Dion Test 5

A technician is installing a network firewall and would like to block all WAN to LAN traffic that is using ports other than the default ports for internet and email connectivity. What rule should the technician verify FIRST?

An implicit deny is enabled -An implicit deny is when a user or group is not granted a specific permission in the security settings of an object, but they are not explicitly denied either. I

You are investigating a network connectivity issue that is affecting two of your network clients. When you check the switchports of these clients, you observe that the switchports' physical interfaces are continually going up and down. Which of the following is the most likely reason for the flapping of the switchports you are observing?

The continuous up and down states indicate a physical layer problem. Addressing cable issues should resolve the flapping.

Which of the following components is used by an agent to send a single key-pair value about a significant event or condition that is occurring in real-time to a manager?

Granular Trap

Which of the following technologies allows an administrator to create virtual machines by abstracting the operating system and applications from the underlying hardware?

Hypervisor

Which device actively defends the network by detecting threats and shutting down ports or changing configurations to prevent attacks?

IPS

At which of the following OSI layer does QoS operate?

Layer 3

What is used to distribute traffic across multiple sets of devices or connections to increase the overall efficiency of the network and its data processing?

Load balancing

Which of the following describes a design where traffic is shared between multiple network servers to provide greater throughput and reliability?

Load balancing

What anti-malware solution is installed as a dedicated on-premise appliance to scan all incoming traffic and prevent malware from being installed on any of your clients without requiring the installation of any software on your clients?

Network based anti-malware

A cybersecurity analyst wants to install a network appliance to conduct packet capturing of the network traffic between the router and the firewall on the network. The device should not be installed in-line with the network, so it must receive a copy of all traffic flowing to or from the firewall. Which of the following tools is required to meet these requirements?

Network tap

A company utilizes a patching server to update its PCs regularly. After the latest patch deployment, all of the older PCs with non-gigabit Ethernet cards become disconnected from the network and now require a technician to fix the issue locally at each PC. What could be done to prevent this problem next time?

The most likely cause of this issue was a forced driver update being pushed from the update server to the older PCs, breaking their ability to use their network cards. It is best to disable automatic driver updates for PCs from the patching server by default and instead test them individually first.

A network technician has configured a point-to-point interface on a router. Once the fiber optic cables have been run, though, the interface will not come up. The technician has cleaned the fiber connectors and used a fiber light meter to confirm that light passes in both directions without excessive loss. Which of the following is MOST likely the cause of this issue?

Wavelength mismatch occurs when two different transceivers are used at each end of the cable. For example, if one SFP uses a 1310nm transceiver and the other end uses a 850 nm transceiver, they will be unable to communicate properly and the link will remain down.

You are conducting a port scan of an older server on your network to determine what services are being run on it. You find that ports 80 and 443 are open, but ports 20 and 21 are reported as closed. All other ports are reported as FILTERED. Based on this report, what can you determine about the server?

When a port scanner returns a result of CLOSED, it means the service denies the inbound traffic on that port. In this case, it denies FTP traffic on ports 20 and 21. This server runs a web server (port 80 and 443), but those are showing as OPEN and receiving traffic. The network firewall is blocking all the FILTERED ports.

Point-to-Point Protocol (PPP)

is a TCP/IP protocol that is used to connect one computer system to another.

Point-to-Point Protocol (PPP)

is a TCP/IP protocol that is used to connect one computer system to another. Computers use PPP to communicate over the telephone network or the Internet.

A CNAME record

is a canonical name or alias name, which associates one domain name as an alias of another (like beta.diontraining.com and www.diontraining.com could refer to the same website using a CNAME).

A digital subscriber line (DSL) modem

is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connection to the Internet.

A Statement of Work (SOW)

is a document that outlines all the work that is to be performed, as well as the agreed-upon deliverables and timelines

Signature-based anti-malware

is a generic category of malware that may be implemented through host-based, network-based, or cloud-based anti-malware solutions. Anti-malware either operates using signature-based detection, behavioral-based detection, or heuristic-based detection.

