Network+ Practice Test B
A host IP address of 169.250.13.30 is what type of address? A. Global B. Local C. Private D. APIPA
Answer A is correct. 169.250.x.x is a global address that can be used on the Internet. Global addresses are equivalent of the entire IPv4 public address space and the given address is not part of the private IP address range, which means it is a public address. Therefore, host IP address of 169.250.13.30 is a global address. Answers C and B are incorrect. The local and private addresses are not routable on the Internet. The private IP address ranges are different for Class A, B, and C addresses, respectively. Answer D is incorrect. Automatic Private Internet Protocol Addressing (APIPA) is used when a Windows DHCP client cannot connect to a DHCP server. It automatically assigns itself an address from the range 169.254.x.x/16.
Which of the following types of connectors are used for unshielded twisted-pair connections? Each correct answer represents a complete solution. Choose two. A. SC B. BNC C. RJ-11 D. RJ-45
Answers C and D are correct. RJ-45 and RJ-11 connectors are used for unshielded twisted-pair connections. The RJ-45 connector is similar to an RJ-11 telephone connector, but is larger in size, because it has eight conductors; an RJ-11 connector only has four conductors (two pairs). An RJ-11 connector is the same connector that is used on a telephone wire, while an RJ-45 connector is used for copper wire Ethernet connections. Answers B and A are incorrect because BNC and SC connectors are used on coaxial cables and fiber-optic cables, respectively.
What is the default subnet mask for IP address 194.216.44.9? A. 255.0.0.0 B. 255.255.0.0 C. 255.255.255.0 D. 127.0.0.1
The first octet of the IP address 194.216.44.9 falls in the 192 to 223 range. Therefore, the IP address is a class C address. The default subnet mask for class C addresses is 255.255.255.0. Answers A and B are incorrect because the default subnet masks for class A and class B addresses are 255.0.0.0 and 255.255.0.0 respectively. Answer D is incorrect.
A network technician replaces a hub with a 12-port switch to increase the number of collision domains. Which of the following represents the possible number of collision domains on the newly replaced switch? A. 12 B. 6 C. 3 D. 8
Answer A is correct. A collision domain represents an area on a LAN on which there can be only one transmission at a time. A significant downside to hubs, and the main reason they have largely been replaced with switches, is that all ports on a hub belong to the same collision domain. Whereas, a switch creates a collision domain on each port by default. Therefore, a 12-port switch will have 12 collision domains.
A retail company is concerned about outside users gaining access to its confidential resources. The retail company hosts a Simple Mail Transfer Protocol (SMTP) server as well as a secure Internet shopping site using HTTPS. How can it protect its network without severely impacting business operations? A. Install a firewall and block traffic on all incoming ports except 443 and 25. B. Install an uninterruptible power supply (UPS) and block traffic to ports 80 and 25. C. Install antivirus (AV) software and block viruses on ports 80 and 25. D. Install a firewall and block traffic on all outgoing ports except 443 and 25.
Answer A is correct. A firewall is the most secure and useful device in controlling access to a network while allowing legitimate traffic to pass through. SMTP uses port 25 while HTTPS uses port 443. The network requires these ports to be allowed through because those services are being accessed from outside. Answer D is incorrect because installing a firewall and blocking traffic on all outgoing ports except 443 and 25 is not required as the security concern is for the incoming traffic nor the outgoing one. Answers C and B are incorrect because port 80 is used by HTTP so there's no advantage to implement anything on port 80.
A network administrator has installed a DHCP server on the company's network to automatically assign IP addresses to client computers. The network administrator configures a computer for a new user. The user complains that she is unable to access the network resources. The network administrator runs the ipconfig command on her computer and receives the following IP configuration information: IP address — 169.254.75.182 Subnet Mask — 255.255.0.0 Default Gateway — NA Other users are not facing the same problem. What is the most likely cause of this issue? A. The computer is not able to connect to the DHCP server. B. The TCP/IP protocol suite is not installed on her computer. C. The computer is not able to connect to the WINS server. D. The DNS server is not working on the network.
Answer A is correct. An IP address of a computer in the range of 169.254.y.z represents that the computer is assigned an IP address given by APIPA. It means that the computer is not getting the IP address from the DHCP server. To connect to the resources on the network, the network administrator will have to get a new DHCP lease from the DHCP server. For this, the network administrator should run the ipconfig /renew command. Answers C and D are incorrect because the question clearly states that other users are not facing the same problem. The DNS and WINS are centralized components of the network; therefore, failure of DNS or WINS will affect all users on the network. Answer B is incorrect because the ipconfig utility shows the IP address assigned to the computer. This clearly indicates that the TCP/IP protocol suite is installed on the user's computer.
Your manager has asked you to negotiate standoff timers to allow multiple devices to communicate on congested network segments in a company. Which will help you to accomplish the task? A. CSMA/CD B. DOCSIS C. OSPF D. BGP
Answer A is correct. Carrier sense multiple access collision detection (CSMA/CD) is the procedure used by Ethernet to determine whether it is safe to transmit, detect collisions, and retransmit, if necessary. Any device on an Ethernet network can send data at any time. The network devices sense when the line is idle and therefore available for the transmission of data. The network device then transmits a data frame onto the network. If another device sends a frame at exactly the same time, a collision occurs and the frames are discarded. The network devices will then wait for a random period of time before attempting to send the frame again. Answer B is incorrect. The frequencies dedicated to data transmission are specified by a Data-Over-Cable Service Interface Specification (DOCSIS) version. Answer C is incorrect. Open Shortest Path First (OSPF) is a link-state routing protocol that uses a metric of cost, which is based on the link speed between two routers. Answer D is incorrect. Border Gateway Protocol (BGP) is an interconnection of multiple autonomous systems and is considered to be the routing protocol that runs the Internet. It is the only EGP in widespread use today.
In a TCP/IP-based network, you have installed two WAPs (wireless access points). Which of the following documents will you update? A. Wiring schematics B. Physical network diagram C. Logical network diagram D. Regulations
Answer B is correct. Two installed WAPs are physical components of the network. Hence, you will update the physical network diagram of the company.
You need to install a WAN for a remote office with only four users. Which WAN technology would you most likely use? A. Cable modem B. Frame Relay C. ATM D. T1
Answer A is correct. Getting a cable modem connection to the ISP and then connecting to the office through that link with a VPN will provide the security you need at low cost. Answer C is incorrect. ATM is a cell-switching technology that can handle data as well as real-time voice and video. The ATM protocol breaks up transmitted data into 53-byte cells, which are switched between any two nodes in a network at rates ranging from 155 to 622 Mbps using virtual circuits. Answer B is incorrect. Frame Relay is a packet-switching technology that involves breaking messages into chunks called packets at the sending device. Each packet can be sent over any number of routes on its way to its destination. The packets are then reassembled in the correct order at the receiving device. Answer D is incorrect. A T1 connection has a maximum speed of 1.5 Mbps. A single T1 line carries 24 telephone connections with 24 telephone numbers. When used for voice transmission, a T1 connection must be split into 24 separate circuits.
If a switch receives a frame and the destination hardware address is not in the forward/filter table, what will the switch do with this frame? A. Send it out to all ports B. Route it to the nearest port C. Drop it D. Add it to the MAC address table
Answer A is correct. If a frame is received on a switch and the destination hardware address is not in the forward/filter table (also called the MAC address table), the frame will be forwarded out to all ports except the port on which it was received. Answers C, B, and D are incorrect because the switch will neither drop the packet nor route it to any specific port. It will also not update the MAC address table for that frame.
At a company, users arriving at work on Monday morning are finding that when they boot up their machine, they cannot connect to the Internet or any servers. On the other hand, users who did not shut down their machines over the weekend are not having this problem. Where can the problem be? A. DHCP server B. Proxy server C. DNS server D. WINS server
Answer A is correct. If users reboot, they need to communicate to the DHCP server to receive an IP address. If the DHCP server is down or not responding, users will not be able to communicate on the network. The users who did not reboot will keep their IP address until the lease time expires. Answer C is incorrect. A DNS server performs the task of taking a domain name and resolving that name into a corresponding IP address. Answer D is incorrect. WINS server provides NetBIOS names to the IP addresses resolution service. Answer B is incorrect. A proxy server intercepts requests being sent from a client and forwards those requests on to their intended destination. The proxy server then sends any return traffic to the client that initiated the session. This provides address hiding for the client.
Jennifer, a network analyst, has been tasked to limit users who can connect to a network printer located centrally within an office environment. Which of the following tools will Jennifer use to complete this task? A. ACL B. RDP C. LDAP D. VPN
Answer A is correct. Jennifer will use an access control list (ACL) which is a set of data (user names, passwords, time and date, IP addresses, MAC addresses, etc.) used to control access to a resource such as a computer, file, or network. ACLs are commonly implemented as MAC address filtering on wireless routers and access points. When a wireless client attempts to access the network, that client's MAC address is compared to the list of authorized MACs and access is granted or restricted based on the result. Answer D is incorrect. Virtual private network (VPN) is a private communication network transmitted across a public network connection such as the Internet. Answer B is incorrect. Remote Desktop Protocol (RDP) is a proprietary protocol created by Microsoft for connecting to and managing devices not necessarily located at the same place as the administrator. Answer C is incorrect. Lightweight Directory Access Protocol (LDAP) is a network protocol used to access network directory databases, which store information about authorized users and their privileges as well as other organizational information.
