Network
Consider the following IP header fields: TCP segment of bytes=4936, MTU size=1500 bytes, and IP header length=20 bytes. The IP datagram is broken into 4 fragments. What values represent the last fragment?
Total size of the IP datagram = IP header length + TCP segment size: 20 + 4935 = 4956 bytes Number of fragments = Total IP datagram size / MTU size = 4956 / 1500 = 3.304 = 4 fragments Size of Last Fragment = Total IP datagram size - (size of previous fragments (3)) 4956 - (3* 1500) = 456 bytes
What does a router use to make a routing decision when all paths have the same Border Gateway Protocol (BGP) attribute? Router ID Shortest IGP path to BGP next hop Origin code Neighbor IP address eBGP path over iBGP path
When all paths have the same Border Gateway Protocol (BGP) attribute, a router typically uses the Shortest IGP path to BGP next hop as the tiebreaker to make a routing decision. The Shortest IGP (Interior Gateway Protocol) path to the BGP next hop means that the router selects the path with the lowest Interior Gateway Protocol cost to reach the next hop IP address for the BGP route. This helps determine the best route when all other BGP attributes are equal.
What connection is used if the size of a response message is more than 512 bytes? STMP ICMP DNS TCP SSH
When the size of a response message is more than 512 bytes in DNS (Domain Name System), it typically uses TCP (Transmission Control Protocol) as the transport protocol for the DNS communication.
Which command enables seeing real-time translations on the router? show ip nat translations show ip nat statistics debug ip nat clear ip nat translations None of the above
When you issue the "debug ip nat" command on a router, it activates debugging for NAT and displays real-time information about NAT translations, including when packets are being translated. This can be useful for troubleshooting or monitoring NAT behavior in real-time.
When the CHMOD 744 <filename> command is used to set permissions for a file, which interpretation is correct? User has read permission and Group & Others have read, write permission. User has all permission and Group & Others have write permission. User & Group have read permission and Others have all permission. User has all permission and Group & Others have read permission. User has read, write permission and Group & Others have write, execute permission.
When you use the "chmod 744 <filename>" command to set permissions for a file, the correct interpretation is: User has all permissions (read, write, and execute). Group and Others have read permission. Here's what the numeric permission mode "744" means: The first digit (7) refers to the user (owner) permissions. In this case, the owner has read (4), write (2), and execute (1) permissions, which add up to 7 (4 + 2 + 1). The second and third digits (both 4) refer to the group and others permissions. Both the group and others have read (4) permissions. So, the user has full permissions (read, write, and execute), while the group and others have read-only permission.
On which layer are payload encryption and decryption performed?
application and presentation layer
n the SSL handshake protocol, which message type is first sent between the client and server?
client-hello
Signal strength on a wireless connection is dropping. Previously the network was working fine and no changes have been made to the network configuration. Which cause is most likely? Environmental factors Standards mismatch Incorrect SSID Incorrect encryption
environmental factors. Wireless signal strength can be affected by various environmental factors such as interference from other wireless devices, physical obstacles (walls, buildings, objects), electronic devices, or even changes in the surroundings. These factors can cause signal degradation and lead to a drop in signal strength, resulting in connectivity issues.
How does frame size MTU and MCU are related?
frame size and MTU are more concerned with the physical and data link layers, while MSS is specific to the transport layer and is negotiating during the TCP connection setup to ensure efficient data transmission within the constrains of the underlying network's MTU
Which Linux command is used to display network connection information?
ifconfig
Which command applies an access list to a router interface? ip access-group 101 in access-list ip 101 in access-group ip 101 in access-group ip 101 out ip access-list 101 out
ip access-group 101 in
What tool is used to test network throughput performance? SSH PING MTR SCP iperf
iperf Iperf is a widely used open-source tool for measuring network performance by testing the throughput between two systems. It allows you to assess the maximum bandwidth of a network by generating TCP and UDP data streams between a server and a client. Iperf is especially useful for assessing network capacity, identifying potential bottlenecks, and optimizing network configurations. It is commonly used for network performance testing and troubleshooting.
