Domain 2: Infrastructure Flashcards

Question

In which of the following ways does a virtual switch differ from a physical switch? A. Virtual switches have an unlimited number of ports, whereas physical switches have a specific number. B. Physical switches typically support the creation of VLANs, whereas virtual switches do not. C. Virtual switches cannot forward traffic to the host server running them, whereas physical switches can forward traffic to all connected computers. D. Physical switches always include layer 3 functionality, whereas virtual switches do not.

Answer 1

A. Virtual switches have an unlimited number of ports, whereas physical switches have a specific number. It is true that virtual switches can have unlimited ports, whereas physical switches are limited to the number of physical ports in the device. Both virtual and physical switches can support virtual local area networks (VLANs). Virtual switches can forward traffic to the host server. Physical switches do not always include layer 3 (routing) functionality.

Answer 2

D. 128 Gbps The current Fibre Channel standard calls for a maximum data transfer rate of 128 gigabits per second (Gbps), for a nominal throughput of 12,800 megabytes per second (MBps).

Answer 3

C. VoIP Voice over Internet Protocol (VoIP) is a technology for the transmission of voice communications over IP networks; it is not a SAN protocol. Internet Small Computer Systems Interface (ISCSI), Fibre Channel over Ethernet (FCoE), and Fibre Channel are all SAN protocols.

Answer 4

B. Voice over IP A virtual PBX is an arrangement in which a telephone company provides the PBX services to a customer but maintains the actual hardware at their own facility. The recent emphasis on cloud computing has led to a number of hosted PBX solutions that use Voice over IP (VoIP) to provide services to customers. Quality of service (QoS) is a technique for prioritizing traffic by tagging packets based on their content. It is not a virtual PBX technique. The Cache Array Routing Protocol (CARP) enables proxy servers to exchange information; it does not provide virtual PBX services. In round-robin DNS, a DNS server contains multiple resource records for the same server name, each with a different IP address representing one of the computers running the server application. When a client resolves the server name, the DNS server accesses each of the resource records in turn so that each address theoretically receives the same number of visitors. This is not a virtual PBX technology.

Answer 5

A. VoIP PBX A private branch exchange (PBX) switches internal calls and provides access to external lines. A VoIP PBX performs the same tasks as a traditional PBX. A VoIP gateway is the device that provides the conduit between an IP network and the Public Switched Telephone Network (PSTN). A VoIP endpoint is a device that makes use of the VoIP system, such as a computer or handset. A multilayer switch is a data networking device that includes both switching and routing capabilities.

Answer 6

A. Multilayer switch A multilayer switch is a network connectivity device that function at both layer 2 and layer 3 of the OSI model. At layer 2, the device functions like a normal switch, providing individual collision domains to each connected node and enabling administrators to create multiple VLANs. At layer 3, the device also provides routing capabilities by forwarding packets between the VLANs. Virtual routers, load balancers, and broadband routers are strictly layer 3 devices that can route traffic but cannot create VLANs.

Answer 7

B. Service-dependent filtering Service-dependent filtering blocks traffic based on the port numbers specified in the transport layer header fields. Because port numbers represent specific applications, you can use them to prevent traffic generated by these applications from reaching a network. IP address filtering operates at the network layer. Deep packet inspection (DPI) scans the contents of packets, rather than their headers. Next generation firewall (NGFW) defines a device with advanced protection capabilities; port number scanning is a basic firewall function.

Answer 8

B. Fibre Channel The Fibre Channel standard defines a five-layer networking stack, with layers numbered FC-0 to FC-4, that does not correspond to the layers of the OSI model. Internet Small Computer System Interface (iSCSI), Point-to-Point Protocol (PPP), and Remote Direct Memory Access (RDMA) all function within the standard OSI model layers.

Answer 9

C. Cable broadband The Data Over Cable Service Interface Specification (DOCSIS) is a telecommunications standard that defines the manner in which data is to be transmitted over a cable television system. DOCSIS does not apply to dial-up modem, Digital Subscriber Line (DSL), and Integrated Services Digital Network (ISDN) connections.

Answer 10

B. Bridge A bridge can split a single network into two collision domains, because it forwards only the packets that are destined for the other side of the bridge. The bridge forwards all broadcast packets, so it maintains a single broadcast domain. A hub maintains a single collision domain and a single broadcast domain. A switch creates a separate collision domain for each port, and a single broadcast domain for the entire network. A router creates two collision domains, but it does not forward broadcasts, so there are two broadcast domains as well.

Answer 11

D. VPN concentrator A virtual private network (VPN) concentrator is a type of router that enables multiple client systems to access a network from remote locations. It does not distribute traffic among servers. A load balancer is a type of router that forwards traffic with a single IP address to multiple servers in turn. Round-robin DNS is a technique in which a DNS server resolves a name into several IP addresses, each in turn. A Network Load Balancing (NLB) cluster is a group of servers, all running the same application, that distribute incoming traffic among themselves.

Answer 12

C. RADSL Rate-Adaptive Digital Subscriber Line (RADSL) technology can adjust its rate of transmission based on line conditions. High-bit-rate Digital Subscriber Line (HDSL), Very high-rate Digital Subscriber Line (VDSL), and Internet Digital Subscriber Line (IDSL) do not use rate adaptive transmission.

Answer 13

A. Modem-to-modem Modem-to-modem connections use the existing analog Public Switched Telephone Network (PSTN) network to carry data over standard telephone lines. All modem-to-modem connections are limited to analog signaling and therefore must perform modulation and demodulation. This means that the modems convert digital signals to analog signals before transmitting them over the PSTN network. Modems then convert the digital signals back to analog at the destination. ISDN, DSL, and cable broadband all use digital signaling from end to end.

Answer 14

E. 672 A T-3 leased line connection is the equivalent of 28 T-1 connections. Each T-1 consists of 24 channels, so a T-3 has a total of 672 channels (28 × 24).

