Jason Dion - CompTIA Network+ N10-008 Exam Prep #4

Question 1

Which of the following would NOT be useful in defending against a zero-day threat?

A.Threat intelligence
B.Patching
C.Segmentation
D.Allow listing

Answer 1

B.Patching

OBJ-4.1: While patching is a great way to combat threats and protect your systems, it is not effective against zero-day threats. By definition, a zero-day threat is a flaw in the software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. This attack has no time (or days) between the time the vulnerability is discovered and the first attack, and therefore no patch would be available to combat it. Using segmentation, allow listing, and threat intelligence, a cybersecurity analyst, can put additional mitigations in place to protect the network even if a zero-day attack was successful.

Question 2

Which type of network geography is used to connect various circuits between remote locations?

A.PAN (Personal Area Network)
B.WAN (Wide Area Network)
C.LAN (Local Area Network)
D.WLAN (Wireless Local Area Network)

Answer 2

B.WAN (Wide Area Network)

OBJ-1.2: A wide area network (WAN) will typically cover a larger area geographically, such as a continent, a state, or a country. A personal area network (PAN) is centered around a short distance, usually around a person or up to a few meters. PANs are heavily used with Bluetooth and NFC. A local area network (LAN) connects computers within a small and specific area geographically. A wireless LAN (WLAN) connects computers wihtin a small and specific geographical area using the 802.11 protocols for their wireless connections.

Question 3

When using a Type 1 hypervisor virtualized environment, which of the following hardware types is necessary to connect the VMs to the corporate network?

A.VPN (Virtual Private Network)
B.VDI (Virtual Desktop Infrastructure)
C.VNC (Virtual Network Computing)
D.Virtual NIC

Answer 3

D.Virtual NIC

OBJ-1.2: A virtual machine includes a virtual NIC. A virtual NIC is a type of virtual adapter that can be configured on logical partitions to provide a network interface. This virtual NIC can be paired and mapped to a physical NIC to get the VM onto the network. Virtual Desktop Infrastructure (VDI) is a software technology that separates the desktop environment and associated application software from the physical client device that is used to access it. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it.

Question 4

Which of the following is used to provide emergency electrical power during a long duration outage until the local power grid can be restored?

A.HVAC (Heating, Vacuum, Air Conditioning)
B.UPS (Uninterruptible Power Supply)
C.Generator
D.PDU (Power Distribution Unit)

Answer 4

C.Generator

OBJ-3.3: A generator is a device that converts motive power into electrical power for use in an external circuit. Generators can be powered by diesel, gasoline, or propane. A power distribution unit (PDU) is a device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center. PDUs use and distribute the available amperage more efficiently, allowing your equipment to receive the best available power to maintain operation. An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source or mains power fails. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter.

Question 5

Which of the following types of agreements is a non-legally binding document used to detail what common actions each party intends to perform?

A.AUP (Acceptable Use Policy)
B.SLA (Service-Level Agreement)
C.NDA (Non-Disclosure Agreement)
D.MOU (Memorandum Of Understanding)

Answer 5

D.MOU (Memorandum Of Understanding)

OBJ-3.2: A memorandum of understanding (MOU) is a non-binding agreement between two or more organizations to detail what common actions they intend to take. A non-disclosure agreement (NDA) is a documented agreement between two parties that define what data is considered confidential and cannot be shared outside of that relationship. An NDA is used to protect an organization’s intellectual property. A service level agreement (SLA) is a documented commitment between a service provider and a client, where the quality, availability, and responsibilities are agreed upon by both parties. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used.

Question 6

Which of the following tools is used to identify why an 802.11g network is intermittently dropping network traffic?

A.Multimeter
B.Wi-Fi analyzer
C.Tone generator and probe
D.Cable tester

Answer 6

B.Wi-Fi analyzer

OBJ-5.3: A WiFi analyzer can determine the wireless network’s signal strength, the frequencies in use, and any possible radio frequency interference. Based on the issue described in the question, the network may have dead zones that could be fixed by adding additional access points to increase the network’s wireless coverage. Another possible issue could be radio frequency interference from other devices, which a WiFi analyzer could help identify. A cable tester is used to ensure a cable is properly created as a patch cable (straight through) or a crossover cable. Cable testers provide detailed information on the physical and electrical properties of the cable. For example, they test and report cable conditions, crosstalk, attenuation, noise, resistance, and other cable run characteristics. A multimeter can measure the voltage, amperage, and resistance of a circuit. A multimeter can be a hand-held device useful for basic fault finding and field service work or a bench instrument that can measure electricity with a high degree of accuracy. A tone generator is connected to a wall jack and sends a repeating signal over the cable. The probe can then be used to detect which cable is attached to the wall jack by detecting the signal being sent by the tone generator. The probe needs to be near or touch the cable with the tone generator attached to identify it positively.

Question 7

Which of the following ethernet standards is used with a single-mode fiber optic cable?

A.10GBase-LR
B.10GBase-SR
C.40GBase-T
D.1000Base-T

Answer 7

A.10GBase-LR

OBJ-1.3: 10GBase-LR is a standard for 10 Gigabit Ethernet over single-mode fiber optic cabling. 10GBase-SR is a 10 Gigabit Ethernet LAN standard for use with multimode fiber optic cables using short-wavelength signaling. 1000Base-T and 40GBase-T are ethernet standards that use copper wiring. For the exam, remember the memory aid, “S is not single,” which means that if the naming convention does not contain Base-S as part of its name then it uses a single-mode fiber cable.

Question 8

Which of the following is designed to keep the system’s uptime running in the event of a disaster?
A.Quality of service
B.Load balacing
C.High availability
D.Caching engines

Answer 8

C.High availability

OBJ-3.3: High availability (HA) is a component of a technology system that eliminates single points of failure to ensure continuous operations or uptime for an extended period. If a network switch or router stops operating correctly (meaning that a network fault occurs), communication through the network could be disrupted, resulting in a network becoming unavailable to its users. Therefore, network availability, called uptime, is a major design consideration for high availability networks.

Question 9

Mallory is unhappy with her job at a large beverage company. She decides to steal sensitive information about the company’s proprietary formula for a new energy drink. She installs a keylogger onto some of the product team’s workstations, which then emails out the information to her personal email account each evening so that she can post the information to WikiLeaks. How would you best classify Mallory and her actions?

A.Denial-of-service
B.Social engineering
C.Logic bomb
D.Insider threat

Answer 9

D.Insider threat

OBJ-4.2: Mallory is considered an insider threat in this scenario. An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors, or business associates, who have inside information concerning the organization’s security practices, data, and computer systems. Regardless of her method of stealing the information, the key to this question resides in the fact that she is an employee of the company doing something malicious which places her into the category of an insider threat. A Logic Bomb is a piece of often malicious code that is intentionally inserted into software that is activated upon the host network only when certain conditions are met. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to the Internet. Social engineering is the art of convincing people to reveal confidential information to the intruder.

Question 10

A technician installs a new WAP (Wireless Access Point), and users in the area begin to report poor performance. The technician uses ping, and only 3 of the 5 packets respond. When the technician tests the connection from a wired connection, it responds with 5 of 5 packets. What tool should the network technician use next?

A.Port scanning tool
B.Spectrum analyzer tool
C.Packet capture tool
D.Interface monitoring tool

Answer 10

B.Spectrum analyzer tool

OBJ-5.3: A spectrum analyzer is a device that displays signal amplitude (strength) as it varies by signal frequency. Since the issue only occurs when connecting wirelessly, it is almost like a spectrum interference issue. Alternatively, you could attempt to conduct a wireless site survey using a WiFi analyzer, but that option wasn’t presented in this question. A packet capture tool is used to log and collect packets as they cross the wired or wireless network. An interface monitoring tool would collect data related to performance, bandwidth (utilization), errors and discard rate for a singular interface or switchport. A Port scanner is used to test if a particular port or port range is open, closed, or filtered. Since this appears to be a wireless connectivity issue, only a spectrum analyzer could help identify the connectivity issues. This issue is most likely associated with interference around the channels being used by this wireless access device.

Question 11

You just started work as a network technician at Dion Training. You have been asked to determine if Ethernet0/0 is currently connected using OSPF (Open Shortest Path First) or EIGRP (Enhanced Interior Gateway Routing Protocol) on one of the network devices. Which of the following commands should you enter within the command line interface?

A.show config
B.show route
C.show diagnostic
D.show interface

Answer 11

B.show route

OBJ-5.3: The “show route” command is used on a Cisco networking device to display the current state of the routing table for a given network device. To determine if Ethernet0/0 is connected using OSPF or EIGRP, you would need to use the “show route” command to display the current status. The “show configuration” command is used on a Cisco networking device to display the device’s current configuration. The “show interface” command is used on a Cisco networking device to display the statistics for a given network interface. The “show diagnostic” command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device.

Question 12

A small real estate office has about 15 workstations and would like to use DHCP (Dynamic Host Configuration Protocol) to assign classful IP addresses to each workstation. The subnet only has one octet for the host portion of each device. Which of the following IP (Internet Protocol) addresses could be assigned as the default gateway?

A.10.0.0.1
B.169.254.0.1
C.192.168.0.1
D.172.16.0.1

Answer 12

B.169.254.0.1

OBJ-1.4: Since the question wants a classful IP addressing scheme to be assigned to devices, and only one octet being available for the host portion, it would need to be a Class C address. The only Class C address to choose from is 192.168.0.1 based on the options provided. The IP 10.0.0.1 is a Class A address. The IP 172.16.0.1 is a Class B address. The IP 169.254.0.01 is an APIPA (reserved) address. A non-routable IP address (in this case 192.168.0.1), also known as a private IP address, is not assigned to any organization and does not need to be assigned by an Internet Service Provider. Therefore, the 192.168.0.1 could be assigned to the outside local IP address of the router in a Network Address Translation based network.

