Network+
What step of the CompTIA Network+ troubleshooting methodology involves determining if anything has changed?
1
An email administrator is setting up records for their new cluster of mail servers. What must each of their MX records point to?
A The host identified in an MX record must have an associated A or AAAA record.
An IT security employee discovered a rogue access point (AP) and traced the activity to a smartphone tethered to a workstation on the corporate network. What would this type of attack allow a malicious user to do? (Select all that apply.)
Allow access to private information Capture user logon attempts Perform on-path attacks
A security administrator is investigating recent logins to a server that has been compromised. Which log should the administrator audit?
Audit log An audit log records the use of authentication and authorization privileges. It will generally record success/fail type events. An audit log might also be described as an access log or security log.
A network consultant is conducting a test to determine the amount of data transferred through a connection over a given period. What is the consultant testing?
Bandwidth
A data center architect is looking at access types and wants something that is cost-effective. They are a smaller company so they are willing to take some risks to have a lower cost. What would a good solution for them be?
Colocation Colocation is cost-effective but also associated with several risks. Colocation means that a company's private servers and network appliances are installed in a data center that is shared by multiple tenants.
A network administrator is trying to set up IP assignments to be automatic for all broadcast domains. How can they enable this for routers?
DHCP relay A DHCP relay agent can be configured to provide forwarding of DHCP traffic between subnets. Routers that can provide this type of forwarding are described as RFC 1542 compliant.
A network specialist installs a feature that presents a host from an untrusted port from flooding the segment with gratuitous replies. What is the name of this feature?
Dynamic ARP inspection A switch port security feature such as dynamic ARP inspection (DAI) prevents a host attached to an untrusted port from flooding the segment with gratuitous ARP replies.
A systems administrator is attempting to set up a framework for deploying multiple types of authentication protocols and technologies. Which of the following should they use?
EAP Extensible Authentication Protocol (EAP) provides a framework for deploying multiple types of authentication protocols and technologies.
A wiring professional terminates the ends of some coaxial cables. Which one of these connectors can the professional use?
F-Type Coaxial cables are usually terminated using F-type connectors, which are secured by screwing into place.
A systems administrator installs a connectivity device that results in a high number of data collisions. Which device did the administrator install?
Hub A hub (also known as a dumb device) connects computers to a network in a star configuration. A hub lacks the features contained in a switch such as traffic control based on physical addressing.
An online company is seeing a quick customer growth in the utilization of custom online services. The company has forecasted a 300% increase of customer usage during the summer and currently cannot support this. What cloud solutions should the company consider when providing ongoing services to its customers? (Select all that apply.)
Hybrid model IaaS Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly. Company virtual machines can easily be moved to the cloud infrastructure during the peak season. A hybrid cloud model provides the ability for the company to elastically move service from private to cloud infrastructure, and vice versa. This makes on-demand services cost effective.
A helpdesk operator is reviewing the part of a MAC address which determines whether the frame is addressed to an individual node or a group. What is this called?
I/G The I/G bit of a MAC address determines whether the frame is addressed to an individual node (0) or a group (1). The latter is used for broadcast and multicast transmissions.
The CIO asks an IT systems administrator to configure a passive threat management solution. IT utilizes which type of technology?
IDS An Intrusion Detection System (IDS) is a system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. An IDS uses a passive approach to threat management.
A network administrator is designing a set of Internet Protocol (IP) addresses for a Class C network in order to lease it out to clients when booting. A set of printers will require the same IP address upon renewing the lease. Which of the following network components will support this design? (Select all that apply.)
IP reservation DHCP Dynamic Host Configuration Protocol (DHCP) provides an automatic method for allocating an IPv4 address, subnet mask, and default gateway. IP reservation, or MAC reservation, is a mapping of the MAC address to a specific IP address within the DHCP server's pool. The same IP address will be given to the registered MAC address of the requesting client.
A cyber security technician is observing a DOS attack on the organization's network. The technician can not determine anything surrounding the attacker's identity but does notice that no data traffic is being returned to the attacker. What type of attack is this?
IP spoofing IP spoofing is also used in most denial of service (DoS) attacks to mask the attack's origin and make it harder for the target system to block packets from the attacking system. In this type of spoofing, the threat actor does not care about not receiving return traffic.
