Network+ a
Which of the following levels would an error condition generate?
1
Dion Training's email server is not sending out emails to users who have a Yahoo email address. What is the proper order that you should follow to troubleshoot this issue using the network troubleshooting methodology?
1) Identify the problem 2) Establish a theory of cause 3) Test the theory to determine the cause 4) Establish a plan of action to resolve 5) Implement the solution 6) Verify system functionality 7) Document findings and actions
You have just finished installing a new web application and need to connect it to your Microsoft SQL database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?
1433
What is the network ID associated with the host located at 192.168.0.123/29?
192.168.0.120
What ports do FTP and SFTP utilize?
21, 22
Which of the following ports is used by LDAP by default?
389
You just heard of a new ransomware attack that has been rapidly spreading across the internet that takes advantage of a vulnerability in the Windows SMB protocol. To protect your network until Microsoft releases a security update, you want to block the port for SMB at your firewall to prevent becoming a victim of this attack. Which of the following ports should you add to your blacklist?
455
Which of the following levels would a notice condition generate?
5
You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment?
77.81.12.12
Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 54 Mbps?
802.11a
You are setting up uplink ports for multiple switches to communicate with one another. All of the VLANs should communicate from the designated server switch. Which of the following should be set on the trunk ports if VLAN 1 is not the management VLAN?
802.1q
What access control model will a network switch utilize if it requires multilayer switches to use authentication via RADIUS/TACACS+?
802.1x
You are installing a Small Office/Home Office (SOHO) network consisting of a router with 2 ports, a switch with 8 ports, and a hub with 4 ports. The router has one port connected to a cable modem and one port connected to switch port #1. The other 6 ports on the switch each have a desktop computer connected to them. The hub's first port is connected to switch port #2. Based on the description provided, how many collision domains exist in this network?
9
A network administrator needs to install a centrally located firewall that needs to block specific incoming and outgoing IP addresses without denying legitimate return traffic. Which type of firewall should the administrator install?
A state-full network based firewall.
A company-wide audit revealed employees are using company laptops and desktops for personal use. To prevent this from occurring, in which document should the company incorporate the phrase "Company-owned IT assets are to be used to perform authorized company business only"?
AUP
Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line?
Analog Modem
A firewall technician at Dion Training configures a firewall to allow HTTP traffic as follows: -=-=-=-=-=- Source IP Zone Dest IP Zone Port Action Any Untrust Any DMZ 80 Allow -=-=-=-=-=- Dion Training is afraid that an attacker might try to send other types of network traffic over port 80 in order to bypass their security policies. Which of the following should they implement to prevent unauthorized traffic from entering through the firewall?
Application-aware firewall
CompTIA Network+ (N10-008) 6 Practice Exams and Simulations Practice Test 1: Practice Exam #1 Practice Test 2: Practice Exam #2 Practice Test 3: Practice Exam #3 Practice Test 4: Practice Exam #4 Practice Test 5: Practice Exam #5 Practice Test 6: Practice Exam #6 Practice Exam #1 - Results Attempt 1 Question 1: Incorrect Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line? Explanation OBJ-1.2: An analog modem is a device that converts the computer's digital pulses to tones that can be carried over analog telephone lines and vice versa. DSL is the other type of Internet connection that uses an RJ-11 connection to a phone line. A DOCSIS modem is a cable modem and would require a coaxial cable with an F-type connector. An access point is a wireless device that connects to an existing network using twisted pair copper cables and an RJ-45 connector. A multilayer switch can use either twisted pair copper cables using an RJ-45 connector or a fiber optic cable using an MTRJ, ST, SC, or LC connector. Question 2: Skipped You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment? Explanation OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /30, so each subnet will contain 4 IP addresses. Since the IP address provided is 77.81.12.14/30, the network ID is 77.81.12.12/30, the first router is 77.81.12.13/30, the second router is 77.81.12.14/30, and the broadcast address is 77.81.12.15/30. Question 3: Incorrect You just heard of a new ransomware attack that has been rapidly spreading across the internet that takes advantage of a vulnerability in the Windows SMB protocol. To protect your network until Microsoft releases a security update, you want to block the port for SMB at your firewall to prevent becoming a victim of this attack. Which of the following ports should you add to your blacklist? Explanation OBJ-1.5: Server Message Block (SMB) uses ports 139 and 445, and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments. When the WannaCry ransomware was spreading rapidly across the internet, you could help protect your organization's network by blocking ports 139 and 445 at your firewall to prevent your machines from getting infected over the internet. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions. Question 4: Incorrect Which of the following ports is used by LDAP by default? Explanation OBJ-1.5: LDAP uses port 389 by default. LDAP (Lightweight Directory Access Protocol) Standard for accessing and updating information in an X.500-style network resource directory. Unless secure communications are used, LDAP is vulnerable to packet sniffing and Man-in-the-Middle attacks. It is also usually necessary to configure user permissions on the directory. LDAP version 3 supports simple authentication or Simple Authentication and Security Layer, which integrates it with Kerberos or TLS. Question 5: Correct You have just finished installing a new web application and need to connect it to your Microsoft SQL database server. Which port must be allowed to enable communications through your firewall between the web application and your database server? Explanation OBJ-1.5: Microsoft SQL uses ports 1433, and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). SQLnet uses ports 1521 and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. Question 6: Incorrect The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following devices would BEST handle the rerouting caused by the disruption of service? Explanation OBJ-2.1: A layer 3 switch is the best option because, in addition to its capability of broadcast traffic reduction, it provides fault isolation and simplified security management. This is achieved through the use of IP address information to make routing decisions when managing traffic between LANs. Multicast and unicast are layer 3 messaging flows, so you need a router or layer 3 switch to route them across the network. A smart hub is a layer 1 device. A proxy server operates at layer 4, but would still require a router or layer 3 switch to route the traffic. Question 7: Correct Which of the following describes a design where traffic is shared between multiple network servers to provide greater throughput and reliability? Explanation OBJ-3.3: Load balancing is a technique used to spread work across multiple computers, network links, or other devices. Multiprotocol Label Switching is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows. VLAN tagging is used to keep traffic from different networks separate when traversing shared links and devices within a network topology. Multiplexing is the technology that is able to combine multiple communication signals together in order for them to traverse an otherwise single signal communication medium simultaneously. Question 8: Incorrect Which of the following type of sites would be used if your organization needs to be able to shift operations to the site and allow business operations to continue immediately? Explanation OBJ-3.3: A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization's enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment. Question 9: Incorrect Which of the following levels would a notice condition generate? Explanation OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications. Question 10: Incorrect Which of the following levels would an error condition generate? Explanation OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications. Question 11: Correct Which of the following types of fire suppression systems utilizes halocarbon or inert gas to suffocate the fire when the system is activated? Explanation OBJ-3.3: Special suppression systems, like a clean agent system, use either a halocarbon agent or inert gas. When releases, the agents will displace the oxygen in the room with the inert gas and suffocates the fire. A fire suppression system is an engineered set of components that are designed to extinguish an accidental fire in a workplace or datacenter. A wet pipe system is the most basic type of fire suppression system, and it involved using a sprinkler system and pipes that always contain water in the pipes. A pre-action system minimizes the risk of accidental release from a wet pipe system. With a pre-action system, both a detector actuation like a smoke detector and a sprinkler must be tripped prior to water being released. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter. Question 12: Incorrect Dion Training Solutions is launching their brand new website. The website needs to be continually accessible to our students and reachable 24x7. Which networking concept would BEST ensure that the website remains up at all times? Explanation OBJ-3.3: High availability is a concept that uses redundant technologies and processes to ensure that a system is up and accessible to the end-users at all times. Snapshots, warm sites, and cold sites may be useful for recovering from a disaster-type event, but they will not ensure high availability. High availability (HA) is a component of a technology system that eliminates single points of failure to ensure continuous operations or uptime for an extended period. Question 13: Incorrect You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and impacts the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why? Explanation OBJ-3.1: The Syslog server is a centralized log management solution. By looking through the Syslog server's logs, the technician could determine which service failed on which server since all the logs are retained on the Syslog server from all of the network devices and servers. Network mapping is conducted using active and passive scanning techniques and could help determine which server was offline, but not what caused the interruption. Firewall logs would only help determine why the network connectivity between a host and destination may have been disrupted. A network intrusion detection system (NIDS) is used to detect hacking activities, denial of service attacks, and port scans on a computer network. It is unlikely to provide the details needed to identify why the network service was interrupted. Question 14: Incorrect A third-party vendor has just released patches to resolve a major vulnerability. There are over 100 critical devices that need to be updated. What action should be taken to ensure the patch is installed with minimal downtime? Explanation OBJ-3.2: Patches should always be tested first. Once successfully tested, deployment to the production environment can then be accomplished. Question 15: Incorrect Which of the following errors would be received if raw data is accidentally changed as it transits the network? Explanation OBJ-3.1: Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network. The CRC number in the interface statistics is the number of packets that were received that failed the cyclic redundancy checksum, or CRC check upon receipt. If the checksum generated by the sender doesn't