UDEMY CompTIA Network (N10-008) Practice Exam #3

Question 1

Which of the following types of agreements is used to document the commitment between a provider and client in terms of quality and availability?

SLA
AUP
MOU
NDA

Answer 1

OBJ-3.2: A service level agreement (SLA) is a documented commitment between a service provider and a client, where the quality, availability, and responsibilities are agreed upon by both parties. A non-disclosure agreement (NDA) is a documented agreement between two parties that define what data is considered confidential and cannot be shared outside of that relationship. An NDA is used to protect an organization’s intellectual property. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is a non-binding agreement between two or more organizations to detail what common actions they intend to take.

3 - Network Operations

Question 2

Your co-worker has just installed an unmanaged 24-port switch. He is concerned with the amount of broadcast traffic that may exist when using this device. How many broadcast domains are created when using this single 24-port switch?

1
24
0
2

Answer 2

OBJ-2.1: A single 24-port unmanaged switch will have only 1 broadcast domain. Routers and VLANs split up broadcast domains. Since this is an unmanaged switch, it will only have a single broadcast domain, but it will have 24 collision domains. If this was a managed layer 3 switch, it could provide routing functions and break apart the broadcast domains. But, since this was an unmanaged switch, there must be only 1 broadcast domain on this switch.

2 - Network Implementations

Question 3

Edward’s bank recently suffered an attack where an employee made an unauthorized modification to a customer’s bank balance. Which tenet of cybersecurity was violated by this employee’s actions?

Integrity
Availibility
Confidentiality
Authentication

Answer 3

OBJ-4.1: The CIA Triad is a security model that helps people think about various parts of IT security. Integrity ensures that no unauthorized modifications are made to the information. The attack described here violates the integrity of the customer’s bank account balance. Confidentiality is concerned with unauthorized people seeing the contents of the data. In this scenario, the employee is authorized to see the bank balance but not change its value. Availability is concerned with the data being accessible when and where it is needed. Again, this wasn’t affected by the employee’s actions. Authentication is concerned with only authorized people accessing the data. Again, this employee was authorized to see the balance.
Domain

4 - Network Security

Question 4

A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. Which of the following is MOST likely the cause of the connectivity issue?

Cable short
Misconfigured DNS
Attenuation
Bad power supply

Answer 4

OBJ-5.2: Since the scenario states the VoIP phone works properly from the old desk, it is properly configured and the hardware itself works. This indicates the problem must be caused by the new desk which contains a different network cable from the switch to the wall jack in the cubicle. This is most likely a bad cable, such as one with a short in it. To verify this theory, the technician should use a cable tester to verify if the cable does have a short or not. While attenuation is a possible cause of the problem described, it is unlikely since the employee only moved a few desks (10-15 feet), and is not a large enough distance to cause significant attenuation issues.

5 - Network Troubleshooting

Question 5

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the back-end authentication system supports EAP and TTLS. What should the network administrator implement?

PKI with user authentication
802.1x using PAP
WPA2 with a pre-shared key
MAC address filtering with IP filtering

Answer 5

OBJ-4.3: The network administrator can utilize 802.1x using EAP-TTLS with PAP for authentication since the backend system supports it. Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. MAC address filtering does not filter based on IP addresses, but instead, it filters based on the hardware address of a network interface card, known as a MAC address. WPA2 is a secure method of wireless encryption that relies on the use of a pre-shared key or the 802.1x protocol. In the question, though, it states that the system only supports WPA, therefore WPA2 cannot be used. PKI with user authentication would be extremely secure, but it is only used with EAP-TLS, not EAP-TTLS. EAP-TTLS only works with credential-based authentication, such as a username and password. Therefore, 802.1x using PAP is the best answer.

4 - Network Security

Question 6

Your company’s corporate headquarters provided your branch office a portion of their Class C subnet to use at a new office location. You must allocate the minimum number of addresses using CIDR notation in order to accommodate each department’s needs. What is the correct CIDR notation for the Human Resources (HR) department’s subnet, which requires 25 devices?

/30
/25
/27
/28
/29

Answer 6

OBJ-1.4: Since the Human Resources (HR) department needs 25 devices plus a network ID and broadcast IP, it will require 27 IP addresses. The smallest subnet that can fit 27 IPs is a /27 (32 IPs). A /27 will borrow 3 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^5 available host IP addresses, or 32 total IP addresses. Of the 32 IP addresses, there are 30 available for clients to use, one for the network ID, and one for the broadcast address.