Which tools provide information about the network path and RTT? (Select Two.) iperf mtr traceroute cURL ICMP
mtr & traceroute mtr (My TraceRoute): MTR combines the functionality of ping and traceroute. It provides real-time statistics about the network path, including RTT, loss rates, and a hop-by-hop view of the route. traceroute (or tracert on Windows): Traceroute is a network diagnostic tool that displays the network path to a destination along with the RTT for each hop in the path. It helps identify the route packets take to reach a destination and can be used to analyze network latency The other options, "iperf," "cURL," and "ICMP," are not primarily used to provide detailed information about the network path and RTT. Iperf is used for measuring network throughput, cURL is a tool for data transfer with URLs, and ICMP is a network protocol used for error reporting and diagnostics but doesn't provide the same network path analysis as traceroute and mtr.
Which tools provide information about memory usage on a remote server? /proc/partitions sar nslookup vmstat /proc/meminfo
sar (System Activity Reporter) vmstat (virtual memory statistics) /proc/meminfo nslookup - DNS look up /proc/partitions - disk partitions
Load Balancer
serve highly available content LB are designed to distribute incoming networking traffic across multiple servers or resources. They ensures that the workload is balanced and that no single server is overwhelmed
Content Delivery Network (CDN)
serve highly available content CDNs are designed to replicated and cache content across multiple geographically distributed servers. By doing so, they reduce latency and improve content delivery
When the host is not running any service on the port, what message will get displayed? connection lost operation timedout connection timedout connection refused connection failed
"Connection refused." This means that the host received the connection request, but it actively refused to establish a connection because there is no service running on that port to handle the request.
In the tunnel mode, what does the IPsec protect? Entire IP packet IP header IP payload IP trailer None of the above
In tunnel mode, IPsec protects the entire IP packet. Tunnel mode is one of the two modes in which IPsec can operate, the other being transport mode. In tunnel mode, the entire original IP packet, including the IP header, payload, and any additional data (such as transport layer headers), is encapsulated within a new IP packet.
Which Border Gateway Protocol (BGP) attribute is NOT a standard attribute? Router ID Oldest path MED Originate Weight
Oldest Path Router ID: The BGP router ID is an essential attribute that identifies a BGP router in a BGP-speaking network. MED (Multi-Exit Discriminator): MED is an optional, non-transitive BGP attribute used to provide hints to other BGP routers about the preferred exit point from a network when there are multiple exit points. Originate: The "Originate" attribute is not a standard BGP attribute. It's possible that it may be used informally in specific implementations or contexts, but it's not a recognized and standardized BGP attribute. Weight: The BGP weight attribute is used in Cisco's implementation of BGP to influence the preferred route for outbound traffic. It is a Cisco-specific attribute and not a standard BGP attribute.
During poor network performance when connecting to a webserver, which tools should be used to troubleshoot network latency and packet loss?
Ping MTR (My traceroute) Traceroute
Which layer handles encryption and decryption?
Presentation Layer
A company is using a cloud provider to store 50 petabytes of backups. This cold-storage service is an example of:
Recovery as a Service (RaaS) *Data Archiving is the process of moving data that is no longer actively used or needed to a separate, lower-cost storage tier designed for long-term retention
What device forwards packets between networks by processing information included in the packet? Hub Bridge Router Switch Firewall
Router Routers operate at the network layer (Layer 3) of the OSI model and are responsible for determining the best path for forwarding packets between different networks or subnets.
What do SFTP and SCP use to secure traffic?
SSH (Secure Shell)
Which protocols are used to connect to remote servers on the cloud?
SSH and RDP
Which flags are used for establishing a TCP connection?
SYN (Synchronize) - initial connection ACK (Acknowledgment) SYN-ACK packet - packet with SN and ACK flags set ACK packet to complete the three-way handshake and establish connection
By which mechanism is TCP flow control achieved?
Sliding window protocol
A customer's requests are failing intermittently with the following network configuration. Which situation could be causing the failure? Subnet A - 10.0.0.0/25; Subnet B - 10.0.1.0/23; Subnet C - 10.0.1.0/25 Subnets A and B are overlapping.
Subnet B and C are overlapping Subnet A's range: 10.0.0.0 to 10.0.0.127 Subnet B's range 10.0.1.0 to 10.0.2.255 Subnet C's range: 10.0.1.0 to 10.0.1.127
Which activities does the session layer protocol support?
