a tool for testing network cabling to ensure proper connectivity and configuration primarily used to check the continuity of conductors in cables, verifying that each conductor is correctly connected. Can identify faults such as :open circuits, shorts, crossed pairs, and reversed connections in twisted pair cables.

to the difference in propagation delay between any two pairs within the same cable sheath it impacts the timing and synchronization of signals transmitted through network cables.

Chap 5 - Network Troubleshooting Flashcards by Nicholas McCarthy

What are the CompTIA troubleshooting steps?

Identify symptoms of the problem
Establish a theory of probable cause (attempt to duplicate problem)
Test the theory to determine cause (includes replacing hardware components)
Establish a plan of action to resolve the problem and identify potential effects
Implement the solution or escalate as necessary
Verify full system functionality and, if applicable, implement preventive measures
Document findings, actions and outcomes

How well did you know this?

Not at all

Perfectly

5-5: Which of the following troubleshooting stpes involves asking the user preliminary questions such as, “What were you doing when the problem occurred?”

Identify symptoms of the problem
Establish a theory of probable cause
Test the theory to determine cause
Establish a plan of action to resolve the problem and identify potential effects
Implement the solution or escalate as necessary
Verify full system functionality and, if applicable, implement preventive measures
Document findings, actions and outcomes

Identify symptoms of the problem

How well did you know this?

Not at all

Perfectly

5-7: In which troubleshooting step do you try to duplicate a network problem and logically and methodically elminate elements that are not the source of the problem?

Identify symptoms of the problem
Establish a theory of probable cause
Test the theory to determine cause
Establish a plan of action to resolve the problem and identify potential effects
Implement the solution or escalate as necessary
Verify full system functionality and, if applicable, implement preventive measures
Document findings, actions and outcomes

Establish a theory of probable cause

How well did you know this?

Not at all

Perfectly

5-8: Ralph is a first-tier technician working the help desk. After identifying a network problem submitted by multiple users, Ralph comes up with a theory specifying a possible source of the problem and sets about testing his theory, Unfortunately, testing indicates that Ralph’s theory is wrong; the source he suspected is not the cause of the problem. Which of the following should not be the next step in Ralph’s troubleshooting steps?

Reinterview the users to gather more information about the problem
Escalate the problem to a second-tier technician
Repeat the process of establishing a theory of probable cause
Begin replacing components that might contribute to the problem

Begin replacing components that might contribute to the problem

How well did you know this?

Not at all

Perfectly

5-10: You have a problem with a server or other network component that prevents many users from working. What type of problem is this?

A networkwide problem
A shared resource problem
A systemwide problem
A user application problem

A shared resource problem

How well did you know this?

Not at all

Perfectly

Shared Resource problem

a problem with a server or other network component that prevents many users from working

How well did you know this?

Not at all

Perfectly

Networkwide problem

A problem that lies within resources that provide services to the entire network

How well did you know this?

Not at all

Perfectly

OSI top-bottom troubleshooting

starting with Layer 7 and troubleshooting items going down the OSI mode

Application
Presentation
Session
Transport
Network
Data link
Physical

How well did you know this?

Not at all

Perfectly

OSI bottom to top troubleshooting

starting with Layer 1 and troubleshooting items going down the OSI mode

Physical
Data link
Network
Transport
Session
Presentation
Application

How well did you know this?

Not at all

Perfectly

5-14: Alice is working the help desk when a user calls and reports that she is unable to connect to the internet. Which of the following steps is the one Alice is least likely to perform when first troubleshooting the problem

Check the configuration of the router connecting the LAN to the internet
Ask the user if she can access resources on the local network
Check to see if anyone else is experiencing the same problem
Check to see the user’s job title, to see if she is an important person in the company

Check the configuration of the router connecting the LAN to the internet

How well did you know this?

Not at all

Perfectly

5-20: Which of the following are reasons for documenting a network problem or incident (Choose all that apply)

Documentation makes it easier to escalate calls to senior technicians
Documentation makes it easier to prioritize administrative tasks
Documentation makes it easier to prioritize each help call
Documentation makes it easier to escalate calls to first-tier techicians

Documentation makes it easier to escalate calls to senior technicians

Documentation makes it easier to prioritize each help call

How well did you know this?

Not at all

Perfectly

5-25: When you troubleshoot a network problem, it is possible to introduce another problem while attempting to fix the original one. In which step of the troubleshooting process should you be aware of the residual effects that changes might have on the network?

Identify symptoms of the problem
Establish a theory of probable cause
Test the theory to determine cause
Establish a plan of action to resolve the problem and identify potential effects
Implement the solution or escalate as necessary
Verify full system functionality and, if applicable, implement preventive measures
Document findings, actions and outcomes

Establish a plan of action to resolve the problem and identify potential effects

How well did you know this?

Not at all

Perfectly

5-28: A user calls Alice at the help desk to report that her mouse has stopped working, she cannot access the internet and all of her email has disappeared from her inbox. Which of the following would be the best course of action for Alice to take?

Create a separate ticket for each problem
Escalate the call to a senior technician
Have the caller’s computer replaced with a new one
Send a technician to the user’s site to address all of the problem

Create a separate ticket for each problem

How well did you know this?

Not at all

Perfectly

5-30: Which of the following types of UTP wiring faults cannot be detected by a wiremap tester?

Split pairs
Open circuits
Closed circuits
Transposed wires

Split pairs

How well did you know this?

Not at all

Perfectly

Wiremap tester

a tool for testing network cabling to ensure proper connectivity and configuration
primarily used to check the continuity of conductors in cables, verifying that each conductor is correctly connected.
Can identify faults such as :open circuits, shorts, crossed pairs, and reversed connections in twisted pair cables.

How well did you know this?

