Jason Dion - CompTIA Network+ N10-008 Exam Prep #3 Flashcards
(90 cards)
Ted, a file server administrator at Dion Training, has noticed that many sensitive files have been transferred from a corporate workstation to an IP (Internet Protocol) address outside of the local area network. Ted looks up the IP address and determines that it is located in a foreign country. Ted contacts his company’s security analyst, verifying that the workstation’s anti-malware solution is up-to-date and the network’s firewall is properly configured. What type of attack most likely occurred to allow the exfiltration of the files from the workstation?
A.MAC (Media Access Control) spoofing
B.Zero-day
C.Session hijacking
D.Impersonation
B.Zero-day
OBJ-4.1: Since the firewall is properly configured and the anti-malware solution is up-to-date, this signifies that a zero-day vulnerability may have been exploited. A zero-day vulnerability is an unknown vulnerability, so a patch or virus definition has not been released yet. A zero-day vulnerability refers to a hole in software that is unknown to the vendor. Hackers then exploit this security hole before the vendor becomes aware and hurries to fix it. This exploit is therefore called a zero-day attack. Zero-day attacks include infiltrating malware, spyware, or allowing unwanted access to user information. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Impersonation is the act of pretending to be someone or something else. A session hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver.
You are configuring a point-to-point link and want to ensure it is configured for the most efficient use of your limited pool of available public IP addresses. Which of the following subnet masks would be BEST to use in this scenario?
A./29
B./30
C./24
D./28
B./30
OBJ-1.4: The most efficient subnet mask for a point-to-point link is actually a /31 subnet, which only provides 2 addresses. This will only work if both routers use a newer routing protocol like OSPF, IS-IS, EIGRP, or RIPv2 (or above). The most widely accepted and used method is to use a /30 subnet consisting of 4 IP addresses. The first is the network IP, the last is the broadcast, and the other 2 IPs can be assigned to the routers on either end of the point-to-point network. For the exam, if you see the option of /30 or /31, remember, they can be used for point-to-point networks.
Which of the following security features should be enabled to configure a quality of service filter to manage the traffic flow of a Cisco router or switch and protect it against a denial-of-service attack?
A.Dynamic ARP inspection
B.Router Advertisement Guard
C.Control plane policing
D.DHCP snooping
C.Control plane policing
OBJ-4.3: The Control Plane Policing, or CPP, feature allows users to configure a quality of service (or QoS) filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches against reconnaissance and denial-of-service (DoS) attacks. This helps to protect the control plane while maintaining packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch.
Students at Dion Training have been reporting extreme performance degradation across the network every Friday morning. Which of the following should the network technician review FIRST to identify the root cause of the network performance issues?
A.Link status
B.Baseline
C.Utilization
D.Bottleneck
C.Utilization
OBJ-5.5: The technician should first review the utilization on the network during the time period where network performance issues are being experienced. This will then be compared to the average performance of the network throughout the rest of the week. In turn, this could be compared against the baseline. Since the issue is only occurring during a specific time period at a recurring interval (every Friday morning), it is likely an over-utilization issue causing the decreased performance. The link status could be checked to ensure the link is up and operational, but it is unlikely to determine the root cause of the slower network performance being experienced. Bottlenecks are points within a network through which data flow becomes limited thanks to insufficient computer or network resources. But, again, since this is occurring at a specific time and interval, it is likely a high utilization which in turn is affected by any network bottlenecks that may exist. Reviewing the network utilization can help the technician identify why the slowness is being experienced every Friday, such as placing additional load on the network by streaming videos or something similar.
Dion Worldwide has created a network architecture that relies on two main data centers, one in the United States and one in Japan. Each satellite office in the United States and Canada will connect back to the American data center, while each satellite office in Asia will connect back to the Japanese data center. Both the American and Japanese data centers are interconnected, as well. Therefore, if a client in the Philippines wants to send a file to the office in Miami, it will go first to the Japanese datacenter, then route across to the American datacenter, and then to the Miami satellite office. Which of the following network topologies best describes the Dion Worldwide network?
