1
Q
What transmission method does a cable TV provider use to deliver internet and television services simultaneously?
A
Broadband communication at Physical – Layer 1.
2
Q
What type of payload does each of the first four OSI layers handle
A
L1 Bits
L2 Frame
L3 Packet
L4 Segment/Datagram
3
Q
A corrupted data frame is detected during transmission. Which mechanism within the Data Link layer identifies this issue?
A
Checksum used by Logical Link Control (LLC)
4
Q
What is NetBIOS commonly used for?
A
File sharing between computers, especially in Windows environments.
5
Q
What is 802.1Q tagging, and how does it support VLAN management across switches?
A
Inserts a VLAN Identifier (VID) into each frame to maintain VLAN separation across trunk links.
6
Q
You’re planning to automate or orchestrate a network task. What kinds of questions should you ask to decide if it’s worth doing, and whether it’ll hold up over time?
A
Complexity of the process
Cost of development, implementation, and maintenance
Mitigating Single Points of Failure
Technical debt
Ensuring ongoing supportability
7
Q
What is a root port in STP?
A
The root port is the port on a non-root bridge that provides the best path to the root bridge. Each non-root switch has exactly one root port It’s used to forward traffic toward the root bridge
8
Q
What is a Switch Virtual Interface (SVI), and how does it enable inter-VLAN communication?
A
A virtual Layer 3 interface on a switch. Provides routing between VLANs without needing an external router. Each VLAN can be assigned an SVI with an IP address.
9
Q
What is Security Orchestration, Automation, and Response (SOAR)?
A
A class of security tools that automates incident response, threat hunting, and security configurations using runbooks—no human input required.
10
Q
A network frequently transitions between blocking and forwarding states, disrupting connectivity. What protocol upgrade and configuration can reduce these disruptions?
A
Enable RSTP — it speeds up convergence when topology changes occur and root bridge election is redone.
11
Q
A network engineer is deploying a software-defined networking (SDN) solution to improve flexibility and streamline traffic management. Which component is responsible for managing flow control and enabling efficient, centralized decision-making?
A
The SDN controller—manages flow control and provides flexibility and efficiency by centralizing network decisions.
12
Q
Briefly describe each of the three layers in a 3-tiered model
A
Access = Entry point for end devices
Distribution = Policy control and traffic optimization
Core = High-speed backbone
13
Q
Briefly describe 3G 4G and 5G What technologies they use
A
3G = HSPA+ & EV-DO
4G = LTE & LTE-A
5G = mmwave, Massive MIMO
14
Q
Compare SSL VPN, PPP, PPTP, and IPsec.
A
SSL VPN: Secure, easy for remote users, web based
PPP/PPTP: Older, weaker, sometimes for backward compatibility
IPsec: Strong, full-featured VPN for site-to-site or remote access
15
Q
What is (NDP) used for in IPv6?
A
Neighbor Discovery Protocol helps devices discover each other, find other MAC addresses, and automatically configure themselves. It replaces several IPv4 functions like ARP and router discovery.
16
Q
What is ZeroConf and what features does it provide?
A
Assigns IPv4 link-local addresses (like APIPA)
Uses mDNS for name resolution without DNS
Enables service discovery on the local network.
17
Q
What is BOOTP and what was its original purpose?
A
A legacy protocol that dynamically assigns IPs and allows a workstation to load a boot image over the network.
18
Q
A network administrator is configuring a subnet with the network address of 192.168.10.0/28.
What is the range of usable host IP addresses for this subnet?
A
192.168.10.1 to 192.168.10.14
19
Q
Name the following ranges
🔒 Private Ranges x3
🌐 Public Ranges x5
🔁 Loopback
⚠️ APIPA
A
🔒 Private Ranges
Class A: 10
Class B: 172.16 – 172.31
Class C: 192.168
🌐 Public Ranges
Class A: 1-127
Class B: 128-191
Class C: 192-223
Class D: 224-239
Class E: 240-255
🔁 Loopback
127
⚠️ APIPA
169.254
20
Q
What does RFC 1918 define?
A
The private IP address ranges for Class A, B, and C networks
21
Q
What are the 4 key components of a fully configured network client?
A
IP address, Subnet mask, Default gateway, DNS server or WINS serve
22
Q
How many bits and digits are in an IPv4 and IPv6 address?
