Jason Dion Network+ N10 008 Missed Practice Test Questions, Ports and Protocols
Rollover cable (Console cable)
- wires reversed - terminations are a mirror image of each other - used to connect a computer to a console port of a router RJ-45 to serial
The 5 GHz frequency band is used by
802.11a, 802.11n, 802.11ac, and 802.11ax.
Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 54 Mbps? A. 802.11a B. 802.11n C. 802.11ac D. 802.11g E. 802.11ax F. 802.11b
A. 802.11a The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps.
Which of the following weaknesses exist in WPS-enabled wireless networks? A. Brute Force occurs within 11,000 combinations B. Utilize a 24-bit initialization vector C. Utilizes a TKIP to secure the authentication handshake D. Utilizes a 40-bit encryption key
A. Brute Force occurs within 11,000 combinations The most prominent attack against WPS0-enabled wireless networks involves brute-forcing the 8-digit PIN that client uses to enroll their devices without knowing the pre-shared key. WPS checks each half of the PIN individually, reducing the number of possible combinations from a maximum of 100,000,000 to only 11,000. This only takes a few minutes to crack on most modern computers, as long as the WAP doesn't have a lockout after a certain number of failures. The lockout mechanism may also be triggered based on the client's MAC, so you can often spoof MAC to bypass this defense.
You are working as a network administrator and are worried about the possibility of an insider threat. You want to enable a security feature that would remember the Layer 2 address first connected to a particular switch port to prevent someone from unplugging a workstation from the switch port and connecting their laptop to that same switch port. Which of the following security features would BEST accomplish this goal? A. ACL B. Port Security C. 802.1x D. NAC
B. Port Security Port security, also known as persistent MAC learning or Sticky MAC, is a security feature that enables an interface to retain dynamically learned MAC addresses when the switch is restarted or if the interface goes down and is brought back online. This is a security feature that can be used to prevent someone from unplugging their office computer and connecting their laptop to the network jack without permission since the switch port connected to that network jack would only allow the computer with the original MAC address to gain connectivity.
Lynne is a home user who would like to share music throughout the computers in her house using an external USB hard drive connected to a router that she purchased over a year ago. The manufacturer states that the router can recognize drives up to 4TB in size, but she cannot get her 3TB hard drive to show up on the network. Which of the following should Lynne do to solve this issue? A. Download a new music player on her computers B. Install the latest OS on her computers C. Flash the latest firmware for her router D. Load the latest hardware drivers for her USB drive
C. Flash the latest firmware for her router Routers can be updated by conducting a firmware flash. This is similar to upgrading or patching your computer's operating system or even updating a device driver. By flashing the firmware, it can provide the ability to communicate with newer devices and remove known software vulnerabilities from the device.
Which of the following network topologies requires that all nodes have a point-to-point connection with every other node in the network? A. Ring B. Star C. Mesh D. Bus
C. Mesh
Port 67 & 68
DHCP
Port 53
DNS
Port 20, 21
FTP
Port 993
IMAPS over SSL
Port 636
LDAPS
Port 3306 (TCP)
MySQL
Port 110
POP3
Port 445
SMB (Server Message Block)
Port 25
SMTP
Port 587
SMTP TLS
Network Basic Input/Output System (NetBIOS)
TCP 139 -Used for file or printer sharing in a windows network.
SQLnet Protocol
TCP 1521 -Used for communication from a client to an Oracle database.
MySQL
TCP 3306 -Used for communication from a client to the MySQL database engine.
Port 69
TFTP
Canonical Name Records (CNAME)
These are alias hostnames records. They must be created manually.
AAAA record
same as the A record but with IPv6
Service Records (SRV)
• Find a specific service • EX: Where is the Windows Domain Controller? Where is the instant messaging server? Where is the VoIP controller?
Text records (TXT)
• Human-readable text information • Useful public information • SPF protocol (Sender Policy Framework) • Prevent mail spoofing • Mail servers check that incoming mail really did come from an authorized host
Name server records (NS)
• List the name servers for a domain - NS records point to the name of the server
*FLIP CARD TO READ QUESTION* *FLIP CARD TO READ QUESTION* *FLIP CARD TO READ QUESTION* *FLIP CARD TO READ QUESTION* *FLIP CARD TO READ QUESTION* D. NAT has not been configured on the border firewall. The most likely cause is that the NAT has not been properly configured on the border firewall. This would cause the internal network users to access the web servers still (since internal traffic doesn't have to transit the firewall), but would still prevent Internet users from accessing the webserver. The subnet mask provided of 255.255.254.0 represents a /23 CIDR network, therefore the IP and the gateway are on the same subnet and the gateway is not the issue. The layer 3 switch cannot be the issue either, because if it blocked port 80 then the internal users would have been blocked, too. The web server does not need to access the DNS server, since the webserver is the target being accessed and not the system initiating the connection.
