Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Network+ (N10-008) > UDEMY CompTIA Network (N10-008) Practice Exam #1 > Flashcards

UDEMY CompTIA Network (N10-008) Practice Exam #1 Flashcards

Question Review

1
Q

You have just finished installing a new web application and need to connect it to your Microsoft SQL database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?

a) 3389
b) 1433
c) 1521
d) 3306

A

OBJ-1.5: Microsoft SQL uses ports 1433, and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). SQLnet uses ports 1521 and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

1 - Networking Fundamentals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Jason is a network manager leading a project to deploy a SAN. He is working with the vendor’s support technician to set up and configure the SAN on the enterprise network to begin SAN I/O optimization. What should Jason provide to the vendor support technician?

a) Asset Management documents
b) Access to the Data Centre
c) Network Diagrams
d) Baseline Documents

A

OBJ-3.2: A network diagram is a visual representation of network architecture. It maps out the structure of a network with a variety of different symbols and line connections. This information will be important when deploying a Storage Area Network (SAN) on the enterprise network. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. Asset management is used to record and track an asset throughout its life cycle, from procurement to disposal. Access to the datacenter will only be required if the vendor’s support technician will be physically working in the datacenter and not performing a remote installation.

3 - Network Operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them?

a) ACK
b) RST
c) FIN
d) SYN

A

OBJ-1.1: A reset (RST) flag is used to terminate the connection. This type of termination of the connection is used when the sender feels that something has gone wrong with the TCP connection or that the conversation should not have existed in the first place. For example, if a system receives information that is outside of an established session, it will send a RST flag in response. A finish (FIN) flag is used to request that the connection be terminated. This usually occurs at the end of a session and allows for the system to release the reserved resources that were set aside for this connection. A synchronization (SYN) flag is set in the first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake. Once received, the receiver sends back a SYN and ACK flag set in a packet which is then sent back to the initiator to confirm they are ready to initiate the connection. Finally, the initial sender replies with an ACK flag set in a packet so that the three-way handshake can be completed and data transmission can begin.

1 - Networking Fundamentals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A home user reports to a network technician that the Internet is slow when they attempt to use their smartphone or laptop with their Wi-Fi network. The network administrator logs into the admin area of the user’s access point and discovers that multiple unknown devices are connected to it. What is MOST likely the cause of this issue?

a) The user is connected to a botnet
b) The user is experiencing ARP poisoning
c) An evil twin has been implementing
d) A Successful WPS attack has occured

A

OBJ-4.2: Wi-Fi Protected Setup (WPS) allows users to configure a wireless network without typing in the passphrase. Instead, users can configure devices by pressing buttons or by entering a short personal identification number (PIN). Unfortunately, WPS is fairly easy to hack and unknown devices can then connect to your network without permission. This is the most likely cause of the issue described in the question. If it was an evil twin, the technician would not have been able to log in to the admin area of the device to see the connected devices. ARP poisoning consists of abusing the weaknesses in ARP to corrupt the MAC-to-IP mappings of other devices on the network. This would not affect the number of devices connected to the access point, though, only the switching of their traffic once they connect. A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them. From the description in the question, there is no evidence that the user’s laptop or smartphone are infected with malware. Even if one was infected, it is unlikely they both would be infected with the same malware since laptops and smartphones run different operating systems.

4 - Network Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network?

a) Hybrid
b) Star
c) Ring
d) Bus

A

OBJ-1.2: A hybrid topology is a kind of network topology that is a combination of two or more network topologies, such as mesh topology, bus topology, and ring topology. A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring. The WAN connections are using a ring network topology, but each office is using a star topology. Therefore, the best description of this combined network is a hybrid topology.

1 - Networking Fundamentals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?

a) Analyze packet captures
b) Utilize netstat to locate active connections
c) Use Nmap to query known Ports
d) Review the ID3 logs on the network

A

OBJ-5.3: Packet captures contain every packet that is sent and received by the network. By using a program like Wireshark to analyze the packet captures, you can see what kind of information and metadata is contained within the packets. By conducting this type of packet analysis, an attacker (or cybersecurity analyst) can determine if software versions are being sent as part of the packets and their associated metadata.