Not at all

Perfectly

Split pairs

one wire from each of two different pairs gets swapped identically on both ends of the cable
resulting cable will pass a standard continuity test
will have serious cross-talk problems
will most likely not perform adequately at specified data rates.

How well did you know this?

Not at all

Perfectly

5-31: After connecting a tone generator to the green wire at one end of a TP run, Ralph proceeds to the other end of the cable and touches the locator to each of the 8 pins in turn. The green wire and the green striped wire both produce a ton. What type of wiring fault has Ralph discovered?

Split pair
Far end crosstalk
Transposed wires
Short circuit
Delay skew

Short circuit

How well did you know this?

Not at all

Perfectly

Delay skew

to the difference in propagation delay between any two pairs within the same cable sheath
it impacts the timing and synchronization of signals transmitted through network cables.

How well did you know this?

Not at all

Perfectly

5-32: Which of the following types of cables is used to connect a terminal to the console port of a router or switch?

Rollover
Straight through
Crossover
Plenum
Shielded
Tap

Rollover

How well did you know this?

Not at all

Perfectly

Rollover cable

A rollover cable, also known as a Yost cable or Cisco console cable, is a type of serial cable used to connect to a router or switch’s console port.

How well did you know this?

Not at all

Perfectly

Straight Through cable

standard network patch cable used to connect a computer to a wall plate

How well did you know this?

Not at all

Perfectly

Crossover cable

designed to connect two network adapters directly

How well did you know this?

Not at all

Perfectly

5-34: What is the name for a device that determines the length of a cable by transmitting a signal at one end and measuring how long it takes for a reflection of the signal to return from the other end?

Fox and hound tester
Wiremap tester
Time-domain reflectometer
Butt set
Spectrum analyzer

Time-domain reflectometer

How well did you know this?

Not at all

Perfectly

Time-domain reflectometer

device that determines the length of a cable by transmitting a signal at one end and measuring how long it takes for a reflection of the signal to return from the other end

How well did you know this?

Not at all

Perfectly

Spectrum analyzer

tool used to scan for radio frequency (RF) sources in order to identify interference

Fox and Hound tester

also known as a wire tracer or tone and probe kit, is a tool used for tracing and identifying wires in network and electrical systems. This device typically consists of two parts: a tone generator (Fox) and a probe (Hound)

Butt set

* A butt set, also known as a lineman's handset, is a tool used in networking and telecommunications for troubleshooting and testing connections. * Allows technicians to tap into the middle of a connection to diagnose issues effectively * https://images.datacomtools.com/images4/nav/butt-set-link.jpg

Voltage Event Recorder

* also known as a voltage quality recorder * a device that tracks voltage over time by plugging into a power outlet * is utilized for monitoring and recording voltage levels * can be critical for identifying and diagnosing power quality issues, including voltage sags, swells, and interruptions

5-36: (Abbreiated) - Which of the following is the most inexpensive tool for associating unlabelled wall plates with the correct patch panel ports? A wiremap tester A cable certifier A tone generator and locator A time-domain reflectometer (TDR)

A tone generator and locator

OLTS

Optical Loss Test Set identifies signal loss in fibre optical cabling

5-38: Which of the following tools might you use when connecting internal TP cable runs to the kystone connectors that snap into wall plates? (Choose all that apply) A crimper A punchdown tool A pigtail splicer A wire stripper A fusion splicer

A punchdown tool A wire stripper

Cable Certifier

used to identify cable performance characteristics, including: * cable lengths * signal attenuation * crosstalk * propagation delay * delay skew * return loss * and does the same functions as a wiremap tester

5-40: Which of the following troubleshooting tools can test cabling for length, attenutation, nearend crosstalk (NEXT), equal level far-end crosstalk (ELFEXT), propagation delay, delay skew, and return loss? Wiremap tester Cable certifier TDR OLTS Spectrum analyzer

Cable certifier

OTDR

Optical Time Domain Reflectometer transmits light pulses over a fibre-optic network and measures the time-interval and strength of the returning pulse to measure the length of the cable run. Can also be used to: * locate cable breaks * determine optical return loss * charcaterize a cable run's reflectance

Propagation delay

time it takes for a signal to be received after it has been sent, caused by the time it takes for the signal to travel through a medium

5-44: Ralph is a new hire for a consulting firm that frequently performs cable installations. He is trying to learn more about the tools needed to install internal cable runs. To that end, which of the following statements about cable crimpers has Ralph found to be true? * Cable installers use a crimper to attach keystone connectors to lengths of bulk cable * Cable installers use a crimper to attach RF45 connectors to lengths of bulk cable * You need to purchased a separate crimper for esach type of cable to which you want to attach connectors * Making your own patch cables by applying connectors yourself is always more economical than buying prefabricated patch cables

Cable installers use a crimper to attach RF45 connectors to lengths of bulk cable

5-45: Which of the following statements about cable certifiers are true? (Choose all that apply) A cable certifier eliminates the need for tools like tone generators and wiremap testers Cable certifiers are the most inexpensive cable testing solution Cable certifiers must be reconfigured whenevr a new cable specification is standardized Cable certifiers can only test copper based cables

* A cable certifier eliminates the need for tools like tone generators and wiremap testers * Cable certifiers must be reconfigured whenevr a new cable specification is standardized

5-55: Ralph is testing a TP cable run using a tone generator and locator. When he applies the tone generator to one particular wire at oine end of the cable, he fails to detect a tone at the other end. Which of the following faults has Ralph discovered? Open Short Split pair Crosstalk

Open

fault or open circuit A situation where one or more wires in a cable do not connect from one end of the cable to the other, resulting in a lack of continuity in the signal.

Crosstalk

The phenomenon where an electrical signal from one pair of wires bleeds into another pair, creating interference.

Split pair

* one wire from each of two different pairs gets swapped identically on both ends of the cable * resulting cable will pass a standard continuity test * will have serious cross-talk problems * will most likely not perform adequately at specified data rates.

