ACT CompTIA Network+ N10-008 Practice Test Flashcards

Question

A network port does not seem to be working properly. Which of the following tools can be used to test if the the port is sending out data? Loopback plug Crimper Patch cable OTDR

Answer 1

**Loopback plug** A loopback plug or adapter is a specially wired RJ-45 plug with a 6" stub of cable used to test for faulty ports and network cards. A patch cable is an Ethernet or optical cable used to connect two electronic devices to each other. It is mostly referred to as short cables that "patch" certain physical routes from a patch panel or a switch. A cable crimper is used to create network cables with terminated ends such as a patch cable. Different types of crimpers are specific to the type of connector and cable. An OTDR (optical time domain reflector) is a fiber optic testing tool. it tests for attenuation using an optical source and optical power meter (or light meter).

Answer 2

**IEEE 802.1X** **EAP** The Institute of Electrical and Electronics Engineers (IEEE) 802.1X uses authentication, authorization, and accounting (AAA) architecture that are made up of three components: a supplicant, network access point, and AAA server. The Extensible Authentication Protocol (EAP) provides a framework for deploying multiple types of authentication protocols and technologies, many of which use a digital certificate on the server and/or client machines. Terminal Access Controller Access Control System (TACACS+) is a similar protocol to RADIUS and is often used in authenticating administrative access to routers and switches. The local authentication provider is the software architecture that underpins the mechanism by which the user is authenticated before starting a shell. This is a login (Linux) or a logon or sign-in (Microsoft).

Answer 3

**The IIS service is not running.** **TCP ports are blocked.** The application on the client workstation may be communicating over a blocked Transmission Control Protocol (TCP) port. The workstation can communicate using Telnet via TCP port 23; ports may need to be manually allowed in and out. The IIS service may not be working, causing the client application not to connect as well. Services on a Windows computer is viewable using the Services management console (services.msc). As both a ping and Telnet test are successful between the client and the server using both an IP address and the hostname, name resolution is found to be working properly. The client was not accessing the IIS server using a web browser, which indicates if a server certificate was installed or trusted.

Answer 4

**10GBaseT** 10GBaseT Ethernet specifies speeds of 10 gigabits. Cat 6, 6A, and 7 twisted pair cables fall under the 10GBaseT Ethernet specification. 100BaseT is a legacy cabling standard that supports speeds up to 100 megabits per second. 1000BaseT Ethernet specifies speeds of 1 gigabit. It is important to note that Cat 6 and Cat 6A fall under multiple specifications using criteria such as cable length. 1000Base-LX is a specification for gigabit Ethernet net using fiber optic cabling.

Answer 5

**FCoE** Provisioning separate Fibre Channel adapters and cabling is expensive. As its name suggests, Fibre Channel over Ethernet (FCoE) is a means of delivering Fibre Channel packets over Ethernet cabling and switches. Fibre Channel (FC) is defined in the T11 ANSI standard. Provisioning separate Fibre Channel adapters and cabling is expensive but can provide higher speeds. Internet Small Computer System Interface (iSCSI) is an IP tunneling protocol that enables the transfer of SCSI data over an IP-based network. iSCSI works with ordinary Ethernet network adapters and switches. Virtual appliances might be developed against a standard architecture, such as ETSI's Network Function Virtualization (NFV).

Answer 6

**Link state** Link state measures whether an interface is working (up) or not (down). You should configure an alert if an interface goes down so that you can investigate immediately. You may also want to track the uptime or downtime percentage so that you can assess a link's reliability over time. It is often helpful to monitor both packet counts and bandwidth consumption. High packet counts will incur a processing load on the CPU and system memory resources. If an interface operates in half-duplex mode, there is likely to be a problem unless you support a legacy device. Latency is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms).

Answer 7

**Smart Badge** **Biometric Device** A smart badge comes with an integrated chip and data interface that stores the user’s key pair and digital certificate. The user presents the card and enters a PIN and then the card uses its cryptographic keys to authenticate securely via the entry point’s badge reader. A biometric device is activated by human physical features, such as a fingerprint, voice, retina, or signature. Detection-based controls provide an important additional layer of defense in the event that prevention-based controls, such as key fob security, fail to work. Radio Frequency Identification (RFID) is a means of encoding information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else.

Answer 8

**Omni** The antenna type determines the propagation pattern or shape of the radio waves transmitted. Most wireless devices have simple omnidirectional vertical rod-type antennas, which receive and send signals in all directions more-or-less equally. The exact use of channels can be subject to different regulations in different countries. Regulatory impacts also include a strict limit on power output, constraining the range of Wi-Fi devices. The first version of Wi-Fi Protected Access (WPA) fixes critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. Directional is the angle that an antenna sends and receives traffic.

Answer 9

**IGMP must be used to configure group membership.** **A multicast IP address is assigned to the servers.** IPv4 multicasting allows one host on the public or private network to send content to other hosts that have joined a multicast group. Each server will be given the same multicast IP address to join the group. Internet Group Management Protocol (IGMP) is used to configure group memberships and IP addresses. Broadcast IP addresses are not assigned to a single host. The last address in any IP network is the broadcast address (e.g. 192.168.1.255). A broadcast domain is when all the hosts receive the same broadcast packets, and it is not specific to any group of hosts. A basic layer 2 switch is an example of a broadcast domain.

Answer 10

**Multifactor** An authentication technology or mechanism is considered strong if it combines the use of more than one authentication data type (multifactor). At layers two and three, network segmentation enforcement is applied using a combination of virtual LANs and subnets. Each segment is a separate broadcast domain. A screened subnet uses two firewalls placed on either side of the perimeter network zone. The edge firewall restricts traffic on the external/public interface and allows permitted traffic to the hosts in the perimeter zone subnet. A vulnerability that is exploited before the developer knows about it or can release a patch is called a zero-day.

Answer 11

**Ransomware** Ransomware is a type of malware that tries to extort money from the victim. The crypto-malware class of ransomware attempts to encrypt data files with an encryption key. Domain Name System (DNS) poisoning is an attack that compromises the name resolution process. The attacker will replace the valid IP address for a trusted website, with the attacker's IP address. Media Access Control (MAC) or IP spoofing is when a threat actor spoofs the value of a valid MAC or IP address to try to circumvent an access control list or impersonate a legitimate server. ARP spoofing, or ARP cache poisoning, perpetrates an on-path attack by broadcasting unsolicited ARP reply packets, also known as gratuitous ARP replies, with a spoofed source address.

Answer 12

**Complete environment and compatibility checks.** **Make a backup of the system configuration.** Updating firmware is known as flashing the chip. It is important to make a backup of the system configuration (especially for a firewall) before performing a firmware update or upgrade. Complete an environment and compatibility check before upgrading the firmware. This may include using, for example, the IOS Software Checker for Cisco network devices to identify the "first fix" version. Loading an old image at startup may not be compatible with the latest IOS software. Work with the current image for a proper upgrade. Downgrading (or rollback) refers to reverting to a previous version of the software or firmware. This is only necessary to fix a problem caused by a recently upgrade.

Answer 13

**Wireless Access Point** **Network Switch** **Wireless NICs** A Wireless Access Point (WAP) is a layer 2 device that allows nodes with wireless network cards to communicate and creates a bridge between wireless networks and wired ones. A basic network switch is a layer 2 device that is a more advanced type of bridge with many ports. It creates links between large numbers of nodes more efficiently. Wireless or standard Network Interface Cards (NICs) are layer 2 devices that join a host to network media. Category 6 (Cat6) Ethernet cables are part of layer 1 or the physical layer of the OSI model. They link nodes using a form of transmission or physical media.

Answer 14

**Control plane policing** Control plane policing is a security method that prevents DoS attacks against a route processor over control or management plane protocols and packets. MAC filtering is a security method where an access control list can be applied to a switch or access point so that only clients with approved MAC addresses can connect to it. Dynamic ARP inspection is a security feature that prevents a host attached to an untrusted port from flooding the segment with gratuitous ARP replies. Preshared keys (PSKs) are used in WPA2 for authentication that uses a passphrase to generate the key used to encrypt communications, also referred to as group authentication.

Answer 15

**SRV** An SRV (service) record is used to identify a record that is providing a network service or protocol. They are often used to locate VoIP or media servers. An NS (name server) record identifies authoritative DNS name servers for the zone. In most enterprise networks, each zone will have at least two DNS servers holding a replicated copy of the zone. A PTR (pointer) record is found in reverse lookup zones and is used to resolve an IP address to a host name. A TXT record stores any free-form text that may be needed to support other network services. They are most commonly used as part of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).

Answer 16

**Jumbo Frames** A jumbo frame supports a data payload of up to around 9,000 bytes. This reduces the number of frames that need to be transmitted, reducing the amount of processing that switches and routers need to do. IEEE 802.3x flow control allows a server to instruct the switch to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames. Most Ethernet interfaces operate in full-duplex mode. If an interface operates in half-duplex mode, there is likely to be a problem unless you support a legacy device. The spanning tree protocol (STP) is a means for the bridges or switches to organize themselves into a hierarchy.

Answer 17

**Baselines** A performance baseline establishes the resource utilization metrics at a point in time, such as when the system is installed. Baselines provide a comparison to measure system responsiveness later. Management Information Base (MIB) holds statistics relating to the device's activity, such as the number of frames per second handled by a switch. Netflow is a Cisco-developed means of reporting network flow information to a structured database. NetFlow allows a better understanding of IP traffic flows as used by different network applications and hosts. Link state measures whether an interface is working (up) or not (down).

Answer 18

**IICMP traffic was blocked.** nternet Control Message Protocol (ICMP) is used for status messaging and connectivity testing. An inbound rule blocking ICMP traffic using a firewall will prevent a reply if a ping command is used externally on the server. Transmission Control Protocol (TCP) operates at the transport layer to provide connection-oriented, guaranteed delivery of packets. RDP uses TCP port 3389, which is not blocked. Encapsulating Security Payload (ESP/50) and Authentication Header (AH/51) are used with the encrypted form of IP (IPSec). Generic Routing Encapsulation (GRE/47) is used to tunnel packets across an intermediate network. This is used (for example) in some virtual private network (VPN) implementations.

Answer 19

**Memory** Memory is considered the component of computers that temporarily stores actively used data. Latency is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms). You can test the latency of a link using tools such as ping, pathping, and mtr. When assessing latency, you need to consider the Round Trip Time (RTT). Jitter is a variation in the delay. Jitter manifests itself as an inconsistent rate of packet delivery. Jitter is also measured in milliseconds, using an algorithm to calculate a sample of transit times value. Generally, bandwidth refers to the amount of transferable data through a connection over a given period.

Answer 20

**Split tunnel vs. full tunnel** Split tunnel VPNs only route private network traffic through the VPN gateway. Full tunnel VPNs route all network traffic via the VPN gateway. SSH (secure shell) is a secure way to connect remotely to network appliances for in-band management. Virtual network computing (VNC) is a popular alternative to Remote Desktop, similar to another application called TeamViewer. Remote desktop gateway can be a means of implementing a clientless VPN and can also allow a user to access networked applications. A gateway can be used to connect a user to a virtual desktop, where a client operation system and applications software is provisioned as a virtual appliance.

Answer 21

**Posture assessment** Posture assessment is often performed with reference to an IT or security framework. The framework can assess the organization’s maturity level in its use of security policies and controls. Process assessment involves identifying critical systems and assets that support these functions. Penetration testing aims to model how exposed the organization is to vulnerabilities that threat actors could exploit. Threat assessment is the process of identifying threat sources and profiling the types and capabilities of threat actors.

Answer 22

**Authentication** **Authorization** Administrative access to devices must always using strong authentication security controls. This verifies the administrator’s identity and provides accountability. Administrators must be authorized to log on to a device and use/manage it’s services. Authorization can be given to individual users or groups. Authorization determines what rights and privileges a particular entity has. A secure shell (SSH) session is an access method or connection that allows an administrator to securely implement remote configuration changes to network devices. A remote desktop connection is an access method that allows an administrator to access, for example, a Windows server that host firewall services from which further administrative changes can be made using a graphical user interface (GUI).

Answer 23

**ifconfig** **ifconfig eth0 netmask 255.255.255.0** **ifconfig eth0 192.168.101.120** The ifconfig utility is used on Linux and Unix hosts to gather and configure network settings. The ifconfig eth0 192.168.101.120 command sets the static IP address of eth0 or the first network interface (NIC) card of the host. The ifconfig eth0 netmask 255.255.255.0 command sets the subnet mask. This is the default subnet mask for a Class C network. The ifconfig command with no arguments will output a list of all active interfaces and their details. This can be used to verify a change after it has been made. The ifconfig eth0 broadcast 192.168.101.100 command sets the broadcast IP address to the given interface. This is not applicable in this case.

Answer 24

**LACP** Link Aggregation Control Protocol (LACP), which can be used to auto-negotiate the bonded link between the switch ports and the end system, detects configuration errors and recovers from the failure of one of the physical links. A switch learns MAC addresses by reading the source address when a port receives a frame. The address mapping for that port normally caches in a MAC address table. VLAN can reduce broadcast traffic when a network has expanded beyond a certain number of hosts or users. From a security point of view, each VLAN can represent a separate zone. PoE+ are powered devices that can draw up to about 25 W, with a maximum current of 600 mA.

Answer 25

**QoS** Quality of Service (QoS) ensures that voice or video communications are free from problems, such as dropped packets, delays, or jitter. Session control handles use discovery, availability advertising, negotiating session parameters, and session management and termination. Data transport handles the delivery of the actual video or voice information. The Session Initiation Protocol (SIP) is one of the most widely used session control protocols. SIP endpoints are the end-user devices, such as IP-enabled handsets or client and server web conference software. Each device, conference, or telephony user is assigned a unique SIP address known as a SIP Uniform Resource Indicator (URI).

Answer 26

**TTL** At each router, the Time to Live (TTL) IP header field is decreased by at least 1. This prevents badly addressed packets from permanently circulating the network. Quality of Service (QoS) ensures that voice or video communications are free from problems, such as dropped packets, delays, or jitter. Static routing tables are manually configured and require a lot of maintenance when there is a change in the network. This is not ideal for a robust network. An Administrative Distance (AD) value expresses the relative trustworthiness of the protocol supplying the route. Default AD values are coded into the router but can be adjusted by the administrator if necessary.

Answer 27

**Prompts user for a PIN** A smart badge authenticates a user based on something they have. When a user inserts a smart badge, the card software prompts the user for a PIN or password, which mitigates the risk of the card being lost or stolen. A smart badge is either contact based (must be physically inserted into a reader) or contactless (data is transferred using a tiny antenna in the card). This does not provide any security benefit. Self-signed certificates are generally not trustworthy. The smart badges store the user’s key pair and digital certificate from a trusted certificate authority (CA). Biometric systems would be an additional access control hardware or device that can examine a user’s fingerprint, voice, retina, or signature.

Answer 28

**Cold Site** A cold site takes longer to set up. A cold site may be an empty building with a lease agreement in place to install whatever equipment is required when necessary. A hot site means that the site is already within the organization's ownership and is ready to deploy. For example, a hot site could consist of a building with operational computer equipment that is kept updated with a live data set. A warm site could be similar, but with the requirement that the latest data set will need to be loaded. The basic function of a firewall is traffic filtering. The firewall processes traffic according to rules; traffic that does not conform to a rule that allows it access is blocked.

Answer 29

**Electrical** Computer systems need a stable power supply, free from outages (blackouts), voltage dips (brownouts), and voltage spikes and surges. Electrical systems need to be shut down immediately in the presence of any significant amount of water. Water vapor in the air (humidity) risks condensation forming within a device chassis, leading to corrosion and short circuit faults. High temperatures will make it difficult for device and rack cooling systems to dissipate heat effectively. High temperatures increase the risk of overheating components within the device chassis and consequent faults. CPU utilization can indicate a problem with network traffic, or there may be a need for an upgrade.

Answer 30

**Link-local** Automatic Private IP Addressing (APIPA), or link-local, was developed by Microsoft as a means for clients that could not contact a DHCP server to communicate on the local network anyway. Classful addressing allocates a network ID based on the first octet of the IP address. While routers have performed classless routing, the 169 address is more specifically an APIPA address. 127.0.0.0 to 127.255.255.255 (or 127.0.0.0/8) is reserved and is used to configure a loopback address. The default gateway is a router configured with a path to remote networks. The helpdesk technician may want to check the default gateway as part of their troubleshooting though.

Answer 31

**Send/Receive Traffic** Sending and receiving traffic involves the movement of information within a system. Switches normally support a range of Ethernet standards so that older and newer network adapters can all connect to the same network. In most cases, the port on the switch is set to auto-negotiate speed (10/100/1000) and full- or half-duplex operation. Traffic logs record statistics for computing, storage, and network resources over a defined period. A trap is an agent that informs the monitor of a notable event (port failure, for instance). The threshold for triggering traps can be set for each value.

Answer 32

**Cable tester** A cable tester provides detailed information on the physical and electrical properties of a cable. A cable tester can be used to check that the cable pins are functioning properly. A network tone generator and probe are used to trace and identify a cable from one end to the other. This may be necessary when cables have not been labeled properly. Electromagnetic Interference (EMI) from radio or electromagnetic sources working in the same frequency band as a Wi-Fi device can be detected with a spectrum analyzer. A packet sniffer is a device or program that is used to monitor network communication and capture data.

Answer 33

**The NTP is misconfigured.** **The UDP port 123 is blocked.** Network Time Protocol (NTP) enables the synchronization of time-dependent systems and software. A time source such as a DC (domain controller) can be misconfigured on the virtual hosts which prevent syncing. Network Time Protocol (NTP) works over UDP port 123. Blocking the passing of this port on the server or network level can prevent time from syncing across all virtual hosts. Network Time Protocol (NTP) operates over Universal Datagram Protocol (UDP). Port 636 is for secure LDAP and port 143 is for IMAP. Hypertext Transfer Protocol Secure (HTTPS) provides the means for a client to access secure web sites. It uses TCP port 443.

Answer 34

**Incorrect VLAN** VLAN assignments can be configured manually, and the administrator may have made a mistake, so check the interface configuration for the switch port. A missing route may arise because a required static routing entry has not been entered or has been entered incorrectly. In a broadcast storm, traffic is recirculated and amplified by loops in a switching topology, causing network slowdowns and crashing switches. Use the LED status indicators and switch's command-line utility to check the interface status. If a port is down, it will not be lit up by an LED indicator.

Answer 35

**MTBF** Mean Time Between Failures (MTBF) represents the expected lifetime of a product. The calculation for MTBF is the total operational time divided by the number of failures. Mean Time to Failure (MTTF) expresses a similar metric for non-repairable components. For example, a hard drive may be described with an MTTF, while a server, which the network engineer could repair by replacing the hard drive, would be described with an MTBF. At each level (except the physical layer), the sending node adds a header to the data payload, forming a “chunk” of data called a Protocol Data Unit (PDU). Recovery Point Objective (RPO) is the data loss that a system can sustain, measured in time units.

Answer 36

**Honeypot** A honeypot is a computer system set up to attract attackers, with the intention of analyzing attack strategies and tools, to provide early warning of attack attempts, or possibly as a decoy to divert attention from actual computer systems. A screened subnet uses two firewalls placed on either side of the perimeter network zone. This was formerly known as a demilitarized zone (DMZ). A vulnerability assessment is an evaluation of a system's security and ability to meet compliance requirements based on the configuration state of the system. Penetration testing aims to model how exposed the organization is to vulnerabilities that could be exploited by threat actors.

Answer 37

**802.11ax** **Wifi 5** As with Wi-Fi 6 (802.11ax), products brand using the combined throughput. AX6000 allows 1,148 Mbps on the 2.4 GHz radio and 4,804 over 5 GHz. The aim for Wi-Fi 5 (802.11ac) is for throughputs similar to Gigabit Ethernet or better, but over 5Ghz. As with 802.11n, only enterprise-class equipment has enough antennas to use three streams or more. With Code Division Multiple Access (CDMA), each subscriber uses a code to key the receiver and modulation. This "key" extracts the subscriber's traffic from the radio channel. The data rate for 802.11n is 72 Mbps per stream. Assuming the maximum number of four spatial streams and optimum conditions, the nominal data rate could be 600 Mbps for a 40 MHz bonded channel.

