Jason Dion - CompTIA Network+ N10-008 Exam Prep #4 Flashcards

Question

Which of the following type of sites might contain a datacenter with equipment, but it is not configured and doesn't contain any user or customer data yet? A.Cloud site B.Warm site C.Hot site D.Cold site

Answer 1

B.Warm site OBJ-3.3: A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization’s enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment.

Answer 2

D.Implement a VLAN (Virtual Local Area Network) to separate the HVAC control system from the open wireless network OBJ-2.1: A VLAN is useful to segment out network traffic to various parts of the network and stop someone from the open wireless network from logging to the HVAC controls. By utilizing NAC, each machine connected to the open wireless network could be checked for compliance and determine if it is a 'known' machine, but they would still be given access to the entire network. Also, since this is a publicly usable network, using NAC could prevent users from accessing all the network features. An IDS would be a good solution to detect the attempted logins, but it won't prevent them. Instead, an IPS would be required to prevent logins.

Answer 3

B.Wireless switch on your laptop OBJ-5.4: Since everyone else's laptops are connected without any issues, the problem is not with the network but with your laptop in some form. This rules out the wireless controller configuration or access point settings since those are both things that would affect all users on the network. Additionally, as a student at the school, it is unlikely you have access to check the configuration of the access point or wireless controller. Since you are not connected or finding any networks, you won't have a DHCP address assigned either. The most likely cause of your issue is that the wireless switch on your laptop was accidentally switched to the off position when you put your laptop in your backpack. Now, not all laptops have a wireless switch, but from the options provided, this is the most logical answer. If you have a MacBook, for example, they do not use a physical wireless switch. If you are troubleshooting this issue using the bottom-to-top methodology, you would start with layer 1 of the OSI model, the physical layer. In this case, the physical layer would relate to your wireless networking card and the radio frequencies it is supposed to transmit.

Answer 4

A.SRV (SeRVice Record) OBJ-1.6: A DNS service (SRV) record specifies a host and port for specific services such as voice over IP (VoIP), instant messaging, and others. PTR records are used for the Reverse DNS (Domain Name System) lookup. Using the IP address, you can get the associated domain/hostname. An A record should exist for every PTR record. A Start of Authority (SOA) resource record indicates which Domain Name Server (DNS) is the best source of information for the specified domain. The DNS text (TXT) record lets a domain administrator enter text into the Domain Name Systems. The TXT record was originally intended as a place for human-readable notes. However, now it is also possible to put some machine-readable data into TXT records.

Answer 5

A.Increase the number of virtual terminals available OBJ-5.5: You can set a limit of how many virtual terminals can simultaneously remotely connect to a switch. The issue in this scenario is that the switch is configured to a maximum of one virtual terminal, so only one student can access the switch at a time. When a student connects to a switch or router using ssh or telnet, it requires a virtual terminal connection. The default virtual terminal limit is 32 on Cisco devices, but you can configure it to allow between 1 and 64 simultaneous connections. To connect to a virtual terminal, you would utilize a terminal emulator. A packet capture tool is used to collect data packets being transmitted on a network and save them to a packet capture file (pcap) for later analysis.

Answer 6

A.IDS (Intrusion Detection System) OBJ-2.1: An intrusion detection system is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system. Unlike an IPS, which can stop malicious activity or policy violations, an IDS can only log these issues and not stop them. An intrusion prevention system (IPS) conducts the same functions as an IDS but can also block or take actions against malicious events. An authentication, authorization, and accounting (AAA) server is a server used to identify (authenticate), approve (authorize), and keep track of (account for) users and their actions. AAA servers can also be classified based on the protocol they use, such as a RADIUS server or TACACS+ server. A proxy server is a server that acts as an intermediary between a client requesting a resource and the server that provides that resource. A proxy server can be used to filter content and websites from reaching a user.

Answer 7

B./27 OBJ-1.4: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have 23 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 25 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). Since we need 25 IP addresses, we need to round up to a block of 32. To symbolize a CIDR block with 32 IP addresses, we would use /27, which is 2^5 = 2.

