CompTIA Network+ (Test3)
Which of the following is the loopback IPv4 address?
1. 0.0.0.1 2. 127.0.0.1 3. ::1 4. 10.0.0.1 Answer: 2. 127.0.0.1 Explanation Correct Answer:The entire 127.x.x.x range of IP addresses is reserved as loopback addresses, however, 127.0.0.1 is the standard address used for that purpose.Incorrect Answers: ::1 is the loopback address for IPv6. 0.0.0.1 and 10.0.0.1 are not loopback addresses.
If a host has the subnet mask 255.255.0.0, which might be the correct IP address is using the standard class licenses?
1. 222.192.65.3 2. 199.192.65.3 3. 191.192.65.3 4. 19.192.65.3 Answer: 3. 191.192.65.3 Correct Answer:Class B addresses, with a default subnet mask of 255.255.0.0, run from 128.x.x.x to 191.x.x.x.Incorrect Answers:
Your supervisor tells you that he wants to install cable and NICs that will run full duplex. What does he mean by full duplex?
1. A device can send and receive data simultaneously 2. A device and send and receive data one at a time 3. A device can only receive data 4. A device can only sent data Answer: 1. A device can send and receive data simultaneously Explanation Correct Answer:A full duplex device can send and receive data simultaneously.Incorrect Answers:Devices that can only send data would be referred to as simplex.Devices that can only receive data would also be referred to as simplex.Devices that can send and receive, but only one at a time is known as half-duplex.
What does ARP stand for and what does it do?
1. Address Resolution Protocol revolves MAC addresses with IP addresses 2. Alternate Routing Protocol determines backup routes between MAC addresses 3. Advanced Routing Protocol determines routes between MAC addresses 4. Advanced Resolution Protocol resolves network names to IP addresses Answer: 1. Address Resolution Protocol revolves MAC addresses with IP addresses Explanation Address Resolution Protocol learns MAC addresses by listening to broadcasts and by broadcasting requests on the local network.None of the other choices correctly defines what ARP stands for. None of the other choices correctly describes what ARP does.
Which statements are true about access control? (Choose two.)
1. Authorization determines how much access a user has to a system 2. Authorization is granted to administrator accounts 3. Authentication requires two factors 4. Authentication governs who accesses a system Answer: 1. Authorization determines how much access a user has to a system 4. Authentication governs who accesses a system Explanation Access control calls for users to be authenticated by a system and, once granted access, governs what the user can do with the various resources within the system (authorization).Two-factor authentication is better than one factor authentication but it is not mandatory in all systems. All accounts, whether they are supervisor accounts or regular user accounts must be authorized to perform the tasks that their job calls for.
Which security techniques will prevent unauthorized connections through a WAP? (Choose two.)
1. Blacklist all approved WiFi MAC addresses 2. Whitelist all approved WiFi MAC addresses 3. Whitelist all WiFi MAC addresses 4. Blacklist the offender's WiFi MAC address Answer: 2. Whitelist all approved WiFi MAC addresses 4. Blacklist the offender's WiFi MAC address Explanation Whitelisting all approved MAC addresses will implicitly deny access to any host not in the white list. Blacklisting the offender's Wi-FI MAC address will prevent it from connecting through the WAP. Blacklisting all MAC addresses will prevent everyone from using the WAP including the offender and any approved users. Whitelisting all MAC addresses will allow any station to use the WAP.
What is the Cisco protocol to perform port bonding?
1. CARP 2. LACP 3. Inter-VLAN Routing 4. HSRP Answer: 2. LACP Explanation Link Aggregation Control Protocol is a Cisco protocol to bind multiple switch ports into a single, load-distributed channel. HSRP is the Hot Standby Router Protocol. Common Address Redundancy Protocol supports multiple hosts with the same IP address for the purpose of failover. Inter-VLAN routing is a switch protocol that allows VLANs to pass traffic to one another.
Which device helps you locate and identify cables?
1. Continuity tester 2. Protocol analyzer 3. Toner 4. TDR Answer: 3. Toner Explanation Correct Answer:Toners consist of a tone generator and a tone probe, which together help identify cables. The tone generator sends a tone through the cable, and the tone probe receives the tone allowing you to trace out the cable to the opposite end.Incorrect Answers:A TDR is used to determine the length of a cable.A continuity tester only verifies that a cable has no breaks in it.Protocol analyzers collect and analyze individual packets.
What is the job of DDNS?
1. DDNS tracks IP address changes of a local device and updates DNS to reflect those changes 2. DDNS rotates the IP address of a local device 3. DDNS allows a local device to randomly change its DNS name 4. DDNS prevents the IP address of a local device from being changed Answer: 1. DDNS tracks IP address changes of a local device and updates DNS to reflect those changes Explanation Dynamic Domain Name System (DDNS) tracks IP address changes of a local device and updates DNS to reflect those changes. The changes are propagated to a DDNS service which sends the changes to the appropriate DNS servers throughout the Internet.DDNS does not change a device's DNS name. DDNS does not prevent an IP address from being changed, nor does it change a device's IP address.
Marsha wants to place certain restrictions on communication between client computers and the main file server. Which of the following will enable her to accomplish her goal?
1. DHCP 2. DNS 3. NAT 4. ACL Answer: 4. ACL Explanation Correct Answer:An access control list (ACL) enables administrators to restrict communication between network devices.
Which of the following is not a network service problem?
1. Duplicate IP address in DHCP scope 2. Not enough IP addresses in the DHCP scope 3. Exclusions in the DHCP scope 4. Overlong DHCP lease periods Answer: 3. Exclusions in the DHCP scope Explanation It is perfectly acceptable to reserve (or exclude) IP addresses from the DHCP scope.The DHCP scope should not include any addresses that should be reserved or statically assigned to hosts. Running out of IP addresses from the DHCP scope can result in some hosts not receiving a DHCP address and using an alternate or APIPA address. Long lease time can cause a DHCP server to run out of IP addresses, even though many of the addresses that were handed out are no longer in use.
Sandy's computer has been intermittently having problems. Other computers on the network are not having any problems. You have determined that when the lights are off in Sandy's office, she can connect to the network, but when her lights are on, her connectivity is unreliable. What could be the problem?