Answer 38

**QSFP** Quad Small Form Factor Pluggable (SFP) (QSFP and QSFP+) is a transceiver form factor designed to support 40 GbE plus other high bandwidth applications (including InfiniBand and SONET). Small Form Factor Pluggable (SFP) uses Lucent Connectors (LC) connectors and is designed for Gigabit Ethernet. SFP+ is an updated specification to support 10GbE. Transceiver modules previously used the Gigabit Interface Converter (GBIC) form factor, but Small Form Factor Pluggable (SFP), also known as mini-GBIC, have largely replaced them. Bix refers to a block type. Where a 110 block uses a two-piece design where wafer blocks are installed over the main block, the competing format BIX uses a single module

Answer 39

**CDMA** Code Division Multiple Access (CDMA) means that each subscriber uses a code to key the modulation of their signal and this "key" is used by the receiver to extract the subscriber's traffic from the radio channel. In an ad hoc topology, the wireless adapter allows connections to and from other devices. In 802.11 documentation, this is called an Independent Basic Service Set (IBSS). Long Term Evolution (LTE) is a converged 4G standard supported by GSM and CDMA network providers. Antennas transmit signals in different ways. For example, an Access Point (AP) designed for ceiling mounting may produce a stronger signal in a cone directed downwards. The office should install an AP with an outward omnidirectional path with a stronger signal.

Answer 40

**Mean Time to Repair (MTTR)** **Mean Time Between Failures (MTBF)** Mean Time Between Failures (MTBF) is a Key Performance Indicator measuring the expected lifetime of a product. This is intended for assets meant to be replaced rather than repaired. The calculation is the total lifetime of all devices combined divided by the number of failures. Mean Time to Repair (MTTR) is a measurement of the mean time it takes to repair assets or correct a fault to the point of restoration and recovery of network services. It is another Key Performance Indicator (KPI). Fault tolerance is the ability of a network or system to experience failures and maintain the same level of functionality and service. It is not a directly measurable metric and is not a Key Performance Indicator (KPI). IT contingency planning (ITCP) is identifying points of failure and determining the impact and acceptability of that impact on the network and on availability. Key performance indicators are measured during contingency planning.

Answer 41

**A** An A record is used to resolve a host name to an IPv4 address. This is the most common type of record in a Domain Name System (DNS) zone. An AAAA record performs the same function as an A record, but for resolving a host name to an IPv6 address. A Canonical Name (CNAME) record represents an alias for a host such as A or AAAA. For example, the true name of a web server could be masked as the alias WEB. A Mail Exchanger (MX) record is used to identify an email server for the domain. In a typical network, multiple servers are installed to provide redundancy. Each one will be represented with an MX record.

Answer 42

**Port 110** Port 110 is POP3. The Post Office Protocol (POP) is an early example of a mailbox access protocol. Examples of POP client applications would be Microsoft Outlook or Mozilla Thunderbird. POP can be secured by using TLS encryption. The default TCP port for secure POP (POP3S) is port 995. A client connects to an IMAP server over TCP port 143, but this port is unsecure. Connection security can be established using a TLS. The default port for IMAPS is TCP/993. Port 587 is SMTP using TLS. Servers configured to support port 587 should use STARTTLS and require authentication before message submission.

Answer 43

**Public** A public, or multi-tenant model, is hosted by a third-party and shared with other subscribers. This is commonly known by consumers as cloud computing. A private model is completely private to and owned by the organization. This is geared more toward banking and governmental services that require strict access control. A hybrid model uses a mixture of private and public cloud services, which may be on-premise or off-premise. Virtual machines and services are able to migrate between the two. A community model is where several organizations share the costs of either a hosted private or fully private cloud. Security may be a concern with this implementation type.

Answer 44

**PAN** Personal area networks (PAN) and wireless PAN (WPAN) have gained some currency over the last few years. With a peer-to-peer PAN, one might establish close-range network links between a variety of devices, such as smartphones, tablets, headsets, and printers. The term metropolitan area network (MAN) is sometimes used for something a bit smaller than a WAN: a city-wide network encompassing multiple buildings. The term campus area network (CAN) is sometimes used for a LAN that spans multiple nearby buildings. Small and medium-sized enterprise (SME) networks are networks supporting dozens of users. Such networks would use structured cabling and multiple switches and routers to provide connectivity.

Answer 45

**Spectrum analyzer** An optical spectrum analyzer (OSA) is typically used with wavelength division multiplexing (WDM) to ensure that each channel has sufficient power. At very long distances, the attenuation of different wavelengths can vary. A cable tester provides detailed information on the physical and electrical properties of a cable. A network tone generator and probe are used to trace and identify a cable from one end to the other. This may be necessary when cables have not been labeled properly. A packet sniffer is a device or program that is used to monitor network communication and capture data.

Answer 46

**IDS** An Intrusion Detection System (IDS) is a system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. An IDS uses a passive approach to threat management. A wireless controller is a hardware device or software application which can centralize the management function of a wireless network. An extended service set is defined in a wireless network. An Intrusion Prevention System (IPS) is an inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it. An IPS uses an active approach to threat management. Firewalls are principally used to implement security zones, such as intranet, screened subnet topology, and Internet.

Answer 47

**SSH** **Telnet** Secure Shell (SSH) is a remote administration and file-copy program that supports remote management of devices using TCP port 22. SSH is typically used without a GUI. Telnet is a TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation). It uses TCP port 23 by default. Telnet is typically used without a GUI. Hyper Text Transfer Protocol (HTTP) is used to provide web content to browsers. It uses port 80 and can provide an unsecure web management interface of remote devices and systems. HTTP Secure (HTTPS) is a subset of HTTP that allows for secure communication using SSL/TLS between the client and server. This protocol uses port 443 and provides a secure web management interface of remote devices and systems.

Answer 48

**Theorize an IP issue at Layer 3.** In a divide and conquer approach, you start with the layer most likely to be causing the problem. The DNS A record including the server's IP address may not have been created yet. Ping the FQDN, if IP resolution fails, fix the A record. A MAC (Media Access Control) address is not the immediate concern because the previous remote access assumes local LAN was accessible. A port issue, like TCP port 3389 for RDP (Remote Desktop Protocol) is most likely not the case because remote access worked previously to join server to the domain. A possible failure of a physical cable is most likely not the cause since the issue occurred after a change in software settings.

Answer 49

**2** The second layer of the OSI model refers to the data link layer, which involves switches, bridges, Network adapters, and access points. The first layer of the OSI model refers to the physical layer, which involves the cabling that connects devices. This may involve fiber optic cabling as well as copper cablings, such as ethernet cat-5 or cat-6. Layer four of the OSI model refers to the transport layer, which involves the protocols: transport connection protocol (TCP) and user datagram protocol (UDP). Layer five of the OSI model refers to the session layer, which involves the communication sessions between two devices.

Answer 50

**1** The first step of the CompTIA Network+ troubleshooting methodology is identifying the problem, which includes identifying symptoms. The second step of the CompTIA Network+ troubleshooting methodology is establishing a theory of probable cause. This involves questioning the obvious and considering multiple approaches. The third step of the CompTIA Network+ troubleshooting methodology is to test the theory to determine a cause. If the theory is not confirmed, it is important to reestablish a new theory or escalate. The fourth step of the CompTIA Network+ troubleshooting methodology is to establish a plan of action to resolve the problem and identify potential effects.

Answer 51

**Complete a site survey** A site survey is performed first by examining the blueprints or floor plan of the premises to understand the layout and identify features that might produce radio frequency interference (RFI). A heat map would show areas with a strong signal in greens and yellows with warning oranges and reds where signal strength drops off. This would be completed after installation. Overcapacity (or device saturation) occurs when too many client devices connect to the same AP. Electromagnetic interference (EMI) is interference from a powerful radio or electromagnetic source working in the same frequency band, such as a Bluetooth device, cordless phone, or microwave oven.

Answer 52

**Polarization** Polarization refers to the orientation of the wave propagating from the antenna. To maximize signal strength, the transmission and reception antennas should normally use the same polarization. Parabolic refers to an antenna type form factor for specific applications. Antenna placement helps to eliminate attenuation and interference problems. Radiofrequency attenuation (RF attenuation) is the loss of signal strength due to distance and environmental factors. They are also referred to as free space path loss.

Answer 53

**They establish a new baseline for the template.** **They create installation procedures.** A new baseline is established and documented any time a change is made to a device's settings and/or software. This is beneficial for security audits and future installations of the same device. Creating installation instructions for this type of patching, especially recording the file name and version of the patch, will ensure the process can be duplicated with a high success rate. Documenting the fixing of a device vulnerability does not typically warrant the need to estimate purchases of new switches. Unless performance was an issue, prior to installing the security patch, such a test or recording is not necessary. A performance test and results, if required, would be performed when testing a theory to determine cause.

Answer 54

**Duplex settings** Duplex settings refer to the ability of a network device to transmit or receive at the same time or not. Half-duplex means only one can happen at a time, while Full-duplex means send/receive can happen simultaneously. If not configured properly, collisions can occur. A routing loop occurs when two routers use one another as the path to a network. Packets caught in a routing loop circle around until the TTL expires. One symptom of a potential routing loop is for routers to generate ICMP Time Exceeded error messages. A switching loop is where flooded frames circulate the network perpetually. Domain Name Service is used to translate domain names (i.e. www.comptia.com) to its actual IP address.

Answer 55

**Run the nmap utility from a laptop** The nmap utility is a versatile port scanner used for topology, host, service, and OS (Operating System) discovery and enumeration. The admin will run it from a local node such as a laptop in order to scan the remote server's connections. The netstat utility can output the status on active ports and TCP connections on a local host to verify any unnecessary ports or services running. Running this on the laptop will only provide details about the laptop. The nslookup utility is a software tool for querying DNS server records. The dig utility is used to query a DNS (Domain Name System) and return information about a domain name.

Answer 56

**Hub** A hub (also known as a dumb device) connects computers to a network in a star configuration. A hub lacks the features contained in a switch such as traffic control based on physical addressing. A bridge is an appliance or application that connects different networks as if they were one network. Media converters are layer 1 devices and are used to convert one cable type to another. These components alter the characteristics of one type of cable to match those of another. A switch is a layer 2 device. Switches can handle traffic based on a node's physical address, which is also known as a Media Access Control (MAC) address.

Answer 57

**Layer 2 switch** An Ethernet layer 2 switch performs the same sort of function as a bridge, but in a more granular way. In effect, the switch establishes a point-to-point link between any two network nodes. This is referred to as microsegmentation. An Ethernet bridge works at the data link layer (layer 2) to establish separate physical network segments while keeping all nodes in the same logical network. A hub acts like a multiport repeater so that every port receives transmissions sent from any other port. A wireless access point (AP) allows nodes with wireless network cards to communicate and creates a bridge between wireless networks and wired ones.

Answer 58

**Cameras** A security camera is either fixed or operates using Pan-Tilt-Zoom (PTZ) controls. Different cameras suit different purposes. If you want to record the image of every person entering through an access control vestibule, a fixed, narrow focal length camera positioned on the doorway will be perfectly adequate. An HVAC uses temperature sensors and moisture detection sensors (to measure humidity). A supervisory control and data acquisition (SCADA) system replaces a control server in large-scale, multiple-site industrial control systems (ICSs). A layer 3 capable switch is one that is optimized for routing between VLANs.

Answer 59

**Router** A router is a layer 3 device. A router can be used to segregate network devices by using a logical address such as an Internet protocol (IP) address. A network switch in its simplest form is a layer 2 network device. Switches can handle and control traffic based on a node's physical address which is also known as a hardware address or media access control (MAC) address. A hub is a known as a dumb device that simply connects computers to a network in a star configuration. A hub lacks the features contained in a switch. A modem is a device that enables digital data to be sent over an analog medium, such as a telephone line.

Answer 60

**2.4 GHz** 2.4 GHz is better at propagating through solid surfaces, making it ideal for providing the longest signal range. 3G is a digital communication generation that deployed various packet-switched technologies to mobile devices. 4G converged to a standard supported by GSM and CDMA network providers. 5G was a complex system with expectations to provide fixed-wireless broadband solutions. 5 GHz is less effective at penetrating solid surfaces and does not support the maximum ranges achieved with 2.4 GHz standards. The band supports individual channels and suffers less from congestion and interference, supporting higher data rates at shorter spans. Wi-Fi 5 (802.11AC) works only in the 5 GHz band. A network technician can use the 2.4 GHz band for legacy standards (802.11g/n) in mixed mode.

Answer 61

**Load balancer** A load balancer distributes client requests across available systems such as server nodes in a farm or pool. Clients use the single name/IP address of the load balancer to connect to the servers in the farm. A router is a layer 3 device. A router can be used to segregate network devices by using a logical address such as an Internet protocol (IP) address. A proxy server is used as a middle-man for network access, such as Internet access. A proxy can control what a system can or cannot connect to. An intrusion prevention system (IPS) is an inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it. An IPS is considered to use an active approach to handling threats.

Answer 62

**-sn** Using Nmap with the -sn switch will suppress the port scan, which can reduce scanning time on large networks. TCP connect scanning is a more visible scan that establishes full connections with remote hosts. By default, Nmap scans 1,000 commonly used ports. The -p argument can be used to specify a port range. UDP ports can be scanned using the -sU argument. As these do not use ACKs, Nmap needs to wait for a response or timeout to determine the port state, so UDP scanning can take a long time.

Answer 63

**Instant termination upon collision** CSMA Collision Detection utilizes half-duplex transmission to detect when a signal is present on an interface's transmit and receive lines simultaneously. A jamming signal is then used to keep other nodes from transmitting for a period of time. Separate collision/broadcast domains for each port can be done by using VLAN segmentation. It can also be done with a Layer 3 capable switch. Bandwidth can be affected by many factors such as cable category, router capabilities, etc. However, CSMA with Collision Detection does not increase bandwidth directly and is concerned with packet collisions. Because CSMA Collision Detection relies on half-duplex transmission to detect collisions, full-duplex is not used. Modern Ethernet with full-duplex does not require CSMA/CD.

Answer 64

**Data-link layer** The data link layer (layer 2) is responsible for transferring data between nodes on the same logical segment. At the Data Link layer, a segment is one where all nodes can send traffic to one another using hardware (MAC) addresses. The physical layer of the OSI model (layer 1) is responsible for the transmission and receipt of the signals that represent bits of data from one node to another node. The transport layer is known as the end-to-end or host-to-host layer. A function of the transport layer is to identify each type of network application by assigning port numbers. The network layer (layer 3) is responsible for moving data (routing) around a network of networks, known as an internetwork or the Internet.

Answer 65

**Allow access to private information** **Perform on-path attacks** **Capture user logon attempts** A rogue access point (AP) can be set up with a tethered smartphone. Connecting to a LAN without security, the unauthorized AP creates a malicious backdoor, and can be used to capture user logon attempts. The threat actor (or owner of the smartphone) can perform on-path attacks by intercepting and relay data between two hosts. As information is sent between this rogue AP and wireless clients, intercepted data may contain private information from users which can be used to gain access to other areas of the network. The rogue AP will may not immediately force clients to authenticate to it, but it provides another option that users may want to explore and connect to.

Answer 66

**Flooding** Regarding flooding, there may be natural or person-made flood risks from nearby watercourses and reservoirs or leaking plumbing or fire suppression systems. High temperatures will make it difficult for device and rack cooling systems to dissipate heat effectively. Regarding electricity, computer systems need a stable power supply, free from outages (blackouts), voltage dips (brownouts), and voltage spikes and surges. Regarding humidity, more water vapor in the air risks condensation forming within a device chassis, leading to corrosion and short circuit faults. Conversely, very low humidity increases the risks of static charges building up and damaging components.

Answer 67

**Remote Authentication Dial-in User Service (RADIUS)** RADIUS is a way of implementing an AAA server. Remote access devices, such as VPN servers, function as client devices of the RADIUS server. Most directory services are implementations of the Lightweight Directory Access Protocol (LDAP). LDAP is not a directory standard, but a protocol used to query and update an x.500 standard directory. LDAP is supported in current directory products such as Windows Active Directory. TACACS+ is used in authenticating administrative access to routers and switches. TACACS+ uses reliable delivery offered by TCP making it easier to detect when a server is down. Directory services is a network service that stores identity information about all the objects in a network, including users, groups, servers, client computers, and printers.

Answer 68

**F-Type** Coaxial cables are usually terminated using F-type connectors, which are secured by screwing into place. The Lucent Connector (LC) is a small form factor fiber optic connector with a tabbed push/pull design. The small size of LC allows for higher port density. RJ-11 connectors are used with 2- or 3-pair UTP. where the four center wires are most commonly used. RJ-45 connectors are used with 4-pair (8-wire) cables. Enhanced quad small form-factor pluggable (QSFP+) is designed to support 40 GbE by provisioning 4 x 10 Gbps fiber links. SFP+ uses LC connectors and is also designed for Gigabit Ethernet.

Answer 69

**Avoid common passwords** Many users rely on simple passwords, which has led to databases of common credentials being posted online. Password database "dumps" give attackers a useful dictionary when password cracking. Disable switch ports to prevent the attachment of unauthorized client devices. You can also isolate unneeded ports to a black hole Virtual LAN (VLAN) that has not route to the network. A private virtual local area network (PVLAN) applies an additional layer of segmentation by restricting the ability of hosts within a VLAN to communicate directly with one another. Firewall access control lists (ACLs) are configured on the principle of least access which only allow the minimum amount of traffic required for the operation of valid network services and no more.

Answer 70

**TCP port 20** **TFTP traffic** Trivial File Transfer Protocol (TFTP) is a file transfer service which is a connectionless protocol running over UDP port 69. It is suitable for transferring small files. File Transfer Protocol (FTP) is a connection-oriented protocol running over TCP port 20 and 21. TCP port 20 is used for data connection on the server side, and TCP port 21 is used as a control port. Simple Mail Transfer Protocol (SMTP) makes the connection from the sender's server to that of the recipient and transfers an email message. It uses port 25. Post Office Protocol (POP) is a mailbox protocol now commonly used as POP3. The client establishes a connection to the POP server on TCP port 110 and contents are downloaded.

Answer 71

**Multimeter** A multimeter is for testing electrical circuits, but they can test for the continuity of any sort of copper wire, the existence of a short, and the integrity of a terminator. A network tone generator applies a signal on the cable to be traced by a probe, and can be used to follow the cable over ceilings and through ducts. A spectrum analyzer, typically a handheld device, is used to analyze radio or electrical interferences. The exact location can be pinpointed using this device. A loopback plug or adapter is a specially wired RJ-45 plug with a 6" stub of cable used to test for faulty ports and network cards.

Answer 72

**Implement patch management** **Enable only required services** Patch management refers to the procedures put in place to manage the installation of updates for hardware and software that can mitigate operating system (OS) vulnerabilities. Any services or protocols that are not used should be disabled. For example, disabling Transmission Control Protocol (TCP) port 23 to prevent the use of telnet on an OS. A control plane policing policy is designed to mitigate the risk from route processor vulnerabilities. Such a policy can use Access Control Lists (ACLs) to allow or deny control traffic from certain sources. Dynamic Host Configuration Protocol (DHCP) snooping is a type of switch port security setting that inspects DHCP traffic arriving on access ports to ensure that a host is not trying to spoof its MAC address.

Answer 73

**A speed testing website** A bandwidth or broadband speed tester website measures the time taken to download and upload a randomized stream of data to a web host. This is a common speed test with Internet Service Providers (ISPs). A Wi-Fi analyzer is software that records statistics for the access point that the client is currently associated with. It can also detect other access points in the vicinity. A port scanner is software that enumerates the status of TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports on a target system. One example is the nmap command-line utility. A packet sniffer such as winpcap for Windows can read and capture packets on a port and save the information to a file on disk. This does not test bandwidth.

