Test 1

Question 1

1. You just started work as a network technician at Dion Training. You have been asked to check if DHCP snooping has been enabled on one of the network devices. Which of the following commands should you enter within the command line interface?
   A) SHOW ROUTE
   B) SHOW INTERFACE
   C) SHOW DIAGNOSTIC
   D) SHOW CONFIG

Answer 1

D) SHOW CONFIG
Explanation
OBJ-5.3: The “show configuration” command is used on a Cisco networking device to display the device’s current configuration. This would show whether or not the DHCP snooping was enabled on this device. The “show interface” command is used on a Cisco networking device to display the statistics for a given network interface. The “show route” command is used on a Cisco networking device to display the current state of the routing table for a given network device. The “show diagnostic” command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device.

Question 2

2. What is a common technique used by malicious individuals to perform an on-path attack on a wireless network?
   A) ARP SPOOFING
   B) AMPLIFIED DNS ATTACKS
   C) AN EVIL TWIN
   D) SESSION HIJACKING

Answer 2

C) AN EVIL TWIN
Explanation
OBJ-4.2: An evil twin is the most common way to perform an on-path attack on a wireless network. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user’s knowledge. A man-in-the-middle or on-path attack consists of sitting between the connection of two parties and either observing or manipulating traffic. This could be through interfering with legitimate networks or creating fake networks that the attacker controls. ARP spoofing, session hijacking, and amplified DNS attacks are not techniques specific to attacking wireless networks.

Question 3

3. Which of the following remote access tools is a command-line terminal emulation program operating on port 23?
   A) SSH
   B) RDP
   C) VNC
   D) TELNET

Answer 3

D) TELNET
Explanation
OBJ-1.5: Telnet is a TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation). Telnet is unauthenticated, which means it sends data such as the username and password in plain text. For this reason, it should not be used, and SSH should be used instead. Telnet runs over TCP port 23. Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Question 4

4. Scott is a brand new network technician at Dion Training. He has been told to remote into the edge switch from his desk and enable DHCP snooping. Which of the following commands should he use?
   A) TFTP SERVER
   B) NMAP
   C) IP
   D) TELNET

Answer 4

D) TELNET
Explanation
OBJ-5.3: The telnet command is used to open a command-line interface on a remote computer or server. Telnet operates in plain text mode and should never be used over an untrusted or public network. While it would be better for Scott to use SSH for security reasons, telnet is still the best answer based on the options presented in this question. Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network’s clients, servers, and devices. A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface.

Question 5

5. You are installing a new LAN in a building your company just purchased. The building is older, but your company has decided to install a brand new Cat 6a network in it before moving in. You are trying to determine whether to purchase plenum or PVC cabling. Which environmental conditions should be considered before making the purchase?
   A) AIR DUCT PLACEMENT
   B) WORKSTATION MODELS
   C) WINDOW PLACEMENT
   D) FLOOR COMPOSITION

Answer 5

A) AIR DUCT PLACEMENT
Explanation
OBJ-5.2: In a large building, the plenum is the space between floors used to circulate the air conditioning ductwork, piping, electrical, and network cables throughout the building. This space is also an ideal place to run computer network cabling. However, if there is a fire in the building, the PVC network cables can be very hazardous as they create a noxious gas when burnt. If you have a plenum area in the ceiling containing the air ducts, you will need to use plenum-rated cables in your cable trays to prevent creating a dangerous environment for your users.

Question 6

6. Which of the following must be added to a VLAN’s gateway to improve the security of the VLAN?
   A) ACCESS CONTROL LIST
   B) SPANNING TREE PROTOCOL
   C) SPLIT HORIZON
   D) HOLD DOWN TIMER

Answer 6

A) ACCESS CONTROL LIST
Explanation
OBJ-4.3: Without a properly configured ACL, there is no additional security provided by a VLAN. A VLAN (virtual local area network) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). Adding a VLAN to a network provides segmentation of the traffic and traffic must be routed between the VLANs. This allows network administrators the opportunity to allow or deny traffic into or out of a given VLAN for additional security by using access control lists. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks and operates at layer 2 of the OSI model. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. A split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. A hold down timer is a function of a router that prevents a route from being updated for a specified length of time (in seconds). A hold down timer allows for the routers in a topology to have sufficient time to reach convergence and be updated when a route fails.

Question 7

7. Your company is experiencing slow network speeds of about 54Mbps on their wireless network. You have been asked to perform an assessment of the existing wireless network and recommend a solution. You have recommended that the company upgrade to an 802.11n or 802.11ac wireless infrastructure to obtain higher network speeds. Which of the following technologies allows an 802.11n or 802.11ac network to achieve a speed greater than 54 Mbps?
   A) LWAPP
   B) WPA2
   C) PoE
   D) MIMO

Answer 7

D) MIMO
Explanation
OBJ-2.4: One way 802.11n and 802.11ac networks achieve superior throughput and speeds by using multiple-input multiple-output (MIMO) and multi-user MIMO (MU-MIMO), respectively. MIMO uses multiple antennas for transmission and reception, which results in higher speeds than 802.11a and 802.11g networks, which can only support up to 54 Mbps of throughput. Wireless N and Wireless AC networks also utilize the 5 GHz frequency band, allowing them to achieve speeds greater than 54 Mbps. WPA2 is a wireless encryption standard and can be used with Wireless G, N, AC, or AX. Using WPA2 does not increase the speed of the wireless network. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. PoE does not affect the speed of a wireless network. Lightweight Access Point Protocol (LWAPP) is the name of a protocol that can control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring, or troubleshooting a large network. LWAPP does not affect the speed of a wireless network.

Question 8

8. You are trying to select the BEST network topology for a new network based on the following requirements. The design must include redundancy using a minimum of two cables to create the network. The network should not be prone to congestion, therefore each device must wait for its turn to communicate on the network by passing around a token. Which of the following topologies would BEST meet the client’s requirements?
   A) MESH
   B) BUS
   C) RING
   D) STAR

Answer 8

C) RING
Explanation
OBJ-1.2: A ring topology is a local area network (LAN) in which the nodes (workstations or other devices) are connected in a closed-loop configuration. Ring topologies aren’t used heavily in local area networks anymore, but they are still commonly found in wide area network connections as an FDDI ring. An FDDI ring is a Fiber Distributed Data Interface ring, which allows for a network that can communicate up to 120 miles in range, uses a ring-based token network as its basis, and uses two counter-rotating token ring topologies to comprise the single network. This provides redundancy for the network because if one cable is broken or fails, the other can maintain the network operations. The token is used to control which device can communicate on the network, preventing congestion or collisions. A mesh topology connects every node directly to every other node. This creates a highly efficient and redundant network, but it is expensive to build and maintain. A star topology connects all of the other nodes to a central node, usually a switch or a hub. A star topology is the most popular network topology in use on local area networks. A bus topology uses a single cable which connects all the included nodes and the main cable acts as a backbone for the entire network.

Question 9

9. Which of the following type of network models requires the use of specialized computers that utilize networking operating systems to provide services to other networked devices that request services from them over an enterprise network?
   A) CLIENT SERVER
   B) POINT-TO-POINT
   C) PEER-TO-PEER
   D) HUB- AND- SMOKE

Answer 9

A) CLIENT SERVER
Explanation
OBJ-1.2: A client-server network model utilizes specific devices (servers) to provide services to requesters (clients). A server is a specialized computer that runs a networking operating system. A client is any device that requests services over a network, such as a desktop, laptop, tablet, or internet of things device. A peer-to-peer network model does not differentiate between the clients and the servers, and every node can become a client and a server when requesting and responding to service requests. A hub and spoke topology is a network topology where a central device (the hub) is connected to multiple other devices (the spokes). A point-to-point connection provides a path from one communication endpoint to another.

Question 10

10. Dion Training’s email server is not sending out emails to users who have a Yahoo email address. What is the proper order that you should follow to troubleshoot this issue using the CompTIA troubleshooting methodology?
    A) 1. VERIFY SYSTEM FUNCTIONALITY. 2. IDENTIFY THE PROBLEM 3. ESTABLISH A THEORY OF CAUSE 4. ESTABLISH A PLAN OF ACTION TO RESOLVE THE PROBLEM 5. TEST THE THEORY TO DETERMINE THE CAUSE 6. IMPLEMENT THE SOLUTION 7. DOCUMENT THE FINDINGS AND ACTIONS
    B) 1. IDENTIFY THE PROBLEM 2. ESTABLISH A PLAN OF ACTION TO RESOLVE THE PROBLEM 3. IMPLEMENT THE SOLUTION 4. ESTABLISH A THEORY OF CAUSE 5. TEST THE THEORY TO DETERMINE THE CAUSE 6. DOCUMENT THE FINDINGS AND ACTIONS
11. VERIFY SYSTEM FUNCTIONALITY.
    C) 1. IDENTIFY THE PROBLEM 2. ESTABLISH A THEORY OF CAUSE 3. TEST THE THEORY TO DETERMINE THE CAUSE 4. ESTABLISH A PLAN OF ACTION TO RESOLVE THE PROBLEM 5. IMPLEMENT THE SOLUTION 6. VERIFY SYSTEM FUNCTIONALITY 7. DOCUMENT THE FINDINGS AND ACTIONS
    D) 1. ESTABLISH A THEORY OF CAUSE 2. TEST THE THEORY TO DETERMINE THE CAUSE 3. IDENTIFY THE PROBLEM 4. ESTABLISH A PLAN OF ACTION TO RESOLVE THE PROBLEM 5. VERIFY SYSTEM FUNCTIONALITY 6. IMPLEMENT THE SOLUTION 7. DOCUMENT THE FINDINGS AND ACTIONS