Answer 15

C. Content filters examine the data carried within packets for potentially objectionable materials. Content filters are a firewall feature that examines the data inside packets, rather than their origin, to locate objectionable material such as pornography. They do not scan IP addresses, nor do they detect typical types of malware. Content filters are not implemented in switches

Answer 16

A. Initiator The client side of an iSCSI implementation is called an initiator. The storage device to which the initiator connects is called a target. Controller and adapter are not terms used for iSCSI clients or servers.

Answer 17

D. A broadband CATV connection In this scenario, the best solution is for Ralph to use his existing CATV service the remote connection. CATV offers faster data rates than standard modem-to-modem service and supports VPN connections. A dedicated fractional T-1 line is expensive and is not typically used for remote user connections. Since Ralph's telephone lines are not run through conduit and the distance to the central office is more than 18,000 feet, he probably cannot use DSL technology, because it requires good-quality lines and close proximity to a central office.

Answer 18

C. RG-58, 50-ohm, 0.195-inch, coaxial cable with BNC connectors Thin Ethernet networks use a type of 50-ohm coaxial cable called RG-58, which is 0.195 inches in diameter and uses BNC connectors. 75-ohm coaxial cable with F connectors is used for cable television networks, and RG-8 coaxial is the cable that Thick Ethernet networks use.

Answer 19

D. A gateway A gateway enables two devices using different protocols to communicate by performing translation and conversion services for them. Routers, hubs, and switches all require the same protocol at some of the OSI model layers.

Answer 20

D. Which server has the fastest processor In most cases, a load balancing router works by processing incoming traffic based on rules set by the administrator. The rules can distribute traffic among a group of servers using various criteria, such as each server's current load or response time or which server is next in a given rotation. Load balancers typically do not use the hardware configuration of the servers to direct traffic, since this is a factor that does not change.

Answer 21

A. Ethernet

Answer 22

D. A virtual switch enables virtual machines running on the same hypervisor to communicate with each other internally. In most virtualization products, when you create multiple virtual machines on one host computer, they can communicate with each other internally using a built-in virtual switching capability. A computer with multiple network adapters can function as a router, but not as a switch. Layer 3 switches can provide virtual routers that connect VLANs together, but not virtual switches. The function that enables VLANs on different switches to communicate is called trunking, not virtual switching.

Answer 23

C. Routers store and maintain route information in a local text file. Routers store and maintain route information in a routing table that is stored in memory, not in a local text file. All of the other statements about routers are true.

Answer 24

A. Hypervisor The hypervisor is the hardware or software component responsible for managing virtual machines and providing the virtualized hardware environment on which they run. Virtual servers and virtual switches are components that are part of the virtual network infrastructure enabled by the hypervisor. A virtual private network (VPN) concentrator is a type of router that enables multiple remote clients to connect to a network; it has nothing to do with virtual networking.

Answer 25

A. A device located between two networks that enables administrators to restrict incoming and outgoing traffic A firewall is a filter that can prevent dangerous traffic originating on one network from passing through to another network. A device that connects two networks together and forwards traffic between them is a router, not a firewall. A device that enables Internet network clients with private IP addresses to access the Internet is a description of a NAT router or a proxy server, not a firewall. A device that caches Internet data is a proxy server or caching engine, not a firewall.

Answer 26

C. Switches reduce the number of collisions on the network. The main reason why switches improve the efficiency of an Ethernet LAN is that they create a separate collision domain for each switched port, eliminating most collisions. Collisions result in packets having to be retransmitted, so fewer collisions means fewer retransmissions, which improves performance. Switches do not forward packets faster than hubs. Switches do forward broadcast transmissions. Switches do read hardware addresses, not IP addresses.

Answer 27

E. An Integrated Services Digital Network (ISDN) Primary Rate Interface (PRI) connection For this scenario, the only solution that meets all the company's needs is an ISDN PRI connection. All of the specified options, except for the PSTN modem connection, provide sufficient bandwidth for the application. However, only the ISDN and PSTN links can be disconnected when not in use. Therefore, ISDN is the only possibility.

Answer 28

D. Application A proxy server is an application layer service because it receives Internet service requests from client computers, reads the application layer protocol data in each request, and then generates its own request for the same service and transmits it to the Internet server the client specifies. Only an application layer service can read and process the application layer data in network packets. A proxy server cannot be a data link layer device because it can provide Internet access to an entire internetwork, while the data link layer is concerned with communications on a single subnet. Proxy servers cannot be network layer devices because the network layer handles all internetwork packets indiscriminately and is unaware of what application generated the data carried inside the packets. The transport layer is not involved in processing application data, so proxy servers cannot be said to function at the transport layer.

Answer 29

D. EAP Extensible Authentication Protocol (EAP) is a shell protocol used with Point-to-Point Protocol (PPP), which enables systems to support various types of authentication mechanisms. The primary advantage of EAP is that it enables a computer to use mechanisms other than passwords for authentication, including public key certificates, smartcards, and biometric devices, such as fingerprint scanners. Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) support only password authentication. Point-to-Point Tunneling Protocol (PPTP) is a virtual private networking (VPN) protocol, not an authentication protocol.

Answer 30

A. The switch has the fifth computer connected to a VLAN different from that of the other four. If the fifth computer is in a different VLAN from the other four, it would be unable to communicate with them. A switching loop would affect communication between all of the computers, not just the fifth one. An MTU black hole is a condition in which a system is unable to complete the Path MTU Discovery process, due to an intervening firewall. Because these five computers are all on the same LAN, they all have the same MTU, and Path MTU Discovery is not necessary. A virtual router would enable switched computers on different subnets to communicate with each other; it would not prevent them from communicating.

Answer 31

D. Demarc The demarc, or demarcation point, is the place where a service enters the building, and where the service provider's physical layer responsibility ends. The patch panel, the switch, and the firewall are all inside the network, and they are the responsibility of the subscriber.

Answer 32

C. Source route Source route bridging was a technique used on Token Ring (and not Ethernet) networks, in which a Routing Information Field (RIF) in the packet header identified the network segments the packet should follow to reach its destination. Store and forward, transparent, and multiport bridges have all been used on Ethernet networks.