1. Hub malfunction 2. Corrupt files 3. Voltage drop on power supply 4. Electrical interference in the cable Answer: 4. Electrical interference in the cable Explanation Correct Answer:Electro-magnetic Interference (EMI) from devices such as lights, fans, fax machines, etc., can create false signals within the cable causing a system, or sometimes even an entire network to go down. When using UTP, care should be taken to route cables away from such devices. Incorrect Answers: Since the problem only exists when the lights are on, the problem would not be corrupt files or voltage drops on the power supply. Also, if the hub malfunctioned, other systems on the hub would be affected.
Which command is used to display the current TCP/IP configuration on a UNIX or Linux system?
1. Ifconfig 2. Dig 3. Traceroute 4. Ipconfig Answer: 1. Ifconfig Explanation Correct Answer:The Ifconfig command is used in UNIX and Linux systems to display the current TCP/IP configuration. It can also be used to configure the TCP/IP settings of UNIX and Linux systems. Incorrect Answers:Ipconfig performs the same function on Windows systems.Dig is a Linux tool used to query and troubleshoot DNS issues.Traceroute is a Linux tool used to find latency issues between a source and destination host.
A company has added new offices in a space that is 370 feet (113 meters) away from the networking equipment. A technician has been assigned to run CAT6 cables to the new offices. The tech installs a 500-foot (152-meter) run of CAT6 cable. When testing the installation, the tech notes weak signals between the offices and the networking equipment. Which of the following would have been the BEST to install instead of the CAT6 cable?
1. Install three CAT6 cables with repeater 2. Install two CAT6 cables with a repeater 3. Install a 500-foot (152-meter) CAT5e cable 4. Install a 500-foot (152-meter) CAT5 cable Answer: 2. Install two CAT6 cables with a repeater Explanation Correct Answer:Install two CAT6 cables with a repeater - Cat 6, unlike almost all the other twisted pair cables, is limited to 55 meters for10 Gbps throughput, so two cables with a repeater will reach 107 meters without losing bandwidth. Even at 1 Gbps throughput, CAT6 is limited to 100 meters, so two cables and a repeater will solve the distance issue.Incorrect Answers:No need for 3 Cat6 cables, when 2 will do. Cat 5e (like Cat5) is limited to 100 meters.
Which of the following are true of web servers and browsers? (Choose three.)
1. Internet Explorer is customized by going to "Tools" then selecting "Options" 2. The browser call to request a web page is "GET" 3. Web servers operate on TCP port 80 4. HTTP Secure (HTTPS) runs on TCP port 143 Answer: 1. Internet Explorer is customized by going to "Tools" then selecting "Options" 2. The browser call to request a web page is "GET" 3. Web servers operate on TCP port 80 Answer: Explanation HTTPS uses TCP port 443, not 143 (IMAP uses port 143). All of the other choices are true about web servers and browsers.
An organization has an ever-expanding array of network devices. They have determined it is too time-consuming to log into each device to collect error information. Network administrator Geraldine says that she can set up a server that will capture errors from each device automatically. Which of the following technologies would BEST fit this requirement?
1. Network Sniffer 2. IPSec 3. Syslog 4. RADIUS Answer: 3. Syslog Explanation Correct Answer:Syslog - This is a multiplatform error collection service that collects network errors on a computer.Incorrect Answers:RADIUS is an AAA management system, but does not collect error information. IPSec is a security/encryption protocol. A network sniffer is a packet capture and analyzer tool.
What hardware network tool is used to determine the length of a cable?
1. Network analyzer 2. Toner 3. TDR 4. Continuity tester Answer: 3. TDR Explanation Correct Answer:Time Domain Reflectometers (TDR) are handy tools that uses a reflected signal to determine the length of a cable. A TDR can also determine how far down the cable a break is located.Incorrect Answers:A toner, which consists of a tone generator and tone probe, is used to trace the location of cables.A continuity tester is a tool for verifying that there are no breaks in a cable.A network analyzer (packet analyzer) is a tool that can capture individual packets on a network and analyze them.
Why is it important to implement employee training and corporate policies that reinforce the confidential nature of company data?
1. Packet Sniffing 2. Smurf Attack 3. Distributed DoS 4. Social Engineering Answer: 4. Social Engineering Explanation Correct Answer:Lack of training and policies can leave a company's employees easily exploitable by someone who is practiced at social engineering.
Which of the following is not a good approach to mitigating network threats?
1. Policies and procedures 2. Documenting chain of custody 3. Patch management 4. Training and awareness 5. Incident response Answer: 2. Documenting chain of custody Explanation Documenting chain of custody may help prosecute someone after an event has occurred but it does nothing to mitigate the risk or impact of a threat.There are certain common practices to mitigate network threats including training and awareness, patch management, implementation of good policies and procedures, and effective response to incidents.
An organization has five campus buildings. They want each building to be on its own subnet. Each campus will need a minimum of twenty-five IP addresses. The organization has the Class C network address 217.105. 2.0 assigned to it. Using CIDR, what subnet mask will the minimum number of subnetworks with the maximum number of hosts per network that will meet the requirements of the organization?
1. /29 2. /28 3. /26 4. /27 Answer: 4. /27 Explanation /27 will result in 6 subnetworks with 30 hosts per subnet./26 would support 62 hosts per subnet but would only create 4 subnetworks. /28 would create 16 subnetworks but would only have 14 hosts per subnet. /29 would create 32 subnetworks but would only have 6 hosts per subnet.
A user runs ipconfig /all and gets the results shown below. What is the DHCP server's address? Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Generic Ethernet Adapter Physical Address. . . . . . . . . : C0-25-E9-74-DC-22 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.4.170(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, September 09, 2018 11:04:00 Lease Expires . . . . . . . . . . : Wednesday, September 12, 2018 19:01:33 Default Gateway . . . . . . . . . : 192.168.4.1 DHCP Server . . . . . . . . . . . : 192.168.4.150 DNS Servers . . . . . . . . . . . : 192.168.4.1 Primary WINS Server . . . . . . . : 192.168.4.1 NetBIOS over Tcpip. . . . . . . . : Enabled
1. 00-80-AD-7B-48-39 2. 255.255.255.0 3. 192.168.4.152 4. 192.168.4.15 5. 192.168.4.150 Answer: 5. 192.168.4.150 Explanation Correct Answer:Looking at the line labeled "DHCP Server," the DHCP server address for this system is 192.168.4.150.Incorrect Answers:Answers A and C are wrong, B is a MAC address, and E is a Subnet Mask.