Answer 10

C) 1. IDENTIFY THE PROBLEM 2. ESTABLISH A THEORY OF CAUSE 3. TEST THE THEORY TO DETERMINE THE CAUSE 4. ESTABLISH A PLAN OF ACTION TO RESOLVE THE PROBLEM 5. IMPLEMENT THE SOLUTION 6. VERIFY SYSTEM FUNCTIONALITY 7. DOCUMENT THE FINDINGS AND ACTIONS
Explanation
OBJ-5.1: You must know the network troubleshooting methodology steps in the right order for the exam. You will see numerous questions both in the multiple-choice and simulation sections on this topic. If you received this question on the real exam, it will appear as a “drag and drop” question with each of the steps making up a single box, and you need to put them into the correct order. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

Question 11

11. A network administrator updated an Internet server to evaluate some new features in the current release. A week after the update, the Internet server vendor warns that the latest release may have introduced a new vulnerability, and a patch is not available for it yet. Which of the following should the administrator do to mitigate this risk?
    A) DOWNGRADE THE SERVER AND DEFER THE NEW FEATURE TESTING
    B) ENABLE HIPS TO PROTECT THE SERVER UNTIL THE PATCH IS RELEASED
    C) UTILIZE WAF TO RESTRICT MALICIOUS ACTIVITY TO THE INTERNET SERVER
    D) ENABLE THE HOST BASED FIREWALL ON THE INTERNET SERVER

Answer 11

A) DOWNGRADE THE SERVER AND DEFER THE NEW FEATURE TESTING
Explanation
OBJ-4.3: Since the vendor stated that the new version introduces vulnerabilities in the environment, it is best to downgrade the server to the older and more secure version until a patch is available.

Question 12

12. A network technician is diligent about maintaining all system servers at the most current service pack level available. After performing upgrades, users experience issues with server-based applications. Which of the following should be used to prevent issues in the future?
    A) CONFIGURE AN AUTOMATED PATCHING SERVER
    B) VIRTUALIZE THE SERVERS AND TAKE DAILY SNAPSHOTS
    C) CONFIGURE A TEST LAB FOR UPDATES
    D) CONFIGURE A HONEYPOT FOR APPLICATION TESTING

Answer 12

C) CONFIGURE A TEST LAB FOR UPDATES
Explanation
OBJ-4.3: To prevent the service pack issues, make sure to validate them in a test/lab environment first before going ahead and applying a new Service Pack in your production environment. While using an automated patching server is a good idea, no patches should be deployed before being tested in a lab first.

Question 13

13. You are conducting a wireless penetration test against a WPA2-PSK network. Which of the following types of password attacks should you conduct to verify if the network is using any of the Top 1000 commonly used passwords?
    A) HYBRID
    B) DICTIONARY
    C) BRUTE-FORCE
    D) SPRAYING

Answer 13

B) DICTIONARY
Explanation
OBJ-4.2: A dictionary attack is a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file. A brute-force attack consists of an attacker submitting every possible combination for a password or pin until they crack it. Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords. A hybrid attack merges a dictionary attack and a brute-force attack, but provides keywords from a list to use during the brute-force attack modifying the suffixes or prefixes.

Question 14

14. Which type of wireless technology are OFDM, QAM, and QPSK examples of?
    A) MODULATION
    B) FREQUENCY
    C) SPECTRUM
    D) RF INTERFERENCE

Answer 14

A) MODULATION
Explanation
OBJ-2.4: Modulation is the process of varying one or more properties of a periodic waveform, called the carrier signal, with a separate signal called the modulation signal that typically contains information to be transmitted. WiFi can use different digital modulation schemes for data transmission. Common types of modulation include Orthogonal frequency-division multiplexing (OFDM), Quadrature Amplitude Modulation (QAM), and Quadrature Phase-shift keying (PSK). Frequency is the number of occurrences of a repeating event per unit of time. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. Interference occurs when two radios are transmitting or receiving on the same frequencies. Spectrum refers to the range of frequencies used by a radio transmitter or receiver, such as the 2.4 GHz spectrum which includes frequencies from 2.412 GHz to 2.472 GHz in the United States.

Question 15

15. What type of cloud model would allow the sharing of resources by multiple organizations to create a service that benefits all of its members?
    A) COMMUNITY CLOUD
    B) PRIVATE CLOUDE
    C) PUBLIC CLOUD
    D) HYBRID CLOUD

Answer 15

A) COMMUNITY CLOUD
Explanation
OBJ-1.8: A community cloud in computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns, whether managed internally or by a third party and hosted internally or externally. Community Cloud is a hybrid form of private cloud. They are multi-tenant platforms that enable different organizations to work on a shared platform. Community Cloud may be hosted in a data center, owned by one of the tenants, or by a third-party cloud services provider and can be either on-site or off-site. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A private cloud contains services offered either over the Internet or a private internal network and only to select users instead of the general public. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud.

Question 16

16. You have been asked to install a media converter that connects a newly installed SMF to the existing Cat 6a infrastructure. Which type of media converter should you use?
    A) COAXIAL TO ETHERNET
    B) FIBER TO COAXIAL
    C) COAXIAL TO FIBER
    D) FIBER TO ETHERNET

Answer 16

D) FIBER TO ETHERNET
Explanation
OBJ-1.3: A media converter is a Layer 1 device that changes one type of physical network connection to another. In this case, we are converting single-mode fiber (SMF) cable to Cat 6a (ethernet) cable.

Question 17

17. Which type of wireless network utilizes the 2.4 GHz frequency band and reaches speeds of up to 54 Mbps?
    A) 802.11G
    B) 802.11N
    C) 802.11B
    D) 802.11A
    E) 802.11AC
    F) 802.11AX

Answer 17

A) 802.11G
Explanation
OBJ-2.4: The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.

Question 18

18. A network technician must allow HTTP traffic from the Internet over port 80 to an internal server running HTTP over port 81. Which of the following is this an example of?
    A) DYNAMIC DNS
    B) DYNAMIC NAT
    C) PORT FORWARDING
    D) STATIC NAT

Answer 18

C) PORT FORWARDING
Explanation
OBJ-1.4: Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. Port Address Translation (PAT) is a type of dynamic NAT that can map multiple private IP addresses to a single public IP address by using port forwarding. Static NAT (Network Address Translation) is a one-to-one mapping of a private IP address to a public IP address. Dynamic NAT can be defined as mapping a private IP address to a public IP address from a group of public IP addresses known as the NAT pool. Dynamic NAT establishes a one-to-one mapping between a private IP address to a public IP address. Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real-time, with the active DDNS configuration of its configured hostnames, addresses, or other information. Since this question focused on the relationship between port 80 at the gateway or public IP address being mapped to port 81 on the internet server, this is an example of port forwarding that was configured on the gateway or firewall of this network.

Question 19

19. A client has asked you to provide their local office with the BEST solution for a wireless network based on their requirements. The client has stated that their users will need a wireless network that provides a maximum of 54 Mbps of bandwidth and operates in the 2.4GHz frequency band. Which of the following wireless network types should you install to meet their needs?
    A) 802.11AC
    B) 802.11B
    C) 802.11A
    D) 802.11G

Answer 19

D) 802.11G
Explanation
OBJ-2.4: 802.11g provides transmission over short distances at up to 54 Mbps in the 2.4 GHz band. It is backward compatible with 802.11b (which only operates at 11 Mbps). While an 802.11ac network would be the fastest solution, it does not operate in the 2.4 GHz frequency band. 802.11a operates in the 5 GHz frequency band at up to 54 Mbps. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. The 2.4 GHz frequency band is used by 802.11b, 802.11g, and 802.11n. The 5 GHz frequency band is used by 802.11a, 802.11n, 802.11ac, and 802.11ax. The 6 GHz frequency band is used by Wi-Fi 6E under the 802.11ax standard.

Question 20

20. A technician is configuring a computer lab for the students at Dion Training. The computers need to be able to communicate with each other on the internal network, but students using computers should not be able to access the Internet. The current network architecture is segmented using a triple-homed firewall to create the following zones: ZONE INTERFACE, IP address ————————————— PUBLIC, eth0, 66.13.24.16/30 INSTRUCTORS, eth1, 172.16.1.1/24 STUDENTS, eth2, 192.168.1.1/24 What rule on the firewall should the technician configure to prevent students from accessing the Internet?
    A) DENY ALL TRAFFIC FROM ETH2 TO ETH0
    B) DENY ALL TRAFFIC FROM ETH2 TO ETH1
    C) DENY ALL TRAFFIC FROM ETH0 TO ETH2
    D) DENY ALL TRAFFIC FROM EHT1 TO ETH0

Answer 20

A) DENY ALL TRAFFIC FROM ETH2 TO ETH0
Explanation
OBJ-4.3: By denying all traffic from the eth2 to eth0, you will block network traffic from the internal (STUDENT) network to the external (PUBLIC) network over the WAN connection. This will prevent the students from accessing the Internet by blocking all requests to the Internet. For additional security, it would be a good idea to also block all traffic from eth0 to eth2 so that inbound traffic from the internet cannot communicate with the student’s computers. But, since the outbound connections from the students to the internet are being blocked, the student will be unable to access any webpages since they cannot send a request over port 80 or 443. Additionally, by choosing this rule, we have not blocked any network traffic between the instructors and the students.

