final - 30 cards a day Flashcards
(240 cards)
1
Q
Identify which of the following designations can be associated with a member who coordinates the resources necessary to solve a problem and also ensures that the security policy is followed and that everyone within the organization is aware of the situation?
A
Manager
2
Q
Suppose you notice a sudden decrease in network performance and suspect malware is hogging network resources. Which of the following commands will you use to display the PID (process identifier) associated with your network connection?
A
netstat -o
3
Q
Which type of a recovery plan accounts for the worst-case scenarios and provides contingency plans for restoring or replacing computer systems, power, telephone systems, and paper-based files?
A
A Disaster Recovery Plan
is a part of the BCP (business continuity plan) that details the processes for restoring critical functionality and data to a network after an outage.
4
Q
You are a network administrator at Yosaka & Associates, a private law firm. The employees have been facing various types of data errors and other transmission problems, leading to decreased productivity. You need to find an appropriate technique that will help identify locations of network bottlenecks. Which of the following techniques would you choose in such a scenario?
A
Traffic Analysis
the examination of network traffic for patterns and exceptions to those patterns.
5
Q
Donald is a schoolteacher living in Atlanta. While conducting online classes, he experienced a momentary decrease in voltage. His computer shut down and when he switched it back on, he realized that he had lost some data. He called his friend Chadwick who is a network analyst to check out what the issue was. Chadwick found that there was a power flaw caused by an overtaxed electrical system. Such voltage decreases can cause computers or applications to fail and potentially corrupt data. What kind of power flaw caused this issue in Donald’s house?
A
Brownout
temporary dimming of lights
6
Q
One of the employees in your organization is suspected of hacking into the network. You as a network administrator want to check the user’s activity for the last week. Which of the following will you use in such a scenario?
A
Audit Log
is a collection of data in logs that is consistent and thorough enough to retroactively prove compliance and also to defensibly prove user actions.
7
Q
Which bandwidth management technique adjusts the way network devices respond to indications of network performance issues caused by traffic congestion throughout a network?
A
Congestion Control
manages the entrance of traffic onto the network, other methods allow for more nuanced control after what happens to the traffic once it’s on the network. (Qos)
8
Q
A network connection is congested as a result of which there are multiple network fluctuations and latency issues. You as a network administrator plan on solving this issue by using a network device to send signals to the sender or receiver of the data packets that the network is congested. Which of the following will you use in this scenario?
A
Explicit Signaling
the closed-loop response to existing congestion. (Backward/Forward)
9
Q
Which of the following is used to create flow records that show relationships among various traffic types?
A
NetFlow
is a proprietary traffic monitoring protocol from Cisco that tracks all IP traffic crossing any interface where NetFlow is enabled.
10
Q
Which KPI (key performance indicator) indicates delayed network communications while devices wait for responses or resend transmissions?
A
Packet Drops
packets that are damaged beyond use, arrive after their expiration, or are not allowed through an interface are dropped.
11
Q
Jilead Inc. is a software development company that is preparing an incident response plan to prepare for possible events such as a break-in, fire, weather-related emergency, hacking attack, discovery of illegal content or activity on an employee’s computer, malware outbreak, or a full-scale environmental disaster that shuts down businesses throughout the city or state. The response plan has identified the members of the response team and the responsibilities have been assigned and clearly spelled out to each team member. Stanley Hudson has been entrusted with the responsibility of being the person on call who first notices or is alerted to the problem. He has to create a record for the incident, detailing the time it began, its symptoms, and any other pertinent information about the situation. He must remain available at all times to answer calls from clients or employees. What is the role that Stanley has been assigned?
A
Dispatcher
12
Q
Which of the following steps of an incident response plan involves the process of repairing affected systems and putting them back in operation to ensure the smooth running of operations?
A
Recovery
13
Q
Francine, a new network administrator at an online thrift store, is required to use an application that monitors traffic on the interface between a single device and the network. The application must be able to see the traffic the switch sends to it, which includes broadcast traffic and traffic specifically addressed to the one computer. Which of the following methods should Francine use to monitor the network traffic?
A
Protocol Analyzer
14
Q
You are working with an ISP, and you have to impose a maximum cap limit to each client so that your company can predict and purchase accordingly from the network provider. Which of the following terms will you associate with this process?
A
Traffic Policing
is a traffic-shaping technique in which the volume or rate of traffic traversing an interface is limited to a predefined maximum.
15
Q
You are a network analyst who has been tasked with managing the volume of network traffic across an organization in order to prevent network congestion. On analyzing the current network, you notice that one of the primary reasons for congestion is that the switches used in the network keep resending data packets that have been lost in the transmission far too quickly. Which of the following do you think should be implemented to solve this issue?
A
Retransmission Policy
16
Q
A fraudulent financial deal has just taken place in the company where you are working as a network administrator. The data of the company will be collected in such a way that it can be presented in a court of law for the purpose of prosecution. Some of the forensic data available for analysis may be damaged or destroyed if improperly handled. You have been assigned the duty to safeguard sensitive information, logged data, and other legal evidence until the first responder or incident response team can take over the collection of evidence. To prevent contamination of evidence, you have made sure that each device involved is isolated-that is, the device is disconnected from the network and secured to ensure that no one else has contact with it until the response team arrives. What is the next step that you will take in the event of such an illegal activity?
A
Document The Scene.
creating a defensible audit trail is one of the highest priorities in the forensics process. An audit trail is a system of documentation that makes it possible for a third party to inspect evidence later and understand the flow of events. A defensible audit trail is an audit trail that can be justified and defended in a court of law according to specific standards
17
Q
Which network monitoring method can be used to ensure that all traffic sent to any port on a switch is also sent to a device connected to the mirrored port?
A
Port Mirroring
18
Q
Goldwin Enterprises has hired you as a network administrator to monitor the network and to ensure that the network functions reliably. To monitor the entire network, you will require a device that will display sensor data on your configurable dashboard. Which of the following software will you request from the management?
A
Room Alert Monitor by AVTECH
19
Q
You have been assigned the role of a network administrator, and your first task requires you to measure the throughput between network hosts. Which of the following tools will you use in this scenario?
A
iPerf
is a command-line based tool.
20
Q
Which of the following backs up only the data that has changed since the last backup?
A
Incremental Backups
21
Q
Which of the following is not a technique used in a closed-loop response to an existing congestion?
A
Admission Policy
closed-loop responses include:
-Implicit Signaling
-Explicit Signaling
-Choke Packet
-Backpressure
22
Q
Which of the following steps of an incident response plan includes the act of limiting the damage by the team, where affected systems or areas are isolated, and response staff are called in as required by the situation?
A
Containment
23
Q
You are the network administrator in Jolene Consultancy Pvt. Ltd., a small consultancy in Missouri. You have been assigned the task of monitoring network traffic in the systems. You must ensure that many devices can be configured to report their traffic and other statistics to a network monitor. Which of the following would you use in this scenario?
A
Reporting
24
Q
A system of documentation that makes it possible for a third party to inspect evidence later and understand the flow of events is called _____.
A
An Audit Trail
25
BNB Group of Institutions has been facing a lot of issues with its network ever since it decided to adopt online classes as a medium to impart education. The IT department analyzes the issue and is of the opinion that the problems are related to the high amount of traffic due to students trying to log in from various locations; as a result, the network devices are overloaded. The IT department has requested your help as a network administrator. Which of the following bandwidth management techniques will you suggest in this scenario?
Flow Control
is a bandwidth management technique configured on interfaces to balance permitted traffic volume with a device’s capability of handling that traffic.
26
Trevor is working as a network engineer at Spring Oaks High School. The school's management has been facing some issues while handling network traffic. Trevor wants to check the bandwidth as he assumes that the issues faced by the management are related to bandwidth errors. Which of the following technologies should Trevor use to ensure some traffic gets priority over other traffic so the most important traffic gets through even during times of congestion?
QoS
27
The 3-2-1-1 Rule defines backup principles to follow to reliably recover lost data under a wide variety of adverse conditions. What does the "2" in the second part of the principle denote?
Save Backups on at least Two Different Media Types.
3-2-1-1 is a collection of backup principles that requires at least three complete copies of the data, backups saved on at least two media types, with at least one copy stored offsite, and at least one copy stored offline.
28
You have recently been appointed as a network analyst at Hayle Communications. Your first assignment requires you to limit the traffic between a single receiver and a single sender. Which of the following bandwidth management techniques will you use in this scenario?
Flow Control
is a bandwidth management technique configured on interfaces to balance permitted traffic volume with a device’s capability of handling that traffic.
