Jason Dion - CompTIA Network+ N10-008 Exam Prep #2 Flashcards

Question

A disgruntled employee executes an on-path attack on the company's network. Layer 2 traffic destined for the gateway is now being redirected to the employee’s computer. What type of attack is this an example of? A.ARP (Address Resolution Protocol) Spoofing B.Evil twin C.Reflective DNS (Domain Name System) D.IP (Internet Protocol) spoofing

Answer 1

A.ARP (Address Resolution Protocol) Spoofing OBJ-4.2: ARP spoofing (also known as ARP poisoning) is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer, server, or gateway on the network. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user's knowledge. IP spoofing is the creation of Internet Protocol (IP) packets that have a modified source address to either hide the identity of the sender, impersonate another computer system, or both.

Answer 2

B.Community cloud OBJ-1.8: Community Cloud is another type of cloud computing in which the cloud setup is shared manually among different organizations that belong to the same community or area. A multi-tenant setup is developed using the cloud among different organizations belonging to a particular community or group with similar computing concerns. For joint business organizations, ventures, research organizations, and tenders, a community cloud is an appropriate solution. Based on the description of 15 member banks coming together to create the CloudBank organization and its cloud computing environment, a community cloud model is most likely described. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A private cloud contains services offered either over the Internet or a private internal network and only to select users instead of the general public. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud.

Answer 3

D.DNS (Domain Name System; phone book of the internet) poisoning OBJ-4.2: DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver's cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server. VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer, server, or gateway on the network. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.

Answer 4

A.Configure a UTM (Unified Threat Management) device OBJ-2.1: Since this is a branch office and you want to protect it from as many threats as possible, using a Unified Threat Management (UTM) device would be best. A UTM will protect you from most things using a single device. A network-based firewall would provide basic protection, but a UTM will include anti-virus and other protections beyond just a firewall's capabilities. Host-based firewalls are great, but the network-based firewall or UTM device is configured to protect all devices on a network whereas a host-based firewall only protects the single host device. A network-based intrusion detection system (NIDS) can detect threats, but it cannot stop or prevent them.

Answer 5

D.Bandwidth OBJ-3.2: Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance. Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients.

Answer 6

D.Submit a change request OBJ-3.2: A change request should be submitted through the change management process prior to any changes being made. Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies.

Answer 7

A.Pre-action system OBJ-3.3: A fire suppression system is an engineered set of components that are designed to extinguish an accidental fire in a workplace or datacenter. A pre-action system minimizes the risk of accidental release from a wet pipe system. With a pre-action system, both a detector actuation like a smoke detector and a sprinkler must be tripped prior to water being released. A wet pipe system is the most basic type of fire suppression system, and it involved using a sprinkler system and pipes that always contain water in the pipes. Special suppression systems, like a clean agent system, use either a halocarbon agent or inert gas. When releases, the agents will displace the oxygen in the room with the inert gas and suffocates the fire. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter.

Answer 8

C.NetFlow analyzer OBJ-5.3: A NetFlow analyzer is used to perform monitoring, troubleshooting, inspection, interpretation, and synthesis of network traffic flow data. A NetFlow analyzer can help you quickly identify traffic patterns and the different applications/protocols in use on the network. A terminal emulator is used by a network administrator to make a given computer appear like an actual terminal or client computer networked to a server or mainframe. An IP scanner is used to monitor a network's IP address space in real-time and identify any devices connected to the network. A spectrum analyzer is used to measure the magnitude of an input signal's frequency.

Answer 9

D.Verbose trap OBJ-3.1: The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. A verbose trap may contain all the information about a given alert or event as its payload. A granular trap contains a unique object identifier (OID) number and a value for that OID. A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network. A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol. The management information base (MIB) is a translation file that is used to describe the structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers (OID).

Answer 10

D.Anycast OBJ-1.4: An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the “nearest” interface having that address, according to the router’s routing table. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. Multicast can be used with both IPv4 and IPv6. Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.

