CompTIA Questions 151-300

A network administrator is reviewing the following metrics from a network management system regarding a switchport. The administrator suspects an issue because users are calling in regards to the switch port's performance: Based on the information in the chart above, which of the following is the cause of these performance issues? A. The connected device is exceeding the configured MTU. B. The connected device is sending too many packets. C. The switchport has been up for too long. D. The connected device is receiving too many packets. E. The switchport does not have enough CRCs.

A. The connected device is exceeding the configured MTU. If you are seeing Giants this the device is exceeding the default 1500 MTU size.

An IT administrator received an assignment with the following objectives: ✑ Conduct a total scan within the company's network for all connected hosts. ✑ Detect all the types of operating systems running on all devices. ✑ Discover all services offered by hosts on the network. ✑ Find open ports and detect security risks. Which of the following command-line tools can be used to achieve these objectives? A. nmap B. arp C. netstat D. tcpdump

A. nmap GPT says the tool that best aligns with the specified objectives is "nmap" (Network Mapper). Nmap is a powerful open-source network scanning tool that can be used to achieve the following objectives: Conduct a total scan within the company's network for all connected hosts. Detect all the types of operating systems running on all devices. Discover all services offered by hosts on the network. Find open ports and detect security risks. Nmap can scan a range of IP addresses, detect live hosts, perform OS detection, and enumerate open ports and services running on those hosts. It's a versatile tool for network administrators and security professionals to assess the security and configuration of devices on a network.

A technician is trying to determine whether an LACP bundle is fully operational. Which of the following commands will the technician MOST likely use? A. show interface B. show config C. show route D. show arp

A. show interface Show interface command displays information about the interfaces on a switch, including their operational status, utilization, error statistics, and other key performance metrics. Show config isn't directly asking the router detailed information, but checks the client's port connections that run through your firewall.

A network engineer needs to reduce the overhead of file transfers. Which of the following configuration changes would accomplish that goal? A. Link aggregation B. Jumbo frames C. Port security D. Flow control E. Lower FTP port

B. Jumbo frames Because jumbo frames are larger than standard frames, fewer frames are needed and therefore CPU processing overhead is reduced. Jumbo frames are packets that are longer than the standard Ethernet (IEEE 802.3) frame size of 1,518 bytes.

Which of the following is a benefit of the spine-and-leaf network topology? A. Increased network security B. Stable network latency C. Simplified network management D. Eliminated need for inter-VLAN routing

B. Stable network latency A solution that has been proposed is a spine and leaf topology, a topology that ensures that all devices are the same number of network hops away, thereby providing predictable and consistent network latency.

Users attending security training at work are advised not to use single words as passwords for corporate applications. Which of the following does this BEST protect against? A. An on-path attack B. A brute-force attack C. A dictionary attack D. MAC spoofing E. Denial of service

C. A dictionary attack While the answer can be both a brute force attack and a dictionary attack, the best answer for this question is a dictionary attack. A dictionary attack software matches the hash to those produced by ordinary words found in a dictionary.

The power company notifies a network administrator that it will be turning off the power to the building over the weekend. Which of the following is the BEST solution to prevent the servers from going down? A. Redundant power supplies B. Uninterruptible power supply C. Generator D. Power distribution unit

C. Generator An uninterruptible power supply is a short term emergency load that provides usually 30 minutes of power incase of sudden power outages. A generator will give you backup electrical power typically for a very long time.

Network connectivity in an extensive forest reserve was achieved using fiber optics. A network fault was detected, and now the repair team needs to check the integrity of the fiber cable. Which of the following actions can reduce repair time? A. Using a tone generator and wire map to determine the fault location B. Using a multimeter to locate the fault point C. Using an OTDR in one end of the optic cable to get the fiber length information D. Using a spectrum analyzer and comparing the current wavelength with a working baseline

C. Using an OTDR in one end of the optic cable to get the fiber length information Using an OTDR (Optical Time Domain Reflectometer) is the most effective way to reduce repair time when trying to locate a fault in a fiber optic cable. The OTDR sends a pulse of light down the fiber optic cable and measures the time it takes for the light to be reflected back. By analyzing the reflections, the OTDR can determine the location of any faults or breaks in the cable. This allows the repair team to quickly and accurately locate the fault point, which can significantly reduce the time needed for repairs.

Which of the following devices have the capability to allow communication between two different subnetworks? (Choose two.) A. IDS B. Access point C. Layer 2 switch D. Layer 3 switch E. Router F. Media converter

D. Layer 3 switch E. Router The devices that have the capability to allow communication between two different subnetworks are Router and Layer 3 switch. Routers and Layer 3 switches operate at the network layer (Layer 3) of the OSI model and can perform IP routing to connect different subnetworks. They can also perform other functions such as packet filtering, network address translation (NAT), and access control. IDS (Intrusion Detection System), access points, Layer 2 switches, and media converters operate at lower layers of the OSI model and do not have the same capability as routers and Layer 3 switches to connect different subnetworks.

At which of the following OSI model layers does an IMAP client run? A. Layer 2 B. Layer 4 C. Layer 6 D. Layer 7

D. Layer 7 Now, when we talk about layer 7, what are some examples of layer 7 things? Well, these are email applications like POP3, IMAP, and SMTP. This would be web browsing applications like HTTP or HTTPS. This could be things like DNS, the Domain Name Service, which is going to translate our names to numbers and our numbers to names. It can be things like file transfer protocols like FTP, and FTPS, and SFTP. It could be things like remote access like TELNET and SSH, and Simple Network Management Protocol, or SNMP. All of these things are layer 7.

After a critical power issue, the network team was not receiving UPS status notifications. The network team would like to be alerted on these status changes. Which of the following would be BEST to use for these notifications? A. Traps B. MIB C. NetFlow D. Syslog

D. Syslog (Most voted for A but) Seems pretty hard to defend this one, bros. With the SNMP card installed, it allows users to perform remote management of UPS. Once an event happens, users can be notified through email, SNMP traps, Syslog or SMS. https://www.cyberpower.com/global/en/blog/understanding-the-ups alarms#:~:text=With%20the%20SNMP%20card%20installed,SNMP%20traps%2C%20Syslog%20or%20SMS. https://www.ibm.com/docs/en/dsm?topic=ups-configuring-your-apc-forward-syslog-events

A network administrator is troubleshooting an issue with a new Internet connection. The ISP is asking detailed questions about the configuration of the router that the network administrator is troubleshooting. Which of the following commands is the network administrator using? (Choose two.) A. tcpdump B. show config C. hostname D. show route E. netstat F. show ip arp

D. show route E. netstat (Most voted for B and D but) Netstat has to do with troubleshooting & configurations of connections over the Internet, this can be used to question both incoming & outgoing connections, routing tables, port listening & usage. These queries would have to go through your router's default gateway. Show Route displays entries in the routing table learned through static routes & interior (router) gateway protocols that are to be sent out the interface with either the specified IP address, or specified name. Show config isn't directly asking the router detailed information, but checks the client's port connections that run through your firewall.

A newly installed VoIP phone is not getting the DHCP IP address it needs to connect to the phone system. Which of the following tasks need to be completed to allow the phone to operate correctly? A. Assign the phone's switchport to the correct VLAN B. Statically assign the phone's gateway address C. Configure a route on the VoIP network router D. Implement a VoIP gateway

A. Assign the phone's switchport to the correct VLAN Assign the phone's switchport to the correct VLAN: This is the most likely solution as the phone is not getting the DHCP IP address it needs, which typically indicates an issue with the VLAN configuration on the switch. By assigning the phone's switchport to the correct VLAN, the phone will be able to receive an IP address via DHCP from the phone system.