Question 13

Which of the following BEST describes how a DHCP (Dynamic Host Configuration Protocol) reservation works?

A.By assigning options to the computers on the network by priority
B.By leasing a set of reserved IP (Internet Protocol) addresses according to their category
C.By matching a MAC (Media Access Control) address to an IP address within the DHCP
D.By letting the network switches assign IP addresses from a reserved pool

Answer 13

C.By matching a MAC (Media Access Control) address to an IP address within the DHCP

OBJ-1.6: When the client requests an IP address by sending a message on the network to the DHCP server, the DHCP server will assign an IP from its DHCP scope to the client and reserve it based on its MAC address. DHCP reservations allow the DHCP server to pre-set an IP address to a specific client based on its MAC address. This ensures that the client will always get the same IP address from the DHCP server when it connects to the network. DHCP reservations are usually used with servers or printers on your internal network and are rarely used with end-user or client devices.

Question 14

You are working as a cybersecurity analyst intern at Dion Training. You have been asked to create a file that contains any data transmitted as part of a malware beacon from a client in a sandboxed wireless network. Which of the following tools should you utilize to create this file?

A.Packet capture
B.IP scanner
C.Wi-Fi analyzer
D.Port scanner

Answer 14

A.Packet capture

OBJ-5.3: A packet capture tool is used to collect data packets being transmitted on a network and save them to a packet capture file (pcap) for later analysis. Packet capture tools are useful when attempting to capture traffic for malware analysis as a cybersecurity analyst. A WiFi analyzer is used to gather information about the available wireless networks, troubleshoot wireless networking issues, ensure optimal router placement, and identify existing coverage areas. A port scanner is used to determine which ports and services are open and available for communication on a target system. An IP scanner is used to monitor a network’s IP address space in real-time and identify any devices connected to the network.

Question 15

Which of the following network devices would be used to receive a signal on one port and then retransmit the same signal out another port to extend the distance covered by a network?

A.Media converter
B.Access point
C.Repeater
D.IDS (Intrusion Detection System)

Answer 15

C.Repeater

OBJ-2.1: A repeater is a networking device that receives a signal and then rebroadcasts it to extend the distance covered by a network. A repeater can operate either as a wired or wireless repeater. A wireless access point is a networking device that allows other Wi-Fi devices to connect to a wired network. A wireless access point operates at the physical layer (Layer 1) of the OSI model to extend the wired network into the wireless domain. A media converter is a networking device that transparently converts Ethernet or other communication protocols from one cable type to another type, such as from copper to fiber or twisted pair to coaxial. A media converter operates at the physical layer (Layer 1) of the OSI model. An Intrusion Detection System (IDS) is a network security/threat prevention technology that examines network traffic flows to detect and alert upon identified threats.

Question 16

Workers in a company branch office must visit an initial web page and click the “I agree” button before being able to surf the web. Which of the following is this an example of?

A.MOU (Memorandum Of Understanding)
B.EULA (End-User License Agreement)
C.AUP (Acceptable Use Policy)
D.SLA (Service-Level Agreement)

Answer 16

C.AUP (Acceptable Use Policy)

OBJ-3.2: AUP stands for acceptable use policy. If you’re agreeing to what you can and can’t view, you accept the AUP. MOU is a memo of understanding which typically contains an agreement on certain actions. SLA is a service-level agreement that is usually made between two companies to state what level of service is expected if machines go down, etc., and when they can expect to be back up and running. EULA is an end-user license agreement and is used during the installation of a piece of software.

Question 17

Users connecting to an SSID (Secure Set IDentifier) appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?

A.CSMA/CA (Carrier-sense multiple access with collision avoidance)
B.RADIUS (Remote Authentication Dial-In User Service)
C.WPA2 (Wi-Fi Protected Access version 2) security key
D.SSL (Secure Sockets Layer) certificates

Answer 17

B.RADIUS (Remote Authentication Dial-In User Service)

OBJ-5.4: Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request. Secure Sockets Layer (SSL) is a security protocol developed by Netscape to provide privacy and authentication over the Internet. SSL is application-independent that works at layer 5 [Session] and can be used with a variety of protocols, such as HTTP or FTP. Client and server set up a secure connection through PKI (X.509) certificates. Carrier-sense multiple access with collision avoidance (CSMA/CA) is a type of network multiple access method that uses carrier sensing, but nodes attempt to avoid collisions by beginning transmission only after the channel is sensed to be idle. CSMA/CA occurs in the background when communicating with a wireless access point and would not prevent the user from authenticating to the captive portal. A WPA2 security key is a preshared password used to authenticate and connect to a wireless access point. If the user connected to the SSID, then the WPA2 security key was valid.

Question 18

Which of the following types of network documentation would include labels to indicate which cables are connected to which switchports on an edge switch?

A.Site survey report
B.Logical network diagram
C.Physical network diagram
D.Wiring diagram

Answer 18

D.Wiring diagram

OBJ-3.2: Wiring diagrams are used to clearly label which cables are connected to which ports. The more in-depth wiring diagrams will include a floorplan or rack diagram, so you can see how the cables are run in the physical environment. A wireless site survey is the process of planning and designing a wireless network to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, and quality of service (QoS). The site survey report will contain a floorplan of the areas surveyed with the wireless coverage areas and signal strengths notated on it. A physical network diagram is used to show the actual physical arrangement of the components that make up the network, including cables and hardware. A logical diagram is used to illustrate the flow of data across a network and is used to show how devices communicate with each other. These logical diagrams usually include the subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments in a given network.

Question 19

(This is a simulated Performance-Based Question.) What is the correct color scheme for Pin 1 to Pin 8 for a T-568A connector?

A.white/orange,orange,white/green,blue,white/blue,green,white/brown,brown
B.white/green,green,orange/white,blue,white/blue,orange,white/brown,brown
C.white/green,green,white/orange, orange,blue,white/blue,white/brown,brown
D.blue,white/blue,orange,white/brown,brown,white/green,green,orange/white

Answer 19

B.white/green,green,orange/white,blue,white/blue,orange,white/brown,brown

OBJ-1.3: You need to have the T-568-A and T-568-B standards memorized before test day because you may be asked to perform a drag and drop exercise of placing the right colored wires into the right numbered pins based on a T-568A or T-568B connector. Remember, a straight-through cable will have T-568B on both ends. If you are asked to make a cross-over cable, you need a T-568A on one side and a T-568B on the other side.

Question 20

Which of the following types of network documentation would be used to illustrate the data flow across the network and include the IP addresses and subnets used by the different network devices?

A.Site survey report
B.Logical network diagram
C.Physical network diagram
D.Wiring diagram

Answer 20

B.Logical network diagram

OBJ-3.2: A logical diagram is used to illustrate the flow of data across a network and is used to show how devices communicate with each other. These logical diagrams usually include the subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments in a given network. A physical network diagram is used to show the actual physical arrangement of the components that make up the network, including cables and hardware. Wiring diagrams are used to clearly label which cables are connected to which ports. The more in-depth wiring diagrams will include a floorplan or rack diagram, so you can see how the cables are run in the physical environment. A wireless site survey is the process of planning and designing a wireless network to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, and quality of service (QoS). The site survey report will contain a floorplan of the areas surveyed with the wireless coverage areas and signal strengths notated on it.

Question 21

Dion Training’s network is using OSPF (Open Shortest Path First) for the internal routing protocol. One of the interfaces connected to the internet is congested. The data is going out to the internet slowly, but is frequently queued by the router prior to sending due to the congestion and lower than normal speeds. You entered the “show interface” command and received the following output:

Fast Ethernet 0/0 is up, line protocol is down
Int ip address is 10.20.130.5/25
MTU 1500 bytes, BW 10000 kbit, DLY 100 usec
Reliability 255/255, Tx load 1/255, Rx load 1/255
Encapsulation ospf, loopback not set
Keep alive 10
Half duplex, 100 Mb/s, 100 Base Tx/Fx
Received 1052993 broadcasts
0 input errors 0 packets output, 768588 bytes
0 output errors, 0 collisions, 0 resets

A.Assign a public IP (Internet Protocol) address to the interface
B.Modify the CIDR (Classless Inter-Domain Routing or supernetting) notation to a classful subnet mask
C.Set the loopback address as 127.0.0.1
D.Change the duplex setting from half to full

Answer 21

D.Change the duplex setting from half to full

OBJ-5.2: Based on the output provided, the interface is set to half-duplex. Since there are no errors, collisions, or resets, the interface appears to be connected directly to another switchport or interface in their own collision domain. Therefore, the duplex can be set to full duplex and this will effectively double the throughput on this interface. The loopback address on all interfaces is set to 127.0.0.1 by default, therefore there is no need to make this configuration change. The output shows “loopback not set”, which indicates the interface is currently in production or operational mode. If the “loopback is set”, this means the interface has a loopback plug installed and you are conducting diagnostics on the interface. The CIDR notation of /25 indicates a subnet with 126 usable hosts. If you modified the CIDR notation to use a classful subnet mask for a Class A network (10.0.0.0/8) it would create 16.7 million usable hosts in a single broadcast domain and would drastically slow down the network. The speed of the network is not influenced by whether a public or private IP address is used by the interface, therefore this is an incorrect option.