Answer 11

B.A host-based firewall on the user's computer is blocking port 3306 OBJ-5.5: MySQL uses ports 3306, and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Since the network technician can pin the MySQL server, it indicates that the route is not missing, the database server is configured with the proper gateway, and the network interface card is not defective. Instead, it is likely that the end user's computer has a host-based firewall installed, like Windows Defender, and it is blocking outbound requests over port 3306 (MySQL). A change in the firewall settings to allow access to the specified ports will fix the problem. It appears the default firewall on this new computer is blocking the port used to communicate with the database server.

Answer 12

A.DNS (Domain Name System; phone book of the internet) server OBJ-5.5: The DNS Server translates Fully Qualified Domain Names (FQDN) to IP addresses. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. A WINS server is a Microsoft Windows-based server running the Windows Internet Name Service (WINS) that can accept NetBIOS name registrations and queries. WINS servers maintain a database of NetBIOS name to IP address mappings for WINS clients on the network and speed up NetBIOS name resolution by eliminating broadcasts. Since the technician can ping the server using its hostname, the WINS server is working properly. Since the technician cannot ping the server using its fully qualified domain name (FQDN), the DNS server is likely offline.

Answer 13

D.Only allow listed MAC addresses can connect to the network OBJ-4.3: Allow lists specify MAC addresses as a security measure implemented by the administrator to only grant access to a specific user. It avoids a person with malicious intentions to access the corporate network. Since the router has a different MAC address, it is blocked from connecting to the wired network. Allow listed MAC addresses can be implemented automatically using different forms of port security on a network switch.

Answer 14

B.Change AP2's Channel from 1 to 6 D.Change AP2's Mode from B to G F. Change AP2 from Auto/Auto to 100/Full OBJ-5.4: By comparing the configurations on the three different APs, we can see that AP1 and AP3 are set on channels 1 and 11, but AP2 is set to channel 1. This will cause interference between AP1 and AP2 since they are both on the same channel and can have overlapping coverage zones based on the floorplan of this office. Therefore, you should change AP2 to channel 6 to avoid interference. Also, AP1 and AP3 are using Wireless G (which supports 54 Mbps), but AP2 is set to Wireless B (which only supports 11 Mbps). This is causing the performance issue and lower speeds for the wireless users, so AP2 should be set to Wireless G to match the rest of the network. Finally, AP2 is set to Auto/Auto, but AP1 and AP3 are set to 100/Full. For best performance, AP2 should be set to 100/Full to match AP1 and AP3. AP2 has likely been unable to properly negotiate its switch port speed, so by setting it to 100/Full you can ensure the fastest possible connection between the switch port and AP2.

Answer 15

A.OTDR (Optical Time Domain Reflectometer) OBJ-5.2: An Optical Time Domain Reflectometer (OTDR) is used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR can identify if a fiber cable is broken and provide an approximate location for the break in meters or feet. A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located. A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A tone generator is used with copper cables, not fiber optic cables. A media converter is a layer 1 networking device that connects two different media types, such as a copper twisted pair cable and a fiber optic cable.

Answer 16

D.5060/5061 OBJ-1.5: Session Initiation Protocol (SIP) uses ports 5060 and 5061, and is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications. The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. HTTPS, the secured version of HTTP, uses port 443. The Lightweight Directory Access Protocol (LDAP) uses port 389 and is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. LDAPS, the secured version of LDAP, uses port 636. Server Message Block (SMB) uses ports 139 and 445 and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments

Answer 17

A.NAC (Network Access Control) OBJ-4.1: Network Access Control is an approach to computer security that attempts to unify endpoint security technology, user or system authentication, and network security enforcement. Effective network access control restricts access to only those devices that are authorized and compliant with security policies, meaning they have all the required security patches and anti-intrusion software. When a device connects to the network, it is placed into a automated testing area. If it passes the compliance testing, it is placed into the full corporate network. If it fails the compliance testing, it is placed into quarantine where it remains until it has been remediated or upgraded to meet the compliance requirements. A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. A pre-shared key is used to encrypt data traversing over a WEP, WPA, or WPA2 wireless network. A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet.

