Jason Dion - CompTIA Network+ N10-008 Exam Prep #6

Question 1

You have been asked to install a media converter that connects a newly installed multimode cable to the existing Cat 5e infrastructure. Which type of media converter should you use?

A.Multi-mode to single-mode
B.Ethernet to coaxial
C.Fiber to coaxial
D.Fiber to ethernet

Answer 1

D.Fiber to ethernet

OBJ-1.3: A media converter is a Layer 1 device that changes one type of physical network connection to another. In this case, we are converting multimode (fiber) cable to Cat 5e (ethernet) cable.

Question 2

You are troubleshooting a 3 foot long fiber patch cable that you suspect is causing intermittent connectivity between two switches. Which of the following tools should you use to measure the signal as it transmits over the fiber optic cable?

A.Optical time domain reflectometer
B.Loopback adapter
C.Cable tester
D.Fiber light meter

Answer 2

D.Fiber light meter

OBJ-5.2: A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located. An Optical Time Domain Reflectometer (OTDR) is used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR can identify if a fiber cable is broken and provide an approximately location for the break. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A loopback adapter is a plug that is used to test the physical port or interface on a network device.

Question 3

Which of the following is an example of a valid IPv4 address?

A.00:AB:FA:B1:07:34
B.192:168:1:55
C.192.168.1.254
D.::1

Answer 3

C.192.168.1.254

OBJ-1.4: An IPv4 address consists of 32 bits. IPv4 addresses are written in dotted octet notation, such as 192.168.1.254. MAC addresses are written as a series of 12 hexadecimal digits, such as 00:AB:FA:B1:07:34. IPv6 addresses are written as a series of up to 32 hexadecimal digits but can be summarized using a :: symbol. The ::1 is the IPv6 address for the localhost. The other option, 192:168:1:55 is not a valid address since it uses : instead of a . in between the octets.

Question 4

Your company has just hired a contractor to attempt to identify and exploit any network vulnerabilities they could find. This person has been permitted to perform these actions and only conduct their actions within the contract’s scope of work. Which of the following will be conducted by the contractor?

A.Hacktivism
B.Social engineering
C.Vulnerability scanning
D.Penetration testing

Answer 4

D.Penetration testing

OBJ-4.1: Penetration testing is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. Penetration testers only do this with permission of the organization that owns the system, network, or web application and within the bounds of their scope of work. The person will not attempt to exploit a weakness during vulnerability scanning. Social engineering may be used as part of a penetration test, but it does not adequately describe the scenario provided. Hacktivism is when someone is hacking an organization without permission based on their own morals and values.

Question 5

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA (Wi-Fi Protected Access) with pre-shared keys, but the backend authentication system supports EAP (Extensible Authentication Protocol) and TTLS (Tunneled Transport Layer Security). What should the network administrator implement?

A.WPA2 (Wi-Fi Protected Access version 2) with a complex shared key
B.MAC (Media Access Control) address filtering with IP (Internet Protocol) filter
C.PKI (Pre-Shared Key) with user authentication
D.802.1x using EAP (Extensible Authentication Protocol) with MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2)

Answer 5

D.802.1x using EAP (Extensible Authentication Protocol) with MSCHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2)

OBJ-4.1: Since the backend uses a RADIUS server for back-end authentication, the network administrator can install 802.1x using EAP with MSCHAPv2 for authentication. The Extensible Authentication Protocol (EAP) is a framework in a series of protocols that allows for numerous different mechanisms of authentication, including things like simple passwords, digital certificates, and public key infrastructure. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is a password-based authentication protocol that is widely used as an authentication method in PPTP-based (Point to Point Tunneling Protocol) VPNs and can be used with EAP.

Question 6

An administrator is told they need to set up space in the breakroom where employees can relax. So, the administrator sets up several televisions with interconnected video game systems in the breakroom. What type of network did the administrator set up?

A.WAN (Wide Area Network)
B.MAN (Metro Area Network aka Metro-E)
C.LAN (Local Area Network)
D.CAN (Campus Area Network; CAN-2)

Answer 6

C.LAN (Local Area Network)

OBJ-1.2: Since this gaming network is within one room, it is considered a LAN. A local area network (LAN) connects computers within a small and specific area geographically. A campus area network (CAN) is a computer network that spans a limited geographic area. CANs interconnect multiple local area networks (LAN) within an educational or corporate campus. A metropolitan area network (MAN) is confined to a specific town, city, or region. It covers a larger area than a LAN but a smaller area than a WAN. A wide area network (WAN) will typically cover a larger area geographically, such as a continent, a state, or a country.

Question 7

You have been asked to create a network where visitors can access the Internet without disrupting the office’s own intranet. Which of the following types of networks should you create?

A.MU-MIMO (Multi-User, Multiple-Input and Multiple-Output)
B.Guest network
C.DMZ (DeMilitarized Zone)
D.Screened subnet

Answer 7

B.Guest network

OBJ-4.3: Guest network allows anyone to access the Internet without having the ability to disrupt the intranet. This network should be logically isolated from the corporate intranet of the office. Generally, these guest networks will directly connect to the internet with little to no security or monitoring on that network. This is a feature known as guest network isolation. A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet. A DMZ is generally used to host servers, not wireless guests or clients. A screened subnet refers to the use of one or more logical screening routers as a firewall to define three separate subnets: an external router, that separates the external network from a perimeter network, and an internal router that separates the perimeter network from the internal network. While a screened subnet could be used to isolate a guest network, it alone would not provide any wireless capability and therefore is not the best answer to this question. Multi-user MIMO is a set of multiple-input and multiple-output technologies for multipath wireless communication, in which multiple users or terminals, each radioing over one or more antennas, communicate with one another. MU-MIMO is a part of the 802.11ac wireless standards, but it alone would not isolate the wireless users from the corporate intranet.

Question 8

What is used to define how much bandwidth can be used by various protocols on the network?

A.Traffic shaping
B.Fault tolerance
C.High availability
D.Load balancing

Answer 8

A.Traffic shaping

OBJ-2.2: Traffic shaping, also known as packet shaping, is the manipulation and prioritization of network traffic to reduce the impact of heavy users or machines from affecting other users. Traffic shaping is used to optimize or guarantee performance, improve latency, or increase usable bandwidth for some kinds of packets by delaying other kinds. High availability (HA) is a component of a technology system that eliminates single points of failure to ensure continuous operations or uptime for an extended period. Fault tolerance refers to the ability of a system (computer, network, cloud cluster, etc.) to continue operating without interruption when one or more of its components fail. Load balancing refers to the process of distributing a set of tasks over a set of resources, intending to make their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

Question 9

A network technician wants to allow HTTP (HyperText Transfer Protocol) traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACLs (Access Control List) should the technician implement?

A.PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT ANY
B.PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT 80
C.PERMIT SRCIP:192.168.0.0/24 SPORT:80 DSTIP:192.168.0.0/24 DPORT 80
D.PERMIT SRCIP 192.168.0.0/24 SPORT:ANY DSTIP:ANY DPORT 80

Answer 9

D.PERMIT SRCIP 192.168.0.0/24 SPORT:ANY DSTIP:ANY DPORT 80

OBJ-4.3: This will permit traffic from the internal network (192.168.0.0/24) from any port to access the external network (any IP) to port 80 (HTTP). Since this is a stateless firewall, you must include the SPORT (source port) ANY to allow the outbound connection through the firewall.

Question 10

Dion Training is considering moving its headquarters and data center to Florida, but they are worried about hurricanes disrupting their business operations. To mitigate this risk, Dion Training has signed a contract with a vendor located in a different state to provide hardware, software, and the procedures necessary for the company to recover quickly in the case of a catastrophic event, like a hurricane causing a power loss for up to 10 days. As the owner, Jason is a little concerned that this contract isn’t sufficient to mitigate enough of the risk since it only provides a solution for the first 10 days. Jason wonders, “what will we do if a major outage occurs, and our offices are not able to be used for 6-12 months?” Jason has hired you to help develop Dion Training’s long-term strategy for recovering from such an event. What type of plan should you create?

A.Business continuity plan
B.Incident response plan
C.Disaster recovery plan
D.Risk management plan

Answer 10

A.Business continuity plan

OBJ-3.2: A business continuity plan (BCP) is a plan to help ensure that business processes can continue during a time of emergency or disaster. Such emergencies or disasters might include a fire or any other case where business cannot occur under normal conditions. A disaster recovery plan is useful (and usually a piece of the large business continuity plan), but it is insufficient for the long-term strategy which is needed to support business operations during an extended outage. The key difference between a DRP and BCP is that a DRP is focused on recovering from a disaster while a BCP is focused on maintaining operations before, during, and after the disaster. Usually, a DRP is a part of an overall BCP.

Question 11

Which of the following communication types cannot be used with IPv6?

A.Anycast
B.Unicast
C.Multicast
D.Broadcast

Answer 11

D.Broadcast

OBJ-1.4: Broadcast only works with IPv4. Broadcast communication has one sender, but it sends the traffic to every device on the network. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only sends the signal once, which is then received by multiple hosts simultaneously. Multicast can be used with both IPv4 and IPv6. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.

Question 12

Which of the following BEST describes the process of documenting everyone who has physical access or possession of evidence?

