Practice Exam #1
During the setup of a new office floor, Dorothy, a network administrator, configures ports on a switch to connect VoIP phones and workstations. She wants to ensure that voice traffic is prioritized over data traffic. Which of the following configurations should Dorothy use to BEST achieve this?
- Configuring the voice VLAN on the switch ports where VoIP phones are connected is the best way to ensure that voice traffic is prioritized over data traffic. Voice VLANs are designed to prioritize VoIP traffic in the network, ensuring quality communication. QoS (Quality of Service) is used to prioritize traffic, the question specifically asks for the configuration related to VoIP phones and workstations, making the voice VLAN configuration the more direct and relevant choice.
Jake, a system administrator, notices that users are experiencing high latency when accessing the company's cloud-based applications. He wants to reduce latency to improve user experience. Of the following options, what action should Jake take to best achieve this goal?
- Optimizing routing paths involves selecting the most efficient routes for network traffic, which can significantly reduce latency.
In cloud environments, which option is specifically designed to permit internet access for resources within a VPC without exposing them directly to the internet?
A NAT Gateway allows resources within a Virtual Private Cloud (VPC) to access the internet without being directly exposed to the internet, ensuring a higher level of security for private instances.
Which type of client-to-site VPN setup allows users to remotely access corporate resources without requiring the installation of local dedicated VPN software?
A Clientless VPN setup enables remote users to access corporate resources securely through a web browser without the need for installing dedicated VPN client software. This type of VPN leverages technologies like Secure Sockets Layer (SSL) to establish encrypted connections between the user's device and the corporate network.
Your organization is deploying a new web application hosted on a scalable cloud infrastructure. To ensure users are directed to the correct IP address for accessing the application, which DNS record type should be used to map the domain name to the IPv4 address of the web server?
An Address (A) record is used to map a domain name directly to the IPv4 address of a web server, which is necessary for directing users to the correct web application.
In data center fire safety, what system is designed to minimize damage to networking infrastructure with the least environmental concerns during a fire emergency?
Clean agents like FM-200 extinguish fires with minimal harm to electronic equipment, making them ideal for data centers to minimize damage. They are most preferred today for their fire-suppressing capabilities without environmental concerns.
Which of the following standards is commonly used for exchanging authentication and authorization data between parties, facilitating single sign-on (SSO) across different systems?
Security Assertion Markup Language (SAML) is designed for exchanging authentication and authorization data between trusted parties, enabling SSO and secure access to multiple systems.
What is the primary advantage of using dynamic inventories in networking?
Dynamic inventories simplify network management and reduces manual effort
You are scanning a target as part of a penetration test. You discovered that the network uses Snort configured as a network-based IDS. Which of the following occurs when an alert rule has been matched in Snort during your scan?
If Snort is operating as an IDS, it will not block the connection or drop the packet. Instead, Snort will evaluate the entire packet and check all the alert rules, logging any matches it finds, and then allow it to continue onward to its destination.
What is the network ID associated with the host located at 10.10.10.200/25?
In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /25, so each subnet will contain 128 IP addresses. Since the IP address provided is 10.10.10.200, it will be in the 10.10.10.128/25 network.
During a routine network assessment, Barbara, a technician, notices that in certain areas of the office, wireless devices frequently lose connection to the network. This occurs even though the wireless network has been confirmed to be operational. What is the MOST probable reason for this occurrence?
Insufficient wireless coverage is the most probable reason because it indicates areas where the wireless signal is not strong enough or entirely absent, causing devices to lose connection to the network.
You are assisting a member of Dion Training's security team during an incident response. The team member asks you to determine if any strange TCP connections are occurring on a given workstation. You open the command prompt on the workstation. Which of the following tools would provide you with information on any TCP connections currently established on the workstation?
Netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (incoming and outgoing), routing tables, and several network interface and network protocol statistics. It is useful when determining if a workstation is attempting outbound connections due to malware (beaconing activity) or has ports open and listening for inbound connections.
Which port and protocol combination(s) are commonly associated with Remote Desktop Protocol (RDP)?
Port 3389 - UDP
Which mechanism enables proactive notification of network events and facilitates efficient monitoring and troubleshooting in network management?
SNMP (Simple Network Management Protocol) is the correct answer because it allows for proactive notification of network events through traps, facilitating real-time monitoring and troubleshooting.
What distinguishes Security Service Edge (SSE) from traditional network security architectures?