Question 22

Jason is flying home from a conference and attempts to connect to the airplane’s onboard wireless network to check his email. He selects the InflightWiFi from the list of network names, his web browser opens, and then a 404 “page not found” error is displayed. Which of the following issues is likely the source of this error?

A.Captive portal issue
B.Incorrect passphrase
C.Insufficient wireless coverage
D.Wrong SSID (Secure Set IDentifier)

Answer 22

A.Captive portal issue

OBJ-5.4: This is most likely a captive portal issue. Since the user selected the SSID from the list of network names, therefore it is not a wrong SSID issue. The user also did not enter a password, therefore it is not an incorrect passphrase. The user is on an airplane, which is a small enough area to have adequate coverage throughout the entire plane. A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a wireless network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other information prior to allowing access to the network and its resources. The received signal strength indication (RSSI) is an estimated measure of the power level that a radio frequency client device is receiving from a wireless access point. If the RSSI is -90dB to -100dB, this indicates an extremely weak connection and insufficient wireless coverage in which the area the device is operating. The service set identifier (SSID) is a natural language name used to identify a wireless network. If you are manually configuring a wireless network and the incorrect SSID is entered, the device will be unable to connect to the network. The passphrase in a wireless network serves as the password or network security key. If the incorrect passphrase was entered, you will receive an error such as “Network security key mismatch” and the wireless device will be unable to communicate with the wireless access point.

Question 23

What port number does POP3 over SSL utilize?

A143.
B.995
C.993
D.110

Answer 23

B.995

OBJ-1.5: Post Office Protocol version 3 over SSL (POP3 over SSL) uses port 995 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server that operates using an SSL or TLS encrypted tunnel. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Internet Message Access Protocol (IMAP) over SSL uses port 993 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection.

Question 24

Which of the following IEEE (The Institute of Electrical and Electronics Engineers) specifications describes the use of the Link Aggregation Control Protocol (LACP)?

A.802.1d
B.802.3af
C.802.1x
D.802.3ad

Answer 24

D.802.3ad

OBJ-2.3: Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that results from them. STP is defined in the IEEE 802.1d standard. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af.

Question 25

Which of the following type of sites might contain a datacenter with equipment, but it is not configured and doesn’t contain any user or customer data yet?

A.Cloud site
B.Warm site
C.Hot site
D.Cold site

Answer 25

B.Warm site

OBJ-3.3: A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization’s enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment.

Question 26

An analyst reviews the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC (Heating, Vacuum, Air Conditioning) control system. The open wireless network must remain openly available so that visitors can access the internet. How can this type of attack be prevented from occurring in the future?

A.Enabled NAC (Network Access Control) on the open wireless network
B.Enabled WPA2 (Wi-Fi Protected Access version 2) security on the open wireless network
C.Install an IDS (Intrusion Detection System) to protect the HVAC system
D.Implement a VLAN (Virtual Local Area Network) to separate the HVAC control system from the open wireless network

Answer 26

D.Implement a VLAN (Virtual Local Area Network) to separate the HVAC control system from the open wireless network

OBJ-2.1: A VLAN is useful to segment out network traffic to various parts of the network and stop someone from the open wireless network from logging to the HVAC controls. By utilizing NAC, each machine connected to the open wireless network could be checked for compliance and determine if it is a ‘known’ machine, but they would still be given access to the entire network. Also, since this is a publicly usable network, using NAC could prevent users from accessing all the network features. An IDS would be a good solution to detect the attempted logins, but it won’t prevent them. Instead, an IPS would be required to prevent logins.

Question 27

You just arrived at school today, pulled your laptop out of your backpack, and tried to connect your laptop to the Wi-Fi network. It worked fine yesterday, but today it won’t connect automatically or display any available networks. You haven’t done anything to the laptop since you left class yesterday. You ask your classmates if they can connect to the Wi-Fi, and every one of them is connected without any issues. What should you check FIRST in your attempt to connect your laptop to the Wi-Fi?

A.IP address issued by the DHCP server
B.Wireless switch on your laptop
C.Wirelless controller configuration
D.The configuration of the access point

Answer 27

B.Wireless switch on your laptop

OBJ-5.4: Since everyone else’s laptops are connected without any issues, the problem is not with the network but with your laptop in some form. This rules out the wireless controller configuration or access point settings since those are both things that would affect all users on the network. Additionally, as a student at the school, it is unlikely you have access to check the configuration of the access point or wireless controller. Since you are not connected or finding any networks, you won’t have a DHCP address assigned either. The most likely cause of your issue is that the wireless switch on your laptop was accidentally switched to the off position when you put your laptop in your backpack. Now, not all laptops have a wireless switch, but from the options provided, this is the most logical answer. If you have a MacBook, for example, they do not use a physical wireless switch. If you are troubleshooting this issue using the bottom-to-top methodology, you would start with layer 1 of the OSI model, the physical layer. In this case, the physical layer would relate to your wireless networking card and the radio frequencies it is supposed to transmit.

Question 28

Dion Training wants to create a DNS (Domain Name System) record to specify a host and port to use for a new instant messaging service. Which type of DNS record should be created?

A.SRV (SeRVice Record)
B.TXT (TeXT Record)
C.SOA (Start Of Authority)
D.PTR (PoinTeR Record)

Answer 28

A.SRV (SeRVice Record)

OBJ-1.6: A DNS service (SRV) record specifies a host and port for specific services such as voice over IP (VoIP), instant messaging, and others. PTR records are used for the Reverse DNS (Domain Name System) lookup. Using the IP address, you can get the associated domain/hostname. An A record should exist for every PTR record. A Start of Authority (SOA) resource record indicates which Domain Name Server (DNS) is the best source of information for the specified domain. The DNS text (TXT) record lets a domain administrator enter text into the Domain Name Systems. The TXT record was originally intended as a place for human-readable notes. However, now it is also possible to put some machine-readable data into TXT records.

Question 29

Students at Dion Training are working on a networking lab that requires a single switch to be remotely accessed by many students simultaneously. The instructor verifies that the switch can be accessed using the console, but the switch is only letting one student log in to the device at a time. Which of the following configurations should the instructor implement to fix this issue?

A.Increase the number of virtual terminals available
B.Increase the number of VLANs (Virtual Local Area Network) configured on the switch
C.Clear the ARP (Address Resolution Protocol) cache and flush the DNS (Domain Name System) cache on the switch
D.Increase installed memory and install a larger flash module

Answer 29

A.Increase the number of virtual terminals available

OBJ-5.5: You can set a limit of how many virtual terminals can simultaneously remotely connect to a switch. The issue in this scenario is that the switch is configured to a maximum of one virtual terminal, so only one student can access the switch at a time. When a student connects to a switch or router using ssh or telnet, it requires a virtual terminal connection. The default virtual terminal limit is 32 on Cisco devices, but you can configure it to allow between 1 and 64 simultaneous connections. To connect to a virtual terminal, you would utilize a terminal emulator. A packet capture tool is used to collect data packets being transmitted on a network and save them to a packet capture file (pcap) for later analysis.

Question 30

You are trying to select the best device to install to detect an outside attacker trying to reach into your internal network. The device should log the event, but it should not take any action to stop it. Which of the following devices would be the BEST for you to select?

A.IDS (Intrusion Detection System)
B.Authentication server
C.Proxy server
D.IPS (Intrusion Protection System)

Answer 30

A.IDS (Intrusion Detection System)

OBJ-2.1: An intrusion detection system is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system. Unlike an IPS, which can stop malicious activity or policy violations, an IDS can only log these issues and not stop them. An intrusion prevention system (IPS) conducts the same functions as an IDS but can also block or take actions against malicious events. An authentication, authorization, and accounting (AAA) server is a server used to identify (authenticate), approve (authorize), and keep track of (account for) users and their actions. AAA servers can also be classified based on the protocol they use, such as a RADIUS server or TACACS+ server. A proxy server is a server that acts as an intermediary between a client requesting a resource and the server that provides that resource. A proxy server can be used to filter content and websites from reaching a user.

Question 31

Dion Training is configuring a new branch office in Florida and wants to assign it a portion of their public Class C IPv4 address space. Dion Training has been assigned a Class C scope of 187.15.3.0/24. The new branch office in Florida will require 23 devices that will need IP addresses assigned. What is the correct CIDR (Classless Inter-Domain Routing or supernetting) notation for the new subnet in order to accommodate the 23 devices while allocating the minimum number of addresses?

A./29
B./27
C./26
D./28

Answer 31

B./27

OBJ-1.4: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have 23 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 25 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). Since we need 25 IP addresses, we need to round up to a block of 32. To symbolize a CIDR block with 32 IP addresses, we would use /27, which is 2^5 = 2.

Question 32

A small law office has a network with three switches (8 ports), one hub (4 ports), and one router (2 ports). Switch 1 (switch port 8) is connected to an interface port (FastEthernet0/0) on the router. Switch 2 (switch port 8) and switch 3 (switch port 8) are connected to Switch 1 (switch ports 1 and 2). The hub has three computers plugged into it on ports 1, 2, and 3. The fourth port on the hub is connected to the router’s other interface port (FastEthernet0/1). Based on the configuration described here, how many collision domains are there within this network?

