Dion 6 Practice Exams
A college needs to provide wireless connectivity in a cafeteria with a minimal number of WAPs. What type of antenna will provide the BEST coverage? High gain Bidirectional Dipole Omni-directional
A (High gain antennas put out increased signal strengths and therefore can reach further with less WAPs.)
Sally in the web development group has asked for your assistance in troubleshooting her latest website. When she attempts to connect to the web server as a user, her web browser issues a standard HTTP request, but continually receives a timeout response in return. You decided that to best troubleshoot the issue, you should capture the entire TCP handshake between her workstation and the web server. Which of the following tools would BEST allow you to capture and then analyze the TCP handshake? Protocol analyzer Packet sniffer Spectrum analyzer Tone generator
A (A protocol analyzer or packet analyzer (like Wireshark) has the capability to capture the handshake and display it for analysis. A packet sniffer, though, will only capture the handshake. Neither a spectrum analyzer or a tone generator would be helpful in this situation.)
A system administrator wants to verify that external IP addresses are unable to collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected? Analyze packet captures Utilize netstat to locate active connections Use nmap to query known ports Review the ID3 logs on the network
A (Captured packets show you the information that was travelling through certain files, etc. Packet sniffers detail the information they've received, so working through those would show if the external network shows or details software versions.)
Which of the following must be added to a VLAN with a gateway in order to add security to it? An ACL 802.1d A RADIUS server 802.1w
A ( VLANs can be protected with an ACL. Without a properly configured ACL, there is no additional security provided by a VLAN.)
Which WAN technology relies on virtual circuits and point-to-multipoint connections? Frame relay ISDN PRI MPLS
A (Frame Relay is a WAN technology that specifies the physical and data link layers of digital telecommunications channels using a packet switching methodology. It supports the use of virtual circuits and point-to-multipoint connections. It is commonly used to connect multiple smaller corporate office locations back to a larger centralized headquarters.)
A network engineer has been tasked with designing a network for a new branch office with approximately 50 network devices. This branch office will connect to the other offices via a MAN. Many of the other branch offices use off-the-shelf SOHO equipment. It is a requirement that the routing protocol chosen use the least amount of overhead. Additionally, all the computers on the network will be part of a single VLAN. The connection between these computers should produce the highest throughput possible in the most cost effective manner. What devices would be MOST appropriate? A router should be used as a gateway device, with RIPv2 as the routing protocol. The computers should be connected to one another with a Gigabit Layer 2 switch. A UTM should be used as a gateway device, with BGP as the routing protocol. The computers should be connected to one another using 1Gb Fibre Channel. A router should be used as a gateway device, with EIGRP as the routing protocol. The computers should be connected to one another using a single 802.11N MIMO access point. A router should be used as a gateway device, with OSPF as the routing protocol. The computers should be connected to one another using a Gigabit Layer 3 switch.
A (A Gigabit Layer 2 switch is the cheapest switching solution offering 1Gbps network connectivity between the computers. RIPv2 has a lower overhead as set forth in the requirements.)
What is a connectionless protocol? ICMP SSL TCP SSH
A (A connectionless protocol is a form of data transmission in which data is transmitted automatically without determining whether the receiver is ready, or even whether a receiver exists. ICMP, UDP, IP, and IPX are well-known examples.)
An outside organization has completed a penetration test for a company. One of the items on the report is reflecting the ability to read SSL traffic from the web server. What is the MOST likely mitigation for this reported item? Ensure patches are deployed Install an IDS on the network Configure the firewall to block traffic on port 443 Implement a VPN for employees
A (A patch is designed to correct a known bug or fix a known vulnerability, such as in this case to be able to read SSL traffic, in a piece of software.)
A general rule of thumb in home networking says that Wifi routers operating on the traditional 2.4 GHz and 5.0 GHz bands can reach up to about __(distance) indoors and __(distance) outdoors.
150 feet (46 m); 300 feet (92 m)
What RJ-45 pins are used for what purpose in 1/10 Gbps implementation:
1: BixA+ 2: BixA- 3: BixB+ 4: BixC+ 5: BixC- 6: BixB- 7: BixD+ 8: BixD-
What RJ-45 pins are used for what purpose in 10/100 Mbps implementation:
1: Tx+ 2: Tx- 3:Rx+ 6: Rx-
Your network relies on the use of ATM cells. At which layer of the OSI model do ATM cells operate?
2
What IEEE standard is STP?
802.1d
A technician installs three new switches to a company's infrastructure. The network technician notices that all the switch port lights at the front of each switch flash rapidly when powered on and connected. Additionally, there are rapidly flashing amber lights on the switches when they started up the next day. What is happening to the switches? The switches are running through their spanning tree process The switches are having problems communicating with each other The switches are connected and detected a spanning tree loop The switches are not functioning properly and need to be disconnected
A
After installing some new switches in your network, you notice that a looping problem has begun to occur. You contact the manufacturer's technical support for the switches you purchased and they recommended that you enable 802.1d. Which of the following BEST represents why the manufacturer suggested this? It is a version of spanning tree that uses BPDU to detect problems It is a regular version of port mirroring that uses hello packets to detect loops It is a simple version of port mirroring tree that uses BPDU to detect problems It is a rapid version or port mirroring that uses BPDU to detect problems
A
As you arrive to work this morning, you look up at the building an notice a microwave antenna that is pointing another antenna on top of your company's support building across the street. Which of the following network topologies BEST represents this network connection over the microwave link? Point-to-Point Peer-to-Peer Point-to-Multipoint Mesh
A
You have installed and configured a new wireless router. The clients and hosts can ping each other. The WAN is a 10Gbp/s cable connection. The wired clients have fast connections, but the wireless clients are slow to ping and browse the Internet. Which of the following is MOST likely the cause of the slow speeds experienced by the wireless clients? An access point experiencing RFI from fluorescent light bulbs A router is on the incorrect LAN A cable connection does not support wireless A high signal-to-noise ratio on the wireless network
A (If interference in the wireless spectrum is occurring, more retransmissions will be needed (and thereby slowing speeds experienced). All the other answers will not cause a slow down of only the wireless network. And a high signal to noise ratio is a good thing on wireless networks.)