A.Bus
B.Star
C.Ring
D.Hub and spoke
D.Hub and spoke
OBJ-1.2: A hub and spoke topology is a network topology where a central device (the hub) is connected to multiple other devices (the spokes). A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring.
Hub and spoke use a literal layer 1 device a Hub.
Star uses a layer 2 device a Switch.
Eduardo, a network technician, needs to protect IP-based (Internet Protocol) servers in the network DMZ (DeMilitarized Zone) from an intruder trying to discover them. What should the network technician do to protect the DMZ from ping sweeps?
A.Disable UDP on the servers in the DMZ
B.Disable TCP/IP (Transmission Control Protocol/Internet Protocol) on the servers in the DMZ
C.Block all ICMP (Internet Control Message Protocol) traffic to and from the DMZ
D..Block inbound echo replies to the DMZ
C.Block all ICMP (Internet Control Message Protocol) traffic to and from the DMZ
OBJ-4.3: A ping sweep is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers). A ping sweep occurs when a ICMP echo request message is sent to each target in a network and then waits for the ICMP echo replies to report if the target was available or not. To disable ping sweeps on a network, administrators can block ICMP echo requests from outside sources or block any outbound ICMP echo replies from being transmitted from their network. If you only blocked inbound echo replies to the DMZ, it would still allow an attacker to send an inbound echo request and the servers to send an outbound echo reply which would not stop the ping sweep from occurring. Ping sweeps are conducted using ICMP by default, not UDP, therefore disabling UDP on the servers will not stop a ping sweep. If you disable TCP/IP on the server in the DMZ, you will prevent them from operating properly and impose a self-created denial-of-service against your own servers.
Which type of wireless network utilizes the 2.4 GHz frequency band and reaches up to 11 Mbps speeds?
A.802.11ax
B.802.11b
C.802.11n
D.802.11ac
E.802.11g
F.802.11a
B.802.11b
OBJ-2.4: The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. Even though 802.11a was a faster standard, the 802.11b standard gained more widespread adoption due to the low cost of manufacturing the radios for use in the 2.4 GHz frequency band. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.
Over the past week, your network users have reported that the network has been operating slowly. You have made some changes to the network to increase its speed and responsiveness, but your supervisor is requesting that you prove that the network is actually faster and doesn’t just “feel” faster. Which of the following should you use to prove that the current configuration has improved the network’s speed?
A.Present him with a physical network diagram that shows the changes you made
B.Present him with a logical network diagram showing the configuration changes
C.Provide him a copy the approved change request for your configuration changes
D.Show him the results of a new performance baseline assessment
D.Show him the results of a new performance baseline assessment
OBJ-3.1: The only way to prove to your supervisor that the network is actually faster and more responsive is to conduct a new performance baseline and compare it to the results of the baseline that was created before the changes. By comparing the “current” speed against the “previous” baseline’s speed, you can definitely prove if the network is indeed faster due to your configuration changes. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.
You are setting up uplink ports for multiple switches to communicate with one another. All of the VLANs should communicate from the designated server switch. Which of the following should be set on the trunk ports if VLAN 1 is not the management VLAN?
A.802.1q
B.802.1x
C.802.1af
D.802.1d
C.802.1q
OBJ-2.3: The IEEE 801.q standard is used to define VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.
Which of the following describes the process of layer protective measures in the network to protect valuable data and information?
A.Zero trust
B.Least privilege
C.Acceptable use policy
D.Defense in depth
D.Defense in depth
OBJ-4.1: Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information. An acceptable use policy (AUP) is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. Zero-trust is a security framework that requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints.
