Udemy Net+ Practice Test 1 Flashcards
You are installing a new LAN in a building your company just purchased. The building is older, but your company has decided to install a brand new Cat 6a network in it before moving in. You are trying to determine whether to purchase plenum or PVC cabling. Which environmental conditions should be considered before making the purchase?
- Workstation models
- Floor composition
- Window Placement
- Air Duct placement
air duct placement
If you have a plenum area in the ceiling containing the air ducts, you will need to use plenum-rated cables in your cable trays to prevent creating a dangerous environment for your users.
Which of the following types of network documentation would provide a drawing of the network cabling imposed over the floorplan for an office building?
- Wiring Diagram
- Logical Network Diagram
- Site Survey Report
- Physical Network Diagram
Wiring Diagram
Physical = routers, switches, servers
Logical = flow of data across a network: subnets, network objects, protocols and domains
Wiring = which cables connect to which ports
Site Survey = wireless heatmap
Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on? (SELECT TWO)
- Geo-IP
- NAC
- GPS Location
- Port Security
NAC
GPS Location
Network Access Control is used to identify an endpoint’s characteristics when conducting network authentication.
The GPS location of the device will provide the longitude and latitude of the user, which could be compared against the GPS coordinates of the building.
Geo-IP only identifies country of origin, and is easily tricked by VPNs.
A technician is configuring a computer lab for the students at Dion Training. The computers need to be able to communicate with each other on the internal network, but students using computers should not be able to access the Internet. The current network architecture is segmented using a triple-homed firewall to create the following zones:
ZONE INTERFACE, IP address
PUBLIC, eth0, 66.13.24.16/30
INSTRUCTORS, eth1, 172.16.1.1/24
STUDENTS, eth2, 192.168.1.1/24
What rule on the firewall should the technician configure to prevent students from accessing the Internet?
- Deny all from eth2 to eth1
- Deny all from eth1 to eth0
- Deny all from eth0 to eth2
- Deny all from eth2 to eth0
Deny eth2 to eth0
By denying all traffic from the eth2 to eth0, you will block network traffic from the internal (STUDENT) network to the external (PUBLIC) network over the WAN connection. This will prevent the students from accessing the Internet by blocking all requests to the Internet. For additional security, it would be a good idea to also block all traffic from eth0 to eth2 so that inbound traffic from the internet cannot communicate with the student’s computers. But, since the outbound connections from the students to the internet are being blocked, the student will be unable to access any webpages since they cannot send a request over port 80 or 443. Additionally, by choosing this rule, we have not blocked any network traffic between the instructors and the students.
What is a common technique used by malicious individuals to perform an on-path attack on a wireless network?
- Session hijacking
- ARP Spoofing
- Evil twin
- Amplified DNS attacks
Evil Twin
ARP spoofing, session hijacking, and amplified DNS attacks are not techniques specific to attacking wireless networks.
A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?
- Configure the firewall to support dynamic NAT
- Adjust the ACL on the firewall’s internal interface
- Place the server in a screened subnet or DMZ
- Implement a split-horizon or split-view DNS
Split DNS
Split DNS is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks.
Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address.
A network technician connects three temporary office trailers with a point-to-multipoint microwave radio solution in a wooded area. The microwave radios are up, and the network technician can ping network devices in all of the office trailers. However, users are complaining that they are experiencing sporadic connectivity. What is the MOST likely cause of this issue?
- Latency
- Interference
- Throttling
- Split Horizon
Interference
Microwave is light, it requires direct line of sight between the antennas.
Split horizon is a form of route advertisement that prohibits a router from advertising back a route to the same interface from which it learned it – it prevents loops.
You are performing a high-availability test of a system. As part of the test, you create an interruption on the fiber connection to the network, but the network traffic was not re-routed automatically. Which type of routing is the system utilizing?
- Distance Vector
- Hybrid
- Static
- Dynamic
Static
Static routing is a form of routing that occurs when a router uses a manually configured routing entry, rather than information from dynamic routing traffic. Static routes must be configured and re-routed manually during an issue. Dynamic routing, also called adaptive routing, is a process where a router can forward data via a different route or given destination based on the current conditions of the communication circuits within a system. If dynamic routing was used, the router would have automatically routed the traffic to another link or connection on the network. Hybrid routing is a combination of distance-vector routing. Hybrid routing shares its knowledge of the entire network with its neighbors and link-state routing. If a connection is lost, hybrid routing protocols are dynamic and can adjust the advertised routes automatically. A distance-vector routing protocol requires that a router inform its neighbors of topology changes periodically. A distance-vector protocol is a form of dynamic routing and would automatically adjust when the fiber connection or link is lost.
