UDEMY CompTIA Network (N10-008) Practice Exam #6 Flashcards

1
Q

After upgrading a fiber link from 1 Gbps to 10 Gbps. A network technician ran a test of the link and the link is not connecting properly. The two routers are 450 meters apart and are connected using a MMF fiber with 10GBaseLR SFP+ transceivers. The fiber runs through the electrical and boiler rooms of each building. Which of the following is the MOST likely cause of the connectivity issues?

The wrong transceivers are being used
There is a short in the cable
There is heat from the boiler room
Interference from the electrical room

A

OBJ-5.2: The transceivers being used are 10GBaseLR, which are used with single mode fiber (SMF), not multimode fiber (MMF). Since the network is already using MMF fiber and was previously working, the technician should replace the 10GBaseLR SFP+ transceivers with 10GBaseSR SFP+ transceivers instead. Now, this is a difficult question, but if you take it one step at a time, you can also use the process of elimination to get the right answer if you weren’t sure of which type of transceiver to use. First, the question is using a fiber connection, so it will not be subject to electrical interference. Second, fiber is not affected by heat like copper connections, therefore the boiler room option can be eliminated. Third, an open or short condition only occurs with copper cables, not fiber, therefore this option can also be eliminated. This leaves you with the incorrect transceiver being used as the only possible correct option.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your company’s wireless network was recently compromised by an attacker who utilized a brute force attack against the network’s PIN to gain access. Once connected to the network, the attacker modified the DNS settings on the router and spread additional malware across the entire network. Which TWO of the following configurations were most likely used to allow the attack to occur?

Router with outdated firmware
Default administrative login credentials
Guest network enabled
WPS enabled
WPA2 encryption enabled
TKIP encryption protocol

A

OBJ-2.4: Wireless networks that rely on a PIN to connect devices use the Wi-Fi Protected Setup (WPS). It is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS relies on an 8-digit PIN, but it is easily defeated using a brute force attack due to a poor design.

Once connected to the network using the WPS PIN, the attacker may have logged into the router using the default administrative login credentials and then modified the router/gateway’s DNS. Commonly, many network administrators forget to change the default username/password of their devices, leaving an easy vulnerability for an attacker to exploit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A 48-port switch on the Dion Training network just rebooted and all the clients are attempting to obtain a new DHCP address. Which of the following issues may begin to occur?

Broadcast storm
Duplicate IP address
Asymmetric routing
Collisions

A

OBJ-5.5: A broadcast storm is the result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic. The DHCP discover, offer, request, and acknowledge process occurs using broadcast messages, therefore a broadcast storm could occur due to all 48 clients attempting to receive a DHCP assignment simultaneously.

A duplicate IP address occurs when two or more devices have been assigned the same IP address, either dynamically by the DHCP server or statically by a network administrator.

Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path).

A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following ethernet standards is used with a multimode fiber optic cable?

100Base-TX
10GBase-LR
10GBase-SR
10GBase-T

A

OBJ-1.3: 10GBase-SR is a 10 Gigabit Ethernet LAN standard for use with multimode fiber optic cables using short-wavelength signaling.

100Base-TX and 10GBase-T are ethernet standards that use copper wiring.

10GBase-LR is a standard for 10 Gigabit Ethernet over single-mode fiber optic cabling.

For the exam, remember the memory aid, “S is not single,” which means that if the naming convention contains Base-S as part of its name then it uses a multimode fiber cable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You have been asked to troubleshoot Dion Training’s T1 connection that is experiencing connectivity issues. You have already verified that the network’s router is properly configured, the cable is connected properly between the router and the T1’s CSU/DSU, but the T1 remains down. You want to test the interface on the CSU/DSU to ensure it is functioning properly. Which of the following tools should you use to test this interface?

Loopback adapter
Tone generator
Cable tester
Light meter

A

OBJ-5.2: A T1 connection is a copper-based connection. A loopback adapter is a plug that is used to test the physical port or interface on a network device. You will need to insert the loopback adapter into the interface on the CSU/DSU and conduct a self-test of the device by looping back the transmit path to the receive path and the receive path to the transmit path. A loopback adapter can also be used to test the T1 line by allowing the ISP to conduct a remote diagnosis of the connection between their central office and your demarcation point to ensure it is working properly.

A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable.

A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A cable tester is used to test a cable, not the interface itself.

A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A tone generator is not used to test an interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following wireless technologies would you use to transmit data files from one system to another in a direct peer-to-peer connection over a distance of 2 to 3 meters?

