Missed questions Flashcards

Question

**You just heard of a new ransomware attack that has been rapidly spreading across the internet that takes advantage of a vulnerability in the Windows SMB protocol. To protect your network until Microsoft releases a security update, you want to block the port for SMB at your firewall to prevent becoming a victim of this attack. Which of the following ports should you add to your blocklist?** * 445 * 123 * 514 * 143

Answer 1

445 **Explanation** OBJ-1.5: Server Message Block (SMB) uses ports 139 and 445, and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments. When the WannaCry ransomware was spreading rapidly across the internet, you could help protect your organization's network by blocking ports 139 and 445 at your firewall to prevent your machines from getting infected over the internet. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.

Answer 2

77.81.12.12 **Explanation** OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /30, so each subnet will contain 4 IP addresses. Since the IP address provided is 77.81.12.14/30, the network ID is 77.81.12.12/30, the first router is 77.81.12.13/30, the second router is 77.81.12.14/30, and the broadcast address is 77.81.12.15/30.

Answer 3

authPriv **Explanation** OBJ-3.1: In SNMPv3, the authPriv option ensures that the communications are sent with authentication and privacy. This uses MD5 and SHA for authentication and DES and AES for privacy and encryption.

Answer 4

802.11g **Explanation** OBJ-2.4: The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.

Answer 5

C:\windows\system32> nbtstat -R **Explanation** OBJ-5.3: Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the "nbtstat -R" command to purge and reload the cached name table from the LMHOST file on their Windows workstation. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.

Answer 6

Flash the latest firmware for her router **Explanation** OBJ-5.5: Routers can be updated by conducting a firmware flash. This is similar to upgrading or patching your computer's operating system or even updating a device driver. By flashing the firmware, it can provide the ability to communicate with newer devices and remove known software vulnerabilities from the device.

Answer 7

BGP **Explanation** OBJ-2.2: If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available. Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP), therefore it will not help be able to reroute the organization's WAN connections. The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. VRRP is used for your internal clients and will not affect the routing of traffic between WANs or autonomous systems. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle. A load balancer would work at one site, but would not allow routing of the WAN connections at all the other sites since they rely on autonomous systems and BGP is used to route traffic between autonomous systems.

Answer 8

Make the change, document the requester, and document all network changes **Explanation** OBJ-3.2: The best answer is to make the change, document the requester, and document all the network changes. All changes to the enterprise network should be approved through the normal change management processes. If there is an urgent need, there is an emergency change management process that can be used for approval. This is known as an emergency change approval board (ECAB). An ECAB can be executed extremely quickly to gain approval, and then the documentation can be completed after the change is made when using the emergency change management processes.

Answer 9

Implement a split-horizon or split-view DNS **Explanation** OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external). Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules.

Answer 10

Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and then immediately install it in the production environment **Explanation** OBJ-3.2: Patches should always be tested first. Once successfully tested, deployment to the production environment can then be accomplished.

Answer 11

Downgrade the server and defer the new feature testing **Explanation** OBJ-4.3: Since the vendor stated that the new version introduces vulnerabilities in the environment, it is best to downgrade the server to the older and more secure version until a patch is available.

Answer 12

ipconfig/release | ipconfig /renew **Explanation** OBJ-5.3: The ipconfig tool displays all current TCP/IP network configuration values on a given system. The ipconfig also can release and renew a DHCP-received IP on a workstation. The first thing to do is release the IP address using the command ipconfig /release. Next, the technician should dynamically assign another IP address using the command ipconfig /renew. These commands could be each entered individually or combined using the pipe (|) syntax as shown in this question. The ipconfig /all option would be used to display the assigned IP addresses. The ipconfig /renew option would be used to renew an existing DHCP lease and not request a new IP address.

Answer 13

Assign the interface a 802.1q tag to its own VLAN **Explanation** OBJ-5.5: The WAN interface (eth 1/1) is currently untagged and is being assigned to the default VLAN (VLAN 1). If there are numerous devices in the default VLAN, the VLAN may be overloaded or oversubscribed leading to a reduction in the network performance. To solve this issue, you would assign the WAN interface to a VLAN with less traffic or to its own VLAN. By adding an 802.1q tag (VLAN tag) to the interface, you can assign it to its own individual VLAN and eliminate potential overloading or oversubscription issues. The interface is already set to full-duplex (fdx) and it operating in full-duplex (fdx). Therefore, the issue is not a duplexing mismatch. The configuration shows that the interface is already using a GigabitEthernet, so you do not need to replace the transceiver with a 1000Base-T module. Also, the physical layer is working properly and a link is established, as shown by the output "GigabitEthernet 1/1 is up", showing the current transceiver is functioning properly at 1 Gbps. While issuing the shutdown command and then re-enabling the interface could clear any errors, based on the interface status shown we have no indications that errors are being detected or reported.

Answer 14

NAC **Explanation** OBJ-4.1: Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology, the user or system authentication, and network security enforcement. NAC restricts the data that each particular user can access and implements anti-threat applications such as firewalls, anti-virus software, and spyware detection programs. NAC also regulates and restricts the things individual subscribers or users can do once they are connected. If a user is unknown, the NAC can quarantine the device from the network upon connection. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network such as the Internet. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Unified threat management (UTM) provides multiple security features (anti-virus, anti-spam, content filtering, and web filtering) in a single device or network appliance.

Answer 15

802.11ac **Explanation** OBJ-2.4: The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth.

Answer 16

eDiscovery **Explanation** OBJ-3.2: By process of elimination, you can easily answer this question. Data transport is the transport of data, while the first responder is the first person to arrive on the scene. Encryption is a method of putting data into a tunnel so that it is completely secure. This leaves us with eDiscovery. eDiscovery is the term that refers to the process of evidence collection through digital forensics. eDiscovery is conducted during an incident response.