5 - Network Troubleshooting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Lynne is a home user who would like to share music throughout the computers in her house using an external USB hard drive connected to a router that she purchased over a year ago. The manufacturer states that the router can recognize drives up to 4TB in size, but she cannot get her 3TB hard drive to show up on the network. Which of the following should Lynne do to solve this issue?

a) Flash the latest firmware
b) Install the latest OS on her computers
c) Lad the latest hardware drivers for her USB drive
d) Download a new music player on her computers

A

OBJ-5.5: Routers can be updated by conducting a firmware flash. This is similar to upgrading or patching your computer’s operating system or even updating a device driver. By flashing the firmware, it can provide the ability to communicate with newer devices and remove known software vulnerabilities from the device.

5 - Network Troubleshooting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A client has asked you to provide their local office with the BEST solution for a wireless network based on their requirements. The client has stated that their users will need a wireless network that provides a maximum of 54 Mbps of bandwidth and operates in the 2.4GHz frequency band. Which of the following wireless network types should you install to meet their needs?

a) 802.11a
b) 802.11ac
c) 802.11b
d) 802.11g

A

OBJ-2.4: 802.11g provides transmission over short distances at up to 54 Mbps in the 2.4 GHz band. It is backward compatible with 802.11b (which only operates at 11 Mbps). While an 802.11ac network would be the fastest solution, it does not operate in the 2.4 GHz frequency band. 802.11a operates in the 5 GHz frequency band at up to 54 Mbps. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. The 2.4 GHz frequency band is used by 802.11b, 802.11g, and 802.11n. The 5 GHz frequency band is used by 802.11a, 802.11n, 802.11ac, and 802.11ax. The 6 GHz frequency band is used by Wi-Fi 6E under the 802.11ax standard.

2 - Network Implementations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company is currently using a 5 GHz wireless security system, so your boss has asked you to install a 2.4 GHz wireless network to use for the company’s computer network to prevent interference. Which of the following can NOT be installed to provide a 2.4 GHz wireless network?

a) 802.11ac
b) 802.11g
c) 802.11n
d) 802.11b

A

OBJ-2.4: Wireless networks are configured to use either 2.4 GHz or 5.0 GHz frequencies, depending on the network type. 802.11a and 802.11ac both utilize a 5.0 GHz frequency for their communications. 802.11b and 802.11g both utilize a 2.4 GHz frequency for their communications. 802.11n and 802.11ax utilize either 2.4 GHz, 5.0 GHz, or both, depending on the Wi-Fi device’s manufacturer. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 5.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds.

2 - Network Implementations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following network topologies requires that all nodes have a point-to-point connection with every other node in the network?

a) Ring
b) Bus
c) Mesh
d) Star

A

OBJ-1.2: A mesh topology connects every node directly to every other node. This creates a highly efficient and redundant network, but it is expensive to build and maintain. A star topology connects all of the other nodes to a central node, usually a switch or a hub. A star topology is the most popular network topology in use on local area networks. A ring topology connects every device to exactly two other neighboring devices to form a circle. Messages in a ring topology travel in one direction and usually rely on a token to control the flow of information. A bus topology uses a single cable which connects all the included nodes and the main cable acts as a backbone for the entire network.

1 - Networking Fundamentals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following:

DIONRTR01# show interface eth 1/1

GigabitEthernet 1/1 is up, line is up

Hardware is GigabitEthernet, address is 000F.33CC.F13A

Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx

Member of L2 VLAN 1, port is untagged, port state is forwarding

Which of the following actions should be taken to improve the network performance for this WAN connection?