Answer 33

C. Smart jack A smart jack is a device located at the demarcation point of a leased line that can provide additional functions, such as signal conversion, diagnostic testing, and other capabilities. A Session Initiation Protocol (SIP) trunk is a connection to a Voice over Internet Protocol (VoIP) service provider. A media converter is a local area networking devices that connects different cable types to the same network. An AAA server provides authentication, authorization, and accounting services for remote access servers.

Answer 34

A. Cut off the excess wire that protrudes past the contacts. You use a punchdown block tool to connect the ends of bulk cable runs to jacks in wall plates and patch panels. The steps of the process are as follows: Strip some of the insulating sheath off the cable end to expose the wires. Separate the twisted wire pairs at the ends. Strip a small amount of insulation off each wire. Insert the wires into the appropriate contacts in the jack. Press the bare wire down between the two metal contacts that hold it in place. Cut off the excess wire that protrudes past the contacts. You must repeat the process of punching down for both ends of your internal cable runs.

Answer 35

A. Hub A repeater is a physical layer device that regenerates incoming signals and retransmits them. A hub is a type of repeater that receives data through any one of its multiple ports and retransmits the data out through all of its other ports. Bridges and switches are data link layer devices, and routers are network layer devices. None of these three can be described as multiport repeaters.

Answer 36

A. SDH Synchronous Digital Hierarchy (SDH) is the European equivalent of SONET. Optical carrier 3 (OC-3) is one of the SONET data rates. E-3 is the European equivalent of the T-3 connection in the United States. Asynchronous Transfer Mode (ATM) is a cell-switched protocol that is designed to carry voice, data, and video traffic by splitting it into uniform 53-byte cells.

Answer 37

E. None of the above The Fibre Channel standard defines a unique, five-layer protocol stack that does not correspond to the OSI model layers. Therefore, Fibre Channel does not use Ethernet, nor does it use Transmission Control Protocol (TCP), Internet Protocol (IP), User Datagram Protocol (UDP), or any of the other TCP/IP protocols.

Answer 38

D. Media converter A simple media converter is a physical layer device that can connect different types of network media together, as long as they have the same speed and duplex settings. Because the converter simply retransmits the signals, the single-collision domain is maintained. Bridges and switches are data link layer devices that create multiple-collision domains. Routers are network layer devices that create separate collision and broadcast domains.

Answer 39

A. RADIUS server A Remote Authentication Dial-In User Service (RADIUS) server can provide centralized authentication, authorization, and accounting services for multiple remote access servers, using a single set of user accounts. A virtual private network (VPN) concentrator is a type of router that enables multiple client systems to access a network from remote locations. A load balancer is a type of router that forwards traffic with a single IP address to multiple servers in turn. Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) can detect and prevent malicious behavior. None of these devices can provide authentication services.

Answer 40

A. Public Switched Telephone Network (PSTN) The current industry standard transmission speed for modem communication using PSTN connections is 56 Kbps in one direction and 33.6 Kbps in the other. To achieve 56 Kbps, one of the devices must have a digital connection to the PSTN. ISDN, DSL, and cable broadband all support faster transmission speeds.

Answer 41

C. Packet forwarding Packet forwarding is a function typically associated with routers and is not a normal function of a UTM appliance. UTM appliances do typically perform VPN, firewall, and antivirus functions.

Answer 42

D. Frame relay Frame relay is a packet switching service that uses a single leased line to replace multiple leased lines by multiplexing traffic through a cloud. Asynchronous Transfer Mode (ATM) uses a switched fabric, but it is not referred to as a cloud. A fractional T-1 is part of a leased line that connects two points, so there is no switching involved and no cloud. SONET is a physical layer standard that defines fiber-optic connections; it does not call for switching or use the term cloud.

Answer 43

B. Wireless controller In many enterprise wireless networks, the access points do not run a full operating system and are called thin or lightweight APs. The network also has a device called a wireless controller that performs some of the required tasks and manages the APs. A wireless endpoint is another term for a computer or other device that is a client on the wireless network. Hypervisors and demarcation points have nothing to do with wireless networking. A hypervisor creates and manages virtual machines on a host server, and a demarcation point is the interface between a private network and an outside telecommunications service.

Answer 44

B. Virtual switch You can create virtual local area networks (VLANs) on a virtual switch, just as you can create them on many physical switches. In most cases, virtual components function just like their physical counterparts. Virtual NICs are components of virtual machines and therefore do not provide functions spanning entire networks. Virtual routers function at the network layer and virtual firewalls at the application layer, so neither of these can host VLANs, which operate at the data link layer.

Answer 45

A. RADIUS A Remote Authentication Dial-In User Service (RADIUS) server can provide authentication, authorization, and accounting services for remote access servers. Intrusion detection systems (IDSs), Next Generation Firewalls (NGFWs), and network attached storage (NAS) devices do not provide authentication services.

Answer 46

D. A coaxial cable and an F-type connector The cable type and connector used to attach a television set to a CATV network is a coaxial cable with a screw-on F-type connector. Although CATV networks typically use fiber-optic cables and ST connectors for outdoor connections, they do not use fiber for internal connections to television sets. Coaxial cables with BNC connectors are most commonly used for Thin Ethernet LANs, not CATV network connections. Twisted pair cables and RJ45 connectors are used for Ethernet LANs and telephone networks, but not CATV networks. AUI cables and vampire tap connectors are used for Thick Ethernet networks.

Answer 47

D. A splitter In a DSL connection, a signal splitter is needed at the customer site to separate the lower frequency voice range from the higher frequencies used by data traffic. The higher frequency signals are handled at the central office by a DSLAM device. Lower frequency signals carrying voice traffic are handled at the central office by a CODEC device. A signal terminator is not required by DSL.

Answer 48

C. Install CAT6 or CAT6a UTP cable for the LANs. These cables run at 1 Gbps and provide a migration path to 10 Gbps. Use multimode fiber-optic cable for the backbone network. Either CAT6 or CAT6a UTP cable will provide the currently required 1 Gbps data rate, with a migration path to 10 Gbps in the future. The backbone cabling connecting the two LANs needs to be fiber optic, since it exceeds the distance limitations of twisted pair and coaxial cable. CAT5 cable conceivably runs at 1 Gbps; however, it does not run at 10 Gbps.