A
IPv4
32 Bits
12 Digits
IPv6
128 Bits
32 Digits
23
Q
What do IPv6 unicast and multicast addresses begin with
A
Global Unicast: Routable on the internet, starts with 2000–3999
Link-Local: LAN-only, starts with FE80
Multicast: FF
24
Q
A company wants to connect branch offices over the internet without using costly leased lines. They configure a tunneling protocol on their routers to encapsulate network layer traffic across a virtual point-to-point link. What protocol is being used?
A
Generic Routing Encapsulation (GRE); used for creating secure, flexible tunnels between remote sites.
25
A technician is setting up high-speed internet in a residential area using existing cable TV lines. The technology chosen offers faster speeds than DSL and allows for cost-effective deployment. What technology is being used?
DOCSIS – Data Over Cable Service Interface Specification, which delivers internet over coaxial cable TV infrastructure.
26
What is Wavelength Division Multiplexing (WDM) in fiber optics?
Sends multiple data streams simultaneously on a single-mode fiber using different light wavelengths (channels)
Coarse Wavelength Division Multiplexing (CWDM) → fewer channels, shorter reach
Dense Wavelength Division Multiplexing (DWDM) → many channels, long-distance, high capacity
27
Compare SSL VPN, PPP, PPTP, and IPsec.
SSL VPN: Secure, easy for remote users, web based
PPP/PPTP: Older, weaker, sometimes for backward compatibility
IPsec: Strong, full-featured VPN for site-to-site or remote access
28
What is the role of the wireless access point in infrastructure mode?
It acts as the central hub, managing communication between devices and providing access to the wired network.
29
What is an Autonomous Access Point, and in what scenarios is it typically used?
A standalone device that independently handles all wireless functions, including authentication, encryption, and traffic management. It’s ideal for small or isolated deployments where centralized control isn’t needed.
30
What is channel bonding and when is it used?
Channel bonding merges adjacent channels into a single wider channel—used in 5 GHz and 6 GHz bands to increase throughput for high-bandwidth applications like video streaming or enterprise traffic.
31
What does the 802.11h standard introduce for wireless optimization?
DFS (Dynamic Frequency Selection): Devices detect radar signals and avoid interference by switching channels.
TPC (Transmit Power Control): Devices adjust transmission power to maintain connection quality and reduce RF pollution. 802.11h ensures that Wi-Fi devices operating in the 5 GHz band don’t interfere with critical systems like weather radar, air traffic control, or military communications.
32
What is band steering and why is it important in multi-band networks?
Band steering automatically shifts client devices to the optimal frequency band (e.g., from 2.4 GHz to 5/6 GHz) to balance load and improve performance—especially useful in dual/triple-band enterprise APs.
33
What is EAP in wireless networking?
Extensible Authentication Protocol; a framework used in WPA2/WPA3-Enterprise for forwarding authentication between the client, access point, and RADIUS server.
34
What is HT Mixed Mode in 802.11n Wi-Fi?
Lets old (a/b/g) + new (n) devices connect
Adds overhead = slower speeds
Good for compatibility, not best for performance
35
What protocol is being used when email is accessed with SSL/TLS encryption over port 993?
IMAP Secure (IMAPS)
35
A web application uses a MySQL backend to store user data. What port must be open for database communication?
MySQL Server — port 3306
36
In network monitoring, what protocol and ports are used when a tool polls devices for performance metrics and receives alerts when thresholds are exceeded?
SNMP — Simple Network Management Protocol uses UDP ports 161 (polling) and 162 (traps)
37
A secure connection is established to a directory service for encrypted authentication and data retrieval. What port and protocol is being used?
LDAPS — LDAP over SSL/TLS, port 636 TCP
38
An enterprise system queries a centralized directory service to authenticate users and retrieve organizational data. The connection is unencrypted. What port and protocol is being used?
LDAP — Lightweight Directory Access Protocol, port 389 UDP/TCP
39
A technician is installing a high-speed connection between two switches located in the same rack. Pre-terminated, fixed-length copper cables with transceivers built into each end. Which type of cable is most appropriate for this scenario?
Direct Attach Copper (DAC) cable
40
A technician is upgrading a legacy network that currently uses cables rated for 100 Mbps at 100 meters. What cable type is most likely being replaced?
