Jason Dion - CompTIA Network+ N10-008 Exam Prep #6 Flashcards

Question

An attacker has configured their machine to report itself as a switch when connected to a wired network in an attempt to exploit your enterprise network. Which of the following types of attacks is being conducted? A.Rogue DHCP (Dynamic Host Configuration Protocol) B.VLAN (Virtual Local Area Network) hopping C.DNS (Domain Name System) poisoning D.ARP (Address Resolution Protocol) spoofing

Answer 1

B.VLAN (Virtual Local Area Network) hopping OBJ-4.2: VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer, server, or gateway on the network. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver's cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.

Answer 2

D.Power level OBJ-4.3: The power level should be reduced for the radio transmitter in the wireless access points. With a reduced power level, the signal will not travel as far. You can ensure the signal remains within the building's interior only by conducting a site survey and adjusting the power levels of each wireless access point. The other options, if changed, would affect the availability of the network, and it would not dramatically affect the distance the signal travels.

Answer 3

D.MAC (Media Access Control) spoofing OBJ-4.2: MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. Public wireless networks can be configured to use MAC filtering to block access to devices once they reach a certain time limit. It appears that after 30 minutes, the restaurant's wireless access points are adding your MAC address to the block list. If you change your MAC address through MAC spoofing, you can reconnect to the network for another 30 minutes without any issues. Since the wireless network provides the IP address, IP spoofing would not successfully allow you to reconnect since the MAC filtering would block your access before obtaining an IP. IP spoofing is a method of modifying the source address in the packet header to make the receiving computer system think the packet is from a trusted source, such as another computer on a legitimate network, and accept it. A dictionary attack is a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file. A brute-force attack consists of an attacker submitting every possible combination for a password or pin until they crack it.

Answer 4

C.Giant OBJ-3.1: A giant is any ethernet frame that exceeds the 802.3 frame size of 1518 bytes. A runt is an ethernet frame that is less than 64 bytes in size. Encapsulation is a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame. Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network.

Answer 5

B.AAAA (indicates the IPv6 address of a given domain) OBJ-1.6: An AAAA record associates your domain name with an IPv6 address. An A record associates your domain name with an IPv4 address. An MX record is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic. A Start of Authority (SOA) resource record indicates which Domain Name Server (DNS) is the best source of information for the specified domain.

Answer 6

B.Only allow administrators to access routers using port 22 OBJ-4.3: Port 22 uses SSH to authenticate a remote computer or user, or in this case, an administrator. Even if the router has been compromised, the new full rights user will not access their new account without the SSH key, which could only be provided by a true administrator. Telnet uses port 23 and passes all information as unencrypted traffic on the network. Telnet should always be disabled for security reasons, and SSH (which uses encryption) should be used instead.

Answer 7

C.Asymmetric routing OBJ-5.5: Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path). Remember, asymmetric routing doesn’t cause any routing issues necessarily, but they do cause issues with dropped packet flows by our security devices like firewalls and unified threat management systems, so you need to consider this in the design of your network architectures to prevent this issue from occurring. If you don’t, then packet flow drops will occur and your clients can experience network intermittent connectivity. Multicast flooding occurs because no specific host is associated with the multicast MAC address in the content-addressable memory (CAM) table of a switch. A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment. A broadcast storm is the result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic.

Answer 8

D.TFTP (Trivial File Transfer Protocol) server OBJ-5.3: A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. The "show route" command is used on a Cisco networking device to display the current state of the routing table for a given network device. The traceroute command is used on Linux, Unix, and OS X devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.

Answer 9

D.Image OBJ-3.3: To image a switch, you can make a backup of the configuration and deploy it to a new/different switch. An image can contain the firmware and its configurations. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. An archive is a backup of the configurations for the network device. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

Answer 10

B.IPS (Intrusion Protection System) OBJ-2.1: An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent identified threats. An Intrusion Detection System (IDS) is a network security/threat prevention technology that examines network traffic flows to detect and alert upon identified threats. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain.