29
You are working as a network engineer at IBV Solutions. The network administrator tells you to prepare a report of all the bad NICs that have been retransmitted, leading to a bad network. Which of the following will you use to state this in your report?
Jabbers
network performance baselines are obtained by analyzing network traffic information and might include information on the utilization rate for your network backbone, number of users logged on per day or per hour, number of protocols that run on your network, statistics about errors (such as runts, jabbers, or giants), frequency with which networked applications are used, or information regarding which users take up the most bandwidth.
30
You have been hired as a systems analyst by an online food delivering service. Your job requires you to keep the network congestion free during peak hours and to ensure that important traffic can survive the congestion while less sensitive frames are discarded. Which of the following techniques will you use in such a scenario?
Discarding Policy
is an Open-Loop technique
31
Which of the following power flaws is also called a sag?
Brownout
32
Which of the following monitors network traffic and might receive data from monitored devices that are configured to report their statistics?
Network Monitor
33
Agar is a network analyst at BMV, a mobile network. He efficiently manages the network's QoS (Quality of Service) configurations for adjusting the priority a network assigns to various types of transmissions. He ensures timely delivery of the most important traffic while optimizing performance for all users. The management at BMV wants to conduct a pilot test for a new product, and they have requested Agar to limit the momentary throughput rate for an interface. Analyze which of the following Agar should use in this scenario.
Traffic Policing
is a traffic-shaping technique in which the volume or rate of traffic traversing an interface is limited to a predefined maximum.
34
Which of the following policies should be adopted to help reduce increasing congestion caused by devices attempting to resend lost packets too quickly or too often?
Retransmission Policy
is an Open-Looped technique.
Retransmission timers help reduce increasing congestion caused by devices attempting to resend lost packets too quickly or too often.
35
James, a network engineer, has been contracted by a company to monitor network performance. In order to know and analyze any problem in a network, James will need to understand how the network functions in a normal state. Analyze which of the following will be of use to James in this scenario.
Checking the Network's Performance Baseline
baseline is a record of how a network or resource operates under normal conditions.
36
What is an Ethernet packet that is smaller than 64 bytes called?
Runt
37
An organization determined that there was an increase in network latency, and it approached you, a network administrator, to solve the issue. You decide that the extra demand on the network device's CPU and memory should be lessened to solve this issue. You also plan on getting a comprehensive view of the network traffic and sample traffic as well. Which of the following will you use in this scenario?
SNMP (Simple Network Message Protocol)
Trap is a type of unsolicited SNMP message sent from an agent to the NMS (network management system) once specified conditions on the managed device are met.
38
You are hired as a network administrator to monitor an organization's network status on an ongoing basis and to make changes to best meet the needs of your network's users. One feedback that you have received from the network engineer of the firm is that one of the modems is repeatedly power cycling to reset network activity. Which of the following KPIs will help you in getting a better understanding of the situation?
Interface Statistics
39
Which power device prevents momentary increase in voltage due to lightning strikes, solar flares, or electrical problems?
Surge Protector
is a power management device that redirects excess voltage away from connected computing or networking devices to the ground, thereby protecting connected devices from harm.
40
HomeLand is an organization that rescues abandoned dogs. They set up a hotline for the general public to report any street dog that they spot anywhere in the city or any dog that they feel needs to be rescued. Within 12 hours of the hotline being activated, the network starts experiencing congestion, messages are corrupted or dropped, and connected devices start resending frames to make up for the loss. These kinds of problems are overwhelming the network as a whole. This generates even more traffic, making the congestion even worse. Analyze which of the following policies HomeLand should adopt to detect congestion on the network after experiencing several missed acknowledgment messages.
Implicit Signaling
is a Closed-Loop respose.
41
As a network analyst, you want the ACL (access control list) to forward the ICMP (Internet Control Message Protocol) traffic from host machine 2.2.2.2 to host machine 5.5.5.5. Which of the following commands will you use in this scenario?
access-list acl_2 permit tcp host 2.2.2.2 host 5.5.5.5
42
Which of the following refers to a division of labor that ensures no one person can singlehandedly compromise the security of data, finances, or other resources?
SoD (Separation of Duties)
43
You as a network administrator want to have a check on the ARP (address resolution protocol) vulnerabilities in your organization so that you can prevent a switch against possible ARP spoofing attacks and MAC flooding. Which of the following will you use in this scenario?
DAI (Dynamic ARP Inspection)
is a configuration on a switch that compares incoming messages with the switch’s DHCP snooping binding table to determine whether the message’s source IP address is appropriately matched with its source MAC address according to DHCP assignments on the network. DAI helps protect against ARP spoofing attacks.
44
Which of the following stands in-line between the attacker and the targeted network or host where it can prevent traffic from reaching that network or host?
IPS (Intrusion Prevention System)
is a stand-alone device, an application, or a built-in feature running on a workstation, server, switch, router, or firewall that stands in-line between an attacker and the targeted network or host and can prevent traffic from reaching that network or host.
*Pic: Placement of IPS devices and software on a network.
45
Johnathan is the network engineer of an organization that restricts the use of certain webpages. As he does not have any pending work, he decides to take a break and watch a movie online until a task is assigned to him. Analyze which of the following actions is best suited for him in this situation so that the IP address of the organization is not compromised.
Use proxy servers to mask Internet activities
Proxy Server is a server acting as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.
*Pic: A proxy server is used to connect to the nternet.
46
You are a network engineer at BHMS Ltd. The network administrator wants you to set up a security configuration for the router so that the router can accept or decline certain packets depending on their information. Which of the following will you use in such a scenario?
ACL (Access Control List)
is a list of statements used by a router or other device to permit or deny the forwarding of traffic on a network based on one or more criteria.
47
MNT Enterprises has hired you as a network administrator to help the organization design a more comprehensive traffic analysis and protection tool to protect the entire network from hackers trying to flood the network with traffic. Which of the following will you use in this situation?
NIPS (network-based intrusion prevention system)
is a type of intrusion prevention that protects an entire network and is situated at the edge of the network or in a network’s screened subnet.
48
An IDS (intrusion detection system) has been installed in your organization as a stand-alone device to monitor network traffic and to generate alerts about suspicious activities. You as a network analyst have been assigned to check the effectiveness of the device. You notice that the effectiveness of the IDS has significantly come down since its installation because it has not been updated. Which of the following processes will you use in updating the IDS?
Signature Management
is the process of regularly updating the signatures used to monitor a network’s traffic.
49
Hilary is an employee of Munich Securities. The HR manager has received a complaint from one of her fellow employees about her misusing her account. You as a network administrator want to conduct a user configuration check to ensure that there are no vulnerabilities to the network configuration. Which of the elements of the AAAA acronym will you use to apply this security measure?
Auditing
50
Which authorization method grants access to a user when the user's classification and category match those of a resource?
MAC (mandatory access control)
is a method of access control where resources are organized into hierarchical classifications, such as “confidential” or “top secret,” and grouped into categories, perhaps by department. Users, then, are also classified and categorized. If a user’s classification and category match those of a resource, then the user is given access.
51
The HR manager of Veep Communications notices a lot of employees waste valuable time surfing social media websites. The HR manager requests you (a network administrator) to prevent the employees' access to these websites. Which of the following firewalls will you use in this scenario?
Application Layer Firewall
is a firewall that can block designated types of traffic based on application data contained within packets.
52
As a network administrator, you are already aware of the possible option of using a default trust relationship between a network device and another by a hacker to access an entire network. Which of the following security measures will you use to prevent a possible DoS attack that can be induced by sending high volumes of router advertisement messages?
RA Guard
A feature that can be configured on switches to filter RA messages according to interface, MAC or IP address, router priority, or other factors.
53
Which of the following is a device or an application that stores or generates information known only to its authorized user?
Security Token
is a device or piece of software used for authentication that stores or generates information, such as a series of numbers or letters, known only to its authorized user.
54
Which of the following will you use to monitor and analyze data stored in logs?
SIEM (Security Information and Event Management)
is software that can be configured to evaluate data logs from IDS, IPS, firewalls, and proxy servers to detect significant events that require the attention of IT staff according to predefined rules.
55
In which of the following do the bits work opposite of how bits in a subnet work?
Wildcard Mask
statements can also specify network segments (groups of IP addresses) by using a network address for the segment and a wildcard mask. The bits in a wildcard mask work opposite of how bits in a subnet mask work. The 0s in the wildcard mask say to match the IP address bits to the network address given, and the 1s say you don’t care what the value of those bits are. For example, a wildcard mask of 0.0.0.255
56
Darwin has purchased a laptop for the purpose of running his stock brokerage activities from home. He has contracted Navin, a network engineer, to install a software specifically for his workstation so that the software can protect the network from certain traffic. Analyze which of the following firewalls is best applicable in this scenario.