A network administrator wants a central time source for the entire company's network so that all network devices will synchronize properly. Which network protocol could be used for this purpose? A. NTP B. VLAN C. RTP D. STP
Answer A is correct. Network Time Protocol (NTP) will ensure that the time is consistent across all network devices on the domain. It synchronizes the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver or modem. It uses port 123 for communication and works at the Transport layer of the OSI. Answer D is incorrect. STP is a network protocol that ensures a loop-free topology for Ethernet networks. Answer B is incorrect. VLAN is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. Answer C is incorrect. RTP is a network protocol for delivering audio and video over IP networks.
In a small office, the Internet connection drops out about two times a week. A vendor does come out and fixes the issue, but it almost takes a day. Which of the following should the office implement to reduce this downtime? A. SLA B. Baseline C. MOU D. SOW
Answer A is correct. SLA (Service-Level Agreement) is a business document that defines a minimum standard of service that a customer expects from its supplier. Most service contracts are accompanied by an SLA, which often include security priorities, responsibilities, guarantees, and warranties. In an IT industry, a customer wants its Internet or WAN connections to be available all the time. Answer B is incorrect. A baseline is a collection of data portraying the characteristics of a network under normal operating conditions. Data collected while troubleshooting can then be contrasted against baseline data. Answer C is incorrect. MOU (Memorandum of Understanding) is an agreement between two or more organizations that details a common line of action. It is often used in cases where parties do not have a legal commitment or in situations where the parties cannot create a legally enforceable agreement. Answer D is incorrect. SOW (Statement of Work) is a document that spells out all details concerning what work is to be performed, deliverables, and the timeline a vendor must execute in performance of specified work.
A security technician identifies a security breach on his company's network. Which of the following should he use to aggregate and analyze network's security logs? A. SIEM B. Event log C. Syslog D. SNMP
Answer A is correct. Security Information and Event Management (SIEM) provides real-time analysis of security alerts generated by network hardware and applications. It allows a company to aggregate and analyze its security logs. SIEM capabilities include data aggregation; log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events. Answer D is incorrect. Simple Network Management Protocol (SNMP) is used to monitor and manage network devices. Answer C is incorrect. Syslog is an open standard for logging information about events occurring on a network device. Answer B is incorrect. Event log records computer's alerts and notifications. In networking, an event log is a basic resource that helps provide information about network traffic, usage, and other conditions.
Switches/bridges use what type of addresses to segment a LAN? A. MAC B. IPv6 C. IP D. Repeater
Answer A is correct. Switches/bridges work at the Data Link layer and use hardware or MAC addresses to segment a network. Answers C and B are incorrect. Both IP and IPv6 are used by nodes (hosts and routers) to determine link-layer addresses for neighbors known to reside on attached links. Answer D is incorrect. A repeater is a network device used to regenerate or replicate signals that are weakened or distorted by transmission over long distances. The purpose of a repeater is to extend the LAN segment beyond its physical limits (e.g. Ethernet is 500m for 10Base5).
A network technician needs to configure a wireless network for a company but he can't use the 2.4 GHz range because of interference issues. What wireless standard can he choose at the 5 GHz range to get 54 Mbps data rate? A. 802.11a B. 802.11g C. 802.11b D. 802.11
Answer A is correct. The IEEE 802.11a standard operates in the 5 GHz range and provides data rate up to 54 Mbps. The 802.11a standard provides a wider frequency, supports more channels, and therefore, more data throughput. Answers D, C, and B are incorrect because the 802.11, 802.11b, and 802.11g standards work on the 2.4GHz radio frequency. As this frequency is used by domestic devices including microwave ovens, the devices following these standards will have high chances of being affected by interference.
A company is worried about users tailgating into restricted areas. In order to avoid unauthorized users from following others, what should be implemented by the company? A. Mantrap B. Rootkit C. Vishing D. Biometric lock
Answer A is correct. The company should implement mantrap, which is two sets of interlocking doors inside a small space, where the first set of doors must close before the second set opens. If the mantrap is manual, a guard locks and unlocks each door in sequence. In this case, an intercom or video camera is typically used to allow the guard to control the trap from a remote location. If the mantrap is automatic, identification or a key of some kind may be required for each door, and sometimes different measures may be required for each door. Metal detectors are often built in to prevent entrance of people carrying weapons. Such use is particularly frequent in banks and jewelry shops. Answer D is incorrect. A biometric lock is a lock that is activated by biometric features, such as a fingerprint, voice, retina, or signature. Biometric locks make it more difficult for someone to counterfeit the key used to open the lock. Answer B is incorrect. Rootkit is a code that is intended to take full or partial control of a system at the lowest levels. Rootkits often attempt to hide themselves from monitoring or detection and modify low-level system files when integrating themselves into a system. Answer C is incorrect. Vishing is a human-based attack for which the goal is to extract personal, financial, or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services.
After setting up a new firewall, a network technician enters only three rules for network security that allow traffic on ports 21, 25, and 110. Due to this, users report that they cannot access web pages using URLs. What should the network technician do to resolve the issue? A. Add one more rule at the end allowing ports 80 and 53. B. Add one more rule at the end allowing ports 20 and 23. C. Add one more rule at the end allowing ports 143 and 445. D. Add one more rule at the end allowing ports 80 and 143.
Answer A is correct. The network technician should add one more rule at the end allowing ports 80 and 53. The port 80 is used by HTTP to securely retrieve content from a web server and the port 53 is used by DNS for resolving domain names to corresponding IP addresses. Answers D, C, and B are incorrect. Port numbers 20, 23, 143, and 445 are used by FTP, Telnet, IMAP, and SMB, respectively. Allowing these ports will not be helpful because the DNS and HTTP traffic will still get blocked.
A user is experiencing an issue with his wireless device. While he is in the hall, the wireless signal is steady and strong. However, at his desk, the signal is consistently dropping, yet the device indicates a strong signal. What is the most likely cause of the issue? A. Bounce B. AP configuration C. Incorrect SSID D. Signal-to-noise ratio
Answer A is correct. The signal between the access point and the user's wireless device is getting bounced off walls, furniture, and many other objects. This is resulting in slow connection. The radio waves are travelling at the same rate, but as a result of signal bounce, they are getting interfered before reaching destination. Answer D is incorrect. Since the device is indicating a strong signal, so there is no issue related to signal-to-noise ratio. Answers B and C are incorrect. If there has been an incorrect SSID or an issue with AP configuration, the user would not have been able to connect to the access point.
For a small office, a network technician has to design a WLAN which is capable of supporting HD video streaming to multiple devices. Which of the following wireless technologies would be appropriate for this design? A. 802.11a B. 802.11ac C. 802.11b D. 802.11g
Answer B is correct. 802.11 is a set of IEEE standards that govern wireless networking transmission methods. The most popular variants of the 802.11 standard in use today are 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac. The 802.11ac is a 5-GHz standard that can use more simultaneous streams than 802.11n and features multi-user MIMO (MU-MIMO). According to the question, to support HD video streaming to multiple devices, a wireless network with fastest speed is required, and this is available with 802.11ac standard. Answers D, A, and C are incorrect. 802.11a, 802.11b, and 802.11g support speeds up to 54 Mbps, 11 Mbps, and 54 Mbps. Compared to 802.11ac, these standards do not support such greater speed that can stream HD video efficiently.
Spread-spectrum technology is used in wireless networks. What spread-spectrum modulation technique does 802.11b use? A. FHSS B. DSSS C. OFDM D. MIMO
Answer B is correct. 802.11b uses the Direct Sequence Spread Spectrum (DSSS). When the 802.11g specification uses 802.11b speeds, it uses the DSSS modulation technique. Answer A is incorrect. Frequency Hopping Spread Spectrum (FHSS) allows the participants in a communication to hop between predetermined frequencies. It chops up the data being sent and transmits chunks of it through the air on up to 75 different frequencies in the 2.4 GHz range. Answer C is incorrect. Orthogonal Frequency Division Multiplexing (OFDM) modulation is used by both 802.11g and 802.11a standards. OFDM uses a relatively slow modulation rate for symbols than DSSS. Answer D is incorrect. Multiple input, multiple output (MIMO) is a technology that allows 802.11n to achieve superior throughput. It uses multiple antennas for transmission and reception that do not interfere with one another by using spatial multiplexing, which encodes data based on the antenna from which the data will be transmitted. 802.11n incorporates MIMO.
You have an interface on a router with the IP address 192.168.1.199/28. What is the broadcast address the hosts will use on this LAN? A. 192.168.1.200 B. 192.168.1.207 C. 192.168.1.255 D. 192.168.1.0
Answer B is correct. A /28 (255.255.255.240) has a block size of 16 in the fourth octet. This means the subnets are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, and so on. This host is in the 192 subnet. The next subnet is 208, so the broadcast address is 192.168.1.207.