Answer 18

C.Dynamic ARP (Address Resolution Protocol) Inspection OBJ-4.3: Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). Port mirroring, ARP inspection, and VLANs do not add any redundancy to the network. DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure. When DHCP servers are allocating IP addresses to the LAN clients, DHCP snooping can be configured on LAN switches to prevent malicious or malformed DHCP traffic or rogue DHCP servers. The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform.

Answer 19

A.Establish a theory of probable cause OBJ-5.1: The scenario described in the question is best classified as "identify the problem", so the next step would be to "establish a theory of probable cause". The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

Answer 20

B.Patch cable OBJ-5.2: This is a patch cable (also known as a straight-through cable), as indicated by the matching of the Tx and Rx pins (pins 1, 2, 3, and 6) on both sides of the cable. Additionally, you may have noticed that there is an open on this cable on pin 4 since it is not sending a signal from pin 4 to pin 4 in the diagram. A crossover cable would have pins crossing from one side to the other, such as pin 1 going to pin 6. A rollover cable has opposite pin assignments on each end of the cable, such as pin 1 going to pin 8, pin 2 going to pin 7, etc. An RG-6 cable only has one internal copper wire, not 8 as shown in this diagram for a twisted-pair copper cable.

Answer 21

B.Multimeter OBJ-5.2: A multimeter is a measuring instrument that can measure the voltage, resistance, and amperage of a cable or conduit. To test this cable, you should set the multimeter to resistance and connect one of the multimeter's leads to each end of the coaxial cable to determine the resistance as measured in ohms. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A cable certifier is used to test the continuity of a cable and verify that a cable meets its specifications such as the bandwidth, frequency, and length. A spectrum analyzer is used to measure the magnitude of an input signal's frequency.

Answer 22

A.Provide end-user awareness training for office staff OBJ-4.5: An enterprise network's end users are the most vulnerable attack vector. Studies have shown that an investment in end-user cybersecurity awareness training has the best return on investment of any risk mitigation strategy. While all of the options presented are valid security mitigations, only end-user awareness training mitigates the biggest network vulnerability we have: our users.

Answer 23

A.802.1q OBJ-2.3: 802.1Q is the networking standard that supports virtual LANs on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that results from them. STP is defined in the IEEE 802.1d standard.

Answer 24

B.Penetration testing OBJ-4.1: Penetration testing or pentesting is the practice of testing a computer system, network, or web application in order to find vulnerabilities that an attacker could exploit. It can be used to ensure all security controls are properly configured and in place. Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. Testing AAA might be a part of a larger penetration test, but by itself it would not test the firewalls and patch management systems sufficiently. A disaster recovery test (DR test) is the examination of each step in a disaster recovery plan as outlined in an organization's business continuity/disaster recovery planning process. A disaster recovery test would not test the firewalls, patch management, or security policies. A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire system from working. A single point of failure test is used to identify a single point of failure in the network or system, and it is not designed to test the network's firewalls, patch management, or security policies.

Answer 25

D.Backup the current configuration for each switch OBJ-4.3: A preventive method is always to back up the current configuration to the NVRAM (SW# copy run start) in case the newly downloaded operating system doesn't work properly. This would allow the technician to restore the switch from the previous backup. It is a good idea to install the operating system during non-business hours, as well, but you should first always make a backup of the current configuration.

Answer 26

A.Time-division multiplexing OBJ-1.2: Time-division multiplexing allows for two or more signals or bitstreams to be transferred in what appears to be simultaneous sub-channels in one communication channel but is physically taking turns on the channel. This is the technology used in a single PRI (ISDN or T-1) service to essentially share a single cable but pass multiple voice calls over it. Analog circuit switching is used by telephone providers on the Public Switched Telephone Network (PSTN), not with ISDN or T-1 connections. Time-division spread spectrum is not a real thing, spread spectrum is used in Wi-Fi, but it is based on frequency and not time. CSMA/CD is the carrier sense multiple access collision detection that is used for ethernet access at layer 2 of the OSI model. CSMA/CD is not used with ISDN or T-1 connections.