(This is a simulated Performance-Based Question.) You are a network administrator troubleshooting an issue with a newly installed web server. The web server is available to internal network users, but users outside the internal network (Internet users) cannot reach the server. You run an IPCONFIG and receive the configuration below: *SEE ATTACHMENT* Which of the following is the MOST LIKELY reason why the server is unreachable from the Internet? A. The gateway IP has been misconfigured B. The Layer 3 switch port connecting the webserver is blocking port 80 C. The configured DNS server is not reachable by the webserver D. NAT has not been configured on the border firewall
The 2.4 GHz frequency band is used by
802.11b, 802.11g, and 802.11n.
Pointer Record (PTR)
A record that points IP addresses to host names.
Mail Exchanger (MX) Record
A record used by e-mail servers for determining the host names of servers responsible for handling a domain's incoming e-mail.
What is the network ID associated with the host located at 192.168.0.123/29? A. 192.168.0.120 B. 192.168.0.64 C. 192.168.0.96 D. 192.168.0.112
A. 192.168.0.120 In classless subnets using variable-length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /29, so each subnet will contain 8 IP addresses. Since the IP address provided is 192.168.0.123, it will be in the 192.168.0.120/29 network.
Which of the following policies or plans would dictate how an organization would respond to an unplanned outage of their primary internet connection? A. Business Continuity Plan B. System Life Cycle Plan C. Incident Response Plan D. Disaster Recovery Plan
A. Business Continuity Plan : A business continuity plan is a document that outlines how a business will continue operating during an unplanned service disruption. A business continuity plan is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human capital and business partners, and essentially every other aspect of the business that might be affected. A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber attacks, and other disruptive events. An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describe the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement.
Last night, your company's system administrators conducted a server upgrade. This morning, several users are having issues accessing the company's shared drive on the network. You have been asked to troubleshoot the problem. What document should you look at first to create a probable theory for the cause of the issue? A. Change Management Documentation B. Release notes for the server software C. Cable Management plan D. Physical Network Diagram
A. Change Management Documentation Since everything worked before the server upgrade and doesn't now, it would be a good idea to first look at the change management documentation that authorized the change/upgrade. This should include the specific details of what was changed and what things may have been affected by the change. This is the best place to start when determining what changed since yesterday. Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies.
What would be used in an IP-based video conferencing deployment? A. Codec B. NFC C. RS-232 D. 56K Modem
A. Codec The term "codec" is a concatenation of "encoder" and "decoder." In video conferencing, a codec is a software (or can be hardware) that compresses (encodes) raw video data before it is transmitted over a network. Generally, audio/video conferencing systems utilize the H.323 protocol with various codecs like H.263 and H.264 to operate. A 56k modem is a legacy device, also called a dial-up modem. These devices are too slow to allow an IP-based video conferencing system deployment. RS-232 is a standard protocol used for serial communication, and is too slow to support IP-based video conferencing systems. Near Field Communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 4cm or less to initiate a connection. NFC is not used with IP-based video conferencing systems.
Jason wants to use his personal cell phone for work-related purposes. Because of his position, Jason has access to sensitive company data, which might be stored on his cell phone during its usage. The company is concerned about this but believes that it might be acceptable with the proper security controls in place. Which of the following should be done to protect both the company and Jason if they allow him to use his personal cell phone for work-related purposes? A. Conduct real-time monitoring of the phone's activity and usage B. Establish an NDA that states Jason cannot share confidential data with others C. Establish a consent to monitoring policy so that the company can audit Jason's cell phone usage D. Establish an AUP that allows a personal phone to be used for work-related purposes
A. Conduct real-time monitoring of the phone's activity and usage While all four are good options, the BEST solution is to conduct real-time monitoring of the phone's activity since it is a technical control that could quickly identify an issue. The other options are all administrative controls (policies), which are useful but would not actually identify if the sensitive data was leaked from Jason's phone.
A network technician wants to centrally manage the switches and segment the switches into separate broadcast domains. The Dion Training network is currently using VLAN 1 for all of its devices and uses a single private IP address range with a 24-bit mask. Their supervisor wants VLAN 100 to be the management subnet and all of the switches must share VLAN information. Which of the following should the technician configure to meet these requirements? (Pick multiple answers if they apply) A. Configure VLSM for the IP address range B. Configure VTP and 802.1x on all inter-switch connections with native VLAN 100 C. Configure VTP and 802.1q on the inter-switch connections with native VLAN 100 D. Configure STP and 802.1q on the inter-switch connections with native VLAN 100 E. Configure STP and 802.1w on the inter-switch connections with native VLAN 100
A. Configure VLSM for the IP address range C. Configure VTP and 802.1q on the inter-switch connections with native VLAN 100 The 801.q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it. VLSM stands for Variable Length Subnet Mask where the subnet design uses more than one mask in the same network which means more than one mask is used for different subnets of a single class A, B, or C network. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard and Rapid Reconfiguration of Spanning Tree is defined in the IEEE 802.1w standard. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.