A software-defined wide area network (SDWAN)

is a network that is abstracted from its hardware which creates a virtualized network overlay.

Cloud antivirus

is a programmatic solution that offloads antivirus workloads to a cloud-based server, rather than bogging down a user's computer with a complete antivirus suite. Cloud-based solutions do not use on-premise appliances as part of their installation.

Multipoint GRE (mGRE)

is a protocol that can be used to enable one node to communicate with many nodes by encapsulating layer 3 protocols to create tunnels over another network. The mGRE protocol is often used in Dynamic Multipoint VPN (DMVPN) connections.

Multiprotocol Label Switching (MPLS)

is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows.

Internet Protocol Security (IPsec)

is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network and is used heavily in virtual private networks, but not with web browser initiated ones.

A branch office

is a smaller office that connects back to an on-premise solution or maintains their own smaller version of an on-premise solution.

A virtual switch (vSwitch)

is a software application that allows communication between virtual machines by intelligently directing the communication on a network and checking data packets before moving them to a destination

Border Gateway Protocol

is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet.

The Domain Name System Security Extensions (DNSSEC)

is a suite of extension specifications by the Internet Engineering Task Force for securing data exchanged in the Domain Name System in Internet Protocol networks.

Teredo

is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network.

A persistent agent

is agent software that resides on the client making the connection, and a non-persistent agent is software the client runs (usually from a browser) as they are connecting so the agent can perform the checks, but the software does not permanently stay with the client after they disconnect. This is beneficial in BYOD (Bring Your Own Device) policies.

Enhanced Interior Gateway Routing Protocol (EIGRP)

is an Interior Gateway Protocol (IGP) designed as an advanced distance-vector routing protocol used on a computer network for automating routing decisions and configuration.

The Routing Information Protocol (RIP)

is an Interior Gateway Protocol (IGP) designed to distribute routing information within an Autonomous System (AS).

A virtual network interface (vNIC)

is an abstract virtualized representation of a computer network interface that may or may not correspond directly to a network interface controller.

Network Access Control (NAC)

is an approach to computer security that attempts to unify endpoint security technology (such as anti-virus, host intrusion prevention, and vulnerability assessment), user or system authentication, and network security enforcement. When a remote workstation connects to the network, NAC will place it into a segmented portion of the network (sandbox), scan it for malware and validate its security controls, and then based on the results of those scans, either connect it to the company's networks or place the workstation into a separate quarantined portion of the network for further remediation.

A smartjack

is an intelligent network interface device (NID) that serves as the demarcation point between the telecommunication service provider's local loop and the customer's premise wiring. A smartjack provides more than just a termination for the connection of the wiring, but also may provide signal conversion, converting codes, and protocols to the type needed by the customer's equipment, as well as diagnostic capabilities.

The Point-to-Point Tunneling Protocol (PPTP)

is an obsolete method for implementing virtual private networks

A virtual LAN (VLAN)

is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).

A DHCP broadcast

is used by a client to discover a DHCP server and negotiate a DHCP address

SLAAC

is used to automatically assign an IPv6 address to a host.

A fiber optic modem (FOM)

is used to connect a client's local area network to a high-bandwidth fiber-optic network for wide area network connectivity.

A Data Over Cable Service Interface Specification (DOCSIS) modem

is used to connect a client's local area network to a high-bandwidth internet service provider over an existing coaxial cable TV system.

A network tap

is used to create a physical connection to the network that sends a copy of every packet received to a monitoring device for capture and analysis

The DNS text (TXT) record

lets a domain administrator enter text into the Domain Name Systems. The TXT record was originally intended as a place for human-readable notes. However, now it is also possible to put some machine-readable data into TXT records. TXT records are a key component of several different email authentication methods (SPF, DKIM, and DMARC) that help an email server determine if a message is from a trusted source.