Which of the following describes the BEST device to configure as a DHCP relay? A. Bridge B. Router C. Layer 2 switch D. Hub

C. Layer 2 switch (Most voted was B and the only response with C is) https://kb.netgear.com/21984/What-is-a-DHCP-L2-relay-and-how-does-it-work-with-my-managed-switch https://www.tp-link.com/us/support/faq/2222/

A technician needs to configure a routing protocol for an internet-facing edge router. Which of the following routing protocols will the technician MOST likely use? A. BGP B. RIPv2 C. OSPF D. EIGRP

A. BGP Border Gateway Protocol (BGP) is used to Exchange routing information for the internet and is the protocol used between ISP which are different ASes. The protocol can connect together any internetwork of autonomous system using an arbitrary topology.

An organization purchased an allocation of public IPv4 addresses. Instead of receiving the network address and subnet mask, the purchase paperwork indicates the allocation is a /28. This type of notation is referred to as: A. CIDR B. classful C. classless D. RFC1918

A. CIDR CIDR (Classless Inter-Domain Routing) is a group of IP addresses that are allocated to the customer when they demand a fixed number of IP addresses. In CIDR there is no wastage of IP addresses as compared to classful addressing because only the numbers of IP addresses that are demanded by the customer are allocated to the customer. The group of IP addresses is called Block in Classless Inter - Domain (CIDR). CIDR follows CIDR notation or Slash notation. The representation of CIDR notation is x.y.z.w /n the x.y.z.w is IP address and n is called mask or number of bits that are used in network id. https://www.tutorialspoint.com/what-is-cidr-and-how-it-works

Which of the following would be the MOST cost-effective recovery solution for a company's lower-priority applications?] A. Warm site B. Cloud site C. Hot site D. Cold site

A. Warm site With cloud, you only pay for what you use. There is no overhead for rent or utilities that would come with a cold site. You could create an entire datacenter in a cloud environment but if none of your vm's are spun up, you're not paying for them which makes the cloud option the most cost effective.

A network administrator wants to test the throughput of a new metro Ethernet circuit to verify that its performance matches the requirements specified in the SLA.Which of the following would BEST help measure the throughput? A. iPerf B. Ping C. NetFlow D. Netstat

A. iPerf iPerf is a tool that is commonly used to measure network throughput. It works by sending a stream of data packets between two devices on a network and measuring the amount of data that can be transferred over a given period of time. This allows you to test the performance of a network connection and determine whether it is capable of meeting the throughput requirements specified in the Service Level Agreement (SLA). Ping, NetFlow, and Netstat are all useful tools for troubleshooting and monitoring networks, but they are not designed specifically for measuring throughput. Ping is used to test the reachability of a host on a network, NetFlow is used to collect data about network traffic, and Netstat is used to display information about active network connections.

A technician recently set up a small office network for nine users. When the installation was complete, all the computers on the network showed addresses ranging from 169.254.0.0 to 169.254.255.255. Which of the following types of address ranges does this represent? A. Private B. Public C. APIPA D. Classless

C. APIPA Automatic Private IP Addressing (APIPA) is a feature in Windows operating systems that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn't reachable. The IP address range for APIPA is 169.254.0.1-169.254.255.254, and the subnet mask is 255.255.0.0.

A user from a remote office is reporting slow file transfers. Which of the following tools will an engineer MOST likely use to get detailed measurement data? A. Packet capture B. iPerf C. NetFlow analyzer D. Internet speed test

C. NetFlow analyzer A NetFlow analyzer reports and interprets information by querying the collector and can be configured to generate alerts and notifications. In practical terms, the collector and analyzer components are often implemented as a single product.

Which of the following protocols is widely used in large-scale enterprise networks to support complex networks with multiple routers and balance traffic load on multiple links? A. OSPF B. RIPv2 C. QoS D. STP

A. OSPF OSPF is an advanced link state routing protocol for enterprises, while RIPv2 is only measured by distance vector.

A network administrator is planning a WLAN for a soccer stadium and was advised to use MU-MIMO to improve connection performance in high-density areas.The project requires compatibility with clients connecting using 2.4GHz or 5GHz frequencies. Which of the following would be the BEST wireless standard for this project? A. 802.11ac B. 802.11ax C. 802.11g D. 802.11n

B. 802.11ax 802.11a - 5GHZ 802.11b - 2.4GHZ 802.11g - 2.4GHZ 802.11n - 2.4/5GHZ MIMO 802.11ac - 5GHZ MU-MIMO 802.11ax - 2.4/5/6GHZ MU-MIMO

Which of the following types of attacks can be used to gain credentials by setting up rogue APs with identical corporate SSIDs? A. VLAN hopping B. Evil twin C. DNS poisoning D. Social engineering

B. Evil twin Evil twin, attacker AP setup with for example Starbucks1Guest to get you to attach, you still get out to internet but attacker can see all you do. FYI always use VPN when in public WIFI, or better yet NEVER EVER attach to any public WIFI use your cell service instead w/ VPN on of course.

A network engineer is investigating reports of poor network performance. Upon reviewing a report, the engineer finds hundreds of CRC errors on an interface.Which of the following is the MOST likely cause of these errors? A. A bad wire on the Cat 5e cable B. The wrong VLAN assignment to the switchport C. A misconfigured QoS setting on the router D. Both sides of the switch trunk set to full duplex

A. A bad wire on the Cat 5e cable CRC errors indicate a problem on the physical layer. Usually cable issues.

An IT officer is installing a new WAP. Which of the following must the officer change to connect users securely to the WAP? A. AES encryption B. Channel to the highest frequency within the band C. TKIP encryption protocol D. Dynamic selection of the frequency

A. AES encryption To connect users securely to a Wi-Fi access point (WAP), it's essential to use strong encryption. The Advanced Encryption Standard (AES) is a widely recommended and strong encryption protocol for securing wireless connections. Therefore, the IT officer should change the encryption settings on the WAP to use AES encryption. Option B, changing the channel to the highest frequency within the band, is unrelated to encryption and pertains to channel selection to avoid interference. Option C, TKIP (Temporal Key Integrity Protocol) encryption protocol, while still used in some older networks, is considered less secure than AES. It is recommended to use AES when possible for improved security. Option D, dynamic selection of the frequency, is related to the automatic channel selection mechanism and not encryption. It's used to optimize the use of available channels to reduce interference and improve network performance.

A technician knows the MAC address of a device and is attempting to find the device's IP address. Which of the following should the technician look at to find theIP address? (Choose two.) A. ARP table B. DHCP leases C. IP route table D. DNS cache E. MAC address table F. STP topology

A. ARP table B. DHCP leases A. ARP table: The ARP (Address Resolution Protocol) table maps MAC addresses to IP addresses on a local network segment. If the device has communicated on the network recently, its MAC address and corresponding IP address should be in the ARP table of a device in the same local network segment. B. DHCP leases: The DHCP (Dynamic Host Configuration Protocol) server assigns IP addresses to devices on the network. If the device obtained its IP address through DHCP, the DHCP server's lease information will associate the MAC address with the assigned IP address. This is useful for devices that use dynamic IP assignment.

An auditor assessing network best practices was able to connect a rogue switch into a network jack and get network connectivity. Which of the following controls would BEST address this risk? A. Activate port security on the switchports providing end user access. B. Deactivate Spanning Tree Protocol on network interfaces that are facing public areas. C. Disable Neighbor Resolution Protocol in the Layer 2 devices. D. Ensure port tagging is in place for network interfaces in guest areas.

A. Activate port security on the switchports providing end user access. Activate port security on the switchports providing end user access would BEST address the risk of a rogue switch being connected to the network. Port security limits the number of devices that can connect to a particular switchport, thereby preventing unauthorized devices from connecting to the network. By limiting the number of MAC addresses allowed on each switchport, the network administrator can help prevent rogue devices from connecting and potentially causing security issues.

A company wants to set up a backup data center that can become active during a disaster. The site needs to contain network equipment and connectivity. Which of the following strategies should the company employ? A. Active-active B. Warm C. Cold D. Cloud

A. Active-active (Most voted B but) I was inclined to go with B at first. However, if you read and consider the nuance of the wording of the question, the fact that it needs to provide back up DURING a disaster and not FOLLOWING a disaster lead me to change my answer to A. It also says it needs to have connectivity. A warm site is ready to be connected on demand, active-active suggests it is already connected.