A.1
B.4
C.8
D.2

Answer 32

B.4

OBJ-2.1: A collision domain is a network segment connected by a shared medium or through repeaters where simultaneous data transmissions collide with one another. Hubs do not break up collision domains, but routers and switches do. For each switchport or interface on a switch or router, there is a new collision domain. Therefore, in this network, you will have one collision domain for the hub and its clients that are connected to FastEthernet0/1. There is a second collision domain for the router’s other interface (FastEthernet0/0) that is shared with Switch 1 (switch port 8). There is a third collision domain for the connection between Switch 2 and Switch 1, and a fourth domain for the connection between Switch 3 and Switch 1. If there were additional clients on any of these switches, each client would also be a part of its own collision domain, but since none were mentioned, we only have 4 collision domains in this network.

Question 33

Which of the following technologies is not commonly used by a captive portal to perform user redirection?

A.ICMP redirect (Internet Control Message Protocol)
B.DHCP redirect (Dynamic Host Configuration Protocol)
C.DNS redirect (Domain Name System)
D.HTTP redirect (HyperText Transfer Protocol)

Answer 33

B.DHCP redirect (Dynamic Host Configuration Protocol)

OBJ-4.3: In general, captive portals are implemented by using an HTTP redirect, an ICMP redirect, or a DNS redirect. A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a wireless network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other information prior to allowing access to the network and its resources.

Question 34

What port number does IMAP utilize?

A.995
B.143
C.110
D.993

Answer 34

B.143

OBJ-1.5: Internet Message Access Protocol (IMAP) uses port 143, and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Internet Message Access Protocol (IMAP) over SSL uses port 993 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Post Office Protocol version 3 over SSL (POP3 over SSL) uses port 995 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server that operates using an SSL or TLS encrypted tunnel.

Question 35

A network technician is asked to redesign an Ethernet network before some new monitoring software is added to each network’s workstation. The new software will broadcast statistics from each host to a monitoring server for each of the company’s five departments. The added network traffic is a concern of management that must be addressed. How should the technician design the new network?

A.Add a router and create a separate segment for all the monitored hosts
B.Increase the collision domains to compensate for the added broadcast messages
C.Place each department in separate VLAN (Virtual Local Area Network) to increase broadcast domains
D.Increase the number of switches on the network to reduce broadcast messages

Answer 35

C.Place each department in separate VLAN (Virtual Local Area Network) to increase broadcast domains

OBJ-2.3: Placing each of the departments on separate VLANs will help minimize the added network traffic caused by the broadcast messages. A virtual LAN is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. Each VLAN becomes its own broadcast domain and this would minimize the total number of broadcast messages sent to every client on the network. For traffic to enter or leave a VLAN, it must go through a router or a layer 3 switch. A collision domain will not prevent a broadcast message from being sent. Increasing the number of switches will not reduce or increase the number of broadcast messages. To minimize the number of broadcast messages, you need to increase the number of broadcast domains.

Question 36

(This is a simulated Performance-Based Question. On the real exam, you may be given a chart with numerous ports and protocols and be asked to drag and drop them to match the ports with the protocols.) What ports do HTTPS (HyperText Transfer Protocol Secure) and RDP (Remote Desktop Protocol) utilize?

A.443,445
B.443,161
C.443,25
D.443,3389

Answer 36

D.443,3389

OBJ-1.5: HTTPS (HyperText Transfer Protocol Secure) uses port 443. RDP (Remote Desktop Protocol) uses port 3389. Port 445 is used by the Server Message Block (SMB) protocol. Port 161 is used by the Simple Network Management Protocol (SNMP). Port 3389 is used by the Remote Desktop Protocol (RDP). Port 25 is used by the Simple Mail Transfer Protocol (SMTP). If this was a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up.

Question 37

Which of the following ports should be allowed to enable access to certain VoIP applications?

A.139
B.5060
C.110
D.3306

Answer 37

B.5060

OBJ-1.5: Session Initiation Protocol (SIP) uses ports 5060 and 5061, and is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Server Message Block (SMB) uses ports 139 and 445, and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments. MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL).

Question 38

You are working as part of the server team for an online retail store. Due to the upcoming holidays, your boss is worried that the current servers may not be able to handle the increased demand during a big sale. Which of the following cloud computing concepts can quickly allow services to scale upward during busy periods and scale down during slower periods based on the changing user demand?

A.Metered services
B.Rapid elasticity
C.On-demand
D.Resource pooling

Answer 38

B.Rapid elasticity

OBJ-1.8: Rapid elasticity is used to describe scalable provisioning or the capability to provide scalable cloud computing services. Rapid elasticity is very critical to meet the fluctuating demands of cloud users. The downside of rapid elasticity implementations is that they can cause significant loading of the system due to the high resource number of allocation and deallocation requests. Resource pooling refers to the concept that allows a virtual environment to allocate memory and processing capacity for a VMs use. On-demand refers to the fact that a consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. Metered services are pre-paid, a-la-carte, pay-per-use, or committed offerings. A metered service like a database may charge its users based on the actual usage of the service resources on an hourly or monthly basis. For example, Dion Training used the AWS Lambda serverless product in some of our automation. This service charges us $0.20 for every 1 million requests processed.

Question 39

You are scanning a target as part of a penetration test. You discovered that the network uses Snort configured as a network-based IDS (Intrusion Detection System). Which of the following occurs when an alert rule has been matched in Snort during your scan?

A.The packet matching the rule will be drooped and the IDS (Intrusion Detection System) will continue scanning new packets
B.The entire packet will be evaluated until all of the IDS alert rules have been checked and the packet is allowed to continue its journey
C.The IDS will send an alert, stop checking the rest of the rules, and allow the packet to continue its journey
D.

Answer 39

B.The entire packet will be evaluated until all of the IDS alert rules have been checked and the packet is allowed to continue its journey

OBJ-2.1: If Snort is operating as an IDS, it will not block the connection or drop the packet. Instead, Snort will evaluate the entire packet and check all the alert rules, logging any matches it finds, and then allow it to continue onward to its destination.

Question 40

What benefit does network segmentation provide?

A.Link aggregation
B.Security through isolation
C.Port mirroring
D.High availability through redundancy

Answer 40

B.Security through isolation

OBJ-4.3: Network segmentation in computer networking is the act of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for increasing performance and improving security through isolation. Link aggregation is the combining of multiple network connections in parallel by any of several methods, in order to increase throughput beyond what a single connection could sustain, to provide redundancy in case one of the links should fail, or both. Port mirroring is used on a network switch to send a copy of network packets seen on one switch port to a network monitoring connection on another switch port. Redundancy is an operational requirement of the data center that refers to the duplication of certain components or functions of a system so that if they fail or need to be taken down for maintenance, others can take over while maintaining high availability of your network and systems. Network segmentation, by itself, does not provide link aggregation, port mirroring, or additional redundancy.

Question 41

A technician installs a new piece of hardware and now needs to add the device to the network management tool database. However, when adding the device to the tool using SNMP (Simple Network Management Protocol) credentials, the tool cannot successfully interpret the results. Which of the following needs to be added to allow the network management tool to interpret the new device and control it using SNMP?

A.TRAP (alert messages)
B.GET (retrieves value of MIB object)
C.MIB (Management Information Base)
D.WALK (an application that runs multiple GETNEXT requests automatically)

Answer 41

C.MIB (Management Information Base)

OBJ-3.1: Management Information Base (MIB) is used for managing all entities on a network using Simple Network Management Protocol. It would allow the tool to interpret the information received correctly.

Question 42

You are configuring a new machine with a hypervisor and several operating systems hosted within it to develop some new applications. You want to ensure that the hypervisor’s various virtual machines can communicate with each other over a network, but you don’t want this network traffic to leave the hypervisor itself. What is the BEST solution to meet these requirements?

A.Connect each machine to an individual switch
B.Configure each virtual machine to use a route to a default gateway
C.Install and configure individual routes between the virtual machines
D.Install and configure a virtual switch

Answer 42

D.Install and configure a virtual switch

OBJ-1.2: A virtual switch (vSwitch) is a software program that allows one virtual machine (VM) to communicate with another. A virtual switch is a software application that allows communication between virtual machines. A vSwitch does more than just forward data packets, it intelligently directs the communication on a network by checking data packets before moving them to a destination. This is usually created within the hypervisor’s software.

Question 43

What network device uses ACLs (Access Control List) to prevent unauthorized access into company systems?

A.IDS (Intrusion Detection System)
B.Firewall
C.Content filter
D.Load balancer

Answer 43

B.Firewall

OBJ-2.1: A firewall is a network security device designed to prevent systems or traffic from unauthorized access. An ACL is a list that shows which traffic or devices should be allowed into or denied from accessing the network. An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. An IDS uses signatures, not ACLs. Content filtering is the use of a program to screen and/or exclude access to web pages or emails deemed objectionable. A load balancer distributes a set of tasks over a set of resources to make their overall processing more efficient.

Question 44

Dion Training has just moved into a new office building and the previous owners never documented which port on the patch panel was connected to the network jacks located in each office. You have been hired to create a wiring diagram to document where all of the cables are connected. Which of the following tools should you use to perform this task?

A.Cable tester
B.Time-domain reflectometer
C.Loopback adapter
D.Tone generator

Answer 44

D.Tone generator

OBJ-5.2: A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A tone generator is used with copper cables, not fiber optic cables. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A time-domain reflectometer (TDR) is used to determine the characteristics of electrical lines by observing reflected waveforms to characterize and locate faults in copper cables. A loopback adapter is a plug that is used to test the physical port or interface on a network device.