A network administrator has a tough job of connecting more than 100 users to the Internet, but the ISP has only provided a /30 network ID. What technology should the network administrator implement to make this work? A. DHCP B. PAT C. VLANs D. VPN
Answer B is correct. A /30 network means there are only two hosts available, out of which, one with the ISP has on a point-to-point link. The network administrator can make this work by implementing Port Address Translation (PAT). PAT is a variant of Network Address Translation (NAT), which allows multiple inside local IP addresses to share a single inside global IP address (publicly routable IP address). It is a many-to-one translation. PAT can distinguish between different flows based on port numbers. Answer A is incorrect. Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard used to dynamically assign IP addresses to computers, so that they can communicate with other network services. It reduces the complexity of managing network client IP address configuration. Answer C is incorrect. VLANs are logically segmented switched networks that provide complete independence of the physical and logical topologies. VLANs are configured to supply segmentation services, flexibility, and security in LAN configurations. All workstations and servers of a particular workgroup are configured for the same VLAN. Answer D is incorrect. VPN (virtual private network) uses a tunneling protocol to span public networks, such as the Internet, without security risk. VPN enables remote users to access corporate networks securely by using a tunneling protocol such as PPTP or L2TP.
How does a DHCP reservation work? A. It lets the network devices choose an IP address from an appropriate DHCP scope. B. It matches a specific MAC address to a specific IP address. C. It leases a set of reserved IP addresses from an appropriate DHCP scope. D. It dynamically assigns an IP address from an appropriate DHCP scope.
Answer B is correct. A DHCP reservation works by matching a specific MAC address to a specific IP address. This address will not be assigned to any other network device on the network. It is a static IP address assignment. Answers C and D are incorrect. A dynamic IP address assignment is not permanent. It is a temporary assignment referred to as a lease. Answer A is incorrect. A network device doesn't choose an IP address for itself. When a network device initially boots, it has no IP address, default gateway, or other such configuration information. It obtains an IP address from a DHCP server through the exchange of four messages: DHCPDISCOVER > DHCPOFFER > DHCPREQUEST > DHCPACK.
A network administrator observes an increased amount of web traffic without an increased number of financial transactions. Which of the following attacks is the company most likely experiencing? A. Bluesnarfing B. Denial of Service C. Social engineering D. Phishing
Answer B is correct. A DoS (Denial of Service) attack floods a system with an excessive amount of traffic or requests, which consumes the system's processing resources and prevents the system from responding to many legitimate requests. Answer C is incorrect. In social engineering, attackers sometimes use social techniques (which often leverage people's desire to be helpful) to obtain confidential information. Answer D is incorrect. Phishing is a type of Internet fraud attempted by hackers. Hackers try to log into a system by masquerading as a trustworthy entity and acquire sensitive information, such as username, password, bank account details, credit card details, and so on. After collecting information, hackers try to use this information for their gain. Answer A is incorrect. Bluesnarfing is unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails, and text messages, and on some phones, users can copy pictures and private videos.
You work as a Network Administrator for Net World International. The Sales office and head office of the company are located in different buildings. You want to connect the Sales office network to the Head office network. The company's management is concerned about the electromagnetic interference (EMI) in the surrounding locality. Which of the following cables will you use? A. UTP B. Fiber-optic C. Coaxial D. STP
Answer B is correct. A fiber-optic cable is used for high-speed, high-capacity data transmission. It uses optical fibers to carry digital data signals in the form of modulated pulses of light. The prime features of a fiber-optic cable are described below: Supports greater signal bandwidth transmission Immune to electromagnetic interference (EMI) Transmits undistorted signals over great distances
Which of the following specifications of IEEE (Institute of Electrical and Electronic Engineers) defines the standard for fiber-optic cables? A. 802.1 B. 802.5 C. 802.8 D. 802.12
Answer C is correct. The IEEE formed a project, called Project 802 to help define certain LAN standards. Project 802 defines aspect of the network relating to physical cabling and data transmission, corresponding to the physical and data link layers of the OSI (Open System Interconnect) model. The 802 specifications contain twelve different categories. In these specifications, 802.8 is used to define standards for fiber-optic cables. Answer A is incorrect because the 802.1 specifications define the standards for Internetworking. Answer B is incorrect because the 802.5 specifications define the standards for Token Ring LAN. Answer D is incorrect because the 802.12 specifications define the standards for Demand Priority Access LAN and 100baseVG-AnyLAN.
Which of the following network topologies utilizes a central device with point-to-point connections to all other devices? A. Bus B. Star C. Ring D. Mesh
Answer B is correct. A star network topology is the most common network in use today. In this, the components or nodes connect back to a centralized device, such as a switch. If one of the nodes fails, other will continue to work, thus minimizing the risk of failure of entire network. However, the central connection point can be a single point of failure for the network. Answer D is incorrect. A mesh topology connects every device to every other device using a series of point-to-point connections. This makes the mesh topology very expensive, but it creates several possible signal paths, providing a high level of fault tolerance. Answer A is incorrect. A bus network topology typically uses a cable running through the area requiring connectivity. Devices that need to connect to the network then tap into this nearby cable. Answer C is incorrect. A ring topology connects every computer to two other computers, forming a physical "ring." In a ring topology, signals generally travel in one direction around the ring as they are passed from one computer to another. If a cable failure occurs, there is a break in the ring, which causes the entire network to stop responding.
John, a network technician is troubleshooting a wired device on the network. He notices that the link light on the NIC does not illuminate, but after testing the device on a different RJ-45 port, the device connects successfully. What is the cause behind this issue? A. Cross-talk B. Bad wiring C. ESD D. EMI
Answer B is correct. According to the question, as the device worked on a different port, so this indicates that the wiring is faulty. In this case, the damaged or nonfunctional wire should be replaced. Answer D is incorrect. When a power cable runs along with the computer network cable, it is most likely that the radiation from the power cable, known as EMI (electromagnetic interference), may be inducted into the computer network cable affecting the signals that pass through it. Answer C is incorrect. Electrostatic discharge (ESD) is the static electricity, which occurs when the electrostatic charge is transferred from one charged entity to another entity sensitive to that charge. Humidity in the atmosphere reduces the risk of ESD. Answer A is incorrect. Cross-talk can occur when an analog connection creates an electromagnetic field around its conductors, inducing its waveforms on a nearby analog connection.
A network technician has to implement a system that detects and reports attempts of unauthorized access to the network. What system should the network technician install? A. Honeypot B. IDS C. Firewall D. IPS
Answer B is correct. An intrusion detection system (IDS) is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet. It can detect several types of attacks and malicious behaviors that can compromise the network and computers security. This includes network attacks against vulnerable services, unauthorized logins, and access to sensitive data, and malware (e.g. viruses, worms, etc.). An IDS will detect and report attempts at unauthorized access and other attacks but not prevent them. Answer D is incorrect. An intrusion prevention system (IPS) can recognize the signature of well-known attack and respond to stop the attack. An IPS device resides in-line with the traffic flow, unlike an IDS sensor and monitors network and/or system activities for malicious or unwanted behavior and can react, in real time, to block or prevent those activities. Answer A is incorrect. A honeypot is a system that appears to be an attractive attack target. The attackers then use their resources attacking the honeypot, resulting in their leaving the real targets, for example servers, alone. Answer C is incorrect. A firewall is a device that defines a set of rules to dictate which types of traffic are permitted or denied as that traffic enters or exits a firewall interface. However, for deep packet inspection an IPS device is still needed.
A network technician reports to a compromised workstation. The technician secures the area, documents the scene, checks the compromised machines by taking them offline and then leaves them there without making any record. Which of the following steps in the incident handling has not been performed correctly by the network technician? A. Documentation of the scene B. Chain of custody C. Forensic report D. Area security
Answer B is correct. As the network technician checks the compromised machines but leaves them without making any record, chain of custody is the step that has not been performed correctly. A chain of custody document records about the people obtaining, controlling, and securing the evidence and also contains the basic information about the organization, the affected clients, as well as other information. Since the network technician has not only forgot to collect the evidence by taking the machines, he has also skipped making a record of them. Answers A and D are incorrect because these steps are performed successfully and correctly by the network technician. Answer C is incorrect because a forensic report summarizes the substantive evidences in a simple and concise way. It follows after chain of custody and data transport in the incident handling. Since chain of custody has not been performed correctly, a forensic report is bound to have issues.
A network administrator wants to connect multiple ports on a switch in an office to multiple ports on a switch in another switch closet. Which advanced feature allows these ports to be combined and managed as a single entity? A. Port mirroring B. Bonding C. STP D. VLANs
Answer B is correct. Bonding ports on a switch allows them to operate as one port and take advantage of the combined bandwidth. It combines two to eight Fast Ethernet or Gigabit Ethernet ports together between two switches into one aggregated logical link to achieve more bandwidth and resiliency. Answer A is incorrect. Port Mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Answer C is incorrect. STP allows a network to physically have Layer 2 loops while strategically blocking data from flowing over one or more switch ports to prevent the looping of traffic. Without spanning tree, if there are parallel Layer 2 paths, a single broadcast could loop the network endlessly and thus can degrade network performance. Answer D is incorrect. VLANs are logically segmented switched networks that provide complete independence of the physical and logical topologies. VLANs are configured to supply segmentation services, flexibility, and security in LAN configurations. All workstations and servers of a particular workgroup are configured for the same VLAN.