Answer 74

**Onboarding policy** The employee is under an onboarding policy which is the process of welcoming a new employee to the organization with tasks that affect security. Offboarding is the process of ensuring that an employee leaves a company gracefully and includes disabling accounts, returning company assets, and wiping personal assets of company data. Remote access policies are technical policy controls that govern the employees’ use of remote access privileges where employers assign the right for employees to connect to the corporate network from a remote location. A bring your own device (BYOD) policy means that employees can use their own personal devices on the corporate network so long as it meets a minimum specification required by the company.

Answer 75

**Firewall** Firewalls are can be done at application layer and are principally used to implement security zones, such as intranet, screened subnet topology, and Internet. A proxy server is used as a middle-man for network access, such as Internet access. A proxy can control what a system can or cannot connect to. A load balancer distributes client requests across available systems, like server nodes in a farm or pool. Clients use the single name/IP address of the load balancer to connect to the servers in the farm. A switch is a layer 2 device. Switches can handle traffic based on a node's physical address, which is also known as a Media Access Control (MAC) address.

Answer 76

**Distance** Distance to an access point will cause issues the further away you are. As the signal gets weaker, a device will spend more power trying to connect and slow data transfer. Speed is important to a wireless network, but that may only be a symptom of the issue. Distance would be the cause of the speed issue. Interference can be caused by several factors, including neighboring equipment that may use the same frequency of radio waves. Radiofrequency attenuation (RF attenuation) is the loss of signal strength due to distance and environmental factors. Also referred to as free space path loss.

Answer 77

**I/G** The I/G bit of a MAC address determines whether the frame is addressed to an individual node (0) or a group (1). The latter is used for broadcast and multicast transmissions. A EUI-64 is a 64-bit hardware address. A translation mechanism allows a 48-bit MAC address to be converted to a EUI-64. EUI-64 addresses can be used with IPv6. The first six hex digits (3 bytes or octets), also known as the Organizationally Unique Identifier (OUI), identify the manufacturer of the adapter. The last six digits are serial numbers. Virtual Network Function (VNF) specifies and deploys instances of each virtual appliance. VNFs are designed to run as VMs on standard CPU platforms.

Answer 78

**/8** The first octet for Class A falls from 1 – 126 and the netmask is 255.0.0.0 (/8). Class A network addresses support large numbers of hosts—over 16 million. However, there are only 126 Class A network addresses. The first octet for Class B falls from 128 – 191 and the netmask is 255.255.0.0 (/16). There are 16,000 Class B networks, each containing up to about 65,000 hosts. The first octet for Class C falls from 192 – 223 and the netmask is 255.255.255.0 (/24). Class C networks support only 254 hosts each, but there are over 2 million of them. Class D addresses (224.0.0.0 through 239.255.255.255) are used for multicasting.

Answer 79

**Dictionary** Password cracking software uses dictionary terms to assist in gaining access to a password-protected account or system. A rogue AP masquerading as a legitimate one is called an evil twin. An evil twin might advertise a similar network name (SSID) to the legitimate one. For example, an evil twin might be configured with the network name "company" where the legitimate network name is "company." Social engineering and techniques such as phishing and pharming, where the attacker sets up a false website in imitation of a real one, are types of spoofing attacks. It is also possible to abuse how a protocol works or how network packets are constructed to inject false or modified data onto a network. Ransomware is a type of malware that tries to extort money from the victim.

Answer 80

**Giants** An interface may discard incoming or outgoing frames for several reasons, including checksum errors, mismatched MTUs, and too large packets (giants). An interface may discard incoming or outgoing frames for several reasons, including checksum errors, mismatched MTUs, and too small packets (runts). If an interface goes down, a network technician must configure an alert to investigate immediately. Track the uptime or downtime percentage so that the technician can assess the link's reliability over time. Generally, bandwidth refers to the amount of data transferable through a connection over a given period.

Answer 81

**Speed** Speed is important to a wireless network, but that may only be a symptom of the issue. Distance would be the cause of the speed issue. Interference can be caused by several factors, including neighboring equipment that may use the same frequency of radio waves. Radiofrequency attenuation (RF attenuation) is the loss of signal strength due to distance and environmental factors. Also referred to as free space path loss. Distance to an access point will cause issues the further away you are. As the signal gets weaker, a device will spend more power trying to connect and slow data transfer.

Answer 82

**Basic Service Set Identifier (BSSID)** The media access control (MAC) address of a wireless access point (AP) is used as the Basic Service Set Identifier (BSSID). An access point mediates communications between wireless stations and it can also provide a bridge to a cabled network segment. This is known as a Basic Service Set (BSS). Wireless networks deploy in an infrastructure topology. In an infrastructure topology, each station connects through a base station or access point (AP). An Extended Service Set (ESS) groups more than one Basic Service Set (BSS) together.

Answer 83

**Audit and Assessment Report** An audit and Assessment report makes recommendations on where the network is not meeting goals for performance or security. In an extensive network, one or more Intermediate Distribution Frames (IDFs) provide termination for access layer switches that serve a given area, such as a single office floor. The Main Distribution Frame (MDF) is the location for distribution/core level internal switching. Acceptable use policy (AUP) is a policy that governs employees' use of company equipment and Internet services. Business continuity planning (BCP) identifies controls and processes that enable an organization to maintain critical workflows in the face of some adverse event.

Answer 84

**Flow Control** Flow control allows a server to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames. This is also called 802.3x. Port security prevents a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile. Port mirroring copies ingress and egress communications from one or more switch ports to another port. This monitors communications passing over the switch and is also called a switched port analyzer (SPAN). Speed is the rate at which something travels from one location to another.

Answer 85

**Wi-Fi 4** Wi-Fi standards are becoming renamed with simpler digit numbers. 802.11n is now officially designated as Wi-Fi 4. Wi-Fi 5 (802.11AC) works only in the 5 GHz band. The network engineer can use the 2.4 GHz band for legacy standards (802.11g/n) in mixed mode. 3G is a digital communication generation that deployed various packet-switched technologies to mobile devices. 4G converged to a standard supported by GSM and CDMA network providers. 5G was a more complex system with expectations to provide fixed-wireless broadband solutions for homes and businesses. Wi-Fi 6 uses more complex modulation and signal encoding to improve the amount of data sent per packet by about 40%.

Answer 86

**Extensible Authentication Protocol Transport Layer Security (EAP-TLS)** Extensible Authentication Protocol (EAP) allows WLAN authentication to be integrated with the wired LAN authentication scheme. With EAP-TLS, as both supplicant and server are configured with certificates, this provides mutual authentication. Protected Extensible Authentication Protocol (PEAP) also uses an encrypted tunnel, but PEAP only requires a server-side public key certificate. The supplicant does not require a certificate. Flexible Authentication via Secure Tunneling (EAP-FAST) uses a Protected Access Credential (PAC) to set up the tunnel, which is generated for each user from the authentication server's master key. Challenge Handshake Authentication Protocol (CHAP) is an authentication scheme developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server.

Answer 87

**20 hours / 5 repairs = 4 hours** Mean Time to Repair (MTTR) is the average time taken for a device or component to be repaired, replaced, or otherwise recovered from a failure. MTTR is calculated by dividing the total number of hours by the total number of repairs. Mean Time to Repair (MTTR) cannot be calculated by multiplying the total number of hours by the total number of repairs. Mean Time to Repair (MTTR) cannot be calculated by adding the total number of hours by the total number of repairs. Mean Time to Repair (MTTR) cannot be calculated by subtracting the total number of hours by the total number of repairs.

Answer 88

**Channel Bonding** 803.802.11n products can also use channels in the 2.4 GHz band or the 5 GHz band. 802.11n also allows two adjacent 20 MHz channels to be combined into a single 40 MHz channel, referred to as channel bonding. A network engineer can group more than one BSS in an Extended Service Set (ESS). Code Division Multiple Access (CDMA) means that each subscriber uses a code to key the modulation of their signal and this "key" is used by the receiver to extract the subscriber's traffic from the radio channel. Clients can roam within an extended service area (ESA). An ESA is created by installing APs with the same SSID and security configuration connected by a wired network or Distribution System (DS).

Answer 89

**Media converter** Standalone media converters are used to convert one cable type to another. A bridge is a hardware device that connects varying subnets together. A hub is a known as a dumb device that simply connects computers to a network in a star configuration. A hub lacks the features contained in a switch. A network switch in its simplest form is a layer 2 network device. Switches can handle and control traffic based on a node's physical address which is also known as a hardware address or media access control (MAC) address. A switch segregates devices from communicating by using methods such as VLANs or policies.

Answer 90

**Quality of Service (QoS)** Quality of Service (QoS) allows fine-grained control over traffic parameters. Protocols, such as Multiprotocol Label Switching (MPLS), provides QoS. MPLS can reserve the required bandwidth and pre-determine statistics when configuring the link. Class of Service (CoS) categorize protocols into groups that require different service levels and provide a tagging mechanism to identify a frame or packet class. The Differentiated Services (DiffServ) framework classifies each packet passing through a device. Router policies can then be defined to use the packet classification to prioritize delivery. Traffic shaping enables administrators to closely monitor network traffic and to manage that network traffic.

Answer 91

**Wireless range extender** Wireless networks can be expanded by using devices called wireless range extenders (WREs). A range extender is essentially a lightweight access point (AP) functioning in repeater mode only. A bridge is an appliance or application that connects different networks as if they were one network. A firewall or unified threat management (UTM) device is a hardware device that is used to prevent external network threats. A router is a hardware appliance or application that connects different networks/subnets for communication purposes, but keeps them as separate networks. A router is a layer 3 device.

Answer 92

**Acceptable Use Policy** Acceptable use policy (AUP) is a policy that governs employees' use of company equipment and Internet services. ISPs may also apply AUPs to their customers. Also called fair use policy. A non-disclosure agreement (NDA) is the legal basis for protecting information assets. A memorandum of understanding (MOU) is a preliminary or exploratory agreement to express an intent to work together. Onboarding is the process of welcoming a new employee to the organization. Similar principles apply to taking on new suppliers or contractors. Offboarding is the process of ensuring that an employee leaves a company gracefully.

Answer 93

**IPS** An Intrusion Prevention System (IPS) is an inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it. An IPS uses an active approach to threat management. A repeater is a device that amplifies an electronic signal to extend the maximum allowable distance for a media type. A wireless controller is a hardware device or software application which can centralize the management function of a wireless network. An extended service set is defined in a wireless network. An authentication, authorization, and accounting (AAA) device uses a security concept where a centralized platform verifies object identification, ensures the object is assigned relevant permissions, and then creates an audit trail.

Answer 94

**TCP 53** Some DNS servers are also configured to allow connections over TCP port 53, as this allows larger record transfers (over 512 bytes). A DNS server is usually configured to listen for queries on UDP port 53, but zone transfers are over TCP because of the large size. RIPv1 is a classful protocol and uses inefficient broadcasts to communicate updates over UDP port 520. RIPng (next generation) is a version of the protocol designed for IPv6. RIPng uses UDP port 521. Encrypted web traffic between the client and server is sent over TCP port 443 (by default), rather than the open and unencrypted port 80.

Answer 95

**Antenna placement** Site designs and surveys facilitate robust wireless coverage when all expected areas receive a strong signal. Power levels and channel selection should be tuned so that access points do not interfere with one another or broadcast a signal that stations can "hear" but cannot reply to. With Router Advertisement Guard (RA Guard), switchport security feature to block router advertisement packets from unauthorized sources. Geofencing can be used to ensure that the station is within a valid geographic area to access the network, such as ensuring the device is within a building rather than trying to access the WLAN from a car park or other external location. As with a switch, an access point can be configured with an accept or deny list of known MAC addresses.

Answer 96

**MX** A mail exchanger (MX) record identifies an email server for the domain. In a typical network, multiple servers are defined to provide redundancy. A canonical name (CNAME) record is a domain name system (DNS) record, which represents an alias for a host. Aliases give a host multiple names. A pointer (PTR) is a domain name system (DNS) record that creates an Internet protocol (IP) address to hostname mapping that corresponds to the host (A) record stored in the forward lookup zone. Time to Live (TTL) is a value a system can use to determine the life of a value. For example, in DNS a TTL value tells a system how long it should keep a record in cache.

Answer 97

**3** The third step of the CompTIA Network+ troubleshooting methodology is to test the theory to determine the cause. It involves determining the next steps if the theory is confirmed. The second step of the CompTIA Network+ troubleshooting methodology is establishing a theory of probable cause. This involves questioning the obvious and considering multiple approaches. The fifth step of the CompTIA Network+ troubleshooting methodology is to implement a solution or escalate as necessary. The seventh step of the CompTIA Network+ troubleshooting methodology is to document findings, actions, and outcomes. These should be saved and archived in order to help mitigate issues in the future.

Answer 98

**Single mode** Single-mode fiber cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics. Multimode fiber is inexpensive to deploy compared to single-mode fiber. As such, it does not support high signaling speeds or long distances as single-mode and is more suitable for Local Area Networks (LANs) than Wide Area Networks (WANs). A media converter is a device that converts one media signaling type to another. A media convertor is not required in this case. Straight-through refers to cabling such as twisted pair cabling where pins on one end of the cable match the pins on the opposite end.

Answer 99

**445** SMB is more typically run directly over TCP port 445. SMB should be restricted to use only on local networks. It is also important that any traffic on the NetBIOS port ranges from 137 to 139. Simple Network Management Protocol (SNMP) device queries take place over UDP port 161; traps are communicated over UDP port 162. Microsoft SQL Server uses TCP/1433. SQL has been implemented in relational database management system (RDBMS) platforms by several different vendors. SIP typically runs over UDP or TCP ports 5060 (unsecured) and 5061 (SIP-TLS). The Session Initiation Protocol (SIP) is one of the most widely used session control protocols.

Answer 100

**Cat 5** The American National Standards Institute (ANSI) and the Telecommunications Industry Association (TIA)/Electronic Industries Alliance (EIA) have created categories and standards for twisted pair cabling. Cat 5 cabling supports a maximum speed of 100 Mbps. Cat 3 cabling is the oldest cabling standard among the choices. This twisted pair cable type supports speeds up to 10 Mbps. Cat 6 defines a modern implementation of twisted pair cabling that supports speeds up to 10 Gbps. Cat 5e defines an improvement of Cat 5 cabling by improving speeds from 100 Mbps to 1 Gbps.

Answer 101

**Star** In a star topology, each endpoint node is connected to a central forwarding node, such as a hub, switch, or router. A mesh topology is commonly used in WANs. In theory, a mesh network requires that each device has a point-to-point link with every other device on the network (fully connected). A physical bus topology with more than two nodes is a shared access topology, meaning that all nodes share the bandwidth of the media. In a physical ring topology, each node is wired to its neighbor. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor.

Answer 102

**Implicit deny** The final default rule is typically to block any traffic that has not matched a rule. This is called an implicit deny. If the firewall does not have a default implicit deny rule, an explicit deny-all rule can be added manually to the end of the ACL. Site designs and surveys facilitate robust wireless coverage when all common areas receive a strong signal. Power levels and channel selection should be tuned so that access points do not interfere with one another or broadcast a signal that stations can "hear" but cannot reply to. Role-based access means that a set of organizational roles are defined, and subjects are allocated to those roles.

Answer 103

**ToR** The leaf layer access switches are implemented as top-of-rack (ToR) switch models. These are switch models designed to provide high-speed connectivity to a rack of server appliances. Fibre Channel over Ethernet (FCoE) is a means of delivering Fibre Channel packets over Ethernet cabling and switches. A Label Edge Router (LER) inserts or "pushes" a label or "shim" header into each packet sent from routers below it, and then forwards it to an LSR to determine the Label Switched Path (LSP) for the packet. SAWs are secure administrative workstations that are hardened and are used solely to manage servers.

Answer 104

**Hardware failure** A bad physical port or a hardware failure is most likely the cause of the issue, as the connection to the previous physical switch port was working fine. A basic layer 2 switch does not have the capability of blocking TCP ports. This would be appropriate for a network firewall appliance to handle. A duplicate IP address is not the case because network connectivity works when returning the network cable to the previously used port. The cable type is most likely compatible if it is connecting to the same switch. Even if a small form factor pluggable (SFP) module was used, the module can be switched out as well with the network cable into another physical port on that switch.

Answer 105

**Content filter** A content filter is designed for corporate control over employees' Internet use. It can be implemented as a standalone appliance or proxy server software. Content filters can be applied in a number of ways, such as by using categories (games, gambling, weapons, etc.). A proxy server is used as a middle-man for network access, such as Internet access. A proxy can control what a system can or cannot connect to. A load balancer distributes client requests across available systems such as server nodes in a farm or pool. Clients use the single name/IP address of the load balancer to connect to the servers in the farm. A T1 line is usually terminated at a smart jack or network interface unit (NIU), which contains line testing facilities for the telco to use. This allows the service provider to test the line remotely.

Answer 106

**To show active TCP connections** **To show all active ports** The netstat command allows an admin to check the state of ports on the local host, and check for service misconfigurations. The output of netstat will show active TCP connections with IP address information and port numbers. This can help identify if the application is connecting to the correct web server on the right port. The ARP cache contains entries that map IP addresses to MAC address. The windows arp command can be used to view the cache. Firewall rules cannot be edited with the netstat command. The iptables command, however, is an example of a tool that can be used on a Linux system to edit rules enforced by the Linux kernel firewall.

Answer 107

**Telnet** **FTP** **SFTP** FTP (File Transfer Protocol) is a connection-oriented protocol. It uses Transmission Control Protocol (TCP) port 20 for data connection and TCP port 21 as a control port. TCP provides a connection-oriented, guaranteed method of communication. SFTP or File Transfer Protocol over Secure Shell (SSH) provides a secure channel for transferring file. SSH also operates over TCP 22. Telnet is terminal emulation software to support a remote connection to another computer. It uses TCP port 23. TFTP (Trivial File Transfer Protocol) is a connectionless protocol that runs over UDP port 69. It is suitable for transferring small files.

Answer 108

**Deauthentication** An evil twin may be coupled with a deauthentication attack. This sends a stream of spoofed management frames to disconnect clients from the legitimate AP and inadvertently connect back to the rogue AP. The attacker can then sniff information about the authentication process. Shoulder surfing is when a threat actor can learn a password or PIN (or other secure information) by watching the user type it. A rogue Dynamic Host Configuration Protocol (DHCP) attack involves an unauthorized server that can send out malicious IP addresses that configure systems to connect to a malicious subnet. Domain Name System (DNS) poisoning compromises name resolution, replacing the valid IP address for a trusted website with the attacker's IP address.

Answer 109

**Encryption protocol mismatch** An encryption protocol mismatch will cause the connection to fail, even if the correct credentials are supplied. Check OS drivers or verify authentication types/protocols on the device. Transfer Layer Security (TLS) is a security protocol that uses certificates for authentication and encryption to protect web communications and other application protocols. This doesn't apply to network authentication. An AAA server is an authentication server positioned within the local network. There are two main types of AAA servers: RADIUS and TACACS. These would not be a part of the solution as an initial authentication connection is not taking place. A captive portal is a web page or website to which a client is redirected before being granted full network access. This would not apply in this situation.

Answer 110

**MPLS** Most WAN providers offer Multiprotocol Label Switching (MPLS) as a means of establishing private links with guaranteed service levels. MPLS can operate as an overlay network to configure point-to-point or point-to-multipoint links between nodes. VPN solutions based on mGRE that use the public Internet as the transport network can suffer from unpredictable performance levels. VPN solutions also based on DMVPN that use the public Internet as the transport network can suffer from unpredictable performance levels. A software-defined WAN (SD-WAN) replaces hub and spoke type designs with more efficient, but still secure, connectivity to corporate clouds.

Answer 111

**Password policy** The administrator can enforce a password policy that instructs users on best practice in choosing and maintaining a network access credential and can enforce it as well. Security policy establishes a duty for each employee to ensure the confidentiality, integrity, and availability of any data assets or processing systems that they use as part of their job. An acceptable use policy (AUP) sets out the permitted uses of a product or service. It might also state explicitly prohibited uses. Remote access policies are technical policy controls that govern the employees’ use of remote access privileges where employers assign the right for employees to connect to the corporate network from a remote location.