Answer 8

B.4 OBJ-2.1: A collision domain is a network segment connected by a shared medium or through repeaters where simultaneous data transmissions collide with one another. Hubs do not break up collision domains, but routers and switches do. For each switchport or interface on a switch or router, there is a new collision domain. Therefore, in this network, you will have one collision domain for the hub and its clients that are connected to FastEthernet0/1. There is a second collision domain for the router’s other interface (FastEthernet0/0) that is shared with Switch 1 (switch port 8). There is a third collision domain for the connection between Switch 2 and Switch 1, and a fourth domain for the connection between Switch 3 and Switch 1. If there were additional clients on any of these switches, each client would also be a part of its own collision domain, but since none were mentioned, we only have 4 collision domains in this network.

Answer 9

B.DHCP redirect (Dynamic Host Configuration Protocol) OBJ-4.3: In general, captive portals are implemented by using an HTTP redirect, an ICMP redirect, or a DNS redirect. A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a wireless network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other information prior to allowing access to the network and its resources.

Answer 10

B.143 OBJ-1.5: Internet Message Access Protocol (IMAP) uses port 143, and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Internet Message Access Protocol (IMAP) over SSL uses port 993 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Post Office Protocol version 3 over SSL (POP3 over SSL) uses port 995 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server that operates using an SSL or TLS encrypted tunnel.

Answer 11

C.Place each department in separate VLAN (Virtual Local Area Network) to increase broadcast domains OBJ-2.3: Placing each of the departments on separate VLANs will help minimize the added network traffic caused by the broadcast messages. A virtual LAN is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. Each VLAN becomes its own broadcast domain and this would minimize the total number of broadcast messages sent to every client on the network. For traffic to enter or leave a VLAN, it must go through a router or a layer 3 switch. A collision domain will not prevent a broadcast message from being sent. Increasing the number of switches will not reduce or increase the number of broadcast messages. To minimize the number of broadcast messages, you need to increase the number of broadcast domains.

Answer 12

D.443,3389 OBJ-1.5: HTTPS (HyperText Transfer Protocol Secure) uses port 443. RDP (Remote Desktop Protocol) uses port 3389. Port 445 is used by the Server Message Block (SMB) protocol. Port 161 is used by the Simple Network Management Protocol (SNMP). Port 3389 is used by the Remote Desktop Protocol (RDP). Port 25 is used by the Simple Mail Transfer Protocol (SMTP). If this was a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up.

Answer 13

B.5060 OBJ-1.5: Session Initiation Protocol (SIP) uses ports 5060 and 5061, and is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Server Message Block (SMB) uses ports 139 and 445, and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments. MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL).

Answer 14

B.Rapid elasticity OBJ-1.8: Rapid elasticity is used to describe scalable provisioning or the capability to provide scalable cloud computing services. Rapid elasticity is very critical to meet the fluctuating demands of cloud users. The downside of rapid elasticity implementations is that they can cause significant loading of the system due to the high resource number of allocation and deallocation requests. Resource pooling refers to the concept that allows a virtual environment to allocate memory and processing capacity for a VMs use. On-demand refers to the fact that a consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. Metered services are pre-paid, a-la-carte, pay-per-use, or committed offerings. A metered service like a database may charge its users based on the actual usage of the service resources on an hourly or monthly basis. For example, Dion Training used the AWS Lambda serverless product in some of our automation. This service charges us $0.20 for every 1 million requests processed.

Answer 15

B.The entire packet will be evaluated until all of the IDS alert rules have been checked and the packet is allowed to continue its journey OBJ-2.1: If Snort is operating as an IDS, it will not block the connection or drop the packet. Instead, Snort will evaluate the entire packet and check all the alert rules, logging any matches it finds, and then allow it to continue onward to its destination.