Answer 27

B.Remove the ARP entry on the user's workstation OBJ-5.1: Based on the network troubleshooting methodology, you should try to test your theory to determine the cause once you have established a theory of probable cause. In this scenario, the technician has a theory that the static ARP entry is the cause of the problem. Since this issue has already caused the workstation not to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn't fix the issue, you would need to develop a new hypothesis to test. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

Answer 28

C.Distributed DoS (Denial of Service) OBJ-4.2: A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to the Internet. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. Session hijacking, also known as TCP session hijacking, is a method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user's knowledge.

Answer 29

C.The cable is a straight-through cable OBJ-2.3: There are two types of cable, Straight-through and Crossover. In this instance, a crossover cable would need to be used to communicate with legacy switches since they won't support MDIX. A medium dependent interface crossover (MDIX) is a version of the medium dependent interface (MDI) enabling a connection between corresponding devices, such as a switch to another switch. If the switch doesn't MDIX, then you must use a crossover cable to connect them. Bend radius cannot be the correct answer to this question since copper cables are being used and not fiber cables. Bend radius is a concern when using fiber cables as it leads to increase reflections and a decrease in signal strength. An RJ-11 connector only has 6 pins and is smaller than an RJ-45 connector. The technician would visually be able to see the difference as the RJ-11 connector would not fit properly in the switchports.

Answer 30

B.802.1x OBJ-2.3: The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af.

Answer 31

C.Packet sniffer OBJ-5.3: Packet Sniffers can capture and analyze network user traffic. This information can be queried to view website addresses, contents, and sometimes even password information. This differs from an intrusion detection system in that IDS’s wait to receive implicitly malicious data in a network before logging the event.

Answer 32

B.NDA (Non-Disclosure Agreement) OBJ-3.2: A non-disclosure agreement (NDA) is a documented agreement between two parties that define what data is considered confidential and cannot be shared outside of that relationship. An NDA is used to protect an organization’s intellectual property. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is a non-binding agreement between two or more organizations to detail what common actions they intend to take. A service level agreement (SLA) is a documented commitment between a service provider and a client, where the quality, availability, and responsibilities are agreed upon by both parties.

Answer 33

D.Control layer OBJ-1.7: The control layer is used in software-defined networking (SDN), not the three-tiered data center network architecture. The Core Layer is considered the backbone of our network and is used to merge geographically separated networks back into one logical and cohesive unit. In general, you will have at least two routers at the core level, operating in a redundant configuration. The distribution or aggregation layer is located under the core layer and it provides boundary definition by implementing access lists and filters to define the policies for the network at large. The access or edge layer is located beneath the distribution or aggregation layer and is used to connect all the endpoint devices like computers, laptops, servers, printers, wireless access points, and others.

Answer 34

B.Site survey report OBJ-3.2: A wireless site survey report will usually take the form of a floorplan with a color-coded series of rings on it to show the signal strengths of wireless network signals in various locations. This is often referred to as a "heat map" by technicians. The technician performing the survey will document this information and use it as a tool during troubleshooting and optimization efforts concerning the wireless coverage in a specific office or building. A logical network diagram illustrates the flow of information through a network and shows how devices communicate with each other. It typically includes elements like subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments. Network baselining is the act of measuring and rating the performance of a network in real-time situations. Providing a network baseline requires testing and reporting of the physical connectivity, normal network utilization, protocol usage, peak network utilization, and average throughput of the network usage. A network audit entails collecting data, identifying threats and areas of weakness, and compiling a formal audit report. This report is then sent on to network administrators and other relevant parties.

Answer 35

D.Ransomware OBJ-4.2: Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. By contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug. Malware includes viruses, worms, logic bombs, and many other malicious types of code. Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.

Answer 36

B.Baseline OBJ-3.1: While all of the network artifacts, such as logs, pcap files, and NetFlow data, are useful, the general terms for the historical network performance data is a baseline. A baseline may be created from these other types of data, but the baseline is the MOST correct answer based on the question. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.