A major corporation is designing a new campus and part of the plan involves networking, both inside each building and connecting the buildings together. The architect needs to know which connection offers the longest effective distance, and adds that money is no object.
1. 1000BaseT 2. 1000BaseCX 3. 1000BaseSX 4. 1000BaseLX Answer: 4. 1000BaseLX Explanation Correct Answer:Using 1000BaseLX over single-mode fiber offers distances as great as 5 kilometers, far more than the (much less expensive) 1000BaseSX over multimode fiber. The latter tops out at 500 meters. The other two standards listed are copper-based and have much shorter ranges.
Which of the following networking technologies has the shortest maximum length?
1. 10Base2 2. 10BaseFL 3. 10Base5 4. 10BaseT Answer: 4. 10BaseT Explanation Correct Answer:You don’t even need the "10Base" stuff. All you need is the "T." The "T" is for twisted pair, which means the cable can be 100 meters in length.Incorrect Answers:10BaseFL cables can be 2 kilometers long.10Base2 cables can be 185 meters long.10Base5 cables can be 500 meters long.
Which statement is not true about early Ethernet?
1. 10Base5 connects to a network card with a BNC T-connector 2. Thick Ethernet Coax is called 10Base5 3. Thick Ethernet must be terminated on both ends of the coaxial cable 4. Thin Ethernet is called 10Base2 Answer: 1. 10Base5 connects to a network card with a BNC T-connector Explanation 10Base5 connections are made by dropping a cable from a tranceiver directly to the NIC.All of the other statements are true.
Which of the following is not a "special" IP address?
1. 169.253.4.185 2. 10.255.1.1 3. 127.0.0.1 4. 192.168.70.70 Answer: 1. 169.253.4.185 Explanation 169.253.4.185 is a valid class B address (note, any address that starts with 169.245 is an Automatic Private IP Address - APIPA). Watch for this subtle type of distinction on the CompTIA exam.10.255.1.1 is on the 10.0.0.0 network - a valid private IP network. 192.168.70.70 is in the range of valid Class C private IP networks (192.168.x.0). 127.0.0.1 is the loopback IP address.
What is a valid IP address for a computer if the IP address for the network is 192.168.100/24?
1. 192.168.100.254 2. 192.168.1.1 3. 192.167.100.10 4. 192.168.100.255 Answer: 1. 192.168.100.254 Explanation Correct Answer:The subnet mask of 255.255.255.0 (/24) means that the network ID is the first three octets, so the correct answer is 192.168.100.254. Incorrect Answers:The address 192.168.100.255 is not correct because the host ID cannot be all 1s. 192.167.100.10 and 192.168.1.1 are not on the same network as 192.168.100/24.
A DS0 line has what bandwidth?
1. 64kbps 2. 128kbps 3. 32kbps 4. 1.544 mbps Answer: 1. 64kbps Explanation A DS0 can carry 64 kilobits per second.24 DS0 lines can be combined to create a DS1 line with a 1.544 megabit per second bandwidth. DS0 lines are 64kbps, not 32 or 128 kbps.
Which of the following is not a distribution panel?
1. 66 Punch-downblock 2. Fiber distribution panel 3. 166 Punch-down block 4. 110 Punch-down block Answer: 3. 166 Punch-down block Explanation There are no 166 Punch-down blocks. 110 and 66 Punch-down blocks are common distribution panels for Unshielded Twisted Pair (UTP). A fiber distribution panel is used for fiber feeds and is a common distribution panel.
What do you call a snapshot of your systems and network when they are working correctly?
1. A Baseline 2. A network map 3. A syslog 4. A Proxy Answer: 1. A Baseline Explanation Correct Answer:The snapshot you create of a system when it is working correctly is called a baseline. This data is stored in a file that can be used later to compare to a snapshot of the system when changes are made or when problems exists. A comprehensive baseline can greatly help in the troubleshooting process.Incorrect Answers:Syslog is a log, a proxy acts in place of something else, and a network map shows how the network functions logically.
What is a digital signature?
1. An encrypted web page 2. A hashed web page 3. A hash of an encrypted data chunk that sender and receiver both have 4. A web page that has been hashed with a private key Answer: 3. A hash of an encrypted data chunk that sender and receiver both have Explanation A digital signature starts by encrypting a data chunk with a private key. The results are hashed and sent to a receiver. The receiver performs the same operation on the same data chunk but uses the public key and compares the results.A digital signature is not just a hashed data chunk (like a web page) or just an encrypted data chunk. Public and private keys are not used in the hashing process.
Which of the following are not steps in network design? (Choose two.)
1. Assess customer needs 2. Upgrade existing WAPs to improve security 3. Assess current network infrastructure 4. Use existing wiring and switches 5. Check operating system compatibility Answer: 2. Upgrade existing WAPs to improve security 4. Use existing wiring and switches Explanation The organization may have current WAPs. The organization may have older wiring that is incompatible with modern speeds and technologies.Assessing customer needs, current infrastructure and operating system compatibility are all steps to take when designing networks.
Which of the following is not a network information or troubleshooting utility?
1. Bandwidth tester 2. pathping 3. FTP 4. tracert Answer: 3. FTP Explanation FTP is a file transfer application, not a testing application.Tracert (aka traceroute) shows all of the hops between the station running the utility and a user specified destination. Pathping also shows hops betwen a host and a destination but uses a less sophisticated protocol. Bandwitdh testers are great for determining the upload and download speed between given sites.
Which technology only allows one wireless station to transmit at a time?
1. CSMA/CA 2. CSMA/CD 3. Wireless bonding 4. Wireless encryption Answer: 1. CSMA/CA Explanation Correct Answer:CSMA/CA - This avoids simultaneous transmitting by assigned stations a guaranteed time slot that each station has sole access to.Incorrect Answers:Wireless encryption and wireless bonding have no bearing on when a station transmits. CSMA/CD does not prevent simultaneous transmissions, it just detects them then attempts to resolve the collision.
