JD's Q & A Network+
What happens if there is 568A/568B mismatch?
No connectivity at all. Crosstalk and intermittent connectivity doesn't pertain to this kind of cable mismatch.
Which of the following defines how long DNS settings are stored in cache before they are updated? a) TTL b) REFRESH c) NULL d) EXPIRE
a) TTL
Which of the following policies or plans provides the framework for how an organization will react to a malware infection within their network? a) System Life cycle plan b) Incident Response Plan c) Acceptable Use Policy d) BYOD policy
b) Incident Response Plan #An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work.
A virtual private network (VPN)
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
Traffic shaping
Traffic shaping, also known as packet shaping, is the manipulation and prioritization of network traffic to reduce the impact of heavy users or machines from affecting other users. Traffic shaping is used to optimize or guarantee performance, improve latency, or increase usable bandwidth for some kinds of packets by delaying other kinds.
What is VLAN trunking?
VLAN trunking is the process of transferring VLAN traffic between two or more switches.
Wardriving
Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone.
FCoE, Fibre Channel, and iSCSI are connection types used in: a) SAN b) VLAN c) NAS d) SDN
a) SAN
Which of the following wireless characteristic does channel bonding improve? a) Encryption strength b) Connection speed c) Coverage area d) Signal strength
b) Connection speed #Channel bonding is a practice commonly used in IEEE 802.11 implementations in which two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices. #Signal strength only refers to the maximum transmitted power by an antenna.
MGCP (Media Gateway Control Protocol)
udp/2427, udp/2727 - Call control for VoIP
Single Mode Fiber 1000Base-T
Long-range communication, Up to 100 km #1000Base-FX and 1000Base-LR for SMF. #1000Base-T is a standard for Gigabit Ethernet over copper wiring.
Asymmetric routing
#Asymmetric routing is when network packets leave via one path and return via a different path (unlike symmetric routing, in which packets come and go using the same path). #Remember, asymmetric routing doesn't cause any routing issues necessarily, but they do cause issues with dropped packet flows by our security devices like firewalls and unified threat management systems, so you need to consider this in the design of your network architectures to prevent this issue from occurring. If you don't, then packet flow drops will occur and your clients can experience network intermittent connectivity.
VDI (Virtual Desktop Infrastructure)
#Virtual desktop infrastructure (VDI) is a software technology that separates the desktop environment and associated application software from the physical client device that is used to access it. #A virtualization implementation that separates the personal computing environment from a user's physical computer.
What happens when convergence on a routed network occurs?
All routers learn the route to all connected networks. #Routers exchange routing topology information with each other by using a routing protocol. When all routers have exchanged routing information with all other routers within a network, the routers have converged. In other words: In a converged network, all routers "agree" on what the network topology looks like.
Optical reader technology
An optical reader is a device found within most computer scanners that can capture visual information and translate the image into digital information the computer is capable of understanding and displaying.
Kerberos vs RADIUS, TACACS+ & PAP regarding authentication.
Kerberos doesn't require additional encryption because it uses mutual authentication. That's why kerberos is used to send data over insecure networks. RADIUS, TACACS+ & PAP require additional encryption.
Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)
MS-CHAP v2 is a password-based authentication protocol that is widely used as an authentication method in PPTP-based (Point to Point Tunneling Protocol) VPNs and can be used with EAP.
Distance coverage by NFC, bluetooth and wifi
NFC: 4cm or less Bluetooth: Up to 10 meters Wi-Fi : Up to 150 meters. (Bluetooth and wifi for data exchange & communication. NFC for communication. )
Rollover or console cable
Used to connect computer to a console port of router, switches etc.. Not directly connect a computer to a router, switches..
The Interior Gateway Routing Protocol (IGRP)
#(IGRP) is a distance-vector interior gateway protocol developed by Cisco to exchange routing data within an autonomous system. IGRP is used with layer 3 devices (routers) and not layer 2 devices (switches). #Cisco proprietary, distant vector protocol that is classful (no VLSM), has a max hop count of 255, Update Timer of 90 seconds, Invalid Timer of 270 seconds, Holddown Timer of 280 seconds, Flush Timer of 630 seconds, and Administrative Distance 100, uses ASNs for activation.
clientless SSL VPN
#A browser-based VPN that allows remote users to securely access corporate resources from any location. #Clients use an HTTP over an SSL connection #Once they authenticate, they'll see a portal page where they can access specific, predefined internal resources.
BAS SoC CAN
#A building automation system (BAS) for offices and data centers ("smart buildings") can include physical access control systems, but also heating, ventilation, and air conditioning (HVAC), fire control, power and lighting, and elevators, and escalators. A vehicular network is called a controller area network (CAN). #A CAN uses serial communication buses to connect electronic control units and other subsystems in cars and unmanned aerial vehicles (UAV). #System-on-chip (SoC) is a design where all these processors, controllers, and devices are provided on a single processor die or chip.
Difference between "chain of custody" and "legal hold".
#Chain of custody refers to documentation that identifies all changes in the control, handling, possession, ownership, or custody of a piece of evidence. The chain of custody is an important part of documenting the evidence collected during an incident response. #A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. If a legal hold notice has been given to the backup service, they will not destroy the old backup tapes until the hold is lifted.
Remote Access VPN (Client-to-Site)
#Clientless SSL VPN using a web browser #SSL or IPsec VPN using Cisco AnyConnect #IPsec VPN remote access.
How is latency effected if microwave radios are up?
Latency will increase with an obstructed microwave line of sight link.
Throttling
Throttling is the intentional slowing or speeding of an internet service by an Internet service provider to regulate network traffic and minimize bandwidth congestion. This again is not a cause of intermittent connectivity, but would instead occur if the microwave link was overutilized beyond its SLA contract limitations. #throttling slows down the speed, and latency slows down speed even further. Split horizon prevents loops.
WPA2-CCMP
WPA2-CCMP is the most secure and provides the required level of confidentiality for this scenario. CCMP stands for Counter Mode CBC-MAC Protocol. CCMP, also known as AES CCMP, is the encryption mechanism that has replaced TKIP, and it is the security standard used with WPA2 wireless networks.
Loopback adapter
#A loopback adapter is a plug that is used to test the physical port or interface on a network device. You will need to insert the loopback adapter into the interface on the CSU/DSU and conduct a self-test of the device by looping back the transmit path to the receive path and the receive path to the transmit path. #A loopback adapter can also be used to test the T1 line by allowing the ISP to conduct a remote diagnosis of the connection between their central office and your demarcation point to ensure it is working properly.
Where would u save data packets being transmitted through the network?
A packet capture tool is used to log and collect data packets being transmitted on a network (wired or wireless) and save them to a packet capture file (pcap) for later analysis.
An interface monitoring tool
An interface monitoring tool would collect data related to performance, bandwidth (utilization), errors and discard rate for a singular interface or switchport.
A small real estate office has about 15 workstations and would like to use DHCP to assign classful IP addresses to each workstation. The subnet only has one octet for the host portion of each device. Which of the following IP addresses could be assigned as the default gateway? a) 192.168.0.1 b) 10.0.0.1 c) 172.16.0.1 d) 169.254.0.1
a) 192.168.0.1
A network technician must allow HTTP traffic from the Internet over port 80 to an internal server running HTTP over port 81. Which of the following is this an example of? a) Port forwarding b) Dynamic DNS c) Static NAT d) Dynamic NAT
a) Port forwarding #Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall.
Difference between OTDR (Optical Domain Reflectometer) and fiber light meter.
#Just like OTDR, a fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located.
Dion Training is trying to connect two geographically dispersed offices using a VPN connection. You have been asked to configure their networks to allow VPN traffic into the network. Which device should you configure FIRST? a) Router b) Firewall c) Modem d) Switch
b) Firewall #You should FIRST configure the firewall since the firewall is installed at the network's external boundary (perimeter). By allowing the VPN connection through the firewall, the two networks can be connected and function as a single intranet (internal network). After configuring the firewall, you will need to verify the router is properly configured to route traffic between the two sites using the site-to-site VPN connection.
A network administrator wants to increase the speed and fault tolerance of a connection between two network switches. To achieve this, which protocol should the administrator use? a) L2TP b) LLDP c) LACP d) LDAP
c) LACP #The Link Aggregation Control Protocol (LACP) provides a method to control the bonding of several physical ports to form a single logical channel. The LACP is defined in the 802.3ad standard.
Which of the following relies on credentials stored and authenticated on the device being used? a) RADIUS b) Certificates c) Local authentication d) Kerberos
c) Local authentication #In case of local authentication, credentials are stored on the device being used ( a local device) and not on the remote server.
When using a Type 1 hypervisor virtualized environment, which of the following hardware types is necessary to connect the VMs to the corporate network? a) VDI b) VNC c) Virtual NIC d) VPN
c) Virtual NIC #A virtual NIC is a type of virtual adapter that can be configured on logical partitions to provide a network interface. This virtual NIC can be paired and mapped to a physical NIC to get the VM onto the network.
You are trying to select the best device to install to proactively stop outside attackers from reaching your internal network. Which of the following devices would be the BEST for you to select? a) Proxy server b) Syslog server c) IDS d) IPS
d) IPS #Stopping outside attacker can only be done by IPS!!!!!!! (Prevention factor!)
NAT
#Operates on the router #Converts private IP addresses to the public IP addresses, and vice versa. #The receiving host only sees the public IP address. #NAT provides an additional layer of security by concealing the entire internal network behind that address. #Basically, the traffic passes through the router and is converted into the public IP address. #Ethernet interface is internal or NAT inside #Serial interface is external or NAT outside. #The administrator must configure a set of rules for translating the IP address in the packet headers.
Dual control
Dual control requires both people to act together. For example, a nuclear missile system uses dual control and requires two people to each turn a different key simultaneously to allow for a missile launch to occur.
Is punchdown tool used for fiber optic cables?
No. A punchdown tool or cable tester is used with twisted-pair copper cables, not fiber optic cables.
Port mirroring
Port mirroring is used on a network switch to send a copy of network packets seen on one switch port to a network monitoring connection on another switch port. #Port mirroring, also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed. In this case, you can connect the packet capture device to the SPAN port (mirrored port) to collect all the network traffic for later analysis.
Key difference between Disaster Recovery Plan and Business Continuity Plan.
The key difference between a DRP and BCP is that a DRP is focused on recovering from a disaster while a BCP is focused on maintaining operations before, during, and after the disaster. Usually, a DRP is a part of an overall BCP.
What's the indication of wrong password while connecting to a network?
The passphrase in a wireless network serves as the password or network security key. If the incorrect passphrase was entered, you will receive an error such as "Network security key mismatch" and the wireless device will be unable to communicate with the wireless access point.
service location protocol (SLP)
The service location protocol (SLP) is a protocol or method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. #This is an alternative protocol to LDAP in newer networks. SLP uses port 427.
Which of the following tools allows you to view and modify the layer 2 to layer 3 address bindings? a) route b) arp c) ipconfig d) netstat
b) arp #The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network. #The netstat command is used to monitor incoming and outgoing connections, routing tables, port states, and usage statistics on a network interface.
VPN concentrator
Used to terminate VPN tunnels.
A DNS record that stores administrative information about a domain or zone is known as: a) NS b) SOA c) CNAME d) SRV
b) SOA
In DNS, a type of query that returns either a valid address or a message indicating that the address cannot be found is known as iterative query. True False
False
What would "adding a deny rule to the firewall's ACL that blocks port 21 outbound do?
Adding a deny rule to the firewall's ACL that blocks port 21 outbound would simply prevent internal network users and servers from accessing external FTP servers. This would in no way prevent the exploitation of the company's FTP server since it has port 21 open and listening for inbound connections.
An access control vestibule Thumbprint reader Cipher lock
An access control vestibule is a physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. #A cipher lock is a lock that is opened with a programmable keypad that is used to limit and control access to a highly sensitive area. Many organizations use cipher locks to control access to their server rooms, development laboratories, or storage rooms.
Which of the following types of backups would back up data that has NOT been changed since the last backup? A) Incremental backup B) Full backup C) System snapshot D) Differential backup
B) Full backup #A full backup resets the archive bit, which is the indicator in file attributes that tells the OS whether or not the file needs to be backed up. When a file is created or modified, the archive bit is "set" or turned on.
Bandwidth Saturation
Bandwidth saturation occurs if too many devices are on one WAN link (Overcapacity!!!)
ISAKMP
ISAKMP is a framework for internet key management that defines procedures for authenticating a communicating peer, creation and management of Security Association key generation techniques.
Cyclic Redundancy Checksum (CRC)
Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network.
Dynamic NAT
Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address.
loopback not set. What does this indicate?
"Loopback not set" indicates that the interface is not in diagnostic mode and should be sending traffic properly instead of sending it to a loopback address or port.
A digital subscriber line (DSL) A leased line
#A digital subscriber line (DSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connection to the Internet. #A leased line is a private telecommunications circuit between two or more locations provided according to a commercial contract, normally over a fiber-optic connection.
Difference between vulnerability scanning and penetration testing
#A penetration test attempts to actively exploit weaknesses in an environment. While a vulnerability scan can be automated, a penetration test requires various levels of expertise. #The person will not attempt to exploit a weakness during vulnerability scanning.
NDA (Non-Disclosure Agreement)
A non-disclosure agreement (NDA) is a documented agreement between two parties that define what data is considered confidential and cannot be shared outside of that relationship. An NDA is used to protect an organization's intellectual property.
A satellite connection
A satellite connection is a wireless connection spread across multiple satellite dishes located both on earth and in space that provides remote areas with valuable access to core networks.
A tone generator
A tone generator is connected to a wall jack and sends a repeating signal over the cable. The probe can then be used to detect which cable is attached to the wall jack by detecting the signal being sent by the tone generator. The probe needs to be near or touch the cable with the tone generator attached to identify it positively.
IP spoofing affects which layer?
Layer 3 or Network layer.
Cat 5e Cat 3 Coaxial cable
#A Cat 5e can only operate up to 100 meters at 1 Gbps. #A Cat 3 cable can only operate at 100 meters at 10 Mbps. #A traditional ethernet coaxial cable network can only operate at 10 Mbps, but newer MoCA coaxial ethernet connections can reach speeds of up to 2.5 Gbps.
Logic Bomb
#A Logic Bomb is a piece of often malicious code that is intentionally inserted into software that is activated upon the host network only when certain conditions are met. #A computer program or part of a program that lies dormant until it is triggered by a specific logical event.
DHCP terms
1) DHCP Lease: a single IP address that is being used by a DHCP client. 2) DHCP option: A parameter that can be used to assign router, DNS server, and other information to DHCP clients. 3) DHCP Scope: A range of possible IP addresses that a DHCP server can assign. 4) DHCP Reservation: An allocation of a single IP address to a MAC address.
logical network diagram
A document that shows the broadcast domains and individual IP addresses for all devices on the network. Only critical switches and routers are shown. A network diagram that documents the protocols and applications that control the flow of network traffic.
STP function
Prevents bridge loops and the broadcast radiation that results from them.
Spectrum
Spectrum refers to the range of frequencies used by a radio transmitter or receiver, such as the 2.4 GHz spectrum which includes frequencies from 2.412 GHz to 2.472 GHz in the United States.
split horizon route advertisement
Split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned.
Purpose of splitting the traffic or split tunnel effect
Splitting the traffic and tunneling only internal traffic #Preserve the bandwidth #Reduce the load on the VPN concentrator. #With split tunnel, the client device splits tunnel to either flow to the corporate network or to the internet connection.
VNC (Virtual Network Computing)
Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it. NOTE: GUI would be for RDP though!!! Maybe in the absence of RDP, VNC might do the same task.
WPA2-TKIP
WPA is weak due to its TKIP implementation, and this weakness is carried over into WPA2-TKIP.
tcpdump tool
The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. While you may be able to identify the services, applications, or operating systems using tcpdump by analyzing the captured packets, tcpdump will not send specifically crafted packets to the devices as it is a passive reconnaissance tool.
In DNS, an authoritative name server is a server that stores DNS record information (it is the actual server that answers DNS queries). A recursive DNS server does not hold any DNS records; it tracks down the IP address for a given hostname by communicating with other DNS servers (acts as an intermediary between a web client sending the DNS query and the authoritative name server). True False
True
In NTP, stratum 0 denotes highest accuracy of the time source (i.e. the reference clock). True False
True
The term "DNS zone transfer" is used to describe the process of copying the contents of a DNS database stored on a primary DNS server to the secondary DNS servers. True False
True
Unified threat management (UTM)
Unified threat management (UTM) provides multiple security features (anti-virus, anti-spam, content filtering, and web filtering) in a single device or network appliance.
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the back-end authentication system supports EAP and TTLS. What should the network administrator implement?
Use 802.1x with PAP. #Because, the backend system supports EAP-TTLS. Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. #WPA2 is a secure method of wireless encryption that relies on the use of a pre-shared key or the 802.1x protocol. In the question, though, it states that the system only supports WPA, therefore WPA2 cannot be used.
VLAN hopping
VLAN hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing.
Dion Training is adding a leased line link between its headquarters in Puerto Rico and its branch office in the Philippines. The organization has purchased a point-to-point network connection using a dedicated T1 circuit to link the locations together. Dion Training has been assigned a Class C scope of 187.15.3.0/24 and needs to an IP address to each end of this T1 connection. What is the correct CIDR notation for the new subnet that will contain this T1 connection in order to accommodate the link while allocating the minimum number of addresses? a) /27 b) /29 c) /28 d) /30
d) /30 #First, you need to determine the number of IP addresses that will be needed. In this scenario, you have a link that requires an IP for each end of the connection, therefore we need two IP addresses. But, every network also needs one IP address for the network and a second IP address for the broadcast. This means you need 4 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). To symbolize a CIDR block with 4 IP addresses, we would use /30, which is 2^2 = 4. NOTE: Each network (in this case, it is just one network coz it's point-to-point, so only 1 broadcast and 1 network id. Making it total of 4 IP addresses.)
You need to deploy a fiber distribution panel for datacenter, remote office or local area networking use. Which of the following features are NOT important for such uses? (Choose all that apply) a) Cable storage b) Cable termination c) Bulkhead adapters and receptacles d) Cable splices e) Support for SFP+ f) Support for GBIC connectors.
e) Support for SFP+ f) Support for GBIC connectors. #A fiber distribution panel doesn't support for SFP+ and for GBIC connectors. These two options represent connectors used at endpoints, such as routers, switches, and network interfaces, not connectors or functions present in FDPs themselves.
Hot site
A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site.
A hub
A hub (also known as a dumb device) connects computers to a network in a star configuration. A hub lacks the features contained in a switch but can be used to connect devices in a local network.
Which suppression methods are recommended for a fire in a facility that involves paper, laminates, and wooden furniture? (Choose two) 1) Halon 2) Water 3) Soda acid 4) Dry powder
2) Water 3) Soda acid #Halon gas has been banned. #Dry powder extinguishes class D fires and is the only suppression method for combustible metals.
3G
3G cellular technology is made up of two different technologies: HSPA+ and EV-DO. #HSPA+ (Evolved High-Speed Packet Access) is a 3G standard used for GSM cellular networks and can support up to a theoretical download speed of 168 Mbps and a theoretical upload speed of 34 Mbps. In the real world, though, HSPA+ normally reaches speeds around 20 Mbps. #EV-DO (Evolution-Data Optimized) is a 3G standard used for CDMA cellular networks and can support up to 3.1 Mbps downloads.
5G
5G cellular technology is made up of three different types: low-band, mid-band, and high-band mmWave technology. Low-band 5G reaches an average speed of 55 Mbps with a theoretical speed of 150 Mbps. Mid-band 5G reaches an average speed of 150 Mbps with a theoretical speed of 1.5 Gbps. High-band 5G reaches an average speed of 3 Gbps with a theoretical speed of up to 70 Gbps.
What is VLAN?
A VLAN is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (layer 2). Each VLAN becomes it's own broadcast domain and this would minimize the total no. of broadcast messages sent to every client on the network.
110 punchdown block
A 110 punchdown block is a type of punch block used to terminate runs of on-premises wiring in a structured cabling system. The designation 110 is also used to describe a type of insulation displacement contact (IDC) connector used to terminate twisted pair cables when using a punch-down tool similar to the older 66 punchdown block. A 110 punchdown block provides more spacing between the terminals and is designed for Cat 5 networks to eliminate crosstalk between the cables.
SOA TXT
A Start of Authority (SOA) resource record indicates which DNS is the best source of information for the specified domain. #The DNS text (TXT) record was originally intended as a place for human-readable notes. However, now it is also possible to put some machine-readable data into TXT records.
A wireless access point
A WAP is a networking device that allows other Wi-Fi devices to connect to a wired network. A WAP operates at the physical layer (layer 1) of the OSI model to extend the wired network into the wireless domain.
Brute-force attack vs. Password spraying
A brute-force attack consists of an attacker submitting every possible combination for a password or pin until they crack it. Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords.
A cable tester
A cable tester is used to ensure a cable is properly created as a patch cable (straight through) or a crossover cable. Cable testers provide detailed information on the physical and electrical properties of the cable. For example, they test and report cable conditions, crosstalk, attenuation, noise, resistance, and other cable run characteristics.
Cold site
A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc.
Trap
A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. #A verbose trap may contain all the information about a given alert or event as its payload. #A granular trap contains a unique object identifier (OID) number and a value for that OID. #A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network.
WMN (Wireless Mesh Network)
A wireless mesh network (WMN) is a wireless network topology where all nodes, including client stations, can provide forwarding and path discovery to improve coverage and throughput compared to using just fixed access points and extenders.
A wireless site survey
A wireless site survey is the process of planning and designing a wireless network to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, and quality of service (QoS). The site survey report will contain a floorplan of the areas surveyed with the wireless coverage areas and signal strengths notated on it.
You have been asked to implement a wireless network in a shared office building in a signal-rich environment. A wireless scan of the environment on your target floor shows you that the 5 GHz frequencies are not widely used in that building. Which of the following 802.11 Wi-Fi networking technologies should you choose in this scenario? (Choose all that apply.) A) 802.11n B) 802.11ax C) 802.11g D) 802.11a E) 802.11b F) 802.11ac
A) 802.11n B) 802.11ax D) 802.11a F) 802.11ac #802.11a, 802.11n, 802.11ac, and 802.11ax can use the 5 GHz frequencies for wireless communications. 802.11a and 802.11ac do not work at the 2.4 GHz frequency, while 802.11n and 802.11ax can transmit on either the 2.4 or 5 GHz bands.
Computer A needs the IP address of Computer B, but Computer A only knows Computer B's FQDN. Which of the following is most likely to contain this information? A) Forward zone B) Reverse zone C) External DNS D) Internal DNS
A) Forward zone #The forward lookup zone is most likely to contain the IP address of Computer B. When comparing forward vs. reverse zones, the forward lookup zone provides the association between devices on a domain and their corresponding IP address.
A forward DNS lookup zone returns a domain name for a given IP address. True False
False
ASN, or Autonomous System Number
An ASN (or Autonomous System Number) is used to control routing with BGP routing protocols to route traffic across the network. #An Autonomous System (AS) is a group of one or more IP prefixes (lists of IP addresses accessible on a network) run by one or more network operators that maintain a single, clearly defined routing policy. Network operators need Autonomous System Numbers (ASNs) to control routing within their networks and to exchange routing information with other Internet Service Providers (ISPs). There are 2-byte and 4-byte ASN variants in use on the internet.
IPS (Intrusion Prevention System) Proxy server
An IPS is an application that monitors and inspects the network and host security activity to identify suspicious patterns. This is an active system. When identifying suspicious or malicious activity, the IPS blocks it at the firewall to prevent damage to the system. An IPS is placed inline with traffic. All traffic must go through the IPS. #Proxy server: A proxy server is a server that acts as an intermediary between a client requesting a resource and the server that provides that resource. A proxy server can be used to filter content and websites from reaching a user.
An implicit deny
An implicit deny is when a user or group is not granted specific permission in the security settings of an object, but they are not explicitly denied either.
Asymmetric digital subscriber line (ADSL)
Asymmetric digital subscriber line (ADSL) is a type of digital subscriber line technology, a data communications technology that enables faster data transmission over copper telephone lines than a conventional voiceband modem can provide.