Answer 17

telnet **Explanation** OBJ-5.3: The telnet command is used to open a command-line interface on a remote computer or server. Telnet operates in plain text mode and should never be used over an untrusted or public network. While it would be better for Scott to use SSH for security reasons, telnet is still the best answer based on the options presented in this question. Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network's clients, servers, and devices. A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface.

Answer 18

An evil twin **Explanation** OBJ-4.2: An evil twin is the most common way to perform an on-path attack on a wireless network. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user's knowledge. A man-in-the-middle or on-path attack consists of sitting between the connection of two parties and either observing or manipulating traffic. This could be through interfering with legitimate networks or creating fake networks that the attacker controls. ARP spoofing, session hijacking, and amplified DNS attacks are not techniques specific to attacking wireless networks.

Answer 19

MIMO **Explanation** OBJ-2.4: One way 802.11n and 802.11ac networks achieve superior throughput and speeds by using multiple-input multiple-output (MIMO) and multi-user MIMO (MU-MIMO), respectively. MIMO uses multiple antennas for transmission and reception, which results in higher speeds than 802.11a and 802.11g networks, which can only support up to 54 Mbps of throughput. Wireless N and Wireless AC networks also utilize the 5 GHz frequency band, allowing them to achieve speeds greater than 54 Mbps. WPA2 is a wireless encryption standard and can be used with Wireless G, N, AC, or AX. Using WPA2 does not increase the speed of the wireless network. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. PoE does not affect the speed of a wireless network. Lightweight Access Point Protocol (LWAPP) is the name of a protocol that can control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring, or troubleshooting a large network. LWAPP does not affect the speed of a wireless network.

Answer 20

21, 22 **Explanation** OBJ-1.5: FTP (File Transfer Protocol) uses ports 20 and 21. SFTP (Secure File Transfer Protocol) uses port 22. Port 23 is used by Telnet. If this were a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up. (It might also have 4-6 different pairs to match up.)

Answer 21

The switchport is configured for 802.1q trunking **Explanation** OBJ-5.5: If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address. APIPA is not configured on the VLAN’s switch, it is configured by default on client and server devices, such as the workstation in this scenario. A small form-factor pluggable (SFP) transceiver is used on routers as a hot-pluggable network interface module, they are not used in workstations. The workstation’s OS update status is unlikely to cause the network connectivity issue, but a network interface driver might. Therefore, the most likely cause of this issue is the switchport was configured as a trunking port instead of an access port.

Answer 22

389 **Explanation** OBJ-1.5: The lightweight directory access protocol (LDAP) is a protocol used to access and update information in an X.500-style network resource directory. LDAP uses port 389. The service location protocol (SLP) is a protocol or method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. This is an alternative protocol to LDAP in newer networks. SLP uses port 427. The remote desktop protocol (RDP) is a protocol used for the remote administration of a host using a graphical user interface. RDP operates over TCP port 3389. The domain name system (DNS) protocol is the protocol used to provide names for an IP address based on their mappings in a database using TCP/UDP port 53.

Answer 23

WPA personal **Explanation** OBJ-4.3: Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client. MAC filtering does not use a password or preshared key. WEP uses a pre-shared key to secure a wireless network, but WPA uses a stronger encryption standard than WEP.

Answer 24

3 **Explanation** OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Answer 25

1433 **Explanation** OBJ-1.5: Microsoft SQL uses ports 1433, and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). SQLnet uses ports 1521 and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Answer 26

MAC filtering **Explanation** OBJ-4.3: MAC Filtering will control access to the network by restricting access to only certain devices. MAC address filtering allows you to block traffic coming from certain known machines or devices. The router uses the MAC address of a computer or device on the network to identify it and block or permit access. Traffic coming in from a specified MAC address will be filtered depending upon the policy. In this scenario, you should implement an allow list that only allows approved MAC addresses to connect to and communicate over the wireless network.

Answer 27

Split-horizon is misconfigured **Explanation** OBJ-5.5: Split horizon is a method used by distance vector protocols to prevent network routing loops. With split horizon, if a router receives routing information from another router, the first router will not broadcast that information back to the second router, thus preventing routing loops from occurring. If it is misconfigured, the routers could suffer a routing loop which would produce the error message received when trying to communicate with each other. The other options would not cause a communication error between the three internal routers when testing the connectivity using their IP addresses. A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network and maps a domain name to an IP address. Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Answer 28

ISAKMP **Explanation** OBJ-4.4: ISAKMP is used in IPsec, which is commonly used in securing the key exchange during the establishment of a client-to-server VPN connection. TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The Advanced Encryption Standard (AES) is a symmetric key encryption and is not used for key exchanges.

Answer 29

Rollback plan **Explanation** OBJ-3.2: The purpose of a rollback plan is to document at every point during the deployment of a change or upgrade where you can stop the deployment and return to a known good state.

Answer 30

Tickets used to identify authenticated users **Explanation** OBJ-4.1: Whether you learned the in-depth details of each of these protocols during your studies or not, you should be able to answer this question by remembering that Kerberos is all about 'tickets.' Kerberos uses a system of tickets to allow nodes to communicate over a non-secure network and securely prove their identity. Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos is used in Windows Active Directory domains for authentication. Single sign-on (SSO) is a type of mutual authentication for multiple services that can accept the credential from one domain or service as authentication for other services. The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request.

Answer 31

South **Explanation** OBJ-1.7: North-South traffic or communication refers to traffic that enters or leaves the data center from a system physically residing outside the datacenter. North traffic is traffic exiting the datacenter. South traffic is traffic entering the data center. In both cases, the data is exiting or entering the data center through a firewall or other network infrastructure boundary device, such as a router. East-West traffic or communication refers to data flow within a datacenter. For example, if we are using a spine and leaf architecture, any data flow between the various servers in the datacenter, even if it goes between different leaves, would be considered east-west traffic.