What is true concerning jumbo frames? They are commonly used on a SAN Their MTU size is less than 1500 They are commonly used with a NAS They are commonly used with DHCP `
A (Jumbo frames are Ethernet frames whose MTU is greater than 1500. To increase performance, you should use jumbo frames only when you have a dedicated network or VLAN, and you can configure an MTU of 9000 on all equipment. Because of this, jumbo frames are most commonly used in a separate SAN (storage area network).)
The network technician has received a large number of complaints from users that there is poor network performance. The network technician suspects a user may have created a malicious flood on the network with a large number of ping requests. What should the technician do? Block all ICMP request Update all antivirus software Remove all suspected users from the network Upgrade firmware on all network cards
A (Ping requests use the Internet Control Message Protocol to send operational information about a host or router. Blocking all ICMP requests would eliminate the ping request flood, although it may become harder to diagnose network issues in the future as ICMP is used heavily in network troubleshooting.)
The Chief Information Officer (CIO) wants to improve the security of the company's data. Which management control should be implemented to ensure employees are using encryption to transmit any sensitive information over the network? Policies VPN HTTPS Standards
A (Policies are plans that describe the goal of an established procedure (Acceptable use, Physical Security or VPN access), while the standards are the mechanisms implemented to achieve that goal. VPN and HTTPS are examples of standards.)
A network administrator is troubleshooting an issue with unstable wireless connections in a residence hall. Users on the first and second floors report that the hall's SSID is not visible in the evenings. The network administrator has verified that the wireless system is operating normally. What is the cause of the issue being reported by the users? Internet router maintenance is scheduled An ARP attack is underway The SSID is set to hidden A jammer is being used
A (Process of elimination: the ARP attack would allow attackers to intercept data or stop all traffic; the SSID being set to hidden wouldn't just change during the day, and a jammer being used would show some possible "wrong" traffic in the logs of the wireless. Internet router maintenance would simply take the network down for the duration of the update/maintenance.)
The corporate network uses a centralized server to manage credentials for all of its network devices. What type of server is MOST likely being used in this configuration? RADIUS FTP DNS Kerberos
A (RADIUS is used to centrally manage credentials for network devices. TACACS is an older username and login system that uses authentication to determine access, while RADIUS combines authorization AND authentication. For this question, either RADIUS or TACACS would be an acceptable answer.)
A network engineer is conducting an assessment for a customer who wants to implement an 802.11ac wireless network. Before the engineer can estimate the number of WAPs needed, it is important to reference the _______________. Site survey PoE requirements Network topology Network diagram
A (Since it is a wireless network, a review of a site survey is necessary to determine any physical advantages and disadvantages. Network topology and Network diagrams can be created once the site survey is complete and the location of the access points is determined.)
You are working at the service desk as a network security technician and just received the following email from an end user who believes a phishing campaign is being attempted. *********************** From: [email protected] To: [email protected] Subject: You won a free iPhone! Dear Susan, You have won a brand new iPhone! Just click the following link to provide your address so we can ship it out to you this afternoon: (http://www.freephone.io:8080/winner.php) *********************** What should you do to prevent any other employees from accessing the link in the email above, while still allowing them access to any other webpages at the domain freephone.io? Add http://www.freephone.io:8080/winner.php to the browser's group policy block list Add DENY TCP http://www.freephone.io ANY EQ 8080 to the firewall ACL Add DENY IP ANY ANY EQ 8080 to the IPS filter Add http://www.freephone.io:8080/winner.php to the load balancer
A (There are two ways to approach this question. First, you can consider which is the right answer (if you know it). By adding the full URL of the phishing link to the browser's group policy block list (or black hole list), the specific webpage will be blocked from being accessed by the employees while allowing the rest of the freephone.io domain to be access. Now, why not just block the entire domain? Well, maybe the rest of the domain isn't suspect but just this one page is. (For example, maybe someone is using a legitimate site like GitHub to host their phishing campaign, therefore you only want to block their portion of GitHub.) The second approach to answering this question would be to rule out the incorrect answers. If you used DENY TCP to the firewall ACL answer, you would block all access to the domain, blocking legitimate traffic as well as the possible malicious activity. If you used the DENY IP ANY ANY to filter traffic at the IPS, you would block any IP traffic to ANY website over port 8080. If you added the link to the load balancer, this would not block it either. Therefore, we are only left with the correct answer of using a group policy in this case.)
A network technician has just run a new point-to-point fiber link between two local routers. After the fiber has been plugged in on both ends, the interface will not come up. The network technician has double-checked the interface configuration on both routers, both SFPs have been hard-looped to confirm they are functioning, connectors on both ends of the links have been cleaned, and there is sufficient power. What is the cause of the problem? Wavelength mismatch Duplex mismatch Distance limitations Wrong IP address
A (Wavelength mismatch is when two different transmitters at each end of the cable have either longer or shorter wavelengths. Both transmitters have to be identical on each end of the cable.)