CAT 5
41
A technician is asked to install a cable that supports 10 Gbps at 55 meters but only 1 Gbps at 100 meters. What cable type fits this description?
CAT 6
42
Describe the SC, LC, ST, and MTP/MPO fiber connectors in terms of shape and typical use case.
SC (Subscriber Connector) Square push-pull, larger, square push-pull, legacy use
LC (Lucent Connector) Small latch-style Modern data centers, enterprise networks, cloud infrastructure
ST (Straight Tip) Round bayonet twist-lock Legacy systems, industrial multimode fiber
MTP/MPO (Multi-fiber) Rectangular multi-fiber Backbone links, QSFP+, parallel optics
42
A WPA3 network uses a handshake that resists password guessing and ensures each session has a unique key. What protocol is in use?
SAE — the authentication method in WPA3 Personal.
42
A technician is installing shielded twisted pair cabling that supports 10 Gbps at 100 meters and offers superior noise protection. What cable type is being installed?
CAT 7
43
When are T568A and T568B wiring standards typically used?
T568A is commonly used in residential installations, while T568B is more common in commercial networks.
43
Select all that apply to improve wireless security during router configuration:
A. Enable remote management over WAN
B. Disable WPS
C. Use WPA2 with a strong pre-shared key
D. Leave default SSID unchanged
E. Enable MAC address filtering
F. Use WEP for compatibility
G. Change default admin password
H. Disable SSID broadcast
I. Enable wireless isolation
J. Use WPA3 with SAE (if supported)
✅ Correct Answers:
B. Disable WPS
C. Use WPA2 with a strong pre-shared key
E. Enable MAC address filtering
G. Change default admin password
H. Disable SSID broadcast
I. Enable wireless isolation
J. Use WPA3 with SAE (if supported)
❌ Incorrect Answers & Why:
A. Enable remote management over WAN ❌ Increases attack surface—remote access should be disabled unless absolutely necessary and secured with strong authentication.
D. Leave default SSID unchanged ❌ Default SSIDs can reveal device make/model, making it easier for attackers to target known vulnerabilities.
F. Use WEP for compatibility ❌ WEP is deprecated and insecure due to weak encryption and IV vulnerabilities—never recommended.
44
While analyzing LAN traffic, an engineer sees a packet with destination MAC 01:00:5E:00:00:FB. What type of traffic is this?
Multicast traffic—MAC addresses starting with 01:00:5E indicate IPv4 multicast packets sent to a group of device
44
What’s the difference between 10GBase-LR and 10GBase-SR Ethernet standards?
10GBase-LR: 10 Gigabit Ethernet over single-mode fiber, long distances (~10 km).
10GBase-SR: 10 Gigabit Ethernet over multimode fiber, short distances (~300 m).
45
Which attack targets a single host by associating its MAC address with a legitimate IP to intercept traffic?
ARP Spoofing — manipulates ARP tables to redirect traffic.
46
Which ARP-based attack corrupts the ARP cache across an entire LAN?
ARP Poisoning — compromises ARP tables network-wide.
47
When should you use a Wildcard Certificate vs. a SAN field?
Wildcard: For multiple subdomains under one domain
SAN: For multiple distinct domains
48
What is Dynamic ARP Inspection (DAI) and what does it protect against?
DAI is a switch feature that validates ARP packets against trusted IP-MAC bindings to prevent ARP spoofing and on-path (Man-in-the-Middle) attacks.
49
What is Mandatory Access Control (MAC) and when is it used?
MAC is a system-enforced access control model where both users and data have fixed security labels. Access decisions are based on these labels, ensuring strict control over sensitive information, ideal for high-security environments.
50
How does Security Service Edge (SSE) differ from traditional perimeter-based security?
SSE uses cloud-based security services and real-time threat intelligence to monitor traffic, detect threats, and respond proactively, unlike traditional perimeter security, which relies on physical appliances at the network edge.
51
What’s the basic difference between IPSec Tunnel Mode and Transport Mode?
Tunnel Mode encrypts the entire packet including the original IP header
Transport Mode encrypts only the payload while leaving the original IP header visible.
52
What is DHCP snooping and why is it used in a network?
DHCP snooping is a security feature on switches that blocks unauthorized DHCP servers from assigning IP addresses and maintains a trusted binding table to prevent rogue devices from spoofing network configurations.