Which of the following is often used to allow one node to communicate with many other nodes, such as in DMVPN connections?

mGRE

Quality of Service (QoS)

occurs at both Layer 2 and Layer 3 of the OSI Model. Layer 2 Quality of Service (QoS) allows for traffic prioritization and bandwidth management to minimize network delay using Cost of Service (CoS) classification, and DSCP marking under the 802.1p standard. Layer 3 Quality of Service (QoS) allows for managing the quality of network connections through its packet routing decisions.

Host-based anti-malware

relies upon the installation of an agent to detect threats such as viruses, spam, and rootkits to protect the client it is installed upon. Host-based malware often uses signatures to detect and remove malicious code.

An ARP broadcast

sends a request packet to all the machines on the LAN and asks if any of the machines know they are using that particular IP address.

A DNS service (SRV) record

specifies a host and port for specific services such as voice over IP (VoIP), instant messaging, and others.

A crossover cable

would be used if you needed to connect a computer to a computer in a peer-to-peer network, or if you needed to connect two switches together that didn't support MDIX.

In a colocation arrangement

your organization would place their servers and network equipment in a data center environment owned by another company. Essentially, you would rent space in their datacenter instead of having to build your own.

Which of the following ports should a client use to automatically request an IP address from the server?

67

Which of the following IEEE specifications describes the use of the spanning tree protocol (STP)?

802.1d

What access control model will a network switch utilize if it requires multilayer switches to use authentication via RADIUS/TACACS+?

802.1x

What is BEST used to perform a one-time temporary posture assessment in a NAC environment?

A non-persistent agent is used to access the device during a one-time check-in at login.

A network technician needs to install a server to authenticate remote users before accessing corporate network resources when working from home. Which kind of server should the network technician implement?

RAS -A remote access server (RAS) or remote desktop gateway is a type of server that provides a suite of services to connect users to a network or the Internet remotely.

A network engineer has been tasked with designing a network for a new branch office with approximately 50 network devices. This branch office will connect to the other offices via a MAN and using a router as their gateway device. Many of the other branch offices use off-the-shelf SOHO equipment. It is a requirement that the routing protocol chosen use the least amount of overhead. Additionally, all the computers on the network will be part of a single VLAN. The connection between these computers should produce the highest throughput possible in the most cost-effective manner. Which routing protocol should be used with the gateway router and what device should you select to connect the computers within the branch office?

RIPv2 is a classless, distance vector routing protocol that will include the subnet mask with the network addresses in its routing updates. RIPv2 has the least overhead of the four routing protocol options presented in this question. If you were not sure about this, you could look at answer the second half of the question concerning the interconnection of the computers within the branch office instead and try to eliminate some of the wrong options.

A project manager is tasked with the planning of a new network installation. The customer requires that everything discussed in the meetings is installed and configured when a network engineer arrives onsite. Which document should the project manager provide the customer?

Statement of work

You have been asked to connect a new computer to a 100BaseTX network switch on switchport 3. Which type of cable should you utilize?

Straight through

Dion Training wants to create a DNS record to enter DKIM or SPF information into the domain name system to help prevent from spam coming from their domain. Which type of DNS record should be created?

TXT

You are connecting a new IPv6 device to your network, but your routers only support IPv4 protocols. Which of the following IP addressing solutions would solve this challenge?

Teredo tunneling

You are working at the demarcation point between your network and the telecommunication service provider's network. Which of the following devices serves as the demarcation point between the two networks?

Smartjack

Your company's corporate headquarters provided your branch office a portion of their Class C subnet to use at a new office location. You must allocate the minimum number of addresses using CIDR notation in order to accommodate each department's needs. What is the correct CIDR notation for the Marketing department's subnet which requires 11 devices?