Answer 49

A. Scan transport layer header fields for evidence of SYN floods A firewall that supports stateful packet inspection examines other network and transport layer header fields, looking for patterns that indicate damaging behaviors, such as IP spoofing, SYN floods, and teardrop attacks. Port number filtering is the most commonly used form of packet filtering; it is not the same as stateful packet inspection. Blocking traffic based on IP addresses prevents specific systems from accessing a network; stateful packet inspection is a much more complicated operation. Packet filtering based on protocol identifiers enables you to block TCP traffic; this is not stateful packet inspection.

Answer 50

B. Integrated Services Digital Network (ISDN) ISDN has a separate channel, referred to as the D channel, which devices use for control and synchronization. The other channels (or circuits) carry data and are referred to as B channels. Modem-to-modem communication uses in-band signaling, which means that both control/synchronization and data traffic are carried over the same circuit. L2TP and PPTP are tunneling, not WAN, protocols.

Answer 51

B. Data link and network MPLS is a data-carrying service that is often said to operate between the data link layer and the network layer. It is therefore sometimes called a layer 2.5 protocol. MPLS can be used to carry IP datagrams as well as Ethernet, Asynchronous Transfer Mode (ATM), and Synchronous Optical Network (SONET) traffic.

Answer 52

B. Fiber optic Attenuation is the weakening of a signal as it travels over a transmission medium. Fiber-optic cables can carry signals for great distances with little attenuation, far less than any copper medium. Wireless and satellite media, by transmitting signals through air, suffer the most attenuation of any of these options.

Answer 53

C. iSCSI includes its own internal flow control mechanism, whereas Fibre Channel does not. iSCSI does not include its own flow control mechanism. It runs over a TCP connection, which is the protocol responsible for flow control. Because it runs on any IP network, iSCSI traffic is routable, and it is less expensive to implement. Fibre Channel requires a dedicated network using fiber-optic cable. iSCSI traffic can coexist with standard LAN traffic on a single network, although some type of quality of service (QoS) mechanism is frequently recommended.

Answer 54

D. A punchdown block tool Installers use a punchdown block tool to connect the ends of bulk cable runs to jacks in wall plates and patch panels. A crimper or crimping tool is a jawed device that enables installers to squeeze the two halves of an RJ45 or RJ11 connector together, securing the connector to the cable. Installers use a splicing tool to splice two cable segments together. There is no tool called a pigtail.

Answer 55

A. Category 3 (CAT3) CAT3 cable was originally intended for use in voice-grade telephone networks but was later certified for use in data networks. CAT3 cable can support data transfer rates from 4 Mbps up to 100 Mbps (using the now-deprecated 100Base-T4 and 100VG-AnyLAN standards). Although this type of cable could run at 100 Mbps, it was seldom used at speeds greater than 10 Mbps. CAT5 cable was the primary replacement for CAT3, supporting data rates up to 100 Mbps. CAT5e and CAT6 are rated for data rates up to 1 Gbps, as on Gigabit Ethernet networks. CAT6 can even support 10 Gbps transfer rates over shorter distances.

Answer 56

B. Router A virtual private network (VPN) concentrator is a type of router that enables multiple client systems to access a network from remote locations. Because the device provides an interface between networks, it is considered to be a type of router, not a switch, a gateway, or a bridge.

Answer 57

D. Fractional T-1 A subscription to part of the T-1 leased line is called a fractional T-1 service. This service enables you to purchase some of the 24 DS0 channels in a T-1 connection. An E-1 is the European version of a T-1. A B channel is part of an Integrated Services Digital Network (ISDN) service, not a T-1. An OC-1 is a fiber-optic connection on the Synchronous Optical Network (SONET) service.

Answer 58

B. Convergence The process by which STP populates its database with information about each port in a switch and designates the ports as forwarding or blocking is called convergence.

Answer 59

B. RG-58 RG-58 coaxial cable is used exclusively for Thin Ethernet segments. RG-8 cable is used for Thick Ethernet segments. RJ45 is a connector type used in twisted pair cabling for data networks. RJ11 is a connector type used in twisted pair cabling for telecommunications networks.

Answer 60

D. PPPoE Point-to-Point Protocol over Ethernet (PPPoE) is designed to connect multiple computers to a remote network using an Ethernet LAN and broadband technology, while establishing a separate PPP connection between each computer and a given remote service. The Extensible Authentication Protocol (EAP) is a shell protocol that enables systems to use various types of authentication mechanisms. The primary advantage of EAP is that it enables a computer to use mechanisms other than passwords for authentication, including public key certificates, smartcards, and biometric devices, such as fingerprint scanners. The Remote Desktop Protocol (RDP) was designed to enable Remote Desktop Services servers and clients to communicate. It is an application layer protocol that has nothing to do with extending PPP connections to Ethernet networks. IPsec provides security for IP network communications; it does not extend PPP connections to Ethernet networks.

Answer 61

D. Replace the 100Base-T switch with a 1000Base-T switch and leave the existing cables and network interface adapters in place. The multispeed network interface adapters in the computers can run at 1 Gbps speed using the existing CAT5 cable, but the 100Base-T switch must be replaced with a 1000Base-T switch. While the network might run better with a cable upgrade, it is not immediately necessary. Replacing the network interface adapters is not necessary because the existing multispeed adapters can run at 1 Gbps if they are connected to a 1000Base-T switch.

Answer 62

D. A group of devices connected so that when two devices transmit at exactly the same time, a data collision occurs A collision domain is a LAN with a shared network medium, so that two devices transmitting at the same time generate a signal quality error, also known as a collision. Ethernet LANs connected by hubs create a shared medium, whereas switched networks create a separate collision domain for each connected node. Routers create separate collision domains. A group of computers able to receive broadcasts is the definition of a broadcast domain, not a collision domain. Overlong cables can precipitate collisions but do not define a collision domain.

Answer 63

A. Hubs Hubs are network devices that simply receive signals through one port, electrically enhance them, and transmit them out through another port. Routers, switches, and bridges are capable of reading the signals and processing them, which classifies them as intelligent.