53
A cloud engineer is tasked with deploying a secure, logically isolated environment within a public cloud. The setup must support automated resource provisioning using scripted orchestration tools. What cloud construct is being used?
Virtual Private Cloud (VPC), which enables isolated infrastructure within a cloud provider’s environment and supports Infrastructure as Code (IaC) for automated deployment.
54
A network engineer is tasked with improving agility and reducing hardware dependency across multiple branch offices. They implement a solution that extracts traditional network functions from physical devices and deploys them as software applications. What technology is being used?
Network Function Virtualization (NFV), which enables flexible, cost-effective deployment of network services by virtualizing functions traditionally tied to hardware.
55
A service provider receives a digitally signed XML message confirming a user’s identity from a trusted identity provider. What protocol is being used to transmit this authentication data securely?
SAML — uses XML-based assertions to securely pass authentication and authorization data.
56
Compare NAT Gateway, Internet Gateway, VPN Gateway, and Direct Connect Gateway in a VPC.
NAT Gateway → Private resources access Internet outbound only, not directly reachable
Internet Gateway → Provides full Internet access for public subnets
VPN Gateway → Secure site-to-site VPN to on-premises networks
Direct Connect Gateway → Dedicated private connection from on-prem to cloud
57
Syslog Severity Levels 0–7 — what do they represent?
0 – Emergency: System unstable
1 – Alert: Immediate correction needed
2 – Critical: Primary application failure
3 – Error: Prevents proper function
4 – Warning: Action needed soon
5 – Notice: Unusual events
6 – Information: Normal operations
7 – Debugging: Developer-level info
57
Compare VPC, SD-WAN, VXLAN, and VPN.
VPC (Virtual Private Cloud): Isolated cloud network within a public cloud; resources can communicate privately.
SD-WAN: Software-defined WAN; intelligently routes traffic over multiple WAN links for performance and reliability.
VXLAN: Overlay network technology; encapsulates Layer 2 frames in Layer 3 packets to extend VLANs across large networks.
VPN (Virtual Private Network): Secure tunnel over public or shared networks to connect remote devices or sites.
58
When would you use a TAP, a network sniffer, a protocol analyzer, or SPAN/port mirroring?
TAPs are most reliable, SPAN is convenient but can drop traffic, sniffers depend on host resources.
TAP: Use for high-traffic networks or critical monitoring where reliability matters; passive, does not affect traffic.
Sniffer: Use for host-based troubleshooting or on-demand capture; may impact host performance.
Protocol Analyzer same as Sniffer
SPAN/Port Mirror: Use for quick deployment on a switch to monitor specific ports or VLANs; may drop packets under heavy load.
59
After you implement the solution, what’s the next step?
Verify System Functionality — ensure the fix resolved the issue and didn’t introduce new problems. This confirms success before closing the case.
60
Which tool helps you analyze when and where traffic is flowing across your network for performance tuning?
NetFlow Analyzer — ideal for monitoring, troubleshooting, and analyzing traffic flow data.
61
You need to analyze captured traffic with a graphical interface. How does tcpdump support this workflow?
Use tcpdump to save traffic into a PCAP file, then open it in Wireshark for deep packet analysis.
62
You need to check a port’s stats — including bandwidth, MTU size, and error counts — on a network device. Which command would you use?
show interface
63
You need to review a device’s saved setup — including system, SNMP, IP, DNS, and logging settings — to confirm how it’s currently configured. Which command would you use?
show config
64
You need to see a device’s list of known networks, along with how it reaches them and the cost of each path. Which command would you use?
show route
65
What does LLDP allow devices on a network to do?
(Link Layer Discovery Protocol) Advertise themselves and discover information about other devices.
66
In network troubleshooting, which tool would you use for each of the following:
Testing attenuation and dB loss on fiber
Detecting interference on Wi‑Fi
Fiber: Fiber Light Meter
Wi‑Fi: Spectrum Analyzer
67
On a network device, what do the activity light and link speed light indicate?
Activity light:
* Off – No link/connection
* Solid orange – Link established
* Blinking orange – Data activity
Link speed light:
* Off – 10 Mbps
* Orange – 100 Mbps
* Green – 1 Gbps
68
You’re troubleshooting a weak Wi‑Fi connection. Which measurement tells you the signal strength your device is receiving, and how much is being pushed out by the access point? Also, what does the general range indicate weak vs strong?