Answer 16

B.Security through isolation OBJ-4.3: Network segmentation in computer networking is the act of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for increasing performance and improving security through isolation. Link aggregation is the combining of multiple network connections in parallel by any of several methods, in order to increase throughput beyond what a single connection could sustain, to provide redundancy in case one of the links should fail, or both. Port mirroring is used on a network switch to send a copy of network packets seen on one switch port to a network monitoring connection on another switch port. Redundancy is an operational requirement of the data center that refers to the duplication of certain components or functions of a system so that if they fail or need to be taken down for maintenance, others can take over while maintaining high availability of your network and systems. Network segmentation, by itself, does not provide link aggregation, port mirroring, or additional redundancy.

Answer 17

C.MIB (Management Information Base) OBJ-3.1: Management Information Base (MIB) is used for managing all entities on a network using Simple Network Management Protocol. It would allow the tool to interpret the information received correctly.

Answer 18

D.Install and configure a virtual switch OBJ-1.2: A virtual switch (vSwitch) is a software program that allows one virtual machine (VM) to communicate with another. A virtual switch is a software application that allows communication between virtual machines. A vSwitch does more than just forward data packets, it intelligently directs the communication on a network by checking data packets before moving them to a destination. This is usually created within the hypervisor's software.

Answer 19

B.Firewall OBJ-2.1: A firewall is a network security device designed to prevent systems or traffic from unauthorized access. An ACL is a list that shows which traffic or devices should be allowed into or denied from accessing the network. An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. An IDS uses signatures, not ACLs. Content filtering is the use of a program to screen and/or exclude access to web pages or emails deemed objectionable. A load balancer distributes a set of tasks over a set of resources to make their overall processing more efficient.

Answer 20

D.Tone generator OBJ-5.2: A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A tone generator is used with copper cables, not fiber optic cables. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A time-domain reflectometer (TDR) is used to determine the characteristics of electrical lines by observing reflected waveforms to characterize and locate faults in copper cables. A loopback adapter is a plug that is used to test the physical port or interface on a network device.

Answer 21

B.DWDM (Dense Wavelength-Division Multiplexing) OBJ-1.2: Dense wavelength-division multiplexing (DWDM) is a high-speed optical network type commonly used in MANs (metropolitan area networks). DWDM uses as many as 32 light wavelengths on a single fiber, where each wavelength can support as many as 160 simultaneous connections. Asymmetric digital subscriber line (ADSL) is a type of digital subscriber line technology, a data communications technology that enables faster data transmission over copper telephone lines than a conventional voiceband modem can provide. The link aggregation control protocol (LACP) is used to combine multiple network connections in parallel by any of several methods, in order to increase throughput beyond what a single connection could sustain, to provide redundancy in case one of the links should fail, or both. LACP would require bundling multiple fiber optic cables together to increase bandwidth, therefore it wouldn't use your existing fiber-optic network to increase the bandwidth as it would need additional cables. Fibre Channel over Ethernet (FCoE) is a method of supporting converged Fibre Channel (FC) and Ethernet traffic on a data center bridging (DCB) network. FCoE encapsulates unmodified FC frames in Ethernet to transport the FC frames over a physical Ethernet network.

Answer 22

D.Frequency jamming OBJ-4.2: Frequency jamming is one of the many exploits used to compromise a wireless environment. Frequency jamming is the disruption of radio signals through the use of an over-powered signal in the same frequency range. It works by denying service to authorized users as legitimate traffic is jammed by the overwhelming frequencies of illegitimate traffic. There is no indication that the malicious user has created a rogue AP (which is a form of spoofing) or performing an on-path attack by having users connect through their laptop or device within this scenario. Also, there is no mention of certain websites or devices being blocked logically using a blocklist or ACL.

Answer 23

A.Bluejacking OBJ-4.2: Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptop computers, sending a vCard which typically contains a message in the name field to another Bluetooth-enabled device via the OBEX protocol. A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability. The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. Multiplexing is a method by which multiple analog or digital signals are combined into one signal over a shared medium to share a scarce resource. Multiplexing is not a type of exploit or attack but is heavily used to increase the bandwidth of wireless networks and fiber optic connections.