/28 -Since the Marketing department needs 11 devices plus a network ID and broadcast IP, it will require 13 IP addresses. The smallest subnet that can fit 13 IPs is a /28 (16 IPs). A /28 will borrow 4 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^4 available host IP addresses, or 16 total IP addresses. Of the 16 IP addresses, there are 14 available for clients to use, one for the network ID, and one for the broadcast address.

Which of the following levels would a critical condition generate?

2

You are troubleshooting your company's T-1 connection to your ISP. The ISP has asked you to place a loopback on the device which connects your T-1 line to their central office. Which of the following devices should you connect a loopback adapter to test the connection?

A CSU/DSU (Channel Service Unit/Data Service Unit) is a hardware device about the size of an external modem that converts digital data frames from the communications technology used on a local area network (LAN) into frames appropriate to a wide-area network (WAN) and vice versa. A CSU/DSU is used to terminate a T1 connection at the customer's site.

Which of the following is used to capture the logs from different devices across the network to correlate different events across multiple servers and clients?

A Syslog server is used to capture logs from different devices. It allows for the correlation of logs to simplify log review and an analyst's ability to respond to alerts. For example, Syslog messages can be generated by Cisco routers and switches, servers and workstations, and collected in a central database for viewing and analysis.

Jason is conducting a security audit of Dion Training's VPN concentrator. As he reviews the connection logs, he notices a teleworking employee is connected to the company's VPN with an unexpected source IP address that is located in California. Jason knows that none of the employees work from California, though. What might the employee be using that is causing their IP address to be located in California?

A proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. For example, if the employee is located in Florida but is connected to a proxy server in California, all of their network traffic will go from Florida to California, and then to the final destination. In this example, the final destination was the VPN concentrator for Dion Training, so the California IP address is entered into the VPN concentrator's logs.

Which of the following protocols is considered an external routing protocol?

BGP

You have been asked to configure a router. Which of the following protocols should you enable to allow the router to determine the path to another network?

BGP -BGP (Border Gateway Protocol) is a protocol that operates at layer 3 of the OSI model. Since the question asks about a router, you need to identify a routing protocol that would enable the router to determine the path to another network using IP (layer 3) information.

You recently started a new job with Facebook as a network technician. You have been asked to connect several of their buildings together to form a larger network. All of the buildings are within walking distance of each other. What type of network are you creating?

CAN

Which of the following layers within software-defined networking determines how to route a data packet on the network?

Control layer

A network technician was tasked to install a network printer and share it with a group of five instructors at Dion Training. The technician plugged the device into a switch port and noticed the link light turned green. Unfortunately, the printer was unable to obtain an IP address automatically. Which of the following is a potential reason for this error?

DHCP scope is exhausted -The DHCP scope is used as a pool of IP addresses that can be assigned automatically. The issue might be that there are no more IP addresses left in the scope, and is therefore exhausted.

You have been asked to recommend a capability to monitor all of the traffic entering and leaving the corporate network's default gateway. Additionally, the company's CIO requests to block certain content types before it leaves the network based on operational priorities. Which of the following solution should you recommend to meet these requirements?

Due to the requirements provided, you should install a NIPS on the gateway router's internal interface and a firewall on the external interface of the gateway router. The firewall on the external interface will allow the bulk of the malicious inbound traffic to be filtered before reaching the network. Then, the NIPS can be used to inspect the traffic entering the network and provide protection for the network using signature-based or behavior-based analysis. A NIPS is less powerful than a firewall and could easily "fail open" if it is overcome with traffic by being placed on the external interface. The NIPS installed on the internal interface would also allow various content types to be quickly blocked using custom signatures developed by the security team.

A technician added memory to a router, but the router refuses to recognize the new memory module. The router is then powered down, and the technician relocates all of the memory to different modules. On startup, the router does not boot and displays memory errors. Which of the following is the MOST likely cause of this issue?

ESD -The most likely cause is that the memory chips are faulty because they have suffered from electrostatic discharge (ESD) during the chips' installation and movement.