Assign the interface a 802.1q tag to its own VLAN

Configure the interface to use full-duplex

Replace eth1/1 with a 1000Base-T transceiver

Shutdown and then re-enable this interface

A

OBJ-5.5: The WAN interface (eth 1/1) is currently untagged and is being assigned to the default VLAN (VLAN 1). If there are numerous devices in the default VLAN, the VLAN may be overloaded or oversubscribed leading to a reduction in the network performance. To solve this issue, you would assign the WAN interface to a VLAN with less traffic or to its own VLAN. By adding an 802.1q tag (VLAN tag) to the interface, you can assign it to its own individual VLAN and eliminate potential overloading or oversubscription issues. The interface is already set to full-duplex (fdx) and it operating in full-duplex (fdx). Therefore, the issue is not a duplexing mismatch. The configuration shows that the interface is already using a GigabitEthernet, so you do not need to replace the transceiver with a 1000Base-T module. Also, the physical layer is working properly and a link is established, as shown by the output “GigabitEthernet 1/1 is up”, showing the current transceiver is functioning properly at 1 Gbps. While issuing the shutdown command and then re-enabling the interface could clear any errors, based on the interface status shown we have no indications that errors are being detected or reported.

5 - Network Troubleshooting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are configuring a network to utilize SNMPv3 to send information from your network devices back to an SNMP manager. Which of the following SNMP options should you enable to ensure the data is transferred confidentially?

authEncrypt

authPriv

authNoPriv

authProtect

A

OBJ-3.1: In SNMPv3, the authPriv option ensures that the communications are sent with authentication and privacy. This uses MD5 and SHA for authentication and DES and AES for privacy and encryption.

3 - Network Operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which type of wireless network utilizes the 2.4 GHz frequency band and reaches speeds of up to 54 Mbps?

802.11a

802.11ac

802.11b

802.11n

802.11ax

A

OBJ-2.4: The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AX uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AX uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AX uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AX also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.

2 - Network Implementations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 3.5 Gbps?

802.11ax

802.11a

802.11ac

802.11g

802.11n

802.11b

A

OBJ-2.4: The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following applies to data as it travels from Layer 1 to Layer 7 of the OSI model?

De-encapsulation

Tunneling

Tagging

Encapsulation

A

OBJ-1.1: Data encapsulation and de-encapsulation in a computer network is a necessary process. De-encapsulation in networking is performed at the receiver side or destination side as data moves from layer 1 to layer 7 of the OSI model. As information travels up the layers of the OSI layer, information added from the sender’s encapsulation process is removed layer by layer. Data encapsulation, on the other hand, is performed at the sender side while the data packet is transmitted from source host to destination host. This is a process through which information is added to the data as it moved from layer 7 to layer 1 of the OSI model before the data is sent over the network to the receiver. Tagging is used in 802.1q to identify ethernet traffic as part of a specific VLAN. This occurs at Layer 2 of the OSI model and remains at Layer 2 of the OSI model. Tunneling is the process by which VPN packets reach their intended destination. This normally occurs using the IPsec or TLS protocols and occurs at Layer 2 of the OSI model.

1 - Networking Fundamentals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment?

a) 77.81.12.14
b) 77.81.12.12
c) 77.81.12.15
d) 77.81.12.13

A

OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /30, so each subnet will contain 4 IP addresses. Since the IP address provided is 77.81.12.14/30, the network ID is 77.81.12.12/30, the first router is 77.81.12.13/30, the second router is 77.81.12.14/30, and the broadcast address is 77.81.12.15/30.

1 - Networking Fundamentals

17
Q

Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera’s security concerns? (Select TWO)

Disable wireless connectivity to the thermostat to ensure a hacker cannot access it

Upgrade the firmware of the wireless access point to the latest version to improve the security of the network

Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password

Configure the thermostat to use the WEP encryption standard for additional confidentiality

Enable two-factor authentication on the device’s website (if supported by the company)

Configure the thermostat to use a segregated part of the network by installing it into a screened subnet

A

OBJ-2.1: The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network. While enabling two-factor authentication on the device’s website is a good practice, it will not increase the IoT device’s security. While disabling the wireless connectivity to the thermostat will ensure it cannot be hacked, it also will make the device ineffective for the customer’s normal operational needs. WEP is considered a weak encryption scheme, so you should use WPA2 over WEP whenever possible. Finally, upgrading the wireless access point’s firmware is good for security, but it isn’t specific to the IoT device’s security. Therefore, it is not one of the two BEST options.