A.Legal hold
B.Secure copy protocol
C.Chain of custody
D.Financial responsibility

Answer 12

C.Chain of custody

OBJ-3.2: Chain of custody refers to documentation that identifies all changes in the control, handling, possession, ownership, or custody of a piece of evidence. The chain of custody is an important part of documenting the evidence collected during an incident response. A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. If a legal hold notice has been given to the backup service, they will not destroy the old backup tapes until the hold is lifted. Financial responsibility is the process of managing money and other kinds of assets in a way that is productive and works in the best interest of an organization. Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts.

Question 13

Which of the following communication types is used to send a direct request from one host to a server, such as when you visit a website like diontraining.com?

A.Unicast
B.Multicast
C.Broadcast
D.Anycast

Answer 13

A.Unicast

OBJ-1.4: Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6. Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. Multicast can be used with both IPv4 and IPv6.

Question 14

The RAID (Redundant Array of Independent Disks) controller on a server failed and was replaced with a different brand. What will be needed after the server has been rebuilt and joined to the domain?

A.Physical network diagram
B.Recent backups
C.Vendor documentation
D.Static IP (Internet Protocol) address

Answer 14

B.Recent backups

OBJ-3.3: If the RAID controller fails and is replaced with a RAID controller with a different brand, the RAID will break. We would have to rebuild a new RAID disk and access and restore the RAID’s most recent backup. While vendor documentation and physical documentation may be helpful, they should have been consulted before the RAID was rebuilt and added to the domain. A RAID is a type of redundant storage that is directly connected to the server using data cables, therefore you do not need an IP address for the RAID itself. If you are using a storage area network (SAN), then you may need an IP address but this is usually assigned using DHCP reservations and not a static IP address.

Question 15

Which of the following network issues can be prevented by configuring the split-horizon options on your network devices?

A.Routing loops
B.Duplicate addresses
C.Network collisions
D.Large routing tables

Answer 15

A.Routing loops

OBJ-5.5: A split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. Split-horizon does not prevent large routing tables, duplicate addresses, or network collisions, it only works to prevent routing loops.

Question 16

Your company’s wireless network was recently compromised by an attacker who utilized a brute force attack against the network’s PIN (Personal Identification Number) to gain access. Once connected to the network, the attacker modified the DNS (Domain Name System) settings on the router and spread additional malware across the entire network. Which TWO of the following configurations were most likely used to allow the attack to occur?

A.WPS (Wi-Fi Protected Setup) enabled
B.Default administrative login credentials
C.Router with outdated firmware
D.WPA2 (Wi-Fi Protected Access version 2) encryption enabled
E.TKIP (Temporal Key Integrity Protocol) encryption protocols
F.Guest network enabled

Answer 16

A.WPS (Wi-Fi Protected Setup) enabled
B.Default administrative login credentials

OBJ-2.4: Wireless networks that rely on a PIN to connect devices use the Wi-Fi Protected Setup (WPS). It is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS relies on an 8-digit PIN, but it is easily defeated using a brute force attack due to a poor design. Once connected to the network using the WPS PIN, the attacker may have logged into the router using the default administrative login credentials and then modified the router/gateway’s DNS. Commonly, many network administrators forget to change the default username/password of their devices, leaving an easy vulnerability for an attacker to exploit.

Question 17

A technician is troubleshooting a newly installed WAP (Wireless Access Point) that is sporadically dropping connections to devices on the network. Which of the following should the technician check FIRST during troubleshooting?

A.Encryption type
B.WAP (Wireless Access Point) SSID (Secure Set IDentifier)
C.WAP placement
D.Bandwidth saturation

Answer 17

C.WAP placement

OBJ-5.4: For optimal network performance, the placement of the Wireless Access Point (WAP) guidelines should be taken into consideration to ensure that the building’s construction doesn’t cause interference with the wireless signals. To determine if adequate coverage and signal strength is being received in the building, you can conduct a wireless site survey. The service set identifier (SSID) is a group of wireless network devices which share a common natural language label, such as a network name. The SSID would not affect the devices and cause sporadic connection drops. Bandwidth saturation is a phenomenon that occurs when all of a circuit’s available bandwidth in a given direction is being utilized by a large upload or download which can result in high latency and performance issues. Bandwidth saturation would not cause the wireless connection to drop, though. Encryption type refers to the type of security used on a wireless network, such as WEP, WPA, WPA2, or WPA3. The security type used on a network would not cause sporadic drops of the network connection, though.

Question 18

Dion Training just released a new corporate policy that dictates all access to network resources will be controlled based on the user’s job functions and tasks within the organization. For example, only people working in Human Resources can access employee records, and only the people working in finance can access customer payment histories. Which of the following security concepts is BEST described by this new policy?

A.Defense in depth
B.Zero trust
C.Least privilege
D.AUP (Acceptable Use Policy)

Answer 18

C.Least privilege

OBJ-4.1: Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints. Zero-trust is a security framework that requires all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered to protect valuable data and information. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used.

Question 19

A network technician just finished configuring a new interface on a router, but the client workstations do not receive the addressing information from the new interface. Which of the following should be added or changed to allow the workstations to connect to the new interface?

A.IP (Internet Protocol) helper
B.DHCP (Dynamic Host Configuration Protocol) lease time
C.MX (Mail eXchange) record
D.TTL (Time-To-Live)

Answer 19

A.IP (Internet Protocol) helper

OBJ-1.6: DHCP IP Helper addresses enable a single DHCP server to provide DHCP IP addresses to every PC on the network, regardless of whether they are on the same broadcast domain as the DHCP server or not. DHCP IP Helper addresses are IP addresses configured on a routed interface such as a VLAN Interface or a routers Ethernet interface that allows that specific device to act as a “middle man” which forwards BOOTP (Broadcast) DHCP request it receives on an interface to the DHCP server specified by the IP Helper address via unicast. Adding an IP Helper address to the new interface on the router will allow the DHCP broadcast requests to be forwarded to the workstations. Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. An MX record in DNS is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic. The DHCP lease time is the amount of time a dynamic IP can be used by a client prior to requiring it to be renewed.

Question 20

A network technician receives the following alert from a network device: “High utilization threshold exceeded on gi1/0/24: current value 88%” What is being monitored to trigger the alarm?

A.Disk space utilization
B.Port utilization
C.Memory utilization
D.Processor utilization

Answer 20

B.Port utilization

OBJ-5.5: This is an error message that indicates that the threshold of high utilization of network interface or port, in this case, interface gi1/0/24, has been exceeded. The message has been triggered on the interface link status since gi1/0 is a gigabit interface. Network devices can be configured with alarms that will send a message or alert when high utilization or low utilization past a given setpoint occurs. For example, it is common to set the high utilization setpoint to 70% and the low utilization setpoint to 30%.

Question 21

Which of the following type of sites would contain little to no hardware and could take days or weeks to become ready for use during a disaster?

A.Warm site
B.Cold site
C.Cloud site
D.Hot site

Answer 21

B.Cold site

OBJ-3.3: A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization’s enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment.

Question 22

(This is a simulated Performance-Based Question. If this was the real certification exam, you would be asked to drag-and-drop the correct encryption onto the APs.)

Your company has purchased a new building down the street for its executive suites. You have been asked to choose the best encryption for AP4 and AP5 to establish a secure wireless connection between the main building and the executive suites.

Which of the following is the BEST encryption from the options below to maximize network security between AP4 and AP5?

A.WEP (Wired Equivalent Privacy)
B.WPA2-CCMP (Wi-Fi Protected Access version 2 - Counter Mode Cipher Block Chaining Message Authentication Code Protocol)
C.Open
D.WPA (Wi-Fi Protected Access)
E.WPA2-TKIP (Wi-Fi Protected Access 2-Temporal Key Integrity Protocol)

Answer 22

B.WPA2-CCMP (Wi-Fi Protected Access version 2 - Counter Mode Cipher Block Chaining Message Authentication Code Protocol)

OBJ-2.4: WPA2-CCMP is the most secure option. Open provides no encryption or confidentiality. WEP is considered weak and breakable within minutes by an attacker. WPA is weak due to its TKIP implementation, and this weakness is carried over into WPA2-TKIP. Therefore, WPA2-CCMP is the most secure and provides the required level of confidentiality for this scenario. CCMP stands for Counter Mode CBC-MAC Protocol. CCMP, also known as AES CCMP, is the encryption mechanism that has replaced TKIP, and it is the security standard used with WPA2 wireless networks.

Question 23

A network technician has received reports of an Internet-based application that has stopped functioning. Employees reported that after updating the Internet browsers, the application began to fail. Many users rolled back the update, but this did not correct the issue. What should the company do to reduce this type of action from causing network problems in the future?

A.Verify the update hashes match those on the vendor’s website
B.Coordinate the Internet server’s update to coincide with the users’ updates
C.Implement a disaster recovery plan with a hot site to allow users to continue working
D.Segment the network and create a test lab for all updates before deployment

Answer 23

D.Segment the network and create a test lab for all updates before deployment

OBJ-3.2: Segmented networks would ensure every system isn’t updated simultaneously and would be updated in groups. This is a common configuration known as “patch rings”, where smaller groups of end-users have their machines updated to minimize the number of people affected at one time. The test lab would ensure proper functionality before deployment or would allow you to work through the technical difficulties before deployment.