Answer 32

RDP **Explanation** OBJ-4.4: The RDP (remote desktop protocol) is a Windows feature that allows a remote user to initiate a connection at any time and sign on to the local machine using an authorized account. This connection allows a Windows administrator to see and control what is on a remote computer's screen. RDP authentication and session data are always encrypted. This means that a malicious user with access to the same network cannot intercept credentials or interfere or capture anything transmitted during the session. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Telnet uses port 23 to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection but sends its data in plaintext making it an insecure protocol. Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it.

Answer 33

Zero-day **Explanation** OBJ-4.1: A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited, and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, hence the term zero-day. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A brute-force attack consists of an attacker systematically trying all possible password and passphrase combinations until the correct one is found. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.

Answer 34

802.1d **Explanation** OBJ-2.3: The Spanning Tree Protocol is part of the 802.1d standard and avoids loops in the switching network (layer 2). The 802.1q standard is used to define virtual LANs (VLANs) on an ethernet network. RIPv2 is a layer 3 distance-vector protocol for local and wide-area networks, and does not prevent or avoid loops by default. Open Shortest Path First (OSPF) is a layer 3 link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF does not avoid or prevent loops by default. Instead, RIP and OSPF both rely on split horizon and route poisoning to avoid layer 3 loops.

Answer 35

Rollover **Explanation** OBJ-5.2: Typically, a router or switch's console port is connected using a rollover cable, which has an RS-232 (DB-9) port on one side and an RJ-45 on the other. A rollover or console cable is a type of null-modem cable that is used to connect a computer terminal to a router's console port. An RG-6 cable is a coaxial cable used to connect to a cable modem or television. An Ethernet crossover cable is a network cable used to connect two Ethernet network devices directly, such as two computers without a switch or router in between. A straight-through cable is a type of twisted pair cable that is used in local area networks to connect a computer to a network switch.

Answer 36

Ensure port 53 is enabled on the firewall **Explanation** OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. When a client wants to access a website, it will make a request to the DNS server over port 53 to translate the domain name to its corresponding IP address. Since the technician is only able to access the servers using their IP addresses, this validates that the connectivity is functioning correctly but the DNS process is failing. The most likely reason for this is that port 53 is blocked at the firewall and is preventing the client from sending their requests to the DNS server. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The nslookup command will still need to communicate with a DNS server over port 53, though, to perform these lookups. The ping command is used to test whether a given target is reachable across an IP network by sending an ICMP Echo Request packet and receiving an ICMP Echo Reply. Since the technician successfully used ping to communicate with the server using their IP addresses, this indicates that ICMP is not blocked by the firewall. The HOST file is a text file containing domain names and IP addresses. The HOST file works like a local DNS lookup, but the technician would have to enter the domain name and IP for every website a user might want to access, making this an unacceptable option to solve this issue for the long term.

Answer 37

Brute force occurs within 11,000 combinations **Explanation** OBJ-2.4: The most prominent attack against WPS0-enabled wireless networks involves brute-forcing the 8-digit PIN that client uses to enroll their devices without knowing the pre-shared key. WPS checks each half of the PIN individually, reducing the number of possible combinations from a maximum of 100,000,000 to only 11,000. This only takes a few minutes to crack on most modern computers, as long as the WAP doesn't have a lockout after a certain number of failures. The lockout mechanism may also be triggered based on the client's MAC, so you can often spoof MAC to bypass this defense.

Answer 38

Loopback **Explanation** OBJ-1.4: In IPv6, ::1 is the loopback address. In IPv4, the loopback address is 127.0.0.1. The loopback address is used to send a test signal sent to a network destination to diagnose problems. A broadcast address is an IP address that is used to target all systems on a specific subnet network instead of single hosts. A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service. The address shown is not a broadcast or multicast address. A public address is routable over the internet but ::1 is a loopback address and therefore not publicly routable on the internet.

Answer 39

/26 **Explanation** OBJ-1.4: Since the Sales department needs 55 devices plus a network ID and broadcast IP, it will require 57 IP addresses. The smallest subnet that can fit 57 IPs is a /26 (64 IPs). A /26 will borrow 2 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^6 available host IP addresses, or 64 total IP addresses. Of the 64 IP addresses, there are 62 available for clients to use, one for the network ID, and one for the broadcast address.

Answer 40

Port scanner **Explanation** OBJ-5.3: A port scanner is used to determine which ports and services are open and available for communication on a target system. The port scanner will scan the server and display any open ports. If the technician finds that port 443 (HTTPS) is open and all other ports are closed, then they know the server has been properly hardened. A NetFlow analyzer is used to perform monitoring, troubleshooting, inspection, interpretation, and synthesis of network traffic flow data. An IP scanner is used to monitor a network's IP address space in real-time and identify any devices connected to the network. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode.

Answer 41

Wi-Fi **Explanation** OBJ-2.4: Wi-Fi is the best solution to meet this organization's needs. 802.11ac is a very fast high-speed Wi-Fi network capable of 1 Gbps speeds over a 5 GHz spectrum and is perfect for uploading large image files quickly over a wireless local area network. Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. While the warehouse might want to also utilize RFID to allow for the accurate scanning of items using radio frequency tracking tags, RFID cannot upload large images of the items to the centralized server since it is limited to 2 KB of data per RFID tag. Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz and building personal area networks. Bluetooth would not allow the worker to have full coverage throughout the warehouse due to the short distance requirement between a transmitter and receiver. Near-Field Communication (NFC) is a set of communication protocols for communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection with a simple setup that can be used to bootstrap more capable wireless connections.

Answer 42

OSPF **Explanation** OBJ-2.2: OSPF is known as a classless protocol. Classless routing protocols are those protocols that include the subnet mask information when the routing tables or updates are exchanged. Other classless routing protocols include EIGRP, RIPv2 (or newer), and IS-IS.