5-56: Ralph is testing a TP cable run using a tone generator and locator. When he applies the tone generator to a particular pin at one end of the cable, he dtects a tone on two pins at the other end. Which of the following faults has Ralph discovered? Open Short Split-pair Crosstalk

Short

fault or circuit * when a wire is connected to two or more pins at one end of the cable * when the conductors of two or more wires are touching inside the cable

5-57: Ralph is using a tone generator and locator to test some newly installed TP cable runs on his network. Which of the following cable faults will he be unable to detect? Open Short Split pair Transposed pairs

Split pair

Transposed pairs

Both of the wires in a pair are connected the wrong pins at the end of the cable

5-58: Which of the following cable faults increases a twisted pair cable's susceptibility to crosstalk? Open Short Split pair Transposed pairs

Split pair

5-59: Alice has been told by a consultant that the newly installed TP cable runs on her network might have split pairs. Which of the following cable testing tools can she use to detect split pairs? Tone generator and locator Wiremap tester Multimeter Cable certifier

Cable certifier

5-60: Ralph is testing some newly installed TP Cable runs on his network using a wiremap tester, and he has found one run that appears to have a cable break. However, the connectors at both ends are correctly installed, so the break must be somewhere inside the cable itself, which is nearly 100 meters long. Which of the follow tools can Ralph use to detemine the location of the cable break? (Choose all that apply) Tone generator and locator Multimetere TDR Cable Certifier

TDR Cable Certifier

5-67: Which of the following should a troubleshooter look for when a duplex mismatch is suspected on an Ethernet network? (Choose all that apply) Colisions Runt frames CRC errors Failed ping tests

Collisions Runt frames CRC errors No collisions on a full-duplex network

5-68: Ed is trying to troubleshoot a problme that has caused a wired network to fail completely. Which of the following wired network problems will cause a complete failure of a network connection? (Choose all that apply) Bottleneck Speed mismatch Duplex mismatch TX/RX reversal Bad switch port

Speed mismatch TX/RX reversal Bad switch port

TX pins

Transmit pins must be connected to RX pins

RX pins

Receive pins must be connected to TX pins

Speed Mismatch

Two devices on a wired network are configured to different specific transmissions speeds. This will cause the network to fail No longer occurs in Gigabit networks as they are set for autonegoitaion

Duplex mismatch

* One side of a network is configured for half duplex and the other is configured for full duplex. * In this scenarion, collisions will occur (doesn't happen on full duplex) * also CRC errors * and runt frames * caused by the jam signal sent by the half duplex side * The frames are cut off and interpretted as runt frames by the network No longer occurs in Gigabit networks as they are set for autonegoitaion

Bottleneck

when a component involved in a network is not functioning correctl, causing a traffic slowdown that affects the entire network

5-74: Ralph wants to use PoE to supply power to security cameras located throughout his company's datacenter. The ethernet network is currently running at Gigabit Ethernet speed, btu Ralph is planning to download the camera connections to 100Base-TX, because that standard has two wire pairs free for the transmission of power. Which of the following statements about Ralph's plan is true? * Ralph's planning is correct; only 10Base-T and 100Base-TX support PoE. * Ralphs' plan will not work because 100Base-TX is not compatible with PoE * Ralphs' plan will work, but it is not necessary to downgrade the connections to 100Base-TX * Ralphs' plan will not work, because PoE cannot supply enough power for the cameras

Ralphs' plan will work, but it is not necessary to downgrade the connections to 100Base-TX

5-76: Ralph's company has expanded to include an additional building on the far end of the corporate campus, approx 4 km away from the building housing the datacenter. A single mode fibre-optic cable connection has been installed between the new building and the datacenter for a 1000Base-BX10 connection, but the cable is not yet connected to a transceiver at the datacenter end. Noticing that there is a 1000Base-SX transceiver module in the datacenter storeroom, Ralph is wondering if he could use this on the new cable run. Which of the following are reasons why this might not work? (Choose all that apply) Transceiver mismatch Incorrect cable type Excessive cable Length Wavelenght mismatch

Transceiver mismatch Incorrect cable type Excessive cable Length Wavelenght mismatch

1000Base-BX10 1000Base-SX Wavelengths

1000Base-BX10: 1300 to 1600 nanometers 1000Base-SX: 770 to 860 nanometers

5-78: Ralph is attempting to access a DNS server located on the other side of a router, but his attempt fails with an error stating that the desination port, UDP 53, is unreachable. His first step in troubleshooting the problem is to the try the nslookup utility to access that specific DNS server, this too fails. Next, he uses ping with the DNS server's IP address. The ping test is successful, indicating that the server is up and running. Which of the follow are possible causes of the problem? (Choose all that apply) * The router connecting the nwtworks is not running DNS and will not forward this type of datagram * The DNS process on the remote server is not running * The TCP/IP host configuration on the local computer is not properly configured * The TCP/IP host configuration on the DNS server computer is improperly configured * There is a firewall blocking the DNS server's UTP 53 port

* The DNS process on the remote server is not running * There is a firewall blocking the DNS server's UTP 53 port

5-79: Which of the following application layer protocols includes a program that enables a user to log on to a network device and execute commands on a remote system using a command line interface? (Choose all that apply) Telnet FTP SNMP DNS nslookup

Telnet FTP

5-81: Users are having trouble connecting to Internet hosts. Alice suspects that there is a problem with the DNS server, and she wants to verify this. Which of the following steps can she take to determine whether the DNS server is resolving Internet hostnames? * Issue the *ipconfig* command from a local workstation * Try to connect to a host using the IP address instead of a hostname * Ping the DNS server to see if it is functioning * Use the *tracert* command to test the functionality of the DNS server