A technician is attempting to resolve an issue with users on the network who cannot access websites like DionTraining.com and Google.com. The technician can ping their default gateway, DNS servers, and the website using its IP address successfully. The technician tries to use the command "ping diontraining.com" and receives an error message stating "Ping request could not find host diontraining.com." Which of the following actions should the technician attempt next to resolve this issue? A. Ensure port 53 is enabled on the firewall B. Ensure ICMP messages transit through the firewall C. Update the HOST file with the URL and IP for the websites D. Use NSLOOKUP to resolve the URLs manually
A. Ensure port 53 is enabled on the firewall The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. When a client wants to access a website, it will make a request to the DNS server over port 53 to translate the domain name to its corresponding IP address. Since the technician is only able to access the servers using their IP addresses, this validates that the connectivity is functioning correctly but the DNS process is failing. The most likely reason for this is that port 53 is blocked at the firewall and is preventing the client from sending their requests to the DNS server.
Which encryption type MOST likely is used for securing the key exchange during a client-to-server VPN connection? A. ISAKMP B. TKIP C. AES D. Kerberos
A. ISAKMP ISAKMP is used in IPsec, which is commonly used in securing the key exchange during the establishment of a client-to-server VPN connection. TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The Advanced Encryption Standard (AES) is a symmetric key encryption and is not used for key exchanges.
An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted if this change is not immediate. The request comes directly from management and was just approved through the emergency change management process. Which of the following should the technician do? A. Make the change, document the requester, and document all network changes B. Wait until the maintenance window and make the requested change C. Send out a notification to the company about the change D. First Document the potential impacts and procedures related to the change
A. Make the change, document the requester, and document all network changes The best answer is to make the change, document the requester, and document all the network changes. All changes to the enterprise network should be approved through the normal change management processes. If there is an urgent need, there is an emergency change management process that can be used for approval. This is known as an emergency change approval board (ECAB). An ECAB can be executed extremely quickly to gain approval, and then the documentation can be completed after the change is made when using the emergency change management processes.
Jason is a network manager leading a project to deploy a SAN. He is working with the vendor's support technician to set up and configure the SAN on the enterprise network. To begin SAN I/O optimization, what should Jason provide to the vendor support technician? A. Network Diagrams B. Asset Management Document C. Baseline documents D. Access to the data center
A. Network diagrams A network diagram is a visual representation of network architecture. It maps out the structure of a network with a variety of different symbols and line connections. This information will be important when deploying a Storage Area Network (SAN) on the enterprise network. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. Asset management is used to record and track an asset throughout its life cycle, from procurement to disposal. Access to the datacenter will only be required if the vendor's support technician will be physically working in the datacenter and not performing a remote installation.
A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem? A. Shared secret key is mismatched B. IDS is blocking RADIUS C. Username is misspelled in the device configuration file D. Group policy has not propagated to the device
A. Shared secret key is mismatched AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems. A shared secret is a text string that serves as a password between hosts.
*FLIP CARD TO READ QUESTION* *FLIP CARD TO READ QUESTION* *FLIP CARD TO READ QUESTION* *FLIP CARD TO READ QUESTION* *FLIP CARD TO READ QUESTION* D. Verify the cable is connected to eth 0/0 The key to answering this question is the first line of the output that states the line protocol is down. This means that the specified interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the switchport. The line protocol being down indicates a clocking or framing problem on the connection, and the most common reason for this is a cable that is not properly connected. If "Fast Ethernet 0/0 is administratively down", this would have indicated that the switchport was manually shut down using the shutdown command by a network administrator and would need to be reenabled. But, since "Fast Ethernet 0/0 is up", this indicates the interface was already enabled for eth 0/0. The IP address is currently set to 10.20.30.40/25 which is a private IP address in a classless subnet range. As long as the default gateway is an IP between 10.20.30.0 and 10.20.30.127, though, there is nothing wrong with using this IP address. Without knowing the default gateway, we cannot identify the IP address as the issue. The "loopback is not set" indicates that the interface is not in diagnostic mode and should be properly sending traffic instead of sending it to a loopback address or port.
An administrator's router with multiple interfaces uses OSPF as its routing protocol. You have discovered that one of the router's interfaces is not passing traffic. You enter the "show interface eth 0/0" command at the CLI and receive the following output: *see attachment* Which of the following actions should you perform to allow the interface to pass traffic again? A. Modify the IP address to 10.20.30.4/8 B. Enable the switchport for eth 0/0 C. Set the loopback address to 127.0.0.1 D. Verify the cable is connected to eth 0/0
Which of the following levels would an alert condition generate? A. 2 B. 1 C. 3 D. 0
B. 1
A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected? A. Review the ID3 logs on the network B. Analyze packet captures C. Utilize netstat to locate active connections D. Use Nmap to query known ports
B. Analyze packet captures Packet captures contain every packet that is sent and received by the network. By using a program like Wireshark to analyze the packet captures, you can see what kind of information and metadata is contained within the packets. By conducting this type of packet analysis, an attacker (or cybersecurity analyst) can determine if software versions are being sent as part of the packets and their associated metadata.
Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network? A. Ring B. Hybrid C. Bus D. Star
B. Hybrid A hybrid topology is a kind of network topology that is a combination of two or more network topologies, such as mesh topology, bus topology, and ring topology. A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring. The WAN connections are using a ring network topology, but each office is using a star topology. Therefore, the best description of this combined network is a hybrid topology.