Question 21

21. You just heard of a new ransomware attack that has been rapidly spreading across the internet that takes advantage of a vulnerability in the Windows SMB protocol. To protect your network until Microsoft releases a security update, you want to block the port for SMB at your firewall to prevent becoming a victim of this attack. Which of the following ports should you add to your blocklist?
    A) 514
    B) 143
    C) 445
    D) 123

Answer 21

C) 445
Explanation
OBJ-1.5: Server Message Block (SMB) uses ports 139 and 445, and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments. When the WannaCry ransomware was spreading rapidly across the internet, you could help protect your organization’s network by blocking ports 139 and 445 at your firewall to prevent your machines from getting infected over the internet. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

Question 22

22. Which of the following levels would a debugging condition generate?
    A) 6
    B) 1
    C) 0
    D) 7

Answer 22

D) 7
Explanation
OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Question 23

23. Tamera and her husband are driving to the beach for the weekend. While her husband drives, she is using her iPhone to browse Facebook. Her phone shows only 1 bar of 3G signal in the current location. She can make and receive calls, but Facebook is refusing to load her news feed. Which of the following is MOST likely the problem?
    A) THE BASEBAND FIRMWARE NEEDS TO BE UPDATED
    B) THE CELLULAR RADIO CANNOT CONNECT TO THE CELLPHONE TOWERS
    C) THE SMARTPHONE HAS BEEN INFECTED WITH A VIRUS
    D) THE DATA SPEEDS ARE INSUFFICIENT WITH ONLY ONE BAR OF SIGNAL

Answer 23

D) THE DATA SPEEDS ARE INSUFFICIENT WITH ONLY ONE BAR OF SIGNAL
Explanation
OBJ-2.4: To make and receive a call using a smartphone, you need at least one bar of signal. A phone call requires much less signal than using cellular data. As the signal strength decreases, so does the data speed. Depending on the frequency and type of signal being used, you may see speeds under 100 Kbps with one bar. This is too slow to load a Facebook news feed adequately.

Question 24

24. What ports do FTP and SFTP utilize?
    A) 21,22
    B) 22 , 23
    C) 21 ,23
    D) 20, 21

Answer 24

A) 21,22
Explanation
OBJ-1.5: FTP (File Transfer Protocol) uses ports 20 and 21. SFTP (Secure File Transfer Protocol) uses port 22. Port 23 is used by Telnet. If this were a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up. (It might also have 4-6 different pairs to match up.)

Question 25

25. You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment?
    A) 77.81.12.13
    B) 77.81.12.12
    C) 77.81.12.15
    D) 77.81.12.14

Answer 25

B) 77.81.12.12
Explanation
OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /30, so each subnet will contain 4 IP addresses. Since the IP address provided is 77.81.12.14/30, the network ID is 77.81.12.12/30, the first router is 77.81.12.13/30, the second router is 77.81.12.14/30, and the broadcast address is 77.81.12.15/30.

Question 26

26. Lynne is a home user who would like to share music throughout the computers in her house using an external USB hard drive connected to a router that she purchased over a year ago. The manufacturer states that the router can recognize drives up to 4TB in size, but she cannot get her 3TB hard drive to show up on the network. Which of the following should Lynne do to solve this issue?
    A) DOWNLOAD A NEW MUSIC PLAYER ON HER COMPUTERS
    B) INSTALL THE LATEST OS ON HER COMPUTERS
    C) LOAD THE LATEST HARDWARE DRIVERS FOR HER USB DRIVE
    D) FLASH THE LATEST FIRMWARE FOR HER ROUTER

Answer 26

D) FLASH THE LATEST FIRMWARE FOR HER ROUTER
Explanation
OBJ-5.5: Routers can be updated by conducting a firmware flash. This is similar to upgrading or patching your computer’s operating system or even updating a device driver. By flashing the firmware, it can provide the ability to communicate with newer devices and remove known software vulnerabilities from the device.

Question 27

27. Which of the following terms represents the maximum amount of data, as measured in time, that an organization is willing to lose during an outage?
    A) RTO
    B) MTTR
    C) RPO
    D) MTBF

Answer 27

C) RPO
Explanation
OBJ-3.3: The recovery point objective (RPO) is the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or tolerance. The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in continuity. The mean time to repair (MTTR) measures the average time it takes to repair a network device when it breaks. The mean time between failures (MTBF) measures the average time between when failures occur on a device.

Question 28

28. Which of the following network topologies requires that all nodes have a point-to-point connection with every other node in the network?
    A) STAR
    B) RING
    C) BUS
    D) MESH

Answer 28

D) MESH
Explanation
OBJ-1.2: A mesh topology connects every node directly to every other node. This creates a highly efficient and redundant network, but it is expensive to build and maintain. A star topology connects all of the other nodes to a central node, usually a switch or a hub. A star topology is the most popular network topology in use on local area networks. A ring topology connects every device to exactly two other neighboring devices to form a circle. Messages in a ring topology travel in one direction and usually rely on a token to control the flow of information. A bus topology uses a single cable which connects all the included nodes and the main cable acts as a backbone for the entire network.

Question 29

29. Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera’s security concerns? (Select TWO)
    A) ENABLE TWO-FACTOR AUTHENTICATION ON THE DEVICE’S WEBSITE ( IF SUPPORTED BY THE COMPANY)
    B) UPGRADE THE FIRMWARE OF THE WIRELESS ACCESS POINT TO THE LATEST VERSION TO IMPROVE THE SECURITY OF THE NETWORK
    C) CONFIGURE THE THERMOSTAT TO TCONNECT TO THE WIRELESS NETWORK USING WPA2 ENCRYPTION AND A LONG, STRONG PASSWORD
    D) DISABLE WIRELESS CONNECTIVITY TO THE THERMOSTAT TO ENSURE A HACKER CANNOT ACCESS IT
    E) CONFIGURE THE THERMOSTAT TO USE THE WEP ENCRYPTION STANDARD FOR ADDITIONAL CONFIDENTIALITY
    F) CONFIGURE THE THERMOSTAT TO USE A SEGREGATED PART OF THE NETWORK BY INSTALLING IT INTO A SCREENED SUBNET

Answer 29

C) CONFIGURE THE THERMOSTAT TO TCONNECT TO THE WIRELESS NETWORK USING WPA2 ENCRYPTION AND A LONG, STRONG PASSWORD
F) CONFIGURE THE THERMOSTAT TO USE A SEGREGATED PART OF THE NETWORK BY INSTALLING IT INTO A SCREENED SUBNET
Explanation
OBJ-2.1: The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network. While enabling two-factor authentication on the device’s website is a good practice, it will not increase the IoT device’s security. While disabling the wireless connectivity to the thermostat will ensure it cannot be hacked, it also will make the device ineffective for the customer’s normal operational needs. WEP is considered a weak encryption scheme, so you should use WPA2 over WEP whenever possible. Finally, upgrading the wireless access point’s firmware is good for security, but it isn’t specific to the IoT device’s security. Therefore, it is not one of the two BEST options.

Question 30

30. You are working as a network technician running new unshielded twisted pair cables from the intermediate distribution frame to the individual offices on the same floor. The cable comes in 1000 foot spools. Which of the following tools should you use to break the cable into shorter distances?
    A) CABLE STRIPPER
    B) CABLE CRIMPER
    C) PUNCHDOWN TOOL
    D) CABLE SNIP

Answer 30

D) CABLE SNIP
Explanation
OBJ-5.2: A cable snip or cable cutter is used to cut copper cables into shorter lengths from a longer spool of wound cable. A cable crimper is used to join the internal wires of a twisted pair cable with metallic pins houses inside a plastic connector, such as an RJ-45 connector. A cable stripper is a hand-held tool that is used to remove the insulation or outer sheath from copper cables such as UTP, STP, or coaxial cables. A punchdown tool is used to insert wires into insulation displacement connectors on patch panels, keystone modules, or punchdown blocks.

Question 31

31. Which protocol is used for the synchronization of clocks between different computer systems over a packet-switched, variable-latency data network?
    A) NTP
    B) DNS
    C) DHCP
    D) TFTP

Answer 31

A) NTP
Explanation
OBJ-1.6: NTP is a networking protocol that is used for the synchronization of clocks between different computer systems that communicate over a packet-switched, variable-latency data network. TCP/IP networks are packet-switched networks, so NTP is used for the synchronization of time across IP-connected servers. Trivial File Transfer Protocol (TFTP) uses port 69 and is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.

Question 32

32. A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem?
    A) SHARED SECRET KEY IS MISMATCHED
    B) GROUP POLICY HAS NOT PROPOGATED TO THE DEVICE
    C) IDS IS BLOCKING RADIUS
    D) USERNAME IS MISSPELLED IN THE DEVICE CONFIGURATION FILE

Answer 32

A) SHARED SECRET KEY IS MISMATCHED
Explanation
OBJ-4.1: AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems. A shared secret is a text string that serves as a password between hosts.

Question 33

33. A network technician determines that two dynamically assigned workstations have duplicate IP addresses. What command should the technician use to correct this issue?
    A) IPCONFIG/ RENEW
    B) IPCONFIG / RELEASE | IPCONFIG / RENEW
    C) IPCONFIG / ALL
    D) IPCONFIG / DHCP

Answer 33

B) IPCONFIG / RELEASE | IPCONFIG / RENEW
Explanation
OBJ-5.3: The ipconfig tool displays all current TCP/IP network configuration values on a given system. The ipconfig also can release and renew a DHCP-received IP on a workstation. The first thing to do is release the IP address using the command ipconfig /release. Next, the technician should dynamically assign another IP address using the command ipconfig /renew. These commands could be each entered individually or combined using the pipe (|) syntax as shown in this question. The ipconfig /all option would be used to display the assigned IP addresses. The ipconfig /renew option would be used to renew an existing DHCP lease and not request a new IP address.