Your company has several small branch offices around the country, but you work as a network administrator at the centralized headquarters building. You need the capability of being able to remotely access any of the remote site's routers to configure the without having to fly to each location in person. Your company's CIO is worried that allowing remote access could allow an attacker to gain administrative access to the company's network devices. Which of the following is the MOST secure way to prevent this from occurring, while still allowing you to access the devices remotely? Create an out-of-band management network Install an out-of-band modem Configure the remote router's ACLs to only permit Telnet traffic Configure the remote router's ACLs to only permit HTTP traffic
A (You should create an out-of-band management network using a SSH (console) connection to the router. Telnet and HTTP are not encrypted channels and should not be used for remote connections. Using a modem is also a bad security practice, since these are subject to war dialing and provide very slow connectivity speeds.)
Which of the following WAN connection types might an Amplitude Modulation (AM) radio station have a detrimental effect on and cause interference? DOCSIS Metro-Ethernet Frame relay SONET
A. (DOCSIS is how cable modems operate by sending radio frequency waves over coaxial cables. AM frequencies can interfere with DOCSIS. The other answers all rely on networks, such as fiber, which are immune to radio frequency interference)
You have just replaced a faulty Ethernet cable in a patch panel. Within a few minutes, you find out that users are experiencing slow or no Internet connectivity all over the building. A broadcast storm has begun to occur. After removing the replacement cable, which of the following should you do NEXT? Replace the cable during the next maintenance window Review labeling and logical network diagram documentation Attempt to isolate the storm to the domain by rebooting the switch Remove and replace all of the other Ethernet cables on the switch to isolate the issue
B (You most likely have plugged the new cable into the wrong port on the patch panel. By reviewing the documentation and labeling, you might be able to see the domain architecture, the strength of user connections, and the relationships in those connections, thereby making it easy to reassign the patch cables corrected. It is likely that something has been mislabeled, and the replacement of the patch cable was plugged into the wrong port and caused a loop.)
An administrator arrives at work and is told that network users are unable to access the file server. The administrator logs into the server and sees the updates were automatically installed last night and the network connection shows "limited" with no availability. What rollback action should the technician perform? Browser on the server Server's NIC drivers Server's IP address Antivirus updates
B (An IP address is attached to a NIC's MAC address, which would not change in the event of an update. Sometimes, software updates can adjust hardware driver settings accidentally, so it is a good practice to always review these settings first to eliminate this.)
Which of the following connector types is used to terminate DS3 connections in a telecommunications facility? 66 block BNC F-connector RJ-11
B (Bayonet Neill-Concelman Connector (BNC connector) is a type of coaxial RF (Radio frequency) electrical connector that is used in place of coaxial connectors. A DS3 (Digital Signal 3) is also known as a T3 line with a maximum bandwidth of 44.736 Mbit/s. DS3 uses 75 ohm coaxial cable and BNC connectors.)
Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue? CSMA/CA RADIUS WPA2 security key SSL certificates
B (Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication.)
OFDM, QAM and QPSK are all examples of what wireless technology? Frequency Modulation RF interference Spectrum
B (Common types of modulation include Orthogonal frequency-division multiplexing (OFDM), Quadrature Amplitude Modulation (QAM), and Quadrature Phase-shift keying (PSK).)
What is considered a classless routing protocol? IGRP IS-IS RIPv1 STP
B (IS-IS is known as a classless protocol. Classless routing protocols are those protocols that include the subnet mask information when the routing tables or updates are exchanged. Other classless routing protocols include EIGRP, RIPv2 (or newer), and OSPF.)
What are the different 802.11 (a, b, g, etc) speeds?
Answer this
Routing prefixes, which are assigned in blocks by IANA and distributed by the Regional Internet Registry (RIR), are known as what? Network handle Autonomous system number Route aggregation Top level domain
B
Which of the following WAN technologies would MOST likely be used to connect several remote branches that have no fiber or satellite connections? OC12 POTS WiMax OC3
B
Your company wants to develop a voice solution to provide 23 simultaneous connections using VoIP. Which of the following technologies could BEST provide this capability? DOCSIS T1 DSL POTS
B (A T1 can transmit 24 telephone calls at a time because it uses a digital carrier signal (DS-1). DS-1 is a communications protocol for multiplexing the bit streams of up to 24 telephone calls simultaneously. The T1's maximum data transmission rate is 1.544 mbps. DOCSIS is the standard for a cable modem. DSL is a Digital Subscriber Line which has variable speeds from 256 kbps and up. POTS is the Plain Old Telephone System, and provides only a single phone connection at a time. Out of these options, the T1 is the BEST to ensure you can reliably provide 23 simultaneous phone connections.)
A new piece of malware is attempting to exfiltrate user data through hiding the traffic and sending it over a TLS-encrypted outbound traffic over random ports. What technology would be able to detect and block this type of traffic? Intrusion detection system Application aware firewall Stateful packet inspection Stateless packet inspection
B (A Web Application Firewall (WAF) or Application Aware Firewall would be able to detect both the accessing of random ports and TLS encryption, and could identify it as suspicious, whereas Stateless would inspect port number being used by the traffic leaving. IDS only analyzes incoming traffic, therefore would not be able to see this activity as suspicious.)