Answer 64

B. The place where an outside service enters the building A demarcation point, or demarc, is the place where an outside telecommunications service meets a customer's private network, which is typically where the service enters the building. The demarc is also the place where the responsibility of the network administrator ends. If a problem occurs outside the demarc, it is up to the service provider to fix it. Inside the demarc, it is the network administrator's problem.

Answer 65

C. NGFW Next Generation Firewalls (NGFWs) expand on the packet filtering capabilities of traditional firewalls by adding features such as deep packet inspection (DPI) and intrusion prevention systems (IPSs), as well as inspection of encrypted traffic and antivirus scanning. Remote Authentication Dial-In User Service (RADIUS) servers can provide centralized authentication, authorization, and accounting services. A CSU/DSU is a device that provides a router on a private network with access to a leased line. A proxy server is an application layer service that receives Internet service requests from client computers, reads the application layer protocol data in each request, and then generates its own request for the same service and transmits it to the Internet server the client specifies.

Answer 66

C. Host A computer with a hypervisor, on which you can create virtual machines, is referred to as a host. The virtual machines themselves are called guests. Network attached storage (NAS) refers to a device containing shared drives that is connected to a network. A storage area network (SAN) is a separate network dedicated to shared storage devices.

Answer 67

B. SDSL The word symmetric in Symmetric Digital Subscriber Line means that the service provides equal amounts of bandwidth in both directions. The asymmetric in Asymmetric Digital Subscriber Line means that the service provides more downstream bandwidth than upstream. Cable and satellite services are also asymmetric, providing more bandwidth downstream than upstream.

Answer 68

C. 28 A T-3 leased line connection is the equivalent of 28 T-1 connections. Each T-1 consists of 24 channels, so a T-3 has a total of 672 channels (28 × 24), for an overall transfer rate of 44.736 Mbps.

Answer 69

B. Deep packet inspection Deep packet inspection (DPI) is a firewall technique that examines the data carried in packets and not just the protocol headers. While traditional firewalls typically do not support DPI, Next Generation Firewalls (NGFWs) often do. Stateful packet inspection, Network Address Translation (NAT), and virtual private network (VPN) support are all features that are commonly supported by traditional firewall products.

Answer 70

C. Proxy server Broadband routers generally do not function as proxy servers, which are application layer devices used to regulate access to the Internet. Many broadband routers are also wireless access points, enabling users to construct a LAN without a complicated and expensive cable installation. Many broadband routers have switched ports for connections to wired devices, such as printers and computers. Most broadband routers use DHCP to assign IP addresses to devices on the private network.

Answer 71

D. DSL uses a higher frequency range. DSL technology provides higher data rates because it uses frequency ranges that are higher than the standard voice spectrum. DSL connections use from 10 kHz and above, whereas the standard voice spectrum uses 300 Hz to 4 kHz. DSL does not use separate control circuits and does not perform CRC functions. Also, DSL technology is strictly digital and does not require an analog-to-digital conversion.

Answer 72

C. When cables must run through heating ducts A plenum space is an area of a building that provides air circulation as part of its heating or cooling system, such as a heating or air conditioning duct. Plenum cables have a sheath made of a fire retardant material that does not outgas toxic fumes should it be exposed to fire. When network cables are installed in plenum spaces, many local building codes require that installers use plenum-rated cables conforming to specific standards. Plenum cables provide no benefit when installed near other cables, or EMI sources, or when they exceed specified lengths.

Answer 73

C. VLANs are limited to data link layer communication only. To allow communication between VLANs, Alice must add a router or a layer 3 switch to the network and configure it to route traffic between the VLANs. VLANs are data link layer local area networks (LANs) defined within switches. Only devices (and users) connected to ports belonging to the same VLAN can communicate with each other until a layer 3 device, such as a router or a layer 3 switch, is added to the network. Re-creating and reconfiguring the VLANs will not correct this problem. Traffic filters are usually implemented on routers. VLANs do not have to use the same data link protocol.

Answer 74

A. Cut-through Cut-through switches are fast because they look at only the first six bytes (the destination media access control, or MAC, address) when forwarding a frame. They do not perform a cyclical redundancy check (CRC) on the entire frame's contents prior to forwarding it out a port leading to the destination. Source route is a bridging technique in which the source host, not the switch, determines the path a frame will take through a network to reach a destination. Store-and-forward switches take in the entire frame and verify its contents by performing a CRC calculation before forwarding it. There is no switch called a destination switch.

Answer 75

C. Install a personal firewall on each of the computers. A personal firewall is an inexpensive way to protect an individual computer from Internet incursions. Three copies of the product are much less expensive than any of the other suggested solutions. Installing a hardware firewall is a complex and expensive solution, not suitable for a small network. An IPS is a relatively expensive solution, suitable for larger networks. An IDS is a relatively expensive solution, and connecting it to a switched port would not enable it to protect the other computers on the network. A port scanner is a device that performs scans on demand. It does not continuously monitor ports, and it does nothing to protect them.

Answer 76

C. Internet service providers needed PPP's authentication and encryption services for cable broadband and Digital Subscriber Line (DSL) customers. Cable broadband and DSL subscribers typically connect to ISP networks that run Ethernet, but Ethernet has no built-in authentication or encryption mechanisms. PPP has the ability to use external authentication and encryption protocols, so by encapsulating PPP within Ethernet frames, users are able to log on to the ISP network securely. PPPoE has nothing to do with the subscriber's internal home network, which can run standard Ethernet. PPPoE does not replace the Ethernet frame with PPP, so it would not reduce network overhead. LAN users do not share files using PPP.

Answer 77

E. Coaxial Thick Ethernet installations used a type of coaxial cable called RG-8. To connect a node to the network, installers ran a separate cable called an attachment unit interface (AUI) cable from the computer to the RG-8 and connected it using a device called a vampire tap that pierced the sheathing to make contact with the conductors within. All of the other cable types listed use different types of connectors.

Answer 78

B. In Type I virtualization, the hypervisor runs directly on the physical computer hardware, whereas in Type II virtualization, a host operating system runs on the computer hardware and the hypervisor runs on top of the host OS. Type I virtualization does not require a host OS, whereas Type II virtualization does. Both Type I and Type II virtualization can use processors with hardware virtualization assistance, but only Type I requires it. The type of virtualization does not impose any limit on the number of virtual machines supported; any limitations are left to the individual implementation. Both Type I and Type II virtualization can share a single processor among virtual machines.