Which of the following systems would be best isolated on a separate network segment? A) RADIUS B) Kerberos C) legacy systems D) VoIP
C) legacy systems #Network segmentation limits the exposure of these systems and reduces the attack surface by limiting it to only specific groups of users. In addition, you could configure the legacy systems so that they can only be accessed remotely using secure shell (SSH) or some other secure remote access technology.
An administrator would like to test out an open-source VoIP phone system before investing in the associated hardware and phones. Which of the following should the administrator do to BEST test the software?
Create a virtual PBX and connect it to a SIP phone application. #To test out the system before purchasing it, he should connect to a virtual PBX with a SIP phone application and ensure it meets his needs. #Creating a virtual PBX and connecting it to a SIP phone application would allow you to create a small-scale pilot to test the open-source VoIP phone system under real-world conditions.
Dynamic ARP Inspection (DAI)
DAI is a security feature that validates ARP packets in a network. DAI intercepts, logs and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from some man-in-the-middle attacks.
DHCP exhaustion
DHCP exhaustion occurs when the DHCP server runs out of available IP addresses and stops issuing DHCP bindings. In the case when DHCP exhaustion occurs, users won't receive IP addresses and they won't have connectivity at all!!
High availability (HA)
High availability (HA) is a component of a technology system that eliminates single points of failure to ensure continuous operations or uptime for an extended period. Fault tolerance refers to the ability of a system (computer, network, cloud cluster, etc.) to continue operating without interruption when one or more of its components fail.
IP spoofing
IP spoofing is a method of modifying the source address in the packet header to make the receiving computer system think the packet is from a trusted source, such as another computer on a legitimate network, and accept it. In wireless network, IP spoofing will not allow you to reconnect (if you lose connection and have no username and password), since the MAC filtering could block your access before obtaining an IP.
Kerberos is a Single-Sign On (SSO) solution that uses what method to prevent replay attacks?
Kerberos provides mutual authentication that can help prevent man-in-the- middle attacks and uses tickets to help prevent replay attacks. That's why kerberos is used to send data over insecure networks.
LTE-A
LTE Advanced (LTE-A) has a theoretical speed of 300 Mbps and a real-world speed of around 40 Mbps.
LTE
LTE has a theoretical speed of 150 Mbps and a real-world speed of around 20 Mbps.
Link Aggregation Control Protocol (LACP)
Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. #LACP is used to group multiple physical ports into one to improve bandwidth and as a result actual throughput of the network. (NOTE: bandwidth is theoretical and throughput is actual measurement of the maximum rate of a data transfer across a network.)
Metered services
Metered services are pre-paid, a-la-carte, pay-per-use, or committed offerings. A metered service like a database may charge its users based on the actual usage of the service resources on an hourly or monthly basis. For example, Dion Training used the AWS Lambda serverless product in some of our automation. This service charges us $0.20 for every 1 million requests processed.
Modulation
Modulation is the process of varying one or more properties of a periodic waveform, called the carrier signal, with a separate signal called the modulation signal that typically contains information to be transmitted. WiFi can use different digital modulation schemes for data transmission. Common types of modulation include Orthogonal frequency-division multiplexing (OFDM), Quadrature Amplitude Modulation (QAM), and Quadrature Phase-shift keying (PSK).
What happens if devices are kept on the default VLAN?
Moving the interface to the default VLAN can cause a decrease in performance since the default VLAN may be overloaded or oversubscribed. It is a best practice to not put devices into the default VLAN.
The received signal strength indication (RSSI)
RSSI is an estimated measure of the power level that a radio frequency client device is receiving from a wireless access point. If the RSSI is -90dB to -100dB, this indicates an extremely low weak connection and insufficient wireless coverage in which the area the device is operating.
1.100.51.198.in-addr.arpa
PTR record
PAT
Port address translation #NAT overloading #IP address and port number combination. Port number that is under 1024 is a busy port and can't be used.
Private IP address explained!!
Private IP address is also known as non-routable IP address (in this case 192.168.0.1), is not assigned to any organization and does not need to be assigned by an Internet Service Provider (ISPs) Therefore, the 192.168.0.1 could be assigned to the outside local IP address of the router in a Network Address Translation (NAT) based network. 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
WannaCry ransomware was spreading rapidly across the internet
Protect your organization's network by blocking ports 139 and 445 at your firewall to prevent your machines from getting infected over the internet.
High availability provided by HSRP and VRRP
Provides redundant default gateway. Usually, default gateway is configured to only one router, but configuring default gateway in two different routers provide redundancy. This redundancy is provided by either VRRP or HSRP.
SFTP
SFTP (Secure File Transfer Protocol) is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications by leveraging a secure shell (SSH) connection to encrypt the communication between the client and the server. This will prevent an attacker from eavesdropping on the communications between the SFTP server and a client, but it will not prevent an attacker from exploiting the SFTP server itself.
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) is a security protocol developed by Netscape to provide privacy and authentication over the Internet. SSL is application-independent that works at layer 5 [Session] and can be used with a variety of protocols, such as HTTP or FTP. Client and server set up a secure connection through PKI (X.509) certificates.
SIP
Session Initiation Protocol (SIP) uses ports 5060 and 5061, and is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.
Switching loops
Switching loops occur when multiple layer 2 paths to a network cause a switch to flood broadcasts endlessly. This endless broadcast flood is called a "broadcast storm", and it causes severe network congestion. Because the layer 2 header doesn't support a TTL value, if a frame is sent into a looped topology, it can loop forever. STP can be used to prevent these problems on a switched or a bridged network.
System Logging Protocol (Syslog)
System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.
The Remote Authentication Dial-in User Service (RADIUS)
The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request.
A home user ran a bandwidth speed test from their laptop and receive the following results: Ping: 53ms Download speed: 33.3 Mbps Upload speed: 10.2 Mbps Which of the following is the best interpretation of these results?
The laptop received 33.3 Mbps of data and sent data at 10.2 Mbps. NOTE: The laptop had a latency of 53ms during the test. #The laptop received data at 33.3 Mbps when receiving the test file and uploaded the test file back to the server at a speed of 10.2 Mbps.
You typed IPCONFIG at the command prompt and find out your IP is 192.168.1.24. You then go to Google.com and search for "what is my IP," and it returns a value of 35.25.52.11. How do you explain why your computer has two different IP addresses?
This is caused because your gateway is conducting NAT or PAT!!!! #Network Address Translation (NAT) and Port Address Translation (PAT) allow multiple devices on a LAN to be mapped to a single public IP address to conserve IP address.
You are configuring a point-to-point link and want to ensure it is configured for the most efficient use of your limited pool of available public IP addresses. Which of the following subnet masks would be BEST to use in this scenario? a) /30 b) /24 c) /28 d) /29
a) /30 #The most efficient subnet mask for a point-to-point link is actually a /31 subnet, which only provides 2 addresses. This will only work if both routers use a newer routing protocol like OSPF, IS-IS, EIGRP, or RIPv2 (or above). The most widely accepted and used method is to use a /30 subnet consisting of 4 IP addresses. The first is the network IP, the last is the broadcast, and the other 2 IPs can be assigned to the routers on either end of the point-to-point network. For the exam, if you see the option of /30 or /31, remember, they can be used for point-to-point networks.
Exam#4 begins A small law office has a network with three switches (8 ports), one hub (4 ports), and one router (2 ports). Switch 1 (switch port 8) is connected to an interface port (FastEthernet0/0) on the router. Switch 2 (switch port 8) and switch 3 (switch port 8) are connected to Switch 1 (switch ports 1 and 2). The hub has three computers plugged into it on ports 1, 2, and 3. The fourth port on the hub is connected to the router's other interface port (FastEthernet0/1). Based on the configuration described here, how many collision domains are there within this network? a) 4 b) 1 c) 8 d) 2
a) 4 #10 collision domains total. 10-1 (switch 1 connected to router), 9-3 (switch 2 & switch 3 connected to switch 1) , 6-1 (hub & computers), 5-1 (hub connected to router) = 4 #One collision domain for the hub and its clients that are connected to FastEthernet0/1. #There is a second collision domain for the router's other interface (FastEthernet0/0) that is shared with Switch 1 (switch port 8). #There is a third collision domain for the connection between Switch 2 and Switch 1, and a fourth domain for the connection between Switch 3 and Switch 1. #If there were additional clients on any of these switches, each client would also be a part of its own collision domain, but since none were mentioned, we only have 4 collision domains in this network.
A network administrator wants to separate web servers on the network logically. Which of the following network device will need to be configured? a) Switch b) Hub c) IPS d) HIDS
a) Switch #Logical separation of network devices is accomplished by using VLANs which are configured on the network switches.
You have been contracted by Dion Training to conduct a penetration test against its learning management system (LMS). The LMS is a web application that is hosted in the organization's DMZ. Which of the following appliance allow lists should the organization add your source IP in before the engagement begins? a) WAF b) NIDS c) HIDS d) DLP
a) WAF #The learning management system (LMS) is a web application, therefore the source IP of the attacking workstation needs to be added to the web application firewall's allow list to prevent it from being blocked. Adding a source IP address to the allow list will exclude it from ACL rules and other signatures. This prevents an active device, like a web application firewall (WAF), layer 4 firewall, or an intrusion protection system (IPS) from blocking the penetration tester during the assessment.
A wireless AP (access point) located on a table in the middle of a small office area is not producing a strong enough signal for users on the outer perimeter for higher data rates. Determine which of the following options is the most likely reason for this issue. a) Wrong antenna type b) Wrong frequency c) Wrong placement d) Wrong SSID
a) Wrong antenna type #Antennas transmit signals in different ways. For example, an access point (AP) designed for ceiling mounting may produce a stronger signal in a cone directed downwards. The office should install an AP with an outward omnidirectional path with a stronger signal. #It's not location issue because placing the antennae in the middle of a small office is ideal.
Damaris is troubleshooting a WINS connectivity issue on a Windows server. She wants to find out the name of the server she is working on. Which of the following commands should she utilize to display the NetBIOS name of the server? a) hostname b) show config c) arp d) netstat
a) hostname #The hostname command is used to view or change a computer's hostname and domain. On a Windows system, the hostname, computer name, and NetBIOS name are all the same.
You want to configure a firewall and filter packets on a Linux system. Which command would you use? a) iptables b) tcpdump c) nslookup d) ifconfig
a) iptables
Which of the following controls can be used as a deterrent, an authentication method, or documentation? a) Badges b) Video surveillance c) Key fob d) Biometrics
b) Video surveillance #a thing that discourages or intended to discourage someone from doing something.
A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem? a) APIPA has been misconfigured on the VLAN's switch b) The workstation's OS updates have been installed c) The switchport is configured for 802.1q trunking d) The workstation's NIC has a bad SFP module
c) The switchport is configured for 802.1q trunking #If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address.
VLAN
#A VLAN (virtual local area network) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). #Adding a VLAN to a network provides segmentation of the traffic and traffic must be routed between the VLANs. This allows network administrators the opportunity to allow or deny traffic into or out of a given VLAN for additional security by using access control lists.
Port scanner WiFi analyzer IP scanner
#A port scanner is used to determine which ports and services are open, closed or filtered and available for communication on a target system. #WiFi analyzer is used to gather information about the available wireless networks, troubleshoot wireless networking issues, ensure optimal router placement, and identify existing coverage areas. #An IP scanner is used to monitor a network's IP address space in real-time and identify any devices connected to the network. Essentially, the tool will send a ping to every IP on the network and then creates a report of which IP addresses sent a response.
Neighbor Discovery Protocol (NDP)
#A protocol that is part of the IPv6 protocol suite, used to discover and exchange information about devices on the same subnet (neighbors). In particular, it replaces the IPv4 ARP protocol. #The Neighbor Discovery Protocol (NDP) is a parr of IPv6 that operates at the data link layer of the OSI Internet model and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems.
Ring Star Mesh Bus
#A ring topology is a local area network (LAN) in which the nodes (workstations or other devices) are connected in a closed-loop configuration. Ring topologies aren't used heavily in local area networks anymore, but they are still commonly found in wide area network connections as an FDDI ring. An FDDI ring is a Fiber Distributed Data Interface ring, which allows for a network that can communicate up to 120 miles in range, uses a ring-based token network as its basis, and uses two counter-rotating token ring topologies to comprise the single network. This provides redundancy for the network because if one cable is broken or fails, the other can maintain the network operations. The token is used to control which device can communicate on the network, preventing congestion or collisions. #A star topology connects all of the other nodes to a central node, usually a switch or a hub. #A mesh topology connects every node directly to every other node. This creates a highly efficient and redundant network, but it is expensive to build and maintain. #A bus topology uses a single cable which connects all the included nodes and the main cable acts as a backbone for the entire network.
A stateful packet inspection firewall A stateless packet inspection firewall
#A stateful packets inspection firewall monitors the active sessions and connections on a network. The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules. #A stateless packet inspection firewall allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.) NOTE: Neither a stateless not stateful inspection firewall operates at layer 6 or layer 7, so they're not capable of inspecting the contents of the packet to ensure it contains HTTP traffic and not other types of network traffic.
ARP spoofing/poisoning vs. DNS spoofing/poisoning
#ARP spoofing/poisoning is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a LAN. The results in the linking of an attacker's MAC address with the IP address of a legitimate computer, server or a gateway on the network. #DNS spoofing/poisoning is an attack that corrupts the DNS data in the DNS resolver's cache and causes the name server to return an incorrect result record, such as an attacker's IP address instead of the IP of the legitimate server.
In regards to collision domain and broadcast domain, what's the difference between router, switch and hub?
#All devices connected by a hub are in a single collision domain and a single broadcast domain, therefore they must use half-duplex for communication and CSMA/CD. Connects multiple ethernet devices and together and making them act as a single network segment. #Each switchport on a switch is a separate collision domain, but all switchports are in a common broadcast domain. Makes routing decisions based upon MAC addresses. #Each switchport on a router is a separate collision domain and a separate broadcast domain. Makes routing decisions based upon IP addresses.
An access point and multilayer switch uses what type of cable and connector?
#An access point is a wireless device that connects to an existing network using twisted pair copper cables and an RJ-45 connector. #A multilayer switch can use either twisted pair copper cables using an RJ-45 connector or a fiber optic cable using an MTRJ, ST, SC, or LC connector.
An evil twin Rogue access point MAC spoofing
#An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge. #A rogue access point is any access point installed on a network without the network owner's permission. For example, if an employee connected a wireless access point to a wall jack in their office so that they can use their smartphone or tablet, this would be considered a rogue access point. #MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device.
Switchport states (Blocking, Listening, Learning, and Forwarding)
#Blocking: The switchport will go into a blocking state when it receives a BPDU that indicates there is a better path to the root bridge and the switchport itself is not a root port or designated port. #Listening: If the switchport is a root port or designated port, it will then move to a listening state. During the listening state, the switchport will discard any frames it receives. #Learning: When the switchport is in a learning state, it will listen for and process BPDUs it receives and updates its MAC address table. #Forwarding: A switchport in a forwarding state will process BPDUs, update its MAC table, and forward the BPDUs to other switchports. This process will ensure that switching loops are prevented in a network.
Bluejacking Smurfing Multiplexing
#Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptop computers, sending a vCard which typically contains a message in the name field to another Bluetooth-enabled device via the OBEX protocol. #The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. #Multiplexing is a method by which multiple analog or digital signals are combined into one signal over a shared medium to share a scarce resource. Multiplexing is not a type of exploit or attack but is heavily used to increase the bandwidth of wireless networks and fiber optic connections.
Branch offices On-premise
#Branch offices may be limited in terms of low bandwidth, high latency links. This can mean having to install servers to branch locations and replicate data between them and the head office or corporate network. #An on-premises data center does not have any site redundancy and is also likely to suffer from poor performance when accessed by remote offices in different countries.
Difference between cable tester and cable certifier.
#Cable tester is used to verify electrical connections of a twisted pair cable or coaxial cable. For fiber optics, OTDM or fiber light meter is used. OTDM can specify the location of the break, whereas fiber light meter can indicate that there's a break in the fiber optics cable. #Cable certifier is used to test the continuity of a cable and verify that the cable meets it's specifications such as the bandwidth, frequency and length.
arp command
#Can be used in either the Microsoft Windows or the UNIX environment to see what a Layer 2 MAC address corresponds to in a Layer 3 IP address. #The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network.
Network protocol analyzer
#Can't detect active viruses and malware on the network. #Used to determine if passwords are being transmitted in plain text coz protocol analyzers capture packets as they are transmitted on the network. #Protocol analyzers are also called pack sniffers!!!!
IP Helper
#DHCP IP Helper addresses are IP addresses configured on a routed interface such as a VLAN Interface or a routers Ethernet interface that allows that specific device to act as a "middle man" which forwards BOOTP (Broadcast) DHCP request it receives on an interface to the DHCP server specified by the IP Helper address via unicast. Adding an IP Helper address to the new interface on the router will allow the DHCP broadcast requests to be forwarded to the workstations. #This will forward broadcasts for DHCP/BOOTP, TFTP, DNS, TACACS, time of service, and NetBIOS name/datagram service. It will do more than the DHCP relay agent.
ICS/SCADA WLAN
#ICS (industrial control systems) and SCADA (supervisory control and data acquisition systems) are devices and network systems that are used to monitor and manage the manufacturing or industrial process assets of an organization. #A wireless LAN controller is used in combination with the Lightweight Access Point Protocol (LDAP) to manage light-weight access points in large quantities by the network administrator or network operations center.
LC Connector
#LC fiber optic connector is one of the most common types of fiber optic connectors. #commonly used between floors on a building #The LC connector is a small form factor (SFF) connector, which is designed to join LC fibers where a connection or disconnection is required. #Can use both single mode and multi-mode, but preferred single mode. #LC connector is half the size of the traditional SC connector. Therefore it can doubles fiber density in shelves and outlets. #LC connector has an anti-snag latch, which can improve durability and reduce the rearrangement work caused by the cross connection.
Mandatory vacation policies vs. Background check
#Mandatory vacation policies require employees to take time away from their job and detect fraud or malicious activities. #A background check is a process a person or company uses to verify that a person is who they claim to be and provides an opportunity for someone to check a person's criminal record, education, employment history, and other past activities to confirm their validity.
Multiplexing
#Multiplexing is a method by which multiple analog or digital signals are combined into one signal over a shared medium to share a scarce resource. Multiplexing is not a type of exploit or attack but is heavily used to increase the bandwidth of wireless networks and fiber optic connections.
Network Access Control (NAC)
#Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology, the user or system authentication, and network security enforcement. #NAC restricts the data that each particular user can access and implements anti-threat applications such as firewalls, anti-virus software, and spyware detection programs. #NAC also regulates and restricts the things individual subscribers or users can do once they are connected.If a user is unknown, the NAC can quarantine the device from the network upon connection.
Fiber optic cable
#Not affected by electromagnetic interference (EMI), radio frequency interference (RFI) and general electrical interference. #Also, not affected by short circuit, or open circuit. These happen only on copper cables. #Fiber optic cable is not affected by heat like copper cable so boiler room option can be eliminated from questions pertaining to fiber optic cable.
PAT Static NAT Dynamic NAT
#Port Address Translation (PAT) is a type of dynamic NAT that can map multiple private IP addresses to a single public IP address by using port forwarding. #Static NAT (Network Address Translation) is a one-to-one mapping of a private IP address to a public IP address. #Dynamic NAT can be defined as mapping a private IP address to a public IP address from a group of public IP addresses known as the NAT pool. Dynamic NAT establishes a one-to-one mapping between a private IP address to a public IP address.
Resource pooling vs. on-demand
#Resource pooling refers to the concept that allows a virtual environment to allocate memory and processing capacity for a VMs use. #On-demand refers to the fact that a consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
Split Domain Name System (Split DNS)
#Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. #This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet.Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external).
Static routing Dynamic routing Hybrid routing Distance-vector routing
#Static routing is a form of routing that occurs when a router uses a manually configured routing entry, rather than information from dynamic routing traffic. Static routes must be configured and re-routed manually during an issue. #Dynamic routing, (kinda like DHCP) also called adaptive routing, is a process where a router can forward data via a different route or given destination based on the current conditions of the communication circuits within a system. If dynamic routing was used, the router would have automatically routed the traffic to another link or connection on the network. #Hybrid routing is a combination of distance-vector routing. Hybrid routing shares its knowledge of the entire network with its neighbors and link-state routing. If a connection is lost, hybrid routing protocols are dynamic and can adjust the advertised routes automatically. #A distance-vector routing protocol requires that a router inform its neighbors of topology changes periodically. A distance-vector protocol is a form of dynamic routing and would automatically adjust when the fiber connection or link is lost.
Teredo Tunneling
#Teredo tunneling is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network. Tunnels IPv6 packets as IPv4-based UDP messages over port 3544. Allows for tunneling through NAT devices.
802.11 ac or Wi-Fi 5
#The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds.
Control layer Application layer Management plane
#The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. #The application layer focuses on the communication resource requests or information about the network. #The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.
Sequence number
#The sequence number is a mandatory 32-bit field containing an incrementing counter value that supports anti-replay. #32-bit unique number in TCP segment that increases with each segment -- allows receiver to put arriving segments in order
iSCSI Fibre channel FCoE
#iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. It can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval. #Fibre Channel is a high-speed data transfer protocol that provides in-order, lossless delivery of raw block data. It is designed to connect general-purpose computers, mainframes, and supercomputers to storage devices. #Fibre Channel over Ethernet (FcOE) is a computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit Ethernet networks while preserving the Fibre Channel protocol.
Load Balancer Security Functions
- SSL certificate management - URL filtering - Other web application security tasks -Limiting access to restricted portions of a website to certain IP address ranges.
Captive portals
A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a wireless network before they are granted broader access to network resources. #Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other information prior to allowing access to the network and its resources.
A cloud site
A cloud site is a virtual recovery site that allows you to create a recovery version of your organization's enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment. Most cost-effective option!!
Collision domain
A collision domain is a network segment connected by a shared medium or through repeaters where simultaneous data transmissions collide with one another. Hubs do not break up collision domains, but routers and switches do. For each switchport or interface on a switch or router, there is a new collision domain.
community cloud
A community cloud is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third party and hosted internally or externally.
A duplicate MAC address situation
A duplicate MAC address occurs when two or more devices are responding to data requests as if they are the only device on the network with that physical address. One indication of this occurring is when a switch continually changes the port assignments for that address as it updates its content-addressable memory (CAM) table to reflect the physical address and switchport bindings.
FIN Flag
A finish (FIN) flag is used to request that the connection be terminated. This usually occurs at the end of a session and allows for the system to release the reserved resources that were set aside for this connection.
hybrid attack
A hybrid attack merges a dictionary attack and a brute-force attack, but provides keywords from a list to use during the brute-force attack modifying the suffixes or prefixes.
A logical diagram
A logical diagram is used to illustrate the flow of data across a network and is used to show how devices communicate with each other. These logical diagrams usually include the ip addresses, subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments in a given network.
A media converter
A media converter is a networking device that transparently converts Ethernet or other communication protocols from one cable type to another type, such as from copper to fiber or twisted pair to coaxial. A media converter operates at the physical layer (Layer 1) of the OSI model.
A multimeter
A multimeter can measure the voltage, amperage, and resistance of a circuit. A multimeter can be a hand-held device useful for basic fault finding and field service work or a bench instrument that can measure electricity with a high degree of accuracy.
Physical network diagram
A physical network diagram is used to show the actual physical arrangement of the components that make up the network, including cables and hardware.
PDU
A power distribution unit (PDU) is a device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center. PDUs use and distribute the available amperage more efficiently, allowing your equipment to receive the best available power to maintain operation.
Public Cloud
A public cloud contains services offered by third-party providers over the public Internet and is available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing customers to pay only per usage for the CPU cycles, storage, or bandwidth they consume.
SIEM (Security Information and Event Management)
A security information and event management (SIEM) system provides real-time analysis of security alerts generated by applications and network hardware.
A small form-factor pluggable (SFP) transceiver
A small form-factor pluggable (SFP) transceiver is used on routers as a hot-pluggable network interface module, they are not used in workstations.
