN. Which of the following devices must be specifically configured to allow VPN traffic into the network?

A. Firewall
B. Switch
C. Router
D. Modem

Answer 83

A. Firewall

Question 84

185. A technician is working on a new machine that has been procured for testing and development. The machine will run a hypervisor and host several operating systems of various types so the development team can test the companys applications in a variety of environments. The technician wants the virtual machines to be available to communicate with each other without leaving the hypervisor. Which of the following is the BEST solution to the problem?

A. The technician should connect the machine to its own separate switch.
B. The technician should add a route in each virtual machine to the default gateway.
C. The technician should configure a virtual switch.
D. The technician should set up individual routes between the machines.

Answer 84

C. The technician should configure a virtual switch.

Question 85

186. A network technician is repurposing a switch that has been in storage for some time. The device has been wiped to factory defaults. Which of the following should be done FIRST to ensure the device has been hardened before configuration?

A. Generate new keys.
B. Disable unused ports.
C. Check for updated firmware.
D. Configure the default VLAN.

Answer 85

C. Check for updated firmware.

Question 86

187. A technician is setting up a wireless access point in a coffee shop. The shop is not concerned with security but only wants to allow customers to have access. Which of the following configurations should the technician deploy?

A. Use a pre-shared key.
B. Set up EAP.
C. Configure RADIUS.
D. Configure MAC filtering.

Answer 86

A. Use a pre-shared key.

The pre-shared key would be one that the shop provides to customers by means of an inside sign or a printed receipt.

Question 87

188. A network administrator is assigned to run and connect a Cat 6e Ethernet cable between two nodes in a datacenter. Which of the following connector types should the network administrator use to terminate this cable?

A. DB-9
B. RS-232
C. DB-25
D. RJ-45

Answer 87

D. RJ-45

Question 88

189. Management has requested that services be available within 72 hours of a disaster. Budget is a major concern. A contract is signed with a company that has plenty of space, and the technician will have the option of putting infrastructure equipment in place. Which of the following BEST describes this business continuity strategy?

A. Cold site
B. Differential backup
C. Hot site
D. Incremental backup
E. Warm site
F. Full backup

Answer 88

A. Cold site

• A cold site is a location that consists of a building, facilities, desks, toilets, parking—everything that a business needs …except computers. A cold site will generally take more than afew days to bring online.
• A warm site is the same as a cold site, but adds computers loaded with software and functioning servers—a complete hardware infrastructure. A warm site lacks current data and may not have functioning Internet/network links. Bringing this site up to speed may start with activating your network links, and it most certainly requires loading data from recent backups. A warm site should only take a day or two to bring online.
• A hot site has everything a warm site does, but also includes very recent backups. It might need just a little data restored from a backup to be current, but in many cases a hot site is a complete duplicate of the primary site. A proper hot site should only take a few hours to bring online.

Question 89

90. A network technician is planning to update the firmware on a router on the network. The technician has downloaded the file from the vendors website. Before installing the firmware update, which of the following steps should the technician perform to ensure file integrity?

A. Perform antivirus and anti-malware scans of the file.
B. Perform a hash on the file for comparison with the vendors hash.
C. Download the file a second time and compare the version numbers.
D. Compare the hash of the file to the previous firmware update.

Answer 89

B. Perform a hash on the file for comparison with the vendors hash.

Question 90

191. A network technician performs a wireless site survey at a company building and identifies that the cafeteria is not covered by a wireless signal. The cafeteria is located in a medium-size, square-shaped room. Which of the following types of WAP antenna should the technician install in the center of the cafeteria to provide the BEST coverage?

A. Unidirectional
B. Parabolic
C. Omnidirectional
D. Yagi

Answer 90

C. Omnidirectional

Question 91

192. An entire enterprise cannot access a specific website. The network technician knows the website was accessible last week. The technician can also ping the website. Which of the following is the technician MOST likely to find upon investigation?

A. The firewall is misconfigured.
B. The network is being hit by a zero-day attack.
C. The SSL certificate is untrusted.
D. The SSL certificate has expired.

Answer 91

D. The SSL certificate has expired.

Question 92

193. At which of the following OSI model layers would a router operate?

A. Physical
B. Network
C. Transport
D. Data link

Answer 92

B. Network

Layer 3 of the OSI model

Question 93

194. Which of the following are DNS record types? (Choose three.)

A. CNAME
B. NTP
C. PTR
D. LDAP
E. DHCP
F. TTL
G. SRV
H. SSH

Answer 93

A. CNAME
C. PTR
G. SRV

DNS Record types:
A (Host address)
AAAA (IPv6 host address)
ALIAS (Auto resolved alias)
CNAME (Canonical name for an alias)
MX (Mail eXchange)
NS (Name Server)
PTR (Pointer)
SOA (Start Of Authority)
SRV (location of service)
TXT (Descriptive text)

Question 94

194. Which of the following backup techniques is used to capture all the data that has changed since the last full backup?

A. Incremental
B. Replica
C. Differential
D. Snapshot

Answer 94

C. Differential

Question 95

196. A network administrator frequently needs to assist users with troubleshooting network hardware remotely, but the users are non-technical and unfamiliar with network devices. Which of the following would BEST help the administrator and users during hands-on troubleshooting?

A. Logical diagrams
B. MDF documentation
C. Equipment labeling
D. Standard operating procedures

Answer 95

D. Standard operating procedures

the question states, “Which… would BEST help the administrator and users during hands-on troubleshooting?” SOPs (or work instructions) are the IT staff’s documented procedures used during certain network conditions or technical issues.

For example, the SOP can illustrate step-by-step procedures for dealing with an Internet outage; the procedures (SOP) could aid the technician to resolve the issue quickly; it can also be used to coach the user to remediate the problem.

Question 96

197. A technician is observing brownout issues at a smaller office. At least once a week, the edge switch power cycles. Which of the following should the technician do to resolve the issue?

A. Install a new switch
B. Install a UPS
C. Replace the switch uplink cable.
D. Install a new electrical circuit.

Answer 96

B. Install a UPS

A UPS is a band aid for this situation. Clearly there is a problem with the switch. HOWEVER, you would first install a UPS to prevent interruption of service THEN a new switch.

Question 97

198. A technician is troubleshooting a workstations network connectivity and wants to confirm which switchport corresponds to the wall jack the PC is using. Which of the following concepts would BEST help the technician?

A. Consistent labeling
B. Change management
C. Standard work instructions
D. Inventory management
E. Network baseline

Answer 97

A. Consistent labeling

Question 98

199. Under which of the following layers of the OSI model do ATM cells operate?

A. Data link
B. Network
C. Session
D. Transport
E. Presentation

Answer 98

A. Data link

ATM operates at the data link layer — Layer 2 in the OSI model — over either fiber or twisted-pair cable

Question 99

200. A new building needs to be joined to an existing network, but management has decided that running fiber is too expensive. Since the buildings are about 1000ft (305m) apart, the IT department has been asked to propose alternatives. Which of the following is the BEST device to add to each building to facilitate the extension of the network while meeting budgetary demands?

A. Switch
B. Router
C. Media converter
D. PRP wireless

Answer 99

D. PRP wireless

The given answer is correct, but only because every other answer does not make sense. This may be a question in the exam that is not weighted and simply used for calibration and statistic purposes. Realistically, fiber or a series of repeaters would be suitable for this scenario.