Test 4

Question 1

401. Which of the following allow for higher fault tolerance, availability, and performance across multiple systems? (Choose two.)

A. Load balancer
B. Jumbo frames
C. Clustering
D. Round robin
E. TCP offloading

Answer 1

A. Load balancer

C. Clustering

Question 2

402. A technician is investigating an issue related to a single host that is unable to access the Internet. The technician records the following information: Host IP
403. 254.1.10. The network IP address range on the DHCP server is 10.10.5.2-10.10.5.250 with a default gateway 10.10.5.1 and a DNS of 8.8.8.8. Which of the following should the technician perform to troubleshoot the issue?

A. Change the IP scope on the DHCP server to a public IP address range.
B. Perform a traceroute command to identify the router that is not functioning.
C. Verify the host has physical connectivity and is on the correct VLAN.
D. Configure the DNS address in the DHCP scope to a 10.10.5.0/24 address.

Answer 2

C. Verify the host has physical connectivity and is on the correct VLAN.

APPIPA doesn’t require physical connectivity. It is a locally created address for when Windows can’t reach a DHCP server for whatever reason.

Question 3

403. A network administrator wants to reduce the amount of time each user takes to log in to different systems in the network. Which of the following would reduce the time spent authenticating?

A. Kerberos
B. RADIUS
C. Certificate
D. SSO
E. MFA
F. NAC

Answer 3

D. SSO

Question 4

404. A network technician arrives at a remote office and is unable to connect a laptop to corporate resources using the wireless network. After checking the IP address, the network technician notices the assigned IP address does not belong to the corporate network IP scheme. Which of the following has the network technician discovered?

A. Evil twin
B. ARP poisoning
C. DHCP exhaustion
D. Social engineering

Answer 4

A. Evil twin

The main reason why I was able to get A as the answer is because it doesn’t mention that an APIPA address is assigned, and says the address it has isn’t in the scope provided by their servers.

Question 5

405. Which of the following is an object held within an MIB?

A. OUI
B. OTDR
C. OID
D. SNMP host
E. SNMP agent
F. SNMP trap

Answer 5

C. OID

Everything on a device that can be monitored by SNMP is assigned an object identifier. a management information base translates OID into readable text.

Question 6

406. Which of the following storage network technologies has the HIGHEST throughput?

A. FCoE
B. InfiniBand
C. iSCSI
D. OC3

Answer 6

B. InfiniBand

Question 7

407. The corporate head office has assigned the subnet of 10.1.100.0/24 to a network technician. The technician wants to create subnets for the finance department, human resources, and IT. Given the following device counts:

Finance: 70 devices -
Human resources: 38 devices -
IT: 16 devices -

Which of the following outlines how the technician should allocate the address space given?

A. Finance: 10.1.100.0/21 Human resources: 10.1.100.128/22 IT: 10.1.100.192/23
B. Finance: 10.1.100.0/23 Human resources: 10.1.100.128/22 IT: 10.1.100.192/21
C. Finance: 10.1.100.0/25 Human resources: 10.1.100.128/26 IT: 10.1.100.192/27
D. Finance: 10.1.100.0/26 Human resources: 10.1.100.128/27 IT: 10.1.100.192/28

Answer 7

C. Finance: 10.1.100.0/25 Human resources: 10.1.100.128/26 IT: 10.1.100.192/27

Question 8

408. A network administrator is configuring the 172.16.40.0/22 network for a new building. Which of the following is the number of hosts that will be supported on this network?

A. 510
B. 512
C. 1022
D. 1024
E. 2046
F. 2048

Answer 8

C. 1022

/22 = 11111111.11111111.11111100.00000000 = 1024 host - 2 network ID and broadcast = 1022 available host

Question 9

409. At which of the following layers of the OSI model does compression occur?

A. Session
B. Transport
C. Data link
D. Presentation

Answer 9

D. Presentation

Com-PRES-sion. PRESentation

Question 10

410. Users report that the network is slow. Upon investigation, the technician notices all users are on one large subnet. Which of the following devices should be used to break up broadcast domains?

A. Layer 2 switch
B. Layer 3 switch
C. Signal repeater
D. Bridge
E. Domain server

Answer 10

B. Layer 3 switch

Routers separate broadcast domains. Next best thing is a Layer 3 switch. Which operates like a router.
Layer 2 for collision, Layer 3 for Broadcast

Question 11

411. Ann, a user, reports that her desktop phone is not working on one cable. However, that cable provides connectivity to her laptop. A technician determines PoE is not provided to the end device. Which of the following is MOST likely the cause?

A. Transceiver mismatch
B. Crosstalk
C. Jitter
D. Open/short on the cable

Answer 11

A. Transceiver mismatch

PoE = VoIP, but without PoE the laptop works. This is due to transceiver mismatch. Crosstalk and Jitter would not give this symptom. Bad cable would not let the laptop connect.

Question 12

412. A network technician has been asked to create secure private networks between a companys headquarters and several branch locations. The company has provided the on-premises equipment, but each branch has a different ISP. Which of the following technologies should the technician consider using to accomplish this?

A. Site-to-site
B. Client-to-site
C. Point-to-point
D. Point-to-multipoint

Answer 12

A. Site-to-site

Question 13

413. A department is reporting network issues. Users can ping each other and the switch, but not the default gateway. When looking at a wiring diagram and a physical blueprint, a technician notices the 1000BaseLX SFP connects to a distribution switch via a cable that runs behind a large industrial refrigerator. The technician also notices both switches have been worked on recently. Which of the following is MOST likely the issue?