A network administrator is researching network virtualization and is trying to find a standard architecture for appliances to be developed against. Which of these should the administrator look at for a standard?
NFV Virtual appliances might be developed against a standard architecture, such as ETSI's Network Function Virtualization (NFV). NFV divides provisioning into three domains.
A network architect reviews the statistics associated with a device in the Management Information Base and reviews each of the stored parameters. What are the individual numeric parameters named?
OIDs This agent maintains a database called a Management Information Base (MIB) that holds statistics relating to the device's activity, such as the number of frames per second handled by a switch. Each parameter stored in a MIB is referred to by a numeric Object Identifier (OID). Tree structures store OIDs. Encapsulation is the frame format expected on the interface.
A cyber consultant examines the security of the control room and evaluates the organization's maturing level and its use of security policy and controls. What is the name of this assessment?
Posture assessment
What allows fine-grained control over traffic parameters?
Quality of Service (QoS) Quality of Service (QoS) allows fine-grained control over traffic parameters. Protocols, such as Multiprotocol Label Switching (MPLS), provides QoS. MPLS can reserve the required bandwidth and pre-determine statistics when configuring the link.
A network consultant implements a switch port security feature that will block router advertisement packets from unauthorized sources. What is the name of this feature?
RA guard With Router Advertisement Guard (RA Guard), switchport security feature blocks router advertisement packets from unauthorized sources.
Using a Windows server, a network admin is trying to test a remote server's network configuration and confirm the packet's routing path. Apply the information given to determine which of the following actions will provide the appropriate information for this test. (Select all that apply.)
Run a ping command. Run a tracert command.
A network administrator is deciding which session control protocol they should use for their environment. Which of the following would they use?
SIP The Session Initiation Protocol (SIP) is one of the most widely used session control protocols. SIP endpoints are the end-user devices (also known as user agents), such as IP-enabled handsets or client and server web conference software.
A helpdesk technician is trying to see if a user is receiving an IPv6 link-local address. Which of the following is the system which performs this for IPv6?
SLAAC IPv6 uses a more flexible system of generating link-local addresses and address autoconfiguration than IPv4 called stateless address autoconfiguration (SLAAC).
A company wants to provide software applications to its employees as quickly as possible. They want the applications to update regularly and be accessible via the cloud. Employees should not have to install anything new on their workstations. Which of the following cloud models will provide the best solution?
SaaS Software as a Service (SaaS) is a computing method that uses the cloud to provide application services to users. An example is Google G Suite. It is regularly updated online and users do not need to install anything extra. The services are accessible online.
A network engineer monitors the network and follows information packets as they move through the network from hosts to endpoints. What is the engineer observing?
Send/Receive Traffic
A company requires connectivity between two buildings. The buildings are over 750 meters apart. IT engineers suggest which type of fiber cabling?
Single mode Single-mode fiber cables support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics.
The IT floor of a bank building contains servers that hold confidential data and the bank needs to regulate access to sensitive areas within the building. Analyze the scenario to determine which options can be implemented to allow employees to authenticate through locked barriers. (Select all that apply.)
Smart Badge Biometric Device
A systems architect is setting up traffic between an SDN controller and infrastructure devices through automation by scripts that call functions. What direction of traffic is this considered to be?
South The SDN controller and infrastructure device traffic are the "southbound" API calls. The principal innovation of SDN is to insert a control layer between the application layer and the infrastructure layer.
A penetration tester is looking at IoT devices on a network. Which of the following would act as the control system?
Speaker
Organizations must have mechanisms to detect and suppress fires. Which of the following are fire suppression systems an organization may need to implement? (Select all that apply.)
Sprinkler systems Fire extinguishers
A user reports they cannot open the shared drives. After investigating the issue, the engineer found that the workstation had its network information misconfigured. The incorrect information was 255.255.255.255, instead of 255.255.255.0. What was most likely incorrectly set on the workstation?
Subnet mask Subnet addressing refers to the division of a single IP network into two or more smaller broadcast domains by using longer netmasks within the boundaries of the network. Also called a subnet mask. This is usually signified by the numbering scheme 255.255.255.0 or similar.
A security engineer is looking through packets to analyze possible malicious activity and is currently looking at a three-way handshake. What is the first step in that process?
TCP SYN to server The first step is for the client to send a segment with the TCP flag SYN set to the server with a randomly generated sequence number. The client enters the SYN-SENT state.
