Jason Dion - CompTIA Network+ N10-008 Exam Prep #0 Flashcards

Question

You are working as a service desk analyst. This morning, you have received multiple calls from users reporting that they cannot access websites from their work computers. You decide to troubleshoot the issue by opening up your command prompt on your Windows machine and running a program to determine where the network connectivity outage is occurring. This tool tests the end-to-end connection and reports on each hop found in the connection. Which tool should you use to determine if the issue is on the intranet portion of your corporate network or if it is occurring due to a problem with your ISP (Internet Service Provider)? A.netstat (networkstatistics; tool is used to display network statistics and active connections) B.tracert (a command-line utility used to trace an IP packet's path as it moves from its source to its destination; performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help to identify if the connectivity issue lies within your intranet or is a problem with the Internet Service Provider's connection. ) C.PING (Packet InterNetwork Groper; will tell you if the remote website is reachable or not, it will not tell you where the connection is broken) D.nslookup (tool is used to troubleshoot Domain Name System issues)

Answer 1

B.tracert (a command-line utility used to trace an IP packet's path as it moves from its source to its destination; performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help to identify if the connectivity issue lies within your intranet or is a problem with the Internet Service Provider's connection. ) OBJ-5.3: Tracert is a command-line utility used to trace an IP packet's path as it moves from its source to its destination. While using ping will tell you if the remote website is reachable or not, it will not tell you where the connection is broken. Tracert performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help to identify if the connectivity issue lies within your intranet or is a problem with the ISP's connection. The nslookup tool is used to troubleshoot DNS issues. The netstat tool is used to display network statistics and active connections. The ping tool is used to test an end-to-end connection, but it will not provide any data on the hops found in the connection.

Answer 2

C.Brute force occurs within 11,000 combinations OBJ-2.4: The most prominent attack against WPS0-enabled wireless networks involves brute-forcing the 8-digit PIN that client uses to enroll their devices without knowing the pre-shared key. WPS checks each half of the PIN individually, reducing the number of possible combinations from a maximum of 100,000,000 to only 11,000. This only takes a few minutes to crack on most modern computers, as long as the WAP doesn't have a lockout after a certain number of failures. The lockout mechanism may also be triggered based on the client's MAC, so you can often spoof MAC to bypass this defense.

Answer 3

A.WPA2 (Wi-Fi Protected Access 2) OBJ-4.3: Wi-Fi Protected Access 2 Pre-Shared Key or WPA2-PSK is a system of encryption used to authenticate users on wireless local area networks using a shared password as the key. WPA2-PSK [AES] is the recommended secure method of making sure no one can listen to your wireless data while it is being transmitted back and forth between your router and other devices on your network. A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies, not a shared password. Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network and is used in virtual private networks. A geofence is a virtual perimeter for a real-world geographic area. Geofencing does not use shared passwords to secure your next, it uses GPS coordinates or other location-based data.

Answer 4

D.Change management documentation OBJ-3.2: Since everything worked before the server upgrade and doesn't now, it would be a good idea to first look at the change management documentation that authorized the change/upgrade. This should include the specific details of what was changed and what things may have been affected by the change. This is the best place to start when determining what changed since yesterday. Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies.

Answer 5

D.Social engineering OBJ-4.2: Social engineering is the art of convincing people to reveal confidential information to the intruder. Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection. Bluesnarfing is a technical exploit, not one that relies on tricking a user like social engineering would. An on-path attack, formerly known as a man-in-the-middle attack, is a technical method used by attackers to place themselves between a victim's client and a server to intercept or modify communications between the two devices. This is another form of technical attack and it does not rely on tricking a user. An evil twin a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user's knowledge. An evil twin is another technical means of attack that could be combined with an on-path attack to collect sensitive information from a victim. The best answer, though, still is a social engineering attack since those manipulate and trick a user into directly providing sensitive information to an attacker.