A. EMI
B. TX/RX reverse
C. Open/short
D. Attenuation

Answer 13

A. EMI

CompTIA questions and answer aren’t always going to make sense. The key is to eliminate all the they answers provided. The question says, “Which of the following is (MOST) likely the issue”. By reading the question, we can eliminate attenuation and short off top. The question also states, “users can ping each other and the switch”, meaning all cable connections are good. TX/RX reverse can’t possibly be the issue, leaving answer A, EMI. I honest don’t think its fair how they design their questions. We all are familiar with each answer and know exactly what they are but the way the questions are set up is deceitful and a lot times they can be vague.

Question 14

414. A shop owner wants to ensure that only a specified group of devices can access the wireless network. Which of the following methodologies will BEST ensure unauthorized devices cannot consume the shop owners limited Internet bandwidth?

A. Disable the SSID broadcast.
B. Implement WEP authentication.
C. Change the WiFi password.
D. Activate MAC address filtering.

Answer 14

D. Activate MAC address filtering.

Question 15

415. A large company uses an AAA server to manage network device access. The engineers can use their domain credentials to access all other servers. Currently, the network engineers cannot access the AAA server using domain credentials, but they can access it using a local account. Which of the following should the engineers update?

A. Host-based firewall settings
B. TACAS+ server time
C. Server IP address
D. DNS SRV record

Answer 15

B. TACAS+ server time

Question 16

416. A network technician has been asked to install an additional switch in an IDF, but all of the single-mode fiber is in use between the IDF and MDF. The technician has deployed new transceivers that allow for the use of a single fiber stand, providing the additional fiber needed for the new switch. Which of the following has the technician deployed?

A. 1000BaseLX SFP
B. Duplex GBIC
C. Duplex SFP+
D. Bidirectional SFP

Answer 16

D. Bidirectional SFP

It’s a Bi-Directional (BiDi) transceiver. Traffic in both directions on a single fiber using two different wavelengths. Reduce the number of fiber runs in half.

Question 17

417. A network administrator wants to ensure all traffic is inspected and abides by the AUP, and that malicious traffic is stopped. Which of the following features should be enabled on a firewall to meet this requirement?

A. Intrusion detection
B. Proxy service
C. Dynamic DNS
D. Content filtering

Answer 17

D. Content filtering

This questions is looking for a feature that “abides by the AUP” (Acceptable Use Policy) which is pertaining to employees of a company. In addition, content filtering can stop malicious traffic.

Question 18

418. A network technician has purchased a 10GBase-T switch and wishes to connect it to 30 computers with 10GB network cards. The computers are 225ft (69m) away, and all need to establish a 10 Gbps connection to meet business requirements. To minimize costs while still meeting these requirements, which of the following cable types should the technician choose?

A. Cat 5e
B. Cat 6
C. Cat 6a
D. Cat 7

Answer 18

C. Cat 6a

Cat6 only supports 10 Gbp/s to 165 feet (55 meters).
Cat6A supports 10 Gbp/s (Gigabits per second) up to 328 feet (100 meters).

Question 19

419. A technician is configuring a new email server and needs to modify DNS records. Which of the following records should the technician update to ensure email functions as expected?

A. MX
B. CNAME
C. AAAA
D. SRV

Answer 19

A. MX

Question 20

420. Which of the following BEST describes the functionality of the root guard feature on a switch?

A. BPDUs entering the root bridge are ignored.
B. The STP root bridge cannot be changed.
C. Broadcast storms entering from a root port are blocked.
D. Loop protection is enabled on the root port of a switch.

Answer 20

B. The STP root bridge cannot be changed.

“Unlike the BPDU Guard which will disable a port upon receipt of a BPDU, the Spanning Tree Root Guard feature will allow BPDU’s through a port to maintain the spanning tree topology, however if it receives a superior BPDU, which indicates that another switch is trying to become the root bridge it will err-disable the port.

This feature is used to protect your root bridges from misconfiguration or a layer 2 man in the middle attack.”

Question 21

421. A network administrator is adding a new WAN circuit from the ISP to a new building. In which of the following locations would the network administrator find the utility entry point?

A. DMZ
B. Data tier
C. IDF
D. Demarc

Answer 21

D. Demarc

Question 22

422. The help desk is receiving reports of intermittent connections to a server. A help desk technician suspects the server is unable to establish a three-way handshake due to a DoS attack. Which of the following commands should a network administrator use to confirm the help desk technicianג€™s claim?

A. nmap
B. arp
C. tcpdump
D. dig

Answer 22

C. tcpdump

Question 23

423. A technician discovered a company computer had a virus but was unable to remove it. The technician decided to erase the hard drive to eliminate the threat.
     Which of the following policies did the technician violate?

A. Data loss prevention
B. Incident response
C. Asset disposal
D. Acceptable use

Answer 23

A. Data loss prevention

Question 24

424. A company hires another firm to test the integrity of its information security controls. This is an example of:

A. role separation
B. device hardening
C. risk assessment
D. penetration testing

Answer 24

D. penetration testing

Question 25

425. A network technician is troubleshooting an issue routing TCP packets to an email server. At which of the following OSI layers is the issue occurring?

A. Layer 1 Physical
B. Layer 3 Network
C. Layer 4 Transport
D. Layer 7 Application

Answer 25

C. Layer 4 Transport

TCP and UDP works at Layer 4 of OSI Model, the transport layer

Question 26

426. A vendor is installing an Ethernet network in a new hospital wing. The cabling is primarily run above the celling grid near air conditioning ducts and sprinkler pipes.
     Which of the following cable types is required for this installation?