Answer 11

C./26 OBJ-1.4: Since the Finance department needs 32 devices plus a network ID and broadcast IP, it will require 34 IP addresses. The smallest subnet that can fit 34 IPs is a /26 (64 IPs). A /26 will borrow 2 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^6 available host IP addresses, or 64 total IP addresses. Of the 64 IP addresses, there are 62 available for clients to use, one for the network ID, and one for the broadcast address.

Answer 12

C.The cable is a crossover cable but should be a straight-through cable OBJ-5.2: Since the cable only worked when connecting two computers directly together, it is a crossover cable. Crossover cables are used to connect two of the same devices (computer to computer, or router to router) by switching the transmit and receiving pins in the cable's jack. Since you are trying to connect a computer to a switch, you need to have a straight-through cable instead. A rollover or console cable is used to connect a computer to a router's console port, not a computer to a switch.

Answer 13

D.WEP (Wired Equivalent Privacy) OBJ-2.4: Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications that was designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption. Wi-Fi protected access version 3 (WPA3) has replaced WPA2 as the most secure wireless encryption method. WPA3 uses the simultaneous authentication of equals (SAE) to increase the security of preshared keys. WPA3 provides the enhanced open mode that encrypts transmissions from a client to the access point when using an open network. WPA3 Enterprise mode supports the use of AES with the Galois/counter mode protocol (GCMP-256) for the highest levels of encryption.

Answer 14

B.Connection speed OBJ-2.4: Channel bonding is a practice commonly used in IEEE 802.11 implementations in which two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices. Signal strength only refers to the maximum transmitted power by an antenna. Coverage area is the geographic area with adequate signal strength around a single antenna or wireless network. Encryption strength is a measure of the number of bits in the key used to encrypt data in an algorithm.

Answer 15

D.AUP (Acceptable Use Policy) OBJ-3.2: An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. A data loss prevention policy is a document that defines how organizations can share and protect data. It guides how data can be used in decision making without it being exposed to anyone who should not have access to it. The goal of a data loss prevention policy is to minimize accidental or malicious data loss. A remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network.

Answer 16

C.PaaS (Platform-as-a-Service) OBJ-1.8: Platform as a Service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. Infrastructure as a Service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on-demand, on a pay-as-you-go basis. Software as a Service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider. Desktop as a Service (DaaS) is a cloud computing offering where a service provider delivers virtual desktops to end-users over the Internet, licensed with a per-user subscription. DaaS is often called Virtual Desktop Infrastructure (VDI).

Answer 17

C.IPS (Intrusion Protection System) OBJ-2.1: An intrusion prevention system (IPS) is a form of network security that detects and prevents identified threats. Intrusion prevention systems continuously monitor your network, looking for possible malicious incidents, and capturing information about them. An IPS can block malicious network traffic, unlike an IDS, which can only log them. A proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

Answer 18

B.T1 (bundles together 24 64-kbps (DS0) time-division multiplexed (TDM) channels over 4-wire copper circuit. This creates a total bandwidth of 1.544 mbps) OBJ-1.2: A T1 can transmit 24 telephone calls at a time because it uses a digital carrier signal (DS-1). DS-1 is a communications protocol for multiplexing the bit streams of up to 24 telephone calls simultaneously. The T1's maximum data transmission rate is 1.544 Mbps. DOCSIS is the standard for a cable modem. DSL is a Digital Subscriber Line which has variable speeds from 256 Kbps and up. POTS is the Plain Old Telephone System, and provides only a single phone connection at a time. Out of these options, the T1 is the BEST to ensure you can reliably provide 23 simultaneous phone connections.

Answer 19

C.IPS (Intrusion Protection System) OBJ-2.1: Since this question is focused on the ICS/SCADA network, the best solution would be implementing an Intrusion Prevention System. ICS/SCADA machines utilize very specific commands to control the equipment and to prevent malicious activity. You could set up strict IPS rules to prevent unknown types of actions from being allowed to occur. Log consolidation is a good idea, but it won't prevent an issue and therefore isn't the most critical thing to add first. Automated patch management should not be conducted, as ICS/SCADA systems must be tested before conducting any patches. Often, patches will break ICS/SCADA functionality. Anti-virus software may or may not be able to run on the equipment, as well, since some ICS/SCADA systems often do not rely on standard operating systems like Windows.