Why is spectrum analyzer not suitable for fiber optic cables?
A spectrum analyzer is used to measure the radio frequency in use by a network, but fiber optic cables do not use the radiofrequency of electricity and instead use light as its transmission mechanism.
A split-horizon route advertisement
A split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned.
Difference between hub and spoke and "star" topology.
A star topology uses a central point such as a router or switch and then clients connect directly to it from all directions (like a star). If the central point fails, the whole network fails. A hub and spoke is similar in shape to the star topology, but it uses WAN links to connect LANs. So, instead of a central point connecting to individual clients, the hub and spoke would be a central point that connects individual LANs.
Open Short crosstalk ESD
An open is reported when there is no connection between the two ends of a cable or wire. This can occur when a wire or cable is accidentally cut in half. An open is the opposite of a short. A short is an electrical term that is an abbreviation for a short circuit. A short generally means that an unintended connection between two points is allowing current to flow where it should not. In this scenario, the short is caused by the damaged cable in which two or more of the conductors are connected. This has caused the cable to fail and will report as "short" when using a cable tester. Electrostatic discharge is the sudden flow of electricity between two electrically charged objects. Crosstalk is the coupling of voltage to an adjacent line through mutual coupling composed of a mutual inductance, a coupling capacitance, or both. Crosstalk occurs within a twisted pair cable when the pairs become untwisted or no shielding or insulation remains.
You need to copy the traffic from a single port to a different port, but prevent bidirectional traffic on the port. Which switch feature should you use? A PoE B Port mirroring C Trunking D Spanning tree
B) Port mirroring #Port mirroring copies the traffic from a single port to a different or mirror port, but prevents bidirectional traffic on the port. It allows you to view all of the traffic for a single VLAN, no matter the switch where the traffic originates. Local port mirroring only uses ports from the same switch. Remote port mirroring uses ports from multiple switches.
Fibre Channel over Ethernet (FCoE)
Fibre Channel over Ethernet (FCoE) is a method of supporting converged Fibre Channel (FC) and Ethernet traffic on a data center bridging (DCB) network. FCoE encapsulates unmodified FC frames in Ethernet to transport the FC frames over a physical Ethernet network.
Similarity between 802.11n and 802.11ax.
Both can transmit either on the 2.4 or 5 GHz bands. #The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. #The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AX or Wi-Fi 6 uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. #Wi-Fi 6 uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds.
STP prevents which of the following problems? A. Collision domains B. Switching loops C. Broadcast storms D. Routing loops
C. Broadcast storms #The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. A Bridge Protocol Data Unit (BPDU) is used by STP to prevent the bridge loops. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient.
Carrier-sense multiple access with collision avoidance (CSMA/CA)
Carrier-sense multiple access with collision avoidance (CSMA/CA) is a type of network multiple access method that uses carrier sensing, but nodes attempt to avoid collisions by beginning transmission only after the channel is sensed to be idle. CSMA/CA occurs in the background when communicating with a wireless access point and would not prevent the user from authenticating to the captive portal.
Difference between a straight-through cable and a crossover cable.
Crossover cable is used to connect two computers (same devices: router to router, computer to computer) directly together. On the other hand, straight-through cable is used to connect two different devices (for e.g: a switch and a computer. A router and a computer...etc...) #NOTE: if the device such as legacy systems don't support MDIX (Medium Dependent Interface Crossover), then u got to use crossover cable, not straight-through cable.
A server on your network contains several virtual servers. However, the server contains a single NIC. Which statement MOST likely describes the communication from this server? A) It transmits data from multiple MAC addresses. B) It transmits data using IPv6. C) It transmits data using IPv4. D) It transmits data from multiple IP addresses.
D) It transmits data from multiple IP addresses. #When a server contains several virtual servers with a single network interface card (NIC), it is most likely to transmit data from multiple IP addresses. It could also transmit data from a single IP address, but with each virtual server using a different port number.
Which social engineering attack is typically considered the most dangerous? A Trojan horse B Social engineering C Dumpster diving D Physical penetration
D) Physical penetration
Employees must use a combination photo identification and security key card to enter a company office building. What is a secure method of determining whether an employee who lost a key card should be allowed to enter the office building? A) Require employees to sign a log book. B) Require a second key card to gain access to the company data center. C) Allow employees to enter the building without a key card. D) Place digitized photographs of the employees in employee records.
D) Place digitized photographs of the employees in employee records. #Without a secure method of authenticating employees who do not have security key cards, the loss of a key card becomes a potential security risk. Placing photographs in employee records is a secure method of determining whether an employee who lost their key card should be allowed to enter the company office building. A security guard can access a digitized photograph and determine whether to allow an employee to enter the office building. A security guard is a physical security measure.
Your network contains a DHCP server. While performing routine maintenance, you discover that the DHCP server has the following types of options configured: server options, scope options, reserved client options, and class options. Which of these types of options takes precedence? A) class options B) scope options C) server options D) reserved client options
D) reserved client options
A reverse DNS lookup zone is used for finding an IP address associated with a given domain name. True False
False
A type of DNS query that returns either a valid address or a referral to another DNS server that may hold relevant information to the name resolution process is known as recursive query. True False
False
FTP server location in a network
FTP server should be installed in a screened subnet so that additional security mitigations like a web application firewall or application-aware firewall can be used to protect them.
When a company has branch offices that need to communicate with one another, what type of VPN is used?
IPsec Site-to-Site VPN #Need to make sure that all ACLs on devices in the pathway for the IPsec VPN are compatible with IPsec #ISAKMP policy is used here. #IKE : AH HMAC or ESP HMAC for authentication #ESP encryption method #Either transport or tunnel IPsec method. Always verify IPsec VPN!!!
Intermittent connectivity issue
Intermittent connectivity means that the network could have dead zone within it's infrastructure and it could be fixed by adding additional wireless access points (WAPs) to increase the network's wireless coverage.
Load Balancer
Load balancer has to make decisions about routing requests to individual web servers. In the simplest case, known as Round-Robin load balancing, the load balancer simply rotates servers for each request giving each server an equal share. While this approach is simple and may seem fair, it's not always efficient. If one server is more powerful than the others, it can handle a greater load. Also, if a server gets a particularly intense request that requires more CPU time, it may not be able to handle as many other requests. Advanced scheduling algorithms take this into account and monitor server performance using this capacity information to make real time decisions about routing user requests. Some applications require that users return to the same server for future requests to maintain information about sessions. In those cases, individuals users may be assigned to a web server using the load balancer's regular scheduling algorithm, but they may then be assigned an affinity for that server. The load balancer will route all future requests from that user to the same web server to maintain session persistence.
Load balancer problems
Load balancer serve as a single point of failure. Therefore, organizations that adopt load balancing should maintain load balancers in a high availability mode. This involves having two or more load balancers actively handle network traffic and continue to function with diminished capacity if one device fails. There's active-active mode, where both load balancers stay active and hand inbound traffic persistently. In active-passive mode, one is actively handling inbound traffic, while the other just sits around.
load balancing
Load balancing refers to the process of distributing a set of tasks over a set of resources, intending to make their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle. #Used to distribute traffic across multiple sets of devices or connections to increase the overall efficiency of the network and its data processing
Malware beaconing
Malware beaconing is one of the first network related indications of botnet and peer-to-peer (P2P) malware infection. A botnet is a network of computers infected with malicious software that's being controlled by a remote malicious party without the owner's knowledge. #P2P infections indicate malware that is laterally moving to infect one system after another. After malware infects a vulnerable host, it quickly scans the host environment and initiates a command and control (C2) channel with its creator (i.e. the intruder).
A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password have been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all the networking devices, which of the following should the technician do to prevent the password from being sniffed on the network again?
Only allow administrators to access routers using port 22. #Port 22 uses SSH to authenticate a remote computer or user, or in this case, an administrator. Even if the router has been compromised, the new full rights user will not access their new account without the SSH key, which could only be provided by a true administrator. #Telnet should always be disabled for security reasons, and SSH (which uses encryption) should be used instead.
PVC (Polyvinyl Chloride)
PVC (Polyvinyl Chloride) is what your standard Category 5e and Category 6 cable jacket are constructed of. This PVC jacket when burning or smoldering releases hydrochloric acid and dioxin which are both toxic. For this reason, PVC cannot be used in-between the drop ceiling and the standard ceiling.
Reflective DNS attack
Reflective DNS attack is a two step attack when the attacker send requests to multiple DNS servers with a Rogue IP address. When the DNS server replies, it unknowingly floods the targeted victim with responses from DNS requests that it never sent.
You have just replaced a faulty Ethernet cable in a patch panel. Within a few minutes, you find out that users are experiencing slow or no Internet connectivity all over the building. A broadcast storm has begun to occur. After removing the replacement cable, which of the following should you do NEXT?
Review labeling and logical network diagram documentation. #You most likely have plugged the new cable into the wrong port on the patch panel. By reviewing the documentation and labeling, you might see the domain architecture, the strength of user connections, and the relationships in those connections, thereby making it easy to reassign the patch cables corrected. Something has likely been mislabeled, and the replacement of the patch cable was plugged into the wrong port and caused a loop.
Least Privilege vs Separation of Duties
Separation of duties has to do with splitting tasks among employees to reduce the chance of one employee committing fraud. Least privilege is when you only provide employees with the account privileges they need to complete their work.
System life cycle plan
System life cycle plans, also known as life cycle planning, describe the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement.
System life cycle plans
System life cycle plans, also known as life cycle planning, describes the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement.
show interface command
The "show interface" command is used on a Cisco networking device to display the statistics for a given network interface.
show interface show diagnostic
The "show interface" command is used on a Cisco networking device to display the statistics for a given network interface. #The "show diagnostic" command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device.
The Spanning Tree Protocol (STP)
The Spanning Tree Protocol (STP) is responsible for identifying links in the network and shutting down the redundant ones, preventing possible network loops. To do so, all switches in the network exchange BPDU messages between them to agree upon the root bridge. When spanning tree protocol is enabled on a switch, the switchports will go through five port states: blocking, listening, learning, forwarding, and disabled to create a loop-free switching environment.
dig
The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information.
Which cellular technology is compromised of LTE and LTE-A to provide higher data speeds than previous cellular data protocols? a) 4G b) 5G c) WMN d) 3G
a) 4G #4G cellular technology is made up of LTE and LTA-A. Long Term Evolution (LTE) is a packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks.
You are installing a Small Office/Home Office (SOHO) network consisting of a router with 2 ports, a switch with 8 ports, and a hub with 4 ports. The router has one port connected to a cable modem and one port connected to switch port #1. The other 6 ports on the switch each have a desktop computer connected to them. The hub's first port is connected to switch port #2. Based on the description provided, how many collision domains exist in this network? a) 9 b) 3 c) 8 d) 11
a) 9 #Based on the description provided, there are 9 collision domains. Each port on the router is a collision domain (2), each port on the switch is a collision domain (8), and all of the ports on the hub make up a single collision domain (1). But, since one of the ports on the router is connected to one of the switch ports, they are in the same collision domain (-1). Similarly, the hub and the switch share a common collision domain connected over the switch port (-1). This gives us 9 collision domains total: the 8 ports on the switch and the 1 port on the route that is used by the cable modem.
Rick is upset that he was passed over for a promotion. He decides to take revenge on his nemesis, Mary, who got the job instead of him. Rick sets up an on-path attack against Mary's computer by redirecting any layer 2 traffic destined for the gateway to his computer first. Rick is careful only to affect the traffic associated with Mary's computer and not the entire network. Which type of on-path attack is Rick conducting against Mary? a) ARP poisoning b) MAC spoofing c) Evil twin d) IP spoofing
a) ARP poisoning #ARP poisoning (also known as ARP spoofing) is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network.This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. By conducting an ARP spoofing, Rick can poison the cache and replace Mary's computer's MAC address and IP binding association with his own, allowing him to complete an on-path attack between Mary and the default gateway.
Which of the following policies or plans would dictate which types of websites should be added to the proxy server's content filter within an organization? a) Acceptable User Policy b) Password Policy c) Data Loss Prevention Policy d) Remote Access Policy
a) Acceptable User Policy #(AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used.
Which of the following must be added to a VLAN's gateway to improve the security of the VLAN? a) Access control list b) Split horizon c) Spanning tree protocol d) Hold down timer
a) Access control list #An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules.
Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line? a) Analog modem b) DOCSIS modem c) Multilayer switch d) Access point
a) Analog modem #An analog modem is a device that converts the computer's digital pulses to tones that can be carried over analog telephone lines and vice versa. #DSL is the other type of Internet connection that uses an RJ-11 connection to a phone line. #A DOCSIS modem is a cable modem and would require a coaxial cable with an F-type connector.
Which of the following communication types are used in IPv6 to send a packet to the nearest interface that shares a common address in a routing table? a) Anycast b) Unicast c) Broadcast d) Multicast
a) Anycast #An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the "nearest" interface having that address, according to the router's routing table.
Your company wants to create highly available datacenters. Which of the following will allow the company to continue maintaining an Internet presence at all sites if the WAN connection at their own site goes down? a) BGP b) VRRP c) Load balancer d) OSPF
a) BGP #If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available. Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol.
What state is the switchport with the LEAST desirable path placed by the spanning tree protocol when a switch has multiple paths to reach the root bridge? a) Blocking b) Forwarding c) Learning d) Listening
a) Blocking #The spanning tree protocol supports four different states on any given switchport. The switchport will go into a blocking state when it receives a BPDU that indicates there is a better path to the root bridge and the switchport itself is not a root port or designated port.
Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue? a) C:\windows\system32>nbstat -R b) C:\windows\system32>route print c) C:\windows\system32>nslookup d) C:\windows\system32>ipconfig /flushdns
a) C:\windows\system32>nbstat -R #Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the "nbtstat -R" command to purge and reload the cached name table from the LMHOST file on their Windows workstation.
Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on? (SELECT TWO) a) GPS location b) NAC c) Port security d) Geo-IP
a) GPS location b) NAC #NAC is used to identify an endpoint's characteristics when conducting network authentication. The GPS location of the device will provide the longitude and latitude of the user, which could be compared against the GPS coordinates of the building.
A network engineer is evaluating the computer security of the system's ability to store, transmit, and process data in a manner that is available for authorized parties to view it, that the integrity of the data is stored as intended, and that the information is handled under confidentiality. What is the name of the triad used to secure data? a) CIA b) 802.1X c) SIEM d) Network access control
a) CIA #The (CIA) triad is one of the foundational principles of computer security. The systems used to store, transmit, and process data must demonstrate three confidentiality, integrity, and availability properties. #(SIEM) is a security control designed to integrate vulnerability and threat assessment efforts through automated collection, aggregation, and log data analysis. #IEEE 802.1X Port-based Network Access Control (NAC) protocol provides the means of using an EAP method when a device connects to an Ethernet switch port, wireless access point, or VPN gateway.
A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. Which of the following is MOST likely the cause of the connectivity issue? a) Cable short b) Bad power supply c) Attenuation d) Misconfigured DNS
a) Cable short #Use a cable tester to verify it is indeed a cable short or break. Attenuation in this case is not valid because he moved the desk just a few feet (10 -15 feet) away, which is not a huge distance to cause attenuation.
An electrician creates several cat 6 cables to connect new computers to a network at a small company. The IT staff discovers that two cables do not work properly due to faulty crimping. Of the available methods to inspect the cables, which of the following should the IT staff utilize to find cables that do not work? a) Cable tester b) Spectrum analyzer c) Packet sniffer d) Tone generator
a) Cable tester #A cable tester provides detailed information on the physical and electrical properties of a cable. A cable tester can be used to check that the cable pins are functioning properly.
Dion Training's network is using OSPF for the internal routing protocol. One of the interfaces connected to the internet is congested. The data is going out to the internet slowly, but is frequently queued by the router prior to sending due to the congestion and lower than normal speeds. You entered the "show interface" command and received the following output: (Refer to the diagram) Which of the following actions would best resolve this issue? a) Change the duplex setting from half to full b) Assign a public IP address to the interface c) Modify the CIDR notation to a classful subnet mask d) Set the loopback address as 127.0.0.1
a) Change the duplex setting from half to full #Based on the output provided, the interface is set to half-duplex. Since there are no errors, collisions, or resets, the interface appears to be connected directly to another switchport or interface in their own collision domain. Therefore, the duplex can be set to full duplex and this will effectively double the throughput on this interface.
A network engineer needs to purchase a cost-effective solution for data storage that allows for sustained hot site redundancy. What would be the best site for this requirement? a) Cloud Site b) NIC teaming c) FHRP d) RTO
a) Cloud Site #For many companies, the most cost-effective solution is to move processing and data storage to a cloud site. A cloud site allows sustained hot site redundancy, which enables versatile use of a network without maintaining a series of physical servers.
Which of the following type of sites would be used if your organization plans to switch to teleworking and remote operations in the event of a disaster? a) Cloud site b) Hot site c) Cold site d) Warm site
a) Cloud site #A cloud site is a virtual recovery site that allows you to create a recovery version of your organization's enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment. #Remeber that warm site has equipped server data but no customer data. #A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc.
An employee at Dion Training reports that half of the marketing department is currently unable to access any network resources. A network technician determines that the switch has failed and needs replacement. Which of the following is required so that the technician can replace the switch and regain connectivity quickly? a) Configuration backup b) Router image c) VLAN configuration d) Network diagram
a) Configuration backup #Most large enterprise networks will use the same models of switches across much of the network. This allows them to keep spare switches on-site to use as replacements if a production switch fails. By maintaining a configuration backup of each production switch, it allows a network technician to remove the fault switch, install the new switch, and reload the configuration backup to the new switch. Using this method, a skilled network technician can restore a network switch within just a few minutes. NOTE: VLAN configuration is helpful, but it will not expedite the recovery like a configuration backup will. Router image in this case was useless, coz the issue occurred in the switch.
A network technician is diligent about maintaining all system servers at the most current service pack level available. After performing upgrades, users experience issues with server-based applications. Which of the following should be used to prevent issues in the future? a) Configure a test lab for updates b) Configure a honeypot for application testing c) Virtualize the servers and take daily snapshots d) Configure an automated patching server.
a) Configure a test lab for updates #To prevent the service pack issues, make sure to validate them in a test/lab environment first before going ahead and applying a new Service Pack in your production environment. While using an automated patching server is a good idea, no patches should be deployed before being tested in a lab first.
Stella, a web developer, has asked for your assistance in troubleshooting her latest website. When she attempts to connect to the web server as a user, the web browser issues a standard HTTP request to the server but continually receives a timeout response in return. You decide to capture the entire TCP handshake between her workstation and the webserver to better troubleshoot this issue. Which of the following tools would BEST allow you to capture and review the HTTP request and response between the client and the webserver? a) Protocol analyzer b) Tone generator c) Spectrum analyzer d) Port scanner
a) Protocol analyzer #A protocol analyzer is used to capture network traffic on a network and display it for analysis. A protocol analyzer, like Wireshark, can capture the entire network packet as it transits the network and display it according to the different layers of the OSI model.
Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera's security concerns? (Select TWO) a) Configure the thermostat to use a segregated part of the network by installing it into a screened subnet b) Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password c) Configure the thermostat to use the WEP encryption standard for additional confidentiality d) Enable two-factor authentication on the device's website (if supported by the company) e) Upgrade the firmware of the wireless access point to the latest version to improve the security of the network f) Disable wireless connectivity to the thermostat to ensure a hacker cannot access it.
a) Configure the thermostat to use a segregated part of the network by installing it into a screened subnet b) Configure the thermostat to connect to the wireless network using WPA2 encryption and a long, strong password #The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network. While enabling two-factor authentication on the device's website is a good practice, it will not increase the IoT device's security.
Which of the following answers refer to the layers that can be found in the three-tiered datacenter network architecture model? (Select 3 answers) a) Core layer b) Distribution/aggregation layer c) Application layer d) Infrastructure layer e) Access/edge layer
a) Core layer b) Distribution/aggregation layer e) Access/edge layer
Which communication technology would MOST likely be used to increase bandwidth over an existing fiber-optic network by combining multiple signals at different wavelengths? a) DWDM b) LACP c) FCoE d) ADSL
a) DWDM #Dense wavelength-division multiplexing (DWDM) is a high-speed optical network type commonly used in MANs (metropolitan area networks). DWDM uses as many as 32 light wavelengths on a single fiber, where each wavelength can support as many as 160 simultaneous connections.
A third-party vendor has just released patches to resolve a major vulnerability. There are over 100 critical devices that need to be updated. What action should be taken to ensure the patch is installed with minimal downtime? a) Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and then immediately install it in the production environment b) Test the patch in a lab environment and then install it in the production network during the next scheduled maintenance c) Configure endpoints to automatically download and install the patches d) Download and install all patches in the production network during the next scheduled maintenance period.
a) Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and then immediately install it in the production environment #Patches should always be tested first. Once successfully tested, deployment to the production environment can then be accomplished.
A technician is called to investigate a connectivity issue to a remote office connected by a fiber optic cable. Using a light meter, it is determined that there is excessive dB loss. The installation has been working for several years. The switch was recently moved to the other side of the room and a new patch cable was installed. Which of the following is most likely the reason for the excessive dB loss? a) Dirty connectors b) Distance limitations c) Bend radius limitations d) Wavelength mismatch
a) Dirty connectors #When fiber optic connectors become dirty, signal loss can cause severe problems and performance issues. Something as simple as oil from a technician's hand can render a fiber connector dirty and cause a loss of signal. #Multimode fibers use 850 or 1300 nanometer wavelengths, whereas single-mode fibers use 1550 nanometer wavelengths. It is unlikely that the wrong patch cable was used as most organizations only implement a single type of fiber infrastructure to minimize the number and type of cables needed to support them.
Which of the following policies or plans would dictate how an organization would respond to a fire that left their office building unusable for the next 3 months? a) Disaster recovery plan b) Incident response plan c) System life cycle plan d) Business Continuity plan
a) Disaster recovery plan #A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber-attacks, and other disruptive events.
Dion Training is concerned with the threat of an attacker modifying the MAC address to IP bindings within the local area network. Which of the following could be enabled on the company's network to prevent this from occurring? a) Dynamic ARP inspection (DAI) b) Private VLAN c) DHCP snooping d) Router advertisement guard
a) Dynamic ARP inspection (DAI) #Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. #The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform.
A network administrator needs to upgrade a switch firmware remotely. The firmware bits must be transferred over the local area network (LAN) with or without encryption. Which of the following options is connection-oriented and guarantees delivery in this manner? (Select all that apply.) a) FTP b) SFTP c) TFTP d) Telnet
a) FTP b) SFTP d) Telnet #FTP (File Transfer Protocol) is a connection-oriented protocol. It uses Transmission Control Protocol (TCP) port 20 for data connection and TCP port 21 as a control port. TCP provides a connection-oriented, guaranteed method of communication. #SFTP or File Transfer Protocol over Secure Shell (SSH) provides a secure channel for transferring file. SSH also operates over TCP 22. #Telnet is terminal emulation software to support a remote connection to another computer. It uses TCP port 23.
A malicious user is blocking cellular devices from connecting to the Internet whenever they enter the coffee shop. If they get their coffee to go and walk at least a block away from the coffee shop, their smartphones will connect to the Internet again. What type of network attack is the malicious user performing? a) Frequency jamming b) On-path attack c) Blocklisting IP addresses in the ACL d) Spoofing
a) Frequency jamming #Frequency jamming is one of the many exploits used to compromise a wireless environment. #Frequency jamming is the disruption of radio signals through the use of an over-powered signal in the same frequency range. It works by denying service to authorized users as legitimate traffic is jammed by the overwhelming frequencies of illegitimate traffic.
You are trying to connect to a router using SSH to check its configuration. Your attempts to connect to the device over SSH keep failing. You ask another technician to verify that SSH is properly configured, enabled on the router, and allows access from all subnets. She attempts to connect to the router over SSH from her workstation and confirms all the settings are correct. Which of the following steps might you have missed in setting up your SSH client preventing you from connecting to the router? a) Generate a new SSH key b) Change default credentials c) Perform file hashing d) Update firmware
a) Generate a new SSH key #When configuring your SSH connection, you must ensure that a key is established between your client and the server. If you never set up an SSH key, you will need to generate a new key to get SSH to connect properly. Since the other technician was able to connect on her machine, we can rule out a SSH server issue, so it must be an issue with your account or client.