Question 24

You have been asked to create an allow statement on the firewall’s ACL (Access Control List) to allow NTP (Network Time Protocol) traffic to pass into the network. Which port should be included in your permit statement?

A.636
B.143
C.123
D.69

Answer 24

C.123

OBJ-1.5: Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Trivial File Transfer Protocol (TFTP) uses port 69 and is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. The Lightweight Directory Access Protocol (LDAP) uses port 389 and is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. The encrypted version of LDAP, LDAP Secure (LDAPS) uses port 636.

Question 25

An attacker has configured their machine to report itself as a switch when connected to a wired network in an attempt to exploit your enterprise network. Which of the following types of attacks is being conducted?

A.Rogue DHCP (Dynamic Host Configuration Protocol)
B.VLAN (Virtual Local Area Network) hopping
C.DNS (Domain Name System) poisoning
D.ARP (Address Resolution Protocol) spoofing

Answer 25

B.VLAN (Virtual Local Area Network) hopping

OBJ-4.2: VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver’s cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.

Question 26

During a recent penetration test, it was discovered that your company’s wireless network could be reached from the parking lot. The Chief Security Officer has submitted a change request to your network engineering team to solve this issue because he wants to ensure that the wireless network is only accessible from within the building. Based on these requirements, which of the following settings should be changed to ensure the wireless signal doesn’t extend beyond your building’s interior while maintaining a high level of availability to your users?

A.Encryption
B.Frequency
C.Channel
D.Power level

Answer 26

D.Power level

OBJ-4.3: The power level should be reduced for the radio transmitter in the wireless access points. With a reduced power level, the signal will not travel as far. You can ensure the signal remains within the building’s interior only by conducting a site survey and adjusting the power levels of each wireless access point. The other options, if changed, would affect the availability of the network, and it would not dramatically affect the distance the signal travels.

Question 27

You are having lunch at a local restaurant which has free Wi-Fi (Wireless Fidelity; IEEE 802.11) for its customers. There is not a captive portal and there is no password needed to connect to the network, but the restaurant has an automated method of disconnecting users after 30 minutes. As you are eating your lunch, you notice that 30 minutes have passed, but you want to reconnect to the wireless network. Which of the following techniques would allow you to reconnect?

A.Brute-force attack
B.IP (Internet Protocol) spoofing
C.Dictionary attack
D.MAC (Media Access Control) spoofing

Answer 27

D.MAC (Media Access Control) spoofing

OBJ-4.2: MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. Public wireless networks can be configured to use MAC filtering to block access to devices once they reach a certain time limit. It appears that after 30 minutes, the restaurant’s wireless access points are adding your MAC address to the block list. If you change your MAC address through MAC spoofing, you can reconnect to the network for another 30 minutes without any issues. Since the wireless network provides the IP address, IP spoofing would not successfully allow you to reconnect since the MAC filtering would block your access before obtaining an IP. IP spoofing is a method of modifying the source address in the packet header to make the receiving computer system think the packet is from a trusted source, such as another computer on a legitimate network, and accept it. A dictionary attack is a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file. A brute-force attack consists of an attacker submitting every possible combination for a password or pin until they crack it.

Question 28

Which of the following errors would be received if an ethernet frame greater than 1518 bytes is received by a switch?

A.Run
B.Encapsulation error
C.Giant
D.CRC (Cyclic Redundancy Checksum) error

Answer 28

C.Giant

OBJ-3.1: A giant is any ethernet frame that exceeds the 802.3 frame size of 1518 bytes. A runt is an ethernet frame that is less than 64 bytes in size. Encapsulation is a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame. Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network.

Question 29

Dion Training has just installed a web server for a new domain name. Which of the following DNS (Domain Name System) records would need to be created to allow users to reach the website using its domain name and then redirect clients to the proper IPv6 address for the server?

A.MX (Mail eXchange)
B.AAAA (indicates the IPv6 address of a given domain)
C.SOA (Start Of Authority)
D.A (indicates the IPv4 address of a given domain)

Answer 29

B.AAAA (indicates the IPv6 address of a given domain)

OBJ-1.6: An AAAA record associates your domain name with an IPv6 address. An A record associates your domain name with an IPv4 address. An MX record is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic. A Start of Authority (SOA) resource record indicates which Domain Name Server (DNS) is the best source of information for the specified domain.

Question 30

A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password have been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all the networking devices, which of the following should the technician do to prevent the password from being sniffed on the network again?

A.Copy all configurations to routers using TFTP (Trivial File Transfer Protocol) for security
B.Only allow administrators to access routers using port 22
C.Use SNMPv1 (Simple Network Management Protocol) for all configurations involving the router
D.Ensure the password is 10 characters, containing letters and numbers

Answer 30

B.Only allow administrators to access routers using port 22

OBJ-4.3: Port 22 uses SSH to authenticate a remote computer or user, or in this case, an administrator. Even if the router has been compromised, the new full rights user will not access their new account without the SSH key, which could only be provided by a true administrator. Telnet uses port 23 and passes all information as unencrypted traffic on the network. Telnet should always be disabled for security reasons, and SSH (which uses encryption) should be used instead.

Question 31

Your deep packet inspection firewall is dropping portions of your packet flow as it enters or leaves the network. The network is configured to use HSRP (Hot Standby Router Protocol) to load balance the network traffic across two network devices in a high availability cluster. Which of the following issues would cause your network security devices, such as your firewalls, to drop packet flows and cause intermittent network connectivity to your clients?

A.Collision
B.Broadcast storm
C.Asymmetric routing
D.Multicast flooding

Answer 31

C.Asymmetric routing

OBJ-5.5: Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path). Remember, asymmetric routing doesn’t cause any routing issues necessarily, but they do cause issues with dropped packet flows by our security devices like firewalls and unified threat management systems, so you need to consider this in the design of your network architectures to prevent this issue from occurring. If you don’t, then packet flow drops will occur and your clients can experience network intermittent connectivity. Multicast flooding occurs because no specific host is associated with the multicast MAC address in the content-addressable memory (CAM) table of a switch. A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment. A broadcast storm is the result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic.

Question 32

Dion Training’s network technicians are about to upgrade a Cisco 3900-series router, but they first want to create a copy of the router’s configuration and IOS (Internetworking Operating System) files to serve as a backup. Which of the following tool should the technicians utilize?

A.show route
B.traceroute
C.tcpdump
D.TFTP (Trivial File Transfer Protocol) server

Answer 32

D.TFTP (Trivial File Transfer Protocol) server

OBJ-5.3: A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. The “show route” command is used on a Cisco networking device to display the current state of the routing table for a given network device. The traceroute command is used on Linux, Unix, and OS X devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.

Question 33

A network technician has received a report that workstations are unable to gain access to the network. During the troubleshooting process, the technician discovers that the switch connecting these workstations has failed. Which of the following is the QUICKEST option to configure a replacement switch with a secure configuration?

A.Baseline
B.Syslog (System Logging)
C.Archive
D.Image

Answer 33

D.Image

OBJ-3.3: To image a switch, you can make a backup of the configuration and deploy it to a new/different switch. An image can contain the firmware and its configurations. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. An archive is a backup of the configurations for the network device. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

Question 34

Which of the following network devices can be used to detect and prevent an identified threat based on its signature?

A.IDS (Intrusion Detection System)
B.IPS (Intrusion Protection System)
C.Router
D.Switch

Answer 34

B.IPS (Intrusion Protection System)

OBJ-2.1: An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent identified threats. An Intrusion Detection System (IDS) is a network security/threat prevention technology that examines network traffic flows to detect and alert upon identified threats. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain.

Question 35

Your company’s corporate headquarters provided your branch office a portion of their Class C subnet to use at a new office location. You must allocate the minimum number of addresses using CIDR (Classless Inter-Domain Routing or supernetting) notation in order to accommodate each department’s needs. What is the correct CIDR notation for the Finance department’s subnet, which requires 32 devices?

A./25
B./28
C./26
D./27
E./30
F./29

Answer 35

C./26

OBJ-1.4: Since the Finance department needs 32 devices plus a network ID and broadcast IP, it will require 34 IP addresses. The smallest subnet that can fit 34 IPs is a /26 (64 IPs). A /26 will borrow 2 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^6 available host IP addresses, or 64 total IP addresses. Of the 64 IP addresses, there are 62 available for clients to use, one for the network ID, and one for the broadcast address.

Question 36

Your company has been asked by a local charity that supports underprivileged youth if they would help to build an internet café for their students. Because the charity doesn’t have any funding for this project, your company has decided to donate their old workstations and networking equipment to create the network. All of the workstations, routers, and switches have been tested before installation. The company has decided to reuse some old network cables to connect the computers to the switches to save money. When you arrive at the new internet cafe, you are told that everything is working except unlucky computer #13 can’t connect to the network. You attempt to plug the network cable into another computer, but then that computer cannot connect to the network. Confused, you try connecting the cable directly between two computers, and now they can communicate directly with each other. What is wrong with this cable?