Joe, a network technician, is implementing highly available datacenters for a company. The company wants to maintain an Internet presence at all sites even if the WAN circuit at one site goes redundant. Which of the following will Joe use? A. RIP B. BGP C. Load balancer D. OSPF
Answer B is correct. Border Gateway Protocol (BGP) is considered to be the routing protocol that runs the Internet, which is an interconnection of multiple autonomous systems. BGP is a path-vector routing protocol, meaning that it can use as its metric the number of autonomous system hops that must be transited to reach a destination network, as opposed to the number of required router hops. If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available. Answers A and D are incorrect. The routers within an autonomous system (AS) use an interior gateway protocol, such as the Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF) protocol, to exchange routing information among themselves. Answer C is incorrect. A load balancer, which is also known as a content switch, can distribute requests for content coming into a server farm across multiple servers containing identical content. If one of those servers needed to be taken down for maintenance, the load balancer could be configured not to forward requests to that server.
What is the most common attack on network servers? A. Phishing B. DoS C. Smurf D. Man in the middle
Answer B is correct. Denial of service (DoS) is the most common attack on network servers. A DoS (Denial of Service) attack floods a system with an excessive amount of traffic or requests, which consumes the system's processing resources and prevents the system from responding to many legitimate requests. Answer A is incorrect. Phishing is a type of Internet fraud attempted by hackers. Hackers try to log into a system by masquerading as a trustworthy entity and acquire sensitive information, such as username, password, bank account details, credit card details, and so on. After collecting information, hackers try to use this information for their gain. Answer D is incorrect. Man-in-the-middle attack occurs when an attacker successfully inserts an intermediary software or program between two communicating hosts. Answer C is incorrect. In smurf attack, the attacker sends a large number of ICMP echo requests at IP broadcast addresses using a fake source address. These requests appear to be coming from the victim's network address.
Which of the following can occur if the power cable runs along with the computer network cable? A. ESD B. EMI C. Surge D. Broadcast storm
Answer B is correct. If the power cable runs along with the computer network cable, radiation from the power cable, known as EMI (electromagnetic interference), may be inducted into the computer network cable affecting the signals that pass through it. Answer A is incorrect. ESD stands for electrostatic discharge. The static electricity that we generate everyday creates ESD. If you walk across a carpet and touch someone, you experience a mild shock. Electrostatic discharge occurs when the electrostatic charge is transferred from one charged entity to another entity sensitive to that charge. Answer C is incorrect. Surge is a momentary voltage variation (+/- 170 volts) that lasts from one microsecond to a few milliseconds. Turning on and off large inductive electrical devices, such as air conditioners and refrigerators, can cause a surge. Answer D is incorrect. Broadcast storm is a situation in which one or more network devices send jabber packets constantly, thereby, increasing the traffic. A faulty network interface card (NIC) that sends jabber packets can be detected by the network monitor software.
Which of the following is a cloud delivery model where a cloud provider grants an environment for constructing applications that will run from the client's environment? A. MaaS B. PaaS C. SaaS D. NaaS
Answer B is correct. Platform as a Service (PaaS) is an outsourced cloud computing model that eliminates the expense and complexity of evaluating, buying, configuring, and managing all the hardware and software needed for standard as well as custom-built applications. With PaaS, organizations can focus on running their applications from their environment, but without the hassle of maintaining the hardware and software infrastructure in-house. The service components include the base operating system (Windows, Linux, and UNIX flavors), integration services, and developer frameworks such as .NET, database technologies, application servers such as Java EE app servers and more, PaaS enables clients to rent a fully configured system that is set up for a specific purpose. Answer D is incorrect. NaaS is a cloud-enabled pay-as-you-go procurement model for network infrastructure and services. Answer C is incorrect. SaaS provides access to software and operates remotely as a Web-based service. Answer A is incorrect. Monitoring as a Service (MaaS) is the idea of a monitoring tool that is itself delivered as a service so that a user can log on to one central web-based dashboard which is hosted by the vendor of the monitoring service and see what is going on with all of the applications no matter where they are located.
Mary, a network administrator is installing an IDS device on the company's TCP/IP network. Which of the following can be configured on the switch to effectively use the IDS device? A. Static IP addressing B. Port mirroring C. Dynamic ARP inspection D. Trunking
Answer B is correct. Port Mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Answer A is incorrect. In static IP addressing, every computer or other device is assigned IP address manually. It is not preferred in large networks, where there are lots of hosts, because the chance of assigning duplicate addresses will be more. Answer D is incorrect. Trunking is a method of carrying traffic of VLANs over a point-to-point link between two devices. If two switches are connected together, the switches' ports of both sides of the link must be configured for trunking. The ports on both the switches of the link must also be configured with the same tagging mechanism that can be InterSwitch Link (ISL) or 802.1Q. Answer C is incorrect. Dynamic ARP Inspection (DAI) is a security feature performed by the switch to validate ARP packets in a network. Before forwarding packets to the appropriate destination, DAI determines the validity of the packets by performing an IP-to-MAC address binding inspection in the DHCP snooping binding database. DAI inspects only inbound packets and has the capability to protect the network from man-in-the-middle attacks.
Which of the following TCP ports must be opened on the firewall for the VPN connection using PPTP (Point-to-Point Tunneling Protocol)? A. 5060 B. 443 C. 1723 D. 110
Answer C is correct. The TCP port 1723 must be opened on the firewall for the VPN (Virtual Private Network) connection using PPTP (Point-to-Point Tunneling Protocol). PPTP is a VPN encryption protocol that operates at the Data Link layer. Answer B is incorrect because SSL uses TCP port 443 as the default port. Answer A is incorrect because TCP/UDP port 5060 is used for the Session Initiation Protocol (SIP). Answer D is incorrect because TCP port 110 is the default port for POP3.
Many users on a company's network are reporting an increase in ransomware. Which of the following should a network technician implement to reduce the occurrences? A. Port filtering B. Web content filtering C. ARP inspection D. Intrusion detection system
Answer B is correct. Ransomware is a type of malware which restricts access to the computer that it infects, and demands a ransom paid to the creators of the malware so that the restriction can be removed. The best way to avoid ransomware includes proactive measures like the following: Don't click on any URL or open an attachment you are not expecting. Implement an email content filtering service. Install a web content filtering service. Invest in leading end point security software solutions. Answer C is incorrect. ARP inspection is a security feature on switches that validates ARP packets in a network. Answer D is incorrect. Intrusion detection system (IDS) is used to identify network attack. It uses a database of well-known attack signatures to recognize attacks. Answer A is incorrect. Port filtering ensures that no traffic, other than the protocol that an administrator has chosen to allow, can pass through an open port. Its most common use is in firewalls and for device hardening.
Which of the following circuits has the highest possible bit rate? A. ADSL B. OC-12 C. E3 D. T3
Answer B is correct. SONET defines a base data rate, or throughput, of 51.84 Mbps, and multiples of this rate are known as optical carrier (OC) levels, such as OC-3, OC-12, and so on. An OC-3 circuit is 155.52 Mbps and an OC-12 circuit has a maximum data rate of 622.08 Mbps. Answer D is incorrect. A T3 circuit contains 672 DS0s (64Kbps channels) into a single physical connection and has a bandwidth capacity of 44.7Mbps. Answer A is incorrect. Asymmetric DSL (ADSL) can reach download speeds of up to 6 mbps. Its upload, however, is only 640 Kbps. Answer C is incorrect. An E3 circuit consists of 16 E1 (512 DS0s) and has a bandwidth of 34.4Mbps.
Which of the following types of media converter should be used for connecting a newly installed multimode connection to an existing CAT5e infrastructure? A. Fiber to coaxial B. Fiber to Ethernet C. Single-mode to multimode fiber D. Ethernet to coaxial
Answer B is correct. Single-mode and multimode are cable types used in optical fiber cabling and Cat5e is an Ethernet cable. Therefore, a fiber to Ethernet media converter should be used that accepts a fiber connector and an Ethernet connector and converts the signal between them.
Which Windows TCP/IP utility will produce the following result?Interface: 199.102.30.152 Internet Address Physical Address Type 199.102.30.152 A0-ee-00-5b-0e-ac dynamic A. netstat B. arp C. nbtstat D. tracert
Answer B is correct. The arp utility is used to display the contents of the ARP cache, which tracks the resolution of IP addresses to physical (MAC) addresses and will produce the displayed output. Answer A is incorrect. The netstat command on the other hand can be used to display network summary information for the device. It displays various information about IP-based connections on a PC. For example, current sessions, including source and destination IP addresses and port numbers. Answer D is incorrect. The tracert command is used to determine the path a packet takes to a specific destination and to determine where the issue exists in the path. Answer C is incorrect. The nbtstat command displays NetBIOS information for IP-based networks.
A system administrator can access a remote workstation using telnet only. Which of the following utilities will help him identify if the workstation uses DHCP? A. ping B. ipconfig C. tracert D. netstat
Answer B is correct. The ipconfig command displays the TCP/IP configuration of a Windows system. The ipconfig /all command lists all the system's TCP/IP configuration in detail. This output of running the ipconfig /all command includes whether DHCP is enabled or not. Answer C is incorrect. The tracert command is used to determine the path a packet takes to a specific destination and to determine where the issue exists in the path. Answer D is incorrect. The netstat command is used to get information about the open connections on a computer, incoming and outgoing data, as well as the ports of remote computers to which the computer is connected. Answer A is incorrect. The ping command is primarily used to check reachability to a remote IP address.