1 - Networking Fundamentals

Question 7

Which of the following layers within software-defined networking focuses on providing network administrators the ability to oversee network operations, monitor traffic conditions, and display the status of the network?

Infrastructure layer
Application layer
Control layer
Management plane

Answer 7

OBJ-1.7: The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations. The application layer focuses on the communication resource requests or information about the network.
The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements.

1 - Networking Fundamentals

Question 8

What happens when convergence on a routed network occurs?

All routers learn the route to all connected networks
All routers are using hop count as the metric
All routers have the same routing table
All routers use route summarization

Answer 8

OBJ-2.2: Routers exchange routing topology information with each other by using a routing protocol. When all routers have exchanged routing information with all other routers within a network, the routers have converged. In other words: In a converged network, all routers “agree” on what the network topology looks like.

2 - Network Implementations

Question 9

Which of the following WAN technologies would MOST likely be used to connect several remote branches that have no fiber, microwave, or satellite connections available?

POTS
OC-3
WiMAX
Starlink

Answer 9

OBJ-1.2: POTS (Plain Old Telephone System) is connected to almost every facility in the United States. DSL and dial-up services can be received over POTS. OC-3 is a type of fiber connection. WiMAX is a type of microwave connection. Starlink is a type of satellite connection.

1 - Networking Fundamentals

Question 10

What port number does LDAPS utilize?

636
389
3389
1433

Answer 10

OBJ-1.5: The Lightweight Directory Access Protocol Secure (LDAPS) uses port 636 and is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network that is encrypted using an SSL connection. The Lightweight Directory Access Protocol (LDAP) uses port 389 and is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Microsoft SQL uses port 1433 and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft that provides a user with a graphical interface to connect to another computer over a network connection.

1 - Networking Fundamentals

Question 11

Dion Training believes there may be a rogue device connected to their network. They have asked you to identify every host, server, and router currently connected to the network. Which of the following tools would allow you to identify which devices are currently connected to the network?

Port scanner
NetFlow analyzer
Protocol analyzer
IP scanner

Answer 11

OBJ-5.3: An IP scanner is used to monitor a network’s IP address space in real-time and identify any devices connected to the network. Essentially, the tool will send a ping to every IP on the network and then creates a report of which IP addresses sent a response. A NetFlow analyzer is used to perform monitoring, troubleshooting, inspection, interpretation, and synthesis of network traffic flow data. A port scanner is used to determine which ports and services are open and available for communication on a target system. A protocol analyzer is used to capture, monitor, and analyze data transmitted over a communication channel

5 - Network Troubleshooting

Question 12

Ted, a file server administrator at Dion Training, has noticed that many sensitive files have been transferred from a corporate workstation to an IP address outside of the local area network. Ted looks up the IP address and determines that it is located in a foreign country. Ted contacts his company’s security analyst, verifying that the workstation’s anti-malware solution is up-to-date and the network’s firewall is properly configured. What type of attack most likely occurred to allow the exfiltration of the files from the workstation?

MAC spoofing
Zero-day
Session hijacking
Impersonation

Answer 12

OBJ-4.1: Since the firewall is properly configured and the anti-malware solution is up-to-date, this signifies that a zero-day vulnerability may have been exploited. A zero-day vulnerability is an unknown vulnerability, so a patch or virus definition has not been released yet. A zero-day vulnerability refers to a hole in software that is unknown to the vendor. Hackers then exploit this security hole before the vendor becomes aware and hurries to fix it. This exploit is therefore called a zero-day attack. Zero-day attacks include infiltrating malware, spyware, or allowing unwanted access to user information. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Impersonation is the act of pretending to be someone or something else. A session hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver.

4 - Network Security

Question 13

Which type of wireless network utilizes the 2.4 GHz or 5 GHz frequency bands and reaches speeds of 108 Mbps to 600 Mbps?

802.11a
802.11ax
802.11b
802.11n
802.11ac
802.11g

Answer 13

OBJ-2.4: The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.