A technician performed a manual reconfiguration of a firewall, and network connectivity was reestablished. Some connection events that were previously sent to a syslog server are no longer being generated by the firewall. Which of the following should the technician perform to fix the issue? A. Adjust the proper logging level on the new firewall. B. Tune the filter for logging the severity level on the syslog server. C. Activate NetFlow traffic between the syslog server and the firewall. D. Restart the SNMP service running on the syslog server.

A. Adjust the proper logging level on the new firewall. Adjust the proper logging level on the new firewall. If the firewall has been manually reconfigured, it's possible that the logging level has been changed or disabled, which could explain why connection events are no longer being generated. The technician should check the logging configuration on the firewall and adjust it as necessary to ensure that the desired events are being logged.

An administrator needs to connect two laptops directly to each other using 802. 11ac but does not have an AP available. Which of the following describes this configuration? A. Basic service set B. Extended service set C. Independent basic service set D. MU-MIMO

A. Basic service set (most voted was C but) They are not asking which of the following configuration might be used to accomplish the connection but rather they are asking "which of the following describes this configuration?". This means, if an admin needs to connect two laptop using 802.11ac but does not have an AP, this configuration is called Basic Service Set (Even though he does not have a router but had he have a router, he would have been used it).

A network administrator would like to enable NetFlow on a Layer 3 switch but is concerned about how the feature may impact the switch. Which of the following metrics should the administrator graph using SNMP to BEST measure the feature's impact? A. CPU usage B. Temperature C. Electrical consumption D. Bandwidth usage

A. CPU usage CPU usage would be one of the key metrics to measure the impact of NetFlow on a Layer 3 switch as it would indicate if the switch is experiencing any increased processing workload due to the feature being enabled. It would be a good idea to also monitor the memory usage of the switch to ensure that it does not run out of memory when NetFlow is enabled. http://etutorials.org/Networking/network+management/Part+II+Implementations+on+the+Cisco+Devices/Chapter+7.+NetFlow/Deployment+Guidelines/

A technician is configuring a wireless network and needs to ensure users agree to an AUP before connecting. Which of the following should be implemented to achieve this goal? A. Captive portal B. Geofencing C. Wireless client isolation D. Role-based access

A. Captive portal A captive portal is a web page that is displayed to users before they are able to access the internet or other network resources. It is commonly used to require users to agree to an Acceptable Use Policy (AUP) before they are able to connect to a wireless network.

Which of the following types of connections would need to be set up to provide access from the internal network to an external network so multiple satellite offices can communicate securely using various ports and protocols? A. Client-to-site VPN B. Clientless VPN C. RDP D. Site-to-site VPN E. SSH

A. Client-to-site VPN (Most voted D but) The key word is "satellite offices". "Satellite offices" refers to smaller, remote locations or branch offices of a larger organization. These offices are typically located in different geographical areas and are separate from the organization's main headquarters or central office. Satellite offices are often established to extend the organization's reach, facilitate local operations, and serve customers in various regions. Satellite offices can vary in size and function. They might include regional sales offices, customer support centers, project teams, or any other operational unit that operates away from the main corporate location.

A network administrator needs to provide remote clients with access to an internal web application. Which of the following methods provides the HIGHEST flexibility and compatibility while encrypting only the connection to the web application? A. Clientless VPN B. Virtual desktop C. Virtual network computing D. mGRE tunnel

A. Clientless VPN A clientless VPN (Virtual Private Network) provides the highest flexibility and compatibility for remote clients to access an internal web application because it allows remote users to connect to the internal network using a web browser, without the need to install any additional software or configurations on their device. This allows the remote users to access the web application securely over an encrypted connection, while also providing a high level of compatibility with different device types and operating systems. B, C and D are also options to access to internal network, but they may require additional software installation and configurations on the client side, which could lead to compatibility issues.

A technician installed an 8-port switch in a user's office. The user needs to add a second computer in the office, so the technician connects both PCs to the switch and connects the switch to the wall jack. However, the new PC cannot connect to network resources. The technician then observes the following: ✑ The new computer does not get an IP address on the client's VLAN. ✑ Both computers have a link light on their NICs. ✑ The new PC appears to be operating normally except for the network issue. ✑ The existing computer operates normally. Which of the following should the technician do NEXT to address the situation? A. Contact the network team to resolve the port security issue. B. Contact the server team to have a record created in DNS for the new PC. C. Contact the security team to review the logs on the company's SIEM. D. Contact the application team to check NetFlow data from the connected switch.

A. Contact the network team to resolve the port security issue. Contact the network team to resolve the port security issue. Since the new computer does not get an IP address on the client's VLAN, it's likely that the issue is related to the switch's port security. The network team would be best equipped to troubleshoot and resolve this issue.

A technician is troubleshooting a report about network connectivity issues on a workstation. Upon investigation, the technician notes the workstation is showing anAPIPA address on the network interface. The technician verifies that the VLAN assignment is correct and that the network interface has connectivity. Which of the following is MOST likely the issue the workstation is experiencing? A. DHCP exhaustion B. A rogue DHCP server C. A DNS server outage D. An incorrect subnet mask

A. DHCP exhaustion A is the most likely answer. An APIPA address is assigned to a device when it cannot obtain a valid IP address from a DHCP server. B wouldnt result in you getting a APIPA address. It would more likely cause mulitple IP conflicts and effect more than one person. C would effect more than one person and again, wouldnt result in you getting an APIPA address. D would also not give you an APIPA adress and you still might be able to communicate over the network, although with a different set of issues to deal with.

A network administrator is adding a new switch to the network. Which of the following network hardening techniques would be BEST to use once the switch is in production? A. Disable unneeded ports B. Disable SSH service C. Disable MAC filtering D. Disable port security

A. Disable unneeded ports All other answers will weaken security in different ways. You wouldn't want to disable port security, as that is the feature on switches that block unauthorized connections to switches based on the connecting device's MAC address. Answers B and C also decrease security. Answer B would disable SSH, the protocol used to securely console into a remote device. Answer C is essentially port security, but it is not really security because anyone can spoof MAC addresses.

A corporate client is experiencing global system outages. The IT team has identified multiple potential underlying causes throughout the enterprise. Each team member has been assigned an area to troubleshoot. Which of the following approaches is being used? A. Divide-and-conquer B. Top-to-bottom C. Bottom-to-top D. Determine if anything changed

A. Divide-and-conquer The "divide-and-conquer" approach is a problem-solving strategy where a large, complex problem is broken down into smaller, more manageable parts. In this case, the IT team has identified multiple potential underlying causes for the global system outages, and each team member has been assigned an area to troubleshoot. This is an example of the divide-and-conquer approach, as the IT team is breaking down the large problem of global system outages into smaller, more manageable parts that can be investigated and resolved individually.

A malicious user is using special software to perform an on-path attack. Which of the following best practices should be configured to mitigate this threat? A. Dynamic ARP inspection B. Role-based access C. Control plane policing D. MAC filtering

A. Dynamic ARP inspection The best practice to mitigate an on-path attack is dynamic ARP inspection. It helps prevent ARP spoofing attacks, which are a type of on-path attack. Dynamic ARP inspection uses information in the DHCP snooping table to validate ARP packets and ensure that the source IP address and MAC address in each packet match the sender's DHCP bindings. If the information does not match, the packet is dropped. Therefore, dynamic ARP inspection helps to prevent malicious users from intercepting network traffic by poisoning ARP caches on other devices.

A user in a branch office reports that access to all files has been lost after receiving a new PC. All other users in the branch can access fileshares. The IT engineer who is troubleshooting this incident is able to ping the workstation from the branch router, but the machine cannot, ping the router. Which of the following is MOST likely the cause of the incident? A. Incorrect subnet mask B. Incorrect DNS server C. Incorrect IP class D. Incorrect TCP port

A. Incorrect subnet mask - If the user's PC has an incorrect subnet mask, it may not be able to communicate with other devices on the network, including the router. This would explain why the user can't access any files, but other users in the branch can. - The fact that the IT engineer can ping the workstation from the branch router suggests that the workstation is on the same network segment as the router. However, the fact that the workstation cannot ping the router indicates that there may be an issue with the subnet mask.

