UDEMY CompTIA Network (N10-008) Practice Exam #2

Question 1

Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?

CHAP

RADIUS

TACACS+

Kerberos

Answer 1

OBJ-4.1: TACACS+ is an extension to TACACS (Terminal Access Controller Access Control System) and was developed as a proprietary protocol by Cisco. The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that operates on port 1812 and provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service, but Cisco did not develop it. Kerberos is a network authentication protocol designed to provide strong mutual authentication for client/server applications using secret-key cryptography developed by MIT. Challenge-Handshake Authentication Protocol (CHAP) is used to authenticate a user or network host to an authenticating entity. CHAP is an authentication protocol but does not provide authorization or accounting services.

4 - Network Security

Question 2

A user’s smartphone is displaying text in other languages in their web browser when accessing the company’s main website. Which of the following is the MOST likely cause of the issue?

On-path attack

Denial-of-service attack

Deauthentication attack

Reflective DNS attacks

Answer 2

OBJ-4.2: An on-path attack (previously known as a man-in-the-middle attack) is a general term when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or impersonate one of the parties, making it appear as if a normal exchange of information is occurring. For example, if your user and server are both in the United States (English language), but the attacker is performing the on-path attack from Russia, then the server will utilize the Russian language in the text since it sees the connection coming from a Russian IP address. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point by sending a deauthentication frame to the victim’s machine.

4 - Network Security

Question 3

A network technician has downloaded the latest operating system of a particular vendor’s switch. This update includes new features and enhancements. What should the technician perform FIRST when updating the switch’s operating systems?

Test the O/S on one of the production switches

Backup the current configuration for each switch

Power cycle the company’s border router

Install during non-business hours to test the system

Answer 3

OBJ-4.3: A preventive method is always to back up the current configuration to the NVRAM (SW# copy run start) in case the newly downloaded operating system doesn’t work properly. This would allow the technician to restore the switch from the previous backup. It is a good idea to install the operating system during non-business hours, as well, but you should first always make a backup of the current configuration.

4 - Network Security

Question 4

A network technician needs to monitor the network to find a user who is browsing websites that go against the company’s acceptable use policy. What should the technician use to view the website and find the user browsing it?

Top listener tool

Intrusion detection system

Packet sniffer

SNMP GET

Answer 4

OBJ-5.3: Packet Sniffers can capture and analyze network user traffic. This information can be queried to view website addresses, contents, and sometimes even password information. This differs from an intrusion detection system in that IDS’s wait to receive implicitly malicious data in a network before logging the event.

5 - Network Troubleshooting

Question 5

The network administrator is troubleshooting the switchports for a file server with dual NICs. The file server needs to be configured for redundancy, and the dual NICs need to be combined for maximum throughput. What feature on the switch should the network administrator ensure is enabled for best results?

Load balancing

Spanning tree

BPDU

LACP

Answer 5

OBJ-2.3: The Link Aggregation Control Protocol (LACP) is the 802.3ad protocol is used to group numerous physical ports to make one high bandwidth path. This method can increase bandwidth and therefore, throughput. LACP can also provide network redundancy and load balancing. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. A Bridge Protocol Data Unit (BPDU) is used by STP to prevent the bridge loops. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

2 - Network Implementations

Question 6

A technician is tasked with troubleshooting a network’s slowness. While troubleshooting, the technician is unable to ping any external websites. Users report they can access the sites using the web browsers. What is the MOST likely cause of the failed pings?

A VLAN hopping attack is being conducted

TACACS+ is misconfigured on this network

ICMP traffic being blocked by the firewall

Jumbo frames are not enabled on the network

Answer 6

OBJ-5.3: Many companies block ICMP at the firewall, causing ping to fail since it relies on ICMP. If the user can access the site in the web browser but cannot when using ping, then ICMP is most likely being blocked by the firewall. Jumbo frames are any frames larger than 1500 bytes, which is the default MTU size on most networks. VLANs are logical segments of the local area network. TACACS+ is used for remote authentication.