Try to connect to a host using the IP address instead of a hostname

5-82: Which of the following utilities can you use to view resource record information on a particular DNS server? (Choose all that apply) netstat nslookup nbtstat arp dig

nslookup dig

netstat

with no arugments, generates a list of the workstation's active network connections

pathping

Command-line network utility available in Windows. Combines the functionalities of ping and tracert, aiming to identify network latency and loss spots along a network path

5-88: Which TCP/IP Utility should you use to most easily identify a malfunctioning router on your network? ifconfig ping traceroute netstat

traceroute [aka tracert]

5-89: Which of the following protocls does the ping program never use to carry its messages? Ethernet ICMP IP UDP TCP

TCP All windows ping transactions use ICMP mesages. ICMP messages are encapsulated directly within IP datagrams. They do not use transport layer protocols, such as UDP. Ping transactions to destinations on the local network are encapsulated within Ethernet frames. On Unix and Linux, ping uses UDP, which is also encapsulated in IP datagrams

5-90: Which of the following commands displays the routing table on the local computer? arp -r netstat -r ifconfig -r telnet -r

netstat -r

arp command

Linux network utility tool used to display, add, and remove entries in the Address Resolution Protocol (ARP) cache -a: display routing table (arp cache) in an alternative format -e: displays the arp cache/routing table -d: deletes entires -s: adds entries

write a ping command prompt to send 2048 bytes to 10.0.0.1, eleven times

ping 10.0.1 -l 2048 -n 11 -t : does continuous -i : specifies TTL value -l: number of bytes -n number of packets

nmap

utility capable of scanning a system for open ports that might be a security hazzard

display filter

Used on a protocol analyzer determine what is displayed from the contents of a buffer

capture filter

Used on a protocol analyzer determine what is stored in the buffer

Protocol Analyzer

copies all network traffic, intreprets the protocol headers and fields, and displays the output

Which command line tools run on Windows?

* ipconfig * ping * nslookup * tracert - uses ICMP * netstat

Which command line tools run on Linux/Unix?

* ifconfig * ping * nslookup * traceroute - uses UDP * iptables * netstat

5-109: Ralph is working on his company's perimeter network, which has five web servers runing Linux, a Cisco route, a CSU/DSU providing a leased line conection, and a Windows based firewall. While trying to troubleshoot a network communications failure, Ralph types the following command on one of the systems: *traceroute adatum.com*. Which of the following types of systems might Ralph be working on? (Choose all that apply) The Windows based firewall The Cisco router The CSU/DSU console One of the Linux Web Servers

The Cisco router One of the Linux Web Servers

netstat options

* -s: displays packet counts and other traffic stats for IPv6, IPv4, ICMP, TCP and UDP * -a: displays all of a workstations current connections and ports on which it is listening * -e: displays Ethernet stats, such as number of bytes and packets sent and received * -r: displays the computer's routing table

5-110: Which of the following netstat commands can tell you how many IPv6 packets have been sent and received on a particular WIndows workstation netstat -a netstat -s netstat -e netstat -r

netstat -s

5-112: Ralph is working on his company's perimeter network, which has five web servers runing Linux, a Cisco route, a CSU/DSU providing a leased line conection, and a Windows based firewall. While trying to troubleshoot a network communications failure, Ralph types the following command on one of the systems: *ping 192.168.1.76*. Which of the following types of systems might Ralph be working on? (Choose all that apply) The Windows based firewall The Cisco router The CSU/DSU console One of the Linux Web Servers

The Windows based firewall The Cisco router One of the Linux Web Servers

5-113: Alice is troubleshooting a Windows server and while doing so she runs the following command: ping: 127.0.0.1. The command completes successfully. What has Alice proven by doing this? That the computer's network adapter is functioning properly That the computer's TCP/IP network stack is loaded and functioning That the computer's IP address is correct for the network Nothing at all

That the computer's TCP/IP network stack is loaded and functioning

5-116: Which of the following are the three main categories of information that you can display by running the netstat command on a Windows computer? Connection state Active connections Routing table Interface stats

Active connections Routing table Interface stats

5-117: Which of the following route commands displays the contents of as Windows compouter's IPv6 routing table only? route print route print -6 route list -6 route list

route print -6

5-122: Which of the following tools can administrators use to monitor network bandwidth and traffic patterns? Protocol analyzer Bandwidth speed tester Netflow analyzer IP scanner

Netflow analyzer

Abbreviated version of 5-126: To access the internet what must a workstation's routing table have?

a default gateway entry, which would have a network destination value of 0.0.0.0

packet sniffer

tool that captures packets for purpose of traffic analysis but cannot view their contents

5-127: Ed has configured his workstationto use IPSec encryption for network communications. Which of the following tools can he use to verify that his network traffic is encrypted? Multimeter Packet Sniffer Port Scanner Protocol Analyzer IP Scanner

Protocol Analyzer

5-128: Which of the following statements describes the difference between a packet sniffer and a protocol anaylzer? * A packet sniffer captures network traffic, and a protocol analyzer examines the packet contents * A protocol analyzer captures network traffic, and a packet sniffer examines the packet contents * A packet sniffer only captures the local workstation's traffic, whereas a protocol anaylzer can capture all traffic on the network * There is no difference. Packet sniffers and protocol anaylzers perform the same functions

A packet sniffer captures network traffic, and a protocol analyzer examines the packet contents Typically these functions are bundled into a single tool