A network administrator is installing a new server in the datacenter. The administrator is concerned the amount of traffic generated will exceed 1GB, and higher- throughput NICs are not available for installation. Which of the following is the BEST solution for this issue? A. Install an additional NIC and configure LACP B. Remove some of the applications from the server C. Configure the NIC to use full duplex D. Configure port mirroring to send traffic to another server E. Install a SSD to decrease data processing time

A. Install an additional NIC and configure LACP Link Aggregation Protocol Control (LAPC) facilitates port aggregation to improve redundancy and performance; this is also known as NIC teaming, apropos to this question. Install an additional NIC and configure Link Aggregation Control Protocol (LACP) also known as NIC Teaming. This will allow the administrator to combine the bandwidth of multiple NICs to increase the total throughput and handle the expected traffic. This is the most efficient solution for this issue as it can provide more bandwidth without having to remove any applications from the server or decrease data processing time.

A Fortune 500 firm is deciding on the kind of data center equipment to install given its five-year budget outlook. The Chief Information Officer is comparing equipment based on the life expectancy of different models. Which of the following concepts BEST represents this metric? A. MTBF B. MTTR C. RPO D. RTO

A. MTBF Mean Time Between Failures (MTBF) represents the life expectancy of equipment, it is a metric that predicts the time interval between two failure events of a device. It is typically measured in hours and it is used to predict the reliability of a device over time. MTTR (Mean Time To Recovery), RPO (Recovery Point Objective), and RTO (Recovery Time Objective) are related to disaster recovery and business continuity, they don't represent the life expectancy of equipment. MTTR is the average time to repair a failed component, RPO is the maximum acceptable period in which data might be lost from an IT service due to a major incident, and RTO is the target time within which an IT service should be restored after a disaster or disruption.

A network technician at a university is assisting with the planning of a simultaneous software deployment to multiple computers in one classroom in a building.Which of the following would be BEST to use? A. Multicast B. Anycast C. Unicast D. Broadcast

A. Multicast A is the correct answer. Multicast is "communication from one device to only systems that interested in receiving the information." The network technician wants to deploy software to only computers that should receive the software, so multicast is the correct answer. B is incorrect because anycast is "communication from one device that is an option out of many." Anycast communication is delivered to the closest interface, but the network technician wants to deploy it to all computers that need the software. Thus, anycast will not work. C is incorrect because unicast is "communication one device to another and no one else." Unicast is a direct one-to-one communication commonly used for web browsing and file transfers, but we want to deploy the software on the necessary computers as quickly as possible. Thus, unicast will not work. D is incorrect because broadcast is "communication from one device to everyone at once." Broadcast is a one-to-all communication commonly used in our Ethernet networks for the DHCP DORA process, ARP, NDP, etc. We do not want unnecessary to computers to receive the software deployment, so broadcast will not work.

Which of the following options represents the participating computers in a network? A. Nodes B. CPUs C. Servers D. Clients

A. Nodes B is incorrect because a central processing unit (CPU) is the piece of hardware that runs the calculations needed to operate the device. C and D are incorrect because they are a specific type of node. Clients request data from servers, and servers respond to clients. A participating computer in a network does not have to be a client or a server; the network could just be a simple peer-to-peer network in which everyone communicates with each other for data. https://en.wikipedia.org/wiki/Node_(networking)

Which of the following would be used to forward requests and replies between a DHCP server and client? A. Relay B. Lease C. Scope D. Range

A. Relay A relay would be used to forward requests and replies between a DHCP (Dynamic Host Configuration Protocol) server and client. In networking, a relay is a device that receives incoming messages and then forwards them to their destination. In the context of DHCP, a relay is a device that receives DHCP requests from clients on one network and then forwards them to the DHCP server on another network. This is useful when the client and server are not on the same network and cannot communicate directly. The relay helps to ensure that the client can still receive a valid IP address and other configuration information from the server.

A network technician is implementing a solution that will allow end users to gain access to multiple applications after logging on. Which of the following authentication methods would allow this type of access? A. SSO B. LDAP C. EAP D. TACACS+

A. SSO What is Single Sign-On? Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

Which of the following is the MOST appropriate use case for the deployment of a clientless VPN? A. Secure web access to internal corporate resources. B. Upgrade security via the use of an NFV technology. C. Connect two datacenters across the Internet. D. Increase VPN availability by using a SDWAN technology.

A. Secure web access to internal corporate resources. Typical use cases for a clientless VPN include internet kiosks and business partners that require access only to a specific set of services and resources in general, which works perfectly with the clientless VPN limitation. This also protects against unwanted access being provided to the wrong users.

Users are reporting intermittent WiFi connectivity in specific parts of a building. Which of the following should the network administrator check FIRST when troubleshooting this issue? (Choose two.) A. Site survey B. EIRP C. AP placement D. Captive portal E. SSID assignment F. AP association time

A. Site survey C. AP placement The two things the network administrator should check FIRST when troubleshooting intermittent WiFi connectivity issues in specific parts of a building are: - A. Site survey: This is important to check because it provides information about the wireless coverage area, signal strength, and potential sources of interference, which can help to identify areas of weak or unstable signal. - C. AP placement: This is also important to check because access point placement can greatly impact the WiFi coverage and signal strength. Incorrect placement, such as access points placed too far apart, can lead to poor coverage or areas with no coverage at all.

A network technician receives a report about a performance issue on a client PC that is connected to port 1/3 on a network switch. The technician observes the following configuration output from the switch: Which of the following is a cause of the issue on port 1/3? A. Speed B. Duplex C. Errors D. VLAN

A. Speed What is shown at the end is lower speeds, this can be caused by having a slow cable that could be caused by improper settings, or a slower cable type like DSL. I thought maybe this was a duplex error, because it was showing runts coming through, but that would only occur if packets were coming in smaller than they should & this is showing transfer speeds, not packet sizes.

Which of the following connectors and terminations are required to make a Cat 6 cable that connects from a PC to a non-capable MDIX switch? (Choose two.) A. TIA-568-A - TIA-568-B B. TIA-568-B - TIA-568-B C. RJ11 D. RJ45 E. F-type

A. TIA-568-A - TIA-568-B B. TIA-568-B - TIA-568-B (Most voted B and D but) This gets very confusing for many, but straight-through cables are mainly used for connecting non-similar devices, while crossover cables are mostly used for connecting similar devices. MDIX is used to help connect the two switch ports together whether it is a crossover cable (TIA568B to TIA568B/DCE to DCE), or a straight through cable (TIA568A to TIA568B/DCE to DTE), this eliminates the need to decide between which type of cabling you need to use.

A network engineer receives the following when connecting to a switch to configure a port: telnet 10.1.200.1Connecting to 10.1.200.1..Could not open connection to the host, on port 23: Connect failed. Which of the following is the MOST likely cause for the failure? A. The network engineer is using the wrong protocol. B. The network engineer does not have permission to configure the device. C. SNMP has been secured with an ACL. D. The switchport the engineer is trying to configure is down.

A. The network engineer is using the wrong protocol. The most likely cause for the failure is that the switch is not listening on the default telnet port (TCP port 23). Therefore, the correct option is A. The network engineer is using the wrong protocol. To verify this, the engineer should check the switch configuration to see if the telnet service is enabled and if it is using a different port. The engineer should also ensure that the telnet client is configured to use the correct port if it is not using the default port.

