CertMaster CompTIA Network+ Final Assessment

twork administrator is remotely configuring an application on a Windows server. The application configuration screen is graphically based, with checkboxes, dropdown selectors, etc. Determine the protocol the administrator can use that provides a secure graphical user interface (GUI) connection to the remote server. SSH RDP Telnet SNMP Remote Desktop Protocol (RDP) is Microsoft's protocol for operating remote GUI connections to a Windows machine. RDP uses TCP port 3389. Display-less devices such as routers are commonly configured remotely over the network by using a protocol such as Secure Shell (SSH). SSH does not provide a graphical user interface (GUI). Telnet is a tool that transmits shell commands and output between a client and a remote host. It was commonly used for remote management but is considered deprecated and obsolete due to security concerns. Telnet does not use a GUI. The Simple Network Management Protocol (SNMP) is a widely used framework for remote management and monitoring of servers and network appliances.

75 of 88 Question The network security office is tasked with updating authentication requirements for computer access as it currently uses a single sign-on and password. The office determines that it will begin using the sign-on criteria but add an additional requirement of a code being sent to the employee's personal cell phone to grant authorization to complete access requirements for login. What is the name of this authentication? Single-Factor Multi-Factor Ownership Factor Location Factor An authentication technology or mechanism is considered strong if it combines the use of more than one authentication data type (multifactor). Single-factor authentication systems can quit

A network security engineer is performing network penetration testing. The engineer is using Nmap to make a map of all network devices and wants to identify all host addresses on the network more quickly by skipping OS fingerprinting until after a target machine is selected. Suggest an Nmap switch that will allow the engineer to perform host discovery only. -sT -p -sn -sU Using Nmap with the -sn switch will suppress the port scan, which can reduce scanning time on large networks. TCP connect scanning is a more visible scan that establishes full connections with remote hosts. By default, Nmap scans 1,000 commonly used ports. The -p argument can be used to specify a port range. UDP ports can be scanned using the -sU argument. As these do not use ACKs, Nmap needs to wait for a response or timeout to determine the port state, so UDP scanning can take a long time.

A Windows server manager is trying to calculate the amount of data loss that a system can sustain, measured in time units. What is this referred to as? MTD RPO RTO WRT Recovery Point Objective (RPO) is the amount of data loss that a system can sustain, measured in time units. The Maximum Tolerable Downtime (MTD) metric states the requirement for a business function. Downtime is calculated from the sum of scheduled service intervals (Agreed Service Time) plus unplanned outages over the period. Recovery time objective (RTO) is the period following a disaster that an individual IT system may remain offline. Work Recovery Time (WRT). Following systems recovery, there may be additional work to reintegrate different systems, restore data from backups, test overall functionality, and brief system users on any changes.

security administrator receives an alert about a possible attack against the SAE protocol. Which wireless authentication mechanism uses this? WEP WPA WPA2 WPA3 In WPA3, the Simultaneous Authentication of Equals (SAE) protocol replaces the 4-way handshake, which has been found to be vulnerable to various attacks. WEP is an old protocol that is no longer safe to use, though it does not use the SAE protocol. WEP uses an outdated RC4 stream cipher to encrypt traffic. The first version of Wi-Fi Protected Access (WPA) was designed to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. In WPA2, pre-shared key (PSK) authentication uses a passphrase to generate the key that is used to encrypt communications. It is also referred to as group authentication because a group of users share th

A Windows server manager is trying to calculate the amount of data loss that a system can sustain, measured in time units. What is this referred to as? MTD RPO RTO WRT Recovery Point Objective (RPO) is the amount of data loss that a system can sustain, measured in time units. The Maximum Tolerable Downtime (MTD) metric states the requirement for a business function. Downtime is calculated from the sum of scheduled service intervals (Agreed Service Time) plus unplanned outages over the period. Recovery time objective (RTO) is the period following a disaster that an individual IT system may remain offline. Work Recovery Time (WRT). Following systems recovery, there may be additional work to reintegrate different systems, restore data from backups, test overall functionality, and brief system users on any changes.

A data center network administrator working for a cloud services company is configuring an SDN that is optimized for east-west traffic. The SDN must be loop-free so that spanning tree protocol is not required, instead utilizing a protocol called Equal Cost Multipathing (ECMP) to distribute traffic between the links to the top-tier switches. Most importantly, all server resources will be on-premises, so the solution should avoid the use of the public Internet and the use of Protocol-Independent Multicast (PIM) protocols, instead establishing private links with guaranteed service levels to operate as an overlay network and configure point-to-point or point-to-multipoint links between nodes without respect to the underlying physical and data link topologies (in other words, tunneling through the network layer). The SDN must also feature multipath redundancy to allow for load balancing and failover. Choose a multipath routing protocol that will best fulfill these requirements. Generic Routing Encapsulation (GRE) with OSPF Multiprotocol Label Switching (MPLS) with Shortest Path Bridging (SPB) Multipoint Generic Routing Encapsulation (mGRE) with BGP VXLAN encapsulation Shortest Path Bridging (

A branch manager of several chain stores has been researching physical security and wants to set up a network of monitored locks, intruder alarms, and video surveillance cameras. What should they set up? PACS BAS PLCs Control system A physical access control system (PACS) is a network of monitored locks, intruder alarms, and video surveillance cameras. A building automation system (BAS) or smart building for offices and data centers can include PACS, but also network-based configuration and monitoring of heating, ventilation, and air conditioning (HVAC), fire control, power and lighting, and elevators and escalators. Building subsystems are implemented by programmable logic controllers (PLCs) and various types of sensors that measure temperature, air pressure, humidity, room occupancy, and so on. IoT devices usually require a communications hub to facilitate wireless networking. There must also be a control system, as most IoT devices are headless, meaning they have no user control interface.

A network engineer is configuring an Internet of Things (IoT) network that uses multicasting to allow devices to communicate over a VLAN-enabled managed switch. An issue is occurring where the multicast traffic is being flooded across the network as a broadcast, resulting in reduced network performance. Recommend a potential fix for this issue. Enable DHCP Relay Ensure DHCP server is correctly configured Ensure DNS server is properly configured Ensure IGMP snooping is enabled at the switch To prevent multicast flooding, IGMP snooping can be enabled as a global option on a switch and as a per-VLAN option. IGMP snooping means the switch reads IGMP messages and can determine if the host on an access port or one or more hosts in a VLAN have joined a multicast group. A DHCP relay agent can be configured to provide forwarding of DHCP traffic between subnets. This is not related to multicast flooding issues. The DHCP server is required for dynamic IP address assignment to client devices. DHCP is not related to multicast flooding issues. A domain name service (DNS) server is used for name resolution for network connections. DNS is not related to multicast flooding issues

A company has been advised by a network consultant to have extra lengths of copper twisted-pair cables with 4 pairs of wires as well as 8-position/8-contact connectors. Assess what type of connector will be required. RJ-11 RJ-45 MTRJ F-type RJ-45 are used with 4-pair (8-wire) cables. Because each wire has its own contact, they are also known as 8P8C. RJ-11 connectors represent the legacy telephone connectors, utilizing either 2 or 3 pairs of unshielded twisted-pair copper wires. RJ-11 connectors only use 2 contacts, making them 6 position/2 contact or 6P2C MTRJ (Mechanical Transfer Registered Jack) is a small-form-factor duplex fiber-optic connector with a snap-in design that is used in multimode networks. MTRJ connectors are not compatible with copper wire. F-type connectors are used for copper cabling intended for Cable TV, which is attached by a screw and threading mechanism.

A network security administrator wants to begin network hardening with the easiest possible implementations they can perform first. They found that the company only purchases laptops from a specific vendor and plans to continue doing so. What could they implement based on this? Dynamic ARP inspection DHCP snooping MAC filtering PVLANs Configuring MAC filtering on a switch means defining which MAC addresses are permitted to connect to a particular port. This can be done by creating a list of valid MAC addresses or by specifying a limit to the number of permitted addresses. A switch port security feature such as dynamic ARP inspection (DAI) prevents a host attached to an untrusted port from flooding segments with gratuitous ARP replies. Configuring DHCP snooping causes the switch to inspect DHCP traffic arriving on access ports to ensure that a host is not trying to spoof its MAC address. A private VLAN (PVLAN) applies an additional layer of segmentation by r

A magazine editor has hired a team of network consultants to install and configure a new network. The network will be a tiered switching network with several VLAN trunks. The editor owns a particular device that is able to access all employee VLANs. Decide where the editor's device should be connected in order to access multiple VLANs. Trunk port on distribution layer switch Access port on edge layer switch Any untagged port Host port on core layer switch The trunk port carries all the VLAN-to-VLAN traffic that must be routed. The associated subinterface receives traffic from a given VLAN and then routes it to the subinterface serving the destination VLAN. Trunk ports are usually 802.1Q tagged. By connecting to an edge layer (access layer) switch, the administrator would be connected to a single VLAN. An untagged port is connected to a single VLAN. 802.1Q tagging must be configured to access multiple VLANs. User devices should never be attached to the core layer. Host ports, by definition, are untagged and therefore would allow access to a single VLAN

IT team responsible for a small corporate network is attempting to increase data throughput to a particular machine from 1 Gbps to 2 Gbps. The machine has two network interface cards. Recommend an Ethernet switching feature to fulfill these requirements. Port mirroring NIC teaming Power over Ethernet Flow control NIC teaming, also sometimes called port bonding or port aggregation, can be accomplished using the Link Aggregation Control protocol. This can provide redundancy and extra bandwidth when there are multiple clients, as load balancing is performed. A switched-port analyzer can be attached to a network port to mirror the packets being sent. This is often used for traffic analysis, but can also serve as redundancy for failover. Power over Ethernet is a way of supplying electricity from a switch port to an end device using ethernet cabling. PoE will not be useful for maximum doubling bandwidth. Flow control allows a server to instruct the switch to pause traffic temporarily to avoid overwhelming its buffer and preventing frames from being dropped.

A mid-sized company is looking at the ability for workers to work from home more often after a recent pandemic. They want the users to be able to connect back to the corporate network but don't want to overwhelm the internal network with all traffic from the remote users. Which of the following connections would be the best option? RDP VNC Split tunnel VPN Full tunnel VPN In a split-tunnel VPN the client accesses the Internet directly using its "native" IP configuration and DNS servers. Microsoft's Remote Desktop Protocol (RDP) can be used to access a physical machine on a one-to-one basis. Alternatively, the site can operate a remote desktop gateway that facilitates access to virtual desktops or individual apps. There are several popular alternatives to Remote Desktop. Most support remote access to platforms other than Windows. Examples include TeamViewer and Virtual Network Computing (VNC). In a full tunnel, VPN Internet access is mediated by the corporate network, which will alter the client's IP address and DNS servers and may use a proxy.

A network consultant wants to configure their client's system to generate an alert when either a certain type of a given severity has been encountered, or by setting thresholds for performance counters. What is the name of this type of system? Logging Level Automated Event Management Syslog SNMP An automated event management system can be configured to generate some sort of alert when a certain event type of a given severity is encountered. An alert can also be generated by setting certain thresholds for performance counters. The logging level configured on each host determines the maximum level at which events are recorded or forwarded. Syslog is an example of a protocol and supporting software that facilitates log collection. The Simple Network Management Protocol (SNMP) is a widely used framework for remote management and monitoring of servers and network appliances. SNMP consists of agents and a monitoring system.