A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address? A. Place the server in a screened subnet or DMZ B. Implement a split-horizon or split-view DNS C. Adjust the ACL on the firewall's internal interface D. Configure the firewall to support dynamic NAT
B. Implement a split-horizon or split-view DNS The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external).
What is considered a classless routing protocol? A. IGRP B. OSPF C. RIPv1 D. STP
B. OSPF OSPF is known as a classless protocol. Classless routing protocols are those protocols that include the subnet mask information when the routing tables or updates are exchanged. Other classless routing protocols include EIGRP, RIPv2 (or newer), and IS-IS.
Which of the following terms represents the maximum amount of data, as measured in time, that an organization is willing to lose during an outage? A. RTO B. RPO C. MTBF D. MTTR
B. RPO The recovery point objective (RPO) is the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan's maximum allowable threshold or tolerance. The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in continuity. The mean time to repair (MTTR) measures the average time it takes to repair a network device when it breaks. The mean time between failures (MTBF) measures the average time between when failures occur on a device.
While working as a security analyst, you have been asked to monitor the SIEM. You observed network traffic going from an external IP to an internal host's IP within your organization's network over port 443. Which of the following protocols would you expect to be in use? A. SSH B. TLS C. HTTP D. TFTP
B. TLS Transport Layer Security (TLS) is used to secure web connections over port 443. Since port 443 was in use, you should expect either HTTPS, SSL, or TLS to be used as the protocol. If not, this would be suspicious activity and should be investigated. In fact, since this was a connection from the external IP to an internal host over port 443, this is suspicious and could be indicative of a remote access trojan on your host.
A network administrator is tasked with building a wireless network in a new building located next door to your company's office building. The wireless clients should not be able to communicate with other wireless clients but should be able to communicate with any wired users on the network. The users must be able to seamlessly migrate between the buildings while maintaining a constant connection to the LAN. How should the administrator configure the new wireless network in this new building? A. Use the same SSIDs on the same channels with AP Isolation B. Use the same SSIDs on different channels and AP isolation C. Use different SSIDs on the same channels with VLANs D. Use different SSIDs on different channels and VLANs
B. Use the same SSIDs on different channels and AP isolation For users to be able to seamlessly migrate between the two buildings, both Access Points (AP) must use the same SSIDs. To prevent frequency interference, though, each device needs to select a different and non-overlapping channel to utilize. Finally, the AP isolation should be enabled. Access Point (AP) isolation is a technique for preventing mobile devices connected to an AP from communicating directly with each other.
A network technician at a warehouse must implement a solution that will allow a company to track shipments as they enter and leave the facility. The warehouse workers must scan and concurrently upload large images of items to a centralized server. Which of the following technologies should they utilize to meet these requirements? A. Bluetooth B. Wi-Fi C. RFID D. NFC
B. Wi-Fi Wi-Fi is the best solution to meet this organization's needs. 802.11ac is a very fast high-speed Wi-Fi network capable of 1 Gbps speeds over a 5 GHz spectrum and is perfect for uploading large image files quickly over a wireless local area network. Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. While the warehouse might want to also utilize RFID to allow for the accurate scanning of items using radio frequency tracking tags, RFID cannot upload large images of the items to the centralized server since it is limited to 2 KB of data per RFID tag. Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz and building personal area networks. Bluetooth would not allow the worker to have full coverage throughout the warehouse due to the short distance requirement between a transmitter and receiver. Near-Field Communication (NFC) is a set of communication protocols for communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection with a simple setup that can be used to bootstrap more capable wireless connections.
Describe BPDU
Bridge Protocol Data Unit (BPDU) is a spanning tree protocol (STP) message unit which describes the switch port attributes such as MAC address, priority, and cost to achieve which allow switches to participate in the Spanning Tree Protocol to collect information from each other. This data message transmitted across a local area network to detect loops in network topologies.
Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 3.5 Gbps? A. 802.11a B. 802.11n C. 802.11ac D. 802.11g E. 802.11ax F. 802.11b
C. 802.11ac The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds
What is a common technique used by malicious individuals to perform an on-path attack on a wireless network? A. ARP spoofing B. Amplified DNS attacks C. An evil twin D. Session Hijacking
C. An evil twin An evil twin is the most common way to perform an on-path attack on a wireless network. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user's knowledge. A man-in-the-middle or on-path attack consists of sitting between the connection of two parties and either observing or manipulating traffic. This could be through interfering with legitimate networks or creating fake networks that the attacker controls. ARP spoofing, session hijacking, and amplified DNS attacks are not techniques specific to attacking wireless networks.
Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue? A. C:\windows\System32> ipconfig /flushdns B. C:\Windows\System32> nslookup C. C:\Windows\System32> nbtstat -R D. C:\Windows\System32> route print
C. C:\Windows\System32> nbtstat -R Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the "nbtstat -R" command to purge and reload the cached name table from the LMHOST file on their Windows workstation. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.
A company has a secondary datacenter in a remote location. The datacenter staff handles cable management and power management. The building's security is also handled by the datacenter staff with little oversight from the company. Which of the following should the technician do to follow the best practices? A. Secure the UPS units B. Ensure power monitoring is enabled C. Ensure locking cabinets and racks are used D. Secure the patch panels
C. Ensure locking cabinets and racks are used By ensuring locking cabinets and racks are used, the staff would have keyed or RFID card locks installed. This provides an extra layer of physical security to the servers, which is considered a best practice.