Answer 6

D.Tickets used to identify authenticated users OBJ-4.1: Whether you learned the in-depth details of each of these protocols during your studies or not, you should be able to answer this question by remembering that Kerberos is all about 'tickets.' Kerberos uses a system of tickets to allow nodes to communicate over a non-secure network and securely prove their identity. Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos is used in Windows Active Directory domains for authentication. Single sign-on (SSO) is a type of mutual authentication for multiple services that can accept the credential from one domain or service as authentication for other services. The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request.

Answer 7

B.SNMP (Simple Network Management Protocol) Walk (an application that runs multiple GETNEXT requests automatically) OBJ-3.1: SNMP Walk can be used to determine if the counter is using 32 bits or 64 bits by querying the OID of the endpoint (router interface). This is a complex topic beyond the scope of the Network+ exam (how to use the SNMP Walk tool) and usually serves as a type of in-depth question that CompTIA might ask to determine if a candidate has actual real-world experience in networking or just studied from a textbook. Some instructors like to claim that CompTIA uses these types of questions to determine if someone is cheating because only people who studied from a "brain dump" are likely to get this question correct! This type of question reminds you that it is ok not to know all the answers on test day. Just take your best guess, and then move on!

Answer 8

C.T-1 (bundles together 24 64-kbps (DS0) time-division multiplexed (TDM) channels over 4-wire copper circuit. This creates a total bandwidth of 1.544 mbps) OBJ-1.2: A T-1 connection provides a guaranteed 1.544 Mbps of throughput. Dial-up, DSL, and cable broadband do not provide a guaranteed throughput rate. Instead, these services provide a variable throughput rate based on network conditions and demand in the area of your business.

Answer 9

D.Hybrid OBJ-1.8: A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud. A community cloud is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A private cloud contains services offered either over the Internet or a private internal network and only to select users instead of the general public.

Answer 10

D.Zero-day OBJ-4.1: A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited, and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, hence the term zero-day. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A brute-force attack consists of an attacker systematically trying all possible password and passphrase combinations until the correct one is found. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.

Answer 11

A.RDP (Remote Desktop Protocol) OBJ-4.4: The RDP (remote desktop protocol) is a Windows feature that allows a remote user to initiate a connection at any time and sign on to the local machine using an authorized account. This connection allows a Windows administrator to see and control what is on a remote computer's screen. RDP authentication and session data are always encrypted. This means that a malicious user with access to the same network cannot intercept credentials or interfere or capture anything transmitted during the session. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Telnet uses port 23 to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection but sends its data in plaintext making it an insecure protocol. Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it.

Answer 12

B.APIPA (Automatic Private Internet Protocol Addressing) OBJ-1.4: APIPA stands for Automatic Private IP Addressing and is a feature of Windows operating systems. When a client computer is configured to use automatic addressing (DHCP), APIPA assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the client if the DHCP server is unavailable. A static IP address is used when the DHCP server is disabled and clients are configured manually to join the network properly. A public IP address is the outward-facing (public-facing) IP address assigned to a client. A private IP address lets a router correctly direct traffic within its network and allows devices within a network to communicate with one another, but private IP addresses cannot be used to route traffic across the internet.

Answer 13

B.Bus OBJ-1.2: As described, this network would resemble a physical bus network topology because the router connects directly to the firewall, and the firewall connects directly to the computer. This would form a single line (or bus) from one device to the next. A bus topology uses a single cable that connects all the included nodes and the main cable acts as a backbone for the entire network. A ring topology connects every device to exactly two other neighboring devices to form a circle. Messages in a ring topology travel in one direction and usually rely on a token to control the flow of information. A star topology connects all of the other nodes to a central node, usually a switch or a hub. A star topology is the most popular network topology in use on local area networks. A mesh topology connects every node directly to every other node. This creates a highly efficient and redundant network, but it is expensive to build and maintain.

Answer 14

D.Jitter OBJ-3.2: Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients. Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance.