An organization is building out its offices. Initially, computer connections will be 1 gigabit Ethernet but the company plans to upgrade to 10 gigabit connections in the near future. What category of wiring should be installed so that the company will not have to re-wire the facility when they upgrade their Ethernet speed?
1. Cat 6a 2. Cat 5 3. Thicknet 4. Cat 5e Answer: 1. Cat 6a Explanation Cat 6a supports 10 gigabit speed and is backward compatible with 1 gigabit speeds.Cat 5 and Cat 5e support maximum Ethernet speeds of 1 gigabit. Thicknet is thick Ethernet Coaxial cable and supports a maximum speed of 10 megabits.
A user opened a command prompt and ran ipconfig /all command. The results of included the following two lines: IPv4 Address. . . . . . . . . . . : 211.35.56.18 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Which IP address class was reported?
1. Class C 2. Class D 3. Class A 4. Class E 5. Class B Answer: 1. Class C Explanation Correct Answer:The IP address class for this system is Class C. This can be determined by the fact that the subnet mask defines the first three octets as the Network ID (255.255.255.0).Incorrect Answers:Class A = 255.0.0.0Class B = 255.255.0.0Class D & E are not used
A firewall that checks out all the incoming traffic and decides if the traffic is going to be allowed or filtered out is an example of which of the following?
1. Content filtering 2. Packet filtering 3. Packet sniffing 4. Stateful inspecting Answer: Stateful inspecting Explanation Correct Answer:With a stateful firewall, the entire conversation between hosts will be monitored as a single stream. It will keep and discard packets based on how it was configured.Incorrect Answers:Packet sniffing is not feature of a firewall as much as it is a feature on packet analyzers such as Wireshark. Packet filtering is basically what a firewall does. It's not a type of firewall. It's like saying "high-speed RAM."Content filtering is the ability to keep or discard specific types of transmission. It operates higher in the OSI model and doesn't concern itself with IP addresses and ports.
Log management includes which of the following tasks? (Select three.)
1. Control access to appropriate users 2. Deleting non-critical entries from log files 3. Storage for legal conformance 4. Manage size 5. Deleting full logs Answer: 1. Control access to appropriate users 3. Storage for legal conformance 4. Manage size Explanation Correct Answers:Certain jurisdictions have legal requirements that logs be archived for future review.Not everyone should be able to read, edit, or delete log files.Left unchecked, log files could outgrow available space. Log size must be managed to conform to space, utility, and legal limitations.Incorrect Answers:Deleting full logs may run afoul of the law and may also make it impossible to investigate important events.Logs should not be selectively edited; they must be maintained in their entirety so that a complete record is available to trace or reconstruct an event.
Which choices are examples of symmetric encryption? (Choose three.)
1. Data Encryption Standard 2. RC4 3. ECC 4. AES 5. PGP Answer: 1. Data Encryption Standard 2. RC4 4. AES Explanation RC4, Data Encryption Standard (DES), and Advanced Encryption Standard (AES) are examples of symmetric encryption.Pretty Good Privacy (PGP) and Eliptical Curve Cryptography (ECC) are examples of asymmetric encryption.
Which of the following is not a form of social engineering?
1. Dumpster diving 2. Phishing 3. Shoulder surfing 4. Man-in-the-middle Answer: 4. Man-in-the-middle Explanation Man-in-the-middle attacks are technical attacks whereas social engineering involve interacting with people (or their trash!) to glean information of value.Dumpster diving, shoulder surfing and phishing are examples of social engineering attacks.
Which settings must be manually configured in a switch that does not feature auto-negotiation? (Select TWO.)
1. Duplex 2. Port Speed 3. IP addressing 4. MAC addressing 5. IPv6 addressing Answer: 1. Duplex 2. Port Speed Explanation Correct Answers:Port speed and duplex - Both characteristics need to be the same to get a connection.Incorrect Answers:MAC, IPv4, and IPv6 addressing deal with getting the traffic to the right location after a connection has been established.
Sam is setting up two pieces of networking equipment that are identical. He can use them in conjunction for what purpose? (Select two.)
1. Fault tolerance 2. Bandwidth shaping 3. High availability 4. Latency reduction 5. CARP Answer: 1. Fault tolerance 4. Latency reduction Explanation Correct Answers:The reason I would want two pieces of equipment working together would be to keep the network up and running in case one of those devices failed, providing fault tolerance as well as high availability when the network may be overloaded with requests.Incorrect Answers:Having more equipment won't help with latency. That's an issue I'll have to take up with my ISP. Or if it's a internal, I would need to upgrade my network medium. (Don't use satellite if you can help it!)Common Address Redundancy Protocol (CARP) is a protocol used to allow multiple hosts on the same network to share a set of IP addresses. This provides your network with redundancy. Remember, the question is asking for the "purpose". CARP is a protocol, not a purpose.Bandwidth shaping is a function of an advanced device such as a router to control how network bandwidth is used.
A network technician has been tasked with monitoring the network. What are some common network functions she should monitor? (Select three.)
1. File hash changes 2. Server utilization 3. Error alerts 4. Bandwidth Answer: 2. Server utilization 3. Error alerts 4. Bandwidth Explanation She should monitor several network metrics, such as server utilization, errors, and bandwidth usage.Changes to file hashes are not a typical, real-world thing that needs aggressive monitoring.
Which choice is not a backup methodology?
1. Full 2. Differential 3. Photographic 4. Incremental 5. Snapshot Answer: 3. Photographic Explanation Photographic is not a backup methodology (but it sounds a lot like snapshot, doesn't it?).Full, incremental, and differential backups are backup methodologies designed to back data up to media that is not the same as the media holding the data to be backed up. Snapshots are backups of virtual machines but they are usually stored on the same media as the VM.
Which of the following are examples of pluggable tranceivers? (Choose three.)
1. GBIC+ 2. SFP+ 3. SFP 4. GBIC Answer: 2. SFP+ 3. SFP 4. GBIC Explanation Gigabit Interfce Converter (GBIC), Small Form-factor Pluggable (SFP) and SFP+ (a faster tranceiver spec than SFP) are examples of pluggable tranceivers.There was never a "+" version of GBIC.
Troubleshooting networks add which element to the general troubleshooting model?