match the one calculated by this interface upon receipt, a CRC error is counted and the packet is rejected. Encapsulation is a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame. Thus, encapsulation is the process of enclosing one type of packet using another type of packet. A giant is any ethernet frame that exceeds the 802.3 frame size of 1518 bytes. A runt is an ethernet frame that is less than 64 bytes in size. Question 16: Incorrect Which of the following policies or plans would dictate the complexity requirements for a wireless network's shared secret key? Explanation OBJ-3.2: A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A data loss prevention policy is a document that defines how organizations can share and protect data. It guides how data can be used in decision-making without it being exposed to anyone who should not have access to it. The goal of a data loss prevention policy is to minimize accidental or malicious data loss. A remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network. Question 17: Incorrect Which of the following policies or plans would dictate how an organization would respond to an unplanned outage of their primary internet connection? Explanation OBJ-3.2: A business continuity plan is a document that outlines how a business will continue operating during an unplanned disruption in service. A business continuity plan is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, your human capital and business partners, and essentially every other aspect of the business that might be affected. A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber attacks, and other disruptive events. An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describes the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement. Question 18: Correct Which of the following type of sites would contain little to no hardware and could take days or weeks to become ready for use during a disaster? Explanation OBJ-3.3: A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization's enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment. Question 19: Incorrect A small office has an Internet connection that drops out at least two times per week. It often takes until the next day for the service provider to come out and fix the issue. What should you create with the service provider to reduce this downtime in the future? Explanation OBJ-3.2: A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end-user that defines the level of service expected from the service provider. SLAs are output-based that their purpose is specifically to define what the customer will receive. If the customer requires faster response times, it should be in the SLA. An acceptable use policy (AUP) is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to. Question 20: Correct A company-wide audit revealed employees are using company laptops and desktops for personal use. To prevent this from occurring, in which document should the company incorporate the phrase "Company-owned IT assets are to be used to perform authorized company business only"? Explanation OBJ-3.2: Acceptable Use Policy dictates what types of actions an employee can or cannot do with company-issued IT equipment. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to. A service level agreement (SLA) is a commitment between a service provider and a client for particular aspects of the service, such as quality, availability, or responsibilities. Question 21: Correct After an employee connected one of the switchports on a SOHO router to the wall jack in their office, other employees in the building started to receive "duplicate IP address" errors and experiencing intermittent network connectivity. You check the configuration on one of the affected clients and see it has been assigned an IP address of 192.168.1.54. Which of the following could be enabled on the company's network to prevent this from occurring? Explanation OBJ-4.3: DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure. When DHCP servers are allocating IP addresses to the LAN clients, DHCP snooping can be configured on LAN switches to prevent malicious or malformed DHCP traffic or rogue DHCP servers. Split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network and allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform. Question 22: Incorrect The network administrator noticed that the border router has high network capacity loading during non-working hours. This excessive load is causing outages for the company's web servers. Which of the following is the MOST likely cause of the issue? Explanation OBJ-4.2: A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. Session hijacking, also known as TCP session hijacking, is a method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge. Question 23: Incorrect A company utilizes a patching server to update its PCs regularly. After the latest patch deployment, all of the older PCs with non-gigabit Ethernet cards become disconnected from the network and now require a technician to fix the issue locally at each PC. What could be done to prevent this problem next time? Explanation OBJ-4.3: The most likely cause of this issue was a forced driver update being pushed from the update server to the older PCs, breaking their ability to use their network cards. It is best to disable automatic driver updates for PCs from the patching server by default and instead test them individually first. Question 24: Incorrect An analyst reviews a triple-homed firewall configuration that connects to the internet, a private network, and one other network. Which of the following would best describe the third network connected to this firewall? Explanation OBJ-4.1: A triple-homed firewall connects to three networks internal (private), external (internet/public), and the demilitarized zone (DMZ). The demilitarized zone (DMZ) network hosts systems that require access from external hosts. Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system looks like and how it behaves for a defined group of users. A network intrusion detection system (NIDS) is a system that attempts to detect hacking activities, denial of service attacks, or port scans on a computer network or a computer itself. A subnet is a logical subdivision of an IP network. Question 25: Incorrect An attacker is using double tagging to conduct a network exploit against your enterprise network. Which of the following types of attacks is being conducted? Explanation OBJ-4.2: VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer, server, or gateway on the network. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver's cache and causes the name server to return an incorrect result record, such as an attacker's IP address instead of the IP of the legitimate server. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. ... Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack. Question 26: Incorrect Which of the following threats can policies, procedures, and end-user training help to effectively mitigate? Explanation OBJ-4.2: Social engineering attempts occur when someone uses something like: phishing (they are attempting to receive your personal information and look legitimate), pretexting (basically they give you a scenario and expect you to react quickly), tailgating (following too closely into a door they aren't allowed in), and many other situations. Proper policies, procedures, and educating your users on the dangers posed by social engineering could prevent them from becoming a victim of a phishing attack, as well as many other attacks. Zero-day, man-in-the-middle, and DDoS attacks cannot be effectively mitigated with policies, procedures, and end-user training, but instead require technical controls, too. Question 27: Incorrect Dion Training has a single switch that services every room within its offices. The switch contains 48 ports, but Jason wants to divide the ports based on functional areas, such as web development, instruction support, and administration. Which technology should Jason utilize to divide the physical switch into three logically divided areas? Explanation OBJ-4.3: A VLAN (virtual LAN) allows a single physical switch to be divided into logical networks. VLANs are only supported on managed switches, but they allow for a different logical subnetwork address to be assigned to various ports on the switch. This requires that communications between different VLANs must go through a router, just as if you had multiple switches. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A digital subscriber line (DSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connection to the Internet. Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. Question 28: Incorrect A network administrator receives a call asking for assistance with connecting to the network. The person on the phone asks for the IP address, subnet mask, and VLAN required to access the network. What type of attack might this be? Explanation OBJ-4.2: Social engineering is a type of attack on a network in which an attacker uses their confidence and their victims' gullibility to gain access. It is the only type of attack on a network that is directed towards the human element. The human interaction with the network administrator makes the other three answers incorrect. Question 29: Correct Susan, an executive at Dion Training, will be traveling to Italy for a conference next week. She is worried about remaining connected to the internet while overseas and plans to use the WiFi in her hotel room and the local coffee shop with her laptop. Which of the following should she purchase and configure before leaving for Italy to ensure her communications remain secure regardless of where she is connecting from? Explanation OBJ-4.4: While WiFi is available almost everywhere these days, it is not safe to use it without first configuring and using a VPN. A Virtual Private Network (VPN) connects the components and resources of two (private) networks over another (public) network. This utilizes an encryption tunnel to protect data being transfer to and from her laptop to the Dion Training servers and other websites. The other options are all focused on connecting her cellphone but would still not be considered safe without a VPN being utilized. A local mobile hotspot should be used to provide internet connectivity to the laptop (if she uses this instead of the hotel and coffee shop WiFi). Still, for best security, it should also use a VPN when using this connection. Question 30: Incorrect Which of the following open-source remote access tools allows users to connect to their desktop remotely, see what is on their screen, and control it with their mouse and keyboard? Explanation OBJ-4.4: VNC (virtual network computing) is a remote access tool and protocol. It is used for screen sharing on Linux and macOS. RDP is not open-source. SSH and telnet are text-based remote access tools. Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Telnet uses port 23 to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection, but sends its data in plaintext making it an insecure protocol. Question 31: Incorrect During a recent penetration test, it was discovered that your company's wireless network could be reached from the parking lot. The Chief Security Officer has submitted a change request to your network engineering team to solve this issue because he wants to ensure that the wireless network is only accessible from within the building. Based on these requirements, which of the following settings should be changed to ensure the wireless signal doesn't extend beyond your building's interior while maintaining a high level of availability to your users? Explanation OBJ-4.3: The power level should be reduced for the radio transmitter in the wireless access points. With a reduced power level, the signal will not travel as far. You can ensure the signal remains within the building's interior only by conducting a site survey and adjusting your power levels of each wireless access point. The other options, if changed, would affect the availability of the network, and it would not dramatically affect the distance the signal travels. Question 32: Correct A company has just installed a VoIP system on their network. Prior to the installation, all of the switches were replaced with layer 3 multilayer switches to allow for the VoIP devices to be placed on separate VLANs and have the packets routed accurately between them. What type of network segmentation technique is this an example of? Explanation OBJ-4.1: Voice over Internet Protocol (VoIP) performance optimization can help a business improve the quality of its video and audio communications over the Internet by decreasing the size of the broadcast domain through the creation of VLANs. Each VLAN can contain the VoIP devices for a single department or business unit, and traffic is routed between the VLANs using layer 3 multilayer switches to increase performance of the voice communication systems. Performance optimization helps companies bolster the availability, accessibility, security, and overall performance of their networks. Compliance enforcement involves dividing up one network into smaller sections to better control the flow of traffic across the network and to restrict confidential data to a specific network segment based on a specific regulation or contractual requirement, such as PCI DSS segmentation requirements. A honeynet is an intentionally vulnerable network segment that is used to observe and investigate the attack techniques of a hacker or adversary. Separate public/private networking involves segmenting the network into two portions: public and private. This is often used in cloud architectures to protect private data. Question 33: Incorrect Dion Training is concerned about an attacker gaining access to their network and gaining access to their confidential financial data. What could be implemented to attempt to redirect an attacker to a different server that doesn't contain any real financial data? Explanation OBJ-4.1: A honeypot is a computer security mechanism set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data that appears to be a legitimate part of the site but is actually isolated and monitored and seems to contain information or a resource of value to attackers, who are then tricked into spending their time attacking the honeypot instead of your real servers. A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. A content filter is a device that screens and/or excludes access to web pages or emails that have been deemed objectionable. A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them. Question 34: Incorrect Your company has just hired a contractor to attempt to identify and exploit any network vulnerabilities they could find. This person has been permitted to perform these actions and only conduct their actions within the contract's scope of work. Which of the following will be conducted by the contractor? Explanation OBJ-4.1: Penetration testing is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. Penetration testers only do this with permission of the organization that owns the system, network, or web application and within the bounds of their scope of work. The person will not attempt to exploit a weakness during vulnerability scanning. Social engineering may be used as part of a penetration test, but it does not adequately describe the scenario provided. Hacktivism is when someone is hacking an organization without permission based on their own morals and values. Question 35: Correct A network technician is tasked with designing a firewall to improve security for an existing FTP server on the company network. The FTP server must be accessible from the Internet. The security personnel are concerned that the FTP server could be compromised and used to attack the domain controller hosted within the company's internal network. What is the BEST way to mitigate this risk? Explanation OBJ-4.1: A demilitarized zone (DMZ) is a perimeter network that protects an organization's internal local area network (LAN) from untrusted traffic. A DMZ is a type of screened subnet that is placed between the public internet and private networks. Public servers, such as the FTP server, should be installed in a DMZ so that additional security mitigations like a web application firewall or application-aware firewall can be used to protect them. SFTP (Secure File Transfer Protocol) is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications by leveraging a secure shell (SSH) connection to encrypt the communication between the client and the server. This will prevent an attacker from eavesdropping on the communications between the SFTP server and a client, but it will not prevent an attacker from exploiting the SFTP server itself. An implicit deny is when a user or group is not granted a specific permission in the security settings of an object, but they are not explicitly denied either. This is a best practice to enable, but the FTP server would still have some open ports, such as ports 20 and 21, to operate. These ports could then be used by the attacker to connect to the FTP server and exploit it. Adding a deny rule to the firewall's ACL that blocks port 21 outbound would simply prevent internal network users and servers from accessing external FTP servers. This would in no way prevent the exploitation of the company's own FTP server since it has port 21 open and listening for inbound connections. Question 36: Incorrect Which of the following is the BEST way to regularly prevent different security threats from occurring within your network? Explanation OBJ-4.5: An enterprise network's end users are the most vulnerable attack vector. Studies have shown that an investment in end-user cybersecurity awareness training has the best return on investment of any risk mitigation strategy. While a penetration test might detect various threats and vulnerabilities in your network, it does not prevent them from occurring. Disaster recovery planning creates a disaster recovery plan, which is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. Business continuity training will teach employees what to do in the case of a business continuity plan execution. A business continuity plan defines how an organization will continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident. Only end-user awareness training mitigates the biggest network vulnerability we have: our users. Question 37: Incorrect A company is installing several APs for a new wireless system that requires users to authenticate to the domain. The network technician would like to authenticate to a central point. What solution would be BEST to achieve this? Explanation OBJ-4.1: A Remote Authentication Dial-in User Service (RADIUS) server provides AAA management for users connecting to a wired or wireless network, which includes the ability to authenticate users. Link Aggregation Control Protocol (LACP) is an open standard of Ethernet link aggregation. A proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. A network controller is software that orchestrates network functions by acting as an intermediary between the business and the network infrastructure. Question 38: Incorrect (This is a simulated Performance-Based Question. If this was the real certification exam, you would be asked to drag-and-drop the correct encryption onto the APs.) Your company has purchased a new office building down the street for its executive suites. You have been asked to choose the BEST encryption for AP1, AP2, and AP3 to establish a wireless connection inside the main building for visitors to use. Your boss has stated that the main building's internal wireless network is only going to be used by visitors and should not require the visitors to set up any special configuration on their devices to connect. Larger image Which of the following is the BEST encryption to use from the options below to meet your manager's requirements for the new visitors' Wireless Network? Explanation OBJ-5.4: Since your manager has required that the visitors not be required to configure anything on their devices in order to connect, the only option you can choose is Open. This option presents no security for the visitor's wireless network, but it also requires no setup on the user's devices. All of the other options would require a pre-shared key and set up to allow the visitor to use the network. This wireless network should act as a guest network, be segmented from your corporate network, and only allow the visitors to access the internet directly using this network. Question 39: Incorrect When installing a network cable with multiple strands, a network technician pulled the cable past a sharp edge. This resulted in the copper conductors on several of the wire strands being exposed. If these exposed conductors come into contact with each other, they can form an electrical connection. Which of the following conditions would result in this scenario? Explanation OBJ-5.2: A short is an electrical term that is an abbreviation for a short circuit. A short generally means that an unintended connection between two points is allowing current to flow where it should not. In this scenario, the short is caused by the damaged cable in which two or more of the conductors are connected. This has caused the cable to fail and will report as "short" when using a cable tester. An open is the opposite of a short. An open is reported when there is no connection between the two ends of a cable or wire. This can occur when a wire or cable is accidentally cut in half. Electrostatic discharge is the sudden flow of electricity between two electrically charged objects. Crosstalk is the coupling of voltage to an adjacent line through mutual coupling composed of a mutual inductance, a coupling capacitance, or both. Crosstalk occurs within a twisted pair cable when the pairs become untwisted or no shielding or insulation remains. Question 40: Incorrect Jason is flying home from a conference and attempts to connect to the airplane's onboard wireless network to check his email. He selects the InflightWiFi from the list of network names, his web browser opens, and then a 404 "page not found" error is displayed. Which of the following issues is likely the source of this error? Explanation OBJ-5.4: This is most likely a captive portal issue. Since the user selected the SSID from the list of network names, therefore it is not a wrong SSID issue. The user also did not enter a password, therefore it is not an incorrect passphrase. The user is on an airplane, which is a small enough area to have adequate coverage throughout the entire plane. A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a wireless network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other information prior to allowing access to the network and its resources. The received signal strength indication (RSSI) is an estimated measure of the power level that a radio frequency client device is receiving from a wireless access point. If the RSSI is -90dB to -100dB, this indicates an extremely weak connection and insufficient wireless coverage in which the area the device is operating. The service set identifier (SSID) is a natural language name used to identify a wireless network. If you are manually configuring a wireless network and the incorrect SSID is entered, the device will be unable to connect to the network. The passphrase in a wireless network serves as the password or network security key. If the incorrect passphrase was entered, you will receive an error such as "Network security key mismatch" and the wireless device will be unable to communicate with the wireless access point. Question 41: Incorrect Which of the following commands is used to display the statistics for a given switchport on a Cisco switch? Explanation OBJ-5.3: The "show interface" command is used on a Cisco networking device to display the statistics for a given network interface. The "show configuration" command is used on a Cisco networking device to display the device's current configuration. The "show route" command is used on a Cisco networking device to display the current state of the routing table for a given network device. The "show diagnostic" command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device. Question 42: Incorrect A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address? Explanation OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external). Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules. Question 43: Incorrect A technician installs a new WAP, and users in the area begin to report poor performance. The technician uses ping, and only 3 of the 5 packets respond. When the technician tests the connection from a wired connection, it responds with 5 of 5 packets. What tool should the network technician use next? Explanation OBJ-5.3: A spectrum analyzer is a device that displays signal amplitude (strength) as it varies by signal frequency. Since the issue only occurs when connecting wirelessly, it is almost like a spectrum interference issue. Alternatively, you could attempt to conduct a wireless site survey using a WiFi analyzer, but that option wasn't presented in this question. A packet capture tool is used to log and collect packets as they cross the wired or wireless network. An interface monitoring tool would collect data related to performance, bandwidth (utilization), errors and discard rate for a singular interface or switchport. A Port scanner is used to test if a particular port or port range is open, closed, or filtered. Since this appears to be a wireless connectivity issue, only a spectrum analyzer could help identify the connectivity issues. This issue is most likely associated with interference around the channels being used by this wireless access device. Question 44: Correct An administrator's router with multiple interfaces uses OSPF as its routing protocol. You have discovered that one of the router's interfaces is not passing traffic. You enter the "show interface eth 0/0" command at the CLI and receive the following output: ********** Fast Ethernet 0/0 is up, line protocol is down Int ip address is 10.20.30.40/25 MTU 1500 bytes, BW 10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set Keep alive 10 Full duplex, 100Mb/s, 100 Base Tx/Fx Received 2341432 broadcasts 0 input errors 0 packets output, 0 bytes 0 output errors, 0 collisions, 0 resets ********** Which of the following actions should you perform to allow the interface to pass traffic again? Explanation OBJ-5.5: The key to answering this question is the first line of the output that states the line protocol is down. This means that the specified interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the switchport. The line protocol being down indicates a clocking or framing problem on the connection, and the most common reason for this is a cable that is not properly connected. If "Fast Ethernet 0/0 is administratively down", this would have indicated that the switchport was manually shut down using the shutdown command by a network administrator and would need to be reenabled. But, since "Fast Ethernet 0/0 is up", this indicates the interface was already enabled for eth 0/0. The IP address is currently set to 10.20.30.40/25 which is a private IP address in a classless subnet range. As long as the default gateway is an IP between 10.20.30.0 and 10.20.30.127, though, there is nothing wrong with using this IP address. Without knowing the default gateway, we cannot identify the IP address as the issue. The "loopback is not set" indicates that the interface is not in diagnostic mode and should be properly sending traffic instead of sending it to a loopback address or port. Question 45: Incorrect A technician has been troubleshooting a network problem, has determined the likely cause of the issue, and implemented a solution. What is the NEXT step they should perform according to the network troubleshooting methodology? Explanation OBJ-5.1: The next step would be to "verify full system functionality and, if applicable, implement preventive measures" since you just finished the "implement a solution or escalate as necessary" step. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Question 46: Incorrect Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine? Explanation OBJ-5.3: The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. Question 47: Incorrect A network technician was tasked to install a network printer and share it with a group of five instructors at Dion Training. The technician plugged the device into a switchport and noticed the link light turned green. Unfortunately, the printer was unable to obtain an IP address automatically. Which of the following is a potential reason for this error? Explanation OBJ-5.5: The DHCP scope is used as a pool of IP addresses that can be assigned automatically. The issue might be that there are no more IP addresses left in the scope, and is therefore exhausted. The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. DNS records are used to bind a domain name to an IP address using static assignments. Split horizon is a method used by distance vector protocols to prevent network routing loops. With split horizon, if a router receives routing information from another router, the first router will not broadcast that information back to the second router, thus preventing routing loops from occurring. An access control list (ACL) is a list of permissions associated with a system resource (object). Since the scenario specifies that the printer was unable to obtain an IP address automatically, it is most likely a DHCP issue. Question 48: Incorrect You are working as a network technician and have been asked to troubleshoot an issue with a workstation. You have just established a theory of probable cause. Which of the following steps of the network troubleshooting methodology should you perform NEXT? Explanation OBJ-5.1: The next step would be to "test the theory to determine the cause" since you just finished the "establish a theory of probable cause" step. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Question 49: Correct (This is a simulated Performance-Based Question. If this was on the real exam, you would be asked to drag and drop the steps into the proper order from step one to step seven.) Dion Training's email server is not sending out emails to users who have a Yahoo email address. What is the proper order that you should follow to troubleshoot this issue using the network troubleshooting methodology? Explanation OBJ-5.1: You must know the network troubleshooting methodology steps in the right order for the exam. You will see numerous questions both in the multiple-choice and simulation sections on this topic. If you received this question on the real exam, it will appear as a "drag and drop" question with each of the steps making up a single box, and you need to put them into the correct order. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Question 50: Incorrect An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following: DIONRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line is up Hardware is GigabitEthernet, address is 000F.33CC.F13A Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Member of L2 VLAN 1, port is untagged, port state is forwarding Which of the following actions should be taken to improve the network performance for this WAN connection?
Assign the interface a 802.1q tag to its own VLAN
Due to numerous network misconfiguration issues in the past, Dion Training adopted a policy that requires a second technician to verify any configuration changes before they are applied to a network device. When the technician inspects a newly proposed configuration change from a coworker, she determines that it would improperly configure the AS number on the device. Which of the following issues could have resulted from this configuration change if it was applied?
BGP routing issues would have occurred.
Which of the following weaknesses exist in WPS enabled wireless networks?
Brute force occurs within 11,000 combinations
Which of the following policies or plans would dictate how an organization would respond to an unplanned outage of their primary internet connection?
Business Continuity Plan
Which media access control technology will listen to a cable to ensure there is no traffic being transmitted before sending its traffic but will implement a back-off timer if a collision does occur?
CMSA/CD (Carrier-sense multiple access with collision detection)
Which of the following errors would be received if raw data is accidentally changed as it transits the network?
CRC Error
Jason is flying home from a conference and attempts to connect to the airplane's onboard wireless network to check his email. He selects the InflightWiFi from the list of network names, his web browser opens, and then a 404 "page not found" error is displayed. Which of the following issues is likely the source of this error?
Captive portal issue.
Which of the following cable types can support speeds of up to 10 Gbps for up to 100 meters?
Cat 6a
Which of the following types of fire suppression systems utilizes halocarbon or inert gas to suffocate the fire when the system is activated?
Clean Agent System
Which of the following type of network models requires the use of specialized computers that utilize networking operating systems to provide services to other networked devices that request services from them over an enterprise network?
Client-Server
Which of the following type of sites would contain little to no hardware and could take days or weeks to become ready for use during a disaster?
Cold Site
A network technician is selecting the best way to protect a branch office from as many different threats from the Internet as possible using a single device. Which of the following should meet these requirements?
Configure a UTM (unified threat management) device
An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but then begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following: DIONRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line protocol is up Hardware is GigabitEthernet, address is 000F.33CC.F13A Configured speed auto, actual 1Gbit, configured duplex auto, actual hdx Member of L2 VLAN 100, port is tagged, port state is forwarding Which of the following actions should be taken to improve the network performance for this WAN connection?
Configure the interface to use full duplex.
A technician receives a report that a VoIP phone is experiencing a "no network connectivity" error. The technician notices the Cat6a patch cable running from the back of the phone is routed behind the user's rolling chair. The cable appears to have been rolled over numerous times by the user, and it looks flattened from the abuse. Which of the following is the most likely cause of the connectivity issues being experienced on the VoIP phone?
Cross Talk
After an employee connected one of the switchports on a SOHO router to the wall jack in their office, other employees in the building started to receive "duplicate IP address" errors and experiencing intermittent network connectivity. You check the configuration on one of the affected clients and see it has been assigned an IP address of 192.168.1.54. Which of the following could be enabled on the company's network to prevent this from occurring?
DHCP Snooping
A network technician was tasked to install a network printer and share it with a group of five instructors at Dion Training. The technician plugged the device into a switchport and noticed the link light turned green. Unfortunately, the printer was unable to obtain an IP address automatically. Which of the following is a potential reason for this error?
DHCP scope is exhausted
An analyst reviews a triple-homed firewall configuration that connects to the internet, a private network, and one other network. Which of the following would best describe the third network connected to this firewall?
DMZ
Which of the following applies to data as it travels from Layer 1 to Layer 7 of the OSI model?
De-encapsulation
A third-party vendor has just released patches to resolve a major vulnerability. There are over 100 critical devices that need to be updated. What action should be taken to ensure the patch is installed with minimal downtime?
Deploy the patch in a lab environment to quickly conduct testing, get approval for an emergency change, and the immediately install it in the production environment.
A technician is called to investigate a connectivity issue to a remote office connected by a fiber optic cable. Using a light meter, it is determined that there is excessive dB loss. The installation has been working for several years. The switch was recently moved to the other side of the room and a new patch cable was installed. Which of the following is most likely the reason for the excessive dB loss?