Answer 43

205.12.35.0 **Explanation** OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /27, so each subnet will contain 32 IP addresses. This means that there eight networks in this class C range: 205.12.35.0, 205.12.35.32, 205.12.35.64, 205.12.35.96, 205.12.35.128, 205.12.35.160, 205.12.35.196, and 205.12.35.224. Since the IP address provided is 205.12.35.26, it will be in the 205.12.35.0/27 network.

Answer 44

MTU **Explanation** OBJ-2.3: MTU is the largest unit that can be transmitted across a network. If the MTU is set at a value above 1500, the network is configured to support jumbo frames. A media access control address is a unique identifier assigned to a network interface controller for use as a network address in communications within a network segment. Management information base (MIB) is a collection of definitions which define the properties of the managed object within the device to be managed (such as a router, switch, etc.). An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats.

Answer 45

Jitter **Explanation** OBJ-3.2: Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients. Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance.

Answer 46

/25 **Explanation** OBJ-1.4: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have 105 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 107 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). Since we need 107 IP addresses, we need to round up to a block of 128. To symbolize a CIDR block with 128 IP addresses, we would use /25, which is 2^7 =128.

Answer 47

Defense in depth **Explanation** OBJ-4.1: Defense in depth is the concept of layering various network appliances and configurations to create a more secure and defensible architecture. Dion Training appears to be using various host-based and network-based devices to ensure there are multiple security layers in the network.

Answer 48

Codec **Explanation** OBJ-2.1: The term "codec" is a concatenation of "encoder" and "decoder.” In video conferencing, a codec is a software (or can be hardware) that compresses (encodes) raw video data before it is transmitted over a network. Generally, audio/video conferencing systems utilize the H.323 protocol with various codecs like H.263 and H.264 to operate. A 56k modem is a legacy device, also called a dial-up modem. These devices are too slow to allow an IP-based video conferencing system deployment. RS-232 is a standard protocol used for serial communication, and is too slow to support IP-based video conferencing systems. Near Field Communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 4cm or less to initiate a connection. NFC is not used with IP-based video conferencing systems.

Answer 49

Conduct real-time monitoring of the phone's activity and usage **Explanation** OBJ-3.1: While all four are good options, the BEST solution is to conduct real-time monitoring of the phone's activity since it is a technical control that could quickly identify an issue. The other options are all administrative controls (policies), which are useful but would not actually identify if the sensitive data was leaked from Jason's phone.

Answer 50

Private SaaS **Explanation** OBJ-1.8: SaaS (Software as a Service) is a cloud model whereby a service provider provides a software service and makes the service available to customers over the Internet. Examples of SaaS solutions include Microsoft Office 365, Microsoft Exchange Online, and Google Docs. Because of the concerns with sensitive corporate information being processed by the SaaS, Dion Training should ensure a Private SaaS is chosen. A private cloud is a particular model of cloud computing that involves a distinct and secure cloud-based environment in which only the specified client (Dion Training in this case) can operate. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A community cloud is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. A hybrid cloud uses a mix of on-premises, private cloud, and third-party, public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud.

Answer 51

Virtual switch **Explanation** OBJ-1.2: A virtual switch (vSwitch) is a software application that allows communication between virtual machines. A vSwitch does more than just forward data packets, it intelligently directs the communication on a network by checking data packets before moving them to a destination.

Answer 52

25, 161 **Explanation** OBJ-1.5: SMTP (Simple Mail Transfer Protocol) uses port 25. SNMP (Simple Network Management Protocol) uses port 161. Port 23 is used by Telnet. Port 445 is used by the Server Message Block (SMB) protocol. Port 3389 is used by the Remote Desktop Protocol (RDP). Port 443 is used by the Hypertext Transfer Protocol Secure (HTTPS). If this were a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up.

Answer 53

Rapid elasticity **Explanation** OBJ-1.8: Rapid elasticity can be a security threat to your organization's data due to data remanences. Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase it. So, when a cloud resource is deprovisioned and returned to the cloud service provider, it can be issued to another organization for use. If the data was not properly erased from the underlying storage, it could be exposed to the other organization. For this reason, all cloud-based storage drives should be encrypted by default to prevent data remanence from being read by others. Metered services are pre-paid, a-la-carte, pay-per-use, or committed offerings. A metered service like a database may charge its users based on the actual usage of the service resources on an hourly or monthly basis. For example, Dion Training used the AWS Lambda serverless product in some of our automation. This service charges us $0.20 for every 1 million requests processed. Resource pooling refers to the concept that allows a virtual environment to allocate memory and processing capacity for a VMs use. On-demand refers to the fact that a consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

Answer 54

tracert **Explanation** OBJ-5.3: Tracert is a command-line utility used to trace an IP packet's path as it moves from its source to its destination. While using ping will tell you if the remote website is reachable or not, it will not tell you where the connection is broken. Tracert performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help to identify if the connectivity issue lies within your intranet or is a problem with the ISP's connection. The nslookup tool is used to troubleshoot DNS issues. The netstat tool is used to display network statistics and active connections. The ping tool is used to test an end-to-end connection, but it will not provide any data on the hops found in the connection.

Answer 55

Duplicate IP addresses **Explanation** OBJ-5.5: A duplicate IP address occurs when two or more devices have been assigned the same IP address, either dynamically by the DHCP server or statically by a network administrator. This is a common symptom observed when there are two DHCP servers on the network, such as an authorized DHCP server and a rogue DHCP server. A duplicate MAC address occurs when two or more devices are responding to data requests as if they are the only device on the network with that physical address. One indication of this occurring is when a switch continually changes the port assignments for that address as it updates its content-addressable memory (CAM) table to reflect the physical address and switchport bindings. A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment. Multicast flooding occurs because no specific host is associated with the multicast MAC address in the content-addressable memory (CAM) table of a switch.

Answer 56

802.3af **Explanation** OBJ-2.3: Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.