RSSI – Shows received signal strength; around ‑90 dB is very weak, around ‑30 dB is very strong.
EIRP – The maximum power an access point could radiate.
69
You’re connected to Wi‑Fi but can’t access the internet. What steps should you take to troubleshoot a possible captive portal issue?
Try going to any website to trigger the portal and rule out HTTP issues
Go to the default gateway IP in a browser
Verify DNS is working and DHCP is allowed to autoconfigure
70
Match each Nmap switch to its function:
-sn
-sS
-sT
-sU
-O
-p
-sn → Host discovery only (ping sweep, skip port scan)
-sS → TCP SYN scan (half‑open, stealthier)
Is the port open, closed, or filtered?
-sT → TCP connect scan (full handshake)
Is the port open, closed, or filtered?
-sU → UDP scan (check for open UDP services)
-O → Determine OS (OS fingerprinting)
-p → Scan specific ports
71
What is TCPdump?
Match each switch to its function:
-i
-nn
-w
TCPdump → analyzer/sniffer that captures and displays network traffic in real time or saves it for later analysis.
Switches:
-i → Specify the interface to capture from (e.g., -i eth0)
-nn → Show numeric IPs and ports (no DNS/service name resolution)
-w → Write captured packets to a file for later review
72
What does each of these ip commands do?
ip link show
ip -s link
ip addr list
ip route show
ip link show → Shows network interfaces and whether they are UP or DOWN
ip -s link → Adds interface statistics (packets, errors)
ip addr list → Shows IP addresses assigned to interfaces
ip route show → Displays the routing table
73
What do these common netstat flags do and when would you use them? -l, -a, -p
-l → Listening services
-a → All connections (listening + active)
-p → Shows process names (sometimes useful for troubleshooting)
74
What do these common arp flags do and when would you use them? -a, -s, -d
arp -a → View current ARP cache (IP → MAC mappings)
arp -s → Add a static ARP entry
arp -d → Delete an ARP cache entry
75
What is ngrep, and how is it used in network analysis?
ngrep is a command-line packet capture and analysis tool that searches network traffic using regular expressions, useful for monitoring and debugging protocols without a graphical interface.
76
What is the first step to configure a router-on-a-stick for a VLAN?
Create a subinterface on the router for the VLAN:
Syntax: interface [physical interface].[VLAN ID] → e.g., G0.30
Encapsulation (dot1Q) and IP address are configured after the subinterface is created.
77
A service provider is optimizing its network to improve efficiency and reduce reliance on traditional IP routing tables. The routers now forward packets using short path labels instead of full IP headers. What technology is being used?
Multiprotocol Label Switching (MPLS), which enhances routing speed and flexibility by using label-based forwarding.
78
A technician wants faster convergence and routing decisions based on link speed and cost. What type of protocol should they use? What are two examples?
Link state protocol, such as OSPF or IS-IS.
79
A Cisco-only network uses a hybrid protocol that combines distance vector and link state features. What protocol is being used?
EIGRP (Enhanced Interior Gateway Routing Protocol).
80
A router receives multiple route options from different protocols. Based on Administrative Distance (AD), list the protocols in order from most believable to least believable.
Directly connected (0), Static (1), EIGRP (90), OSPF (110), RIP (120), External EIGRP (170), Unknown/Unbelievable (255).
Lower AD = more trusted.
81
What is the difference between classful and classless routing protocols? Name the outlier routing protocol.
Classful protocols do not include subnet masks in updates and assume default masks, so they cannot support VLSM. Classless protocols include subnet masks, support VLSM, and allow efficient IP use.
RIPv1 is Classful.
82
Which protocol tags VLAN traffic across trunk ports, allowing multiple VLANs to pass between switches?
802.1Q → VLAN trunking protocol.
83
Which network device can be configured as transparent, allowing traffic to pass without modifying IP addresses?
Proxy server — when set to transparent mode, it intercepts traffic without requiring client configuration, providing caching or filtering while remaining invisible to users.
84
How does VXLAN solve the scalability limitation of traditional VLANs capped at 4,096 segments?
By extending the VLAN space using a 24-bit VXLAN ID, allowing up to 16 million logical segments.