5-130: Ed is implementing a web server farm on his company's network and has created a screened subnet (perimeter network) on which the web servers will be located. The screened subnet is using the network IP address 192.168.99.0/24. He also installed a router connecting the screened subnet to the internel network, which uses the 192.168.3.0/24 network address. The IP addresses of the router's interfaces are 192.168.3.100 and 192.168.99.1. Ed needs to access the web servers from his Windows workstation on the internal network, but right now, he cannot do so. Because he needs to have a different router specified as his default gateway, Ed decides to add a route for the screened subnet to his computer's routing table. Which of the following commands will create a routing table entry that enables Ed to access the screened subnet? route add 192.168.3.0 MASK 255.255.255.0 192.168.3.100 route add 192.168.99.1 MASK 255.255.255.0 192.168.3.0 route add 192.168.3.100 MASK 255.255.255.0 192.168.99.0 route add 192.168.99.0 MASK 255.255.255.0 192.168.3.100

route add 192.168.99.0 MASK 255.255.255.0 192.168.3.100

Syntax for Windows route add command

1. destination network address 2. subnet mask for destination network 3. address of router interface on local network that provides access to destination network

Difference between port scanning and port sweeping

Port scanning - scans multiple ports on a single computer Port sweeping - scans the same port on multiple computers

5-131: Alice has recently created a new screened subnet (perimeter network) for the company's web server cluster, along with a router to connect it to the internal network. When she is finished, she sends Ralph an email instructing him to run the following command on his Windows workstation so tthat he can access the servers on the screened subnet. What function does the IP address 192.168.87.226 perform in this command: route add 192.168.46.0 MASK 255.255.255.0 192.168.87.226 192.168.87.226 is the address of Ralph's workstation 192.168.87.226 is the network address of the perimeter network 192.168.87.226 is the address of one of the router's interface's 192.168.87.226 is the address of the web server cluster

192.168.87.226 is the address of one of the router's interface's

5-134: Which of the following utilites can be classified as port scanners? (Choose all that apply) Nmap Nessus Network Monitor Performance Monitor

Nmap Nessus

Nmap

* A network scanner * Is used to discover hosts and services on a computer network by sending packets and analyzing the responses * Provides a number of features for probing computer networks, including host discovery and service and operating system detection

Nessus

Scans for security vulnerabilities in devices, applications, operating systems, cloud services and other network resources

5-136: You have finished capturing traffic with a protocol analyzer. The analyer reports that 2000 frames have been sent, but only 1500 frames have been accepted. What does this mean? * 2000 frames have passed the display filter, but only 1500 meet the criteria for display * Only 1500 frames have passed the capture filter and are currently being held in the buffer * You lost 500 frames and need to start over - something is obviously wrong * 500 frames were damaged and never made it to the buffer

Only 1500 frames have passed the capture filter and are currently being held in the buffer

5-138: A port scanner examines a system for network vulnerabilities at which layer of the OSI model? Application Transport Network Data link

Transport

5-139: Which of the following best describes the primary function of a port scanner? * A port scanner examines a computer's hardware and complies a list of the physical ports in the system * A port scanner examines a computer for TCP and UDP endpoints that are accessible from the network * A port scanner examines a examines a specified range of IP addresses on a network,. to determine where they are in use * A port scanner accepts a computer name as input and scans the network for the IP addresses associated with that name

A port scanner examines a computer for TCP and UDP endpoints that are accessible from the network

5-140: Programs such as FTP and Telnet are widely critized because they transmit all data as clear text, including usernames and password. Which of the following typoes of tools might unscrupulous individuals use to read those passwords? Packet sniffer Terminal emulator Packet analyzer Vulnerability scanner TFTP server

Packet analyzer

aka protocol analyzer Protocol analyzer is a hardware or software to monitor and performs analysis on data in a network. capable of looking at the data inside of packets

5-141: which of the following b4est states the potential security threat inherent in running a protocol anaylzer? * A protocol analyzer can display the application data in packets captured from the network * A protocol analyzer can display the IP addresses of systems on the network * A protocol analyzer can decrypt protected information in packets captured from the network * A protocol analyzer can detect open ports on network systems and launch attacks against them

A protocol analyzer can display the application data in packets captured from the network

5-142: Which of the following is not a tool that provides vulnerability scanning capabilities? Nessus MAP toolkit Nmap MBSA

MAP toolkit

MBSA

Microsoft Baseline Security Analyzer * Discontinued software tool from Microsoft * Determines security state by assessing missing security updates and less-secure security settings within Microsoft Windows

5-143: Which of the following is a function typically classified as vulnerabiluty scanning? Network mapping Remediation Penetration testing Port scanning

Port scanning

5-149: Ralph is the admin of a small company's wireless network. He has recently discovered evidence that users outside of the company's office space have been accessing its wireless network. The office is located in a narrow space against the building's outiosde wall. Ralph is concerned that the network's WAP is extending coverage outside the building. Speaking wiht a consultant friend of his, Ralph is advised to install a different antenna type on his AP. Which of the following antenna types would most likey help Ralph to allievate the problem? Dipole Yagi Patch Unidirectional

Patch

Patch Antenna

flat device that transmits signals in a half-spherical pattern

Unidirectional Antenna

Directs the signal in a straight line

Yagi Antenna

type of unidirectional antenna

Omnidirectional Antenna

provides coverage in a full 360 degree radius, allowing signals to be sent and received in all directions Sometimes called a Dipole Antenna

RSSI

Received Signal Strength Indicator A measurement of the power present in a received radio signal

Absorption

A type of interference that occurs when radio signals have to pass through barriers made of dense materials, such as concrete or cinderblock

Reflection

When signals bounce off certain surfaces, such as metal

Diffraction

When signals have to pass around barriers to reach a destination

Refraction

When signals bend as they pass through certain barriers, such as glass or water

5-157: Ed has installed a separate 802.11 wireless network for guest users working in his company's office. The guest network is unsecured, and Ed has become aware that people outside of the building are able to access it. It is not possible to move the AP and it must run a maximum power to reach the entire building. Which of the following is the most convenient way to prevent users outside the building from accessing the guest wireless network while leaving it available to users inside the building? Change the passphrase daily Switch the network frequency Disable SSID broadcast Implement MAC Filtering

Disable SSID broadcast Nick: This is a STUPID FUCKING question. No one would do this. There is nothing wrong with adding a passphrase to the network and rotating it regularly.