1. Gather basic information 2. Network model top-to-bottom approach 3. Test the theory 4. Form a theory Answer: 2. Network model top-to-bottom approach Explanation Using the network model as a starting place to troubleshoot network issues is an effective approach and can be performed using a top-to-bottom, bottom-to-top or most likely layer to least likely layer (divide-and-conquer) methodology. This is not an element of the standard troubleshooting model.Gathering basic information, forming a theory, and testing the theory are all standard troubleshooting steps.
A tech adds a new switch to a network, connecting it to the other switches, and then flips on the power. Within moments, the network has dropped to its knees, buckling under a broadcast storm. What did the tech forget to do?
1. He forgot to implement Spanning Tree Protocol on the switch. 2. He forgot to implement VLAN on the switch. 3. He forgot to implement port mirroring on the switch. 4. He forgot to implement trunking on the switch Answer: 1. He forgot to implement Spanning Tree Protocol on the switch. Explanation Correct Answer:The Spanning Tree Protocol (STP) enables routers to deal with bridge loops. Unmanaged, bridge loops cause broadcast storms and can quickly stop a network from functioning.
Your company wants to test out the security of your network by allowing attackers to hit a fake network that you create. Which technology would you need to use?
1. Honeypot 2. Honeynet 3. NIDS 4. NMAP Answer: 2. Honeynet Explanation Correct Answer:A Honeynet is a network of honeypots used to simulate a network where all the activity is monitored and recorded.Incorrect Answers:A Honeypot is a device on a network that creates vulnerabilities so that an attacker will attempt to take it down. The honeypot will record the activity of the attacker.A Network Intrusion Detection System (NIDS) is basically an alarm system for your network. It will monitor and log any activity that is going on.NMAP is security scanner used to map your network and check for vulnerabilities.
Which statement is not true of a DMZ?
1. Hosts that are exposed to the public network should be placed in a DMZ 2. All hosts in a private network should be placed in the DMZ 3. A bastion host provides the first level of protection for the DMZ 4. Honey pots and honey nets can be placed in a DMZ to distract attackers Answer: 2. All hosts in a private network should be placed in the DMZ Explanation Placing a host in the DMZ exposes it to the public network so it would be inadvisable (downright crazy!) to place all of the internal network hosts in the DMZ.All of the other statements are true regarding the DMZ.
Users must do their part to maintain network security. How can users know how to reduce risk factors?
1. IT management should provide complete, transparent risk protection to all user and network assets. 2. Common sense provides enough risk management. 3. Users should perform regular pentest on their workstations. 4. Users should be trained in risk mitigation. Answer: 4. Users should be trained in risk mitigation. Explanation Correct Answer:Users should be trained in risk mitigation. Training may be classroom/computer-based, through documentation, or person-to-person.Incorrect Answers:Common sense is great but not everyone is aware of all of the risks that can threaten a network.It is likely impossible to provide complete risk mitigation without everyone, including users, doing their part. Pentesting is performed by senior IT staff and contractors.
Your Windows 7 system suddenly can't reach the Internet. You know that your DHCP server has been intermittently malfunctioning. What command can you type to see if it gave you an IP address, default gateway, and other necessary IP configuration before it crashed?
1. Ipconfig 2. Nslookup 3. Ifconfig 4. Route print Answer: 1. Ipconfig Explanation Correct Answer:Ipconfig will display the network configuration, and works in all version of Windows.Incorrect Answers:Ifconfig only works on UNIX systems.Nslookup is used to troubleshoot DNS problems.Route print is used to show your PC's routing tables.
You have just installed an auto-sensing NIC on a computer. When a NIC has auto-sensing capabilities, what does that mean? (Select two.)
1. It will determine its link latency with the switch 2. It will receive a new MAC address 3. It will choose its cable type for transmission 4. It will determine the link duplex 5. It will determine its link speed or bandwidth Answer: 4. It will determine the link duplex 5. It will determine its link speed or bandwidth Explanation Correct Answers:The link duplex and the link speed will be determined once you connect a cable to your auto-sensing NIC. For instance, it could be 1 Gbps and full duplex. It could also be 10 Mbps at half duplex.Incorrect Answers:You cannot receive a new MAC address. A MAC address is permanently attached to your NIC--unless you want to talk about MAC spoofing, but that's a topic for a different day.The auto-sensing won't determine what kind of cable you have. This may sound silly, but the type of cable you have will determine the type of cable you have.Your latency will be determined by factors such as distance from the switch or hub, the type of cabling used, and most importantly, the amount of data on the network.
Which choice is not a standard business document?
1. MOU 2. MSA 3. WPA 4. SOW 5. SLA Answer: 3. WPA Explanation WiFi Protected Access (WPA) is a wireless security protocol, not a business document.Service Level Agreement (SLA), Memoranda of Understanding (MOU), Multi-source Agreement (MSA), and Statement of Work (SOW) are all examples of standard business documents.
Carl is complaining that his Internet connection is moving at a snail's pace. Which command line utility could you use to find out why?
1. Netstat 2. Nbstat 3. Ping 4. Tracert Answer: 4. Tracert Explanation Correct Answer:Tracert will trace out the entire route the packet traveled between you and the host you are trying to access. Additionally, it will tell you travel time between each node in the route which can help you pinpoint the source of the problem.Incorrect Answers:Ping will only verify that you can connect to the other host. Netstat will display all the current socket connections on the local machine. Nbstat displays the NetBIOS name cache on the local machine.
You have a network with 25 users. All the users are complaining about the network moving too slowly, even when only one person is accessing the server. Which of the following tools could you use to troubleshoot the bottleneck? (Select three.)
1. Packet sniffer 2. Loopback device 3. Protocol analyzer 4. TDR 5. Network analyzer Answer: 1. Packet sniffer 3. Protocol analyzer 5. Network analyzer Explanation Correct Answers:Packet sniffers, network analyzers, and protocol analyzers are all different terms to describe the same thing. They look at packets and can assist you in finding network bottlenecks. Incorrect Answers:The loopback would be a good way to test individual systems, but given that the problem is across the network, it is an unlikely choice here.A time domain reflectometer (TDR) is a sophisticated device for testing cables and doing wire maps.