2 - Network Implementations

18
Q

Dion Training is trying to connect two geographically dispersed offices using a VPN connection. You have been asked to configure their networks to allow VPN traffic into the network. Which device should you configure FIRST?

Modem

Firewall

Router

Switch

A

OBJ-2.1: You should FIRST configure the firewall since the firewall is installed at the network’s external boundary (perimeter). By allowing the VPN connection through the firewall, the two networks can be connected and function as a single intranet (internal network). After configuring the firewall, you will need to verify the router is properly configured to route traffic between the two sites using the site-to-site VPN connection. A modem modulates and demodulates electrical signals sent through phone lines, coaxial cables, or other types of wiring. A layer 2 switch is a type of network switch or device that works on the data link layer (OSI Layer 2) and utilizes MAC Address to determine the path through where the frames are to be forwarded. It uses hardware-based switching techniques to connect and transmit data in a local area network (LAN).

19
Q

What is a common technique used by malicious individuals to perform an on-path attack on a wireless network?

ARP spoofing

Amplified DNS attacks

An evil twin

Session hijacking

A

OBJ-4.2: An evil twin is the most common way to perform an on-path attack on a wireless network. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user’s knowledge. A man-in-the-middle or on-path attack consists of sitting between the connection of two parties and either observing or manipulating traffic. This could be through interfering with legitimate networks or creating fake networks that the attacker controls. ARP spoofing, session hijacking, and amplified DNS attacks are not techniques specific to attacking wireless networks.

4 - Network Security

20
Q

Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on? (SELECT TWO)

GPS location

Port security

NAC

Geo-IP

A

OBJ-4.3: Network Access Control is used to identify an endpoint’s characteristics when conducting network authentication. The GPS location of the device will provide the longitude and latitude of the user, which could be compared against the GPS coordinates of the building. Port security enables an administrator to configure individual switch ports to allow only a specified number of source MAC addresses to communicate using a given switchport. This would not help to locate the individual based on their location, though. Geo-IP, or geolocation and country lookup of a host based on its IP address, would identify the country of origin of the user, but not whether they are within the building’s confines. Geo-IP is also easily tricked if the user logs in over a VPN connection.

4 - Network Security

21
Q

An offsite tape backup storage facility is involved with a forensic investigation. The facility has been told they cannot recycle their outdated tapes until the conclusion of the investigation. Which of the following is the MOST likely reason for this?

A notice of a legal hold

A data transport request

The process of discovery

A chain of custody breach

A

OBJ-3.2: A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. If a legal hold notice has been given to the backup service, they will not destroy the old backup tapes until the hold is lifted. The process of discovery is the formal process of exchanging information between the parties about the witnesses and evidence they will present at trial. The chain of custody is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. A data transport request is a formalized request to initiate a data transfer by establishing a circuit or connection between two networks.

3 - Network Operations

22
Q

A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem?

The workstation’s NIC has a bad SFP module

The switchport is configured for 802.1q trunking

The workstation’s OS updates have not been installed

APIPA has been misconfigured on the VLAN’s switch

A

OBJ-5.5: If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address. APIPA is not configured on the VLAN’s switch, it is configured by default on client and server devices, such as the workstation in this scenario. A small form-factor pluggable (SFP) transceiver is used on routers as a hot-pluggable network interface module, they are not used in workstations. The workstation’s OS update status is unlikely to cause the network connectivity issue, but a network interface driver might. Therefore, the most likely cause of this issue is the switchport was configured as a trunking port instead of an access port.

23
Q

Which type of wireless technology are OFDM, QAM, and QPSK examples of?