A military installation is upgrading its network infrastructure. Which fiber optic connector type developed by AT&T used to be very common for multimode networks in commercial or military installations due to its quick-connecting bayonet, but is no longer considered standard when retrofitting? Mechanical Transfer Registered Jack (MTRJ) Local Connector (LC) Straight Tip (ST) Subscriber Connector (SC) Straight Tip (ST) is an early bayonet-style connector with a twist-and-push locking mechanism. ST was primarily used for multimode networks, however, it is no longer routinely utilized in Ethernet deployments. MTRJ (Mechanical Transfer Registered Jack) is a small-form-factor duplex connector with a snap-in design that is used in multimode networks. The Local Connector (LC) is a small-form-factor connector with a push/pull tabbed design. The LC form factor is commonly used for Gigabit Ethernet and 10/40 GbE. The Subscriber Connector (SC) is a push/pull connector that allows for easy insertion and removal. It may be utilized in either single-mode or multimode mode. It is frequently used in Gigabit Ethernet.

A company has deployed a large network of PLC devices in its manufacturing facilities. The company has recently laid off several employees who had regular access to the configuration settings of the PLC devices through workstations connected to the PLC firmware through Secure Shell (SSH) sessions authenticated with public key infrastructure (PKI). Plan the proper actions for remediation of the client device and management of the keys associated with the user accounts of the former employees. (Select all that apply.) Copy new public key to SSH server Regenerate a new key pair on the client device Delete the old public key from the appliance Re-use the old public key After regenerating a new public key, it needs to be added to the SSH server and configured before it can be used. A new key is needed to replace the former employee's authentication keys since they have been blocked. Deletion of old keys, public and private, is paramount to any reliable security policy. Deletion of the user's authentication certificates and keys should be the first action performed as part of offboarding. It is against any good security policy, not to mention legal and industry regulations, to reuse keys or ce

A network administrator is installing hundreds of Internet of Things (IoT) sensor devices at a corporate facility. While each sensor device can be accessed and configured separately, the administrator requires a centralized remote management framework that can perform regular device polling as well as configurable thresholds for triggering notifications when events like port failure occur. Suggest an agent-based framework the administrator can use to fulfill these monitoring and remote management requirements. Secure Shell Remote Desktop Protocol Simple Network Management Protocol Telnet The Simple Network Management Protocol (SNMP) is a widely used agent-based framework for remote management and monitoring of servers and network appliances. Display-less devices such as routers are commonly configured remotely over the network by using a protocol such as Secure Shell (SSH). Remote Desktop Protocol (RDP) is Microsoft's protocol for operating remote GUI connections to a Windows machine. RDP uses TCP port 3389. Telnet is a tool that transmits shell commands and output between a client and a remote host. It was commonly used for remote management, but is considered deprecated and obsolete due to security concer

A team of network engineers is using an interior gateway routing protocol that takes into consideration only the number of hops when calculating routes. Recommend an interior gateway routing protocol that calculates routes using a metric weighted on bandwidth cost combined with delay time, and that only sends updates to neighbors when the topology has changed. Enhanced IGRP (EIGRP) Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) EIGRP is an advanced distance-vector or hybrid routing protocol similar to RIP that uses a metric composed of administrator-weighted elements, such as bandwidth and delay. The Routing Information Protocol (RIP) is a distance vector routing protocol. RIP only considers a single metric to select the optimal path to a given destination network, by selecting the one with the lowest hop count (distance). Open Shortest Path First (OSPF) is the most widely adopted link-state protocol. It is a link-state routing protocol, which means that the routers exchange topology information with their nearest neighbors. The Border Gateway Protocol (BGP) is designed to be used between routing domains in a mesh internetwork and is used

A network administrator is installing software that will monitor network performance metrics such as packet loss, jitter, or throughput and send notifications to the administrator if certain thresholds are met. Conclude the type of software the administrator is installing. Antivirus software Intrusion prevention software Data loss prevention software Event management software An automated event management system can be configured to issue some form of alert based on thresholds set for performance counters. Packet loss, connection bandwidth decreases, the number of sessions formed, delay/jitter in real-time applications, and other issues are examples. Antivirus software scans devices and networks for signature matches to known threats. Intrusion prevention software (IPS) can provide an active response to any network threats that it detects. Data loss prevention (DLP) solutions detect confidential or personal/sensitive data using a dictionary database or algorithm (regular expression matching). If the transmission of content to portable media, email, social networking, or cloud storage services does not adhere to a set policy, it might be blocked.

PBQ 4 The maximum tolerable downtime (MTD) is the longest period of time that a business function outage may occur without causing irrecoverable business failure. The business cannot go longer than 12 hours. The mean time to repair (MTTR) the servers is a measure of the time taken to correct a fault to restore the system to full operation. MTTR is calculated by taking the total repair time and dividing it by the number of incidents. Thus, the MTTR between the two incidents, assuming no further incidents occur in the same accounting period, can be estimated at 20 hours ( (18 hours + 19 hours + 3 hours) / 2 servers = 20). The mean time between failures (MTBF) is for a repairable (such as a server). The calculation for MTBF is the total time (devices * hours) divided by the number of failures (250*3)/2=375. The mean time to failure (MTTF) is for nonrepairable assets (such as a hard drive). The calculation for MTTF is the total time (devices * hours) divided by the number of devices (250*6)/6=250. The recovery time objective (RTO) is the period following a disaster that an individual IT system may remain offline. For this incident, RTO is 10 hours. The recovery point objective (RPO) is the

A network cabling installer is inspecting existing cabling in an older building on behalf of a local ISP. The cabling connects several branches of 10BASE-T Ethernet to a newer 100BASE-TX trunk. What protocol does the Fast Ethernet standard use that encodes service capabilities into a 16-bit data packet broadcast that allows legacy hosts to choose the highest available connection settings, thus enabling compatibility between the 100BASE-TX and the legacy 10BASE-T? A communication protocol A security protocol A routing protocol An auto-negotiation protocol Fast Ethernet added an auto-negotiation protocol to facilitate interoperability with hosts still equipped with 10 Mbps Ethernet interfaces. This protocol allows a host to select the maximum available connection settings (10 or 100 Mbps and half or full-duplex). Communications protocol is an umbrella term for sequences of specified interactions utilized to facilitate communications between devices and can include diverse concepts such as WiFi or the Hypertext Transfer Protocol (HTTP). Network security protocols are a type of network protocol that maintains the security and integrity of data while it is being transmitted across a network connection. Routing protocols define how routers interact with one another to transmit information that allows them to select routes between nodes on a computer network.

A network specialist is installing a new WiFi 6 access point in a dentists office lobby. The office is a small space with few physical obstacles, and only patients waiting in the lobby are expected to use the AP. There is a lot of interference from legacy devices used by the offices directly above, mostly on the lower channels of the lowest frequencies. Recommend a frequency and channel for the network. 5 Ghz, channel 40 5 Ghz, channel 128 (DFS) 2.4 Ghz, channel 3 2.4 Ghz, channel 11 Because the office lobby is small in area and obstacle-free, 5 Ghz with multi-user MIMO could be ideal in a setting dominated by 2.4 Ghz devices (interference is stated to occur on lower frequencies). Channel 40 is a great default if there is no known interference. If there are better options, best practice is to avoid DFS (Dynamic Frequency Selection) channels, as they are reserved for radar systems and thus suffer scanning delays while searching for radar frequencies. The scenario states interference is taking place on lower frequencies. Channel 3 of the 2.4 Ghz spectrum is likely experiencing interference. The scenario states interference is taking place on lower frequencies. Channel 11 of the 2.4 Ghz spe

A network consultant is wanting to harden the server room from malicious insider attack. One of the consultant's goals is to prevent the attachment of unauthorized client devices. What can the consultant do to mitigate this risk? Wireless Client Isolation Captive Portal Disable Unused Switch Ports Geofencing To prevent the attachment of unauthorized client devices, a switch port can be disabled using the management software. With wireless client isolation, an access point can be configured to prevent this so that stations can only communicate via its gateway. Using Captive Portal, the user must authenticate to the page and meet other administrator-set requirements, such as accepting a use policy, before the station is authorized to use the network. Geofencing can be used to ensure that the station is within a valid geographic area to access the network, such as ensuring the device is within a building rather than trying to access the WLAN from a car park or other external location.

A security analyst is looking at attacks against unencrypted Neighbor Discovery (ND) protocol. What is the attacker most likely trying to accomplish? ARP cache poisoning VLAN hopping Evil twin Layer 2 spoofing While IPv6 does not use ARP, it is also vulnerable to layer 2 spoofing if the unencrypted Neighbor Discovery (ND) protocol is used. ARP spoofing, or ARP cache poisoning, is a common means of perpetrating an on-path attack. ARP has no security, all devices are in the same broadcast domain as the rogue host trust communications. VLAN hopping is an attack designed to send traffic to a VLAN other than the one the host system is in. This exploits the native VLAN feature of 802.1Q. A rogue AP masquerading as a legitimate one is called an evil twin. An evil twin might advertise a similar network name (SSID) to the legitimate one.

A network engineer has configured a network with a tiered mesh topology with multiple redundant links, causing an entire switch segment to become unusable until being reset. What layer 2 protocol packages data into bridge protocol data unit (BPDU) multicast frames and routes based on a ranked hierarchy of switches in order to prevent loops? Neighbor Discovery Protocol (NDP) Spanning Tree Protocol (STP) Address Resolution Protocol (ARP) Routing information protocol (RIP) The spanning tree protocol (STP) allows bridges or switches to organize themselves into a hierarchy. Each switch determines the shortest path to the root bridge by exchanging information with other switches. STP information is packaged as bridge protocol data unit (BPDU) multicast frames. The Neighbor Discovery (ND) protocol performs some of the functions on an IPv6 network that ARP and ICMP perform under IPv4, such as address autoconfiguration, redirection, prefix discovery, and local address resolution. The TCP/IP suite includes the Address Resolution Protocol (ARP) to perform the task of resolving an IP address to a hardware address. The Routing Information Protocol (RIP) is a distance vector routing protocol. It operates on the application layer, not the data link layer

A network technician is using Nmap to map a corporate network. The technician has privileged access to the network driver to support packet crafting and decides to do a half-open scan to limit visibility in logs. Select the Nmap argument that will perform this half-open scan. -sT -sS -sU -p The -sS flag in Nmap initiates a SYN "half-open" scan. It requires privileged access as it involves raw packet crafting. A SYN scan sends a SYN packet (as if it were initiating a standard TCP handshake), and then waits for a response. The response can reveal whether the port is open. This scan type is less likely to be logged, hence considered stealthier. The -sT flag in Nmap initiates a TCP Connect scan, which establishes a full three-way handshake with the target host. This does not require privileged access, but it is not a half-open scan, and it will leave records in the logs on the target system. The -sU flag in Nmap initiates a UDP scan. UDP, being a connectionless protocol, has a different behavior than TCP. UDP scanning is typically slower and does not represent a half-open scan. The -p flag in Nmap is used to specify a port or range of ports to be scanned, not the type of scan. It does

A network engineer has configured a network with a tiered mesh topology with multiple redundant links, causing an entire switch segment to become unusable until being reset. What layer 2 protocol packages data into bridge protocol data unit (BPDU) multicast frames and routes based on a ranked hierarchy of switches in order to prevent loops? Neighbor Discovery Protocol (NDP) Spanning Tree Protocol (STP) Address Resolution Protocol (ARP) Routing information protocol (RIP) The spanning tree protocol (STP) allows bridges or switches to organize themselves into a hierarchy. Each switch determines the shortest path to the root bridge by exchanging information with other switches. STP information is packaged as bridge protocol data unit (BPDU) multicast frames. The Neighbor Discovery (ND) protocol performs some of the functions on an IPv6 network that ARP and ICMP perform under IPv4, such as address autoconfiguration, redirection, prefix discovery, and local address resolution. The TCP/IP suite includes the Address Resolution Protocol (ARP) to perform the task of resolving an IP address to a hardware address. The Routing Information Protocol (RIP) is a distance vector routing protocol. It operates on the application layer, not the data link layer.