A network technician is having an issue of loss in signal strength after a certain point in the company's local network infrastructure. There are more than one devices to which the same signal needs to be transmitted. Which of the following devices should the technician most likely use to resolve this problem? A. Repeater B. Hub C. Switch D. Bridge
Answer B is correct. The technician should use a hub to resolve the issue of losing signal strength. A hub is a hardware device that operates at the Physical layer (Layer 1) of the OSI model to connect computers in a network. Hubs are very simple device and possess no decision-making capability. They simply repeat and forward the data received on one port to all the other ports. For this reason, they are often known as multiport repeater. Answer A is incorrect because there are more than one devices that needs the amplified signals. The repeater would have been the best choice if only two devices were present. A repeater or extender also operates at Layer 1 of the OSI model. It is a small, powered device that receives a signal, amplifies it, and sends it on its way, thereby, extending the distance traveled by the signal. It is very inexpensive to purchase and implement. Answer C is incorrect because a switch operates at the Data Link layer (Layer 2) of the OSI model and joins multiple computers together within the same LAN. However, unlike a hub, a switch forwards data only to the intended destination. It examines the Layer 2 header of the incoming packet and forwards it properly to the right port and only that port. Answer D is incorrect because a bridge is an interconnectivity device that connects two local area networks (LANs) or two segments of the same LAN using the same communication protocols, and provides address filtering between them. It operates at the Data Link layer of the OSI model.
A network technician while troubleshooting a Layer 2 issue finds that two switches supporting MDIX and connected through a crossover cable are unable to communicate. What can be the possible cause of this issue? A. Wrong cable used B. Speed mismatch C. Duplex mismatch D. Layer 2 loop
Answer B is correct. The two switches are unable to communicate due to a speed mismatch. Mismatched parameters between devices like incorrect MDIX settings or speed mismatch can result in no communication. Answer C is incorrect because a duplex mismatch could result in slow communication. Answer D is incorrect because Layer 2 loops may result into issues like MAC address table corruption and broadcast storms. Answer A is incorrect because for both switches supporting MDIX, the cable used should be crossover.
Which of the following breaks up broadcast domains in a Layer 2 switched network? A. LACP B. VLAN C. STP D. VTP
Answer B is correct. Virtual LANs (VLANs) are used to break up broadcast domains in a Layer 2 switched network. Switches only break up collision domains by default. A virtual local area network (VLAN) is a logical group of computers that appear to be on the same LAN even if they are on separate IP subnets. These logical subnets are configured in the network switches. Each VLAN represents a separate broadcast domain meaning that only computers within the same VLAN will receive broadcast traffic. Answer C is incorrect. STP allows a network to physically have Layer 2 loops while strategically blocking data from flowing over one or more switch ports to prevent the looping of traffic. Without the spanning tree, if there are parallel Layer 2 paths, a single broadcast could loop the network endlessly and thus can degrade network performance. Answer A is incorrect. LACP (Link Aggregation Control Protocol) allows multiple links to be bonded together and use them as a single logical interface. Answer D is incorrect. Virtual Trunk Protocol (VTP) is a Cisco proprietary method of having a single VLAN database advertised to all other switches in a network. This allows for ease of VLAN management in a larger network.
Which of the following transmission methods is used for the network using the 802.3 standard? A. DSSS B. FHSS C. MAC D. OFDM
Answer C is correct. 802.3 is the IEEE standard for Ethernet defining a mode of physical communication in LAN (local area network). The standard defines the transmission at the physical layer and MAC (media access control) sublayer of the data link layer of wired Ethernet. Answers B, A, and D are incorrect. These are the transmission methods used for WLANs and are governed using the IEEE 802.11 standards.
Which WAN technology transfers at a rate of 44.7 Mbps? A. T1 B. E1 C. T3 D. E3
Answer C is correct. A T3 circuit contains 672 DS0s (64Kbps channels) into a single physical connection and has a bandwidth capacity of 44.7Mbps. Answer A is incorrect. A T1 circuit consists of 24 DS0s, and the bandwidth of a T1 circuit is 1.544Mbps. Answer D is incorrect. An E3 circuit consists of 16 E1 (512 DS0s) and has an increased bandwidth of 34.4Mbps. Answer B is incorrect. An E1 circuit contains 32 DS0s and has a bandwidth capacity of 2.048Mbps.
Which of the following tools can be used to find faults in a metallic cable? A. Toner probe B. Protocol analyzer C. Time-domain reflectometer D. Punch down tool
Answer C is correct. A Time-domain reflectometer (TDR) can be used to verify the connectivity of a cable. It is a tool that finds and describes faults in metallic cables like twisted-pair and coax and can provide information regarding the speed and condition of the signal on the wire. There is a similar device for fiber-optic cable called an optical time-domain reflectometer (OTDR). Answer D is incorrect. A punch down tool is used when terminating wires on a punch-down block. It is designed to properly insert an insulated wire between the two contact blades, without damaging the blades. Answer A is incorrect. A toner probe can be used when network technicians are working on a punch down block and are attempting to identify which pair of wires connect back to an end-user's location (for example, someone's office.) A toner probe allows them to place a tone generator at one end of a connection and use a probe (which contains a speaker) on a punch down block to audibly detect the pair of wires to which the tone generator is connected. Answer B is incorrect. A protocol analyzer is a utility used to view contents of a packet traveling on a network and diagnose network related issues such as, slow performance, and so on.
You need to separate a LAN segment into two collision domains. The structure should not affect the broadcast domain. Which of the following devices will you choose? A. Firewall B. WAP C. Bridge D. Router
Answer C is correct. A collision domain is a physical network segment where data packets can collide with one another when being sent on a shared medium. Bridges can be used to separate a LAN segment into two collision domains. Bridges are used to connect network segments within the same network. They manage the data traffic flow between these segments. Answer D is incorrect because a router creates the broadcast domain. Answers A and B are incorrect because these devices will not create the collision domain.
A network administrator needs to disable active services running on the company's network. Which of the following tools will be most helpful in identifying these services? A. Firewall B. Toner probe C. Port scanner D. OTDR
Answer C is correct. A port scanner is a software tool designed to search a network host for open ports. Network administrators often use this tool to check the security of their networks by looking for open ports on a target device and gathering information about a port like, whether the port is open or closed, what kind of services are running on the port, and any operating system information that is available. Answer D is incorrect. A time domain reflectometer (TDR) for copper cabling or an optical time domain reflectometer (OTDR) for fiber-optic cabling is used to locate cable faults. Answer A is incorrect. A firewall is primarily a network security appliance. It stands as a guard at the door of a network, protecting it from malicious Internet traffic. Answer B is incorrect. A toner probe can be used if you're working on a punch down block and attempting to identify which pair of wires connect back to an end-user's location. It allows you to place a tone generator at one end of a connection (for example, someone's office), and use a probe (which contains a speaker) on a punch down block to audibly detect the pair of wires to which the tone generator is connected.
Which WAN technology is associated with high latency? A. T1 B. OCx C. Satellite D. DSL
Answer C is correct. Some locations do not have WAN connectivity options, such as DSL connections or cable modems, commonly available in urban areas. However, these locations might be able to connect to the Internet, or to a remote office, using satellite communications. Latency is the delay that occurs when the signal travels to and from the satellite. Answer A is incorrect. T1 circuits were originally used in telephony networks, with the intent of one voice conversation being carried in a single channel (that is, a single DS0). A T1 circuit consists of 24 DS0s, and the bandwidth of a T1 circuit is 1.544 Mbps. Answer B is incorrect. High-speed optical networks often use optical carrier (OC) levels to indicate bandwidth. OCx levels are a set of transmission rates as specified by Synchronous Optical Network (SONET) for implementations over fiber-optic cable. Answer D is incorrect. DSL (digital subscriber line) is a method to connect a computer to the Internet at high speeds using telephone lines.
A company wants to implement an 802.11n wireless network for one of its newly opened office. A network engineer has been asked to conduct an assessment and estimate the number of WAPs needed for the network. Which of the following should the network engineer refer to before making the estimate? A. Baseline documents B. Vendor documentation C. Site survey D. Network diagram
Answer C is correct. A wireless site survey, sometimes called an RF site survey or wireless survey, is the process of planning and designing a wireless network, in particular an 802.11 Wi-Fi wireless network, to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, and Quality of Service (QoS). The survey usually involves a site visit to run tests to determine the presence of RF interference and identify optimum installation locations for access points. When conducting a wireless site survey, it is very important to identify an effective range boundary, which defines the minimum signal levels needed to support the intended application. This involves determining the minimum SNR needed to support performance requirements. Answer D is incorrect. A network diagram can be physical or logical. A physical network diagram is a document that displays the location of hardware and other devices on the network. This document displays the network assets like client computers, wireless access points, firewalls, switches that are included in the network. Whereas, a logical network diagram is a document that contains IP addressing and subnet information. Answer A is incorrect. A baseline document is a collection of data portraying the characteristics of a network under normal operating conditions. It is a document that contains performance statistics for computers and other devices in the network. Administrators record a device's or a network's baseline performance when they make any changes or upgrade in the network. It helps administrators determine if a device is operating properly. Answer B is incorrect. Vendor documentation contains beneficial clauses that are negotiated during the purchase process. They can also contain critical details concerning SLAs and deadlines for warranties. These documents need to be organized and stored safely for future reference.