Question 45

Which communication technology would MOST likely be used to increase bandwidth over an existing fiber-optic network by combining multiple signals at different wavelengths?

A.LACP (Link Aggregation Control Protocol)
B.DWDM (Dense Wavelength-Division Multiplexing)
C.ADSL (Asymmetric Digital Subscriber Line)
D.FCoE (Fibre Channel over Ethernet)

Answer 45

B.DWDM (Dense Wavelength-Division Multiplexing)

OBJ-1.2: Dense wavelength-division multiplexing (DWDM) is a high-speed optical network type commonly used in MANs (metropolitan area networks). DWDM uses as many as 32 light wavelengths on a single fiber, where each wavelength can support as many as 160 simultaneous connections. Asymmetric digital subscriber line (ADSL) is a type of digital subscriber line technology, a data communications technology that enables faster data transmission over copper telephone lines than a conventional voiceband modem can provide. The link aggregation control protocol (LACP) is used to combine multiple network connections in parallel by any of several methods, in order to increase throughput beyond what a single connection could sustain, to provide redundancy in case one of the links should fail, or both. LACP would require bundling multiple fiber optic cables together to increase bandwidth, therefore it wouldn’t use your existing fiber-optic network to increase the bandwidth as it would need additional cables. Fibre Channel over Ethernet (FCoE) is a method of supporting converged Fibre Channel (FC) and Ethernet traffic on a data center bridging (DCB) network. FCoE encapsulates unmodified FC frames in Ethernet to transport the FC frames over a physical Ethernet network.

Question 46

A malicious user is blocking cellular devices from connecting to the Internet whenever they enter the coffee shop. If they get their coffee to go and walk at least a block away from the coffee shop, their smartphones will connect to the Internet again. What type of network attack is the malicious user performing?

A.On-path attack
B.Blocklisting IP addresses in the ACL (Access Control List)
C.Spoofing
D.Frequency jamming

Answer 46

D.Frequency jamming

OBJ-4.2: Frequency jamming is one of the many exploits used to compromise a wireless environment. Frequency jamming is the disruption of radio signals through the use of an over-powered signal in the same frequency range. It works by denying service to authorized users as legitimate traffic is jammed by the overwhelming frequencies of illegitimate traffic. There is no indication that the malicious user has created a rogue AP (which is a form of spoofing) or performing an on-path attack by having users connect through their laptop or device within this scenario. Also, there is no mention of certain websites or devices being blocked logically using a blocklist or ACL.

Question 47

What is the term for exploiting a weakness in a user’s wireless headset to compromise their smartphone?

A.Bluejacking
B.Multiplexing
C.Smurfing
D.Zero-day attack

Answer 47

A.Bluejacking

OBJ-4.2: Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptop computers, sending a vCard which typically contains a message in the name field to another Bluetooth-enabled device via the OBEX protocol. A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability. The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. Multiplexing is a method by which multiple analog or digital signals are combined into one signal over a shared medium to share a scarce resource. Multiplexing is not a type of exploit or attack but is heavily used to increase the bandwidth of wireless networks and fiber optic connections.

Question 48

Which type of personnel control is being implemented if Kirsten must receive and inventory any items that her coworker, Bob, orders?

A.Mandatory vacation
B.Separation of duties
C.Dual control
D.Background checks

Answer 48

B.Separation of duties

OBJ-4.1: This organization uses separation of duties to ensure that neither Kirsten nor Bob can exploit the organization’s ordering processes for their gain. Separation of duties is the concept of having more than one person required to complete a particular task to prevent fraud and error. Dual control, instead, requires both people to act together. For example, a nuclear missile system uses dual control and requires two people to each turn a different key simultaneously to allow for a missile launch to occur. Mandatory vacation policies require employees to take time away from their job and detect fraud or malicious activities. A background check is a process a person or company uses to verify that a person is who they claim to be and provides an opportunity for someone to check a person’s criminal record, education, employment history, and other past activities to confirm their validity.

Question 49

Which of the following tools would allow you to detect running services, applications, or operating systems on the network’s clients, servers, or devices by sending specifically crafted packets to them and analyzing their responses?

A.ping
B.Protocol analyzer
C.nmap
D.tcpdump

Answer 49

C.nmap

OBJ-5.3: Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network’s clients, servers, and devices. A protocol analyzer is used to capture, monitor, and analyze data transmitted over a communication channel. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. While you may be able to identify the services, applications, or operating systems using tcpdump by analyzing the captured packets, tcpdump will not send specifically crafted packets to the devices as it is a passive reconnaissance tool. The ping command is used to test whether a given target is reachable across an IP network by sending an ICMP Echo Request packet and receiving an ICMP Echo Reply.

Question 50

According to the OSI model, at which of the following layers is data encapsulated into bits?

A.Layer 4
B.Layer 3
C.Layer 2
D.Layer 1

Answer 50

D.Layer 1

OBJ-1.1: Data is transmitted at Layers 5, 6, and 6 of the OSI model. At Layer 4, the data is encapsulated into segments. At layer 3, the segments are encapsulated into packets. At layer 2, the packets are encapsulated into frames. At layer 1, the frames are encapsulated into bits.

Question 51

Rick is upset that he was passed over for a promotion. He decides to take revenge on his nemesis, Mary, who got the job instead of him. Rick sets up an on-path attack against Mary’s computer by redirecting any layer 2 traffic destined for the gateway to his computer first. Rick is careful only to affect the traffic associated with Mary’s computer and not the entire network. Which type of on-path attack is Rick conducting against Mary?

A.MAC (Media Access Control) spoofing
B.IP (Internet Protocol) spoofing
C.ARP (Address Resolution Protocol) poisoning
D.Evil twin

Answer 51

C.ARP (Address Resolution Protocol) poisoning

OBJ-4.2: Based on the scenario, we can eliminate evil twin (focused on wireless access points) and IP spoofing (since this affects layer 3 traffic). While MAC spoofing the gateway’s address might work, it would also affect every computer on this subnet. ARP poisoning (also known as ARP spoofing) is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. By conducting an ARP spoofing, Rick can poison the cache and replace Mary’s computer’s MAC address and IP binding association with his own, allowing him to complete an on-path attack between Mary and the default gateway.

Question 52

Your boss has asked you to select the technology for a new wireless network for the office. She stated that the new network must allow users to connect their laptops, smartphones, and tablets wirelessly. The technology selected should utilize the longest range possible without signal loss. Which of the following wireless technologies should be selected to meet these requirements?

A.802.11g
B.802.11ac
C.802.11b
D.802.11n

Answer 52

B.802.11ac

OBJ-2.4: To meet these requirements, you should recommend 802.11ac because it allows for faster speeds than wireless b, g, and n, and it provides the longest ranges of the options provided. The 802.11ac can reach 115 feet (35 meters) using 8 MIMO streams for higher bandwidth, or up to 230 feet (70 meters) using only 4 MIMO streams to provide greater coverage at a lower bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps.

Question 53

Which of the following is used to provide emergency electrical power during a short outage or until a long-term solution can begin operations?

A.Generator
B.HVAC (Heating, Vacuum, Air Conditioning)
C.UPS (Uninterruptable Power Supply)
D.PDU (Power Distribution Unit)

Answer 53

C.UPS (Uninterruptable Power Supply)

OBJ-3.3: An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source or mains power fails. A power distribution unit (PDU) is a device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center. PDUs use and distribute the available amperage more efficiently, allowing your equipment to receive the best available power to maintain operation. A generator is a device that converts motive power into electrical power for use in an external circuit. Generators can be powered by diesel, gasoline, or propane. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter.

Question 54

A small office has an Internet connection that drops out at least two times per week. It often takes until the next day for the service provider to come out and fix the issue. What should you create with the service provider to reduce this downtime in the future?

A.AUP (Acceptable Use Policy)
B.SLA (Service-Level Agreement)
C.NDA (Non-Disclosure Agreement)
D.MOU (Memorandum Of Understanding)

Answer 54

B.SLA (Service-Level Agreement)

OBJ-3.2: A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end-user that defines the level of service expected from the service provider. SLAs are output-based and their purpose is specifically to define what the customer will receive. If the customer requires faster response times, it should be in the SLA. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restricts how the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share for certain purposes, but wish to restrict access to.

Question 55

A network administrator is assigned an approved change request with a change window of 120 minutes. After 90 minutes, the change is stuck on step five of a five-step change. The network manager decides to initiate a rollback. Which describes what the network administrator should do next?

A.Request additional time since the change is near completion
B.Leave the change as is and inform users of a workaround
C.Return the system to step four since this was the last working step
D.Return the system back to the original state before the change

Answer 55

D.Return the system back to the original state before the change

OBJ-3.2: By performing a rollback, the administrator will change everything back to the last known good configuration before the change is started. This would involve resetting everything back to how it was before the configuration and installation of the changes were begun in this maintenance window.

Question 56

You are using an 802.11ac wireless network at your office which uses WPA2-PSK (Wi-Fi Protected Access version 2-Pre Shared Key) for encryption. Every few minutes, your wireless connection appears to disconnect and then quickly reconnect to the network. What type of attack might you be the victim of?

A.MAC (Media Access Control) spoofing
B.Rogue access point
C.Deauthentication
D.Evil twin

Answer 56

C.Deauthentication

OBJ-4.2: A deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point by sending a deauthentication frame to the victim’s machine. This causes the wireless client to disconnect from the wireless network and then reconnect. During that reconnection, an attacker can conduct a packet capture of the authentication handshake and use that to attempt to brute force the network’s pre-shared key. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user’s knowledge. A rogue access point is any access point installed on a network without the network owner’s permission. For example, if an employee connected a wireless access point to a wall jack in their office so that they can use their smartphone or tablet, this would be considered a rogue access point. MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device.