Your company has decided to begin moving some of its data into the cloud. Currently, your company's network consists of both on-premise storage and some cloud-based storage. Which of the following types of clouds is your company currently using? A. Public B. Community C. Hybrid D. Private
C. Hybrid hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between these platforms. This typically involves a connection from an on-premises data center to a public cloud. A community cloud is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume. A private cloud contains services offered either over the Internet or a private internal network and only to select users instead of the general public.
You have been assigned to assist with deploying a new web-based application to your company's intranet. After installing the application, it was identified that the database server is becoming overloaded by the number of requests that the users create. The team lead has proposed adding a device between the web server and the database server to alleviate the issue. Which of the following is being implemented by adding this new device? A. Conduct port sniffing and protocol analysis B. Implement clustering and NIC teaming on the database server C. Implement load balancing and provide high availability D. Conduct content filtering and network analysis
C. Implement load balancing and provide high availability The device being added is most likely a load balancer. Adding this device will allow the delivery team to install a series of database servers to handle the requests by dividing the incoming requests among the various servers. NIC teaming would be an action that occurs on the database server itself. It is not a separate device. The other options are focused on troubleshooting efforts, not increasing the database server's capability or availability.
Janet is a system administrator who is troubleshooting an issue with a DNS server. She notices that the security logs have filled up and must be cleared from the event viewer. She recalls this being a daily occurrence. Which of the following would BEST resolve this issue? A. Log into the DNS server every hour to check if the logs are full B. Delete the logs when full C. Install an event management tool D. Increase the maximum log size
C. Install an event management tool Using an event management tool will allow the administrator to clear the event logs and move them from the server to a centralized database if needed. This will prevent the logs from filling up on the server without having to delete them permanently from the logging environment.
What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them? A. FIN B. SYN C. RST D. ACK
C. RST A reset (RST) flag is used to terminate the connection. This type of termination of the connection is used when the sender feels that something has gone wrong with the TCP connection or that the conversation should not have existed in the first place.
A network administrator has determined that the ingress and egress traffic of a router's interface are not correctly reported to the monitoring server. Which of the following can be used to determine if the router interface uses 64 bit versus 32-bit counters? A. Syslog B. Port Scanner C. SNMP Walk D. Packet Analyzer
C. SMNP Walk SNMP Walk can be used to determine if the counter is using 32 bits or 64 bits by querying the OID of the endpoint (router interface).
You have been asked to select the best WAN connection for a new network at Dion Training. The company has stated that they must have a guaranteed throughput rate on their Internet connection at all times. Based on this requirement, what type of WAN connection should you recommend? A. Dial-up B. Cable Broadband C. T-1 D. DSL
C. T-1 A T-1 connection provides a guaranteed 1.544 Mbps of throughput. Dial-up, DSL, and cable broadband do not provide a guaranteed throughput rate. Instead, these services provide a variable throughput rate based on network conditions and demand in the area of your business.
A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem? A. The workstations NIC has a bad SFP module B. APIPA has been misconfigured on the VLANs switch C. The switchport is configured for 802.1q trunking D. The workstations OS updates have not been installed
C. The switchport is configured for 802.1q trunking If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address. APIPA is not configured on the VLAN's switch, it is configured by default on client and server devices, such as the workstation in this scenario. A small form-factor pluggable (SFP) transceiver is used on routers as a hot-pluggable network interface module, they are not used in workstations. The workstation's OS update status is unlikely to cause the network connectivity issue, but a network interface driver might. Therefore, the most likely cause of this issue is the switchport was configured as a trunking port instead of an access port.
You are configuring a network to utilize SNMPv3 to send information from your network devices back to an SNMP manager. Which of the following SNMP options should you enable to ensure the data is transferred confidentially? A. authEncrpt B. authProtect C. authPriv D. authNoPriv
C. authPriv In SNMPv3, the authPriv option ensures that the communications are sent with authentication and privacy. This uses MD5 and SHA for authentication and DES and AES for privacy and encryption.
You just started work as a network technician at Dion Training. You have been asked to check if DHCP snooping has been enabled on one of the network devices. Which of the following commands should you enter within the command line interface? A. show route B. show interface C. show config D. show diagnostic
C. show config The "show configuration" command is used on a Cisco networking device to display the device's current configuration. This would show whether or not the DHCP snooping was enabled on this device.
dig command
Can resolve a FQDN to an IP address
A client has asked you to provide their local office with the BEST solution for a wireless network based on their requirements. The client has stated that their users will need a wireless network that provides a maximum of 54 Mbps of bandwidth and operates in the 2.4GHz frequency band. Which of the following wireless network types should you install to meet their needs? A. 802.11a B. 802.11n C. 802.11ac D. 802.11g E. 802.11ax F. 802.11b
D. 802.11g 802.11g provides transmission over short distances at up to 54 Mbps in the 2.4 GHz band. It is backward compatible with 802.11b (which only operates at 11 Mbps). While an 802.11ac network would be the fastest solution, it does not operate in the 2.4 GHz frequency band. 802.11a operates in the 5 GHz frequency band at up to 54 Mbps.