A technician, Ann, has to assign two IP addresses to WAN interfaces on connected routers. Which of the following subnet masks should Ann use for this subnet to conserve address space? A. /29 B. /28 C. /30 D. /24
Answer C is correct. An IPv4 address consists of 32 bits. These 32 bits are divided into two portions: a network address and a host address. The IP address component that determines which bits refer to the network and which bits refer to the host is called the subnet mask. A subnet mask typically consists of a series of contiguous 1s followed by a set of continuous 0s. The 1s in a subnet mask correspond to network bits in an IPv4 address, and 0s in a subnet mask correspond to host bits in an IPv4 address. The number of assignable IP addresses in a subnet can be determined by the following formula: Number of assignable IP addresses in a subnet = 2h - 2,where h is the number of host bits in a subnet mask Now, a /30 subnet mask consists of 30 contiguous 1s followed by 2 zeroes. Therefore, the number of host bits in a /30 subnet mask is 2. From the above mentioned formula, the number of assignable IP addresses will be 22 - 2 = 2. Answers D, B, and A are incorrect because /24, /28, and /29 subnet masks will provide 254, 14, and 6 IP addresses, respectively.
What is the correct order in which the given routing protocols will get preference over each other? A. RIP > EIGRP > OSPF > External EIGRP B. OSPF > EIGRP > RIP > External EIGRP C. EIGRP > OSPF > RIP > External EIGRP D. OSPF > RIP > External EIGRP > EIGRP
Answer C is correct. If a network is running more than one routing protocol and a router receives two route advertisements from different routing protocols for the same network, the index of believability which is the administrative distance (AD) is tested. Lower AD values are more believable than higher AD values. The AD values for EIGRP, OSPF, RIP, and External EIGRP are 90, 110, 120, and 170, respectively.
A network technician conducts a high availability test of a system and finds that a fiber interruption does not re-route traffic. Which of the following routing concepts is being indicated by this result? A. Hybrid B. Loop C. Static D. Dynamic
Answer C is correct. In static routing, routes are configured statically in a router's routing table. This means that the router will send traffic in preconfigured directions for a particular destination. Static routes use fixed path and hence will not re-route traffic when a fault occurs unless the path is repaired. Answer D is incorrect because dynamic routing allows a router to re-route around a failed link. It is mainly achieved through the use of routing protocols like OSPF, ISIS, BGP, or EIFRP that figure out the best possible path the traffic should take. Answer A is incorrect because hybrid routing involved a mixture of both distance-vector and link-state routing protocols to determine the best possible path the traffic should take. Answer B is incorrect because a routing loop occurs when a redundant route is created between routers because routing tables on the routers are slow to update.
Users on a network are reporting issues of intermittent connectivity and missing communication while connecting to a remote network. What can be the possible cause of this issue? A. Incorrect subnet mask B. Incorrect DNS configuration C. Mismatched MTU D. Misconfigured default gateway
Answer C is correct. Router interfaces have a parameter called the maximum transmission unit (MTU) that defines the largest packet size the interface will forward. For example, a 1500-byte packet could not be forwarded via a router interface with an MTU of 1470 bytes. While connecting to a remote host, a router attempts to fragment a packet that is too big unless the packet has its don't fragment (DF) bit set. If a packet exceeds an interface's MTU and has its DF bit set, the router drops the packet that can cause connectivity issues or missing communication. Answer D is incorrect. If a host has an incorrect default gateway configuration, traffic from that host is not forwarded off that host's local subnet. Answer A is incorrect. If a host has an incorrect subnet mask, it could incorrectly conclude that another host is on its local subnet, when in reality, the other host can be on a remote subnet. As a result, the remote host is unreachable from the perspective of the sending host. Answer B is incorrect. If a host has an incorrect DNS configuration, the host will be unable to, for example, browse the Internet using domain names (as opposed to IP addresses).
You need a protocol that will help you simplify the process of setting up a network and administering it. Which of the following will you use? A. DHCP B. FTP C. SNMP D. SMTP
Answer C is correct. SNMP can be used to manage the network, but it also helps in simplifying the process of setting up a network and administering it. SNMP uses UDP port 161 to monitor and manage network devices, such as routers, switches, and servers. Answer A is incorrect. DHCP is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information, such as the subnet mask and default gateway. Answer B is incorrect. FTP is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. Answer D is incorrect. SMTP is a protocol for sending e-mail messages between servers.
What command will show you the DNS server your host is using to resolve hostnames? A. tracert B. nbtstat C. ipconfig /all D. netstat
Answer C is correct. The ipconfig command can be used to see IP configuration information on your host, but to see DNS server information, you need to use ipconfig /all. Answer A is incorrect. The tracert command will identify the number of hops from the client to the server. This command is used to determine the path a packet takes to a specific destination and to determine where the issue exists in the path. Answer D is incorrect. The netstat command on the other hand can be used to display network summary information for the device. It displays various information about IP-based connections on a PC. For example, current sessions, including source and destination IP addresses and port numbers. Answer B is incorrect. The nbtstat command displays NetBIOS information for IP-based networks.
A network technician while troubleshooting a Layer 2 issue finds that two switches supporting MDIX and connected through a crossover cable are unable to communicate. What can be the possible cause of this issue? A. Layer 2 loop B. Wrong cable used C. Speed mismatch D. Duplex mismatch
Answer C is correct. The two switches are unable to communicate due to a speed mismatch. Mismatched parameters between devices like incorrect MDIX settings or speed mismatch can result into no communication. Answer D is incorrect because a duplex mismatch could result in slow communication. Answer A is incorrect because Layer 2 loops may result into issues like MAC address table corruption and broadcast storms. Answer B is incorrect because for both switches supporting MDIX, the cable used should be crossover.
In an organization, the users usually connect to wireless APs and have speed of 11 Mbps. Which of the following WLAN standards is in use? A. 802.11n B. 802.11g C. 802.11b D. 802.11a
Answer C is correct. The wireless APs are configured with 802.11b WLAN standards. The 802.11b WLAN standard supports speeds as high as 11 Mbps. However, 5.5 Mbps is another supported data rate. The 802.11b standard uses the 2.4-GHz band and uses the DSSS transmission method. Answers D, B, and A are incorrect. The transmission speeds offered by 802.11a, 802.11g, and 802.11n are 54 Mbps, 54 Mbps, and greater than 300 Mbps (max 600 Mbps), respectively.
How does a server can distinguish among different simultaneous services from the same host? A. The server is unable to accept multiple simultaneous sessions from the same host. One session must end before another can begin. B. The MAC address for each request is unique. C. The requests have different port numbers. D. A NAT server changes the IP address for subsequent requests.
Answer C is correct. Through the use of port numbers, TCP and UDP can establish multiple sessions between the same two hosts without creating any confusion. The sessions can be between the same or different applications, such as multiple web-browsing sessions or a web-browsing session and an FTP session. Answer D and B are incorrect because a MAC address is unique for every device. It doesn't change with each request. Similarly, a device on the network is assigned an IP address that doesn't change with the number of services opened on it.
A network technician has recently replaced a hub with a switch in the network. He hasn't changed the port on which the network sniffer was attached. As a result of this, he is unable to view traffic passing through other ports. What can be the solution to solve the problem? A. MAC address filtering B. Spanning tree protocol C. Dynamic ARP inspection D. Port mirroring
Answer D is correct. As the network technician was using a hub earlier, the traffic received on one port was being redirected to all other ports. However, on replacing a hub with a switch, traffic is being directed to the specific port according to destination addresses. Therefore, a network sniffer is not able to capture traffic directed to ports to which it is not attached. Enabling the port mirroring feature makes a copy of traffic seen on one port and sends the duplicated traffic to other ports. Answer A is incorrect. MAC address filtering is a security method that enables a device to allow only certain MAC addresses to access a network. It can be configured on a Wireless Access Point (WAP) to allow only certain system MAC addresses to communicate with the rest of the network. Answer B is incorrect. Spanning Tree Protocol is used to identify when there are parallel paths within the same VLAN. It prevents those parallel paths from creating Layer 2 loops. Answer C is incorrect. Dynamic ARP Inspection (DAI) is a security feature performed by the switch to validate ARP packets in a network. Before forwarding packets to the appropriate destination, DAI determines the validity of the packets by performing an IP-to-MAC address binding inspection in the DHCP snooping binding database. DAI inspects only inbound packets and has the capability to protect the network from man-in-the-middle attacks.
Which of the following ports needs to be opened on the firewall for DNS? A. 25 B. 23 C. 3389 D. 53
Answer D is correct. DNS uses the TCP/UDP port number 53 to resolve domain names to corresponding IP addresses. Answers C, B, and A are incorrect. The port numbers 23, 25, and 3389 are used by Telnet, SMTP, and RDP, respectively.
Which of the following is considered reliable? A. TFTP B. RIP C. UDP D. FTP
Answer D is correct. FTP uses TCP at the Transport layer. Transmission Control Protocol (TCP) is a Transport layer protocol that offers full-duplex, connection-oriented, and reliable communication. Answers A, B, and C are incorrect. TFTP and RIP use UDP at the Transport layer. User Datagram Protocol (UDP) is a connectionless Transport layer protocol that offers unreliable transport such that if a segment is dropped, the sender is unaware of the drop, and no retransmission occurs.