Answer 24

B.Separation of duties OBJ-4.1: This organization uses separation of duties to ensure that neither Kirsten nor Bob can exploit the organization’s ordering processes for their gain. Separation of duties is the concept of having more than one person required to complete a particular task to prevent fraud and error. Dual control, instead, requires both people to act together. For example, a nuclear missile system uses dual control and requires two people to each turn a different key simultaneously to allow for a missile launch to occur. Mandatory vacation policies require employees to take time away from their job and detect fraud or malicious activities. A background check is a process a person or company uses to verify that a person is who they claim to be and provides an opportunity for someone to check a person's criminal record, education, employment history, and other past activities to confirm their validity.

Answer 25

C.nmap OBJ-5.3: Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network's clients, servers, and devices. A protocol analyzer is used to capture, monitor, and analyze data transmitted over a communication channel. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. While you may be able to identify the services, applications, or operating systems using tcpdump by analyzing the captured packets, tcpdump will not send specifically crafted packets to the devices as it is a passive reconnaissance tool. The ping command is used to test whether a given target is reachable across an IP network by sending an ICMP Echo Request packet and receiving an ICMP Echo Reply.

Answer 26

D.Layer 1 OBJ-1.1: Data is transmitted at Layers 5, 6, and 6 of the OSI model. At Layer 4, the data is encapsulated into segments. At layer 3, the segments are encapsulated into packets. At layer 2, the packets are encapsulated into frames. At layer 1, the frames are encapsulated into bits.

Answer 27

C.ARP (Address Resolution Protocol) poisoning OBJ-4.2: Based on the scenario, we can eliminate evil twin (focused on wireless access points) and IP spoofing (since this affects layer 3 traffic). While MAC spoofing the gateway's address might work, it would also affect every computer on this subnet. ARP poisoning (also known as ARP spoofing) is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. By conducting an ARP spoofing, Rick can poison the cache and replace Mary's computer's MAC address and IP binding association with his own, allowing him to complete an on-path attack between Mary and the default gateway.

Answer 28

B.802.11ac OBJ-2.4: To meet these requirements, you should recommend 802.11ac because it allows for faster speeds than wireless b, g, and n, and it provides the longest ranges of the options provided. The 802.11ac can reach 115 feet (35 meters) using 8 MIMO streams for higher bandwidth, or up to 230 feet (70 meters) using only 4 MIMO streams to provide greater coverage at a lower bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps.

Answer 29

C.UPS (Uninterruptable Power Supply) OBJ-3.3: An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source or mains power fails. A power distribution unit (PDU) is a device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center. PDUs use and distribute the available amperage more efficiently, allowing your equipment to receive the best available power to maintain operation. A generator is a device that converts motive power into electrical power for use in an external circuit. Generators can be powered by diesel, gasoline, or propane. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter.

Answer 30

B.SLA (Service-Level Agreement) OBJ-3.2: A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end-user that defines the level of service expected from the service provider. SLAs are output-based and their purpose is specifically to define what the customer will receive. If the customer requires faster response times, it should be in the SLA. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restricts how the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share for certain purposes, but wish to restrict access to.

Answer 31

D.Return the system back to the original state before the change OBJ-3.2: By performing a rollback, the administrator will change everything back to the last known good configuration before the change is started. This would involve resetting everything back to how it was before the configuration and installation of the changes were begun in this maintenance window.

Answer 32

C.Deauthentication OBJ-4.2: A deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point by sending a deauthentication frame to the victim's machine. This causes the wireless client to disconnect from the wireless network and then reconnect. During that reconnection, an attacker can conduct a packet capture of the authentication handshake and use that to attempt to brute force the network's pre-shared key. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge. A rogue access point is any access point installed on a network without the network owner's permission. For example, if an employee connected a wireless access point to a wall jack in their office so that they can use their smartphone or tablet, this would be considered a rogue access point. MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device.