Answer 112

**Bottom-to-top** A bottom-to-top approach of the OSI (Open Systems Interconnection) model is a methodical validation of network components starting from the bottom or layer 1 (Physical) and going up. Escalation occurs when you cannot prove the cause of the problem and support must be sent to the next tier level. Usually Tier 1 spends the less time resolving issues than tier 3. Divide and conquer approach starts with the layer most likely to be causing the problem and then work either down or up depending on what your tests reveal. A top-to-bottom approach of the OSI model is a methodical validation of network components starting from the top or layer 7 (Application) and going down.

Answer 113

**PTR** A reverse DNS query returns the hostname associated with a given IP address. This information is stored in a reverse lookup zone as a pointer (PTR) record. A Service (SRV) record is used to identify a record that is providing a network service or protocol. It is often used to locate Voice over Internet Protocol (VoIP) or media servers. A Mail Exchange (MX) record is used to identify an email server for the domain. In a typical network, multiple servers are installed to provide redundancy. A Canonical Name (CNAME) (or alias) record is used to configure an alias for an existing address record (A or AAAA).

Answer 114

**RTO** This represents the Recovery Time Objective (RTO) which is the maximum amount of time following a disaster that an individual IT system may remain offline. The Recovery Point Objective (RPO) is the amount of data loss that a system can sustain, measured in time units, and also represents the amount of data an organization is willing to lose. A configuration is a backup mode which is a copy of the configuration data in a structured format, such as extensible markup language (XML). A state is a backup mode which is a snapshot-type image of the whole system. This can be re-deployed to any device of the same make and model as a system restore.

Answer 115

**DSL Modem** A DSL modem is installed as CPE, typically as a multifunction “wireless router,” that the RJ-11 WAN port connects to the provider’s phone jack over a short length of ribbon cable. RG-6 is an 18 AWG cable with 75 ohm impedance typically used as drop cable for Cable Access TV (CATV) and broadband cable modems. Typically, a network technician uses an RJ-45 with hubs. Hubs are a multiport repeater deployed as the central point of connection for nodes. Networking firewalls also typically use RJ-45 or fiber connections, not RJ-11. Firewalls are important for traffic passing between networks because it filters them.

Answer 116

**Wi-Fi 5** Wi-Fi 5 (802.11AC) works only in the 5 GHz band. The network engineer can use the 2.4 GHz band for legacy standards (802.11g/n) in mixed mode. Wi-Fi 6 uses more complex modulation and signal encoding to improve the amount of data sent per packet by about 40%. Wi-Fi standards are becoming renamed with simpler digit numbers. 802.11n is now officially designated as Wi-Fi 4. 3G is a digital communication generation that deployed various packet-switched technologies to mobile devices. 4G converged to a standard supported by GSM and CDMA network providers. 5G was a more complex system with expectations to provide fixed-wireless broadband solutions for homes and businesses.

Answer 117

**Uptime/Downtime** Uptime/downtime is the time that passes as the link is either up or down. You may also want to track the uptime or downtime percentage so that you can assess a link's reliability over time. Link state measures whether an interface is working (up) or not (down). You should configure an alert if an interface goes down so that you can investigate immediately. Latency is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms). Syslog is an example of a protocol and supporting software that facilitates log collection. It has become a de-facto standard for logging events from distributed systems.

Answer 118

**Scan for unnecesary services.** **Scan for open ports.** The nmap utility is a versatile port scanner used for topology, host, service, and OS (Operating System) discovery and enumeration. Open ports are vulnerable to attacks and should be shut down if not used. Unnecessary services are also considered a security risk. Multiple applications can run over the same port. Use the nmap utility to determine which services are running on each port and identify which should remain active. The nslookup utility is a software tool for querying DNS server records. It can query various records, such as A, AAAA, and MX records. The dig utility is used to query a DNS (Domain Name System) and return detailed information about a domain name. previous finish review

Answer 119

**Access point distance** Distance to an access point will cause issues the further away you are. As the signal gets weaker, a device will spend more power trying to connect and slow data transfer. Speed is important to a wireless network, but that may only be a symptom of the issue. Distance would be the cause of the speed issue. Device configuration may be an issue, but only if a wireless access point were down. Not enough information is given to determine it is a device configuration issue. DNS issues would prevent accessing websites by domain name but not cause speed issues necessarily.

Answer 120

**Multimode** Multimode fiber is inexpensive to deploy compared to single-mode fiber. As such, it does not support long distances as single-mode and is more suitable for Local Area Networks (LANs) than Wide Area Networks (WANs). Single-mode cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics. Cat 7 cable is always of a screened/shielded type and is rated for 10GbE applications up to 100 m (328 feet). Cat 8 is intended for use in datacenters only for short patch cable runs that make top-of-rack connections between adjacent appliances.

Answer 121

**A** The host identified in an MX record must have an associated A or AAAA record. A Mail Exchange (MX) record is used to identify an email server for the domain. In a typical network, multiple servers are installed to provide redundancy, and each one will be represented with an MX record. An MX record must not point to a CNAME record, even though CNAME is almost the same as an A record. DKIM records are used to decide whether you should allow received emails from a given source, preventing spam and mail spoofing. DKIM can use encrypted signatures to prove that a message originated from the domain it claims.

Answer 122

**MDI-X** The end system interface is known as a medium-dependent interface (MDI); the interface on the hub is called an MDI crossover (MDI-X). This means that the transmit (Tx) wires on the host connect to receive (Rx) wires on the hub. On a switch with VLANs configured, a port with an end station host connected operates in untagged mode (access port). A tagged port will normally be part of a trunk link. Port security prevents a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile. The Neighbor Discovery (ND) protocol performs some functions on an IPv6 network that ARP and ICMP perform under IPv4.

Answer 123

**BGP** BGP has an administrative distance of 20. An administrative distance (AD) value can express the relative trustworthiness of the protocol supplying the route. EIGRP has an administrative distance of 90. Default AD values are coded into the router but can be adjusted by the administrator if necessary. OSPF has an administrative distance of 110. Each routing protocol uses its metric to determine the least-cost path. Unknown has an administrative distance of 255. As routing protocols use different methods to calculate the metric, a network technician cannot compare routes from other protocols in the overall IP routing table, so it uses AD values.

Answer 124

**DDoS (Distributed Denial of Service)** DDoS attack, attacks launch from multiple compromised computers (zombie agents) with DoS tools (bots) forming a botnet. The attacker installs backdoor applications that give them access to the PC. DNS poisoning compromises name resolution, replacing the valid IP address for a trusted website with the attacker's malicious IP address. ARP spoofing, or ARP cache poisoning, is a common means of perpetrating an on-path attack. It works by broadcasting unsolicited ARP reply packets, also known as gratuitous ARP replies, with a spoofed source address. DHCP communications cannot be authenticated, so a host will generally trust the first offer packet that it receives. A rogue DHCP server takes advantage of this process and can become the subnet's DNS resolver.

Answer 125

**Virtual network computing (VNC)** Virtual network computing (VNC) is a popular alternative to Remote Desktop, similar to TeamViewer. Split tunnel vs. full tunnel is incorrect; this answer indicates which traffic is routed via a VPN gateway. In-band vs. out-of-band management is incorrect because it refers to managed and unmanaged network appliances. The remote desktop gateway can be a means of implementing a clientless VPN and can also allow a user to access networked applications. A gateway can be used to connect a user to a virtual desktop, where a client operating system and applications software is provisioned as a virtual appliance.

Answer 126

**Clientless VPN** Clientless VPN also referred to as HTML5 VPN, uses a WebSockets protocol, enabling bidirectional messages between the server and client without requiring the overhead of separate HTTP requests. Site-to-site VPN establishes a secure connection when the VPN gateways at each site exchange security information. Remote desktop connections allow users to operate a computer remotely but require a client app that implements the protocols and authentication methods supported by the remote desktop/VPN gateway. Authentication and authorization considerations are important when granting remote access to machines, but by itself is not a technology solution.

Answer 127

**Tamper detection** The purpose of the closed-circuit alarm on the door to the server rack is tamper detection. If an attacker were to try and break into the server racks to tamper with the hardware, the alarm would notify security. Motion detection is a type of alarm but does not necessarily prevent tampering. A tripped motion detector merely indicates there is movement in an area being monitored. A camera, like motion detection, does not detect tampering. A camera projects and possibly records what is happening onto a screen that someone can monitor. Biometrics help prevent tampering by proving a person is who they say they are when trying to access resources.

Answer 128

**1** The first step of the CompTIA Network+ troubleshooting methodology is identifying the problem, which includes approaching multiple problems individually and determining if anything has changed. The fourth step of the CompTIA Network+ troubleshooting methodology is to establish a plan of action to resolve the problem and identify potential effects. The third step of the CompTIA Network+ troubleshooting methodology is to test the theory to determine a cause. The second step of the CompTIA Network+ troubleshooting methodology is establishing a theory of probable cause. This involves questioning the obvious and considering multiple approaches.

Answer 129

**SLAAC** IPv6 uses a more flexible system of generating link-local addresses and address autoconfiguration than IPv4 called stateless address autoconfiguration (SLAAC). A EUI-64 is a 64-bit hardware address. A translation mechanism allows a 48-bit MAC address to be converted to a EUI-64. EUI-64 addresses can be used with IPv6. Automatic Private IP Addressing (APIPA) is the IPv4 methodology by which link-local addresses are distributed. A VIP is a virtual IP and is commonly associated with load balancers.

Answer 130

**Factory reset/wipe configuration** Factory reset/wipe configuration is correct. Factory resetting a device, or doing a configuration wipe, is a feature built-in to devices that, when invoked, wipes any custom configuration settings or modifications. Asset tags show the ID of a device or component and link it to an inventory management database. Sanitizing devices for disposal is incorrect because the laptop is being recycled, not disposed of. Employee training is incorrect. While employee training is another prevention-based security control, it is not appropriate to get the old laptop ready for a new user.

Answer 131

**CATV** **HFC** A cable Internet connection is usually available along with Cable Access TV (CATV). These networks are sometimes described as Hybrid Fiber Coax (HFC) because they combine a fiber optic core network with coax links to CPE but are more simply just described as cable broadband. DOCSIS refers to Data Over Cable Service Interface Specification. Based on the DOCSIS, cable supports downlink speeds of up to 38 Mbps (North America) or 50 Mbps (Europe) and uplinks of up to 27 Mbps. Full fiber connections are also becoming provisioned to residential and small business customers. Rather than dedicated leased lines, these services deploy as a passive optical network (PON). previous finish review

Answer 132

**Coaxial** Coaxial (or coax) cable is made of two conductors that share the same axis, hence the name ("co" and "ax"). The core conductor of the cable is made of copper wire (solid or stranded). Older implementations of coaxial cable use RG-59 while modern installations use RG-6. Over copper wire, Gigabit Ethernet is specified as 1000BASE-T, working over Cat 5e or better. Cat 3 cable is also known as 10Base-T. This cable has a maximum distance of 100m (328 ft) and a speed capacity of 10 Mbps. 100BASE-TX refers to Fast Ethernet working over Cat 5 (or better) twisted pair copper cable with a maximum supported link length of 100 meters (328 feet).

Answer 133

**Duplex** Duplex is a communication configuration. Full-duplex refers to a communication type such as network links that allow simultaneously sending and receiving. Most network links are full-duplex. Bidirectional refers to two-way communication. Bidirectional does not imply the ability for full-duplex and may only be half-duplex. This means send and receive is taken in turns. Multimode fiber is inexpensive to deploy compared to single mode fiber. As such, it does not support long distances as single mode and is more suitable for Local Area Networks (LANs) than Wide Area Networks (WANs). A crossover cable is created by wiring the connectors at each end differently, so that the transmit on one connector goes directly to receive on the other connector and vice versa.

Answer 134

**Theorize an IP issue at Layer 3.** In a divide and conquer approach, you start with the layer most likely to be causing the problem. The DNS A record including the server's IP address may not have been created yet. Ping the FQDN, if IP resolution fails, fix the A record. A MAC (Media Access Control) address is not the immediate concern because the previous remote access assumes local LAN was accessible. A port issue, like TCP port 3389 for RDP (Remote Desktop Protocol) is most likely not the case because remote access worked previously to join server to the domain. A possible failure of a physical cable is most likely not the cause since the issue occurred after a change in software settings.

Answer 135

**Control** A control layer is not part of the traditional hierarchy but is part of software-defined networking (SDN). The principal innovation of SDN is to insert a control layer between the application layer and the infrastructure layer. The access or edge layer allows end-user devices, such as computers, printers, and smartphones to connect to the network. The distribution or aggregation layer provides fault-tolerant interconnections between different access blocks and either the core or other distribution blocks. The core layer provides a highly available network backbone. Devices such as client and server computers should not be attached directly to the core.

Answer 136

**Set up Port Address Translation (PAT).** Port Address Translation (PAT) is beneficial in cases where multiple private IP addresses are being mapped onto a single public address. Network Address Translation (NAT) is useful in scenarios where a single inbound connection to a single host must be supported; it is a simple 1:1 mapping. Port forwarding, also known as destination NAT, means that the router takes requests from the Internet for a specific application (HTTP/port 80) and changes the destination address to send them to a designated host and port on the LAN. IPv6 tunneling can be used to deliver IPv6 packets across the IPv4 Internet. In this, a basic IP address was referenced for the servers and not an IPv6 address.

Answer 137

**EUI-64** A EUI-64 is a 64-bit hardware address. A translation mechanism allows a 48-bit MAC address to be converted to a EUI-64. EUI-64 addresses can be used with IPv6. A VIP is a virtual IP and is commonly associated with load balancers. Automatic Private IP Addressing (APIPA) is the IPv4 methodology by which link-local addresses are distributed. The I/G bit of a MAC address determines whether the frame is addressed to an individual node (0) or a group (1). The latter is used for broadcast and multicast transmissions.

Answer 138

**Splices** **Attenuation** **Connectors** Additional splices in the cable are budgeted at around 1 dB for mechanical and 0.3 dB for fusion. Each connector in the path incurs a loss, usually assumed to be 0.75 dB. Attenuation is the loss over the length of the cable, based on fiber type and the wavelength used. Single-mode has a loss of up to 0.4 dB/km, while multimode can be from 0.8 dB/km to 3 dB/km. Transmitter power is used in calculating the power budget. The power budget is calculated from the transceiver to transmit (Tx) power and receiver (Rx) sensitivity.

Answer 139

**Multimode fiber** Multimode fiber is inexpensive to deploy compared to single mode fiber. As such, it does not support high signaling speeds or long distances as single mode and is more suitable for Local Area Networks (LANs) than Wide Area Networks (WANs). Single mode cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics. Twinaxial (or twinax) is similar to coax but contains two inner conductors. Twinax is used for datacenter 10 GbE. Coaxial cables are usually terminated using F-type connectors, which are secured by screwing into place.

Answer 140

**Tone generator** A network tone generator and probe are used to trace and identify a cable from one end to the other. This may be necessary when cables have not been labeled properly. A cable tester provides detailed information on the physical and electrical properties of a cable. Electromagnetic interference (EMI) from radio or electromagnetic sources working in the same frequency band as a Wi-Fi device can be detected with a spectrum analyzer. A packet sniffer is a device or program that is used to monitor network communication and capture data.

Answer 141

**Wireless client isolation** Wireless client isolation means clients connected to a WLAN are normally within the same broadcast domain and can communicate with one another. An access point can be configured to prevent this so that stations can only communicate via their gateway. The AP drops peer-to-peer traffic. Guest network isolation means a guest network can have separate security and forwarding policies than the network that permits access to the corporate LAN. Port security refers to the IEEE 802.1X standard’s Port-Based Network Access Control (PNAC) mechanism. PNAC means that the switch performs some authentication of the attached device before activating the port. Captive portal means a guest network might be configured to redirect stations to a secure web page to perform authentication.

Answer 142

**To give rights to users implicitly.** **To grant users sufficient rights to perform a job.** Least privilege means that a user is granted sufficient rights to perform his or her job and no more. This mitigates risk if the account should be compromised and fall under the control of a threat actor. Role-based access define organizational roles and subjects are allocated to those roles. Users gain rights implicitly (through being assigned to a role) rather than explicitly (being assigned the right directly). Zero trust uses systems such as continuous authentication and conditional access to mitigate privilege escalation and account compromise. Another zero-trust technique is to apply microsegmentation. Separation of duties is a means of establishing checks and balances against the possibility that critical systems or procedures can be compromised by insider threats.

Answer 143

**Colocation** Colocation is cost-effective but also associated with several risks. Colocation means that a company's private servers and network appliances are installed in a data center that is shared by multiple tenants. Branch offices may be limited in terms of low bandwidth, high latency links. This can mean having to install servers to branch locations and replicate data between them and the head office or corporate network. An on-premises data center does not have any site redundancy and is also likely to suffer from poor performance when accessed by remote offices in different countries. The spine and leaf is a topology that provides better support for east-west traffic and the use of SDN and overlay networks within data centers.

Answer 144

**CIA** The (CIA) triad is one of the foundational principles of computer security. The systems used to store, transmit, and process data must demonstrate three confidentiality, integrity, and availability properties. Security Information and Event Management (SIEM) is a security control designed to integrate vulnerability and threat assessment efforts through automated collection, aggregation, and log data analysis. IEEE 802.1X Port-based Network Access Control (NAC) protocol provides the means of using an EAP method when a device connects to an Ethernet switch port, wireless access point, or VPN gateway. Network Access Control (NAC) is a system for authenticating endpoints when they connect to the network.

Answer 145

**Subnet mask** Subnet addressing refers to the division of a single IP network into two or more smaller broadcast domains by using longer netmasks within the boundaries of the network. Also called a subnet mask. This is usually signified by the numbering scheme 255.255.255.0 or similar. An Internet Protocol address is used for two devices to communicate. Private network IP addresses could be 10.0.0.x or 192.168.1.x. A Gateway address is what is used by a device to connect to a network and get traffic routed to its destination, typically the network's primary router. Domain Name Service is used to translate domain names (i.e. www.comptia.com) to its actual IP address.

Answer 146

**SOA** The Start of Authority (SOA) record identifies the primary authoritative name server that maintains complete resource records for the zone. There is only one SOA record. Other servers use NS records to identify the IP address of servers holding the domain's resource records. The Time to Live (TTL) is an IP header field, not a type of record. It is reduced by one every time a packet is forwarded by a router (referred to as a hop). A TXT record is used to store any free-form text that may be needed to support other network services. A single domain name may have many TXT records.

Answer 147

**PaaS** Platform as a Service (PaaS) is a computing method that uses the cloud to provide any platform-type services. A SQL database is an example of PaaS. Software as a Service (SaaS) is a computing method that uses the cloud to provide application services to users. Office 365 is an example of SaaS. Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components. Hybrid refers to a cloud computing solution that implements a combination of delivery models such as public, private, or a community solution.

Answer 148

**To snoop on connections with web servers** **To steal user network credentials** An evil twin attack is when a threat actor stands up another access point (AP) that spoofs the legitimate AP. When users try to manually reconnect, the fake AP will be able to harvest users’ authentication information. This evil twin may also act as a rogue AP if connected to legitimate local area network (LAN). This AP can then snoop on incoming connections to other servers and websites on the LAN. An encryption protocol mismatch will cause wireless connections to fail, even if the correct credentials are supplied. Users are expected to connect in this case. A deauthentication attack sends a stream of spoofed management frames to cause a client to disconnect. Users are expected to connect in this case.

Answer 149

**Switch** A switch is a layer 2 device. Switches can handle traffic based on a node's physical address, which is also known as a Media Access Control (MAC) address. A router is a hardware appliance or application that connects different networks/subnets for communication purposes, but keeps them as separate networks. A router is a layer 3 device. A hub (also known as a dumb device) connects computers to a network in a star configuration. A hub lacks the features contained in a switch but can be used to connect devices in a local network. A bridge is an appliance or application that connects different networks as if they were one network.