5 - Network Troubleshooting

Question 7

Which of the following is the BEST way to regularly prevent different security threats from occurring within your network?

Business continuity training

Penetration testing

Disaster recovery planning

User training and awareness

Answer 7

OBJ-4.5: An enterprise network’s end users are the most vulnerable attack vector. Studies have shown that an investment in end-user cybersecurity awareness training has the best return on investment of any risk mitigation strategy. While a penetration test might detect various threats and vulnerabilities in your network, it does not prevent them from occurring. Disaster recovery planning creates a disaster recovery plan, which is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. Business continuity training will teach employees what to do in the case of a business continuity plan execution. A business continuity plan defines how an organization will continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident. Only end-user awareness training mitigates the biggest network vulnerability we have: our users.

4 - Network Security

Question 8

Dion Training has created a guest wireless network for students to use during class. This guest network is separated from the corporate network for security. Which of the following should be implemented to require the least amount of configuration for a student to access the Internet over the guest network?

Enable two-factor authentication on the student’s device

Configure WEP with a pre-shared key

Enable SSID broadcast for the guest wireless network

Configure the access point to 802.1x for authentication

Answer 8

OBJ-2.4: Since security was not listed as a requirement for the guest wireless network, it would be easiest not to set up any encryption, passwords, or authentication mechanisms on the network. Instead, you should enable the SSID broadcast for the guest network so students can easily find and connect to it. Using two-factor authentication, 802.1x, or WEP would require the students to complete additional configurations prior to connecting to the guest network.

2 - Network Implementations

Question 9

Which of the following types of agreements is used to protect an organization’s intellectual property and is considered legally binding between the signatories?

AUP

MOU

SLA

NDA

Answer 9

OBJ-3.2: A non-disclosure agreement (NDA) is a documented agreement between two parties that define what data is considered confidential and cannot be shared outside of that relationship. An NDA is used to protect an organization’s intellectual property. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is a non-binding agreement between two or more organizations to detail what common actions they intend to take. A service level agreement (SLA) is a documented commitment between a service provider and a client, where the quality, availability, and responsibilities are agreed upon by both parties.

3 - Network Operations

Question 10

It has been determined by network operations that there is a severe bottleneck on its mesh topology network. The field technician has chosen to use log management and found that one router makes routing decisions slower than the others on the network. Which of the following types of issues would you classify this as?

Delayed RADIUS responses

Network device power issues

Storage area network issues

Network device CPU issues

Answer 10

OBJ-5.5: Routing decisions are processed by the router and rely on the networking device’s central processing unit (CPU). The CPU performance can become a severe bottleneck in the network performance if you have an underpowered router for a large enterprise environment. Network device power issues would cause network outages, not network slowdowns as this scenario presented. The scenario did not state that this mesh network is a storage area network, therefore it is not a SAN issue. Similarly, the scenario did not mention authentication issues, therefore the network performance issue is not caused by delayed RADIUS responses.

5 - Network Troubleshooting

Question 11

Which of the following layers is NOT used in a three-tiered data center network architecture?

Control layer

Access/edge layer

Core layer

Distribution/aggregation layer

Answer 11

OBJ-1.7: The control layer is used in software-defined networking (SDN), not the three-tiered data center network architecture. The Core Layer is considered the backbone of our network and is used to merge geographically separated networks back into one logical and cohesive unit. In general, you will have at least two routers at the core level, operating in a redundant configuration. The distribution or aggregation layer is located under the core layer and it provides boundary definition by implementing access lists and filters to define the policies for the network at large. The access or edge layer is located beneath the distribution or aggregation layer and is used to connect all the endpoint devices like computers, laptops, servers, printers, wireless access points, and others.