Your company hosts all of the company's virtual servers internally in your own datacenter. In the event of total failure or disaster, though, the server images can be restored on a cloud provider and accessed through a VPN. Which of the following types of cloud services is your company using in this scenario? Hybrid SaaS Public IaaS Community PaaS Private SaaS
B (Infrastructure as a Service (IaaS) is the foundation of cloud computing. Rather than purchasing or leasing space in expensive datacenter, labor, real estate, and all of the utilities to maintain and deploy computer servers, cloud networks, and storage, cloud buyers rent space in a virtual data center from an IaaS provider. They have access to the virtual data center via the Internet. This type of cloud computing provides the "raw materials" for IT, and users usually only pay for the resources they consume, including (but not limited to) CPU cores, RAM, hard disk or storage space, and data transfer. Since this cloud provider is available to all companies to use, much like Microsoft Azure or Amazon Web Services, this is an example of a Public IaaS or Public Cloud.)
While installing new network equipment, a network administrator wants to add infrastructure to keep the cables organized in the environment. The administrator also needs cables to be easily removed or added due to the constantly changing environment. Which of the following should be added to the network's cable distribution plant to achieve this goal? Cable ties Ladder trays Raised floor Hook and loop straps
B (Ladder trays are a cost-effective alternative and allow for easy installation of cables by electricians as well as future access for adding or removing cable runs.)
A client reports that half of the office is unable to access a shared printer on the network. Which of the following should the network technician use to troubleshoot the issue? Data backups Network Diagrams Baseline information Vendor documentation
B (Network diagram is a visual representation of a computer network. Understanding all the connections is a fundamental step in network troubleshooting. This baseline information can be used for anticipating future problems, as well as planning for future growth.)
A technician has punched down only the middle two pins (pins 4 and 5) on an Ethernet patch panel. Which of the following has the technician cabled this port to be used with? 10baseT POTS 568B 568A
B (POTS is short for plain old telephone service. The technician was making a cable for a telephone to use, since it only requires two pins (send and receive).)
You are working as a network administrator and are worried about the possibility of an insider threat. You want to enable a security feature that would remember the Layer 2 address that is first connected to a particular switch port in order to prevent someone from unplugging a workstation from the switch port and connecting their own laptop to that same switch port. Which of the following security features would BEST accomplish this goal? NAC Sticky MAC 802.1x ACL
B (Persistent MAC learning, also known as Sticky MAC, is a port security feature that enables an interface to retain dynamically learned MAC addresses when the switch is restarted or if the interface goes down and is brought back online. This is a security feature that can be used to prevent someone from unplugging their office computer and connecting their own laptop to the network jack without permission, since the switch port connected to that network jack would only allow the computer with the original MAC address to gain connectivity using Sticky MAC.)
While implementing wireless access points into the network, one building is having connectivity issues due to light fixtures being replaced in the ceiling, while all other buildings' connectivity is performing as expected. Which of the following should be changed on the access point for the building with connection issues? UTP patch cables Antenna Power adapter Security standard
B (Since only one building is having the issue, it is likely an issue with the antenna having radio frequency interference.)
A company needs to implement stronger authentication by adding an authentication factor to their wireless system. The wireless system only supports WPA with pre-shared keys, but the back-end authentication system supports EAP and TTLS. What should the network administrator implement? PKI with user authentication 802.1x using EAP with MSCHAPv2 WPA2 with a complex shared key MAC address filtering with IP filtering
B (Since the back end uses a RADIUS server for back-end authentication, the network administrator can install 802.1x using EAP with MSCHAPv2 for authentication.)
You need to connect to a Linux server to conduct some maintenance. The server is located in a remote office about 50 miles from your own. You decide to connect the server remotely instead of driving to the location to save some time, but you want to ensure you do this securely. The Linux server has VNC installed, but it isn't configured to provide an encrypted connection. Which of the following should you use to secure the VNC connection to the remote server? HTTPS SSH in tunnel mode RDP WPA2
B (Since you want to use the existing VNC server to make the connection and it is unencrypted, you should tunnel the VNC protocol through a secure SSH connection to encrypt it. While an SSH client connects to a Secure Shell server, which allows you to run terminal commands as if you were sitting in front of another computer, it can also allow you to "tunnel" any port or protocol between your local system and a remote SSH server through its own encryption process. This allows you to add a layer of encryption and security to an unsecured protocol or application.)
A home user reports to a network technician that the Internet is slow. The network administrator discovers that multiple unknown devices are connected to the access point. What is MOST likely the cause? An evil twin has been implemented A successful WPS attack has occurred The user is experiencing ARP poisoning The user is connected to a botnet
B (Successful WPS attacks happen when the default username/password etc. has not been changed or reconfigured on the router. If your default username/password hasn't been changed, anybody can get into the settings and open the network. This is why additional unknown devices are on the network.)
You are assisting the company with developing a new business continuity plan. What would be the BEST recommendation to add to the BCP? Perform recurring vulnerability scans Build redundant links between core devices Maintain up-to-date configuration backups Physically secure all network equipment
B (The business continuity plan focuses on the tasks carried out by an organization to ensure that critical business functions continue to operate during and after a disaster. By keeping redundant links between core devices, critical business services can be kept running if one link is unavailable during a disaster. Some of the other options are good ideas, too, but this is the BEST choice.)
At which of the following OSI layer does QoS operate? Layer 1 Layer 3 Layer 5 Layer 7
B: Explanation: Quality of Service (QoS) occurs at both Layer 2 and Layer 3 of the OSI Model.