Synchronization Token Management Activity management
Remote Desktop Protocol (RDP)
TCP/UDP 3389 it is a proprietary protocol developed by MS for remote desktop access
Which characteristics about TTL values are important? (Select Two.) Helps prevent routing loops. Improves network speed between two hosts. Caches network paths to improve network performance. Number of hops an IP datagram will travel on a network. Sends next-hop information to neighbor routers.
TTL (Time to Live) Help prevent routing loops Number of hops an IP datagram will travel on a network
Border Gateway Protocol (BGP) uses the finite state machine (FSM) to maintain a table of all BGP peers and their operational status. What order are they listed in?
The Border Gateway Protocol (BGP) uses a finite state machine (FSM) to manage its interactions with BGP peers during the establishment and maintenance of BGP connections. Order in BGP peers are listed in the BGP FSM is: Idle -> Connect -> Active -> OpenSent -> OpenConfirm -> Established
Which of the following will list destination MAC addresses? arp telnet tracert dig ping
The command or tool that will list destination MAC addresses is arp (Address Resolution Protocol). The ARP command or tool is used to display or manipulate the ARP cache on a network device. The ARP cache contains mappings of IP addresses to MAC addresses.
Which service uses both TCP and UDP? API Telnet DNS HTTP SMTP
The service that uses both TCP and UDP is DNS (Domain Name System). UDP (User Datagram Protocol) is commonly used for DNS queries, which are typically small and do not require the reliability and connection-oriented nature of TCP. TCP (Transmission Control Protocol) is used for DNS zone transfers, which involve the exchange of larger amounts of DNS data and require a reliable, connection-based protocol.
A network has 5 subnets, each with at least 16 hosts. Which subnet masks should be used? 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.241 255.255.255.248
To accommodate at least 16 hosts in each subnet, you need a subnet mask that provides at least 4 bits for host addresses (2^4 = 16). The subnet masks that can be used in this scenario are: 255.255.255.240: This subnet mask provides 4 bits for host addresses, allowing for 2^4 = 16 possible host addresses. It creates subnets with 16 IP addresses (14 usable for hosts).
What command gets detailed information about the CPU? dmesg cat /proc/meminfo sysinfo -cpu cat /proc/cpuinfo cpusage
To get detailed information about the CPU in a Linux or Unix-like system, you would typically use the "cat /proc/cpuinfo" command. This command reads and displays information about the CPU(s) on the system from the "/proc" file system.
What script should be run to set bash global defaults for all users? etc/.profile /etc/.bashrc /etc/.log /etc/profile
To set global defaults for all users in Bash, you should typically edit the "/etc/profile" file. This file contains system-wide settings and environment variables that apply to all users when they start a Bash session.
What command creates backup configuration? config mem copy running backup wr mem copy running startup-config copy running-config startup-config
"copy running-config startup-config" - This command is used on Cisco devices. It copies the running configuration to the startup configuration, effectively saving the current configuration as a backup that will be used when the device is rebooted. "write memory" or "wr mem" - This command is also used on Cisco devices to save the running configuration to the startup configuration, effectively creating a backup of the configuration.
SSH File Transfer Protocol
- It is an extension of the SSH protocol and provides a secure way to transfer files - uses SSH for authentication and encryption - typically done using SSH key pairs, usernames, and passwords, just like regular SSH
Secure Copy Protocol (SCP)
- It is part of the SSH suite of protocols and used for securely copying files between a local and a remote host -uses SSH key-based authentication or username/password authentication
What does SSH protocol use to authenticate a remote computer?
- Password Authentication (Most Common) - Public Key (Asymmetric cryptography) - Keyboard-Interactive (Multi-factor, complicated) - Host-Based - Certificate-Based (X.509 digital certificates)
Frame size
- Refers to the size of a data packet at the data link layer (layer 2) - In Ethernet networks, frames consist of header, payload, and a trailer -Measure in bytes (common Ethernet frame sizes include 64 bytes, 1500 bytes, and jumbo frames with larger sizes
Maximum Transmission Unit (MTU)
- Represents the maximum size of an IP packet that can be transmitted over network - Specified in Bytes - Defines the largest size of the payload that can be carried in a network frame - MTU is often smaller than the maximum frame size because it considers the payload data and any encapsulation overhead
Secure Shell. (SSH)
- SSH is a cryptographic network protocol that provides secure communication over an unsecured network, such as the internet - Offers strong encryption and authentication mechanisms to protect data in transit and ensure the integrity and confidentiality of the communication
Maximum Segment Size
-a concept associated with the Transmission Control Protocol (TPC), which operates at the transport layer (Layer 4) represents the maximum amount of data that can be included in a single TCP segment -Unlike MTU, MSS does not consider the entire packet (frame), but only the TCP payload -It is typically set by negotiating with the other end during TCP handshake and is often determined by the MTU of the underlying network
What types of records are stored in DNS?