A. Plenum
B. PVC
C. Single-mode
D. Cat 7

Answer 26

A. Plenum

Question 27

427. A network technician works in a large environment with several thousand users. Due to the needs of the organization, the network manager has asked the technician to design a solution that accommodates the data needs of all the users, while keeping all data on site. Which of the following solutions should the technician implement?

A. SaaS
B. SAN
C. NAS
D. IaaS

Answer 27

B. SAN

SAN is block based while NAS is file based.
I think the key here is ‘several thousand users’ which indicates the need for enterprise-grade/level deployment capabilities which includes availability & redundancy

Question 28

428. Which of the following can be used to prevent unauthorized employees from entering restricted areas?

A. Sign-in sheets
B. Video cameras
C. Motion sensors
D. Swipe badges

Answer 28

D. Swipe badges

Question 29

429. A Chief Information Security Officer (CISO) has decided to implement a secure and user-friendly way to connect to the corporate wireless network. Each workstation will be authenticated individually using a unique certificate that will be deployed to the workstation by the organizations certificate authority. Which of the following authentication methods would meet this requirement?

A. PEAP
B. WP2-PSK
C. Captive portal
D. EAP-TLS

Answer 29

D. EAP-TLS

Question 30

430. A bookstore uses a Faraday cage to comply with credit card regulations. Customers report that their cellular phones have no signal when they are in the bookstore. Which of the following is the MOST likely cause?

A. The Faraday cage is creating interference within the bookstore.
B. The Faraday cage prevents access by redirecting signals.
C. The Faraday cage is creating latency on the cellular network.
D. The Faraday cage is creating attenuation of the cellular network.

Answer 30

B. The Faraday cage prevents access by redirecting signals.

The reception or transmission of radio waves, a form of electromagnetic radiation, to or from an antenna within a Faraday cage is heavily attenuated or blocked by the cage

Question 31

431. An administrator is redesigning a companys network and wants to reduce the amount of hardware needed. Currently, all VLAN routing goes out a single switch interface to a router.
     Which of the following would reduce the number of devices in this configuration?

A. Bridge
B. Multilayer switch
C. Switch
D. Next-generation firewall

Answer 31

B. Multilayer switch

Question 32

432. A network technician needs to distribute an updated OS for all network switches at company locations throughout the world. The technician wants to ensure file integrity since several locations do not have high-quality connectivity to the Internet.
     Which of the following methods should be used to distribute the images while ensuring integrity?

A. Use a TFTP server and UDP protocol.
B. Use an FTP server and provide the file hash.
C. Use an HTTP server to share the file.
D. Use a modem and dial-up connection.

Answer 32

B. Use an FTP server and provide the file hash.

Question 33

433. Which of the following OSI layers do TCP and UDP operate within?

    A. Data link
    B. Network
    C. Session
    D. Transport
    E. Presentation
    F. Application

Answer 33

D. Transport

Question 34

434. A company has decided to allow certain users to work remotely by opening up a VPN connection through the firewall. The security policy has been updated to allow VPN connections only from certain users and to specific areas on the network. Along with configuring the correct policies on the firewall, which of the following also needs to be configured on users mobile devices to allow these VPN connections?

A. VNC application
B. Kerberos
C. Geotagging application
D. Credentials

Answer 34

D. Credentials

Question 35

435. Which of the following OSI layers do TCP and UDP operate within?

A. Data link
B. Network
C. Session
D. Transport
E. Presentation
F. Application

Answer 35

D. Transport

Question 36

436. A network engineer is working on a network connectivity problem between a site in California and a site in New York. The connection went down overnight, and the engineer is unsure where the connection failed. The technician is logged into the primary switch in the customers network, which is also the companys connection to the WAN.
     Which of the following tools should the technician use to determine the last available network hop?

A. netstat
B. Nmap
C. traceroute
D. pathping

Answer 36

C. traceroute

Traceroute gives more information that pathping does

Pathping and Tracert are similar, both are used to test connectivity and latency. … Pathping does a traceroute to the destination, and then uses ICMP to ping each hop in the path 100 times. This means pathping will give more accurate latency information. But it is still subject to the same issues as traceroute.

Question 37

437. A network manager is concerned about visitors taking advantage of open cubicies at a company’s facilities. Which of the following would mitigate this issue?

A. Create a VLAN for all unused switchports.
B. Implement a DMZ for all external services.
C. Implement root guard on all switches.
D. Create a honeypot to attract attackers.

Answer 37

A. Create a VLAN for all unused switchports.
or
B. Implement a DMZ for all external services.

Question 38

438. oe, a user, is having issues when trying to access certain web pages. Upon navigating to a web page, it seems like it connects, but then presents the following message:
     The security certificate presented by this website was not trusted by a trusted certificate authority.
     Joe has cleared his cache and cookies, rebooted his machine, and attempted to browse to the website from a coworkers desktop, but it still presented with this error. Which of the following is the MOST likely cause of this error?

A. The web server is missing an intermediate certificate.
B. The website is missing an HTTPS certificate.
C. TLS is not enabled in the browser.
D. The SSL certificate has expired.