A technician is installing a network firewall and would like to block all WAN to LAN traffic that is using ports other than the default ports for Internet and email connectivity. What rule should the technician verify FIRST? All outbound traffic is blocked A DMZ has been created An implicit deny is enabled All inbound traffic is blocked
C
A technician is troubleshooting a newly-installed WAP that is sporadically dropping connections to devices on the network. Which of the following should the technician check FIRST during troubleshooting? WAP SSID Encryption type WAP placement Bandwidth saturation
C
Your physical security manager, Janice, wants to ensure she can detect any unauthorized access to the datacenter. Which technology should be used to meet her requirement? Smart card Biometric access Video surveillance Access badge reader
C (Since her requirement is to detect unauthorized access, video surveillance should be utilized. If she were trying to prevent access from occurring, the other three options would be able to provide that, but they cannot detect unauthorized access (for example, if the attacker stole a valid smart card or access badge).)
An administrator has a physical server with a single NIC. The administrator intends to deploy two virtual machines onto a single physical server. Each virtual machine needs two NICs, one that connects to the network, and a second that is a server to server heartbeat connection between the two virtual machines. After deploying the virtual machines, which of the following should the administrator do to meet the requirements? The administrator should create a virtual switch for each guest; each switch should be configured for inter-switch links and the primary NIC should have a NAT to the corporate network The administrator should create a virtual switch that is bridged to the corporate network, and a second virtual switch that carries intra-VM communication only The administrator should create a virtual switch to bridge all of the connections to the network; the virtual heartbeat NICs should be set to addresses in an unused range The administrator should install a second physical NIC onto the host, and then connect each guest machine's NICs to a dedicated physical NIC
C
What Ethernet feature will allow increased FCoE network throughput as long as all network devices recognize its specific size? Frame relay TCP offloading Jumbo frame Quality of service
C
You are troubleshooting a SQL server on the network. It has been unable to perform an uncompressed backup of the database because it needs several terabytes of disk space available. Which of the following devices should you install in order to have the MOST cost efficient backup solution? iSCSI scan FCoE SAN NAS USB flash drive
C (A NAS is a Network Attached Storage device, typically a bunch of cheap hard disks and usually arranged in a RAID consisting of either SAS (serial attached SCSI) or SATA disks just like the ones in most desktops.)
A company is installing several APs for a new wireless system that requires users to authenticate to the domain. The network technician would like to authenticate to a central point. What solution would be BEST to achieve this? TACACS+ device and RADIUS server TACACS and proxy server RADIUS server and access point RADIUS server and network controller .
C (A Remote Authentication Dial-in User Service (RADIUS) server provides AAA management for users connecting to a wired or wireless network, which includes the ability to authenticate users. As servers are inherently not built with wireless access capabilities, an access point would have to be included in the setup for the RADIUS to work correctly with wireless clients)
A project manager is tasked with the planning of a new network installation. The customer requires that everything discussed in the meetings will be installed and configured when a network engineer arrives onsite. Which document should the project manager provide the customer? Acceptable Use Policy Service Level Agreement Statement of Work Security Policy
C (A Statement of work (SOW) is a document that outlines all the work that is to be performed, as well as the agreed-upon deliverables and timelines.)
You are installing a network for a new law firm in your area. They have stated that they must have a guaranteed throughput rate on their Internet connection. Based on this requirement, what type of WAN connection should you recommend? Dial-up Cable broadband T-1 DSL
C (A T-1 connection provides a guaranteed 1.544 mbps of throughput. Dial-up, DSL, and cable broadband do not provide a guaranteed throughput rate. Instead, these services provide a variable throughput rate based on network conditions and demand in the area of your business.)
You are troubleshooting a wireless network. A user has complained that their iPad cannot connect to the wireless network from their desk in the corner of the office building. The user has no issues connecting to the wireless network with the tablet when they are located in the break room area at the center of the building. You measured the distance from their office to the 802.11 AC wireless access point, and it is about 170 feet. What is MOST likely the cause of the tablet not connecting to the WAP? Refraction Reflection Distance Absorption
C (A general rule of thumb in home networking says that Wifi routers operating on the traditional 2.4 GHz and 5.0 GHz bands can reach up to about 150 feet (46 m) indoors and 300 feet (92 m) outdoors. Since the distance is listed as 170 feet, the issue is likely caused by the user's office being too far from the WAP.)
A technician has finished configuring AAA on a new network device. However, the technician is unable to log into the device with LDAP credentials but is able to do so with a local user account. What is the MOST likely reason for the problem? Username is misspelled in the device configuration file IDS is blocking RADIUS Shared secret key is mismatched Group policy has not propagated to the device
C (AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems.)
Which protocol is used to establish a secure and encrypted VPN tunnel that can be initiated through a web browser? PPP PPTP SSL IPSec
C (An SSL VPN is a type of virtual private network that uses the Secure Sockets Layer protocol in a standard web browser to provide secure, remote-access VPN capability. In modern browsers and servers, it is more common to use TLS (transport layer security) which is the successor to SSL.)
A company has a secondary datacenter in a remote location. The cable management and power management are handled by the data center staff, while the building's security is also handled by the datacenter staff with little oversight from the company. Which of the following should the technician do to follow the best practices? Secure the patch panels Ensure power monitoring is enabled Ensure rack security Secure the UPS units
C (By ensuring rack security such as locks, RFID card locks, and swing handles, the technician adds an extra layer of security to the servers which is a best practice.)