Answer 15

A.Rapid elasticity OBJ-1.8: Rapid elasticity can be a security threat to your organization's data due to data remanences. Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase it. So, when a cloud resource is deprovisioned and returned to the cloud service provider, it can be issued to another organization for use. If the data was not properly erased from the underlying storage, it could be exposed to the other organization. For this reason, all cloud-based storage drives should be encrypted by default to prevent data remanence from being read by others. Metered services are pre-paid, a-la-carte, pay-per-use, or committed offerings. A metered service like a database may charge its users based on the actual usage of the service resources on an hourly or monthly basis. For example, Dion Training used the AWS Lambda serverless product in some of our automation. This service charges us $0.20 for every 1 million requests processed. Resource pooling refers to the concept that allows a virtual environment to allocate memory and processing capacity for a VMs use. On-demand refers to the fact that a consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

Answer 16

C.UC (Unified Communication) Gateway OBJ-2.1: Unified Communications (UC) enables people to use different modes of communication, media, and devices to communicate with anyone, anywhere, anytime. To accomplish this, a UC gateway is needed. Unified communications (UC) refers to the integration of multiple forms of real-time communications including voice, video, collaboration, and text messaging. A UC gateway connects your IP-based voice system to the Public Switched Telephone Network (PSTN).

Answer 17

C.SCADA/ICS (Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems) OBJ-2.1: Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS) are used in manufacturing and assembly-line networks. SCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Industrial control system (ICS) is a collective term used to describe different types of control systems and associated instrumentation, which includes the devices, systems, networks, and controls used to operate and/or automate industrial processes. Network Function Virtualization (NFV) is a way to reduce cost and accelerate service deployment for network operators by decoupling functions like a firewall or encryption from dedicated hardware and moving them to virtual servers. Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. Channel Service Unit/Data Service Unit (CSU/DSU) is a hardware device about the size of an external modem that converts digital data frames from the communications technology used on a local area network (LAN) into frames appropriate to a wide-area network (WAN) and vice versa.

Answer 18

A.Defence in depth OBJ-4.1: Defense in depth is the concept of layering various network appliances and configurations to create a more secure and defensible architecture. Dion Training appears to be using various host-based and network-based devices to ensure there are multiple security layers in the network.

Answer 19

B.CSMA/CD (Carrier-sense multiple access with collision detection) OBJ-2.3: In networking technologies that use CSMA/CD as their access method, a device first listens to the network media to make sure there is no signal already present from another device before it tries to place its own signal on the media. If a carrier signal is detected on the media, which indicates that a device is currently transmitting a signal, no other device can initiate a transmission until the carrier stops. If no carrier is detected, any device can transmit a signal. If two devices listen to the wire and detect no carrier signal, they may decide to send signals simultaneously. If this happens, a collision occurs between the two signals generated. Next, both devices detect the collision and stop transmitting their signals immediately, sending out a jamming signal that informs all other devices on the network that a collision has occurred and should not transmit. Meanwhile, the two devices whose signals created the collision cease transmitting and wait for random intervals of time (usually a few milliseconds) before attempting to retransmit.

Answer 20

D.Use the same SSIDs (Secure Set IDentifiers) on different channels and AP (Access Point) isolation OBJ-2.4: For users to be able to seamlessly migrate between the two buildings, both Access Points (AP) must use the same SSIDs. To prevent frequency interference, though, each device needs to select a different and non-overlapping channel to utilize. Finally, the AP isolation should be enabled. Access Point (AP) isolation is a technique for preventing mobile devices connected to an AP from communicating directly with each other.

Answer 21

A.Switching loop OBJ-2.3: A switching loop is when there is more than one Layer 2 path exists between two endpoints. This can be prevented by using the STP (Spanning Tree Protocol). The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Both Cat 6 and Cat 5e are compatible with each other and can both operate at speeds of up to 1000 Mbps (1 Gbps), so it is not an improper cable type issue. Auto-sensing ports refer to a feature found in network adapters that allows them to automatically recognize the current local network's speed and adjust its own setting accordingly. This would not be an issue since the switch can detect the appropriate speed to use with the Cat 6 and Cat 5e cables. Routes are used at layer 3, but switches are layer 2 devices. Therefore, the switches do not need to use a route to pass traffic between each other.

Answer 22

D.dig (used to query the domain name system) OBJ-5.3: The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host.

