Network Security

Question 1

allows you to view and modify the layer 2 to layer 3 address bindings?

Answer 1

That’s the ARP cache (Address Resolution Protocol cache).
ARP cache:

Stores Layer 3 (IP address) to Layer 2 (MAC address) mappings.

You can view and modify it with commands like arp -a (view) or arp -d (delete) on most systems.

Question 2

Which of the following types of hosting would an organization use if they wanted to maintain their own datacenter in their worldwide headquarters? On-premise Branch office Collocation

Answer 2

On-premise

This means the organization owns and operates its own datacenter at its headquarters.

Branch office: A remote site, not the headquarters.
Collocation: Renting space in a third-party datacenter.

Question 3

Traffic directions

Answer 3

Northbound: Traffic leaving the datacenter (out to WAN/Internet).

Southbound: Traffic entering the datacenter from external sources.

East-West: Traffic inside the datacenter between internal systems (server-to-server).

Question 4

It provides a single point of access for clients to a service offered by multiple servers.

Answer 4

Virtual IP (VIP)

Question 5

In the context of dynamic routing, what is the primary function of the Border Gateway Protocol (BGP)?

Answer 5

To exchange routing information between autonomous systems on the Internet.

Question 6

(MTTR)

Answer 6

The mean time to repair measures the average time it takes to repair a network device when it breaks.

Question 7

(MTBF)

Answer 7

The mean time between failures measures the average time between when failures occur on a device.

Question 8

(RTO)

Answer 8

The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.

Question 9

(RPO)

Answer 9

The recovery point objective (RPO) is the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or tolerance.

Question 10

Runts

Answer 10

Frames smaller than 64 bytes, usually due to collisions or transmission errors, indicating issues with the transmission medium or NIC.

Question 11

CRC Errors

Answer 11

Occur when the cyclic redundancy check fails, signaling data corruption during transmission.

Question 12

Giants

Answer 12

Frames larger than 1518 bytes, often caused by network congestion or misconfiguration.

Question 13

Drops

Answer 13

Frames discarded by a switch due to lack of buffer space, typically caused by congestion or port misconfiguration.

Question 14

Evil Twin

Answer 14

A rogue wireless access point that mimics a legitimate one to trick users into connecting, enabling data interception.

Question 15

IP Spoofing

Answer 15

An attack where a packet is sent with a forged source IP address to disguise the sender or impersonate another device at Layer 3.

Question 16

MAC Spoofing

Answer 16

Faking a device’s MAC address, such as the gateway’s, which can disrupt communication for all devices on the subnet.

Question 17

ARP Spoofing

Answer 17

Sending fake ARP messages to associate the attacker’s MAC address with a valid IP, enabling on-path attacks like interception or redirection.

Question 18

Layer at which Data is transmitted.

Answer 18

Layers 5–7 (Application, Presentation, Session)

Question 19

Layer at which Data is encapsulated into segments.

Answer 19

Layer 4 (Transport)

Question 20

Layer at which Segments are encapsulated into packets.

Answer 20

Layer 3 (Network)

Question 21

Layer at which Packets are encapsulated into frames.

Answer 21

Layer 2 (Data Link)

Question 22

Layer at which Frames are converted into bits for transmission.

Answer 22

Layer 1 (Physical)

Question 23

Part of the 802.1d standard; prevents Layer 2 switching loops.

Answer 23

Spanning Tree Protocol (STP)

Question 24

Standard for defining VLANs on Ethernet networks.

Answer 24

802.1q

Question 25

Layer 3 distance-vector routing protocol for LANs and WANs; uses split horizon and route poisoning to help avoid routing loops.

Answer 25

RIPv2

Question 26

Layer 3 link-state routing protocol based on the Shortest Path First algorithm; relies on mechanisms like split horizon and route poisoning for loop prevention.

Answer 26

OSPF

Question 27

What is link-state?

Answer 27

Link-state refers to a type of routing protocol where each router: Learns the full topology of the network. Builds a map of all routers and links. Uses algorithms (like Dijkstra’s SPF) to calculate the best path. OSPF and IS-IS. This contrasts with distance-vector protocols (like RIP), which only know the next hop and distance.

Question 28

Primary DNS Server

Answer 28

Holds the original, writable copy of the DNS zone data.

Question 29

Secondary DNS Server

Answer 29

Holds a read-only copy of the zone data, used to reduce load on the primary server by answering queries.

Question 30

Zone Data

Answer 30

A database of DNS records for a domain, including mappings of domain names to IP addresses.

Question 31

Secondary DNS Server

Answer 31

Contains a read-only copy of the zone file from the primary server; helps with load distribution, availability, and redundancy.

Question 32

Authoritative DNS Server

Answer 32

Answers queries for zones it manages; can be either primary or secondary.

Question 33

Recursive DNS Server

Answer 33

Resolves domain names by querying other DNS servers; does not store zone files.

Question 34

Primary DNS Server

Answer 34

Holds the editable master copy of the zone records.