Answer 150

**IP reservation** **DHCP** Dynamic Host Configuration Protocol (DHCP) provides an automatic method for allocating an IPv4 address, subnet mask, and default gateway. IP reservation, or MAC reservation, is a mapping of the MAC address to a specific IP address within the DHCP server's pool. The same IP address will be given to the registered MAC address of the requesting client. DHCPv6 is DHCP for IPv6 addresses. Although similar to DHCP, DHCPv6 uses the multicast address ff:02::1:2 to discover a DHCP server. A virtual IP is a shared IP address for the purpose of representing, for example, a group of physical routers using a Hot Standby Router Protocol (HSRP) or multiple servers configured for load balancing.

Answer 151

**Transport** The Transport layer is also known as the end-to-end or host-to-host layer. It identifies each type of network application by assigning it a port number (e.g. HTTP identifies as port 80). The Physical layer is responsible for the transmission and receipt of bits from one node to another node using some form of physical media (e.g. repeater). The Data Link layer is responsible for transferring data between nodes on the same logical segment. A segment is one where all nodes can send traffic to one another using hardware addresses (e.g. MAC address). The Application layer provides an interface for software programs on network hosts that have established a communications channel through the lower-level protocols to exchange data.

Answer 152

**Incorrect pinout** An incorrect pinout refers to when the individual wires within a cat-5 or cat-6 cable are not in the correct order. This can cause connections to fail unexpectedly if the issue is not known. A straight-through cable is normally used in network connectivity that follows either the standard T568A on both ends or T568B on both ends. A crossover cable is cabling where the transmit pair at one end is connected to the receive pair at the other. Duplex refers to the ability of network equipment to transmit and receive data. Half-duplex means that it can send or receive one at a time, while full-duplex means it can transmit and receive simultaneously.

Answer 153

**A trusted certificate is installed** **The captive portal page URL starts with https://** The captive portal needs to be installed with a digital certificate issued by a certification authority (CA) trusted by the client browser. The captive portal should use HTTPS. Most modern browsers will block redirection to sites that do not use TLS. VPN would be a solution users may use after a successful captive portal authentication process is completed. Disassociation is a management frame handling process by which a station is disconnected from an access point after the initial authentication process.

Answer 154

**Business Continuity Plan** Business continuity planning (BCP) identifies controls and processes that enable an organization to maintain critical workflows in the face of some adverse event. A password policy instructs users on best practices in choosing and maintaining a network access credential. The remote access policy should then implement the measures identified through compiling the documentation. Security policy establishes a duty for each employee to ensure the confidentiality, integrity, and availability of any data assets or processing systems that they use as part of their job. Numerous operational policies will supplement the overall security policy to govern specific areas of activity or configuration.

Answer 155

**Incident response plan** The company will react to the incident by following the incident response plan which sets out the procedures, tools, methods of communication, and guidelines for dealing with security incidents. A disaster recovery plan (DRP) addresses large-scale incidents. These will typically be incidents that threaten the performance or security of a whole site. Remote access policies are technical policy controls that govern the employees’ use of remote access privileges where employers assign the right for employees to connect to the corporate network from a remote location. Data loss prevention (DLP) products scan content in structured formats (such as a database with a formal access control model) or unstructured formats, such as email or word processing documents.

Answer 156

**Basic Service** The AP mediates communications between client devices and can also provide a bridge to a cabled network segment. In 802.11 documentation, this is referred to as an infrastructure Basic Service Set (BSS). A network engineer can group more than one BSS in an Extended Service Set (ESS). 802.11n products can also use channels in the 2.4 GHz band or the 5 GHz band. 802.11n also allows two adjacent 20 MHz channels to be combined into a single 40 MHz channel, referred to as channel bonding. The 802.11n standard increases bandwidth by multiplexing the signals from 2 to 4 separate antennas (a radio chain) using a collection of technologies generally referred to as Multiple Input Multiple Output (MIMO).

Answer 157

**Greater control** A private cloud infrastructure is completely private to, and owned by, an organization. With private cloud computing, organizations can exercise greater control over the privacy and security of their services. A hybrid cloud solution uses a mix of multiple cloud delivery models. One approach is to only utilize cloud services when it forecasts that private services will experience an increase in activity. A public (or multi-tenant) cloud solution is hosted by a third-party and shared with other subscribers. There are risks regarding performance and security. A community cloud solution is where several organizations share the costs of either a hosted private or fully private cloud.

Answer 158

**AAA** An authentication, authorization, and accounting (AAA) device provides object identification, relevant permissions, and then creates an audit trail. AAA can be deployed by using a RADIUS (Remote Authentication Dial-in User Service) server. Client-to-site VPN connects the client over the public network to a VPN gateway (a VPN-enabled router) positioned on the edge of the local network (typically the VPN access server will be in a screened subnet). Client-to-site is the "telecommuter" model, allowing home-workers and employees working in the field to connect to the corporate network. A load balancer distributes client requests across available systems, like server nodes in a farm or pool. Clients use the single name/IP address of the load balancer to connect to the servers in the farm. A proxy server is used as a middle-man for network access, such as Internet access. A proxy can control what a system can or cannot connect to.

Answer 159

**Physical network diagram** **Logical network diagram** **Wiring diagram** A logical network diagram demonstrates the flow of data through a network and shows how devices communicate with each other. A physical network diagram shows the physical arrangement and location of the components that make up the network and includes the hardware and cabling. A wiring diagram (or pin-out) shows detailed information about the termination of twisted pairs in an RJ-45 or RJ-48C jack or Insulation Displacement Connector (IDC). An Intermediate Distribution Frame (IDF) provides termination for access layer switches that serve a given area, such as a single office floor.

Answer 160

**VoIP gateway** A Voice over Internet Protocol (VoIP) gateway is a component in a VoIP phone system. This gateway, which can be software or hardware, is used to interface with a traditional analog phone system. A Voice over Internet Protocol (VoIP) Private Branch Exchange (PBX) is the core switch that controls all functions found in a VoIP system. Media converters are layer 1 devices and are used to convert one cable type to another. These components alter the characteristics of one type of cable to match those of another. A voice gateway is a means of translating between a VoIP system and legacy voice equipment and networks, such as POTS lines.

Answer 161

**Run a tracert command.** **Run a ping command.** The ping command is used to perform a basic connectivity test on a remote host by sending ICMP (Internet Control Message Protocol) packets and receiving a reply message. The tracert command is a Windows IP diagnostic utility used to trace the route taken by a packet as it hops to the destination host on a remote network. The traceroute command is a Linux/UNIX IP diagnostic utility used to trace the route taken by a packet as it hops to the destination host on a remote network. The netstat command is a utility to show network information on a machine running TCP/IP, notably active connections and the routing table.

Answer 162

**TCP SYN to server** The first step is for the client to send a segment with the TCP flag SYN set to the server with a randomly generated sequence number. The client enters the SYN-SENT state. The server, currently in the LISTEN state (assuming it is online), responds with a SYN/ACK segment, containing its own randomly generated sequence number. The server enters the SYN-RECEIVED state. The client responds with an ACK segment. The client assumes the connection is ESTABLISHED. The server opens a connection with the client and enters the ESTABLISHED state.

Answer 163

**Audit log** An audit log records the use of authentication and authorization privileges. It will generally record success/fail type events. An audit log might also be described as an access log or security log. Syslog is an example of a protocol and supporting software that facilitates log collection. It has become a de-facto standard for logging events from distributed systems. Performance and traffic logs record statistics for computing, storage, and network resources over a defined period. Object Identifiers (OIDs) are stored within a tree structure. Part of the tree is generic to SNMP, while the device vendor can define part of it as well.

Answer 164

**Locking cabinets** Locking cabinets can provide secure storage for individual items, such as cryptographic keys or shared password lists. Locking racks can have whole pieces of equipment installed within them to protect against insider attacks and attacks that breakthrough perimeter security mechanisms. Smart lockers are incorrect because their cryptographic keys need to be stored under lock and key. Smart lockers unlock via a smart card/badge or biometric. Access control vestibule (previously known as a mantrap) is used to prevent unauthorized access to facilities by using a gateway that leads to an enclosed space protected by another barrier.

Answer 165

**Punch down tool** A punch down tool terminates fixed cables like a telephone cable into an IDC (insulation displacement connector). Different IDC formats include a 66 block and 110 block. A cable crimper is used to create network cables with terminated ends such as a patch cable. Different types of crimpers are specific to the type of connector and cable. Krone is another IDC format used to terminate twisted pair cables like a 110 block. A Krone punch down tool is specific to a Krone and cannot be used on a 110 block, and vice versa. A wire stripper tool strips the cable jacket. They have the correct diameter to score a cable jacket without damaging the insulation wires.

Answer 166

**Packet sniffer** **Protocol analyzer** A protocol analyzer works in conjunction with a packet sniffer. Protocol analyzers can decode a captured frame to reveal its contents in a readable format. A packet sniffer is a device or program that is used to monitor network communication and capture data. Electromagnetic Interference (EMI) from radio or electromagnetic sources working in the same frequency band as a Wi-Fi device can be detected with a spectrum analyzer, but is not relevant to wired devices. While packet drops can result in bandwidth drops, a bandwidth speed tester will not be useful in identifying the cause of the packet loss.

Answer 167

**Firewalls** The primary function of a firewall is traffic filtering. The firewall processes traffic according to rules; traffic that does not conform to a rule that allows it access is blocked. Switches implement the addressing and forwarding functions of the data payload. Load balancing distributes traffic between independent processing nodes. Load balancing is a technique where servers are configured as a unit and work together to provide network services. Configuration is the display or setup method selected to support a particular application role (web server, mail server, file/print server, and so on.)

Answer 168

**Standard operating procedure** The administrator is following a standard operating procedure (SOP) which may contain detailed steps for performing a task and identifies lines of responsibility and authorization for performing it. A documented change management process dictates the process for approving, preparing, supporting, and managing new or updated business processes or technologies. A baseline configuration baseline is a fixed point to which the system is set to standard. It can be the access control list applied to a firewall, for instance, or a performance baseline such as the throughput achieved by the firewall. A business continuity plan (BCP) is a collection of processes and resources that enable an organization to maintain normal business operations in the face of some adverse event.

Answer 169

**Acceptable use policy** The organization is writing an acceptable use policy (AUP) which sets out the permitted uses of a product or service. It might also state explicitly prohibited uses. A bring your own device (BYOD) policy means that employees can use their own personal devices on the corporate network so long as it meets a minimum specification required by the company. A business continuity plan (BCP) is a collection of processes and resources that enable an organization to maintain normal business operations in the face of some adverse event. A service level agreement (SLA) is a contractual agreement setting out the detailed terms under which a service provider provides an ongoing service.

Answer 170

**OIDs** This agent maintains a database called a Management Information Base (MIB) that holds statistics relating to the device's activity, such as the number of frames per second handled by a switch. Each parameter stored in a MIB is referred to by a numeric Object Identifier (OID). Tree structures store OIDs. Encapsulation is the frame format expected on the interface. Encapsulation errors will prevent transmission and reception. Most algorithms are classed as either distance vector or as link state, categorized according to the topology and metrics used to build and update a routing information base and prioritize optimal (or least-cost) paths. Memory is considered the component of computers that temporarily stores actively used data.

Answer 171

**Cloud Site** For many companies, the most cost-effective solution is to move processing and data storage to a cloud site. A cloud site allows sustained hot site redundancy, which enables versatile use of a network without maintaining a series of physical servers. Recovery time objective (RTO) is the period following a disaster when an individual IT system remains offline. This represents the maximum amount of time allowed to identify a problem and then perform recovery. First hop redundancy protocol (FHRP) is the provisioning of failover routers to serve as the default gateway. Link aggregation means combining separate cabled links between a host and a switch into a single logical channel. From the host end, this can also be NIC teaming.

Answer 172

**Site-to-site VPN** Site-to-site VPNs are designed to work automatically so that hosts at each site do not need to be configured with PN information. The gateways exchange security information using whichever protocol the VPN is based on. This establishes a trust relationship between the gateways and sets up a secure connection to tunnel data. Split tunnel vs. full tunnel refers to private network traffic or all network traffic routed via the VPN gateway. Clientless VPN connections use web browsers to implement remote desktop/VPN connections. Virtual desktop is not a type of VPN deployment model.

Answer 173

**Orange/White, Orange, Green/White, Blue, BlueWhite, Green, Brown/White, Brown** The T568B standard is Orange/White, Orange, Green/White, Blue, BlueWhite, Green, Brown/White, Brown. The T568A standard is Green/White, Green, Orange/White, Blue, BlueWhite, Orange, Brown/White, Brown. Orange/White, Orange, Green/White, Green, Blue, BlueWhite, Brown/White, Brown can be used but is not the T568B standard. Green/White, Green, Orange/White, Orange, Blue, BlueWhite, Brown/White, Brown can be used but is not the T568B standard.

Answer 174

**Site survey report** A wireless site survey report overlays a floor plan with graphics showing signal strength and channel utilization at different points in the building. A floor plan is a detailed diagram of wiring and port locations. Physically accurate floor plans are hard to design and are likely to require the help of an architect or graphics professional. A wiring diagram (or pin-out) shows detailed information about the termination of twisted pairs in an RJ-45 or RJ-48C jack or Insulation Displacement Connector (IDC). A port location diagram identifies how wall ports located in work areas connect back to ports in a distribution frame or patch panel and then from the patch panel ports to the switch ports.

Answer 175

**Remote Authentication Dial-in User Service (RADIUS)** RADIUS is a way of implementing an AAA server. Remote access devices—such as VPN servers—function as client devices of the RADIUS server. Most directory services are implementations of the Lightweight Directory Access Protocol (LDAP). LDAP is not a directory standard, but a protocol used to query and update an x.500 standard directory. LDAP is supported in current directory products such as Windows Active Directory. TACACS+ is used in authenticating administrative access to routers and switches. TACACS+ uses reliable delivery offered by TCP making it easier to detect when a server is down. Directory services is a network service that stores identity information about all the objects in a network, including users, groups, servers, client computers, and printers.

Answer 176

**UDP 123** Time synchronization is usually accomplished via the Network Time Protocol (NTP). Clients must be able to access a time source over port UDP 123. HTTPS uses TCP 443, better known as Secure Socket Layer (SSL), to make a secure connection. Lightweight Directory Access Protocol (LDAP) is a protocol used to query and update an X.500-like directory. LDAP messaging uses TCP and UDP port 389 by default. A File Transfer Protocol (FTP) client connects to TCP port 21 on an FTP server to send and retrieve file data.

Answer 177

**Tunneling** Tunneling is an alternative to dual-stack routing. Tunneling can be used to deliver Internet Protocol version 6 (IPv6) packets across the Internet Protocol version 4 (IPv4) Internet. The IPv6 packets are inserted into IPv4 packets and routed over the IPv4 network to their destination. Dual-stack hosts can run both IPv4 and IPv6 simultaneously and communicate with devices configured with either type of address. A multicast address identifies multiple network interfaces. Unlike IPv4, IPv6 routers must support multicast. Unique Local Addressing (ULA) assigns addresses that are only routable within a site.

Answer 178

**802.11g** The 802.11b standard used the 2.4 GHz frequency band and was released parallel with 802.11a. It standardized the use of the carrier method Direct Sequence Spread Spectrum (DSSS). The IEEE 802.11a standard specifies the use of the 5 GHz frequency band and a multiplexed carrier scheme called Orthogonal Frequency Division Multiplexing (OFDM). 802.11a has a nominal data rate of 54 Mbps. Like 802.11a, 802.11g uses OFDM, but the 2.4 GHz band used 802.11b and with the same channel layout. 802.11n products can also use channels in the 2.4 GHz band or the 5 GHz band.

Answer 179

**Wire map** Wire map testers can identify continuity, short, incorrect pin-out/incorrect termination/mismatched standards. Snips are electrician’s sturdy scissors to cut the wire and are notched to assist with stripping insulation from the wire. A rollover cable or console cable connects a PC or laptop to the command line terminal of a switch or router. The console port connection on the appliance is a standard RJ-45 jack (but wired differently to Ethernet). In fiber optic cabling, an optical spectrum analyzer (OSA) is typically used with wavelength division multiplexing (WDM) to ensure that each channel has sufficient power.

Answer 180

**Logging Levels** The logging level configured on each host determines the maximum level at which events are recorded or forwarded. The agent is a process (software or firmware) running on a switch, router, server, or other SNMP-compatible network devices. This agent maintains a database called a Management Information Base (MIB) that holds statistics relating to the device's activity, such as the number of frames per second handled by a switch. Packet or byte counts are useful to monitor both packet counts and bandwidth consumption. High packet counts will incur processing load on the appliance's CPU and system memory resources, even if the size of each packet is quite small. Sending and receiving traffic involves the movement of information within a system.

Answer 181

**172.16.0.0 to 172.31.255.255** 172.16.0.0 to 172.31.255.255 is the Class B private address range. Private IP addresses can be drawn from one of the pools of addresses defined in RFC 1918 as non-routable over the Internet. 10.0.0.0 to 10.255.255.255 is the Class A private address range. Any organization can use private addresses on its networks without applying to a registry or ISP, and multiple organizations can use these ranges simultaneously. If a Windows host does not receive a response from a DHCP server within a given time frame, it selects an address at random from the range 169.254.1.1 to 169.254.254.254. 192.168.0.0 to 192.168.255.255 is the Class C private address range.

Answer 182

**Ransomware** **Crypto-malware** Ransomware is a type of malware that tries to extort money from the victim; for instance, by appearing to lock the victim's computer or by encrypting their files. Crypto-malware is ransomware that encrypts data files, and the user is unable to access files without obtaining the private encryption key. This attack is difficult to mitigate unless the user has backups of the encrypted files. Pharming redirects users from a legitimate website to a malicious one. Pharming corrupts the way the computer performs Internet name resolution. Spyware is a type of malware that is often installed on a system without consent. This software has the capability of monitoring and capturing data for malicious purposes.

Answer 183

**Disable unsecure protocols.** **Disable unneeded switchports.** **Change default usernames and passwords.** Devices such as wireless access points, switches, and routers sometimes ship with a default management password. These should be changed immediately during installation. Use secure protocols such as Simple Network Management Protocol (SNMP) version 3 (that uses encryption) rather than SNMPv1 or v2 that does not use encryption. Disable switch ports to prevent the attachment of unauthorized client devices. You can also isolate unneeded ports to a black hole Virtual LAN (VLAN) that has not route to the network. Users should avoid common passwords. Password database dumps give attackers a useful dictionary to work with when trying to crack credentials. Any password that could be matched to a dictionary term is completely unsecure and must not be used.

Answer 184

**IaaS** **Hybrid model** Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly. Company virtual machines can easily be moved to the cloud infrastructure during the peak season. A hybrid cloud model provides the ability for the company to elastically move service from private to cloud infrastructure, and vice versa. This makes on-demand services cost effective. A Software as a Service (SaaS) model would provide the provisioning of commercial software using an on-demand service such as Microsoft Office 365. A private cloud model is built, managed, and owned by the company. The company must add physical resources at their own expense to support more customer demand.

Answer 185

**Identify symptoms** **Gather information** The first step of the CompTIA Network+ troubleshooting methodology is identifying the problem, which includes gathering information. The first step of the CompTIA Network+ troubleshooting methodology is identifying the problem, which includes identifying symptoms. The seventh step of the CompTIA Network+ troubleshooting methodology is to document findings, actions, and outcomes. These should be saved and archived in order to help mitigate issues in the future. The fifth step of the CompTIA Network+ troubleshooting methodology is to implement a solution or escalate as necessary. One person can not solve all issues. It sometimes takes multiple people to resolve an issue.

Answer 186

**If the file application is misconfigured** **The application layer** The application layer is where the technician should begin to troubleshoot because the lower levels are verified to be working. The file transfer service is a widely used service at the Application layer. The file was not downloadable, despite the technician navigating to the file using Windows Explorer. The file server application may not be configured properly for download. Ethernet encapsulates the payload in a transimission from higher layer protocols within a protocol data unit (PDU) called a frame. This is not relevant to the solution. Multiple TCP connections are managed using handshake transactions, which make use of a number of TCP flags.