Answer 23

C.Configure VLSM (Variable Length Subnet Mask) for the IP address range D.Configure VTP (VLAN Trunk Protocol) and 802.1q on the inter-switch connections with native VLAN (Virtual Local Area Network) 100 OBJ-2.2: The 801.q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it. VLSM stands for Variable Length Subnet Mask where the subnet design uses more than one mask in the same network which means more than one mask is used for different subnets of a single class A, B, or C network. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard and Rapid Reconfiguration of Spanning Tree is defined in the IEEE 802.1w standard. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.

Answer 24

B.Insider threat OBJ-4.1: An insider threat is a type of threat actor assigned privileges on the system that cause an intentional or unintentional incident. Insider threats can be used as unwitting pawns of external organizations or make crucial mistakes that can open up exploitable security vulnerabilities. Hacktivists, Organized Crimes, and advanced persistent threats (APT) entities do not accidentally or unwittingly target organizations. Instead, their actions are deliberate. A hacktivist is an attacker that is motivated by a social issue or political cause. Organized crime is a type of threat actor that uses hacking and computer fraud for commercial gain. An advanced persistent threat (APT) is a type of threat actor that can obtain, maintain, and diversify access to network systems using exploits and malware.

Answer 25

B.25, 161 OBJ-1.5: SMTP (Simple Mail Transfer Protocol) uses port 25. SNMP (Simple Network Management Protocol) uses port 161. Port 23 is used by Telnet. Port 445 is used by the Server Message Block (SMB) protocol. Port 3389 is used by the Remote Desktop Protocol (RDP). Port 443 is used by the Hypertext Transfer Protocol Secure (HTTPS). If this were a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up.

Answer 26

A.TLS (Transport Layer Security) OBJ-4.4: Transport Layer Security (TLS) is used to secure web connections over port 443. Since port 443 was in use, you should expect either HTTPS, SSL, or TLS to be used as the protocol. If not, this would be suspicious activity and should be investigated. In fact, since this was a connection from the external IP to an internal host over port 443, this is suspicious and could be indicative of a remote access trojan on your host.

Answer 27

B.OSPF (Open Shortest Path First) OBJ-2.2: OSPF is known as a classless protocol. Classless routing protocols are those protocols that include the subnet mask information when the routing tables or updates are exchanged. Other classless routing protocols include EIGRP, RIPv2 (or newer), and IS-IS.

Answer 28

B.Implement load balancing and provide high availability OBJ-3.3: The device being added is most likely a load balancer. Adding this device will allow the delivery team to install a series of database servers to handle the requests by dividing the incoming requests among the various servers. NIC teaming would be an action that occurs on the database server itself. It is not a separate device. The other options are focused on troubleshooting efforts, not increasing the database server's capability or availability.

Answer 29

B.Business continuity plan OBJ-3.2: A business continuity plan is a document that outlines how a business will continue operating during an unplanned service disruption. A business continuity plan is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human capital and business partners, and essentially every other aspect of the business that might be affected. A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber attacks, and other disruptive events. An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describe the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement.

Answer 30

D./25 OBJ-1.4: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have 105 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 107 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). Since we need 107 IP addresses, we need to round up to a block of 128. To symbolize a CIDR block with 128 IP addresses, we would use /25, which is 2^7 =128.

Answer 31

C.802.1af OBJ-2.3: Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.

Answer 32

C.Port scanner OBJ-5.3: A port scanner is used to determine which ports and services are open and available for communication on a target system. The port scanner will scan the server and display any open ports. If the technician finds that port 443 (HTTPS) is open and all other ports are closed, then they know the server has been properly hardened. A NetFlow analyzer is used to perform monitoring, troubleshooting, inspection, interpretation, and synthesis of network traffic flow data. An IP scanner is used to monitor a network's IP address space in real-time and identify any devices connected to the network. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode.

Answer 33

D.South OBJ-1.7: North-South traffic or communication refers to traffic that enters or leaves the data center from a system physically residing outside the datacenter. North traffic is traffic exiting the datacenter. South traffic is traffic entering the data center. In both cases, the data is exiting or entering the data center through a firewall or other network infrastructure boundary device, such as a router. East-West traffic or communication refers to data flow within a datacenter. For example, if we are using a spine and leaf architecture, any data flow between the various servers in the datacenter, even if it goes between different leaves, would be considered east-west traffic.