Answer 33

A.802.11n OBJ-2.4: 802.11n introduced MIMO support on non-overlapping channels to increase the bandwidth available for the wireless network. This is also supported in 802.11ac (MU-MIMO), which was released after 802.11n. The other wireless networking technologies (a/b/g) do not support MIMO.

Answer 34

D.Onboarding policy OBJ-3.2: An onboarding policy is a documented policy that describes all the requirements for integrating a new employee into the company and its cultures, as well as getting that new hire all the tools and information they need to begin their job successfully. A bring your own device (BYOD) policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops. A remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network. A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords.

Answer 35

B.Channel 6 OBJ-2.4: With wireless access points that run 2.4 GHz frequencies, you can only select channels between 1 and 11 in the United States. This includes 802.11b, 802.11g, 802.11n, and 802.11ax networks. To prevent overlapping of the channels, you should select channels 1, 6, and 11. By doing so, you can increase the reliability and throughput of your wireless network.

Answer 36

C.443 OBJ-1.5: The Hypertext Transfer Protocol Secure (HTTPS) uses port 443 and is an application layer protocol for distributed, collaborative, hypermedia information systems using either SSL or TLS encrypted data transfer. The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection.

Answer 37

C.Enable a discovery protocol on the network devices OBJ-5.5: By enabling a discovery protocol on the network devices, the technician will be able to get detailed information such as the IP addresses, system version, and device information from supporting devices directly. There are three primary discovery protocols: simple network management protocol (SNMP), link layer discovery protocol (LLDP), and ping. TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. A packet capture tool is used to collect data packets being transmitted on a network and save them to a packet capture file (pcap) for later analysis.

Answer 38

B.Ensure that port 20 is open OBJ-5.5: Executing an FTP connection from a client is a two-stage process requiring the use of two different ports. Once the user enters the name of the server and the login credentials in the FTP client's authorization fields, the FTP connection is attempted over port 21. Once the connection is established, FTP sends the data over port 20 back to the client from the server. For FTP to function properly, you should have both ports 20 and 21 open.

Answer 39

C.Spanning tree OBJ-2.3: The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. If STP detects a switching loop being created by the redundant connection, it will disable the switchport automatically. The Interior Gateway Routing Protocol (IGRP) is a distance-vector interior gateway protocol developed by Cisco to exchange routing data within an autonomous system. IGRP is used with layer 3 devices (routers) and not layer 2 devices (switches). A service set identifier (SSID) is a group of wireless network devices that share the same natural language label that users see as a network name. An SSID is not used with wired networks. Port mirroring is used on a network switch to send a copy of network packets seen on one switch port to a network monitoring connection on another switch port. Port mirroring is used for security applications, not redundancy.

Answer 40

C.SYN (synchronization flag) OBJ-1.1: A synchronization (SYN) flag is set in the first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake. Once received, the receiver sends back a SYN and ACK flag set in a packet which is then sent back to the initiator to confirm they are ready to initiate the connection. Finally, the initial sender replies with an ACK flag set in a packet so that the three-way handshake can be completed and data transmission can begin. A reset (RST) flag is used to terminate the connection. A finish (FIN) flag is used to request that the connection be terminated.

Answer 41

D.Application-aware firewall OBJ-2.1: An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, as opposed to simply using IP addresses and port numbers, by applications by inspecting the data contained within the packets. A stateless packet inspection firewall allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.). A stateful packet inspection firewall monitors the active sessions and connections on a network. The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules. Neither a stateless nor stateful inspection firewall operates at layer 6 or layer 7, so they cannot inspect the contents of the packet to ensure it contains HTTP traffic and not other types of network traffic. HTTPS (SSL/TLS) would allow for an encrypted communication path between the webserver and the client, but this would not prevent an attacker from sending other network protocol data over port 80 and bypassing the firewall rules.