Dirty Connectors
A company utilizes a patching server to update its PCs regularly. After the latest patch deployment, all of the older PCs with non-gigabit Ethernet cards become disconnected from the network and now require a technician to fix the issue locally at each PC. What could be done to prevent this problem next time?
Disable automatic driver updates to PC's from the patching server.
The network administrator noticed that the border router has high network capacity loading during non-working hours. This excessive load is causing outages for the company's web servers. Which of the following is the MOST likely cause of the issue?
Distributed DoS
A wireless technician wants to configure a wireless network to identify itself to visitors by including the word "Guest" in the name. This wireless network needs to provide coverage to the entire building and requires 3 wireless access points to accomplish this coverage level. What would allow users to identify the wireless network by its displayed name as a single network?
ESSID broadcast (electronic service set identifier)
A technician is attempting to resolve an issue with users on the network who cannot access websites like DionTraining.com and Google.com. The technician can ping their default gateway, DNS servers, and the website using its IP address successfully. The technician tries to use the command "ping diontraining.com" and receives an error message stating "Ping request could not find host diontraining.com." Which of the following actions should the technician attempt next to resolve this issue?
Ensure port 53 is enabled on the firewall.
You have been asked to install a media converter that connects a newly installed SMF to the existing Cat 6a infrastructure. Which type of media converter should you use?
Fiber to Ethernet
Dion Training Solutions is launching their brand new website. The website needs to be continually accessible to our students and reachable 24x7. Which networking concept would BEST ensure that the website remains up at all times?
High Availability
A college needs to provide wireless connectivity in a cafeteria with a minimal number of WAPs. What type of antenna will provide the BEST coverage?
High grain omnidirectional antenna
Dion Training is concerned about an attacker gaining access to their network and gaining access to their confidential financial data. What could be implemented to attempt to redirect an attacker to a different server that doesn't contain any real financial data?
Honeypot
Which of the following type of sites would be used if your organization needs to be able to shift operations to the site and allow business operations to continue immediately?
Hot Site
Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network?
Hybrid
An analyst reviews the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC control system. The open wireless network must remain openly available so that visitors can access the internet. How can this type of attack be prevented from occurring in the future?
Implement a VLAN to separate the HVAC control system from the open wireless network.
A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?
Implement a split horizon or a split view DNS
You are troubleshooting a network connectivity issue on a student's workstation at Dion Training. You check the details for the 802.11ac wireless network interface card and it reports the current RSSI level is -95 dB. Which of the following issues would cause this RSSI level?
Insufficient Wireless Coverage
A network technician connects three temporary office trailers with a point-to-multipoint microwave radio solution in a wooded area. The microwave radios are up, and the network technician can ping network devices in all of the office trailers. However, users are complaining that they are experiencing sporadic connectivity. What is the MOST likely cause of this issue?
Interference
The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following devices would BEST handle the rerouting caused by the disruption of service?
Layer Three Switch
Which of the following describes a design where traffic is shared between multiple network servers to provide greater throughput and reliability?
Load Balancing
Which of the following network topologies requires that all nodes have a point-to-point connection with every other node in the network?
Mesh
A network technician is tasked with designing a firewall to improve security for an existing FTP server on the company network. The FTP server must be accessible from the Internet. The security personnel are concerned that the FTP server could be compromised and used to attack the domain controller hosted within the company's internal network. What is the BEST way to mitigate this risk?
Migrate the FTP server from the internal network to the DMZ.
Thomas has a server that streams media to the local network, and the device is currently visible on the network. All of the workstations on the LAN can ping the device, and all the firewalls are currently turned off. The goal is for the streaming media server to allow different workstations to watch the stream if they choose to subscribe to it. The streaming device appears to be functioning properly, but the media won't stream when requested. Which of the following TCP/IP technologies is MOST likely not implemented properly?
Multicast
What anti-malware solution is installed as a dedicated on-premise appliance to scan all incoming traffic and prevent malware from being installed on any of your clients without requiring the installation of any software on your clients?
Network based anti-malware
Your company has purchased a new office building down the street for its executive suites. You have been asked to choose the BEST encryption for AP1, AP2, and AP3 to establish a wireless connection inside the main building for visitors to use. Your boss has stated that the main building's internal wireless network is only going to be used by visitors and should not require the visitors to set up any special configuration on their devices to connect.Which of the following is the BEST encryption to use from the options below to meet your manager's requirements for the new visitors' Wireless Network?
Open
Which of the following policies or plans would dictate the complexity requirements for a wireless network's shared secret key?
Password Policy
Your company has just hired a contractor to attempt to identify and exploit any network vulnerabilities they could find. This person has been permitted to perform these actions and only conduct their actions within the contract's scope of work. Which of the following will be conducted by the contractor?
Penetration Testing
A company has just installed a VoIP system on their network. Prior to the installation, all of the switches were replaced with layer 3 multilayer switches to allow for the VoIP devices to be placed on separate VLANs and have the packets routed accurately between them. What type of network segmentation technique is this an example of?
Performance Optimization
A network technician must allow HTTP traffic from the Internet over port 80 to an internal server running HTTP over port 81. Which of the following is this an example of?
Port Forwarding
During a recent penetration test, it was discovered that your company's wireless network could be reached from the parking lot. The Chief Security Officer has submitted a change request to your network engineering team to solve this issue because he wants to ensure that the wireless network is only accessible from within the building. Based on these requirements, which of the following settings should be changed to ensure the wireless signal doesn't extend beyond your building's interior while maintaining a high level of availability to your users?
Power Level
Andy is a network technician who is preparing to configure a company's network. He has installed a firewall to segment his network into an internal network, a DMZ or screen subnet, and an external network. No hosts on the internal network should be directly accessible by their IP address from the Internet, but they should be able to reach remote networks if they have been assigned an IP address within the network. Which of the following IP addressing solutions would work for this particular network configuration?
Private
Your supervisor has asked you to run a Cat 5e cable between two network switches in the server room. Which type of connector should be used with a Cat 5e cable?
RJ-45
A company is installing several APs for a new wireless system that requires users to authenticate to the domain. The network technician would like to authenticate to a central point. What solution would be BEST to achieve this?
Radius
What type of services can allow you to get more storage and more resources added to the cloud as fast as possible?
Rapid Elasticity
What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them?
Reset Packet (RST)
You are trying to select the BEST network topology for a new network based on the following requirements. The design must include redundancy using a minimum of two cables to create the network. The network should not be prone to congestion, therefore each device must wait for its turn to communicate on the network by passing around a token. Which of the following topologies would BEST meet the client's requirements?
Ring
Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine?
Route
Which of the following network devices is used to separate broadcast domains?
Router
A small office has an Internet connection that drops out at least two times per week. It often takes until the next day for the service provider to come out and fix the issue. What should you create with the service provider to reduce this downtime in the future?
SLA
When installing a network cable with multiple strands, a network technician pulled the cable past a sharp edge. This resulted in the copper conductors on several of the wire strands being exposed. If these exposed conductors come into contact with each other, they can form an electrical connection. Which of the following conditions would result in this scenario?
Short
Which of the following commands is used to display the statistics for a given switchport on a Cisco switch?
Show Interface
A network administrator receives a call asking for assistance with connecting to the network. The person on the phone asks for the IP address, subnet mask, and VLAN required to access the network. What type of attack might this be?
Social Engineering
Which of the following threats can policies, procedures, and end-user training help to effectively mitigate?
Social Engineering Attempts
A technician installs a new WAP, and users in the area begin to report poor performance. The technician uses ping, and only 3 of the 5 packets respond. When the technician tests the connection from a wired connection, it responds with 5 of 5 packets. What tool should the network technician use next?
Spectrum Analyzer Tool
You are performing a high-availability test of a system. As part of the test, you create an interruption on the fiber connection to the network, but the network traffic was not re-routed automatically. Which type of routing is the system utilizing?
Static
There are two switches connected using both a Cat 6 cable and a Cat 5e cable. Which type of problem might occur with this setup?
Switching loop
You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and impacts the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why?
Syslog
Which of the following remote access tools is a command-line terminal emulation program operating on port 23?
Telnet
You are working as a network technician and have been asked to troubleshoot an issue with a workstation. You have just established a theory of probable cause. Which of the following steps of the network troubleshooting methodology should you perform NEXT?
Test the theory to determine the cause.
Which of the following is the BEST way to regularly prevent different security threats from occurring within your network?
User Training Awareness
Dion Training has a single switch that services every room within its offices. The switch contains 48 ports, but Jason wants to divide the ports based on functional areas, such as web development, instruction support, and administration. Which technology should Jason utilize to divide the physical switch into three logically divided areas?
VLAN
An attacker is using double tagging to conduct a network exploit against your enterprise network. Which of the following types of attacks is being conducted?