A.The cable is a straight-through cable but should be a crossover cable
B.The cable is a console cable but should be a straight-through cable
C.The cable is a crossover cable but should be a straight-through cable
D.The cable is a rollover cable but should be a crossover cable

Answer 36

C.The cable is a crossover cable but should be a straight-through cable

OBJ-5.2: Since the cable only worked when connecting two computers directly together, it is a crossover cable. Crossover cables are used to connect two of the same devices (computer to computer, or router to router) by switching the transmit and receiving pins in the cable’s jack. Since you are trying to connect a computer to a switch, you need to have a straight-through cable instead. A rollover or console cable is used to connect a computer to a router’s console port, not a computer to a switch.

Question 37

Which of the following is the LEAST secure wireless security and encryption protocol?

A.WPA (Wi-Fi Protected Access)
B.WPA2 (Wi-Fi Protected Access version 2)
C.WPA3 (Wi-Fi Protected Access version 3)
D.WEP (Wired Equivalent Privacy)

Answer 37

D.WEP (Wired Equivalent Privacy)

OBJ-2.4: Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications that was designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption. Wi-Fi protected access version 3 (WPA3) has replaced WPA2 as the most secure wireless encryption method. WPA3 uses the simultaneous authentication of equals (SAE) to increase the security of preshared keys. WPA3 provides the enhanced open mode that encrypts transmissions from a client to the access point when using an open network. WPA3 Enterprise mode supports the use of AES with the Galois/counter mode protocol (GCMP-256) for the highest levels of encryption.

Question 38

Which of the following wireless characteristic does channel bonding improve?

A.Signal strength
B.Connection speed
C.Encryption strength
D.Coverage area

Answer 38

B.Connection speed

OBJ-2.4: Channel bonding is a practice commonly used in IEEE 802.11 implementations in which two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices. Signal strength only refers to the maximum transmitted power by an antenna. Coverage area is the geographic area with adequate signal strength around a single antenna or wireless network. Encryption strength is a measure of the number of bits in the key used to encrypt data in an algorithm.

Question 39

Which of the following policies or plans would dictate which types of websites should be added to the proxy server’s content filter within an organization?

A.Remote access policy
B.Data loss prevention policy
C.Password policy
D.AUP (Acceptable Use Policy)

Answer 39

D.AUP (Acceptable Use Policy)

OBJ-3.2: An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. A data loss prevention policy is a document that defines how organizations can share and protect data. It guides how data can be used in decision making without it being exposed to anyone who should not have access to it. The goal of a data loss prevention policy is to minimize accidental or malicious data loss. A remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network.

Question 40

Which of the following cloud services should an organization choose to develop a new iPhone app without having to configure and set up its own development environment?

A.SaaS (Software-as-a-Service)
B.IaaS (Infrastructure-as-a-Service)
C.PaaS (Platform-as-a-Service)
D.DaaS (Desktop-as-a-Service)

Answer 40

C.PaaS (Platform-as-a-Service)

OBJ-1.8: Platform as a Service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. Infrastructure as a Service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on-demand, on a pay-as-you-go basis. Software as a Service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider. Desktop as a Service (DaaS) is a cloud computing offering where a service provider delivers virtual desktops to end-users over the Internet, licensed with a per-user subscription. DaaS is often called Virtual Desktop Infrastructure (VDI).

Question 41

You are trying to select the best device to install to proactively stop outside attackers from reaching your internal network. Which of the following devices would be the BEST for you to select?

A.IDS (Intrusion Detection System)
B.Syslog (SYStem LOGging Protocol) server
C.IPS (Intrusion Protection System)
D.Proxy server

Answer 41

C.IPS (Intrusion Protection System)

OBJ-2.1: An intrusion prevention system (IPS) is a form of network security that detects and prevents identified threats. Intrusion prevention systems continuously monitor your network, looking for possible malicious incidents, and capturing information about them. An IPS can block malicious network traffic, unlike an IDS, which can only log them. A proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

Question 42

Your company wants to develop a voice solution to provide 23 simultaneous connections using VoIP (Voice-over Internet Protocol). Which of the following technologies could BEST provide this capability?

A.DOCSIS (Data Over Cable Service Interface Specification)
B.T1 (bundles together 24 64-kbps (DS0) time-division multiplexed (TDM) channels over 4-wire copper circuit. This creates a total bandwidth of 1.544 mbps)
C.POTS (Plain Old Telephone Service)
D.DSL (Digital Subscriber Line)

Answer 42

B.T1 (bundles together 24 64-kbps (DS0) time-division multiplexed (TDM) channels over 4-wire copper circuit. This creates a total bandwidth of 1.544 mbps)

OBJ-1.2: A T1 can transmit 24 telephone calls at a time because it uses a digital carrier signal (DS-1). DS-1 is a communications protocol for multiplexing the bit streams of up to 24 telephone calls simultaneously. The T1’s maximum data transmission rate is 1.544 Mbps. DOCSIS is the standard for a cable modem. DSL is a Digital Subscriber Line which has variable speeds from 256 Kbps and up. POTS is the Plain Old Telephone System, and provides only a single phone connection at a time. Out of these options, the T1 is the BEST to ensure you can reliably provide 23 simultaneous phone connections.

Question 43

The local electric power plant contains both business networks and ICS/SCADA SCADA/ICS (Supervisory Control and Data Acquisition / Industrial Control Systems) networks to control their equipment. Which technology should the power plant’s security administrators look to implement first as part of configuring better defenses for the ICS/SCADA systems?

A.Automated patch deployment
B.Log consolidation
C.IPS (Intrusion Prevention System)
D.Anti-virus software

Answer 43

C.IPS (Intrusion Protection System)

OBJ-2.1: Since this question is focused on the ICS/SCADA network, the best solution would be implementing an Intrusion Prevention System. ICS/SCADA machines utilize very specific commands to control the equipment and to prevent malicious activity. You could set up strict IPS rules to prevent unknown types of actions from being allowed to occur. Log consolidation is a good idea, but it won’t prevent an issue and therefore isn’t the most critical thing to add first. Automated patch management should not be conducted, as ICS/SCADA systems must be tested before conducting any patches. Often, patches will break ICS/SCADA functionality. Anti-virus software may or may not be able to run on the equipment, as well, since some ICS/SCADA systems often do not rely on standard operating systems like Windows.

Question 44

Users are complaining that they are unable to connect to the wireless network when seated in the breakroom. You are troubleshooting the issue and have questioned the employees in the area about the issue. You have determined that it was working properly yesterday, but this morning it stopped working. You also determined that there was a power outage earlier this morning for about 10 minutes. After gathering this information and identifying the symptoms of the problem, what should you do NEXT according to the network troubleshooting methodology?

A.Establish a plan of action to resolve the problem
B.Implement preventive measures
C.Establish a theory of probable cause
D.Document findings and actions

Answer 44

C.Establish a theory of probable cause

OBJ-5.1: The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Based on the scenario presented, you have already gathered information, questioned users, identified symptoms, and determined if anything changed, so you have completed the first step: identify the problem. Now, you should begin to establish a theory of probable cause by questioning the obvious and using a top-to-bottom, bottom-to-top, or divide and conquer approach to troubleshooting.

Question 45

Your workstation has fallen victim to a on-path attack. Upon investigation, you determine that the attack is occurring at layer 2 of the OSI (Open Systems Interconnection) model and is redirecting traffic destined for your workstation to the attackers’ workstation instead. What type of attack was performed against your workstation?

A.DNS (Domain Name System) poisoning
B.VLAN (Virtual Local Area Network) hopping
C.Rogue DHCP (Dynamic Host Configuration Protocol)
D.ARP (Address Resolution Protocol) spoofing

Answer 45

D.ARP (Address Resolution Protocol) spoofing

OBJ-4.2: ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer, server, or gateway on the network. VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver’s cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.

Question 46

What is the network ID (IDentification) associated with the host located at 189.76.60.164/26?

A.189.76.60.0
B.189.76.60.64
C.189.76.60.192
D.189.76.60.128

Answer 46

D.189.76.60.128

OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /26, so each subnet will contain 64 IP addresses. This means that there are four networks in this class C range: 189.76.60.0, 189.76.60.64, 189.76.60.128, and 189.76.60.192. Since the IP address provided is 189.76.60.164, it will be in the 189.76.60.128/26 network.

Question 47

Which of the following policies or plans would dictate how an organization would respond to a fire that left their office building unusable for the next 3 months?

A.Disaster recovery plan
B.Business continuity plan
C.Incident response plan
D.System life cycle plan

Answer 47

A.Disaster recovery plan

OBJ-3.2: A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber-attacks, and other disruptive events. A business continuity plan is a document that outlines how a business will continue operating during an unplanned service disruption. A business continuity plan is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human capital and business partners, and essentially every other aspect of the business that might be affected. An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describe the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement.

Question 48

As part of unified communications services, QoS (Quality of Service) must be implemented to provide support for DSCP (Differentiated Services Code Point) and CoS (Class of Service). Which of the following OSI (Open Systems Interconnection) layers does QoS operate within?

