Practice Test 2 Part 2

Question 1

Which method is MOST EFFECTIVE for detecting traffic anomalies caused by a Distributed Denial of Service (DDoS) attack?

A) Monitoring bandwidth usage across different network segments
B) Filtering packets by source IP address
C) Conducting deep packet inspection to analyze traffic content
D) Using NetFlow data to analyze traffic patterns and volume

Answer 1

D) Using NetFlow data to analyze traffic patterns and volume

Question 2

Which method is LEAST COST-EFFECTIVE for managing unexpected network congestion during peak usage?

A) Analyzing traffic patterns
B) Implementing intelligent load balancing across multiple paths
C) Utilizing real-time monitoring
D) Expanding physical bandwidth

Answer 2

D) Expanding physical bandwidth

Question 3

Which scenario would require the SHORTEST RPO?

A) A financial institution processing high-frequency transactions
B) A research facility storing archived experimental data
C) A marketing agency working on weekly campaigns
D) A remote backup service provider with nightly backups

Answer 3

A) A financial institution processing high-frequency transactions

Question 4

Which of the following best describes a cold site in the context of disaster recovery?

A) A fully equipped and immediately operational backup site
B) A site with the basic infrastructure but requires setup and configuration before use
C) A backup site that mirrors the primary site in real-time
D) A site that can be activated within minutes and is fully functional

Answer 4

B) A site with the basic infrastructure but requires setup and configuration before use

Question 5

Which of the following best describes an active-active configuration in a high availability setup?

A) All nodes are active, sharing the load and providing redundancy in case of failure
B) Only one node is active at a time, with the other node on standby to take over if needed
C) The system alternates between active nodes based on a predefined schedule
D) All nodes are passive and only become active when a failure is detected

Answer 5

A) All nodes are active, sharing the load and providing redundancy in case of failure

Question 6

Which of the following best describes the importance of tabletop exercises in disaster recovery planning?

A) They simulate full-scale disasters to test the physical response capabilities of an organization
B) They involve informal discussions to identify potential weaknesses in a recovery plan
C) They focus on the real-time execution of the disaster recovery plan to evaluate its effectiveness
D) They provide a cost-effective way to evaluate recovery procedures through structured, scenario-based discussions

Answer 6

D) They provide a cost-effective way to evaluate recovery procedures through structured, scenario-based discussions

Question 7

Which of the following best explains the purpose of DHCP lease time in network management?

A) It determines the duration for which a DHCP server blocks unauthorized devices
B) It sets the interval for the DHCP server to assign new IP addresses to all devices
C) It controls the maximum number of devices that can connect to the network simultaneously
D) It defines the time period a device can use an IP address before it must renew the lease

Answer 7

D) It defines the time period a device can use an IP address before it must renew the lease

Question 8

Which of the following DNS record types is used to map a domain name to an IPv4 address?

A) AAAA
B) MX
C) CNAME
D) A

Answer 8

D) A

Question 9

A network administrator wants to ensure that DNS queries and responses are encrypted to prevent eavesdropping and tampering.

Which secure DNS protocols should they consider implementing?

A) DNSSEC and DoT
B) DoH and DNSSEC
C) DoT and DoH
D) DNSSEC and Reverse DNS

Answer 9

C) DoT and DoH

Question 10

Which of the following is NOT an accurate statement about VPN types?

A) Split tunnel VPN routes all traffic through the VPN, ensuring all data is secured
B) Clientless VPN allows access to specific applications through a web browser without installing VPN software
C) Full tunnel VPN routes all network traffic through the VPN, providing comprehensive security
D) Split tunnel VPN allows only specific traffic to go through the VPN while other traffic goes directly to the internet

Answer 10

A) Split tunnel VPN routes all traffic through the VPN, ensuring all data is secured

Question 11

Which of the following best describes the purpose of a jump box in network security?

A) It acts as an intermediary, providing secure access to and from isolated network segments
B) It enhances network performance by optimizing traffic flow between devices
C) It provides direct access to critical network devices from any location
D) It automatically backs up configuration files for network devices

Answer 11

A) It acts as an intermediary, providing secure access to and from isolated network segment

Question 12

Which of the following is NOT a protocol used to encrypt data in transit?

A) TLS
B) HTTPS
C) RADIUS
D) IPsec

Answer 12

C) RADIUS

Question 13

Which of the following is NOT a key feature of SSO in IAM?

A) It allows users to access multiple applications with one set of credentials
B) It reduces the number of passwords users need to remember
C) It enhances security by requiring multiple forms of authentication
D) It simplifies the user experience by minimizing login prompts

Answer 13

C) It enhances security by requiring multiple forms of authentication

Question 14

Which of the following is NOT a benefit of implementing RBAC in an organization?

A) Simplifies the management of user permissions by assigning roles instead of individual permissions
B) Reduces the risk of unauthorized access by limiting users to only the resources necessary for their roles
C) Provides users with the ability to adjust their own access levels based on their needs
D) Enhances security by enforcing the principle of least privilege through predefined roles

Answer 14

C) Provides users with the ability to adjust their own access levels based on their needs

Question 15

After a series of security breaches, a company is considering adding more physical barriers to its data center.

What is the most likely benefit of installing additional physical barriers?

A) They will reduce the need for electronic monitoring systems
B) They will increase the complexity of security policies
C) They will provide an additional layer of protection against unauthorized physical access
D) They will improve the effectiveness of remote access management

Answer 15

C) They will provide an additional layer of protection against unauthorized physical access

Question 16

Which of the following is NOT a primary characteristic of a honeynet?

A) It consists of multiple honeypots working together to simulate a network environment
B) It is designed to actively block and prevent attackers from accessing real systems
C) It gathers extensive data on attacker behaviors across various decoy systems
D) It can mimic the infrastructure of an actual network to deceive attackers

Answer 16

B) It is designed to actively block and prevent attackers from accessing real systems

Question 17

During an investigation, a security analyst discovers that an attacker gained unauthorized access to a server by exploiting a vulnerability in a legacy application. The attacker was able to execute code remotely and elevate privileges, allowing them full control of the system.

What type of vulnerability or technique did the attacker most likely exploit?

A) Buffer overflow
B) Zero-day exploit
C) Social engineering
D) SQL injection

Answer 17

A) Buffer overflow

Question 18

A manufacturing company is concerned about the security risks posed by its IIoT devices, which are connected to both production machinery and the corporate network.

To minimize the impact of potential cyberattacks on critical operations, what strategy should the company implement?

A) Place all IIoT devices on the same network segment as the corporate servers
B) Segregate IIoT devices into a separate network segment isolated from critical systems
C) Use a single firewall to protect both IIoT and corporate networks
D) Disable remote access to all IIoT devices

Answer 18

B) Segregate IIoT devices into a separate network segment isolated from critical systems

Question 19

A network administrator notices a significant drop in the availability of a critical web service, accompanied by unusually high inbound traffic from multiple sources.

Which of the following is the MOST likely cause of this issue?

A) A misconfigured firewall rule allowing excessive traffic
B) A DDoS attack
C) An internal server error causing the service to crash
D) An unauthorized user accessing the web service

Answer 19

B) A DDoS attack

Question 20

Which of the following best describes the impact of a successful MAC flooding attack on a network switch?

A) The switch forwards all incoming frames to the destination device without any delays
B) The switch reroutes traffic through a secure VLAN to mitigate the flooding
C) The switch immediately shuts down affected ports to prevent further flooding
D) The switch’s CAM table is overflowed, causing it to broadcast all incoming frames to all ports

Answer 20

D) The switch’s CAM table is overflowed, causing it to broadcast all incoming frames to all ports

Question 21

Which of the following is NOT an effective method for mitigating ARP spoofing?

A) Implementing IPsec to encrypt ARP traffic
B) Enabling DAI on the network
C) Configuring static ARP entries on critical devices
D) Using port security to restrict access based on MAC addresses

Answer 21

A) Implementing IPsec to encrypt ARP traffic

Question 22

A network administrator notices that some devices on the network are receiving incorrect IP addresses, leading to connectivity issues. Upon investigation, they discover that an unauthorized device is assigning IP addresses.

Which of the following actions would BEST mitigate this issue?

A) Implement DHCP snooping on all network switches
B) Increase the DHCP lease time to reduce IP address changes
C) Disable the unauthorized device’s network port
D) Configure static IP addresses for all devices on the network

Answer 22

A) Implement DHCP snooping on all network switches

Question 23

Which of the following is NOT a typical method used in an on-path attack?

A) Intercepting and altering data packets between two devices
B) Impersonating one party in the communication to gather information
C) Flooding the network with traffic to disrupt communication
D) Eavesdropping on communication to steal sensitive information

Answer 23

C) Flooding the network with traffic to disrupt communication

Question 24

An employee reports that after installing a seemingly legitimate software update from an unfamiliar source, they noticed a new application running in the background that they didn’t recognize. The system remains responsive, but confidential files have started to disappear, and an outbound connection to an unknown server has been detected.

What is the MOST likely explanation for these symptoms?

A) The system has been infected with a worm that is spreading across the network
B) The software update contained Trojan malware that is now active on the system
C) The computer is under a ransomware attack that is encrypting files in the background
D) The system has been compromised by spyware that is collecting sensitive data

Answer 24

B) The software update contained Trojan malware that is now active on the system

Question 25

A new network device was recently installed in an organization. Shortly after, the IT team notices unauthorized access attempts to the device. Upon investigation, it was found that the device was still using its factory settings. What security measure should have been implemented during the installation to prevent this issue? A) Configuring access control lists to limit device access B) Changing the default password to a strong, unique one C) Disabling unused ports and services on the device D) Implementing encryption for all communications with the device

Answer 25

B) Changing the default password to a strong, unique one

Question 26

An organization implements port security on its network switches to prevent unauthorized devices from accessing the network. During a routine audit, the IT team discovers that several ports have been automatically disabled due to violations. What is the most likely cause of these port shutdowns? A) The ports were receiving traffic from devices with multiple MAC addresses B) The devices connected to the ports were using outdated firmware C) The ports were configured to only allow encrypted traffic D) The ports were set to dynamically assign IP addresses to connected devices

Answer 26

A) The ports were receiving traffic from devices with multiple MAC addresses

Question 27

An organization is setting up a secure communication channel between its servers and client devices. The IT team generates a pair of cryptographic keys but encounters issues when attempting to securely share one of the keys with the client devices. What is the most likely reason for this challenge? A) The organization used asymmetric encryption, and the key intended for clients must be distributed securely B) The organization used symmetric encryption, which requires both keys to be kept secret C) The keys were generated using an outdated algorithm, leading to compatibility issues D) The communication channel was not properly encrypted, allowing potential interception during key distribution

Answer 27

A) The organization used asymmetric encryption, and the key intended for clients must be distributed securely

Question 28

Which of the following best describes the primary function of an ACL in network security? A) An ACL encrypts data packets to ensure secure transmission over the network B) An ACL defines which users are allowed to access specific network devices C) An ACL filters network traffic based on predefined rules, allowing or denying packets based on criteria such as IP address or protocol D) An ACL assigns IP addresses to devices as they connect to the network

Answer 28

C) An ACL filters network traffic based on predefined rules, allowing or denying packets based on criteria such as IP address or protocol

Question 29

Which of the following methods is commonly used to implement content filtering in a modern network? A) Using packet sniffing to monitor and block suspicious traffic B) Configuring DNS filtering to block access to domains associated with harmful content C) Applying encryption protocols to secure data in transit D) Implementing VLANs to separate network traffic based on department

Answer 29

B) Configuring DNS filtering to block access to domains associated with harmful content

Question 30

Which of the following best describes the primary function of a DMZ in network security? A) To act as a secure storage area for encryption keys and sensitive data B) To allow limited, controlled access to specific internal resources from the public internet, while safeguarding the rest of the internal network C) To provide a separate network segment for high-priority traffic, ensuring it is not affected by regular network congestion D) To serve as a buffer zone between an organization’s internal network and external threats, hosting public-facing services while protecting the internal network

Answer 30

D) To serve as a buffer zone between an organization’s internal network and external threats, hosting public-facing services while protecting the internal network

Question 31

Which of the following is the FIRST step when identifying symptoms of a network problem? A) Isolating affected devices B) Documenting the time and duration of the issue C) Identifying changes made to the network D) Analyzing network traffic patterns

Answer 31

B) Documenting the time and duration of the issue

Question 32

When troubleshooting a network issue, which approach involves starting with the application layer and working towards the physical layer? A) Bottom-to-Top B) Top-to-Bottom C) Divide and Conquer D) Lateral Exploration

Answer 32

B) Top-to-Bottom

Question 33

You are tasked with resolving a complex network issue that involves multiple departments. What should be your first consideration when developing a plan of action? A) Determine how each department will be affected by the resolution process B) Estimate the total downtime required for the implementation C) Identify the specific technical steps needed to resolve the issue D) Prepare a communication plan to keep all stakeholders informed

Answer 33

A) Determine how each department will be affected by the resolution process

Question 34

What is the MOST critical step to take immediately after implementing a solution? A) Perform a full system reboot to clear any cached errors B) Verify that the key services affected by the change are operational C) Document the implementation process for future reference D) Notify users that the change has been successfully implemented

Answer 34

B) Verify that the key services affected by the change are operational

Question 35

A network technician is troubleshooting a slow connection in a data center and discovers that Cat 5 cables were used instead of the specified Cat 6 cables. What is the most significant impact this might have on the network? A) The connection might not support gigabit speeds, leading to bottlenecks B) The cable might not be compatible with the devices, causing connection drops C) The network could be more susceptible to crosstalk and interference D) The network might experience a complete failure due to incorrect cabling

Answer 35

A) The connection might not support gigabit speeds, leading to bottlenecks

Question 36

Which of the following is a common symptom of improper cable termination in a network? A) Intermittent connectivity with no clear pattern B) Consistent high latency across all network traffic C) Total network failure across multiple devices D) High levels of signal attenuation on long cable runs

Answer 36

A) Intermittent connectivity with no clear pattern

Question 37

A network engineer observes an increasing number of giants on an interface connected to a server. The MTU size is correctly configured on both the server and the switch. What is the MOST likely cause of these giants? A) An outdated driver on the server’s NIC B) A duplex mismatch between the server and the switch C) Physical damage to the network cable D) A malfunctioning NIC on the server

Answer 37

D) A malfunctioning NIC on the server

Question 38

What is the MOST likely consequence of a switch exceeding its PoE power budget? A) Some connected devices may stop receiving power B) The switch will shut down to prevent overheating C) All ports on the switch will enter an error-disabled state D) The network performance will degrade due to power limitations

Answer 38

A) Some connected devices may stop receiving power

Question 39

During network troubleshooting, an engineer notices that a port on one of the switches is neither forwarding traffic nor participating in the network. The port is not administratively down. What is the MOST likely role of this port in STP? A) Blocking port B) Root port C) Designated port D) Alternate port

Answer 39

A) Blocking port

Question 40

Which of the following is MOST likely to cause a routing table to incorrectly direct traffic? A) A mismatched VLAN assignment B) A missing or misconfigured default route C) Incorrect subnet mask configuration on end devices D) A duplex mismatch on a network interface

Answer 40

B) A missing or misconfigured default route

Question 41

A user reports that they cannot access external websites, but they can still connect to internal company resources. After verifying that the user's IP address is correct, what should the network administrator check next to resolve the issue? A) Verify that the default gateway on the user's device is correctly configured B) Ensure that the DNS server addresses are correctly assigned C) Check the user's firewall settings for blocked ports D) Confirm that the user's device is not set to a static IP address

Answer 41

A) Verify that the default gateway on the user's device is correctly configured

Question 42

Which of the following is the MOST common symptom of an incorrect subnet mask on a client device? A) The device can communicate with some devices on the local network but not others B) The device is unable to obtain an IP address from the DHCP server C) The device experiences slow data transfer rates across the network D) The device cannot connect to the default gateway

Answer 42

A) The device can communicate with some devices on the local network but not others

Question 42

A network experiencing slow performance has several high-bandwidth applications running simultaneously. However, an analysis reveals that one application is consuming an unusually large amount of bandwidth, causing contention. What should the network administrator investigate FIRST to resolve this issue? A) The application’s configuration and its impact on network traffic B) The priority assigned to this application in the QoS settings C) The possibility of a hardware fault in the switches or routers D) The physical cabling between the server hosting the application and the switch

Answer 42

A) The application’s configuration and its impact on network traffic

Question 43

A network administrator is investigating a significant drop in throughput on a critical network link. Initial checks reveal that the link is operational, but the throughput is far below expected levels. What should the administrator check FIRST? A) Verify the speed and duplex settings on both ends of the link B) Analyze the routing table for possible misconfigurations C) Ensure that the link is not being affected by external electromagnetic interference D) Test the network link with a different cable to rule out cable issues

Answer 43

A) Verify the speed and duplex settings on both ends of the link

Question 44

A network administrator notices intermittent packet loss across several network segments. After ruling out issues with cables and devices, which of the following is the MOST likely cause? A) Network congestion during peak hours B) Interference from nearby wireless networks C) Misconfigured QoS policies D) Insufficient cooling in the server room

Answer 44

A) Network congestion during peak hours

Question 45

What is one of the BEST practices when using a protocol analyzer for network troubleshooting? A) Always run the protocol analyzer on the core network switch B) Capture traffic during peak usage times C) Analyze traffic only on secured wireless networks D) Filter the captured data to focus on relevant protocols

Answer 45

D) Filter the captured data to focus on relevant protocols

Question 46

What is one of the BEST practices when using Nmap for network discovery? A) Running Nmap scans without specifying a target range B) Limiting the scope of the scan to specific IP ranges or subnets C) Disabling service detection to speed up the scan D) Scanning the network during business hours to ensure all devices are active

Answer 46

B) Limiting the scope of the scan to specific IP ranges or subnets

Question 47

A network administrator is configuring static IP addresses for critical devices in a network. The administrator wants to prevent address conflicts with dynamically assigned IP addresses from the DHCP server. What is the BEST approach to achieve this? A) Assign static IP addresses within the DHCP pool range B) Exclude the static IP addresses from the DHCP pool range C) Increase the lease time for dynamic IP addresses D) Configure DNS to resolve static IP addresses

Answer 47

B) Exclude the static IP addresses from the DHCP pool range