A network administrator is trying to add network redundancy for the server farm. Which of the following can the network administrator configure to BEST provide this capability? A. VRRP B. DNS C. UPS D. RPO

A. VRRP Network redundancy refers to having multiple systems or components in place that can perform the same functions in case of failure or downtime, ensuring that the network remains available and accessible. VRRP (Virtual Router Redundancy Protocol) is a protocol that provides redundancy for IP networks by allowing multiple routers to share a single virtual IP address, providing automatic failover if one of the routers fails. In contrast, a UPS provides backup power for the servers in the event of a power outage, but it does not provide network redundancy. The goal of a UPS is to keep the servers running until they can be safely shut down in case of a power failure, but it does not provide any backup or redundancy for the network. RPO (Recovery Point Objective) refers to the maximum acceptable amount of data loss that is tolerable in the event of a disaster or data loss, and is a term commonly used in the context of backup and disaster recovery planning.

A network technician has determined the cause of a network disruption. Which of the following is the NEXT step for the technician to perform? A. Validate the findings in a top-to-bottom approach. B. Duplicate the issue, if possible. C. Establish a plan of action to resolve the issue. D. Document the findings and actions.

A. Validate the findings in a top-to-bottom approach. (Most voted C but) The technician has determined a probable cause, but has not tested any theories to find the source of that cause, this will require validating findings by doing a search through the network by a top-to-bottom approach where the technician has determined the source to help establish a plan of action to resolve the issue.

A network administrator would like to purchase a device that provides access ports to endpoints and has the ability to route between networks. Which of the following would be BEST for the administrator to purchase? A. An IPS B. A Layer 3 switch C. A router D. A wireless LAN controller

B. A Layer 3 switch Please keep in mind a router is not used for connecting endpoints as the questions states. A router usually has up to 10 ethernet ports, while a switch has much more.

A technician is connecting a Cat 6 Ethernet cable to a device that only has LC ports. Which of the following will the technician MOST likely use to accomplish this task? A. A bridge B. A media converter C. A repeater D. A router

B. A media converter When connecting a Cat 6 Ethernet cable to a device that only has LC ports, the technician will most likely use a media converter to accomplish this task. A media converter is a device that can convert signals from one media type (such as copper) to another media type (such as fiber optic). In this case, the media converter would convert the electrical signal from the Cat 6 Ethernet cable to an optical signal that can be transmitted over the LC port. This would allow the technician to connect the Cat 6 Ethernet cable to the device with LC ports.

Which of the following use cases would justify the deployment of an mGRE hub-and-spoke topology? A. An increase in network security using encryption and packet encapsulation B. A network expansion caused by an increase in the number of branch locations to the headquarters C. A mandatory requirement to increase the deployment of an SDWAN network D. An improvement in network efficiency by increasing the useful packet payload

B. A network expansion caused by an increase in the number of branch locations to the headquarters A network expansion caused by an increase in the number of branch locations to the headquarters mGRE is used with VPNs, and B is the only relevant answer. mGRE is commonly used in conjunction with the IPsec protocol to provide a secure VPN connection for remote clients. Because mGRE is commonly used for VPN connections to remote clients, it is commonly implemented in remote offices or branch offices to a main company's HQ. A hub-and-spoke topology would also make sense as these branch locations are the spokes to the HQ's hub.

A network technician needs to determine the IPv6 address of a malicious website. Which of the following record types would provide this information? A. A B. AAAA C. CNAME D. PTR

B. AAAA The IPv6 address of a website can be determined by looking up the website's AAAA (quad-A) record. A AAAA record is a type of DNS record that maps a domain name to an IPv6 address. It is used to associate a hostname with an IPv6 address in the DNS system. When a client computer performs a DNS lookup for a hostname, it will query the DNS server for the hostname's AAAA record to find the corresponding IPv6 address. An A record, CNAME record and PTR record are used for different purposes. An A record maps a domain name to an IPv4 address, a CNAME record maps a domain name to another domain name and a PTR record is used to map an IP address to a hostname, it's used for reverse DNS lookups. So, in this case, to determine the IPv6 address of a malicious website, the technician should look for the AAAA record.

A network technician needs to install security updates on several switches on the company's network. The management team wants this completed as quickly and efficiently as possible. Which of the following should the technician do to perform the updates? A. Upload the security update onto each switch using a terminal emulator and a console cable. B. Configure a TFTP server, SSH into each device, and perform the update. C. Replace each old switch with new switches that have the updates already performed. D. Connect a USB memory stick to each switch and perform the update.

B. Configure a TFTP server, SSH into each device, and perform the update. It's the only option that lets you update multiple switches at once, every other option is one-by-one. The most efficient and effective way to perform security updates on several switches in a network is to configure a TFTP server, SSH into each device, and perform the update (Option B). This method allows the technician to update multiple switches simultaneously, without having to physically access each switch. Options A, C, and D would either be time-consuming, expensive, or still require physical access to each switch.

A small office has a wireless network with several access points that are used by mobile devices. Users occasionally report that the wireless connection drops or becomes very slow. Reports confirm that this only happens when the devices are connected to the office wireless network. Which of the following is MOST likely the cause? A. The configuration of the encryption protocol B. Interference from other devices C. Insufficient bandwidth capacity D. Duplicate SSIDs

B. Interference from other devices Users may be experiencing RF interference from other devices that are transmitting radio waves in the same frequencies that their personal devices are using to communicate. Answer A is incorrect because encryption mismatch would cause no connectivity. Answer C is incorrect because users are experiencing the issue only on the wireless network. If it was a bandwidth issue, then all users would be experiencing the same issue. Answer D is incorrect because duplicate SSIDs do not cause intermittent or no connectivity. SSIDs are used only to allow users to find an access point and associate with it to connect to the wireless network. In fact, "duplicate SSIDs" in this question may refer to the ESSID broadcasted by the access points in the area.

Which of the following network devices can perform routing between VLANs? A. Layer 2 switch B. Layer 3 switch C. Load balancer D. Bridge

B. Layer 3 switch A Layer 3 switch, also known as a multilayer switch, is a network device capable of performing routing between VLANs. It combines the functionality of a traditional Layer 2 switch and a router, allowing it to operate at both Layer 2 (data link) and Layer 3 (network) of the OSI model. This means it can route traffic between different VLANs, making it an essential component in a network where VLAN segmentation and inter-VLAN routing are required. In contrast, a Layer 2 switch (option A) is designed for switching and does not have routing capabilities. Load balancers (option C) are used for distributing network traffic across multiple servers, and bridges (option D) operate at Layer 2 and connect network segments or extend networks but do not perform routing between VLANs.

A network technician is responding to an issue with a local company. To which of the following documents should the network technician refer to determine the scope of the issue? A. MTTR B. MOU C. NDA D. SLA

B. MOU (Most voted D but) A Miranda of understanding is a formal agreement that outlines plans for a common line of action between two or more parties. And mou is used when companies plan to work together or partner on a project in a similar venture. A memorandum of understanding (MOU) is a cooperative agreement between two parties that can include general terms and goals and is not intended to be legally binding. A memorandum of agreement (MOA) is a more detailed business document often created just before a legally binding contract.

Which of the following compromises Internet-connected devices and makes them vulnerable to becoming part of a botnet? (Choose two.) A. Deauthentication attack B. Malware infection C. IP spoofing D. Firmware corruption E. Use of default credentials F. Dictionary attack

B. Malware infection F. Dictionary attack (Most for B and E but) The key difference here is an act of a compromise. Use of default credentials is not a compromise, whereas a dictionary attack (which could easily crack default credentials) is a compromise.

Which of the following describes traffic going in and out of a data center from the internet? A. Demarcation point B. North-South C. Fibre Channel D. Spine and leaf

B. North-South Traffic going in and out of a data center from the internet is referred to as North-South traffic (Option B). Demarcation point (Option A) refers to the physical point where the responsibility for a telecommunications circuit changes from one party to another. Fibre Channel (Option C) is a high-speed network technology used for storage area networks, and Spine and leaf (Option D) is a network topology used in data centers for connecting servers and switches.