VLAN Hopping
Which of the following open-source remote access tools allows users to connect to their desktop remotely, see what is on their screen, and control it with their mouse and keyboard?
VNC
Susan, an executive at Dion Training, will be traveling to Italy for a conference next week. She is worried about remaining connected to the internet while overseas and plans to use the WiFi in her hotel room and the local coffee shop with her laptop. Which of the following should she purchase and configure before leaving for Italy to ensure her communications remain secure regardless of where she is connecting from?
VPN
A technician has been troubleshooting a network problem, has determined the likely cause of the issue, and implemented a solution. What is the NEXT step they should perform according to the network troubleshooting methodology?
Verify system functionality
CompTIA Network+ (N10-008) 6 Practice Exams and Simulations Practice Test 1: Practice Exam #1 Practice Test 2: Practice Exam #2 Practice Test 3: Practice Exam #3 Practice Test 4: Practice Exam #4 Practice Test 5: Practice Exam #5 Practice Test 6: Practice Exam #6 Practice Exam #1 - Results Attempt 1 Question 1: Incorrect Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line? Explanation OBJ-1.2: An analog modem is a device that converts the computer's digital pulses to tones that can be carried over analog telephone lines and vice versa. DSL is the other type of Internet connection that uses an RJ-11 connection to a phone line. A DOCSIS modem is a cable modem and would require a coaxial cable with an F-type connector. An access point is a wireless device that connects to an existing network using twisted pair copper cables and an RJ-45 connector. A multilayer switch can use either twisted pair copper cables using an RJ-45 connector or a fiber optic cable using an MTRJ, ST, SC, or LC connector. Question 2: Skipped You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment? Explanation OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /30, so each subnet will contain 4 IP addresses. Since the IP address provided is 77.81.12.14/30, the network ID is 77.81.12.12/30, the first router is 77.81.12.13/30, the second router is 77.81.12.14/30, and the broadcast address is 77.81.12.15/30. Question 3: Incorrect You just heard of a new ransomware attack that has been rapidly spreading across the internet that takes advantage of a vulnerability in the Windows SMB protocol. To protect your network until Microsoft releases a security update, you want to block the port for SMB at your firewall to prevent becoming a victim of this attack. Which of the following ports should you add to your blacklist? Explanation OBJ-1.5: Server Message Block (SMB) uses ports 139 and 445, and is a network file sharing protocol that runs on top of the NetBIOS architecture in Windows environments. When the WannaCry ransomware was spreading rapidly across the internet, you could help protect your organization's network by blocking ports 139 and 445 at your firewall to prevent your machines from getting infected over the internet. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions. Question 4: Incorrect Which of the following ports is used by LDAP by default? Explanation OBJ-1.5: LDAP uses port 389 by default. LDAP (Lightweight Directory Access Protocol) Standard for accessing and updating information in an X.500-style network resource directory. Unless secure communications are used, LDAP is vulnerable to packet sniffing and Man-in-the-Middle attacks. It is also usually necessary to configure user permissions on the directory. LDAP version 3 supports simple authentication or Simple Authentication and Security Layer, which integrates it with Kerberos or TLS. Question 5: Correct You have just finished installing a new web application and need to connect it to your Microsoft SQL database server. Which port must be allowed to enable communications through your firewall between the web application and your database server? Explanation OBJ-1.5: Microsoft SQL uses ports 1433, and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). SQLnet uses ports 1521 and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. Question 6: Incorrect The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following devices would BEST handle the rerouting caused by the disruption of service? Explanation OBJ-2.1: A layer 3 switch is the best option because, in addition to its capability of broadcast traffic reduction, it provides fault isolation and simplified security management. This is achieved through the use of IP address information to make routing decisions when managing traffic between LANs. Multicast and unicast are layer 3 messaging flows, so you need a router or layer 3 switch to route them across the network. A smart hub is a layer 1 device. A proxy server operates at layer 4, but would still require a router or layer 3 switch to route the traffic. Question 7: Correct Which of the following describes a design where traffic is shared between multiple network servers to provide greater throughput and reliability? Explanation OBJ-3.3: Load balancing is a technique used to spread work across multiple computers, network links, or other devices. Multiprotocol Label Switching is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows. VLAN tagging is used to keep traffic from different networks separate when traversing shared links and devices within a network topology. Multiplexing is the technology that is able to combine multiple communication signals together in order for them to traverse an otherwise single signal communication medium simultaneously. Question 8: Incorrect Which of the following type of sites would be used if your organization needs to be able to shift operations to the site and allow business operations to continue immediately? Explanation OBJ-3.3: A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization's enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment. Question 9: Incorrect Which of the following levels would a notice condition generate? Explanation OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications. Question 10: Incorrect Which of the following levels would an error condition generate? Explanation OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications. Question 11: Correct Which of the following types of fire suppression systems utilizes halocarbon or inert gas to suffocate the fire when the system is activated? Explanation OBJ-3.3: Special suppression systems, like a clean agent system, use either a halocarbon agent or inert gas. When releases, the agents will displace the oxygen in the room with the inert gas and suffocates the fire. A fire suppression system is an engineered set of components that are designed to extinguish an accidental fire in a workplace or datacenter. A wet pipe system is the most basic type of fire suppression system, and it involved using a sprinkler system and pipes that always contain water in the pipes. A pre-action system minimizes the risk of accidental release from a wet pipe system. With a pre-action system, both a detector actuation like a smoke detector and a sprinkler must be tripped prior to water being released. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter. Question 12: Incorrect Dion Training Solutions is launching their brand new website. The website needs to be continually accessible to our students and reachable 24x7. Which networking concept would BEST ensure that the website remains up at all times? Explanation OBJ-3.3: High availability is a concept that uses redundant technologies and processes to ensure that a system is up and accessible to the end-users at all times. Snapshots, warm sites, and cold sites may be useful for recovering from a disaster-type event, but they will not ensure high availability. High availability (HA) is a component of a technology system that eliminates single points of failure to ensure continuous operations or uptime for an extended period. Question 13: Incorrect You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and impacts the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why? Explanation OBJ-3.1: The Syslog server is a centralized log management solution. By looking through the Syslog server's logs, the technician could determine which service failed on which server since all the logs are retained on the Syslog server from all of the network devices and servers. Network mapping is conducted using active and passive scanning techniques and could help determine which server was offline, but not what caused the interruption. Firewall logs would only help determine why the network connectivity between a host and destination may have been disrupted. A network intrusion detection system (NIDS) is used to detect hacking activities, denial of service attacks, and port scans on a computer network. It is unlikely to provide the details needed to identify why the network service was interrupted. Question 14: Incorrect A third-party vendor has just released patches to resolve a major vulnerability. There are over 100 critical devices that need to be updated. What action should be taken to ensure the patch is installed with minimal downtime? Explanation OBJ-3.2: Patches should always be tested first. Once successfully tested, deployment to the production environment can then be accomplished. Question 15: Incorrect Which of the following errors would be received if raw data is accidentally changed as it transits the network? Explanation OBJ-3.1: Cyclic Redundancy Checksum (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data as it transits the network. The CRC number in the interface statistics is the number of packets that were received that failed the cyclic redundancy checksum, or CRC check upon receipt. If the checksum generated by the sender doesn't match the one calculated by this interface upon receipt, a CRC error is counted and the packet is rejected. Encapsulation is a process by which a lower-layer protocol receives data from a higher-layer protocol and then places the data into the data portion of its frame. Thus, encapsulation is the process of enclosing one type of packet using another type of packet. A giant is any ethernet frame that exceeds the 802.3 frame size of 1518 bytes. A runt is an ethernet frame that is less than 64 bytes in size. Question 16: Incorrect Which of the following policies or plans would dictate the complexity requirements for a wireless network's shared secret key? Explanation OBJ-3.2: A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A data loss prevention policy is a document that defines how organizations can share and protect data. It guides how data can be used in decision-making without it being exposed to anyone who should not have access to it. The goal of a data loss prevention policy is to minimize accidental or malicious data loss. A remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network. Question 17: Incorrect Which of the following policies or plans would dictate how an organization would respond to an unplanned outage of their primary internet connection? Explanation OBJ-3.2: A business continuity plan is a document that outlines how a business will continue operating during an unplanned disruption in service. A business continuity plan is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, your human capital and business partners, and essentially every other aspect of the business that might be affected. A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber attacks, and other disruptive events. An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describes the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement. Question 18: Correct Which of the following type of sites would contain little to no hardware and could take days or weeks to become ready for use during a disaster? Explanation OBJ-3.3: A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization's enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment. Question 19: Incorrect A small office has an Internet connection that drops out at least two times per week. It often takes until the next day for the service provider to come out and fix the issue. What should you create with the service provider to reduce this downtime in the future? Explanation OBJ-3.2: A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end-user that defines the level of service expected from the service provider. SLAs are output-based that their purpose is specifically to define what the customer will receive. If the customer requires faster response times, it should be in the SLA. An acceptable use policy (AUP) is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to. Question 20: Correct A company-wide audit revealed employees are using company laptops and desktops for personal use. To prevent this from occurring, in which document should the company incorporate the phrase "Company-owned IT assets are to be used to perform authorized company business only"? Explanation OBJ-3.2: Acceptable Use Policy dictates what types of actions an employee can or cannot do with company-issued IT equipment. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to. A service level agreement (SLA) is a commitment between a service provider and a client for particular aspects of the service, such as quality, availability, or responsibilities. Question 21: Correct After an employee connected one of the switchports on a SOHO router to the wall jack in their office, other employees in the building started to receive "duplicate IP address" errors and experiencing intermittent network connectivity. You check the configuration on one of the affected clients and see it has been assigned an IP address of 192.168.1.54. Which of the following could be enabled on the company's network to prevent this from occurring? Explanation OBJ-4.3: DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure. When DHCP servers are allocating IP addresses to the LAN clients, DHCP snooping can be configured on LAN switches to prevent malicious or malformed DHCP traffic or rogue DHCP servers. Split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network and allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform. Question 22: Incorrect The network administrator noticed that the border router has high network capacity loading during non-working hours. This excessive load is causing outages for the company's web servers. Which of the following is the MOST likely cause of the issue? Explanation OBJ-4.2: A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. Session hijacking, also known as TCP session hijacking, is a method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge. Question 23: Incorrect A company utilizes a patching server to update its PCs regularly. After the latest patch deployment, all of the older PCs with non-gigabit Ethernet cards become disconnected from the network and now require a technician to fix the issue locally at each PC. What could be done to prevent this problem next time? Explanation OBJ-4.3: The most likely cause of this issue was a forced driver update being pushed from the update server to the older PCs, breaking their ability to use their network cards. It is best to disable automatic driver updates for PCs from the patching server by default and instead test them individually first. Question 24: Incorrect An analyst reviews a triple-homed firewall configuration that connects to the internet, a private network, and one other network. Which of the following would best describe the third network connected to this firewall? Explanation OBJ-4.1: A triple-homed firewall connects to three networks internal (private), external (internet/public), and the demilitarized zone (DMZ). The demilitarized zone (DMZ) network hosts systems that require access from external hosts. Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system looks like and how it behaves for a defined group of users. A network intrusion detection system (NIDS) is a system that attempts to detect hacking activities, denial of service attacks, or port scans on a computer network or a computer itself. A subnet is a logical subdivision of an IP network. Question 25: Incorrect An attacker is using double tagging to conduct a network exploit against your enterprise network. Which of the following types of attacks is being conducted? Explanation OBJ-4.2: VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another by either double tagging the traffic or conducting switch spoofing. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer, server, or gateway on the network. DNS spoofing or DNS poisoning is an attack that corrupts the Domain Name System data in the DNS resolver's cache and causes the name server to return an incorrect result record, such as an attacker's IP address instead of the IP of the legitimate server. A rogue DHCP server is a DHCP server set up on a network by an attacker, or by an unaware user, and is not under the control of network administrators. ... Rogue DHCP servers are also commonly used by attackers for the purpose of network attacks such as an on-path or man-in-the-middle attack. Question 26: Incorrect Which of the following threats can policies, procedures, and end-user training help to effectively mitigate? Explanation OBJ-4.2: Social engineering attempts occur when someone uses something like: phishing (they are attempting to receive your personal information and look legitimate), pretexting (basically they give you a scenario and expect you to react quickly), tailgating (following too closely into a door they aren't allowed in), and many other situations. Proper policies, procedures, and educating your users on the dangers posed by social engineering could prevent them from becoming a victim of a phishing attack, as well as many other attacks. Zero-day, man-in-the-middle, and DDoS attacks cannot be effectively mitigated with policies, procedures, and end-user training, but instead require technical controls, too. Question 27: Incorrect Dion Training has a single switch that services every room within its offices. The switch contains 48 ports, but Jason wants to divide the ports based on functional areas, such as web development, instruction support, and administration. Which technology should Jason utilize to divide the physical switch into three logically divided areas? Explanation OBJ-4.3: A VLAN (virtual LAN) allows a single physical switch to be divided into logical networks. VLANs are only supported on managed switches, but they allow for a different logical subnetwork address to be assigned to various ports on the switch. This requires that communications between different VLANs must go through a router, just as if you had multiple switches. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A digital subscriber line (DSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connection to the Internet. Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. Question 28: Incorrect A network administrator receives a call asking for assistance with connecting to the network. The person on the phone asks for the IP address, subnet mask, and VLAN required to access the network. What type of attack might this be? Explanation OBJ-4.2: Social engineering is a type of attack on a network in which an attacker uses their confidence and their victims' gullibility to gain access. It is the only type of attack on a network that is directed towards the human element. The human interaction with the network administrator makes the other three answers incorrect. Question 29: Correct Susan, an executive at Dion Training, will be traveling to Italy for a conference next week. She is worried about remaining connected to the internet while overseas and plans to use the WiFi in her hotel room and the local coffee shop with her laptop. Which of the following should she purchase and configure before leaving for Italy to ensure her communications remain secure regardless of where she is connecting from? Explanation OBJ-4.4: While WiFi is available almost everywhere these days, it is not safe to use it without first configuring and using a VPN. A Virtual Private Network (VPN) connects the components and resources of two (private) networks over another (public) network. This utilizes an encryption tunnel to protect data being transfer to and from her laptop to the Dion Training servers and other websites. The other options are all focused on connecting her cellphone but would still not be considered safe without a VPN being utilized. A local mobile hotspot should be used to provide internet connectivity to the laptop (if she uses this instead of the hotel and coffee shop WiFi). Still, for best security, it should also use a VPN when using this connection. Question 30: Incorrect Which of the following open-source remote access tools allows users to connect to their desktop remotely, see what is on their screen, and control it with their mouse and keyboard? Explanation OBJ-4.4: VNC (virtual network computing) is a remote access tool and protocol. It is used for screen sharing on Linux and macOS. RDP is not open-source. SSH and telnet are text-based remote access tools. Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Telnet uses port 23 to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection, but sends its data in plaintext making it an insecure protocol. Question 31: Incorrect During a recent penetration test, it was discovered that your company's wireless network could be reached from the parking lot. The Chief Security Officer has submitted a change request to your network engineering team to solve this issue because he wants to ensure that the wireless network is only accessible from within the building. Based on these requirements, which of the following settings should be changed to ensure the wireless signal doesn't extend beyond your building's interior while maintaining a high level of availability to your users? Explanation OBJ-4.3: The power level should be reduced for the radio transmitter in the wireless access points. With a reduced power level, the signal will not travel as far. You can ensure the signal remains within the building's interior only by conducting a site survey and adjusting your power levels of each wireless access point. The other options, if changed, would affect the availability of the network, and it would not dramatically affect the distance the signal travels. Question 32: Correct A company has just installed a VoIP system on their network. Prior to the installation, all of the switches were replaced with layer 3 multilayer switches to allow for the VoIP devices to be placed on separate VLANs and have the packets routed accurately between them. What type of network segmentation technique is this an example of? Explanation OBJ-4.1: Voice over Internet Protocol (VoIP) performance optimization can help a business improve the quality of its video and audio communications over the Internet by decreasing the size of the broadcast domain through the creation of VLANs. Each VLAN can contain the VoIP devices for a single department or business unit, and traffic is routed between the VLANs using layer 3 multilayer switches to increase performance of the voice communication systems. Performance optimization helps companies bolster the availability, accessibility, security, and overall performance of their networks. Compliance enforcement involves dividing up one network into smaller sections to better control the flow of traffic across the network and to restrict confidential data to a specific network segment based on a specific regulation or contractual requirement, such as PCI DSS segmentation requirements. A honeynet is an intentionally vulnerable network segment that is used to observe and investigate the attack techniques of a hacker or adversary. Separate public/private networking involves segmenting the network into two portions: public and private. This is often used in cloud architectures to protect private data. Question 33: Incorrect Dion Training is concerned about an attacker gaining access to their network and gaining access to their confidential financial data. What could be implemented to attempt to redirect an attacker to a different server that doesn't contain any real financial data? Explanation OBJ-4.1: A honeypot is a computer security mechanism set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data that appears to be a legitimate part of the site but is actually isolated and monitored and seems to contain information or a resource of value to attackers, who are then tricked into spending their time attacking the honeypot instead of your real