Answer 187

**Media converter** Media converters are layer 1 devices and are used to convert one cable type to another. These components alter the characteristics of one type of cable to match those of another. A switch is a layer 2 device. Switches can handle traffic based on a node's physical address which is also known as a Media Access Control (MAC) address. A bridge is a layer 2 appliance or application that connects different networks as if they were one network. A VoIP (Voice over Internet Protocol) endpoint is a phone system component that can be implemented as software running on a computer or smartphone, or as a dedicated traditional handset.

Answer 188

**Roaming** Clients can roam within an extended service area (ESA). An ESA is created by installing APs with the same SSID and security configuration connected by a wired network or Distribution System (DS). 802.11n products can also use channels in the 2.4 GHz band or the 5 GHz band. 802.11n also allows two adjacent 20 MHz channels to be combined into a single 40 MHz channel, referred to as channel bonding. The 802.11n standard increases bandwidth by multiplexing the signals from 2 to 4 separate antennas (a radio chain) using a collection of technologies generally referred to as Multiple Input Multiple Output (MIMO). An Extended Service Set (ESS) groups more than one Basic Service Set (BSS) together.

Answer 189

**Caching of web content** **Content filtering** Most web proxy servers provide caching engines, which retain frequently requested web pages, negating the need to re-fetch those pages for subsequent requests. Web proxies, act as a web security gateway. Their primary functions prevent viruses or Trojans from infecting computers from the Internet, block spam, and restrict web use to authorized sites, thereby acting as a content filter. A load balancer distributes client requests across available systems, like server nodes in a farm or pool. Clients use the single name/IP address of the load balancer to connect to the servers in the farm. When the functionality for supporting a Virtual Private Network (VPN) is part of a router or dedicated security appliance, it is a VPN concentrator.

Answer 190

**CPU usage** **Memory** High CPU utilization can indicate a problem with network traffic, or there may be a need for an upgrade. Devices such as switches and routers perform much processing. If system memory utilization is very high, an upgrade might be required, or a network issue may be present. Jitter is a variation in the delay. Jitter manifests itself as an inconsistent rate of packet delivery. Jitter is also measured in milliseconds (ms), using an algorithm to calculate a sample of transit times value. Latency is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms).

Answer 191

**RADIUS** Remote Authentication Dial-in User Service (RADIUS) is widely used for client device access over switches, wireless networks, and VPNs. Terminal Access Controller Access Control System (TACACS+) is a similar protocol to RADIUS but designed to be more flexible and reliable. TACACS+ was developed by Cisco but supported many of the other third-party and open-source RADIUS server implementations. Extensible Authentication Protocol (EAP) provides a framework for deploying multiple types of authentication protocols and technologies.

Answer 192

**PoE+** 803.802.3at is PoE+ which allows powered devices to draw up to about 25 W, with a maximum current of 600 mA. The IEEE 802.1Q standard normally defines vIDs. Under 802.1Q, per-VLAN traffic is identified by a tag inserted between the Source Address and EtherType fields in the Ethernet frame. A jumbo frame supports a data payload of up to around 9,000 bytes. This reduces the number of frames that need to be transmitted. Link Aggregation Control Protocol (LACP) can auto-negotiate the bonded link between the switch ports and the end system.

Answer 193

**A rogue DHCP server** If two DHCP servers are running on the same subnet, clients could have an incorrect IP configuration because they have obtained a lease from a rogue server. DHCP scope exhaustion occurs when there are no more addresses available for DHCP to distribute. In this case, the client has an address. If DHCP servers go offline, users will continue to connect to the network for a period and, after that, start to lose contact with network services and servers as they come to try to renew a lease. The automatic Private IP Addressing (APIPA) range of 169.254.0.0/16 is typically assigned without issue, and almost no network connectivity would happen in this case.

Answer 194

**Layer 3 - Network** Layer 3 is the network layer. Information is sent using logical network addresses (e.g. IP address). The ping command in this case uses the IP address of the remote host to communicate and test network connectivity. Layer 2 is the data link layer. It is responsible for transferring data between nodes on the same logical segment using local or hardware addresses such as a Media Access Control (MAC) address. Layer 6 is the presentation layer. It transforms data between the format required for the network and the format required for the application. Layer 7 is the application layer. It provides an interface for software that has established communications through lower-level protocols to exchange data.

Answer 195

**Phishing** A phishing campaign can include an attacker that use a spoof website to imitate a bank site and emails users to log in and update their bank information on the fake website with a link. The fake website will then capture logon credentials. Distributed Denial of service (DDoS) happened after the users fell victim to phishing attacks. DDoS is launched simultaneously by multiple hosts that aim to consume network bandwidth to deny access. An on-path attack is where a threat actor compromises the connection between two hosts and transparently intercepts and relays all communications between them. Virtual LAN (VLAN) hopping is an attack designed to send traffic to a VLAN other than the one the host system is in.

Answer 196

**show config** Show config displays the switch's configuration. The startup configuration (show startup-config) could be different from the running configuration (show running-config). Show interface lists the state of all interfaces or the specified interface. Interfaces are identified by type, slot, and port number. For example, GigabitEthernet 0/2 (or G0/2) is port #2 on the first 10/100/1000 slot (or only slot). An interface has a line status and a protocol status. The show route, show ip route, show ipv6 route or similar command will output the active routing table. The Nmap Security Scanner is widely used for IP scanning, both auditing and penetration testing tools.

Answer 197

**AAAA** An AAAA record performs the same function as an A record, but for resolving a host name to an IPv6 address. An A record is used to resolve a host name to an IPv4 address. This is the most common type of record in a Domain Name System (DNS) zone. A Service (SRV) record is used to identify a record that is providing a network service or protocol. It is often used to locate Voice over Internet Protocol (VoIP) or media servers. A Mail Exchanger (MX) record is used to identify an email server for the domain. In a typical network, multiple servers are installed to provide redundancy, and each one will be represented with an MX record.

Answer 198

**LACP** Link Aggregation Control Protocol (LACP), which can be used to auto-negotiate the bonded link between the switch ports and the end system, detects configuration errors and recovers from the failure of one of the physical links. Port mirroring copies all packets sent to one or more source ports to a mirror (or destination) port. The Spanning Tree Protocol (STP) is a means for the bridges or switches to organize themselves into a hierarchy. The switch at the top of the hierarchy is the root. When Ethernet is wired with a hub, there must be a means of distinguishing the interface on an end system versus an intermediate system. The interface on the hub is called an MDI crossover (MDI-X).

Answer 199

**Phishing** Phishing is a combination of social engineering and spoofing. It persuades or tricks the target into interacting with a malicious resource disguised as a trusted one, traditionally using email as the vector. Tailgating is a means of entering a secure area without authorization by following closely behind the person that has been allowed to open the door or checkpoint. Piggybacking is when an attacker enters a secure area with an employee's permission. For instance, an attacker might impersonate a member of the cleaning crew and request that an employee hold the door open. Shoulder surfing is when a threat actor can learn a password or PIN (or other secure information) by watching the user type it.

Answer 200

**Video surveillance** Camera-based surveillance is a cheaper means of monitoring than maintaining separate guards at each perimeter gateway or zone. These cameras can be easily connected to already available IP-based network. A smart badge comes with an integrated chip and data interface that stores the user’s key pair and digital certificate. This type of security system requires additional resources to implement that will increase cost. A biometric device is activated by human physical features, such as a fingerprint. Each user’s biometric is recorded as a template and stored on an authentication server, which requires additional resources. A biometric device includes iris scanners. This requires additional resources.

Answer 201

**Work on the slow Internet connection first.** The network admin must approach multiple problems individually. Although issues with the slow Internet and the "HTTP 404" error may seem the same, both may be caused by different factors. Treat each issue separately. Questioning users will help with identifying the problem. However, questioning all users on the 7th floor is not an efficient use of time. A divide and conquer approach to an issue occurs when establishing a theory of the probable cause. Start with the layer of the OSI (open systems interconnection) model where the problem most likely resides, then go down or up the layers. This may be time-consuming. A plan of action would only occur after the cause of the issue has been confirmed through test(s). previous finish review

Answer 202

**Logging provides evidence of accountability.** **Logging provides for non-repudiation.** **Logging cannot identify an attacker.** The accounting function in authentication, authorization, and accounting (AAA) is generally performed by logging subject and object activity. Network operating system (NOS) and other applications and services can configure to log events. The main decision is which events to record. Logging is part of the accounting function in AAA. Accounting provides for non-repudiation (that is, a user cannot deny that they accessed or made a change to a file). Audit logs typically associate an action with a particular user. This is one of the reasons that it is critical that users not share logon details. If a user account is compromised, there is no means of tying events in the log to the actual attacker. Logs can detect intrusions and records failure-type events which are likely to be useful. Success type events can also be revealing if they show unusual access patterns.

Answer 203

**Configure multiple VLANs.** VLAN can reduce broadcast traffic when a network has expanded beyond a certain number of hosts or users. From a security point of view, each VLAN can represent a separate zone. The interconnections between switches are referred to as trunks. A basic setup will use one of the ports on each switch as a trunk port. Multiple VLANs can pass through these trunk ports by tagging each packet with the appropriate VLAN tag or ID. Port mirroring copies ingress and/or egress communications from one or more switch ports to another. This is used for monitoring purposes. Spanning Tree Protocol (STP) is switching protocol that prevents network loops.

Answer 204

**Duplicate MAC address** A duplicate Media Access Control (MAC) address will cause both hosts to contend with each other when responding to Address Resolution Protocols (ARP) queries. As a result, communications could be split between them or reach only one of the hosts. If Windows detects a duplicate IP (Internet Protocol) address it will display a warning and disable IP traffic. In this case, network traffic is still occurring. An expired IP addresses forces a client to renew its IP lease with any available DHCP (Dynamic Host Configuration Protocol) server. This does not apply to ARP requests. A default gateway setting is meant to provide a path for the client to communicate outside of its subnet. The current issue resides at Layer 2 of the Open Systems Interconnection (OSI) model.

Answer 205

**A node waits until media is clear before transmitting packets.** Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) protocol uses schemes such as "request to send" to gain access to the media. Nodes listen to the media before transmitting, and transmit when the media is clear. A node wanting to transmit, but detecting activity, must wait and try later. CSMA with Collision Detection (CSMA/CD) protocol defines methods for detecting a collision. When a signal is present on the interface transmit and receive lines simultaneously, the node broadcasts a jam signal. Virtual Local Area Network (VLAN) is a means of creating separate layer 2 broadcast domains on the same switch or configuring separate broadcast domains across distributed switches. Nodes that share the same broadcast address are within the same broadcast domain.

Answer 206

**Network performance issues** Network performance issues can cause connectivity to seem sluggish, preventing users from accessing local resources and the internet. A network performance baseline is a report showing the base performance of a given network before it is used. This can help in troubleshooting issues on the network in the future. A routing loop occurs when two routers use one another as the path to a network. Packets are caught in a routing loop circle around until the TTL expires. One symptom of a potential routing loop is for routers to generate ICMP Time Exceeded error messages. At layer 2, if a switch is not multicast-aware, it will treat multicast transmissions as broadcasts and flood them across all ports in the broadcast domain.

Answer 207

**1** The first step of the CompTIA Network+ troubleshooting methodology is identifying the problem, which includes approaching multiple problems individually and determining if anything has changed. The second step of the CompTIA Network+ troubleshooting methodology is establishing a theory of probable cause. This involves questioning the obvious and considering multiple approaches. The fourth step of the CompTIA Network+ troubleshooting methodology is to establish a plan of action to resolve the problem and identify potential effects. The fifth step of the CompTIA Network+ troubleshooting methodology is to implement a solution or escalate as necessary.

Answer 208

**Single-mode** Single-mode fiber cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics. Bidirectional (BiDi) transceivers support transmit and receive signals over the same strand of fiber. This uses WDM (Wavelength Division Multiplexing). Dense Wavelength Division Multiplexing (DWDM) provisions greater numbers of channels than CWDM (20, 40, 80, or 160). Coarse Wavelength Division Multiplexing (CWDM) supports up to 16 wavelengths and is typically used to deploy four or eight bidirectional channels over a single fiber strand.

Answer 209

**(48*64)/2=1536** The MTBF (Mean Time Between Failures) is the total time divided by the number of failures. Therefore, 64 devices times 48 hours divided by two failures equals 1,536 hours, or 64 days. This indicates that on average, when following an individual device, it will fail in about 1536 hours or 64 days. Multiplying the number of failures by the number of hours, and then adding the number of devices, does not give a meaningful result. Subtracting the number of hours from the number of devices, and then multiplying by the number of failures, does not give a meaningful result. Adding the number of devices to the number of hours, and then adding the dividing by the number of failures, does not give a meaningful result.

Answer 210

**Traps** A Trap is an agent that informs the monitor of a notable event (port failure, for instance). The threshold for triggering traps can be set for each value. Device queries take place over UDP port 161; traps are communicated over UDP port 162. Syslog is an example of a protocol and supporting software that facilitates log collection. It has become a de-facto standard for logging events from distributed systems. The Central Processing Unit (CPU) refers to the component in a device that executes commands given to it by a program or operating system. Each parameter stored in a MIB is referred to by a numeric Object Identifier (OID). A tree structure stores OIDs.

Answer 211

**EAP** Extensible Authentication Protocol (EAP) provides a framework for deploying multiple types of authentication protocols and technologies. Kerberos provides SSO authentication to Active Directory®, as well as compatibility with other, non-Windows operating systems. A single sign-on (SSO) system allows the user to authenticate once to a local device and be authorized to access compatible application servers without having to enter credentials again. TACACS+ is used in authenticating administrative access to routers and switches.

Answer 212

**pathping** The pathping command performs a trace route, then it pings each hop router a given number of times for a given period to determine the Round Trip Time (RTT) and measure link latency more accurately. The output also shows packet loss at each hop. The route command is a command utility to configure and manage the routing table on a Windows or Linux host. The arp command performs the task of resolving an Internet Protocol (IP) address to a hardware address. It can also be used to troubleshoot the arp table cache to diagnose local addressing issues. The dig command is a command-line tool like nslookup that queries Domain Name System (DNS) servers and provides detailed information about record lookups.

Answer 213

**Certificates** Digital certificates authenticate server machines when using Transport Layer Security (TLS). An administrator installs the certificates on a web or email server to validate its identity and establish a secure transmission channel. With Kerberos, clients request services from a server, which rely on an intermediary—a Key Distribution Center (KDC)—to vouch for their identity. Also, Kerberos does not use Transport Layer Security (TLS). Local authentication methods typically require username and password credentials to log on locally to a network or host. Single Sign-On (SSO) means that a user only has to authenticate to a system once to gain access to all its resources (that is, all the resources to which the user has been granted rights). previous

Answer 214

**Plenum** A plenum is a space above false ceilings in an office used by HVAC systems and wiring. Plenum-rated cable is fire retardant. Plenum-rated cable uses treated polyvinyl chloride (PVC) or fluorinated ethylene polymer. General-purpose cabling, such as non-plenum, uses polyvinyl chloride (PVC) jackets and insulation. Some coax installations use F-type connectors. For example, a broadband cable internet access service is likely to use this connector. F-connectors come in a secure screw-on form or as a non-threaded slip-on connector. Coaxial, or coax, the cable is made of two conductors that share the same axis, hence the name ("co" and "ax"). The core conductor of the cable is made of copper wire (solid or stranded) and is enclosed by plastic insulation (dielectric).

Answer 215

**The portal is not using a trusted certificate** Most modern browsers will block redirection to sites that do not use TLS. This means that the captive portal also needs to be installed with a digital certificate issued by a certification authority (CA) that is trusted by the client browser. Typically, a guest network is permitted access to the Internet but not to local servers. Most SOHO routers come with a preconfigured guest network. Internet of Things typically refers to embedded systems and is used within many sectors of industry, including energy generation and distribution, mining, etc. MAC filtering is not typically applied to a guest network, that would defeat the purpose of having a guest network.

Answer 216

**Change Management** A documented change management process minimizes the risk of unscheduled downtime by implementing changes in a planned and controlled way. If reverting to a known good configuration, then implement a solution directly. If the solution requires changes to the system or network environment, it will likely follow a change management plan. A disaster recovery plan (DRP) addresses large-scale incidents. These will typically be incidents that threaten the performance or security of a whole site. An incident response plan sets out the procedures, tools, methods of communication, and guidelines for dealing with security incidents. BYOD policies allow employee phones to be used on the corporate network if they meet the company's minimum specification (in OS version and functionality).

Answer 217

**QoS** Quality of Service (QoS) provides information about the connection to a QoS system, which in turn ensures that voice or video communications are free from problems, such as dropped packets, delay, or jitter. Routing information protocol (RIP) is a distance vector-based routing protocol that uses a hop count to determine the least-cost path to a destination network. Administrative distance (AD) is a metric determining the trustworthiness of routes derived from different routing protocols. A default route is an entry in the routing table to represent the forwarding path used if no other entries match another routing table entry.

Answer 218

**RA guard** With Router Advertisement Guard (RA Guard), switchport security feature blocks router advertisement packets from unauthorized sources. As with a switch, an access point can be configured with an accept or deny list of known MAC addresses. Port security refers to the IEEE 802.1X standard’s Port-Based Network Access Control (PNAC) mechanism. PNAC means that the switch performs some authentication of the attached device before activating the port. Captive portal means a guest network might be configured to redirect stations to a secure web page to perform authentication.

Answer 219

**Implementing patch management** Patch management refers to the procedures put in place to manage the installation of updates for hardware (firmware) and software. A secure hash algorithm is a means of fingerprinting a file to prove the integrity of a downloaded file. If the hashes do not match what the developer published, one should not trust the file. A hotfix is an update designed for and released to certain customers only, though they may be included in later service packs. When using a secure channel, such as Secure Shell (SSH) or HTTP, over SSL/TLS, the communications are protected by the host's private key.

Answer 220

**Dynamic Host Configuration Protocol (DHCP) snooping** **Address Resolution Protocol (ARP) inspection** ARP inspection prevents a host attached to an untrusted port from flooding the segment with gratuitous ARP replies. ARP inspection maintains a trusted database of IP:ARP mappings. DHCP snooping is a type of switch port security setting that inspects DHCP traffic arriving on access ports to ensure that a host is not trying to spoof its MAC address. MAC filtering on a switch means defining which MAC addresses are permitted to connect to a port, and helps protect against eavesdropping and guards against MAC flooding attacks. PNAC ensures only valid hosts are connecting to the network, and that the switch (or router) performs some sort of authentication of the attached device before activating the port.

Answer 221

**Generator** A generator is a standby power supply fueled by diesel or propane. A UPS must provide transitionary power in a power outage, as a network engineer cannot cut in a backup generator fast enough. Also called a backup generator. Heating, ventilation, air conditioning (HVAC) are control systems that maintain an optimum heating, cooling, and humidity level working environment for different parts of the building. Multipathing means that a network node has more than one physical link to another node. Fire suppression systems work based on the fire triangle. The fire triangle works based on the principle that fire requires heat, oxygen, and fuel to ignite and burn.

Answer 222

**Check sysem functionality.** After applying a solution, validate that it fixes the reported problem and that the system continues to function normally. Identify the results and effects of the solution. Documentation happens at the close of the support when all normal system functionality has been verified. Documenting findings, actions, and outcomes can help find and solve issues faster in the future. Escalating the problem occurs when you cannot prove the cause of the problem and support must be sent to the next tier level. An escalated issue is an unresolved issue. Duplicating a problem is a course of action commonly used when trying to identify the problem. A successful duplication usually provides a way forward to resolution.

Answer 223

**Application** The application layer applies the business logic to make decisions about how traffic should be prioritized and secured and where it should be switched. A management plane sits at the same level as the control plane to interface with the operational plane. The infrastructure layer is devices that handle the actual forwarding (switching and routing) of traffic and imposition of ACLs and other policy configurations for security. The access or edge layer allows end-user devices, such as computers, printers, and smartphones to connect to the network.