2 - Network Implementations

Question 14

You are creating a wireless link between two buildings in an office park utilizing the 802.11ac standard. The antenna chosen must have a small physical footprint and be lightweight as it will be mounted outside the building. Which type of antenna should you install?

Omni-directional patch antenna
Directional patch antenna
Omni-directional whip antenna
Directional whip antenna

Answer 14

OBJ-2.4: A patch antenna is a type of radio antenna with a low profile, which can be mounted on a flat surface. A patch antenna is typically mounted to a wall or a mast and provides coverage in a limited angle pattern. Patch antennas can be directional or omnidirectional, but a directional antenna should be used for a connection between two buildings within line of sight of each other. A Yagi or directional antenna could also be used, but if the distance is smaller than about 300 feet between the buildings, a patch antenna would be sufficient. A Yagi would be utilized for longer distances instead, but these do weigh more and have a larger footprint. A whip antenna is a vertical omnidirectional antenna that is usually utilized in indoor environments. A whip antenna is omnidirectional and cannot be used for directional use cases.

2 - Network Implementations

Question 15

A company is having a new T1 line installed. Which of the following does this connection MOST likely terminate?

IDF
Krone block
Demarcation point
Patch panel

Answer 15

OBJ-1.2: The telecom company usually terminates the circuits at the Main Distribution Facility (MDF) at the demarcation point. A main distribution frame (MDF or main frame) is a signal distribution frame for connecting equipment (inside plant) to cables and subscriber carrier equipment (outside plant). An intermediate distribution frame (IDF) is a distribution frame in a central office or customer premises, which cross connects the user cable media to individual user line circuits and may serve as a distribution point for multipair cables from the main distribution frame (MDF) to individual cables connected to equipment in areas remote from these frames. A Krone block is an insulation-displacement connector for telecommunications networks used in Europe and is similar to a 110 punch down block. A patch panel is a device or unit featuring a number of jacks, usually of the same or similar type, for the use of connecting and routing circuits for monitoring, interconnecting, and testing circuits in a convenient, flexible manner. Since a T1 line is provided by a telecommunications service provider, it should terminate at your demarcation point

1 - Networking Fundamentals

Question 16

A technician is called to investigate a connectivity issue to a remote office connected by a fiber optic cable. Using a light meter, it is determined that there is excessive dB loss. The installation has been working for several years. The switch was recently moved to the other side of the room and a new patch cable was installed. Which of the following is most likely the reason for the excessive dB loss?

Dirty connectors
Wavelength mismatch
Bend radius limitation
Distance limitations

Answer 16

OBJ-5.2: When fiber optic connectors become dirty, signal loss can cause severe problems and performance issues. Something as simple as oil from a technician’s hand can render a fiber connector dirty and cause a loss of signal. The technician will need to use appropriate cleaning cloth to clean the dirty connectors and restore the service. Since the switch was only moved to the other side of the room, it is unlikely that it now exceeds the distance limitations for a fiber cable since those are measured in hundreds of meters. The question does not mention that the cable was bent or moved around a corner, therefore it is unlikely to be a bend radius limitation affecting the signal. Fiber optic cables use different wavelengths depending on the type of fiber optic cable being used. Multimode fibers use 850 or 1300 nanometer wavelengths, whereas single-mode fibers use 1550 nanometer wavelengths. It is unlikely that the wrong patch cable was used as most organizations only implement a single type of fiber infrastructure to minimize the number and type of cables needed to support them.

5 - Network Troubleshooting

Question 17

You are configuring a point-to-point link and want to ensure it is configured for the most efficient use of your limited pool of available public IP addresses. Which of the following subnet masks would be BEST to use in this scenario?

/29
/30
/24
/28

Answer 17

OBJ-1.4: The most efficient subnet mask for a point-to-point link is actually a /31 subnet, which only provides 2 addresses. This will only work if both routers use a newer routing protocol like OSPF, IS-IS, EIGRP, or RIPv2 (or above). The most widely accepted and used method is to use a /30 subnet consisting of 4 IP addresses. The first is the network IP, the last is the broadcast, and the other 2 IPs can be assigned to the routers on either end of the point-to-point network. For the exam, if you see the option of /30 or /31, remember, they can be used for point-to-point networks.