What happens when convergence on a routed network occurs? All routers are using hop count as the metric All routers have the same routing table All routers learn the route to all connected networks All routers use route summarization
C (Routers exchange routing topology information with each other by using a routing protocol. When all routers have exchanged routing information with all other routers within a network, the routers are said to have converged. In other words: In a converged network, all routers "agree" on what the network topology looks like.)
Tim is a network administrator who is setting up three additional switches in his test lab. While configuring the switches, he is verifying the connectivity but finds that when he pings one of the switches using its IP address, he receives "Destination Unreachable". What kind of issue is this? Denial of service attack Misconfigured DNS settings Misconfigured Split Horizon RADIUS authentication errors
C (Split horizon is a method of preventing a routing loop in a network. If it is misconfigured, the switches would be unable to communicate with each other. None of the other answers provided would prevent communication between the switches.)
The UPS that provides backup power to your server is malfunction because its internal battery has died. To replace the battery, you must shutdown the server, unplug it from the UPS, and unplug the UPS from its power source (the wall outlet). You perform these actions but think that there has to be a better way to increase the availability of the server in the future. Which of the following recommendations would BEST increase the availability of the server based on your experience with the UPS battery replacement? Install a second UPS in the rack Install a surge protector instead Add a redundant power supply to the server Replace the UPS with a generator
C (The BEST recommendation would be to install a redundant power supply in the server. Adding a second UPS would not solve the problem if the server still only has one power supply available. Switching from a UPS to a generator will not solve this issue, either, because generators also requirement scheduled maintenance and downtimes. Finally, adding a surge protector won't provide power when you need to power off a UPS for a battery replacement.)
Janet is a system administrator who is troubleshooting an issue with a DNS server. She notices that the security logs have filled up and that they need to be cleared from the event viewer. She recalls this being a daily occurrence. Which of the following would BEST resolve this issue? Increase the maximum log size Log into the DNS server every hour to check if the logs are full Install an event management tool Delete the logs when full
C (Using an event management tool will allow the administrator to clear the event logs and move them from the server to a centralized database, if needed.)
You are trying to connect to a router using SSH to check its configuration. Your attempts to connect to the device over SSH keep failing. You ask another technician to verify that SSH is properly configured, enabled on the router, and is allowing access from all subnets. She attempts to connect to the router over SSH from her workstation and confirms all the settings are correct. Which of the following steps might you have missed in setting up your SSH client that is preventing you from connecting to the router? Change default credentials Perform file hashing Generate a new SSH key Update firmware
C (When configuring your SSH connection, you must ensure that a key is established between your client and the server. If you never setup an SSH key, you will need to generate a new key to get SSH to connect properly. Since the other technician was able to connect on her machine, we can rule out a SSH server issue, so it must be an issue with your account or client. The only option that relates solely to your account or client is the possibility that a key was not generated.)
A company has added a lot of new users to the network that is causing an increase in network traffic by 200%. Original projection by the engineers was that the new users would only add 20-30% more network traffic, not 200%. The network administrator suspects that a compromise of the network may have occurred. What should the network administrator have done previously to prevent this network breach? Create VLANs to segment the network traffic Place a network sniffer on segments with new employees Provide end user awareness and training for employees Ensure best practices were implemented when creating new user accounts
C (With new employees entering a company, often they are not fully aware of the company's Internet usage policy and safe Internet practices. Providing end user awareness and training for new employees help reduce the company's vulnerability to malicious entities on the Internet.)
Dion Training is trying to connect two geographically dispersed offices using a VPN connection. You have been asked to configure their networks to allow VPN traffic into the network. Which device should you configure FIRST? Switch Modem Firewall Router
C (You should FIRST configure the firewall, since the firewall is installed at the external boundary (perimeter) of the network. By allowing the VPN connection through the firewall, the two networks can be connected together and function as a single intranet (internal network).)
What CAT does 110 block support?
CAT 5 and better
A network administrator updated an Internet server to evaluate some new features in the current release. A week after the update, the Internet server vendor warns that the latest release may have introduced a new vulnerability and a patch is not available for it yet. Which of the following should the administrator do to mitigate this risk? Enable the host-based firewall on the Internet server Enable HIPS to protect the server until the patch is released Utilize WAF to restrict malicious activity to the Internet server Downgrade the server and defer the new feature testing
D
A network technician has configured a point-to-point interface on a router. Once the fiber optic cables have been run, though, the interface will not come up. The technician has cleaned the fiber connectors and used an optical power meter to confirm that light is passing in both directions without excessive loss. What is the MOST likely cause of this issue? EMI Cross-talk Distance limitation Wavelength mismatch
D
A network technician was tasked to install a network printer and share it to a group of five human resource employees. The technician plugged the device into a LAN jack, but was unable to obtain an IP address automatically. What is the cause of the problem? Incorrect DNS records Incorrect TCP port in ACL Split horizon is disabled DHCP scope is exhausted
D
Your company wants to create highly-available data centers. Which of the following will allow the company to continue to maintain an Internet presence at all sites in the event that the WAN connection at their own site goes down? Load balancer VRRP OSPF BGP
D ( If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available.)