NFC
Wi-Fi
Bluetooth
RFID

A

OBJ-2.4: Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz, and building personal area networks. Bluetooth is often used to create peer-to-peer connections between two devices for a distance of up to 10 meters.

Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects.

Near-Field Communication (NFC) is a set of communication protocols for communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection with a simple setup that can be used to bootstrap more-capable wireless connections.

Wi-Fi is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. Wi-Fi can provide high speeds and cover a maximum distance of up to 150 meters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Routing prefixes are assigned in blocks by IANA and distributed by the Regional Internet Registry (RIR). What are these known as?

Top-level domain
Network handle
Autonomous system number
Route aggregation

A

OBJ-2.2: An ASN (or Autonomous System Number) is used to control routing with BGP routing protocols to route traffic across the network. An Autonomous System (AS) is a group of one or more IP prefixes (lists of IP addresses accessible on a network) run by one or more network operators that maintain a single, clearly defined routing policy.

Network operators need Autonomous System Numbers (ASNs) to control routing within their networks and to exchange routing information with other Internet Service Providers (ISPs). There are 2-byte and 4-byte ASN variants in use on the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have been asked to install a media converter that connects a newly installed multimode cable to the existing Cat 5e infrastructure. Which type of media converter should you use?

Fiber to ethernet
Ethernet to coaxial
Multimode to single-mode
Fiber to coaxial

A

OBJ-1.3: A media converter is a Layer 1 device that changes one type of physical network connection to another. In this case, we are converting multimode (fiber) cable to Cat 5e (ethernet) cable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A network technician receives the following alert from a network device: “High utilization threshold exceeded on gi1/0/24: current value 88%” What is being monitored to trigger the alarm?

Disk space utilization
Processor utilization
Memory utilization
Port utilization

A

OBJ-5.5: This is an error message that indicates that the threshold of high utilization of network interface or port, in this case, interface gi1/0/24, has been exceeded. The message has been triggered on the interface link status since gi1/0 is a gigabit interface. Network devices can be configured with alarms that will send a message or alert when high utilization or low utilization past a given setpoint occurs. For example, it is common to set the high utilization setpoint to 70% and the low utilization setpoint to 30%.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A network technician has received a report that workstations are unable to gain access to the network. During the troubleshooting process, the technician discovers that the switch connecting these workstations has failed. Which of the following is the QUICKEST option to configure a replacement switch with a secure configuration?

Image
Baseline
Syslog
Archive

A

OBJ-3.3: To image a switch, you can make a backup of the configuration and deploy it to a new/different switch. An image can contain the firmware and its configurations. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. An archive is a backup of the configurations for the network device. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What would provide the highest level of physical security for the client if they are concerned with the theft of equipment from the datacenter?

Cipher lock
Proximity reader
Access control vestibule
Magnetic key swipe

A

OBJ-4.5: An access control vestibule or mantrap will ensure that only a single authorized person can get in or out of the building at one time. The access control vestibule would provide a choke point for access into and out of the datacenter. This would allow for better physical access control to the datacenter and prevent theft of equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following wireless standards should you implement if the existing wireless network only allows for three non-overlapping channels, and you need additional non-overlapping channels to prevent interference with neighboring businesses in your office building?

802.11g
802.1q
802.11ac
802.11b

A

OBJ-2.4: Wireless B and G only support 3 non-overlapping channels (1, 6, 11). Wireless N and Wireless AC supports the 5 GHz spectrum, which provides 24 non-overlapping channels. The 801.q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. 802.1q is not a wireless networking standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What state is the switchport with the LEAST desirable path placed by the spanning tree protocol when a switch has multiple paths to reach the root bridge?

Listening
Learning
Blocking
Forwarding

A

OBJ-2.3: The spanning tree protocol supports four different states on any given switchport. The switchport will go into a blocking state when it receives a BPDU that indicates there is a better path to the root bridge and the switchport itself is not a root port or designated port. If the switchport is a root port or designated port, it will then move to a listening state. During the listening state, the switchport will discard any frames it receives. When the switchport is in a learning state, it will listen for and process BPDUs it receives and updates its MAC address table. During a listening state, the switchport will not forward any of the frames to others. A switchport in a forwarding state will process BPDUs, update its MAC table, and forward the BPDUs to other switchports. This process will ensure that switching loops are prevented in a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A network technician wants to allow HTTP traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACLs should the technician implement?

PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT ANY
PERMIT SRCIP 192.168.0.0/24 SPORT:80 DSTIP:192.168.0.0/24 DPORT:80
PERMIT SRCIP 192.168.0.0/24 SPORT: ANY DSTIP:ANY DPORT 80
PERMIT SRCIP: ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT:8

A

OBJ-4.3: This will permit traffic from the internal network (192.168.0.0/24) from any port to access the external network (any IP) to port 80 (HTTP). Since this is a stateless firewall, you must include the SPORT (source port) ANY to allow the outbound connection through the firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company has been asked by a local charity that supports underprivileged youth if they would help to build an internet café for their students. Because the charity doesn’t have any funding for this project, your company has decided to donate their old workstations and networking equipment to create the network. All of the workstations, routers, and switches have been tested before installation. The company has decided to reuse some old network cables to connect the computers to the switches to save money. When you arrive at the new internet cafe, you are told that everything is working except unlucky computer #13 can’t connect to the network. You attempt to plug the network cable into another computer, but then that computer cannot connect to the network. Confused, you try connecting the cable directly between two computers, and now they can communicate directly with each other. What is wrong with this cable?

The cable is a rollover cable but should be a crossover cable
The cable is a straight-through cable but should be a crossover cable
The cable is a crossover cable but should be a straight-through cable
The cable is a console cable but should be a straight-through cable

A

OBJ-5.2: Since the cable only worked when connecting two computers directly together, it is a crossover cable. Crossover cables are used to connect two of the same devices (computer to computer, or router to router) by switching the transmit and receiving pins in the cable’s jack. Since you are trying to connect a computer to a switch, you need to have a straight-through cable instead. A rollover or console cable is used to connect a computer to a router’s console port, not a computer to a switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following network devices is used to separate broadcast domains?

Bridge
Hub
Media converter
Multilayer switch

A

OBJ-2.1: A multilayer switch combines the features of a switch and a router into a single device.

A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain.

A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain.

A bridge is networking hardware that forwards traffic between network segments at the data link layer (Layer 2) of the OSI model using MAC addresses. Each switchport on a bridge is a separate collision domain, but all switchports are in a common broadcast domain.

A media converter is a networking device that transparently converts Ethernet or other communication protocols from one cable type to another type, such as from copper to fiber or twisted pair to coaxial. A media converter operates at the physical layer (Layer 1) of the OSI model.

17
Q

You are troubleshooting a 3 foot long fiber patch cable that you suspect is causing intermittent connectivity between two switches. Which of the following tools should you use to measure the signal as it transmits over the fiber optic cable?

Fiber light meter
Cable tester
Loopback adaptert
Optical time domain reflectometer

A

OBJ-5.2: A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located. An Optical Time Domain Reflectometer (OTDR) is used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR can identify if a fiber cable is broken and provide an approximately location for the break. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A loopback adapter is a plug that is used to test the physical port or interface on a network device.

18
Q

Which cellular technology is compromised of HSPA+ and EV-DO to provide higher data speeds than previous cellular data protocols?

4G
LTE
3G
5G

A

OBJ-2.4: 3G cellular technology is made up of two different technologies: HSPA+ and EV-DO. HSPA+ (Evolved High-Speed Packet Access) is a 3G standard used for GSM cellular networks and can support up to a theoretical download speed of 168 Mbps and a theoretical upload speed of 34 Mbps. In the real world, though, HSPA+ normally reaches speeds around 20 Mbps. EV-DO (Evolution-Data Optimized) is a 3G standard used for CDMA cellular networks and can support up to 3.1 Mbps downloads.

4G cellular technology is made up of LTE and LTA-A. Long Term Evolution (LTE) is a packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE has a theoretical speed of 150 Mbps and a real-world speed of around 20 Mbps. LTE Advanced (LTE-A) has a theoretical speed of 300 Mbps and a real-world speed of around 40 Mbps.

5G cellular technology is made up of three different types: low-band, mid-band, and high-band mmWave technology. Low-band 5G reaches an average speed of 55 Mbps with a theoretical speed of 150 Mbps. Mid-band 5G reaches an average speed of 150 Mbps with a theoretical speed of 1.5 Gbps. High-band 5G reaches an average speed of 3 Gbps with a theoretical speed of up to 70 Gbps.

19
Q

Your deep packet inspection firewall is dropping portions of your packet flow as it enters or leaves the network. The network is configured to use HSRP to load balance the network traffic across two network devices in a high availability cluster. Which of the following issues would cause your network security devices, such as your firewalls, to drop packet flows and cause intermittent network connectivity to your clients?