A Host-Based Firewall
is a firewall that only protects the computer on which it's installed.
57
Yugen is a network administrator who is in the process of configuring CoPP (control plane policing) on a router. In this scenario, ICMP (Internet Network Control Protocol) traffic is permitted with no limits from one trusted device. All other ICMP traffic is limited and, when exceeding that limit, is dropped. Analyze which of the following commands Yugen should use to create a class map named limit-icmp that will classify traffic according to defined criteria such as an ACL.
class-map limit-icmp
58
Which of the following technologies selectively filters or blocks traffic between networks?
Firewall
59
You as a network administrator want a switch to determine if the message's source IP address is appropriately matched with its source MAC address according to DHCP assignments on the network. Which of the following switch security configurations will you use alongside DAI on a network switch in this scenario?
DHCP Snooping
is a security feature on switches whereby DHCP messages on the network are checked and filtered.
60
Which of the following will act as a filter to instruct the router to permit or deny traffic from travelling through the network?
ACL (Access Control List)
is a list of statements used by a router or other device to permit or deny the forwarding of traffic on a network based on one or more criteria.
61
You as a network administrator plan on using an NIDS (network-based intrusion detection system) to protect your network. You plan on doing this by monitoring the traffic that will be carried by a switch. Which of the following will you use in such a scenario?
SPAN (Switched Port Analyser)
a.k.a Port Mirroring
which is a monitoring technique in which one port on a switch is configured to send a copy of all the switch's traffic to the device connected to the port. It captures some of traffic crossing a switch, but TAP can capture all traffic between two devices.
62
A special kind of DoS (denial of service) attack has attacked an AAA server with authentication requests that must all be processed and responded to. The network administrator has analyzed the situation and requested you, a network engineer, to use a command by which you can reclaim compromised resources in case of a similar attack in the future. Which of the following commands will you use in this scenario?
floodguard
by default, a floodguard feature might be configured on the AAA server to reclaim compromised resources. Floodguard settings can be changed with the floodguard command.
63
Which of the following firewalls manages each incoming packet as a stand-alone entity without regard to currently active connections?
Stateless Firewall
64
Bruno is a network engineer who is tasked with adding a separate layer of protection to the control plane of a router. He wants messages with a bps (bits per second) rate below the threshold 7000 to be transmitted and the messages with a threshold above 7000 to be dropped. Analyze which of the following commands Bruno should use in pmap configuration mode in this scenario.
police 8000 conform-action transmit exceed-action drop
65
Fred works as the network administrator at Globecomm Communications. The HR team at Globecomm has come up with a new working policy for the employees. This policy allows the employees to freely work at any time of the day as long as they submit the work within 24 hours. Keeping this policy in view, Fred has to work on strengthening the security of the network by adding additional authentication restrictions. Analyze which of the following Fred should do in this scenario.
Restrict some user accounts to a specific number of hours of logged-on time
66
As a network administrator, Murphy wants to add additional layers of security to prevent hackers from penetrating the network. In order to achieve this, he plans on adding additional authentication restrictions that might strengthen network security. Analyze which of the following he should do in this context.
Set a limit on consecutive login attempts
67
Identify and analyze whether the implicit deny rule be applied to the following statements or not.
When the incoming packet is denied in the third test by the ACL
68
You are employed as a network administrator of Vincent Motors. An unreleased blueprint of a new car model of Vincent Motors has term-38been leaked on the Internet. You assume that an intruder must have succeeded in gaining access to your network in order to copy the blueprint. Which of the following access control techniques will you use so that such an activity can be detected in the future?
Accounting
in the context of network security, the process of logging users' access and activities on a network.
69
Which authorization method allows a network administrator to receive from a user's supervisor a detailed description of the roles or jobs the user performs for the organization?
RBAC (Role-Based Access Control)
70
Which of the following can capture all traffic traversing a network connection?
TAP (Test Access Point)
71
You as a network engineer have finished setting up local security policies for your Windows 10 operating system. Which of the following commands will you use to implement your changes in this scenario?
gpudate
72
You are the network engineer for Muhan Mobile Services. The network administrator has asked you to separate the authentication, auditing, and authorization process. Which of the following tools will you use in such a scenario?
TACACS+ (Terminal Access Control System Access Control System Plus)
is a Cisco proprietary protocol that provides AAA services.
73
Michelle has been inducted into an organization as a trainee. Which of the following firewall software should she use to protect only the computer on which it is installed?
Host-Based Firewall
74
You have been working as a network engineer with an organization. You have decided to implement information access control to limit the users and devices that can get to your data and other network resources. For this purpose, you plan on using a username and password as a measure of security to grant any user access to your organization's resources. Which of the elements of the AAAA acronym will you use to apply this security measure?
Authentication
75
Identify which of the following terms defines the process of verifying a user's credentials.
Authentication
76
The IT department of Mascom Telecom has requested you to fix an error that seems to have been associated with a possible malware attack. This particular malware file seems to have attacked the operating system files on the computer. Which of the following should you use to avoid or alert such an attack in the future?
FIM (File Integrity Monitoring)
is a security technique that alerts the system of any changes made to files that shouldn't change, such as operating system files.
77
Valiant is an NGO that has very strong opinions against the government. It has faced a number of legal notices and its IP address has been blocked numerous times for voicing out dissent on online forums and social media. Valiant has requested your help as a network analyst to find a way around this problem so that it won't receive any more legal notices due to IP address tracking. Which of the following methods will you use in this scenario?
Proxy Server
is a server acting as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.
78
Which of the following commands is used to assign a statement to an ACL on Cisco routers?
Access-List
79
Which of the following issues keys to clients during initial authentication?
KDC (Key Distribution Center)
80
Which of the following is used to issue tickets to an authenticated client for access to services on the network?
TGS
81
In which of the following phases of the social engineering attack cycle will an attacker require the most time investment?
Research
*Pic: this cycle might happen quickly over a few seconds, or take much longer, even years.
82
Which of the following methods requires the entry of a code to open a door?
Cipher Lock
or Keypad.
*Pic: a cipher lock can document who enters an area and when.
83
In which of the following forms of attack can an attacker redirect and capture secure transmissions as they occur?
On-Path Attack
previously called a MitM (man-in-the-middle) attack.
EX: Evil Twin attack (type of On-Path attack).
84
You, as a network engineer, want to have an insight into your network's weaknesses that need attention. You want to search for devices with open ports indicating which insecure service might be used to craft an attack and identify unencrypted sensitive data. Which of the following scanning tools will you use in this scenario?
Nessus
developed byL Tenable Security.
Nessus performs even more sophisticated vulnerability scans than Nmap. Among other things, Nessus can identify unencrypted, sensitive data (such as credit card numbers) saved on your network’s hosts. The program can run on your network or from off-site servers continuously maintained and updated by the developer.
85
Which of the following is not a social engineering strategy?
DoS (Denial-of-Service)
is an attack in which a legitimate user is unable to access normal network resources because of an attacker’s intervention. Most often, this type of attack is achieved by flooding a system with so many requests for services that it can’t respond to any of them.
86
At a security training exercise, you had to devise a strategy to penetrate into an organization's data room by accessing one of their employee's ID cards. You decided to demonstrate this exercise by offering a free gift to one of the employees in exchange for a few hours of data room access. Which kind of social engineering method have you used in such a scenario?
Quid Pro Quo
87
Gary is a freelance network analyst. A client approaches him to provide a solution for his firm wherein employees have been found to carry sensitive information out of the office premises. This data breach has led to a lot of market speculations as a result of which there has been a significant drop in the share market prices of the company's stocks. Gary is contracted to find a solution to this issue. Analyze which of the following options should be carried out by Gary keeping in mind the sensitivity of the situation.
Deploy a DLP solution.
DLP is a security technique that uses software to monitor confidential data, track data access and ownership, and prevent it from being copied or transmitted off the network.
88
As a network administrator, you have asked one of the contracted vendors of the company to ship a consignment of spare parts and components of all the network devices. You have decided to place this order to store the devices for a rainy day. Now, as the consignment has been received by your organization, you want to store these devices in a secure location. Which of the following will you use in this scenario?
Locking Cabinets
is a storage container secured by a locked panel or door that might be used to store documents or hardware not in use.
89
Zeneth Computers is a software development company. It has received a random email claiming that there will be an attempt to hack and extract sensitive financial data of the company before the year end. The company has contacted you, a network analyst, to verify if such claims are indeed true. You have decided to set up a trap for the hackers by putting up a system containing false financial data. Which of the following will you use in this scenario?