RF interference

Frequency

Modulation

Spectrum

A

OBJ-2.4: Modulation is the process of varying one or more properties of a periodic waveform, called the carrier signal, with a separate signal called the modulation signal that typically contains information to be transmitted. WiFi can use different digital modulation schemes for data transmission. Common types of modulation include Orthogonal frequency-division multiplexing (OFDM), Quadrature Amplitude Modulation (QAM), and Quadrature Phase-shift keying (PSK). Frequency is the number of occurrences of a repeating event per unit of time. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. Interference occurs when two radios are transmitting or receiving on the same frequencies. Spectrum refers to the range of frequencies used by a radio transmitter or receiver, such as the 2.4 GHz spectrum which includes frequencies from 2.412 GHz to 2.472 GHz in the United States.

2 - Network Implementations

24
Q

Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line?

DOCSIS modem

Multilayer switch

Analog modem

Access point

A

OBJ-1.2: An analog modem is a device that converts the computer’s digital pulses to tones that can be carried over analog telephone lines and vice versa. DSL is the other type of Internet connection that uses an RJ-11 connection to a phone line. A DOCSIS modem is a cable modem and would require a coaxial cable with an F-type connector. An access point is a wireless device that connects to an existing network using twisted pair copper cables and an RJ-45 connector. A multilayer switch can use either twisted pair copper cables using an RJ-45 connector or a fiber optic cable using an MTRJ, ST, SC, or LC connector.

1 - Networking Fundamentals

25
Q

A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?

Place the server in a screened subnet or DMZ

Implement a split-horizon or split-view DNS

Configure the firewall to support dynamic NAT

Adjust the ACL on the firewall’s internal interface

A

OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external). Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet. An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules.

5 - Network Troubleshooting

26
Q

You are conducting a wireless penetration test against a WPA2-PSK network. Which of the following types of password attacks should you conduct to verify if the network is using any of the Top 1000 commonly used passwords?

Spraying

Brute-force

Hybrid

Dictionary

A

OBJ-4.2: A dictionary attack is a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file. A brute-force attack consists of an attacker submitting every possible combination for a password or pin until they crack it. Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords. A hybrid attack merges a dictionary attack and a brute-force attack, but provides keywords from a list to use during the brute-force attack modifying the suffixes or prefixes.

4 - Network Security

27
Q

Andy is a network technician who is preparing to configure a company’s network. He has installed a firewall to segment his network into an internal network, a DMZ or screen subnet, and an external network. No hosts on the internal network should be directly accessible by their IP address from the Internet, but they should be able to reach remote networks if they have been assigned an IP address within the network. Which of the following IP addressing solutions would work for this particular network configuration?

APIPA

Classless

Teredo tunneling

Private

A

OBJ-1.4: A private IP address is an IP address reserved for internal use behind a router or other Network Address Translation (NAT) devices, apart from the public. Private IP addresses provide an entirely separate set of addresses that still allow access to a network without taking up a public IP address space. Automatic Private IP Addressing (APIPA) is a feature in operating systems (such as Windows) that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn’t reachable. Classless IP addressing solutions allow for the use of subnets that are smaller than the classful subnets associated with Class A, Class B, or Class C networks. Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network.

1 - Networking Fundamentals

28
Q

You are installing a new LAN in a building your company just purchased. The building is older, but your company has decided to install a brand new Cat 6a network in it before moving in. You are trying to determine whether to purchase plenum or PVC cabling. Which environmental conditions should be considered before making the purchase?

Air duct placement

Floor composition

Window placement

Workstation models

Air duct placement

A

OBJ-5.2: In a large building, the plenum is the space between floors used to circulate the air conditioning ductwork, piping, electrical, and network cables throughout the building. This space is also an ideal place to run computer network cabling. However, if there is a fire in the building, the PVC network cables can be very hazardous as they create a noxious gas when burnt. If you have a plenum area in the ceiling containing the air ducts, you will need to use plenum-rated cables in your cable trays to prevent creating a dangerous environment for your users.