Which type of wireless network utilizes the 2.4 GHz frequency band and reaches speeds of up to 54 Mbps? A. 802.11a B. 802.11n C. 802.11ac D. 802.11g E. 802.11ax F. 802.11b
D. 802.11g he 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps.
Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line? A. Multilayer Switch B. DOCSIS modem C. Access Point D. Analog Modem
D. Analog Modem An analog modem is a device that converts the computer's digital pulses to tones that can be carried over analog telephone lines and vice versa. DSL is the other type of Internet connection that uses an RJ-11 connection to a phone line. A DOCSIS modem is a cable modem and would require a coaxial cable with an F-type connector. An access point is a wireless device that connects to an existing network using twisted pair copper cables and an RJ-45 connector. A multilayer switch can use either twisted pair copper cables using an RJ-45 connector or a fiber optic cable using an MTRJ, ST, SC, or LC connector.
Which of the following communication types can only be used with IPv6? A. Multicast B. Unicast C. Broadcast D. Anycast
D. Anycast Anycast only works with IPv6. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Broadcast only works with IPv4. Broadcast communication has one sender, but it sends the traffic to every device on the network. Multicasting is a technique used for one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only sends the signal once, which is then received by multiple hosts simultaneously. Multicast can be used with both IPv4 and IPv6. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.
Which of the following type of network models requires the use of specialized computers that utilize networking operating systems to provide services to other networked devices that request services from them over an enterprise network? A. Point-to-Point B. Peer-to-Peer C. Hub-and-Spoke D. Client-Server
D. Client-Server A client-server network model utilizes specific devices (servers) to provide services to requesters (clients). A server is a specialized computer that runs a networking operating system. A client is any device that requests services over a network, such as a desktop, laptop, tablet, or internet of things device. A peer-to-peer network model does not differentiate between the clients and the servers, and every node can become a client and a server when requesting and responding to service requests. A hub and spoke topology is a network topology where a central device (the hub) is connected to multiple other devices (the spokes). A point-to-point connection provides a path from one communication endpoint to another.
John is investigating a performance issue on a server and has begun by gathering its utilization statistics. John notices that the statistics are outside of the normal, acceptable ranges. What should John do next? A. Conduct a port scan B. Conduct Vulnerability Scan C. Archive the logs D. Conduct a baseline review
D. Conduct a Baseline Review John should conduct a baseline review to compare the statistics he collected against the previous baseline. He can then use this information further to investigate the drop in the server's performance. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.
You are working as part of a network installation team. Your team has been asked to install Cat 5e cabling to some new offices on the building's second floor. Currently, the office only has one network closet, which is located on the first floor. Your team spent the morning running 24 new CAT 5e cables from a patch panel in the networking closet on the first floor to a new networking closet you are outfitting on the second floor. Your team terminated these cables in a new patch panel in the 2nd-floor closet. You measured the distance from the switch in the 1st-floor closet to the new 2nd-floor patch panel and determined it was 80 meters. The team then ran cables from this patch panel to each of the new offices. Some of the offices are working properly, but others are not. You suspect that some of the cable runs are exceeding the maximum length allowed by Cat 5e cabling. What is the BEST solution to this problem? A. Install a hub in the second-floor networking closet to increase the signal B. Install a repeater between the patch panel and each office C. Install a small switch in each office to increase the signal D. Install a switch in the second-floor networking closet to increase the signal
D. Install a switch in the second-floor networking closet to increase the signal The best option is to install a switch in the networking closet on the second floor, connecting to the cables coming from the first-floor closet and then to the cables on the second-floor patch panel. This will act as a repeater to boost the signal strength over the Cat5e cable, effectively resetting the cable length to 0 meters before leaving the closet. While a repeater may be a good option, a switch is more effective in this case since there are so many cables, and repeaters usually only work for an individual cable. A hub would similarly work but would introduce a signal collision domain for all 24 computers. This would drastically decrease the performance of the network. Finally, we don't want to include a switch in each office, as this is a bad security practice and an inefficient use of resources. It is easier to manage and administer a single, centralized switch in the network closet.
Which of the following network performance metrics is used to represent variable delay experienced by a client when receiving packets from a sender? A. Throughput B. Latency C. Bandwidth D. Jitter
D. Jitter Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients. Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance.
Today, your company's network started to experience network connectivity issues for various workstations around the company. As you begin troubleshooting, you identify that all the workstations receive their connectivity from a single switch on the 3rd floor of the office building. You start searching the 3rd floor for the cause of this issue and find a small wired router plugged into a network jack in the sales manager's office. From this small wired router, he has connected his workstation and a small Smart TV to watch Netflix while working. You question the sales manager about when he brought in the new router. He states that he just hooked it up this morning. What type of issue did the sales manager accidentally introduced into the network by installing the router? A. Evil Twin B. VLAN mismatch C. Switching loop D. Rogue DHCP server
D. Rogue DHCP server Routers usually contain their own DHCP servers. When the sales manager installed the wired router, he inadvertently introduced a secondary DHCP server into the network. This could cause the same IP addresses to be assigned to two different workstations, resulting in connectivity issues for those workstations. Had the sales manager installed a simple hub or switch, this would not have caused any issues. Because this is a wired router, it cannot be an evil twin since evil twins are wireless access points. We have no indications of a VLAN mismatch since this would only affect the workstations connected to this router. Similarly, we have no indications of a network loop, so this network might already be implementing STP to prevent them. Remember, always ask yourself, "what changed recently that might have caused this issue?" In this case, it was the new router added this morning by the sales manager.