1 - Networking Fundamentals

Question 12

A disgruntled employee executes an on-path attack on the company’s network. Layer 2 traffic destined for the gateway is now being redirected to the employee’s computer. What type of attack is this an example of?

ARP spoofing

IP spoofing

Reflective DNS

Evil twin

Answer 12

OBJ-4.2: ARP spoofing (also known as ARP poisoning) is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user’s knowledge. IP spoofing is the creation of Internet Protocol (IP) packets that have a modified source address to either hide the identity of the sender, impersonate another computer system, or both.

4 - Network Security

Question 13

A technician is troubleshooting a workstation connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology?

Document the findings and provide a plan of action

Remove the ARP entry on the user’s workstation

Duplicate the issue in a lab by adding a static ARP entry

Identify a suitable time to resolve the connectivity issue

Answer 13

OBJ-5.1: Based on the network troubleshooting methodology, you should try to test your theory to determine the cause once you have established a theory of probable cause. In this scenario, the technician has a theory that the static ARP entry is the cause of the problem. Since this issue has already caused the workstation not to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn’t fix the issue, you would need to develop a new hypothesis to test. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

5 - Network Troubleshooting

Question 14

Which of the following is a connectionless protocol?

TCP

ICMP

SSL

SSH

Answer 14

OBJ-1.5: A connectionless protocol is a form of data transmission in which data is transmitted automatically without determining whether the receiver is ready or even whether a receiver exists. ICMP, UDP, IP, and IPX are well-known examples of connectionless protocols. TCP, SSH, and SSL are all examples of connection-oriented protocols.

1 - Networking Fundamentals

Question 15

A network administrator, Tamera, follows the best practices to implement firewalls, patch management, and security policies on his network. Which of the following should be performed to verify that the security controls are in place?

Disaster recovery testing

Single point of failure testing

Penetration testing

AAA authentication testing

Answer 15

OBJ-4.1: Penetration testing or pentesting is the practice of testing a computer system, network, or web application in order to find vulnerabilities that an attacker could exploit. It can be used to ensure all security controls are properly configured and in place. Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. Testing AAA might be a part of a larger penetration test, but by itself it would not test the firewalls and patch management systems sufficiently. A disaster recovery test (DR test) is the examination of each step in a disaster recovery plan as outlined in an organization’s business continuity/disaster recovery planning process. A disaster recovery test would not test the firewalls, patch management, or security policies. A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire system from working. A single point of failure test is used to identify a single point of failure in the network or system, and it is not designed to test the network’s firewalls, patch management, or security policies.

4 - Network Security

Question 16

Which of the following technologies deliver multiple voice calls over a copper wire if you have an ISDN or T-1 connection?

Time-division spread spectrum

Time-division multiplexing

CSMA/CD

Analog circuit switching

Answer 16

OBJ-1.2: Time-division multiplexing allows for two or more signals or bitstreams to be transferred in what appears to be simultaneous sub-channels in one communication channel but is physically taking turns on the channel. This is the technology used in a single PRI (ISDN or T-1) service to essentially share a single cable but pass multiple voice calls over it. Analog circuit switching is used by telephone providers on the Public Switched Telephone Network (PSTN), not with ISDN or T-1 connections. Time-division spread spectrum is not a real thing, spread spectrum is used in Wi-Fi, but it is based on frequency and not time. CSMA/CD is the carrier sense multiple access collision detection that is used for ethernet access at layer 2 of the OSI model. CSMA/CD is not used with ISDN or T-1 connections.

1 - Networking Fundamentals

Question 17

An end-user receives a new computer and now is unable to connect to the MySQL database over the Dion Training local area network. Other users can successfully connect. The network technician can successfully ping the database server but still is unable to connect. Which of the following is the most likely reason for this issue?