1 - Networking Fundamentals

Question 18

The fiber-optic connection between two of the Dion Training offices was broken. A network technician used a fusion splicer to repair the cable, but now the connection is experiencing reduced transmission efficiency, slower connection speed, and intermittent downtime. Which of the following is the MOST likely reason for these issues?

Switching loop
Low optical link budget
Missing route
Asymmetrical routing

Answer 18

OBJ-5.5: An optical link budget is a calculation that considers all the anticipated losses along the length of a fiber optic connection. Signal loss across a fiber optic cable occurs naturally due to the distance of the cable, as well as from losses due to multiplexing, bends in the cable, imperfect connections, patches, or splices along the fiber optic cable. If the circuit is designed with a low optical link budget and subsequently needs to be repaired or spliced, it would create a fiber connection that becomes too weak to pass the light across the entire fiber optic cable. Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path). A missing route occurs when the dynamic or static routes in a router do not contain a route needed for specific traffic being routed. A switching loop or bridge loop occurs in computer networks when there are more than one layer 2 paths between two endpoints (e.g. multiple connections between two network switches or two ports on the same switch connected to each other). In this scenario, none of the routing or switching was changed due to the broken cable, therefore the issue is not a missing route, switching loop, or asymmetrical routing.

5 - Network Troubleshooting

Question 19

You have configured your network into multiple segments by creating multiple broadcast domains. Which of the following devices should you use to allow the different network segments to communicate with each other?

Switch
Hub
Router
Bridge

Answer 19

OBJ-2.1: A router is used to allow different network segments and broadcast domains to communicate with each other. If you have a Layer 3 switch, this will also function as a router and allow communication to occur. Since the question didn’t specify if the switch was a layer 2 or layer 3 switch, we must assume it is a traditional layer 2 switch which cannot route traffic from one broadcast domain to the other broadcast domains. A bridge is a layer 2 device and cannot connect multiple broadcast domains. A hub is a layer 1 device and cannot connect different collision or broadcast domains together.

2 - Network Implementations

Question 20

Due to numerous network misconfiguration issues in the past, Dion Training adopted a policy that requires a second technician to verify any configuration changes before they are applied to a network device. When the technician inspects a newly proposed configuration change from a coworker, she determines that it would improperly configure the AS number on the device. Which of the following issues could have resulted from this configuration change if it was applied?

BGP routing issues would have occurred
Spanning tree ports would have entered flooding mode
A frequency mismatch would have occurred
Wireless coverage area would be decreased

Answer 20

OBJ-5.5: BGP (Border Gateway Protocol) is used to route data between autonomous systems (AS). A collection of networks within the same administrative domain is called an autonomous system (AS). The routers within an AS to use an interior gateway protocol, such as the Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF) protocol, exchange routing information among themselves. Autonomous systems operate at layer 3 and are focused on wired networks. Therefore, the frequency mismatch, decreased wireless coverage areas, and spanning tree ports would not be affected by the improper configuration of an AS number on a device.

Question 21

A network architect is designing a highly redundant network with a distance vector routing protocol to prevent routing loops. The architect wants to configure the routers to advertise failed routes with the addition of an infinite metric. What should the architect configure to achieve this?

Hold down timers
Route poisoning
Split horizon
Spanning tree

Answer 21

OBJ-2.2: Route poisoning is a method to prevent a router from sending packets through a route that has become invalid within computer networks. This is achieved by changing the route’s metric to a value that exceeds the maximum allowable hop count so that the route is advertised as unreachable. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks and operates at layer 2 of the OSI model. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. A split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. A hold down timer is a function of a router that prevents a route from being updated for a specified length of time (in seconds). A hold down timer allows for the routers in a topology to have sufficient time to reach convergence and be updated when a route fails.

2 - Network Implementations

Question 22

An administrator notices an unused cable behind a cabinet that is terminated with a DB-9 connector. What protocol is likely to be used with this cable?

Token ring
RS-232
ATM
802.3

Answer 22

OBJ-5.2: RS-232 is a standard for serial communication transmission of data. It formally defines the signals connecting a DTE (data terminal equipment) such as a computer terminal and a DCE (data circuit-terminating equipment or data communication equipment).

A DB-9 connector is often found on a rollover or console cable and is used to connect a router to a laptop using the RS-232 serial transmission protocol for configuring a network device.