Answer 37

C.OSPF (Open Shortest Path First) OBJ-2.2: Only OSPF supports IPv4 and VLSM (Variable Length Subnet Mask) from the options provided in this question. Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP). VRRP, RIPv1, and HSRP do not support VLSM. The Virtual Router Redundancy Protocol is a computer networking protocol that provides for automatic assignment of available Internet Protocol routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. The Hot Standby Router Protocol is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway. The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from source to destination. While RIPv1 does not support VLSM, RIPv2 does support VLSM but was not an option in this question.

Answer 38

C.Implement NAC (Network Access Control) OBJ-4.3: Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access. Network Access Control can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. In this scenario, implementing NAC can identify which machines are known and trusted Dion Training assets and provide them with access to the secure internal network. NAC could also determine unknown machines (assumed to be those of CompTIA employees) and provide them with direct internet access only by placing them onto a guest network or VLAN. While MAC filtering could be used to allow or deny access to the network, it cannot by itself control which set of network resources could be utilized from a single ethernet port. A security information and event management (SIEM) system provides real-time analysis of security alerts generated by applications and network hardware. An access control list could define what ports, protocols, or IP addresses the ethernet port could be utilized. Still, it would be unable to distinguish between a Dion Training employee's laptop and a CompTIA employee's laptop like a NAC implementation could.

Answer 39

B.Unidirectional OBJ-2.4: Directional antennas broadcast radio frequencies in a single direction (unidirectional) or two directions (bidirectional) to create a zone or area of coverage. Unidirectional antennas focus the broadcast signal in a single direction instead of all directions, focusing the transmission and making the signal stronger. A specific type of unidirectional antenna is known as a Yagi antenna. Omnidirectional antennas broadcast radio frequencies in all directions creating a large sphere of coverage. The antenna has the capability to send and receive signals in a circumference around the antenna. A patch antenna is a type of antenna with a low profile that can be mounted on a surface. A patch antenna can be omnidirectional, bidirectional, or unidirectional, therefore it is not the best answer to this question and unidirectional should be chosen instead.

Answer 40

D.The wireless access point is experiencing RF (Radio Frequency) interference OBJ-5.4: If interference in the wireless spectrum occurs, more retransmissions will be needed (and thereby slowing speeds experienced and increasing latency). A high signal-to-noise ratio is a good thing on wireless networks and leads to faster speeds and lower retransmissions. The fiber connection itself is only used for the WAN connection, therefore you can use wired or wireless infrastructure for your internal LAN and connect the LAN to the WAN connection at the router. The wireless network is already getting throughputs of 300 Mbps, so it must be using 802.11n, 802.11ac, or 802.11ax for its wireless access points. If you switched to 802.11g, you would slow down the wireless network more since it has a maximum throughput of 54 Mbps.

Answer 41

A.443 OBJ-1.5: Web-based attacks would likely appear on port 80 (HTTP) or port 443 (HTTPS). An attack against Active Directory is likely to be observed on port 389 LDAP. An attack on an FTP server is likely to be observed on port 21 (FTP). An attack using the remote desktop protocol would be observed on port 3389 (RDP).

Answer 42

B.Proper labeling OBJ-3.2: You should always use proper labeling of your cables, wall jacks, and patch panels to make it easy to locate which switchport is associated with each portion of the cable distribution plant. Ensuring everything is properly labeled will help when you need to troubleshoot a network connection in your interior cable distribution plant. A standard procedure is a set of step-by-step instructions compiled by an organization to help workers carry out routine operations. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. Inventory management refers to the process of ordering, storing, and using a company's inventory.

Answer 43

B.Router OBJ-1.1: A router is a layer 3 device. A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. Routers make the Internet work by forwarding data using a unified addressing system. In our TCP/IP networks, routers forward their traffic based upon the IP address of the packets. A hub and repeater are both layer 1 devices (physical layer). A bridge is a layer 2 device (data link layer).

Answer 44

A.Reservations OBJ-1.6: The DHCP must provide an IP address, subnet mask, default gateway, and DNS server to each client to effectively access the Internet. Using DHCP reservations is not required to be configured to meet the requirements provided in the question. DHCP reservations allow the DHCP server to pre-set an IP address to a specific client based on its MAC address. This ensures that the client will always get the same IP address from the DHCP server when it connects to the network. DHCP reservations are usually used with servers or printers on your internal network and are rarely used with end-user or client devices.