Answer 57

Wavelength mismatch **Explanation** OBJ-5.2: Wavelength mismatch occurs when two different transceivers are used at each end of the cable. For example, if one SFP uses a 1310nm transceiver and the other end uses a 850 nm transceiver, they will be unable to communicate properly and the link will remain down. A duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half-duplex while the other one operates in full-duplex. The effect of a duplex mismatch is a link that operates inefficiently. All networking cables have a limited supported distance. For example, copper cables must be less than 100 meters. Single-mode fiber cables can be up to 40 kilometers, therefore the issue is not a distance limitation in this scenario. The link is established before an IP address is assigned by DHCP. In this scenario, the link is not being established, therefore it cannot be a wrong IP address being assigned to the interfaces.

Answer 58

Screened subnet **Explanation** OBJ-4.1: A triple-homed firewall connects to three networks internal (private), external (internet/public), and a screened subnet (formerly called a demilitarized zone or DMZ). The screened subnet is used to host systems that require access from external hosts. Data zones describe the state and location of data to help isolate and protect it from unauthorized/inappropriate use-for example, as data transitions from raw storage, processing, production, and analytical use. Data zones are associated with data lakes and designed to help manage big data used by analysts and scientists for data exploration and discovery tasks. An availability zone is an individual data center within a region of a cloud service provider's network. A staging environment is a pre-production enclave used for testing and development.

Answer 59

Rogue DHCP server **Explanation** OBJ-5.5: Routers usually contain their own DHCP servers. When the sales manager installed the wired router, he inadvertently introduced a secondary DHCP server into the network. This could cause the same IP addresses to be assigned to two different workstations, resulting in connectivity issues for those workstations. Had the sales manager installed a simple hub or switch, this would not have caused any issues. Because this is a wired router, it cannot be an evil twin since evil twins are wireless access points. We have no indications of a VLAN mismatch since this would only affect the workstations connected to this router. Similarly, we have no indications of a network loop, so this network might already be implementing STP to prevent them. Remember, always ask yourself, "what changed recently that might have caused this issue?" In this case, it was the new router added this morning by the sales manager.

Answer 60

TLS **Explanation** OBJ-4.4: Transport Layer Security (TLS) is used to secure web connections over port 443. Since port 443 was in use, you should expect either HTTPS, SSL, or TLS to be used as the protocol. If not, this would be suspicious activity and should be investigated. In fact, since this was a connection from the external IP to an internal host over port 443, this is suspicious and could be indicative of a remote access trojan on your host.

Answer 61

UC Gateway **Explanation** OBJ-2.1: Unified Communications (UC) enables people to use different modes of communication, media, and devices to communicate with anyone, anywhere, anytime. To accomplish this, a UC gateway is needed. Unified communications (UC) refers to the integration of multiple forms of real-time communications including voice, video, collaboration, and text messaging. A UC gateway connects your IP-based voice system to the Public Switched Telephone Network (PSTN).

Answer 62

(D)Configure VTP and 802.1q on the inter-switch connections with native VLAN 100 & (E)Configure VLSM for the IP address range **Explanation** OBJ-2.2: The 801.q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it. VLSM stands for Variable Length Subnet Mask where the subnet design uses more than one mask in the same network which means more than one mask is used for different subnets of a single class A, B, or C network. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard and Rapid Reconfiguration of Spanning Tree is defined in the IEEE 802.1w standard. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.

Answer 63

Identify the problem **Explanation** OBJ-5.1: The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Since you just arrived at the main distribution frame, you need to begin by identifying the problem. This could include gathering information, questioning users or the other technician, identifying symptoms, determining if anything has changed, or trying to duplicate the problem.

Answer 64

dig **Explanation** OBJ-5.3: The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host.

Answer 65

CSMA/CD **Explanation** OBJ-2.3: In networking technologies that use CSMA/CD as their access method, a device first listens to the network media to make sure there is no signal already present from another device before it tries to place its own signal on the media. If a carrier signal is detected on the media, which indicates that a device is currently transmitting a signal, no other device can initiate a transmission until the carrier stops. If no carrier is detected, any device can transmit a signal. If two devices listen to the wire and detect no carrier signal, they may decide to send signals simultaneously. If this happens, a collision occurs between the two signals generated. Next, both devices detect the collision and stop transmitting their signals immediately, sending out a jamming signal that informs all other devices on the network that a collision has occurred and should not transmit. Meanwhile, the two devices whose signals created the collision cease transmitting and wait for random intervals of time (usually a few milliseconds) before attempting to retransmit.

Answer 66

1 **Explanation** OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Answer 67

The Spanning Tree Protocol uses BPDU to detect loops in network topologies **Explanation** OBJ-2.3: The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. The Spanning Tree Protocol operates at Layer 2 of the OSI model to detect switching loops. STP is defined in the IEEE 802.1d standard. The Link Aggregation Control Protocol (LACP) enables you to assign multiple physical links to a logical interface that will appear as a single link to a route processor. LACP is used to combine multiple network connections in parallel to increase throughput beyond what a single connection could sustain and to provide redundancy in case one of the links should fail. LACP is defined in the IEEE 802.3ad standard. Split horizon is used by routing protocols at layer 3 to prevent routing loops, and it does not affect switching loops.

Answer 68

Use the same SSIDs on different channels and AP isolation **Explanation** OBJ-2.4: For users to be able to seamlessly migrate between the two buildings, both Access Points (AP) must use the same SSIDs. To prevent frequency interference, though, each device needs to select a different and non-overlapping channel to utilize. Finally, the AP isolation should be enabled. Access Point (AP) isolation is a technique for preventing mobile devices connected to an AP from communicating directly with each other.

Answer 69

CVE **Explanation** OBJ-4.1: Common Vulnerabilities and Exposures (CVE) is an element of the Security Content Automation Protocol (SCAP) that provides a standard nomenclature for describing security flaws or vulnerabilities. A SIEM is a solution that provides a real-time or near-real-time analysis of security alerts generated by network hardware and applications. A VPC is a private network segment made available to a single cloud consumer on a public cloud. The Sarbanes-Oxley Act (SOX) dictates requirements for storing and retaining documents relating to an organization's financial and business operations, including the type of documents stored and their retention periods.