A manufacturing plant, that is closed on weekends, employs a full-time network administrator to oversee the network at the plant. The network administrator is testing and recording network performance baselines and notices a throughput bottleneck is occurring on the same network when a team is using analytical software to retrieve volumes of data for testing. Provide the best guess for diagnosing the bottleneck? The bottleneck is being caused by a specific user using a single application The bottleneck is being caused by a hardware problem with a server device on the network The bottleneck is being caused by a hardware problem with a client device on the network The bottleneck is being caused by usage patterns of an entire group of users While nothing can be ruled out, the fact that the bottleneck occurs on the same network and not defined to the use of a single application, an individual user would not be likely the fault of the bottleneck. A server failure might cause latency, delays, or loss of services, but it is not likely to cause spikes in bandwidth use that show patterns over time. A hardware failure in a client device, or any device, on a network will cause a persisting problem,

A network engineer investigating connection issues being experienced by users notes that the user clients are able to connect to hosts using an IP address but not using hostnames or URLs. Propose a setting the engineer should check first. Check for duplicate IPs Failed duplex settings Hardware failure DNS server settings When a host receives a client request to access a name and it does not have the IP mapping cached, it asks a DNS server configured as a resolver to perform the lookup and return the IP address. If there are two systems with duplicate IPs, a sort of race condition will determine which receives traffic. Autonegotiation of speed and duplex settings being disabled can cause problems. If the speed setting (10, 100, or 1000 Mbps) is mismatched between the host and the switch port, the link will fail. You can test for specific cabling faults and bad ports using cable and loopback testers and certifiers. While hardware failure is rare, cables and appliances do sometimes fail on their own.

A systems administrator is configuring a server for email services. Which protocol or protocol command is also referred to as implicit TLS? SMTPS IMAP SMTP STARTTLS SMTPS establishes the secure connection before any SMTP commands (HELO, for instance) are exchanged. This is also referred to as implicit TLS and only represents encryption at the level of the transport layer. Internet Message Access Protocol (IMAP) is a mail retrieval protocol that has mailbox management features. SMTP is an application protocol used to send mail between hosts on the Internet. Messages are sent between servers over TCP port 25. STARTTLS is a command that upgrades an existing unsecure connection to TLS. This is also referred to as explicit TLS or opportunistic TLS and only represents encryption at the level of the transport layer.

A network engineer is conducting an assessment of the organization's system to look for any potential opportunity for someone or something to exploit a vulnerability and breach security. What type of assessment is being conducted? Integrity Risk Confidentiality Threat A threat assessment addresses the potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. In meeting the foundational principles of computer security, under the CIA triad, Integrity means that the data is stored and transferred as intended and that any modification is authorized. A risk assessment is associated with the likelihood and impact of a threat actor exercising a vulnerability. In meeting the foundational principles of computer security, under the CIA triad, confidentiality means that certain information should only be known to certain people.

A network engineer is tracing network routes and counting network hops. The engineers ping packet passes through a total of 3 switches and two routers before reaching its target. Determine how many network hops the packet has taken. The TTL is set to 64. 3 2 5 64 Two routers count as two hops. Switches do not count as hops. Switches do not count as hops. Switches are layer 2 devices that receive and forward Ethernet frames, using the destination MAC address to determine the correct destination port. Switches are not counted in the hop count. In order to find the right target port, switches use the destination MAC address rather than the transport layer. 64 is the default TTL, or Time To Live, in this case. It is a value that represents how many hops before a connection or packet is dropped, and decrements by one at each hop

A network engineer is configuring a local intranet for a large manufacturing company that uses a DNS server on its network to resolve internal and external queries while keeping internal IP addresses private. The engineer sets both UDP port 53 and TCP port 53 on the primary name resolution server to allow larger DNS record transfers. Select the situations that would require larger DNS record transfers over TCP. (Select all that apply.) Link aggregation is used on the network. The DNS server is utilizing a security protocol such as DNSSEC. The network makes heavy use of VoIP traffic. The network deploys IPv6 addressing. Security protocols such as DNSSEC authenticate responses to domain name lookups in order to prevent attackers from manipulating or poisoning the responses to DNS requests. IPv6 uses a much larger address space and improved security features and thus may require larger DNS record transfers. Link aggregation can be accomplished using the Link Aggregation Control protocol. This can provide redundancy and extra bandwidth when there are multiple clients, as load balancing is performed, but functions fine with normal-sized DNS transfers. Voice over IP (VoIP) connect using protocols such as SIP and don't exclusively require TCP and may avoid TCP to prevent latency.

network security specialist is using Mitre's Common Vulnerabilities and Exposures (CVE) list to identify techniques the specialist can then use to actively demonstrate ways vulnerabilities in the network can be exploited by potential adversaries. Discern the security technique the specialist is demonstrating. Privileged Access Management Vulnerability Scan Penetration testing Security and Event Management Penetration testing, often shortened to pen testing, is the utilization of authorized hacking techniques to discover exploitable weaknesses in the target's security systems. Pen testing is an intrusive assessment technique. Privileged access management (PAM) refers to policies, protocols, and technical controls that are in place to prevent internal threat actors from maliciously abusing privileged accounts and to minimize risks associated with inadequate configuration control over privileges. In passive vulnerability scanning, no attempt is made to actively test security controls or exploit any vulnerabilities discovered. SIEM (Security Information and Event Management) is a software system that gathers and analyzes activities across your entire IT infrastructure. SIEM gathers security

A network engineer is creating a network diagram based on a list of media access control (MAC) addresses used in a network. At what layer of the OSI model are all hosts identified by a specific MAC address? Physical layer Transport layer Data-link layer Network layer The data link layer (layer 2) is responsible for transferring data between nodes on the same logical segment. At the Data Link layer, a segment is one where all nodes can send traffic to one another using hardware (MAC) addresses. The physical layer of the OSI model (layer 1) is responsible for the transmission and receipt of the signals that represent bits of data from one node to another node. The transport layer is known as the end-to-end or host-to-host layer. A function of the transport layer is to identify each type of network application by assigning port numbers. The network layer (layer 3) is responsible for moving data (routing) around a network of networks, known as an internetwork or the Internet.

A network technician is troubleshooting a network issue. The technician has theorized that some evidence may point to a security breach, but the technician is not trained in security and thus cannot be certain. Decide the next step for the technician, according to the CompTIA® Network+® troubleshooting methodology. Test the theory Establish a plan of action Escalate the issue to security staff Implement the solution Escalation means referring the problem to a senior technician, manager, or third party. In this case, the technician admits the diagnosis is out of their scope of knowledge. The technician has developed a theory. Normally, the next step would be to test the theory, but if the problem is outside the scope of his knowledge, the technician will require help. The technician is not trained in diagnosing or responding to security incidents, and so cannot establish a coherent plan of action that is reliable. The technician is not trained in diagnosing or responding to security incidents, and so cannot implement a solution for a problem that is outside the scope of the technician's knowledge.

A network engineer is performing packet capture on a Gigabit copper cable for analysis and troubleshooting of a large network. The engineer requires a network sniffer that captures all frames (including frames with errors), performs signal regeneration, and is easy to implement with dedicated hardware. Suggest a network sniffer that will fulfill the engineer's requirements. Passive test access point (TAP) Active test access point (TAP) Switched port analyzer (SPAN) Software packet sniffer An active test access point (TAP) is a powered device that performs signal regeneration and can capture all packets. A passive test access point (TAP) is an unpowered device that physically copies the signal from the cabling to a monitor port. The monitor port will receive every frame, however, signal regeneration is not performed. The Switched Port Analyzer (SPAN) function, also known as port mirroring or port monitoring, allows the capture of network data as it flows through a network switch. Corrupt frames are dropped. A packet analyzer, often known as a packet sniffer, is computer software that may intercept and log information passing across a computer network or a portion of a network. Wireshark and tcpdump are two examples.

A company has installed a security device that automatically analyzes the network traffic and system and application logs to identify malicious activity by matching activity patterns to a signature database. The device is configured to alert the network security administrator upon matching a signature but takes no further action. Deduce the device the company has installed. Intrusion Prevention System (IPS) Intrusion Detection System (IDS) Proxy Server Appliance Firewall Intrusion prevention software (IPS) can provide an active response to any network threats that it detects. Ending the session by sending a TCP reset message to the attacker's computer is a common preventative technique. An intrusion detection system (IDS) performs real-time analysis of either network traffic or system and application logs. If a pattern is matched in a traffic stream, the IDS raises an alert. A server that acts as a middleman between a client and another server. It may filter and often alter communications while also providing caching services to increase efficiency. An application or software that protects a system or network by blocking unwanted network traffic is known as a firewal

A network engineer is planning static routes through an IPv6-enabled network. The engineer has configured the network so that each device or interface is represented by a 64 bit Interface ID. Which section of how many bits of a IPv6 address can the Interface ID be found? The first 64 bits The last 64 bits The first 10 bits Bits 49-64 In IPv6, the interface identifier is always the last 64 bits. The 64-bit interface ID is commonly determined by using the interface's MAC address. The first 64 bits in IPv6 addresses are used for network addressing. Link-local addresses span a single subnet in a range of fe80::/10. Link-local addresses start with a leading fe80. In a global address, 16 bits between bits 49 and 64 identify site-specific subnet addresses. The 45 bits before that are allocated in a hierarchical manner to regional registries and from them to ISPs and end-users.

Which IEEE wireless standard is designated as using high efficiency (HE), allowing throughput speeds of up to approximately 4800 Mbps over a 5 Ghz channel using Orthogonal Frequency Division Multiplexing with Multiple Access (OFDMA) modulation and UL-MIMO beamforming and can potentially reach approximate 10G speeds using a 6 Ghz frequency? 802.11ah 802.11n 802.11ac 802.11ax Wi-Fi 6 (802.11ax) uses more complex OFDM with multiple access (OFDMA) modulation and signal encoding to improve the amount of data sent per packet by about 40%. 802.11ah (Wi-Fi HaLow) uses the 900 MHz band for a much better range at much lower power. 802.11n products can use channels in the 2.4 GHz band or the 5 GHz band. The data rate for 802.11n is 72 Mbps per stream. 802.11ac provides downlink multiuser-MIMO which allows the AP to use its multiple antennas to process a spatial stream of signals in one direction separately to other streams. 802.11ac does not provide uplink MU-MIMO, and does not support 6 Ghz.

A network engineer is testing an application over the IPv6 protocol. Determine how the server can cast packets to an entire local subnet. Broadcast packets to a broadcast domain Unicast to all Link-Local Multicast Name Resolution hosts Anycast to Interface ID Multicast to associated private topology The Multicast Listener Discovery (MLD) protocol allows nodes to join a multicast group and discover whether members of a group are present on a local subnet. Unlike IPv4 where broadcasts are used to flood a broadcast domain with packets, IPv6 does not use packet broadcasting. Link-local addresses span a single subnet (they are not forwarded by routers). Nodes on the same link are referred to as neighbors. Unicast is used to send packets to a single target address. Anycasting is an IP delivery mechanism whereby a packet is addressed to a single host from a group sharing the same address. The Interface ID of an IPv6 address identifies the individual device or port.