Question 35

10GBase-LR

Answer 35

A 10 Gbps Ethernet standard designed for long-range transmissions over single-mode fiber (SMF) up to 10 km.

Question 36

10GBase-SR

Answer 36

A 10 Gbps Ethernet standard for short-range transmissions over multimode fiber (MMF) up to ~300–400 meters (depending on fiber type).

Question 37

Multimode Fiber (MMF)

Answer 37

Fiber optic cable with a larger core, used for short-distance communication; not suitable for 10GBase-LR.

Question 38

Single-mode Fiber (SMF)

Answer 38

Fiber with a smaller core, used for long-distance transmissions like those with 10GBase-LR.

Question 39

SFP+ Transceiver

Answer 39

A compact, hot-pluggable transceiver used for 10 Gbps connections; must match both the fiber type and distance requirements.

Question 40

Channel Congestion

Answer 40

Occurs when multiple Wi-Fi networks use the same or overlapping channels, leading to interference and degraded performance, especially during peak hours.

Question 41

Environmental Interference

Answer 41

Physical objects or appliances (e.g., microwaves, walls) that disrupt Wi-Fi signals, causing signal weakening.

Question 42

Outdated Firmware

Answer 42

Old router software that may lead to bugs or inefficiencies, but usually doesn’t cause consistent signal degradation.

Question 43

Device Interference

Answer 43

Interference from nearby electronics; can cause issues but typically results in irregular, not time-specific, degradation.

Question 44

Throttling

Answer 44

ISP-imposed speed reduction, often during high usage or after data caps; doesn’t cause Wi-Fi signal weakening.

Question 45

Take advantage of the existing Cat 6a lines that run to each server. Which Ethernet standard should be used to meet this requirement?

Answer 45

10GBase-T

Question 46

FIN (Finish) Flag

Answer 46

Used to gracefully request the termination of a TCP connection, allowing systems to release resources.

Question 47

RST (Reset) Flag

Answer 47

Used to abruptly terminate a TCP connection, often due to errors or unexpected packets outside an established session.

Question 48

SYN (Synchronize) Flag

Answer 48

Initiates a TCP connection; sent in the first step of the three-way handshake.

Question 49

ACK (Acknowledgment) Flag

Answer 49

Confirms receipt of a packet; used in the second and third steps of the TCP three-way handshake.

Question 50

T1 Connection

Answer 50

A copper-based digital transmission line commonly used for voice and data.

Question 51

Loopback Adapter

Answer 51

A plug used to test a network device's interface by looping the transmit and receive paths; also used for remote line testing.

Question 52

Fiber Light Meter (Optical Power Meter)

Answer 52

Measures the power level of an optical signal in a fiber optic cable.

Question 53

Cable Tester

Answer 53

Verifies the electrical continuity and proper wiring of twisted pair or coaxial cables; does not test interfaces.

Question 54

Tone Generator

Answer 54

Used with a toner probe to trace and identify cables in a bundle or at endpoints; not used for interface testing.

Question 55

SAML (Security Assertion Markup Language)

Answer 55

A protocol used to exchange authentication and authorization data between trusted parties, enabling Single Sign-On (SSO).

Question 56

TLS (Transport Layer Security)

Answer 56

Provides secure communication over a network; ensures confidentiality and integrity, but not designed for auth data exchange.

Question 57

IPsec (Internet Protocol Security)

Answer 57

Secures IP communications through encryption and authentication but does not manage SSO or auth data exchange.

Question 58

SOAP (Simple Object Access Protocol)

Answer 58

A protocol for exchanging structured information in web services; not primarily focused on authentication or SSO.

Question 59

To achieve detailed control over routing and address allocation, a technician should focus on

Answer 59

To achieve detailed control over routing and address allocation, a technician should focus on the subnet mask, which defines the size of the subnet and the number of usable host addresses. A more specific subnet mask (longer prefix) allows: Precise host allocation Efficient IP address use More granular route entries, enabling routing protocols to select the most specific path (longest prefix match).

Question 60

A technician was replacing a client’s security device that protects their DMZ. The client has an application that allows external users to access the application remotely. After replacing the devices, the external users cannot connect remotely to the application anymore. Which of the following devices was MOST likely misconfigured and is now causing a problem? Content filter, DNS, Firewall, DHCP

Answer 60

The firewall protecting the DMZ likely requires specific port forwarding or access control rules to allow external users to connect to the internal application. After replacement, those rules may not have been reconfigured properly, blocking remote access.

Question 61

Rollover (Console) Cable

Answer 61

A null-modem cable with an RS-232 (DB-9) and RJ-45 connector, used to connect a terminal or PC to a router or switch’s console port.

Question 62

RG-6 Cable

Answer 62

A coaxial cable used to connect cable modems or televisions.

Question 63

Ethernet Crossover Cable

Answer 63

A cable used to connect two network devices directly (e.g., PC to PC) without a switch or router.

Question 64

Straight-Through Cable

Answer 64

A twisted pair Ethernet cable used to connect a computer to a switch or other network device in LANs.