Answer 34

A.Anycast OBJ-1.4: Anycast only works with IPv6. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Broadcast only works with IPv4. Broadcast communication has one sender, but it sends the traffic to every device on the network. Multicasting is a technique used for one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only sends the signal once, which is then received by multiple hosts simultaneously. Multicast can be used with both IPv4 and IPv6. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.

Answer 35

C.Identify the problem General IT Troubleshooting Identify Guess Test Plan Implement Verify Document

Answer 36

B.Identify the problem OBJ-5.1: The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Since you just arrived at the main distribution frame, you need to begin by identifying the problem. This could include gathering information, questioning users or the other technician, identifying symptoms, determining if anything has changed, or trying to duplicate the problem.

Answer 37

B.It becomes the default VLAN for untagged frames OBJ-2.3: Trunk ports carry all traffic, regardless of VLAN number, between all switches in a LAN. The VLAN designation for a trunk port is its native or default VLAN. If the trunk port has a native VLAN that differs from the tag placed on the frame as it entered the access port, the switch leaves the tag on the frame and sends the tagged frame along to the next switch or switches. If the trunk port’s native VLAN is the same as the access port's VLAN, then the switch drops the tag and sends the untagged frame out of the trunk port.

Answer 38

C./26 OBJ-1.4: Since the Sales department needs 55 devices plus a network ID and broadcast IP, it will require 57 IP addresses. The smallest subnet that can fit 57 IPs is a /26 (64 IPs). A /26 will borrow 2 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^6 available host IP addresses, or 64 total IP addresses. Of the 64 IP addresses, there are 62 available for clients to use, one for the network ID, and one for the broadcast address.

Answer 39

C.Perform a site survey OBJ-5.4: If you suspect interference within your apartment or other personal spaces, you should conduct a site survey to identify what wireless signals are emanating into your apartment and the RSSI of those signals. This will allow you to choose the least used frequency/channel to increase your own signal strength and reduce the wireless network's interference. For example, if you are using a 2.4 GHz wireless network, you should aim to use either channel 1, 6, or 11 to minimize interference.

Answer 40

B.Install a switch in the second-floor networking closet to increase the signal OBJ-5.2: The best option is to install a switch in the networking closet on the second floor, connecting to the cables coming from the first-floor closet and then to the cables on the second-floor patch panel. This will act as a repeater to boost the signal strength over the Cat5e cable, effectively resetting the cable length to 0 meters before leaving the closet. While a repeater may be a good option, a switch is more effective in this case since there are so many cables, and repeaters usually only work for an individual cable. A hub would similarly work but would introduce a signal collision domain for all 24 computers. This would drastically decrease the performance of the network. Finally, we don't want to include a switch in each office, as this is a bad security practice and an inefficient use of resources. It is easier to manage and administer a single, centralized switch in the network closet.

Answer 41

B.Duplicate IP (Internet Protocol) addresses OBJ-5.5: A duplicate IP address occurs when two or more devices have been assigned the same IP address, either dynamically by the DHCP server or statically by a network administrator. This is a common symptom observed when there are two DHCP servers on the network, such as an authorized DHCP server and a rogue DHCP server. A duplicate MAC address occurs when two or more devices are responding to data requests as if they are the only device on the network with that physical address. One indication of this occurring is when a switch continually changes the port assignments for that address as it updates its content-addressable memory (CAM) table to reflect the physical address and switchport bindings. A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment. Multicast flooding occurs because no specific host is associated with the multicast MAC address in the content-addressable memory (CAM) table of a switch.

Answer 42

C.MAC (Media Access Control) Filtering OBJ-4.3: MAC Filtering will control access to the network by restricting access to only certain devices. MAC address filtering allows you to block traffic coming from certain known machines or devices. The router uses the MAC address of a computer or device on the network to identify it and block or permit access. Traffic coming in from a specified MAC address will be filtered depending upon the policy. In this scenario, you should implement an allow list that only allows approved MAC addresses to connect to and communicate over the wireless network.