85
Which OSI layer does QoS operate within to support mechanisms like CoS and DSCP?
Layer 2 — QoS begins at the data link layer using CoS tagging (802.1p), enabling traffic prioritization.
86
Which type of DNS zone maps domain names to IP addresses for internal name resolution?
Forward Zone — it resolves hostnames to IP addresses, enabling seamless access to internal resources.
87
Which protocol provides source authentication, data integrity via hashing, and encryption for IP packets?
IPSec — it secures IP traffic by authenticating the sender, verifying data integrity, and encrypting the payload.
88
Which routing technique advertises failed routes with an infinite metric to prevent routing loops?
Route Poisoning — it marks unreachable routes with an infinite cost so other routers avoid them.
89
What is SASE in the context of enterprise networking?
SASE (Secure Access Service Edge) is a cloud-native framework that combines networking and security services—like SD-WAN, firewalls, and zero trust—into a unified service for remote users and branch offices.
90
When configuring switchports for access points, when should you manually set speed and duplex instead of using Auto/Auto?
Only when auto-negotiation fails or legacy devices require it. Manual settings must match on both ends to avoid duplex mismatches.
91
What switch port status occurs when a port is assigned to a VLAN that doesn’t exist on the switch?
Suspended — the port is inactive and won’t pass traffic until the VLAN is created or reassigned.
92
Briefly describe the TCP three-way handshake and the flags it uses.
The TCP three-way handshake establishes a reliable connection between two hosts using three packets:
SYN — Client sends a synchronize request to initiate the connection.
SYN-ACK — Server acknowledges the SYN and sends its own SYN.
ACK — Client acknowledges the server’s SYN, completing the handshake.
93
What are the effects of insufficient bandwidth, packet loss, high latency, and jitter on video conferencing?
Insufficient bandwidth → Video freezes, audio dropouts, degraded resolution
Packet loss → Choppy audio, missing frames, retransmissions
High latency → Delays, echo, poor synchronization between audio and video
Jitter → Uneven delivery timing, causing robotic voice or stuttering video
94
What is the MOST likely cause when users in a newly configured VLAN cannot access the internet, while other VLANs can?
The new VLAN is not allowed on the trunk link — meaning traffic from that VLAN isn’t being carried between switches or to the router/firewall.
95
Which port is used to send formatted messages to a centralized logging server from network devices, clients, and servers?
UDP port 514 — used by Syslog, the standard protocol for centralized logging.
96
What should be adjusted to influence a routing protocol’s selection of the most efficient path?
Metric value — it determines how the routing protocol evaluates and selects the best path to a destination.
97
Which communication technology is used by video conferencing systems to synchronize video streams and reduce bandwidth from a central location to multiple subscribed devices?
Multicast — sends a single stream to multiple recipients efficiently, reducing bandwidth usage.
98
Which DHCP feature allows a technician to include additional settings like DNS server addresses or domain names in DHCP messages?
DHCP Options are standardized fields (like Option 3 for gateway, Option 6 for DNS) that extend basic IP assignment.
99
What type of cable should be used between two legacy switches, and between a switch and a PC?
Legacy switch ↔ Legacy switch → Crossover cable (no Auto-MDIX support)
Switch ↔ PC (or endpoint) → Straight-through cable (different device types)
100
What is the MOST secure way to allow remote access to network devices across branch offices while preventing unauthorized access?
Out-of-band management uses a separate, dedicated network (or interface) for administrative access — often via VPN, serial console servers, or dedicated links.
101
What is a known weakness of WPS-enabled wireless networks?
Brute force occurs within 11,000 combinations — due to predictable PIN structure, attackers can crack WPS quickly.
102
What does FCoE stand for, and what does it do?
Fibre Channel over Ethernet — transports Fibre Channel frames over Ethernet networks, enabling storage traffic to share LAN infrastructure.
103
What does VTP stand for, and what is its purpose?
VLAN Trunking Protocol — Cisco protocol that propagates VLAN configuration across switches in the same domain.
104
What does HSRP stand for, and what is its function?
Hot Standby Router Protocol — Cisco protocol that provides gateway redundancy by allowing multiple routers to share a virtual IP.
105
What does a SIEM system do that a basic Syslog server cannot?
A SIEM not only collects logs like Syslog, but also correlates events, detects threats, and generates real-time alerts used to investigate a breach. Syslog simply transports and stores logs without any intelligence or analysis.