Jonah is conducting a physical penetration test against Dion Training. He walks up to the access control vestibule and tells an employee standing there. He says, “I forgot my access card on my desk when I left for lunch, would you mind swiping your badge for me so I can go to my desk and retrieve my access card?” What type of social engineering attack is Jonah attempting?
A.Tailgating
B.Piggybacking
C.Shoulder surfing
D.Phishing
B.Piggybacking
OBJ-4.2: Piggybacking attack is a social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises. The big difference between tailgating and piggybacking is permission. Tailgating is when an unauthorized person physically follows an authorized person into a restricted corporate area or system. With tailgating, the authorized person doesn’t know the unauthorized person is walking behind them. With Piggybacking, the authorized person will allow the unauthorized person to enter the secure area using the authorized person’s access credentials. Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers, passwords and other confidential data by looking over the victim’s shoulder. Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the back-end authentication system supports EAP (Extensible Authentication Protocol) and TTLS (Tunneled Transport Layer Security). What should the network administrator implement?
A.PKI (Public Key Infrastructure) with user authentication
B.802.1x using PAP (Password Authentication Protocol)
C.WPA2 (Wi-Fi Protected Access version 2) with a pre-shared key
D.MAC (Media Access Control) address filtering with IP filtering
B.802.1x using PAP (Password Authentication Protocol)
OBJ-4.3: The network administrator can utilize 802.1x using EAP-TTLS with PAP for authentication since the backend system supports it. Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. MAC address filtering does not filter based on IP addresses, but instead, it filters based on the hardware address of a network interface card, known as a MAC address. WPA2 is a secure method of wireless encryption that relies on the use of a pre-shared key or the 802.1x protocol. In the question, though, it states that the system only supports WPA, therefore WPA2 cannot be used. PKI with user authentication would be extremely secure, but it is only used with EAP-TLS, not EAP-TTLS. EAP-TTLS only works with credential-based authentication, such as a username and password. Therefore, 802.1x using PAP is the best answer.
You just bought a new wireless access point and connected it to your home network. What type of network have you created?
A.PAN (Personal Area Network)
B.WLAN (Wireless Local Area Network)
C.WAN (Wide Area Network)
D.MAN (Metro Area Network aka Metro-E)
WLAN (Wireless Local Area Network)
OBJ-1.2: A wireless local area network (WLAN) connects computers within a small and specific area geographically using Wi-Fi. Since your wireless access point is simply extending your wired local area network to the wireless domain, it is still a local area network but is now called a wireless local area network, or WLAN. A personal area network (PAN) is centered around a short distance, usually around a person or up to a few meters. PANs are heavily used with Bluetooth and NFC. A metropolitan area network (MAN) is confined to a specific town, city, or region. It covers a larger area than a LAN but a smaller area than a WAN. A wide area network (WAN) will typically cover a larger area geographically, such as a continent, a state, or a country.
A company is setting up a brand new server room and would like to keep the cabling infrastructure out of sight but still accessible to the network administrators. Infrastructure cost is not an issue. Which of the following should be installed to meet the requirements?
A.Cable trays
B.Patch panels
C.Conduit
D.Raised floor
D.Raised floor
OBJ-1.3: Raised floors allow the cabling to be placed under the floor, but still accessible to the network administrators. A conduit is a tube through which power or data cables pass. Conduits are usually metal or plastic pipes, and it makes accessing the cables difficult when maintenance is going to be performed. Cable trays are a mechanical support system that can support electrical cables used for power distribution, control, and communication. Cable trays can be installed on the ceiling or under the floor if you are using a raised floor system. If cable trays are installed in the ceiling, they can be difficult to reach and work on. Patch panels are useful in a cable distribution plant, but they will not allow the cables to be distributed throughout the entire work area. A patch panel is a piece of hardware with multiple ports that helps organize a group of cables. Each of these ports contains a wire that goes to a different location. Patch panels and cable trays may be used to form the backbone of your cable distribution plant, but to meet the requirements of the question you should use raised floors in conjunction with these.