An administrator has configured a new 100Mbps WAN circuit, but speed testing shows poor performance when downloading larger files. The download initially reaches close to 100Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the router interface and sees the following: NETRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line is upHardware is GigabitEthernet, address is 000F.33CC.F13AConfigured speed auto, actual 1Gbit, configured duplex fdx, actual fdxMember of L2 VLAN 1, port is untagged, port state is forwarding What is the issue? Reset the statistics counter for this interface Shutdown and restart the router Shutdown and then re-enable this interface Remove default 802.1q tag and set to server VLAN
D ( Since the VLAN port is untagged, it can be slowing down performance. It is recommended to remove the default VLAN tag and setup a server VLAN to increase performance.)
An administrator's router with multiple interfaces uses OSPF. When looking at the router's status, it is discovered that one interface is not passing traffic. Given the information below, what would resolve this issue? Output: Fast Ethernet 0 is up, line protocol is down Int ip address is 10.20.130.5/25 MTU 1500 bytes, BW 10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set Keep alive 10 Full duplex, 100Mb/s, 100 Base Tx/Fx Received 1052993 broadcasts 0 input errors 0 packets output, 0 bytes 0 output errors, 0 collisions, 0 resets Set the loopback address Set OSPF to area 0 Replace the line card Put the IP address in the right broadcast domain Enable the connecting port
D ( Since the line protocol is down, you will need to enable the connecting port to restore the connection.)
Which of the following network infrastructure implementations would be used to connect two remote sales machines back to the main campus for all of their data and voice network traffic? Crossover cable Single mode fiber Satellite MPLS
D (A crossover cable has a maximum distance of 300 ft over Cat5e. A satellite connection work for line of sight between the office and the satellite, but the signal isn't always reliable or fast enough. MPLS is based on a short path rather than a long path. Single mode fiber can carry different types of data signals over long distances without losing any integrity, therefore it is the best choice. You can lease a pair of single mode fibers from the local telecommunications provider (called dark fiber) since it will already be buried underground and ready for your use.)
What would provide the highest level of physical security for the client if they are concerned with theft of equipment from the datacenter? Cipher lock Proximity reader Magnetic key swipe Man trap
D (A man trap will ensure that only a single authorized person can get in or out of the building at one time. It provides the highest level of physical security among the choices given.)
A company is experiencing accessibility issues reaching services on a cloud-based system. What monitoring tools should be used to locate possible outages? Network sniffer Packet analyzer Protocol analyzer Network analyzer
D (A network analyzer is a useful tool, helping you do things like track traffic and malicious usage on the network. A software tool like Wireshark is a network analyzer and protocol analyzer.)
You are creating a wireless link between two buildings in an office park utilizing the 802.11ac standard. The antenna chosen must have a small physical footprint and a minimal weight as it will be mounted on the outside of the building. Which type of antenna should you install? Whip Omni-directional Parabolic Patch
D (A patch antenna is a type of radio antenna with a low profile, which can be mounted on a flat surface. A patch antenna is typically mounted to a wall or a mast and provides coverage in a limited angle pattern. A yagi or directional antenna could also be used, but if the distance is smaller than about 300 feet between the buildings, using a patch antenna would be sufficient. For longer distances, a yagi would be utilized instead, but these do weight more and have a larger footprint.)
You have been dispatched to investigate some sporadic network outages. After looking at the event logs for the network equipment, you found that the network equipment has been restarting at the same time every day. What should you implemented to correct this issue? Air flow management Grounding bar Surge protector UPS
D (An Uninterruptible power supply (UPS) is a battery system that can supply short term power to electrical units. Since all the devices are restarting at the same time, it is likely due to a power outage. In this case, a UPS would continue to supply power to the network equipment during outages or blackouts.)
An organization requires a second technician to verify changes before applying them to network devices. When checking the configuration of a network device, a technician determines that a coworker has improperly configured the AS number on the device. Which of the following might be the result of this? The OSPF not-so-stubby area is misconfigured Reduced wireless network coverage Spanning tree ports in flooding mode BGP routing issues
D (BGP (Border Gateway Protocol) is used to route data between autonomous systems (AS). A collection of networks that fall within the same administrative domain is called an autonomous system (AS). The routers within an AS use an interior gateway protocol, such as the Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF) protocol, to exchange routing information among themselves.)
A common technique used by malicious individuals to perform a man-in-the-middle attack on a wireless network is: ARP cache poisoning Amplified DNS attacks Session hijacking Creating an evil twin
D (Evil Twin access points are the most common way to perform a man-in-the-middle attack on a wireless network.)
A network technician discovers an issue with spanning tree on the core switch. Which step should the network technician perform NEXT when troubleshooting to resolve the issue? Test a theory to determine the cause Escalate to a senior technician Identify the symptoms Establish a theory of probable cause
D (If the technician has already discovered the issue, the symptoms have already been identified. Testing the theory comes after you have established a theory, which can only come once the issue has been discovered. Establishing a theory of probable cause allows you to continue with the next steps in troubleshooting the issue.)
A network engineer is designing a campus-wide wireless network. Wireless access points will be distributed across the campus for maximum availability. The network is to be designed to handle a large number of roaming wireless devices. What feature should he employ? VLAN pooling Subnetting WPA2 LWAPP
D (LWAPP is the best choice because it serves as a standard single point that allows quick and efficient management of multiple wireless devices at a time.)
What is an example of a signaling protocol used in VoIP telephony? VRRP H.323 RTSP SIP
D (SIP is the Session Initiation Protocol and it is used for VoIP and audio/video conferencing. Alternatively, you could use the process of elimination to find the correct answer. VRRP is the (virtual router redundancy protocol) that automatically assigns IP routers to hosts, H 323 is something that works with A/V (audio visual), RTSP is a real time streaming protocol designed to control media servers, and SIP is a session initiation protocol. SIP is a signaling protocol used on the application layer.)