An online company is seeing a quick customer growth in the utilization of custom online services. The company has forecasted a 300% increase of customer usage during the summer and currently cannot support this. What cloud solutions should the company consider when providing ongoing services to its customers? (Select all that apply.) a) IaaS b) SaaS c) Private model d) Hybrid model
a) IaaS d) Hybrid model #Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly. Company virtual machines can easily be moved to the cloud infrastructure during the peak season. #A hybrid cloud model provides the ability for the company to elastically move service from private to cloud infrastructure, and vice versa. This makes on-demand services cost effective.
An analyst reviews the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC control system. The open wireless network must remain openly available so that visitors can access the internet. How can this type of attack be prevented from occurring in the future? a) Implement a VLAN to separate the HVAC control system from the open wireless network. b) Enable NAC on the open wireless network. c) Install an IDS to protect the HVAC system d) Enable WPA2 security on the open wireless network.
a) Implement a VLAN to separate the HVAC control system from the open wireless network. #A VLAN is useful to segment out network traffic to various parts of the network and stop someone from the open wireless network from logging to the HVAC controls.
A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address? a) Implement a split-horizon or split-views DNS b) Adjust the ACL on the firewall's internal interface c) Place the server in a screened subnet or DMZ d) configure the firewall to support dynamic NAT
a) Implement a split-horizon or split-views DNS #Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks.
You are troubleshooting a network connectivity issue on a student's workstation at Dion Training. You check the details for the 802.11ac wireless network interface card and it reports the current RSSI level is -95 dB. Which of the following issues would cause this RSSI level? a) Insufficient wireless coverage b) Encryption protocol mismatch c) Incorrect passphrase d) Wrong SSID
a) Insufficient wireless coverage #The received signal strength indication (RSSI) is an estimated measure of the power level that a radio frequency client device is receiving from a wireless access point. If the RSSI is -90dB to -100dB, this indicates an extremely weak connection and insufficient wireless coverage in which the area the device is operating.
The local electric power plant contains both business networks and ICS/SCADA networks to control their equipment. Which technology should the power plant's security administrators look to implement first as part of configuring better defenses for the ICS/SCADA systems? a) Intrusion Detection system b) Automated patch deployment c) Log consolidation d) Anti-virus software.
a) Intrusion Detection system #Since this question is focused on the ICS/SCADA network, the best solution would be implementing an Intrusion Prevention System. ICS/SCADA machines utilize very specific commands to control the equipment and to prevent malicious activity. You could set up strict IPS rules to prevent unknown types of actions from being allowed to occur.
Your network contains several VLANs. What is a benefit of using this technology? a) It allows networks to be segmented logically without being physically rewired. b) It allows users from different segments to communicate with each other. c) It connects small networks together to form a single large network. d) It allows users on a LAN to communicate with remote networks.
a) It allows networks to be segmented logically without being physically rewired.
An organization wants to choose an authentication protocol that can be used over an insecure network without implementing additional encryption services. Which of the following protocols should they choose? a) Kerberos b) TACACS+ c) PAP d) RADIUS
a) Kerberos #The Kerberos protocol is designed to send data over insecure networks while using strong encryption to protect the information. RADIUS, TACACS+, and PAP are all protocols that contain known vulnerabilities that would require additional encryption to secure them during the authentication process.
An administrator is told they need to set up space in the breakroom where employees can relax. So, the administrator sets up several televisions with interconnected video game systems in the breakroom. What type of network did the administrator set up? a) LAN b) WAN c) MAN d) CAN
a) LAN #Since this gaming network is within one room, it is considered a LAN. A local area network (LAN) connects computers within a small and specific area geographically. #(CAN) is a computer network that spans a limited geographic area. CANs interconnect multiple local area networks (LAN) within an educational or corporate campus.
You have changed the IP address scheme for two of your company's networks. In addition, the names of two servers have changed. Which change management documentation should you revise? a) Logical network diagram b) Wiring schematic c) Physical Network diagram. d) Network baseline.
a) Logical network diagram #Physical network diagram includes cable lengths and types, server names, server roles, network equipment locations, and no. of network users. #In logical network diagram, protocols used is shown. Also, data flow.
You are having lunch at a local restaurant which has free Wi-Fi for its customers. There is not a captive portal and there is no password needed to connect to the network, but the restaurant has an automated method of disconnecting users after 30 minutes. As you are eating your lunch, you notice that 30 minutes have passed, but you want to reconnect to the wireless network. Which of the following techniques would allow you to reconnect? a) MAC spoofing b) IP spoofing c) Brute-force attack d) Dictionary attack
a) MAC spoofing #MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. Public wireless networks can be configured to use MAC filtering to block access to devices once they reach a certain time limit. It appears that after 30 minutes, the restaurant's wireless access points are adding your MAC address to the block list. If you change your MAC address through MAC spoofing, you can reconnect to the network for another 30 minutes without any issues. #Since the wireless network provides the IP address, IP spoofing would not successfully allow you to reconnect since the MAC filtering would block your access before obtaining an IP.
Which of the following types of agreements is a non-legally binding document used to detail what common actions each party intends to perform? a) MOU b) SLA c) AUP d) NDA
a) MOU #MOU is a non-binding agreement between two or more organizations to detail what common actions they intend to take.
Which type of wireless technology are OFDM, QAM, and QPSK examples of? a) Modulation b) RF interference c) Frequency d) Spectrum
a) Modulation #Modulation is the process of varying one or more properties of a periodic waveform, called the carrier signal, with a separate signal called the modulation signal that typically contains information to be transmitted.
You are troubleshooting a cable modem for a home user's network. The connection speeds are much lower than you expected. You suspect the coaxial cable between the wall jack and the cable modem is faulty. Based on your research, a coaxial cable used in data networks should have an impedance of 50 ohms. Which of the following tools should you use to measure the resistance of the coaxial cable? a) Multimeter b) Spectrum analyzer c) Cable certifier d) Cable tester
a) Multimeter #A multimeter is a measuring instrument that can measure the voltage, resistance, and amperage of a cable or conduit. To test this cable, you should set the multimeter to resistance and connect one of the multimeter's leads to each end of the coaxial cable to determine the resistance as measured in ohms.
An organization has hired you to upgrade its wired computer network. The network currently uses static routing for the internal network, but the organization wants to reconfigure it to use a dynamic routing protocol. The new dynamic routing protocol must support both IPv4 and VLSM. Based on the requirements provided, which of the following routing protocols should you enable and configure? a) OSPF b) VRRP c) HSRP d) RIPv1
a) OSPF #Only OSPF supports IPv4 and VLSM (Variable Length Subnet Mask)!! #(OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP). #While RIPv1 does not support VLSM, RIPv2 does support VLSM only!!! RIPv2 doesn't support both.
What tool would a network technician use to troubleshoot a span of single-mode fiber cable? a) OTDR b) Punchdown tool c) Spectrum analyzer d) Cable tester
a) OTDR #An optical time-domain reflectometer (OTDR) is an optoelectronic instrument used to characterize an optical fiber. An OTDR is the optical equivalent of an electronic time-domain reflectometer. NOTE: A fiber light meter would also be a good option to test a fiber cable. #A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located.
Which of the following concepts is the MOST important for a company's long-term health in the event of a disaster? a) Off-site backups b) Implementing an acceptable use policy c) Uninterruptible power supplies d) Vulnerability scanning
a) Off-site backups #In case of a disaster, you must protect your data. Some of the most common strategies for data protection include backups made to tape and sent off-site at regular intervals or the use of cloud-based backup solutions. #All of the other options are good, too, but the MOST important is a good backup copy of your company's data.
A user's smartphone is displaying text in other languages in their web browser when accessing the company's main website. Which of the following is the MOST likely cause of the issue? a) On-path attack b) Denial of service attack c) De-authentication attack d) Reflective DNS attack
a) On-path attack #On-path attack (previously known and man-in-the-middle attack) is when a perpetuator positions himself in between a conversation, either to eavesdrop or impersonate one of the parties, making it appear as if the normal conversation is occurring.
You are currently troubleshooting a network connection error. When you ping the default gateway, you receive no reply. You checked the default gateway, and it is functioning properly, but the gateway cannot connect to any of the workstations on the network. Which of the following layers could be causing this issue? a) Physical b) Transport c) Presentation d) Session
a) Physical #Ping requests occur at layer 3 (Network Layer). Therefore, the problem could exist in layer 1 (physical), layer 2 (data link), or layer 3 (network). Since Physical (layer 1) is the only choice from layers 1-3 given, it must be the correct answer. Also, since the gateway cannot reach any of the other devices on the network, it is most likely a cable (physical) issue between the gateway and the network switch.
Which of the following types of network documentation would provide a drawing of the network cabling imposed over the floorplan for an office building? a) Physical network diagram b) Site survey report c) Logical network diagram d) Wiring diagram
a) Physical network diagram #A physical network diagram is used to show the actual physical arrangement of the components that make up the network, including cables and hardware. #A wireless site survey is the process of planning and designing a wireless network to provide a wireless solution that will deliver the required wireless coverage, data rates, network capacity, roaming capability, and quality of service (QoS). The site survey report will contain a floorplan of the areas surveyed with the wireless coverage areas and signal strengths notated on it.
Your manager suspects that your network is under attack. You have been asked to provide information regarding traffic flow and statistical information for your network. Which tool should you use? a) Protocol analyzer b) Vulnerability test c) Port scanner d) Penetration test
a) Protocol analyzer
You are working as a network technician and need to create several Cat 5e network cables to run between different computers and the network jacks on the wall. The connections between the switch, the patch panel, and the wall jacks have already been installed and tested. Which of the following tools would NOT be necessary to complete this task? a) Punchdown tool b) Cable stripper c) Cable crimper d) Wire stripper
a) Punchdown tool #A punchdown tool is used to connect a network cable (such as Cat 5e) to a patch panel, 110-block, or the inside portion of a wall jack, therefore it is not needed for this task.
Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue? a) RADIUS b) SSL certificates c) WPA2 security key d) CSMA/CA
a) RADIUS #Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.
Mark is setting up a DHCP server on a segment of the corporate LAN. Which of the following options is NOT required in the DHCP scope to allow hosts on that LAN segment to be assigned a dynamic IP address and still be able to access the Internet and internal company servers? a) Reservations b) DNS servers c) Default gateway d) Subnet mask
a) Reservations #The DHCP must provide an IP address, subnet mask, default gateway, and DNS server to each client to effectively access the Internet. Using DHCP reservations is not required to be configured to meet the requirements provided in the question. DHCP reservations allow the DHCP server to pre-set an IP address to a specific client based on its MAC address.
You are trying to select the BEST network topology for a new network based on the following requirements. The design must include redundancy using a minimum of two cables to create the network. The network should not be prone to congestion, therefore each device must wait for its turn to communicate on the network by passing around a token. Which of the following topologies would BEST meet the client's requirements? a) Ring b) Star c) Mesh d) Bus
a) Ring
Syed is developing a vulnerability scanner program for a large network of sensors to monitor his company's transcontinental oil pipeline. What type of network is this? a) SCADA b) SoC c) BAS d) CAN
a) SCADA #Sensors is the key word here. #SCADA (supervisory control and data acquisition) networks work off an ICS (industry control system) and maintain sensors and control systems over large geographic areas.
Which DNS record specifies a host and port information that allow to find specific services on a network? a) SRV b) NS c) PTR d) DKIM
a) SRV
What benefit does network segmentation provide? a) Security through isolation b) High availability through redundancy c) Link aggregation d) Port mirroring
a) Security through isolation #Network segmentation in computer networking is the act of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for increasing performance and improving security through isolation.
What application can define policy decisions on the control plane? a) Software Defined Networking (SDN) b) Network Controller c) Distributed switching d) Storage Area Network (SAN)
a) Software Defined Networking (SDN) #A Software Defined Networking (SDN) application, or suite of applications, can be used to define policy decisions on the control plane. #The decisions that are defined by the SDN are implemented on the data plane by a network controller application. The network controller application interfaces with the network devices using Application Programming Interfaces (APIs). #(SD-WAN) replaces hub and spoke type designs with more efficient, but still secure, connectivity to corporate clouds with less of the expense associated with provisioning an MPLS service to each remote location.
Sahra connects a pair of switches using redundant links. When she checks the link status of the two ports, one of them is not active. She changes the inactive link to another switchport, but the second link still remains inactive. What MOST likely is causing the second link to become disabled? a) Spanning tree b) SSID mismatch c) IGRP routing d) Port mirroring
a) Spanning tree #STP is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge and the broadcast radiation that result from them. If STP detects a switching loop being created by the redundant connection, it will disable the switchport automatically.
You are troubleshooting a point-to-point microwave link between two buildings that is supposed to operate at 1800 MHz. You suspect there is an issue with the frequency as it is transmitted or received. Which of the following tools would you use to observe the frequency as it is transmitted or received? a) Spectrum analyzer b) WiFi analyzer c) Time-domain reflectometer (TDR) d) Tone generator
a) Spectrum analyzer #A spectrum analyzer is used to measure the magnitude of an input signal's frequency. #A WiFi analyzer is used to gather information about the available wireless networks, troubleshoot wireless networking issues, ensure optimal router placement, and identify existing coverage areas.
Company policies require that all network infrastructure devices send system-level information to a centralized server. Which of the following should be implemented to ensure the network administrator can review device error information from one central location? a) Syslog server b) TACACS+ server c) Single sign on d) Wifi analyzer
a) Syslog server #System Logging Protocol (Syslog) uses port 514, and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions.
Your company wants to develop a voice solution to provide 23 simultaneous connections using VoIP. Which of the following technologies could BEST provide this capability? a) T1 b) DSL c) DOCSIS d) POTS
a) T1 #A T1 can transmit 24 telephone calls at a time because it uses a digital carrier signal (DS-1). DS-1 is a communications protocol for multiplexing the bit streams of up to 24 telephone calls simultaneously. #POTS is the Plain Old Telephone System, and provides only a single phone connection at a time.
Dion Training's network technicians are about to upgrade a Cisco 3900-series router, but they first want to create a copy of the router's configuration and IOS files to serve as a backup. Which of the following tool should the technicians utilize? a) TFTP server b) traceroute c) show route d) tcpdump
a) TFTP server #A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices.
Which of the following encryption types was used by WPA to better secure wireless networks than WEP? a) TKIP b) AES c) IV d) CCMP
a) TKIP #WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme.
You are scanning a target as part of a penetration test. You discovered that the network uses Snort configured as a network-based IDS. Which of the following occurs when an alert rule has been matched in Snort during your scan? a) The entire packet will be evaluated until all of the IDS alert rules have been checked and the packet is allowed to continue its journey. b) The packet matching the rule will be dropped and the IDS will continue scanning new packets. c) The source IP address will be blocked and its connection with the network terminated. d) The IDS will send an alert, stop checking the rest of the rules, and allow the packet to continue its journey.
a) The entire packet will be evaluated until all of the IDS alert rules have been checked and the packet is allowed to continue its journey. #If Snort is operating as an IDS, it will not block the connection or drop the packet. Instead, Snort will evaluate the entire packet and check all the alert rules, logging any matches it finds, and then allow it to continue onward to its destination.
A technician installs three new switches to a company's infrastructure. The network technician notices that all the switchport lights at the front of each switch flash rapidly when powered on and connected. After about a minute, the switches return to normal operation. Additionally, there are rapidly flashing amber lights on the switches when they started up the next day. What is happening to the switches? a) The switches are running through their spanning tree process b) The switches are connected and detected a spanning tree loop c) The switches are not functioning properly and need to be disconnected. d) The switches are having problems communicating with each other.
a) The switches are running through their spanning tree process #The switch port lights flashing is indicating that the switch is performing the spanning tree process.
What is used to define how much bandwidth can be used by various protocols on the network? a) Traffic shaping b) Fault tolerance c) High availability d) Load balancing
a) Traffic shaping #Traffic shaping, also known as packet shaping, is the manipulation and prioritization of network traffic to reduce the impact of heavy users or machines from affecting other users. Traffic shaping is used to optimize or guarantee performance, improve latency, or increase usable bandwidth for some kinds of packets by delaying other kinds.
A technician has installed an 802.11n network, and most users can see speeds of up to 300Mbps. A few of the users have an 802.11n network card but cannot get speeds higher than 108Mbps. What should the technician do to fix the issue? a) Upgrade the WLAN card driver b) Install a vulnerability patch c) Upgrade the OS version to 84-bit d) Rollback the firmware on the WLAN card
a) Upgrade the WLAN card driver #Wireless N networks can support up to 600Mbps with the network cards' proper software drivers. Without them, they can only achieve 108Mbps since they cannot communicate with the increased data compression rates.
Which of the following components is used by an agent to send a complete set of key-pair values about a significant event or condition that is occurring in real-time by providing a full list of variables and values for a given device to a manager? a) Verbose trap b) OID c) MIB d) Granular trap
a) Verbose trap #A verbose trap may contain all the information about a given alert or event as its payload. #A granular trap contains a unique object identifier (OID) number and a value for that OID. #A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network.
You have just received an email regarding a security issue detected on the company's standard web browser. Which of the following should you do to fix the issue? a) Vulnerability patch b) OS update c) Firmware update d) Driver update
a) Vulnerability patch #Since there is a security issue with the current web browser, it most likely needs to be updated with a manufacturer's vulnerability patch. A vulnerability patch is a piece of software that fixes security issues.
You have implemented a new 802.11b 2.4-GHz WLAN. Which of the following devices can cause interference with this network? (Choose all that apply.) a) microwave ovens b) cordless phones c) electrical wiring d) cable TV cabling
a) microwave ovens b) cordless phones
You just started work as a network technician at Dion Training. You have been asked to check if DHCP snooping has been enabled on one of the network devices. Which of the following commands should you enter within the command line interface? a) show config b) show route c) show diagnostic d) show interface
a) show config #The "show configuration" command is used on a Cisco networking device to display the device's current configuration. This would show whether or not the DHCP snooping was enabled on this device.
Your company's corporate headquarters provided your branch office a portion of their Class C subnet to use at a new office location. You must allocate the minimum number of addresses using CIDR notation in order to accommodate each department's needs. What is the correct CIDR notation for the Finance department's subnet, which requires 32 devices? a) /30 b) /26 c) /29 d) /25 e) /27 f) /28
b) /26 #Since the Finance department needs 32 devices plus a network ID and broadcast IP, it will require 34 IP addresses. The smallest subnet that can fit 34 IPs is a /26 (64 IPs). A /26 will borrow 2 host bits and assign those to the network portion of the subnet mask. This would create a subnet with 2^6 available host IP addresses, or 64 total IP addresses. Of the 64 IP addresses, there are 62 available for clients to use, one for the network ID, and one for the broadcast address.
Dion Training is configuring a new branch office in Florida and wants to assign it a portion of their public Class C IPv4 address space. Dion Training has been assigned a Class C scope of 187.15.3.0/24. The new branch office in Florida will require 23 devices that will need IP addresses assigned. What is the correct CIDR notation for the new subnet in order to accommodate the 23 devices while allocating the minimum number of addresses? a) /28 b) /27 c) /29 d) /26
b) /27 #In this scenario, you have 23 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 25 IP addresses total. Since we need 25 IP addresses, we need to round up to a block of 32.
You have just finished installing a new web application and need to connect it to your Microsoft SQL database server. Which port must be allowed to enable communications through your firewall between the web application and your database server? a) 3306 b) 1433 c) 1521 d) 3389
b) 1433 #MySQL uses ports 3306 #SQLnet uses ports 1521
What is the network ID associated with the host located at 192.168.0.123/29? a) 192.168.0.112 b) 192.168.0.120 c) 192.168.0.96 d) 192.168.0.64
b) 192.168.0.120 #In classless subnets using variable-length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /29, so each subnet will contain 8 IP addresses. Since the IP address provided is 192.168.0.123, it will be in the 192.168.0.120/29 network.
Which of the following would require the network administrator to schedule a maintenance window? a) A major release of a core switch in a test lab b) A minor upgrade of a production router c) A company-wide email notification must be sent d) Rebooting the network administrator's laptop
b) A minor upgrade of a production router #During the upgrade of a production router, router wouldn't route packets and therefore, it could interrupt the services or affect network traffic. That's why the network administrator should schedule a maintenance window for the upgrade of a production router.
A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected? a) Use Nmap to query known ports b) Analyze packet captures c) Review the ID3 logs on the network d) Utilize netstat to locate active connections.
b) Analyze packet captures #Packet captures contain every packet that is sent and received by the network. By using a program like Wireshark to analyze the packet captures, you can see what kind of information and metadata is contained within the packets. By conducting this type of packet analysis, an attacker (or cybersecurity analyst) can determine if software versions are being sent as part of the packets and their associated metadata.
A network technician is looking at various administrative distances to see which route would be selected first. Which of the following would have the lowest administrative distance? a) Unknown b) BGP c) OSPF d) EIGRP
b) BGP #Administrative distance for BGP = 20 #Administrative distance for unknown = 255 (Highest!!!!) #Administrative distance for OSPF = 110 #Administrative distance for EIGRP = 90
Which of the following wireless technologies would you use to transmit data files from one system to another in a direct peer-to-peer connection over a distance of 2 to 3 meters? a) NFC b) Bluetooth c) RFID d) Wi-Fi
b) Bluetooth #Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz, and building personal area networks. Bluetooth is often used to create peer-to-peer connections between two devices for a distance of up to 10 meters.
Dion Training is considering moving its headquarters and data center to Florida, but they are worried about hurricanes disrupting their business operations. To mitigate this risk, Dion Training has signed a contract with a vendor located in a different state to provide hardware, software, and the procedures necessary for the company to recover quickly in the case of a catastrophic event, like a hurricane causing a power loss for up to 10 days. As the owner, Jason is a little concerned that this contract isn't sufficient to mitigate enough of the risk since it only provides a solution for the first 10 days. Jason wonders, "what will we do if a major outage occurs, and our offices are not able to be used for 6-12 months?" Jason has hired you to help develop Dion Training's long-term strategy for recovering from such an event. What type of plan should you create? a) Risk management plan b) Business continuity plan c) Disaster recovery plan d) Incident response plan
b) Business continuity plan #A business continuity plan (BCP) is a plan to help ensure that business processes can continue during a time of emergency or disaster. Such emergencies or disasters might include a fire or any other case where business cannot occur under normal conditions. A disaster recovery plan is useful (and usually a piece of the large business continuity plan), but it is insufficient for the long-term strategy which is needed to support business operations during an extended outage.
Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network? a) Star b) Hybrid c) Bus d) Ring
b) Hybrid #In this case, the WAN connections are using a ring network topology, but each office is using a star topology. Therefore, the best description of this combined network is a hybrid topology.
An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but then begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following: DIONRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line protocol is up Hardware is GigabitEthernet, address is 000F.33CC.F13A Configured speed auto, actual 1Gbit, configured duplex auto, actual hdx Member of L2 VLAN 100, port is tagged, port state is forwarding Which of the following actions should be taken to improve the network performance for this WAN connection? a) Replace eth1/1 with a 10GBase-SX transceiver b) Configure the interface to use full-duplex c) Remove the 802.1q tag and reassign it to the default VLAN d) Shutdown and then re-enable this interface
b) Configure the interface to use full-duplex #The interface is set to auto for duplexing, but it has only negotiated a half-duplex (hex) connection. For interfaces on a switch or router, the full-duplex (fdx) setting should be used to increase the throughput of the interface. If the interface is using half-duplex (hdx), then the bandwidth is split in half. Therefore, the issue is caused by the negotiated duplex setting and should be manually configured.
A network engineer needs to procure a product that scans content using a dictionary database/algorithm that looks for confidential and sensitive company information. What type of product would the engineer purchase? a) Floor Plan b) Data Loss Prevention c) Logical Network Diagram d) Change Management
b) Data Loss Prevention #Data loss prevention (DLP) products scan content in structured formats. This includes a database with a formal access control model and unstructured formats, such as email or word processing documents. DLP products use some dictionary database or algorithm (regular expression matching) to identify confidential or personal/sensitive data.