Your office is located in a small office park, and you are installing a new wireless network access point for your employees. The companies in the adjacent offices are using Wireless B/G/N routers in the 2.4 GHz spectrum. Your security system uses the 5 GHz spectrum, so you have purchased a 2.4 GHz wireless access point to ensure you don’t cause interference with the security system. To maximize the distance between channels, which set of channels should you configure for use on your access points?
A.1,6,11
B.3,6,9
C.1,7,13
D.2,6,10
A.1,6,11
OBJ-2.4: Wireless access points should always be configured with channels 1, 6, or 11 to maximize the distance between channels and prevent overlaps. Each channel on the 2.4 GHz spectrum is 20 MHz wide. The channel centers are separated by 5 MHz, and the entire spectrum is only 100 MHz wide. This means the 11 channels have to squeeze into the 100 MHz available, and in the end, overlap. Channels 1, 6, and 11, however, are far enough from each other on the 2.4GHz band that they have sufficient space between their channel centers and do not overlap.
A network architect is designing a highly redundant network with a distance vector routing protocol to prevent routing loops. The architect wants to configure the routers to advertise failed routes with the addition of an infinite metric. What should the architect configure to achieve this?
A.Hold down timers
B.Spanning tree
C.Route poisioning
D.Split horizon
C.Route poisioning
OBJ-2.2: Route poisoning is a method to prevent a router from sending packets through a route that has become invalid within computer networks. This is achieved by changing the route’s metric to a value that exceeds the maximum allowable hop count so that the route is advertised as unreachable. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks and operates at layer 2 of the OSI model. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. A split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. A hold down timer is a function of a router that prevents a route from being updated for a specified length of time (in seconds). A hold down timer allows for the routers in a topology to have sufficient time to reach convergence and be updated when a route fails.
Your co-worker has just installed an unmanaged 24-port switch. He is concerned with the amount of broadcast traffic that may exist when using this device. How many broadcast domains are created when using this single 24-port switch?
A.2
B.1
C.24
D.0
B.1
OBJ-2.1: A single 24-port unmanaged switch will have only 1 broadcast domain. Routers and VLANs split up broadcast domains. Since this is an unmanaged switch, it will only have a single broadcast domain, but it will have 24 collision domains. If this was a managed layer 3 switch, it could provide routing functions and break apart the broadcast domains. But, since this was an unmanaged switch, there must be only 1 broadcast domain on this switch.
What happens when convergence on a routed network occurs?
A.All routers are using hop count as the metric
B.All routers use route summarization
C.All routers learn the route to all connected networks
D.All routers have the same routing table
C.All routers learn the route to all connected networks
OBJ-2.2: Routers exchange routing topology information with each other by using a routing protocol. When all routers have exchanged routing information with all other routers within a network, the routers have converged. In other words: In a converged network, all routers “agree” on what the network topology looks like.
A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. Which of the following is MOST likely the cause of the connectivity issue?
A.Misconfigured DNS (Domain Name System; phone book of the internet)
B.Cable short
C.Attenuation
D.Bad power supply
B.Cable short
OBJ-5.2: Since the scenario states the VoIP phone works properly from the old desk, it is properly configured and the hardware itself works. This indicates the problem must be caused by the new desk which contains a different network cable from the switch to the wall jack in the cubicle. This is most likely a bad cable, such as one with a short in it. To verify this theory, the technician should use a cable tester to verify if the cable does have a short or not. While attenuation is a possible cause of the problem described, it is unlikely since the employee only moved a few desks (10-15 feet), and is not a large enough distance to cause significant attenuation issues.
Which parameter must be adjusted to enable a jumbo frame on a network device?