Answer 79

A. InfiniBand InfiniBand is a high-end storage infrastructure technology that provides data transfer rates of up to 2.5 Gbps and scalable support for up to 64,000 devices. It is primarily used in high-performance computing environments to replace older bus technologies connecting processors to storage arrays. Fibre Channel, Internet Small Computer System Interface (iSCSI), and Fibre Channel over Ethernet (FCoE) are all SAN technologies, but they are more commonly used in local area network (LAN) environments.

Answer 80

A. IDS Intrusion detection systems (IDSs) are designed to monitor network traffic for anomalies and send notifications to administrators. Uninterruptible power supplies (UPSs), Remote Authentication Dial-In User Service (RADIUS) servers, denial-of-service (DoS) attacks, and Remote Access Service (RAS) servers all have nothing to do with network monitoring.

Answer 81

B. Switch A switch is a data link layer device that essentially performs the function of a bridge for each device connected to one of its ports. It can therefore be described as a multiport bridge. Routers, hubs, and gateways are devices that operate at the network, physical, and application layers, respectively, so they cannot be described as bridges.

Answer 82

D. Smart jack The network interface device (NID) at the demarcation point of a leased line can be a simple RJ45 jack, but many service providers install smart jacks, which can also provide signal conversion, diagnostic testing, and other capabilities. Punchdown blocks, 110 blocks, and channel service unit/data service units (CSU/DSUs) are all telecommunications components located inside the demarc, on the subscriber's private network.

Answer 83

C. VoIP gateway A VoIP gateway is a device that provides a conduit between an IP network and the Public Switched Telephone Network (PSTN). The gateway enables standard telephones connected to the PSTN to place calls using VoIP services on the Internet. A proxy server is an application layer device that provides web browsers and other client programs to access the Internet. A virtual private network (VPN) concentrator is a type of router that enables multiple client systems to access a network from remote locations. A unified threat management (UTM) appliance typically performs VPN, firewall, and antivirus functions.

Answer 84

A. Hubs are data link layer devices that connect network devices in a star or ring topology. Hubs (or concentrators) are physical layer devices that amplify and repeat signals out all ports except the one through which the data was received, regardless of the destination. Hubs are used to physically connect end systems to a star topology. Hubs typically provide an internal crossover circuit connection. Uplink ports are used to extend the distance of a star network, forming a hierarchical star.

Answer 85

C. A medium that uses a cable with a relatively large diameter The term broadband has nothing to do with the width of the cable. However, the term has been used to refer to a transmission medium that carries multiple signals, that carries a wide range of frequencies, that is faster than a dial-up modem, and that provides an always-on, high-speed connection to the Internet.

Answer 86

A. Multimode fiber-optic cable Multimode fiber-optic cable best meets the client's needs. Fiber-optic cable supports the required 1000 Mbps data rate and can connect networks that are more than 1,000 feet apart. Fiber-optic cable is immune to EMI. Although both multimode and single-mode fiber would meet the corporation's general needs, multimode is best in this scenario because it is less expensive than single-mode fiber. Twisted pair wiring (STP or UTP) meets the data rate and cost requirements but does not support connections longer than 100 meters. Thin coaxial cable does not support the data rate or distances longer than 185 meters.

Answer 87

B. The solution achieves the primary goal but neither of the secondary goals. Although the design calls for an archaic technology, a Thin Ethernet network runs at 10 Mbps and can support 20 workstations over a maximum distance of 185 meters, thus achieving the primary goal. However, Thin Ethernet uses copper-based coaxial cable, which is susceptible to EMI, and it uses a bus topology, which is not tolerant of a cable break. Therefore, the solution doesn't achieve either of the secondary goals.

Answer 88

C. Multiport bridge A switch is best described as a multiport bridge because it reads the hardware addresses of incoming packets and forwards them out through the port for the destination node. Although a switch does function at layer 2 of the OSI model (the data link layer), it is not a router, which connects networks together at layer 3 (the network layer). Hubs and repeaters are physical layer (layer 1) devices that are not capable of performing the functions of a switch.

Answer 89

B. CSU/DSU A channel service unit/data service unit (CSU/DSU) is a device that provides a LAN router on a private network with access to a leased line WAN connection. Quad Small Form-Factor Pluggable (QSFP) is a standard for a type of modular transceiver, often used on fiber-optic installations. A Session Initiation Protocol (SIP) trunk provides a connection between the private and public domains of a unified communications network, such as a LAN and the Public Switched Telephone Network (PSTN). An intrusion detection system/intrusion prevention system (IDS/IPS) is a network hardware or software security appliance that detects malicious activity and attempts to block it.

Answer 90

B. Routing Bridges are data link layer (layer 2) devices. Routing is a network layer (layer 3) function, so it is not a type of bridge. A store-and-forward, or simple, bridge examines each packet and decides whether to forward it to the connected network. A transparent bridge compiles a database of forwarding information, based on the packets it has processed previously. A multiport bridge provides connections to multiple networks; a switch is a type of multiport bridge.

Answer 91

C. Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) ISDN BRI is sometimes referred to as 2B+D. B channels are 64-Kbps circuits that carry user data. A single D channel carries control and synchronization information. An ISDN PRI connection has 23 B channels, not 2. DSL does not use B and D channels. T-1 circuits consist of 24 channels, all of which carry data and control information.

Answer 92

E. Mesh topology, fiber-optic cabling, and internal installation Ralph should use a mesh topology with redundant fiber-optic cable runs and an internal installation method. This will meet the requirements for connecting the LANs and for providing redundancy and fault tolerance. Fiber-optic cable is immune to electromagnetic interference (EMI) and can span long distances. The internal installation method is most often used in larger networks, where end systems are geographically distant, such as different buildings and floors. The star topology will not fulfill the requirements of this backbone network since it provides no redundancy. Twisted pair cable can't span distances more than 100 meters, and it is highly susceptible to EMI. Coaxial cable can't span distances more than 500 meters, and it is also susceptible to EMI. The bus topology cannot use twisted pair cabling and doesn't support cable runs longer than 500 meters.