Answer 45

B.TKIP (Temporal Key Integrity Protocol) OBJ-2.4: Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.

Answer 46

C.nslookup OBJ-5.3: The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The telnet command is used to open a command-line interface on a remote computer or server. Telnet operates in plain text mode and should never be used over an untrusted or public network.

Answer 47

D.Physical OBJ-1.1: Ping requests occur at layer 3 (Network Layer). Therefore, the problem could exist in layer 1 (physical), layer 2 (data link), or layer 3 (network). Since Physical (layer 1) is the only choice from layers 1-3 given, it must be the correct answer. Also, since the gateway cannot reach any of the other devices on the network, it is most likely a cable (physical) issue between the gateway and the network switch.

Answer 48

D.LACP ( Link Aggregation Control Protocol) OBJ-2.3: The Link Aggregation Control Protocol (LACP) is the 802.3ad protocol is used to group numerous physical ports to make one high bandwidth path. This method can increase bandwidth and therefore, throughput. LACP can also provide network redundancy and load balancing. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. A Bridge Protocol Data Unit (BPDU) is used by STP to prevent the bridge loops. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

Answer 49

C.Spectrum analyzer OBJ-5.2: A spectrum analyzer is used to measure the magnitude of an input signal's frequency. A WiFi analyzer is used to gather information about the available wireless networks, troubleshoot wireless networking issues, ensure optimal router placement, and identify existing coverage areas. A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A tone generator is used with copper cables, not fiber optic cables. A time-domain reflectometer (TDR) is used to determine the characteristics of electrical lines by observing reflected waveforms to characterize and locate faults in copper cables.

Answer 50

C.On-path attack OBJ-4.2: An on-path attack (previously known as a man-in-the-middle attack) is a general term when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or impersonate one of the parties, making it appear as if a normal exchange of information is occurring. For example, if your user and server are both in the United States (English language), but the attacker is performing the on-path attack from Russia, then the server will utilize the Russian language in the text since it sees the connection coming from a Russian IP address. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point by sending a deauthentication frame to the victim's machine.

Answer 51

C.Frequency mismatch OBJ-2.4: 802.11a operates in the 5 GHz band, while 802.11g operates in the 2.4 GHz band. Therefore, 802.11a devices will be unable to communicate with 802.11b or 802.11g access points. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. The 2.4 GHz frequency band is used by 802.11b, 802.11g, and 802.11n. The 5 GHz frequency band is used by 802.11a, 802.11n, 802.11ac, and 802.11ax. The 6 GHz frequency band is used by Wi-Fi 6E under the 802.11ax standard.

Answer 52

C.Ensure patches are deployed OBJ-4.3: A patch is designed to correct a known bug or fix a known vulnerability. Since the server is allowing an attacker to read TLS traffic, which should be encrypted and unreadable, this is a software bug in the webserver's code that must be fixed using a patch. An intrusion detection system is a device or software application that monitors and reports on any malicious activity or policy violations on a network or system. An IDS would not mitigate or stop the attacker from reading the TLS traffic, it would only report that it is occurring. A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules to establish a barrier between a trusted and untrusted network. If you configured the firewall to block traffic on port 443 (HTTPS/SSL/TLS), it would block all of the webserver's legitimate users, as well. A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A VPN would not stop an attacker from being able to read the TLS traffic from the webserver.

Answer 53

D.201.58.12.255 OBJ-1.4: In classless subnets using variable-length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /28, so each subnet will contain 16 IP addresses. Since the IP address provided is 201.58.12.245, the broadcast address will be 201.58.12.255.

Answer 54

B.Firewall OBJ-2.1: A firewall is considered a perimeter security device. It should be installed at the perimeter or boundary of a network to provide maximum security. Switches, bridges, and wireless access points are all considered internal network devices and should not be installed at the network's outermost perimeter.