Question 57

Which of the following wireless technologies use MIMO (Multiple-Input and Multiple-Output) on non-overlapping channels to increase the wireless network’s bandwidth?

A.802.11n
B.802.11b
C.802.11a
D.802.11g

Answer 57

A.802.11n

OBJ-2.4: 802.11n introduced MIMO support on non-overlapping channels to increase the bandwidth available for the wireless network. This is also supported in 802.11ac (MU-MIMO), which was released after 802.11n. The other wireless networking technologies (a/b/g) do not support MIMO.

Question 58

Which of the following policies or plans would describe the process for a new user to request an account on the enterprise network?

A.Bring your own device policy
B.Password policy
C.Remote access policy
D.Onboarding policy

Answer 58

D.Onboarding policy

OBJ-3.2: An onboarding policy is a documented policy that describes all the requirements for integrating a new employee into the company and its cultures, as well as getting that new hire all the tools and information they need to begin their job successfully. A bring your own device (BYOD) policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops. A remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network. A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords.

Question 59

You are troubleshooting an older wireless network that is running Wireless G (802.11g). This network appears to have a lot of collisions and interference. You look up the configuration on two of the three access points in the areas and see they are using Channel 1 and Channel 11. To prevent interference and ensure non-overlapping of the channels, what channel should the third access point utilize?

A.Channel 7
B.Channel 6
C.Channel 5
D.Channel 8

Answer 59

B.Channel 6

OBJ-2.4: With wireless access points that run 2.4 GHz frequencies, you can only select channels between 1 and 11 in the United States. This includes 802.11b, 802.11g, 802.11n, and 802.11ax networks. To prevent overlapping of the channels, you should select channels 1, 6, and 11. By doing so, you can increase the reliability and throughput of your wireless network.

Question 60

What port number does HTTPS (HyperText Transfer Protocol Secure) utilize?

A.143
B.80
C.443
D.123

Answer 60

C.443

OBJ-1.5: The Hypertext Transfer Protocol Secure (HTTPS) uses port 443 and is an application layer protocol for distributed, collaborative, hypermedia information systems using either SSL or TLS encrypted data transfer. The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection.

Question 61

A network technician is troubleshooting connectivity problems between switches but suspects the ports are not properly labeled. What option will help to identify the switches connected to each port quickly?

A.Configure TACACS+ (Terminal Access Controller Access Control Server) on each network device
B.Configure each uplink to send LACP (Link Aggregation Control Protocol) discovery units
C.Enable a discovery protocol on the network devices
D.Perform a packet capture on each switch’s uplink port

Answer 61

C.Enable a discovery protocol on the network devices

OBJ-5.5: By enabling a discovery protocol on the network devices, the technician will be able to get detailed information such as the IP addresses, system version, and device information from supporting devices directly. There are three primary discovery protocols: simple network management protocol (SNMP), link layer discovery protocol (LLDP), and ping. TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. A packet capture tool is used to collect data packets being transmitted on a network and save them to a packet capture file (pcap) for later analysis.

Question 62

Johnny is trying to download a file from a remote FTP (File Transfer Protocol) server but keeps receiving an error that a connection cannot be opened. Which of the following should you do FIRST to resolve the problem?

A.Ensure that port 161 is open
B.Ensure that port 20 is open
C.Validate the security certificate from the host
D.Flush the DNS (Domain Name System) cache on the local workstation

Answer 62

B.Ensure that port 20 is open

OBJ-5.5: Executing an FTP connection from a client is a two-stage process requiring the use of two different ports. Once the user enters the name of the server and the login credentials in the FTP client’s authorization fields, the FTP connection is attempted over port 21. Once the connection is established, FTP sends the data over port 20 back to the client from the server. For FTP to function properly, you should have both ports 20 and 21 open.

Question 63

Sahra connects a pair of switches using redundant links. When she checks the link status of the two ports, one of them is not active. She changes the inactive link to another switchport, but the second link still remains inactive. What MOST likely is causing the second link to become disabled?

A.IGRP (Interior Gateway Routing Protocol) routing
B.SSID (Secure Set IDentifier) mismatch
C.Spanning tree
D.Port mirroring

Answer 63

C.Spanning tree

OBJ-2.3: The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. If STP detects a switching loop being created by the redundant connection, it will disable the switchport automatically. The Interior Gateway Routing Protocol (IGRP) is a distance-vector interior gateway protocol developed by Cisco to exchange routing data within an autonomous system. IGRP is used with layer 3 devices (routers) and not layer 2 devices (switches). A service set identifier (SSID) is a group of wireless network devices that share the same natural language label that users see as a network name. An SSID is not used with wired networks. Port mirroring is used on a network switch to send a copy of network packets seen on one switch port to a network monitoring connection on another switch port. Port mirroring is used for security applications, not redundancy.

Question 64

What is the first flag used in the establishment of a TCP (Transmission Control Protocol) connection or during the initiation of a three-way handshake between two hosts?

A.ACK (acknowledge flag)
B.FIN (finish flag)
C.SYN (synchronization flag)
D.RST (reset flag)

Answer 64

C.SYN (synchronization flag)

OBJ-1.1: A synchronization (SYN) flag is set in the first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake. Once received, the receiver sends back a SYN and ACK flag set in a packet which is then sent back to the initiator to confirm they are ready to initiate the connection. Finally, the initial sender replies with an ACK flag set in a packet so that the three-way handshake can be completed and data transmission can begin. A reset (RST) flag is used to terminate the connection. A finish (FIN) flag is used to request that the connection be terminated.

Question 65

A firewall technician at Dion Training configures a firewall to allow HTTP (HyperText Transfer Protocol) traffic as follows:

Source IP Zone Dest IP Zone
Any Untrust Any DMZ

Port Action
80 Allow

Dion Training is afraid that an attacker might try to send other types of network traffic over port 80 to bypass their security policies. Which of the following should they implement to prevent unauthorized traffic from entering through the firewall?

A.Stateful packet inspection
B.HTTPS (SSL/TLS) ((HyperText Transfer Protocol Secure - Secure Sockets Layer/Transport Layer Security)
C.Stateless packet inspection
D.Application-aware firewall

Answer 65

D.Application-aware firewall

OBJ-2.1: An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, as opposed to simply using IP addresses and port numbers, by applications by inspecting the data contained within the packets. A stateless packet inspection firewall allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.). A stateful packet inspection firewall monitors the active sessions and connections on a network. The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules. Neither a stateless nor stateful inspection firewall operates at layer 6 or layer 7, so they cannot inspect the contents of the packet to ensure it contains HTTP traffic and not other types of network traffic. HTTPS (SSL/TLS) would allow for an encrypted communication path between the webserver and the client, but this would not prevent an attacker from sending other network protocol data over port 80 and bypassing the firewall rules.

Question 66

You are trying to connect to another server on the network but are unable to ping it. You have determined that the other server is located on the 10.0.0.1/24 network, but your workstation is located on the 192.168.1.1/24 network. Which of the following tools should you use to begin troubleshooting the connection between your workstation and the server?

A.traceroute
B.netstat
C.ifconfig
D.dig

Answer 66

A.traceroute

OBJ-5.3: The traceroute command is used on Linux, Unix, and OS X devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. While using ping will tell you if the remote website is reachable or not, it will not tell you where the connection is broken. Traceroute performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help identify if the connectivity issue lies within your workstation and the server since the traffic must be routed between the two networks. The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The ifconfig tool is used on Linux, Unix, and OS X devices to display the current TCP/IP network configuration, assign an IP address, and assign configure TCP/IP settings for a given network interface. The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information.

Question 67

Dion’s Burgers and Fries is a fast-food restaurant that recently installed a new network-connected electronic signboard to display their menu items to customers. The signboard came preconfigured with a public IP address so that the central office can remotely connect to it and update the menu items and prices displayed. The installer unboxed the new device, hung it on the wall, plugged it into the network, and the menu appeared. The next day, the manager sees that the menu items have all been changed to include vulgar names and prices like $6.66. It appears the signboard has been digitally vandalized by an attacker. What is the MOST likely reason the attackers were able to access and modify the signboard’s display?

A.Unnecessary services were not disabled during its installation
B.The default port, port 80, was left open during its installation
C.The self-signed digital certificate of the signboard had expired
D.The default credentials were never changed during its installation

Answer 67

D.The default credentials were never changed during its installation

OBJ-4.3: We know that the signboard was installed with all of the defaults still in place because the installer simply removed it from the box, hung it on the wall, and plugged it in). This means that it is most likely that the electronic signboard default credentials were never changed. While the other options may cause an issue, the unchanged default username and passwords are the biggest threat and most likely the root cause of the digital vandalism since the attacker could simply login to the device using its public IP address and the default username/password to make any changes they desired.
Question 68: Skipped

Question 68

Which cellular technology is compromised of LTE (Long-Term Evolution) and LTE-A (LTE Advanced) to provide higher data speeds than previous cellular data protocols?