Honeypot
is a decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act.
90
You have been appointed as a network administrator at JJ Securities. The CEO of the company has requested your presence to address some security concerns. The CEO feels that certain members of the senior management who have access to privileged accounts might be under serious social engineering attacks by potential hackers. So, the CEO wants you to monitor the activities of these privileged accounts. Which of the following software will you use in this situation?
PAM (Privileged Account Management) tool
91
Rob has enrolled himself as a network security trainee in JV Internet Securities. Which of the following terms should he know to understand the advantage taken of a software vulnerability that hasn't yet or only very recently become public?
Zero-Day Exploit
92
Which of the following terms identifies the weakness of a system that could lead to compromised information or unauthorized access?
Vulnerability
93
Chelsea is a hacker who befriends Adele McCain over lunch at the cafeteria. Adele is the senior associate of Spandangle Ltd., a private law firm based in Alabama. Chelsea manages to successfully guess Adele's password to a sensitive database in the law firm. What kind of password attack did she use?
Brute-Force Attack
is an attempt to discover an encryption key or password by trying numerous possible character combinations until the correct combination is found.
94
Kickstart Securities provides network analysis and safety measurement services to various clients. Recently, one of its clients has requested a technician to run a cross-check on the network system to ensure that there are no vulnerabilities that are exposed. You have been sent in to assess the situation and fix the errors if there are any. Which of the following will you use in such a scenario to track the vulnerabilities across systems?
CVE (Common Vulnerabilities and Exposures)
is a dictionary project funded by the U.S. Department of Homeland Security and managed by The MITRE Corporation to index cybersecurity vulnerabilities.
95
Andy Bryant is a network analyst at Freewoods Centre for Policy Research. There are approximately 35 employees currently working on various issues of policy making and research, and this requires access to the network's resources. He has been asked to set a list of dos and don'ts for all the employees to clarify what is acceptable use of company IT resources and what is not. He also needs to explain penalties for violations and describe how these measures protect the network's security. Analyze which of the following security policies Andy should implement in this scenario.
AUP (Acceptable Use Policy)
is the portion of a security policy that explains to users what they can and cannot do while accessing a network’s resources and the penalties for violations. It might also describe how these measures protect the network’s security.
96
Which of the following devices scans an individual's unique physical characters such as iris color patterns to verify the person's identity?
Biometrics
97
Which of the following testing tools combines known scanning and exploit techniques to explore potentially new attack routes?
Metasploit
*Pic: Metasploit detected a SOHO router's administrative username and password!
98
Ground Movers Ltd., a courier service provider, has recently encountered certain breaches that have led to packages being stolen and damaged. The company has contracted you, a network analyst, to fix this issue. You plan on installing a device that will be able to provide constant or periodic collection of information. This information can then be used by the management control software for monitoring and reporting. Which of the following devices will you install for Ground Movers Ltd.?
Asset Tags
monitor the movement and condition of equipment, inventory, and people. A simple barcode or a wireless-enabled transmitter, such as the RFID label on the box in the *Pic , asset tracking enables constant or periodic collection of information. This data is then reported to a central management application for monitoring, logging, and reporting.
99
Which of these DoS (denial-of-service) attacks damages a device's firmware beyond repair?
PDoS (Permanent Dos) Attack
an attack damages a device’s firmware beyond repair. This is called “bricking” the device because it effectively turns the device into a brick. PDoS attacks usually target routers or switches.
100
You are working as a network administrator, and you want to conduct simulated attacks on a network to determine its weaknesses. To do so, you want to check for open ports so that you can remote in using that port and craft an attack. Which of the following software will you use to scan for open ports in this scenario?
Nmap (Network Mapper)
ia a scanning tool designed to assess large networks quickly and provide comprehensive, customized information about a network and its hosts.
101
Bryden is a network analyst who has been recruited into Big Bay Burger's security management. Which of the following terminologies must he use to explain to the company's employees about the possibility of someone using a deception in following them into a restricted area?
Piggybacking
ia an attack type in which a person uses deception to follow an authorized employee into a restricted area.
102
Which of the following versions is the most recent iteration of SHA (Secure Hash Algorithm), which was developed by private designers for a public competition in 2012?
SHA-3 (Secure Hash Algorithm)
is a hash algorithm originally designed by the NSA to eliminate the inherent weaknesses of the older MD5 hash
103
The managing director of Seviicco Laminates wants to secure certain financial documents that can only be accessed by him and the finance team of the organization. He wants to install a sophisticated authentication process so that the documents are extremely safe. You have been contracted as a network analyst for this project. After having an overview of the office premises, you decide to provide this security via a specific barcode that will be used as a key to access the documents. Which of the following access control technologies will you install in this scenario?
Smart Locker
*Pic: Scan the barcode from an email to access the package
104
An organization hires you to handle the security policies of the organization. In order to protect the organization's network from data breaches and potential hacks, you decide to draft a policy that will require the employees of the organization to adhere to a certain set of rules while accessing the network's resources. To ensure that these rules are followed without fail, you decide to impose certain penalties for situations where violations may occur. Which of the following will help you achieve these standards?
AUP (Acceptable use Policy)
105
Must Eat is a company that allows online food delivery. Must Eat rolls out updates every month for better user interface. Recently, after one of its updates, the network team of the company detects certain unauthorized access to the main data frame of the company. On inspection, the team notices that there has been no breach of sensitive data. What kind of cybersecurity exploitation was attempted by the hackers in this scenario?
A zero-day attack might have been the cause.
106
Hammond Industries has appointed Gavin as the network administrator to set up a complete secured and flawless network throughout the office premises. One of the employees has come to him to fix an error message that keeps popping up every time he tries to open the web browser. He also states that this error started popping up after the external hard drive had been used to transfer some of the necessary documents to the HR's office. Analyze what kind of malware might possibly be behind this error.
Virus
is a program that replicates itself with the intent to infect more computers, either through network connections when it piggybacks on other files or through the exchange of external storage devices. A virus might damage files or systems, or it might simply annoy users by, for example, flashing messages or pictures on the screen.
107
The University of Claudine plans on opening a new IT division for underprivileged students so that it can offer education free of cost to them. However, the university wants to ensure that there are no data breaches, so it has requested the network administrator to handle the configurations of the computers in order to comply with the organizational policies. Analyze which of the following practices the university should adopt in this scenario so that the network securities are not compromised.
CYOD (Choose your own Device)
108
Youhan has been placed as the security in charge of an organization. Which of the following should he use to monitor the movement and condition of equipment, inventory, and people?
Asset Tags
is a barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people.
109
Game Zone is a well-known games park located in Manhattan that allows gamers to engage in multiplayer competitions. The competitions function smoothly on the opening day, but on the following days, there are multiple instances of the computers getting disconnected temporarily from the wireless network. These connections however function normally when they are reconnected. Which type of attack is this most likely to be?
Deauth Attack (deauthentication)
is an attack on a wireless network in which the attacker sends faked deauthentication frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the deauthentication process and knock one or more clients off the wireless network.
110
The organization where you have been working as a network analyst decides to provide BYOD (bring your own device) options to the employees to cut down on its operating costs. The company has asked you to handle the BYOD policies and the necessary documentation. You have decided to install a software that will automatically handle the configuration process for the wireless clients when they require network access. Which of the following will you use in such a scenario?
MDM (Mobile Device Management)
is software that automatically handles the process of configuring wireless clients for network access.
111
HealthCity Nursing Home is a newly opened hospital with many employees, doctors, nurses, and support staff. The upper management of the hospital wants to draft a security policy that outlines the guidelines, rules, restrictions, and consequences of violations, all of which help minimize the risk involved in allowing restricted access to some users. The doctors who have access to protected patient information must be informed what they can and can't do with that patient data and what special precautions they must take to protect patients' privacy. Certain checks and balances must also be maintained and defined in the policy measures in detail. Which of the following security policies should be used in this scenario?
PUA (privileged user agreement)
is a document that addresses the specific concerns related to privileged access given to administrators and certain support staff.
112
Huey Dewey Ltd. is a talent management company with over a hundred employees. Gary has been appointed as a system analyst to ensure security across the office term-35networks during and after the period of employment. Some user accounts are given privileged access, which allows the users to perform more sensitive tasks, such as viewing or changing financial information, making configuration changes, or adjusting access privileges for other users. Analyze which of the following security precautions Gary should implement so that he can avoid users logging into the accounts even after their termination.