A technician is configuring a computer lab for the students at Dion Training. The computers need to be able to communicate with each other on the internal network, but students using computers should not be able to access the Internet. The current network architecture is segmented using a triple-homed firewall to create the following zones: ZONE INTERFACE, IP address --------------------------------------- PUBLIC, eth0, 66.13.24.16/30 INSTRUCTORS, eth1, 172.16.1.1/24 STUDENTS, eth2, 192.168.1.1/24 What rule on the firewall should the technician configure to prevent students from accessing the Internet? a) Deny all traffic from eth0 to eth2 b) Deny all traffic from eth2 to eth0 c) Deny all traffic from eth1 to eth0 d) Deny all traffic from eth2 to eth1
b) Deny all traffic from eth2 to eth0 #Accessing the internet means the public interface eth0 with IP address 66.13.24.16/30 #For additional security, it would be a good idea to also block all traffic from eth0 to eth2 so that inbound traffic from the internet cannot communicate with the student's computers.
A network administrator recently set up a network computer lab and discovered some connectivity issues. The administrator can ping the fiber uplink interface, but none of the new workstations plugged into the switch are responding to the technician's ICMP requests. Which of the following actions should the technician perform next? a) Determine if port security is enabled on the ports b) Determine if the link lights are lit for the ports c) Verify the ports on the switch are full-duplex d) Verify that the uplink interface is configured correctly
b) Determine if the link lights are lit for the ports #A technician can use the LEDs on the switchports to quickly monitor activity and performance for the interfaces. By determining if the link lights are lit for the ports, the administrator can verify if there is any activity on the network, if the ports are enabled, and if the Layer 1 components are working properly.
You are conducting a wireless penetration test against a WPA2-PSK network. Which of the following types of password attacks should you conduct to verify if the network is using any of the Top 1000 commonly used passwords? a) Hybrid b) Dictionary c) Spraying d) Brute-force
b) Dictionary #A dictionary attack is a method of breaking into a password-protected computer, network, or other IT resource by systematically entering every word in a dictionary or list file.
A company has a secondary datacenter in a remote location. The datacenter staff handles cable management and power management. The building's security is also handled by the datacenter staff with little oversight from the company. Which of the following should the technician do to follow the best practices? a) Ensure power monitoring is enabled b) Ensure locking cabinets and racks are used c) Secure the patch panels d) Secure the UPD units
b) Ensure locking cabinets and racks are used #By ensuring locking cabinets and racks are used, the staff would have keyed or RFID card locks installed. This provides an extra layer of physical security to the servers, which is considered a best practice.
Which of the following is used to provide emergency electrical power during a long duration outage until the local power grid can be restored? a) PDU b) Generator c) UPS d) HVAC
b) Generator #A generator is a device that converts motive power into electrical power for use in an external circuit. Generators can be powered by diesel, gasoline, or propane.
A security auditor has gathered many logs from the core router and sees many dropped packets at random intervals. The auditor has collected enough data to report an ongoing security breach attempt. What type of malformed packets are likely being dropped but not alerting the network team? (Select all that apply.) a) Syslog b) Giants c) Runts d) Duplex/speed
b) Giants c) Runts #Runts are packets that are too small and will likely be discarded or dropped. #Giants are packets that are too large and will likely be discarded or dropped.
Which of the following is used to remove heat from servers and networking gear within a datacenter? a) UPS b) HVAC c) PDU d) Generator
b) HVAC #Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter.
Your company is researching different wireless antennas. Antennas that you research are high-gain antennas. Which statement describes a property of high-gain antennas? a) High-gain antennas provide a wide coverage area. b) High-gain antennas provide a small vertical beamwidth. c) High-gain antennas avoid multipath distortion d) High-gain antennas are best suited for point-to-multipoint bridging.
b) High-gain antennas provide a small vertical beamwidth. #The beamwidth parameter of the antenna defines the angle of the radio signal radiated. The angle of radiation of the signal is defined in degrees. #The antenna properties include the gain, beamwidth, and transmission angle.
You are trying to select the best device to install to detect an outside attacker trying to reach into your internal network. The device should log the event, but it should not take any action to stop it. Which of the following devices would be the BEST for you to select? a) Authentication server b) IDS c) Proxy server d) IPS
b) IDS #IDS is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system. Unlike an IPS, which can stop malicious activity or policy violations, an IDS can only log these issues and not stop them.
A network technician wants to enable a rule that blocks all traffic that does not match the rule. What is the name of this rule? a) Antenna placement b) Implicit deny c) Explicit deny d) Role-based access
b) Implicit deny #The final default rule is typically to block any traffic that has not matched a rule. This is called an implicit deny. #If the firewall does not have a default implicit deny rule, an explicit deny-all rule can be added manually to the end of the ACL.
You are configuring a new machine with a hypervisor and several operating systems hosted within it to develop some new applications. You want to ensure that the hypervisor's various virtual machines can communicate with each other over a network, but you don't want this network traffic to leave the hypervisor itself. What is the BEST solution to meet these requirements? a) Install and configure individual routes between the virtual machines b) Install and configure a virtual switch c) Connect each machine to an individual switch d) Configure each virtual machine to use a route to a default gateway
b) Install and configure a virtual switch #A virtual switch (vSwitch) is a software program that allows one virtual machine (VM) to communicate with another. A virtual switch is a software application that allows communication between virtual machines. A vSwitch does more than just forward data packets, it intelligently directs the communication on a network by checking data packets before moving them to a destination. This is usually created within the hypervisor's software.
Edward's bank recently suffered an attack where an employee made an unauthorized modification to a customer's bank balance. Which tenet of cybersecurity was violated by this employee's actions? a) Confidentiality b) Integrity c) Availability d) Authentication
b) Integrity #The CIA Triad is a security model that helps people think about various parts of IT security. #Integrity ensures that no unauthorized modifications are made to the information. #Confidentiality is concerned with unauthorized people seeing the contents of the data. #Availability is concerned with the data being accessible when and where it is needed.
As part of unified communications services, QoS must be implemented to provide support for DSCP and CoS. Which of the following OSI layers does QoS operate within? a) Layer 5 b) Layer 2 c) Layer 4 d) Layer 1
b) Layer 2 #DSCP is a layer 3 packet, and it is the most commonly used value for QoS of an IP packet (as it gives lots of flexibility). CoS, on the other hand, is a layer 2 packet. Based on the options given, only Layer 2 could be correct. #Quality of Service (QoS) usually operates at either Layer 2 or Layer 3 of the OSI model, depending on if you are using CoS or DSCP.
You have been asked to troubleshoot Dion Training's T1 connection that is experiencing connectivity issues. You have already verified that the network's router is properly configured, the cable is connected properly between the router and the T1's CSU/DSU, but the T1 remains down. You want to test the interface on the CSU/DSU to ensure it is functioning properly. Which of the following tools should you use to test this interface? a) Light meter b) Loopback adapter c) Tone generator d) Cable tester
b) Loopback adapter #A T1 connection is a copper-based connection. A loopback adapter is a plug that is used to test the physical port or interface on a network device. You will need to insert the loopback adapter into the interface on the CSU/DSU and conduct a self-test of the device by looping back the transmit path to the receive path and the receive path to the transmit path.
A network technician is tasked with designing a firewall to improve security for an existing FTP server on the company network. The FTP server must be accessible from the Internet. The security team is concerned that the FTP server could be compromised and used to attack the domain controller hosted within the company's internal network. What is the BEST way to mitigate this risk? a) Upgrade the FTP server to an SFTP server since it is more secure b) Migrate the FTP server from the internal network to a screened subnet c) Configure the firewall to utilize an implicit deny statement d) Add a deny rule to the firewall's ACL that blocks port 21 outbound.
b) Migrate the FTP server from the internal network to a screened subnet #A screened subnet or DMZ is a perimeter network that protects an organization's internal LAN from untrusted traffic. #FTP server should be installed in a screened subnet so that additional security mitigations like a web application firewall or application-aware firewall can be used to protect them.
A network technician suspects a short in the network cable and wants to test it. Identify which of the following tools will provide this capability. a) Loopback adapter b) Multimeter c) Tone generator d) Spectrum analyzer
b) Multimeter #A multimeter is for testing electrical circuits, but they can test for the continuity of any sort of copper wire, the existence of a short, and the integrity of a terminator. #A network tone generator applies a signal on the cable to be traced by a probe, and can be used to follow the cable over ceilings and through ducts. #A spectrum analyzer, typically a handheld device, is used to analyze radio or electrical interferences. The exact location can be pinpointed using this device. #A loopback plug or adapter is a specially wired RJ-45 plug with a 6" stub of cable used to test for faulty ports and network cards.
DNS record that specifies a list of additional name servers on a domain is called: a) SPF b) NS c) PTR d) SRV
b) NS
While monitoring the network, you notice that the network traffic to one of the servers is extremely high. Which of the following should you utilize to verify if this is a concern? a) Network diagram b) Network baseline c) log management d) Real-time monitor (RTM)
b) Network baseline #High network traffic can be a sign of a possible attack conducted either by an insider or someone out of the network to steal relevant information. By reviewing the network baseline, you can determine if the traffic is actually high and if any network configurations are out of the baseline, causing the issue.
It has been determined by network operations that there is a severe bottleneck on its mesh topology network. The field technician has chosen to use log management and found that one router makes routing decisions slower than the others on the network. Which of the following types of issues would you classify this as? a) Storage Area Network Issues b) Network device CPU issues c) Delayed RADIUS responses d) Network device power issues
b) Network device CPU issues #Routing decisions are processed by the router and rely on the networking device's central processing unit (CPU). The CPU performance can become a severe bottleneck in the network performance if you have an underpowered router for a large enterprise environment.
What is BEST used to perform a one-time temporary posture assessment in a NAC environment? a) Antivirus b) Non-persistent agent c) IPS d) host-based firewall
b) Non-persistent agent #A non-persistent agent is used to access the device during a one-time check-in at login. A persistent agent is agent software that resides on the client making the connection, and a non-persistent agent is software the client runs (usually from a browser) as they are connecting so the agent can perform the checks, but the software does not permanently stay with the client after they disconnect. This is beneficial in BYOD (Bring Your Own Device) policies.
A network technician wants to allow HTTP traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACLs should the technician implement? a) PERMIT SRCIP:any SPORT:80 DSTIP:192.168.0.0/24 DPORT:80 b) PERMIT SRCIP:192.168.0.0/24 SPORT:any DSTIP:any DPORT:80 c)PERMIT SRCIP:192.168.0.0/24 SPORT:80 DSTIP:192.168.0.0/24 DPORT:80 d) PERMIT SRCIP:192.168.0.0/24 SPORT:80 DSTIP:any DPORT:ANY
b) PERMIT SRCIP:192.168.0.0/24 SPORT:any DSTIP:any DPORT:80 #This will permit traffic from the internal network (192.168.0.0/24) from any port to access the external network (any IP) to port 80 (HTTP). Since this is a stateless firewall, you must include the SPORT (source port) ANY to allow the outbound connection through the firewall.
You are working as a cybersecurity analyst intern at Dion Training. You have been asked to create a file that contains any data transmitted as part of a malware beacon from a client in a sandboxed wireless network. Which of the following tools should you utilize to create this file? a) IP scanner b) Packet capture c) Port scanner d) WiFi analyzer
b) Packet capture #A packet capture tool is used to collect data packets being transmitted on a network and save them to a packet capture file (pcap) for later analysis. Packet capture tools are useful when attempting to capture traffic for malware analysis as a cybersecurity analyst. #A port scanner is used to determine which ports and services are open and available for communication on a target system.
Which of the following would NOT be useful in defending against a zero-day threat? a) Allow listing b) Patching c) Segmentation d) Threat intelligence
b) Patching #While patching is a great way to combat threats and protect your systems, it is not effective against zero-day threats. By definition, a zero-day threat is a flaw in the software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. #Using segmentation, allow listing, and threat intelligence, a cybersecurity analyst, can put additional mitigations in place to protect the network even if a zero-day attack was successful.
Andy is a network technician who is preparing to configure a company's network. He has installed a firewall to segment his network into an internal network, a DMZ or screen subnet, and an external network. No hosts on the internal network should be directly accessible by their IP address from the Internet, but they should be able to reach remote networks if they have been assigned an IP address within the network. Which of the following IP addressing solutions would work for this particular network configuration? a) APIPA b) Private c) Toredo tunneling d) Classless
b) Private #A private IP address is an IP address reserved for internal use behind a router or other Network Address Translation (NAT) devices, apart from the public. Private IP addresses provide an entirely separate set of addresses that still allow access to a network without taking up a public IP address space.
What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them? a) FIN b) RST c) ACK d) SYN
b) RST #A reset (RST) flag is used to terminate the connection. This type of termination of the connection is used when the sender feels that something has gone wrong with the TCP connection or that the conversation should not have existed in the first place. For example, if a system receives information that is outside of an established session, it will send a RST flag in response.
You are working as part of the server team for an online retail store. Due to the upcoming holidays, your boss is worried that the current servers may not be able to handle the increased demand during a big sale. Which of the following cloud computing concepts can quickly allow services to scale upward during busy periods and scale down during slower periods based on the changing user demand? a) Resource pooling b) Rapid elasticity c) Metered services d) On-demand
b) Rapid elasticity #Rapid elasticity is used to describe scalable provisioning or the capability to provide scalable cloud computing services. Rapid elasticity is very critical to meet the fluctuating demands of cloud users. The downside of rapid elasticity implementations is that they can cause significant loading of the system due to the high resource number of allocation and deallocation requests.
Which of the following network devices would be used to receive a signal on one port and then retransmit the same signal out another port to extend the distance covered by a network? a) IDS b) Repeater c) Access point d) Media converter
b) Repeater #A repeater is a networking device that receives a signal and then rebroadcasts it to extend the distance covered by a network. A repeater can operate either as a wired or wireless repeater.
Which of the following errors would be received if an ethernet frame less than 64 bytes is received by a switch? a) Encapsulation error b) Runt c) Giant d) CRC error
b) Runt #A runt is an ethernet frame that is less than 64 bytes in size. #A giant is any ethernet frame that exceeds the 802.3 frame size of 1518 bytes.
Which of the answers listed below refers to a technology designed to simplify network infrastructure management? a) SAN b) SDN c) SSP d) SEH
b) SDN
Which protocol is used to establish a secure and encrypted VPN tunnel that can be initiated through a web browser? a) PPP b) SSL c) IPsec d) PPTP
b) SSL #An SSL VPN is a type of virtual private network that uses the Secure Sockets Layer protocol in a standard web browser to provide secure, remote-access VPN capability. In modern browsers and servers, it is more common to use TLS (transport layer security) which is the successor to SSL. NOTE: IPsec is used in VPNs, but not with web browser initiated ones.
What remediation strategies are the MOST effective in reducing the risk to an embedded ICS from a network-based compromise? (Select TWO) a) NIDS b) Segmentation c) Disabling unused services d) Patching
b) Segmentation c) Disabling unused services #Segmentation is the best method to reduce the risk to an embedded ICS system from a network-based compromise. Additionally, you could disable unused services to reduce the footprint of the embedded ICS. #Patching is difficult for embedded ICS devices since they usually rely on customized software applications that rarely provide updates.
To improve ur ability to monitor and manage your network devices, ur network requirements call for purchasing devices that support out-of-band (OOB) management. Which of the following types of interfaces or devices is most likely to satisfy this requirement, as you select switches, routers, firewalls, and servers for purchase? a) WAN port b) Serial port c) RJ-45 port d) Separate network interface e) Parallel port
b) Serial port #A serial port easily and regularly plays host to a modem, which provides a dial-up link that network admins can use to access the device to which it is attached. The whole idea of OOB is to use a separate communications link outside the scope and reach of the regular network. An OOB link provides a way to access a device even when the network is down or when the device needs to be powered up after a power fault or interruption. -OOB management ports are usually DB-9 serial ports and never use RJ-45 ports. RJ-45 ports normally serve to provide in-band network access.
A penetration tester is looking at IoT devices on a network. Which of the following would act as the control system? a) Doorbell b) Speaker c) Thermostat d) Refrigerator
b) Speaker #The penetration tester could implement a headless hub as a smart speaker operated by voice control or smartphone/PC app for configuration. #IoT endpoints implement the function, such as a thermostat or heating control that you can operate remotely. Because they're effectively running mini-computers, smart devices are vulnerable to some of the standard attacks associated with web applications and network functions.
You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and impacts the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why? a) NIDS b) Syslog c) Firewall logs d) Network mapping
b) Syslog #The Syslog server is a centralized log management solution. By looking through the Syslog server's logs, the technician could determine which service failed on which server since all the logs are retained on the Syslog server from all of the network devices and servers.
A systems administrator is planning a change to a resource record. Which value should they modify prior to the change in order to speed up caching replacement? a) Stratum b) TTL c) A d) PTR
b) TTL #Each resource record can be configured with a default time to live (TTL) value, measured in seconds. If there is a change to a resource record, server and client caching means that the updated record can be relatively slow to propagate.
You are working as a wireless networking technician and have been sent to a user's home to install a brand new 802.11ac wireless access point to replace their old access point. To ensure all of the current devices on the network will automatically connect to the new network, you set the SSID, encryption type, and password to the same ones as the existing access point. You turn the new access point on and notice most of the devices connect automatically, but one older wireless printer won't connect. You notice that the printer is about 7 years old, but the user says it has always worked great over the old wireless network. What is the MOST likely reason that the printer will not connect to the new access point? a) The wireless printer is configured with the wrong password b) The access point and the wireless printer have a frequency mismatch c) The incorrect channel is configured on the access point d) The transmit power on the access point is too low
b) The access point and the wireless printer have a frequency mismatch #Wireless B/G networks utilize 2.4 GHz, while Wireless AC uses 5.0 GHz. Wireless N can support both 2.4 GHz and 5.0 GHz frequencies.
Dion's Burgers and Fries is a fast-food restaurant that recently installed a new network-connected electronic signboard to display their menu items to customers. The signboard came preconfigured with a public IP address so that the central office can remotely connect to it and update the menu items and prices displayed. The installer unboxed the new device, hung it on the wall, plugged it into the network, and the menu appeared. The next day, the manager sees that the menu items have all been changed to include vulgar names and prices like $6.66. It appears the signboard has been digitally vandalized by an attacker. What is the MOST likely reason the attackers were able to access and modify the signboard's display? a) The default port, port 80, was left open during it's installation b) The default credentials were never changed during its installation c) Unnecessary services were not disabled during it's installation d) The self-signed digital certificate of the signboard had expired.
b) The default credentials were never changed during its installation #We know that the signboard was installed with all of the defaults still in place because the installer simply removed it from the box, hung it on the wall, and plugged it in). This means that it is most likely that the electronic signboard default credentials were never changed. While the other options may cause an issue, the unchanged default username and passwords are the biggest threat and most likely the root cause of the digital vandalism.
Which of the following answers refer to the characteristics of the spine-and-leaf datacenter network architecture model? (Select 2 answers) a) Star topology b) Two-tier architecture c) Full mesh topology d) Three-tier architecture e) Single-tier architecture
b) Two-tier architecture c) Full mesh topology
Which of the following types of telecommunication links is used to provide high-speed internet service over a system of coaxial or HFC cables? a) DSL b) Leased line c) Cable d) Satellite
c) Cable #Data Over Cable Service Interface Specification (DOCSIS) is used to connect a client's local area network to a high-bandwidth internet service provider over an existing coaxial cable TV system.
Which of the following technologies combines the functionality of a firewall, malware scanner, and other security appliances into one device? a) IPS b) UTM c) IDS d) Syslog
b) UTM #A Unified Threat Management (UTM) appliance enforces a variety of security-related measures, combining the work of a firewall, malware scanner, and intrusion detection/prevention. A UTM centralizes the threat management service, providing simpler configuration and reporting than isolated applications spread across several servers or devices. #UTM is currently used by the United States and NATO armed forces.
Which of the following communication types is used to send a direct request from one host to a server, such as when you visit a website like diontraining.com? a) Anycast b) Unicast c) Multicast d) Broadcast
b) Unicast #Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6. #Anycast only works IPv6. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. #Broadcast only works with IPv4 #Multicast works with both IPv4 and IPv6
Your network security manager wants a monthly report of the security posture of all the assets on the network (e.g., workstations, servers, routers, switches, firewalls). The report should include any feature of a system or appliance that is missing a security patch, OS update, or other essential security feature and its risk severity. Which tool would work best to find this data? a) Security policy b) Vulnerability scanner c) Penetration testing d) Antivirus scan
b) Vulnerability scanner #A vulnerability scanner is a computer program designed to assess computers, computer systems, networks, or applications for weaknesses. Most vulnerability scanners also create an itemized report of their findings after the scan.
A technician is troubleshooting a newly installed WAP that is sporadically dropping connections to devices on the network. Which of the following should the technician check FIRST during troubleshooting? a) Bandwidth saturation b) WAP placement c) WAP SSID d) Encryption type
b) WAP placement #To determine if adequate coverage and signal strength is being received in the building, you can conduct a wireless site survey. #NOTE: Bandwidth saturation is a phenomenon that occurs when all of a circuit's available bandwidth in a given direction is being utilized by a large upload or download which can result in high latency and performance issues. Bandwidth saturation would not cause the wireless connection to drop, though.
The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented? a) WPA2 Enterprise b) WPA personal c) MAC filtering d) WEP
b) WPA personal #Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. #WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client.
Your company's wireless network was recently compromised by an attacker who utilized a brute force attack against the network's PIN to gain access. Once connected to the network, the attacker modified the DNS settings on the router and spread additional malware across the entire network. Which TWO of the following configurations were most likely used to allow the attack to occur? a) Guest network enabled b) WPS enabled c) Default administrative login credentials d) Router with outdated firmware e) TKIP encryption protocols f) WPA2 encryption enabled.
b) WPS enabled c) Default administrative login credentials #WPS relies on PIN and is easily hacked #Once connected to the network using the WPS PIN, the attacker can log into the router using the default administrative login credentials and then modify router/gateway's DNS.
You are configuring a network to utilize SNMPv3 to send information from your network devices back to an SNMP manager. Which of the following SNMP options should you enable to ensure the data is transferred confidentially? a) authEncrypt b) authPriv c) authProtect d) authNoPriv
b) authPriv #In SNMPv3, the authPriv option ensures that the communications are sent with authentication and privacy. This uses MD5 and SHA for authentication and DES and AES for privacy and encryption.
You are trying to connect to another server on the network but are unable to ping it. You have determined that the other server is located on the 10.0.0.1/24 network, but your workstation is located on the 192.168.1.1/24 network. Which of the following tools should you use to begin troubleshooting the connection between your workstation and the server? a) netstat b) traceroute c) ifconfig d) dig
b) traceroute #The traceroute command is used on Linux, Unix, and OS X devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. #While using ping will tell you if the remote website is reachable or not, it will not tell you where the connection is broken. Traceroute performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help identify if the connectivity issue lies within your workstation and the server since the traffic must be routed between the two networks.
The answers below have been arranged to represent the DNS hierarchy from the highest level of the DNS tree (1) to the lowest level (5). Which of these answers are out of order? (Select all that apply) a) 1. Root domain (".", e.g. the optional trailing dot in "example.com.") b) 2. Top level domain (e.g. ".com", ".org", or ".edu") c) 3. Subdomain (e.g. "department" in "department.example.com") e) 4. Second level domain (e.g. "example.com") f) 5. Host or resource name (e.g. "a" in "a.department.example.com")
c) 3. Subdomain (e.g. "department" in "department.example.com") e) 4. Second level domain (e.g. "example.com")
You are installing a new LAN in a building your company just purchased. The building is older, but your company has decided to install a brand new Cat 6a network in it before moving in. You are trying to determine whether to purchase plenum or PVC cabling. Which environmental conditions should be considered before making the purchase? a) Workstation models b) Floor composition c) Air duct placement d) Window placement
c) Air duct placement #In a large building, the plenum is the space between floors used to circulate the air conditioning ductwork, piping, electrical, and network cables throughout the building. This space is also an ideal place to run computer network cabling.