Answer 20

C.Establish a theory of probable cause OBJ-5.1: The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Based on the scenario presented, you have already gathered information, questioned users, identified symptoms, and determined if anything changed, so you have completed the first step: identify the problem. Now, you should begin to establish a theory of probable cause by questioning the obvious and using a top-to-bottom, bottom-to-top, or divide and conquer approach to troubleshooting.

Answer 21

D.ARP (Address Resolution Protocol) spoofing OBJ-4.2: ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer, server, or gateway on the network. VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver's cache and causes the name server to return an incorrect result record, such as an attacker’s IP address instead of the IP of the legitimate server. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.

Answer 22

D.189.76.60.128 OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /26, so each subnet will contain 64 IP addresses. This means that there are four networks in this class C range: 189.76.60.0, 189.76.60.64, 189.76.60.128, and 189.76.60.192. Since the IP address provided is 189.76.60.164, it will be in the 189.76.60.128/26 network.

Answer 23

A.Disaster recovery plan OBJ-3.2: A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber-attacks, and other disruptive events. A business continuity plan is a document that outlines how a business will continue operating during an unplanned service disruption. A business continuity plan is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human capital and business partners, and essentially every other aspect of the business that might be affected. An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describe the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement.

Answer 24

C.Layer 2 OBJ-1.1: DSCP is a layer 3 packet, and it is the most commonly used value for QoS of an IP packet (as it gives lots of flexibility). CoS, on the other hand, is a layer 2 packet. Based on the options given, only Layer 2 could be correct. Quality of Service usually operates at either Layer 2 or Layer 3 of the OSI model, depending on if you are using CoS or DSCP.

Answer 25

C.SCADA (Supervisory Control and Data Acquisition) OBJ-2.1: SCADA (supervisory control and data acquisition) networks work off an ICS (industry control system) and maintain sensors and control systems over large geographic areas. A building automation system (BAS) for offices and data centers ("smart buildings") can include physical access control systems, but also heating, ventilation, and air conditioning (HVAC), fire control, power and lighting, and elevators, and escalators. A vehicular network is called a controller area network (CAN). A CAN uses serial communication buses to connect electronic control units and other subsystems in cars and unmanned aerial vehicles (UAV). System-on-chip (SoC) is a design where all these processors, controllers, and devices are provided on a single processor die or chip.

Answer 26

B.Connector mismatch OBJ-5.2: While both SC and ST are fiber cables, they utilize different connectors. The cable ordered will not be compatible with the current equipment in use. SC (subscriber connector) is nicknamed the "square connector" or the "stick and click" connector. The SC has a push-pull coupling end face with a spring loaded ceramic ferrule. The ST (straight tip) connector uses a rounded bayonet fitment as its connector. The ST is nicknamed the "stick and twist" connector.

Answer 27

C.The wrong transceivers are being used OBJ-5.2: The transceivers being used are 10GBaseLR, which are used with single mode fiber (SMF), not multimode fiber (MMF). Since the network is already using MMF fiber and was previously working, the technician should replace the 10GBaseLR SFP+ transceivers with 10GBaseSR SFP+ transceivers instead. Now, this is a difficult question, but if you take it one step at a time, you can also use the process of elimination to get the right answer if you weren’t sure of which type of transceiver to use. First, the question is using a fiber connection, so it will not be subject to electrical interference. Second, fiber is not affected by heat like copper connections, therefore the boiler room option can be eliminated. Third, an open or short condition only occurs with copper cables, not fiber, therefore this option can also be eliminated. This leaves you with the incorrect transceiver being used as the only possible correct option.