You need to connect your laptop to a router in order to add a static route. What type of cable would you use to connect to the router's console port? A. Crossover B. Straight-through C. RG-6 D. Rollover
D. Rollover Typically, a router or switch's console port is connected using a rollover cable, which has an RS-232 (DB-9) port on one side and an RJ-45 on the other. A rollover or console cable is a type of null-modem cable that is used to connect a computer terminal to a router's console port. An RG-6 cable is a coaxial cable used to connect to a cable modem or television. An Ethernet crossover cable is a network cable used to connect two Ethernet network devices directly, such as two computers without a switch or router in between. A straight-through cable is a type of twisted pair cable that is used in local area networks to connect a computer to a network switch.
A technician is setting up a new network and wants to create redundant paths through the network. Which of the following should be implemented to prevent performance degradation within the network? A. VLAN B. ARP Inspection C. Port Mirroring D. Spanning Tree
D. Spanning Tree The Spanning Tree Protocol (STP) is a network protocol that builds a logical loop-free topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. If you have redundant links set up, it is important to utilize STP to prevent loops within the network. If a loop occurs, the performance of the entire network can be degraded due to broadcast storms. Port mirroring is used on a network switch to send a copy of network packets seen on one switch port to a network monitoring connection on another switch port. Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). Port mirroring, ARP inspection, and VLANs do not add any redundancy to the network.
After installing some new switches in your network, you notice that a switching loop has begun to occur. You contact the manufacturer's technical support for your switches and they recommended that you enable 802.1d. Which of the following BEST represents why the manufacturer suggested this? A. The Spanning Tree Protocol uses split horizon to prevent loops in network topologies. B. The Link Aggregation Control Protocol uses BPDU to detect loops in network topologies. C. The Link Aggregation Control Protocol uses split horizon to prevent loops in network topologies. D. The Spanning Tree Protocol uses BPDU to detect loops in network topologies
D. The Spanning Tree Protocol uses BPDU to detect loops in network topologies. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. The Spanning Tree Protocol operates at Layer 2 of the OSI model to detect switching loops. STP is defined in the IEEE 802.1d standard. The Link Aggregation Control Protocol (LACP) enables you to assign multiple physical links to a logical interface that will appear as a single link to a route processor. LACP is used to combine multiple network connections in parallel to increase throughput beyond what a single connection could sustain and to provide redundancy in case one of the links should fail. LACP is defined in the IEEE 802.3ad standard. Split horizon is used by routing protocols at layer 3 to prevent routing loops, and it does not affect switching loops.
Which of the following technologies combines the functionality of a firewall, malware scanner, and other security appliances into one device? A. IPS B. IDS C. Syslog D. UTM
D. UTM A Unified Threat Management (UTM) appliance enforces a variety of security-related measures, combining the work of a firewall, malware scanner, and intrusion detection/prevention. A UTM centralizes the threat management service, providing simpler configuration and reporting than isolated applications spread across several servers or devices. An intrusion detection system (IDS) is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system. Unlike an IPS, which can stop malicious activity or policy violations, an IDS can only log these issues and not stop them. An intrusion prevention system (IPS) conducts the same functions as an IDS but can also block or take actions against malicious events. A Syslog server is a server that collects diagnostic and monitoring data from the hosts and network devices across a given network.
The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented? A. WEP B. MAC Filtering C. WPA2 Enterprise D. WPA Personal
D. WPA personal Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client. MAC filtering does not use a password or preshared key. WEP uses a pre-shared key to secure a wireless network, but WPA uses a stronger encryption standard than WEP.
Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera's security concerns? (Select TWO) A. Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password B. Upgrade the firmware of the WAP to the latest version to improve the security of the network C. Configure the thermostat to use the WEP encryption standard for additional confidentiality D. Disable wireless connectivity to the thermostat to ensure a hacker cannot access it E. Configure the thermostat to use a segregated part of the network by installing it into a screened subnet F. Enable two-factor authentication on the devices website (if supported by the company)
E. Configure the thermostat to use a segregated part of the network by installing it into a screened subnet A. Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network. While enabling two-factor authentication on the device's website is a good practice, it will not increase the IoT device's security. While disabling the wireless connectivity to the thermostat will ensure it cannot be hacked, it also will make the device ineffective for the customer's normal operational needs. WEP is considered a weak encryption scheme, so you should use WPA2 over WEP whenever possible. Finally, upgrading the wireless access point's firmware is good for security, but it isn't specific to the IoT device's security. Therefore, it is not one of the two BEST options.