Limited Duration
privileged accounts should be carefully accounted for and disabled as soon as they’re not needed, such as when an employee is terminated.
113
William has been working as a senior networking professional at Mediaworks Ltd. The company has a very strict policy regarding employees' access to certain key rooms in the organization. The company wants William to provide a specific access technology to only a few selected employees so that they can access those certain rooms. Which of the following options are best suited for William in this scenario?
Cipher Lock
or keypad.
114
Kristen has plans of starting an online food delivery company. She plans on making the company one of the most secured portals for online food delivery. She hires Brad, a network consultant, to guide her through the necessary security protocols. Brad conducts all the necessary security checks and involves a white hat hacker too to point out any vulnerability that might be overlooked. Analyze if Brad needs to conduct any other risk assessment procedures in this scenario.
He should conduct a vendor risk assessment.
a Vendor Risk Assessment is an evaluation of security and compliance risks related to suppliers and vendors a company does business with. Also called a third-party risk assessment.
115
To ensure better security measures for the computers used in your organization, you, as a network administrator, have decided to update the passwords of each computer on a weekly basis. But managing and changing the passwords for all the computers is a tiresome task. Hence, you decide to apply a security measure with the help of a password management software. Which of the following software will you use in this scenario?
LastPass
is an online password manager and form filler.
116
You have been invited to the University of Bert to deliver a lecture on network security. In your presentation, you want to focus solely on malware that can harm a system or its resources by disguising itself as something useful. Which of the following categories of malware would be best suited to demonstrate such an example?
Trojan Horse or Trojan
because Trojan horses do not replicate themselves, they are not considered viruses. An example of a Trojan horse is an executable file that someone sends you over the Internet, promising that the executable will install a great new game, when in fact it erases data on your hard disk or mails spam to all the users in your email app’s address book.
117
Which of the following is a type of DoS (denial-of-service) attack that is bounced off uninfected computers before being directed at the target?
DRDoS Attack (Distributed Reflection DoS)
the attack is achieved by spoofing the source IP address in the attack to make it look like all the requests for response are being sent by the target. As a result, all the reflectors send their responses to the target, thereby flooding the target with traffic, as shown in *Pic.
118
Which of the following anti-malware software will slow down your network performance considerably?
Server-Based
119
You are working as a network analyst at BBM Infotech. The entire network of computers in the organization had recently been at the receiving end of an attempted hack that eventually turned out to be unsuccessful. However, certain computer systems have sustained sufficient damages. After inspection, it has been found that the firmware in few of the switches has been completely damaged because of the attack. What kind of an attack is this most likely to be?
PDos Attack (Permanent Dos) Attack
an attack damages a device’s firmware beyond repair. This is called “bricking” the device because it effectively turns the device into a brick. PDoS attacks usually target routers or switches.
120
Robert has been working as a network security expert for Indus Grow Wealth Management, which allows its clients to view their current loan status online. With the recent cases of attempted hacks in banking systems, Robert has decided to test the security systems by hiring hackers to try and analyze the security risks at Grow Wealth Management. Analyze who among the following would best suit Robert's requirement in this scenario.
White Hat Hackers
121
SMCS School has hired you to set up an Internet connection within the school premises. The Internet connection will be utilized by both the junior and senior sections of the school situated in two different buildings on the same campus. Which of the following types of network will you install in this scenario?
CAN Campus Area Network)
122
As a network administrator, a client has approached you to set up the network for MKV, a software company. The company requires sufficient amounts of data for both uploading and downloading purposes; however, it prefers a connection that has better download speed. Which of the following DSL varieties do you think is best suited for such a requirement?
VDSL (Very high rate DSL or Variable DSL)
is a type of DSL. It is faster than ADSL and also asymmetric. Has faster download speeds than upload speeds. EX: for companies located close to a telephone company CO (Central Office) (in the middle of a metropolitan area).
123
You are employed as a network engineer. While setting up a client's connection, the client requests you to display trunks configured on a switch. Which of the following commands will you use in this scenario?
sh int tr
124
You are working as a network engineer at Krofter Securities. The organization uses Cisco's Linux OS in all of its workstations. The network administrator has asked you to use the route utility to delete some static routes used by the router. Which of the following commands will you use in this scenario?
route
125
Which of the following commands can be used to change a device's name?
hostname
126
Which of the following traverses a significant distance and usually supports very high data throughput?
WAN
127
Browski is a company that deals with SD-WAN (software-defined wide area network) units. The management of Browski wants to present an audio-video presentation at one of the network exhibitions to demonstrate its new product. As a network administrator working there, you have been asked to go through a few pointers in the presentation to verify the accuracy of the content. Analyze if any of these aspects do not apply to SD-WAN.
SD-WAN can be more expensive than leased lines.
128
As a network analyst, you have to separate the digital communication of data in a GSM network. Which of the following will you use in this scenario?
TDMA (Time Division Multiple Access)
is a method of multiplexing in which signals from several sources on a channel are separated by timeslots.
129
Crom Breweries is an old client of HW Internet Solutions. Crom's IT department calls HW Solutions to inform that the interface is down. HW Solutions sends a network analyst to check the situation. The network analyst assumes that an employee must have shut down the interface. He applies the show interface command to get an overview of all the devices interfaces. Analyze which of the following will help the network analyst to know whether the interface was shut down.
Link State
130
Which form of communication is well suited to users who receive more information from the network than they send to it?
ADSL (Asymmetric DSL)
is the most common form of DSL. Faster download speeds than upload speeds. EX: Surfing the Web, watching a movie.
131
XYZ Ltd. is a company that has 12 regional offices around the world. All the major operations of the company are carried out from the headquarters based in New York. XYZ Ltd. has approached you, a network facilitator, to install a WAN service that can manage network configurations at multiple locations throughout the world. Which of the following WAN services would you advise to XYZ Ltd. in this scenario?
SD-WAN (Software-Defined Wide Area Network)
abstracted, centralized control of networking devices that manage network functions across a diverse infrastructure.
*Pic: SD-WAN supports many underlying WAN connectivity technologies.
132
Beevan works as a network analyzer for an ISP. The network manager has asked him to use a protocol for the routers that can scan beyond the home territory and can instruct a group of routers to prefer one route over other available routes. Analyze which of the following should be used in this scenario.
BGP (Border Gateway Protocol)
dubbed the "Protocol of the Internet," this path-vector routing protocol is the only current EGP (Exterior Gateway Protocol) and is capable of considering many factors in its routing metrics.
133
Bradley has been running a business in his garage for over a period of 10 years. He plans on expanding the business by opening up three new offices in three different cities. Since he has accumulated sufficient profits to move to a larger office space, he plans to upgrade his network connection to one with a dedicated and symmetrical bandwidth. Bradley approaches Mantle Solutions, an ISP. Which of the following options should be offered by the ISP in this term-4scenario?
Leased Lines
dedicated Internet bandwidth provided over fiber-optic connections.
*Pic: Each location needs its own Leased Line
134
Which of the following devices serves as the endpoint for a dedicated connection between an ISP and a customer?
CSU/DSU (Channel Service Unit/Data Service Unit)
135
You are working as an executive for a cable company. A client raises a request to set up a network that uses fiber-optic cabling to connect your company's distribution center to distribution hubs and then to optical nodes near its customers. From the following network options, which one would you recommend in the given scenario?
HFC (Hybrid Fiber Coaxial)
either fiber-optic or coaxial cable then connects a node to each customer's business or residence.
*Pic: HFC Infrastructure
136
You are employed as a network engineer. While setting up a client's connection, the client requests you to display the concise network layer information of the device interface that is being installed. Which of the following commands will you use in this scenario?
sh ip int br
137
You are working as a network engineer with an ISP. A query has come to you from a client who requires a guarantee of minimum uptime percentages if the service goes down. Which of the following will you choose in this scenario?
DIA
138
You, as a network engineer, have recently established a network connection for three separate department buildings in a university. One of the departments has complained that the signal strength it receives is not the same as the signal strength the other two buildings receive. Which of the following will you use in this scenario?
Line Drivers
139
Nathan has plans of opening a call center. He will require a network connection that will have a bare minimum of 3 Gbps upstream and at least 8 Gbps downstream throughput. Analyze which of the following will provide a solution to Nathan.
Using a DOCSIS 4.0 for maximum throughput.
DOCSIS (Data Over Cable Service Interface Specifications). Cable broadband was standardized by an international, cooperated effort orchestrated by CableLabs that yielded a suite of specifications called DOCSIS. The newest standard, 4.0, allows for symmetric multi-gigabit speeds up to 10 Gpbs downstream and 6 Gpbs upstream.