Collision
Multicast flooding
Asymmetric routing
Broadcast storm

A

OBJ-5.5: Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path). Remember, asymmetric routing doesn’t cause any routing issues necessarily, but they do cause issues with dropped packet flows by our security devices like firewalls and unified threat management systems, so you need to consider this in the design of your network architectures to prevent this issue from occurring. If you don’t, then packet flow drops will occur and your clients can experience network intermittent connectivity. Multicast flooding occurs because no specific host is associated with the multicast MAC address in the content-addressable memory (CAM) table of a switch. A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment. A broadcast storm is the result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic.

20
Q

The RAID controller on a server failed and was replaced with a different brand. What will be needed after the server has been rebuilt and joined to the domain?

Static IP address
Physical network diagram
Recent backup
Vendor documentation

A

OBJ-3.3: If the RAID controller fails and is replaced with a RAID controller with a different brand, the RAID will break. We would have to rebuild a new RAID disk and access and restore the RAID’s most recent backup.

While vendor documentation and physical documentation may be helpful, they should have been consulted before the RAID was rebuilt and added to the domain. A RAID is a type of redundant storage that is directly connected to the server using data cables, therefore you do not need an IP address for the RAID itself.

If you are using a storage area network (SAN), then you may need an IP address but this is usually assigned using DHCP reservations and not a static IP address.

21
Q

An attacker has configured their machine to report itself as a switch when connected to a wired network in an attempt to exploit your enterprise network. Which of the following types of attacks is being conducted?

VLAN hopping
Rogue DHCP
DNS poisoning
ARP spoofing

A

OBJ-4.2: VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver’s cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.

22
Q

A network technician just finished configuring a new interface on a router, but the client workstations do not receive the addressing information from the new interface. Which of the following should be added or changed to allow the workstations to connect to the new interface?

IP helper
MX record
TTL
DHCP lease time

A

OBJ-1.6: DHCP IP Helper addresses enable a single DHCP server to provide DHCP IP addresses to every PC on the network, regardless of whether they are on the same broadcast domain as the DHCP server or not. DHCP IP Helper addresses are IP addresses configured on a routed interface such as a VLAN Interface or a routers Ethernet interface that allows that specific device to act as a “middle man” which forwards BOOTP (Broadcast) DHCP request it receives on an interface to the DHCP server specified by the IP Helper address via unicast.

Adding an IP Helper address to the new interface on the router will allow the DHCP broadcast requests to be forwarded to the workstations.

Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network.

An MX record in DNS is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic.

The DHCP lease time is the amount of time a dynamic IP can be used by a client prior to requiring it to be renewed.

23
Q

A technician is troubleshooting a workstation at Dion Training. The workstation is suffering from intermittent connectivity issues. The technician notices that the STP cable pairs are not completely twisted near the connector. Which of the following issues may be experienced because of this?

568A/568B mismatch
Split pair
Tx/Rx reverse
Crosstalk

A

OBJ-5.2: Crosstalk is defined as an effect caused by the unintentional and undesired transmission (leakage) of a signal from one cable to another. Crosstalk can occur if the twisted pairs are not twisted sufficiently, because the twisting of the cable pairs reduces crosstalk between neighboring cable pairs. The twisting is done to help cancel exterior electromagnetic interference. To solve this cable’s crosstalk issue, the cable pairs should be trimmed down and the cable re-terminated again properly. The EIA/TIA-568A and EIA/TIA-568B wiring standards utilize different colored cable pairs on each end of a cable. If you use a mismatch of the two standards on the same cable, it would create a cable that cannot be used as a straight-through or patch cable. This would not lead to intermittent connectivity, though, it would lead to a scenario with no connectivity. The transmit (Tx) and receive (Rx) reversed is a common issue with fiber optic patch cables. A split pair error occurs when one wire from each of two different pairs gets swapped identically on both ends of the cable. The result is a cable that will pass a standard continuity test, but will have serious cross-talk problems, and will most likely not perform adequately at specified data rates. Split pairs were commonly used in older Cat 3 copper networks, but are no longer used in Cat 5 or above networks. The scenario in this question describes a crosstalk issue, not a split pair issue, though.

24
Q

You have just replaced a faulty Ethernet cable in a patch panel. Within a few minutes, you find out that users are experiencing slow or no Internet connectivity all over the building. A broadcast storm has begun to occur. After removing the replacement cable, which of the following should you do NEXT?