Donnie complains that he cannot connect to www.comptia.org. Marie, the network administrator, suspects the network's DNS server could be causing the problem. Which of the following steps could help her determine if the DNS server is to blame for Donnie's problem?
1. Ping www.comptia.org by both its name and IP address from Donnie's computer 2. Run nbstat from Donnie's computer 3. Run route from Donnie's computer 4. Run netstat from Donnie's computer Answer: 1. Ping www.comptia.org by both its name and IP address from Donnie's computer Explanation Correct Answer:Ping www.comptia.org by both its name and IP address from Donnie's computer. If Marie can ping www.comptia.org by its IP address but not by its name, she knows Donnie's machine cannot properly resolve the name www.comptia.org into its corresponding IP address. Marie could also look for clues in the failure messages that the PING utility generates when it fails to reach an address.Incorrect Answers:The route command is used to check the route your packets take from your PC.The nbtstat command is used to troubleshooting WINS issues.The netstat command is used to see the current TCP & UDP connection statistics on your PC.
Wesley has contacted your IT department with reports of being disconnected from the file server at random times. Which of the following could a technician use to determine whether or not it is Wesley’s PC or the file server that is creating the issue?
1. Protocol analyzer 2. Toner Probe 3. Throughput tester 4. Cable tester Answer: Explanation Correct Answer:A protocol analyzer or packet sniffer is designed to intercept and log all network packets. In this scenario, we should be able to find out which device is the culprit by using a protocol analyzer such as Wireshark. Incorrect Answers:A cable tester is used to check continuity between cables. A throughput tester is designed to see if the cable that you made will actually performed at its designed speed. A toner probe is an excellent tool for hunting down cables that are incorrectly labeled or not labeled at all!
Which selections provide single sign-on services? (Choose two.)
1. RADIUS 2. Active Directory 3. TACAS+ 4. SAML Answer: 2. Active Directory 4. SAML Explanation Windows Active Directory (and other Active Directory implementations) and Security Assertion Markup Language (SAML) provide single sign-on services. TACACS+ and RADIUS provide authentication and other services but not single sign-on.
Which of the following is not an element of contingency planning?
1. Restoration order of operations 2. Disaster recovery 3. Business continuity 4. Backup site 5. Fire suppression systems Answer: 5. Fire suppression systems Explanation Fire suppression systems are preventative measures, not recovery and continuity elements.Disaster recovery, business continuity, backup site planning and restoration procedures are all elements of contingency planning.
The solution to a single point of failure is redundancy. Which failure points should be selected to be bolstered with redundancy?
1. Senior management and IT management should identify critical assets and critical nodes 2. All hard drives should be installed in RAID arrays 3. All hard drives should be backed up daily 4. All servers and network links should be made redundant Answer: 1. Senior management and IT management should identify critical assets and critical nodes Explanation Correct Answer:Critical assets and nodes represent single failure points. It is the job of IT management and senior management to determine which elements are critical.Incorrect Answers:Not every server or link may be a critical node.Drives that are not critical nodes are assets that don’t necessarily need to be in a RAID array.Critical drives should be backed up, but not every drive is critical.
What kind of download and upload speed does ADSL provide?
1. Slower upload speed than download speed 2. Same download and upload speed 3. Faster upload speed than download speed 4. Half duplex operation provides the same upload and download speed but uploading and downloading cannot happen simultaneously. Answer: 1. Slower upload speed than download speed Explanation Asynchronous Digital Subscriber Line (ADSL) has different download and upload speed. DSL customers usually require faster download speed than upload speed.Synchronous Digital Subscriber Line (SDSL) have the same upload and download speed. While theoretically possible, it is unusual for ADSL to provide faster upload speed than download speed. DSL is a full duplex connection.
Which of the following is not an authentication factor?
1. Something you have 2. Something you are 3. Something you can do 4. Something you know Answer: 3. Something you can do Explanation Modern authentication systems cannot evaluate an action so something you can do is not an authentication factor.The three typical categories of authentication factors are something you know, something you are, and something you have.
Which of the following is not a valid network topology?
1. Star Bus 2. Mesh 3. Ring 4. Bus/Linear Bus 5. Mesh Bus 6. Star Answer: 5. Mesh Bus Explanation There is no topology known as a mesh bus.Bus, linear bus, ring star, star bus, and mesh are all network topologies.
Select two advantages of switches over hubs. (Choose two.)
1. Switches can be linked together but hubs cannot 2. Switches have smaller collision domains than hubs 3. Switches can use crossover or straight-through cables to connect to other switches but hubs require crossover cables to connect to other hubs 4. Switches have more ports than hubs Answer: 2. Switches have smaller collision domains than hubs 3. Switches can use crossover or straight-through cables to connect to other switches but hubs require crossover cables to connect to other hubs Explanation Switches reduce collision domains to the two ports involved in communication by isolating them from the other switch ports for the duration of the communication. All ports of a hub are on the same collision domain and can be involved in a broad spectrum of collisions. Switches can autodetect connections to other switches and internally configure the connection port to be a crossover or straight-through, as necessary.Hubs can be linked together. While hubs were still available, there were just as many ports available on them as there are on modern switches.
A network administrator has been assigned to simplify the reviewing of network device events. Which could she use to achieve the desired result?
1. Syslog server 2. History logs 3. Traffic analyzer 4. Event logs Answer: 1. Syslog server Explanation Correct Answer:Syslog server - Syslog can be used for computer system management and security auditing as well as generalized information, analysis, and debugging.Incorrect Answers:History and Event logs require sifting through many hours of network operation looking for interesting data, while a traffic analyzer is used to determine traffic patterns or problems on the network, but nothing else.
Users are reporting slow Internet connection speeds. Network technician Zim suspects that users are streaming video and music. Which of the following would BEST confirm Zim's theory?
1. System logs 2.Traffic analysis 3. History logs 4. SNMP Answer: 2.Traffic analysis Explanation Correct Answer:Traffic analysis - Traffic analysis shows the type and quantity of data passing on a network.Incorrect Answers:SNMP supports the management of devices, history logs don't exist, and system logs show boot up processes.
You are working with a certified cable installer to troubleshoot the DSL line coming into your office. He thinks that the DSL signal is coming in on the wrong POTS line. Which tool would he use to troubleshoot this issue?