Answer 70

VTP **Explanation** OBJ-2.3: The VLAN Trunking Protocol (VTP) allows a VLAN created on one switch to be propagated to other switches in a group of switches in a VTP domain. Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches to ensure that you do not create loops when you have redundant paths in your network. Multiprotocol Label Switching is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows. The Point-to-Point Tunneling Protocol is an obsolete method for implementing virtual private networks. MPLS, STP, and PPTP are not used to share VLAN information like VTP and the 802.1q standard do.

Answer 71

SOA **Explanation** OBJ-1.6: A Start of Authority (SOA) resource record indicates which Domain Name Server (DNS) is the best source of information for the specified domain. An AAAA record associates your domain name with an IPv6 address. An A record associates your domain name with an IPv4 address. An MX record is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic.

Answer 72

T-1 **Explanation** OBJ-1.2: A T-1 connection provides a guaranteed 1.544 Mbps of throughput. Dial-up, DSL, and cable broadband do not provide a guaranteed throughput rate. Instead, these services provide a variable throughput rate based on network conditions and demand in the area of your business.

Answer 73

SNMP Walk **Explanation** OBJ-3.1: SNMP Walk can be used to determine if the counter is using 32 bits or 64 bits by querying the OID of the endpoint (router interface). This is a complex topic beyond the scope of the Network+ exam (how to use the SNMP Walk tool) and usually serves as a type of in-depth question that CompTIA might ask to determine if a candidate has actual real-world experience in networking or just studied from a textbook. Some instructors like to claim that CompTIA uses these types of questions to determine if someone is cheating because only people who studied from a "brain dump" are likely to get this question correct! This type of question reminds you that it is ok not to know all the answers on test day. Just take your best guess, and then move on!

Answer 74

APIPA **Explanation** OBJ-1.4: APIPA stands for Automatic Private IP Addressing and is a feature of Windows operating systems. When a client computer is configured to use automatic addressing (DHCP), APIPA assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the client if the DHCP server is unavailable. A static IP address is used when the DHCP server is disabled and clients are configured manually to join the network properly. A public IP address is the outward-facing (public-facing) IP address assigned to a client. A private IP address lets a router correctly direct traffic within its network and allows devices within a network to communicate with one another, but private IP addresses cannot be used to route traffic across the internet.

Answer 75

PTR **Explanation** OBJ-1.6: There are several types of DNS records, including A, AAAA, CNAME, PTR, SVR, and TXT. PTR records are used for the Reverse DNS (Domain Name System) lookup. Using the IP address, you can get the associated domain/hostname. An A record should exist for every PTR record. Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.

Answer 76

Conduct a baseline review **Explanation** OBJ-3.1: John should conduct a baseline review to compare the statistics he collected against the previous baseline. He can then use this information further to investigate the drop in the server's performance. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.

Answer 77

SCADA/ICS **Explanation** OBJ-2.1: Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS) are used in manufacturing and assembly-line networks. SCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Industrial control system (ICS) is a collective term used to describe different types of control systems and associated instrumentation, which includes the devices, systems, networks, and controls used to operate and/or automate industrial processes. Network Function Virtualization (NFV) is a way to reduce cost and accelerate service deployment for network operators by decoupling functions like a firewall or encryption from dedicated hardware and moving them to virtual servers. Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. Channel Service Unit/Data Service Unit (CSU/DSU) is a hardware device about the size of an external modem that converts digital data frames from the communications technology used on a local area network (LAN) into frames appropriate to a wide-area network (WAN) and vice versa.

Answer 78

10.10.10.255 **Explanation** OBJ-1.4: In classless subnets using variable-length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /25, so each subnet will contain 128 IP addresses. Since the IP address provided is 10.10.10.200, the broadcast address will be 10.10.10.255.

Answer 79

Enable SSID broadcast for the guest wireless network **Explanation** OBJ-2.4: Since security was not listed as a requirement for the guest wireless network, it would be easiest not to set up any encryption, passwords, or authentication mechanisms on the network. Instead, you should enable the SSID broadcast for the guest network so students can easily find and connect to it. Using two-factor authentication, 802.1x, or WEP would require the students to complete additional configurations prior to connecting to the guest network.

Answer 80

The broadcast is disabled on the wireless router **Explanation** OBJ-5.4: If the SSID (Secure Set Identifier) is disabled, then the wireless network name will not be broadcast to any available devices within range. Both Wireless B and G use the same frequency band (2.4 GHz) and would not cause this issue. Similarly, encryption that is enabled or disabled would not affect the SSID broadcast since the SSID is sent out in cleartext. DHCP support is used once a device connects to the network. Therefore it would not affect the SSID broadcast.

Answer 81

nslookup **Explanation** OBJ-5.3: The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The telnet command is used to open a command-line interface on a remote computer or server. Telnet operates in plain text mode and should never be used over an untrusted or public network.

Answer 82

1521 **Explanation** OBJ-1.5: SQLnet uses ports 1521, and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Microsoft SQL uses ports 1433 and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Answer 83

DNS server **Explanation** OBJ-5.5: The DNS Server translates Fully Qualified Domain Names (FQDN) to IP addresses. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. A WINS server is a Microsoft Windows-based server running the Windows Internet Name Service (WINS) that can accept NetBIOS name registrations and queries. WINS servers maintain a database of NetBIOS name to IP address mappings for WINS clients on the network and speed up NetBIOS name resolution by eliminating broadcasts. Since the technician can ping the server using its hostname, the WINS server is working properly. Since the technician cannot ping the server using its fully qualified domain name (FQDN), the DNS server is likely offline.