Answer 43

B.Split-horizon is misconfigured OBJ-5.5: Split horizon is a method used by distance vector protocols to prevent network routing loops. With split horizon, if a router receives routing information from another router, the first router will not broadcast that information back to the second router, thus preventing routing loops from occurring. If it is misconfigured, the routers could suffer a routing loop which would produce the error message received when trying to communicate with each other. The other options would not cause a communication error between the three internal routers when testing the connectivity using their IP addresses. A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network and maps a domain name to an IP address. Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Answer 44

A.10.10.10.255 OBJ-1.4: In classless subnets using variable-length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /25, so each subnet will contain 128 IP addresses. Since the IP address provided is 10.10.10.200, the broadcast address will be 10.10.10.255.

Answer 45

D.Conduct a baseline review OBJ-3.1: John should conduct a baseline review to compare the statistics he collected against the previous baseline. He can then use this information further to investigate the drop in the server's performance. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.

Answer 46

A.25 (Simple Mail Transfer Protocol - TCP) OBJ-1.5: The Simple Mail Transfer Protocol (SMTP) uses port 25 and is an internet standard communication protocol for electronic mail transmission. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system.

Answer 47

B.Ensure port 53 is enabled on the firewall OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. When a client wants to access a website, it will make a request to the DNS server over port 53 to translate the domain name to its corresponding IP address. Since the technician is only able to access the servers using their IP addresses, this validates that the connectivity is functioning correctly but the DNS process is failing. The most likely reason for this is that port 53 is blocked at the firewall and is preventing the client from sending their requests to the DNS server. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The nslookup command will still need to communicate with a DNS server over port 53, though, to perform these lookups. The ping command is used to test whether a given target is reachable across an IP network by sending an ICMP Echo Request packet and receiving an ICMP Echo Reply. Since the technician successfully used ping to communicate with the server using their IP addresses, this indicates that ICMP is not blocked by the firewall. The HOST file is a text file containing domain names and IP addresses. The HOST file works like a local DNS lookup, but the technician would have to enter the domain name and IP for every website a user might want to access, making this an unacceptable option to solve this issue for the long term.

Answer 48

A.Hub OBJ-1.1: A hub is a layer 1 device and operates at the physical layer. Cables, hubs, repeaters, and wireless access points are all examples of layer 1, or physical layer, devices. The Physical Layer defines electrical and physical specifications for devices. The physical layer defines the relationship between a device and a transmission medium, such as a copper or optical cable. A Bridge is a layer 2 device. A switch is a layer 3 device. A firewall is a layer 3 through layer 7 device, depending on the type of firewall.

Answer 49

D.Remote access policy OBJ-3.2: A remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network. A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A data loss prevention policy is a document that defines how organizations can share and protect data. It guides how data can be used in decision-making without it being exposed to anyone who should not have access to it. The goal of a data loss prevention policy is to minimize accidental or malicious data loss.

Answer 50

B.Conduct real-time monitoring of the phone's activity and usage OBJ-3.1: While all four are good options, the BEST solution is to conduct real-time monitoring of the phone's activity since it is a technical control that could quickly identify an issue. The other options are all administrative controls (policies), which are useful but would not actually identify if the sensitive data was leaked from Jason's phone.

Answer 51

B.Rogue DHCP (Dynamic Host Configuration Protocol) server OBJ-5.5: Routers usually contain their own DHCP servers. When the sales manager installed the wired router, he inadvertently introduced a secondary DHCP server into the network. This could cause the same IP addresses to be assigned to two different workstations, resulting in connectivity issues for those workstations. Had the sales manager installed a simple hub or switch, this would not have caused any issues. Because this is a wired router, it cannot be an evil twin since evil twins are wireless access points. We have no indications of a VLAN mismatch since this would only affect the workstations connected to this router. Similarly, we have no indications of a network loop, so this network might already be implementing STP to prevent them. Remember, always ask yourself, "what changed recently that might have caused this issue?" In this case, it was the new router added this morning by the sales manager.