Answer 93

B. Bridges and switches are data link layer devices that use Media Access Control (MAC) addresses to forward frames. Bridges and switches are data link layer devices that forward frames based on the destination MAC address contained in the frame. They operate in promiscuous mode, listening and processing all frames on each segment, and they build forwarding tables with this information. Forwarding tables are built based on source MAC addresses. Bridges are protocol independent; they are not involved with the upper layer protocols being carried on the LAN. Broadcast domains are defined by network layer devices, not data link layer devices.

Answer 94

D. Patch panel The cabling nexus in a telecommunications room is called a patch panel. A telepole is a tool used for installing cables. A backbone is a network that connects other local area networks (LANs) together. A demarcation point, or demarc, is the location at which a telecommunication provider's service meets the customer's private network.

Answer 95

B. Use a standard patch cable to connect a standard port on the existing hub to the uplink port on the new hub. Standard hub ports have a crossover circuit, which ensures that the transmit signals at one end of the connection arrive at the receive pins at the other end. The uplink port in a hub bypasses the crossover circuit, so that two connected hubs do not have crossover circuits that cancel each other out. A connection between a standard port and an uplink port, using a standard cable, results in a single crossover, which is correct wiring. Each of the other solutions results in either two crossovers or no crossovers, which is incorrect.

Answer 96

B. Twisted pair There are two main types of twisted pair wiring used for data communications: unshielded twisted pair (UTP) and shielded twisted pair (STP). Both types can be used in a star topology. UTP and STP cables contain eight copper conductors twisted in four pairs. UTP and STP cables use RJ45 connectors to connect end systems to switches, patch panels, and wall plates. RG-8 and RG-58 coaxial cable can only be used in a bus topology. Fiber-optic cable can be used in a star topology, but it uses either glass or plastic conductors and doesn't use RJ45 connectors.

Answer 97

D. GBIC The Gigabit Interface Converter (GBIC) transceiver standard was first published in 1995 and defines a maximum data transfer rate of 1.25 Gbps. It was rendered all but obsolete by the Small Form-factor Pluggable (SFP) standard, introduced in 2001, which ran at the same maximum speed but was smaller in size. Subsequent variations on the standard, such as Quad Small Form-Factor Pluggable (QSFP), defined devices with faster transfer rates. Bidirectional (BiDi) transceivers were developed to eliminate the need for separate transmit and receive fibers by using multiplexing.

Answer 98

A. There are 9 collision domains, one for each half-duplex connection. All half-duplex port connections on a store-and-forward switch represent a different collision domain. Full-duplex connections aren't subject to collisions, so they do not define separate collision domains.

Answer 99

A. Public Switched Telephone Network (PSTN) PSTN is an analog, circuit-switched network. ISDN, CATV, DSL, and SONET are all digital networks.

Answer 100

E. Star topology, twisted pair cabling, and external installation Because the company has few employees, they are in a single location, and the client is concerned with minimizing the cost, the best solution is to use a star topology with prefabricated twisted pair cabling and an external installation method. The star topology uses a central switch. Ed can use two switches, one in each room, to connect computers to the network. Prefabricated twisted pair cabling, which has the connectors already attached and is available in specific lengths, will keep the cost to a minimum. Since the employees are all located in the same building, with a common wall and door and a drop ceiling, the external installation method is the best choice. It is not possible to use a bus topology or coaxial cable for Gigabit Ethernet. Ed could conceivably use fiber-optic cable in a star topology for Gigabit Ethernet, but it is more difficult to install and very expensive. An internal installation, which uses a combination of bulk cable with no connectors and prefabricated cables, is more expensive than an external installation and is typically used for larger networks.

Answer 101

A. The FLP signals verify the integrity of the connection (or link) between the devices. FLP signals are an enhancement of the normal link pulse (NLP) signals defined in the 10Base-T standard, which verify the integrity of the link. In 100Base-T, the FLP signals retain that function, but they also enable multispeed devices to negotiate the speed at which they will operate. FLP signals do not indicate collisions or bad frames.

Answer 102

E. All of the above A virtual firewall is a service or appliance that performs the same functions as a physical network firewall: packet filtering and monitoring. In a virtual environment, firewalls can take the form of software components installed on a guest virtual machine or a hypervisor host system. A firewall can also be incorporated into a virtual switch.

Answer 103

C. 1000Base-T 1000Base-T is fastest Ethernet specification that can run on CAT5 UTP cable. 10GBase-T requires Category 5e (CAT5e) or Category 6 (CAT6) UTP cable. 100Base-TX can use CAT5 cable, but it runs at one-tenth the speed of 1000Base-T. 1000Base-LX is a fiber-optic specification that cannot run on CAT5 UTP or any copper cable.

Answer 104

D. STP compiles a database containing the IP addresses of connected devices. STP operates at the data link layer of the OSI model, so it works with hardware addresses, not IP addresses. Switches use STP to prevent redundant links from causing traffic loops on the network.

Answer 105

D. Fiber-optic cable provides a greater degree of tolerance to cable breaks than UTP. Fiber-optic cable, in a Gigabit Ethernet installation, is not more tolerant of cable breaks than UTP. Some fiber-optic networks include fault tolerance, but Ethernet does not. Each UTP cable connecting a computer to a switch can be no longer than 100 meters, making 200 meters the maximum distance between two computers on a UTP network. Connecting two buildings with a copper-based cable creates an electrical connection between them, which can be hazardous. Fiber-optic cable does not create an electrical connection. Fiber-optic cable is also unaffected by the EMI generated by manufacturing equipment.

Answer 106

A. There are three collision domains and three broadcast domains. Each port on a router defines a separate collision domain. Hubs forward all traffic to all of the connected nodes, so each network segment is a single-collision domain. Routers do not forward broadcasts, so each network segment is also a separate broadcast domain.