A firewall technician at Dion Training configures a firewall to allow HTTP traffic as follows: (refer to the diagram) Dion Training is afraid that an attacker might try to send other types of network traffic over port 80 to bypass their security policies. Which of the following should they implement to prevent unauthorized traffic from entering through the firewall? a) Stateful packet inspection b) HTTPS (SSL/TLS) c) Application-aware firewall d) Stateless packet inspection
c) Application-aware firewall #An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, as opposed to simply using IP addresses and port numbers, by applications by inspecting the data contained within the packets. #HTTPS (SSL/TLS) would allow for an encrypted communication path between the webserver and the client, but this would not prevent an attacker from sending other network protocol data over port 80 and bypassing the firewall rules.
An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following: DIONRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line is up Hardware is GigabitEthernet, address is 000F.33CC.F13A Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Member of L2 VLAN 1, port is untagged, port state is forwarding Which of the following actions should be taken to improve the network performance for this WAN connection? a) Configure the interface to use full-duplex b) Shutdown and then re-enable this interface c) Assign the interface a 802.1q tag to its own VLAN d) Replace eth1/1 with a 1000Base-T transceiver
c) Assign the interface a 802.1q tag to its own VLAN #The WAN interface (eth 1/1) is currently untagged and is being assigned to the default VLAN (VLAN 1). #If there are numerous devices in the default VLAN, the VLAN may be overloaded or oversubscribed leading to a reduction in the network performance. #To solve this issue, you would assign the WAN interface to a VLAN with less traffic or to its own VLAN. By adding an 802.1q tag (VLAN tag) to the interface, you can assign it to its own individual VLAN and eliminate potential overloading or oversubscription issues.
A security administrator is investigating recent logins to a server that has been compromised. Which log should the administrator audit? a) OIDs b) Syslog c) Audit log d) Traffic logs
c) Audit log #An audit log records the use of authentication and authorization privileges. It will generally record success/fail type events. An audit log might also be described as an access log or security log. #Object Identifiers (OIDs) are stored within a tree structure. Part of the tree is generic to SNMP, while the device vendor can define part of it as well. #Syslog is a de-facto standard for logging events from distributed systems.
You have been asked to configure a router. Which of the following protocols should you enable to allow the router to determine the path to another network? a) RTP b) NTP c) BGP d) STP
c) BGP #BGP (Border Gateway Protocol) is a protocol that operates at layer 3 of the OSI model. Since the question asks about a router, you need to identify a routing protocol that would enable the router to determine the path to another network using IP (layer 3) information.
A tech team provides a network technician with a faulty device. They want a new one with the same parameters as the failed device. What should the parameters on the new device be? a) Audit and Assessment Report b) Business Continuity Plan c) Baseline Configuration d) Change Management
c) Baseline Configuration #Each device should have a documented baseline configuration. The deployment process should be capable of applying this configuration to a replacement device or restoring a faulty device.
Which of the following communication types cannot be used with IPv6? a) Multicast b) Unicast c) Broadcast d) Anycast
c) Broadcast #Broadcast only works with IPv4. Broadcast communication has one sender, but it sends the traffic to every device on the network. #Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. #Multicasting is a technique used for one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only sends the signal once, which is then received by multiple hosts simultaneously. Multicast can be used with both IPv4 and IPv6. #Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.
You are assisting the company with developing a new business continuity plan. What would be the BEST recommendation to add to the BCP? a) Physically secure all network equipments b) Maintain up-to-date configuration backups c) Build redundancy links between core devices. d) Perform regular vulnerability scans
c) Build redundancy links between core devices. #By keeping redundant links between core devices, critical business services can be kept running if one link is unavailable during a disaster.
Which of the following BEST describes how a DHCP reservation works? a) By letting the network switches assign IP addresses from a reserved pool b) By assigning options to the computers on the network by priority c) By matching a MAC address to an IP address within the DHCP scope d) By leasing a set of reserved IP addresses according to their category.
c) By matching a MAC address to an IP address within the DHCP scope #When the client requests an IP address by sending a message on the network to the DHCP server, the DHCP server will assign an IP from its DHCP scope to the client and reserve it based on its MAC address. DHCP reservations allow the DHCP server to pre-set an IP address to a specific client based on its MAC address. This ensures that the client will always get the same IP address from the DHCP server when it connects to the network. DHCP reservations are usually used with servers or printers on your internal network and are rarely used with end-user or client devices.
Which of the following components is used to identify a variable that may be set or read using SNMP? a) Verbose trap b) MIB c) OID d) Granular trap
c) OID #OID is unique object identifier
You are working as a network technician running new unshielded twisted pair cables from the intermediate distribution frame to the individual offices on the same floor. The cable comes in 1000 foot spools. Which of the following tools should you use to break the cable into shorter distances? a) Punchdown tool b) Cable crimper c) Cable snip d) Cable stripper
c) Cable snip #Also called cable cutter. #It is used to cut copper cables into shorter lengths from a longer spool of wound cable. #Cable crimper is used to join the internal wires of a twisted pair cable with metallic pins houses inside a plastic connector, such as an RJ-45 connector. #A punchdown tool is used to insert wires into insulation displacement connectors on patch panels, keystone modules, or punchdown blocks.
Jason is flying home from a conference and attempts to connect to the airplane's onboard wireless network to check his email. He selects the InflightWiFi from the list of network names, his web browser opens, and then a 404 "page not found" error is displayed. Which of the following issues is likely the source of this error? a) Insufficient wireless coverage b) Incorrect passphrase c) Captive portal issue d) Wrong SSID
c) Captive portal issue #Since the user selected the SSID from the list of network names, therefore it is not a wrong SSID issue. The user also did not enter a password, therefore it is not an incorrect passphrase.
The accounting department has been relocated to a new area of the building, which is more than 70 meters away from the closest IDF. To comply with an SLA that requires that 10Gb speeds be provided, what type of media should be installed? a) 802.11n b) Cat 5e c) Cat 6a d) 802.11ac
c) Cat 6a #Cat6a is the only one listed that can meet 10 Gbps. CAT5e and 802.11 ac support speeds up to 1 Gbps. 802.11n supports speeds of up to 600 Mbps. #Remember that Cat 6 supports up to 10 Gbps, but only 55 meters. Cat 6 supports up to 1 Gbps for the 100 meters distance.
Which of the following type of network models requires the use of specialized computers that utilize networking operating systems to provide services to other networked devices that request services from them over an enterprise network? a) Peer-to-peer b) Point-to-point c) Client-server d) Hub-and-spoke
c) Client-server #A client-server network model utilizes specific devices (servers) to provide services to requesters (clients). A server is a specialized computer that runs a networking operating system. A client is any device that requests services over a network, such as a desktop, laptop, tablet, or internet of things device. #A peer-to-peer network model does not differentiate between the clients and the servers, and every node can become a client and a server when requesting and responding to service requests.
A data center architect is looking at access types and wants something that is cost-effective. They are a smaller company so they are willing to take some risks to have a lower cost. What would a good solution for them be? a) Branch office b) Spine and leaf c) Colocation d) On-prem
c) Colocation #Colocation is cost-effective but also associated with several risks. Colocation means that a company's private servers and network appliances are installed in a data center that is shared by multiple tenants.
A technician is testing a new web-based tool capable of generating an automatic teller machine (ATM) cash and service availability reports. A consortium of financial institutions developed the web-based tool. Which of the following cloud delivery models is being described in this scenario? a) Hybrid b) Private c) Community d) Public
c) Community #The scenario described is a community cloud-created tool by the banking industry.
After an employee connected one of the switchports on a SOHO router to the wall jack in their office, other employees in the building started to receive "duplicate IP address" errors and experiencing intermittent network connectivity. You check the configuration on one of the affected clients and see it has been assigned an IP address of 192.168.1.54. Which of the following could be enabled on the company's network to prevent this from occurring? a) Router advertisement guard b) ARP inspection c) DHCP snooping d) Split horizon
c) DHCP snooping #DHCP snooping is the series of techniques applied to the DHCP infrastructure for security. #When DHCP servers are allocating IP addresses to the LAN clients, DHCP snooping can be configured on LAN switches to prevent malicious or malformed DHCP traffic or rogue DHCP servers.
A network technician is troubleshooting connectivity problems between switches but suspects the ports are not properly labeled. What option will help to identify the switches connected to each port quickly? a) Configure each uplink to send LACP discovery units b) Perform a packet capture on each switch's uplink port c) Enable a discovery protocol on the network devices d) Configure TACACS+ on each network device
c) Enable a discovery protocol on the network devices #By enabling a discovery protocol on the network devices, the technician will be able to get detailed information such as the IP addresses, system version, and device information from supporting devices directly. There are three primary discovery protocols: simple network management protocol (SNMP), link layer discovery protocol (LLDP), and ping.
An outside organization has completed a penetration test for a company. One of the report items states that an attacker may have the ability to read TLS traffic from the webserver due to a software bug. What is the MOST likely mitigation for this reported item? a) Configure the firewall to block traffic on port 443 b) Implement a VPN for employees c) Ensure patches are deployed d) Install an IDS on the network
c) Ensure patches are deployed #A patch is designed to correct a known bug or fix a known vulnerability. Since the server is allowing an attacker to read TLS traffic, which should be encrypted and unreadable, this is a software bug in the webserver's code that must be fixed using a patch. #If you configured the firewall to block traffic on port 443 (HTTPS/SSL/TLS), it would block all of the webserver's legitimate users, as well.
You are troubleshooting a 3 foot long fiber patch cable that you suspect is causing intermittent connectivity between two switches. Which of the following tools should you use to measure the signal as it transmits over the fiber optic cable? a) Cable tester b) Optical time domain reflectometer (OTDR) c) Fiber Light meter d) Loopback adapter
c) Fiber Light meter #A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located.
IT support places a server that acts as a Client-to-site virtual private network (VPN). The technicians place it on the network's edge in a screened subnet topology. Which appliance does support use to implement this solution? a) Switch b) Bridge c) Firewall d) Router
c) Firewall
Lynne is a home user who would like to share music throughout the computers in her house using an external USB hard drive connected to a router that she purchased over a year ago. The manufacturer states that the router can recognize drives up to 4TB in size, but she cannot get her 3TB hard drive to show up on the network. Which of the following should Lynne do to solve this issue? a) Load the latest hardware drivers for her USB drive b) Download a new music player on her computers c) Flash the latest firmware for her router d) Install the latest OS on her computers
c) Flash the latest firmware for her router #Routers can be updated by conducting a firmware flash. This is similar to upgrading or patching your computer's operating system or even updating a device driver. By flashing the firmware, it can provide the ability to communicate with newer devices and remove known software vulnerabilities from the device.
You have been asked to create a network where visitors can access the Internet without disrupting the office's own intranet. Which of the following types of networks should you create? a) Demilitarized zone b) Screened subnet c) Guest network d) MU-MIMO
c) Guest network #No security or authentication required. Keep it open. #This network should be logically isolated from the corporate intranet of the office. Generally, these guest networks will directly connect to the internet with little to no security or monitoring on that network. This is a feature known as guest network isolation. #A DMZ is generally used to host servers, not wireless guests or clients. #A screened subnet refers to the use of one or more logical screening routers as a firewall to define three separate subnets: an external router, that separates the external network from a perimeter network, and an internal router that separates the perimeter network from the internal network. While a screened subnet could be used to isolate a guest network, it alone would not provide any wireless capability
A working physical server is experiencing network connectivity issues after switching connections to another physical port on a basic layer 2 switch. Identify the most likely problem with the switch. a) Blocked TCP ports b) Incorrect cable type c) Hardware failure d) Duplicate IP address
c) Hardware failure #A bad physical port or a hardware failure is most likely the cause of the issue, as the connection to the previous physical switch port was working fine. #A basic layer 2 switch does not have the capability of blocking TCP ports. This would be appropriate for a network firewall appliance to handle.
Which of the following is designed to keep the system's uptime running in the event of a disaster? a) Load balancing b) Quality of Service c) High availability d) Caching engines
c) High availability #High availability (HA) is a component of a technology system that eliminates single points of failure to ensure continuous operations or uptime for an extended period. If a network switch or router stops operating correctly (meaning that a network fault occurs), communication through the network could be disrupted, resulting in a network becoming unavailable to its users. Therefore, network availability, called uptime, is a major design consideration for high availability networks.
Dion Training is concerned about an attacker gaining access to their network and gaining access to their confidential financial data. What could be implemented to attempt to redirect an attacker to a different server that doesn't contain any real financial data? a) DMZ b) Content filter c) Honeypot d) Botnet
c) Honeypot #A honeypot is a computer security mechanism set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
A cyber security technician is observing a DOS attack on the organization's network. The technician can not determine anything surrounding the attacker's identity but does notice that no data traffic is being returned to the attacker. What type of attack is this? a) MAC spoofing b) Malware c) IP spoofing d) Botnet
c) IP spoofing #IP spoofing is also used in most denial of service (DoS) attacks to mask the attack's origin and make it harder for the target system to block packets from the attacking system. In this type of spoofing, the threat actor does not care about not receiving return traffic. #In MAC spoofing, it attacks ACLs or impersonate legitimate server. #A botnet is a group of compromised hosts that can be used to launch DDoS and DRDoS attacks. A threat actor will first compromise one or two machines to use as handlers or herders.
A network technician has received a report that workstations are unable to gain access to the network. During the troubleshooting process, the technician discovers that the switch connecting these workstations has failed. Which of the following is the QUICKEST option to configure a replacement switch with a secure configuration? a) Archive b) Syslog c) Image d) Baseline
c) Image #To image a switch, you can make a backup of the configuration and deploy it to a new/different switch. An image can contain the firmware and its configurations. #An archive is a backup of the configurations for the network device.
Students at Dion Training are working on a networking lab that requires a single switch to be remotely accessed by many students simultaneously. The instructor verifies that the switch can be accessed using the console, but the switch is only letting one student log in to the device at a time. Which of the following configurations should the instructor implement to fix this issue? a) Increase the number of VLANs configured on the switch b) Clear the ARP cache and flush the DNS cache on the switch c) Increase the number of virtual terminals available d) Increase installed memory and install a larger flash module.
c) Increase the number of virtual terminals available #You can set a limit of how many virtual terminals can simultaneously remotely connect to a switch. The issue in this scenario is that the switch is configured to a maximum of one virtual terminal, so only one student can access the switch at a time. #When a student connects to a switch or router using ssh or telnet, it requires a virtual terminal connection. The default virtual terminal limit is 32 on Cisco devices, but you can configure it to allow between 1 and 64 simultaneous connections. To connect to a virtual terminal, you would utilize a terminal emulator.
Which of the following layers within software-defined networking consists of the physical networking devices, such as switches and routers? a) Control layer b) Application layer c) Infrastructure layer d) Management plane
c) Infrastructure layer #The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements.
A network technician connects three temporary office trailers with a point-to-multipoint microwave radio solution in a wooded area. The microwave radios are up, and the network technician can ping network devices in all of the office trailers. However, users are complaining that they are experiencing sporadic connectivity. What is the MOST likely cause of this issue? a) Latency b) Throttling c) Interference d) Split horizon
c) Interference #Microwave links require a direct line of sight (LoS) between the antennas to maintain a strong and effective link. These line-of-sight microwave link uses highly directional transmitter and receiver antennas to communicate via a narrowly focused radio beam. Since this microwave-based network is being run in a wooded area, there are likely some trees or leaves that are blocking the line of sight between the antennas.
You are working for a brand new startup company who recently moved into an old office building because the CEO liked the "charm" of the place. You have been tasked with converting a small janitorial closet into an IDF to support the new office network. You measure the closet and determine that you can install a two-post rack inside of it, and all your necessary networking equipment will fit in the two-post rack. You test the power outlet installed in the closet, and it is sufficient for your needs. What is the NEXT thing you should be concerned with to ensure this closet can be used as your IDF? a) Is there redundant power supply? b) How will I label the cables during installation? c) Is there adequate airflow and cooling in the closet? d) Can I install a UPS in this closet?
c) Is there adequate airflow and cooling in the closet? #Since this is an old closet, need to make sure there are 3 things in abundance: Power, space and cooling.
Which of the following technologies allows two or more links to pass network traffic as if they were one physical link? a) SLAAC b) PoE c) LACP d) STP
c) LACP #The Link Aggregation Control Protocol (LACP) enables you to assign multiple physical links to a logical interface that will appear as a single link to a route processor. LACP is used to combine multiple network connections in parallel to increase throughput beyond what a single connection could sustain and to provide redundancy in case one of the links should fail. LACP is defined in the IEEE 802.3ad standard.
Your network relies on the use of ATM cells. At which layer of the OSI model do ATM cells operate? a) Layer 3 b) Layer 7 c) Layer 2 d) Layer 5
c) Layer 2 #In the data link layer (layer 2) of the OSI model, the basic unit of transfer is called a frame. In an ATM network, though, these frames are called cells and are of a fixed (53 octets or bytes) length that allows for faster switching of the cells across the network.
The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following devices would BEST handle the rerouting caused by the disruption of service? a) Layer 2 switch b) Smart hub c) Layer 3 switch d) Proxy server
c) Layer 3 switch #A layer 3 switch is the best option because, in addition to its capability of broadcast traffic reduction, it provides fault isolation and simplified security management. This is achieved through the use of IP address information to make routing decisions when managing traffic between LANs. Multicast and unicast are layer 3 messaging flows, so you need a router or layer 3 switch to route them across the network. #A proxy server operates at layer 4, but would still require a router or layer 3 switch to route the traffic.
Which of the following describes a design where traffic is shared between multiple network servers to provide greater throughput and reliability? a) VLAN tagging b) MPLS trunking c) Load balancing d) Multiplexing
c) Load balancing #Load balancing is a technique used to spread work across multiple computers, network links, or other devices. #Multiprotocol Label Switching is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows.
A data center technician needs to secure the cryptographic keys under lock and key to ensure that insider threats do not have access to take them from the building. What item is the most logical way to achieve this? a) Smart lockers b) Locking racks c) Locking cabinets d) Access control vestibule (previously known as a mantrap)
c) Locking cabinets #Locking cabinets can provide secure storage for individual items, such as cryptographic keys or shared password lists.
Which of the following DNS database records maps a domain name to a list of mail servers for that domain? a) NS b) SPF c) MX d) PTR
c) MX
An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted if this change is not immediate. The request comes directly from management and was just approved through the emergency change management process. Which of the following should the technician do? a) Send out a notification to the company about the change b) Wait until the maintenance window and make the requested change c) Make the change, document the requester, and document all network changes d) First document the potential impacts and procedures related to the change
c) Make the change, document the requester, and document all network changes #All changes to the enterprise network should be approved through the normal change management processes. So, this is valid.
Dion Training's remote office is experiencing poor network performance. You have been asked to look at the traffic patterns for the remote office and compare them to the network performance baselines. Which of the following tools should you utilize? a) Terminal emulator b) Spectrum analyzer c) Network analyzer d) IP scanner
c) Network analyzer #Since the question talks about poor network performance and traffic patterns, it's gotta be network analyzer, what say?? LOL!! Nothing to overthink about it here.. #A NetFlow analyzer is used to perform monitoring, troubleshooting, inspection, interpretation, and synthesis of network traffic flow data.
Jason is a network manager leading a project to deploy a SAN. He is working with the vendor's support technician to set up and configure the SAN on the enterprise network. To begin SAN I/O optimization, what should Jason provide to the vendor support technician? a) Asset management document b) Baseline documents c) Network diagrams d) Access to the data center
c) Network diagrams #A network diagram is a visual representation of network architecture. It maps out the structure of a network with a variety of different symbols and line connections. This information will be important when deploying a Storage Area Network (SAN) on the enterprise network.
Which of the following policies or plans would describe the process for a new user to request an account on the enterprise network? a) BYOD policy b) Password policy c) Onboarding policy d) Remote access policy
c) Onboarding policy #An onboarding policy is a documented policy that describes all the requirements for integrating a new employee into the company and its cultures, as well as getting that new hire all the tools and information they need to begin their job successfully.
Which of the following WAN technologies would MOST likely be used to connect several remote branches that have no fiber, microwave, or satellite connections available? a) Starlink b) OC-3 c) POTS d) WiMAX
c) POTS #Plain old telephone service #OC-3 is a type of fiber connection. #WiMAX is a type of microwave connection. #Starlink is a type of satellite connection.
Which of the following statements describing the function of a DNS PTR record are true? (Select 2 answers) a) PTR record creates a pointer that maps a hostname to an IP address for reverse lookups. b) The functionality provided by a PTR record allows multiple domain names to resolve to the same IP address. c) PTR record resolves an IP address to a hostname for reverse lookups. d) The functionality provided by a PTR record is the opposite of A and AAAA DNS records. e) PTR record maps a domain name to a list of mail servers for that domain.
c) PTR record resolves an IP address to a hostname for reverse lookups. d) The functionality provided by a PTR record is the opposite of A and AAAA DNS records.
A network technician needs to monitor the network to find a user who is browsing websites that go against the company's acceptable use policy. What should the technician use to view the website and find the user browsing it? a) SNMP GET b) Intrusion detection system c) Packet sniffer d) Top Listener tool
c) Packet sniffer #Packet Sniffers can capture and analyze network user traffic. This information can be queried to view website addresses, contents, and sometimes even password information.
Your company has just hired a contractor to attempt to identify and exploit any network vulnerabilities they could find. This person has been permitted to perform these actions and only conduct their actions within the contract's scope of work. Which of the following will be conducted by the contractor? a) Vulnerability Scanning b) Hactivism c) Penetration testing d) Social engineering
c) Penetration testing #"Exploit any network" is the key point here. #Penetration testing is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. Penetration testers only do this with permission of the organization that owns the system, network, or web application and within the bounds of their scope of work. #A penetration test attempts to actively exploit weaknesses in an environment. While a vulnerability scan can be automated, a penetration test requires various levels of expertise.
You have been asked to run a cable between a drop ceiling and a standard ceiling and ensure it meets your local government's fire safety requirements. The cable will be used to support a 10GBaseT network connection for up to 100 meters. Which of the following cables should you select to meet these requirements? a) PVC Cat 5e b) Plenum Cat 5e c) Plenum Cat 6a d) PVC Cat 6a
c) Plenum Cat 6a #Cat 6a can also support 10Gbps for up to 100 meters using 10GBaseT. Cat 5e can only support 1000BaseT (1 Gbps) connections. Since we are concerned with the cable's fire safety rating, we should use a Plenum cable, not a PVC cable. #PVC (Polyvinyl Chloride) is what your standard Category 5e and Category 6 cable jacket are constructed of. This PVC jacket when burning or smoldering releases hydrochloric acid and dioxin which are both toxic. For this reason, PVC cannot be used in-between the drop ceiling and the standard ceiling.
The Chief Information Officer (CIO) wants to improve the security of the company's data. Which management control should be implemented to ensure employees are using encryption to transmit any sensitive information over the network? a) Standards b) VPNs c) Policies d) HTTPS
c) Policies #Policies are plans that describe the goal of an established procedure (Acceptable use, Physical Security, or VPN access), while the standards are the mechanisms implemented to achieve that goal. VPN and HTTPS are examples of protocols and industry standards.
Your network has been the victim of a data breach. Your company has hired an incident response team to help control the breach's damage and restore the network to its full functionality. The incident response team wants to connect a packet capture device to the switch that connects your servers to the DMZ. Which of the following should be configured to ensure the packet capture device can receive all the network traffic going to and from the servers? a) 802.1x b) 802.1q c) Port mirroring d) Port security
c) Port mirroring #Port mirroring, also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed. In this case, you can connect the packet capture device to the SPAN port (mirrored port) to collect all the network traffic for later analysis.
You are working as a network administrator and are worried about the possibility of an insider threat. You want to enable a security feature that would remember the Layer 2 address first connected to a particular switch port to prevent someone from unplugging a workstation from the switch port and connecting their laptop to that same switch port. Which of the following security features would BEST accomplish this goal? a) NAC b) ACL c) Port security d) 802.1x
c) Port security #Because it involves layer 2, it's gotta be Port Security #Port security, also known as persistent MAC learning or Sticky MAC, is a security feature that enables an interface to retain dynamically learned MAC addresses when the switch is restarted or if the interface goes down and is brought back online.