Answer 38

A. The web server is missing an intermediate certificate.

The question does not state that the user is attempting to connect to web pages that require encryption, i.e. SSL/TLS (Secure Sockets Layer/Transport Layer Security); instead, we can only assume that “certain web pages” are merely regular web pages that do not entail the transmission of encrypted data. Hence, an SSL certificate is surely not required in this instance since not all websites utilise SSL/TLS. For that reason, (A) seems like the most credible answer

Question 39

439. Which of the following is used to define the duration during which a client can use an IP address?

A. MAC reservation
B. IP helper
C. Pool
D. Lease time

Answer 39

D. Lease time

Question 40

440. A small company is requesting a quote to refresh its wireless network. The company currently runs 60 autonomous APs and has plans to increase wireless density by 50% in the near future. The requirements state that the chosen solution should significantly decrease the management overhead of the current wireless network.
     Which of the following should the vendors recommend in response to the quote request?

A. The use of lightweight APs with a load balancer
B. The use of autonomous APs with a wireless controller
C. The use of autonomous APs with a load balancer
D. The use of lightweight APs with a wireless controller

Answer 40

D. The use of lightweight APs with a wireless controller

lightweight is easier to manage because it is controlled through a centralized wireless controller

Question 41

441. A network support specialist is setting up wireless networks for several small companies that are leasing adjacent spaces in an office building. The network support specialist has already configured an access point for each office with WPA2-AES encryption and minimized any overlap of the wireless channels. Several of the companies have expressed concerns about performance and security issues due to the high volume of wireless networks being installed in close proximity.
     Which of the following actions will BEST mitigate the companies concerns?

A. Reduce the TX power on each access point.
B. Enable MAC address filtering on each access point.
C. Disable the SSID broadcast on each access point.
D. Enable AP isolation on each access point.

Answer 41

A. Reduce the TX power on each access point.

Tx- power is a measure of how strong the signal is transmitted. The best setting is the minimum level necessary to keep the signal with the boundaries of the WiFi’s location.

You don’t want the signal extending past your house because if it does the door is open to hackers. If they need to be in your house to hack it, you’ll likely find they don’t bother.

Question 42

442. A network technician receives a trouble ticket and speaks to the user who is experiencing the issues with the application. Which of the following should the technician perform NEXT?

A. Gather information.
B. Determine the symptoms.
C. Establish a plan of action.
D. Document the findings

Answer 42

A. Gather information.

From the CompTIA objectives:
Identify the problem
- Gather information
- Duplicate the problem, if possible
- Question users
- Identify symptoms

speaks to the user who is experiencing the issues with the application – speak to the users like “how are you”, can I get your name then what is the cause of the problem. It is clear that you gathered information because you can not determine and plan an action without gathering information.

Question 43

443. A company wants to implement a wireless infrastructure on its campus to meet the needs of its BYOD initiative. The company has users with legacy devices and wants to accommodate them while delivering speed to other users who have modern systems.
     Which of the following standards BEST fits these requirements?

A. 802.11a
B. 802.11ac
C. 802.11b
D. 802.11n

Answer 43

D. 802.11n

IEEE 802.11ac === 5GHz BAND.
IEEE 802.11n === 2.4GHz and 5GHz band.

Question 44

444. Joe, a technician, is attempting to resolve an issue with an off-site router remotely. Joe needs to reset the WAN connection settings and wants to ensure he will have access to the router at all times to monitor the changes.
     Which of the following solutions would BEST meet this goal?

A. Use a secure SSH connection over the WAN link.
B. Telnet into the router over the company VPN.
C. Implement a modem on the AUX port.
D. Configure a DSL router to the console port.

Answer 44

C. Implement a modem on the AUX port.

AUX port - backup console port - using dial-up
Auxiliary Port (AUX Port) allows a direct, non-network connection to the router, from a remote location. The Auxiliary Port (AUX Port) uses a connector type to which modems can plug into, which allows an administrator from a remote location to access the router like a console port.

console port - using terminal emulation

Question 45

445. To achieve a more efficient and secure work environment, a company needs a way to control what is being accessed on the Internet using corporate resources.
     Which of the following devices should be used to accomplish this task? (Choose two.)

A. Proxy server
B. IDS
C. Load balancer
D. Content filter
E. VPN concentrator
F. IPS

Answer 45

A. Proxy server

D. Content filter

Question 46

446. The network support team is responsible for managing connections in a large, multipurpose venue where maintaining physical security is difficult. Implementing which of the following standards would BEST help to prevent unauthorized connections to the wired network?

A. 802.1X
B. 802.1q
C. 802.3at
D. 802.3af

Answer 46

A. 802.1X

Question 47

447. A utility company has installed a wireless device at a residence that allows the company to view power consumption online. The resident reports the 802.11ac home wireless intermittently loses connectivity for about 15 minutes twice a day.
     Which of the following is the MOST likely cause?

A. The utility company throttles power during peak hours.
B. There is additional data being transferred over the wireless network.
C. There is interference with the smart reader.
D. An IoT device is causing a DoS attack on the wireless network.

Answer 47

B. There is additional data being transferred over the wireless network.

The question doesn’t say that the utility companies device is connected to the residents personal home WiFi, therefore you should assume it wouldn’t be on their network. No company would be stealing paid internet service from their customers.

Question 48

448. A technician has been asked to install biometric controls at the entrance of a new datacenter. Which of the following would be appropriate authentication methods to meet this requirement? (Choose two.)

A. Badge reader
B. Retina scanner
C. Random number-generating token
D. Device proximity sensor
E. Challenge question
F. Combination lock
G. Fingerprint reader

Answer 48

B. Retina scanner

G. Fingerprint reader

Question 49

449. Two buildings used to be connected by a wireless bridge, but they are upgrading to fiber. Which of the following new devices would be required at the demarcation points?