1. NS (Name Server) 2. SOA (Start of Authority) - info about DNS zone] 3. MX (Mail Exchange) 4. CNAME Records (Canonical Name Records) Other ones 5. TXT records 6. PTR Records 7. SRV Records (Service Records) 8. AAAA records
Open System Interconnection (OSI)
1. Physical Layer: binary transmission 2. Data Link Layer: Responsible for node-to-node communication, this layer provides error detection and correction and manages access to the physical medium. 3. Network Layer: This layer handles routing and forwarding of data packets between devices across different networks. It is responsible for logical addressing and packet forwarding. 4. Transport Layer: The transport layer ensures end-to-end communication and data integrity between the sender and receiver. It provides flow control and error correction as needed. 5. Session Layer: The session layer establishes, manages, and terminates communication sessions between two devices. It also manages synchronization and checkpointing. 6. Presentation Layer: Responsible for data translation, compression, encryption, and other forms of data manipulation to ensure that data is presented in a format that both the sender and receiver can understand. 7. Application Layer: This is the topmost layer and is closest to the end-user. It provides various application services and network processes that directly support user applications.
A cloud provider's authentication service is experiencing a global outage. Which issue could be related?
1. Service Disruption 2. Downtime 3. Data Inaccessibility 4. Security concerns 5. Financial Impact 6. Reputation Damage 7. Delayed SMS notification for the ticketing system 8. Offsite backup fails 9. Cloud-based security cameras not alerting 10. Unable to access online account
For the last three hours, application logs from the on-premises server have not been visible in cloud storage. Which next step should be taken?
1. Verify the log-collection agent is running 2. confirm the application is still generating logs 3. confirm the server can connect to cloud storage 4. check the log-collection agent has permission to access cloud storage
Which IP address is private? 1.2.3.4 11.1.2.3 100.10.0.1 192.168.1.1 255.255.0.0
11.1.2.3 192.168.1.1 IP addresses within the following address ranges are designated as private IP addresses for use within private networks: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 The other IP addresses, 1.2.3.4, 100.10.0.1, and 255.255.0.0, are not part of the reserved private IP address ranges.
What is the default Maximum Transmission Unit (MTU) for standard ethernet?
1500 bytes
HTTP codes 1- 500
1xx: informational 2xx: successful 3xx: redirection 4xx: client error 5xx: server error
A website is returning 504 HTTP status. Which factors could be involved? (Select Two.) Webserver overburdened Client certificate Blocked by firewall Backend database Request sent to wrong port
504 - Gateway Timeout Webserver overburdened Backend Database
A HTTP method is _________ if an identical request can be made once or several times in a row with the same effect while leaving the server in the same state.
Idempotent making multiple identical requests using an idempotent method should not result in a different outcome or change the server's state beyond the first request. Idempotent methods are important for ensuring predictable and safe interactions with web services
Which feature is present in IPv6 but not IPv4? SNMP Fragmentation Header checksum Anycast address Options
Anycast address is present in IPv6 but not in IPv4. Anycast is a addressing and routing method that allows multiple devices (typically routers) to share the same IPv6 address. When a packet is sent to an anycast address, it is routed to the nearest (or most appropriate) device in the group of devices sharing that address. Anycast is not part of the IPv4 standard.
Which layer provides service to the user? Network Physical Application Session Presentation
Application layer
When dealing with production down situations, what are the most important factors to consider? (Select Two.) Business impact Time constraints Networking-level knowledge Available tools System-level knowledge
Business impact: Understanding the business impact is crucial. You need to assess how the issue affects the organization, its customers, revenue, and reputation. This understanding guides your priorities and decisions in resolving the problem. Time constraints: Time is of the essence in production down situations. Quickly identifying the root cause and implementing a solution is critical to minimizing downtime and its associated costs. Timely resolution is a top priority. While networking-level knowledge, available tools, and system-level knowledge are essential in troubleshooting and resolving production issues, the immediate focus in a production down situation is on minimizing downtime and its impact on the business. Therefore, business impact and time constraints take precedence during these critical situations.