A network administrator is installing hundreds of Internet of Things (IoT) sensor devices at a corporate facility. While each sensor device can be accessed and configured separately, the administrator requires a centralized remote management framework that can perform regular device polling as well as configurable thresholds for triggering notifications when events like port failure occur. Suggest an agent-based framework the administrator can use to fulfill these monitoring and remote management requirements. Secure Shell Remote Desktop Protocol Simple Network Management Protocol Telnet The Simple Network Management Protocol (SNMP) is a widely used agent-based framework for remote management and monitoring of servers and network appliances. Display-less devices such as routers are commonly configured remotely over the network by using a protocol such as Secure Shell (SSH). Remote Desktop Protocol (RDP) is Microsoft's protocol for operating remote GUI connections to a Windows machine. RDP uses TCP port 3389. Telnet is a tool that transmits shell commands and output between a client and a remote host. It was commonly used for remote management, but is considered deprecated and obsolete du

A network engineer oversees a network with 4 subnets of 16 IP addresses each. Each subnet will have the same Classless inter-domain routing (CIDR) range of 192.168.x.0/28, such that the first subnet has an IP range of 192.168.1.0-192.168.1.15, and so forth. If the engineer then needed 62 addresses on each subnet, how many mask bits would be represented in the CIDR notation of each subnet after the engineer has increased the IP range to 62? 26 27 32 22 A 26-bit mask contains 62 potential IP addresses in its range, from 1 to 62 in the last octet. The subnet mask would look like 255.255.255.192. A 27-bit mask contains 32 potential IP addresses in its range, from 0 to 31 in the last octet. The subnet mask would look like 255.255.255.224. A 32-bit mask contains only a single IP address in its range and represents a single machine on a network. The subnet mask would look like 255.255.255.255. A 22-bit mask contains 1024 potential IP addresses in its range spanning 192.168.0.0 - 192.168.3.255. The subnet mask would look like 255.255.252.0.

PBQ 3 SSID (AII Facility Areas): ToolMakerNet Select the ideal roaming aggressiveness setting for clients in an isolated setting, like the warehouse:Low Select the ideal roaming aggressiveness setting for clients in a mixed setting, like machine shop #1:Medium Lobby Channel: Office Channel: Machine Shop #1 Channel: Machine Shop #2 Channel: Warehouse Channel: 7 7 7 7 7

A network is segmented into separate VLANs that are assigned to ports on a managed switch. Users are reporting that network access is down in all of the VLAN segments but one. The network administrator surmises that the main server assigning IP addresses is in the working VLAN and the other VLANs are having issues accessing it, as each VLAN is in a separate broadcast domain. Prescribe an action to take that will enable the segmented VLANs to be assigned IP addresses from across broadcast domains. Enable DHCP Relay on the switch Check the ARP table cache Ensure DNS server is properly configured Ensure IGMP snooping is enabled at the switch The DHCP Relay function needs to be enabled in the configuration or settings page of a router to forward DHCP traffic where the client and server are in different subnets. The Address Resolution Protocol (ARP) is used by hosts to determine which MAC address is associated with an IP address on the local network. To optimize this process, the results of an ARP broadcast are cached in an ARP table. A domain name service (DNS) server is used for name resolution for network connections. DNS is not related to multicast flooding issues. To prevent multicast flooding, IGMP snooping can be enabled as a global option on a switch and as a per-VLAN option.

A technician is installing a new file server and several printers on a small Windows office network that also contains several legacy Windows XP desktops and legacy printers that the office managers have insisted must remain. Evaluate the protocol and port required for the file share server to be available to all devices on the network, including legacy devices. Telnet, TCP port 23 Simple Mail Transfer Protocol (SMTP), TCP port 587 HyperText Transfer Protocol (HTTP), TCP port 80 Server Message Block (SMB), TCP port 139 On a Windows® network, the File/Print Sharing Service is provided by the Server Message Block (SMB) protocol. On legacy networks, SMB ran as part of an older network services protocol called NetBIOS on TCP port 139. Telnet is a tool that transmits commands and output between a client and a remote host. It was commonly used for remote management but is considered deprecated and obsolete due to security concerns. The Simple Mail Transfer Protocol (SMTP) specifies how email is delivered from one system to another. Port 587 is an SMTP-specific port for use with STARTTLS encryption. The foundation of web technology is the HyperText Transfer Protocol (HTTP). HTTP enables clients

A network security specialist is conducting an investigation into a network compromise. On-path exploits are a form of attack in which a threat actor breaches the link between two hosts and transparently intercepts and relays all communications between them. What are examples of on-path exploits? (Select all that apply.) ARP spoofing DNS cache poisoning Distributed denial of service MAC address impersonation ARP spoofing, or ARP cache poisoning, is a common means of perpetrating an on-path attack. ARP has no security, so all devices in the same broadcast domain as a rogue host trust unsolicited ARP packets. A DNS poisoning attack compromises the name resolution process. The attacker intercepts all the packets directed to a fake website before bouncing them to the real site. A threat actor might spoof the value of a valid MAC address to try to circumvent an access control list or impersonate a legitimate server. A denial of service (DoS) attack causes a service at a given host to fail or to become unavailable to legitimate users. A distributed DoS (DDoS) attack is launched simultaneously by multiple hosts.

A manufacturing plant, that is closed on weekends, employs a full-time network administrator to oversee the network at the plant. The network administrator is testing and recording network performance baselines and notices a throughput bottleneck is occurring on the same network when a team is using analytical software to retrieve volumes of data for testing. Provide the best guess for diagnosing the bottleneck? The bottleneck is being caused by a specific user using a single application The bottleneck is being caused by a hardware problem with a server device on the network The bottleneck is being caused by a hardware problem with a client device on the network The bottleneck is being caused by usage patterns of an entire group of users While nothing can be ruled out, the fact that the bottleneck occurs on the same network and not defined to the use of a single application, an individual user would not be likely the fault of the bottleneck. A server failure might cause latency, delays, or loss of services, but it is not likely to cause spikes in bandwidth use that show patterns over time. A hardware failure in a client device, or any device, on a network will cause a persisting problem,

A network security specialist is using Mitre's Common Vulnerabilities and Exposures (CVE) list to identify techniques the specialist can then use to actively demonstrate ways vulnerabilities in the network can be exploited by potential adversaries. Discern the security technique the specialist is demonstrating. Privileged Access Management Vulnerability Scan Penetration testing Security and Event Management Penetration testing, often shortened to pen testing, is the utilization of authorized hacking techniques to discover exploitable weaknesses in the target's security systems. Pen testing is an intrusive assessment technique. Privileged access management (PAM) refers to policies, protocols, and technical controls that are in place to prevent internal threat actors from maliciously abusing privileged accounts and to minimize risks associated with inadequate configuration control over privileges. In passive vulnerability scanning, no attempt is made to actively test security controls or exploit any vulnerabilities discovered. SIEM (Security Information and Event Management) is a software system that gathers and analyzes activities across your entire IT infrastructure. SIEM gathers security data from network devices, servers, domain controllers, and other sources.

A network administrator is with a major company that cannot handle downtime and requires redundancy at every level possible. They need to set up multiple physical routers to serve as a single default gateway for a subnet, but do not want to use a proprietary protocol. Which of the following will help them accomplish this? (Select all that apply.) CARP HSRP LACP VRRP The Common Address Redundancy Protocol (CARP) enables multiple hosts to share an IP address on the same network segment so that they can act as a default gateway. The open standard protocol Virtual Router Redundancy Protocol (VRRP) allows the automatic assignment of IP routers to act as a default gateway on a single subnet. The Hot Standby Router Protocol (HSRP) allows multiple physical routers to serve as a single default gateway for a subnet, but it is a proprietary protocol developed by Cisco. The Link Aggregation Control Protocol (LACP) detects configuration errors and recovers from the failure of one of the physical links.

A network specialist is attempting to measure the time, in milliseconds, it takes for a transmission to reach the recipient. What is the specialist attempting to calculate? Jitter QOS Latency Bandwidth Latency is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms). Jitter is defined as being a variation in the delay. Jitter manifests itself as an inconsistent rate of packet delivery. Jitter is also measured in milliseconds, using an algorithm to calculate the value from a sample of transit times. Quality of Service (QoS) protocols and appliances are designed to support real-time services. Applications such as voice and video that carry real-time data have different network requirements to the sort of data represented by file transfer. Bandwidth is the amount of information that can be transmitted, measured in bits per second (bps), or some multiple thereof.

A technician is installing a new file server and several printers on a small Windows office network that also contains several legacy Windows XP desktops and legacy printers that the office managers have insisted must remain. Evaluate the protocol and port required for the file share server to be available to all devices on the network, including legacy devices. Telnet, TCP port 23 Simple Mail Transfer Protocol (SMTP), TCP port 587 HyperText Transfer Protocol (HTTP), TCP port 80 Server Message Block (SMB), TCP port 139 On a Windows® network, the File/Print Sharing Service is provided by the Server Message Block (SMB) protocol. On legacy networks, SMB ran as part of an older network services protocol called NetBIOS on TCP port 139. Telnet is a tool that transmits commands and output between a client and a remote host. It was commonly used for remote management but is considered deprecated and obsolete due to security concerns. The Simple Mail Transfer Protocol (SMTP) specifies how email is delivered from one system to another. Port 587 is an SMTP-specific port for use with STARTTLS encryption. The foundation of web technology is the HyperText Transfer Protocol (HTTP). HTTP enables clients

A network specialist is installing a VoIP gateway in an office building that uses a legacy analog phone system. The office managers want to be able to use the old phone handsets and fax machines as well as add new VoIP endpoints but plans to cancel services with the company providing the analog telephone services and replace all legacy voice cabling. Plan a method for providing VoIP services while retaining legacy handsets and fax machines. (Select all that apply.) Connect all devices to the legacy PBX and connect that to the legacy telephone network as well as to the Internet through a voice gateway behind the edge router Install a VoIP PBX between the VoIP service provider and VoIP endpoints, and a Foreign Exchange Subscriber (FXS) voice gateway connecting legacy hardware to the new PBX Connect legacy devices to the legacy PBX and connect that to the legacy telephone network directly through an analog Foreign Exchange Office voice gateway Connect new devices to the VoIP PBX and connect that to the legacy telephone network directly through an analog Foreign Exchange Office voice gateway A VoIP gateway or adapter can be used to connect POTS handsets and fax machines to a VoIP PBX. This type of device is also called a Foreign Exchange Subscriber (FXS) gateway. Analog devices for connection to legacy phone networks called Foreign Exchange Office (FXO) can be used to facilitate compatibility. If the devices are all connected to a legacy PBX before a voice gateway, new equipment will not connect to voice services properly. VoIP devices need to be attached to a VoIP-capable gateway. A company may use VoIP internally but connect to the telephone network via a gateway. This solution has forgotten the new devices and their need for a VoIP gateway.