Question 65

ESSID (Extended Service Set Identifier)

Answer 65

The unique name identifying a wireless network across multiple access points, allowing devices to connect to the correct extended network.

Question 66

SSID (Service Set Identifier)

Answer 66

The basic name of a wireless network, typically associated with a single access point.

Question 67

Tracert

Answer 67

A Windows network diagnostic tool that traces the path packets take to a destination, showing each hop and its response time.

Question 68

Traceroute

Answer 68

The Unix/Linux/macOS version of Tracert; tracks packet paths and response delays, useful for diagnosing routing issues and failures.

Question 69

Ping

Answer 69

A tool that tests connectivity and measures round-trip time between two network devices.

Question 70

ip Command

Answer 70

A Linux command used to configure and manage network interfaces, replacing the deprecated ifconfig.

Question 71

ifconfig (Deprecated)

Answer 71

An older Linux command for network interface configuration, now replaced by the ip command.

Question 72

Tracert vs Traceroute

Answer 72

| **Tracert (Windows)** | **Traceroute (Unix/Linux/macOS)** | | ---------------------------------------- | ------------------------------------------------------ | | Windows | Unix, Linux, macOS | | Uses ICMP Echo Requests | Typically uses UDP packets (can use ICMP with options) | | Lists each hop with IP and response time | Lists each hop with IP and response time | | Diagnose path and latency to destination | Diagnose path and latency to destination | | `tracert` | `traceroute` |

Question 73

Shielded Twisted Pair (STP)

Answer 73

Twisted pair cables with a protective shield to reduce electromagnetic interference (EMI), ideal for high-EMI environments.

Question 74

Unshielded Twisted Pair (UTP)

Answer 74

Common twisted pair cables without shielding, susceptible to EMI.

Question 75

Multimode Fiber Optic Cable

Answer 75

Fiber optic cable supporting high data rates over short to medium distances, but not specifically for EMI protection.

Question 76

Single-mode Fiber Optic Cable

Answer 76

Fiber optic cable for long distances, immune to EMI, but often unnecessary for short, EMI-specific scenarios.

Question 77

Fusion Splicer

Answer 77

Device used to join or repair fiber optic cables by fusing fibers together for low-loss connections.

Question 78

Cable Crimper

Answer 78

Tool used to attach connectors (e.g., RJ-45) to twisted pair cables by securing wires to pins.

Question 79

Cable Snip/Cutter

Answer 79

Tool used to cut copper cables into desired lengths.

Question 80

Media Converter

Answer 80

Layer 1 device that connects different media types, such as copper Ethernet to fiber optic cable.

Question 81

show vlan

Answer 81

Displays VLAN information, showing network segmentation on Cisco switches.

Question 82

show interfaces

Answer 82

Shows interface status and statistics, but not VLAN or segmentation info.

Question 83

802.1x with EAP-TTLS and PAP

Answer 83

Authentication method using 802.1x with EAP-TTLS tunneled authentication and PAP for credential validation.

Question 84

PAP (Password Authentication Protocol)

Answer 84

A simple password-based protocol used in PPP for user authentication.

Question 85

MAC Address Filtering

Answer 85

Controls network access by allowing or blocking devices based on their MAC hardware address.

Question 86

WPA (Wi-Fi Protected Access)

Answer 86

Wireless encryption protocol supporting pre-shared keys or 802.1x; less secure than WPA2.

Question 87

WPA2

Answer 87

More secure wireless encryption protocol; requires support, not compatible if only WPA is supported.

Question 88

PKI with User Authentication (EAP-TLS)

Answer 88

Certificate-based authentication using public key infrastructure; not compatible with EAP-TTLS.

Question 89

802.1x

Answer 89

Network access control protocol that provides port-based authentication to devices trying to connect.

Question 90

EAP (Extensible Authentication Protocol)

Answer 90

A framework for transporting authentication protocols, allowing multiple methods under 802.1x.

Question 91

EAP-TTLS (Tunneled Transport Layer Security)

Answer 91

An EAP method that creates a secure tunnel for credential exchange, supporting password-based auth like PAP.

Question 92

Credential-Based Authentication

Answer 92

Authentication that uses username and password rather than certificates or tokens.

Question 93

Certificate-Based Authentication

Answer 93

Uses digital certificates for strong identity verification instead of passwords.

Question 94

Pre-shared Key (PSK)

Answer 94

A shared secret key used for authenticating clients on WPA or WPA2 wireless networks.

Question 95

PPP (Point-to-Point Protocol)

Answer 95

A data link layer protocol commonly used to establish direct connections over serial links, uses PAP for authentication.

Question 96

MAC Address

Answer 96

A unique hardware identifier assigned to network interfaces, used for filtering and network access control.

Question 97

User Authentication

Answer 97

The process of verifying the identity of a user before granting access to network resources.

Question 98

Tunneled Authentication

Answer 98

A method where authentication credentials are securely sent inside an encrypted tunnel to prevent interception.