Security Service Edge (SSE) is a network security architecture that shifts security enforcement from the traditional network perimeter to the cloud, leveraging cloud-based security services to protect distributed users and devices. SSE aims to provide comprehensive security coverage for users accessing applications and data from various locations, including remote offices, branch offices, and mobile devices. SSE extends security beyond just endpoints within the corporate network. SSE typically moves away from reliance on physical appliances at the network perimeter. SSE prioritizes security functionalities while also considering network performance.
The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?
Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client.
Dion Training wants to create a DNS record to enter DKIM or SPF information into the domain name system and help prevent spam coming from their domain. Which type of DNS record should be created?
The DNS text (TXT) record lets a domain administrator enter text into the Domain Name Systems. The TXT record was originally intended as a place for human-readable notes. However, now it is also possible to put some machine-readable data into TXT records. TXT records are a key component of several different email authentication methods (SPF, DKIM, and DMARC) that help an email server determine if a message is from a trusted source.
You are setting up uplink ports for multiple switches to communicate with one another. All of the VLANs should communicate from the designated server switch. Which of the following should be set on the trunk ports if VLAN 1 is not the management VLAN?
The IEEE 801.q standard is used to define VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames.
In the context of Virtual Extensible Local Area Network (VXLAN), what is the purpose of the VXLAN Network Identifier (VNI)?
The VXLAN Network Identifier (VNI) is a 24-bit identifier that helps differentiate between different VXLAN overlay networks. Each VXLAN segment or overlay network typically has a unique VNI assigned to it, allowing VXLAN endpoints to correctly identify and route traffic within the appropriate overlay network.
Timothy, a network engineer, is tasked with troubleshooting a network connectivity issue. He needs to determine which MAC addresses are associated with each switch port to identify the source of the problem efficiently. Which command should Timothy use to view these on a Cisco switch?
The command to view the MAC address table on a Cisco switch really is "show mac-address-table".
In a network environment, how does the use of a jump box/host compare to direct management connections when administering remote servers and network devices?
The primary purpose of a jump box (also known as a jump host) is to serve as a secure gateway through which administrators can access and manage remote servers and network devices. This method consolidates access points, enhancing security by limiting direct access to the network's internal resources. While a jump box/host might introduce a minor additional step in the connection process, it does not significantly impact the network's latency or performance in a way that would outweigh its security benefits.
Your company has just installed a new web server that will allow inbound connections over port 80 from the internet while not accepting any connections from the internal network. You have been asked where to place the web server in the network architecture and configure the ACL rule to support the requirements. The current network architecture is segmented using a triple-homed firewall to create the following three zones: ZONE INTERFACE IP Address PUBLIC eth0 66.13.24.16/30 DMZ eth1 172.16.1.1/24 PRIVATE eth2 192.168.1.1/24 Based on the requirements and current network architecture above, where should you install the webserver and how should you configure it?
The web server should be placed into the DMZ, assigned an IP address in the 172.16.1.1/24 network, and create an inbound permit rule for port 80 in the ACL. Since the web server needs to be accessed from the internet (PUBLIC), you must configure the permit rule from eth0 (PUBLIC) to eth1 (DMZ).
Quinn is configuring a wireless network for a client in an area known for dense wireless traffic and strict regulatory oversight on channel usage. To ensure compliance and optimal performance, they focus on incorporating a feature of the 802.11h standard. What aspect of 802.11h should Quinn prioritize to meet these requirements?
Transmit Power Control (TPC) is an important feature of the 802.11h standard that allows devices to adjust their transmitting power levels. This capability is crucial in areas with dense wireless traffic and strict regulatory oversight, as it helps minimize interference with other devices by reducing power to the necessary level for communication.
The network administrator is troubleshooting the switchports for a file server with dual NICs. The file server needs to be configured for redundancy, and the dual NICs need to be combined for maximum throughput. What feature on the switch should the network administrator ensure is enabled for best results?
e Link Aggregation Control Protocol (LACP) is the 802.3ad protocol is used to group numerous physical ports to make one high bandwidth path. This method can increase bandwidth and therefore, throughput. LACP can also provide network redundancy and load balancing.
Your co-worker has just installed an unmanaged 24-port switch. He is concerned with the amount of broadcast traffic that may exist when using this device. How many broadcast domains are created when using this single 24-port switch?
single 24-port unmanaged switch will have only 1 broadcast domain. Routers and VLANs split up broadcast domains. Since this is an unmanaged switch, it will only have a single broadcast domain, but it will have 24 collision domains.