A network technician has been asked to make the connections necessary to add video transported via fiber optics to the LAN within a building. There will be one fiber connector for the Tx port and another connector for the Rx port. Which of the following is the MOST common connector that will be used on the switch to connect the media converter? FDDI Fiber coupler RJ-45 ST
D (Straight Tip (ST) fiber connections are the most common ones used in fiber optic connections in LAN networking applications, therefore this is most likely the correct answer.)
You are configuring a point-to-point link and want to ensure it is configured for the most efficient use of your limited pool of available public IP addresses. Which of the following subnet masks would be BEST to use in this scenario? /24 /28 /29 /30
D (The most efficient subnet mask for a point-to-point link is actually a /31 subnet, which only provides 2 addresses. This will only work if both routers are using a newer routing protocol like OSPF, IS-IS, EIGRP, or RIPv2 (or above). The tried and true method is to use a /30, though, which uses 4 IP addresses. The first is the network IP, the last is the broadcast, and the other 2 IPs can be assigned to the routers on either end of the point-to-point network. For the exam, if you see the option of /30 or /31, remember, they can be used for point-to-point networks.)
A company utilizes a patching server to regularly update its PCs. After the latest round of patching, all of the older PCs with non-gigabit Ethernet cards become disconnected from the network and now require a technician to fix the issue locally at each PC. What could be done to prevent this problem next time? Require the patching server to update the oldest PCs off hours Enable automatic rebooting of the PCs after patching is completed Throttle the connection speed of the patching server to match older PCs Disable automatic driver updates to PCs on the patching server
D (The most likely cause of this issue was a forced driver update being pushed from the update server to the older PCs, breaking their ability to use their network cards. It is best to disable automatic driver updates for PCs and have them tested first.)
A user has installed a new wireless printer on the network. The user cannot get it connected to the Internet, but can print locally. All other office users can reach the Internet, but cannot connect to the new wireless printer. All users are wireless in this part of the office. What MOST likely has occurred? They installed the printer in infrastructure mode They installed the printer in the wrong subnet They misconfigured the gateway on the wireless printer They installed the printer in ad-hoc mode
D (The printer is most likely in ad-hoc mode, which is also known as IBSS. In this type of network, devices talk directly to each other but have no connection outside of this "self-created" network.)
What would be used in an IP-based video conferencing deployment? RS-232 56k modem Bluetooth Codec
D (The term "codec" is a concatenation of "encoder" and "decoder". In video conferencing, a codec is a software (or can be a hardware) that compresses (encodes) raw video data before it is transmitted over a network. Generally, audio/video conferencing systems utilize the H.323 protocol with various codecs like H.263 and H.264 to operate.)
If you have an ISDN or T-1 connection, it can deliver multiple voice calls over a copper wire using which of the following technologies? CSMA/CD Time division spread spectrum Analog circuit switching Time division multiplexing
D (Time-division multiplexing allows for two or more signals or bit streams to be transferred in what appears to be simultaneous sub-channels in one communication channel, but are physically taking turns on the channel. This is the technology used in a single PRI (ISDN or T-1) service to essentially share a single cable but pass multiple voice calls over it.)
A technician is called to investigate a connectivity issue to a remote office that is connected by fiber optic cable. Using a light meter, it is determined that the Db loss is excessive. The installation has been working for several years. The switch was recently moved to the other side of the room and a new patch cable installed. Which of the following is most likely the reason for this problem? Distance limitations Wavelength mismatch Bend radius limitation Dirty connectors
D (When Fiber Optic Connectors become dirty, the loss of signal can cause severe problems and performance issues. The technician will need to use appropriate cleaning cloth to clean the dirty connectors and restore the service.)
A technician has installed an 802.11n network and most users are able to see speeds of up to 300Mbps. There are few users who have an 802.11n network card but are unable to get speeds higher than 108Mbps. What should the technician do to fix the issue? Upgrade the OS version to 64-bit Roll back the firmware on WLAN card Install a vulnerability patch Upgrade the WLAN card driver
D (Wireless N networks can support up to 600Mbps with the proper software drivers for the network cards. Without them, they can only achieve 108Mbps since they cannot communicate with the increased data compression rates.)
Multiple students within a networking lab are required to simultaneously access a single switch remotely. The administrator checks and confirms that the switch can be accessed using the console, but currently only one student can log in at a time. What should be done to fix this issue? Increase installed memory and install a larger flash module Increase the number of VLANs configured on the switch Decrease the number of VLANs configured on the switch Increase the number of virtual terminals available
D (You can set a limit of how many virtual terminals can simultaneously connect to a switch. Here, the limit is set to one and we should increase it to solve the issue.)
Since you are converting an old closet into an IDF, you need to ensure you have 3 main things first:
Power, Space, and Cooling. You already verified there was adequate power and space, so now you need to determine if there is adequate air flow and cooling to prevent the equipment from overheating. After that, you can then move into determining how to supply backup power (UPS or redundancy).
What CAT does 66 block support?
Pre-CAT 5
A crossover cable is created by wiring the connectors at each end differently, so that Tx on one connector goes directly to __ on the other connector and vice versa
Rx
What type of cable would you use to connect a switch to a hub?
crossover
Specify the 802.11a, b, g, etc. distances
specify them