Answer 28

C.Multilayer switch OBJ-2.1: A multilayer switch combines the features of a switch and a router into a single device. A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A bridge is networking hardware that forwards traffic between network segments at the data link layer (Layer 2) of the OSI model using MAC addresses. Each switchport on a bridge is a separate collision domain, but all switchports are in a common broadcast domain. A media converter is a networking device that transparently converts Ethernet or other communication protocols from one cable type to another type, such as from copper to fiber or twisted pair to coaxial. A media converter operates at the physical layer (Layer 1) of the OSI model.

Answer 29

C.Server's NIC (Network Interface Controller) drivers OBJ-5.5: When automatically receiving updates through the Windows Update service, your server can receive driver updates for its network interface card (NIC), graphics cards, and other peripherals. This can accidentally install an incompatible driver that causes network connectivity issues to occur. A best practice is to always set driver updates to "manual" so that you can download and test them in a lab before upgrading your production servers. If your drivers were updated and this is causing the connectivity issue, you can perform a driver rollback to the last known working version of the drivers. An IP address is bound to a network interface card using DHCP and there is no such thing as a "rollback" for a server's IP address. The error of "limited" connectivity is associated with the network interface card and the network connection, not the antivirus or the web browser.

Answer 30

B.110 punchdown block OBJ-1.3: A 110 punchdown block is a type of punch block used to terminate runs of on-premises wiring in a structured cabling system. The designation 110 is also used to describe a type of insulation displacement contact (IDC) connector used to terminate twisted pair cables when using a punch-down tool similar to the older 66 punchdown block. A 110 punchdown block provides more spacing between the terminals and is designed for Cat 5 networks to eliminate crosstalk between the cables. F type connectors are used for coaxial cables, not Cat 5e network cables. RJ-11 is used to terminate telephone lines, not Cat 5e network cables.

Answer 31

C.Port mirroring OBJ-2.3: Port mirroring, also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed. In this case, you can connect the packet capture device to the SPAN port (mirrored port) to collect all the network traffic for later analysis.

Answer 32

C.Plenum Cat 6a OBJ-5.2: Cat 6a can also support 10Gbps for up to 100 meters using 10GBaseT. Cat 5e can only support 1000BaseT (1 Gbps) connections. Since we are concerned with the cable's fire safety rating, we should use a Plenum cable, not a PVC cable. Plenum-rated cable has a special insulation that has low smoke and low flame characteristics. Plenum cable is mandated to be installed in any air handling space, such as the space between a drop ceiling and the standard ceiling. PVC (Polyvinyl Chloride) is what your standard Category 5e and Category 6 cable jacket are constructed of. This PVC jacket when burning or smoldering releases hydrochloric acid and dioxin which are both toxic. For this reason, PVC cannot be used in-between the drop ceiling and the standard ceiling.

Answer 33

C.SSO (Single Sign-On) OBJ-4.1: Single Sign-on (SSO) is an authentication technology that allows users to authenticate once and receive authorizations for multiple services. The advantage of single sign-on is that each user does not have to manage multiple user accounts and passwords. The disadvantage is that compromising the account also compromises multiple services. Multifactor authentication is an authentication scheme that relies on at least two of the five factors: something you know, something you have, something you are, something you do, and somewhere you are. Since only a username and password are used in this scenario, it is not considered multi-factor authentication. Face ID is an Apple device feature that uses a face lock to grant access to the device. Face ID is considered a form of biometric authentication. Touch ID is an Apple device feature that uses fingerprint biometric information to grant access to the device.

Answer 34

A.Protocol analyzer OBJ-5.3: A protocol analyzer is used to capture network traffic on a network and display it for analysis. A protocol analyzer, like Wireshark, can capture the entire network packet as it transits the network and display it according to the different layers of the OSI model. A spectrum analyzer is used to measure the magnitude of an input signal's frequency. A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A port scanner is used to determine which ports and services are open and available for communication on a target system.

Answer 35

A.Incident response plan OBJ-3.2: An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describes the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A bring your own device (BYOD) policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops.

Answer 36

B.Review labeling and logical network diagram documentation OBJ-5.5: You most likely have plugged the new cable into the wrong port on the patch panel. By reviewing the documentation and labeling, you might see the domain architecture, the strength of user connections, and the relationships in those connections, thereby making it easy to reassign the patch cables corrected. Something has likely been mislabeled, and the replacement of the patch cable was plugged into the wrong port and caused a loop.