106
What attack is likely if a device pretends to be a switch?
VLAN hopping. The attacker uses switch-like behavior to negotiate trunking and inject tagged frames into other VLANs.
107
What’s the difference between URL filtering and content filtering?
URL filtering blocks access to specific websites or web pages based on their address. Content filtering analyzes the actual content of a page like keywords, images, or scripts
108
Which DNS server type ensures trusted, verified answers for your own domain while allowing cached responses for external queries?
Authoritative DNS Server. It holds the official records for your domain, ensuring integrity. Caching for external queries is handled separately by resolvers or caching-only servers.
109
Which DNS zone type should you configure to quickly resolve internal departmental website names to IP addresses?
Forward Lookup Zone. It stores name-to-IP mappings for internal domains, enabling fast, local resolution without needing to query external servers.
110
What are the most likely causes of CRC errors on a switch interface, in order from most to least likely?
Duplex mismatch – Causes collisions and corrupted frames (most common in wired LANs).
Damaged or low-quality cables – Physical layer faults that distort signal integrity.
Electromagnetic interference (EMI) – External noise corrupts signal transmission.
Faulty NICs or switch ports – Hardware defects causing inconsistent frame transmission.
111
What are the definitions of latency, bandwidth, and throughput in network performance?
Latency: The time it takes for a packet to travel from source to destination and back (round-trip delay).
Bandwidth: The maximum data capacity of a network link, measured in bits per second (bps).
Throughput: The actual amount of data successfully transferred over the network in a given time.
112
What’s the difference between SASE and SSE?
SASE includes both networking (like SD-WAN) and security services, while SSE focuses only on cloud-delivered security functions.
113
What is the primary focus of Secure Access Service Edge (SASE)?
Securing network access for remote users and branch offices by combining networking and security in a cloud-delivered model.
114
What’s the most likely cause of no link light between two SFP+ fiber endpoints?
Mismatched transceivers. Both ends must use compatible types and speeds (e.g., 10G SR ↔ 10G SR).
115
What’s the most likely cause of high packet loss on a fiber link using correct transceivers and multimode fiber?
Improper signal strength at one or both ends—either too weak or too strong for the receiver to handle.
116
What are the four key layers in Software-Defined Networking (SDN), and what does each one do?
Application Layer: It sends requests to the network—like asking for bandwidth, security policies, or performance guarantees.
Control Layer: It receives requests from the application layer and translates them into specific instructions for the network. It handles routing decisions, policy enforcement, and traffic shaping.
Infrastructure Layer (Data Plane): It consists of physical or virtual switches, routers, and firewalls that carry out the instructions from the control layer.
Management Layer: This layer oversees the entire SDN stack. It handles configuration, monitoring, logging, analytics, and troubleshooting.
117
What does port security do?
MAC Address Limiting: Restricts the number of MAC addresses allowed on a port (e.g., only 1 device allowed).
Sticky MAC: Learns and saves the first MAC address seen on the port as an allowed device.
It helps prevent unauthorized access and MAC flooding attacks.
118
What are the key electrical measurements and what do they mean?
Voltage (V): Electrical pressure. Example: A wall outlet provides 120V—like water pressure in a pipe.
Current (A): Flow of electricity. Example: A phone charger draws 2A—like gallons of water flowing per minute.
Resistance (Ω): Opposition to flow. Example: A thin wire has more resistance than a thick one—like a narrow pipe slowing water.
Power (W): Energy used per second. Example: A 60W bulb uses 60 watts of power—like how fast water spins a turbine
119
What does NAC do in a network?
NAC checks a device’s identity and compliance before allowing access, then assigns it to the correct VLAN or access level based on policy.
Net+
flashcards
Decks in class (17)
# Cards
-
Network Fundamentals43
-
Routing15
-
OSI Model53
-
Documentation and Processes8
-
Ethernet Switching45
-
Orchestration and Automation9
-
IP Addressing44
-
WAN Connections12
-
Wireless Network30
-
Ports and Protocols35
-
Media and Connectors40
-
Distribution Systems (HVAC, Fire, Wiring)12
-
Security and Attacks39
-
Cloud and Virtualization13
-
Troubleshooting49
-
Network Monitoring7
-
Last Minute125