A host-based firewall on the user’s computer is blocking port 3306

The database server is configured with the wrong default gateway address

The route to the database server’s subnet is missing

The end user’s network interface card is defective

Answer 17

OBJ-5.5: MySQL uses ports 3306, and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Since the network technician can pin the MySQL server, it indicates that the route is not missing, the database server is configured with the proper gateway, and the network interface card is not defective. Instead, it is likely that the end user’s computer has a host-based firewall installed, like Windows Defender, and it is blocking outbound requests over port 3306 (MySQL). A change in the firewall settings to allow access to the specified ports will fix the problem. It appears the default firewall on this new computer is blocking the port used to communicate with the database server.

5 - Network Troubleshooting

Question 18

Which of the following components is used to identify a variable that may be set or read using SNMP?

MIB

OID

Verbose trap

Granular trap

Answer 18

OBJ-3.1: The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol. The management information base (MIB) is a translation file that is used to describe the structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers (OID). A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. A granular trap contains a unique object identifier (OID) number and a value for that OID. A verbose trap may contain all the information about a given alert or event as its payload. A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network.

3 - Network Operations

Question 19

A network administrator needs to install a centrally located firewall that needs to block specific incoming and outgoing IP addresses without denying legitimate return traffic. Which type of firewall should the administrator install?

A stateful network-based firewall

A stateless network-based firewall

A host-based stateful firewall

A host-based stateless firewall

Answer 19

OBJ-2.1: A stateful firewall enhances security through packet filtering, and these types of firewalls also keep track of outbound requests and open the port for the returning traffic to enter the network. Since a centrally located firewall was required by the question, a network-based firewall should be chosen instead of a host-based firewall.

2 - Network Implementations

Question 20

Which of the following levels would an emergency condition generate?

0
6
7
1

Answer 20

OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

3 - Network Operations

Question 21

Which of the following types of fire suppression systems utilizes a sprinkler system with water to extinguish a fire but requires both an actuator and the sprinklers to be tripped prior to water being released?

Clean agent system

Wet pipe system

Pre-action system

HVAC system

Answer 21

OBJ-3.3: A fire suppression system is an engineered set of components that are designed to extinguish an accidental fire in a workplace or datacenter. A pre-action system minimizes the risk of accidental release from a wet pipe system. With a pre-action system, both a detector actuation like a smoke detector and a sprinkler must be tripped prior to water being released. A wet pipe system is the most basic type of fire suppression system, and it involved using a sprinkler system and pipes that always contain water in the pipes. Special suppression systems, like a clean agent system, use either a halocarbon agent or inert gas. When releases, the agents will displace the oxygen in the room with the inert gas and suffocates the fire. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter.

3 - Network Operations

Question 22

You are currently troubleshooting a network connection error. When you ping the default gateway, you receive no reply. You checked the default gateway, and it is functioning properly, but the gateway cannot connect to any of the workstations on the network. Which of the following layers could be causing this issue?

Physical

Presentation

Session

Transport

Answer 22

OBJ-1.1: Ping requests occur at layer 3 (Network Layer). Therefore, the problem could exist in layer 1 (physical), layer 2 (data link), or layer 3 (network). Since Physical (layer 1) is the only choice from layers 1-3 given, it must be the correct answer. Also, since the gateway cannot reach any of the other devices on the network, it is most likely a cable (physical) issue between the gateway and the network switch.

1 - Networking Fundamentals

Question 23

Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company’s owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donating them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer’s hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?

Shredding

Wiping

Purging

Degaussing

Answer 23

OBJ-4.5: Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse. Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario. Purging involves removing sensitive data from a hard drive using the device’s internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one. Shredding involves the physical destruction of the hard drive. This is a secure method of destruction but doesn’t allow for device reuse.

4 - Network Security

Question 24

An outside organization has completed a penetration test for a company. One of the report items states that an attacker may have the ability to read TLS traffic from the webserver due to a software bug. What is the MOST likely mitigation for this reported item?