A technician is tasked with deploying ethernet cable throughout a new wing of the organization's building. Using the various tools available to assist in achieving this requirement, what is the purpose of using a cable crimper? It is used to terminate fixed conductors into an insulation-displacement connection terminal. It is used to achieve a more permanent join with lower insertion loss. It is connector specific and used to fix a plug to a cable and create patch cords. It is used to cut copper wire and strip insulation and cable jackets. A patch cord is created using a cable crimper. This tool fixes a plug to a cable. The tools are specific to the type of connector and cable, though some may have modular dies to support a range of RJ-type plugs. Fixed cable is terminated using a punch-down tool. This tool fixes conductors into an IDC. There are different IDC formats (66, 110, BIX, and Krone), and these require different blades. A fusion splicer is a high-precision instrument that achieves a more permanent join with lower insertion loss and must be kept clean and maintained following the manufacturer's guidelines. Electricians' scissors (snips) are designed for cutting copper wire and

A network technician is planning for a mesh network and is testing the hop count for a packet to get from one network device to another. Recommend a tool that can be used to measure the final hop count received from ICMP packet requests that is available on Linux. dig traceroute telnet nslookup tracert or traceroute displays the number of hops, the round-trip time for each hop, and the IP addresses of the routers that the packet passes through, providing information about network latency and potential points of failure along the route. Domain Information Groper (dig) is a command-line tool for querying DNS servers and does not count network hops. Telnet is a tool that transmits shell commands and output between a client and a remote host. It was commonly used for remote management but is considered deprecated and obsolete due to security concerns. Telnet does count network hops. In a Windows environment, you can troubleshoot DNS name resolution with the nslookup comman

What advantage does Collision Detection (CD) bring to the carrier-sense multiple access (CSMA) media access control method? Separate collision domains for each port 10 Gbps speeds Instant termination upon collision Full-duplex transmission CSMA Collision Detection utilizes half-duplex transmission to detect when a signal is present on an interface's transmit and receive lines simultaneously. A jamming signal is then used to keep other nodes from transmitting for a period of time. Separate collision/broadcast domains for each port can be done by using VLAN segmentation. It can also be done with a Layer 3 capable switch. Bandwidth can be affected by many factors such as cable category, router capabilities, etc. However, CSMA with Collision Detection does not increase bandwidth directly and is concerned with packet collisions. Because CSMA Collision Detection relies on half-duplex transmission to detect collisions, full-duplex is not used. Modern Ethernet with full-duplex does not require CSMA/CD.

A network technician is troubleshooting a network issue. The technician has theorized that some evidence may point to a security breach, but the technician is not trained in security and thus cannot be certain. Decide the next step for the technician, according to the CompTIA® Network+® troubleshooting methodology. Test the theory Establish a plan of action Escalate the issue to security staff Implement the solution Escalation means referring the problem to a senior technician, manager, or third party. In this case, the technician admits the diagnosis is out of their scope of knowledge. The technician has developed a theory. Normally, the next step would be to test the theory, but if the problem is outside the scope of his knowledge, the technician will require help. The technician is not trained in diagnosing or responding to security incidents, and so cannot establish a coherent plan of action that is reliable. The technician is not trained in diagnosing or responding to security incidents, and so cannot implement a solution for a problem that is outside the scope of the technician's knowledge.

A network security practitioner is hardening a corporate network to mitigate the risk from route processor vulnerabilities. Which quality of service (QoS) stack operational layer comprises traffic that keeps the network itself operational, including routing updates, ARP traffic, STP notifications, NTP updates, QoS classification, and link reservation requests? Management plane Control plane Data plane Access plane The network must always allow sufficient bandwidth and CPU/memory resources for control policing. This is known as a route processor (RP) attack. The management plane comprises traffic that allows remote administration and monitoring of network appliances, such as SSH, SNMP, NetFlow, and syslog. Management traffic is typically directed to the appliance's loopback address. A network appliance uses minimal resources to process ordinary data traffic, which is often processed by dedicated hardware and does not require the general purpose CPU. This is the data plane. The access layer of Cisco's three-tiered network model allows end-user devices, such as computers, printers, and smartphones to connect to the network. This is not the same as the layers of the QoS stack.

A network technician is troubleshooting packet collision issues. The network uses Layer 2 Ethernet switches, and only some ports experience collisions. All of the ports that experience collisions are set at half-duplex; however not all half-duplex ports experience collisions. Recommend the next variable for the technician to check that may be causing collisions in a microsegments switch. Are legacy hubs connected to the switch? Is DHCP relay enabled? Is a packet sniffer being used? Is the frame size smaller than the Maximum Transmission Unit (MTU)? Legacy hubs often require half-duplex and can thus enable collisions within the segment branching from the switch port through the legacy hub. If packet collisions are an issue, upgrades should be considered. DHCP Relay is a function that enables IP addresses to be assigned from a server in a separate VLAN. It is related to connection issues but not packet collisions. With the exception of issues caused by power loss if an active tap is installed physically in a network, packet sniffers are not known to affect packet collisions. The frame size isn't usually relevant to packet collision, as small frames are padded and large frames are fragmented. may cause packet loss, but don't cause packet collision per se.

A team of network engineers are refurbishing copper Ethernet cabling in a FEMA office. The federal government requires that copper twisted pair cabling be terminated according to the T568A standard. To ensure termination is being done according to standard, what color conductor will be wired to the second pin? Brown Blue Orange Green In T568A and T568B, wires 2 and wires 6 are flipped, so that wire 2 is green in T568A and wire 6 is green in T568B, while wire 6 is orange in T568A and wire 2 is orange according to T568B. Solid brown is the color of wire 8 in both the T568A standard as well as the T568B standard. Solid blue is the color of wire 4 in both the T568A standard as well as the T568B standard. Wire 2 is orange in T568B, and in T568A wire 6 is orange

A network technician is using traceroute on a corporate network to make use of ICMP "Time Exceeded" in order to identify routers along a delivery path. Determine the TCP/IP feature that traceroute uses to accomplish this. Default route Fragmentation Time To Live (TTL) header field Static route The Time to Live (TTL) IP header field is reduced by one every time a packet is forwarded by a router (referred to as a hop). The packets that enable this can be used to identify routers on a route. Default routes are used when an exact match for a network or host route is not found. The request is forwarded to a DNS server. An IP datagram larger than the default 1500 bytes would have to be fragmented across more than one Ethernet frame. The packets are then reassembled after being received. A static route is manually added to the routing table and only changes if edited by the administrator

An enterprise network provides remote database services delivered using a commercial relational database management system (RDBMS) to employees of an architectural firm. To secure the data, TLS encryption is required by both the server and the client. Propose a method of configuring the authentication that will provide for this requirement. Use NoSQL databases Assign the RDBMS application to the TCP/5432 port Install certificates on the server and all clients Use secure file transfer protocol (SFTP) for the connection A public key infrastructure uses a Certificate Authority to issue certificates containing keys. By ensuring all clients have certificates that match the host, security can be assured. NoSQL databases are often compatible with SQL syntax and security, however, a NoSQL database is no more inherently secure than any database. PostgreSQL port TCP/5432 is a secure port that only nodes in the same cluster can connect to. It will not work as expected. SFTP is used for file transfers rather than database queries, and transferring entire databases over SFTP is not feasible.

A public school is installing a new two-way intercom system using raspberry-pi based devices as endpoints. Because of the real-time nature of the transmitted data, some packet loss is acceptable, while latency is not. Recommend a layer 4 transport protocol that will be best suited for no-acknowledgment, low-latency broadcast, or multicast traffic that will ignore lost packets. RIP TCP ICMP UDP UDP is frequently used for "lossy" (meaning they can withstand some packet loss) applications such as streaming music and video. It's also utilized in query-response applications like DNS queries. The Routing Information Protocol (RIP) is a distance vector routing protocol. It operates on the network layer, not the transport layer. Before it transmits data, TCP establishes a connection between a source and its destination, which it ensures remains live until communication begins. This can increase latency for lossy applications. Internet Control Message Protocol (ICMP) is used to relay status messages and connectivity results back to packet senders.

ystems administrator is trying to distribute client requests across server nodes in a farm or pool based on application-level data, such as a request for a particular URL. Which of the following should they set up? Layer 4 switch Content switch NIC teaming Multipathing With a Layer 7 or content switch, as web applications have become more complex, modern load balancers need to be able to make forwarding decisions based on application-level data, such as a request for a particular URL or data types like video or audio streaming. A layer 4 switch is a basic load balancer that makes forwarding decisions on IP address and TCP/UDP header values, working at the transport layer of the OSI model. Link aggregation means combining two or more separate cabled links between a host and switch into a single logical channel. From the host end, this can also be called NIC teaming. Multipathing means that a network node has more than one physical link to anot

A small organization is looking at cloud solutions, but does not possess the necessary number of servers to conduct operations or the appropriate number of employees to complete tasks. To support their mission, the organization attempts to provide incentives, such as working from home by using virtual desktops as a means to attract applicants and fulfill computing requirements without owning the required amount of servers. Which cloud model would probably suit the organization best? DaaS IaaS PaaS SaaS Desktop as a Service (DaaS) is a means of provisioning virtual desktop infrastructure (VDI) as a cloud service. VDI allows a client browser to operate an OS desktop plus software. Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly. Platform as a Service (PaaS) provides resources somewhere between SaaS and IaaS. A typical PaaS solution would deploy servers and storage infrastructure but also provide multi-tier web application/database platforms on top. Software as a Service (SaaS) is a different model of provisioning software applications. Rather than purchasing specified amounts of software licenses, a business would access so

A server manager has just been hired and they notice that sometimes servers are set up in different ways and some important steps end up getting missed. They want to set out the principal goals and considerations, such as budget, security, or customer contact standards, for performing a task and identify lines of responsibility and authorization for performing it. What should they set up to do this? SOP Change management Configuration management Audit report

A standard operating procedure (SOP) sets out the principal goals and considerations, such as budget, security, or customer contact standards, for performing a task and identifies lines of responsibility and authorization for performing it. A documented change management process minimizes the risk of unscheduled downtime by implementing changes in a planned and controlled way. Configuration management means identifying and documenting all the infrastructure and devices installed at a site. An audit report focuses on identifying and recording assets. There are many software suites and associated hardware solutions available to assist.

A network engineer is troubleshooting a packet loss issue on a small corporate Internet of Things (IoT) network. The issue began occurring after a legacy device was added to the network, and the engineer has noted that the MTU size on the router is less than the default 1500, at 750 MTU. Propose a likely cause of the packet loss by the legacy device. The legacy device is not compatible with the networks routing protocols The legacy device is too many hops displaced from the router Packets from the legacy device are below minimum size in bytes The legacy device does not support fragmentation An IP datagram larger than 750 bytes would have to be fragmented across more than one Ethernet frame. Since the default MTU is 1500, most clients will be configured for that. If the legacy device does not support fragmentation, packets will be lost. Routing protocols define how routers select routes between nodes on a computer network. Routing protocol issues are not indicated directly by MTU misconfiguration. Time To Live (TTL) and hop count are not indicated or affected directly by MTU configuration. It is unlikely the packets were too small given the router is using a non-standard MTU size that is

A systems administrator is researching an identity and access management (IAM) system to mediate the use of objects by subjects. Which of the following components determines what rights subjects should have on each resource? Authentication Accounting Authorization Identification Authorization determines what rights subjects should have on each resource and enforcing those rights. In computer security, the basis of access control is usually an access control list (ACL). Authentication proves that a subject is who or what it claims to be when it attempts to access the resource. Accounting tracks authorized usage of a resource or use of rights by a subject and alerts when unauthorized use is detected or attempted. Identification creates an account or ID that identifies the user, device, or process on the network. These are the four components of an identity and access management (IAM) system.