A. Wireless access point
B. Router
C. Media converter
D. Firewall

Answer 49

C. Media converter

Question 50

450. A company is expanding and building a new remote branch office. Marketing will need 78 IP addresses, finance will need 150 IP addresses, legal will need 39 IP addresses, and R&D will need 12 IP addresses. The network administrator gives the technician a network of 172.16.48.0/23 and wants the technician to use
     VLSM for the design. Which of the following are possible solutions? (Choose three.)

A. The marketing department should receive a /25 network.
B. The R&D department should have 172.16.49.207 as a broadcast address.
C. The R&D department should receive a /27 network.
D. The finance department should have 172.16.49.127 as a broadcast address.
E. The marketing department should have usable IPs ranging from 172.16.49.129 to 172.16.49.190.
F. The legal department should have a first usable IP address of 172.16.49.190
G. The legal department should have usable IPs ranging from 172.16.49.129 to 172.16.49.190.
H. The R&D department should have a last usable IP address of 172.16.49.190.

Answer 50

A. The marketing department should receive a /25 network.
B. The R&D department should have 172.16.49.207 as a broadcast address.
G. The legal department should have usable IPs ranging from 172.16.49.129 to 172.16.49.190.

finance 150 IPs I gave 254 IPs /24 btw 172.16.48.1 ~ 172.16.48.254 (.0 network and .255 broadcast)
marketing 78 IPs I gave 126 IPs /25 btw 172.16.49.1 ~ 172.16.49.126 (.0 network and .127 broadcast)
Legal 39 IPs so I gave 62 IPs /26 btw 172.16.49.129 ~ 172.16.49.190 (.128 network and .191 broadcast)
R&D 12 IPs so I gave 14 IPs /28 btw 172.16.49.193 ~ 172.16.49.206 (.192 network and .207 broadcast)

Question 51

451. After several changes to the network, a technician needs to ensure a client is checking for new hostname and IP pairings. Which of the following commands should the technician use to force new lookups?

A. ipconfig /flushdns
B. ipconfig /release
C. ipconfig /renew
D. ipconfig /all

Answer 51

A. ipconfig /flushdns

ipconfig /flushdns deletes the DNS cahe store on a device. If a website IP address changes the DNS cache will prevent the user from accessing the website. Best thing to do is to empty the cache.

Question 52

452. A network technician is setting up a WiFi network in a multi-tenant building. When trying to determine the best channel, which of the following is the BEST tool to use?

A. Protocol analyzer
B. Tone generator
C. Spectrum analyzer
D. Multimeter

Answer 52

C. Spectrum analyzer

Question 53

453. Due to regulatory requirements, a college bookstore prohibits customers from accessing the wireless network in the building. Which of the following would be the BEST method to prevent customers from accessing the wireless network while in the bookstore?

A. Use MAC filtering for authorization to the wireless network.
B. Require PEAP for authentication to the wireless network.
C. Implement a Faraday cage within the bookstore premises.
D. Require a pre-shared key for authentication to the wireless network.

Answer 53

C. Implement a Faraday cage within the bookstore premises.

Since they said they don’t want anyone to get to the Wi-Fi from inside, that means it’s being broadcasted outside.. which means they don’t control it.. which means the cage

Question 54

454. A network technician sets up a new schedule on the backup server. Management has informed the technician that a full backup does not need to be completed every day. The technician sets up weekly full backups. Which of the following should the technician configure for the remaining days to MINIMIZE the daily backup size?

A. Snapshots
B. Incremental
C. Replica
D. Differential

Answer 54

B. Incremental

Question 55

Which of the following network topologies typically has all devices on a network directly connected to every other network device?

A. Mesh
B. Star
C. Ad hoc
D. Ring

Answer 55

A. Mesh

Question 56

456. A technician wants to set an IP address to a specific MAC address on a host machine. Which of the following commands should the technician use?

A. ipconfig
B. nslookup
C. arp
D. dig

Answer 56

C. arp

Question 57

457. A network technician is designing a network cable upgrade in a newly acquired office space. The IT manager wants to install a standardized twisted pair cable solution that supports speeds up to 1 Gbps and terminates with a standard RJ45 connector. Which of the following cable types should the technician suggest?

A. SMF
B. Cat 3
C. Cat 5
D. Cat 6
E. RG-6

Answer 57

D. Cat 6

CAT5 only supports 100Mbps. You need Cat5e minimum to get 1Gpbs.

Question 58

458. Which of the following policies would be the MOST useful for defining the proper procedures when an employee is terminated abruptly?

A. Offboarding
B. Remote access
C. AUP
D. Incident response
E. DLP

Answer 58

A. Offboarding

Question 59

459. A technician wants to have the ability to transfer files from home to the companys network on a regular basis. Which of the following is a remote access protocol the technician can utilize to bypass interactive user authentication by using a list of known host public keys?

A. FTP
B. SCP
C. TFTP
D. Telnet

Answer 59

B. SCP

Secure Copy Protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts.
SCP (Secure Copy Protocol) - A method for copying files securely between hosts.

Question 60

460. A company runs Linux servers in its own datacenter and also on a popular public cloud service provider. The servers hosted by the cloud provider can only be accessed with proper authorization and are only accessed by the company’s datacenter. Which of the following BEST describes the type of cloud architecture being used? (Choose two.)