A wireless technician wants to configure a wireless network to identify itself to visitors by including the word "Guest" in the name. This wireless network needs to provide coverage to the entire building and requires 3 wireless access points to accomplish this coverage level. What would allow users to identify the wireless network by its displayed name as a single network?

ESSID broadcast

Which of the following technologies allows two or more links to pass network traffic as if they were one physical link?

LACP -The Link Aggregation Control Protocol (LACP) enables you to assign multiple physical links to a logical interface that will appear as a single link to a route processor. LACP is used to combine multiple network connections in parallel to increase throughput beyond what a single connection could sustain and to provide redundancy in case one of the links should fail. LACP is defined in the IEEE 802.3ad standard.

Dion Training has just installed a brand new email server. Which of the following DNS records would need to be created to allow the new server to receive email on behalf of diontraining.com?

MX -an MX record is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic

One of your coworkers recently installed a new game they found for free online. Ever since then, their computer has acted strange and is operating extremely slow. What type of attack are they likely a victim of?

Malware

You received an incident response report indicating a piece of malware was introduced into the company's network through a remote workstation connected to the company's servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?

NAC

Which of the following types of hosting would an organization use if they wanted to maintain their own datacenter in their worldwide headquarters?

On-premise -If you use an on-premise data center, then you are using a traditional, private data infrastructure where your organization has its own datacenter that houses all of its servers and networking equipment that will support its operations

Your network administrator has handed you some documentation showing you which switch ports on a patch panel you need to connect with a CAT 5e patch cable for an upcoming network upgrade. What document are you MOST likely holding?

Physical network diagram

You are setting up uplink ports for multiple switches to communicate with one another. All of the VLANs should communicate from the designated server switch. Which of the following should be set on the trunk ports if VLAN 1 is not the management VLAN?

Port Tagging -The 801.q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it.

Your company just moved into a beautiful new building. The building has been built with large glass windows covering most of the walls and ceiling to provide natural light throughout the offices. You have noticed that your cell phone gets poor cellular connectivity when inside the building. What is the MOST likely cause of the poor cellular reception within the building?

Reflection -A cellular signal is comprised of radio waves, just like 802.11 wireless networks. Just like light, radio waves can bounce off of certain surfaces and materials. Metal and glass are considered highly reflective materials which can cause poor cellular service and connectivity within office buildings that use intricately designed glass walls and ceilings. If a large amount of reflection occurs, signals can be weakened and cause interference at the receiver's device.

Which of the following ports are used to provide secure remote connection sessions over the Internet?

SSH - Port 22 Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system.

Which protocol is used to establish a secure and encrypted VPN tunnel that can be initiated through a web browser?

SSL -An SSL VPN is a type of virtual private network that uses the Secure Sockets Layer protocol in a standard web browser to provide secure, remote-access VPN capability. In modern browsers and servers, it is more common to use TLS (transport layer security) which is the successor to SSL

Which of the following commands is used to display the statistics for a given switchport on a Cisco switch?

Show interface

Dion Training has begun to notice slow response times from their internal network file server to workstations on their local area network. After adding several new employees and workstations, the network administrator determined that the server is experiencing requests for up to 2 Gbps of simultaneous data transfer which has resulted in congestion at the server's NIC. Which of the following actions should the network administrator implement to remove this performance bottleneck?

Since the bottleneck has been identified as the server's NIC card, a second network interface card (NIC) should be installed, NIC teaming should be implemented, and 802.3ad (LACP) should be configured on the switch. NIC teaming allows a server to load balance any data sent or received across two network interface cards, effectively doubling the server's network throughput. The switch should be configured to support LACP, the link aggregation control protocol, to support the NIC teaming on the server. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections.

Your college campus has a datacenter in the main building. There is a campus book store is located about 500 meters across the campus that needs to be connected to the datacenter. Which of the following network infrastructure implementations should be used to connect the book store's network back to the datacenter for all of their data and voice network traffic?