A network cable installer is installing copper cabling in an office for a new network. The installer needs to close a gap of about 150 ft. ending in an RJ-45 termination. What is the lowest possible category of cable needed to maintain 10 Gigabit Ethernet speeds? Cat 5e Cat 6 Cat 8 Cat 7 Category 6 unshielded twisted pair (UTP) copper cabling can support 10GBASE-T standard speeds at a distance of up to 180 ft. (55 m). Category 5e supports a maximum speed of 1 Gbps at a maximum distance of up to 328 ft (100 m). Category 8 cabling can support speeds up to 40 Gbps up to 100 ft (30 m) and would be overshooting requirements of 10GBASE-T. Category 7 unshielded twisted pair (UTP) copper cabling can support 10GBASE-T standard speeds at a distance of up to 328 ft (100 m). While Cat 7 cables would be ideal for these conditions, it is not the lowest possible category of cable that meets the requirements.

A systems administrator is setting up conferencing servers that they want to be publicly available. What should the system administrator set up for protocol-specific inbound traffic? Forward Proxy Reverse Proxy Nontransparent proxy Transparent proxy A reverse proxy server provides for protocol-specific inbound traffic. Reverse proxies can publish applications from the corporate network to the Internet in this way. A forwarding proxy server provides for protocol-specific outbound traffic. A multipurpose forward proxy is one configured with filters for multiple protocol types, such as HTTP, FTP, and SMTP. A nontransparent server means that the client must be configured with the proxy server address and port number to use it. A transparent (or "forced" or "intercepting") proxy intercepts client traffic without the client having to be reconfigured. A transparent proxy must be implemented on a switch or router or other inline network appliance.

A network consultant has just arrived on-premises to address a support ticket regarding several users being unable to log in. Decide which of the following courses of action the consultant should take first. Verify full system functionality Question users Confirm a theory Establish a plan of action Questioning users is a part of the first troubleshooting step, identifying the problem. The problem must be identified first, and questioning users regarding details of the problem will help with that. Verification of system functionality is a way of checking whether a solution worked, so it is among the last steps in the troubleshooting methodology. A theory has to be established before it can be confirmed, and theories can't even be formulated without investigation. A plan has to be established before it can be acted upon. A plan can't be formulated without more information.

A systems administrator is trying to distribute client requests across server nodes in a farm or pool based on application-level data, such as a request for a particular URL. Which of the following should they set up? Layer 4 switch Content switch NIC teaming Multipathing With a Layer 7 or content switch, as web applications have become more complex, modern load balancers need to be able to make forwarding decisions based on application-level data, such as a request for a particular URL or data types like video or audio streaming. A layer 4 switch is a basic load balancer that makes forwarding decisions on IP address and TCP/UDP header values, working at the transport layer of the OSI model. Link aggregation means combining two or more separate cabled links between a host and switch into a single logical channel. From the host end, this can also be called NIC teaming. Multipathing means that a network node has more than one physical link to another node.

A corporate network is configured with authentication based on digitally signed certificates issued by an approved certificate authority. Select the type of authentication being used. Local Authentication Public Key Infrastructure Single Sign-On Multifactor Authentication A public key infrastructure uses a Certificate Authority to issue certificates containing keys. By ensuring all clients have certificates that match the host, security can be assured. Anyone issuing public keys under PKI must acquire a digital certificate. The local authentication provider is the software architecture that enables the process for authenticating the user before launching a shell. A single sign-on (SSO) solution enables a user to authenticate once to a local device and access compatible application servers without entering credentials again. MFA is an authentication system that requires the user to submit at least two separate elements as credentials, such as something you know, something you have, something you are, something you do, and somewhere you are.

A team of network consultants is configuring an Internet of Things (IoT) network. The team is considering network topologies in the context of the IoT devices being used, which are all within 100 meters of one another, are battery-powered, and communicate via the Zigbee protocol. Recommend a network topology that will save power, scale easily to thousands of IoT sensor devices while saving power by cooperating with nearby devices. Mesh Star Bus Ring Mesh networks provide excellent redundancy, because other routes, via intermediary devices, are available between locations if a link failure occurs. In a star topology, each endpoint node is connected to a central forwarding node, such as a hub, switch, or router. The central node mediates communications between the endpoints. A physical bus topology is a shared access topology, meaning that all nodes share the bandwidth of the media. All nodes attach directly to a single cable segment via cable taps. In a physical ring topology, each node is wired to its neighbor in a closed loop. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor until the transmission reaches its intended destination

A manufacturing company utilizes multiple access points (APs) spread across its factory. The APs all share an SSID to allow client roaming. Since there are areas where it is difficult to run cabling, a wireless distribution system is used, where the main router is connected to the Internet and the rest are set in repeater mode. What is true about the channels used by the APs? Each AP must have a different channel APs should avoid using channels that overlap All APs must use the same channel Roaming channel aggressiveness should be set as high as possible In a wireless distribution system (WDS) setup with repeater mode, all APs must use the same channel to maintain the communication between the main AP and repeaters. Using different channels is the common practice for APs connected via Ethernet to avoid interference, but in a repeater mode setup with WDS, this is not the case. Avoiding channel overlap is a best practice when APs are independently connected via Ethernet to prevent interference. However, in a WDS with repeaters, the APs need to operate on the same channel. Roaming aggressiveness is a setting that determines how frequently the client device will look for a better AP

An electric power company is onboarding new employees for its IT/network team. The employees will be responsible for managing switches that connect a variety of Internet of Things (IoT) field devices. Determine the most relevant password policy rule to be applied that the network switch requires in order to align with NIST password recommendations for critical infrastructure. 8 characters minimum password length 14 character minimum password length Use of special characters to increase complexity Periodically reset the password NIST Special Publication 800-63B establishes a 14 character minimum password length for critical infrastructure such as switches. NIST asserts that password length is more important than password complexity in terms of password security. NIST Special Publication 800-63B prescribes that all user passwords be a minimum of 8 characters, and that length is more important than complexity. NIST Special Publication 800-63B deprecates the use of special characters in passwords, as they can be guessed by detecting patterns in the use of special characters. NIST Special Publication 800-63B deprecates periodic password resets, asserting they merely give attackers chances to recognize user patterns.

A virtualization specialist is configuring a host-based hypervisor so that software engineers can test their code in a variety of OS and hardware environments from right on their Mac Pro workstations, using a combination of virtualization and emulation techniques. Select a Type II hypervisor that will fulfill the specialists requirements. VMware ESXi® Server Microsoft's Hyper-V® Oracle® Virtual Box Citrix's XEN Server Oracle VM VirtualBox is virtualization software that runs on multiple platforms. It enables users to expand their existing machine to run several operating systems simultaneously, including Microsoft Windows, Mac OS X, Linux, and Oracle Solaris. VMware ESXi is a type-1 enterprise hypervisor created by VMware for deploying and managing virtual machines. ESXi, being a type-1 hypervisor, is not a software application that is placed on an operating system; rather, it incorporates and integrates critical OS components such as a kernel. Hyper-V allows you to run multiple operating systems as virtual machines on Windows with hardware virtualization. Xen is a type-1 hypervisor that provides services that allow several computer operating systems to run simultaneously on the same com

An internet user types a fully qualified domain name (FQDN) into the URL bar of the Google Chrome web browser. Chrome then checks its local cache for the correct mapping before querying the local name server. Evaluate the role of the Chrome web browser in this scenario. Stub resolver Authoritative name server Root server Recursive resolver The function of a resolver is to perform recursive queries in response to requests from client systems (stub resolvers). The stub resolver acts as an intermediary between the application requiring DNS resolution and a recursive DNS resolver. Recursive DNS nameservers rely on authoritative DNS nameservers to tell them where to find certain domains. A root name server is a name server that manages the root zone of the Internet's Domain Name System. It directly responds to queries for root zone records and returns a list of authoritative name servers for the relevant top-level domain for all other requests. The first stop in a DNS query is a recursive resolver (also known as a DNS precursor). Between a client and a DNS nameserver, the recursive resolver serves as a go-between.

As an organization is preparing for an upcoming inclement weather season, the server team has been asked to introduce a device to their server room that will provide a temporary power source solely to the server in the event of a blackout. This protection will ensure that the server is protected from spiking electrical charges associated with the incremental current. What is the name of this device? A. UPS B. HVAC C. Fire Suppression D. Backup Generator

An uninterruptible power supply (UPS) will provide a temporary power source in the event of a blackout. UPS runtime may range from a few minutes for a desktop-rated model to hours for an enterprise system. Heating, Ventilation, Air Conditioning (HVAC) systems provide services to maintain an optimum working environment for different parts of the building. Fire suppression systems work on the basis of the fire triangle. The fire triangle works on the principle that fire requires heat, oxygen, and fuel to ignite and burn. A backup power generator can provide power to the whole building, often for several days.

A network cabling installer is installing cable in a senior care center. A distance of about 80 meters (262 feet) must be connected with a single copper twisted-pair Ethernet cable. What is the minimum acceptable class of cable for covering the distance at 10GBASE-T without repeaters? A. Cat 6a B. Cat 6 C. Cat 5e D. Cat 7

Cat 6a can support 10GBASE-T at 100 m (328 ft), so 6a would be the lowest category that could be used to maintain 10GBASE-T at the distance given. Cat 6 can support 10 Gbps over short distances, nominally 55 m, but often less if cables are closely bundled together. 80 m is too far Cat 6. Cat 5e would still be an acceptable choice for providing network links for workstations, but cannot sustain 10GBASE-T speeds at any distance. Cat 7 is not recognized by TIA/EIA but appears in the cabling standards created by the ISO, and uses non-standard connectors. Cat 7 would maintain 10GBASE-T but is not the lowest usable category of cable that is usable.

A small organization is looking at cloud solutions, but does not possess the necessary number of servers to conduct operations or the appropriate number of employees to complete tasks. To support their mission, the organization attempts to provide incentives, such as working from home by using virtual desktops as a means to attract applicants and fulfill computing requirements without owning the required amount of servers. Which cloud model would probably suit the organization best? DaaS IaaS PaaS SaaS Desktop as a Service (DaaS) is a means of provisioning virtual desktop infrastructure (VDI) as a cloud service. VDI allows a client browser to operate an OS desktop plus software. Infrastructure as a Service (IaaS) is a means of provisioning IT resources such as servers, load balancers, and storage area network (SAN) components quickly. Platform as a Service (PaaS) provides resources somewhere between SaaS and IaaS. A typical PaaS solution would deploy servers and storage infrastructure but also provide multi-tier web application/database platforms on top. Software as a Service (SaaS) is a different model of provisioning software applications. Rather than purchasing specified amounts of so

How does the TCP/IP protocol suite resolve the machine hardware address of the target IP if the target IP is on a remote network? The Internet Group Management Protocol (IGMP) From the host ID portion of the IP address From the subnet ID portion of the IP address Determine the MAC address of the default gateway using ARP cache If the destination address is on a remote network, then the local host must use its default gateway to forward the packet. Therefore, it must determine the MAC address of the default gateway using ARP. The Internet Group Management Protocol (IGMP) is typically used to configure multicast group memberships and IP addresses. The Host ID portion of the IP address does identify the host on a network level, however, the hardware MAC address of a remote host cannot be resolved without further action. The subnet ID identifies the particular subnet the target is on, however, the individual machine address and the main network of the subnet itself cannot be discovered without further action.