To comply with an industry regulation, all communication destined to a secure server should be logged and archived on a storage device. Which of the following can be configured to fulfill this requirement? A. QoS traffic classification B. Port mirroring C. Flow control D. Link Aggregation Control Protocol

B. Port mirroring To comply with an industry regulation that requires all communication destined to a secure server to be logged and archived, port mirroring can be configured to fulfill this requirement. Port mirroring is a feature that allows a network administrator to copy or "mirror" the traffic that passes through a specific port or set of ports on a network switch to a separate port where it can be monitored or analyzed. This can be useful for a variety of purposes, including security and troubleshooting. In this case, the network administrator could configure port mirroring on the port or ports that are used to communicate with the secure server. This would allow the administrator to copy all the traffic destined for the secure server to a separate port, where it could be logged and archived on a storage device. Other features such as QoS traffic classification, flow control, and Link Aggregation Control Protocol (LACP) may not be directly related to this requirement.

An administrator is attempting to add a new system to monitoring but is unsuccessful. The administrator notices the system is similar to another one on the network; however, the new one has an updated OS version. Which of the following should the administrator consider updating? A. Management information bases B. System baseline C. Network device logs D. SNMP traps

B. System baseline (Most voted for A but) At first GPT said the answer was a) management information bases and then I challenged it and asked why would it be that answer and this is what I got in response: Apologies for the confusion. It seems I misinterpreted the scenario. The correct answer in this context would be: B. System baseline The administrator should consider updating the system baseline to reflect the changes in the updated OS version of the new system. This ensures that the monitoring system recognizes and accommodates the differences between the systems accurately. The OS being different is an indication that it's likely the baseline portion of the monitoring network that needs to be updated. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.

When accessing corporate network resources, users are required to authenticate to each application they try to access. Which of the following concepts does thisBEST represent? A. SSO B. Zero Trust C. VPN D. Role-based access control

B. Zero Trust Nothing in the questions mentions roles at all. This is definitely Zero trust. Everyone must authenticate every time. The Zero Trust security approach deems everything untrustworthy until authentication is successful. Security is implemented in redundant layers throughout the network. This is an example of the concept of 'defence in depth'. As K5875 notes, SSO is conceptually an approach that is opposed to Zero Trust.

A systems administrator wants to use the least amount of equipment to segment two departments that have cables terminating in the same room. Which of the following would allow this to occur? A. A load balancer B. A proxy server C. A Layer 3 switch D. A hub E. A Layer 7 firewall

C. A Layer 3 switch A Layer 3 switch would allow this to occur, as it can segment the two departments by creating virtual LANs (VLANs) and routing traffic between them. A Layer 3 switch is a type of switch that can perform routing functions in addition to switching. It can use the network layer (Layer 3) of the OSI model to route traffic between different VLANs, which allows for the segmentation of different departments or networks within the same physical space. By creating VLANs for each department and using the Layer 3 switch to route traffic between them, the administrator can segment the two departments without the need for additional equipment.

A network technician is reviewing a document that specifies how to handle access to company resources, such as the Internet and printers, when devices are not part of the company's assets. Which of the following agreements would a user be required to accept before using the company's resources? A. BYOD B. DLP C. AUP D. MOU

C. AUP This part would be AUP as it's the companies resources. A network technician is reviewing a document that specifies how to handle access to company resources, such as the Internet and printers And this part of the first sentence would be BYOD, when devices are not part of the company's assets. However neither of the two above parts are a question. It's a statement of what the technician is doing. The second sentence contains the actual question being asked. Which of the following agreements would a user be required to accept before using the company's resources? Since the question is only asking what they need to accept to use the companies resources this would be strictly AUP. If they had asked what the user would need to accept to use their devices for company business it would then be BYOD.

Which of the following is considered a physical security detection device? A. Cameras B. Biometric readers C. Access control vestibules D. Locking racks

C. Access control vestibules (Most voted A but) Access control vestibules, also known as security or mantrap vestibules, are a highly effective means of hardening commercial security. These enclosed entryways are designed to restrict and monitor access to a building by allowing only one person to enter at a time, typically through a series of interlocking doors. How camera is not also a physical detection measure, I don't know.

Which of the following can be used to store various types of devices and provide contactless delivery to users? A. Asset tags B. Biometrics C. Access control vestibules D. Smart lockers

C. Access control vestibules (Most voted was D but) Access control vestibules with contactless delivery systems are designed to provide a secure way to deliver items without direct contact between individuals. These systems typically consist of a vestibule or small room that is accessed through two doors, one on the outside and one on the inside. A service vestibule is a separate hallway in connection with the apartment, which makes it possible to easily accept commercial or other deliveries or to pick something up from a securely locked space.

A technician is monitoring a network interface and notices the device is dropping packets. The cable and interfaces, however, are in working order. Which of the following is MOST likely the cause? A. OID duplication B. MIB mismatch C. CPU usage D. Encapsulation errors

C. CPU usage High CPU usage is the most likely cause of the device dropping packets when the cable and interfaces are in working order. When the CPU becomes overloaded, the device may not be able to process network packets quickly enough, leading to dropped packets.

A technician is troubleshooting reports that a networked printer is unavailable. The printer's IP address is configured with a DHCP reservation, but the address cannot be pinged from the print server in the same subnet. Which of the following is MOST likely the cause of the connectivity failure? A. Incorrect VLAN B. DNS failure C. DHCP scope exhaustion D. Incorrect gateway

C. DHCP scope exhaustion (Most voted A but) There are two kinds of "reservations", those based on lease (temporary), and those based on administratively configured rules (permanent). For lease-based reservations, the server will stop responding to new DHCP requests when its pool of addresses is exhausted, but will free up space as soon as a lease expires. https://superuser.com/questions/1250270/can-mac-spoofing-make-dhcp-run-out-of-ip-addresses#:~:text=there%20are%20two%20kinds%20of,soon%20as%20a%20lease%20expires. You would have to be configuring the address in an entirely different department than the print server if the issue was the VLAN.

Logs show an unauthorized IP address entering a secure part of the network every night at 8:00 p.m. The network administrator is concerned that this IP address will cause an issue to a critical server and would like to deny the IP address at the edge of the network. Which of the following solutions would address these concerns? A. Changing the VLAN of the web server B. Changing the server's IP address C. Implementing an ACL D. Installing a rule on the firewall connected to the web server

C. Implementing an ACL ACLs permit or deny traffic passing through an interface based on a list of access control entries (ACEs), or rules, and they are commonly placed on routers or firewalls. Because the network administrator wants to block access at the EDGE of the network, an ACL is the best choice. Answer A is incorrect because it will change what devices the web server can access and communicate to, but it does not actually prevent the IP address from accessing the secure network. Answer B is incorrect because that would not stop the IP address's access into the secure network. Answer D is incorrect because it blocks the IP address at the firewall that is connected to the web server, not the EDGE of the network as required.

A Wi-Fi network was recently deployed in a new, multilevel building. Several issues are now being reported related to latency and drops in coverage. Which of the following is the FIRST step to troubleshoot the issues? A. Perform a site survey. B. Review the AP placement. C. Monitor channel utilization. D. Test cable attenuation.

C. Monitor channel utilization. The key words here are "FIRST" and "multilevel". It only takes a minute to check the channel utilization so that makes sense to do this first in case there's channel issues. Since it's a multilevel building, APs below and above could be using the same channel, causing latency and drops. Performing a site survey takes a long time to complete so even though it's a valid option, it's not logical to do that first given the other options.

A technician is setting up a new router, configuring ports, and allowing access to the Internet. However, none of the users connected to this new router are able to connect to the Internet. Which of the following does the technician need to configure? A. Tunneling B. Multicast routing C. Network address translation D. Router advertisement

C. Network address translation C. Network address translation (NAT): This is required to translate the private IP addresses of the devices connected to the router to a public IP address that can be used to communicate with the internet. Without NAT, devices on the private network would not be able to communicate with the internet. A. Tunneling: This is a technique used to encapsulate one network protocol within another, but it is not necessary for basic internet connectivity. B. Multicast routing: This is used to enable multicast traffic to be routed through a network, but it is not required for basic internet connectivity. D. Router advertisement: This is a feature used in IPv6 networks to automatically configure devices with network addresses, but it is not required for basic internet connectivity.