Question 34

34. Dion Training utilizes a wired network throughout the building to provide network connectivity. Jason is concerned that a visitor might plug their laptop into a CAT 5e wall jack in the lobby and access the corporate network. What technology should be utilized to prevent users from gaining access to network resources if they can plug their laptops into the network?
    A) VPN
    B) UTM
    C) DMZ
    D) NAC

Answer 34

D) NAC
Explanation
OBJ-4.1: Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology, the user or system authentication, and network security enforcement. NAC restricts the data that each particular user can access and implements anti-threat applications such as firewalls, anti-virus software, and spyware detection programs. NAC also regulates and restricts the things individual subscribers or users can do once they are connected. If a user is unknown, the NAC can quarantine the device from the network upon connection. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted network such as the Internet. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Unified threat management (UTM) provides multiple security features (anti-virus, anti-spam, content filtering, and web filtering) in a single device or network appliance.

Question 35

35. Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 3.5 Gbps?
    A) 802.11G
    B) 802.11N
    C) 802.11AC
    D) 802.11B
    E) 802.11A
    F) 802.11AX

Answer 35

C) 802.11AC
Explanation
OBJ-2.4: The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth.

Question 36

36. A company has a secondary datacenter in a remote location. The datacenter staff handles cable management and power management. The building’s security is also handled by the datacenter staff with little oversight from the company. Which of the following should the technician do to follow the best practices?
    A) SECURE THE PATCH PANELS
    B) ENSURE POWER MONITORING IS ENABLED
    C) ENSURE LOCKING CABINETS AND RACKS ARE USED
    D) SECURE THE UPS UNITS

Answer 36

C) ENSURE LOCKING CABINETS AND RACKS ARE USED
Explanation
OBJ-4.5: By ensuring locking cabinets and racks are used, the staff would have keyed or RFID card locks installed. This provides an extra layer of physical security to the servers, which is considered a best practice.

Question 37

37. Which of the following applies to data as it travels from Layer 1 to Layer 7 of the OSI model?
    A) TUNNELING
    B) DE-ENCAPSULATION
    C) ENCAPSULATION
    D) TAGGING

Answer 37

B) DE-ENCAPSULATION
Explanation
OBJ-1.1: Data encapsulation and de-encapsulation in a computer network is a necessary process. De-encapsulation in networking is performed at the receiver side or destination side as data moves from layer 1 to layer 7 of the OSI model. As information travels up the layers of the OSI layer, information added from the sender’s encapsulation process is removed layer by layer. Data encapsulation, on the other hand, is performed at the sender side while the data packet is transmitted from source host to destination host. This is a process through which information is added to the data as it moved from layer 7 to layer 1 of the OSI model before the data is sent over the network to the receiver. Tagging is used in 802.1q to identify ethernet traffic as part of a specific VLAN. This occurs at Layer 2 of the OSI model and remains at Layer 2 of the OSI model. Tunneling is the process by which VPN packets reach their intended destination. This normally occurs using the IPsec or TLS protocols and occurs at Layer 2 of the OSI model.

Question 38

38. Which of the following types of network documentation would provide a drawing of the network cabling imposed over the floorplan for an office building?
    A) PHYSICAL NETWORK DIAGRAM
    B) SITE SURVEY REPORT
    C) LOGICAL NETWORK DIAGRAM
    D) WIRING DIAGRAM

Answer 38

A) PHYSICAL NETWORK DIAGRAM
Explanation
OBJ-3.2: A physical network diagram is used to show the actual physical arrangement of the components that make up the network, including cables and hardware. A logical diagram is used to illustrate the flow of data across a network and is used to show how devices communicate with each other. These logical diagrams usually include the subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments in a given network. Wiring diagrams are used to clearly label which cables are connected to which ports. The more in-depth wiring diagrams will include a floorplan or rack diagram, so you can see how the cables are run in the physical environment. A wireless site survey is the process of planning and designing a wireless network to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, and quality of service (QoS). The site survey report will contain a floorplan of the areas surveyed with the wireless coverage areas and signal strengths notated on it.

Question 39

39. Several users at an adjacent office building report intermittent connectivity issues after a new flag pole was installed between the two offices. The network technician has determined the adjacent office building is connected to the main office building via an 802.11ac bridge. The network technician logs into the AP and confirms the SSID, encryption, and channels are all correct. Which of the following is MOST likely the cause of this issue?
    A) DHCP
    B) SIGNAL ATTENUATION
    C) INCORRECT ANTENNA TYPE
    D) BANDWIDTH SATURATION

Answer 39

B) SIGNAL ATTENUATION
Explanation
OBJ-5.4: The most likely reason is signal attenuation from the new flag being placed between the signal path which may be obstructing the line-of-sight between the antennas. Based on where the flag is precisely located, it is possible to only block the signal when the wind is blowing in a certain direction. This would lead to the intermittent connectivity experienced by the users caused by the signal attenuation when the flag is blocking the communication path between the antennas. DHCP exhaustion occurs when the DHCP server runs out of available IP addresses and stops issuing DHCP bindings. If DHCP exhaustion occurred, the users would not have received an IP address and they would have no connectivity instead of intermittent connectivity. The question does not mention anything about the antennas being moved or replaced recently, so it is unlikely to be an issue with the antennas since they worked previously with the same wireless network and distanced. Bandwidth saturation occurs if too many devices are on one WAN link, but nothing in the question indicates that more users have been added and causing an issue.

Question 40

40. Your network is currently under attack from multiple hosts outside of the network. Which type of attack is most likely occurring?
    A) WARDRIVING
    B) DDoS
    C) ON=PATH ATTACK
    D) SPOOFING

Answer 40

B) DDoS
Explanation
OBJ-4.2: A Distributed Denial of Service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system or network. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. An on-path attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. The attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection. Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone.

Question 41

41. What is true concerning jumbo frames?
    A) THEY ARE COMMONLY USED WITH A NAS
    B) THEIR MTU SIZE IS LESS THAN 1500
    C) THEY ARE COMMONLY USED ON A SAN
    D) THEY ARE COMMONLY USED WITH DHCP

Answer 41

C) THEY ARE COMMONLY USED ON A SAN
Explanation
OBJ-2.3: Jumbo frames are Ethernet frames whose MTU is greater than 1500. To increase performance, you should use jumbo frames only when you have a dedicated network or VLAN, and you can configure an MTU of 9000 on all equipment. Because of this, jumbo frames are most commonly used in a storage area network (SAN).

Question 42

42. You have just finished installing a new web application and need to connect it to your Microsoft SQL database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?
    A) 3306
    B) 1433
    C) 1521
    D) 3389

Answer 42

B) 1433
Explanation
OBJ-1.5: Microsoft SQL uses ports 1433, and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). SQLnet uses ports 1521 and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Question 43

43. Elizabeth was replacing a client’s security device that protects their screened subnet. The client has an application that allows external users to access the application remotely. After replacing the devices, the external users cannot connect remotely to the application anymore. Which of the following devices was MOST likely misconfigured and is now causing a problem?
    A) DHCP
    B) FIREWALL
    C) CONTENT FILTER
    D) DNS

Answer 43

B) FIREWALL
Explanation
OBJ-2.1: A firewall is an integral part of creating a screened subnet. If configured correctly, it can regulate exactly what traffic and users are allowed to access the server. This is different from a content filter because a content filter denies traffic to a user based on content, but not access to a server. If the firewall ruleset was not configured to allow external users to access the application remotely, the default condition is to “deny by default”. Content filtering is the use of a program to screen and/or exclude access to web pages or emails deemed objectionable. The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.

Question 44

44. You are performing a high-availability test of a system. As part of the test, you create an interruption on the fiber connection to the network, but the network traffic was not re-routed automatically. Which type of routing is the system utilizing?
    A) DYNAMIC
    B) HYBRID
    C) DISTANCE VECTOR
    D) STATIC

Answer 44

D) STATIC
Explanation
OBJ-2.2: Static routing is a form of routing that occurs when a router uses a manually configured routing entry, rather than information from dynamic routing traffic. Static routes must be configured and re-routed manually during an issue. Dynamic routing, also called adaptive routing, is a process where a router can forward data via a different route or given destination based on the current conditions of the communication circuits within a system. If dynamic routing was used, the router would have automatically routed the traffic to another link or connection on the network. Hybrid routing is a combination of distance-vector routing. Hybrid routing shares its knowledge of the entire network with its neighbors and link-state routing. If a connection is lost, hybrid routing protocols are dynamic and can adjust the advertised routes automatically. A distance-vector routing protocol requires that a router inform its neighbors of topology changes periodically. A distance-vector protocol is a form of dynamic routing and would automatically adjust when the fiber connection or link is lost.

Question 45

45. What is the network ID associated with the host located at 192.168.0.123/29?
    A) 192.168.0.120
    B) 192.168.0.96
    C) 192.168.0.64
    D) 192.168.0.112

Answer 45

A) 192.168.0.120
Explanation
OBJ-1.4: In classless subnets using variable-length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /29, so each subnet will contain 8 IP addresses. Since the IP address provided is 192.168.0.123, it will be in the 192.168.0.120/29 network.