Answer 52

D.AUP (Acceptable Use Policy) OBJ-3.2: An acceptable use policy (AUP), acceptable usage policy, or fair use policy is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. In this scenario, this is the most appropriate policy to utilize. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share for certain purposes, but wish to restrict access to. A service level agreement (SLA) is a commitment between a service provider and a client for particular aspects of the service, such as quality, availability, or responsibilities.

Answer 53

D.Verify system functionality OBJ-5.1: The next step would be to "verify full system functionality and, if applicable, implement preventive measures" since you just finished the "implement a solution or escalate as necessary" step. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

Answer 54

C.205.12.35.0 OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /27, so each subnet will contain 32 IP addresses. This means that there eight networks in this class C range: 205.12.35.0, 205.12.35.32, 205.12.35.64, 205.12.35.96, 205.12.35.128, 205.12.35.160, 205.12.35.196, and 205.12.35.224. Since the IP address provided is 205.12.35.26, it will be in the 205.12.35.0/27 network.

Answer 55

B.Verify the cable is connected to eth 0/0 OBJ-5.5: The key to answering this question is the first line of the output that states the line protocol is down. This means that the specified interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the switchport. The line protocol being down indicates a clocking or framing problem on the connection, and the most common reason for this is a cable that is not properly connected. If “Fast Ethernet 0/0 is administratively down”, this would have indicated that the switchport was manually shut down using the shutdown command by a network administrator and would need to be reenabled. But, since “Fast Ethernet 0/0 is up”, this indicates the interface was already enabled for eth 0/0. The IP address is currently set to 10.20.30.40/25 which is a private IP address in a classless subnet range. As long as the default gateway is an IP between 10.20.30.0 and 10.20.30.127, though, there is nothing wrong with using this IP address. Without knowing the default gateway, we cannot identify the IP address as the issue. The “loopback is not set” indicates that the interface is not in diagnostic mode and should be properly sending traffic instead of sending it to a loopback address or port.

Answer 56

A.PTR (PoinTer Record) OBJ-1.6: There are several types of DNS records, including A, AAAA, CNAME, PTR, SVR, and TXT. PTR records are used for the Reverse DNS (Domain Name System) lookup. Using the IP address, you can get the associated domain/hostname. An A record should exist for every PTR record. Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.

Answer 57

D.netstat OBJ-5.3: Netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (incoming and outgoing), routing tables, and several network interface and network protocol statistics. It is useful when determining if a workstation is attempting outbound connections due to malware (beaconing activity) or has ports open and listening for inbound connections. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.

Answer 58

B.Loopback OBJ-1.4: In IPv6, ::1 is the loopback address. In IPv4, the loopback address is 127.0.0.1. The loopback address is used to send a test signal sent to a network destination to diagnose problems. A broadcast address is an IP address that is used to target all systems on a specific subnet network instead of single hosts. A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service. The address shown is not a broadcast or multicast address. A public address is routable over the internet but ::1 is a loopback address and therefore not publicly routable on the internet.

Answer 59

D.Screened subnet OBJ-4.1: A triple-homed firewall connects to three networks internal (private), external (internet/public), and a screened subnet (formerly called a demilitarized zone or DMZ). The screened subnet is used to host systems that require access from external hosts. Data zones describe the state and location of data to help isolate and protect it from unauthorized/inappropriate use-for example, as data transitions from raw storage, processing, production, and analytical use. Data zones are associated with data lakes and designed to help manage big data used by analysts and scientists for data exploration and discovery tasks. An availability zone is an individual data center within a region of a cloud service provider's network. A staging environment is a pre-production enclave used for testing and development.

Answer 60

A.CVE (Common Vulnerabilities and Exposures system) OBJ-4.1: Common Vulnerabilities and Exposures (CVE) is an element of the Security Content Automation Protocol (SCAP) that provides a standard nomenclature for describing security flaws or vulnerabilities. A SIEM is a solution that provides a real-time or near-real-time analysis of security alerts generated by network hardware and applications. A VPC is a private network segment made available to a single cloud consumer on a public cloud. The Sarbanes-Oxley Act (SOX) dictates requirements for storing and retaining documents relating to an organization's financial and business operations, including the type of documents stored and their retention periods.