Single-mode fiber optic cables can carry different data and voice signals over long distances without losing any integrity. Therefore, a fiber optic cable would be the best choice for this implementation.

Your company has just gotten a new OC-12 installed to support your datacenter. The telecommunications provider has installed the connection from their main offices to your demarcation point. You connect the OC-12 to your network, but you are noticing many dropped packets and errors. You suspect this may be a layer 1 issue. Which of the following tools can you use to help identify the source of the issue on this connection?

The question talks about an OC-12 connection, which is an optical carrier or fiber optic cable. Based on that, you know the only one of these options has anything to do with a fiber cable, and that is the OTDR (Optical Time-Domain Reflectometer). An optical time-domain reflectometer (OTDR) is an optoelectronic instrument used to characterize an optical fiber. An OTDR injects a series of optical pulses into the fiber under test and extracts, from the same end of the fiber, light that is scattered (Rayleigh backscatter) or reflected back from points along the fiber.

An administrator would like to test out an open-source VoIP phone system before investing in the associated hardware and phones. Which of the following should the administrator do to BEST test the software?

To test out the system before purchasing it, he should connect to a virtual PBX with a SIP phone application and ensure it meets his needs. Deploying new SIP appliances would be costly; therefore, a bad choice.

You have just replaced the edge switch on the second floor of Dion Training. After you finish, a user states they can no longer access the network but everything was working fine yesterday before you replaced the switch. The user's coworkers claim their computers are able to access the network without any issues. You check the back of the user's workstation and you do not see any LED lights lit or blinking on their network interface card. Which of the following should you check next to solve this issue?

Verify the network cable is attached to the new switch

Your network security manager wants a monthly report of the security posture of all the assets on the network (e.g., workstations, servers, routers, switches, firewalls). The report should include any feature of a system or appliance that is missing a security patch, OS update, or other essential security feature and its risk severity. Which tool would work best to find this data?

Vulnerability scanner -A vulnerability scanner is a computer program designed to assess computers, computer systems, networks, or applications for weaknesses. Most vulnerability scanners also create an itemized report of their findings after the scan.

You have been contracted by Dion Training to conduct a penetration test against its learning management system (LMS). The LMS is a web application that is hosted in the organization's DMZ. Which of the following appliance allow lists should the organization add your source IP in before the engagement begins?

WAF -The learning management system (LMS) is a web application, therefore the source IP of the attacking workstation needs to be added to the web application firewall's allow list to prevent it from being blocked. Adding a source IP address to the allow list will exclude it from ACL rules and other signatures. This prevents an active device, like a web application firewall (WAF), layer 4 firewall, or an intrusion protection system (IPS) from blocking the penetration tester during the assessment. By having your IP added to the allow list, you can focus your time and efforts on finding vulnerabilities with the servers themselves instead of trying to break through a compensating control like a WAF or IPS.

ESSID

a wireless network can utilize multiple wireless access points to broadcast a single network name for access by the clients.

PTR records

are used for the Reverse DNS (Domain Name System) lookup. Using the IP address, you can get the associated domain/hostname. An A record should exist for every PTR record.

Rollover or console cables

are used to connect a computer to a console port on a router in order to configure the device

Straight-through cables

are used to connect a computer to a hub or switch

Which of the following tools allows you to view and modify the layer 2 to layer 3 address bindings?

arp -The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network.

The network-based anti-malware

can help prevent malware attacks by scanning all incoming data to prevent malware from being installed and infecting a computer. Network-based anti-malware solutions can be installed as a rack-mounted, in-line network appliance in your company's on-premise datacenter to protect every client and server on the network without having to install software on each of the clients. Network-based anti-malware solutions often come as part of a unified threat management (UTM) appliance.

BSSID

can only utilize a single access point in each wireless network

A Start of Authority (SOA) resource record

indicates which Domain Name Server (DNS) is the best source of information for the specified domain.