Question 46

46. Janet is a system administrator who is troubleshooting an issue with a DNS server. She notices that the security logs have filled up and must be cleared from the event viewer. She recalls this being a daily occurrence. Which of the following would BEST resolve this issue?
    A) LOG INTO THE DNS SERVER EVERY HOUR TO CHECK IF THE LOGS ARE FULL
    B) INCREASE THE MAXIMUM LOG SIZE
    C) INSTALL AN EVENT MANAGEMENT TOOL
    D) DELETE THE LOGS WHEN FULL

Answer 46

C) INSTALL AN EVENT MANAGEMENT TOOL
Explanation
OBJ-3.1: Using an event management tool will allow the administrator to clear the event logs and move them from the server to a centralized database if needed. This will prevent the logs from filling up on the server without having to delete them permanently from the logging environment.

Question 47

47. Your company wants to create highly available datacenters. Which of the following will allow the company to continue maintaining an Internet presence at all sites if the WAN connection at their own site goes down?
    A) BGP
    B) OSPF
    C) VRRP
    D) LOAD BALANCER

Answer 47

A) BGP
Explanation
OBJ-2.2: If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available. Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP), therefore it will not help be able to reroute the organization’s WAN connections. The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. VRRP is used for your internal clients and will not affect the routing of traffic between WANs or autonomous systems. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle. A load balancer would work at one site, but would not allow routing of the WAN connections at all the other sites since they rely on autonomous systems and BGP is used to route traffic between autonomous systems.

Question 48

48. Which of the following technologies combines the functionality of a firewall, malware scanner, and other security appliances into one device?
    A) SYSLOG
    B) IPS
    C) UTM
    D) IDS

Answer 48

C) UTM
Explanation
OBJ-2.1: A Unified Threat Management (UTM) appliance enforces a variety of security-related measures, combining the work of a firewall, malware scanner, and intrusion detection/prevention. A UTM centralizes the threat management service, providing simpler configuration and reporting than isolated applications spread across several servers or devices. An intrusion detection system (IDS) is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system. Unlike an IPS, which can stop malicious activity or policy violations, an IDS can only log these issues and not stop them. An intrusion prevention system (IPS) conducts the same functions as an IDS but can also block or take actions against malicious events. A Syslog server is a server that collects diagnostic and monitoring data from the hosts and network devices across a given network.

Question 49

49. When a criminal or government investigation is underway, what describes the identification, recovery, or exchange of electronic information relevant to that investigation?
    A) ENCRYPTION
    B) DATA TRANSPORT
    C) FIRST RESPONDER
    D) eDISCOVERY

Answer 49

D) eDISCOVERY
Explanation
OBJ-3.2: By process of elimination, you can easily answer this question. Data transport is the transport of data, while the first responder is the first person to arrive on the scene. Encryption is a method of putting data into a tunnel so that it is completely secure. This leaves us with eDiscovery. eDiscovery is the term that refers to the process of evidence collection through digital forensics. eDiscovery is conducted during an incident response.

Question 50

50. What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them?
    A) RST
    B) SYN
    C) ACK
    D) FIN

Answer 50

A) RST
Explanation
OBJ-1.1: A reset (RST) flag is used to terminate the connection. This type of termination of the connection is used when the sender feels that something has gone wrong with the TCP connection or that the conversation should not have existed in the first place. For example, if a system receives information that is outside of an established session, it will send a RST flag in response. A finish (FIN) flag is used to request that the connection be terminated. This usually occurs at the end of a session and allows for the system to release the reserved resources that were set aside for this connection. A synchronization (SYN) flag is set in the first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake. Once received, the receiver sends back a SYN and ACK flag set in a packet which is then sent back to the initiator to confirm they are ready to initiate the connection. Finally, the initial sender replies with an ACK flag set in a packet so that the three-way handshake can be completed and data transmission can begin.

Question 51

51. A third-party vendor has just released patches to resolve a major vulnerability. There are over 100 critical devices that need to be updated. What action should be taken to ensure the patch is installed with minimal downtime?
    A) DOWNLOAD AND INSTALL ALL PATCHES IN THE PRODUCTION NETWORK DURING THE NEXT SCHEDULED MAINTENANCE PERIOD
    B) DEPLOY THE PATCH IN A LAB ENVIRONMENT TO QUICKLY CONDUCT TESTING, GET APPROVAL FOR AN EMERGENCY CHANGE. AND THEN IMMEDIATELY INSTALL IT IN THE PRODUCTION ENVIRONMENT
    C) CONFIGURE ENDPOINTS TO AUTOMATICALLY DOWNLOAD AND INSTALL THE PATCHES
    D) TEST THE PATCH IN A LAB ENVIRONMENT AND THEN INSTALL IT IN THE PRODUCTION NETWORK DURING THE NEXT SCHEDULED MAINTENANCE

Answer 51

B) DEPLOY THE PATCH IN A LAB ENVIRONMENT TO QUICKLY CONDUCT TESTING, GET APPROVAL FOR AN EMERGENCY CHANGE. AND THEN IMMEDIATELY INSTALL IT IN THE PRODUCTION ENVIRONMENT
Explanation
OBJ-3.2: Patches should always be tested first. Once successfully tested, deployment to the production environment can then be accomplished.

Question 52

52. The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?
    A) WPA PERSONAL
    B) WPA2 ENTERPRISE
    C) WEP
    D) MAC FILTERING

Answer 52

A) WPA PERSONAL
Explanation
OBJ-4.3: Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client. MAC filtering does not use a password or preshared key. WEP uses a pre-shared key to secure a wireless network, but WPA uses a stronger encryption standard than WEP.

Question 53

53. What is the lowest layer (bottom layer) of a bare-metal virtualization environment?
    A) HYPERVISOR
    B) GUEST OPERATING SYSTEM
    C) PHYSICAL HARDWARE
    D) HOST OPERATING SYSTEM

Answer 53

C) PHYSICAL HARDWARE
Explanation
OBJ-1.2: The bottom layer is physical hardware in this environment. It is what sits beneath the hypervisor and controls access to guest operating systems. The bare-metal approach doesn’t have a host operating system. A hypervisor is a program used to run and manage one or more virtual machines on a computer. A host operating system is an operating system that is running the hypervisor. A host operating system is an operating system that is running the hypervisor.

Question 54

54. Dion Training is trying to connect two geographically dispersed offices using a VPN connection. You have been asked to configure their networks to allow VPN traffic into the network. Which device should you configure FIRST?
    A) SWITCH
    B) FIREWALL
    C) ROUTER
    D) MODEM

Answer 54

B) FIREWALL
Explanation
OBJ-2.1: You should FIRST configure the firewall since the firewall is installed at the network’s external boundary (perimeter). By allowing the VPN connection through the firewall, the two networks can be connected and function as a single intranet (internal network). After configuring the firewall, you will need to verify the router is properly configured to route traffic between the two sites using the site-to-site VPN connection. A modem modulates and demodulates electrical signals sent through phone lines, coaxial cables, or other types of wiring. A layer 2 switch is a type of network switch or device that works on the data link layer (OSI Layer 2) and utilizes MAC Address to determine the path through where the frames are to be forwarded. It uses hardware-based switching techniques to connect and transmit data in a local area network (LAN).

Question 55

55. An offsite tape backup storage facility is involved with a forensic investigation. The facility has been told they cannot recycle their outdated tapes until the conclusion of the investigation. Which of the following is the MOST likely reason for this?
    A) THE PROCESS OF DISCOVERY
    B) A DATA TRANSPORT REQUEST
    C) A NOTICE OF A LEGAL HOLD
    D) A CHAIN OF CUSTODY BREACH

Answer 55

C) A NOTICE OF A LEGAL HOLD
Explanation
OBJ-3.2: A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. If a legal hold notice has been given to the backup service, they will not destroy the old backup tapes until the hold is lifted. The process of discovery is the formal process of exchanging information between the parties about the witnesses and evidence they will present at trial. The chain of custody is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. A data transport request is a formalized request to initiate a data transfer by establishing a circuit or connection between two networks.

Question 56

56. You are troubleshooting a network connectivity issue on a student’s workstation at Dion Training. You check the details for the 802.11ac wireless network interface card and it reports the current RSSI level is -95 dB. Which of the following issues would cause this RSSI level?
    A) ENCRYPTION PROTOCOL MISMATCH
    B) INSUFFICIENT WIRELESS COVERAGE
    C) INCORRECT PASSPHRASE
    D) WRONG SSID

Answer 56

B) INSUFFICIENT WIRELESS COVERAGE
Explanation
OBJ-5.4: The received signal strength indication (RSSI) is an estimated measure of the power level that a radio frequency client device is receiving from a wireless access point. If the RSSI is -90dB to -100dB, this indicates an extremely weak connection and insufficient wireless coverage in which the area the device is operating. The service set identifier (SSID) is a natural language name used to identify a wireless network. If you are manually configuring a wireless network and the incorrect SSID is entered, the device will be unable to connect to the network. Encryption protocols are used to protect WEP, WPA, and WPA2 wireless networks. WEP wireless networks utilize the RC4 encryption protocol. WPA wireless networks utilize the TKIP encryption protocol. WPA2 wireless networks utilize the AES encryption protocol, but they also can support the TKIP encryption protocol, as well. If the wrong encryption protocol is used, the wireless client and the wireless access point will be unable to communicate. The passphrase in a wireless network serves as the password or network security key. If the incorrect passphrase was entered, you will receive an error such as “Network security key mismatch” and the wireless device will be unable to communicate with the wireless access point.