A.Layer 5
B.Layer 4
C.Layer 2
D.Layer 1

Answer 48

C.Layer 2

OBJ-1.1: DSCP is a layer 3 packet, and it is the most commonly used value for QoS of an IP packet (as it gives lots of flexibility). CoS, on the other hand, is a layer 2 packet. Based on the options given, only Layer 2 could be correct. Quality of Service usually operates at either Layer 2 or Layer 3 of the OSI model, depending on if you are using CoS or DSCP.

Question 49

Syed is developing a vulnerability scanner program for a large network of sensors to monitor his company’s transcontinental oil pipeline. What type of network is this?

A.SoC (System-on-chip)
B.BAS (Building Automation System)
C.SCADA (Supervisory Control and Data Acquisition)
D.CAN (Controller Area Network; CAN-1)

Answer 49

C.SCADA (Supervisory Control and Data Acquisition)

OBJ-2.1: SCADA (supervisory control and data acquisition) networks work off an ICS (industry control system) and maintain sensors and control systems over large geographic areas. A building automation system (BAS) for offices and data centers (“smart buildings”) can include physical access control systems, but also heating, ventilation, and air conditioning (HVAC), fire control, power and lighting, and elevators, and escalators. A vehicular network is called a controller area network (CAN). A CAN uses serial communication buses to connect electronic control units and other subsystems in cars and unmanned aerial vehicles (UAV). System-on-chip (SoC) is a design where all these processors, controllers, and devices are provided on a single processor die or chip.

Question 50

A network technician works with a junior technician when the network technician is called away for a more urgent issue. The junior technician orders an SC 80/125 fiber cable instead of an ST 80/125. Which of the following will MOST likely be an issue with the new cable?

A.Attenuation/dB (deciBels) loss
B.Connector mismatch
C.Wavelength mismatch
D.Distance limitations

Answer 50

B.Connector mismatch

OBJ-5.2: While both SC and ST are fiber cables, they utilize different connectors. The cable ordered will not be compatible with the current equipment in use. SC (subscriber connector) is nicknamed the “square connector” or the “stick and click” connector. The SC has a push-pull coupling end face with a spring loaded ceramic ferrule. The ST (straight tip) connector uses a rounded bayonet fitment as its connector. The ST is nicknamed the “stick and twist” connector.

Question 51

After upgrading a fiber link from 1 Gbps to 10 Gbps. A network technician ran a test of the link and the link is not connecting properly. The two routers are 450 meters apart and are connected using a MMF (Multi-mode optical) fiber with 10GBaseLR SFP+ transceivers. The fiber runs through the electrical and boiler rooms of each building. Which of the following is the MOST likely cause of the connectivity issues?

A.Interference from the electrical room
B.There is heat in the boiler room
C.The wrong transceivers are being used
D.There is a short in the cable

Answer 51

C.The wrong transceivers are being used

OBJ-5.2: The transceivers being used are 10GBaseLR, which are used with single mode fiber (SMF), not multimode fiber (MMF). Since the network is already using MMF fiber and was previously working, the technician should replace the 10GBaseLR SFP+ transceivers with 10GBaseSR SFP+ transceivers instead. Now, this is a difficult question, but if you take it one step at a time, you can also use the process of elimination to get the right answer if you weren’t sure of which type of transceiver to use. First, the question is using a fiber connection, so it will not be subject to electrical interference. Second, fiber is not affected by heat like copper connections, therefore the boiler room option can be eliminated. Third, an open or short condition only occurs with copper cables, not fiber, therefore this option can also be eliminated. This leaves you with the incorrect transceiver being used as the only possible correct option.

Question 52

Which of the following network devices is used to separate broadcast domains?

A.Media converter
B.Hub
C.Multilayer switch
D.Bridge

Answer 52

C.Multilayer switch

OBJ-2.1: A multilayer switch combines the features of a switch and a router into a single device. A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A bridge is networking hardware that forwards traffic between network segments at the data link layer (Layer 2) of the OSI model using MAC addresses. Each switchport on a bridge is a separate collision domain, but all switchports are in a common broadcast domain. A media converter is a networking device that transparently converts Ethernet or other communication protocols from one cable type to another type, such as from copper to fiber or twisted pair to coaxial. A media converter operates at the physical layer (Layer 1) of the OSI model.

Question 53

An administrator arrives at work and is told that network users are unable to access the shared drive on a Windows server. The administrator logs into the server and sees that some Windows Updates were automatically installed last night successfully, but now the network connection shows “limited” with no availability. What rollback action should the technician perform?

A.Server’s IP (Internet Protocol) address
B.Antivirus updates
C.Server’s NIC (Network Interface Controller) drivers
D.Web browser

Answer 53

C.Server’s NIC (Network Interface Controller) drivers

OBJ-5.5: When automatically receiving updates through the Windows Update service, your server can receive driver updates for its network interface card (NIC), graphics cards, and other peripherals. This can accidentally install an incompatible driver that causes network connectivity issues to occur. A best practice is to always set driver updates to “manual” so that you can download and test them in a lab before upgrading your production servers. If your drivers were updated and this is causing the connectivity issue, you can perform a driver rollback to the last known working version of the drivers. An IP address is bound to a network interface card using DHCP and there is no such thing as a “rollback” for a server’s IP address. The error of “limited” connectivity is associated with the network interface card and the network connection, not the antivirus or the web browser.

Question 54

Which of the following is used to connect Cat 5e or above networks in an MDF (Main Distribution Frame) or IDF(Intermediate Distribution Frame)?

A.F type (Coaxial Radio Frequency connector)
B.110 punchdown block
C.66 punchdown block
D.RJ-11 (Registered Jack, 11; telephony)

Answer 54

B.110 punchdown block

OBJ-1.3: A 110 punchdown block is a type of punch block used to terminate runs of on-premises wiring in a structured cabling system. The designation 110 is also used to describe a type of insulation displacement contact (IDC) connector used to terminate twisted pair cables when using a punch-down tool similar to the older 66 punchdown block. A 110 punchdown block provides more spacing between the terminals and is designed for Cat 5 networks to eliminate crosstalk between the cables. F type connectors are used for coaxial cables, not Cat 5e network cables. RJ-11 is used to terminate telephone lines, not Cat 5e network cables.

Question 55

Your network has been the victim of a data breach. Your company has hired an incident response team to help control the breach’s damage and restore the network to its full functionality. The incident response team wants to connect a packet capture device to the switch that connects your servers to the DMZ (DeMilitarized Zone). Which of the following should be configured to ensure the packet capture device can receive all the network traffic going to and from the servers?

A.802.1q
B.Port security
C.Port mirroring
D.802.1x

Answer 55

C.Port mirroring

OBJ-2.3: Port mirroring, also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed. In this case, you can connect the packet capture device to the SPAN port (mirrored port) to collect all the network traffic for later analysis.

Question 56

You have been asked to run a cable between a drop ceiling and a standard ceiling and ensure it meets your local government’s fire safety requirements. The cable will be used to support a 10GBaseT network connection for up to 100 meters. Which of the following cables should you select to meet these requirements?

A.Plenum Cat 5e
B.PVC Cat 5e
C.Plenum Cat 6a
D.PVC Cat 6a

Answer 56

C.Plenum Cat 6a

OBJ-5.2: Cat 6a can also support 10Gbps for up to 100 meters using 10GBaseT. Cat 5e can only support 1000BaseT (1 Gbps) connections. Since we are concerned with the cable’s fire safety rating, we should use a Plenum cable, not a PVC cable. Plenum-rated cable has a special insulation that has low smoke and low flame characteristics. Plenum cable is mandated to be installed in any air handling space, such as the space between a drop ceiling and the standard ceiling. PVC (Polyvinyl Chloride) is what your standard Category 5e and Category 6 cable jacket are constructed of. This PVC jacket when burning or smoldering releases hydrochloric acid and dioxin which are both toxic. For this reason, PVC cannot be used in-between the drop ceiling and the standard ceiling.

Question 57

Dion Training utilizes a federation authentication model for all of its internal and external services. If an employee needs to access one of the company’s web applications from their smartphone, they use a username and password to log in to the main website. They then are transferred and authenticated to all of the other sites and services automatically. Which of the following type of authentication is this known as?

A.TouchID (Apple biometric fingerprint technology)
B.MFA (MultiFactor Authentication)
C.SSO (Single Sign-On)
D.FaceID (Apple facial recognition technology)

Answer 57

C.SSO (Single Sign-On)

OBJ-4.1: Single Sign-on (SSO) is an authentication technology that allows users to authenticate once and receive authorizations for multiple services. The advantage of single sign-on is that each user does not have to manage multiple user accounts and passwords. The disadvantage is that compromising the account also compromises multiple services. Multifactor authentication is an authentication scheme that relies on at least two of the five factors: something you know, something you have, something you are, something you do, and somewhere you are. Since only a username and password are used in this scenario, it is not considered multi-factor authentication. Face ID is an Apple device feature that uses a face lock to grant access to the device. Face ID is considered a form of biometric authentication. Touch ID is an Apple device feature that uses fingerprint biometric information to grant access to the device.

Question 58

Stella, a web developer, has asked for your assistance in troubleshooting her latest website. When she attempts to connect to the web server as a user, the web browser issues a standard HTTP (HyperText Transfer Protocol) request to the server but continually receives a timeout response in return. You decide to capture the entire TCP (Transmission Control Protocol) handshake between her workstation and the webserver to better troubleshoot this issue. Which of the following tools would BEST allow you to capture and review the HTTP request and response between the client and the webserver?