A security administrator receives an alert about a possible attack against the SAE protocol. Which wireless authentication mechanism uses this? A. WEP B. WPA C. WPA2 D. WPA3

In WPA3, the Simultaneous Authentication of Equals (SAE) protocol replaces the 4-way handshake, which has been found to be vulnerable to various attacks. WEP is an old protocol that is no longer safe to use, though it does not use the SAE protocol. WEP uses an outdated RC4 stream cipher to encrypt traffic. The first version of Wi-Fi Protected Access (WPA) was designed to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. In WPA2, pre-shared key (PSK) authentication uses a passphrase to generate the key that is used to encrypt communications. It is also referred to as group authentication because a group of users share the same secret.

How can an IPv4 host send packets to all addresses in a particular subnet? Using a unicast packet, addressed to the IP address of the destination host Send packets to the closest node in a group By sending a packet to the network or subnet's last possible IP address according to the last octet Sending packets to subscribed nodes A broadcast address is used to send packets to groups of addresses that share a broadcast domain. This groups together devices on the same switch, or on the same VLAN. Unicast packets are addressed to a single receiving IP. They are received by the target only. Anycast addressing routes packets to the closest node in a target group, balancing load, and improving failover. Anycasting provides routing efficiency. Multicast addressing allows a list of addresses in a predefined range to join a multicast group and receive packets targeted at that multiclass group.

PBQ 2 The WAN gateway is connected directly to the Internet through its WAN port. The home access point (AP) connects directly to the gateways LAN1 port via the home APs WAN port. Per the client's request, the technician will start subnetting at x.x.x.1 with the WAN gateway and home AP. The WAN gateway does not require a static route or forwarding, and the technician must enable the DHCP to allow the gateway to obtain IP addresses from the ISP. However, the technician should set the WAN gateway with a static IP with 0 as the fourth octet. The technician will configure the home AP mostly as is usual for a home setup, with DHCP enabled. A static IP will be configured for the home router in the x.x.x.1 subnet starting at x.x.1.1 for the router. Static routing is not required, but it should forward traffic to the server. VLAN2, representing the office network, will be configured to the unused LAN4 port, which will connect directly to the WAN port of the office router. The office router will share a subnet with the home AP, with DHCP disabled and a static route set directly to the home AP for address resolution. A static IP will have to be configured on the office router for this, as well. The technician should place the office server in the DMZ of the x.x.x.2 subnet to allow home devices in and while still maintaining invisibility of home devices to the office devices. The office router will forward traffic through to the home AP. The office server will then serve as the domain controller for the wired office network.

PBQ 1 Compare and contrast IoT devices.

Reduction of congestion and jitter are key components of maintaining a reliable IoT network. Some settings and best practices differ from other types of networks. Use some form of encryption for communications on an IoT network due to the potential high impact combined with a wide attack surface. DTLS is a good option. Several messaging protocols exist for publish-subscribe messaging used in networks with large numbers of devices intercommunicating with one another. CoAP is one commonly used example of one such "message broker" protocol. DTLS-secured CoAP uses port 5684. Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and adjusting that information to change device behavior. Network administrators frequently use SNMP for network monitoring. SNMP provides management data in the form of variables on managed systems, detailing the system status and configuration, which may subsequently be queried remotely by managing software. Given the option, UDP is generally preferable to TCP for loT networks because loT communications focus on low-latency communications more so than reliability. UDP header size is light-weight compared to the TCP header size and is connectionless, which reduces overhead. The messaging protocol CoAP works over UDP and is compatible with security protocols like DTLS. However, Power Saving Modes are best avoided with UDP to eld Devices. To ensure messages and heartbeats pass correctly, redundancy in the form of link aggregation load balancing is useful and recommended. IANA has allocated the block 100.64.0.0/10 (100.64.0.0 to 100.127.255.255, netmask 255.192.0.0) for use in carrier-grade NAT scenarios. The range 127.0.0.0/8 is reserved for local loopback addresses. The range 192.168.0.0/16 was outlined in RFC1918 as usable for private, non-routable addresses, so addresses within that range, specifically 192.168.1.0/24 and 192.168.2.0/24 in this scenario. Two (2) seconds is the best heartbeat in this situation since it is the longest available that is less than the Keepalive value. This reduces congestion without allowing active devices to be disconnected.

A network consultant is asked to install environmental sensors on the organization's server to monitor conditions in the server rack. Which of the following factors need monitoring? (Select all that apply.) Temperature Storage Humidity Electrical

Regarding temperature, high temperature will make it difficult for device and rack cooling systems to dissipate heat effectively. More water vapor in the air (humidity) risks condensation forming within a device chassis, leading to corrosion and short circuit faults. Computer systems need a stable (electrical) power supply, free from outages (blackouts), voltage dips (brownouts), and voltage spikes and surges. Sensors built into power distribution systems and backup battery systems can report deviations from a normal power supply. Some network devices require persistent storage (typically, one or more flash drives) to keep configuration information and logs. Storage is measured in MB or GB

Which Open Systems Interconnection (OSI) model layer is responsible for the transmission of bits of data? A. Physical B. Datalink C. Network D. Transport

The physical layer of the OSI model (layer 1) is responsible for the transmission and receipt of the signals that represent bits of data from one node to another node. The data link layer (layer 2) is responsible for transferring data between nodes on the same logical segment. At the Data Link layer, a segment is one where all nodes can send traffic to one another using hardware addresses. The network layer (layer 3) is responsible for moving data (routing) around a network of networks, known as an internetwork or the Internet. The transport layer is known as the end-to-end or host-to-host layer. A function of the transport layer is to identify each type of network application by assigning it a port number.

A data center network administrator working for a cloud services company is configuring an SDN that is optimized for east-west traffic. The SDN must be loop-free so that spanning tree protocol is not required, instead utilizing a protocol called Equal Cost Multipathing (ECMP) to distribute traffic between the links to the top-tier switches. Most importantly, all server resources will be on-premises, so the solution should avoid the use of the public Internet and the use of Protocol-Independent Multicast (PIM) protocols, instead establishing private links with guaranteed service levels to operate as an overlay network and configure point-to-point or point-to-multipoint links between nodes without respect to the underlying physical and data link topologies (in other words, tunneling through the network layer). The SDN must also feature multipath redundancy to allow for load balancing and failover. Choose a multipath routing protocol that will best fulfill these requirements. Generic Routing Encapsulation (GRE) with OSPF Multiprotocol Label Switching (MPLS) with Shortest Path Bridging (SPB) Multipoint Generic Routing Encapsulation (mGRE) with BGP VXLAN encapsulation Shortest Path Bridging (

What is the lowest ANSI/TIA/EIA copper Ethernet cabling category available in the form of shielded/foiled twisted pair (S/FTP), and is often recommended for use in healthcare settings? 5e 8 6 6a Category 6a fully shielded cabling has a braided outer screen and foil-shielded pairs and is referred to as shielded/foiled twisted pair (S/FTP). Category 5e can include one thin outer foil shield around all pairs. Known as screened cable, it is usually designated as foiled/unshielded twisted pair (F/UTP). Category 8 cabling can support one thin outer foil shield around all pairs. Known as screened cable, it is usually designated as foiled/unshielded twisted pair (F/UTP). Category 6 can support one thin outer foil shield around all pairs. Known as screened

A network technician is using Nmap to map a corporate network. The technician has privileged access to the network driver to support packet crafting and decides to do a half-open scan to limit visibility in logs. Select the Nmap argument that will perform this half-open scan. -sT -sS -sU -p The -sS flag in Nmap initiates a SYN "half-open" scan. It requires privileged access as it involves raw packet crafting. A SYN scan sends a SYN packet (as if it were initiating a standard TCP handshake), and then waits for a response. The response can reveal whether the port is open. This scan type is less likely to be logged, hence considered stealthier. The -sT flag in Nmap initiates a TCP Connect scan, which establishes a full three-way handshake with the target host. This does not require privileged access, but it is not a half-open scan, and it will leave records in the logs on the target system. The -sU flag in Nmap initiates a UDP scan. UDP, being a connectionless protocol, has a different behavior than TCP. UDP scanning is typically slower and does not represent a half-open scan. The -p flag in Nmap is used to specify a port or range of ports to be scanned, not the type of scan. It does

What is the lowest ANSI/TIA/EIA copper Ethernet cabling category available in the form of shielded/foiled twisted pair (S/FTP), and is often recommended for use in healthcare settings? 5e 8 6 6a Category 6a fully shielded cabling has a braided outer screen and foil-shielded pairs and is referred to as shielded/foiled twisted pair (S/FTP). Category 5e can include one thin outer foil shield around all pairs. Known as screened cable, it is usually designated as foiled/unshielded twisted pair (F/UTP). Category 8 cabling can support one thin outer foil shield around all pairs. Known as screened cable, it is usually designated as foiled/unshielded twisted pair (F/UTP). Category 6 can support one thin outer foil shield around all pairs. Known as screened cable, it is usually designated as foiled/unshielded twisted pair (F/UTP).

A network is segmented into separate VLANs that are assigned to ports on a managed switch. Users are reporting that network access is down in all of the VLAN segments but one. The network administrator surmises that the main server assigning IP addresses is in the working VLAN and the other VLANs are having issues accessing it, as each VLAN is in a separate broadcast domain. Prescribe an action to take that will enable the segmented VLANs to be assigned IP addresses from across broadcast domains. Enable DHCP Relay on the switch Check the ARP table cache Ensure DNS server is properly configured Ensure IGMP snooping is enabled at the switch The DHCP Relay function needs to be enabled in the configuration or settings page of a router to forward DHCP traffic where the client and server are in different subnets. The Address Resolution Protocol (ARP) is used by hosts to determine which MAC address is associated with an IP address on the local network. To optimize this process, the results of an ARP broadcast are cached in an ARP table. A domain name service (DNS) server is used for name resolution for network connections. DNS is not related to multicast flooding issues. To prevent multicast fl

Which IEEE wireless standard is designated as using high efficiency (HE), allowing throughput speeds of up to approximately 4800 Mbps over a 5 Ghz channel using Orthogonal Frequency Division Multiplexing with Multiple Access (OFDMA) modulation and UL-MIMO beamforming and can potentially reach approximate 10G speeds using a 6 Ghz frequency? 802.11ah 802.11n 802.11ac 802.11ax Wi-Fi 6 (802.11ax) uses more complex OFDM with multiple access (OFDMA) modulation and signal encoding to improve the amount of data sent per packet by about 40%. 802.11ah (Wi-Fi HaLow) uses the 900 MHz band for a much better range at much lower power. 802.11n products can use channels in the 2.4 GHz band or the 5 GHz band. The data rate for 802.11n is 72 Mbps per stream. 802.11ac provides downlink multiuser-MIMO which allows the AP to use its multiple antennas to process a spatial stream of signals in one direction separately to other streams. 802.11ac does not provide uplink MU-MIMO, and does not support 6 Gh

While performing a resiliency test for availability, a technician is trying to calculate the amount of data loss that a system can sustain before the data is unrecoverable if it was targeted by a virus, and just how far back in time from the disaster that would be. What is the technician testing for? Work recovery time Recovery point objective Recovery time objective Maximum tolerable downtime Recovery Point Objective is the amount of data loss that a system can sustain, measured in time units. That is, if a database is destroyed by a virus, an RPO of 24 hours means that the data can be recovered from a backup copy to a point not more than 24 hours before the database was infected. Following systems recovery, there may be additional work to reintegrate different systems, restore data from backups, and test overall functionality. This is called work recovery time. Recovery time objective (RTO) is the period following a disaster that an individual IT system may remain offline. The Maximum Tolerable Downtime (MTD) metric states the requirement for a business function.