Port 143
IMAP
List the severity levels range from 0 to 7
Level 0- Emergency (System has become unstable) Level 1- Alert (there is a condition that should be corrected immediately) Level 3- Error (something is happening to the system that is preventing the proper function) Level 4- Warning (error will occur if action is not taken soon) Level 5- Notice (the events are unusual, but they are not error conditions) Level 6- Information (normal operational message that requires no action) Level 7- Debugging (just information that is useful to developers as they are debugging their networks and applications)
Port 389 TCP/UDP
Lightweight Directory Access Protocol (LDAP)
Port 1433
Microsoft SQL Server
Port 123
NTP (Network Time Protocol)
Port 139
NetBIOS
Port 995
POP3 over SSL
Port 3389
RDP (Remote Desktop Protocol)
Port 161/162
SNMP (Simple Network Management Protocol)
Port 1521
SQLnet Protocol
Port 22
SSH and SFTP
Port 5060/5061
Session Initiation Protocol (SIP)
Port 514
Syslog
Post Office Protocol version 3 (POP3)
TCP 110 -Used for receiving incoming emails. -Used by local email clients to retrieve email from a remote server over a TCP/IP connection. -uses a store and forward method of communication.
Internet Mail Application Protocol (IMAP)
TCP 143 a newer method of retrieving incoming emails which improves upon the older POP3. -Keeps all emails/everything synchronized across all of my devices compared to POP3 which doesnt -allows the end user to view and manipulate the messages as if they were stored locally on their machine even though theyre still sitting on the server.
Structured Query Language (SQL)
TCP 1433 -Used to communicate from a client to the database engine.
File Transfer Protocol (FTP)
TCP 20, 21 -Provides insecure file transfers.
Secure File Transfer Protocol (SFTP)
TCP 22 -Provides secure file transfers. -tunneling the FTP protocol through SSH to give us a secure method of doing that file transfer.
Secure Shell (SSH)
TCP 22 -Provides secure remote control of another machine using a text-based environment. -Best known for its remote logging capability and its cryptographic network protocol -uses encryption.
Telnet
TCP 23 -Provides insecure remote control of another machine using a text-based environment. -In other words, Telnet provides us with remote access via the command prompt with NO encryption.
Simple Mail Transfer Protocol (SMTP)
TCP 25 -Provides the ability to send emails over the network -It is the internet standard for sending electronic messages.
Server Message Block (SMB)
TCP 445 -Used for Windows file and printer sharing services. -Operates a lot of times with NetBIOS for authentication over port 139, then SMB wiill handle the actual passing out of those files and printer services to you by handing over their data.
SMTP TLS
TCP 587 -Secure and encrypted way to send emails.
LDAPS (Lightweight Directory Access Protocol Secure)
TCP 636 -Secure version of LDAP
Trivial File Transfer Protocol (TFTP)
TCP 69 -Used as a lightweight file transfer method for sending configurations files or network booting of an operating system. -Stripped down version of FTP -Used when network admins send configuration files or request configuration files from a router or switch. -can be used for booting up an operating system from a network file server. When youre using a PXE network.
IMAP over SSL
TCP 993
POP3 over SSL
TCP 995
Session Initiation Protocol (SIP)
TCP ports 5060 and 5061 -Used to initiate VoIP and video calls. -Used to provide signaling and controlling media communication sessions -used in Skype or Facetime to initiate that communication.
Remote Desktop Protocol (RDP)
TCP/UDP 3389 -Provides graphical remote control of another client or server.
Lightweight Directory Access Protocol (LDAP)
TCP/UDP 389 -used to provide directory services in your network. -i.e. Active Directory in Microsoft, address book in outlook, etc. -Can store information about your users and their groups.
Domain Name Service (DNS)
TCP/UDP 53 -Converts domain names to IP address and IP address to domain names.
Port 23
Telnet
Network Time Protocol (NTP)
UDP 123 -Used to keep accurate time for clients on a network.
Simple Network Management Protocol (SNMP)
UDP 161, 162 -Used to collect data about network devices and monitor their status. -Provides you to collect and organize info about all the managed devices on an IP network. This includes routers, switches, VoIP phones, and other devices.
System Logging Protocol (Syslog)
UDP 514 -Used to send logging data back to a centralized server.
Dynamic Host Configuration Protocol (DHCP)
UDP 67, 68 -automatically provides network parameters to your clients, such as their assigned IP address, subnet mask, default gateway, etc.
T568A
White and Green Green White Orange Blue White Blue Orange White Brown Brown
T568B
White/orange orange white/green blue white/blue green white/brown brown
The 6 GHz frequency band is used by
Wi-Fi 6E under the 802.11ax standard.
Zone Transfers
allow us to make DNS changes on a primary DNS server and have all of those changes replicated to secondary DNS servers. -provides replication and redundancy of this DNS information.
show diagnostic
command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device.
show route
command is used on a Cisco networking device to display the current state of the routing table for a given network device.
show interface
command is used on a Cisco networking device to display the statistics for a given network interface.
Start of Authority (SOA) record
defines the general parameters for the DNS zone, including the identity of the authoritative server for the zone.
A record
for IPv4 addresses , to change the host name to IP address resolution. -modify the IP or name of the device.
Dynamic NAT
is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address.