A.Protocol analyzer
B.Spectrum analyzer
C.Tone generator
D.Port scanner

Answer 58

A.Protocol analyzer

OBJ-5.3: A protocol analyzer is used to capture network traffic on a network and display it for analysis. A protocol analyzer, like Wireshark, can capture the entire network packet as it transits the network and display it according to the different layers of the OSI model. A spectrum analyzer is used to measure the magnitude of an input signal’s frequency. A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A port scanner is used to determine which ports and services are open and available for communication on a target system.

Question 59

Which of the following policies or plans provides the framework for how an organization will react to a malware infection within their network?

A.Incident response plan
B.System life cycle plan
C.Bring your own device policy
D.AUP (Acceptable Use Policy)

Answer 59

A.Incident response plan

OBJ-3.2: An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describes the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A bring your own device (BYOD) policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops.

Question 60

You have just replaced a faulty Ethernet cable in a patch panel. Within a few minutes, you find out that users are experiencing slow or no Internet connectivity all over the building. A broadcast storm has begun to occur. After removing the replacement cable, which of the following should you do NEXT?

A.Remove and replace all of the Ethernet cables on the switch
B.Review labeling and logical network diagram documentation
C.Attempt to isolate the broadcast storm by rebooting the switch
D.Replace the cable during the maintenance window

Answer 60

B.Review labeling and logical network diagram documentation

OBJ-5.5: You most likely have plugged the new cable into the wrong port on the patch panel. By reviewing the documentation and labeling, you might see the domain architecture, the strength of user connections, and the relationships in those connections, thereby making it easy to reassign the patch cables corrected. Something has likely been mislabeled, and the replacement of the patch cable was plugged into the wrong port and caused a loop.

Question 61

What state is the switchport with the LEAST desirable path placed by the spanning tree protocol when a switch has multiple paths to reach the root bridge?

A.Blocking
B.Listening
C.Learning
D.Forwarding

Answer 61

A.Blocking

OBJ-2.3: The spanning tree protocol supports four different states on any given switchport. The switchport will go into a blocking state when it receives a BPDU that indicates there is a better path to the root bridge and the switchport itself is not a root port or designated port. If the switchport is a root port or designated port, it will then move to a listening state. During the listening state, the switchport will discard any frames it receives. When the switchport is in a learning state, it will listen for and process BPDUs it receives and updates its MAC address table. During a listening state, the switchport will not forward any of the frames to others. A switchport in a forwarding state will process BPDUs, update its MAC table, and forward the BPDUs to other switchports. This process will ensure that switching loops are prevented in a network.

Question 62

Dion Training is adding a leased line link between its headquarters in Puerto Rico and its branch office in the Philippines. The organization has purchased a point-to-point network connection using a dedicated T1 circuit to link the locations together. Dion Training has been assigned a Class C scope of 187.15.3.0/24 and needs to add an IP address to each end of this T1 connection. What is the correct CIDR notation for the new subnet that will contain this T1 connection in order to accommodate the link while allocating the minimum number of addresses?

A./27
B./28
C./29
D./30

Answer 62

D./30

OBJ-1.4: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have a link that requires an IP for each end of the connection, therefore we need two IP addresses. But, every network also needs one IP address for the network and a second IP address for the broadcast. This means you need 4 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). To symbolize a CIDR block with 4 IP addresses, we would use /30, which is 2^2 = 4. Some newer network devices will support the use of a /31 (2 IP addresses) for point-to-point links like the one described in this scenario. In that cases, the network and broadcast IP addresses are not assigned, and a /31 subnet with a subnet mask of 255.255.255.254 can be used.

Question 63

Dion Training is adding two new employees in Peru and wants to assign them a portion of their public Class C IPv4 address space. Dion Training has been assigned a Class C scope of 187.15.3.0/24. The two employees will be working from home and connecting over a VPN to a dedicated VLAN for the company’s Peruvian employees. What is the correct CIDR notation for the Peruvian portion of the network in order to accommodate the 2 users while allocating the minimum number of addresses?

A./29
B./31
C./30
D./28

Answer 63

C./30

OBJ-1.4: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have 2 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 4 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). To symbolize a CIDR block with 4 IP addresses, we would use /30, which is 2^2 = 4.

Question 64

Which of the following network topologies uses a single network device as a centralized node that all other devices connect back to in order to form the network?

A.Star
B.Ring
C.Bus
D.Mesh

Answer 64

A.Star

OBJ-1.2: A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A mesh topology is a network topology in which the infrastructure nodes connect directly, dynamically, and non-hierarchically to as many other nodes as possible and cooperate with one another to efficiently route data to and from the network clients. A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring.

Question 65

Which of the following types of remote access technologies should NOT be used in a network due to its lack of security?

A.SSH (Secure SHell)
B.Telnet (TELetype NETwork)
C.RDP (Remote Desktop Protocol)
D.VPN (Virtual Private Network)

Answer 65

B.Telnet (TELetype NETwork)

OBJ-4.3: Telnet should not be used in a network due to its weak security posture. Telnet transmits all of the data in plain text (without encryption), including usernames, passwords, commands, and data files. For this reason, it should never be used in production networks and has been replaced by SSH in most corporate networks. Remote Desktop Protocol (RDP) is a Microsoft protocol designed to facilitate application data transfer security and encryption between client user devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer. SSH (Secure Shell) is used to remotely connect to a network’s switches and routers to configure them securely. SSH is typically used for logging into a remote machine and executing commands, but it also supports tunneling, forwarding TCP ports, and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model. A remote-access VPN connection allows an individual user to connect to a private network from a remote location using a laptop or desktop computer connected to the internet. A remote-access VPN allows individual users to establish secure connections with a remote computer network. Once established, the remote user can access the corporate network and its capabilities as if they were accessing the network from their own office spaces.

Question 66

Your company has decided to upgrade its legacy phone system to use VoIP devices instead. The new phones will download the configurations from a server each time they boot up. Which of the following ports needs to be opened on the firewall to ensure the phones can communicate with the TFTP (Trivial File Transfer Protocol) server and download their boot-up configurations?

A.69
B.21
C.161
D.53

Answer 66

A.69

OBJ-1.5: Trivial File Transfer Protocol (TFTP) is a simple protocol that provides a basic file transfer function with no user authentication. TFTP uses port 69 to communicate. TFTP is intended for applications that do not need the sophisticated interactions that File Transfer Protocol (FTP) provides. The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP uses port 21 to communicate. The Domain Name System (DNS) is used to translate requests for names into IP addresses, controlling which server an end-user will reach when they type a domain name into their web browser. DNS uses port 53 to communicate. The Simple Network Management Protocol (SNMP) is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. SNMP uses port 161 to communicate.

Question 67

A 48-port switch on the Dion Training network just rebooted and all the clients are attempting to obtain a new DHCP (Dynamic Host Configuration Protocol) address. Which of the following issues may begin to occur?

A.Broadcast storm
B.Duplicate IP (Internet Protocol) address
C.Asymmetric routing
D.Collisions

Answer 67

A.Broadcast storm

OBJ-5.5: A broadcast storm is the result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic. The DHCP discover, offer, request, and acknowledge process occurs using broadcast messages, therefore a broadcast storm could occur due to all 48 clients attempting to receive a DHCP assignment simultaneously. A duplicate IP address occurs when two or more devices have been assigned the same IP address, either dynamically by the DHCP server or statically by a network administrator. Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path). A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment.

Question 68

The accounting department has been relocated to a new area of the building, which is more than 70 meters away from the closest IDF. To comply with an SLA (Service-Level Agreement) that requires that 10Gb speeds be provided, what type of media should be installed?

A.CAT 6a
B.CAT 5e
C.802.11n
D.802.11ac

Answer 68

A.CAT 6a

OBJ-1.3: Cat6a is the only one listed that can meet 10 Gbps. CAT5e and 802.11 ac support speeds up to 1 Gbps. 802.11n supports speeds of up to 600 Mbps.

Question 69

You are trying to increase your network’s security by implementing a system of two-factor authentication (2FA). Which of the following authentication factors should you choose to meet this requirement?

A.Facial scan and fingerprint
B.Key fob and smartcard
C.Username and password
D.Smartcard and PIN (Personal Identification Number)

Answer 69

D.Smartcard and PIN (Personal Identification Number)

OBJ-4.1: Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by using a combination of two different factors: (1) something you know, (2) something you have, or (3) something you are. Out of the options provided, only a smartcard (something you have) and a PIN (something you know) meet the requirements of 2FA. If you have two factors from the same type/category, like something you know (username and password), this is only considered a single factor of authentication.

Question 70

A technician is testing a new web-based tool capable of generating an automatic teller machine (ATM) cash and service availability reports. A consortium of financial institutions developed the web-based tool. Which of the following cloud delivery models is being described in this scenario?

A.Public
B.Community
C.Private
D.Hybrid

Answer 70

B.Community

OBJ-1.8: A community cloud is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third party and hosted internally or externally. The scenario described is a community cloud-created tool by the banking industry. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A private cloud contains services offered either over the Internet or a private internal network and only to select users instead of the general public. A hybrid cloud uses a mix of on-premises, private cloud, and third-party, public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud.