A. Private
B. Hybrid
C. Public
D. IaaS
E. PaaS
F. SaaS

Answer 60

B. Hybrid
D. IaaS

A company runs a Linux server on a popular public cloud provider. IaaS

They have a part of their infrastructure in the cloud. Hybrid

Question 61

461. A companys web-based application has a database that is set up for high availability in case of a failure. Which of the following is necessary to achieve this type of setup?

A. A virtual IP pointing to the active DB
B. A static IP pointing to the passive DB
C. A private IP pointing to the web front end
D. A private IP pointing to the web proxy

Answer 61

A. A virtual IP pointing to the active DB

The Virtual IP will be pointing to the active DB at any given time out of the DB farm/Cluster (Using the same Virtual IP address for the whole farm). so, when one DB is down, the stanby/secondary will assume the responsibility seamlessly, and using the same Virtual IP

Question 62

462. A network technician is creating a diagram of network termination points in the building. The technician diagrammed the core network room and now needs to diagram the auxiliary network closets. Which of the following is the technician MOST likely going to add to the diagram?

A. IDF
B. MDF
C. VRF
D. TDM

Answer 62

A. IDF

IDF is an Intermediate Distribution Frame, whereas your MDF is your Main Distribution Frame. Your IDF(s) is/are typically located on the upper floors of a building whereas your MDF is typically on your bottom floor. Think of it as having a centralized location for all of your wiring on that floor, you can have multiple IDFs at different floors running to a MDF at the bottom floor.

Question 63

463. A network technician has installed multiple new lightweight access points across the network. Which of the following devices should the technician use to manage the new access points?

A. Wireless controller
B. SSH
C. DHCP server
D. Content filter
E. WiFi analyzer

Answer 63

A. Wireless controller

Question 64

464. Management is concerned there is excessive traffic on the network. A network technician wants to run a quick port scan to see any systems that have open ports.
     Which of the following tools should be used to do this?

A. tcpdump
B. dig
C. nmap
D. netstat

Answer 64

C. nmap

Question 65

465. A network technician receives the following command output from a Linux-based machine:

Which of the following commands did the network technician run?

A. iptables f ABCDEG.com
B. dig t ANY ABCDEG.com
C. NMAP t ABCDEG.com
D. netstat a ACDEG.com

Answer 65

B. dig t ANY ABCDEG.com

Question 66

466. Allowing data to be centrally stored and accessed by multiple devices on an isolated subnet is BEST understood as:

A. NAS
B. iSCSI
C. SAN
D. FCoE

Answer 66

C. SAN

Storage Area Network
Network Attached Storage

One is it’s own network (it’s own subnet!). and the other is Attached to an existing network(NAS)

Key wording is “multiple devices”. SAN is block level storage usually used for devices to access data whereas, NAS is file level storage more commonly used for users to access files etc.

Question 67

467. During a weekend event, several people reported they were unable to get onto the wireless network. On Monday, the technician could not find a problem. Which of the following is the MOST likely cause?

A. Cross talk
B. Overcapacity
C. Channel overlap
D. Wrong passphrase

Answer 67

B. Overcapacity

Question 68

468. After deployment of a second network link to load balance the network traffic, the quality of voice calls degrades. The network administrator discovers the voice packets are arriving at uneven intervals that cannot be handled by the voice application buffer. Which of the following actions will improve the quality of the voice calls?

A. Control the attenuation of the non-voice traffic across the network links
B. Control the latency of traffic across the network links
C. Control the EMI of the multimedia traffic across the network links
D. Control the jitter of the affected traffic across the network links

Answer 68

D. Control the jitter of the affected traffic across the network links

Question 69

469. Which of the following can a network administrator use to access a network switch using standard AAA configurations?

A. TACACS+
B. Single sign-on
C. LDAP
D. Local authentication

Answer 69

A. TACACS+

Question 70

470. A network technician receives a switch that is configured to support VLANs on its ports. At which of the following layers is this switch operating?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4

Answer 70

B. Layer 2

A layer 2 switch support VLAN
and a Layer 3 switch is a multilayer switch that supports INTER-VLANs

Question 71

471. Which of the following protocols is used to transport outgoing mail across networks?

A. POP
B. SMTP
C. IMAP
D. LDAP

Answer 71

B. SMTP

Simple mail transfer protocol

Question 72

472. Management at a company wants to increase the bandwidth available to users after receiving several complaints. A technician reports to management that 50% of the company bandwidth is being utilized by wireless devices outside the companys property. Given budget constraints, which of the following solutions should the technician propose to management?

A. Have the ISP double the bandwidth
B. Move from WPA2 to WEP
C. Enable WPA and change the SSID
D. Configure geofencing

Answer 72

D. Configure geofencing

Question 73

473. To increase speed and availability, a high-traffic web application was split into three servers recently and moved behind a load balancer. Which of the following should be configured on the load balancer to allow for a single destination?

A. SIP
B. PAT
C. NAT
D. VIP

Answer 73

D. VIP

Virtual IP is the load-balancing where the webpage to get to a site. Usually a TCP or UDP port number is associated with the VIP, such as TCP port 80 for web traffic UDP for watching youtube.

Question 74

474. A network technician is reading a network diagram and looking for the edge router. Which of the following is MOST likely the symbol used for the router?

A. A circle with four outward arrows
B. A rectangle with two horizontal arrows
C. A square with two circular arrows
D. A triangle with three outward arrows

Answer 74

A. A circle with four outward arrows

Question 75

475. Which of the following would a network technician MOST likely connect to power wireless access points in drop ceilings?