IEEE 802.3 is the standard for Ethernet. Ethernet commonly uses twisted pair, fiber optic, and coaxial connections, not a DB-9 serial connector.

Asynchronous Transfer Mode (ATM) uses a fiber or twisted pair cable similar to an ethernet connection. Token ring usually uses a fiber optic cable, not a DB-9 serial cable.

Question 23

Which of the following describes the process of layer protective measures in the network to protect valuable data and information?

Defense in depth
Least privilege
Acceptable use policy
Zero trust

Answer 23

OBJ-4.1: Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.

An acceptable use policy (AUP) is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used.

Zero-trust is a security framework that requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints.

4 - Network Security

Question 24

Company policies require that all network infrastructure devices send system-level information to a centralized server. Which of the following should be implemented to ensure the network administrator can review device error information from one central location?

TACACS+ server
Single sign-on
Wi-Fi analyzer
Syslog server

Answer 24

OBJ-3.1: System Logging Protocol (Syslog) uses port 514, and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

3 - Network Operations

Question 25

What is the broadcast address associated with the host located at 172.16.200.130/26?

172.16.200.159
172.16.200.190
172.16.200.191
172.16.200.158

Answer 25

OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /26, so each subnet will contain 64 IP addresses. Since the IP address provided is 172.16.200.130, the broadcast address will be 172.16.200.191.

1 - Networking Fundamentals

Question 26

Students at Dion Training have been reporting extreme performance degradation across the network every Friday morning. Which of the following should the network technician review FIRST to identify the root cause of the network performance issues?

Bottleneck
Baseline
Link status
Correct answer
Utilization

Answer 26

OBJ-5.5: The technician should first review the utilization on the network during the time period where network performance issues are being experienced. This will then be compared to the average performance of the network throughout the rest of the week. In turn, this could be compared against the baseline. Since the issue is only occurring during a specific time period at a recurring interval (every Friday morning), it is likely an over-utilization issue causing the decreased performance. The link status could be checked to ensure the link is up and operational, but it is unlikely to determine the root cause of the slower network performance being experienced. Bottlenecks are points within a network through which data flow becomes limited thanks to insufficient computer or network resources. But, again, since this is occurring at a specific time and interval, it is likely a high utilization which in turn is affected by any network bottlenecks that may exist. Reviewing the network utilization can help the technician identify why the slowness is being experienced every Friday, such as placing additional load on the network by streaming videos or something similar.

5 - Network Troubleshooting

Question 27

Which of the following network devices is used to separate collision domains?

Media converter
Bridge
Hub
Access Point

Answer 27

OBJ-2.1: A bridge is networking hardware that forwards traffic between network segments at the data link layer (Layer 2) of the OSI model using MAC addresses. Each switch port on a bridge is a separate collision domain, but all switch ports are in a common broadcast domain.

A hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub operates at the physical layer (Layer 1) of the OSI model. All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD.

A wireless access point is a networking device that allows other Wi-Fi devices to connect to a wired network. A wireless access point operates at the physical layer (Layer 1) of the OSI model to extend the wired network into the wireless domain.

A media converter is a networking device that transparently converts Ethernet or other communication protocols from one cable type to another type, such as from copper to fiber or twisted pair to coaxial. A media converter operates at the physical layer (Layer 1) of the OSI model.

2 - Network Implementations

Question 28

What is an example of a signaling protocol used to initiate, maintain, and terminate a real-time VoIP session?

VRRP
TFTP
Correct answer
SIP
RDP

Answer 28

OBJ-1.5: SIP (Session Initiation Protocol) is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications. SIP uses ports 5060 and 5061. VRRP (Virtual Router Redundancy Protocol) is a protocol used for the automatic assignment of available Internet Protocol (IP) routers to participating hosts in order to increase the availability and reliability of routing paths via automatic default gateway selections. VRRP uses port 112. RDP (Remote Desktop Protocol) provides users with a graphical interface to connect to another computer over a network connection. RDP uses port 3389. TFTP (Trivial File Transfer Protocol) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. TFTP uses port 69. and SIP is a session initiation protocol. SIP is a signaling protocol used on the application layer

1 - Networking Fundamentals

Question 29

A network technician must replace a faulty network interface card on Dion Training’s web server. The server currently uses a multimode fiber optic cable to connect to a switch port on a fiber-optic network switch. Which of the following types of NICs should the technician install on the server?