Question 71

The network technician, Eduardo, has received a large number of complaints from users that the network is experiencing poor performance and excessive load times. The network technician determines that an attacker is creating a malicious flood of network traffic by sending ping requests. What can the network technician do to prevent this from occurring?

A.Delete the malicious user’s account
B.Update the client’s antivirus software
C.Modify the ACL (Access Control List) to block ICMP (Internet Control Message Protocol) traffic
D.Upgrade the router’s firmware

Answer 71

C.Modify the ACL (Access Control List) to block ICMP (Internet Control Message Protocol) traffic

OBJ-4.3: A ping request sends an ICMP echo request packet to the specified target and then waits for the response. The target will then return an ICMP echo reply to the system that sent the request. This was originally designed to test the connectivity between two systems over a given network, but has been used by attackers to create a denial-of-service condition by flooding a target with ping requests or replies. To prevent this from occurring, a network technician should block all ICMP requests, or at the very least block all ICMP requests from outside of the local area network. Blocking all ICMP requests would eliminate the ping request flood, although it may become harder to diagnose network issues in the future as ICMP is used heavily in network troubleshooting by the ping and tracert/traceroute commands. A firmware update will upgrade your device with advanced operational instructions without needing a hardware upgrade. Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware. A user account is an identity created for a person in a computer or computing system. The flood of ping requests occurs using ICMP traffic, not a particular user account, virus, or missing feature in a router. Therefore, blocking ICMP requests is the best answer.

Question 72

A technician is troubleshooting a workstation at Dion Training. The workstation is suffering from intermittent connectivity issues. The technician notices that the STP (Single Twisted Pair) cable pairs are not completely twisted near the connector. Which of the following issues may be experienced because of this?

A.Tx/Rx reverse (Transmit/Receive)
B.568A/568B mismatch
C.Crosstalk
D.Split pair

Answer 72

C.Crosstalk

OBJ-5.2: Crosstalk is defined as an effect caused by the unintentional and undesired transmission (leakage) of a signal from one cable to another. Crosstalk can occur if the twisted pairs are not twisted sufficiently, because the twisting of the cable pairs reduces crosstalk between neighboring cable pairs. The twisting is done to help cancel exterior electromagnetic interference. To solve this cable’s crosstalk issue, the cable pairs should be trimmed down and the cable re-terminated again properly. The EIA/TIA-568A and EIA/TIA-568B wiring standards utilize different colored cable pairs on each end of a cable. If you use a mismatch of the two standards on the same cable, it would create a cable that cannot be used as a straight-through or patch cable. This would not lead to intermittent connectivity, though, it would lead to a scenario with no connectivity. The transmit (Tx) and receive (Rx) reversed is a common issue with fiber optic patch cables. A split pair error occurs when one wire from each of two different pairs gets swapped identically on both ends of the cable. The result is a cable that will pass a standard continuity test, but will have serious cross-talk problems, and will most likely not perform adequately at specified data rates. Split pairs were commonly used in older Cat 3 copper networks, but are no longer used in Cat 5 or above networks. The scenario in this question describes a crosstalk issue, not a split pair issue, though.

Question 73

Routing prefixes are assigned in blocks by IANA (Internet Assigned Numbers Authority) and distributed by the Regional Internet Registry (RIR). What are these known as?

A.Top-level domain
B.Autonomous system number
C.Route aggregation
D.Network handle

Answer 73

B.Autonomous system number

OBJ-2.2: An ASN (or Autonomous System Number) is used to control routing with BGP routing protocols to route traffic across the network. An Autonomous System (AS) is a group of one or more IP prefixes (lists of IP addresses accessible on a network) run by one or more network operators that maintain a single, clearly defined routing policy. Network operators need Autonomous System Numbers (ASNs) to control routing within their networks and to exchange routing information with other Internet Service Providers (ISPs). There are 2-byte and 4-byte ASN variants in use on the internet.

Question 74

(This is a simulated Performance-Based Question. On the real certification exam, you will be asked to click on the appropriate device in a network diagram to see and modify its configuration.)

Wireless network users recently began experiencing speed and performance issues on your network after Access Point 2 (AP2) was replaced due to a recent hardware failure. The original wireless network was installed according to a wireless consultant’s specifications and has always worked properly without any past issues.

You have been asked to evaluate the situation and resolve any issues you find to improve the network’s performance and connectivity. The client has instructed you to adjust the least amount of settings/configurations possible while attempting to fix the issue. Before arriving on-site, you receive the below office’s floor plan with an elementary network diagram drawn on top.

Based on the information provided to you so far, which network device would you log into first to begin your troubleshooting efforts?

A.SW1 (Switch #1)
B.AP2 (Access Point #2)
C.AP3 (Access Point #3)
D.AP1 (Access Point #1)

Answer 74

B.AP2 (Access Point #2)

OBJ-5.4: Since everything was working properly on the network before AP2 was replaced after the recent hardware failure, AP2 likely has some configuration error that has led to the recent connectivity and performance problems. Therefore, you should begin your troubleshooting efforts with AP2. According to the CompTIA troubleshooting method, you should always determine if anything has changed and question the obvious. If AP2 was recently replaced, it is most likely the device with an incorrect configuration setting or the one causing the issues.

Question 75

Dion Corp has recently added many new employees to the network. This has caused an increase in network traffic by 200%. The network engineer’s original projection was that the new users would only add 20-30% more network traffic, not 200%. The network administrator has found evidence that some of the new employees clicked on a phishing email that may have led to some workstations becoming zombies. What should the company have done to prevent this network breach from occurring?

A.Provide end-user cyber awareness training to all new employees during onboarding
B.Segment the new employees into a new VLAN (Virtual Local Area Network)
C.Install an IDS (Intrusion Detection System) on the network segment containing the new employees
D.Ensure that best practices were implemented when creating new user accounts

Answer 75

A.Provide end-user cyber awareness training to all new employees during onboarding

OBJ-4.5: With new employees enter a company, they are often not fully aware of its Internet usage policy and safe Internet practices. Providing end-user cyber awareness training for new employees during onboarding can help reduce the company’s vulnerabilities due to the human element. The new employees should be placed into appropriate VLANs based on their job functions, not their “new employee” status. While best practices should be implemented when creating new users accounts, this wouldn’t have prevented the success of the malicious actor’s phishing campaign. An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. An IDS will not prevent an issue, but it may log and alert upon detecting it.

Question 76

You were troubleshooting a recently installed NIC (Network Interface Controller) on a workstation and decided to ping the NIC’s loopback address. Which of the following IPv4 addresses should you ping?

A.10.0.0.1
B.172.16.1.1
C.127.0.0.1
D.192.168.1.1

Answer 76

C.127.0.0.1

OBJ-1.4: The loopback address is 127.0.0.1 in IPv4, and it is reserved for troubleshooting and testing. The loopback address is used to receive a test signal to the NIC and its software/drivers to diagnose problems. Even if the network cable is unplugged, you should be able to ping your loopback address successfully. The other three IP addresses presented as options are private Class A, Class B, or Class C addresses, and not the loopback address.

Question 77

Which cellular technology is compromised of HSPA+ and EV-DO to provide higher data speeds than previous cellular data protocols?

A.LTE (Long-Term Evolution)
B.4G
C.5G
D.3G

Answer 77

D.3G

OBJ-2.4: 3G cellular technology is made up of two different technologies: HSPA+ and EV-DO. HSPA+ (Evolved High-Speed Packet Access) is a 3G standard used for GSM cellular networks and can support up to a theoretical download speed of 168 Mbps and a theoretical upload speed of 34 Mbps. In the real world, though, HSPA+ normally reaches speeds around 20 Mbps. EV-DO (Evolution-Data Optimized) is a 3G standard used for CDMA cellular networks and can support up to 3.1 Mbps downloads. 4G cellular technology is made up of LTE and LTA-A. Long Term Evolution (LTE) is a packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE has a theoretical speed of 150 Mbps and a real-world speed of around 20 Mbps. LTE Advanced (LTE-A) has a theoretical speed of 300 Mbps and a real-world speed of around 40 Mbps. 5G cellular technology is made up of three different types: low-band, mid-band, and high-band mmWave technology. Low-band 5G reaches an average speed of 55 Mbps with a theoretical speed of 150 Mbps. Mid-band 5G reaches an average speed of 150 Mbps with a theoretical speed of 1.5 Gbps. High-band 5G reaches an average speed of 3 Gbps with a theoretical speed of up to 70 Gbps.

Question 78

The Chief Information Officer (CIO) wants to improve the security of the company’s data. Which management control should be implemented to ensure employees are using encryption to transmit any sensitive information over the network?

A.HTTPS (HyperText Transfer Protocol Secure)
B.Standards
C.Policies
D.VPN (Virtual Private Network)

Answer 78

C.Policies

OBJ-3.2: Policies are plans that describe the goal of an established procedure (Acceptable use, Physical Security, or VPN access), while the standards are the mechanisms implemented to achieve that goal. VPN and HTTPS are examples of protocols and industry standards.