A.3G
B.WMN (Wireless Mesh Network)
C.5G
D.4G

Answer 68

D.4G

OBJ-2.4: 4G cellular technology is made up of LTE and LTA-A. Long Term Evolution (LTE) is a packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE has a theoretical speed of 150 Mbps and a real-world speed of around 20 Mbps. LTE Advanced (LTE-A) has a theoretical speed of 300 Mbps and a real-world speed of around 40 Mbps. 5G cellular technology is made up of three different types: low-band, mid-band, and high-band mmWave technology. Low-band 5G reaches an average speed of 55 Mbps with a theoretical speed of 150 Mbps. Mid-band 5G reaches an average speed of 150 Mbps with a theoretical speed of 1.5 Gbps. High-band 5G reaches an average speed of 3 Gbps with a theoretical speed of up to 70 Gbps. 3G cellular technology is made up of two different technologies: HSPA+ and EV-DO. HSPA+ (Evolved High-Speed Packet Access) is a 3G standard used for GSM cellular networks and can support up to a theoretical download speed of 168 Mbps and a theoretical upload speed of 34 Mbps. In the real world, though, HSPA+ normally reaches speeds around 20 Mbps. EV-DO (Evolution-Data Optimized) is a 3G standard used for CDMA cellular networks and can support up to 3.1 Mbps downloads. A wireless mesh network (WMN) is a wireless network topology where all nodes, including client stations, can provide forwarding and path discovery to improve coverage and throughput compared to using just fixed access points and extenders.

Question 69

Which of the following errors would be received if an ethernet frame less than 64 bytes is received by a switch?

A.CRC (Cyclic Redundancy Check) error
B.Giant
C.Runt
D.Encapsulation error

Answer 69

C.Runt

OBJ-3.1: A runt is an ethernet frame that is less than 64 bytes in size. A giant is any ethernet frame that exceeds the 802.3 frame size of 1518 bytes. Encapsulation is a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame. Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network.

Question 70

A technician needs to add new features to an existing router on the network. Which of the following should be performed to add the new features?

A.Migrating to IPv6
B.Firmware update
C.Vulnerability patching
D.Clone the router

Answer 70

B.Firmware update

OBJ-4.3: A firmware update will upgrade your device with advanced operational instructions without needing a hardware upgrade. A firmware update can provide new features or functions to an existing device, or patch vulnerabilities in the existing firmware code. Firmware is a specific class of computer software that provides low-level control for a device’s specific hardware. Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol, the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 will not add any new features to an existing hardware device. Some devices may require a firmware upgrade to support the new IPv6 protocols. Cloning is a process that involves setting up the operating system, drivers, software, and patches on a single computer, then automatically replicating this same setup on other computers using specialized software. Routers, unlike computers, cannot be cloned. Routers can be backed up and then restored, though. Vulnerability patching is the process of checking your operating systems, software, applications, and network components for vulnerabilities that could allow a malicious user to access your system and cause damage, and then applying a security patch or reconfiguring the device to mitigate the vulnerabilities found. Vulnerability patching will mitigate software bugs, but it will not add new features to an existing device.

Question 71

A new piece of malware attempts to exfiltrate user data by hiding the traffic and sending it over a TLS-encrypted (Transport Layer Security) outbound traffic over random ports. What technology would be able to detect and block this type of traffic?

A.Application-aware firewall
B.Stateful packet inspection
C.Intrusion detection system
D.Stateless packet inspection

Answer 71

A.Application-aware firewall

OBJ-4.2: A web application firewall (WAF) or application-aware firewall would detect both the accessing of random ports and TLS encryption and identify it as suspicious. An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, and TLS connections are created and maintained by applications. A stateless packet inspection firewall allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.). A stateful packet inspection firewall monitors the active sessions and connections on a network. The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules. Neither a stateless nor stateful inspection firewall operates at layer 6 or layer 7, so they cannot inspect TLS connections. An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. An IDS only monitors the traffic on the network, it cannot block traffic.

Question 72

After an employee connected one of the switchports on a SOHO (Small Office, Home Office) router to the wall jack in their office, other employees in the building started to receive “duplicate IP address” errors and experiencing intermittent network connectivity. You check the configuration on one of the affected clients and see it has been assigned an IP address of 192.168.1.54. Which of the following could be enabled on the company’s network to prevent this from occurring?

A.ARP (Address Resolution Protocol) inspection
B.DHCP (Dynamic Host Configuration Protocol) snooping
C.Router advertisement guard
D.Split horizon

Answer 72

B.DHCP (Dynamic Host Configuration Protocol) snooping

OBJ-4.3: DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure. When DHCP servers are allocating IP addresses to the LAN clients, DHCP snooping can be configured on LAN switches to prevent malicious or malformed DHCP traffic or rogue DHCP servers. Split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network and allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform.

Question 73

What tool would a network technician use to troubleshoot a span of single-mode fiber cable?

A.Punchdown tool
B.Spectrum analyzer
C.Cable tester
D.OTDR (Optical Time-Domain Reflectometer)

Answer 73

D.OTDR (Optical Time-Domain Reflectometer)

OBJ-5.2: An optical time-domain reflectometer (OTDR) is an optoelectronic instrument used to characterize an optical fiber. An OTDR is the optical equivalent of an electronic time-domain reflectometer. A fiber light meter would also be a good option to test a fiber cable. A punchdown tool or cable tester is used with twisted-pair copper cables, not fiber optic cables. A spectrum analyzer is used to measure the radio frequency in use by a network, but fiber optic cables do not use the radiofrequency of electricity and instead use light as its transmission mechanism.

Question 74

Which of the following is likely to occur if twenty ethernet clients are connected to a hub in a local area network?

A.Broadcast storm
B.Duplicate MAC (Media Access Control) address
C.Asymmetric routing
D.Collisions

Answer 74

D.Collisions

OBJ-5.5: A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment. A hub operates in half-duplex mode and not in full-duplex. A broadcast storm is the result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic. A duplicate MAC address occurs when two or more devices are responding to data requests as if they are the only device on the network with that physical address. One indication of this occurring is when a switch continually changes the port assignments for that address as it updates its content-addressable memory (CAM) table to reflect the physical address and switchport bindings. Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path).

Question 75

You are installing a Small Office/Home Office (SOHO) network consisting of a router with 2 ports, a switch with 8 ports, and a hub with 4 ports. The router has one port connected to a cable modem and one port connected to switch port #1. The other 6 ports on the switch each have a desktop computer connected to them. The hub’s first port is connected to switch port #2. Based on the description provided, how many collision domains exist in this network?

A.8
B.11
C.9
D.3

Answer 75

C.9

OBJ-2.1: Based on the description provided, there are 9 collision domains. Each port on the router is a collision domain (2), each port on the switch is a collision domain (8), and all of the ports on the hub make up a single collision domain (1). But, since one of the ports on the router is connected to one of the switch ports, they are in the same collision domain (-1). Similarly, the hub and the switch share a common collision domain connected over the switch port (-1). This gives us 9 collision domains total: the 8 ports on the switch and the 1 port on the route that is used by the cable modem.

Question 76

You are working as a wireless networking technician and running a wireless controller to aid in network administration. Your supervisor has requested that you implement a centralized authentication service. Which of the following devices should you install and configure if you want to decrease the amount of time spent administering the network while still providing a centralized authentication service for your users?

A.RADIUS (Remote Authentication Dial-In User Service) server
B.Layer 3 switch
C.Proxy server
D.VPN (Virtual Private Network) concentrator

Answer 76

A.RADIUS (Remote Authentication Dial-In User Service) server

OBJ-4.1: A Remote Authentication Dial-In User Service (RADIUS) server will enable the wireless clients to communicate with a central server to authenticate users and authorize their access to the requested service or system. None of the other options presented are designed to support centralized authentication services by themselves, but instead, use a protocol like RADIUS to perform those functions.

Question 77

A technician installs three new switches to a company’s infrastructure. The network technician notices that all the switchport lights at the front of each switch flash rapidly when powered on and connected. After about a minute, the switches return to normal operation. Additionally, there are rapidly flashing amber lights on the switches when they started up the next day. What is happening to the switches?

A.The switches are not functioning properly and needed to be disconnected
B.The switches are running through their spanning tree process
C.The switches are connected and detected a spanning tree loop
D.The switches are having problems communicated with each other

Answer 77

B.The switches are running through their spanning tree process

OBJ-5.5: The switch port lights flashing is indicating that the switch is performing the spanning tree process. The Spanning Tree Protocol (STP) is responsible for identifying links in the network and shutting down the redundant ones, preventing possible network loops. To do so, all switches in the network exchange BPDU messages between them to agree upon the root bridge. When spanning tree protocol is enabled on a switch, the switchports will go through five port states: blocking, listening, learning, forwarding, and disabled to create a loop-free switching environment.

Question 78

Which of the following layers within software-defined networking consists of the physical networking devices, such as switches and routers?

A.Infrastructure layer
B.Application layer
C.Management plane
D.Control layer

Answer 78

A.Infrastructure layer

OBJ-1.7: The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.

Question 79

Which of the following wireless technologies use MU-MIMO on non-overlapping channels to increase the wireless network’s bandwidth?

A.802.11g
B.802.11ac
C.802.11n
D.802.11b

Answer 79

B.802.11ac

OBJ-2.4: Multi-user, multiple-input, multiple-output technology (MU-MIMO) allows a wireless access point to communicate with multiple devices simultaneously to decrease the time each device has to wait for a signal and dramatically speeds up the entire wireless network. The 802.11ac standard introduced MU-MIMO support on non-overlapping channels to increase the bandwidth available for the wireless network. The older 802.11n utilized MIMO. The other wireless networking technologies (a/b/g) do not support MIMO. The newer 802.11ax does support a newer version of MU-MIMO called UL MU-MIMO.