Which of the following needs to be tested to achieve a Cat 6a certification for a company's data cabling? A. RJ11 B. LC ports C. Patch panel D. F-type connector

C. Patch panel To achieve a Cat 6a certification for a company's data cabling, the patch panel needs to be tested. A patch panel is a device that allows cables to be terminated and then connected to a switch, router, or other networking device. It is a central location for all of the incoming and outgoing cabling for a network. When certifying a Cat 6a cabling installation, the patch panel needs to be tested to ensure that it meets the standards for Cat 6a performance. Option A, RJ11, is a connector used for telephone cables and is not used in Cat 6a cabling. Option B, LC ports, are fiber optic connectors and are not used in Cat 6a cabling. Option D, F-type connector, is a coaxial connector used for cable TV and is not used in Cat 6a cabling.

A company streams video to multiple devices across a campus. When this happens, several users report a degradation of network performance. Which of the following would MOST likely address this issue? A. Enable IGMP snooping on the switches. B. Implement another DHCP server. C. Reconfigure port tagging for the video traffic. D. Change the SSID of the APs.

C. Reconfigure port tagging for the video traffic. (Most voted A but) VLAN trunking, or port tagging is used for Internet frames & accompanying procedures to be used by bridges & switches in handling such frames. Traffic needs to be properly tagged & divided to the correct trunks for their intended purpose so each department can be used for it's intended function.

A network administrator is testing performance improvements by configuring channel bonding on an 802.11ac AP. Although a site survey detected the majority of the 5GHz frequency spectrum was idle, being used only by the company's WLAN and a nearby government radio system, the AP is not allowing the administrator to manually configure a large portion of the 5GHz frequency range. Which of the following would be BEST to configure for the WLAN being tested? A. Upgrade the equipment to an AP that supports manual configuration of the EIRP power settings B. Switch to 802.11n, disable channel auto-selection, and enforce channel bonding on the configuration C. Set up the AP to perform a dynamic selection of the frequency according to regulatory requirements D. Deactivate the band 5GHz to avoid interference with the government radio

C. Set up the AP to perform a dynamic selection of the frequency according to regulatory requirements Set up the AP to perform a dynamic selection of the frequency according to regulatory requirements: If the AP is not allowing manual configuration, it is likely that the frequency range is being restricted by regulatory requirements or other limitations of the AP. By setting the AP to perform dynamic selection, it will automatically choose the best frequency and channel available based on the regulatory domain and available channels.

A technician is troubleshooting a connectivity issue with an end user. The end user can access local network shares and intranet pages but is unable to access the internet or remote resources. Which of the following needs to be reconfigured? A. The IP address B. The subnet mask C. The gateway address D. The DNS servers

C. The gateway address Gateway. It's not DNS because you could still access remote resources by IP if DNS wasn't working/configured for name resolution.

A network is experiencing extreme latency when accessing a particular website. Which of the following commands will BEST help identify the issue? A. ipconfig B. netstat C. tracert D. ping

C. tracert Answer C is correct because the "tracert" command is short for "traceroute," the CLI command which determines the route a packet takes to its destination. Knowing which networks a packet travels through is essential in identifying latency when visiting a website. Answer A is incorrect because the "ipconfig" command lists the local device's TCP/IP and network adapter information. It will not list underlying reasons for network latency. Answer B is incorrect because the "netstat" command shows all active connection to the device but does not show the latency for packets in those connections. Answer D is incorrect because although it shows the latency for packets between a source and its destination, the question asks on how to help identify the issue, not identify what the issue is.

Which of the following would be used when connecting devices that have different physical characteristics? A. A proxy server B. An industrial control system: C. A load balancer D. A media converter

D. A media converter D is correct. A media converter converts the signal from one media type (e.g., copper Ethernet) to another media type (e.g., fiber Ethernet). Devices that have different physical characteristics (i.e., different Layer 1 mediums) have to use a media converter for proper communication between them. Answer A is incorrect because a proxy server sits in between the user and the external network and performs traffic requests on behalf of the users. It has nothing to do with connecting devices with different physical characteristics. Answer B is incorrect because an industrial control system controls industrial devices (e.g., heavy machinery, power generators, etc.). It has nothing to do with connecting devices with different physical characteristics. Answer C is incorrect because a load balancer distributes a traffic load between multiple devices such as servers. It has nothing to do with connecting devices with different physical characteristics.

A network administrator is troubleshooting a connectivity performance issue. As part of the troubleshooting process, the administrator performs a traceroute from the client to the server, and also from the server to the client. While comparing the outputs, the administrator notes they show different hops between the hosts. Which of the following BEST explains these findings? A. Asymmetric routing B. A routing loop C. A switch loop D. An incorrect gateway

D. An incorrect gateway (Most voted A but) If the PC is configured with an incorrect default gateway, the PC will attempt to forward to what is configured, and arp for the address that is configured. With proxy arp enabled, the router will respond with its own MAC address. In Asymmetric routing, a packet traverses from a source to a destination in one path and takes a different path when it is to return like a loop to the source. This is commonly seen in Layer-3 routed networks. The hop count between the client to server, or server to client would still show the same hops, but in a different order.

A company rents out large event space & includes wireless internet access for each tenant. Tenants reserve a 2 hr window from the company each week, which include a tenant-specific SSID. However, all users share the company's network hardware. Network support team is receiving complaints from tenants that some users are unable to connect to the wireless network. Upon investigation, the support team discovers a pattern indicating that after a tenant w/ a particularly large attendance ends its sessions, tenants throughout the day are unable to connect. The following settings are common to all network configurations: Which actions would MOST likely reduce this issue? (Choose 2) A. Change to WPA encryption. B. Change DNS server to 10.1.10.1. C. Change default gateway to 10.0.0.1. D. Change DHCP scope end to 10.1.10.250. E. Disable AP isolation. F. Change subnet mask to 255.255.255.192. G. Reduce DHCP lease time to 4 hrs.

D. Change the DHCP scope end to 10.1.10.250. G. Reduce the DHCP lease time to four hours. The issue occurring after a large number of attendance is an indication of running out of usable address space for user devices to have access to the network. DHCP gives access to these spaces through leases that can be adjusted for how many users need access & @ what time.

Which of the following BEST describes hosting several businesses on the same physical infrastructure? A. Hybrid B. Elasticity C. IaaS D. Multitenancy

D. Multitenancy Multitenancy = Allowing customers to share computing resources in a public, or private cloud. Traditional, on-premise server environments would only have one tenant using your server, this is like having a single family home in the suburbs, you're going to have a single tendency solution, or dedicated solution by having one house with one family living inside of it. In a building with 50 apartments & 50 different families counts as having one tenant assigned to a room, & 50 tenants assigned to the building.

Which of the following records can be used to track the number of changes on a DNS zone? A. SOA B. SRV C. TXT D. NS

D. NS (Most voted for A but) NS records tell another DNS server which server(s) can be contacted to obtain records pertaining the domain which will lead you to the SOA. In Enterprise & Education variants of Windows, you can use Server Manager to view in-depth nameserver context, this can allow you to audit & view server event properties through a name server to see the full changes in depth. You can also type nslookup -q=soa [desired server name] to keep track of how often these changes are made.

A network attack caused a network outage by wiping the configuration and logs of the border firewall. Which of the following sources, in an investigation to determine how the firewall was compromised, can provide the MOST detailed data? A. Syslog server messages B. MIB of the attacked firewall C. Network baseline reports D. NetFlow aggregate data

D. NetFlow aggregate data NetFlow is a tremendous security tool. It provides anomaly detection and investigative capabilities that can be helpful in incident response. The Cisco Cyber Threat Defense (CTD) solution uses NetFlow as the primary security visibility tool. NetFlow plays a crucial role in the preparation and identification phases. Information collected in NetFlow records can be used as part of identifying, categorizing, and scoping suspected incidents as part of the identification. NetFlow data also provides great benefits for attack traceback and attribution. In addition, NetFlow provides visibility into what is getting into your network and what information is being exfiltrated out of your network. https://www.ciscopress.com/articles/article.asp?p=2812391&seqNum=5#:~:text=NetFlow%20is%20a%20tremendous%20security,the%20primary%20security%20visibility%20tool.