While conducting an analysis, a network technician is attempting to determine the amount of information that can be transmitted in bits per second (bps). What is the technician attempting to measure? Bandwidth Latency Jitter QoS Bandwidth is the amount of information that can be transmitted, measured in bits per second (bps), or some multiple thereof. Latency is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms). Jitter is defined as being a variation in the delay. Jitter manifests itself as an inconsistent rate of packet delivery. Jitter is also measured in milliseconds, using an algorithm to calculate the value from a sample of transit times. Quality of Service (QoS) protocols and appliances are designed to support real-time services. Applications such as voice and video that carry real-time data have different network requirements to the sort of data represented by file transfer

ertificate authority. Select the type of authentication being used. Local Authentication Public Key Infrastructure Single Sign-On Multifactor Authentication A public key infrastructure uses a Certificate Authority to issue certificates containing keys. By ensuring all clients have certificates that match the host, security can be assured. Anyone issuing public keys under PKI must acquire a digital certificate. The local authentication provider is the software architecture that enables the process for authenticating the user before launching a shell. A single sign-on (SSO) solution enables a user to authenticate once to a local device and access compatible application servers without entering credentials again. MFA is an authentication system that requires the user to submit at least two separate elements as credentials, such as something you know, something you have, something you are, something you

company has installed a security device that automatically analyzes the network traffic and system and application logs to identify malicious activity by matching activity patterns to a signature database. The device is configured to alert the network security administrator upon matching a signature but takes no further action. Deduce the device the company has installed. Intrusion Prevention System (IPS) Intrusion Detection System (IDS) Proxy Server Appliance Firewall Intrusion prevention software (IPS) can provide an active response to any network threats that it detects. Ending the session by sending a TCP reset message to the attacker's computer is a common preventative technique. An intrusion detection system (IDS) performs real-time analysis of either network traffic or system and application logs. If a pattern is matched in a traffic stream, the IDS raises an alert. A server that acts as a middleman between a client and another server. It may filter and often alter communications while also providing caching services to increase efficiency. An application or software that protects a system or network by blocking unwanted network traffic is known as a firewall.

A network administrator is configuring a switching network based on the three-tiered hierarchy model used by Cisco. Which tier of Cisco's modular design principles would the administrator most likely install a Layer 2 LAN switch? Distribution Layer Access Layer Core Layer Transport Layer The access or edge layer allows end-user devices, such as computers, printers, and smartphones to connect to the network. The distribution or aggregation layer offers fault-tolerant linkages between distinct access blocks and either the core or other distribution blocks. The core layer provides a highly available network backbone. Routers or layer 3 switches in the core layer form a complete mesh topology with distribution layer switches. The transport layer of the OSI model is not a part of the three-tiered hierarchy model and represents an entirely different concept. It is the fourth layer of the OSI model and provides host-to-host communication services for application

etwork technician is manually configuring speed and duplex settings in a managed switch, in order to define specific speeds for specific devices. After testing the manual configuration of a single test device, the technician notes that the LED indicator corresponding to the port the test device is connected to is blinking amber. Recommend a next step for the technician to investigate. Check duplex settings Wait for the connection to complete Ensure cable is plugged into test device and power is on The link is connected with no traffic --> If a host is set to a fixed configuration and is manually configured to 100 Mbps/full-duplex, the link will fail. A speed mismatch will cause the link to fail, while a duplex mismatch will slow the link down (it will cause high packet loss and late collisions). A blinking amber light indicates a fault has been detected. Waiting won't solve the problem in this case. If there was no power to the test device or the cable was unplugged, there would be no light at all. Indicator light for a normal, healthy ethernet connection with no traffic given to the port is a solid, unblinking green. Anything else indicates some sort of problem.

A systems administrator is setting up conferencing servers that they want to be publicly available. What should the system administrator set up for protocol-specific inbound traffic? Forward Proxy Reverse Proxy Nontransparent proxy Transparent proxy A reverse proxy server provides for protocol-specific inbound traffic. Reverse proxies can publish applications from the corporate network to the Internet in this way. A forwarding proxy server provides for protocol-specific outbound traffic. A multipurpose forward proxy is one configured with filters for multiple protocol types, such as HTTP, FTP, and SMTP. A nontransparent server means that the client must be configured with the proxy server address and port number to use it. A transparent (or "forced" or "intercepting") proxy intercepts client traffic without the client having to be reconfigured. A transparent proxy must be implemented on a switch or router or ot

level possible. They need to set up multiple physical routers to serve as a single default gateway for a subnet, but do not want to use a proprietary protocol. Which of the following will help them accomplish this? (Select all that apply.) CARP HSRP LACP VRRP The Common Address Redundancy Protocol (CARP) enables multiple hosts to share an IP address on the same network segment so that they can act as a default gateway. The open standard protocol Virtual Router Redundancy Protocol (VRRP) allows the automatic assignment of IP routers to act as a default gateway on a single subnet. The Hot Standby Router Protocol (HSRP) allows multiple physical routers to serve as a single default gateway for a subnet, but it is a proprietary protocol developed by Cisco. The Link Aggregation Control Protocol (LACP) detects configuration errors and recovers from the failure of one of the physical links.

While performing a resiliency test for availability, a technician is trying to calculate the amount of data loss that a system can sustain before the data is unrecoverable if it was targeted by a virus, and just how far back in time from the disaster that would be. What is the technician testing for? Work recovery time Recovery point objective Recovery time objective Maximum tolerable downtime Recovery Point Objective is the amount of data loss that a system can sustain, measured in time units. That is, if a database is destroyed by a virus, an RPO of 24 hours means that the data can be recovered from a backup copy to a point not more than 24 hours before the database was infected. Following systems recovery, there may be additional work to reintegrate different systems, restore data from backups, and test overall functionality. This is called work recovery time. Recovery time objective (RTO) is the period following a disaster that an individual IT system may remain offline. The Maximum Tolerable Downtime (MTD) metric states the requirement for a business function.

n enterprise network provides remote database services delivered using a commercial relational database management system (RDBMS) to employees of an architectural firm. To secure the data, TLS encryption is required by both the server and the client. Propose a method of configuring the authentication that will provide for this requirement. Use NoSQL databases Assign the RDBMS application to the TCP/5432 port Install certificates on the server and all clients Use secure file transfer protocol (SFTP) for the connection A public key infrastructure uses a Certificate Authority to issue certificates containing keys. By ensuring all clients have certificates that match the host, security can be assured. NoSQL databases are often compatible with SQL syntax and security, however, a NoSQL database is no more inherently secure than any database. PostgreSQL port TCP/5432 is a secure port that only nodes in the same cluster can connect to. It will not work as expected. SFTP is used for file transfers rather than database queries, and transferring entire databases over SFTP is not feasible

security auditor for a major company is performing a compliance audit in accordance with their companies' policy. They are currently assessing the likelihood and impact (or consequence) of a threat actor exercising a vulnerability. What is this referred to as? Threat Attack vector Risk Vulnerability Risk is the likelihood and impact (or consequence) of a threat actor exercising a vulnerability. A threat is the potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. The person or thing that poses the threat is called a threat actor or threat agent. The path or tool used by a malicious threat actor can be referred to as the attack vector. A vulnerability is a weakness that could be accidentally triggered or intentionally exploited to cause a security breach.

n organizational employee contacts the network security office stating that their computer is saying that if $1,000,000 is not paid to a certain bank router in the Cayman Islands, then all server and legacy business data will be deleted. What is the organization experiencing at this moment? Malware Ransomware Botnet Evil Twin Ransomware is a type of malware that tries to extort money from the victim. One class of ransomware will display threatening messages, such as requiring Windows to be reactivated or suggesting that the computer has been locked by the police because it was used to view child pornography or for terrorism. Malware can be defined simply as software that does something bad, from the perspective of the system owner. A botnet is a group of compromised hosts that can be used to launch DDoS and DRDoS attacks. A rogue AP masquerading as a legitimate one is called an evil twin.

network specialist is installing a VoIP gateway in an office building that uses a legacy analog phone system. The office managers want to be able to use the old phone handsets and fax machines as well as add new VoIP endpoints but plans to cancel services with the company providing the analog telephone services and replace all legacy voice cabling. Plan a method for providing VoIP services while retaining legacy handsets and fax machines. (Select all that apply.) Connect all devices to the legacy PBX and connect that to the legacy telephone network as well as to the Internet through a voice gateway behind the edge router Install a VoIP PBX between the VoIP service provider and VoIP endpoints, and a Foreign Exchange Subscriber (FXS) voice gateway connecting legacy hardware to the new PBX Connect legacy devices to the legacy PBX and connect that to the legacy telephone network directly through an analog Foreign Exchange Office voice gateway Connect new devices to the VoIP PBX and connect that to the legacy telephone network directly through an analog Foreign Exchange Office voice gateway A VoIP gateway or adapter can be used to connect POTS handsets and fax machines to a VoIP PBX. This typ

pany has deployed a large network of PLC devices in its manufacturing facilities. The company has recently laid off several employees who had regular access to the configuration settings of the PLC devices through workstations connected to the PLC firmware through Secure Shell (SSH) sessions authenticated with public key infrastructure (PKI). Plan the proper actions for remediation of the client device and management of the keys associated with the user accounts of the former employees. (Select all that apply.) Copy new public key to SSH server Regenerate a new key pair on the client device Delete the old public key from the appliance Re-use the old public key After regenerating a new public key, it needs to be added to the SSH server and configured before it can be used. A new key is needed to replace the former employee's authentication keys since they have been blocked. Deletion of old keys, public and private, is paramount to any reliable security policy. Deletion of the user's authentication certificates and keys should be the first action performed as part of offboarding. It is against any good security policy, not to mention legal and industry regulations, to reuse keys or certificates for the authentication of different users or devices. It is also not necessary.

A network consultant is considering potential upgrades for a network that utilizes an edge router that connects to a layer 2 switch, which has ports subinterfaced into multiple VLANs per port. Suggest an upgrade that will increase the efficiency of routing between VLANs by mapping IP addresses to MAC addresses for hardware forwarding. Replace the Layer 2 switch with a hub Replace the Layer 2 switch with a bridge Replace the Layer 2 switch with a Layer 3 switch Replace the edge router with a router/firewall combination device A layer 3 capable switch is optimized for routing between VLANs, and maintains a mapping table of IP addresses to MAC addresses so that when a path is established, it can use low-latency hardware-based forwarding. 100BASE-TX can be implemented with a hub, but most networks started to replace hubs with switches as the connection point for end systems. The contention-based access method used by a hub does not scale to large numbers of end systems within the same collision domain. A bridge is a type of intermediate system that joins physical network segments while minimizing the performance reduction of having more nodes on the same network. Firewall functionality is re

service provider has terminated a T1 link to a mid-sized company using the T-carrier system. After patching from where the service provider terminated their connection, where would the customer connect for connectivity? Demarc point DSU RJ-48X interface PBX The customer connects to the CSU / DSU. The cabling from the smartjack to the CSU/DSU can use an ordinary RJ-45 patch cord. A T1 line from the service provider is terminated at the demarc on a smartjack or Network Interface Unit (NIU). The smartjack has an RJ-48C or RJ-48X interface on the customer side that is used to connect to the customer's Channel Service Unit/Data Service Unit (CSU/DSU). The DSU encodes the signal from Data Terminal Equipment (DTE)—that is, the company's private branch exchange (PBX) internal telecoms system and/or an IP router—to a serial digital signal transmitted over copper wiring.