Answer 224

**Single-mode** Single-mode fiber cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics. Multimode fiber is inexpensive to deploy compared to single-mode fiber. As such, it does not support high signaling speeds or long distances as single-mode and is more suitable for Local Area Networks (LANs) than Wide Area Networks (WANs). A broadband cable Internet access service is likely to use this connector. F-connectors come in a secure screw-on form or as a non-threaded slip-on connector and are used with RG-59 and RG6 coaxial cable. UltraPhysical Contact (UPC) means that the cable and connector are polished to a high standard. Quad small form-factor pluggable (QSFP) is a transceiver form factor that supports 4 x 1 Gbps links.

Answer 225

**There is a single power supply for a critical server.** **There is a lack of a load balancing device.** Any critical servers, nodes or other critical network components should have redundant power supplies. A single power supply to a critical component is a single point of failure, which should be avoided. Load balancing devices should be used in any critical network. Backup generators are a good way to implement redundancy. If one is available, then this is good and does not need to be addressed by the consultant. All critical servers or file hosts should have some regular backup protocol implemented. If the main server is set up for full backup operations, then backup operations do not need to be addressed by the consultant.

Answer 226

**Disaster Recovery** A disaster recovery plan (DRP) addresses large-scale incidents. These will typically be incidents that threaten the performance or security of a whole site. A service level agreement (SLA) is a contractual agreement setting out the detailed terms of an ongoing provided service. A wireless site survey report overlays a floor plan with graphics showing signal strength and channel utilization at different points in the building. A standard operating procedure (SOP) in a fully documented environment will govern each task. An SOP sets out the principal goals and considerations, such as budget, security, or customer contact standards, for performing a task and identifies lines of responsibility and authorization for performing it.

Answer 227

**Remote desktop connection** Remote desktop connections allow an administrator to configure a server or a user to operate a computer remotely. Site-to-site VPN is incorrect because VPNs alone provide secured communications between WANs and do not enable remote systems control. Split tunnel vs. full tunnel is incorrect; this answer indicates which traffic is routed via a VPN gateway. In-band vs. out-of-band management is incorrect because it refers to managed and unmanaged network appliances. An appliance that is managed can be managed via a console port, aux port, or management port. Device management can be done in-band, over a link that shares traffic with other communications on the network, or out-of-band over a console cable.

Answer 228

**Independent Basic Service Set (Ad-Hoc)** In an ad hoc topology, the wireless adapter allows connections to and from other devices. In 802.11 documentation, this is called an Independent Basic Service Set (IBSS). Code Division Multiple Access (CDMA) means that each subscriber uses a code to key the modulation of their signal and this "key" is used by the receiver to extract the subscriber's traffic from the radio channel. The antenna type determines the propagation pattern or shape of the radio waves transmitted. Most wireless devices have simple omnidirectional vertical rod-type antennas, which receive and send signals in all directions more-or-less equally. Long Term Evolution (LTE) is a converged 4G standard supported by GSM and CDMA network providers.

Answer 229

**Systems hardening** The Nmap Security Scanner is widely used for scanning remote hosts and networks, both as an auditing and a penetration testing tool. Results can be used to harden systems. The pathping utility can be used to perform a trace route, then ping each hop router a given number of times for a given period to determine the Round Trip Time (RTT) for the path. The Address Resolution Protocol (ARP) command is used to perform the task of resolving a logical Internet Protocol (IP) address to a physical hardware address. The command-line packet sniffing utility tcpdump can be used to sniff packets on a network for troubleshooting or security purposes.

Answer 230

**B** The first octet for Class B falls from 128 – 191 and the netmask is 255.255.0.0 (/16). There are 16,000 Class B networks, each containing up to about 65,000 hosts. The first octet for Class C falls from 192 – 223 and the netmask is 255.255.255.0 (/24). Class C networks support only 254 hosts each. Class D addresses (224.0.0.0 through 239.255.255.255) are used for multicasting. Private ranges are from 10.0.0.0 to 10.255.255.255 (Class A), 172.16.0.0 to 172.31.255.255 (Class B), and 192.168.0.0 to 192.168.255.255 (Class C). Private addresses are defined in RFC 1918 as non-routable over the Internet.

Answer 231

**Operational** A management plane sits at the same level as the control plane to interface with the operational plane. This is used to implement monitoring of traffic conditions and network status. The operational plane implements device states, such as CPU and memory utilization. The infrastructure layer is devices that handle the actual forwarding (switching and routing) of traffic and imposition of ACLs and other policy configurations for security. The distribution or aggregation layer provides fault-tolerant interconnections between different access blocks and either the core or other distribution blocks.

Answer 232

**BYOD policy** Some companies operate on a bring your own device (BYOD) policy. BYOD means that the employee owns the mobile device and can be used on the corporate network so long as it meets a minimum specification required by the company (in terms of OS version and functionality). A system life cycle roadmap refers to the controlled acquisition, deployment, use, and decommissioning of assets. A wiring diagram (or pin-out) shows detailed information about the termination of twisted pairs in an RJ-45 or RJ-48C jack or Insulation Displacement Connector (IDC). A rack diagram records the position of each appliance in the rack.

Answer 233

**Distribution of the key or passphrase cannot be secured.** **Periodically changing the key is difficult.** **A Pre-Shared Key (PSK) fails to provide accounting.** A pre-shared key (PSK) means using a passphrase to generate the key that encrypts communications. However, with PSK, distribution of the key or passphrase cannot secure properly, and users may choose unsecure phrases. A pre-shared key (PSK) is also referred to as group authentication because a group of users shares the same secret. Therefore, PSK fails to provide accounting, as all users share the same key. With a pre-shared key (PSK) users may choose unsecure phrases. However, changing the key periodically, as would be good security practice, is difficult. The advantage of a pre-shared key (PSK) is that it is simple to set up. A PSK is generated from a passphrase, which is like a long password.

Answer 234

**VLAN hopping** VLAN hopping is designed to send traffic to a VLAN other than the one the host system is on. Such an attack can only send packets one way but could be used to perform a DoS attack against a host on a different VLAN. A brute force attack is a password attack where an attacker uses an application to try every alphanumeric combination to crack encrypted passwords. An on-path attack is where a threat actor compromises the connection between two hosts and transparently intercepts and relays all communications between them. A deauthentication attack sends a stream of spoofed deauth frames to cause a client to deauthenticate from an access point. This allows an attacker to sniff information.

Answer 235

**VPN headend** A network technician installed a VPN headend in the central office or hub. It needs to be a powerful machine capable of aggregating high traffic volumes. A load balancer can be deployed as a hardware appliance or software instance to distribute client requests across server nodes in a farm or pool. A proxy server fulfills requests for Internet resources on behalf of clients. The network technician must configure the proxy server itself with a public IP address on the external-facing interface. A DSL modem is installed as CPE, typically as a multifunction “wireless router.” The RJ-11 WAN port connects to the provider’s phone jack over a short length of ribbon cable.

Answer 236

**CVE** Common Vulnerabilities and Exposures (CVE) is a dictionary of vulnerabilities in published operating systems and applications software (cve.mitre.org). Automated vulnerability scanning software makes use of this dictionary to develop tests to discover vulnerabilities on live systems. External is anything that is outside of the environment, such as a network or system. It can also be associated with external attackers to the organization's network or system. A honeypot is a computer system set up to attract attackers, intending to analyze attack strategies and tools, provide early warning of attack attempts, or possibly as a decoy to divert attention from actual computer systems. Internal is anything that is inside the environment, such as a network or host.

Answer 237

**WPA2 is not supported by some adapters.** **WPA2 is not supported by some access points (APs).** **WPA2 is not supported by some operating systems.** WPA2 is fully compliant with the 802.11i WLAN security standard. One of the only reasons not to use WPA2 is if it is not supported by adapters. WPA2 is fully compliant with the 802.11i WLAN security standard. One of the only reasons not to use WPA2 is if it is not supported by access points (APs). WPA2 is fully compliant with the 802.11i WLAN security standard. One of the only reasons not to use WPA2 is if it is not supported by operating systems on the network. The only reason not to use WPA2 is if it is not supported by adapters, APs, or operating systems on the network. Often, devices will be compatible with a firmware or driver upgrade.

Answer 238

**Wi-Fi Protected Access 2 (WPA2)** War driving means driving around with a wireless-enabled laptop scanning for unsecure WLANs. Wi-Fi Protected Access 2 (WPA2) is fully compliant with the 802.11i WLAN security standard, and is currently the most secure. Wi-Fi Protected Access (WPA) is designed to fix the security problems with Wired Equivalent Privacy (WEP), and uses Temporal Key Integrity Protocol (TKIP) to make it stronger, but is not as secure as WPA2. Wired Equivalent Privacy (WEP) is Wi-Fi's original security mechanism, and the encryption system (based on the RC4 encryption cipher) is flawed. The flaws in WEP allow attackers using WEP cracking tools. WPA can implement 802.1x and uses Extensible Authentication Protocol (EAP) which is a wireless authentication framework, not an encryption scheme, to relay user credentials between a client and server.

Answer 239

**Firewall** A firewall is a hardware device or application that is used to protect a network from another. Systems can be placed on a network's edge by utilizing a demilitarized zone (DMZ) configuration. A router is a hardware appliance or application that connects different networks for communication purposes but keeps them separate. A router is a layer 3 device and communication between networks is done with routing tables. A network switch in its simplest form is a layer 2 network device. Switches can handle and control traffic based on a node's physical address which is also known as a hardware address or media access control (MAC) address. A bridge is an appliance or application that connects different networks as if they were one. In modern implementations, switches and routers are commonly used rather than a bridge.

Answer 240

**RC4** WEP's encryption system (based on the RC4 encryption cipher) is flawed. Version 1 of WPA still uses the RC4 cipher, but it adds a mechanism called the Temporal Key Integrity Protocol (TKIP) to make it stronger. AES replaced RC4. TKIP is a mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard. CCMP is an encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol. AES is a symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.

Answer 241

**Multicast** IPv4 multicasting allows one host on the Internet (or private IP network) to send content to other hosts that have identified themselves as interested in receiving the originating host's content. Anycast means that a group of hosts is configured with the same IP address. It allows for load balancing and failover between the server hosts sharing the IP address. When an IPv4 host wants to send a packet to a single recipient, it uses a unicast packet, addressed to the IP address of the destination host. A broadcast can be performed by sending a packet to the network or subnet's broadcast address.

Answer 242

**Port Mirroring** Port mirroring copies ingress and egress communications from one or more switch ports to another port. This monitors communications passing over the switch and is also called a switched port analyzer (SPAN). On a switch with VLANs configured, a port with an end station host connected operates in untagged mode (access port). A tagged port will be part of a trunk link. Port security prevents a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile. Flow control allows a server to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames. This is also called 802.3x.

Answer 243

**System lifecycle** The inventory system is tracking the system lifecycle which is a method to track the life cycle phases of one or more hardware, service, or software systems in your organization. An assessment report evaluates the configuration and deployment assets, such as deviation from baseline configuration or performance, and makes recommendations where the network is not meeting goals for performance or security. A documented change management process dictates the process for approving, preparing, supporting, and managing new or updated business processes or technologies. Data loss prevention (DLP) products scan content in structured formats (such as a database with a formal access control model) or unstructured formats, such as email or word processing documents.

Answer 244

**Crimper** A cable crimper is used to create network cables with terminated ends such as a patch cable. Different types of crimpers are specific to the type of connector and cable. A cable tester provides detailed information on the physical and electrical properties of the cable. For example, they test and report on cable conditions, crosstalk, attenuation, noise, resistance, and other characteristics of a cable run. A punch down tool terminates fixed cables into an IDC (insulation displacement connector) such as a 66 block and 110 block. An OTDR (optical time domain reflector) is a fiber optic testing tool. it tests for attenuation using an optical source and optical power meter (or light meter).

Answer 245

**Exploits** Exploits are either developed by threat actors or exposed by unintentional weaknesses in procedures. Threat assessment is the process of identifying threat sources and profiling the types and capabilities of threat actors. The client submits the Kerberos credentials (a Ticket Granting Ticket) obtained when the user logged onto the workstation to the server using the Generic Security Services Application Program Interface (GSSAPI). Lightweight Directory Access Protocol (LDAP) is not a directory standard but a protocol used to query and update an X.500-like directory. Network Access Control (NAC) is a system for authenticating endpoints when they connect to the network.

Answer 246

**Routing loops** A routing loop occurs when two routers use one another as the path to a network. Packets are caught in a routing loop circle around until the TTL expires. One symptom of a potential routing loop is for routers to generate ICMP Time Exceeded error messages. A switching loop is where flooded frames circulate the network perpetually. Asymmetrical routing refers to a topology where the return path is different from the forward path. Another issue is that a host has been placed in an incorrect VLAN. VLAN assignments can be configured manually, and the administrator may have made a mistake, so check the interface configuration for the switch port.

Answer 247

**To confirm the routing path from a Windows server.** **To test the network connectivity of the remote host.** The ping command is used to perform a basic connectivity test on a remote host by sending ICMP (Internet Control Message Protocol) packets and receiving a reply message. The tracert command is a Windows IP diagnostic utility used to trace the route taken by a packet as it hops to the destination host on a remote network. The traceroute command is a Linux/UNIX IP diagnostic utility used to trace the route taken by a packet as it hops to the destination host on a remote network. The netstat command is a utility to show network information on a machine running TCP/IP, notably active connections and the routing table.

Answer 248

**Smart Badge** **Biometric Device** A smart badge comes with an integrated chip and data interface that stores the user’s key pair and digital certificate. The user presents the card and enters a PIN and then the card uses its cryptographic keys to authenticate securely via the entry point’s badge reader. A biometric device is activated by human physical features, such as a fingerprint, voice, retina, or signature. Detection-based controls provide an important additional layer of defense in the event that prevention-based controls, such as key fob security, fail to work. Radio Frequency Identification (RFID) is a means of encoding information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else.

Answer 249

**STP** Shielded twisted pair cabling is a type of twisted pair cable that is less susceptible to interference and crosstalk because each pair is surrounded by a braided shield. Ethernet can use Unshielded Twisted Pair (UTP) rated to a particular Cat standard. UTP is made of twisted pair wires that do not use shielding to prevent interference. Coaxial (or coax) cable is made of two conductors that share the same axis, hence the name ("co" and "ax"). The core conductor of the cable is made of copper wire (solid or stranded) and is enclosed by plastic insulation (dielectric). Single mode cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics.

Answer 250

**Wrong antenna type** Antennas transmit signals in different ways. For example, an access point (AP) designed for ceiling mounting may produce a stronger signal in a cone directed downwards. The office should install an AP with an outward omnidirectional path with a stronger signal. An SSID (Service Set Identifier) is the name of the wireless AP. This has no relevance on the power of the signal. A frequency mismatch such as an AP operating at 5 GHz and clients using the 2.4 GHz band, will affect the connection. Frequency type was not mentioned in this case. Placing the antenna in the middle of the office is the ideal placement. However, the antenna's signal transmission and path were not optimized for its location.

Answer 251

**IIS service is not running.** **TCP (Transmission Control Protocol) ports are blocked.** The application on the client workstation may be communicating over a blocked Transmission Control Protocol (TCP) port. The workstation can communicate using Telnet via TCP port 23; ports may need to be manually allowed in and out. The IIS service may not be working, causing the client application not to connect as well. Services on a Windows computer is viewable using the Services management console (services.msc). The client application was trying to communicate with the Internet Information Services (IIS) server using an IP (Internet Protocol) address. A Fully Qualified Domain Name (FQDN) was not referenced. The client was not accessing the IIS server using a web browser, which indicates if a server certificate was installed or trusted.

Answer 252

**NetworkManager** **ipconfig** **dhclient** A Windows client can be forced to release a lease with a command such as ipconfig. A Windows host that fails to obtain a lease will revert to an automatic IP address (APIPA) and select an address in the 169.254.0.0/16 range. In Linux, the utility dhclient is often used. Linux might use link-local addressing, set the address to unknown (0.0.0.0), or leave the interface unconfigured. Modern Linux distributions might use NetworkManager or systemd-networkd. The client can renew the lease when at least half the lease's period has elapsed (T1 timer). A secondary DNS server holds a read-only copy of the zone. This is maintained through a process of replication known as a zone transfer from a primary name server.

Answer 253

**/etc/passwd stores user settings** Linux supports multiple users with multiple user accounts. User settings are stored in the /etc/passwd file which determines many aspects of security in Linux. The user password is typically stored as an encrypted hash in the /etc/shadow file along with other password settings, such as age and expiration date. In Linux, local user account names are stored in /etc/passwd. There is no interactive login information saved in this file. Interactive login over a network is typically accomplished using Secure Shell (SSH). In Linux, Domain Name Sustem (DNS) server names are specified in the /etc/resolv.conf file.

Answer 254

**Humidity** **Flooding** There may be natural or person-made flood risks from nearby water sources and reservoirs or leaking plumbing or fire suppression systems. Electrical systems need to be shut down immediately in the presence of any significant amount of water. More water vapor in the air (humidity) risks condensation forming within a device chassis, leading to corrosion and short circuit faults. Computer systems need a stable power supply, free from outages (blackouts), voltage dips (brownouts), and voltage spikes and surges. High temperatures will make it difficult for device and rack cooling systems to dissipate heat effectively. High temperatures increase the risk of overheating components within the device chassis and consequent faults.

Answer 255

**SAN** Storage Area Network (SAN) is one that interconnects storage devices such as Redundant Array of Independent Disks (RAID) arrays or tape drives to make "pools" of shared storage capacity available to servers. It uses jumbo frame packets and network Maximum Transmission Unit (MTU) settings at about 900. Metropolitan Area Network (MAN) is a term used to describe a network smaller than a WAN such as a city-wide network encompassing multiple buildings. Campus Area Network (CAN) is sometimes used for a LAN that spans multiple nearby buildings such as a college campus. Wide Area Network (WAN) is a network of networks, connected by long-distance links. A typical enterprise WAN would connect multiple sites, possibly in different countries.

Answer 256

**SaaS** Software as a Service (SaaS) is a computing method that uses the cloud to provide application services to users. An example is Google G Suite. It is regularly updated online and users do not need to install anything extra. The services are accessible online. Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly. Platform as a Service (PaaS) provides resources between SaaS and IaaS. It includes servers and storage network infrastructure with a multi-tier web application on top. The term private refers to a cloud service owned and serviced entirely by the company and not an external entity. This is time-consuming to build out.

Answer 257

**Firewall** It is usually important for traffic passing between networks to be filtered. A basic firewall operates at layer 3 to enforce an access control list (ACL). An intrusion prevention system (IPS) can provide an active response to any network threats that it matches. One typical preventive measure is to end the session by sending a TCP reset packet to the attacking host. A load balancer can switch client traffic to alternative processing nodes, reducing bottlenecks and allowing for failover services in the event of a host or network route going down. A media converter is a device that converts one media signaling type to another.

Answer 258

**Disable unnecessary network protocols.** **Change default system credentials.** Use secure protocols such as Simple Network Management Protocol (SNMP) version 3 (that uses encryption) rather than SNMPv1 or v2 that does not use encryption. Devices such as wireless access points, switches, and routers sometimes ship with a default management password and should be changed during installation. The wireless antenna power levels can be tuned to reduce the wireless coverage so that the wireless reception is only retrievable from the lobby rather than from the parking lot or other external areas. Geofencing is used with wireless networking to ensure a station is within a geographic area to access the network while a VLAN creates a separate broadcast domain. Neither apply as a solution.

Answer 259

**The power level** Changing the power level of the access point (AP) will effectively reduce the range of the wireless signal. Using the maximum available power of an AP can result in the signal extending to neighboring businesses or offices. Changing the wireless channel is appropriate if there was a channel overlap with another AP in the area using the same frequency. Changing the 802.11 standard to, for example, g to n can cause compatibility issues with current wireless clients. This is most justified when the organization is ready to upgrade. Changing the security type will reduce signal range. This is most appropriate if a higher level of security is required such as Wi-Fi Protected Access version 2, Enterprise (WPA2-Enteprise).

Answer 260

**Flow Control** IEEE 802.3x flow control allows a server to instruct the switch to pause traffic temporarily. This traffic pause helps avoid overwhelming its buffer and causing it to drop frames. A jumbo frame supports a data payload of up to around 9,000 bytes. This support reduces the number of frames that need to be transmitted. The Neighbor Discovery (ND) protocol performs some functions on an IPv6 network that ARP and ICMP perform under IPv4. A port security configuration validates the MAC address of end systems that connect to a switch port.