140
Which of the following is a more intelligent version of an NIU (network interface unit)?
Smartjack
are able to loop ISP's signal back to CO (Central Office) for testing.
141
White Hawks runs a baseball stadium, and it would like to set up a network that has a reasonable level of availability and effectiveness so that fans can receive a close and strong signal throughput when they watch a game. Analyze which of the following statements will help in understanding why a 5G service is ideal in this scenario.
The Cell Density for the network must be close.
142
You are currently working as a network engineer at GHP Ltd. The network administrator tells you to change a default route and apply the best route available so that the path to the destination can be shortened. Which of the following will help you in doing so?
Routing Cost
the more desirable the path, the lower its cost.
143
A network administrator has asked Robin, a network engineer, to use OSPF (Open Shortest Path First) along with RIP (Routing Information Protocol) on an edge router in a network so that it demands more memory and CPU power for calculations but keeps network bandwidth to a minimum with a very fast convergence time. Identify and analyze which characteristic of OSPF signifies this.
Low Overhead, Fast Convergence
-OSPF (Open Shortest Path First) is an IGP (Interior Gateway Protocol) and link-state routing protocol that improves on some of the limitations of RIP (Routing Information Protocol) and can coexist with RIP on a network.
-Overhead: the burden placed on the underlying network to support a routing protocol.
-Convergence Time: the time it takes for routers on a network to recognize and adjust to configuration changes or a network outage.
144
Your network administrator has asked you to change the subnet mask of the Cisco router used in the organization. Which of the following Cisco CLI modes would you apply in this scenario?
Interface Configuration
145
Moses wants to update the interface of a router. He plans on having a check on the current running configuration file and then wants to copy the running configuration file to the startup configuration file. Analyze which CLI mode Moses must use in this scenario.
Use the privileged EXEC mode to apply the changes
146
Global ISP has received the tender for a project that requires the company to run a fiber connection to provide Internet connection to 120 families in an area simultaneously. Analyze which of the following would be feasible for Globe ISP in this scenario.
Providing the connection using FTTN (Fiber-to-the-Node or Fiber-to-the-Neighborhood)
is a nearby service junction that serves a few hundred customers.
147
Which of the following commands lists a router's routing table information?
show ip route
148
Examine the following circumstances as a network analyst and analyze in which of the following conditions MANs (metropolitan area networks) cannot be useful.
Connecting a clothing manufacturer to sell its products to customers worldwide
149
Fox Agro, a small business, faces network congestion and connection failures, which affect the network. As a result, the quality of performance of the unit gets adversely affected. You are appointed as a network administrator to determine the best solution to this problem. Which type of routing path will you use to solve this problem?
Dynamic Route
is a route automatically calculated by the router to determine the best path between two networks. As dynamic routes are identified and calculated, this information is collected in a routing table.
150
Which of the following devices contains ports to connect both to an incoming telephone line and to a computer or network connectivity device?
DSL Modem
151
Which of the following statements about MPLS (multiprotocol label switching) is not true?
MPLS does not offer any decreased latency.
152
Mr. X wants to use cellular technology that offers at least 5 Mbps of download speed. He consults you about this. Which of the following cellular technologies will you suggest?
5G
153
You are working as a technical specialist for an ISP. The network administrator has asked you to set up a router for a client with a routing protocol that will use a distance-vector algorithm and is limited to 15 hops. Which of the following will you use?
RIPv2 (Routing Information Protocol, Version 2)
is an updated version of the original RIP routing protocol that generates less broadcast traffic and functions more securely than its predecessor
154
Which of the following refers to any router outside an organization's AS(autonomous system), such as a router on the Internet backbone?
Exterior Router
is a router that directs data between autonomous systems.
155
LTE (Long-Term Evolution) and LTE-A (LTE advanced) are variations of which generation of cellular network?
Fourth Generation (4G)
is a mobile phone service that is characterized by an all-IP network for both data and voice transmission and throughput of 100 Mbps up to 1 Gbps.
156
You are working as a network analyzer for an ISP. A client has approached you to set up a network connection for a bank with offices around the state. The network needs to connect these offices with each other in order to gather transaction and account information into a central database. Which of the following connections will you provide in this scenario?
WAN
157
Which of the following IGPs supports large networks, calculates more efficient best paths than RIPs, and uses algorithms that prevent routing loops?
OSPF (Open Shortest Path First)
158
You are working as a network engineer for an ISP. You have successfully set up a home Internet connection for a client. The ISP requires the network engineers to provide a document with specifications and tests that the customer can run on their own to check various aspects of their connectivity. However, in the document that you provided you forgot to mention the functionality of speedtest.net in the document. So, the client calls you with a query about the use of speedtest.net. Which of the following will be your reply to the client in this scenario?
It is used for bandwidth speed tests.
159
Identify which router connects an autonomous system with an outside network, also called an untrusted network.
Edge Router
160
An ISP's headquarters is located in Philadelphia, and it has a branch office in Canada. The ISP wants to ship an edge device to the branch location where a non-technical person can plug in the device without any configuration needed on-site. Which of the following should be used in this scenario?
SD-WAN
161
Rodri has been contracted by an ISP to set up an IPv6 address for MIL Ltd. The RIR (regional Internet registry) has assigned the ISP a block of 32-bit routing prefix. The ISP will provide MIL Ltd. with a /48 site prefix. Analyze which of the following scenarios will help Rodri in calculating the total number of possible subnets.
MIL Ltd. can create up to 65,536 Subnets
162
You, as a network administrator, are calculating the range of host IP addresses for a subnet (the targeted subnet). If the next subnet's network ID is 192.168.50.119, what is the targeted subnet's broadcast address?
192.168.50.118
163
Which of the following is a valid IP address for a network ID of 191.254.0.0 using 11 bits for subnetting?
191.254.1.29
164
Your network administrator wants you, a network analyst, to partition a VLAN broadcast domain. However, he has asked you to ensure that the host can connect with the Internet. Which of the following will you use in this scenario?
Community VLAN
165
Mason, a new network engineer in your organization, has set up the configuration of the switch ports to other network devices. On inspection, you, the network administrator, realize that the configuration has been made using access mode instead of trunk mode. What kind of a configuration error are you facing in this situation?
Incorrect Port Mode
166
Which of the following can be used to provide administrative access to a switch?
Management VLAN
167
The organization where you are currently working as a network administrator has a class A network address 10.0.0.0 with 40 subnets. You want to add another 60 new subnets to the network. You would like to still allow for the largest possible number of host IDs per subnet. Which of the following subnet masks will you choose in this scenario?
255.254.0.0
168
You are working on a network device that has a subnet mask of /26. How many IP addresses are available according to you?
62
169
JVC Corporations is a multinational company that has a variety of products worldwide. You are working as a network engineer with the network management team of the company. The network administrator has requested you to submit a network document after subdividing the smaller network of Human Resources into a separate network segment so that it is convenient for troubleshooting. Under which of the following groupings will you place this network segment in this scenario?
Departmental Boundaries
170
How many bits are used in a network with a subnet of 255.0.0.0?
8
171
Globcom is a call center operating in California. It has hired you as a network administrator to set up a voice VLAN to ensure the quality of voice transmissions. Which of the following will not be of immediate priority while setting up the VLAN connection?
Untagged Frames
172
You are working on an IPv6 address 2608:FE10:1:AA:002:50FF:FE2B:E708. You want to create subnets within this IP address. Which of the following will you choose to alter when creating subnets for this address?
AA
173
You as a network administrator want to protect the network from unauthorized traffic, and for this reason, you decide to change the native VLAN to an unused VLAN so that the untagged traffic is essentially directed toward a dead-end. Which of the following commands will you use to do this on a Cisco switch?
Switchport Trunk Native VLAN
174
Murphy Communications has been running a VLAN-managed network to connect different devices. You as a network analyst want to assign a name to the VLAN network, but you are unable to do so. What kind of VLAN is most likely being used in the organization?
Default VLAN
is a preconfigured VLAN on a switch that cannot be renamed or deleted.
175
The network administrator has asked you to subnet a network that has 5 subnets, each with at least 16 hosts. Which subnet mask would you use?
255.255.255.240
176
The part which identifies the network in an IPv4 address is known as _____.
The Network ID
177
Which of the following will allow subnets to be further subdivided into smaller and smaller groupings until each subnet is about the same size as the necessary IP address space?
VLSM (Variable Length Subnet Mask)
is a subnetting method that allows subnets to be further subdivided into smaller groupings until each subnet is about the same size as the needed IP address space.
178
Analyze which of the following can be used to establish a static VLAN assignment for a device.