Answer 107

B. DMVPN VPN typically enables remote clients to connect to a VPN router at a central site, much like the star topology of a local area network, in which computers are all connected to a central switch. Dynamic multipoint virtual private network (DMVPN) is a technology that creates a mesh topology between the remote VPN sites, enabling the remote sites to connect directly to each other, rather than to the central VPN server. A virtual private network (VPN) concentrator is a type of router that enables multiple client systems to access a network from remote locations. A Session Initiation Protocol (SIP) trunk provides a connection between the private and public domains of a unified communications network. Multiprotocol Label Switching (MPLS) is a data transfer mechanism that assigns labels to individual packets and then routes the packets based on those labels.

Answer 108

C. Replace the hubs with switches to define separate collision domains and filter unnecessary traffic from each segment. In this situation, the best choice is to replace the hubs with switches, since the network is relatively small and cost is an issue. In addition, all users must be able to share information directly with one another and to access the servers. On the existing network, all users share the same 100 Mbps communication channel, and each computer must take turns transmitting. By replacing the hubs with switches, you provide each computer with a dedicated 100 Mbps connection to the switch, while reducing unnecessary traffic and collisions on the network. There is no such thing as a dedicated hub. Splitting the network into two routed LANs with 20 users each is not the best solution, since all users must share information on a constant basis. Also, cost is a factor and routers are more expensive than switches. Replacing the hubs with a layer 3 switch and defining two VLANs with 20 users each is not a reasonable solution because layer 3 switches are very expensive. Layer 3 switches and VLANs are typically used in larger enterprise networks.

Answer 109

D. OC-1 An OC-1 connection provides the fastest transfer rate at 51.84 Mbps. An E-1 connection is 2.048 Mbps. A T-3 is 44.736 Mbps, and a T-1 is 1.544 Mbps.

Answer 110

D. F-type ST, SC, fiber LC, and MT-RJ are all connectors used with fiber-optic cables. F-type connectors are used with coaxial cables.

Answer 111

C. A device that converts analog signals to digital signals and back again A modulator/demodulator is any device that converts analog signals to digital signals and digital signals back to analog signals. The digital device does not have to be a computer, and the analog device does not have to be the PSTN. There are many devices that are incorrectly referred to as modems, such as devices that connect a digital LAN to a digital WAN or all-digital devices that connect computers to the Internet.

Answer 112

E. ANSI/TIA/EIA, document T568b The three organizations that collectively developed the T568b document, which defines the standard for a structured cabling system for voice and data communications, are the American National Standards Institute (ANSI), the Telecommunications Industry Association (TIA), and the Electronic Industries Alliance (EIA). All of the other options are not standards organizations or cabling standards.

Answer 113

D. Cable television (CATV) CATV networks use broadband signaling, which enables many signals to occupy the same channel. DSL and ISDN do not use broadband signaling. SONET is a physical layer standard that defines fiber-optic connections.

Answer 114

D. Port numbers Service-dependent filtering blocks traffic based on the port numbers specified in the transport layer header fields. Because port numbers represent specific applications, you can use them to prevent traffic generated by these applications from reaching a network. IP address filtering enables you to limit network access to specific computers; it is not service dependent. Filtering based on hardware addresses provides the same basic functionality as IP address filtering, but it is more difficult to spoof hardware addresses than IP addresses. Filtering by protocol identifier enables you to block all traffic using TCP or UDP; it is not service dependent.

Answer 115

B. 10GBase-CX4 The 10GBase-CX4 specification calls for the use of a twinaxial copper cable with segments no longer than 20 meters. The 10GBase-LR, 10GBase-ER, 10GBase-LX4, and 10GBase-SR specifications all call for fiber-optic cable.

Answer 116

D. ATM Asynchronous Transfer Mode (ATM) is a cell-switched protocol that is designed to carry voice, data, and video traffic by splitting it into uniform 53-byte cells. To this degree, it can be considered a packet-switched service. However, it is unlike traditional packet-switched protocols, which use variable-sized packets. ATM can also be called a circuit-switched service, because the end systems must create a virtual circuit before they transfer any data. Public Switched Telephone Network (PSTN) and T-1 leased lines are both circuit-switched network types, while Metropolitan Ethernet is packet-switched.

Answer 117

A. A crimper A crimper or crimping tool is a jawed device that has a set of dies in it. Installers use a crimper to squeeze the two halves of an RJ45 or RJ11 connector together, with the wires inside securing the connector to the cable. Installers use a splicing tool to splice two cable segments together. There is no tool called a pigtail or a patch.

Answer 118

B. Routers Connecting subnets with routers at the network layer maintains the data link layer administrative boundaries that prevent broadcast transmissions from being propagated throughout the entire internetwork. Switching eliminates those data link layer boundaries, and administrators can use VLANs to simulate them. Because hubs propagate all of the traffic they receive out through all of their ports indiscriminately, they create no administrative boundaries. Firewalls are filtering devices that protect networks against malicious traffic. Their functions are not related to VLANs. Switches are essentially multiport bridges that forward incoming traffic only to the device for which it is destined. Therefore, bridges are more closely related to eliminating administrative boundaries than to establishing them.

Answer 119

D. Data link Ethernet uses jumbo frames at the data link layer to transfer large amounts of data more efficiently. Ethernet typically restricts frame size to 1,500 bytes, but jumbo frames enable Ethernet systems to create frames up to 9,000 bytes. Frames are protocol data units associated only with the data link layer, so they do not apply to the network, transport, or application layer.

Answer 120

A. RG-8 The cable type used for Thick Ethernet segments is a coaxial cable called RG-8. RG-58 is used exclusively on Thin Ethernet segments. RJ45 is a connector type used in twisted pair cabling for data networks. RJ11 is a connector type used in twisted pair cabling for telecommunications networks.

Answer 121

D. BNC Bayonet-Neill-Concelman (BNC) is a type of connector used with coaxial cable. Subscriber connector (SC), mechanical transfer registered jack (MTRJ), and straight tip (ST) are all types of fiber-optic connectors.

Answer 122

A. Public Switched Telephone Network (PSTN) PSTN is the standard telephone network, an analog, circuit-switched service. ISDN, DSL, CATV, SONET, and ATM are all digital networks.