Question 80

Which of the following types of telecommunication links is used to provide high-speed internet service over a system of coaxial or HFC (Hybrid Fiber-Coaxial) cables?

A.Leased line
B.DSL (Digital Subscriber Line)
C.Satellite
D.Cable

Answer 80

D.Cable

OBJ-1.2: Data Over Cable Service Interface Specification (DOCSIS) is used to connect a client’s local area network to a high-bandwidth internet service provider over an existing coaxial cable TV system. A satellite connection is a wireless connection spread across multiple satellite dishes located both on earth and in space that provides remote areas with valuable access to core networks. A digital subscriber line (DSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connection to the Internet. A leased line is a private telecommunications circuit between two or more locations provided according to a commercial contract, normally over a fiber-optic connection.

Question 81

Susan wants to be able to use her iPad on the corporate network, but there is no wireless network available in her office. She decides to buy a wireless router at the local store and plug it into the network wall jack in her office. Within a few hours, her coworkers begin to complain that they are getting “duplicate IP address errors” on their Windows 10 workstations. Which of the following types of attacks did Susan inadvertently perform?

A.DNS (Domain Name System) poisoning
B.Rogue DHCP (Dynamic Host Configuration Protocol)
C.VLAN (Virtual Local Area Network) hopping
D.ARP (Address Resolution Protocol) spoofing

Answer 81

B.Rogue DHCP (Dynamic Host Configuration Protocol)

OBJ-4.2: A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack. VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver’s cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server.

Question 82

A network technician is tasked with designing a firewall to improve security for an existing FTP (File Transfer Protocol) server on the company network. The FTP server must be accessible from the Internet. The security team is concerned that the FTP server could be compromised and used to attack the domain controller hosted within the company’s internal network. What is the BEST way to mitigate this risk?

A.Configure the firewall to utilize an implicit deny statement
B.Upgrade the FTP (File Transfer Protocol) server to an SFTP (Secure SHell File Transfer Protocol) server since it is more secure
C.Migrate the FTP server from the internal network to a screened subnet
D.Add a deny rule to the firewall’s ACL (Access Control List) that blocks port 21 outbound

Question 83

An administrator’s router with multiple interfaces uses OSPF as its routing protocol. You have discovered that one of the router’s interfaces is not passing traffic. You enter the “show interface eth 0/0” command at the CLI and receive the following output:

Fast Ethernet 0/0 is administratively down, line protocol is down
Int ip address is 10.20.30.40/25
MTU 1500 bytes, BW 10000 kbit, DLY 100 usec
Reliability 255/255, Tx load 1/255, Rx load 1/255
Encapsulation ospf, loopback not set
Keep alive 10
Full duplex, 100 Mb/s, 100 Base Tx/Fx
Received 2341432 broadcasts
0 input errors 0 packets output, 0 bytes
0 output errors, 0 collisions, 0 resets

Which TWO of the following actions should you perform to allow the interface to pass traffic again?

A.Verify the cable is connected to eth 0/0
B.Enable the switchport to eth 0/0
C.Set the loopback address to 127.0.0.1
D.Modify the IP (Internet Protocol) address to 10.20.30.4/8

Answer 83

A.Verify the cable is connected to eth 0/0
B.Enable the switchport to eth 0/0

OBJ-5.5: The key to answering this question is the first line of the output. “The line protocol is down” means that the specified interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the switchport. The line protocol being down indicates a clocking or framing problem on the connection, and the most common reason for this is a patch cable that is not properly connected. “Fast Ethernet 0/0 is administratively down” indicates that the switchport was manually shut down using the shutdown command by a network administrator and would need to be reenabled. The IP address is currently set to 10.20.30.40/25 which is a private IP address in a classless subnet range. As long as the default gateway is an IP between 10.20.30.0 and 10.20.30.127, though, there is nothing wrong with using this IP address. Without knowing the default gateway, we cannot identify the IP address as the issue. The “loopback is not set” indicates that the interface is not in diagnostic mode and should be properly sending traffic instead of sending it to a loopback address or port.

Question 84

Which of the following network protocols is used to send email from one server to another server?

A.SNMP (Simple Network Management Protocol)
B.RDP (Remote Desktop Protocol)
C.POP3 (Post Office Protocol)
D.SMTP (Simple Mail Transfer Protocol)

Answer 84

D.SMTP (Simple Mail Transfer Protocol)

OBJ-1.5: Simple Mail Transfer Protocol (SMTP) is a well-known application that uses port 25 for sending email from one server to another server. Remote Desktop Protocol (RDP) is an application that uses port 3389 to allow a user to connect to another computer over a network connection graphically. Simple Network Management Protocol (SNMP) is an application that uses port 161 for the management and monitoring of network-connected devices in Internet Protocol networks. Post Office Protocol v3 (POP3) is an application that uses port 110 to receive and hold email until a client is ready to receive it. The key to answering this question is understanding the acronyms and their meaning.

Question 85

What is the broadcast address associated with the host located at 189.76.60.164/26?

A.189.76.60.192
B.189.76.60.128
C.189.76.60.129
D.189.76.60.191

Answer 85

D.189.76.60.191

OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /26, so each subnet will contain 64 IP addresses. Since the IP address provided is 189.76.60.164, the broadcast address will be 189.76.60.191.

Question 86

When installing a network cable with multiple strands, a network technician pulled the cable past a sharp edge. This resulted in the copper conductors on several of the wire strands being exposed. If these exposed conductors come into contact with each other, they can form an electrical connection. Which of the following conditions would result in this scenario?

A.Short
B.Electrostatic discharge
C.Open
D.Crosstalk

Answer 86

A.Short

OBJ-5.2: A short is an electrical term that is an abbreviation for a short circuit. A short generally means that an unintended connection between two points is allowing current to flow where it should not. In this scenario, the short is caused by the damaged cable in which two or more of the conductors are connected. This has caused the cable to fail and will report as “short” when using a cable tester. An open is the opposite of a short. An open is reported when there is no connection between the two ends of a cable or wire. This can occur when a wire or cable is accidentally cut in half. Electrostatic discharge is the sudden flow of electricity between two electrically charged objects. Crosstalk is the coupling of voltage to an adjacent line through mutual coupling composed of a mutual inductance, a coupling capacitance, or both. Crosstalk occurs within a twisted pair cable when the pairs become untwisted or no shielding or insulation remains.

Question 87

A company-wide audit revealed employees are using company laptops and desktops for personal use. To prevent this from occurring, in which document should the company incorporate the phrase “Company-owned IT assets are to be used to perform authorized company business only”?

A.AUP (Acceptable Use Policy)
B.NDA (Non-Disclosure Agreement)
C.MOU (Memorandum Of Understanding)
D.SLA (Service-Level Agreement)

Answer 87

A.AUP (Acceptable Use Policy)

OBJ-3.2: Acceptable Use Policy dictates what types of actions an employee can or cannot do with company-issued IT equipment. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share for certain purposes, but wish to restrict access to. A service level agreement (SLA) is a commitment between a service provider and a client for particular aspects of the service, such as quality, availability, or responsibilities.

Question 88

An employee at Dion Training reports that half of the marketing department is currently unable to access any network resources. A network technician determines that the switch has failed and needs replacement. Which of the following is required so that the technician can replace the switch and regain connectivity quickly?

A.VLAN (Virtual Local Area Network) configuration
B.Network diagram
C.Configuration backup
D.Router image

Answer 88

C.Configuration backup

OBJ-3.3: Most large enterprise networks will use the same models of switches across much of the network. This allows them to keep spare switches on-site to use as replacements if a production switch fails. By maintaining a configuration backup of each production switch, it allows a network technician to remove the fault switch, install the new switch, and reload the configuration backup to the new switch. Using this method, a skilled network technician can restore a network switch within just a few minutes. While having a network diagram or VLAN configuration may be helpful, they will not expedite the recovery like a configuration backup will. The router image would be useless in this scenario since it was a switch that failed and requires replacement.

Question 89

A small law office has a network with three switches (8 ports), one hub (4 ports), and one router (2 ports). Switch 1 (switch port 8) is connected to an interface port (FastEthernet0/0) on the router. Switch 2 (switch port 8) and switch 3 (switch port 8) are connected to Switch 1 (switch ports 1 and 2). The hub has three computers plugged into it on ports 1, 2, and 3. The fourth port on the hub is connected to the router’s other interface port (FastEthernet0/1). Based on the configuration described here, how many broadcast domains are there within this network?

A.1
B.16
C.5
D.2
E.28

Answer 89

D.2

OBJ-2.1: A broadcast domain is a logical division of a computer network in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment, or it can be bridged to other LAN segments. Routers break up broadcast domains. Therefore there are two broadcast domains in this network - one for each side of the router (the three switches make up one broadcast domain, and the hub makes up the second broadcast domain).

Question 90

An organization wants to choose an authentication protocol that can be used over an insecure network without implementing additional encryption services. Which of the following protocols should they choose?

A.RADIUS (Remote Authentication Dial-In User Service)
B.TACACS+ (Terminal Access Controller Access Control Server)
C.PAP (Password Authentication Protocol)
D.Kerberos

Answer 90

D.Kerberos

OBJ-4.1: The Kerberos protocol is designed to send data over insecure networks while using strong encryption to protect the information. RADIUS, TACACS+, and PAP are all protocols that contain known vulnerabilities that would require additional encryption to secure them during the authentication process.