1. TDR 2. Toner Probe 3. Multimeter 4. Butt set Answer: 4. Butt set Explanation Correct Answer: The butt set is used by technicians to install and test telephone lines. Incorrect Answers: In networking, Multimeters can be used to test for continuity on cabling. The toner probe is used to track down unidentified cables. The time domain reflectometer (TDR) is used to locate faults in network cables.
Which of the following is not an element of structured cabling?
1. Telecommunications closet 2. Work area 3. Table-top rack 4. Horizontal run Answer: 3. Table-top rack Explanation While table-top racks may be used in a structured wiring environment, they are not a standard element of structured cabling.All of the other choices are all elements of structured cabling.
Which choice describes a significant difference between Telnet and SSH?
1. Telnet runs on a server, SSH runs on a client 2. Telnet is unencrypted, SSH is encrypted 3. Telnet is an Internet Telephony protocol, SSH is a Secure Sharing Protocol 4. Telnet runs on a client, SSH runs on a Server Answer: Which choice describes a significant difference between Telnet and SSH? Explanation Telnet runs on TCP port 23 and is an unencrypted terminal emulation application that runs on both a client and a server. SSH runs on TCP port 22 and is an encrypted terminal emulation application that runs on both a client and a server.Telnet and SSH are both terminal emulators, not telephony or sharing protocols. Telnet needs a telnet client and a telnet server. SSH needs an SSH client and an SSH server.
Given a network problem scenario, a technician should identify the problem, then establish a theory for the cause of the problem. What is the next logical troubleshooting step?
1. Test the theory to determine the cause 2. Document the outcome 3. Implement a solution with potential effects 4. Implement an action plan Answer: 1. Test the theory to determine the cause Explanation Correct Answer:Once you've established the symptoms and isolated the scope of the problem, the next step should be to test out any theory as to what caused the issue.Incorrect Answers:Implementing an action plan or solution is great, but we still need to find out what caused our issue.Documenting is always good, but let's save that for the last step.
Which of the following are true of broadcast addresses? (Choose two.)
1. The broadcast address is found in the sender (source) field of the MAC header 2. The broadcast address is FF-FF-FF-FF-FF-FF 3. The broadcast address is 11-11-11-11-11-11-11 4. The broadcast address is the first field of a frame Answer: 2. The broadcast address is FF-FF-FF-FF-FF-FF 4. The broadcast address is the first field of a frame Explanation The broadcast address is FF-FF-FF-FF-FF-FF and is found in the first field (destination) of the frame.Though the broadcast is a series of 1s, there are not 12 of them, there are 48. The second field of the frame is the sender's MAC address.
Which statements are true of DNS? (Choose three.)
1. The first entry in a DNS server is an SOA 2. An "AAA" record is an entry with an IPv6 address 3. An "A" record is an entry with an IPv4 address 4. DNS runs on port 53 Answer: 1. The first entry in a DNS server is an SOA 3. An "A" record is an entry with an IPv4 address 4. DNS runs on port 53 Explanation Domain Name System (DNS) runs on TCP port 53. The first entry in a DNS server is the Start of Authority (SOA). An "A" record is an entry with and IPv4 address.An "AAAA" record is an entry with an IPv6 address. There are no "AAA" records in DNS.
A system which worked perfectly last night can't see the network and you see that the link lights aren't functioning. What's the next item to check?
1. The hub 2. The link light 3. The patch panel 4. The patch cable Answer: 4. The patch cable Explanation Correct Answer:Since you've already checked the link light, the next logical step would be to check the patch cable that runs between the PC and the wall outlet. They are the most common failure point on a network.Incorrect Answers: If that checks out ok, then you should head over to the equipment room to check the patch panel and hub.
Which of the following is not a characteristic of the RIP routing protocol?
1. The primary metric in RIP is hop count 2. RIP supports a maximum hop count of 127 hops 3. RIP is a distance vector protocol 4. RIP is an interior gateway protocol Answer: 2. RIP supports a maximum hop count of 127 hops Explanation Router Information Protocol (RIP) supports a maximum hop count of 15 hops, not 127 hops.All of the other choices are characteristics of RIP.
The best (most secure) passwords have which of the following characteristics? (Select all that apply.)
1. They should include the user's name 2. They should not be based on easily-determined personal information such as the names of spouses and children 3. They should include a combination of letters and numbers 4. They should not be common words from the dictionary Answer: 2. They should not be based on easily-determined personal information such as the names of spouses and children 3. They should include a combination of letters and numbers 4. They should not be common words from the dictionary Explanation Correct Answers:Passwords should not be common words from the dictionary. A good password would include a combination of letters and numbers. Incorrect Answers: Good passwords should not be based on easily-determined personal information such as the names of spouses and children, or your user name on the computer.
What is the job of a router?
1. To connect networks with different network IDs 2. To assign IP addresses to hosts on the network 3. To allow outside hosts to initiate contact iwth hosts on the LAN side of a network 4. To map IP addresses against MAC addresses Answer: 1. To connect networks with different network IDs Explanation While some routers have many other built-in services, the primary job of a router is to connect networks with different network IDs.A DHCP server assigns IP addresses to hosts. Mapping IP addresses to MAC addresses is the job of the ARP protocol, not a route. Outside hosts can connect to private addressed hosts with DDNS, port forwarding or other methods but this is not the primary job of a router.
What is the purpose of IPv6 tunneling? (Choose two.)
1. To encapsulate an IPv6 packet inside an IPv4 packet 2. To pass IPv6 packets across an IPv4 network 3. To pass IPv4 packets across an IPv6 network 4. To encapsulate an IPv4 packet inside an IPv6 packet Answer: 1. To encapsulate an IPv6 packet inside an IPv4 packet 2. To pass IPv6 packets across an IPv4 network Explanation IPv6 tunnels are used to pass IPv6 traffic over IPv4 networks. They accomplish this by encapsulating IPv6 packets within IPv4 packets.IPv6 tunnels exist to pass IPv6 traffic across IPv4 networks. Encapsulating IPv4 packets within IPv6 packets is an IPv4 tunnel that would pass IPv4 traffic over an IPv6 network.
A toner is really two separate devices. Which two answers are the names for those two devices? (Select two.)