Answer 37

A.Blocking OBJ-2.3: The spanning tree protocol supports four different states on any given switchport. The switchport will go into a blocking state when it receives a BPDU that indicates there is a better path to the root bridge and the switchport itself is not a root port or designated port. If the switchport is a root port or designated port, it will then move to a listening state. During the listening state, the switchport will discard any frames it receives. When the switchport is in a learning state, it will listen for and process BPDUs it receives and updates its MAC address table. During a listening state, the switchport will not forward any of the frames to others. A switchport in a forwarding state will process BPDUs, update its MAC table, and forward the BPDUs to other switchports. This process will ensure that switching loops are prevented in a network.

Answer 38

D./30 OBJ-1.4: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have a link that requires an IP for each end of the connection, therefore we need two IP addresses. But, every network also needs one IP address for the network and a second IP address for the broadcast. This means you need 4 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). To symbolize a CIDR block with 4 IP addresses, we would use /30, which is 2^2 = 4. Some newer network devices will support the use of a /31 (2 IP addresses) for point-to-point links like the one described in this scenario. In that cases, the network and broadcast IP addresses are not assigned, and a /31 subnet with a subnet mask of 255.255.255.254 can be used.

Answer 39

C./30 OBJ-1.4: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have 2 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 4 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). To symbolize a CIDR block with 4 IP addresses, we would use /30, which is 2^2 = 4.

Answer 40

A.Star OBJ-1.2: A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A mesh topology is a network topology in which the infrastructure nodes connect directly, dynamically, and non-hierarchically to as many other nodes as possible and cooperate with one another to efficiently route data to and from the network clients. A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring.

Answer 41

B.Telnet (TELetype NETwork) OBJ-4.3: Telnet should not be used in a network due to its weak security posture. Telnet transmits all of the data in plain text (without encryption), including usernames, passwords, commands, and data files. For this reason, it should never be used in production networks and has been replaced by SSH in most corporate networks. Remote Desktop Protocol (RDP) is a Microsoft protocol designed to facilitate application data transfer security and encryption between client user devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer. SSH (Secure Shell) is used to remotely connect to a network's switches and routers to configure them securely. SSH is typically used for logging into a remote machine and executing commands, but it also supports tunneling, forwarding TCP ports, and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model. A remote-access VPN connection allows an individual user to connect to a private network from a remote location using a laptop or desktop computer connected to the internet. A remote-access VPN allows individual users to establish secure connections with a remote computer network. Once established, the remote user can access the corporate network and its capabilities as if they were accessing the network from their own office spaces.

Answer 42

A.69 OBJ-1.5: Trivial File Transfer Protocol (TFTP) is a simple protocol that provides a basic file transfer function with no user authentication. TFTP uses port 69 to communicate. TFTP is intended for applications that do not need the sophisticated interactions that File Transfer Protocol (FTP) provides. The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP uses port 21 to communicate. The Domain Name System (DNS) is used to translate requests for names into IP addresses, controlling which server an end-user will reach when they type a domain name into their web browser. DNS uses port 53 to communicate. The Simple Network Management Protocol (SNMP) is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. SNMP uses port 161 to communicate.

Answer 43

A.Broadcast storm OBJ-5.5: A broadcast storm is the result of an excessive amount of broadcast or multicast traffic on a computer network. A broadcast storm can consume sufficient network resources and render the network unable to transport normal network traffic. The DHCP discover, offer, request, and acknowledge process occurs using broadcast messages, therefore a broadcast storm could occur due to all 48 clients attempting to receive a DHCP assignment simultaneously. A duplicate IP address occurs when two or more devices have been assigned the same IP address, either dynamically by the DHCP server or statically by a network administrator. Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path). A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment.

Answer 44

A.CAT 6a OBJ-1.3: Cat6a is the only one listed that can meet 10 Gbps. CAT5e and 802.11 ac support speeds up to 1 Gbps. 802.11n supports speeds of up to 600 Mbps.