Answer 55

D.0 OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Answer 56

C.User training and awareness OBJ-4.5: An enterprise network's end users are the most vulnerable attack vector. Studies have shown that an investment in end-user cybersecurity awareness training has the best return on investment of any risk mitigation strategy. While a penetration test might detect various threats and vulnerabilities in your network, it does not prevent them from occurring. Disaster recovery planning creates a disaster recovery plan, which is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. Business continuity training will teach employees what to do in the case of a business continuity plan execution. A business continuity plan defines how an organization will continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident. Only end-user awareness training mitigates the biggest network vulnerability we have: our users.

Answer 57

B.1521 OBJ-1.5: SQLnet uses ports 1521, and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Microsoft SQL uses ports 1433 and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Answer 58

D.ICMP (Internet Control Message Protocol) traffic being blocked by the firewall OBJ-5.3: Many companies block ICMP at the firewall, causing ping to fail since it relies on ICMP. If the user can access the site in the web browser but cannot when using ping, then ICMP is most likely being blocked by the firewall. Jumbo frames are any frames larger than 1500 bytes, which is the default MTU size on most networks. VLANs are logical segments of the local area network. TACACS+ is used for remote authentication.

Answer 59

D.OID (Object IDentifier) OBJ-3.1: The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol. The management information base (MIB) is a translation file that is used to describe the structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers (OID). A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. A granular trap contains a unique object identifier (OID) number and a value for that OID. A verbose trap may contain all the information about a given alert or event as its payload. A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network.

Answer 60

C.Layer 3 switch OBJ-2.1: A layer 3 switch is the best option because, in addition to its capability of broadcast traffic reduction, it provides fault isolation and simplified security management. This is achieved through the use of IP address information to make routing decisions when managing traffic between LANs. Multicast and unicast are layer 3 messaging flows, so you need a router or layer 3 switch to route them across the network. A smart hub is a layer 1 device. A proxy server operates at layer 4, but would still require a router or layer 3 switch to route the traffic.

Answer 61

A.Router OBJ-2.1: A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain. A hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub operates at the physical layer (Layer 1) of the OSI model. All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A bridge is networking hardware that forwards traffic between network segments at the data link layer (Layer 2) of the OSI model using MAC addresses. Each switchport on a bridge is a separate collision domain, but all switchports are in a common broadcast domain.

Answer 62

D.MTBF (Mean Time Between Failures) OBJ-3.3: The mean time between failures (MTBF) measures the average time between when failures occur on a device. The mean time to repair (MTTR) measures the average time it takes to repair a network device when it breaks. The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in continuity. The recovery point objective (RPO) is the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or tolerance.

Answer 63

A.Coaxial to ethernet OBJ-1.3: A media converter is a Layer 1 device that changes one type of physical network connection to another. In this case, we are converting coaxial (RG-6) cable to Cat 6a (ethernet) cable.

Answer 64

B.A stateful network-based firewall OBJ-2.1: A stateful firewall enhances security through packet filtering, and these types of firewalls also keep track of outbound requests and open the port for the returning traffic to enter the network. Since a centrally located firewall was required by the question, a network-based firewall should be chosen instead of a host-based firewall.

Answer 65

D.Network device CPU (Central Processing Unit) issues OBJ-5.5: Routing decisions are processed by the router and rely on the networking device's central processing unit (CPU). The CPU performance can become a severe bottleneck in the network performance if you have an underpowered router for a large enterprise environment. Network device power issues would cause network outages, not network slowdowns as this scenario presented. The scenario did not state that this mesh network is a storage area network, therefore it is not a SAN issue. Similarly, the scenario did not mention authentication issues, therefore the network performance issue is not caused by delayed RADIUS responses.

Answer 66

D.Switch OBJ-2.1: A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain. A hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub operates at the physical layer (Layer 1) of the OSI model. All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD. A wireless access point is a networking device that allows other Wi-Fi devices to connect to a wired network. A wireless access point operates at the physical layer (Layer 1) of the OSI model to extend the wired network into the wireless domain.

Jason Dion - CompTIA Network+ N10-008 Exam Prep #2 Flashcards

(90 cards)