Which of the following should be performed to add new features to existing hardware devices? A. Marking B. Port mirroring C. Patching D. Firmware updates
Answer D is correct. Firmware updates are either designed to correct a bug or flaw in the system or increase the functionality of a device by adding new features. The process of updating firmware is known as flashing in which the new firmware instructions are written over the old ones. Answer C is incorrect. A patch is designed to correct a known bug or fix a known vulnerability in a piece of software and the process is known as patching. A patch differs from an update, which, in addition to fixing a known bug or vulnerability, adds one or more features to the software being updated. Answer B is incorrect. Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Answer A is incorrect. Marking is one of the QoS mechanisms which alters bits within a frame, cell, or packet to indicate how the network should treat that traffic.
A disaster prone company has asked a network technician to keep the company's systems uptime running in the event of a disaster. Which of the following should the technician implement? A. Content caching B. Quality of Service C. Load balancing D. High availability
Answer D is correct. High availability is a system-design that guarantees a certain amount of operational uptime during a given period. The design attempts to minimize unplanned downtime, i.e., the time users are unable to access resources. It also helps to keep the company's system uptime running in the event of a disaster. Load balancing is one of the methods that can be used to provide high availability of a service. Answer C is incorrect. Load balancing is a computer networking methodology to distribute workload across multiple computers or a computer cluster, network links, central processing units, disk drives, or other resources, to achieve optimal resource utilization, maximize throughput, minimize response time and avoid overload. Answer A is incorrect. A cache is a collection of data that duplicates key pieces of original data. A caching engine usually performs content caching on a network. It is basically a database on a server that stores information people need to access fast. The most popular implementation of this is with web servers and proxy servers, but caching engines are also used on internal networks to speed up access to things like database services. Answer B is incorrect. QoS (Quality of Service) is a suite of technologies that allows to strategically optimize network performance for the selected traffic types. QoS methods focus on one of the five problems that can affect data as it traverses a network cable, i.e., delay, dropped packets, error, jitter, out-of-order delivery.
To prevent the use of the looped path, a port should be in which STP state? A. Disabled B. Forwarding C. Listening D. Blocking
Answer D is correct. In the blocking state, a blocked port won't forward frames; it just listens to BPDUs and will drop all other frames. The purpose of the blocking state is to prevent the use of looped paths. All ports are in a blocking state by default when the switch is powered up. Answer C is incorrect; in the listening state, the port listens to BPDUs to make sure no loops occur on the network before passing data frames. A port in listening state prepares to forward data frames without populating the MAC address table. Answer B is incorrect; in the forwarding state, the port sends and receives all data frames on the bridged port. If the port is still a designated or root port at the end of the learning state, it enters the forwarding state. Answer A is incorrect; in the disabled state, the port does not participate in the frame forwarding or STP. A port in the disabled state is virtually nonoperational.
Mark, a network administrator, is in the process of cleaning network equipment for resale. Accidently, he splashes the cleaning agent in his eye and needs to know the procedure of cleansing his eye. Which of the following should he quickly refer to? A. MOU B. SOW C. SLA D. MSDS
Answer D is correct. Mark should quickly refer to MSDS (Materials Safety Data Sheet). It provides all the information needed for the safe handling of materials. It is always associated with any type of chemical or equipment that has the potential of harming the people or environment. It describes the melting point, boiling point, flash point, and potential health risks that a material poses. Answer A is incorrect. MOU (Memorandum of Understanding) is an agreement between two or more organizations that details a common line of action. It is often used in cases where parties do not have a legal commitment or in situations where the parties cannot create a legally enforceable agreement. Answer B is incorrect. SOW (Statement of Work) is a document that spells out all details concerning what work is to be performed, deliverables, and the timeline a vendor must execute in performance of specified work. Answer C is incorrect. SLA (Service-Level Agreement) is an agreement that defines the allowable time in which a party must respond to issues on behalf of the other party. Most service contracts are accompanied by an SLA, which often include security priorities, responsibilities, guarantees, and warranties.
A network technician is troubleshooting a company's network that is experiencing very slow network speeds of 54 Mbps. After assessing the existing wireless network, he recommended an 802.11n network infrastructure. Which of the following allows 802.11n to reach higher speeds? A. LWAPP B. MU-MIMO C. PoE D. MIMO
Answer D is correct. Multiple input, multiple output (MIMO) is a technology that allows 802.11n to achieve superior throughput. It uses multiple antennas for transmission and reception that do not interfere with one another by using spatial multiplexing, which encodes data based on the antenna from which the data will be transmitted. Therefore, using 802.11n in the 5GHz range and incorporating MIMO and channel bonding, we can have an increased number of non-overlapping channels. Answer B is incorrect. In multi-user MIMO (MU-MIMO), the available antennas are spread over a multitude of independent access points and independent radio terminals. Each has one or multiple antennas. Answer A is incorrect. Lightweight Access Point Protocol (LWAPP) is a protocol that allows a wireless LAN controller (WLC) to manage and control multiple wireless access points. Answer C is incorrect. Power over Ethernet (PoE) allows an Ethernet switch to provide power to an attached device and is defined by the IEEE 802.3af standard. It applies power to the same wires in a UTP cable that are used to transmit and receive data.
Which of the following is a security protocol that combines digital certificates for authentication with public key data encryption? A. SSH B. ARP C. IPSec D. SSL
Answer D is correct. Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with public key data encryption. SSL is a server-driven process; any web client that supports SSL, including all current web browsers, can connect securely to an SSL-enabled server. It is a cryptographic protocol that provides communication security over a computer network. Answer C is incorrect. Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet. Answer A is incorrect. Secure Shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage files. Answer B is incorrect. Address Resolution Protocol (ARP) is a communication protocol that resolves IP addresses to MAC addresses.
Which of the following is not a type of public-key encryption? A. Diffie-Hellman algorithm B. RSA data security C. Pretty Good Privacy (PGP) D. DES
Answer D is correct. The Data Encryption Standard (DES) is one of the symmetric encryption standards. It uses a 56-bit key to encrypt or decrypt data in 64-bit blocks. Answers A, B, and C are incorrect. Diffie-Hellman algorithm, RSA data security, and PGP are used in public-key cryptography.
Ann, on her regular business trip connects to a hotel's wireless network to send emails to customers. Next day she notices that emails have been sent from her account without her consent. Which protocol is used to compromise her email password utilizing a network sniffer? A. SSL B. DNS C. TLS D. HTTP
Answer D is correct. The HTTP protocol sends data in plain text. Therefore, a network sniffer or a packet sniffer can be used to capture an HTTP packet by an attacker. The data then can be read by an attacker, perhaps allowing the attacker to see confidential information. Answers C and A are incorrect. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) provide cryptography and reliability for upper layers of the OSI model. Both SSL and TLS provide secure web browsing via HTTPS (Hypertext Transfer Protocol Secure). Answer B is incorrect. The DNS protocol resolves names to corresponding IP addresses using the TCP/UDP port number 53.
You need to connect three access points running the 802.11b/g frequency range into the same office area. In which channel should you place these access points? A. All the APs should be in channel 1. B. All the APs should be in channel 6. C. All the APs should be in channel 11. D. The three APs should be in different channels: 1, 6, and 11.
Answer D is correct. The IEEE 802.11b and 802.11g standards provide three non-overlapping channels: 1, 6, and 11. To maintain coverage between overlapping coverage areas, wireless APs having non-overlapping channels should be used (for example, channels 1, 6, and 11 for wireless networks using the 2.4-GHz band of frequencies). A common design recommendation is that overlapping coverage areas (using non-overlapping channels) should have an overlap of approximately 10 percent to 15 percent.
What is the well-known port number for Telnet? A. 80 B. 69 C. 25 D. 23
Answer D is correct. The Telnet protocol uses TCP port 23 to connect to a remote host (typically via a terminal emulator). Answer C is incorrect. TCP port 25 is used by SMTP to send emails. Answer B is incorrect. UDP port 69 is used by TFTP to transfer files with a remote host without requiring authentication of user credentials. Answer A is incorrect. TCP port 80 is used by HTTP to retrieve content from a web server.
A remote user cannot connect to the central office with his VPN client; however, this user can get to the Internet. What should be the first step to troubleshoot this problem? A. Reinstall the VPN client. B. Reboot the remote router. C. Reboot the client machine. D. Determine if the user has the correct VPN address and password.
Answer D is correct. The main problem with VPN connection is that the user has the wrong credentials. It should be verified that user has the correct usernames and passwords. Answers C, B, and A are incorrect because the client is able to connect the Internet, therefore, there is no point in rebooting the client machine, rebooting the remote router or reinstalling the VPN client.
Which of the following network topologies is the most fault tolerant? A. Ring B. Star C. Bus D. Mesh
Answer D is correct. The mesh topology is the most fault tolerant network topology. A mesh topology is a type of physical network design where all devices in a network are connected to each other with many redundant connections. It provides multiple paths for the data traveling on the network to reach its destination. Answers C and A are incorrect because bus and ring topologies are not fault tolerant. If a cable break occurs then the entire network will collapse. Answer B is incorrect because, although the star topology is fault tolerant, it is not the most fault tolerant topology. The central connection point can be a single point of failure for the network.