A.Duplex
B.Speed
C.TTL (Time-To-Live)
D.MTU (Maximum Transmission Unit)
D.MTU (Maximum Transmission Unit)
OBJ-1.1: A jumbo frame is an Ethernet frame with a payload greater than the standard maximum transmission unit (MTU) of 1,500 bytes. Jumbo frames are used on local area networks that support at least 1 Gbps and can be as large as 9,000 bytes. By adjusting the MTU on a given network device’s interface, you can enable or prevent jumbo frames from being used in the network. Time to live (TTL) refers to the amount of time or “hops” that a packet is set to exist inside a network before being discarded by a router. Duplex refers to if network devices can listen and transmit at the same time (full-duplex), or if they can only do one or the other (half-duplex). Speed is the bit rate of the circuit and is often measured in multiples of bits per second (bps).
(This is a simulated Performance-Based Question.) The results of the cable certifier are shown below:
Cable Test Results
1,2 Open 3ft
3,6 Short 3ft
4,5 Open 3ft
7,8 Open 3ft
Using the results provided, was the cable properly crimped or not?
A.Cable was properly crimped
B.Cable was not properly crimped
B.Cable was not properly crimped
OBJ-5.2: Cable certifiers can provide a “pass” or “fail” status following the industry standards and can also show detailed information such as “open,” “short,” or the length of the cable. When a short is detected, but the cable’s full length is shown (3 ft), this indicates the cable was incorrectly crimped. In this case, it appears that pin 3 and pin 6 are both crimped into the same position in the RJ-45 connector, causing the short. An open indicates that the electrical signal is not reaching the other end of the cable. A short indicates that the electrical signal is crossing two wires at the same time. Both of these are indications of a incorrectly crimped cable.
A company is implementing enhanced user authentication for system administrators accessing the company’s confidential servers. They intend to use two-factor authentication to accomplish this. Which of these BEST represents two-factor authentication?
A.Fingerprint scanner and retina scan
B.ID (IDentification) badge and keys
C.Password and key fob
D.Username and password
C.Password and key fob
OBJ-4.1: Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by using a combination of two different factors: (1) something you know, (2) something you have, or (3) something you are. Out of the options provided, only a key fob (something you have) and a password (something you know) meet the requirements of 2FA. If you have two factors from the same type/category, like something you know (username and password), this is only considered a single factor of authentication.
What can be issued from the command line to find the layer 3 hops to a remote destination?
A.nslookup
B.netstat
C.traceroute
D.ping
C.traceroute
OBJ-5.3: Traceroute will determine every hop between the host and the destination using ICMP. Traceroute is used for Linux and UNIX systems. Tracert is used for Windows systems. The traceroute command will issue a series of pings from the host to the destination, incrementing the time to live (TTL) by one each time. As each packet passes through a router or firewall, the TTL is decreased by one. If the TTL for a packet reaches zero, it will send an error message back to the host. By doing this, the host can map out each hop in the network from the host to the destination. The netstat command is used to display the network statistics. The nslookup command is used to display and troubleshoot DNS records. The ping command is used to test the end to end connectivity between a host and a destination. The netstat, nslookup, and ping commands cannot be used to find the layer 3 hops to a remote destination.
You are trying to connect to a router using SSH (Secure SHell) to check its configuration. Your attempts to connect to the device over SSH keep failing. You ask another technician to verify that SSH is properly configured, enabled on the router, and allows access from all subnets. She attempts to connect to the router over SSH from her workstation and confirms all the settings are correct. Which of the following steps might you have missed in setting up your SSH client preventing you from connecting to the router?
A.Perform file hashing
B.Update firmware
C.Change default credentials
D.Generate a new SSH (Secure SHell) key
D.Generate a new SSH (Secure SHell) key
OBJ-4.4: When configuring your SSH connection, you must ensure that a key is established between your client and the server. If you never set up an SSH key, you will need to generate a new key to get SSH to connect properly. Since the other technician was able to connect on her machine, we can rule out a SSH server issue, so it must be an issue with your account or client. The only option that relates solely to your account or client is the possibility that a key was not properly generated for your client.