You are setting up uplink ports for multiple switches to communicate with one another. All of the VLANs should communicate from the designated server switch. Which of the following should be set on the trunk ports if VLAN 1 is not the management VLAN? a) Neighbor Discovery Protocol b) Port Security c) Port tagging d) Spanning Tree Protocol
c) Port tagging #The 802.1q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it.
Which of the following types of fire suppression systems utilizes a sprinkler system with water to extinguish a fire but requires both an actuator and the sprinklers to be tripped prior to water being released? a) HVAC system b) Wet pipe system c) Pre-action system d) Clean agent system
c) Pre-action system #A pre-action system minimizes the risk of accidental release from a wet pipe system.
What is the function of a DNS TXT record? (Select 2 answers) a) Resolves an IP address to a hostname for reverse lookups b) Maps a domain name to a list of mail servers for that domain c) Provides outside services with additional information about a domain d) Not used to direct any traffic e) Allows multiple domain names to resolve to the same IP address
c) Provides outside services with additional information about a domain d) Not used to direct any traffic
Jason is conducting a security audit of Dion Training's VPN concentrator. As he reviews the connection logs, he notices a teleworking employee is connected to the company's VPN with an unexpected source IP address that is located in California. Jason knows that none of the employees work from California, though. What might the employee be using that is causing their IP address to be located in California? a) WLAN controller b) Voice gateway c) Proxy server d) ICS/SCADA
c) Proxy server #A proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. For example, if the employee is located in Florida but is connected to a proxy server in California, all of their network traffic will go from Florida to California, and then to the final destination. In this example, the final destination was the VPN concentrator for Dion Training, so the California IP address is entered into the VPN concentrator's logs.
Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded the corporate database to his work laptop. On his way home, he left the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach? a) Require a VPN to be utilized for all telework employees b) Require data masking for any information stored in the database c) Require data at rest encryption on all endpoints d) Require all new employees to sign an NDA.
c) Require data at rest encryption on all endpoints #The greatest protection against this data breach would have been to require data at rest encryption on all endpoints, including this laptop. If the laptop were encrypted, the data would not have been readable by others, even if it was lost or stolen. #While requiring a VPN for all telework employees is a good idea, it would not have prevented this data breach since the laptop's loss caused it. #Remember on exam day that many options are good security practices, but you must select the option that solves the issue or problem in the question being asked. Similarly, data masking and NDAs are useful techniques, but they would not have solved this particular data breach.
A network administrator is assigned an approved change request with a change window of 120 minutes. After 90 minutes, the change is stuck on step five of a five-step change. The network manager decides to initiate a rollback. Which describes what the network administrator should do next? a) Request additional time since the change is near completion b) Leave the change as is and inform users of a workaround c) Return the system back to the original state before the change d) Return the system to step four since this was the last working step.
c) Return the system back to the original state before the change #By performing a rollback, the administrator will change everything back to the last known good configuration before the change is started. This would involve resetting everything back to how it was before the configuration and installation of the changes were begun in this maintenance window.
Which of the following network issues can be prevented by configuring the split-horizon options on your network devices? a) Duplicate addresses b) Network collisions c) Routing loops d) Large routing tables
c) Routing loops #A split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. Split-horizon does not prevent large routing tables, duplicate addresses, or network collisions, it only works to prevent routing loops.
An administrator arrives at work and is told that network users are unable to access the shared drive on a Windows server. The administrator logs into the server and sees that some Windows Updates were automatically installed last night successfully, but now the network connection shows "limited" with no availability. What rollback action should the technician perform? a) Antivirus updates b) Web browser c) Server's NIC drivers d) Server's IP address
c) Server's NIC drivers #When automatically receiving updates through the Windows Update service, your server can receive driver updates for its network interface card (NIC), graphics cards, and other peripherals. This can accidentally install an incompatible driver that causes network connectivity issues to occur. #The error of "limited" connectivity is associated with the network interface card and the network connection, not the antivirus or the web browser.
A technician installs a new WAP, and users in the area begin to report poor performance. The technician uses ping, and only 3 of the 5 packets respond. When the technician tests the connection from a wired connection, it responds with 5 of 5 packets. What tool should the network technician use next? a) Packet capture tool b) Interface monitoring tool c) Spectrum analyzer tool d) Port scanner tool
c) Spectrum analyzer tool #A spectrum analyzer is a device that displays signal amplitude (strength) as it varies by signal frequency. Since the issue only occurs when connecting wirelessly, it is almost like a spectrum interference issue. #Wireless because it's good wired only!! #Alternatively, you could attempt to conduct a wireless site survey using a WiFi analyzer, but that option wasn't presented in this question. #NOTE: Since this appears to be a wireless connectivity issue, only a spectrum analyzer could help identify the connectivity issues. This issue is most likely associated with interference around the channels being used by this wireless access device.
Which of the following tools is used to identify why an 802.11g network is intermittently dropping network traffic? a) Cable tester b) Tone generator and probe c) WiFi analyzer d) Multimeter.
c) WiFi analyzer #A WiFi analyzer can determine the wireless network's signal strength, the frequencies in use, and any possible radio frequency interference. #Based on the issue described in the question, the network may have dead zones that could be fixed by adding additional access points to increase the network's wireless coverage. Another possible issue could be radio frequency interference from other devices, which a WiFi analyzer could help identify.
Your company has been asked by a local charity that supports underprivileged youth if they would help to build an internet café for their students. Because the charity doesn't have any funding for this project, your company has decided to donate their old workstations and networking equipment to create the network. All of the workstations, routers, and switches have been tested before installation. The company has decided to reuse some old network cables to connect the computers to the switches to save money. When you arrive at the new internet cafe, you are told that everything is working except unlucky computer #13 can't connect to the network. You attempt to plug the network cable into another computer, but then that computer cannot connect to the network. Confused, you try connecting the cable directly between two computers, and now they can communicate directly with each other. What is wrong with this cable? a) The cable is a console cable but should be a straight-through cable b) The cable is a rollover cable but should be a crossover cable. c) The cable is a crossover cable but should be a straight-through cable d) The cable is a straight-through cable but should be a crossover cable.
c) The cable is a crossover cable but should be a straight-through cable #It's a crossover cable, because two computers were connected without any trouble. But, couldn't connect a switch to a computer. You need a straight-through cable in this case.
What is true concerning jumbo frames? a) Their MTU size is less than 1500 b) They are commonly used with a NAS c) They are commonly used on a SAN d) They are commonly used with DHCP
c) They are commonly used on a SAN #To increase performance, you should use jumbo frames only when you have a dedicated network or VLAN, and you can configure an MTU of 9000 on all equipment. Because of this, jumbo frames are most commonly used in a storage area network (SAN).
Which of the following technologies deliver multiple voice calls over a copper wire if you have an ISDN or T-1 connection? a) CSMA/CD b) Analog circuit switching c) Time-division multiplexing (TDM) d) Time-division spread spectrum
c) Time-division multiplexing (TDM) #Time-division multiplexing allows for two or more signals or bitstreams to be transferred in what appears to be simultaneous sub-channels in one communication channel but is physically taking turns on the channel. This is the technology used in a single PRI (ISDN or T-1) service to essentially share a single cable but pass multiple voice calls over it.
You work for a medium-sized company. You would like to provide secure, remote access between the company's three Internet-connected sites and their Windows client, servers, and domain controllers. Which option would provide adequate security and cost the least overall? a) Purchase WAN links between each pair of sites, and run a commercial VPN over IPSec. b) Use a freeware VNC to run TeamViewer over the internet. c) User IPSec to secure RDP over the internet over with the internet with connection security rules and associations. d) Create a VPN, and run RDP over the VPN.
c) User IPSec to secure RDP over the internet over with the internet with connection security rules and associations. #RDP doesn't offer complete security by itself. #NOTE: Using a freeware VNC to run TeamViewer over the internet is not a cheaper option because TeamViewer would incur costs to run. In addition, a VNC is not needed as Windows computers include RDP.
You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal? a) WPA2 b) VPN c) VLAN d) MAC filtering
c) VLAN #(VLAN) is a type of network segmentation configured in your network switches that prevent communications between different VLANs without using a router. This allows two virtually separated networks to exist on one physical network and separates the two virtual network's data.
An attacker has configured their machine to report itself as a switch when connected to a wired network in an attempt to exploit your enterprise network. Which of the following types of attacks is being conducted? a) ARP poisoning b) DNS poisoning c) VLAN hopping d) Rogue DHCP
c) VLAN hopping #VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. #Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.
An administrator's router with multiple interfaces uses OSPF as its routing protocol. You have discovered that one of the router's interfaces is not passing traffic. You enter the "show interface eth 0/0" command at the CLI and receive the following output: (refer to the diagram) Which TWO of the following actions should you perform to allow the interface to pass traffic again? a) Set the loopback address to 127.0.0.1 b) Modify the IP address to 10.20.30.4/8 c) Verify the cable is connected to eth 0/0 d) Enable the switchport for eth 0/0
c) Verify the cable is connected to eth 0/0 d) Enable the switchport for eth 0/0 #The key to answering this question is the first line of the output. "The line protocol is down" means that the specified interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the switchport. The line protocol being down indicates a clocking or framing problem on the connection, and the most common reason for this is a patch cable that is not properly connected. "Fast Ethernet 0/0 is administratively down" indicates that the switchport was manually shut down using the shutdown command by a network administrator and would need to be reenabled.
What should you implement to isolate two of the devices that are located on a SAN fabric containing eight devices? a) HBA allocation b) VLAN c) Virtual SAN d) SAN snapshots
c) Virtual SAN #A vSAN is a collection of ports from a set of connected fibre channel switches that form a virtual fabric. You can partition ports within a single switch into multiple vSANs, despite sharing hardware resources. #SAN snapshots are a type of SAN backup. #HBA (Host bus adapter) allocation is a method for allocating resources in a SAN.
Which of the following type of sites might contain a datacenter with equipment, but it is not configured and doesn't contain any user or customer data yet? a) Cloud site b) Hot site c) Warm site d) Cold site
c) Warm site #A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data.
The marketing office reported issues regarding slow network connectivity to the Internet and inability to access the company's SharePoint site. All marketing users on the 7th floor offices are getting an "HTTP 404" warning. What is the best way the network admin can approach this incident to identify the problem? a) Begin at Layer 3 of the OSI model and go down. b) Question all users on the 7th floor. c) Work on the slow Internet connection first. d) Make a plan of action to resolve the issue.
c) Work on the slow Internet connection first. #The network admin must approach multiple problems individually. Although issues with the slow Internet and the "HTTP 404" error may seem the same, both may be caused by different factors. Treat each issue separately.
Ted, a file server administrator at Dion Training, has noticed that many sensitive files have been transferred from a corporate workstation to an IP address outside of the local area network. Ted looks up the IP address and determines that it is located in a foreign country. Ted contacts his company's security analyst, verifying that the workstation's anti-malware solution is up-to-date and the network's firewall is properly configured. What type of attack most likely occurred to allow the exfiltration of the files from the workstation? a) MAC spoofing b) Impersonation c) Zero-day d) Session hijacking
c) Zero-day #Since the firewall is properly configured and the anti-malware solution is up-to-date, this signifies that a zero-day vulnerability may have been exploited.
What could cause delays and slow throughput while using CSMA/CD? a) Improper termination b) Broadcast storms c) collisions d) Switching loops
c) collisions #Collisions in CSMA/CD are required for proper operation. However, an excessively high number of collisions occurring for a sustained length of time can cause delays and slow throughput. CSMA/CD will negotiate standoff timers to allow multiple devices to communicate on congested network segments.
When a criminal or government investigation is underway, what describes the identification, recovery, or exchange of electronic information relevant to that investigation? a) First responder b) Encryption c) eDiscovery d) Data transport
c) eDiscovery #eDiscovery is the term that refers to the process of evidence collection through digital forensics. eDiscovery is conducted during an incident response.
Which of the following tools would allow you to detect running services, applications, or operating systems on the network's clients, servers, or devices by sending specifically crafted packets to them and analyzing their responses? a) ping b) Protocol analyzer c) nmap d) tcpdump
c) nmap #Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network's clients, servers, and devices.
You need to verify a network's transmission speed. Which tool should you use? a) connectivity software b) bit-error rate tester c) throughput tester d) loopback plug
c) throughput tester
What is the main purpose of a VPN concentrator? a) to resolve host names and IP addresses b) to provide dynamic IP addresses c) to terminate the VPN tunnels d) to manage Internet requests and cache Web content
c) to terminate the VPN tunnels
Dion Training is adding two new employees in Peru and wants to assign them a portion of their public Class C IPv4 address space. Dion Training has been assigned a Class C scope of 187.15.3.0/24. The two employees will be working from home and connecting over a VPN to a dedicated VLAN for the company's Peruvian employees. What is the correct CIDR notation for the Peruvian portion of the network in order to accommodate the 2 users while allocating the minimum number of addresses? a) /29 b) /28 c) /31 d) /30
d) /30 -In this scenario, you have 2 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 4 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). To symbolize a CIDR block with 4 IP addresses, we would use /30, which is 2^2 = 4.
Which of the following is used to connect Cat 5e or above networks in an MDF or IDF? a) F-type b) RJ -11 c) 66 punchdown block d) 110 punchdown block.
d) 110 punchdown block. #A 110 punchdown block is a type of punch block used to terminate runs of on-premises wiring in a structured cabling system. The designation 110 is also used to describe a type of insulation displacement contact (IDC) connector used to terminate twisted pair cables when using a punch-down tool similar to the older 66 punchdown block. A 110 punchdown block provides more spacing between the terminals and is designed for Cat 5 networks to eliminate crosstalk between the cables.
A small law office has a network with three switches (8 ports), one hub (4 ports), and one router (2 ports). Switch 1 (switch port 8) is connected to an interface port (FastEthernet0/0) on the router. Switch 2 (switch port 8) and switch 3 (switch port 8) are connected to Switch 1 (switch ports 1 and 2). The hub has three computers plugged into it on ports 1, 2, and 3. The fourth port on the hub is connected to the router's other interface port (FastEthernet0/1). Based on the configuration described here, how many broadcast domains are there within this network? a) 16 b) 28 c) 1 d) 5 e) 2
d) 2 #It's not talking about collision domains!!!!! #A broadcast domain is a logical division of a computer network in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment, or it can be bridged to other LAN segments. Routers break up broadcast domains. Therefore there are two broadcast domains in this network - one for each side of the router (the three switches make up one broadcast domain, and the hub makes up the second broadcast domain).
Which of the following wireless technologies use MIMO on non-overlapping channels to increase the wireless network's bandwidth? a) 802.11g b) 802.11b c) 802.11a d) 802.11n
d) 802.11n #802.11n introduced MIMO support on non-overlapping channels to increase the bandwidth available for the wireless network. This is also supported in 802.11ac (MU-MIMO), which was released after 802.11n. #Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth. NOTE: 802.11ac also supports MU-MIMO. The other wireless networking technologies (a/b/g) do not support MIMO. #The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. #Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds.
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement? a) MAC address filtering with IP filtering b) WPA2 with a complex shared key c) PKI with user authentication d) 802.1x using EAP with MSCHAPv2
d) 802.1x using EAP with MSCHAPv2 #Since the backend uses a RADIUS server for back-end authentication, the network administrator can install 802.1x using EAP with MSCHAPv2 for authentication. #The Extensible Authentication Protocol (EAP) is a framework in a series of protocols that allows for numerous different mechanisms of authentication, including things like simple passwords, digital certificates, and public key infrastructure.
An email administrator is setting up records for their new cluster of mail servers. What must each of their MX records point to? a) Root MX record b) CNAME c) DKIM d) A
d) A #The host identified in an MX record must have an associated A or AAAA record. #An MX record must not point to a CNAME record, even though CNAME is almost the same as an A record.
After troubleshooting intermittent network connectivity issues with a user, the results of an ipconfig show different network settings that the enterprise uses. What could be the cause of this result? a) DHCP server is offline b) DHCP scope exhaustion c) APIPA malfunction d) A rogue DHCP server
d) A rogue DHCP server #The automatic Private IP Addressing (APIPA) range of 169.254.0.0/16 is typically assigned without issue, and almost no network connectivity would happen in this case.
Workers in a company branch office must visit an initial web page and click the "I agree" button before being able to surf the web. Which of the following is this an example of? a) EULA b) MOU c) SLA d) AUP
d) AUP #EULA is an end-user license agreement and is used during the installation of a piece of software.
The UPS that provides backup power to your server is malfunctioning because its internal battery has died. To replace the battery, you must shut down the server, unplug it from the UPS, and unplug the UPS from its power source (the wall outlet). You perform these actions but think that there has to be a better way to increase the server's availability in the future. Which of the following recommendations would BEST increase the server's availability based on your experience with this UPS battery replacement? a) Replace the UPS with a generator b) Install a second UPS in the rack c) Install a surge protector instead d) Add a redundant power supply to the server.
d) Add a redundant power supply to the server. #The BEST recommendation would be to install a redundant power supply in the server. Adding a second UPS would not solve the problem if the server still only has one power supply available.
Your company has two office buildings which are connected via a copper network cable that is buried underground. There is some construction being performed near the buildings. Now, the second building discovers they have suffered a network outage that doesn't appear to be temporary. What is the MOST likely cause of the outage? a) Electromagnetic interference on the cable. b) Cross-talk on the cable c) Signal attenuation on the cable d) An open circuit has been created.
d) An open circuit has been created. #Since the issue started after construction began, it is most likely that the construction crew broke the cable during digging operations. #This can be verified using Time-Domain Reflectometer (TDR) to determine exactly where in the cable the break has occurred.
A new piece of malware attempts to exfiltrate user data by hiding the traffic and sending it over a TLS-encrypted outbound traffic over random ports. What technology would be able to detect and block this type of traffic? a) Intrusion detection system b) Stateless packet inspection c) Stateful packet inspection d) Application-aware firewall.
d) Application-aware firewall. #A web application firewall (WAF) or application-aware firewall would detect both the accessing of random ports and TLS encryption and identify it as suspicious. An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, and TLS connections are created and maintained by applications.
Routing prefixes are assigned in blocks by IANA and distributed by the Regional Internet Registry (RIR). What are these known as? a) Route aggregation b) Network handle c) Top-level domain d) Autonomous system number
d) Autonomous system number #An ASN (or Autonomous System Number) is used to control routing with BGP routing protocols to route traffic across the network. An Autonomous System (AS) is a group of one or more IP prefixes (lists of IP addresses accessible on a network) run by one or more network operators that maintain a single, clearly defined routing policy. #There are 2-byte and 4-byte ASN variants in use on the internet. #Network operators need Autonomous System Numbers (ASNs) to control routing within their networks and to exchange routing information with other Internet Service Providers (ISPs).
Due to numerous network misconfiguration issues in the past, Dion Training adopted a policy that requires a second technician to verify any configuration changes before they are applied to a network device. When the technician inspects a newly proposed configuration change from a coworker, she determines that it would improperly configure the AS number on the device. Which of the following issues could have resulted from this configuration change if it was applied? a) A frequency mismatch would have occurred b) Spanning tree ports would have entered flooding mode c) Wireless coverage area would be decreased d) BGP routing routing issues would have occurred
d) BGP routing routing issues would have occurred #BGP (Border Gateway Protocol) is used to route data between autonomous systems (AS). A collection of networks within the same administrative domain is called an autonomous system (AS). The routers within an AS to use an interior gateway protocol, such as the Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF) protocol, exchange routing information among themselves. Autonomous systems operate at layer 3 and are focused on wired networks.
What describes what happens when traffic is recirculated and amplified by loops in the switching topology? a) Asymmetrical routing b) Hardware failure c) Routing loop d) Broadcast storm
d) Broadcast storm #In a broadcast storm, traffic is recirculated and amplified by loops in a switching topology, causing network slowdowns and crashing switches. #A routing loop occurs when two routers use one another as the path to a network. Packets are caught in a routing loop circle around until the TTL expires. One symptom of a potential routing loop is for routers to generate ICMP Time Exceeded error messages.
Which of the following errors would be received if raw data is accidentally changed as it transits the network? a) Giants b) Runts c) Encapsulation error d) CRC error
d) CRC error #Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network. The CRC number in the interface statistics is the number of packets that were received that failed the cyclic redundancy checksum, or CRC check upon receipt. If the checksum generated by the sender doesn't match the one calculated by this interface upon receipt, a CRC error is counted and the packet is rejected.
Which of the following is likely to occur if twenty ethernet clients are connected to a hub in a local area network? a) Duplicate MAC address b) Asymmetric routing c) Broadcast storm d) Collisions
d) Collisions #A collision is the result of two devices on the same Ethernet network attempting to transmit data at the exact same time. Collisions are a common occurrence in half-duplex networks but should not occur in a full-duplex switched environment.
Your company has several small branch offices around the country, but you work as a network administrator at the centralized headquarters building. You need the capability of being able to remotely access any of the remote site's routers to configure them without having to fly to each location in person. Your company's CIO is worried that allowing remote access could allow an attacker to gain administrative access to the company's network devices. Which of the following is the MOST secure way to prevent this from occurring while still allowing you to access the devices remotely? a) Configure the remote router's ACLs to only permit telnet traffic b) Configure the remote router's ACLs to only permit HTTP traffic c) Install an out-of-band modem d) Create an out-of-band management network.
d) Create an out-of-band management network. #You should create an out-of-band management network and use an SSH (console) connection to reach the routers. #Out-of-band (OOB) management is a method of remotely controlling and managing critical IT assets and network equipment using a secure connection through a secondary interface that is physically separate from the primary network connection.
A technician receives a report that a VoIP phone is experiencing a "no network connectivity" error. The technician notices the Cat6a patch cable running from the back of the phone is routed behind the user's rolling chair. The cable appears to have been rolled over numerous times by the user, and it looks flattened from the abuse. Which of the following is the most likely cause of the connectivity issues being experienced on the VoIP phone? a) Transmit and receive reversed b) Excessive collisions c) Improperly crimped cables d) Cross-talk
d) Cross-talk #Crosstalk is defined as an effect caused by the unintentional and undesired transmission (leakage) of a signal from one cable to another. Due to the abuse of the cable being run over repeatedly by the user's chair, the cable's shielding could have been damaged and the cable may no longer be made up of the same consistency. #This can lead to crosstalk amongst the cable pairs, or even opens/shorts of the wires in those cable pairs. (if options for opens/shorts available)
Which of the following network devices can be used to detect and prevent an identified threat based on its signature? a) Router b) Switch c) IDS d) IPS
d) IPS #Question says "Detect and prevent"!! #A signature is a set of rules that an IDS and an IPS use to detect typical intrusive activity, such as DoS attacks. You can easily install signatures using IDS and IPS management software such as Cisco IDM. Sensors enable you to modify existing signatures and define new ones.
A technician is troubleshooting a workstation at Dion Training. The workstation is suffering from intermittent connectivity issues. The technician notices that the STP cable pairs are not completely twisted near the connector. Which of the following issues may be experienced because of this? a) 568A/568B mismatch b) Split pair c) Tx/Rx reverse d) Crosstalk
d) Crosstalk #Crosstalk is defined as an effect caused by the unintentional and undesired transmission (leakage) of a signal from one cable to another. Crosstalk can occur if the twisted pairs are not twisted sufficiently, because the twisting of the cable pairs reduces crosstalk between neighboring cable pairs. The twisting is done to help cancel exterior electromagnetic interference. To solve this cable's crosstalk issue, the cable pairs should be trimmed down and the cable re-terminated again properly. #NOTE: A split pair error occurs when one wire from each of two different pairs gets swapped identically on both ends of the cable. The result is a cable that will pass a standard continuity test, but will have serious cross-talk problems, and will most likely not perform adequately at specified data rates. Split pairs were commonly used in older Cat 3 copper networks, but are no longer used in Cat 5 or above networks. The scenario in this question describes a crosstalk issue, not a split pair issue, though.