While troubleshooting a network issue, a network technician found that a host is unable to communicate with some hosts on other subnets. What can be the possible cause of the issue? A. Incorrect default gateway B. Mismatched MTU C. Incorrect DNS configuration D. Incorrect subnet mask configuration
Answer D is correct. When a host attempts to communicate with another host on the same subnet, the sending host sends an ARP request in an attempt to determine the MAC address of the destination host, rather than forwarding traffic to the sending host's default gateway. Hence, if a host has an incorrect subnet mask configuration, it could incorrectly conclude that another host is on its local subnet, when in reality, the other host is on a remote subnet. As a result, the remote host is unreachable from the perspective of the sending host. Answer A is incorrect. If a host has an incorrect default gateway configuration, traffic from that host is not forwarded off that host's local subnet. Answer B is incorrect. Router interfaces have a parameter called the maximum transmission unit (MTU) that defines the largest packet size the interface will forward. If a packet exceeds an interface's MTU and has its DF bit set, the router drops the packet that can cause connectivity issues or missing communication. Answer C is incorrect. If a host has an incorrect DNS configuration, that host will be unable to, for example, browse the Internet using domain names (as opposed to IP addresses).
A user is experiencing an issue in his media device that is unable to stream media to the LAN. The device is visible on the network and all PCs on the LAN can ping the device. All firewalls are turned off. Which of the following TCP/IP technologies is not implemented properly? A. Broadcast B. Anycast C. Unicast D. Multicast
Answer option D is correct. If a device is unable to stream media to the LAN, there might be a multicast issue. Multicast technology provides an efficient mechanism for a single host to send traffic to multiple, yet specific, destinations. For example, a single video server can send a video stream to all the connected devices that have requested for the same video. Answer A is incorrect. A broadcast traffic travels from a single source to all destinations on a network (that is, a broadcast domain). A broadcast address of 255.255.255.255 might seem that it would reach all hosts on all interconnected networks. But, the traffic would be received by every device on the network, even devices not wanting to receive the traffic (like a video stream). Answer B is incorrect. An anycast communication flow is a one-to-nearest (from the perspective of a router's routing table) flow. It allows the same address to be placed on more than one device so that when traffic is sent to one device addressed in this way, it is routed to the nearest host that shares the same address. Answer C is incorrect. A unicast transmission represents a one-to-one conversation, that is, data is sent from a single device to another single device.
Which of the following devices operate at the Data Link layer of the Open Systems Interconnection (OSI) model? Each correct answer represents a complete solution. Choose all that apply. A. Switch B. Router C. Gateway D. Bridge
Answers A and D are correct. Switches and bridges function at the MAC sub-layer of the Data Link layer. Answers B and C are incorrect because a router or a gateway resides at Layer 3, or the Network layer of the OSI model.
Which of the following statements are true about a CAT5 cable?Each correct answer represents a complete solution. Choose all that apply. A. Capable of transferring data at 100Mbps B. Has three twists per inch of each twisted pair C. Uses a 24-gauge copper wire D. An optical fiber cable
Answers A, B, and C are correct. Cat 5 cable is a twisted pair high signal integrity cable type. Most cables of this type are unshielded, but some are shielded, used for high signal integrity. These cables can transfer data at speeds of 100 Megabits per second. So, these cables typically have three twists per inch of each twisted pair of 24 gauge copper wires within it. The twisting of the cable can reduce electrical interference and crosstalk. These cables are used in structured cabling for computer networks, such as Fast Ethernet. Answer option D is incorrect because a CAT5 cable is not an optical fiber cable.
Which of the following advantages are provided by IPv6 over IPv4?Each correct answer represents a complete solution. Choose all that apply. A. Provides improved authentication and security B. Uses 128-bit addresses C. Uses longer subnet masks than those used in IPv4 D. Increases the number of available IP addresses
Answers A, B, and D are correct. IP addressing version 6 (IPv6) is the latest version of IP addressing. IPv6 is designed to solve many of the problems that were faced by IPv4, such as address depletion, security, auto-configuration, and extensibility. With the fast increasing number of networks and the expansion of the World Wide Web, the allotted IP addresses are depleting rapidly, and the need for more network addresses is arising. IPv6 solves this problem, as it uses a 128-bit address that can produce a lot more IP addresses. These addresses are eight groups of hexadecimal numbers separated by colons. An example of an IPv6 address is 45CF: 6D53: 12CD: AFC7: E654: BB32: 543C: FACE. Answer C is incorrect because the subnet masks used in IPv6 addresses are of the same length as those used in IPv4 addresses.
You want to inspect network traffic flowing through your TCP/IP network. Which of the following combinations of device and feature will you use to accomplish this? Each correct answer represents a complete solution. Choose two. A. Switch, network sniffer B. Hub, network sniffer C. Switch, network sniffer, port mirroring D. Hub, network sniffer, port mirroring
Answers B and C are correct. To inspect network traffic, a network sniffer can be attached to a hub port. As the hub forwards packets received on one, out to all other ports, a network sniffer can be attached to any port without any additional configuration. However, when using a switch, a network sniffer is not able to capture traffic directed to ports to which it is not attached and therefore, port mirroring needs to be configured to make a copy of traffic seen on one port and send the duplicated traffic to other ports.
You are designing a network for Perfect Wear Inc. You need to make a choice between 100BASE-FX and 100BASE-TX. What are the two prime differences between 100BASE-FX and 100BASE-TX? Each correct answer represents a complete solution. Choose two. A. 100BASE-FX has a faster data transmission speed than 100BASE-TX. B. The maximum segment length of 100BASE-FX is longer than that of 100BASE-TX. C. 100BASE-FX is easy to install as compared to 100BASE-TX. D. 100BASE-FX is fiber-based, whereas 100BASE-TX is copper-based.
Answers B and D are correct. 100BASE-FX is a fiber-based media, whereas 100BASE-TX is copper-based. This enables 100BASE-FX to have longer segment lengths. Answer C is incorrect because the installation of copper cables is much easier than fiber-based cables. Answer A is incorrect because both 100BASE-FX and 100BASE-TX support a maximum transmission speed of 100 Mbps.
A company has received recent reports of equipment thefts from its workstations. What physical security methods can be used to prevent this from happening? Each correct answer represents a complete solution. Choose all that apply. A. CCTV B. Biometric lock C. Mantrap D. Cipher lock
Answers B, C, and D are correct. Mantraps, biometric locks, and cipher locks can be used to limit a user access to a restricted area. A mantrap is a small space with two sets of interlocking doors. In a mantrap, the first set of doors must be closed before opening the second set. It allows only a single person through a door or entry at a time, requiring every person to authenticate. A biometric lock uses fingerprint, voice, retina, or signature to unlock it. It adds additional security and makes it more difficult for a person to counterfeit the key used for opening the lock. Similarly, a cipher lock requires a user to press buttons in the correct sequence to open a door having a cipher lock. Answer A is incorrect because a CCTV camera can be used for monitoring an area, but it cannot provide the necessary physical security measure that can stop anyone from stealing. It can be used for investigating processes.
Which of the following are not considered hybrid routing protocols? Each correct answer represents a complete solution. Choose all that apply. A. EIGRP B. IS-IS C. RIPv2 D. BGP E. OSPF
Answers B, C, and E are correct. RIP and RIPv2 are distance vector routing protocols. OSPF and IS-IS are link state. Answers D and A are incorrect because BGP and EIGRP are hybrid routing protocols.
A company wants to make corporate emails secure from network attacks such as phishing. The network technician has decided to install a port security firewall for this purpose. On which of the following ports should this be enabled to have the desired result? Each correct answer represents a complete solution. Choose all that apply. A. 80 B. 110 C. 25 D. 23 E. 143
Answers B, C, and E are correct. The port security feature should be enabled on port numbers 25, 110, and 143. These are the port numbers used by email protocols. Port 25 used by SMTP for sending emails. Ports 110 and 143 are used by POP3 and IMAP4 for retrieving emails from an email server. Answer A is incorrect. Port 80 is used by HTTP for retrieving content from a web server. Answer D is incorrect. Port 23 is used by Telnet for connecting a remote host (typically via a terminal emulator).
Which of the following are networking concepts designed to prevent routing loops? Each correct answer represents a complete solution. Choose all that apply. A. Network address translation B. Port address translation C. Split horizon D. Poison reverse
Answers C and D are correct. A routing loop occurs when a redundant route is created between routers because the routing tables on the routers are slow to update. Distance-vector routing protocols typically use one of two approaches for preventing routing loops: Split horizon: Prevents a route learned on one interface from being advertized back out of that same interface Poison reverse: Causes a route received on one interface to be advertized back out of that same interface with a metric considered to be infinite. Answer A is incorrect. Network address translation (NAT) allows private IP addresses (as defined in RFC 1918) to be translated into Internet-routable IP addresses (public IP addresses). Answer B is incorrect. Port address translation (PAT) is a variant of NAT in which multiple inside local IP addresses share a single inside global IP address. It can distinguish between different flows based on port numbers.
What are the advantages of using a layer 2 switch over a hub?Each correct answer represents a complete solution. Choose two. A. Has more broadcast domains B. Sends traffic to all ports C. Prevents broadcast storms D. Has more collision domains
Answers C and D are correct. The advantages of using a layer 2 switch over a hub are: Prevents broadcast storms Has a single broadcast domain Has more collision domains (one per port) Intelligently transmits data to the specific ports only