Answer 45

D.Smartcard and PIN (Personal Identification Number) OBJ-4.1: Two-factor authentication (also known as 2FA) is a method of confirming a user's claimed identity by using a combination of two different factors: (1) something you know, (2) something you have, or (3) something you are. Out of the options provided, only a smartcard (something you have) and a PIN (something you know) meet the requirements of 2FA. If you have two factors from the same type/category, like something you know (username and password), this is only considered a single factor of authentication.

Answer 46

B.Community OBJ-1.8: A community cloud is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third party and hosted internally or externally. The scenario described is a community cloud-created tool by the banking industry. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A private cloud contains services offered either over the Internet or a private internal network and only to select users instead of the general public. A hybrid cloud uses a mix of on-premises, private cloud, and third-party, public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud.

Answer 47

C.Modify the ACL (Access Control List) to block ICMP (Internet Control Message Protocol) traffic OBJ-4.3: A ping request sends an ICMP echo request packet to the specified target and then waits for the response. The target will then return an ICMP echo reply to the system that sent the request. This was originally designed to test the connectivity between two systems over a given network, but has been used by attackers to create a denial-of-service condition by flooding a target with ping requests or replies. To prevent this from occurring, a network technician should block all ICMP requests, or at the very least block all ICMP requests from outside of the local area network. Blocking all ICMP requests would eliminate the ping request flood, although it may become harder to diagnose network issues in the future as ICMP is used heavily in network troubleshooting by the ping and tracert/traceroute commands. A firmware update will upgrade your device with advanced operational instructions without needing a hardware upgrade. Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware. A user account is an identity created for a person in a computer or computing system. The flood of ping requests occurs using ICMP traffic, not a particular user account, virus, or missing feature in a router. Therefore, blocking ICMP requests is the best answer.

Answer 48

C.Crosstalk OBJ-5.2: Crosstalk is defined as an effect caused by the unintentional and undesired transmission (leakage) of a signal from one cable to another. Crosstalk can occur if the twisted pairs are not twisted sufficiently, because the twisting of the cable pairs reduces crosstalk between neighboring cable pairs. The twisting is done to help cancel exterior electromagnetic interference. To solve this cable's crosstalk issue, the cable pairs should be trimmed down and the cable re-terminated again properly. The EIA/TIA-568A and EIA/TIA-568B wiring standards utilize different colored cable pairs on each end of a cable. If you use a mismatch of the two standards on the same cable, it would create a cable that cannot be used as a straight-through or patch cable. This would not lead to intermittent connectivity, though, it would lead to a scenario with no connectivity. The transmit (Tx) and receive (Rx) reversed is a common issue with fiber optic patch cables. A split pair error occurs when one wire from each of two different pairs gets swapped identically on both ends of the cable. The result is a cable that will pass a standard continuity test, but will have serious cross-talk problems, and will most likely not perform adequately at specified data rates. Split pairs were commonly used in older Cat 3 copper networks, but are no longer used in Cat 5 or above networks. The scenario in this question describes a crosstalk issue, not a split pair issue, though.

Answer 49

B.Autonomous system number OBJ-2.2: An ASN (or Autonomous System Number) is used to control routing with BGP routing protocols to route traffic across the network. An Autonomous System (AS) is a group of one or more IP prefixes (lists of IP addresses accessible on a network) run by one or more network operators that maintain a single, clearly defined routing policy. Network operators need Autonomous System Numbers (ASNs) to control routing within their networks and to exchange routing information with other Internet Service Providers (ISPs). There are 2-byte and 4-byte ASN variants in use on the internet.

Answer 50

B.AP2 (Access Point #2) OBJ-5.4: Since everything was working properly on the network before AP2 was replaced after the recent hardware failure, AP2 likely has some configuration error that has led to the recent connectivity and performance problems. Therefore, you should begin your troubleshooting efforts with AP2. According to the CompTIA troubleshooting method, you should always determine if anything has changed and question the obvious. If AP2 was recently replaced, it is most likely the device with an incorrect configuration setting or the one causing the issues.