Answer 42

A.traceroute OBJ-5.3: The traceroute command is used on Linux, Unix, and OS X devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. While using ping will tell you if the remote website is reachable or not, it will not tell you where the connection is broken. Traceroute performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help identify if the connectivity issue lies within your workstation and the server since the traffic must be routed between the two networks. The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The ifconfig tool is used on Linux, Unix, and OS X devices to display the current TCP/IP network configuration, assign an IP address, and assign configure TCP/IP settings for a given network interface. The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information.

Answer 43

D.The default credentials were never changed during its installation OBJ-4.3: We know that the signboard was installed with all of the defaults still in place because the installer simply removed it from the box, hung it on the wall, and plugged it in). This means that it is most likely that the electronic signboard default credentials were never changed. While the other options may cause an issue, the unchanged default username and passwords are the biggest threat and most likely the root cause of the digital vandalism since the attacker could simply login to the device using its public IP address and the default username/password to make any changes they desired. Question 68: Skipped

Answer 44

D.4G OBJ-2.4: 4G cellular technology is made up of LTE and LTA-A. Long Term Evolution (LTE) is a packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE has a theoretical speed of 150 Mbps and a real-world speed of around 20 Mbps. LTE Advanced (LTE-A) has a theoretical speed of 300 Mbps and a real-world speed of around 40 Mbps. 5G cellular technology is made up of three different types: low-band, mid-band, and high-band mmWave technology. Low-band 5G reaches an average speed of 55 Mbps with a theoretical speed of 150 Mbps. Mid-band 5G reaches an average speed of 150 Mbps with a theoretical speed of 1.5 Gbps. High-band 5G reaches an average speed of 3 Gbps with a theoretical speed of up to 70 Gbps. 3G cellular technology is made up of two different technologies: HSPA+ and EV-DO. HSPA+ (Evolved High-Speed Packet Access) is a 3G standard used for GSM cellular networks and can support up to a theoretical download speed of 168 Mbps and a theoretical upload speed of 34 Mbps. In the real world, though, HSPA+ normally reaches speeds around 20 Mbps. EV-DO (Evolution-Data Optimized) is a 3G standard used for CDMA cellular networks and can support up to 3.1 Mbps downloads. A wireless mesh network (WMN) is a wireless network topology where all nodes, including client stations, can provide forwarding and path discovery to improve coverage and throughput compared to using just fixed access points and extenders.

Answer 45

C.Runt OBJ-3.1: A runt is an ethernet frame that is less than 64 bytes in size. A giant is any ethernet frame that exceeds the 802.3 frame size of 1518 bytes. Encapsulation is a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame. Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network.

Answer 46

B.Firmware update OBJ-4.3: A firmware update will upgrade your device with advanced operational instructions without needing a hardware upgrade. A firmware update can provide new features or functions to an existing device, or patch vulnerabilities in the existing firmware code. Firmware is a specific class of computer software that provides low-level control for a device's specific hardware. Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol, the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 will not add any new features to an existing hardware device. Some devices may require a firmware upgrade to support the new IPv6 protocols. Cloning is a process that involves setting up the operating system, drivers, software, and patches on a single computer, then automatically replicating this same setup on other computers using specialized software. Routers, unlike computers, cannot be cloned. Routers can be backed up and then restored, though. Vulnerability patching is the process of checking your operating systems, software, applications, and network components for vulnerabilities that could allow a malicious user to access your system and cause damage, and then applying a security patch or reconfiguring the device to mitigate the vulnerabilities found. Vulnerability patching will mitigate software bugs, but it will not add new features to an existing device.

Answer 47

A.Application-aware firewall OBJ-4.2: A web application firewall (WAF) or application-aware firewall would detect both the accessing of random ports and TLS encryption and identify it as suspicious. An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, and TLS connections are created and maintained by applications. A stateless packet inspection firewall allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.). A stateful packet inspection firewall monitors the active sessions and connections on a network. The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules. Neither a stateless nor stateful inspection firewall operates at layer 6 or layer 7, so they cannot inspect TLS connections. An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. An IDS only monitors the traffic on the network, it cannot block traffic.