Question 57

57. An employee of a highly secure company needs to use facial recognition in addition to a username/password to establish a VPN successfully. What BEST describes this methodology?
    A) GEOFENCING
    B) FEDERATED IDENTITY
    C) PKI
    D) TWO-FACTOR AUTHENTICATION

Answer 57

D) TWO-FACTOR AUTHENTICATION
Explanation
OBJ-4.1: This would classify best as two-factor authentication since it requires “something you are” (facial recognition) and “something you know” (username/password) for successful authentication to occur. Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, inherence, location, or actions.

Question 58

58. You work for Dion Training as a physical security manager. You are concerned that the physical security at the entrance to the company is not sufficient. To increase your security, you are determined to prevent piggybacking. What technique should you implement first?
    A) INSTALL AN ACCESS CONTROL VESTIBULE AT THE ENTRANCE
    B) REQUIRE ALL EMPLOYEES TO WEAR SECURITY BADGES WHEN ENTERING THE BUILDING
    C) INSTALL CCTV TO MONITOR THE ENTRANCE
    D) INSTALL AN RFID BADGE READER AT THE ENTRANCE

Answer 58

A) INSTALL AN ACCESS CONTROL VESTIBULE AT THE ENTRANCE
Explanation
OBJ-4.5: An access control vestibule, or mantrap, is a device that only allows a single person to enter per authentication. This authentication can be done by RFID, a PIN, or other methods. Once verified, the mantrap lets a single person enter through a system, such as a turnstile or rotating door. CCTV will not stop piggybacking, but it could be used as a detective control after an occurrence. Wearing security badges is useful, but it won’t stop piggybacking by a skilled social engineer. RFID badges may be used as part of your entry requirements, but it won’t stop a determined piggyback who follows an employee into the building after their authenticated RFID access has been performed.

Question 59

59. A home user reports to a network technician that the Internet is slow when they attempt to use their smartphone or laptop with their Wi-Fi network. The network administrator logs into the admin area of the user’s access point and discovers that multiple unknown devices are connected to it. What is MOST likely the cause of this issue?
    A) THE USER IS EXPERIENCING ARP POISONING
    B) A SUCCESSFUL WPS ATTACK HAS OCCURRED
    C) THE USER IS CONNECTED TO A BOTNET
    D) AN EVIL TWIN HAS BEEN IMPLEMENTED

Answer 59

C) THE USER IS CONNECTED TO A BOTNET
Explanation
OBJ-4.2: Wi-Fi Protected Setup (WPS) allows users to configure a wireless network without typing in the passphrase. Instead, users can configure devices by pressing buttons or by entering a short personal identification number (PIN). Unfortunately, WPS is fairly easy to hack and unknown devices can then connect to your network without permission. This is the most likely cause of the issue described in the question. If it was an evil twin, the technician would not have been able to log in to the admin area of the device to see the connected devices. ARP poisoning consists of abusing the weaknesses in ARP to corrupt the MAC-to-IP mappings of other devices on the network. This would not affect the number of devices connected to the access point, though, only the switching of their traffic once they connect. A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them. From the description in the question, there is no evidence that the user’s laptop or smartphone are infected with malware. Even if one was infected, it is unlikely they both would be infected with the same malware since laptops and smartphones run different operating systems.

Question 60

60. Jason is a network manager leading a project to deploy a SAN. He is working with the vendor’s support technician to set up and configure the SAN on the enterprise network. To begin SAN I/O optimization, what should Jason provide to the vendor support technician?
    A) ACCESS TO THE DATA CENTER
    B) BASELINE DOCUMENTS
    C) ASSET MANAGEMENT DOCUMENT
    D) NETWORK DIAGRAMS

Answer 60

D) NETWORK DIAGRAMS
Explanation
OBJ-3.2: A network diagram is a visual representation of network architecture. It maps out the structure of a network with a variety of different symbols and line connections. This information will be important when deploying a Storage Area Network (SAN) on the enterprise network. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. Asset management is used to record and track an asset throughout its life cycle, from procurement to disposal. Access to the datacenter will only be required if the vendor’s support technician will be physically working in the datacenter and not performing a remote installation.

Question 61

61. You are working as a network administrator and are worried about the possibility of an insider threat. You want to enable a security feature that would remember the Layer 2 address first connected to a particular switch port to prevent someone from unplugging a workstation from the switch port and connecting their laptop to that same switch port. Which of the following security features would BEST accomplish this goal?
    A) NAC
    B) PORT SECURITY
    C) 802.1x
    D) ACL

Answer 61

B) PORT SECURITY
Explanation
OBJ-4.3: Port security, also known as persistent MAC learning or Sticky MAC, is a security feature that enables an interface to retain dynamically learned MAC addresses when the switch is restarted or if the interface goes down and is brought back online. This is a security feature that can be used to prevent someone from unplugging their office computer and connecting their laptop to the network jack without permission since the switch port connected to that network jack would only allow the computer with the original MAC address to gain connectivity.

Question 62

62. You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?
    A) WPA2
    B) VPN
    C) MAC FILTERING
    D) VLAN

Answer 62

D) VLAN
Explanation
OBJ-4.3: A virtual local area network (VLAN) is a type of network segmentation configured in your network switches that prevent communications between different VLANs without using a router. This allows two virtually separated networks to exist on one physical network and separates the two virtual network’s data. A virtual private network (VPN) is a remote access capability to connect a trusted device over an untrusted network back to the corporate network. A VPN would not create the desired effect. WPA2 is a type of wireless encryption, but it will not create two different segmented networks on the same physical hardware. MAC filtering is used to allow or deny a device from connecting to a network, but it will not create two network segments, as desired.

Question 63

63. You are configuring a network to utilize SNMPv3 to send information from your network devices back to an SNMP manager. Which of the following SNMP options should you enable to ensure the data is transferred confidentially?
    A) AUTHENCRYPT
    B) AUTHNOPRIV
    C) AUTHPROTECT
    D) AUTHPRIV

Answer 63

D) AUTHPRIV
Explanation
OBJ-3.1: In SNMPv3, the authPriv option ensures that the communications are sent with authentication and privacy. This uses MD5 and SHA for authentication and DES and AES for privacy and encryption.

Question 64

64. Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue?
    A) C:\WINDOWS\SYSTEM32> ROUTE PRINT
    B) C:\WINDOWS\SYSTEM32> NBSTAT -R
    C) C:\WINDOWS\SYSTEM32> IPCONFIG /FLUSHDNS
    D) C:\WINDOWS\SYSTEM32> NSLOOKUP

Answer 64

B) C:\WINDOWS\SYSTEM32> NBSTAT -R
Explanation
OBJ-5.3: Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the “nbtstat -R” command to purge and reload the cached name table from the LMHOST file on their Windows workstation. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.

Question 65

65. Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine?
    A) NSLOOKUP
    B) TRACERT
    C) IP
    D) ROUTE

Answer 65

D) ROUTE
Explanation
OBJ-5.3: The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.

Question 66

66. An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted if this change is not immediate. The request comes directly from management and was just approved through the emergency change management process. Which of the following should the technician do?
    A) SEND OUT A NOTIFICATION TO THE COMPANY ABOUT THE CHANGE
    B) WAIT UNTIL THE MAINTENANCE WINDOW AND MAKE THE REQUESTED CHANGE
    C) MAKE THE CHANGE, DOCUMENT THE REQUESTER, AND DOCUMENT ALL NETWORK CHANGES
    D) FIRST DOCUMENT THE POTENTIAL IMPACTS AND PROCEDURES RELATED TO THE CHANGE

Answer 66

C) MAKE THE CHANGE, DOCUMENT THE REQUESTER, AND DOCUMENT ALL NETWORK CHANGES
Explanation
OBJ-3.2: The best answer is to make the change, document the requester, and document all the network changes. All changes to the enterprise network should be approved through the normal change management processes. If there is an urgent need, there is an emergency change management process that can be used for approval. This is known as an emergency change approval board (ECAB). An ECAB can be executed extremely quickly to gain approval, and then the documentation can be completed after the change is made when using the emergency change management processes.

Question 67

67. Dion Training has a single-mode fiber-optic connection between its main office and its satellite office located 30 kilometers away. The connection stopped working, so a technician used an OTDR and found that there is a break in the cable approximately 12.4 kilometers from the main office. Which of the following tools is required to fix this fiber optic connection?
    A) CABLE CRIMPER
    B) MEDIA CONVERTER
    C) FUSION SPLICER
    D) CABLE SNIPS

Answer 67

C) FUSION SPLICER
Explanation
OBJ-5.2: A fusion splicer is used to create long fiber optic cable lengths by splicing multiple cables together or to repair a break in a fiber optic cable. A cable crimper is used to join the internal wires of a twisted pair cable with metallic pins houses inside a plastic connector, such as an RJ-45 connector. A cable snip or cable cutter is used to cut copper cables into shorter lengths from a longer spool of wound cable. A media converter is a layer 1 networking device that connects two different media types, such as a copper twisted pair cable and a fiber optic cable.

Question 68

68. Andy is a network technician who is preparing to configure a company’s network. He has installed a firewall to segment his network into an internal network, a DMZ or screen subnet, and an external network. No hosts on the internal network should be directly accessible by their IP address from the Internet, but they should be able to reach remote networks if they have been assigned an IP address within the network. Which of the following IP addressing solutions would work for this particular network configuration?
    A) PRIVATE
    B) CLASSLESS
    C) APIPA
    D) TEREDO TUNNELING

Answer 68

A) PRIVATE
Explanation
OBJ-1.4: A private IP address is an IP address reserved for internal use behind a router or other Network Address Translation (NAT) devices, apart from the public. Private IP addresses provide an entirely separate set of addresses that still allow access to a network without taking up a public IP address space. Automatic Private IP Addressing (APIPA) is a feature in operating systems (such as Windows) that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn’t reachable. Classless IP addressing solutions allow for the use of subnets that are smaller than the classful subnets associated with Class A, Class B, or Class C networks. Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network.