5-162: Alice receives a call from a user who cannot connect to the company's 802.11g wireless network with a new laptop that has an 802.11ac network adapter. Other users working in the same area are able to connect to the network without difficulty. Which of the following are tasks that Alice can perform to resolve the problem? (Choose all that apply) * Install an 802.11ac WAP on the network * Change the channel used by the WAP * Install an 802.11g wireless network adapter in the user's laptop * Move the user closer to the WAP

* Install an 802.11ac WAP on the network * Install an 802.11g wireless network adapter in the user's laptop

5-164: Ed has installed a separate 802.11n wireless network for guest users working in his company's offices. The guest network uses no security protocol, and Ed has recently become aware that people outside of the building are able to access it. Which of the following steps can Ed take to prevent users outside the building from accessing the guest network, while leaving it available to users inside of the building? (Choose all that apply) * Move the WAP to the center of the building * Lower the power level of the WAP * Disable SSID broadcast * Implement MAC filtering * Install a captive portal

* Move the WAP to the center of the building * Lower the power level of the WAP * Disable SSID broadcast Nick: again this is bullshit. Add encryption. Also, nothing wrong with a captive portal

5-163: Several consultatns are working in Ed's office for the first time and they are unable to connect to the 802.11g wireless network with their laptops. They are selecting the correc SSID from the Available Networks list, but cannot connect, and there are no error messages of any kind. Which of the following tasks should Ed perform to try to resolve the problem? * Check the network adapters in the laptops for channel overlap * Change the frequency used by the WAP from 2.4 Ghz to 5 Ghz * Examine the area where the consultants are working for possible sources of signal interference * Make sure that the consultants' laptops are configured to use the correct wireless security protocol

Make sure that the consultants' laptop sare configured to use the correct wireless security protocol

5-166: Users on Ed's 802.11n wireless network are dropping their connections intermittently. Which of the following might help to resolve the problem? Restart the WAP Change the network's SSID Change the channel the devices are using Change the wireless security protocol

Change the channel the devices are using

5-167: Several consultatns are working in Ed's office for the first time and they are unable to connect to the 802.1n wireless network with their laptops. Which of the following tasks should Ed perform to try to resolve the problem? (Choose all that apply) * Check the network adapters in the laptops for channel overlap * Make sure that the consultants are attempting to the correct SSID * Examine the area where the consultants are working for possible sources of signal interference * Make sure that the consultants' laptops are configured to use the correct wireless security protocol

* Make sure that the consultants are attempting to the correct SSID * Make sure that the consultants' laptops are configured to use the correct wireless security protocol

EIRP

Effective Isotropic Radiated Power measurement of signal strenght generated by an AP or other radio transceiver with a particular antenna

5-170: Which of the following is a power measurement of a specific transmitter and antenna combination used in a WAP? RSSI EIRP SSID MIMO

EIRP

5-176: Ralph is troubleshooting a workstation that cannot access the network. The workstation is plugged into a wall plate that should provide it access to a DHCP equipped network using the 192.168.4.0/24 network address. No one else is reporting a problem. Ralph checks that the patch cable is properly plugged into the workstation and the wall plate, which they are and then runs *ipconfig /all*, on the user's workstation and examines the output. Which of the following could be the explanation for the user's problem, based on the ipconfig results? *Windows IP Configuration* *Ipv4 Address: 169.254.203.42* *Subnet Mask: 255.255.0.0* *Default Gateway: * *DNS Servers: fec0:0:0:ffff::1%1* *fec0:0:0:ffff::2%1* *fec0:0:0:ffff::3%1* The Subnet mask is incorrect The Default gateway address is missing The DHCPv4 scope is exhausted The DNS server addresses are incorrect

The DHCPv4 scope is exhausted

5-178: Ralph is troubleshooting a workstation that cannot access the network. The workstation is plugged into a wall plate that should provide it access to a DHCP equipped network using the 192.168.4.0/24 network address. No one else is reporting a problem. Ralph checks that the patch cable is properly plugged into the workstation and the wall plate, which they are and then runs *ipconfig /all*, on the user's workstation and examines the output. Which of the following could be the explanation for the user's problem, based on the ipconfig results? *Windows IP Configuration* *Ipv4 Address: 10.124.16.8* *Subnet Mask: 255.0.0.0* *Default Gateway: * *DNS Servers: fec0:0:0:ffff::1%1* *fec0:0:0:ffff::2%1* *fec0:0:0:ffff::3%1* The workstation could not connect to a DHCP server There is a rogue DHCP server on the network The workstation is not configured to use DHCP The IP address assigned by the DHCP server has expired

There is a rogue DHCP server on the network Why: IP address assigned is not from scope in question, and not APIPA. Must be from another DHCP server

5-180: Ed is inspecting the cable runs recently installed for some new Gigabyte Ethernet systems on his network. Looking at the patch panel connections, he notices that they are wired using the T568B pinout standard. However, when he examines the wall plate connections, he sees that they are wired using the T568A pinout standard. What is the best way for Ed to resolve the problem? * Call the contractor and have all of the wall plate connectors rewired using the T568B pinout standard * Purchase crossover patch cables for all of the connections between the patch panel and the switches * Configure the switches to not use a crossover circuit for all of the ports connected to the patch panel * Do nothing. The cable runs will function properly as is

Do nothing. The cable runs will function properly as is Why: Today's switches autoconfigure crossover circuits as needed, so they will adjust themselves to adapt to the cable runs