servers. A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. A content filter is a device that screens and/or excludes access to web pages or emails that have been deemed objectionable. A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them. Question 34: Incorrect Your company has just hired a contractor to attempt to identify and exploit any network vulnerabilities they could find. This person has been permitted to perform these actions and only conduct their actions within the contract's scope of work. Which of the following will be conducted by the contractor? Explanation OBJ-4.1: Penetration testing is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. Penetration testers only do this with permission of the organization that owns the system, network, or web application and within the bounds of their scope of work. The person will not attempt to exploit a weakness during vulnerability scanning. Social engineering may be used as part of a penetration test, but it does not adequately describe the scenario provided. Hacktivism is when someone is hacking an organization without permission based on their own morals and values. Question 35: Correct A network technician is tasked with designing a firewall to improve security for an existing FTP server on the company network. The FTP server must be accessible from the Internet. The security personnel are concerned that the FTP server could be compromised and used to attack the domain controller hosted within the company's internal network. What is the BEST way to mitigate this risk? Explanation OBJ-4.1: A demilitarized zone (DMZ) is a perimeter network that protects an organization's internal local area network (LAN) from untrusted traffic. A DMZ is a type of screened subnet that is placed between the public internet and private networks. Public servers, such as the FTP server, should be installed in a DMZ so that additional security mitigations like a web application firewall or application-aware firewall can be used to protect them. SFTP (Secure File Transfer Protocol) is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications by leveraging a secure shell (SSH) connection to encrypt the communication between the client and the server. This will prevent an attacker from eavesdropping on the communications between the SFTP server and a client, but it will not prevent an attacker from exploiting the SFTP server itself. An implicit deny is when a user or group is not granted a specific permission in the security settings of an object, but they are not explicitly denied either. This is a best practice to enable, but the FTP server would still have some open ports, such as ports 20 and 21, to operate. These ports could then be used by the attacker to connect to the FTP server and exploit it. Adding a deny rule to the firewall's ACL that blocks port 21 outbound would simply prevent internal network users and servers from accessing external FTP servers. This would in no way prevent the exploitation of the company's own FTP server since it has port 21 open and listening for inbound connections. Question 36: Incorrect Which of the following is the BEST way to regularly prevent different security threats from occurring within your network? Explanation OBJ-4.5: An enterprise network's end users are the most vulnerable attack vector. Studies have shown that an investment in end-user cybersecurity awareness training has the best return on investment of any risk mitigation strategy. While a penetration test might detect various threats and vulnerabilities in your network, it does not prevent them from occurring. Disaster recovery planning creates a disaster recovery plan, which is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. Business continuity training will teach employees what to do in the case of a business continuity plan execution. A business continuity plan defines how an organization will continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident. Only end-user awareness training mitigates the biggest network vulnerability we have: our users. Question 37: Incorrect A company is installing several APs for a new wireless system that requires users to authenticate to the domain. The network technician would like to authenticate to a central point. What solution would be BEST to achieve this? Explanation OBJ-4.1: A Remote Authentication Dial-in User Service (RADIUS) server provides AAA management for users connecting to a wired or wireless network, which includes the ability to authenticate users. Link Aggregation Control Protocol (LACP) is an open standard of Ethernet link aggregation. A proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. A network controller is software that orchestrates network functions by acting as an intermediary between the business and the network infrastructure. Question 38: Incorrect (This is a simulated Performance-Based Question. If this was the real certification exam, you would be asked to drag-and-drop the correct encryption onto the APs.) Your company has purchased a new office building down the street for its executive suites. You have been asked to choose the BEST encryption for AP1, AP2, and AP3 to establish a wireless connection inside the main building for visitors to use. Your boss has stated that the main building's internal wireless network is only going to be used by visitors and should not require the visitors to set up any special configuration on their devices to connect. Larger image Which of the following is the BEST encryption to use from the options below to meet your manager's requirements for the new visitors' Wireless Network? Explanation OBJ-5.4: Since your manager has required that the visitors not be required to configure anything on their devices in order to connect, the only option you can choose is Open. This option presents no security for the visitor's wireless network, but it also requires no setup on the user's devices. All of the other options would require a pre-shared key and set up to allow the visitor to use the network. This wireless network should act as a guest network, be segmented from your corporate network, and only allow the visitors to access the internet directly using this network. Question 39: Incorrect When installing a network cable with multiple strands, a network technician pulled the cable past a sharp edge. This resulted in the copper conductors on several of the wire strands being exposed. If these exposed conductors come into contact with each other, they can form an electrical connection. Which of the following conditions would result in this scenario? Explanation OBJ-5.2: A short is an electrical term that is an abbreviation for a short circuit. A short generally means that an unintended connection between two points is allowing current to flow where it should not. In this scenario, the short is caused by the damaged cable in which two or more of the conductors are connected. This has caused the cable to fail and will report as "short" when using a cable tester. An open is the opposite of a short. An open is reported when there is no connection between the two ends of a cable or wire. This can occur when a wire or cable is accidentally cut in half. Electrostatic discharge is the sudden flow of electricity between two electrically charged objects. Crosstalk is the coupling of voltage to an adjacent line through mutual coupling composed of a mutual inductance, a coupling capacitance, or both. Crosstalk occurs within a twisted pair cable when the pairs become untwisted or no shielding or insulation remains. Question 40: Incorrect Jason is flying home from a conference and attempts to connect to the airplane's onboard wireless network to check his email. He selects the InflightWiFi from the list of network names, his web browser opens, and then a 404 "page not found" error is displayed. Which of the following issues is likely the source of this error? Explanation OBJ-5.4: This is most likely a captive portal issue. Since the user selected the SSID from the list of network names, therefore it is not a wrong SSID issue. The user also did not enter a password, therefore it is not an incorrect passphrase. The user is on an airplane, which is a small enough area to have adequate coverage throughout the entire plane. A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a wireless network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other information prior to allowing access to the network and its resources. The received signal strength indication (RSSI) is an estimated measure of the power level that a radio frequency client device is receiving from a wireless access point. If the RSSI is -90dB to -100dB, this indicates an extremely weak connection and insufficient wireless coverage in which the area the device is operating. The service set identifier (SSID) is a natural language name used to identify a wireless network. If you are manually configuring a wireless network and the incorrect SSID is entered, the device will be unable to connect to the network. The passphrase in a wireless network serves as the password or network security key. If the incorrect passphrase was entered, you will receive an error such as "Network security key mismatch" and the wireless device will be unable to communicate with the wireless access point. Question 41: Incorrect Which of the following commands is used to display the statistics for a given switchport on a Cisco switch? Explanation OBJ-5.3: The "show interface" command is used on a Cisco networking device to display the statistics for a given network interface. The "show configuration" command is used on a Cisco networking device to display the device's current configuration. The "show route" command is used on a Cisco networking device to display the current state of the routing table for a given network device. The "show diagnostic" command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device. Question 42: Incorrect A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address? Explanation OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external). Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules. Question 43: Incorrect A technician installs a new WAP, and users in the area begin to report poor performance. The technician uses ping, and only 3 of the 5 packets respond. When the technician tests the connection from a wired connection, it responds with 5 of 5 packets. What tool should the network technician use next? Explanation OBJ-5.3: A spectrum analyzer is a device that displays signal amplitude (strength) as it varies by signal frequency. Since the issue only occurs when connecting wirelessly, it is almost like a spectrum interference issue. Alternatively, you could attempt to conduct a wireless site survey using a WiFi analyzer, but that option wasn't presented in this question. A packet capture tool is used to log and collect packets as they cross the wired or wireless network. An interface monitoring tool would collect data related to performance, bandwidth (utilization), errors and discard rate for a singular interface or switchport. A Port scanner is used to test if a particular port or port range is open, closed, or filtered. Since this appears to be a wireless connectivity issue, only a spectrum analyzer could help identify the connectivity issues. This issue is most likely associated with interference around the channels being used by this wireless access device. Question 44: Correct An administrator's router with multiple interfaces uses OSPF as its routing protocol. You have discovered that one of the router's interfaces is not passing traffic. You enter the "show interface eth 0/0" command at the CLI and receive the following output: ********** Fast Ethernet 0/0 is up, line protocol is down Int ip address is 10.20.30.40/25 MTU 1500 bytes, BW 10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set Keep alive 10 Full duplex, 100Mb/s, 100 Base Tx/Fx Received 2341432 broadcasts 0 input errors 0 packets output, 0 bytes 0 output errors, 0 collisions, 0 resets ********** Which of the following actions should you perform to allow the interface to pass traffic again?
Verify the cable is connected eth 0/0
Which protocol is used for the synchronization of clocks between different computer systems over a packet-switched, variable-latency data network?
network time protocol