Question 69

69. Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network?
    A) BUS
    B) RING
    C) HYBRID
    D) STAR

Answer 69

C) HYBRID
Explanation
OBJ-1.2: A hybrid topology is a kind of network topology that is a combination of two or more network topologies, such as mesh topology, bus topology, and ring topology. A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring. The WAN connections are using a ring network topology, but each office is using a star topology. Therefore, the best description of this combined network is a hybrid topology.

Question 70

70. A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem?
    A) THE SWITCHPORT IS CONFIGURED FOR 802.1q TRUNKING
    B) THE WORKSTATION’S NIC HAS A BAD SFP MODULE
    C) APIPA HAS BEEN MISCONFIGURED ON THE VLAN’s SWITCH
    D) THE WORKSTATION’S OS UPDATES HAVE NOT BEEN INSTALLED

Answer 70

A) THE SWITCHPORT IS CONFIGURED FOR 802.1q TRUNKING
Explanation
OBJ-5.5: If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address. APIPA is not configured on the VLAN’s switch, it is configured by default on client and server devices, such as the workstation in this scenario. A small form-factor pluggable (SFP) transceiver is used on routers as a hot-pluggable network interface module, they are not used in workstations. The workstation’s OS update status is unlikely to cause the network connectivity issue, but a network interface driver might. Therefore, the most likely cause of this issue is the switchport was configured as a trunking port instead of an access port.

Question 71

71. Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on? (SELECT TWO)
    A) PORT SECURITY
    B) NAC
    C) GEO-IP
    D) GPS LOCATION

Answer 71

B) NAC
D) GPS LOCATION
Explanation
OBJ-4.3: Network Access Control is used to identify an endpoint’s characteristics when conducting network authentication. The GPS location of the device will provide the longitude and latitude of the user, which could be compared against the GPS coordinates of the building. Port security enables an administrator to configure individual switch ports to allow only a specified number of source MAC addresses to communicate using a given switchport. This would not help to locate the individual based on their location, though. Geo-IP, or geolocation and country lookup of a host based on its IP address, would identify the country of origin of the user, but not whether they are within the building’s confines. Geo-IP is also easily tricked if the user logs in over a VPN connection.

Question 72

72. A network technician connects three temporary office trailers with a point-to-multipoint microwave radio solution in a wooded area. The microwave radios are up, and the network technician can ping network devices in all of the office trailers. However, users are complaining that they are experiencing sporadic connectivity. What is the MOST likely cause of this issue?
    A) LATENCY
    B) THROTTLING
    C) SPLIT HORIZON
    D) INTERFERENCE

Answer 72

D) INTERFERENCE
Explanation
OBJ-5.4: Microwave links require a direct line of sight (LoS) between the antennas to maintain a strong and effective link. These line-of-sight microwave link uses highly directional transmitter and receiver antennas to communicate via a narrowly focused radio beam. Since this microwave-based network is being run in a wooded area, there are likely some trees or leaves that are blocking the line of sight between the antennas. To solve this issue, they should trim the trees and branches to provide a clear light of sight or move the antennas to reestablish a clear line of sight. Latency is the time delay between when a packet is sent and received. While latency will increase with an obstructed microwave line of sight link, latency is an effect of this issue and not the cause of the issue. Throttling is the intentional slowing or speeding of an internet service by an Internet service provider to regulate network traffic and minimize bandwidth congestion. This again is not a cause of intermittent connectivity, but would instead occur if the microwave link was overutilized beyond its SLA contract limitations. Split horizon is a form of route advertisement that prohibits a router from advertising back a route to the same interface from which it learned it. This does not affect the issues experienced with the microwave line. Another way to approach this question is to use the process of elimination: throttling slows down the speed, and latency slows down speed even further. Split horizon prevents loops, so it only makes sense that interference is the correct choice since interference can cause drops in connections in many situations.

Question 73

73. Dion Training Solutions is launching their brand new website. The website needs to be continually accessible to our students and reachable 24x7. Which networking concept would BEST ensure that the website remains up at all times?
    A) COLD SITE
    B) SNAPSHOTS
    C) HIGH AVAILABILITY
    D) WARM SITE

Answer 73

C) HIGH AVAILABILITY
Explanation
OBJ-3.3: High availability is a concept that uses redundant technologies and processes to ensure that a system is up and accessible to the end-users at all times. Snapshots, warm sites, and cold sites may be useful for recovering from a disaster-type event, but they will not ensure high availability. High availability (HA) is a component of a technology system that eliminates single points of failure to ensure continuous operations or uptime for an extended period.

Question 74

74. Your supervisor has asked you to run a Cat 5e cable between two network switches in the server room. Which type of connector should be used with a Cat 5e cable?
    A) DB-25
    B) F-TYPE
    C) RJ-11
    D) RJ-45

Answer 74

D) RJ-45
Explanation
OBJ-1.3: A Cat 5e cable should use an RJ-45 connector on each end of the cable. This is the standard type of connector for twisted pair network cables. RJ-11 connectors are used to terminate telephone lines. F-type connectors are screw-type connectors that are used to terminate coaxial cables. DB-25 is a D-shaped subminiature connector used to terminal serial cables and connections.

Question 75

75. An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following: DIONRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line is up Hardware is GigabitEthernet, address is 000F.33CC.F13A Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Member of L2 VLAN 1, port is untagged, port state is forwarding Which of the following actions should be taken to improve the network performance for this WAN connection?
    A) SHUTDOWN AND THEN RE-ENABLE THIS INTERFACE
    B) REPLACE ETH 1/1 WITH A 1000Base-T TRANSCEIVER
    C) ASSIGN THE INTERFACE A 802.1q TAG TO ITS OWN VLAN
    D) CONFIGURE THE INTERFACE TO USE FULL-DUPLEX

Answer 75

C) ASSIGN THE INTERFACE A 802.1q TAG TO ITS OWN VLAN
Explanation
OBJ-5.5: The WAN interface (eth 1/1) is currently untagged and is being assigned to the default VLAN (VLAN 1). If there are numerous devices in the default VLAN, the VLAN may be overloaded or oversubscribed leading to a reduction in the network performance. To solve this issue, you would assign the WAN interface to a VLAN with less traffic or to its own VLAN. By adding an 802.1q tag (VLAN tag) to the interface, you can assign it to its own individual VLAN and eliminate potential overloading or oversubscription issues. The interface is already set to full-duplex (fdx) and it operating in full-duplex (fdx). Therefore, the issue is not a duplexing mismatch. The configuration shows that the interface is already using a GigabitEthernet, so you do not need to replace the transceiver with a 1000Base-T module. Also, the physical layer is working properly and a link is established, as shown by the output “GigabitEthernet 1/1 is up”, showing the current transceiver is functioning properly at 1 Gbps. While issuing the shutdown command and then re-enabling the interface could clear any errors, based on the interface status shown we have no indications that errors are being detected or reported.

Question 76

76. Your company is currently using a 5 GHz wireless security system, so your boss has asked you to install a 2.4 GHz wireless network to use for the company’s computer network to prevent interference. Which of the following can NOT be installed to provide a 2.4 GHz wireless network?
    A) 802.11B
    B) 802.11N
    C) 802.11G
    D) 802.11AC

Answer 76

D) 802.11AC
Explanation
OBJ-2.4: Wireless networks are configured to use either 2.4 GHz or 5.0 GHz frequencies, depending on the network type. 802.11a and 802.11ac both utilize a 5.0 GHz frequency for their communications. 802.11b and 802.11g both utilize a 2.4 GHz frequency for their communications. 802.11n and 802.11ax utilize either 2.4 GHz, 5.0 GHz, or both, depending on the Wi-Fi device’s manufacturer. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 5.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds.

Question 77

77. Which of the following ports is used by LDAP by default?
    A) 53
    B) 3389
    C) 427
    D) 389

Answer 77

D) 389
Explanation
OBJ-1.5: The lightweight directory access protocol (LDAP) is a protocol used to access and update information in an X.500-style network resource directory. LDAP uses port 389. The service location protocol (SLP) is a protocol or method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. This is an alternative protocol to LDAP in newer networks. SLP uses port 427. The remote desktop protocol (RDP) is a protocol used for the remote administration of a host using a graphical user interface. RDP operates over TCP port 3389. The domain name system (DNS) protocol is the protocol used to provide names for an IP address based on their mappings in a database using TCP/UDP port 53.

Question 78

78. A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?
    A) ANALYZE PACKET CAPTURES
    B) USE NMAP TO QUERY KNOWN PORTS
    C) UTILIZE NETSTAT TO LOCATE ACTIVE CONNECTIONS
    D) REVIEW THE ID3 LOGS ON THE NETWORK

Answer 78

A) ANALYZE PACKET CAPTURES
Explanation
OBJ-5.3: Packet captures contain every packet that is sent and received by the network. By using a program like Wireshark to analyze the packet captures, you can see what kind of information and metadata is contained within the packets. By conducting this type of packet analysis, an attacker (or cybersecurity analyst) can determine if software versions are being sent as part of the packets and their associated metadata.