Attempt to isolate the broadcast storm by rebooting the switch
Review labeling and logical network diagram documentation
Remove and replace all of the other Ethernet cables on the switch
Replace the cable during the next maintenance window

A

OBJ-5.5: You most likely have plugged the new cable into the wrong port on the patch panel. By reviewing the documentation and labeling, you might see the domain architecture, the strength of user connections, and the relationships in those connections, thereby making it easy to reassign the patch cables corrected. Something has likely been mislabeled, and the replacement of the patch cable was plugged into the wrong port and caused a loop.

25
Q

A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password have been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all the networking devices, which of the following should the technician do to prevent the password from being sniffed on the network again?

Ensure the password is 10 characters, containing letters and numbers

Only allow administrators to access routers using port 22

Use SNMPv1 for all configurations involving the router

Copy all configurations to routers using TFTP for security

A

OBJ-4.3: Port 22 uses SSH to authenticate a remote computer or user, or in this case, an administrator. Even if the router has been compromised, the new full rights user will not access their new account without the SSH key, which could only be provided by a true administrator. Telnet uses port 23 and passes all information as unencrypted traffic on the network. Telnet should always be disabled for security reasons, and SSH (which uses encryption) should be used instead.

26
Q

Your company’s corporate headquarters provided your branch office a portion of their Class C subnet to use at a new office location. You must allocate the minimum number of addresses using CIDR notation in order to accommodate each department’s needs. What is the correct CIDR notation for the Finance department’s subnet, which requires 32 devices?

/27
/29
/30
/26
/28
/25

A

OBJ-1.4: Since the Finance department needs 32 devices plus a network ID and broadcast IP, it will require 34 IP addresses. The smallest subnet that can fit 34 IPs is a /26 (64 IPs). A /26 will borrow 2 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^6 available host IP addresses, or 64 total IP addresses. Of the 64 IP addresses, there are 62 available for clients to use, one for the network ID, and one for the broadcast address.

27
Q

Your workstation has fallen victim to a on-path attack. Upon investigation, you determine that the attack is occurring at layer 2 of the OSI model and is redirecting traffic destined for your workstation to the attackers’ workstation instead. What type of attack was performed against your workstation?

DNS poisoning
VLAN hopping
Rogue DHCP
ARP spoofing

A

OBJ-4.2: ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network.

VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing.

DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver’s cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server.

A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.

28
Q

Damaris is troubleshooting a WINS connectivity issue on a Windows server. She wants to find out the name of the server she is working on. Which of the following commands should she utilize to display the NetBIOS name of the server?

netstat
arp
hostname
show config

A

OBJ-5.3: The hostname command is used to view or change a computer’s hostname and domain. On a Windows system, the hostname, computer name, and NetBIOS name are all the same. The netstat command is used to monitor incoming and outgoing connections, routing tables, port states, and usage statistics on a network interface. The “show configuration” command is used on a Cisco networking device to display the device’s current configuration. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network.

29
Q

Which of the following cloud services should an organization choose to develop a new iPhone app without having to configure and set up its own development environment?

PaaS
SaaS
IaaS
DaaS

A

OBJ-1.8: Platform as a Service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.

Infrastructure as a Service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on-demand, on a pay-as-you-go basis.

Software as a Service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider.

Desktop as a Service (DaaS) is a cloud computing offering where a service provider delivers virtual desktops to end-users over the Internet, licensed with a per-user subscription. DaaS is often called Virtual Desktop Infrastructure (VDI).

30
Q

Dion Training’s network technicians are about to upgrade a Cisco 3900-series router, but they first want to create a copy of the router’s configuration and IOS files to serve as a backup. Which of the following tool should the technicians utilize?

traceroute
show route
tcpdump
TFTP server

A

OBJ-5.3: A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network.

TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices.

The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file.

The “show route” command is used on a Cisco networking device to display the current state of the routing table for a given network device.

The traceroute command is used on Linux, Unix, and OS X devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.

31
Q

The Chief Information Officer (CIO) wants to improve the security of the company’s data. Which management control should be implemented to ensure employees are using encryption to transmit any sensitive information over the network?

HTTPS
Standards
VPN
Policies

A

OBJ-3.2: Policies are plans that describe the goal of an established procedure (Acceptable use, Physical Security, or VPN access), while the standards are the mechanisms implemented to achieve that goal. VPN and HTTPS are examples of protocols and industry standards.

32
Q

Which of the following communication types cannot be used with IPv6?

Broadcast
Multicast
Unicast
Anycast

A

OBJ-1.4: Broadcast only works with IPv4. Broadcast communication has one sender, but it sends the traffic to every device on the network. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only sends the signal once, which is then received by multiple hosts simultaneously. Multicast can be used with both IPv4 and IPv6. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.