5-181: Ralph has two computers that he long ago networked by plugging one end of an Ethernet cable into each machine. He recently brought an old Ethernet hub at a garage sale and wants to use it to expand his network. The hub has four numbered ports and a fifth port labelled X. Ralph plugs one computer into port 1 using his existing cable and buys a new cable to plug the other computer into port 4. The two computers cannot communicate, however. Which of the following solutions will not enable his computers to communicate? Move the port 4 cable to port 2 Replace the old cable with a second new one Plug the computer with the old cable into the X port Plug the computer with the new cable into the X port

Move the port 4 cable to port 2 Why: the old cable in question is a crossover cable to allow the two machines to be directly networked. Moving the cable won't fix this issue, but the other choices will

5-183: Alice has been hired to move a client's old 20-node coaxial Ethernet network to a new location. She disassembles all of the network cabling and other components and packs them for shipping. At the new site, she sets up all of the computers, plugs a T-connector into each network adapter and connects the cables, running them from one computyer to the next to form the bus. When Alice is finished, she starts the computers and tests their network connectivity. She finds that 12 consecutive computerc can communicate with each other, and the other 8 can communicate with each other, but the 12 cannot communicate with the 8. She makes sure that all of the connectors are securely tightened, especially the ones on the 12th computer, but the problem persists. Which of the following is most likely the cause of the difficulty? * Alice has forgotten to terminate the computers at each end of the bus * One of the connectors on the 12th computer has a bent pin * Alice has forgotten to ground the network * The transmit and receive pins are reversed on the 12th computer

One of the connectors on the 12th computer has a bent pin

5-184: Ed is troubleshooting some network performance problems. After exhausting many other possibilities, he is examining the TP cable runs in the office's drop ceiling. He finds that some cables have been damaged, apparently by electricians, working in that space. In some cases, the cable sheath has been split along its length, and some of the insulation on the wires inside has been scraped off as well. Which of the following types of faults might be caused by this damage? (Choose all that apply) Open circuits Short circuits Split pairs Transposed wires

Open circuits Short circuits

5-185: Which of the following types of interference on a twisted-pair network are designed to be prevented by the twists in the wire paits inside the cable? Crosstalk EMI Attenutation Latency

Crosstalk

5-186: Ralph has been asked to create some new patch cables that will be used to connect patch panel ports to the network switches. He has been told that the patch paenl connectors are all wired using the T568A pinout standard. Which of the following instructions should Ralph use when creating the patch cables? Use T568A at both ends Use T568B at both ends Use T568A at one end and T568B at the other end Use either standard, as long as the both ends are the same

Use either standard, as long as the both ends are the same

5-188: Ed is the admin for his small company's network. A user calls the help desk and reports that she cannot connect to the network. She has never had any problems connecting before now, and she says that nothing on her computer has changed. Ed goes to the user's location to investigate and notices that the link light pulse LED on the switch port for the user's computer is not lit. What should Ed do next to isolate and fix the problem? (Choose all that apply) * Verify that the cable is securely connected to the switch * Verify that the patch cable is pinned and paired properly * Replace the existing cable with a straight-through cable that is known to be good * Replace the existing cable with a crossover cable that is known to be good

* Verify that the cable is securely connected to the switch * Replace the existing cable with a straight-through cable that is known to be good

5-192: Alice is examining a captured sample of network traffic to create a network peformance baseline for future reference. She notices that the sample contains a flood of multicast traffic but does not know why. Eventually, she learns that there is video traffic on the network being transmitted as multicasts, but it is only intended for a particular group of users, not for everyone. However, since the multicasts traffic is flooding the network, all of the hosts must process the packets, possibility resulting in peformance degradation or even DoS. Which of the following can Alice use to prevent the traffic from being processed by the unintended hosts? Asymmetric routing Flow control Multipathing IGMP snooping

IGMP snooping

Internet Group Message Protocol snooping switching technique that prevents hosts from receiving multicasts packets when they are not members of the multicasts group

5-197: A user calls the company’s IT help desk to report that she has received an error message on her Windows workstation. The error states that her computer has an IP address that is duplicated on the network. Ralph is concerned that there might be a configuration problem with the DHCP servers on the network. He suspects that there are DHCP servers configured with scopes that overlap, resulting in two DHCP servers assigning the same IP addresses to different clients. He is worried that they are about to receive a flood of calls reporting the same problem. Alice reassures Ralph, telling him that it cannot be a DHCP problem, and that there must be two computers that are manually configured with the same IP address. How does Alice know this? Because Windows computers check the routing table before accepting an IP address from a DHCP server Because DHCP servers use DNS queries to check for duplicate IP addresses Because DHCP clients use ARP broadcasts to check for duplicate IP addresses Because it is only possible to have one DHCP server on a given subnet

Because DHCP clients use ARP broadcasts to check for duplicate IP addresses

5-198: A user, Ed, is reporting what appear to be intermittent traffic interruptions on his workstation. Sometimes he receives responses to his server requests, and sometimes not. It does not seem to be an Internet issue, because the problem also occurs with local server requests. While troubleshooting the problem, Ralph performs a series of packet captures and analyzes the network traffic. He discovers that all of the request messages generated by Ed’s workstation have responses on the network, but in some cases, the responses are going to a workstation other than Ed’s. Which of the following conditions could be causing this to happen? Duplicate IP addresses Blocked TCP/UDP ports Duplicate MAC addresses Incorrect host firewall settings Multicast flood

Duplicate MAC addresses

5-199: A user calls Alice at the IT help desk and reports that she is having intermittent problems accessing both local servers and Internet websites. Which of the following potential problems can Alice rule out immediately? Duplicate Media Access Control (MAC) addresses Duplicate Internet Protocol (IP) addresses Malfunctioning router Malfunctioning Domain Name System (DNS) server

Duplicate Internet Protocol (IP) addresses

5-200: The entire network at Adatum Corp. is unable to access the Internet. All of the users throughout the network are complaining that their browsers are displaying Domain Name System (DNS) failure messages. The company does not have an in-house network administrator, so they call Ralph at his consulting firm. Which of the following should be the first question that Ralph asks in his attempt to pinpoint the location of the malfunction? What browser are the users running? Where is the DNS server located? What technology is used to provide access to the Internet? What sites are the users attempting to access?