1000Base-LR
1000Base-T
10GBase-SR
1000Base-FX

Answer 29

OBJ-5.2: 10GBase-SR is a 10 Gigabit Ethernet LAN standard for use with multimode fiber optic cables using short-wavelength signaling.

1000Base-T is a standard for Gigabit Ethernet over copper wiring.

1000Base-FX and 1000Base-LR are standard for Gigabit Ethernet over single-mode fiber optic cabling.

For the exam, remember the memory aid, “S is not single,” which means that if the naming convention contains Base-S as part of its name then it uses a multimode fiber cable.

5 - Network Troubleshooting

Question 30

A new network administrator is hired to replace a consultant who ran the network for several months and whose contract was just canceled. After a month of working on the network, the new network administrator realized some network issues and configuration changes in the server settings. The log files on the servers do not contain any error messages related to the issues or changes. What could be the problem?

A TACACS+ or RADIUS misconfiguration is causing logs to be erased

A backdoor has been installed to grant someone access to the network

The last ACL on the firewall is set to DENY ANY ANY

The server was the victim of a brute force password attack

Answer 30

OBJ-4.2: A hacker or the previous administrator (consultant) left a piece of software or an SSH protocol to allow themselves access to the network and change the server settings. The consultant may be disgruntled that their contract was canceled and that the new network administrator was hired to replace them. The last ACL on the firewall should be set to DENY ANY ANY, as this is a form of implicit deny and considered a best practice in network security. A brute force password attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. If a brute force password attack was used, there would be numerous failed login attempts showing in the security log files on the servers. TACACS+ and RADIUS misconfigurations would lead to authentication issues, not to log erasures.

4 - Network Security

Question 31

Jonah is conducting a physical penetration test against Dion Training. He walks up to the access control vestibule and tells an employee standing there. He says, “I forgot my access card on my desk when I left for lunch, would you mind swiping your badge for me so I can go to my desk and retrieve my access card?” What type of social engineering attack is Jonah attempting?

Tailgating
Piggybacking
Phishing
Shoulder surfing

Answer 31

OBJ-4.2: Piggybacking attack is a social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises. The big difference between tailgating and piggybacking is permission.

Tailgating is when an unauthorized person physically follows an authorized person into a restricted corporate area or system. With tailgating, the authorized person doesn’t know the unauthorized person is walking behind them. With Piggybacking, the authorized person will allow the unauthorized person to enter the secure area using the authorized person’s access credentials.

Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers, passwords and other confidential data by looking over the victim’s shoulder.

Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.

4 - Network Security

Question 32

You are assisting the company with developing a new business continuity plan. What would be the BEST recommendation to add to the BCP?

Build redundant links between core devices
Physically secure all network equipment
Perform recurring vulnerability scans
Maintain up-to-date configuration backups

Answer 32

OBJ-3.2: The business continuity plan focuses on the tasks carried out by an organization to ensure that critical business functions continue to operate during and after a disaster. By keeping redundant links between core devices, critical business services can be kept running if one link is unavailable during a disaster. Some of the other options are good ideas, too, but this is the BEST choice to maintain a high-availability network that can continue to operate during periods of business disruption.

3 - Network Operations

Question 33

You are working for a brand new startup company who recently moved into an old office building because the CEO liked the “charm” of the place. You have been tasked with converting a small janitorial closet into an IDF to support the new office network. You measure the closet and determine that you can install a two-post rack inside of it, and all your necessary networking equipment will fit in the two-post rack. You test the power outlet installed in the closet, and it is sufficient for your needs. What is the NEXT thing you should be concerned with to ensure this closet can be used as your IDF?

Is there adequate airflow and cooling in the closet?
Is there redundant power available?
Can I install a UPS in this closet?
How will I label the cables during installation?

Answer 33

OBJ-3.3: Since you are converting an old closet into an IDF, you need to ensure you have 3 main things: Power, Space, and Cooling. You already verified there were adequate power and space, so you need to determine if there are adequate airflow and cooling to prevent the equipment from overheating. After that, you can then determine how to supply backup power (UPS or redundancy).

3 - Network Operations