Answer 84

PAN **Explanation** OBJ-1.2: A personal area network (PAN) is centered around a short distance, usually around a person or up to a few meters. PANs are heavily used with Bluetooth and NFC. A local area network (LAN) connects computers within a small and specific area geographically. A campus area network (CAN) is a computer network that spans a limited geographic area. CANs interconnect multiple local area networks (LAN) within an educational or corporate campus. A wide area network (WAN) will typically cover a larger area geographically, such as a continent, a state, or a country.

Answer 85

OID **Explanation** OBJ-3.1: The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol. The management information base (MIB) is a translation file that is used to describe the structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers (OID). A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. A granular trap contains a unique object identifier (OID) number and a value for that OID. A verbose trap may contain all the information about a given alert or event as its payload. A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network.

Answer 86

LACP **Explanation** OBJ-2.3: The Link Aggregation Control Protocol (LACP) is the 802.3ad protocol is used to group numerous physical ports to make one high bandwidth path. This method can increase bandwidth and therefore, throughput. LACP can also provide network redundancy and load balancing. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. A Bridge Protocol Data Unit (BPDU) is used by STP to prevent the bridge loops. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

Answer 87

Multimeter **Explanation** OBJ-5.2: A multimeter is a measuring instrument that can measure the voltage, resistance, and amperage of a cable or conduit. To test this cable, you should set the multimeter to resistance and connect one of the multimeter's leads to each end of the coaxial cable to determine the resistance as measured in ohms. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A cable certifier is used to test the continuity of a cable and verify that a cable meets its specifications such as the bandwidth, frequency, and length. A spectrum analyzer is used to measure the magnitude of an input signal's frequency.

Answer 88

802.1q **Explanation** OBJ-2.3: 802.1Q is the networking standard that supports virtual LANs on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that results from them. STP is defined in the IEEE 802.1d standard.

Answer 89

MTBF **Explanation** OBJ-3.3: The mean time between failures (MTBF) measures the average time between when failures occur on a device. The mean time to repair (MTTR) measures the average time it takes to repair a network device when it breaks. The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in continuity. The recovery point objective (RPO) is the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or tolerance.

Answer 90

OSPF **Explanation** OBJ-2.2: Only OSPF supports IPv4 and VLSM (Variable Length Subnet Mask) from the options provided in this question. Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP). VRRP, RIPv1, and HSRP do not support VLSM. The Virtual Router Redundancy Protocol is a computer networking protocol that provides for automatic assignment of available Internet Protocol routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. The Hot Standby Router Protocol is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway. The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from source to destination. While RIPv1 does not support VLSM, RIPv2 does support VLSM but was not an option in this question.

Answer 91

Bandwidth **Explanation** OBJ-3.2: Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance. Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients.

Answer 92

0 **Explanation** OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Answer 93

Router **Explanation** OBJ-2.1: A router is networking hardware that connects computer networks and forwards data packets between those networks. A router operates at the network layer (Layer 3) of the OSI model and makes routing decisions based upon IP addresses. Each switchport on a router is a separate collision domain and a separate broadcast domain. A hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub operates at the physical layer (Layer 1) of the OSI model. All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD. A switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A switch operates at the data link layer (Layer 2) of the OSI model and makes switching decisions based upon MAC addresses. Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. A bridge is networking hardware that forwards traffic between network segments at the data link layer (Layer 2) of the OSI model using MAC addresses. Each switchport on a bridge is a separate collision domain, but all switchports are in a common broadcast domain.

Answer 94

Firewall **Explanation** OBJ-2.1: A firewall is considered a perimeter security device. It should be installed at the perimeter or boundary of a network to provide maximum security. Switches, bridges, and wireless access points are all considered internal network devices and should not be installed at the network's outermost perimeter.

Answer 95

Verbose trap **Explanation** OBJ-3.1: The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. A verbose trap may contain all the information about a given alert or event as its payload. A granular trap contains a unique object identifier (OID) number and a value for that OID. A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network. A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol. The management information base (MIB) is a translation file that is used to describe the structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers (OID).

Answer 96

802.1x **Explanation** OBJ-2.3: The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af.

Answer 97

Packet sniffer **Explanation** OBJ-5.3: Packet Sniffers can capture and analyze network user traffic. This information can be queried to view website addresses, contents, and sometimes even password information. This differs from an intrusion detection system in that IDS’s wait to receive implicitly malicious data in a network before logging the event.

Answer 98

Install a UPS **Explanation** OBJ-3.3: The best solution would be to install a UPS. Since you are a network technician and not an electrician, you should not install a new electrical circuit. The primary function of UPS is to provide battery backup when the electrical power fails or drops to an unacceptable voltage level. It ensures that your electrical equipment gets a consistent current so damage and device power cycling do not occur. A surge protector defends against possible voltage spikes that could damage your electronics, appliances, or equipment. A network technician is not qualified to install a new electrical outlet since that is a job for an electrician. The scenario presents issues that focus on the power levels, therefore installing an upgraded router would not solve these issues.

Answer 99

Community cloud **Explanation** OBJ-1.8: Community Cloud is another type of cloud computing in which the cloud setup is shared manually among different organizations that belong to the same community or area. A multi-tenant setup is developed using the cloud among different organizations belonging to a particular community or group with similar computing concerns. For joint business organizations, ventures, research organizations, and tenders, a community cloud is an appropriate solution. Based on the description of 15 member banks coming together to create the CloudBank organization and its cloud computing environment, a community cloud model is most likely described. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A private cloud contains services offered either over the Internet or a private internal network and only to select users instead of the general public. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud.

Answer 100

Time-division multiplexing **Explanation** OBJ-1.2: Time-division multiplexing allows for two or more signals or bitstreams to be transferred in what appears to be simultaneous sub-channels in one communication channel but is physically taking turns on the channel. This is the technology used in a single PRI (ISDN or T-1) service to essentially share a single cable but pass multiple voice calls over it. Analog circuit switching is used by telephone providers on the Public Switched Telephone Network (PSTN), not with ISDN or T-1 connections. Time-division spread spectrum is not a real thing, spread spectrum is used in Wi-Fi, but it is based on frequency and not time. CSMA/CD is the carrier sense multiple access collision detection that is used for ethernet access at layer 2 of the OSI model. CSMA/CD is not used with ISDN or T-1 connections.