A custom client application is unable to communicate with the internal Internet Information Services (IIS) server. Pinging or establishing a telnet connection from a workstation to the server works normally using an IP address or FQDN. Examine the following reasons and determine possible causes for this network issue. (Select all that apply.)
TCP ports are blocked. The IIS service is not running. The application on the client workstation may be communicating over a blocked Transmission Control Protocol (TCP) port. The workstation can communicate using Telnet via TCP port 23; ports may need to be manually allowed in and out. The IIS service may not be working, causing the client application not to connect as well. Services on a Windows computer is viewable using the Services management console (services.msc).
A network administrator is unable to access files on a remote system. A network firewall seems to be blocking traffic from passing through. Which of the following will the administrator most likely need to reconfigure for inbound and outbound traffic? (Select all that apply.)
TFTP traffic TCP port 20 Trivial File Transfer Protocol (TFTP) is a file transfer service which is a connectionless protocol running over UDP port 69. It is suitable for transferring small files. File Transfer Protocol (FTP) is a connection-oriented protocol running over TCP port 20 and 21. TCP port 20 is used for data connection on the server side, and TCP port 21 is used as a control port.
A company recently set up a new wireless network for guests and vendors that does not require a network key. Users have reported that connecting to this new network fails when their device connects and automatically loads the captive portal web page. What two items should be verified in troubleshooting the captive portal setup? (Select all that apply.)
The captive portal page URL starts with https:// Client disassociation settings The captive portal needs to be installed with a digital certificate issued by a certification authority (CA) trusted by the client browser. The captive portal should use HTTPS. Most modern browsers will block redirection to sites that do not use TLS.
A new web server on the domain is called WEBMARKETING01.proprints.co. The marketing department worked remotely on setting up this web server for the past two days. After joining the server to the domain, a remote session cannot be established. Pinging the FQDN (Fully Qualified Domain Name) also fails. Using a divide and conquer approach, how would a network admin most likely begin to theorize a probable cause?
Theorize an IP issue at Layer 3. In a divide and conquer approach, you start with the layer most likely to be causing the problem. The DNS A record including the server's IP address may not have been created yet. Ping the FQDN, if IP resolution fails, fix the A record.
A network specialist received a port failure notification on UDP port 162. What agent is detecting the notable event?
Traps
A network technician is looking at various administrative distances to see which route would take the longest. Which of the following would have the highest administrative distance?
Unknown Unknown has an administrative distance of 255. An administrative distance (AD) value expresses the relative trustworthiness of the protocol supplying the route.
The marketing office reported issues regarding slow network connectivity to the Internet and inability to access the company's SharePoint site. All marketing users on the 7th floor offices are getting an "HTTP 404" warning. What is the best way the network admin can approach this incident to identify the problem?
Work on the slow Internet connection first. The network admin must approach multiple problems individually. Although issues with the slow Internet and the "HTTP 404" error may seem the same, both may be caused by different factors. Treat each issue separately.
A Linux administrator is configuring a Linux server's network interface card. The server must have a static IP (Internet Protocol) address for a Class C network. Settings must be verified. Analyze and select which commands would be most appropriate to run in this scenario. (Select all that apply.)
ifconfig ifconfig eth0 192.168.101.120 ifconfig eth0 netmask 255.255.255.0 The ifconfig utility is used on Linux and Unix hosts to gather and configure network settings. The ifconfig eth0 192.168.101.120 command sets the static IP address of eth0 or the first network interface (NIC) card of the host. The ifconfig eth0 netmask 255.255.255.0 command sets the subnet mask. This is the default subnet mask for a Class C network. The ifconfig command with no arguments will output a list of all active interfaces and their details. This can be used to verify a change after it has been made.
A helpdesk operator is attempting to release a client's IP as part of their troubleshooting steps. Which of the following tools can they use to accomplish this? (Select all that apply.)
ipconfig dhclient NetworkManager
A network technician is troubleshooting network issues between a workstation and a virtual server running a beta application. Network performance is lacking and there seems to be issues in between the source and destination. Which command will provide the technician with the best information regarding other nodes between the workstation and the remote host?
pathping The pathping command performs a trace route, then it pings each hop router a given number of times for a given period to determine the Round Trip Time (RTT) and measure link latency more accurately. The output also shows packet loss at each hop.