Answer 48

B.DHCP (Dynamic Host Configuration Protocol) snooping OBJ-4.3: DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure. When DHCP servers are allocating IP addresses to the LAN clients, DHCP snooping can be configured on LAN switches to prevent malicious or malformed DHCP traffic or rogue DHCP servers. Split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network and allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform.

Answer 49

D.OTDR (Optical Time-Domain Reflectometer) OBJ-5.2: An optical time-domain reflectometer (OTDR) is an optoelectronic instrument used to characterize an optical fiber. An OTDR is the optical equivalent of an electronic time-domain reflectometer. A fiber light meter would also be a good option to test a fiber cable. A punchdown tool or cable tester is used with twisted-pair copper cables, not fiber optic cables. A spectrum analyzer is used to measure the radio frequency in use by a network, but fiber optic cables do not use the radiofrequency of electricity and instead use light as its transmission mechanism.

Answer 50

D.Collisions OBJ-5.5: A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment. A hub operates in half-duplex mode and not in full-duplex. A broadcast storm is the result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic. A duplicate MAC address occurs when two or more devices are responding to data requests as if they are the only device on the network with that physical address. One indication of this occurring is when a switch continually changes the port assignments for that address as it updates its content-addressable memory (CAM) table to reflect the physical address and switchport bindings. Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path).

Answer 51

C.9 OBJ-2.1: Based on the description provided, there are 9 collision domains. Each port on the router is a collision domain (2), each port on the switch is a collision domain (8), and all of the ports on the hub make up a single collision domain (1). But, since one of the ports on the router is connected to one of the switch ports, they are in the same collision domain (-1). Similarly, the hub and the switch share a common collision domain connected over the switch port (-1). This gives us 9 collision domains total: the 8 ports on the switch and the 1 port on the route that is used by the cable modem.

Answer 52

A.RADIUS (Remote Authentication Dial-In User Service) server OBJ-4.1: A Remote Authentication Dial-In User Service (RADIUS) server will enable the wireless clients to communicate with a central server to authenticate users and authorize their access to the requested service or system. None of the other options presented are designed to support centralized authentication services by themselves, but instead, use a protocol like RADIUS to perform those functions.

Answer 53

B.The switches are running through their spanning tree process OBJ-5.5: The switch port lights flashing is indicating that the switch is performing the spanning tree process. The Spanning Tree Protocol (STP) is responsible for identifying links in the network and shutting down the redundant ones, preventing possible network loops. To do so, all switches in the network exchange BPDU messages between them to agree upon the root bridge. When spanning tree protocol is enabled on a switch, the switchports will go through five port states: blocking, listening, learning, forwarding, and disabled to create a loop-free switching environment.

Answer 54

A.Infrastructure layer OBJ-1.7: The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.

Answer 55

B.802.11ac OBJ-2.4: Multi-user, multiple-input, multiple-output technology (MU-MIMO) allows a wireless access point to communicate with multiple devices simultaneously to decrease the time each device has to wait for a signal and dramatically speeds up the entire wireless network. The 802.11ac standard introduced MU-MIMO support on non-overlapping channels to increase the bandwidth available for the wireless network. The older 802.11n utilized MIMO. The other wireless networking technologies (a/b/g) do not support MIMO. The newer 802.11ax does support a newer version of MU-MIMO called UL MU-MIMO.

Answer 56

D.Cable OBJ-1.2: Data Over Cable Service Interface Specification (DOCSIS) is used to connect a client's local area network to a high-bandwidth internet service provider over an existing coaxial cable TV system. A satellite connection is a wireless connection spread across multiple satellite dishes located both on earth and in space that provides remote areas with valuable access to core networks. A digital subscriber line (DSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connection to the Internet. A leased line is a private telecommunications circuit between two or more locations provided according to a commercial contract, normally over a fiber-optic connection.

Answer 57

B.Rogue DHCP (Dynamic Host Configuration Protocol) OBJ-4.2: A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack. VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer, server, or gateway on the network. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver's cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server.