Which of the following is NOT a flow control technique? CRC Selective Repeat ARQ Go-Back-N ARQ Stop and WaitARQ Sliding Window ARQ
CRC (Cyclic Redundancy Check) is NOT a flow control technique. CRC is a method used for error detection, not for flow control. It's a technique for checking the integrity of data to determine whether it has been corrupted during transmission.
In which type of TCP algorithm does the size of a congestion window increase exponentially and reach its maximum threshold?
Congestion Avoidance -
A client has a DNS resolution issue and provided a packet capture. Which DNS flag should be used to determine if a query is recursive?
In DNS packet capture, you can determine if a DNS query is recursive by examining the DNS flags in the DNS header. The specific flag you should look for is the Recursion Desired (RD) flag DNS linux command - nslookup
What number is associated with SIGKILL?
In Unix-like operating systems, processes can be terminated using signals. SIGKILL (signal number 9) is a signal that is used to forcefully terminate a process
Which tool checks HTTP connection establishment and server response?
Curl
What does an ICMP message with code 3 and type 3 signify? Destination Unreachable, Fragmentation required, and DF flag set Source Quench Destination Unreachable, TTL expired Destination Unreachable, Port Unreachable Echo Request, Echo Reply
Destination Unreachable, Port Unreachable Code 0: Network Unreachable Code 1: Host Unreachable Code 2: Protocol Unreachable Code 3: Port Unreachable Code 4: Fragmentation Needed and Don't Fragment (DF) Set Code 5: Source Route Failed Code 6: Destination Network Unknown Code 7: Destination Host Unknown Code 8: Source Host Isolated Code 9: Communication with Destination Network Administratively Prohibited Code 10: Communication with Destination Host Administratively Prohibited Code 11: Network Unreachable for Type of Service Code 12: Host Unreachable for Type of Service Code 13: Communication Administratively Prohibited Code 14: Host Precedence Violation Code 15: Precedence Cutoff in Effect
What is used to translate host names into an IP address?
Domain Name System (DNS)
Which of the following allows a client to update their DNS entry as their IP address changes? Dynamic DNS Static DNS Mail transfer agent Authoritative name server
Dynamic DNS is a service that enables clients, such as end-user devices or computers, to automatically update their DNS records in real-time as their IP addresses change. This is particularly useful for clients with dynamic IP addresses (often assigned by ISPs) who need to maintain a consistent hostname or domain name for services like remote access or hosting a website
Which type of routing updates route tables automatically? Automatic Dynamic Proactive Global Symmetric
Dynamic Routing
HTTP 403
Forbidden 400 bad request 401 Unauthorized 402 payment required 404 Not found 408 Request timeout
Fragment Size calculation
Fragment Size = Offset * 8 bytes
HTTP (Hypertext Transfer Protocol) Method Group
GET, POST, PUT, DELETE Port 80
Which ARP packet is sent to announce changed physical/MAC addresses?
Gratuitous ARP
Why HTTPS is more secure because?
HTTPS is more secure because it ensures the confidentiality, integrity, and authenticity of data exchanged between a client and a server, making it a fundamental security measure for web communications. 1. Has backup connection ports 2. Uses TCP/SSL for encryption during transit 3. Relies on UDP instead of TCP 4. Hides sender IP Port 443
Which tools are used to check for open ports? (Select Two.) tracepath tcpdump ICMP telnet netcat
telnet - network protocol and command line tool that can be used to check for open ports on a remote server netcat - versatile networking utility that can be used to check for open ports, among many other tasks. It allows you to establish connections to remote hosts and ports and is often used for port scanning to check for open ports The other options, "tracepath," "tcpdump," and "ICMP," are not typically used to directly check for open ports. Tracepath is used for path tracing, tcpdump is a packet capture and analysis tool, and ICMP (Internet Control Message Protocol) is a network layer protocol used for diagnostics and error reporting, but it's not used to directly check for open ports.