Answer 61

B.Wi-Fi (Wireless Fidelity; IEEE 802.11) OBJ-2.4: Wi-Fi is the best solution to meet this organization's needs. 802.11ac is a very fast high-speed Wi-Fi network capable of 1 Gbps speeds over a 5 GHz spectrum and is perfect for uploading large image files quickly over a wireless local area network. Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. While the warehouse might want to also utilize RFID to allow for the accurate scanning of items using radio frequency tracking tags, RFID cannot upload large images of the items to the centralized server since it is limited to 2 KB of data per RFID tag. Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz and building personal area networks. Bluetooth would not allow the worker to have full coverage throughout the warehouse due to the short distance requirement between a transmitter and receiver. Near-Field Communication (NFC) is a set of communication protocols for communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection with a simple setup that can be used to bootstrap more capable wireless connections.

Answer 62

A.Wavelength mismatch OBJ-5.2: Wavelength mismatch occurs when two different transceivers are used at each end of the cable. For example, if one SFP uses a 1310nm transceiver and the other end uses a 850 nm transceiver, they will be unable to communicate properly and the link will remain down. A duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half-duplex while the other one operates in full-duplex. The effect of a duplex mismatch is a link that operates inefficiently. All networking cables have a limited supported distance. For example, copper cables must be less than 100 meters. Single-mode fiber cables can be up to 40 kilometers, therefore the issue is not a distance limitation in this scenario. The link is established before an IP address is assigned by DHCP. In this scenario, the link is not being established, therefore it cannot be a wrong IP address being assigned to the interfaces.

Answer 63

C.Performance optimization OBJ-4.1: Voice over Internet Protocol (VoIP) performance optimization can help a business improve the quality of its video and audio communications over the Internet by decreasing the size of the broadcast domain through the creation of VLANs. Each VLAN can contain the VoIP devices for a single department or business unit, and traffic is routed between the VLANs using layer 3 multilayer switches to increase the performance of the voice communication systems. Performance optimization helps companies bolster the availability, accessibility, security, and overall performance of their networks. Compliance enforcement involves dividing up one network into smaller sections to better control the flow of traffic across the network and to restrict confidential data to a specific network segment based on a specific regulation or contractual requirement, such as PCI DSS segmentation requirements. A honeynet is an intentionally vulnerable network segment that is used to observe and investigate the attack techniques of a hacker or adversary. Separate public/private networking involves segmenting the network into two portions: public and private. This is often used in cloud architectures to protect private data.

Answer 64

A.Rollover OBJ-5.2: Typically, a router or switch's console port is connected using a rollover cable, which has an RS-232 (DB-9) port on one side and an RJ-45 on the other. A rollover or console cable is a type of null-modem cable that is used to connect a computer terminal to a router's console port. An RG-6 cable is a coaxial cable used to connect to a cable modem or television. An Ethernet crossover cable is a network cable used to connect two Ethernet network devices directly, such as two computers without a switch or router in between. A straight-through cable is a type of twisted pair cable that is used in local area networks to connect a computer to a network switch.

Answer 65

D.NAT (Network Address Translation) has not been configured on the border firewall OBJ-5.5: The most likely cause is that the NAT has not been properly configured on the border firewall. This would cause the internal network users to access the web servers still (since internal traffic doesn't have to transit the firewall), but would still prevent Internet users from accessing the webserver. The subnet mask provided of 255.255.254.0 represents a /23 CIDR network, therefore the IP and the gateway are on the same subnet and the gateway is not the issue. The layer 3 switch cannot be the issue either, because if it blocked port 80 then the internal users would have been blocked, too. The web server does not need to access the DNS server, since the webserver is the target being accessed and not the system initiating the connection.

Answer 66

B.DMZ (DeMilitarized Zone) OBJ-4.1: A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing (public-facing) services to an untrusted, usually larger, network such as the Internet. A DMZ is a type of screen subnet. A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet. Virtual Network Computing is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol to remotely control another computer by transmitting the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network. Since Alexander wants to install two public-facing web servers on his network, he should place them in the DMZ.

Jason Dion - CompTIA Network+ N10-008 Exam Prep #0 Flashcards

(90 cards)