Assigning a VLAN based on the switch port of the device is connected to.
179
Which of the following carries user-generated traffic, such as email, web browsing, or database updates?
Data VLAN
180
Subnetting, which alters the rules of classful IPv4 addressing, is known as _____.
Classless Addressing
181
Analyze which of the following is true about a default VLAN.
a. Ports in default VLAN can be reassigned to other VLANs.
b. To protect a network from unauthorized traffic, a default VLAN should be changed to an unused VLAN.
c. A default VLAN can be used to carry user-generated traffic, such as email, web browsing, or database updates.
d. A default VLAN supports VoIP traffic, which requires high bandwidths, priority over other traffic, flexible routing, and minimized latency.
Ports in default VLAN can be reassigned to other VLANs.
182
The headquarters of BBK Solutions has detected a possible attack with the help of VLAN tags. Mathews is the head of the Network Administration department in BBK Solutions, and he has to come up with security measures to prevent such instances from occurring in the future. Which of the following security measures should Matthews consider keeping the VLAN pathway as the primary focus?
The default VLAN should not be used.
Default VLAN is a preconfigured VLAN on a switch that cannot be renamed or deleted.
183
What will be the number of hosts per subnet in a 255.255.255.240 IPv4 class C subnet mask?
14
184
Bilmain Manufactures has recruited you as a network administrator to handle the organization's network operations. You want to set up a class A IP address. What will be the subnet mask for this class A address?
255.0.0.0
185
Brown Industries consults you to review and check for faults in the recently installed port-based VLAN network on its premises. The VLAN has been segmented according to Brown Industries' departments such as Sales, Finance, and Marketing. On inspection, you realize that a virtual sales client, which should have been plugged into port 6, has been plugged into port 1, which is reserved for marketing clients. What kind of configuration error are you facing in this situation?
Incorrect VLAN Assignment
186
In the formula 2 n = Y, what does n represent?
It is the number of bits that must be switched from the host address to the network ID.
187
You as a network analyst want to make certain changes to a VLAN database, and you want these changes to be reflected in all the other switches in the network. Which of the following will you use?
Stack Master
188
Which of the following will you use to assign a VLAN based on the switch port the device is connected to?
Static VLAN Assignment
189
You have been appointed to design a subnet mask for a network. The current IP address of the network is 192.168.89.0. You have been requested by the network administrator to divide this local network into nine subnets to correspond to the organization's nine different floors. How many bits will you borrow from the host portion of the ID address in this scenario?
Four Bits
190
What is the term used to identify the first four blocks that normally help to identify a network?
Site Prefix
is the first four blocks or 64 bits of an IPv6 address that normally identify the network. Also called Global Routing Prefix.
191
You are a network analyst at a securities firm. You have to assign an identifier to each VLAN used in the network so that the connecting devices can identify which VLAN a transmission belongs to. Which of the following will you use in such a situation?
SAID (Security Association Identifier)
indicates to other connectivity devices which VLAN a transmission belongs to.
192
You as a network engineer want to create a subnet that supports 16 hosts. Which of the following subnet masks will you use in this scenario?
255.255.255.224
193
You are working as a network engineer for ABC Ltd. You have been instructed to translate the slash notation /20 into a subnet mask. Which of the following will you select?
255.255.240.0
194
An attack has been detected in your network system by one of the network engineers. Analyzing the attack, you come to know that the system was accessed through one of the switches where the hacker fed his own VLAN traffic into the port and accessed the network. What kind of an attack have has been experienced in this scenario?
Switch Spoofing
195
Phillips is a trainee who is currently on probation at ICP Solutions. Under which of the following groupings will he classify the network segment of the floors of a building connected by a LAN?
Geographic Locations
196
The network administrator has instructed you to set up multiple logical VLANs to receive and transmit data. He has asked you to connect one of the switches to a router so that the interface can manage the traffic from multiple VLANs. Which of the following will you use in this scenario?
Trunking
197
Calculate the total number of hosts per subnet that you can derive from the network ID 192.168.1.0 255.255.255.224.
30
198
When a router connects to a switch that supports multiple VLANs, it is sometimes called _____.
A Router-on-a-Stick
199
Which of the following VLANs receives all untagged frames from untagged ports?
Native VLAN
200
Identify the current name of a DMZ (demilitarized zone).
Screened Subnet
also known as DMZ.
is an area on the perimeter of a network that is surrounded by 2 firewalls, an external firewall porous enough to allow more types of traffic, and a hardened internal firewall that provides greater protection to the internal network.
201
Basil Telecommunications have hired you as a network manager for providing a network system that will include redundant processors, backup generators, and earthquake-resilient installation. You have decided that the average downtime per year cannot be more than 5 minutes 15 seconds. Which of the following will you use in this scenario?
Five 9s = 99.999%
202
James has been appointed as the service manager in one of the outlets for Grason Communication, which sells switches and routers. A client approaches James with a query from a network provider who is requesting for an alternative router that is less expensive and will work within layer 5 and layer 7 in the OSI (open systems interconnection) model. Analyze which of the following options James should present to his client in this scenario.
Layer 4 Switches
is a switch capable of interpreting layer 4 data, which means it can perform advanced filtering, keep statistics, and provide security functions.
203
As a network administrator of your company, you have decided to implement redundant connections between network devices to solve problems like network bottlenecks. You have decided to implement this change so that multiple network interfaces and ports can act as one logical interface and focus on increasing total throughput and better load balancing. Which of the following will you use to implement this change in your Windows devices?
NIC Teaming
is the seamless combination of multiple network interfaces or ports on Windows devices to act as one logical interface.
204
You have been working as the network administrator for JP Steels. In order to cut down on operating costs, you plan to install a firewall's OS (operating system) in a VM on an inexpensive server, instead of purchasing an expensive hardware firewall to protect a LAN. Hence, you no longer require a firewall that runs on its own OS. Which of the following firewalls will you purchase in this scenario?
BARRACUDA'S CLOUDGEN Firewall Device
205
As a network administrator, you want to modernize your network with modular software running on standard server platforms. You want to start by replacing traditional, custom-designed network equipment. You also wish to have flexible, cost-saving options for many types of network devices, including virtual servers, data storage, load balancers, and firewalls. Which of the following will you use in such a scenario?
NFV (Network Functions Virtualization)
is a network architecture that merges physical and virtual network devices.
206
Which of the following is a multipath link-state protocol?
TRILL (Transparent Interconnection of Lots of Links)
is a multipath, link-state protocol developed by IETF. TRILL is newer technology to improve on or replace STP.
207
You have been working with an ISP (Internet service provider) as a network engineer. You have made multiple WAN (wide area network) connections over a period of time. Recently, you have received complaints from various clients about network failure, which is having an effect on their day-to-day business. This network failure is primarily caused by some bugs in a few of the network devices. In order to protect your clientele, you have decided to provide an additional information sheet that will specifically state the amount of time you will take to fix the issue. Which of the following will you use to calculate the average amount of time required to repair the faulty device?
MTTR (Mean Time to Repair)
is the average amount of time required to repair a device or restore a service.
208
Ross is running a small data entry back office, for which he has contracted you for network management. Ross has made it very clear that because he has just started the company he wants to cut down on expenses wherever he can. One such option involves the router-he wants to exchange the router with a similar but less expensive alternative. Which of the following will you refer to Ross in such a situation?
Layer 3 Switch
is a switch capable of interpreting layer 3 data and works much like a router in that it supports the same routing in that it supports the same routing protocols and makes routing decisions.
209
Cloud computing offers many significant advantages and opportunities for expansion, but it has its disadvantages as well. Which of the following options is the cheapest and simplest alternative to a cloud?
Internet
210
Which of the following switches can be configured via a command-line interface or a web-based management GUI (graphical user interface)?
Managed Switch
is a switch that can be configured via a command-line interface or a web-based management GUI, and sometimes can by configured in groups.
211
For over a decade, Ramanathan has been working as a network engineer in an MNC that uses FC (Fibre Channel) networking architecture. His primary duty is to ensure that there are no issues in the network connections between servers and SAN (storage area network) devices, so that maximum throughput is achieved at all times. Recently, one of the connections of the FC device to the network malfunctioned, which Ramanathan has to fix. Analyze which of the following Ramanathan should do in this scenario.
Connect the FC devices to the network through HBAs
FC (Fibre Channel)
HBA (Host Bus Adapters)
212
Which of the following protocols allows a pool of computers or interfaces to share one or more IP addresses?
CARP (Common Address Redundancy Protocol)
is a protocol that allows a pool of computers or interfaces to share one or more IP addresses.