Answer 51

A.Provide end-user cyber awareness training to all new employees during onboarding OBJ-4.5: With new employees enter a company, they are often not fully aware of its Internet usage policy and safe Internet practices. Providing end-user cyber awareness training for new employees during onboarding can help reduce the company’s vulnerabilities due to the human element. The new employees should be placed into appropriate VLANs based on their job functions, not their "new employee" status. While best practices should be implemented when creating new users accounts, this wouldn't have prevented the success of the malicious actor's phishing campaign. An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. An IDS will not prevent an issue, but it may log and alert upon detecting it.

Answer 52

C.127.0.0.1 OBJ-1.4: The loopback address is 127.0.0.1 in IPv4, and it is reserved for troubleshooting and testing. The loopback address is used to receive a test signal to the NIC and its software/drivers to diagnose problems. Even if the network cable is unplugged, you should be able to ping your loopback address successfully. The other three IP addresses presented as options are private Class A, Class B, or Class C addresses, and not the loopback address.

Answer 53

D.3G OBJ-2.4: 3G cellular technology is made up of two different technologies: HSPA+ and EV-DO. HSPA+ (Evolved High-Speed Packet Access) is a 3G standard used for GSM cellular networks and can support up to a theoretical download speed of 168 Mbps and a theoretical upload speed of 34 Mbps. In the real world, though, HSPA+ normally reaches speeds around 20 Mbps. EV-DO (Evolution-Data Optimized) is a 3G standard used for CDMA cellular networks and can support up to 3.1 Mbps downloads. 4G cellular technology is made up of LTE and LTA-A. Long Term Evolution (LTE) is a packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE has a theoretical speed of 150 Mbps and a real-world speed of around 20 Mbps. LTE Advanced (LTE-A) has a theoretical speed of 300 Mbps and a real-world speed of around 40 Mbps. 5G cellular technology is made up of three different types: low-band, mid-band, and high-band mmWave technology. Low-band 5G reaches an average speed of 55 Mbps with a theoretical speed of 150 Mbps. Mid-band 5G reaches an average speed of 150 Mbps with a theoretical speed of 1.5 Gbps. High-band 5G reaches an average speed of 3 Gbps with a theoretical speed of up to 70 Gbps.

Answer 54

C.Policies OBJ-3.2: Policies are plans that describe the goal of an established procedure (Acceptable use, Physical Security, or VPN access), while the standards are the mechanisms implemented to achieve that goal. VPN and HTTPS are examples of protocols and industry standards.

Answer 55

D.hostname OBJ-5.3: The hostname command is used to view or change a computer's hostname and domain. On a Windows system, the hostname, computer name, and NetBIOS name are all the same. The netstat command is used to monitor incoming and outgoing connections, routing tables, port states, and usage statistics on a network interface. The "show configuration" command is used on a Cisco networking device to display the device's current configuration. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network.

Answer 56

A.Loopback adapter OBJ-5.2: A T1 connection is a copper-based connection. A loopback adapter is a plug that is used to test the physical port or interface on a network device. You will need to insert the loopback adapter into the interface on the CSU/DSU and conduct a self-test of the device by looping back the transmit path to the receive path and the receive path to the transmit path. A loopback adapter can also be used to test the T1 line by allowing the ISP to conduct a remote diagnosis of the connection between their central office and your demarcation point to ensure it is working properly. A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A cable tester is used to test a cable, not the interface itself. A tone generator is used with a toner probe to accurately identify the location of a cable pair or conductor within a wiring bundle, cross-connection point, or at the remote end. A tone generator is not used to test an interface.

Answer 57

A.DLP (Network Data Loss Prevention) OBJ-3.2: Data loss prevention (DLP) systems are used to ensure that end-users do not send sensitive or critical information outside the corporate network. These DLP products help a network administrator control what data end users can transfer. While an Acceptable Use Policy (AUP), Non-Disclosure Agreement (NDA), or MOU (Memorandum of Understanding) might provide some administrative controls to help mitigate the threat of data loss or theft, a DLP is the BEST solution as it provides a technical way to enforce your policies.