5 - Network Troubleshooting

29
Q

A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem?

Username is misspelled in the device configuration file

IDS is blocking RADIUS

Shared secret key is mismatched

Group policy has not propagated to the device

A

OBJ-4.1: AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems. A shared secret is a text string that serves as a password between hosts.

4 - Network Security

30
Q

You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?

MAC filtering

VPN

VLAN

WPA2

A

OBJ-4.3: A virtual local area network (VLAN) is a type of network segmentation configured in your network switches that prevent communications between different VLANs without using a router. This allows two virtually separated networks to exist on one physical network and separates the two virtual network’s data. A virtual private network (VPN) is a remote access capability to connect a trusted device over an untrusted network back to the corporate network. A VPN would not create the desired effect. WPA2 is a type of wireless encryption, but it will not create two different segmented networks on the same physical hardware. MAC filtering is used to allow or deny a device from connecting to a network, but it will not create two network segments, as desired.

4 - Network Security

31
Q

An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted if this change is not immediate. The request comes directly from management and was just approved through the emergency change management process. Which of the following should the technician do?

Make the change, document the requester, and document all network changes

First document the potential impacts and procedures related to the change

Wait until the maintenance window and make the requested change

Send out a notification to the company about the change

A

OBJ-3.2: The best answer is to make the change, document the requester, and document all the network changes. All changes to the enterprise network should be approved through the normal change management processes. If there is an urgent need, there is an emergency change management process that can be used for approval. This is known as an emergency change approval board (ECAB). An ECAB can be executed extremely quickly to gain approval, and then the documentation can be completed after the change is made when using the emergency change management processes.

3 - Network Operations

32
Q

When a criminal or government investigation is underway, what describes the identification, recovery, or exchange of electronic information relevant to that investigation?

First responder

Data transport

Encryption

eDiscovery

A

OBJ-3.2: By process of elimination, you can easily answer this question. Data transport is the transport of data, while the first responder is the first person to arrive on the scene. Encryption is a method of putting data into a tunnel so that it is completely secure. This leaves us with eDiscovery. eDiscovery is the term that refers to the process of evidence collection through digital forensics. eDiscovery is conducted during an incident response.

3 - Network Operations

33
Q

Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue?

C:\windows\system32> nbtstat –R

C:\windows\system32> route print

C:\windows\system32> nslookup

C:\windows\system32> ipconfig /flushdns

A

OBJ-5.3: Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the “nbtstat -R” command to purge and reload the cached name table from the LMHOST file on their Windows workstation. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.

5 - Network Troubleshooting

34
Q

A technician is configuring a computer lab for the students at Dion Training. The computers need to be able to communicate with each other on the internal network, but students using computers should not be able to access the Internet. The current network architecture is segmented using a triple-homed firewall to create the following zones:

ZONE INTERFACE, IP address

PUBLIC, eth0, 66.13.24.16/30

INSTRUCTORS, eth1, 172.16.1.1/24

STUDENTS, eth2, 192.168.1.1/24

What rule on the firewall should the technician configure to prevent students from accessing the Internet?

Deny all traffic from eth1 to eth0

Deny all traffic from eth2 to eth1

Deny all traffic from eth2 to eth0

Deny all traffic from eth0 to eth2

A

OBJ-4.3: By denying all traffic from the eth2 to eth0, you will block network traffic from the internal (STUDENT) network to the external (PUBLIC) network over the WAN connection. This will prevent the students from accessing the Internet by blocking all requests to the Internet. For additional security, it would be a good idea to also block all traffic from eth0 to eth2 so that inbound traffic from the internet cannot communicate with the student’s computers. But, since the outbound connections from the students to the internet are being blocked, the student will be unable to access any webpages since they cannot send a request over port 80 or 443. Additionally, by choosing this rule, we have not blocked any network traffic between the instructors and the students.

4 - Network Security

CompTIA Network+ (N10-008) (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions