CompTIA Network+ (Test2)
Which of the following blocks IP packets using any port other than the ones prescribed by the system administrator?
1. Encryption 2. Hiding IP addresses 3. Port filtering 4. Packet filtering Answer: 3. Port filtering Explanation Correct Answer:Port filtering enables an administrator to allow only certain ports to be used, and block all other ports. Incorrect Answers:Hiding IP addresses is done through Network Address Translation (NAT).Packet filtering enables administrators to filter packets by IP addresses.Encryption only makes data unreadable to others except for the recipient of the data.
The OSI model has ____ layers and the TCP/IP model has ____ layers.
1. 4 and 4 2. 7 and 7 3. 7 and 4 4. 4 and 7 Answer: 3. 7 and 4 Explanation The OSI model has 7 layers and the TCP/IP model has 4 layers.All other choices do not describe the correct number of layers for both the OSI model and the TCP/IP model.
Which of the following are items found in a security policies document? (Choose two.)
1. Absence procedures 2. Acceptable use 3. Employee work hours 4. Network use Answer: 2. Acceptable use 4. Network use Explanation Acceptable use policies and network use policies are specified in the security policies documents.Employee work hours and absence procedures are found in other documents but not in security policies.
A private network has which of the following traits?
1. Its IP addresses are exposed to the Internet 2. Its IP addresses must be assigned by IANA 3. It uses only static IP addresses 4. Its IP addresses are not exposed to the Internet Answer: 4. Its IP addresses are not exposed to the Internet Explanation Correct Answer:A private network's IP address is not exposed to the Internet, and as a result, is not assigned by any organization.Incorrect Answers:All other answers are characteristics of private networks.
SIEM is comprised of which primary elements? (Choose two.)
1. Analysis 2. Reporting 3. Aggregation 4. Correlation Answer: 3. Aggregation 4. Correlation Explanation Aggregation and correlation are the two primary components of security information and event management (SIEM).Analysis and reporting are components of correlation.
Which of the following is not a core tenet of securing IP networks?
1. Availability 2. Confidentiality 3. Integrity 4. Performance Answer: 4. Performance Explanation Performance is important to IP networks but is not a core tenet of securing the network.The "CIA" of security is comprised of confidentiality, integrity, and availability.
Here are three IP addresses: 216.53.12.11, 130.222.255.170, 223.255.6.88. What class of addresses are each one (in order)?
1. B,A,C 2. A,C,A 3. C,A,B 4. C,B,C Answer: 4. C,B,C Explanation C, B, C is correct.The first octet of a Class A address goes from 1 to 126. The first octet of a Class B address goes from 128 to 191. The first octet of a Class C address goes from 192 to 223.
A switch port can BEST be described by which of the following terms?
1. Broadcast domain 2. Link state 3. Collision domain 4. Distance vector Answer: 3. Collision domain Explanation Correct Answer:Collision domain - Switched networks reduced collision domains to just at the individual ports.Incorrect Answers:Broadcast domains are no different on switches than hubs. Distance vector and link state are routing terms.
A Fox and Hound are also known as what?
1. Continuity tester 2. A tone generator and a tone probe 3. Wiremap 4. Time Domain Reflectometer (TDR) Answer: 2. A tone generator and a tone probe Explanation Fox and Hound are Triplett trademarks for equipment that are generically termed tone generators and tone probes. They are also commonly called toners.Time Domain Reflectometer (TDR), wiremap and continuity tester are all cable testing tools but they do not use a tone generator and probe to perform their tests.
Which statements are true of DNS? (Choose three.)
1. DNS is used to organize resources 2. DNS uses recursive queries to find domain names and IP addresses 3. DNS maps names to IP addresses 4. DNS uses ARp to map names to MAC addresses Answer: 1. DNS is used to organize resources 2. DNS uses recursive queries to find domain names and IP addresses 3. DNS maps names to IP addresses Explanation DNS organizes resources into a tree-like structure, then uses recursive queries to find and map friendly names to IP addresses.DNS and ARP are different protocols; DNS maps friendly names to IP addresses, ARP maps IP addresses to MAC addresses.
Which of the following is not a security task that should be performed on a new WAP?
1. Enable encryption 2. Change administrator account and password 3. Enable backward compatibility 4. Disable SSID broadcast Answer: 3. Enable backward compatibility Explanation Enabling backward compatibility allows hosts with less secure encryption and/or slower connection speeds to connect to the WAP. We all know that disabling SSID broadcast does not represent a strong security step but CompTIA expects us to know that it does provide a little bit of security. Changing admin name and password and enabling encryption are valuable security enhancements to a WAP.
Which of the following is a UTP wiring standard?
1. IEEE 802.3 2. TIA 568B 3. TIA A568 4. 10BaseT runs at 10 megabits per second Answer: 2. TIA 568B Explanation TIA 568B is the predominant network wiring standard.All of the other choices are not wiring standards.
The primary command-line tool to troubleshoot Windows naming issues is what?
1. Ipconfig 2. Net 3. Nbstat 4. Netstat Answer:3. Nbstat Explanation Nbtstat provides information about the netbios naming service that runs in some Windows-based computers.The other choices do not primarily focus on Windows name resolution information.
A website just changed its IP address and a user is unable to reach it by typing the site's domain name into their browser. What command can the user run to make the computer learn the website's new IP address?
1. Ipconfig /dnsupdate 2. Ipconfig /updatednscache 3. Ipconfig /all 4. Ipconfig /flushdns Answer: 4. Ipconfig /flushdns Explanation Ipconfig /flushdns will clear the DNS cache and force the computer to perform a fresh DNS lookup to get the current IP address of a domain name host.Ipconfig /all displays most if the TCP/IP settins within a host but makes no changes. /updatednscache and /dnsupdate are invalid Ipconfig switches.
Where does a computer get the MAC address?
1. It is built into the network interface card 2. It is generated by the frame 3. The MAC address is another term for the IP address 4. The receiving computer applies a MAC address to each inbound frame Answer: 1. It is built into the network interface card Explanation A unique MAC address is built into every network interface card.A frame does not generate a MAC address but it does contain a source and destination MAC address. The MAC and IP addresses are different types of addresses. The receiving computer reads the MAC addresses that are contained within inbound frames, it does not add anything to received frames.
What is a subnet mask used for?
1. It is used by servers to resolve Domain names to IP addresses 2. It is used by switches to determine correct routes 3. It is used by hosts to determine NetBIOS names 4. It is used by hosts to determine whether addresses are local or remote Answer: 4. It is used by hosts to determine whether addresses are local or remote Explanation Correct Answer:One of the main purposes of a subnet mask is to determine if the recipient address in a packet is local or remote. Once determined, the host can then decide if the packet should remain local, or should be forwarded to a remote network.Incorrect Answers:Switches use a MAC address table to determine the correct route of a packet, but only on a local network. DNS is used to resolve domain names to IP addresses. WINS will resolve the NetBIOS names to IP addresses.
Vicky is a network technician who has installed a new managed 10/100 Mbps switch on the LAN. The network has an old printer with a 10 Mbps NIC that will be connected to the new switch. Which of the following settings on the switch will need to be configured to support the printer?
1. MAC filtering 2. PoE 3. IP address 4. Port speed Answer: 4. Port speed Explanation Correct Answer:Port speed - Older printers often require the connected switch to adjust it's port speed manually.Incorrect Answers:MAC filtering is used to prevent connections. The IP address is set on the printer, not at the switch. PoE will not be used, as there is not enough PoE power to run a printer.
Dial-up connections require which piece of equipment?
1. Multi-speed switch 2. NIC 3. Cable modem 4. Modem Answer: 4. Modem Explanation Dial-up communication requires a modem to conver the computer digital signals into analog signals that can travel on a telephone line. It must also convert returned analog signals back to digital signals so they can be passed into the computer.Cable modems are used to connet to a cable-company ISP. Dial-up connections use serial ports and/or modems to connect to the phone line, not a network interface card. Dial-up connections do not use a switch as part of their connection process.
Which of the following utilities can you use to confirm connectivity to another TCP/IP host?
1. Netstat 2. Ping 3. ARP 4. Nbstat Answer: 2. Ping Explanation Correct Answer:Ping is a TCP/IP protocol that is used to test connectivity between two TCP/IP hosts. Incorrect Answers:ARP resolves IP addresses to MAC addresses.Nbstat is a command that displays the contents of the NetBIOS name cache.Netstat is a command that displays the current TCP/IP socket connections.
Which service does not automatically assign an IP address to a host?
1. Static 2. APIPA 3. DHCP 4. bootp Answer: 1. Static Explanation Static IP addressing sets a constant, unchanging IP address to a host. DHCP and bootp issue IP addresses to hosts - these addresses may expire or change over time. APIPA occurs when a hosts requests an assignment from a DHCP or bootp server but does not get a response, so the host gives itself an Automatic Private IP Address (APIPA).
Which networking technology used in LAN's is described as Fast Ethernet and uses two pairs of cabling for transmitting and receiving?
1. 100BaseTX 2. 100BaseT4 3. 100BaseT 4. 100BaseFX Answer: 1. 100BaseTX Explanation Correct Answer: 100BaseTX is Fast Ethernet which uses wire pairs 1 & 2 for sending and wire pairs 3 & 6 for receiving. Incorrect Answers:100BaseT4 is Fast Ethernet, but it uses four pairs of wires to achieve transmission.100BaseFX is Fast Ethernet, but it uses 1 pair of fiber-optic cabling to send and receive.1000BaseT is not Fast Ethernet (it has no cool buzz word). It also uses all 4 pairs of wires.
Which TCP ports are commonly used by e-mail clients and servers? (Choose three.)
1. 143 2. 25 3. 443 4. 110 Answer: 1. 143 2. 25 4. 110 Explanation Simple Mail Transfer Protocol (SMTP) uses port 25. Post Office Protocol (POP) uses port 110. Internet Message Access Protocol (IMAP) uses port 143. HTTPS uses port 443.
Which decimal number is represented by the binary number 1 0 1 1 0 1 1 0?
1. 176 2. 73 3. 182 4. 182.176.73.0 Answer: 3. 182 Explanation 1 0 1 1 0 1 1 0 has 1s in the 128, 32, 16, 4 and 2 position. Add those together to arrive at 182.176 decimal would be 1 1 1 0 0 0 0 0 in binary. 73 would be 0 1 0 0 1 0 0 1 - exactly the opposite of 1 0 1 1 0 1 1 0. To create four dotted decimal numbers, there would have to be 32 bits to work with.
If a host has the subnet mask 255.255.255.0, which might be the correct IP address?
1. 19.192.65.3 2. 199.192.65.3 3. 191.192.65.3 4. 224.192.65.3 Answer: 2. 199.192.65.3 Explanation Correct Answer:A subnet mask of 255.255.255.0 is the standard mask for Class C addresses that run from 192.0.0.0-223.255.255.0.Incorrect Answers:Answer A = class network. Answer B = class B, and answer c = class D networks.
You have a Class A network. What is your subnet mask?
1. 255.0.0.0 2. 255.255.0.0 3. 255.255.255.255 4. 255.255.255.0 Answer: 1. 255.0.0.0 Explanation Correct Answer:The subnet mask for Class A is 255.0.0.0, making the first octet of the IP Address the Network ID.Incorrect Answers:255.255.255.0 is Class C.255.255.0.0 is Class B.255.255.255.255 is not a valid subnet mask because it consists of all 1s.
If a host has the IP address 23.51.126.9, which default subnet mask would you use?
1. 255.0.0.0 2. 255.255.255.0 3. 255.255.255.255 4. 255.255.0.0 Answer: 1. 255.0.0.0 Explanation Correct Answer:Class A IP addresses, with a range of 1.x.x.x to 126.x.x.x, use a default subnet mask of 255.0.0.0.Incorrect Answers:255.255.0.0 = Class B255.255.255.0 = Class C255.255.255.255 = Broadcast
Which area does not require user training?
1. Acceptable use policies 2. Malware avoidance 3. Password policies 4. Social engineering 5. Recycle policies 6. System and workplace security Answer: 5. Recycle policies Explanation Recycle policies are important, but don't require a training class. They can be read and understood from a typical manual.User training is important to the organization and to employees in at least the following areas: acceptable use, password policies, social engineering, malware avoidance, and system/workplace security.
Which statement is true of a NAT router?
1. All hosts on the LAN side of a NAT router are assigned the same IP address as the public address in the router 2. NAT routers replace the source IP address with its own IP address 3. NAT routers allow public addresses to exist on the LAN side of the router 4. The NAT function is performed at the ISP facility Answer: 2. NAT routers replace the source IP address with its own IP address Explanation NAT routers replace the source IP address with its own IP address and then restore the original IP header when a response comes back so that the results can be sent to the originator. NAT routers have one public address on the WAN side of the router, all of the addresses on the LAN side of the router are private addresses. Hosts on the LAN side of the NAT router must be assigned a unique, private address. The NAT router is on the customer premises, not at the ISP site.
What challenges do VPNs overcome? (Choose three.)
1. Allow a host within a private network to connect to a host on the Internet that has a VPN client running. 2. Ensure that the data in the tunnel is secure 3. Connect remote networks across the Internet 4. Assign a private address to travel across the public Internet Answer: 2. Ensure that the data in the tunnel is secure 3. Connect remote networks across the Internet 4. Assign a private address to travel across the public Internet Explanation VPNs encapsulate endpoing private addresses within packets that have Internet public addresses. Most VPNs have the option to encrypt the tunnel. VPNs can easily support client-to-site or site-to-site connections.In order to connect to a host over a VPN, the host must have a VPN server or concentrator.
An 802.11g wireless access point has the following configuration:- AP encryption forced to WPA2-AES mode only- MAC address filtering enabled with the following MAC address in the allow list: 00-a1-29-da-d3-4aWhich is true about the above configuration?
1. Any 802.11g compatible client can connect to the wireless network if the ecryption key is known by the client. 2. Any 802.11b/g compatible client can connect to the wireless network if they support TKIP, the MAC address is 00-a1-29-da-d3-4a, and the encryption key is known by the client. 3. An 802.11n compatible client can connect to the wireless network only if its MAC address is 00-a1-29-da-d3-4a and the encryption key is known by the client. 4. An 802.11a compatible client can connect to the wireless network only if its MAC address is 00-a1-29-da-d3-4a and the encryption key is known by the client. Answer: 3. An 802.11n compatible client can connect to the wireless network only if its MAC address is 00-a1-29-da-d3-4a and the encryption key is known by the client. Explanation Correct Answer:An 802.11n-compatible client can connect to a wireless network only if its MAC address is 00-ab-29-da-c3-40 and the encryption key is known by the client. - 802.11n is backwards-compatible with 802.11g networks.Incorrect Answers: TKIP is not the same as AES, so it would not work. Because MAC filtering is enabled, the client's NIC must have the right MAC address. 802.11a and 802.11g aren't compatible with one another.
Which of the choices is not a step to perform a man-in-the-middle attack?
1. Configure the attack machine to spoof the two communicators 2. Insert an attack machine between the communicators 3. Typosquat the DNS 4. Capture/manipultae MIM data Answer: 3. Typosquat the DNS Explanation Typosquat the DNS is an invalid mix of two man-in-the-middle types of attacks. Typosquatting is to simply create an Internet resource, such as a website, that is a mis-spelling of a "real" website. DNS poisoning is a method to redirect calls to legitimate resources to go to malicious sites.Performing a man-in-the-middle attack involves an attacker going "between" two hosts, spoofing so the two hosts believe they are talking with each other, then capturing or manipulating the data passing between them.
Network technician Jan is assigned to install a wireless router in a company's public common area. The company wants visitors to the company to be able to connect to the wireless network with minimal security, but they should not be able to connect to the private internal network. Which of the following firewall rules would BEST accomplish this?
1. Block traffic from the wireless access point 2. Packet filtering on the wireless access point 3. Allow traffic from the wireless access point 4. Content filtering on the wireless access point Answer: 2. Packet filtering on the wireless access point Explanation Correct Answer:Packet filtering on the wireless access point. - Packet filtering on the WAP can enable inbound and outbound traffic to the Internet, but it can block traffic to and from the internal network.Incorrect Answers:Content filtering prevents access to sites based on keywords on the site. Allowing wireless traffic just enables use of the WAP. Blocking traffic from wireless access point may be right or wrong, depending on the location of the "blockage." In any case, it's not the best answer.
What does QoS provide?
1. Blocking of specified traffic types 2. Higher performance of selected traffic 3. Redirection of low priority traffic to slower router interfaces 4. Prioritized throughput of different traffic types Answer: 4. Prioritized throughput of different traffic types Explanation QoS enables the prioritization of different traffic types with bandwidth approaches a connection's maximum capacity. QoS does not increase the speed of data flow. QoS is not a firewall - it reduces the bandwidth of some traffic type(s) when total traffic load is high. QoS do not perform traffic redirection.
Your company has just experienced an attack that caused the Web site www.yourwebsite.com to go down. What term BEST describes this?
1. Bluesnarfing 2. Man in the Middle 3. DoSattack 4. War driving Answer: 3. DoSattack Explanation Correct Answer:Your company has just experienced a Denial of Service (DoS) attack on your Web site. You will have intermittent to no access.Incorrect Answers:A man in the middle attack is a scenario where an attacker eavesdrops on two unsuspecting hosts that are attempting to transfer data between each other. The entire conversation will be controlled by the attacker.War driving is where you drive around looking for Wi-Fi signals.Bluesnarfing is intruding on a Bluetooth device and copying its data, most likely contact information and any other sensitive data.
Which of the following is not a mobile deployment option?
1. COPE 2. BYOB 3. BYOD 4. COBO Answer: 2. BYOB Explanation BYOB is not a mobile deployment option, although it may lead to some interesting after work events.Corporate Owned, Business Only (COBO) is owned and managed by an organization's IT department and by policy and technology is not available for personal use. Corporate Owned, Personally Enabled (COPE) is a corporate issued device that uses corporate specified apps but also allows for personally installed apps and personal usage. Bring Your Own Device (BYOD) lets users procure their own mobile device, install their chosen apps and use it for personal purposes - users must also install corporate specified apps on their device and are responsible for keeping the device and information secure.
Which media access method does 802.11 use?
1. CSU/DSU 2. CSMA/CA 3. CSMA/CD 4. CIDR Answer: 2. CSMA/CA Explanation Correct Answer:802.11 uses CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) because there is no way to detect collisions in the world of wireless.Incorrect Answers:Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is the essence of wired Ethernet. It, however, can not be used in the world of wireless.A Channel Service Unit/ Data Service Unit (CSU/DSU) is the device used to connect a T1 line to a router.Classless Inter-Domain Routing (CIDR) is the method of allocating IP addresses to devices on a network. This term is associated with subnetting.
A tech has just installed a new SOHO router for a client. Which security task should the tech perform first?
1. Change the administrator name and password 2. Disable port porwarding 3. Enable MAC address clonging 4. Disable the DHCP server Answer: 1. Change the administrator name and password Explanation The default admin name and password of all makes and models are well known. It is critical to change these right away to prevent the router from being hacked.Disabling port forwarding may be a good practice but if a port forward has not been set up, it is not a security threat. Disabling the DHCP server will prevent hosts that don't have static addresses from receiving a useable IP address. Enabling or disabling MAC cloning is more of a configuration issue than a security measure.
You are attempting to troubleshoot an issue between two computers that are both connected to a Layer 2 unmanaged switch. Of the following, which is the BEST way to find out if the switch is the problem?
1. Check to make sure that 802.1d is enabled on the switch 2. Access the switches configuration screen and set up a log file 3. Attach a loopback plug to the switch and monitor the traffic 4. Connect both of the PC's together with a crossover cable. Answer: 4. Connect both of the PC's together with a crossover cable. Explanation Correct Answer:Get a crossover cable. By taking the switch out of the equation, you will find out if the problem is with the PCs or the switch.Incorrect Answers:You are dealing with an unmanaged switch. There will be no log files to work with on this one.802.1d is the IEEE name for Spanning Tree Protocol (STP) and is used to prevent switching loops, not for finding problems between two PCs.Attaching a loopback plug to a switch will only waste a perfectly good port on your switch. You can't monitor traffic with it.
Before an Ethernet NIC may transmit data onto a medium, it must check to see if another NIC is transmitting data. What is this checking process called?
1. Collision avoidance 2. Carrier sense 3. Collision detection 4. Multiple access Answer: 2. Carrier sense Explanation Correct Answer:Carrier sense, also known as carrier detect, is the test that a NIC performs prior to transmitting on a network medium.Incorrect Answers:Multiple access means that when the station transmits, all stations on the segment will hear the transmission.Collision detection means that a station sending data can tell when another station transmits at the same time.Collision avoidance is the technique used by a network interface to recover from or prevent a collision.
Which of the following is not a common network problem?
1. Connecting switches in a tree structure 2. Loops 3. Initialization vector attack 4. Replay attack Answer: 1. Connecting switches in a tree structure Explanation Connecting switches in a tree structure is common (and as such, not a problem) when networks are larger and more spread out into clusters.Wiring loops (between switches or between routers), replay attacks and IV attacks are all network threats and problems.
When the loss of a piece of equipment or link can bring down an entire process, workflow or even the whole organization, that lost element is called what?
1. Critical asset 2. Redundant link 3. Critical node 4. Single point of failure Answer: 4. Single point of failure Explanation Correct Answer:A single point of failure may be a server, link, program, or something else. Any individual element that fails and results in loss of functionality of an organizational component constitutes a single point of failure.Incorrect Answers:A redundant link is the opposite of a single point of failure. Redundant links and other redundant components are key to avoiding single points of failure.A critical node is a specific type of critical asset that is unique to the IT environment. Critical nodes include components such as servers, routers, mission critical workstations, printers, etc.A critical asset is a resource within an organization without which the organization cannot function. While a critical asset may be a single point of failure, not all single points of failure are critical assets.
What is the primary purpose of netstat?
1. Displays all connections to and from a host computer 2. Captures frames and packets for later review 3. Shows your computer's connection(s) to any web server(s) 4. Graphical utility that charts amount of network data entering and leaving a host Answer: 1. Displays all connections to and from a host computer Explanation Netstat is a command line utility that shows a computer's network connections. Netstat does not capture data. Netstat shows connections to web servers but it shows much more. Netstat is not graphical and does not tally inbound or outbound data.
Which symptom is not a result of an IP addressing problem?
1. Duplicate MAC addresses 2. Incorrect gateway 3. Static IP address 4. Duplicate IP address Answer: 3. Static IP address Explanation There is nothing wrong with assigning static IP addresses so long as the rules of assigning addresses are followed.Duplicate IP addresses and duplicate MAC addresses can cause one or both hosts with the duplicated address to lose communication. Configuring a host to refer to the wrong gateway will result in no connection beyond the local area network (LAN).
Which selections represent authentication services? (Choose two.)
1. EAP 2. TKIP 3. AES 4. Kerberos Answer: 1. EAP 4. Kerberos Explanation Kerberos and Extensible Authentication Protocol (EAP) both provide authentication services. Kerberos is geared toward wired environments while EAP is better suited to wireless setups. AES and TKIP are encryption methods that do not directy provide authentication services.
Which statement is not true of IPv6 addresses?
1. EUI-64 can be traced back to the source computer 2. IPv4 and IPv6 are automatically translated back and forth as required 3. Outbound IPv6 addresses are randomized by the operating system 4. There are no private IPv6 addresses Answer: 2. IPv4 and IPv6 are automatically translated back and forth as required Explanation IPv4 and IPv6 are not automatically translated back and forth.Windows and other operating systems randomize outbound IPv6 traffic to improve privacy. EUI-64 addressing can be traced back to the source computer. All IPv6 addresses (except for link local addresses) are global addresses - equivalent to public IPv4 addresses.
What are typical ways of proactively communicating SNMP alerts? (Select two.)
1. Email 2. Fax 3. Voicemail 4. SMS Answer: 1. Email 4. SMS Explanation Correct Answers: SMS text messages are a common way that alerts are sent.Email messages are a common way that alerts are sent.Incorrect Answers:SNMP alerts aren’t commonly sent by fax.SNMP alerts aren’t commonly sent by voicemail.
Ping uses which IP layer protocol?
1. FTP 2. ARP 3. ICMP 4. RIP Answer: 3. ICMP Explanation Ping uses ICMP.Address Resolution Protocol (ARP) maps IP addresses to MAC addresses. RIP is a dynamic, distance vector routing protocol. FTP is the File Transfer Protocol and has nothing to do with Ping.
Of the following choices, what is the MOST likely cause that a user is unable to access a network through the wireless access point?
1. Faulty crossover cable 2. Incorrect WEP key 3. A short in the cable pairs 4. TXRX is reversed Answer: 2. Incorrect WEP key Explanation Correct Answer: Incorrect WEP key - Having the wrong key will keep you out of the network. Incorrect Answers: Not too many crossover cables are used in Wi-Fi, and I'm not sure how you could reverse transmit and receive on a wireless card. Cable pairs aren't used in wireless networking.
Which of the following is not a normal Windows log?
1. Forwarded events 2. Security policies 3. System 4. Setup 5. Application 6. Network Answer: 6. Network Explanation Windows does not log network events.The application log notes events around launching, using and closing applications. The security log tracks events related to logging in, password changes, and the like. The setup log tracks events regarding the Windows installation and updates. The System log tracks events related to the Windows bootup process. The forwarded events logs receives logged events from other Windows computers.
Which of the following is a not an element of a route metric?
1. Hop distance 2. MTU 3. Cost 4. Bandwidth Answer: 1. Hop distance Explanation The physical distance between to routers is not considered when defining a metric.Maximum Transfer Unit (MTU) size, cost and bandwith are all metric considerations (not listed but worthy of note are hop count and latency, which are also metric considerations).
Which of the following are typically found in an MDF equipment room? (Choose three.)
1. IDF 2. Rack 3. Patch Panel(s) 4. Switch(es) Answer: 2. Rack 3. Patch Panel(s) 4. Switch(es) Explanation Racks, switches and patch panels are commonly found in MDF equipment rooms.IDFs are generally found in their own equipment room, not in the MDF equipment room.
A technician has just been hired by a company. What type of documentation should she expect to encounter? (Choose three.)
1. IDF/MDF diagrams 2. Wiring diagram 3. Inventory 4. SLA Answer: 1. IDF/MDF diagrams 2. Wiring diagram 3. Inventory Explanation Networks should have their inventory tracked and controlled. For maintaining and updating networks, wiring diagrams, IDF and MDF diagrams are very important.Service Level Agreements (SLAs) are business documents, not network documents.
Documenting a "find" after a war driving excursion is known as what?
1. Updating 2. Blogging 3. War chalking 4. War marking Answer: 3. War chalking Explanation War chalking is the term that describes marking the details of a vulnerable wi-fi network on or near the premises of the network.War marking is not a specific term in the realm of Wi-Fi security. Blogging and update are not terms that describe documenting vulnerable Wi-Fi networks.
Which statement is true of inter-VLAN routing?
1. Inter-VLAN routing encrypts and decrypts traffic between VLANs 2. InterVLAN routing calls for connecting each VLAN to a port on a router so that data can pass between the VLANs 3. Inter-VLAN routing is implemented within switches to enable communication between VLANs 4. Inter-VLAN routing enables remote VLANs to connect over a public network, such as the internet. Answer: 3. Inter-VLAN routing is implemented within switches to enable communication between VLANs Explanation Inter-VLAN routing is implemented within switches to enable communication between VLANs.Because of Inter-VLAN routing, external routers are not required to connect VLANs. VLANs do not natively encrypt or decrypt traffic. VPNs, not VLANs, enable remote networks to connect over a public network.
The boss has just read an article about zero-day attacks and rushes into your office in a panic, demanding to know what you'll do to save the company network. What security technique would best protect against such attacks?
1. Keep antivirus definitions updated 2. Implement effective security policies 3. Implement user awareness training 4. Use aggressive patch management Answer: 2. Implement effective security policies Explanation Correct Answer:The best defense against zero-day attacks is to implement effective security policies. Because a zero-day attack exploits previously unknown software vulnerabilities, updating virus definitions and keeping your software patched wouldn't help at all. By definition, there's no patch out yet for the zero-day exploit! User awareness will help, because many zero-day attacks come through users accessing dodgy Web sites, but a good security policy that includes properly implemented firewalls and restrictions on access to those sites offers the best protection.
A network tech, must to connect a computer in a heavy industrial environment. The computer is located 260 meters (853 feet) away from the IDF. Which LAN technology would be the BEST choice?
1. MPLS 2. Coaxial 3. 10GbaseT 4. 100BaseFX Answer: 4. 100BaseFX Explanation Correct Answer:100BaseFX - Remember, the "F" stands for fiber, and in this case, 100Base FX is capable of reaching the 250 meter requirement.Incorrect Answers:10GBaseT is twisted pair, coaxial is even shorter than UTP, and MPLS is not a type of LAN technology.
A technician has been tasked with planning for equipment failures. Which specs will the technician not need to review in order to create a failure plan?
1. MTTF 2. MTTR 3. MTBF 4. SLA Answer: 4. SLA Explanation Service Level Agreement (SLA) is a document that describes the job of a service provider to deal with issues like equipment or service failures.Mean Time To Repair (MTTR), Mean Time To Failure (MTTF) and Mean Time Between Failures (MTBF) are all specifications that should be known in planning for inevitable future failures.
What Windows utility enables you to query information from the DNS server and change how your system uses DNS?
1. Nbstat 2. Tracert 3. Arp 4. Nslookup Answer: 4. Nslookup Explanation Correct Answer: Nslookup is a handy, but rather complex utility that runs from the command line and is used to both query various information from a DNS server and change how your system uses DNS. Incorrect Answers:The Arp command displays the contents of the ARP cache on the local machine. Nbtstat will display the contents of the NetBIOS names cache. Tracert will trace and display the path taken by a packet to the destination host.
I can't see your machine (Woobie) on the network, but you insist that your machine is up. Which of the following commands might I try to test my connection with your machine?
1. Nbstat Woobie 2. Netstat Woobie 3. SMTP Woobie 4. Ping Woobie Answer: 4. Ping Woobie Explanation Correct Answer:I can use the ping utility to test the connection to Woobie. If your machine responds to the PING, then I know my machine can access your machine over the network.Incorrect Answers:Netstat displays the current socket connects on the local machine.Nbstat displays the contents of the NetBIOS names cache on the local machine.The SMTP protocol handles outgoing e-mail.
Troubleshooting networks add which elements to the general troubleshooting model? (Choose three.)
1. Network model divide-and-conquer approach 2. Network model top-to-bottom approach 3. Network model outsides-to-insides approach 4. Network model bottom-to-top approach Answer: 1. Network model divide-and-conquer approach 2. Network model top-to-bottom approach 4. Network model bottom-to-top approach Explanation Troubleshooting from the outsides to the insides of a network model would be poor troubleshooting, plus there is no such approach.Using the network model as a starting place to troubleshoot network issues is an effective approach and can be performed using a top-to-bottom, bottom-to-top or most likely layer to least likely layer (divide-and-conquer) methodology.
An office would like to set up an unsecured wireless network for their customers in their lounge area. Customers should be allowed to access the Internet, but should not have access to the office's internal network resources. Which firewall configuration can accomplish this?
1. Packet filtering 2. Port security 3. NAT 4. Stateful inspection Answer: 1. Packet filtering Explanation Correct Answer:Packet filtering - Among other things, packet filtering controls access to IP-addressed devices.Incorrect Answers:NAT enables private IP addressed devices to access the public Internet. Stateful inspection confirms the integrity of connections. Port security controls the types of activities that stations engage in.
Which statement is true of IPS and IDS systems?
1. Passive IDS is the same as IPS 2. IPS detects then attempts to defend against a threat 3. Passive IPS is the same as IDS 4. IPS responds to threats with a notification to specified staff Answer: 2. IPS detects then attempts to defend against a threat Explanation Intrusion Prevention System (IPS) identifies a threat and attempts to prevent it.Passive Intrusion Detection System (IDS) is an old term that means IDS. IPS does not monitor and issue notifications - IPS actively detects and performs its own action to prevent a detected threat. There is not such term as Passive IPS.
Which choice is not a typical Wi-Fi problem?
1. WPS failure 2. WAP configuration has changed 3. Interference 4. Wrong WAP password Answer: 1. WPS failure Explanation WPS failure is a very uncommon problme in Wi-Fi networks.Wrong WAP password, interference, and changed WAP configuration are typical reasons that stations cannot connect to or through a WAP.
If nobody on your network is able to reach any Web sites using the domain names, what command utility would be good to use to determine the problem?
1. Ping 2. Nbstat 3. Telnet 4. Nslookup Answer: 1. Ping Explanation Correct Answer:If no one on the network is able to reach any websites using the host names, try to PING various websites using host names and IP addresses. If you can successfully PING the IP addresses but not the host names, the problem most likely lies with DNS. If you cannot PING either host names or IP addresses, the problem may lie somewhere else on your network, such as the gateway.Incorrect Answers: NBSTAT is used only for WINs networks, NSLOOKUP is used to determine DNS servers for other websites, and Telnet is an application for controlling remote systems.
Stan tells you that he cannot get on the network. You know the link light on the NIC is green and you know the cable is good. He seems to be the only one on the network having this problem. What command line utility and address do you use to run an internal test?
1. Ping the loopback address 2. Ping the broadcast address 3. Ping the IP address 4. Ping the subnet mask address Answer: 1. Ping the loopback address Explanation Correct Answer:Don't let the link light and good cable fool you. The NIC could still be bad. Pinging the loopback address (127.0.0.1) runs an internal test to verify that the NIC and TCP/IP is working.Incorrect Answers:Pinging anything else wont tell you if you NIC is working correctly.
A network tech suspects a wiring issue in a work area. Which element does she not need to check?
1. Ping the workstation NIC with a loopback plug installed 2. Ensure that the connection from the router to the ISP is good. 3. Confirm network settings in the operating system 4. Verify link lights at the workstation and the switch port Answer: 2. Ensure that the connection from the router to the ISP is good. Explanation The connection from the router to the ISP does not exist in the work area. It is found in the equipment room.Verifying link lights, workstation configuration and NIC function of the computer in the work area are all valid things to check for a possible failure of structured cabling in the work area.
Which protocol is connectionless?
1. Port number 2. TCP 3. Well-known port 4. UDP Answer: 4. UDP Explanation UDP is connectionless - it does not verify receipt of data.TCP is connection oriented - receivers acknowledge receipt of data. Port numbers do not refer to a transport layer data delivery protocol. Well-known ports are the first 1024 TCP and UDP ports but are not transport layer delivery protocols.
What does posture assessment do?
1. Posture assessment is performed by a chiropractor after user reports computer-oriented workplace injury 2. Posture assessment is a Cisco process that queries a host to see if it meets certain security criteria. 3. Poster assessment is an IT process that checks the biophysical layout of network resources such as chairs and keyboard locations to ensure maximum user wellness and productivity. 4. Posture assessment sends all hosts to a quarantine network until their security credentials can be established. Answer: 2. Posture assessment is a Cisco process that queries a host to see if it meets certain security criteria. Explanation Correct Answer:Posture assessment queries a host to identify minimum security requirements before allowing it to connect to the network.Incorrect Answers:Posture assessment has nothing to do with human posture.Posture assessment is unrelated to chiropractic practices.Posture assessment is not performed on humans, before or after an injury.
Which of the following are most likely critical nodes? (Choose two.)
1. RADIUS uses TCP port 1812 2. Server 3. Switch with the payroll VLAN 4. IP security camera 5. Front-end router Answer: 2. Server 5. Front-end router Explanation Critical nodes are IT department assets whose loss would stop the oganization from functioning until the loss is recovered. Servers and the router that connects the organization to the Internet are typically critical nodes.Failure of a security camera or a disconnection of the payroll department would not normally disrupt an entire organization from performing its job (unless it was a payroll company, of course...).
Which of the following is not a fire rating for network cables?
1. Riser 2. Plenum 3. PVC 4. CAT 6a Answer: 4. CAT 6a Explanation CAT 6A is not a fire rating, it is a performance specification. Riser and Plenum cable have basically the same fire ratings - they burn at very high temperatures and don't give off toxic fumes. While not strictly a fire rating, PVC is what most UTP and PVC jackets are made of. It burns at low temperatures and emits chlorinate gas when it burns.
What protocol would enable Jill, the administrator of the Bayland Widget Corporation's network, to monitor her routers remotely?
1. SNMP 2. NFS 3. DNS 4. FTP Answer: 1. SNMP Explanation Correct Answer:The Simple Network Management Protocol (SNMP) enables you to collect information from SNMP-capable devices. The protocol provides the capability to change things on remote devices, though the usual implementations seem a bit more passive
Which characteristic(s) make UTP and STP different from each other? (Choose two.)
1. STP has shielded but UTP does not 2. UTP costs more per foot than STP 3. UTP costs less per foot than STP 4. UTP supports all Ethernet speeds but STP only supports the slower speeds Answer: 1. STP has shielded but UTP does not 3. UTP costs less per foot than STP Explanation Shielded Twisted Pair (STP) has shielding to improve noise rejection compared to Unshielded Twisted Pair (UTP). Because of the shielding, STP is more expensive than UTP. Unshielded Twisted Pair (UTP) is less expensive than Shielded Twisted Pair (STP). Both UTP and STP support all common Ethernet speeds.
Which of the following would enable someone to capture user names and passwords on a network?
1. Sniffer 2. Honey Pot 3. DoS 4. Proxy Server Answer: 1. Sniffer Explanation Correct Answer:A sniffer would be the tool of choice here, analyzing network traffic and searching for any user names and passwords that went out in clear text.
Which field would not be found in an Ethernet frame?
1. Source MAC address 2. Etherytpe 3. Destination MAC address 4. Destination IP address Answer: 4. Destination IP address Explanation Source and destination IP addresses would be found in the IP packet, not in the Ethernet frame.Destination MAC, Source MAC and Ethertype fields are all found in the Ethernet frame.
Which characteristics impact the strength of passwords? (Select two)
1. Use of additional character space 2. Password length 3. Encryption strength 4. Authentication methods Answer: 1. Use of additional character space 2. Password length Explanation Password length and the use of additional character space are two important characteristics of password strength and complexity.Neither authentication methods nor encryption strength directly affects password strength.
Management wants to filter data that enters or leaves a specific port on a switch. Which network management tool can perform this filtering task?
1. Syslog server 2. Bandwidth analyzer 3. SNMP trap 4. Network sniffer Answer: 4. Network sniffer Explanation Correct Answer:Network sniffer - Network sniffers are used to capture and analyze data on a network.Incorrect Answers:An SNMP trap is used with SNMP devices and traffic. Syslog is used to analyze system performance, not networks.Bandwidth analyzers can tell you about the network's performance, but not about the data on the network.
George is unable to surf the Web. No matter what address he enters, he receives the message, "The page cannot be displayed." On George's system, you can ping 64.226.214.168, but when you ping www.totalsem.com, you receive the message "Server not found." What problem does this indicate?
1. The DNS server is not working correctly 2. The DHCP server is not working correctly 3. George's NIC is malfunctioning 4. George's cable is not connected to the network hub Answer: 1. The DNS server is not working correctly Explanation Correct Answer:Since you can ping using the IP address, but can't ping using the name, this would usually indicate a problem with the DNS server.Incorrect Answers:Since George can access the network, the NIC and the cable are obviously not the problem.Also, he has an IP address so we know that DHCP isn't the problem either.
Bob administers a 20-node Windows and Mac OS X network with one Linux server. This morning Bob is inundated with calls from users complaining they can't access the network. The server, which sits in an equipment rack four feet from his desk, also cannot access the network. No one's link light is working. He has made no administrative changes during the night. Where should look first?
1. The patch cable 2. The server 3. The switch 4. The patch panel Answer: 3. The switch Explanation Correct Answer:The switch is almost certainly turned off or broken. Incorrect Answers:Patch cable or patch panel problems would only probably affect only one system, or a very small group of systems. The server does not affect whether or not systems have a connection to the network so no need to check it.
Which of the following is not a characteristic of the BGP routing protocol?
1. The primary job of BGP is to route between ASes 2. OSPF is the primary routing protocol between ASes 3. BGP is broken up into divisions called Autonomous Systems (AS) 4. BGP is a hybrid of distance vector and link state routing protocls Answer: 2. OSPF is the primary routing protocol between ASes Explanation Border Gateway Protocol (BGP) uses OSPF (and other routing protocols) WITHIN autonomous systems but NOT BETWEEN different ASes.The other choices are all characteristics of BGP.
Which is true about using a straight-through or a crossover cable when connecting two switches together?
1. The switch will re-wire the cable termination so that it becomes a crossover cable 2. Straight-through cables cannot be used to connect modern switches together 3. Straight-through cables can be used to cnnect modern switches together but autosensing sets the switch port to half duplex, reducing performance by half. 4. Autosensing in the swtich will cause the switch port to re-wire itself into a crossover configuration Answer: 4. Autosensing in the swtich will cause the switch port to re-wire itself into a crossover configuration Explanation Autosensing in the switch will cause the switch port to re-wire into s crossover configuration.Straight-through cables can connect switches together. Switch ports work in full-duplex mode when connected together with either straight-through or crossover cables. A switch cannot rewire the terminating connector on a cable, only the internals of the port.
Identify two characteristics of logging and analysis utilities. (Select two.)
1. They can proactively generate alerts to a pager or email address 2. They can identify direction and strength of radio-frequency interference 3. They can analyze utilizatoin of network capacity, storage use, CPU load and other parameters. 4. They can present results in a graphical format. Answer: 3. They can analyze utilizatoin of network capacity, storage use, CPU load and other parameters. 4. They can present results in a graphical format. Explanation Correct Answers:Results can be shown in a pictorial presentation or in a variety of graphs for easy interpretation.Some loggers can show and analyze a variety of performance parameters including network traffic, storage use, CPU load, network errors, and more.Incorrect Answers:Wireless survey tools test for radio-frequency signals to generate heat maps.Typical logging programs collect and display their results. They usually need to be interpreted by a person. Other programs and protocols can send proactive alerts, but not most performance monitors.
What hardware tool is used to determine the length of a cable?
1. Toner Generator 2. Time Domain Reflectometer (TDR) 3. Continuity Tester 4. Tone Probe Answer: 2. Time Domain Reflectometer (TDR) Explanation Correct Answer:A Time Domain Reflectometer (TDR) is used to determine the length of a cable and can even tell you where a break in the cable is located. It operates by sending a signal down the cable and measuring the amount of time it takes to reflect back to calculate the cable length. Incorrect Answers:A continuity Tester only determines that there are no breaks in the cable. A tone probe and tone generator, collectively called a toner, are used to determine the location of cables.
Everyday at the office, we play Counter Strike Source over the Internet (only during lunch hour, of course). Today, however, there is a lot of lag in the action--our mutual connection is bogged down somewhere. What could I use in Windows to find out where the bottleneck is occurring?
1. Traceroute 2. Ping 3. Tracert 4. Arp Answer: 3. Tracert Explanation Correct Answer:In Windows, the Tracert command shows the path a packet takes from one host to another, including how long it takes for each hop. Incorrect Answers:Traceroute has the same function, but is only available in UNIX and Linux. Ping will only confirm that we are able to connect to the other systems, and the ARP command will only give us a list of the IP addresses that have recently been resolved to MAC addresses.
I need to find out what connections are currently open on my local machine. What utility might help me do that?
1. Tracert 2. Netstat 3. Nbstat 4. Ping Answer: 2. Netstat Explanation Correct Answer: Netstat displays all the current sockets-based connectio ns (IP and Port number) on the local machine.Incorrect Answers:Ping tests the connection between the local machine and another machine on the network. Tracert traces the path taken by a packet to a specific destination. Nbtstat displays the NetBIOS name resolutions currently in the NetBIOS name cache.
Which choice is not a category of malware?
1. Virus 2. Spyware 3. RAT 4. Adware 5. Trojan horse 6. Handsomeware Answer: 6. Handsomeware Explanation Handsomeware is not a real term (but ransomware is!).Viruses, adware, spyware, trojan horses and remotely activated trojans (RATs) are all examples of malware.
A chain-of-custody document includes what information? (Select three.)
1. What was taken into custody 2. To whom was evidence passed and when 3. What is/are name(s) of the accused 4. When was evidence taken into custody 5. What is/are the age(s) of the accused. Answer: 1. What was taken into custody 2. To whom was evidence passed and when 4. When was evidence taken into custody Explanation Correct Answers:Chain of custody is concerned with tracking evidence to avoid loss or tampering. It documents what evidence was taken into custody, when it was collected, and who was it passed on to.Incorrect Answers:Names and ages of someone accused are not part of the evidence being tracked in a chain of custody document.
Upon notification of a computer crime, a first responder performs which tasks? (Select three.)
1. Wipe any hard associated hard drives 2. Evaluate the severity of the situation 3. Collect information 4. Remove power from volatile memory (RAM) 5. Document finding Answer: 2. Evaluate the severity of the situation 3. Collect information 5. Document finding Explanation Correct Answers:First responders need to preserve evidence. They must evaluate the situation and take steps to prevent loss of evidence. To that end, they should evaluate the severity of the situation, collect information, and document their findings.Incorrect Answers:Wiping hard drives and powering off volatile RAM are steps to destroy data. That is the job of the criminal, not the first responder.
Casey is a new technician. He is monitoring network bandwidth and notes that the network is operating at 80% of capacity. Which of the following could be used to determine if this is abnormally high traffic use?
1. Wire schemes 2. Baseline 3. Network maps 4. Cable management documentation Answer: 2. Baseline Explanation Correct Answer:Baseline - A baseline is a document that provides an image of a network operating under normal conditions.Incorrect Answers:Network maps give layout and configuration information, cable management documentation show where cables and drops are, and wire schemes determine which colors are used at which pins.
You are the network administrator with 15 users on a network. None of them have been able to connect to the server for the last 30 minutes. You try pinging the workstations from the server, but you can't ping any of them or the loopback address, even after a reboot. Which of the following statements must be true?
1. You need to reboot the DHCP server 2. There is a problem with the server NIC 3. All users need to reboot their systems 4. You need to reboot the DNS server Answer: 2. There is a problem with the server NIC Explanation Correct Answer:The main factor in all of this is that the server cannot ping the loopback address. This means that the server's NIC is not functioning properly. As a result, the server will obviously not be able to ping the workstations.Incorrect Answers:Users have already re-booted, without a successful ping, DNS is useless, and DHCP deal's with assigning IP addresses.
In terms of network security, what is the purpose of hashing?
1.Hashes are used to verify data integrity 2. Hashing encrypts data 3. Hashing decrypts data that was encrypted by hashing 4. Hash is a great side dish with eggs Answer: 1.Hashes are used to verify data integrity Explanation Hashing verifies data integrity by generating unique a value for a given chunk of data.Hashing does not encrypt or decrypt data. Hash is an excellent side dish with eggs but this has no value when it comes to network security.