Answer 261

**The certificate's subject name does not match the URL** This is usually a configuration error on the webserver manager, but it could indicate malicious activity, confirm the certificate's common name and access the website using that URL. Internet connectivity is not needed for certificate trust. The certificate needs to be already installed on the device and trusted. A virtual LAN (VLAN) is a feature of managed Ethernet switches. This is for network segmentation and would not interfere with certificate trust. The Domain Name System (DNS) is a global hierarchy of distributed name server databases that contain information on domains and hosts within those domains. This would not necessarily cause any certificate problems.

Answer 262

**IP spoofing** IP spoofing is also used in most denial of service (DoS) attacks to mask the attack's origin and make it harder for the target system to block packets from the attacking system. In this type of spoofing, the threat actor does not care about not receiving return traffic. A botnet is a group of compromised hosts that can be used to launch DDoS and DRDoS attacks. A threat actor will first compromise one or two machines to use as handlers or herders. With MAC spoofing, a host can arbitrarily select any MAC and IP address and attempt to use it on the network. A threat actor might exploit this to spoof the value of a valid MAC or IP address to circumvent an access control list or impersonate a legitimate server.

Answer 263

**On-path attack** An on-path attack is a specific type of spoofing attack where a threat actor compromises the connection between two hosts and transparently intercepts and relays all communications between them. A rogue access point (AP) is when a wireless AP has been installed on the network without authorization, whether with malicious intent or not. Domain Name System (DNS) poisoning compromises name resolution, replacing the valid IP address for a trusted website with the attacker's malicious IP address. Phishing is an email-based social engineering attack, where the attacker sends email from a supposedly reputable source to try to elicit private information from the victim.

Answer 264

**They will limit the signal's range.** A low-powered access point (AP) and background interference, such as other wireless signals in the same frequency band, will greatly reduce the distance, or reach, of the AP to other clients. Overcapacity of the AP is when there are large amounts of connections that reduce network bandwidth. This will not be the case if the AP cannot reach other clients. A secondary AP with a signal in the same channel will mostly cause interference rather than limit distance. However, no other AP is mentioned in this case. Signal absorption is caused by types of walls and even windows, not because of lower signal strength or interference. Concrete walls are the most absorbant.

Answer 265

**Fixing conductor connections** Fixed cable is terminated using a punch down tool. This tool is used to fix cable conductors into a patch panel Insulation Displacement Connector (IDC). A multimeter can be used to check physical connectivity. The primary purpose of a multimeter is for testing electrical circuits, but they can test for the continuity of any sort of copper wire. A loopback adapter is used by a Network Interface Card (NIC) to send and receive to itself. This is used to test for faulty ports and network cards. Software port discovery can be achieved by using a utility such as the netstat command which allows for checking the state of ports on a local host.

Answer 266

**Dynamic ARP inspection** A switch port security feature such as dynamic ARP inspection (DAI) prevents a host attached to an untrusted port from flooding the segment with gratuitous ARP replies. Role-based access means that a set of organizational roles are defined, and subjects are allocated to those roles. With guest network isolation, a guest network can have separate security and forwarding policies than the network that permits access to the corporate LAN. As with a switch, an access point can be configured with an accept or deny list of known MAC addresses.

Answer 267

**Secure Socket Layer (SSL)** Transport Layer Security (TLS) was developed from SSL and ratified as a standard by the IETF. HTTP enables clients (typically web browsers) to request resources from an HTTP server. Secure Shell (SSH) is the principal means of obtaining secure remote access to UNIX and Linux servers and most types of network appliances (switches, routers, and firewalls). Secure FTP (SFTP) addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer between client and server.

Answer 268

**GSM** Global System for Mobile Communication (GSM)-based phones are a 2G format that uses TDMA. With TDMA, each subscriber gets access to the radio channel by being allocated a time slot. GSM allows subscribers to use a subscriber identity module (SIM) card to use an unlocked handset with their chosen network provider. In 802.11 documentation, this is called an Independent Basic Service Set (IBSS). This topology does not require an access point. Long Term Evolution (LTE) is a converged 4G standard supported by GSM and CDMA network providers. A network engineer has renamed Wi-Fi standards with simpler digit numbers. 802.11n is now officially designated as Wi-Fi 4.

Answer 269

**Duplex** Duplex is a communication configuration. Full-duplex refers to a communication type, such as network links, that allow simultaneously sending and receiving. Most network links are full-duplex. Straight-through refers to cabling, such as twisted pair cabling, where pins on one end of the cable match the pins on the opposite end. Multimode fiber is inexpensive to deploy compared to single mode fiber. As such, it does not support long distances as single mode and is more suitable for Local Area Networks (LANs) than Wide Area Networks (WANs). Bidirectional refers to two-way communication. Bidirectional does not imply the ability for full-duplex and may only be half-duplex. This means send and receive is taken in turns.

Answer 270

**Fire extinguishers** **Sprinkler systems** An organization may need to implement fire extinguishers which come in several different types, where each type is suitable for fighting a particular class of fire. An organization may need to implement an overhead sprinkler system. Wet-pipe sprinklers work automatically and discharge water but there are several alternatives that can minimize damage caused by water. A cold site is an empty building with a lease agreement in place to install required equipment in the face of a disaster. A backup power generator can provide power to the whole building, often for several days but cannot come online fast enough to respond to a power failure.

Answer 271

**Crossover** Most switch interfaces use auto-MDI/MDIX by default, based on current configurations. However, they can be disabled or enabled. If the auto-MDI/MDIX is not enabled, then connecting two MDI ports requires a crossover cable. Bidirectional refers to two-way communication. Bidirectional does not imply the ability for full-duplex and may only be half-duplex. This means send and receive is taken in turns. Duplex is a communication configuration. Full-duplex refers to a communication type, such as network links, that allow simultaneously sending and receiving. Straight-through refers to cabling, such as twisted pair cabling, where pins on one end of the cable match the pins on the opposite end.

Answer 272

**3389 (RDP)** Remote Desktop Protocol (RDP) is Microsoft's protocol for operating remote GUI connections to a Windows machine. RDP uses TCP port 3389. Virtual Network Computing (VNC) is a remote access tool and protocol. VNC is the basis of macOS screen sharing but is used by many vendors and typically uses port 5900 by default. Telnet is a protocol supporting unsecure terminal emulation for remote host management. Telnet runs over TCP port 23. LDAP is not a directory standard, but a protocol used to query and update an X.500-like directory that uses UDP port 389.

Answer 273

**Process assessment** Process assessment involves identifying critical systems and assets that support these functions. Security Information and Event Management (SIEM) is a security control designed to integrate vulnerability and threat assessment efforts through automated collection, aggregation, and log data analysis. The local authentication provider is the software architecture and code that underpins the mechanism by which the user is authenticated before starting a shell. An authentication technology or mechanism is considered strong if it combines more than one authentication data type (multifactor).

Answer 274

**ipconfig /release** **ipconfig /renew** **ipconfig /all** The ipconfig utility is used to verify the IP configuration on Windows-based systems. The /release option releases the IP address obtained from a DHCP Server. The ipconfig /renew command, when run after the /release option will force the server to renew or retrieve a new lease on a new IP address. The ipconfig /all command is used to verify IP configurations in detail. It can be used to also verify any immediate changes on the network adapter. The ipconfig /flushdns command is used to clear the DNS (Domain Name System) resolver cache. This is not necessary in this case.

Answer 275

**Distance vector** Distance vector protocols use the number of hops to the destination as the metric. The route with the fewest hops is the least-cost path and, as such, is the used path. In link states, each node independently calculates the next best logical path to all network destinations. For each protocol that it runs, the router maintains a routing information base of routes discovered by that protocol. Some protocols use a hybrid of different distance vectors, link states, and other methods to perform path selection more efficiently. Convergence is the process whereby routers running dynamic routing algorithms agree on the network topology. Routers must be capable of adapting to changes.

Answer 276

**Overlap** Channel overlap is important to minimize as it will help prevent interference with connections and data transfer over a wireless network. Radiofrequency attenuation (RF attenuation) is the loss of signal strength due to distance and environmental factors. Also referred to as free space path loss. Ensuring the channels do not overlap in wireless access point setup does not relate to DNS issues. If someone were unable to browse specific websites, that might be a DNS issue. A site survey would help with insufficient wireless coverage. However, it would not prevent channel overlap issues.

Answer 277

**The netstat command** The netstat command allows an admin to check the state of ports on the local host and check for service misconfigurations. This can help identify if the application is connecting to the correct web server on the correct port. It will also list all active connections. The tracert command is used to trace the route taken by a packet as it hops to the destination host on a remote network. This is best used to figure routing issues in between the source and destination. The route command can be used to view and modify the routing table of a Windows or Linux system. The traceroute command functions similarly to the tracert command, but used on Linux systems.

Answer 278

**Bus** A physical bus topology with more than two nodes is a shared access topology, meaning that all nodes share the bandwidth of the media. In a physical ring topology, each node is wired to its neighbor. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor. In a star topology, each endpoint node is connected to a central forwarding node, such as a hub, switch, or router. A mesh topology is commonly used in WANs. In theory, a mesh network requires that each device has a point-to-point link with every other device on the network (fully connected).

Answer 279

**South** The SDN controller and infrastructure device traffic are the "southbound" API calls. The principal innovation of SDN is to insert a control layer between the application layer and the infrastructure layer. The interface between SDN applications and the SDN controller is described as the service interface or as the "northbound" API. In data centers that support cloud and other Internet services, most traffic is actually between servers within the datacenter. This is referred to as east-west traffic. There is no distinction between east and west when referring to server-to-server communications.

Answer 280

**Snip** Snips are electrician’s sturdy scissors to cut the wire and are notched to assist with stripping insulation from the wire. Wire map testers can identify continuity, short, incorrect pin-out/incorrect termination/mismatched standards. A rollover cable or console cable connects a PC or laptop to the command line terminal of a switch or router. The console port connection on the appliance is a standard RJ-45 jack (but wired differently to Ethernet). A cable tester reports detailed information on the physical and electrical properties of the cable.

Answer 281

**Fire Suppression** Fire suppression systems work based on the fire triangle. The fire triangle works based on the principle that fire requires heat, oxygen, and fuel to ignite and burn. The state is the measure or the condition of an item. A type of modem (typically cable or digital subscriber line) connects to the Internet Service Provider's (ISP's) network. A cold site takes longer to set up than other options. A cold site may be an empty building with a lease agreement to install any required equipment when necessary to set up the site.

Answer 282

**Mesh** A mesh topology is commonly used in WANs. In theory, a mesh network requires that each device has a point-to-point link with every other device on the network (fully connected). In a physical ring topology, each node is wired to its neighbor. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor. In a star topology, each endpoint node is connected to a central forwarding node, such as a hub, switch, or router. A physical bus topology with more than two nodes is a shared access topology, meaning that all nodes share the bandwidth of the media.

Answer 283

**Humidity** Regarding humidity, more water vapor in the air risks condensation forming within a device chassis, leading to corrosion and short circuit faults. Conversely, very low humidity increases the risks of static charges building up and damaging components. Regarding electricity, computer systems need a stable power supply, free from outages (blackouts), voltage dips (brownouts), and voltage spikes and surges. The high temperature will make it difficult for device and rack cooling systems to dissipate heat effectively. Regarding flooding, there may be natural or person-made flood risks from nearby watercourses and reservoirs or leaking plumbing or fire suppression systems.

Answer 284

**Try and duplicate the problem.** Duplicating the issue on another server in a lab environment is the best approach. The network admin has notated recent changes on the server and its symptoms, which can lead to a theory of probable cause. Only one performance issue has been reported by the user. This may include latency or packet loss, which is why notating symptoms are important. Questioning the obvious occurs when theorizing a probable cause, not while still trying to identify the problem. Considering multiple approaches occurs when trying to establish a theory of probable cause. This may include a top-to-bottom/bottom-to-top OSI (Open Systems Interconnection) model approach or to divide and conquer.

Answer 285

**Data Loss Prevention** Data loss prevention (DLP) products scan content in structured formats. This includes a database with a formal access control model and unstructured formats, such as email or word processing documents. DLP products use some dictionary database or algorithm (regular expression matching) to identify confidential or personal/sensitive data. A logical network diagram provides a graphical representation of a network in a hierarchical fashion that doesn't require a physical location but does exist. A floor plan is a detailed diagram of wiring and port locations. A documented change management process minimizes the risk of unscheduled downtime by implementing changes in a planned and controlled way.

Answer 286

**Wireless controller** A wireless controller is a hardware device or software application which can centralize the management function of a wireless network. An extended service set is defined in a wireless network. A multilayer switch routes based on the contents of packets at layers 3 and up and more effectively in a VLAN environment. A multilayer switch is an appropriate solution for this scenario. A Voice over Internet Protocol (VoIP) Private Branch Exchange (PBX) is the core switch that controls all function found in a VoIP system. Remote Authentication Dial-in User Service (RADIUS) is a standard protocol used to manage remote and wireless authentication infrastructures.

Answer 287

**UDP ports 67 and 68; a protocol for automatically assigning IP address information** Dynamic Host Configuration Protocol (DHCP) is a protocol used to automatically assign IP addressing information to IP network computers. It uses UDP ports 67 and 68. Domain Name System (DNS) is a service that maps names to IP addresses on most TCP/IP networks, including the Internet. It uses UDP and TCP port 53. Telnet is terminal emulation software to support a remote connection to another computer. It uses TCP port 23. Remote Desktop Protocol (RDP) is Microsoft's protocol for operating remote GUI connections to a Windows machine. It uses TCP port 3389.

Answer 288

**Speaker** The penetration tester could implement a headless hub as a smart speaker operated by voice control or smartphone/PC app for configuration. IoT endpoints implement the function, such as a thermostat or heating control that you can operate remotely. Because they're effectively running mini-computers, smart devices are vulnerable to some of the standard attacks associated with web applications and network functions. These devices, such as doorbells, are capable of computing, storage, and network functions potentially vulnerable to exploits. Refrigerators are another type of IoT device. Most smart devices use a Linux or Android kernel, refrigerators included.

Answer 289

**Close unused device ports** **Configure port security** Port security refers to the IEEE 802.1X standard’s Port-Based Network Access Control (PNAC) mechanism. PNAC means that the switch performs some sort of authentication of the attached device before activating the port. Physical access may allow an attacker to use hardware ports such as USB or a router's console port to gain access. Unused device ports should be disabled or be segmented to a black hole virtual LAN (VLAN). Telnet is considered a vulnerable protocol because all communications can be sniffed and read in cleartext. Use secure shell (SSH) instead to remotely manage devices securely. Simple Network Management Protocol (SNMP) version 1 and SNMPv2, are unencrypted. Use SNMPv3 to take advantage of encrypted communication features.

Answer 290

**MTBF** Mean Time Between Failures (MTBF) is a measurement that represents the expected lifetime of a particular product or network asset. The Mean Time To Repair (MTTR) is a measure of the expected time expense required to correct a fault to restore the system to full operations. Maximum Tolerable Downtime (MTD) is the upper limit of time that a given business process can be inoperative before the organization's survival is at risk. Latency is the amount of time it takes for data to get from one designated point to another. This can be measured in various ways with different software applications.

Answer 291

**TTL** Each resource record can be configured with a default time to live (TTL) value, measured in seconds. If there is a change to a resource record, server and client caching means that the updated record can be relatively slow to propagate. An A record is used to resolve a hostname to an IPv4 address. This is the most common type of record in a Domain Name System (DNS) zone. A PTR (pointer) record is found in reverse lookup zones and is used to resolve an IP address to a hostname. Top-level NTP servers (stratum 1) obtain the Coordinated Universal Time (UTC) via a direct physical link to an accurate clock source.

Answer 292

**In-band vs. out-of-band management** In-band vs. out-of-band management is incorrect because it refers to managed and unmanaged network appliances. An appliance that is managed can be managed via a console port, aux port, or management port. Device management can be done in-band, over a link that shares traffic with other communications on the network, or out-of-band over a console cable. SSH (secure shell) is a secure way to connect remotely to a network appliance for in-band management. Split tunnel vs. full tunnel refers to private network traffic or all network traffic routed via the VPN gateway. Authentication and authorization considerations are important when giving privileges to network administrators but are not methods of network appliance management.

Answer 293

**Location of a line break** An optical time domain reflectometer transmits light-based signals of different wavelengths over fiber to find the distance of a line break. A light meter is used with fiber cable to determine if a line break exists by testing attenuation. A multimeter can be used to check physical connectivity. The primary purpose of a multimeter is for testing electrical circuits, but they can test for the continuity of any sort of copper wire. Electromagnetic Interference (EMI) from radio or electromagnetic sources working in the same frequency band as a Wi-Fi device can be detected with a spectrum analyzer.

Answer 294

**Network** Layer 3, or the Network layer, is responsible for moving data around a network and routing data packets with IP addresses. Layer 1, or the Physical layer, is responsible for the transmission and receipt of bits using some form of transmission or physical device. This layer can test other devices, provided that network cables are working fine. Layer 7, or the Application layer, provides an interface for software that has established communications through lower-level protocols to exchange data. The other test devices did not require this. Layer 5, or the Session layer, represents the dialog control functions to exchange messages between the client and server. The other tested devices did not need to establish a session.

Answer 295

**NFV** Virtual appliances might be developed against a standard architecture, such as ETSI's Network Function Virtualization (NFV). NFV divides provisioning into three domains. Typically, a hypervisor will implement network connectivity by means of one or more virtual switches (or vSwitch in VMware's terminology). These perform the same function as Layer 2 physical switches. In a virtualization host, the hypervisor manages the virtual environment (such as virtual NICs) and facilitates interaction with the computer hardware and network. Multiprotocol Label Switching (MPLS) is a means of establishing private links with guaranteed service levels. MPLS can operate as an overlay network to configure point-to-point or point-to-multipoint links.

Answer 296

**Co-channel interference** Co-channel interference (CCI) can be more accurately described as contention. When multiple access points overlap and use the same channel, opportunities to transmit are reduced. Adjacent channel interference (ACI) occurs when access points are configured to use different but overlapping channels, such as 1 and 3 in the 2.4 GHz band. Overcapacity (or device saturation) occurs when too many client devices connect to the same AP. Antenna cable attenuation is signal loss caused by an external antenna connected to an access point over cabling. previous finish review next

Answer 297

**Memory** If system memory utilization is very high, an upgrade might be required, or a network issue may be present. Jobs stored in memory can cause problems with system processes if there is not enough memory to store open jobs. CRC errors are caused by interference. This interference might be due to poor quality cable or termination, attenuation, mismatches between optical transceivers or cable types, or some external factor. Link state measures whether an interface is working (up) or not (down). You may also want to track the uptime or downtime percentage so that you can assess a link's reliability over time. High CPU utilization can indicate a problem with network traffic, or there may be a need for an upgrade.

Answer 298

**Runts** **Giants** Runts are packets that are too small and will likely be discarded or dropped. Giants are packets that are too large and will likely be discarded or dropped. Most Ethernet interfaces operate in full-duplex mode. If an interface is operating in half-duplex mode, there is likely to be a problem unless you support a legacy device. Speed is the rated speed of the interface, measured in Mbps or Gbps. Syslog is an example of a protocol and supporting software that facilitates log collection. It has become a de-facto standard for logging events from distributed systems.

Answer 299

Layer 1 of the Open System Interconnect (OSI) model is the Physical layer. It specifies the physical topology and physical interface. It is responsible for the transmission and receipt of bits from one node to another node. Layer 2 of the OSI model is the Data Link layer. It is responsible for transferring data between nodes on the same logical segment using local or hardware addresses (e.g. MAC address). Layer 3 of the OSI model is the Network layer. Information is sent using logical network addresses (e.g. IP address). Layer 5 of the OSI model is the Session layer. It represents the dialog control functions that administer the process of establishing the dialog, managing data transfer, and then ending (or tearing down) the session.