Where is the DNS server located?

5-205: While working in her company’s datacenter, Alice notices that the Light-Emitting Diodes (LEDs) on most of the network switch ports are green, but there are some that are orange. Alice asks several people why this is so and receives a different answer from each one. Which one of the following answers is correct? The orange LEDs indicate that no device is connected to the switch port. The orange LEDs indicate that the connected device is experiencing an excessive number of collisions. The orange LEDs indicate that the device is connected to the switch at a relatively slow speed. The orange LEDs indicate that the connected devices are other switches, rather than workstations.

The orange LEDs indicate that the device is connected to the switch at a relatively slow speed.

5-210: Ralph has begun to receive calls from users reporting that they cannot access the local network or the Internet. Ralph checks their computers and discovers that all of the users with a problem have IP addresses in the 169.254.0.0/16 network, which is not the address used on Ralph’s network. Which of the following might be the cause of the problem? The users have tried to modify their IP configuration settings. There is a rogue DHCP server somewhere on the network. The IP address leases assigned by the DHCP server have expired. The users’ workstations have been infected by a form of malware.

The IP address leases assigned by the DHCP server have expired.

5-213: Ralph is working with an Asymmetric Digital Subscriber Line (ADSL) router that has a switch module containing four Ethernet ports, all of which are assigned to the default VLAN1. Ralph can plug a laptop into one of the router’s ports and access the Internet with no problems. Ralph now needs to connect the ADSL router to the company network, so that the wireless access points on the network can provide users with Internet access through the ADSL router. However, when Ralph plugs the router into a network switch port in VLAN4, the switch starts generating “Native VLAN mismatch detected” errors every minute. Which of the following steps should be part of the solution Ralph imple ments to stop the error messages? (Choose all that apply.) * Create a VLAN1 on the network switch * Create a VLAN4 on the ADSL router’s switch module * Configure the network switch port connected to the router to use VLAN1 * Configure the router port connected to the network switch to use VLAN4

Create a VLAN4 on the ADSL router’s switch module Configure the router port connected to the network switch to use VLAN4

5-214: Ralph is working with an Asymmetric Digital Subscriber Line (ADSL) router that has a switch module containing four Ethernet ports, all of which are assigned to VLAN2. Ralph can plug a laptop into one of the router’s ports and access the Internet with no problems. Ralph now needs to connect the ADSL router to the company network. However, when Ralph plugs the router into a network switch port in VLAN4, the switch starts generating “Native VLAN mismatch detected” errors every minute. To correct the problem, Ralph attempts to create a VLAN4 on the router, but he receives a “Feature not licensed” error. Which of the following actions can Ralph take to resolve the problem? (Choose all that apply.) Purchase a feature upgrade for the router Create a VLAN2 on the switch Configure the router to use VLAN1 Configure the switch to use VLAN1

Purchase a feature upgrade for the router Create a VLAN2 on the switch

5-215: Clients of Ralph’s company are calling to complain that, when they try to access the company’s website, they see an error message stating that the website has an untrusted security certificate. They are afraid that they are connecting to an unprotected site or that the site has been taken over by hackers. What must Ralph due to address this problem? Obtain an SSL certificate from a trusted third-party company Configure the web servers to generate a self-signed certificate Install a certification authority on one of the network servers Explain to the clients that it is safe to bypass the error message and proceed to the website

Obtain an SSL certificate from a trusted third-party company

5-216: Ralph is a network administrator who has had a Windows user report difficulties accessing certain other computers on the network. Ralph determines that the user is only experiencing problems when trying to connect to a system on the far side of a router. Ralph therefore decides to inspect the routing table on the user’s computer. Which of the following tools can he use to do this? (Choose all that apply.) nbtstat route nslookup netstat

route netstat [-r]

5-217: A user calls Alice at the help desk to report that he cannot access the Internet. He canaccess systems on the local network, however. Alice examines the routing table on the user’s workstation and sees the following. Which of the following commands must Alice run to correct the user’s problem? *IPv4 Route Table Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.2.0 255.255.255.0 On-link 192.168.2.37 281 193.192.168.2.37 255.255.255.255 On-link 192.168.2.37 281 194.192.168.2.255 255.255.255.255 On-link 192.168.2.37 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.2.37 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.2.37 281 Persistent Routes: None* * route add 0.0.0.0 MASK 0.0.0.0 192.168.2.37 METRIC 25 IF 192.168.2.99 * route add 0.0.0.0 MASK 255.255.255.0 192.168.2.99 METRIC 25 IF 192.168.2.37 * route add 192.168.2.0 MASK 255.255.255.0 192.168.2.99 METRIC 25 IF 192.168.2.37 * route add 0.0.0.0 MASK 0.0.0.0 192.168.2.99 METRIC 25 IF 192.168.2.37

route add 0.0.0.0 MASK 0.0.0.0 192.168.2.99 METRIC 25 IF 192.168.2.37

5-220: Ralph is a network administrator for a company with several branch offices, each of which has a Windows domain controller. There have been problems lately with the domain controllers synchronizing their data, and Ralph suspects that the problem is related to the Network Time Protocol (NTP) settings on the servers. Examining the server logs on the various domain controllers, he sees multiple errors saying, “Server NTP service not synchronized.” All of the other server functions are running normally. Which of the following could be the cause of the problem Ralph is experiencing? Name resolution failure Unresponsive database service on the servers Incorrect TCP/IP settings on the servers Incorrect firewall settings on the servers

Incorrect firewall settings on the servers