Answer 58

B.10GBase-SR OBJ-1.3: 10GBase-SR is a 10 Gigabit Ethernet LAN standard for use with multimode fiber optic cables using short-wavelength signaling. 100Base-TX and 10GBase-T are ethernet standards that use copper wiring. 10GBase-LR is a standard for 10 Gigabit Ethernet over single-mode fiber optic cabling. For the exam, remember the memory aid, "S is not single," which means that if the naming convention contains Base-S as part of its name then it uses a multimode fiber cable.

Answer 59

A.NAS (Network-Attached Storage) OBJ-1.2: A network-attached storage (NAS) device is a self-contained computer that connects to a home or business network and can share files over TCP/IP. It is a rapidly growing choice for data storage and can provide data access to numerous users on a network. A NAS consists of a hard disk for storage of files and usually utilizes a RAID system for redundancy and/or performance. iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. It can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval. Fibre Channel is a high-speed data transfer protocol that provides in-order, lossless delivery of raw block data. It is designed to connect general-purpose computers, mainframes, and supercomputers to storage devices. Fibre Channel over Ethernet is a computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit Ethernet networks while preserving the Fibre Channel protocol.

Answer 60

B.Access control vestibule OBJ-4.5: An access control vestibule or mantrap will ensure that only a single authorized person can get in or out of the building at one time. The access control vestibule would provide a choke point for access into and out of the datacenter. This would allow for better physical access control to the datacenter and prevent theft of equipment.

Answer 61

A.Require data at rest encryption on all endpoints OBJ-3.2: The greatest protection against this data breach would have been to require data at rest encryption on all endpoints, including this laptop. If the laptop were encrypted, the data would not have been readable by others, even if it was lost or stolen. While requiring a VPN for all telework employees is a good idea, it would not have prevented this data breach since the laptop's loss caused it. Even if a VPN had been used, the same data breach would have still occurred if the employee copied the database to the machine. Remember on exam day that many options are good security practices, but you must select the option that solves the issue or problem in the question being asked. Similarly, data masking and NDAs are useful techniques, but they would not have solved this particular data breach.

Answer 62

A.HVAC (Heating, Vacuum, Air Conditioning) OBJ-3.3: Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter. An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source or mains power fails. A power distribution unit (PDU) is a device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center. PDUs use and distribute the available amperage more efficiently, allowing your equipment to receive the best available power to maintain operation. A generator is a device that converts motive power into electrical power for use in an external circuit. Generators can be powered by diesel, gasoline, or propane.

Answer 63

B.802.11ac OBJ-2.4: 802.11ac is the fastest of the four standards listed in this question. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth.

Answer 64

B.Bluetooth (IEEE 802.15.1; Personal Area Network; ISM band 2.402GHz to 2.48GHz) OBJ-2.4: Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz, and building personal area networks. Bluetooth is often used to create peer-to-peer connections between two devices for a distance of up to 10 meters. Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. Near-Field Communication (NFC) is a set of communication protocols for communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection with a simple setup that can be used to bootstrap more-capable wireless connections. Wi-Fi is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. Wi-Fi can provide high speeds and cover a maximum distance of up to 150 meters.

Answer 65

C.Tailgating OBJ-4.2: Tailgating is a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint. This might be done without the target's knowledge or might be a means for an insider to allow access to someone without recording it in the building's entry log. Another technique is to persuade someone to hold a door open for them, which would be considered piggybacking. Shoulder surfing is a type of social engineering technique used to obtain personal identification numbers (PINs), passwords, and other confidential data by looking over the victim's shoulder. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Impersonation is the act of pretending to be someone or something else.

Answer 66

D.802.11ac OBJ-2.4: Wireless B and G only support 3 non-overlapping channels (1, 6, 11). Wireless N and Wireless AC supports the 5 GHz spectrum, which provides 24 non-overlapping channels. The 801.q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. 802.1q is not a wireless networking standard.

Jason Dion - CompTIA Network+ N10-008 Exam Prep #6 Flashcards

(90 cards)