Question 79

Damaris is troubleshooting a WINS (Windows Internet Name Service) connectivity issue on a Windows server. She wants to find out the name of the server she is working on. Which of the following commands should she utilize to display the NetBIOS (Network Basic Input/Output System) name of the server?

A.netstat
B.arp
C.show config
D.hostname

Answer 79

D.hostname

OBJ-5.3: The hostname command is used to view or change a computer’s hostname and domain. On a Windows system, the hostname, computer name, and NetBIOS name are all the same. The netstat command is used to monitor incoming and outgoing connections, routing tables, port states, and usage statistics on a network interface. The “show configuration” command is used on a Cisco networking device to display the device’s current configuration. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network.

Question 80

You have been asked to troubleshoot Dion Training’s T1 (bundles together 24 64-kbps (DS0) time-division multiplexed (TDM) channels over 4-wire copper circuit. This creates a total bandwidth of 1.544 mbps) connection that is experiencing connectivity issues. You have already verified that the network’s router is properly configured, the cable is connected properly between the router and the T1’s CSU/DSU (Channel Service Unit/Data Service Unit), but the T1 remains down. You want to test the interface on the CSU/DSU to ensure it is functioning properly. Which of the following tools should you use to test this interface?

A.Loopback adapter
B.Light meter
C.Cable tester
D.Tone generator

Answer 80

A.Loopback adapter

OBJ-5.2: A T1 connection is a copper-based connection. A loopback adapter is a plug that is used to test the physical port or interface on a network device. You will need to insert the loopback adapter into the interface on the CSU/DSU and conduct a self-test of the device by looping back the transmit path to the receive path and the receive path to the transmit path. A loopback adapter can also be used to test the T1 line by allowing the ISP to conduct a remote diagnosis of the connection between their central office and your demarcation point to ensure it is working properly. A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A cable tester is used to test a cable, not the interface itself. A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A tone generator is not used to test an interface.

Question 81

The Chief Security Officer is concerned with the possible theft of corporate data from the network. He wants to ensure that any sensitive data cannot be exfiltrated from the network. Which of the following should be implemented to BEST mitigate this threat?

A.DLP (Network Data Loss Prevention)
B.NDA (Non-Disclosure Agreement)
C.MOU (Memorandum Of Understanding)
D.AUP (Acceptable Use Policy)

Answer 81

A.DLP (Network Data Loss Prevention)

OBJ-3.2: Data loss prevention (DLP) systems are used to ensure that end-users do not send sensitive or critical information outside the corporate network. These DLP products help a network administrator control what data end users can transfer. While an Acceptable Use Policy (AUP), Non-Disclosure Agreement (NDA), or MOU (Memorandum of Understanding) might provide some administrative controls to help mitigate the threat of data loss or theft, a DLP is the BEST solution as it provides a technical way to enforce your policies.

Question 82

Which of the following ethernet standards is used with a multimode fiber optic cable?

A.10GBase-LR
B.10GBase-SR
C.100Base-TX
D.10GBase-T

Answer 82

B.10GBase-SR

OBJ-1.3: 10GBase-SR is a 10 Gigabit Ethernet LAN standard for use with multimode fiber optic cables using short-wavelength signaling. 100Base-TX and 10GBase-T are ethernet standards that use copper wiring. 10GBase-LR is a standard for 10 Gigabit Ethernet over single-mode fiber optic cabling. For the exam, remember the memory aid, “S is not single,” which means that if the naming convention contains Base-S as part of its name then it uses a multimode fiber cable.

Question 83

You work for a small company that wants to add a shared drive to their network. They are looking for a simple solution that will easily integrate into the existing network, be easy to configure, and share files with all network clients over TCP/IP (Transmission Control Protocol/Internet Protocol). Which of the following is the BEST recommended storage solution for this network?

A.NAS (Network-Attached Storage)
B.Fibre channel
C.FCoE (Fibre Channel over Ethernet)
D.iSCSI (Internet Small Computer System Interface)

Answer 83

A.NAS (Network-Attached Storage)

OBJ-1.2: A network-attached storage (NAS) device is a self-contained computer that connects to a home or business network and can share files over TCP/IP. It is a rapidly growing choice for data storage and can provide data access to numerous users on a network. A NAS consists of a hard disk for storage of files and usually utilizes a RAID system for redundancy and/or performance. iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. It can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval. Fibre Channel is a high-speed data transfer protocol that provides in-order, lossless delivery of raw block data. It is designed to connect general-purpose computers, mainframes, and supercomputers to storage devices. Fibre Channel over Ethernet is a computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit Ethernet networks while preserving the Fibre Channel protocol.

Question 84

What would provide the highest level of physical security for the client if they are concerned with the theft of equipment from the datacenter?

A.Magnetic key swipe
B.Access control vestibule
C.Cipher lock
D.Proximity reader

Answer 84

B.Access control vestibule

OBJ-4.5: An access control vestibule or mantrap will ensure that only a single authorized person can get in or out of the building at one time. The access control vestibule would provide a choke point for access into and out of the datacenter. This would allow for better physical access control to the datacenter and prevent theft of equipment.

Question 85

Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded the corporate database to his work laptop. On his way home, he left the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach?

A.Require data at rest encryption on all endpoints
B.Require a VPN (Virtual Private Network) to be utilized for all telework employees
C.Require data masking for any information stored in the database
D.Require all new employees to sign an NDA (Non-Disclosure Agreement)

Answer 85

A.Require data at rest encryption on all endpoints

OBJ-3.2: The greatest protection against this data breach would have been to require data at rest encryption on all endpoints, including this laptop. If the laptop were encrypted, the data would not have been readable by others, even if it was lost or stolen. While requiring a VPN for all telework employees is a good idea, it would not have prevented this data breach since the laptop’s loss caused it. Even if a VPN had been used, the same data breach would have still occurred if the employee copied the database to the machine. Remember on exam day that many options are good security practices, but you must select the option that solves the issue or problem in the question being asked. Similarly, data masking and NDAs are useful techniques, but they would not have solved this particular data breach.

Question 86

Which of the following is used to remove heat from servers and networking gear within a datacenter?

A.HVAC (Heating, Vacuum, Air Conditioning)
B.UPS (Uninterruptable Power Supply)
C.PDU (Power Distribution Unit)
D.Generator

Answer 86

A.HVAC (Heating, Vacuum, Air Conditioning)

OBJ-3.3: Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter. An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source or mains power fails. A power distribution unit (PDU) is a device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center. PDUs use and distribute the available amperage more efficiently, allowing your equipment to receive the best available power to maintain operation. A generator is a device that converts motive power into electrical power for use in an external circuit. Generators can be powered by diesel, gasoline, or propane.

Question 87

You have been asked to install a new wireless network for your company’s new branch office. Your boss wants the network to be high-speed and is willing to buy new hardware and network adapters to ensure all the devices can communicate on the new network. Which of the following wireless standards should you install for the fastest data transfer speeds?

A.802.11g
B.802.11ac
C.802.11a
D.802.11n

Answer 87

B.802.11ac

OBJ-2.4: 802.11ac is the fastest of the four standards listed in this question. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth.

Question 88

Which of the following wireless technologies would you use to transmit data files from one system to another in a direct peer-to-peer connection over a distance of 2 to 3 meters?

A.RFID (Radio Frequency IDentification)
B.Bluetooth (IEEE 802.15.1; Personal Area Network; ISM band 2.402GHz to 2.48GHz)
C.NFC (Near Field Communication)
D.Wi-Fi (Wireless Fidelity; IEEE 802.11)

Answer 88

B.Bluetooth (IEEE 802.15.1; Personal Area Network; ISM band 2.402GHz to 2.48GHz)

OBJ-2.4: Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz, and building personal area networks. Bluetooth is often used to create peer-to-peer connections between two devices for a distance of up to 10 meters. Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. Near-Field Communication (NFC) is a set of communication protocols for communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection with a simple setup that can be used to bootstrap more-capable wireless connections. Wi-Fi is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. Wi-Fi can provide high speeds and cover a maximum distance of up to 150 meters.

Question 89

You are working as a server administrator at Dion Training. You unlock the server room door using your proximity badge and walk through the door. Before the door shuts, another person walks in behind you. What social engineering technique did this person utilize?

A.Spoofing
B.Shoulder surfing
C.Tailgating
D.Impersonation

Answer 89

C.Tailgating

OBJ-4.2: Tailgating is a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint. This might be done without the target’s knowledge or might be a means for an insider to allow access to someone without recording it in the building’s entry log. Another technique is to persuade someone to hold a door open for them, which would be considered piggybacking. Shoulder surfing is a type of social engineering technique used to obtain personal identification numbers (PINs), passwords, and other confidential data by looking over the victim’s shoulder. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Impersonation is the act of pretending to be someone or something else.

Question 90

Which of the following wireless standards should you implement if the existing wireless network only allows for three non-overlapping channels, and you need additional non-overlapping channels to prevent interference with neighboring businesses in your office building?

A.802.11g
B.802.11b
C.802.1q
D.802.11ac

Answer 90

D.802.11ac

OBJ-2.4: Wireless B and G only support 3 non-overlapping channels (1, 6, 11). Wireless N and Wireless AC supports the 5 GHz spectrum, which provides 24 non-overlapping channels. The 801.q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. 802.1q is not a wireless networking standard.