1. Tone Sender 2. Tone Generator 3. Tone Probe 4. Tone Receiver Answer: 2. Tone Generator 3. Tone Probe Explanation Correct Answers:The tone generator creates the tone. The tone probe detects the signal from the tone generator.Incorrect Answers:Other 2 don't exist.
The Internet layer of the TCP model corresponds to which layer(s) of the OSI model?
1. Transport 2. Session lock 3. Network 4. Session, Presentation, and Application Answer: 3. Network Explanation The TCP Internet layer most closely matches the OSI Network layer.The OSI Data Link layer most closely fits into the TCP Network Interface layer. The OSI Transport layer most closely matches the TCP Transport layer. The OSI Session, Presentation, and Application layer most closely match the TCP Application layer.
Which option is categorized data that can be accessed with an SNMP query?
1. Trap 2. Walk 3. MIB 4. Syslog Answer: 3. MIB Explanation Correct Answer:A management information base (MIB) contains categorized information Incorrect Answers:The snmpwalk utility, also known as walk, automatically runs a series of get commands. Syslog is a Linux performance-monitoring tool.A trap is an agent-issued command to solicit information from an NMS.
Which feature of a SOHO router is not typically found in an enterprise router?
1. Two or more router interfaces 2. Built-in switch 3. Graphical or textual management interface 4. Each interface in the router must be configured Answer: 2. Built-in switch Explanation Very few enterprise routers have a built-in switch. SOHO and enterprise routers both have at least two router interfaces. Both SOHO and enterprise routers must be managed and will have a GUI, a text-based user interface or both. SOHO and enterprise routers must have their interfaces configured.
Which of the following is not an element that is exclusive to Mobile NAC?
1. Two-factor authentication 2. Captive Portal 3. Onboarding 4. Geofencing Answer: 1. Two-factor authentication Explanation Two-factor authentication is generic and can apply to a standalone system as well as a network.Onboarding, captive portals and geofencing are all elements of Network Access Control (NAC) and Moblie NAC.
Which of the following cable types is most vulnerable to EMI?
1. UTP 2. Fiber optic 3. Coaxial 4. STP Answer: 1. UTP Explanation Correct Answer:Electromagnetic Interference (EMI) is the when electrical noise from an electronic device gets into a cable and causes interference. Due to the lack of shielding, Unshielded Twisted Pair (UTP) cable is the most susceptible to EMI. Incorrect Answers:Shielded Twisted Pair (STP) and Coaxial cable both have shielding that helps reduce the possibility of EMI. Fiber optic cable uses light pulses instead of electrical pulses which makes it immune to EMI.
Which of the following is not a common wired network problem?
1. UTP cables < 100M 2. Attenuation 3. Jitter 4. Wrong cable type Answer: 1. UTP cables < 100M Explanation UTP cables can be shorter than or equal to (<, =) 100 meters. The problem arises when running CAT cables longer than 100 meters.Attenuation is signal degredation as a signal travels down a cable. Jitter is lost packets that must be retransmitted and that can affect a real-time experience. Wrong cable type can generate slow (or no) network performance when trying to send fast data down a category of cable that is not rated for the intended speed.
Which of the following is not a characteristic of serial ports?
1. Uses DB-25 connector 2. Sends out 8 bits at the same time on different pins 3. Uses DB-9 connector 4. Uses RS-232 signaling Answer: 2. Sends out 8 bits at the same time on different pins Explanation Parallel ports can send multiple bits out simultaneously but serial ports only have one send pin, so data bits must be sent out serially (one after the other).Serial ports can use either 9 or 25-pin D-shell connectors. Serial communication is done with RS-232 signalling (the current spec is EIA-232-D).
True or false: Most SOHO routers come with NAT enabled?
1. True 2.False Answer: 1. True Explanation Most SOHO routers come with NAT enabled. It can be disabled and/or enabled in one of the router's administration settings.
PoE describes what?
1. Using wireless access points to provide power to wireless clients 2. Using Ethernet cables to carry data and power to network devices 3. Using power cables as wireless antennas in Wifi environments 4. Using power lines to carry Ethernet data Answer: 2. Using Ethernet cables to carry data and power to network devices Explanation Power over Ethernet (PoE) uses the unused wired in twisted pair Ethernet cables to carry power to network devices such as wireless acces points (WAPs).Using power lines to carry data is known as broadband over power lines (BPL). At this point, it is not possible (practical) to deliver power to devices wirelessly. Using power lines as antennas is a nonsensical choice.
Which of the following are characteristics of an enterprise wireless network? (Choose three.)
1. WAPs are managed by a wireless controller 2. All WAPs are managed and configured with a single utility 3. Each WAP must have a unique SSID 4. Enterprise WAPs with a common SSID work cooperatively Answer: 1. WAPs are managed by a wireless controller 2. All WAPs are managed and configured with a single utility 4. Enterprise WAPs with a common SSID work cooperatively Explanation All of the WAPs in an enterprise are managed by a wireless controller with a single utility. All WAPs in an enterprise environment that have the same SSID work cooperatively.In enterprise wireless networks, it is not mandatory that all SSIDs are the same. Enterprise networks support common SSIDs from all WAPs, multiple SSIDs or clusters of unique SSIDs.
Which of the following is not a characteristic of an IPv6 address?
1. Written with hexadecimal characters 2. Groups are separated by dashes 3. Broken up into eight groups 4. 128 bits Answer: 2. Groups are separated by dashes Explanation IPv6 addresses are broken up into eight groups and when written or viewed, the groups are separated by colons, not dashes. IPv6 addresses are 128-bits in length that are broken up into eight groups which are usually expressed with hexadecimal characters.
Which of the following is not an antenna type typically found in a Wi-Fi environment?
1. Yagi 2. Dipole 3. Patch 4. Tripole Answer: 4. Tripole Explanation There are no tripole antennas.Dipoles generate a donut-shaped radiation pattern. Patch and yagi antennas are directional.
Which choice is not a tool to test network security?
1. nmap 2. nessus 3. Honey tree 4. Honey pot Answer: 3. Honey tree Explanation A honey tree might be found in an A. A. Milne book but not in a network security testing suite. Nessus, nmap, honey pots and (not mentioned) honey nets are popular network security testing tools.