You are using an 802.11ac wireless network at your office which uses WPA2-PSK for encryption. Every few minutes, your wireless connection appears to disconnect and then quickly reconnect to the network. What type of attack might you be the victim of? a) MAC spoofing b) Rogue access point c) Evil twin d) De-authentication
d) De-authentication #A deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point by sending a deauthentication frame to the victim's machine. This causes the wireless client to disconnect from the wireless network and then reconnect. During that reconnection, an attacker can conduct a packet capture of the authentication handshake and use that to attempt to brute force the network's pre-shared key.
Which of the following describes the process of layer protective measures in the network to protect valuable data and information? a) AUP b) Zero trust c) Least privilege d) Defense in depth
d) Defense in depth #Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.
You are creating a wireless link between two buildings in an office park utilizing the 802.11ac standard. The antenna chosen must have a small physical footprint and be lightweight as it will be mounted outside the building. Which type of antenna should you install? a) Directional whip antenna b) Omni-directional whip antenna c) Omni-directional patch antenna d) Directional patch antenna
d) Directional patch antenna #A patch antenna is a type of radio antenna with a low profile, which can be mounted on a flat surface. A patch antenna is typically mounted to a wall or a mast and provides coverage in a limited angle pattern. Patch antennas can be directional or omnidirectional, but a directional antenna should be used for a connection between two buildings within line of sight of each other.
The network administrator noticed that the border router has high network capacity loading during non-working hours. This excessive load is causing outages for the company's web servers. Which of the following is the MOST likely cause of the issue? a) Session hijacking b) ARP spoofing c) Evil twin d) Distributed DoS
d) Distributed DoS #Network outages is a form of network disruption which is the symptom of DoS attack. #(DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.
A network administrator updated an Internet server to evaluate some new features in the current release. A week after the update, the Internet server vendor warns that the latest release may have introduced a new vulnerability, and a patch is not available for it yet. Which of the following should the administrator do to mitigate this risk? a) Enable HIPS to protect the server until the patch is released b) Enable the host-based firewall on the internet server c) Utilize WAF to restrict malicious activity to the internet server d) Downgrade the server and defer the new feature testing.
d) Downgrade the server and defer the new feature testing. #Since the vendor stated that the new version introduces vulnerabilities in the environment, it is best to downgrade the server to the older and more secure version until a patch is available. #HIPS is the host-based intrusion detection system is a system employed to protect critical data of the system from intrusive viruses and harmful internet malware. HIPS protects the system from the network layer all the way to the application layer against malicious attacks.
A wireless technician wants to configure a wireless network to identify itself to visitors by including the word "Guest" in the name. This wireless network needs to provide coverage to the entire building and requires 3 wireless access points to accomplish this coverage level. What would allow users to identify the wireless network by its displayed name as a single network? a) BSSID broadcast b) ARP broadcast b) DHCP broadcast d) ESSID broadcast
d) ESSID broadcast #With an ESSID (Extended Service Set), a wireless network can utilize multiple wireless access points to broadcast a single network name for access by the clients. #A BSSID (Basic Service Set) can only utilize a single access point in each wireless network.
Johnny is trying to download a file from a remote FTP server but keeps receiving an error that a connection cannot be opened. Which of the following should you do FIRST to resolve the problem? a) Ensure the port 161 is open b) Validate the security certificate from the host c) Flush the DNS cache on the local workstation d) Ensure that port 20 is open.
d) Ensure that port 20 is open. #Executing an FTP connection from a client is a two-stage process requiring the use of two different ports. Once the user enters the name of the server and the login credentials in the FTP client's authorization fields, the FTP connection is attempted over port 21. Once the connection is established, FTP sends the data over port 20 back to the client from the server. For FTP to function properly, you should have both ports 20 and 21 open.
A network technician just finished configuring a new interface on a router, but the client workstations do not receive the addressing information from the new interface. Which of the following should be added or changed to allow the workstations to connect to the new interface? a) TTL b) DHCP lease time c) MX record d) IP helper
d) IP helper #DHCP IP Helper addresses enable a single DHCP server to provide DHCP IP addresses to every PC on the network, regardless of whether they are on the same broadcast domain as the DHCP server or not.
Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if any of the Dion Training employees use the same Ethernet port in the conference room, they should access Dion Training's secure internal network. Which of the following technologies would allow you to configure this port and support both requirements? a) MAC filtering b) Create an ACL to allow access c) Configure a SIEM d) Implement NAC
d) Implement NAC #NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access. Network Access Control can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. #NAC automatically tests any wireless device that connects to our network before allowing the device full access to the corporate network and its resources.
Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise? a) Infrastructure as a Service (IaaS) b) Software-Defined Networking (SDN) c) Software as a Service (SaaS) d) Infrastructure as Code (IaC)
d) Infrastructure as Code (IaC) #Infrastructure as Code (IaC) is designed with the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities.
Mallory is unhappy with her job at a large beverage company. She decides to steal sensitive information about the company's proprietary formula for a new energy drink. She installs a keylogger onto some of the product team's workstations, which then emails out the information to her personal email account each evening so that she can post the information to WikiLeaks. How would you best classify Mallory and her actions? a) Social engineering b) Denial-of-service c) Logic bomb d) Insider threat
d) Insider threat #Mallory is considered an insider threat in this scenario. An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors, or business associates, who have inside information concerning the organization's security practices, data, and computer systems.
Janet is a system administrator who is troubleshooting an issue with a DNS server. She notices that the security logs have filled up and must be cleared from the event viewer. She recalls this being a daily occurrence. Which of the following would BEST resolve this issue? a) Increase the maximum log size b) Delete the logs when full c) Log into the DNS server every hour to check if the logs are full d) Install an event management tool
d) Install an event management tool #Using an event management tool will allow the administrator to clear the event logs and move them from the server to a centralized database if needed. This will prevent the logs from filling up on the server without having to delete them permanently from the logging environment.
Dion Training just released a new corporate policy that dictates all access to network resources will be controlled based on the user's job functions and tasks within the organization. For example, only people working in Human Resources can access employee records, and only the people working in finance can access customer payment histories. Which of the following security concepts is BEST described by this new policy? a) Defense in depth b) AUP c) Zero trust d) Least privilege
d) Least privilege #Privilege itself refers to the authorization to bypass certain security restraints.
You have been asked to help design a new architecture for Dion Training's website. The current architecture involves a single server that hosts the website in its entirety. The company's newest course has been creating a lot of interest on social media. The CIO is concerned that the single server will not be able to handle the increased demand that could result from this increased publicity. What technology should you implement in the new architecture to allow multiple web servers to serve up the courses and meet this expected increase in demand from new students? a) DLP b) VPN concentrator c) RAID d) Load balancer
d) Load balancer
You suspect that there is a problem with addressing that allows data to be sent throughout your network. Which addressing method is used at the OSI network layer to allow this? a) Distance vector addressing b) Link-state addressing c) Physical device addressing d) Logical network addressing
d) Logical network addressing #Although OSI Data Link Layer (Layer 2) uses MAC or physical device, addressing, the network layer (Layer 3) uses logical network addressing. This logical address is defined by the protocol's addressing scheme.
The fiber-optic connection between two of the Dion Training offices was broken. A network technician used a fusion splicer to repair the cable, but now the connection is experiencing reduce transmission efficiency, slower connection speed, and intermittent downtime. Which of the following is the MOST likely reason for these issues? a) Missing route b) Asymmetrical routing c) Switching loop d) Low optical link budget
d) Low optical link budget #An optical link budget is a calculation that considers all the anticipated losses along the length of a fiber optic connection. Signal loss across a fiber optic cable occurs naturally due to the distance of the cable, as well as from losses due to multiplexing, bends in the cable, imperfect connections, patches, or splices along the fiber optic cable.
Your company is experiencing slow network speeds of about 54Mbps on their wireless network. You have been asked to perform an assessment of the existing wireless network and recommend a solution. You have recommended that the company upgrade to an 802.11n or 802.11ac wireless infrastructure to obtain higher network speeds. Which of the following technologies allows an 802.11n or 802.11ac network to achieve a speed greater than 54 Mbps? a) PoE b) LWAPP c) WPA2 d) MIMO
d) MIMO #One way 802.11n and 802.11ac networks achieve superior throughput and speeds by using multiple-input multiple-output (MIMO) and multi-user MIMO (MU-MIMO), respectively. #POE is defined in the IEEE 802.3af. #Lightweight Access Point Protocol (LWAPP) is the name of a protocol that can control multiple Wi-Fi wireless access points at once.
Which of the following is often used to allow one node to communicate with many other nodes, such as in DMVPN connections? a) SDWAN b) WLAN c) MPLS d) mGRE
d) mGRE #Multipoint GRE (mGRE) is a protocol that can be used to enable one node to communicate with many nodes by encapsulating layer 3 protocols to create tunnels over another network. The mGRE protocol is often used in Dynamic Multipoint VPN (DMVPN) connections.
A network architect needs to set up private links with guaranteed service levels. Which of the following should they use? a) SDWAN b) DMVPN c) mGRE d) MPLS
d) MPLS #Most WAN providers offer Multiprotocol Label Switching (MPLS) as a means of establishing private links with guaranteed service levels. MPLS can operate as an overlay network to configure point-to-point or point-to-multipoint links between nodes. #VPN solutions based on mGRE that use the public Internet as the transport network can suffer from unpredictable performance levels. #VPN solutions also based on DMVPN that use the public Internet as the transport network can suffer from unpredictable performance levels.
You work for a small company that wants to add a shared drive to their network. They are looking for a simple solution that will easily integrate into the existing network, be easy to configure, and share files with all network clients over TCP/IP. Which of the following is the BEST recommended storage solution for this network? a) Fibre channel b) iSCSI c) FcOE d) NAS
d) NAS #A network-attached storage (NAS) device is a self-contained computer that connects to a home or business network and can share files over TCP/IP. It is a rapidly growing choice for data storage and can provide data access to numerous users on a network. A NAS consists of a hard disk for storage of files and usually utilizes a RAID system for redundancy and/or performance.
A network administrator, Tamera, follows the best practices to implement firewalls, patch management, and security policies on his network. Which of the following should be performed to verify that the security controls are in place? a) AAA authentication testing b) Single point of failure testing c) Disaster recovery testing d) Penetration testing
d) Penetration testing
What is the lowest layer (bottom layer) of a bare-metal virtualization environment? a) Hypervisor b) Guest operating system c) Host operating system d) Physical hardware
d) Physical hardware #The bottom layer is physical hardware in this environment. It is what sits beneath the hypervisor and controls access to guest operating systems. The bare-metal approach doesn't have a host operating system.
A network technician is asked to redesign an Ethernet network before some new monitoring software is added to each network's workstation. The new software will broadcast statistics from each host to a monitoring server for each of the company's five departments. The added network traffic is a concern of management that must be addressed. How should the technician design the new network? a) Increase the number of switches on the network to reduce broadcast messages b) Increase the collision domains to compensate for the added broadcast messages c) Add a router and create a separate segment for all the monitored hosts d) Place each department in a separate VLAN to increase broadcast domains
d) Place each department in a separate VLAN to increase broadcast domains #Placing each of the departments on separate VLANs will help minimize the added network traffic caused by the broadcast messages. #For traffic to enter or leave a VLAN, it must go through a router or a layer 3 switch. #A collision domain will not prevent a broadcast message from being sent. Increasing the no. of switches will not reduce or increase the no. of broadcast messages. To minimize the no. of broadcast messages, you need to increase the no. of broadcast domains.
A network architect is looking for a method/process/component that would help secure the network by not allowing unknown devices to forward packets. By ensuring that MAC addresses are becoming matched, what is assisting in protecting the network? a) Flow Control b) CSMA/CD c) Duplex d) Port Security
d) Port Security #Port security prevents a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile. #Flow control allows a server to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames. This is also called 802.3x.
A cyber consultant examines the security of the control room and evaluates the organization's maturing level and its use of security policy and controls. What is the name of this assessment? a) Process assessment b) Threat assessment c) Penetration testing d) Posture assessment
d) Posture assessment #Posture assessment is often performed with reference to an IT or security framework. The framework can assess the organization's maturity level in its use of security policies and controls. #Process assessment involves identifying critical systems and assets that support these functions. #Penetration testing aims to model how exposed the organization is to vulnerabilities that threat actors could exploit. #Threat assessment is the process of identifying threat sources and profiling the types and capabilities of threat actors.
Which mitigation technique provides less restricted access to a system? a) DMZ b) File integrity monitoring c) Role separation d) Privileged user account
d) Privileged user account #Privileged user accounts include domain administrators, local administrators, and application accounts. #File integrity monitoring doesn't provide access to systems, only to files!!!!! #DMZ provides mitigation by placing two firewalls in the network. Critical servers such as email servers and web servers are placed between the two firewalls.
You are currently troubleshooting a workstation in the office and determined that it is an issue with the cabling somewhere between the workstation and the switch. You have tested the patch cable from the workstation to the wall jack and it is not faulty. You want to check the port on the switch next. Which of the following would BEST help you identify which switch port is associated with the workstation's wall jack? a) Standard procedures b) Network baseline c) Inventory management d) Proper labeling
d) Proper labeling
What is the first flag used in the establishment of a TCP connection or during the initiation of a three-way handshake between two hosts? a) RST b) FIN c) ACK d) SYN
d) SYN #A synchronization (SYN) flag is set in the first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake. Once received, the receiver sends back a SYN and ACK flag set in a packet which is then sent back to the initiator to confirm they are ready to initiate the connection. Finally, the initial sender replies with an ACK flag set in a packet so that the three-way handshake can be completed and data transmission can begin. A reset (RST) flag is used to terminate the connection. A finish (FIN) flag is used to request that the connection be terminated.
A network engineer has been tasked with designing a network for a new branch office with approximately 50 network devices. This branch office will connect to the other offices via a MAN and using a router as their gateway device. Many of the other branch offices use off-the-shelf SOHO equipment. It is a requirement that the routing protocol chosen use the least amount of overhead. Additionally, all the computers on the network will be part of a single VLAN. The connection between these computers should produce the highest throughput possible in the most cost-effective manner. Which routing protocol should be used with the gateway router and what device should you select to connect the computers within the branch office? a) BGP as the routing protocol; connect the computers with a 1 Gb fibre channel b) OSPF as the routing protocol; connect the computers with a Gigabit layer 3 switch. c) EIGRP as the routing protocol; connect the computers with 802.11n MIMO d) RIPv2 as the routing protocol; connect the computers with a Gigabit layer 2 switch.
d) RIPv2 as the routing protocol; connect the computers with a Gigabit layer 2 switch. #RIPv2 is a classless, distance vector routing protocol that will include the subnet mask with the network addresses in its routing updates. RIPv2 has the least overhead of the four routing protocol options presented in this question. #Except 802.11n MIMO access point, all the routing protocols have the maximum throughput of 1000 Mbps/1Gbps.
What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them? a) SYN b) FIN c) ACK d) RST
d) RST #A reset (RST) flag is used to terminate the connection. This type of termination of the connection is used when the sender feels that something has gone wrong with the TCP connection or that the conversation should not have existed in the first place.
A company is setting up a brand new server room and would like to keep the cabling infrastructure out of sight but still accessible to the network administrators. Infrastructure cost is not an issue. Which of the following should be installed to meet the requirements? a) Cable trays b) Conduit c) Patch panels d) Raised floors
d) Raised floors #Raised floors allow the cabling to be placed under the floor, but still accessible to the network administrators. #A conduit is a tube through which power or data cables pass. Conduits are usually metal or plastic pipes #Cable trays are used to organize cables. Could be installed on the ceiling or floors. If kept on the ceilings, it could be hard to reach those cables.
A technician is troubleshooting a workstation connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology? a) Duplicate the issue in a lab by adding a static ARP entry b) Document the findings and provide a plan of action c) Identify a suitable time to resolve the connectivity issue d) Remove the ARP entry on the user's workstation
d) Remove the ARP entry on the user's workstation #Since this issue has already caused the workstation not to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. (Theory of probable cause has already been established here.)
Susan wants to be able to use her iPad on the corporate network, but there is no wireless network available in her office. She decides to buy a wireless router at the local store and plug it into the network wall jack in her office. Within a few hours, her coworkers begin to complain that they are getting "duplicate IP address errors" on their Windows 10 workstations. Which of the following types of attacks did Susan inadvertently perform? a) DNS poisoning b) VLAN hopping c) ARP spoofing d) Rogue DHCP
d) Rogue DHCP #A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack.
A network architect is designing a highly redundant network with a distance vector routing protocol to prevent routing loops. The architect wants to configure the routers to advertise failed routes with the addition of an infinite metric. What should the architect configure to achieve this? a) Split horizons b) Hold down timers c) Spanning tree d) Route poisoning
d) Route poisoning #Route poisoning is a method to prevent a router from sending packets through a route that has become invalid within computer networks. This is achieved by changing the route's metric to a value that exceeds the maximum allowable hop count so that the route is advertised as unreachable. #A hold down timer is a function of a router that prevents a route from being updated for a specified length of time (in seconds). A hold down timer allows for the routers in a topology to have sufficient time to reach convergence and be updated when a route fails.
A dedicated local network consisting of devices providing data access is called: a) SDN b) NAS c) iSCSI d) SAN
d) SAN
Dion Training wants to create a DNS record to specify a host and port to use for a new instant messaging service. Which type of DNS record should be created? a) PTR b) SOA c) TXT d) SRV
d) SRV #A DNS service (SRV) record specifies a host and port for specific services such as voice over IP (VoIP), instant messaging, and others. Using the IP address, you can get the associated domain/hostname. #An A record should exist for every PTR record.
Dion Training utilizes a federation authentication model for all of its internal and external services. If an employee needs to access one of the company's web applications from their smartphone, they use a username and password to log in to the main website. They then are transferred and authenticated to all of the other sites and services automatically. Which of the following type of authentication is this known as? a) FaceID b) TouchID c) MFA d) SSO
d) SSO #The advantage of single sign-on is that each user does not have to manage multiple user accounts and passwords. The disadvantage is that compromising the account also compromises multiple services. #Face ID is an Apple device feature that uses a face lock to grant access to the device. Face ID is considered a form of biometric authentication. Touch ID is an Apple device feature that uses fingerprint biometric information to grant access to the device.
Which type of personnel control is being implemented if Kirsten must receive and inventory any items that her coworker, Bob, orders? a) Dual control b) Mandatory vacation c) Background checks d) Separation of duties
d) Separation of duties #This organization uses separation of duties to ensure that neither Kirsten nor Bob can exploit the organization's ordering processes for their gain. Separation of duties is the concept of having more than one person required to complete a particular task to prevent fraud and error. #NOTE: dual control requires both people to act together.
A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem? a) Username is misspelled in the device configuration file b) Group policy has not propagated to the device c) IDS is blocking RADIUS d) Shared secret key is mismatched
d) Shared secret key is mismatched #AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems. A shared secret is a text string that serves as a password between hosts.
Several users at an adjacent office building report intermittent connectivity issues after a new flag pole was installed between the two offices. The network technician has determined the adjacent office building is connected to the main office building via an 802.11ac bridge. The network technician logs into the AP and confirms the SSID, encryption, and channels are all correct. Which of the following is MOST likely the cause of this issue? a) Bandwidth saturation b) Incorrect antenna type c) DHCP exhaustion d) Signal attenuation
d) Signal attenuation #The most likely reason is signal attenuation from the new flag being placed between the signal path which may be obstructing the line-of-sight between the antennas. Based on where the flag is precisely located, it is possible to only block the signal when the wind is blowing in a certain direction. This would lead to the intermittent connectivity experienced by the users caused by the signal attenuation when the flag is blocking the communication path between the antennas.
You are performing a high-availability test of a system. As part of the test, you create an interruption on the fiber connection to the network, but the network traffic was not re-routed automatically. Which type of routing is the system utilizing? a) Dynamic b) Distance vector c) Hybrid d) Static
d) Static #Not re-routed automatically!!!!
Tamera and her husband are driving to the beach for the weekend. While her husband drives, she is using her iPhone to browse Facebook. Her phone shows only 1 bar of 3G signal in the current location. She can make and receive calls, but Facebook is refusing to load her news feed. Which of the following is MOST likely the problem? a) The cellular radio cannot connect to the cellphone towers b) The smartphone has been infected with a virus c) The baseband firmware needs to be updated d) The data speeds are insufficient with only one bar of signal
d) The data speeds are insufficient with only one bar of signal #To make and receive a call using a smartphone, you need at least one bar of signal. A phone call requires much less signal than using cellular data. As the signal strength decreases, so does the data speed.
A new web server on the domain is called WEBMARKETING01.proprints.co. The marketing department worked remotely on setting up this web server for the past two days. After joining the server to the domain, a remote session cannot be established. Pinging the FQDN (Fully Qualified Domain Name) also fails. Using a divide and conquer approach, how would a network admin most likely begin to theorize a probable cause? a) Theorize a cable issue at Layer 1. b) Theorize an MAC issue at Layer 2. c) Theorize a port issue at Layer 4. d) Theorize an IP issue at Layer 3.
d) Theorize an IP issue at Layer 3. #In a divide and conquer approach, you start with the layer most likely to be causing the problem. The DNS A record including the server's IP address may not have been created yet. Ping the FQDN, if IP resolution fails, fix the A record.
Students at Dion Training have been reporting extreme performance degradation across the network every Friday morning. Which of the following should the network technician review FIRST to identify the root cause of the network performance issues? a) Baseline b) Bottleneck c) Link status d) Utilization
d) Utilization #The technician should first review the utilization on the network during the time period where network performance issues are being experienced. This will then be compared to the average performance of the network throughout the rest of the week. In turn, this could be compared against the baseline. Since the issue is only occurring during a specific time period at a recurring interval (every Friday morning), it is likely an over-utilization issue causing the decreased performance.
Which type of network geography is used to connect various circuits between remote locations? a) LAN b) WLAN c) PAN d) WAN
d) WAN #A wide area network (WAN) will typically cover a larger area geographically, such as a continent, a state, or a country. #A wireless LAN (WLAN) connects computers wihtin a small and specific geographical area using the 802.11 protocols for their wireless connections.
You just arrived at school today, pulled your laptop out of your backpack, and tried to connect your laptop to the Wi-Fi network. It worked fine yesterday, but today it won't connect automatically or display any available networks. You haven't done anything to the laptop since you left class yesterday. You ask your classmates if they can connect to the Wi-Fi, and every one of them is connected without any issues. What should you check FIRST in your attempt to connect your laptop to the Wi-Fi? a) Wireless controller configuration b) The configuration of the access point c) IP address issued by the DHCP server d) Wireless switch on your laptop
d) Wireless switch on your laptop #Since everyone else's laptops are connected without any issues, the problem is not with the network but with your laptop in some form. This rules out the wireless controller configuration or access point settings since those are both things that would affect all users on the network. Additionally, as a student at the school, it is unlikely you have access to check the configuration of the access point or wireless controller. Since you are not connected or finding any networks, you won't have a DHCP address assigned either. The most likely cause of your issue is that the wireless switch on your laptop was accidentally switched to the off position when you put your laptop in your backpack.
Which of the following types of network documentation would include labels to indicate which cables are connected to which switchports on an edge switch? a) Physical network diagram b) Site survey report c) Logical network diagram d) Wiring diagram
d) Wiring diagram #Wiring diagrams are used to clearly label which cables are connected to which ports. The more in-depth wiring diagrams will include a floorplan or rack diagram, so you can see how the cables are run in the physical environment. #Sitey survey report is an assessment of a wireless network
You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. The solution must be hardware based. Which type of network should you deploy? a) a virtual private network (VPN) b) a demilitarized zone (DMZ) c) an extranet d) a virtual local area network (VLAN)
d) a virtual local area network (VLAN)
Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine? a) nslookup b) tracert c) ip d) route
d) route #The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.
You just started work as a network technician at Dion Training. You have been asked to determine if Ethernet0/0 is currently connected using OSPF or EIGRP on one of the network devices. Which of the following commands should you enter within the command line interface? a) show config b) show interface c) show diagnostic d) show route
d) show route #The "show route" command is used on a Cisco networking device to display the current state of the routing table for a given network device. To determine if Ethernet0/0 is connected using OSPF or EIGRP, you would need to use the "show route" command to display the current status.
RTP (Real-time Transport Protocol)
defines a standardized packet format for delivering audio and video over IP networks. Port no: 5004/5005