At which of the following OSI model layers does routing occur? A. Data link B. Transport C. Physical D. Network

D. Network The Network layer is responsible for logical addressing, routing, and path determination of data between source and destination hosts on different networks. The layer uses logical addresses (e.g., IP addresses) to route packets to their destination.

A false camera is installed outside a building to assist with physical security. Which of the following is the device assisting? A. Detection B. Recovery C. Identification D. Prevention

D. Prevention Since it's false, it should be deterrent but preventive is the best option.

An administrator is working with the local ISP to troubleshoot an issue. Which of the following should the ISP use to define the furthest point on the network that the administrator is responsible for troubleshooting? A. Firewall B. A CSU/DSU C. Demarcation point D. Router E. Patch panel

D. Router This is just another poorly worded question. Everyone's though process is correct, but when stated differently, the ISP is telling the admin that the first point the admin is responsible for us the to the router. The next point (going away from the user and towards the ISP) would be the demarc point and that is where the ISP's responsibility begins. I hope that clears it up.

A systems operator is granted access to a monitoring application, configuration application, and timekeeping application. The operator is denied access to the financial and project management applications by the system's security configuration. Which of the following BEST describes the security principle in use? A. Network access control B. Least privilege C. Multifactor authentication D. Separation of duties

D. Separation of duties 'The principle of separation of duties says that no user should have all the privileges necessary to complete a critical business function by themselves. Instead, the critical business function should be divided into discrete tasks and the appropriate privilege granted to different users. By requiring the involvement of more than one employee, separation of duties helps prevent fraud and abuse.'

Which of the following is the primary function of the core layer of the three-tiered model? A. Routing B. Repeating C. Bridging D. Switching

D. Switching The three-tiered model is a network architecture that consists of three layers: the access layer, the distribution layer, and the core layer. Each layer has a specific function in the network, and the layers are designed to provide scalability, flexibility, and fault tolerance. The primary function of the core layer is switching. The core layer is responsible for providing high-speed connectivity between the distribution layer switches. It is designed to provide a high level of redundancy and fault tolerance, and to ensure that traffic flows quickly and efficiently through the network.

Which of the following security controls indicates unauthorized hardware modifications? A. Biometric authentication B. Media device sanitization C. Change management policy D. Tamper-evident seals

D. Tamper-evident seals Tamper-evident seals indicate unauthorized hardware modifications. Tamper-evident seals can be used to identify whether someone has attempted to physically tamper with hardware devices or components. If the seal is broken or missing, it can indicate that the device has been modified or compromised. Biometric authentication, media device sanitization, and change management policies are security controls that address other aspects of security, such as access control, data protection, and configuration management.

Which of the following OSI model layers is where a technician would view UDP information? A. Physical B. Data link C. Network D. Transport

D. Transport The transport layer, specifically the User Datagram Protocol (UDP) is responsible for end-to-end communication and data transfer between applications on different devices. It's in this layer where a technician would view UDP information.

Which of the following is conducted frequently to maintain an updated list of a system's weaknesses? A. Penetration test B. Posture assessment C. Risk assessment D. Vulnerability scan

D. Vulnerability scan A vulnerability scan is conducted frequently to maintain an updated list of a system's weaknesses. A vulnerability scan is an automated process that checks a system or network for known vulnerabilities, such as outdated software versions, misconfigured settings, and unpatched systems. It checks the system against a database of known vulnerabilities and generates a report of any weaknesses that are found. This process is usually done periodically, such as weekly or monthly, to ensure that the system stays up-to-date with the latest patches and security updates.

A network manager is configuring switches in IDFs to ensure unauthorized client computers are not connecting to a secure wired network. Which of the following is the network manager MOST likely performing? A. Disabling unneeded switchports B. Changing the default VLAN C. Configuring DHCP snooping D. Writing ACLs to prevent access to the switch

D. Writing ACLs to prevent access to the switch (Most voted for A but) There are MAC ACls like those involved in MAC filtering. An ACL is an Access Control List that would tell the switch that only authorised devices are allowed to connect. This however may be more time consuming than just disabling unused switchports but an ACL would be a certain way as someone could remove a device from plug in to that port.

A network administrator wants to check all network connections and see the output in integer form. Which of the following commands should the administrator run on the command line? A. netstat B. netstat -a C. netstat -e D. netstat -n

D. netstat -n -a Display All connections and listening ports. -e Display Ethernet statistics. (may be combined with -s) -n Display addresses and port numbers in Numerical form. -r Display the Routing table. -o Display the Owning process ID associated with each connection. -b Display the exe involved in creating each connection or listening port.* -v Verbose - use in conjunction with -b, to display the sequence of components involved for all executables. -p protocol Show only connections for the protocol specified; can be any of: TCP, UDP, TCPv6 or UDPv6. If used with the -s option then the following protocols can also be specified: IP, IPv6, ICMP, or ICMPv6. -s Display per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; (The v6 protocols are not available under 2k and NT4) The -p option can be used to display just a subset of these.

To access production applications and data, developers must first connect remotely to a different server. From there, the developers are able to access production data. Which of the following does this BEST represent? A. A management plane B. A proxy server C. An out-of-band management device D. A site-to-site VPN E. A jump box

E. A jump box A jump box (also known as a jump server or a bastion host) is a dedicated server or virtual machine that provides secure access to other systems on a network. In the scenario described in the question, the jump box is the server that the developers connect to remotely in order to access production applications and data. The purpose of the jump box is to provide an additional layer of security by restricting direct access to the production servers. This helps to protect the production servers from potential security threats that could be introduced through the developers' remote connections.

Which of the following would be used to enforce and schedule critical updates with supervisory approval and include backup plans in case of failure? A. Business continuity plan B. Onboarding and offboarding policies C. Acceptable use policy D. System life cycle E. Change management

E. Change management Business continuity plan is for after an emergency. "Back-up in case of failure", that is done when a change management fails. Normally we call it Rollback, but here they misused the backup to trip people. The intent of the certification industry is not to test knowledge but make more money for themselves.

A network administrator installed an additional IDF during a building expansion project. Which of the following documents need to be updated to reflect the change? (Choose two.) A. Data loss prevention policy B. BYOD policy C. Acceptable use policy D. Non-disclosure agreement E. Disaster recovery plan F. Physical network diagram

E. Disaster recovery plan F. Physical network diagram The infrastructure has been changed & so the first four documents would not have to change unless by special request. Because this is an expansion on data locational structure, you need to ensure it is covered by a Disaster Recovery Plan & Physical Network Diagram. F. Physical network diagram: The physical network diagram needs to be updated to include the new IDF location and the connections to the existing network infrastructure. E. Disaster recovery plan: The disaster recovery plan needs to be updated to reflect the addition of the new IDF. This may include updating the recovery procedures and identifying any new critical systems or applications that are now located in the new IDF.

Users in a branch can access an in-house database server, but it is taking too long to fetch records. The analyst does not know whether the issue is being caused by network latency. Which of the following will the analyst MOST likely use to retrieve the metrics that are needed to resolve this issue? A. SNMP B. Link state C. Syslog D. QoS E. Traffic shaping

E. Traffic shaping (Most voted for A but) Traffic shaping is a bandwidth management technique used on computer networks which delays some or all datagrams to bring them into compliance with a desired traffic profile. Traffic shaping is used to optimize or guarantee performance, improve latency, or increase usable bandwidth for some kinds of packets by delaying other kinds. It is often confused with traffic policing, the distinct but related practice of packet dropping and packet marking. https://en.wikipedia.org/wiki/Traffic_shaping