An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following:
DIONRTR01# show interface eth 1/1
GigabitEthernet 1/1 is up, line is up
Hardware is GigabitEthernet, address is 000F.33CC.F13A
Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
Member of L2 VLAN 1, port is untagged, port state is forwarding
Which of the following actions should be taken to improve the network performance for this WAN connection?
- Assign the interface a 802.1q tag to its own VLAN
- Configure the interface to use full duplex
- Replace eth1/1 with a 1000Base-T transceiver
- Shutdown and re-enable this interface
Assign the interface a 802.1q tag to its own VLAN
The WAN interface (eth 1/1) is currently untagged and is being assigned to the default VLAN (VLAN 1). If there are numerous devices in the default VLAN, the VLAN may be overloaded or oversubscribed leading to a reduction in the network performance. To solve this issue, you would assign the WAN interface to a VLAN with less traffic or to its own VLAN. By adding an 802.1q tag (VLAN tag) to the interface, you can assign it to its own individual VLAN and eliminate potential overloading or oversubscription issues. The interface is already set to full-duplex (fdx) and it operating in full-duplex (fdx). Therefore, the issue is not a duplexing mismatch. The configuration shows that the interface is already using a GigabitEthernet, so you do not need to replace the transceiver with a 1000Base-T module. Also, the physical layer is working properly and a link is established, as shown by the output “GigabitEthernet 1/1 is up”, showing the current transceiver is functioning properly at 1 Gbps. While issuing the shutdown command and then re-enabling the interface could clear any errors, based on the interface status shown we have no indications that errors are being detected or reported.
Your company is currently using a 5 GHz wireless security system, so your boss has asked you to install a 2.4 GHz wireless network to use for the company’s computer network to prevent interference. Which of the following can NOT be installed to provide a 2.4 GHz wireless network?
- 802.11n
- 802.11b
- 802.11g
- 802.11ac
802.11ac
Your company wants to create highly available datacenters. Which of the following will allow the company to continue maintaining an Internet presence at all sites if the WAN connection at their own site goes down?
- BGP
- OSPF
- Load Balancer
- VRRP
BGP
If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available. Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP), therefore it will not help be able to reroute the organization’s WAN connections. The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. VRRP is used for your internal clients and will not affect the routing of traffic between WANs or autonomous systems. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle. A load balancer would work at one site, but would not allow routing of the WAN connections at all the other sites since they rely on autonomous systems and BGP is used to route traffic between autonomous systems.
Dion Training is trying to connect two geographically dispersed offices using a VPN connection. You have been asked to configure their networks to allow VPN traffic into the network. Which device should you configure FIRST?
- Modem
- Router
- Firewall
- Switch
Firewall
It’s the outermost device on the network.
By allowing the VPN connection through the firewall, the two networks can be connected and function as a single intranet (internal network). After configuring the firewall, you will need to verify the router is properly configured to route traffic between the two sites using the site-to-site VPN connection.
When a criminal or government investigation is underway, what describes the identification, recovery, or exchange of electronic information relevant to that investigation?
- eDiscovery
- Encryption
- Data transport
- First Responder
eDiscovery
eDiscovery is the term that refers to the process of evidence collection through digital forensics. eDiscovery is conducted during an incident response.
Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine?
- ip
- nslookup
- tracert
- route
route
The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.
A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem?
- The workstations OS updates have not been installed
- APIPA has been misconfigured on the switch
- The switchport is configured for 802.1q trunking
- The workstations NIC has a bad SFP module
switchport is configured for 802.1q trunking
If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address.
APIPA is not configured on the VLAN’s switch, it is configured by default on client and server devices, such as the workstation in this scenario.
A small form-factor pluggable (SFP) transceiver is used on routers as a hot-pluggable network interface module, they are not used in workstations.
The workstation’s OS update status is unlikely to cause the network connectivity issue, but a network interface driver might.
Therefore, the most likely cause of this issue is the switchport was configured as a trunking port instead of an access port.