A. Powerline extender
B. Ethernet-over-power adapter
C. Power-over-Ethernet switch
D. Power distribution unit
E. Ethernet power controller

Answer 75

C. Power-over-Ethernet switch

Question 76

476. A network technician needs to monitor the traffic going to a mission-critical server in the datacenter. Which of the following is the BEST method to perform this?

A. Use port mirroring
B. Install an inline tap
C. Periodically view the server logs
D. Configure port aggregation

Answer 76

B. Install an inline tap

mission-critical is key, port mirroring can drop some data in the process as well. Tap in gives you a 100% accurate picture of data flow.

Question 77

477. A network engineer at a large company is restricting Internet browsing on the corporate WAN to only business-related external websites. Which of the following is the BEST solution to achieve this goal while avoiding the need to configure this restriction on each PC?

A. Web application firewall
B. Content filter
C. IPS
D. VPN concentrator

Answer 77

B. Content filter

the company wants to restrict some web sites, not just web applications

Question 78

478. Which of the following types of attacks is characterized by encrypting data and locking out a user from access to certain data within a workstation?

A. Ransomware
B. Phishing
C. DDoS
D. Social engineering
E. Spoofing

Answer 78

A. Ransomware

Question 79

479. The process of searching for open or weakly secured wireless networks in a geographic area is known as:

A. phishing.
B. social engineering.
C. war driving.
D. an evil twin.

Answer 79

C. war driving.

Question 80

480. A request is made to open an additional port on a firewall. The request is approved, and the port is opened. Which of the following BEST describes this process?

A. Standard operating procedure
B. Process management
C. Project management
D. Change management

Answer 80

D. Change management

Question 81

481. A network technician notices that switches of the same model have different commands and security features while administering them. Which of the following hardening techniques should the technician perform on a regular schedule to ensure all switches have the same features and security functionality?

A. Change the default credentials.
B. Verify the firmware file hash.
C. Disable unused switchports.
D. Apply patches and updates.

Answer 81

D. Apply patches and updates.

Because patches and updates should be performed on a regular schedule so that the switches have the same security & functionality. Disabling unused ports is something that’s done at the start of building a network and doesn’t need to be done regularly.

Question 82

482. A network administrator has deployed a secure wireless network that authenticates using Active Directory network credentials so individual users are uniquely identified when connected to the WLAN. Which of the following wireless technologies has the administrator configured?

A. WEP
B. EAP-PEAP
C. PSK
D. CCMP-AES

Answer 82

B. EAP-PEAP

EAP, or eap, or extensible authentication protocol is a very common set of frameworks that can be used to authenticate people onto things like wireless networks. For instance, WPA2 and WPA use five different EAP types as authentication mechanisms. A very common way of setting up the authentication methods, especially early on in wireless networks, was created as a proprietary method by Cisco. And it’s called LEAP, that stands for light weight extensible authentication protocol.

Question 83

483. A SAN serves out storage to a companys virtual environment and provides low-level disk access. The company wants to use its existing IP network and equipment to access the virtual disks. Which of the following network connection types would BEST accomplish this task?

A. InfiniBand
B. iSCSI
C. Fibre Channel
D. CIFS

Answer 83

B. iSCSI

iSCSI uses IP
Fiber channel uses Ethernet

Question 84

484. When using a network monitoring system, a network technician notices that a switch returns many object identifiers that do not have descriptions. Which of the following should be imported into the monitoring system to describe these object identifiers?

A. SNMPv3
B. SIEM
C. MIB
D. SYSLOG

Answer 84

C. MIB

A management information base (MIB) is a database used for managing the entities in a communication network.

Question 85

485. A company hires some temporary workers. On day one, the temporary employees report they are unable to connect to the network. A network technician uses a packet analysis tool and finds that many clients are continuously sending out requests for an IP address, but many of them are not receiving a response. Which of the following could be the cause of this issue?

A. Exhausted DHCP scope
B. Untrusted SSL certificates
C. Duplicate MAC addresses
D. Incorrect firewall settings

Answer 85

A. Exhausted DHCP scope

Question 86

486. A network administrator is responding to a help desk ticket, which states an unknown wireless access point is broadcasting in a specific area. Upon investigation, the administrator finds that a user brought a wireless access point from home and plugged it into the corporate network. This resulted in an attacker using the unsecured wireless LAN to gain access to the network. Which of the following should the network administrator have done to BEST prevent this problem?

A. Changed the default credentials on the network switches
B. Installed a Layer 7 firewall
C. Implemented port security
D. Disabled unnecessary services on the network switches

Answer 86

C. Implemented port security

Question 87

487. A user no longer has access to network resources after a recent office move, but all other users in the building are able to connect at 100MB connections. After further investigation, a network technician notices the following information:

Which of the following is causing the network connection issues?

A. Open/short pins
B. VLAN mismatch
C. Distance limitation
D. Crosstalk
E. Port configuration

Answer 87

E. Port configuration

Port is shutdown by the looks of things, I assume the ‘no shut’ command was not issued on the port on assignment

Question 88

488. A small team is overloaded with requests for database resources. The Chief Information Officer (CIO) is concerned the company does not have the resources to deploy and manage these additional services efficiently. Which of the following types of cloud services would be the MOST effective?

A. PaaS
B. IaaS
C. BaaS
D. SaaS

Answer 88

C. BaaS

BaaS is Backend as a Service. Part of this Vendor supplies Database Management.
Backend as a service (BaaS) | LinkedIn Learning, formerly …
www.linkedin.com › backend-as-a-service-baas
AWS and serverless applications - [Narrator] Backend as a Service is quite an old concept. It’s been around for a long time. Amazon S3 was one of the first Backend as a Service systems

Question 89

489. Which of the following should be performed on a regular basis to prevent unauthorized access to a company network? (Choose two.)