Implement a VPN for employees

Configure the firewall to block traffic on port 443

Ensure patches are deployed

Install an IDS on the network

Answer 24

OBJ-4.3: A patch is designed to correct a known bug or fix a known vulnerability. Since the server is allowing an attacker to read TLS traffic, which should be encrypted and unreadable, this is a software bug in the webserver’s code that must be fixed using a patch. An intrusion detection system is a device or software application that monitors and reports on any malicious activity or policy violations on a network or system. An IDS would not mitigate or stop the attacker from reading the TLS traffic, it would only report that it is occurring. A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules to establish a barrier between a trusted and untrusted network. If you configured the firewall to block traffic on port 443 (HTTPS/SSL/TLS), it would block all of the webserver’s legitimate users, as well. A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A VPN would not stop an attacker from being able to read the TLS traffic from the webserver.

4 - Network Security

Question 25

You have just finished installing a new web application and need to connect it to your SQLnet database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?

3306

3389

1433

1521

Answer 25

OBJ-1.5: SQLnet uses ports 1521, and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Microsoft SQL uses ports 1433 and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

1 - Networking Fundamentals

Question 26

Max is a network technician who just terminated the ends on a new copper cable used between two legacy switches. When he connects the two switches using the cable, they fail to establish a connection. What is MOST likely the issue?`

The cable has exceeded bend radius limitations

The cable has RJ-11 connectors instead of RJ-45

The cable is a crossover cable

The cable is a straight-through cable

Answer 26

OBJ-2.3: There are two types of cable, Straight-through and Crossover. In this instance, a crossover cable would need to be used to communicate with legacy switches since they won’t support MDIX. A medium dependent interface crossover (MDIX) is a version of the medium dependent interface (MDI) enabling a connection between corresponding devices, such as a switch to another switch. If the switch doesn’t MDIX, then you must use a crossover cable to connect them. Bend radius cannot be the correct answer to this question since copper cables are being used and not fiber cables. Bend radius is a concern when using fiber cables as it leads to increase reflections and a decrease in signal strength. An RJ-11 connector only has 6 pins and is smaller than an RJ-45 connector. The technician would visually be able to see the difference as the RJ-11 connector would not fit properly in the switchports.

2 - Network Implementations

Question 27

Your company has two office buildings which are connected via a copper network cable that is buried underground. There is some construction being performed near the buildings. Now, the second building discovers they have suffered a network outage that doesn’t appear to be temporary. What is the MOST likely cause of the outage?

Signal attenuation on the cable

Electromagnetic interference on the cable

An open circuit has been created

Cross-talk on the cable

Answer 27

OBJ-5.2: Since the issue started after construction began, it is most likely that the construction crew broke the cable during digging operations. This can cause an open circuit or short circuit, depending on how the cable was cut or broken by the construction workers. This can be verified using a Time-Domain Reflectometer to determine exactly where in the cable the break has occurred. Once the location is identified, the cable can be repaired or spliced to return it to normal operations.

5 - Network Troubleshooting

Question 28

Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if any of the Dion Training employees use the same Ethernet port in the conference room, they should access Dion Training’s secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?

Implement NAC

Create an ACL to allow access

Configure a SIEM

MAC filtering

Answer 28

OBJ-4.3: Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access. Network Access Control can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. In this scenario, implementing NAC can identify which machines are known and trusted Dion Training assets and provide them with access to the secure internal network. NAC could also determine unknown machines (assumed to be those of CompTIA employees) and provide them with direct internet access only by placing them onto a guest network or VLAN. While MAC filtering could be used to allow or deny access to the network, it cannot by itself control which set of network resources could be utilized from a single ethernet port. A security information and event management (SIEM) system provides real-time analysis of security alerts generated by applications and network hardware. An access control list could define what ports, protocols, or IP addresses the ethernet port could be utilized. Still, it would be unable to distinguish between a Dion Training employee’s laptop and a CompTIA employee’s laptop like a NAC implementation could.

4 - Network Security