Answer 58

A.Verify the cable is connected to eth 0/0 B.Enable the switchport to eth 0/0 OBJ-5.5: The key to answering this question is the first line of the output. "The line protocol is down" means that the specified interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the switchport. The line protocol being down indicates a clocking or framing problem on the connection, and the most common reason for this is a patch cable that is not properly connected. “Fast Ethernet 0/0 is administratively down” indicates that the switchport was manually shut down using the shutdown command by a network administrator and would need to be reenabled. The IP address is currently set to 10.20.30.40/25 which is a private IP address in a classless subnet range. As long as the default gateway is an IP between 10.20.30.0 and 10.20.30.127, though, there is nothing wrong with using this IP address. Without knowing the default gateway, we cannot identify the IP address as the issue. The “loopback is not set” indicates that the interface is not in diagnostic mode and should be properly sending traffic instead of sending it to a loopback address or port.

Answer 59

D.SMTP (Simple Mail Transfer Protocol) OBJ-1.5: Simple Mail Transfer Protocol (SMTP) is a well-known application that uses port 25 for sending email from one server to another server. Remote Desktop Protocol (RDP) is an application that uses port 3389 to allow a user to connect to another computer over a network connection graphically. Simple Network Management Protocol (SNMP) is an application that uses port 161 for the management and monitoring of network-connected devices in Internet Protocol networks. Post Office Protocol v3 (POP3) is an application that uses port 110 to receive and hold email until a client is ready to receive it. The key to answering this question is understanding the acronyms and their meaning.

Answer 60

D.189.76.60.191 OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /26, so each subnet will contain 64 IP addresses. Since the IP address provided is 189.76.60.164, the broadcast address will be 189.76.60.191.

Answer 61

A.Short OBJ-5.2: A short is an electrical term that is an abbreviation for a short circuit. A short generally means that an unintended connection between two points is allowing current to flow where it should not. In this scenario, the short is caused by the damaged cable in which two or more of the conductors are connected. This has caused the cable to fail and will report as "short" when using a cable tester. An open is the opposite of a short. An open is reported when there is no connection between the two ends of a cable or wire. This can occur when a wire or cable is accidentally cut in half. Electrostatic discharge is the sudden flow of electricity between two electrically charged objects. Crosstalk is the coupling of voltage to an adjacent line through mutual coupling composed of a mutual inductance, a coupling capacitance, or both. Crosstalk occurs within a twisted pair cable when the pairs become untwisted or no shielding or insulation remains.

Answer 62

A.AUP (Acceptable Use Policy) OBJ-3.2: Acceptable Use Policy dictates what types of actions an employee can or cannot do with company-issued IT equipment. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share for certain purposes, but wish to restrict access to. A service level agreement (SLA) is a commitment between a service provider and a client for particular aspects of the service, such as quality, availability, or responsibilities.

Answer 63

C.Configuration backup OBJ-3.3: Most large enterprise networks will use the same models of switches across much of the network. This allows them to keep spare switches on-site to use as replacements if a production switch fails. By maintaining a configuration backup of each production switch, it allows a network technician to remove the fault switch, install the new switch, and reload the configuration backup to the new switch. Using this method, a skilled network technician can restore a network switch within just a few minutes. While having a network diagram or VLAN configuration may be helpful, they will not expedite the recovery like a configuration backup will. The router image would be useless in this scenario since it was a switch that failed and requires replacement.

Answer 64

D.2 OBJ-2.1: A broadcast domain is a logical division of a computer network in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment, or it can be bridged to other LAN segments. Routers break up broadcast domains. Therefore there are two broadcast domains in this network - one for each side of the router (the three switches make up one broadcast domain, and the hub makes up the second broadcast domain).

Answer 65

D.Kerberos OBJ-4.1: The Kerberos protocol is designed to send data over insecure networks while using strong encryption to protect the information. RADIUS, TACACS+, and PAP are all protocols that contain known vulnerabilities that would require additional encryption to secure them during the authentication process.

Jason Dion - CompTIA Network+ N10-008 Exam Prep #4 Flashcards

(90 cards)