A. Packet analysis
B. Reviewing baselines
C. Vulnerability scanning
D. Patch management
E. Log archiving

Answer 89

C. Vulnerability scanning

D. Patch management

Question 90

490. A network technician receives a report that the companys intranet web server is not responding. The technician verifies successful connectivity to the server via the ping and tracert commands. The technician also verifies the routers and switches are online and operational, and then runs Telnet to port 80 and receives a response. Which of the following troubleshooting steps should the technician perform NEXT?

A. Establish a plan to reset the company router.
B. Escalate the issue to the server administrator.
C. Duplicate the issue and continue testing.
D. Report that an issue was not identified.

Answer 90

C. Duplicate the issue and continue testing.

Question 91

491. Which of the following ports are used for electronic mail protocols? (Choose three.)

A. 23
B. 25
C. 110
D. 123
E. 143
F. 161
G. 389
H. 443

Answer 91

B. 25
C. 110
E. 143

Question 92

492. A technician needs to connect two routers using copper cables. Which of the following cables would utilize both the TIA/EIA 568a and TIA/EIA 568b standards?

A. Cat5 crossover
B. Cat5e straight-through
C. Cat5e rollover
D. Cat6 console
E. Cat6a straight-through

Answer 92

A. Cat5 crossover

Question 93

493. The engineering department wants to bring a legacy computer online to test a failed component. When patching the device into the switch, there are no link lights or connectivity. The legacy computer can ping its loopback address successfully. Another device can connect to that same port without issues. Which of the following should the network technician check NEXT? (Choose two.)

A. Speed setting on the switch
B. Duplex requirements
C. Firmware version
D. Protocols the legacy computer supports
E. Network card drivers
F. VLAN settings

Answer 93

C. Firmware version
E. Network card drivers

For speed mismatch, the links will not light up.
For duplex mismatch , the links may still light up, but with degraded network performance

Question 94

494. A user in the marketing department reports the email server is down. The user has not received email for more than 24 hours. Which of the following should the network technician do to investigate this issue?

A. Question other users in the marketing department to see if they are also having connectivity issues.
B. Reboot the email server and verify connectivity once it is up again.
C. Check the router and firewall to see if ACLs or firmware have changed in the last 24 hours.
D. Check for network connectivity on the users PC and reinstall the email client.

Answer 94

A. Question other users in the marketing department to see if they are also having connectivity issues.

Question 95

495. A network technician has provisioned a new Linux instance in a public cloud providers IaaS environment. The technician did not install a graphical user interface.
     The technician wants to connect to the servers public IP address securely to start a console session. Which of the following remote access methods should the technician use?

A. SSH
B. Telnet
C. VNC
D. RDP

Answer 95

A. SSH

Key phrase ‘The technician did not install a graphical user interface’. VNC uses GUI and RDP is window’s based.

Question 96

496. A network administrator is reviewing the following output from a switch:

Which of the following attacks has occurred on the switch?

A. DNS poisoning
B. ARP poisoning
C. VLAN hopping
D. MAC address spoofing

Answer 96

D. MAC address spoofing

Question 97

497. A user does not have access to network services but has Internet access. The technician notices the computer has an IP address of 192.168.1.144 when the network is 10.10.10.0. Which of the following is MOST likely the issue?

A. Rogue DHCP server
B. Duplicate IP addresses
C. Incorrect gateway
D. Server permission changes

Answer 97

A. Rogue DHCP server

Question 98

498. A technician is trying to identify the cause of an issue several wireless users are experiencing at an office. The office is in a square-shaped building, with four 802.11b WAPs with omnidirectional antennas located in the four corners of the building. Users near the centre of the building report sporadic issues connecting to resources. The technician checks the signal strength in the middle of the building and determines it is adequate. Which of the following is causing the reported issue?

A. The antenna types are incorrect, and unidirectional should be used.
B. MAC filtering has not been updated.
C. There is channel overlap of the access points.
D. The power levels are set too low on the WAPs.

Answer 98

C. There is channel overlap of the access points.

from the question “The technician checks the signal strength in the middle of the building and determines it is adequate”. channel overlapping is the best answer.

Question 99

499. A network technician is performing an initial configuration of a new network switch. Per company policy, the only authorized manner for remotely administering the switch is through a command line. Which of the following protocols should the technician disable to adhere to the company policy?

A. HTTP
B. Telnet
C. SSH
D. TFTP

Answer 99

A. HTTP

Telnet and SSH allowed command line
TFTP is irrelevant here
We can remotely manage switch or other network devices through web portal that needed http.
keyword here is “remotely administering the switch is through a command line” . telnet and SSH does that. HTTP access is the GUI method through web interface.

Question 100

500. A network technician is troubleshooting a connectivity issue with Joe, a user. Joe has reported that when he attempts to RDP to machine1 (192.168.21.21) by name, he is connected to machine3 (192.168.21.23). When the network technician runs the command nslookup machine1, it returns the IP address
501. 168.21.23; but when the ping ג€”a 192.168.21.23 command is run, the results return the hostname machine3. Which of the following DNS records should be updated to allow RDP connections to machine1 by hostname?

A. A
B. SRV
C. PTR
D. TXT

Answer 100

A. A

Host address issue, so A record