Answer 101

Application layer **Explanation** OBJ-1.7: The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.

Answer 102

Control layer **Explanation** OBJ-1.7: The control layer is used in software-defined networking (SDN), not the three-tiered data center network architecture. The Core Layer is considered the backbone of our network and is used to merge geographically separated networks back into one logical and cohesive unit. In general, you will have at least two routers at the core level, operating in a redundant configuration. The distribution or aggregation layer is located under the core layer and it provides boundary definition by implementing access lists and filters to define the policies for the network at large. The access or edge layer is located beneath the distribution or aggregation layer and is used to connect all the endpoint devices like computers, laptops, servers, printers, wireless access points, and others.

Answer 103

Remove the ARP entry on the user's workstation **Explanation** OBJ-5.1: Based on the network troubleshooting methodology, you should try to test your theory to determine the cause once you have established a theory of probable cause. In this scenario, the technician has a theory that the static ARP entry is the cause of the problem. Since this issue has already caused the workstation not to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn't fix the issue, you would need to develop a new hypothesis to test. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

Answer 104

Submit a change request **Explanation** OBJ-3.2: A change request should be submitted through the change management process prior to any changes being made. Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies.

Answer 105

Segmentation & Disabling unused services **Explanation** OBJ-2.1: Segmentation is the best method to reduce the risk to an embedded ICS system from a network-based compromise. Additionally, you could disable unused services to reduce the footprint of the embedded ICS. Many of these embedded ICS systems have a large number of default services running. So, by disabling the unused services, we can better secure these devices. By segmenting the devices off the main portion of the network, we can also better protect them. A NIDS might detect an attack or compromise, but it would not reduce the risk of the attack succeeding since it can only detect it. Patching is difficult for embedded ICS devices since they usually rely on customized software applications that rarely provide updates.

Answer 106

A stateful network-based firewall **Explanation** OBJ-2.1: A stateful firewall enhances security through packet filtering, and these types of firewalls also keep track of outbound requests and open the port for the returning traffic to enter the network. Since a centrally located firewall was required by the question, a network-based firewall should be chosen instead of a host-based firewall.

Answer 107

Pre-action system **Explanation** OBJ-3.3: A fire suppression system is an engineered set of components that are designed to extinguish an accidental fire in a workplace or datacenter. A pre-action system minimizes the risk of accidental release from a wet pipe system. With a pre-action system, both a detector actuation like a smoke detector and a sprinkler must be tripped prior to water being released. A wet pipe system is the most basic type of fire suppression system, and it involved using a sprinkler system and pipes that always contain water in the pipes. Special suppression systems, like a clean agent system, use either a halocarbon agent or inert gas. When releases, the agents will displace the oxygen in the room with the inert gas and suffocates the fire. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter.

Answer 108

TACACS+ **Explanation** OBJ-4.1: TACACS+ is a AAA (accounting, authorization, and authentication) protocol to provide AAA services for access to routers, network access points, and other networking devices. TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server. Multifactor authentication is an authentication scheme that works based on something you know, something you have, something you are, something you do, or somewhere you are. These schemes can be made stronger by combining them (for example, protecting the use of a smart card certification [something you have] with a PIN [something you know]). Network Access Control (NAC) is a means of ensuring endpoint security by ensuring that all devices connecting to the network conform to a health policy such as its patch level, antivirus/firewall configuration, and other factors. Internet Security Association and Key Management Protocol (ISAKMP) is used for negotiating, establishing, modification, and deletion of SAs and related parameters in the IPSec protocol.

Answer 109

Data link **Explanation** OBJ-1.1: In the data link layer (layer 2) of the OSI model, the basic unit of transfer is called a frame. In an ATM network, though, these frames are called cells and are of a fixed (53 octets or bytes) length that allows for faster switching of the cells across the network.

Answer 110

Anycast **Explanation** OBJ-1.4: An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the “nearest” interface having that address, according to the router’s routing table. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. Multicast can be used with both IPv4 and IPv6. Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.

Answer 111

Dynamic ARP Inspection **Explanation** OBJ-4.3: Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). Port mirroring, ARP inspection, and VLANs do not add any redundancy to the network. DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure. When DHCP servers are allocating IP addresses to the LAN clients, DHCP snooping can be configured on LAN switches to prevent malicious or malformed DHCP traffic or rogue DHCP servers. The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform.

Answer 112

Physical **Explanation** OBJ-1.1: Ping requests occur at layer 3 (Network Layer). Therefore, the problem could exist in layer 1 (physical), layer 2 (data link), or layer 3 (network). Since Physical (layer 1) is the only choice from layers 1-3 given, it must be the correct answer. Also, since the gateway cannot reach any of the other devices on the network, it is most likely a cable (physical) issue between the gateway and the network switch.

Answer 113

This is caused because your gateway is conducting NAT or PAT **Explanation** OBJ-1.4: Your computer network uses a private IP address for machines within the network and assigns a public IP address for traffic being routed over the network using either NAT or PAT. Most small office home office (SOHO) networks utilize a single public IP for all of their devices and use a technique known as PAT to associate the public IP with each internal client's private IP when needed. Network Address Translation (NAT) and Port Address Translation (PAT) allow multiple devices on a LAN to be mapped to a single public IP address to conserve IP address. In NAT, private IP addresses are translated into public IP addresses. In PAT, private IP addresses are translated into a single public IP address and their traffic is segregated by port numbers.

Answer 114

TKIP **Explanation** OBJ-2.4: Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.

Missed questions Flashcards

(138 cards)