213
Which cloud characteristic allows a provider to limit or charge by the amount of bandwidth, processing power, storage space, or client connections available to customers?
Measured Service
214
Which of the following terms refers to the technique of grouping redundant resources such as servers so they appear as a single device to the rest of the network?
Automatic Failover
215
Which of the following will help evenly distribute traffic to each device in a cluster so every device carries a portion of the load?
Load Balancer
is a device that distributes traffic intelligently among mutiple devices or connections.
216
Jasper Infotech have an issue with their network system-a malfunctioning NIC on a router caused network outages. They have hired you specifically to ensure that the network system does not collapse when there is an unexpected hardware or software malfunction. Which of the following terms will you refer to while fixing this issue for Jasper Infotech?
Fault Tolerance
217
You are working as one of the network administrators of Wells & Welsh Associates. The company wants to provide network administrators with more centralized control of network settings and management. For this reason, the department has decided to use an SDN (software-defined networking) controller to allow network administrators to remotely manage network devices and monitor data collected about these devices. Which plane of the SDN will enable you to allow such a feature?
The Management Plane
218
Which of the following protocols can detect and correct link failures in milliseconds?
RSTP (Rapid Spanning Tree Protocol)
is newer technology to improve on or replace STP. Defined in IEEE's 802.1w standard, and MSTP (Multiple Spanning Tree Protocol), originally defined by the 802.1s standard.
219
Which of the following is a distinct network of storage devices that communicate directly with each other and with other portions of the network?
A SAN
220
Valentina is employed under the network management team at Iris Global Services, which is a software management firm. Following a recent hacking attempt at its office, the network administrator wants her to cross-check whether security precautions have been enabled on the STP interfaces so that the information transmitted by the BPDUs can be protected. On inspection, she discovers that the security precautions have not been configured. Analyze what Valentina should do in order to prevent a rogue switch or computer connected to one of these ports from hijacking the network's STP paths.
Use a BPDU Guard to Block BPDUs
(Bridge Protocol Data Units)
221
Glenn, who is working as a network engineer, has been instructed to automate many tasks to work together in a complex and lengthy workflow. What is the term for this process?
Orchestration
222
You have been hired as an assistant to the head network administrator in an ISP (Internet service provider). While setting up the network for one of your clients, he wants you to check whether sufficient security precautions have been taken to ensure none of the customer's switches becomes the ISP's root bridge. Which of the following will you use in this scenario to ensure that the appropriate security measures have been taken?
Root Guard
prevents switches beyond the configured port from becoming the root bridge.
223
You run a website called Offhand that sells exclusive handmade home decor items. On Mother's Day, the website unexpectedly receives a burst of traffic following the marketing campaign designed for this occasion. Thankfully, you are equipped with a good cloud service model and hence you are able to increase the cloud resources the website needs without disrupting your web services. Which of the following cloud characteristics helped you manage the situation easily?
Rapid Elasticity
224
Which of the following cloud models makes resources available to users through a WAN connection?
Private Cloud
225
You have been working as a network administrator at Yong Solutions, which is an ISP (Internet service provider). The switches used in the storage network of the ISP essentially use the STP (Spanning Tree Protocol) for detecting link failures. You have been asked to upgrade the STP because repeated reports of network transmissions being bogged down have been received. Which of the following will you use in this scenario?
SPB (Shortest Path Bridging)
is a descendent of STP and is defined in IEEE's 802.1aq standard. SPB differs from earlier iterations of STP in that it keeps all potential paths active while managing the flow of data across those paths to prevent loops. By utilizing all network paths, SPB greatly improves network performance. Protocols designed to replace STP, such as SPB, operate at layer 3 instead of or in addition to layer 2.
226
The Centre for Equity Studies is a not-for-profit organization in Staten Island, New York, working in the human rights sector. Currently, because of the pandemic, the employees work from home. They work in association with three other initiatives, all of them involved in the same sector. Hence, there are a lot of resources that are routinely shared among all of them but not with the general public. You have been assigned the task of selecting one cloud model, keeping in mind the working conditions and the requirements of the users. Which of the following would suit this organization the most?
A Community Cloud
227
As a network administrator of Wheeling Communications, you have to ensure that the switches used in the organization are secured and there is trusted access to the entire network. In order to maintain this security standard, you have decided to disable all the unused physical and virtual ports on your Huawei switches. Which of the following commands will you use to bring your plan to action?
Shutdown
228
Lewis has been hired as an assistant to the head network administrator. He needs to understand the basic functioning of certain STP (Spanning Tree Protocol) features that will block BPDUs (Bridge Protocol Data Units) on any port serving network hosts. Which of the following will he use for such purposes?
BPDU Guard (Bridge Protocol Data Units)
229
You, as a network administrator, plan on running a trial for a beta version of an application. The idea is to install the application on a guest machine. You plan on doing this because you would rather have the untested software cause errors on the guest machine than on the host. Which of the following will you use in this instance?
VirtualBox
In VMware and VirtualBox, you can choose the bridged connection type when you create or configure the virtual adapter. In KVM, you create a bridge between the VM and your physical NIC when you modify the vNIC’s settings. In Hyper-V, you create a bridged connection type by assigning VMs to an external network switch.
230
In which of the following modes will a vNIC access a physical network using the host machine's NIC?
Bridged Mode
is a type of network connection in which a vNIC accesses a physical network using the host machine's NIC. The bridged vNIC obtains its own IP address, default gateway, and subnet mask information from the physical LAN's DHCP server.
231
Which of the following creates and manages a VM (virtual machine) and allocates hardware resources for the host and any of its guest VMs?
Hypervisor
is the element of virtualization software that manages multiple guest machines and their connections to the host (and by association, to a physical network).
232
Krypton Spares and Parts is an MNC dealing in motorcycle spare parts. The administration department of the company has constantly been complaining of severe network issues, and you have been hired to fix the issues. On inspection, it has come to your notice that these network fluctuations are primarily because of flooding attacks from broadcast and multicast traffic. Which of the following do you plan on using to fix this issue?
Storm Control
233
As a developer, you need frequent access to multiple platforms during the development process. Rather than purchasing and maintaining a separate device for each platform, you have decided to avail the cloud service option. You are looking to build and test the applications within these virtual, online environments, which are tailored to the specific needs of the project. The cloud service model should have servers that provide only the resources needed to run an application and also allow customers to run their code directly in the cloud without having to manage a server environment at all. Which of the following cloud service models do you think would be appropriate considering your requirements?
PaaS (Platform as a Service)
is a cloud service model in which various platforms are provided virtually, enabling developers to build and test applications within virtual, online environments tailored to the specific needs of a project.
234
In order to achieve the utmost fault tolerance, as a network administrator, you want to ensure that critical devices are all equipped with redundant NICs, routers, and processors, which are able to immediately assume the duties of an identical component in case one of the components fails. Which of the following will help you ensure these devices contain the necessary components you require?
Automatic Failover
in the event of a component failure, the ability of a redundant component to immediately assume the duties of the failed component.
235
Which of the following planes is made up of the physical or virtual devices that receive and send network messages on their way to their destinations?
The Infrastructure Plane
an SDN (Software-Defined Networking) construct made up of physical or virtual devices that receive and send network messages. Also called Data Plane.
236
Blue Whale is an e-commerce website that has hired you as part of the network management team. The network administrator has delegated one of his tasks to you, which requires you to allow and configure more than one MAC address in one of the ports. Which of the following commands will help you complete the task at hand?
allowed-mac
237
Which of the following network technologies uses a transport layer protocol that runs on top of TCP to allow fast transmissions over LANs, WANs, and the Internet?
iSCSI (Internet SCSI)
is a transport layer protocol used by SANs that runs on top of TCP to allow fast transmission over LANs, WANs, and the Internet.
238
Scott & Wayne Law Associates is a private law firm in Atlanta specializing in cases involving violation of environmental laws. The firm currently has approximately 50 employees who all work on various matters and in different departments. You have been hired as a network administrator and tasked with finding a suitable cloud model for the firm. The firm is looking for a comparatively low-cost cloud model that can be accessed only by the employees and senior management but not its clients or third parties. Which of the following cloud models would you choose?
A Private Cloud
239
What is the downtime per day for a system showing 99.9% availability?
1 Minute & 26 Seconds
240
You already have a running network in your organization, but because of the recent influx of network traffic and as a network engineer, you want to take a more organized approach in designing the network so that every device can function optimally. You have decided to add highly efficient multilayer switches to pass traffic in and out of a few backbone ports as quickly as possible. Which of the following layers of the network architecture will you use to bring in this change to your network?
The Core Layer