Question 79

79. A technician needs to ensure wireless coverage in the green space near the center of the college campus. The antenna is being installed in the middle of the field on a pole. Which type of antenna should be installed to ensure maximum coverage?
    A) YAGI
    B) UNIDIRECTIONAL
    C) OMNIDIRECTIONAL
    D) BI-DIRECTIONAL

Answer 79

C) OMNIDIRECTIONAL
Explanation
OBJ-2.4: Omnidirectional antennas send the signal out equally in all directions. Therefore, it will provide the best coverage since it is located in the center of the field. Unidirectional antennas transmit the signal in only one direction and would not provide adequate coverage. Bidirectional antennas transmit the signal in only two directions and would not provide adequate coverage. A Yagi antenna is a type of unidirectional antenna that can focus the transmission over a longer distance but would not be appropriate in this case since you need 360-degree coverage.

Question 80

80. Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 54 Mbps?
    A) 802.11G
    B) 802.11AX
    C) 802.11AC
    D) 802.11A
    E) 802.11B
    F) 802.11N

Answer 80

D) 802.11A
Explanation
OBJ-2.4: The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. Unfortunately, when this was first released, the radios to operate with this standard were fairly expensive, so it did not sell well or become widespread. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.

Question 81

81. The UPS that provides backup power to your server is malfunctioning because its internal battery has died. To replace the battery, you must shut down the server, unplug it from the UPS, and unplug the UPS from its power source (the wall outlet). You perform these actions but think that there has to be a better way to increase the server’s availability in the future. Which of the following recommendations would BEST increase the server’s availability based on your experience with this UPS battery replacement?
    A) REPLACE THE UPS WITH A GENERATOR
    B) INSTALL A SURGE PROTECTOR INSTEAD
    C) ADD A REDUNDANT POWER SUPPLY TO THE SERVER
    D) INSTALL A SECOND UPS IN THE RACK

Answer 81

C) ADD A REDUNDANT POWER SUPPLY TO THE SERVER
Explanation
OBJ-3.3: The BEST recommendation would be to install a redundant power supply in the server. Adding a second UPS would not solve the problem if the server still only has one power supply available. Switching from a UPS to a generator will not solve this issue, either, because generators also require scheduled maintenance and downtimes. Finally, adding a surge protector won’t provide power when you need to power off a UPS for a battery replacement.

Question 82

82. A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?
    A) PLACE THE SERVER IN A SCREENED SUBNET OR DMZ
    B) IMPLEMENT A SPLIT-HORIZON OR SPLIT-VIEW DNS
    C) ADJUST THE ACL ON THE FIREWALL’S INTERNAL INTERFACE
    D) CONFIGURE THE FIREWALL TO SUPPORT DYNAMIC NAT

Answer 82

B) IMPLEMENT A SPLIT-HORIZON OR SPLIT-VIEW DNS
Explanation
OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external). Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet. An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules.

Question 83

83. Which of the following levels would an error condition generate?
    A) 7
    B) 5
    C) 1
    D) 3

Answer 83

D) 3
Explanation
OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Question 84

84. Which of the following policies or plans would describe the access requirements for connecting a user’s laptop to the corporate network?
    A) ONBOARDING POLICY
    B) REMOTE ACCESS POLICY
    C) PASSWORD POLICY
    D) BRING YOUR OWN DEVICE POLICY

Answer 84

D) BRING YOUR OWN DEVICE POLICY
Explanation
OBJ-3.2: A bring your own device (BYOD) policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops. A remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network. A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. An onboarding policy is a documented policy that describes all the requirements for integrating a new employee into the company and its cultures, as well as getting that new hire all the tools and information they need to begin their job successfully.

Question 85

85. Your company has just purchased a new building down the street for its executive suites. You have been asked to select the proper antennas to establish a wireless connection between the two buildings.
    Which of the following is the BEST antenna configuration to use for AP4 and AP5 to control the signal propagation and minimize the chances of the signal being intercepted?
    A) PICK A 15 dB RIGHT PARABOLIC FOR AP4 AND A 15 dB LEFT PARABOLIC FOR AP5
    B) PICK A 5 dB LEFT DIRECTIONAL FOR AP4 AND A 5 dB RIGHT DIRECTION FOR AP5
    C) PICK A 15 dB LEFT PARABOLIC FOR AP4 AND A 15 dB RIGHT PARABOLIC FOR AP5
    D) PICK A 5 dB RIGHT DIRECTIONAL FOR AP4 AND A 5 dB LEFT DIRECTIONAL FOR AP5

Answer 85

A) PICK A 15 dB RIGHT PARABOLIC FOR AP4 AND A 15 dB LEFT PARABOLIC FOR AP5
Explanation
OBJ-5.4: Parabolic antennas work well for outside wireless applications where you want directional control of the signal (such as when connecting two buildings) and over a longer distance (such as “down the street” as in this scenario). The other possible option was the Directional antennas, but the signal strength of 5 dB would not be sufficient for an outdoor wireless connection over the distance presented in this scenario.

Question 86

86. Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line?
    A) MULTILAYER SWITCH
    B) ACCESS POINT
    C) DOCSIS MODEM
    D) ANALOG MODEM

Answer 86

D) ANALOG MODEM
Explanation
OBJ-1.2: An analog modem is a device that converts the computer’s digital pulses to tones that can be carried over analog telephone lines and vice versa. DSL is the other type of Internet connection that uses an RJ-11 connection to a phone line. A DOCSIS modem is a cable modem and would require a coaxial cable with an F-type connector. An access point is a wireless device that connects to an existing network using twisted pair copper cables and an RJ-45 connector. A multilayer switch can use either twisted pair copper cables using an RJ-45 connector or a fiber optic cable using an MTRJ, ST, SC, or LC connector.

Question 87

87. What type of services can allow you to get more storage and more resources added to the cloud as fast as possible?
    A) MEASURED SERVICES
    B) METERED SERVICES
    C) RESOURCE POOLING
    D) RAPID ELASTICITY

Answer 87

D) RAPID ELASTICITY
Explanation
OBJ-1.8: Rapid elasticity allows users to automatically request additional space in the cloud or other types of services. Because of the setup of cloud computing services, provisioning can be seamless for the client or user. Providers still need to allocate and de-allocate resources that are often irrelevant on the client or user’s side. This feature allows a service to be scaled up without purchasing, installing, and configuring new hardware, unlike if you had to install more physical storage into a server or datacenter. Resource pooling refers to the concept that allows a virtual environment to allocate memory and processing capacity for a VMs use. Metered services are pre-paid, a-la-carte, pay-per-use, or committed offerings. A metered service like a database may charge its users based on the actual usage of the service resources on an hourly or monthly basis. For example, Dion Training used the AWS Lambda serverless product in some of our automation. This service charges us $0.20 for every 1 million requests processed. Measured service is a term that IT professionals apply to cloud computing that references services where the cloud provider measures or monitors the provision of services for various reasons, including billing, effective use of resources, or overall predictive planning.

Question 88

88. Which of the following concepts is the MOST important for a company’s long-term health in the event of a disaster?
    A) OFF SITE BACKUPS
    B) UNINTERRUPTIBLE POWER SUPPLIES
    C) IMPLEMENTING AN ACCEPTABLE USE POLICY
    D) VULNERABILITY SCANNING

Answer 88

A) OFF SITE BACKUPS
Explanation
OBJ-3.3: In case of a disaster, you must protect your data. Some of the most common strategies for data protection include backups made to tape and sent off-site at regular intervals or the use of cloud-based backup solutions. All of the other options are good, too, but the MOST important is a good backup copy of your company’s data.

Question 89

89. You are working as a wireless networking technician and have been sent to a user’s home to install a brand new 802.11ac wireless access point to replace their old access point. To ensure all of the current devices on the network will automatically connect to the new network, you set the SSID, encryption type, and password to the same ones as the existing access point. You turn the new access point on and notice most of the devices connect automatically, but one older wireless printer won’t connect. You notice that the printer is about 7 years old, but the user says it has always worked great over the old wireless network. What is the MOST likely reason that the printer will not connect to the new access point?
    A) THE INCORRECT CHANNEL IS CONFIGURED ON THE ACCESS POINT
    B) THE WIRELESS PRINTER IS CONFIGURED WITH THE WRONG PASSWORD
    C) THE TRANSMIT POWER ON THE ACCESS POINT IS TOO LOW
    D) THE ACCESS POINT AND THE WIRELESS PRINTER HAVE A FREQUENCY MISMATCH

Answer 89

D) THE ACCESS POINT AND THE WIRELESS PRINTER HAVE A FREQUENCY MISMATCH
Explanation
OBJ-5.4: Wireless B/G networks utilize 2.4 GHz, while Wireless AC uses 5.0 GHz. Wireless N can support both 2.4 GHz and 5.0 GHz frequencies. The most likely cause of the issue is that the older access point supported both 2.4 GHz (for older devices) and 5.0 GHz (for newer devices). Since you installed a brand new 802.11ac access point, it is only broadcasting at 5.0 GHz and is preventing the older printer from connecting due to a frequency mismatch. Since the other devices are all connected to it without any issues, it is unlikely to be an issue with the transmission power or the password. With Wireless AC, the channel is automatically configured by the access point by default since there are 24 non-overlapping channels to choose from, making it an unlikely source of this issue.

Question 90

90. Which type of network device operates at layer 1 of the OSI model and requires connected devices to operate at half-duplex using CSMA/CD?
    A) SWITCH
    B) HUB
    C) BRIDGE
    D) ROUTER

Answer 90

B) HUB
Explanation
OBJ-2.1: A hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub operates at the physical layer (Layer 1) of the OSI model. All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain.