Measure Up Comptia Network +
A network administrator is configuring SNMP and needs to specify an element in an MIB hierarchy for monitoring. What should the administrator enter? 3FFE:0:0:1:200:F8FF:FE75:50DF 00-14-22-01-23-45 172.30.12.155 1.3.6.1.2.1.14.2
1.3.6.1.2.1.14.2 The network administrator should enter 1.3.6.1.2.1.14.2. This is an object identifier (OID). OIDs are pointers to elements in an Simple Network Management Protocol (SNMP) management information base (MIB), which are hierarchical representations of systems or nodes. The 1.3.6.1.2.1.14.2 points to Open Shortest Path First (OSPF) metrics on a Cisco router. Many network equipment vendors create and publish MIBs for their products. 172.30.12.155 is an IP version 4 (IPv4) address. IP addresses are used on TCP/IP networks to uniquely identify nodes at layer 3 of the Open Systems Interconnection (OSI) model. 3FFE:0:0:1:200:F8FF:FE75:50DF is an IPv6 address. Like IPv4 addresses, IPv6 addresses identify network nodes. IPv6 addresses are used on networks running IP version 6. 00-14-22-01-23-45 is a Media Access Control (MAC) address. MAC addresses are burned-in, or programmed, into a network controller by the manufacturer. They uniquely identify nodes at layer 2 of the OSI model.
Headquarters requests a new IP subnet. The solution must meet the following requirements: IPv4 class A address type Private IP address At least 15 usable IP addresses within the range Which subnet would meet the requirements? 10.10.10.0/30 172.16.1.0/27 10.10.10.128/27 10.1.1.32/28 1.10.10.0/27
10.10.10.128/27 The subnet 10.10.10.128/27 matches the requirements. The first requirement is to use a class A address type, which means the first octet will range from 0-126.The following private IP address spaces are assigned by IETF: Class A: 10.0.0.0 - 10.255.255.255 Class B: 172.16.0.0 - 172.31.255.255 Class C: 192.168.0.0 - 192.168.255.255 Finally, the new subnet should offer at least 15 usable IP addresses. The subnet mask of /27 means 255.255.255.224 and provides space for 30 hosts. The subnet 10.10.10.0/30 offers two hosts only and is mainly used for a point-to-point connection. The subnet 1.10.10.0/27 is a class A address and provides enough IP addresses, but it is not a private IP address. The subnet 10.1.1.32/28 gives 14 usable IP addresses (hosts) only and does not meet the requirements. Finally, 172.16.1.0/27 is a class B address.
A technician plans to install Cat 7 cable to support a 10Gbps application. What is the maximum supported cable length for this application? 33m 30m 50m 100m
100m The maximum supported cable length using Cat 7 cable to support a 10 Gigabit per second (Gbps) application is 100 meters. While Cat 6a can also support 10Gbps in some applications, Cat 7 cable is the first cable specification that stipulates 10Gbps at 100 meters. Unlike previous specifications, Cat 7 and later only support shielded twisted pair (STP) cabling. In theory, Cat 7 can support speeds up to 40Gbps over shorter distances (50m or less). Depending on the cable used, Cat 6a can support 10Gbps at 50 meters. However, the actual distance varies and is not guaranteed. The Cat8 specification stipulates support for 25Gbps and 40Gbps up at distances up to 30m. Optical fiber mode 1 (OM1) supports 10Gbps over short range, up to 33m.
Which is the most cost-effective standard that supports 10 Gbps transfers up to distances of 300 meters? 10GBASE-SR 10BASE-T 10GBASE-T 10GBASE-LR
10GBASE-SR 10 Gigabit baseband - short-range (10GBASE-SR) is the most cost-effective standard that supports 10Gbps transfers up to distances of 300 meters. 10GBASE-SR uses multi-mode fiber with a 62.5 micron core. While the 10GBASE-SR specification calls for 10Gbps, the maximum distance depends on the type and quality of the fiber optic cable used. For example, optical multimode 4 (OM4) cable supports lengths up to 400 meters. In this scenario, OM3 or higher fiber is required. 10 Gigabit baseband - twisted-pair (10GBASE-T) uses twisted pair, copper cable to transmit at 10Gbps over distances up to 100 meters. 10 Gigabit baseband - long-range (10GBASE-LR) uses single-mode fiber optic cable to transmit at 10Gbps over to distances of 10 kilometers. 10 Megabit baseband - twisted-pair (10BASE-T) used twisted pair, copper cable to transmit at 10Mbps over distances up to 100 meters.
A network administrator is configuring NAT to facilitate connectivity between a LAN and the Internet. The administrator has decided to use RFC1918 compatible addressing. Which range should the administrator configure? 172.30.16.0/20 11.10.10.0/24 192.186.1.0/27 239.12.0.0/16
172.30.16.0/20 The administrator should configure the 172.30.16.0/20 range. Request for Comments (RFC) 1918 specifies three address ranges for internal use. All three ranges have been reserved for use exclusively on intranets and are not routable on the public Internet. Any packets with private source or destination IP addresses should be dropped by Internet routers. The ranges are: 10.0.0.0 to 10.255.255.255, 192.168.0.0 to 192.168.255.255, and 172.16.0.0 to 172.31.255.255. The proposed range 172.30.16.0/20 fits in this last range. 239.12.0.0/16 is not reserved for private use per RFC1918. This address is part of the dedicated multicast range. 239.12.0.0/16 is not reserved for private use per RFC1918. This address is part of the dedicated multicast range. 11.10.10.0/24 is not reserved for private use per RFC1918. This is a valid address for use on the Internet.
A company is deploying a new computer as shown in the exhibit. The company will have a static IPv4 address. What should technicians use as the computer's default gateway? 192.168.1.65 192.168.1.129 192.168.1.193 192.168.1.1
192.168.1.1 The default gateway should be set to 192.168.1.1. The default gateway is the path traffic takes when being routed from one subnet into another subnet. The default gateway should be the address of the router interface facing the subnet, so this is the only appropriate value. The other IP addresses are for interfaces that face other subnets.
A branch office has been allocated the subnet of 192.168.1.64/26. Which three IP addresses can be used for user devices at this location? (Choose three). 192.168.1.111 192.168.1.98 192.168.1.127 192.168.1.221 192.168.1.128 192.168.1.254 192.168.1.65
192.168.1.111 192.168.1.98 192.168.1.65 192.168.1.65, 192.168.1.98, and 192.168.1.111 can be used in this scenario. The allocated subnet uses the /26 subnet mask, which means 255.255.255.192. The first usable IP address is 192.168.1.65 and the last usable IP address is 192.168.1.126. The subnet offers 62 hosts in total. When calculating the usable IP address, you must take the subnet mask into consideration. You use an increment that matches the subnet mask to find a range of hosts. In this scenario, the increment was 64 (subnet mask of /26) which gives you the following values: Network address: 192.168.1.64/26 Subnet mask: 255.255.255.192 IP range: 192.168.1.65 - 192.168.1.126 Broadcast address: 192.168.1.127
A client is configured with an IP address, 192.168.1.2/16. Which address will the client use for subnet broadcasts? 192.168.255.255 192.168.1.255 192.168.0.0 192.168.1.0 192.168.1.255 192.168.0.0 192.168.1.0
192.168.255.255 The client will use 192.168.255.255 for subnet broadcasts. This client is configured with a 16 bit subnet mask, as indicated by the /16 classless inter-domain routing (CIDR) notation. The subnet broadcast address is the last viable address on a subnet. Subnet broadcasts are processed by all nodes on a subnet. 192.168.0.0 is the subnet ID for this subnet. The subnet ID is also referred to as the network ID. All nodes on the subnet share the same subnet ID. 192.168.1.255 is a valid host address on this subnet. The range of valid host addresses for this subnet are 192.168.0.1 to 192.168.255.254. As there is only one valid subnet broadcast address in each subnet, this address cannot be used for subnet broadcasts. Additionally, an IP address cannot be used simultaneously as a host address and a subnet broadcast address. 192.168.1.0 is also a valid host address on this subnet. Zeros are valid in host IDs as long as these are not the subnet ID. As there is only one valid subnet broadcast address in each subnet, this address cannot be used for subnet broadcasts. Additionally, an IP address cannot be used simultaneously as a host address and a subnet broadcast address.
An organization deploys IoT sensors at a remote location that is not reachable using traditional cabled internet services. Which technology should the organization deploy to provide the highest bandwidth available for this location? 5G DSL Satellite 4G
5G The organization should deploy fifth-generation wireless (5G). 5G is a wireless networking technology that is used to provide broadband mobile communications and offers the highest throughput in this scenario. 5G is meant to replace 4G and offers significant performance increases. Peak download speeds on 5G can reach 20 Gbps under ideal conditions. Some mobile companies are now offering 5G routers with Wi-Fi for home internet use. Like 5G, fourth-generation wireless (4G) is a wireless networking technology that is used to provide broadband mobile communications. Peak download speeds on 4G approach 50 Mbps with enhanced versions of 4G providing up to 300 Mbps throughput. A satellite Internet connection requires a receiver, usually a disk, to be installed at the remote site. Traffic is then sent and received using communications satellites. Download speeds may approach 20 Mbps, depending on the provider. Digital subscriber line (DSL) requires physical cabling. DSL is designed to run over existing telephone lines.
A company is preparing to deploy a wireless LAN (WLAN) in a newly constructed office space. The network design specifies the minimum channel bandwidth requirement as 80 MHz. Which standard should the access points support? 802.11b 802.11ac 802.11n 802.11g 802.11a
802.11ac Access points used in the deployment should support the 802.11ac standard. 802.11ac supports an 80 MHz channel configuration. 802.11ac and 802.11ax support bandwidth configurations for 20 MHz, 40 MHz, 80 MHz, and 160 MHz. The 802.11n standard supports 20 MHz and 40 MHz channel bandwidth options only. Channel bonding must be used to create a 40 MHz channel. Channel bonding links two adjacent channels to work as one channel. 802.11a and 802.11g support 20 MHz channels only. 802.11b supports 22 MHz channels only, but it does let you create a 44 MHz channel through channel bonding.
An organization wants to maximize performance for its wireless network. Which technology should the organization deploy? 802.3an 802.11ax 802.1q 802.1x
802.11ax The organization should deploy 802.11ax. 802.11ax is a wireless networking standard. Also known as Wi-Fi 6, 802.11ax offers over 3Gbps per stream and works well in dense environments. 802.1q allows tags to be added to an Ethernet frame for Virtual Local Area Network (VLAN) identification. 802.1q is also known as VLAN or port tagging. It is not used to maximize wireless performance. 802.1x facilitates centralized authentication for wireless networks. It is not used to maximize wireless performance. 802.3an uses twisted pair cabling to support speeds up to 10Gbps. 802.3an is also known as 10GBASE-T.
Match network types with their descriptions. To answer, drag the appropriate network type to each description. A network type may be used once, more than once, or not at all. A collection of connected LANs over a large geographic area, enabling devices in different locations to communicate Interconnection of devices near each other, such as in an office, organized around an individual, and often using Bluetooth connections Connected LANs over a relatively small geographic area, such as connecting all of a company's buildings in the same location High-speed data network giving several LAN servers access to consolidated block-level storage, using either FC or iSCSI-based networks
A collection of connected LANs over a large geographic area, enabling devices in different locations to communicate: WAN Interconnection of devices near each other, such as in an office, organized around an individual, and often using Bluetooth connections: PAN Connected LANs over a relatively small geographic area, such as connecting all of a company's buildings in the same location: CAN High-speed data network giving several LAN servers access to consolidated block-level storage, using either FC or iSCSI-based networks: SAN A wide area network (WAN) is a collection of connected LANs over a large geographic area, enabling devices in different locations to communicate. A WAN can include connections over a very large area, including across different states or different countries. Connections are usually over public carriers, such as telephone lines or the internet. A personal area network (PAN) is an interconnection of devices near each other, such as in an office, organized around an individual, and often using Bluetooth connections. A home office is often a PAN connecting a computer, smartphone, printer, and other personal devices. A PAN can include wired and wireless connections. A campus area network (CAN) is a group of connected LANs over a relatively small geographic area, such as those of a company's buildings in the same location. It is often referred to as a corporate campus. College and university networks are usually considered CANs. A storage area network (SAN) is a high-speed data network giving several LAN servers access to consolidated block-level storage, using either FC or iSCSI based-networks. This gives you a way to implement a high-performance storage infrastructure that is available to neIMAGEtwork devices
A consultant is helping a company design a wireless LAN implementation. Network requirements include internal access points for network host connections and external wireless connections between buildings. The consultant needs to help the company choose appropriate antennas. What does the dBi rating of an antenna represent? A higher dBi antenna has the same gain and a narrower field pattern than a lower dBi antenna. A higher dBi antenna has more gain and a narrower field pattern than a lower dBi antenna. A higher dBi antenna has more gain and a wider field pattern than a lower dBi antenna. A higher dBi antenna has the same gain and a wider field pattern than a lower dBi antenna.
A higher dBi antenna has more gain and a narrower field pattern than a lower dBi antenna. An antenna's gain is measured in relative decibels (dB) in reference to a standard antenna used for reference. Gain refers to the relative measure of an antenna's ability to direct a signal in a specific direction. The dBi value is commonly used, which is decibels measured relative to an isotropic reference antenna. An isotropic antenna is one that radiates equally in all directions. The field pattern refers to the coverage area. For example, you would expect a 2 dBi antenna to have a 360 degree field of coverage, making it appropriate for use as an internal antenna for host connections. A higher dBi antenna has a narrower field and a more directional signal. This makes it well suited for applications such as connecting buildings on a corporate campus. The narrow field pattern makes it less likely that someone would be able to intercept the signal.
PC1 is unable to access the Internet in the network shown in the exhibit. What is the MOST likely cause? An invalid static IP address A duplicate IP address A rogue DHCP server An expired IP address
A rogue DHCP server There is a rogue DHCP server in the network. PC1 has been configured to receive IP information from a DHCP server. The exhibit shows that the DHCP server is 192.168.1.10, but PC1 has received IP information from 10.10.10.10, which is a rogue DHCP server. As a result, PC1 cannot access the Internet, because the IP address, default gateway, and DNS settings are incorrect. To fix the issue, the company should disconnect the rogue DHCP server from the network and use the ipconfig/release and ipconfig/renew commands on PC1 to renew IP settings. PC1 has not been configured using a static IP address. The exhibit shows the IP address of a DHCP server at 10.10.10.10. The IP address has not expired. The exhibit suggests there is a rogue DHCP server in the network. PC1 contacts the DHCP server when half of the lease time has elapsed and tries to renew its DHCP lease. If there is no reply from the DHCP server, PC1 tries again after 87.5 percent of the lease time. When an IP address expires, PC1 uses an IP address from the Automatic Private IP Addressing (APIPA) pool. The issue is not related to a duplicate IP address. PC1 has received incorrect IP information from a rogue DHCP server.
A company needs to support a secure link for remote users to a web-aware application that is deployed on a server in the perimeter network. The Technical Services department recommends using an SSL VPN to minimize the configuration changes needed in network firewalls. The solution will use certificate-based authentication. What is the minimum certificate requirement for this configuration? A client-side certificate only The same certificate on both the client and server A server-side certificate only Different certificates on the client and server
A server-side certificate only The minimum requirement for certificate-based authentication is a server-side certificate only. Many authentication methods do not require a certificate, but when one is required for server authentication, a server certificate is required. The server will present the public certificate to the client during the initial handshake. A client certificate is not required. If you want to require mutual authentication, in which the client authenticates the server and the server authenticates the client, both client and server certificates are required. The client and server will have different certificates. It is important to note that even though the term SSL is commonly used to refer to this type of security, SSL is an older standard and TLS is in more common use in its place. The basic functionality, authentication procedures, and supported authenticated types are effectively the same between the two.
A company wants to deploy a new WLAN topology without running new electrical wiring. The solution has to support the 5Ghz band, MU-MIMO, and offer speeds of at least 2100 Mbps. The company wants to use a PoE solution providing at least 25W of power for a connected device. Which two components should be used? (Choose two.) A switch supporting the 801.x standard An access point supporting the 802.11ac Wave 1 standard A switch supporting the 802.3at standard An access point supporting the 802.11ac Wave 2 standard An access point supporting the 802.11n standard A switch supporting the 802.3af standard
A switch supporting the 802.3at standard An access point supporting the 802.11ac Wave 2 standard The company should use a switch supporting the 802.3at standard and an 802.11ac Wave 2 access point. There are multiple Power over Ethernet (PoE) standards. The most common one is PoE+ described as 802.3at, which offers the maximum power of 25.5W and 600mA to a connected device. The 802.11ac Wave 2 standard uses the 5Ghz frequency and offers downstream communications to many wireless devices using the multiuser multiple input, multiple output (MU-MIMO) technology. The 802.11ac standard supports a throughput of 2 Gbps and more (The physical layer (PHY) rate is up to 3.47 Gbps.). The 802.11ac Wave 1 standard does not meet the company's requirements. It offers single-user multiple input, multiple output (SU-MIMO) technology only and a throughput of around 850 Mbps (PHY of 1.3 Gbps). The 802.11n standard cannot be used for this scenario. The 802.11n offers single-user multiple input, multiple output (SU-MIMO) technology and a throughput of around 390 Mbps (PHY of 600 Mbps) only. The 802.3af standard (PoE) does not meet the company's requirements because it offers no more than 12.95W of power to a connected device. The 802.1x is an authentication protocol for wired and wireless connections. There is nothing in the requirements that requires this standard to be implemented.
A recent security audit reveals that users from all locations have full remote access to network devices. Which solution should be implemented to address that problem? CBAC IPsec SSH ACL
ACL An Access Control List (ACL) should be implemented. ACLs allow network administrators to filter and control traffic. An ACL can be configured to specify a list of IP addresses, groups, and protocols that are allowed or should be dropped. Context-based access control (CBAC) cannot be used here. CBAC is a firewall solution that enables stateful inspection and packet filtering. IPsec will not be sufficient here. IPsec can be used to secure a connection, but it does not offer any options to filter users who can connect to a network device remotely. Implementing SSH will not be sufficient. SSH offers a secure connection with a remote device, but it does not decide who can connect. The company needs an ACL for that.
A company wants to create a site-to-site VPN. Maximum security is required. Which set of protocols should the company use? AES for encryption and SHA512 for hashing 3DES for encryption and MD5 for hashing DES for encryption and SHA512 for hashing SSL for encryption and MD5 for hashing
AES for encryption and SHA512 for hashing The company should use Advanced Encryption Standard (AES) for encryption and Secure Hash Algorithm (SHA) with 512 bits for hashing. AES is a symmetric algorithm that uses the same key for both encryption and decryption of a message. AES supports the key lengths of 128, 192, and 256 bits. AES is a recommended protocol for creating a secure infrastructure. SHA is a cryptographic hash function divided into standards: SHA0, SHA1, SHA2, and SHA3. SHA0 and SHA1 produce a 160-bit hash and are considered insecure. The company should use SHA2 or SHA3, which offer hashes of up to 512 bits. Data Encryption Algorithm (DES) and Triple DES are legacy encryption algorithms and should be avoided. A Next Generation cipher is recommended, for example AES. Message-Digest algorithm 5 (MD5) is a hash function that has been severely compromised. The company should choose SHA2 or SHA3. SSL is a very secure protocol, but the company should not combine it with a weak hash function like MD5.
A network administrator has been tasked with deploying a new wireless LAN controller. Which protocol is recommended for integrity checking and encryption? AES-based CCMP PSK-TKIP IPsec TLS SHA512 with AES
AES-based CCMP The network administrator should use the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES). Wi-Fi Protected Access II (WPA2) is a recommended protocol for wireless communications, sometimes referred to as WPA2-CCMP/AES. WPA2 is backwards compatible and supports Temporal Key Integrity Protocol (TKIP). Wireless Lan Controllers (WLC) manage and configure wireless access points. TKIP should not be used to secure a wireless network. TKIP is a legacy protocol that is vulnerable to a number of attacks. The network administrator should use CCMP/AES instead. Internet Protocol Security (IPsec) is used to protect VPN traffic, not wireless networks. IPsec is an umbrella of protocols that can be deployed to secure remote and site-to-site tunnels. Transport Layer Security (TLS) is not a recommended protocol here. TLS allows a client and a server to establish an encrypted connection over a public network using certificates. The Secure Hash Algorithm (SHA) is not used to protect wireless networks. SHA could be implemented to verify the integrity of a file or VPN traffic.
An employee wants to install an AP at their desk. Which should they consult FIRST? DR plan AUP SLA MOU
AUP The employee should consult the Acceptable Use Policy (AUP). An AUP defines the allowed and prohibited activities for a compute environment. As installing an access point (AP) can impact wireless network performance and introduce unwanted security risks, it is likely the AUP will prevent users from installing personal APs. A Memorandum of Understanding (MOU) is an agreement between two or more parties. Typically, an MOU is created as part of a mutually beneficial partnership between organizations. A disaster recovery (DR) plan defines the procedures required to restore compute services in the event of a disaster. DR plans are not used to manage user hardware. Service-level agreement (SLAs) are designed to define a level of service between parties that one party is contractually obligated to provide. SLAs are sometimes created between departments in the same organization but are more common between organizations.
A policy includes the following statement:"Employees are not allowed to use company equipment to copy or distribute copyrighted material without the written permission of the holder of the copyright."Which policy would this statement be part of? NDA BYOD SLA AUP
AUP The statement would be part of the company's acceptable use policy (AUP). The AUP defines how company equipment and data may and may not be used. It typically includes detailed security guidelines and references to other policies, such as password policy requirements. This would not be part of a non-disclosure agreement (NDA). An NDA is a confidentiality agreement. It is a legally binding contract between two or more entities, such as between a company and an employee, designed to protect proprietary information and trade secrets. It does not address data or activity outside of the scope of the contract principals. This would not be part of a service level agreement (SLA). An SLA defines levels of service provided by a customer to its customers. For example, an SLA could define items such as performance metrics and guaranteed availability. This would not be part of a bring your own device (BYOD) policy. If personal devices are authorized through a BYOD policy, their acceptable use would be outlined in the AUP. The specific content of a BYOD varies by organization depending on its needs, security concerns, and network support for devices. Where possible, policies are typically enforced through network configurations and settings.
An attacker successfully executes a tailgating attack against an organization. Which is the BEST solution the organization should implement to mitigate this risk? Biometrics CCTV cameras Access control vestibule Badge swipes
Access control vestibule The organization should implement an access control vestibule. An access control vestibule, also known as a mantrap, is a room with locking doors on each end. The vestibule enhances physical security by "trapping" an individual while identity verification is performed. An access control vestibule can mitigate the risk of tailgating or identity check bypass. A tailgating attack occurs when an attacker - typically posing as coworker or other trusted worker - follows an employee through a locked door or into a restricted area. This allows an attacker to bypass physical security mechanisms such as locked doors, gates, and entries that require a swipe card or keypad entry. The organization should not implement biometrics. Biometric authentication uses uniquely identifiable attributes such as fingerprint or retinal scans to authenticate users. The attack proves that the organization is vulnerable to tailgating attacks, which biometric authentication will not prevent. The organization should not implement badge swipes. A badge swipe uses an electronic lock that is deactivated with an employee swipes their badge through a reader. However, the attacker has already proven that the organization is vulnerable to tailgating attacks. The organization should not implement closed-circuit television (CCTV) cameras. Cameras can enhance physical security by preventing or detecting malicious behavior.
Where in a network architecture is STP MOST likely to be disabled? Core layer Access layer Distribution layer Top-of-rack switch
Access layer Spanning Tree Protocol (STP) will most likely be disabled at the access layer. In a switched Ethernet network, STP ensures a loop-free topology. Loops in a layer 2 network can cause frames to be forwarded repeatedly, significantly impacting network performance. To prevent STP recalculations, which can cause brief network outages, and to protect the STP structure, STP is often disabled on access ports. These are the ports that host connectivity from user computers, servers, and other endpoints. STP is often a critical component at the core layer of a multi-tier network. Depending on how the network is designed, all distribution layer switches should be connected to one or more core switches. This approach likely includes redundant connections that may create switching loops. Like the core layer, distribution layers are often connected to each other and to the core. As a result, STP is often configured on distribution switches. Top-of-rack switches are common in medium to large datacenters and facilitate connectivity for devices mounted in datacenter racks. The top-of-rack switches are often connected redundantly to the core or to a distribution switch. As in those cases, STP becomes essential for preventing switching loops.
Match network devices with their role in 802.1x port-based authentication. To answer, drag the appropriate 802.1x role to each network device. A role may be used once, more than once, or not at all. Access point / Tablet Switch \ Radius Server \ Laptop
Access point: Authenticator / Tablet: Supplicant Switch: Authenticator \ Radius Server: Authentication server \ Laptop: Supplicant 802.1x port-based authentication is one way to prevent unauthorized connections to a wired Ethernet switch or 802.11 wireless access point. 802.1x authentication is designed around three roles: Supplicant: the client device requesting authentication Authenticator: the device receiving the request from the supplicant and passing it on for authentication Authentication server: the device responsible for authentication In this scenario, the tablet and the laptop are supplicants, the access point and switch are authenticators, and the Remote Access Dial in User Service (RADIUS) server is an authentication server.There is no surrogate role in 802.1x authentication.
What does a router use when routes from different routing protocols exist for the same destination? Hop count Latency Administrative distance Shortest Path First
Administrative distance If routes from different routing protocols exist for the same destination, a router uses administrative distance as part of best-path selection. Administrative distance is a numeric value between 0 and 255, with lower administrative distances reserved for more preferable route sources. Most vendors assign default administrative distance values based on the routing protocol that provides the route. For example, a static route has a default administrative distance of 1, while an Open Shortest Path First (OSPF) route has an administrative distance of 110. Routers do not use hop count when routes from different routing protocols exist for the same destination. However, some routing protocols, such as Routing Information Protocol (RIP), use hop count as a metric to measure how far away a destination is. Routers do not use latency when routes from different routing protocols exist for the same destination. Some routing protocols, like Enhanced Interior Gateway Routing Protocol (EIGRP), use latency as part of a route's metrics. Routers do not use the Shortest Path First (SPF) algorithm when routes from different routing protocols exist for the same destination. Protocols like OSPF use the Shortest Path First algorithm to locate the most preferable path to a destination.
Identify which statements describe exploits and vulnerabilities. To answer, select the appropriate threat category from the drop-down lists next to each statement. An application has an open maintenance hook that provides access to configuration settings. A database server's operating system is missing several security patches Deceptive calls are used to gather critical information about network servers User login accounts have administrative rights to client computers A data breach exposes personal information about customers
An application has an open maintenance hook that provides access to configuration settings. : VULNERABITLITY A database server's operating system is missing several security patches: VULNERABILITY Deceptive calls are used to gather critical information about network servers: EXPLOIT User login accounts have administrative rights to client computers: VULNERABILITY A data breach exposes personal information about customers: EXPLOIT A vulnerability is a flaw or a weakness in security that could lead to a security breach. Vulnerabilities can include things such software bugs, improper configuration settings, default administrators and passwords, or poorly trained users. An open maintenance hook, which may be left by programmers to get "back door" access to an application, missing patches, or assigning more rights than necessary are all vulnerabilities. An exploit is an attack that takes advantage of a vulnerability. This can be a program designed to breach security or a social engineering attack that employs deceptive practices to gain information. Deceptive calls to employees and data breaches that release information are both examples of exploits. Penetration testing is one way to find known vulnerabilities and test defenses against common exploits.
An organization upgrades the network cabling in some of its buildings from copper to fiber optic. However, a network administrator is concerned that some of the cabling may be faulty. What should the administrator monitor FIRST to determine if their concern is valid? An increased number of failed DNS queries An increase in improperly routed packets An increased number of CRC errors An increase in MTU mismatch errors
An increased number of CRC errors The administrator should monitor for an increased number of Cyclic Redundancy Check (CRC) errors. When a frame is transmitted, a CRC function runs, and the resulting value is added to the frame. When the frame is received, the same function runs. If the frame has been changed, the values will not match. Though not a thorough test, this helps to identify problems caused by faulty network components or configuration errors. In this scenario, if the new fiber optic cable has internal impurities or has been installed incorrectly, it is likely CRC errors will increase. CRC errors typically indicate issues at the bottom two layers of the Open Systems Interconnection (OSI) model. A Domain Name System (DNS) query most likely fails when the requested hostname does not exist. Though physical cable errors can cause a variety of issues, DNS failures occur at higher OSI layers. Like failing DNS queries, an increase in improperly routed packets is not likely a result of faulty cabling. Routing issues typically occur when routes have been incorrectly created or a routing protocol is not properly configured. Maximum Transmission Unit (MTU) defines the maximum acceptable frame size on a network. Mismatched MTUs can cause a variety of errors that are difficult to troubleshoot, including dropped packets. Though it is possible faulty cabling could lead to MTU issues, this is not likely. CRC errors should be checked first.
Users report that they cannot access any resources on the Internet using an FTP client. It is determined that the connections have been denied by the firewall. All hosts from the local subnet of 192.168.1.0/25 should have access. Which ACL rule should the company implement? An inbound rule: permit hosts from 192.168.1.0 255.255.255.0 to access any hosts on TCP ports 20 and 21 An inbound rule: permit hosts from 192.168.1.0 255.255.255.128 to access any hosts on TCP ports 20 and 21 An outbound rule: permit hosts from 192.168.1.0 255.255.255.128 to access any hosts on TCP ports 22 and 23 An inbound rule: permit hosts from 192.168.1.0 255.255.255.128 to access any hosts on TCP ports 22 and 23 An outbound rule: permit hosts from 192.168.1.0 255.255.255.0 to access any hosts on TCP ports 20 and 21 An outbound rule: permit hosts from 192.168.1.0 255.255.255.128 to access any hosts on TCP ports 20 and 21
An outbound rule: permit hosts from 192.168.1.0 255.255.255.128 to access any hosts on TCP ports 20 and 21 The company should implement the following Access Control List (ACL) entry: An outbound rule: permit hosts from 192.168.1.0 255.255.255.128 to access any hosts on TCP ports 20 and 21. Users cannot access any resources on the Internet using File Transfer Protocol (FTP). FTP uses TCP port 20 and 21. The direction of the rule has to be outbound because the resources are on the Internet and users are initiating the connection from the local network (traffic going out of the firewall). The allowed hosts have been specified as 192.168.1.0/25, which means 192.168.1.0 255.255.255.128. The company should not allow ports 22 and 23. These ports open SSH and TELNET connections, not FTP traffic. The subnet mask has to be specified as 255.255.255.128 (CIDR prefix of /25). The CIDR equivalent of 255.255.255.0 is /24.
Users complain that as they walk from one location to another in an office complex, they lose wireless connectivity. What should a network administrator do to troubleshoot this issue? Increase WAP transmit power. Ensure a low signal-to-noise ratio. Configure unique SSIDs per WAP. Architect overlapping wireless cells.
Architect overlapping wireless cells. The network administrator should architect overlapping wireless cells. This will ensure clients can roam gracefully. Client roaming is the process where a wireless client session is transferred seamlessly across access points. For example, a client may be using a wireless tablet while walking through a library. As the Relative Received Signal Strength (RSSI) decreases on one wireless access point (WAP), the wireless system can ensure the session is transferred to a neighboring WAP without requiring the client to disconnect and then reconnect. Depending on the vendor, it is recommended that wireless cells should overlap 10%-15% for data, and 15%-20% for voice. The network administrator should not increase WAP transmit power, as this will not guarantee that clients can roam gracefully. In this scenario, it is likely new WAPs will need to be deployed. The administrator should not configure unique Service Set Identifiers (SSIDs) per WAP. An SSID is a wireless network name, and adding SSIDs does not increase wireless coverage. The administrator should not ensure a low signal-to-noise ratio (SNR). SNR is the difference between a received signal and noise floor measured in decibels. The noise floor is background noise, and wireless receivers must be able to discern the "real" wireless signal from this background noise. The impact of SNR might be compared to two individuals having a conversation in a crowded room. The louder the background noise, the more difficult it is for the individuals to hear one another.
What type of physical security device lets a company locate devices that have been moved to a new location? Video surveillance Key fob Motion detection Asset tracking tags
Asset tracking tags Asset tracking tags provide a way to locate equipment. They can be used to help prevent equipment from being removed from secure areas or to prevent expensive equipment from being removed from the building. Asset tracking tags usually work on a radio-frequency identification (RFID)-based technology that can be tracked by various types of devices, including most smart phones. Video surveillance, if in the right location, could provide information about when the equipment was removed, and possibly by whom, but it would not tell you where the equipment was taken. Video equipment is commonly used as a deterrent with the idea that if an area is under surveillance, it is less likely that someone would try to steal anything. Motion detection can be used to log and possibly generate an alert or alarm when someone enters an area but, like video surveillance, it does not let you know where the equipment was taken. A key fob is typically not used to protect or track assets. A key fob is usually a near field or RFID device. One common use is to activate locks to allow entry to a secure area when the fob holder approaches the area.
A technician has established a plan of action to resolve a problem on a network switch. The solution has been tested in a lab environment, and the technician has a list of commands to execute. After logging into the device, the technician realizes that the TACACS server blocks the commands they have to implement. What should the technician do? Document the findings and close the ticket. Assign the task to another person or department. Reload the switch and try again. Try alternative commands and scripts.
Assign the task to another person or department. If the technician has insufficient admin rights, the Structured Troubleshooting Methodology model recommends escalating the issue. After establishing a plan of action, the solution should be implemented. If the technician does not have access to a system or has insufficient admin rights, the issue should be escalated to the appropriate person or department for implementation. There are seven steps in the Structured Troubleshooting Methodology: Identify the problem. Establish a theory of probable cause. Test the theory to determine the cause. Establish a plan of action to resolve the problem and identify potential effects. Implement the solution or escalate as necessary. Verify full system functionality and, if applicable, implement preventative measures. Document findings, actions, and outcomes. The technician should not try alternative commands and scripts, because they have not been tested in a lab environment. The technician should not reload the switch. The next recommended step is escalating the issue. Terminal Access Controller Access-Control System (TACACS) is a protocol supporting Authentication, Authorization and Accounting (AAA). TACACS offers a flexible way to authorize commands on a network device.
What are the implications of allowing inbound port 3389 on a NAT gateway? Out-of-band device management will be easier to perform. Network switches will be directly accessible from the internet. Unencrypted communications will allow passwords to be sniffed. Attackers can attempt brute force attacks on user desktops.
Attackers can attempt brute force attacks on user desktops. If port 3389 is allowed on a Network Address Translation (NAT) gateway, attackers can attempt brute force attacks on user desktops. Port 3389 is the standard port used for Remote Desktop Protocol (RDP), which facilitates access to a desktop across a network. In this scenario, the best option would be to only allow RDP access once a user is authenticated across a Virtual Private Network (VPN). Unencrypted communications will not allow passwords to be sniffed. RDP encrypts all traffic, so eavesdropping will be mitigated. Network switches will not be directly accessible from the internet. Network switches do not run RDP and are instead managed using protocols like Secure Shell (SSH). Out-of-band device management will not be easier to perform. Out-of-band management uses isolated networks and connectivity options to manage network nodes. This is done to increase security as well as availability in the event the primary network fails.
An on-site inspection finds that one fiber optic cable exceeds the bend radius that is recommended by the manufacturer. What should be the main concern for the company? EMI Attenuation Duplex Near end crosstalk
Attenuation Exceeding the bend radius (macrobends) can cause attenuation in a fiber optic network. A macrobend is easily recognizable as a visible bend in a cable, which might cause significant radiation loss (light attenuation) and unseen damage to the fiber. A fiber cable manufacturer specifies the bending radius values that have to be followed by a technician during the installation process. Fiber attenuation is called signal loss or fiber loss. Electromagnetic interference (EMI) is not caused by exceeding the bend radius in a fiber cable. EMI is an electromagnetic disturbance that might affect copper cables. Electromagnetic interference (EMI) is not caused by exceeding the bend radius in a fiber cable. EMI is an electromagnetic disturbance that might affect copper cables. Duplex identifies a bidirectional communication system, in which data can be transmitted in both directions at the same time. Macrobends are not related to duplex.
Network devices in one area of the office building experience communication problems. A cable tester shows that the signal on the RX pair is lower than expected. What is this an indication of? Electromagnetic interference (EMI) Attenuation Crosstalk Latency
Attenuation This is an indication of attenuation. The RX pair is the receive signal from the device context, the signal coming into the device. Attenuation is the loss of signal strength over distance, and it occurs with both digital and analog signals. Attenuation can occur over copper and fiber optic cable. This is an indication of attenuation. The RX pair is the receive signal from the device context, the signal coming into the device. Attenuation is the loss of signal strength over distance, and it occurs with both digital and analog signals. Attenuation can occur over copper and fiber optic cable. This is an indication of attenuation. The RX pair is the receive signal from the device context, the signal coming into the device. Attenuation is the loss of signal strength over distance, and it occurs with both digital and analog signals. Attenuation can occur over copper and fiber optic cable. This is not an example of latency. Latency is a delay in the delivery of a signal.
Which primary benefit does VRRP provide? Availability Integrity Confidentiality Authentication
Availability Virtual Router Redundancy Protocol (VRRP) provides high availability and is a standards-based First Hop Redundancy Protocol (FHRP). VRRP, defined in Request for Comments (RFC) 3768, provides network redundancy grouping two or more routers to form a single virtual router. The virtual router presents IP and Media Access Control (MAC) addresses that are shared across all VRRP group members. VRRP selects a master router, and the remaining routers are designated as backup routers. In the event the master router fails, a backup router becomes the new master router. VRRP does not provide integrity. In network communications, data integrity is ensured by using digital signing and hashing algorithms. VRRP does not provide confidentiality. In network communications, data confidentiality is provided by encryption algorithms. VRRP does not provide authentication. Authentication is provided by protocols such as Remote Authentication Dial-In User Service (RADIUS).
Which two items would be specified as part of an SLA? (Choose two.) Availability and uptime Minimum server software configurations Minimum server hardware configurations Help desk response time Password change requirements
Availability and uptime Help desk response time A service level agreement (SLA) is an agreement between a service provider and its customers that defines performance standards that the provider is required to meet. Typical items in an SLA include: Availability and uptime Help desk response time Performance benchmarks Application response time It will also identify what usage statistics will be provided to the customer. The SLA does not include specifications about how the provider will meet these performance standards, so any decisions about hardware and software platforms are at the discretion of the provider. The SLA would not provide information about configuration minimums. The SLA would not define security policies, such as password change requirements, although these may be defined through other agreements.
Which is considered an exterior routing protocol? EIGRP RIP OSPF BGP
BGP Border Gateway Protocol (BGP) is considered an exterior routing protocol. In the context of interior and exterior routing protocols, routing environments are divided into routing domains, also known as an Autonomous System (AS). Exterior routing protocols are designed to manage routing between Autonomous Systems. Currently BGP is used to route between the AS group known as the internet. Open Shortest Path First (OSPF) is considered an interior routing protocol. Each router learns the complete network topology of a single Autonomous System. Routing Information Protocol (RIP) is considered an interior routing protocol. RIP routers learn routes from their neighbors within an AS. Enhanced Interior Gateway Routing Protocol (EIGRP) is considered an internal routing protocol. EIGRP uses features from both distance vector and link-state routing protocols to build routes.
An alert indicates the loss of connectivity with a router. The log shows the following line:EGP: Sending 19 bytes keepalive to 11.17.2.1 (External AS 1471) Failed, Neighbor down. TCP/179 Which routing protocol should be investigated? BGP RIP EIGRP OSPF
BGP Border Gateway Protocol (BGP) should be investigated. BGP uses the concept of an autonomous system (AS). An AS is a group of networks managed by a single enterprise or internet service provider. ARIN assigns a unique AS number to every AS. There are also private AS numbers that cannot be used on the internet (64512-65535). BGP is divided into internal and external BGP (iBGP and eBGP). iBGP is formed between routers within the same AS, while eBGP is formed between devices in different ASs. BGP uses TCP port 179 and is considered an exterior gateway protocol (EGP) or external routing protocol. In the log provided, there is an external AS number, EGP, and TCP port which identify the BGP protocol. Enhanced Interior Gateway Routing Protocol (EIGRP) also uses the concept of autonomous system (AS). However, it is considered a hybrid internal routing protocol. EIGRP runs directly on top of IP using port 88. RIP and OSPF are also considered interior gateway protocols (IGP). RIP and OSPF do not use TCP for information exchange.
Which policy sets guidelines for allowing employees to use their own personal devices for work-related tasks? SLA BYOD NDA AUP
BYOD A bring your own device (BYOD) policy sets guidelines for allowing employees to use their own personal devices for work-related tasks. The specific content of a BYOD varies by organization depending on its needs, security concerns, and network support for devices. Where possible, policies are typically enforced through network configurations and settings, such as Active Directory Domain Services (AD DS) Group Policy. An acceptable use policy (AUP) defines allowed and appropriate use of company data, software, and computers. For example, an AUP might state that users are not authorized to install games on company computers. A non-disclosure agreement (NDA) is a confidentiality agreement. It is a legally binding contract between two or more entities, such as between a company and an employee, designed to protect proprietary information and trade secrets. A service-level agreement (SLA) defines levels of service provided by a customer to its customers. For example, an SLA could define items such as performance metrics and guaranteed availability.
A company deploys a new computer. When the cable to the computer is plugged in at the switch, the network link LED does not light. When the cable is plugged in to a different open port, the LED lights up. When plugged back in to the original port, the LED does not light. What is the most likely problem? Bad computer network adapter Bad port Duplicate IP address Incorrect cable type VLAN mismatch
Bad port The most likely problem is a bad port. Because the LED lit when the cable was plugged in to a different port, you have eliminated the cable type and computer network adapter as possible problems. The LED lights indicate that a signal is detected on the cable. Because you have eliminated the cable and client network adapter by testing with a different port, the option left is a problem with the switch, specifically with the one switch port. It was necessary to eliminate other possibilities because an unlit link LED could also indicate a damaged cable or connector, a plug not fully plugged in, or that the port is disabled. Virtual Local Area Network (VLAN) mismatch or duplicate IP address are both configuration errors that could prevent a computer from communicating with the network, but they would not prevent the network link LED from lighting. VLAN mismatch can occur when a device is connected to a port configured for a different VLAN than the one intended. IP address problems can come from several causes, including Dynamic Host Configuration Protocol (DHCP) scope configuration errors and mixing automatic and static IP address assignments.
An organization wants to implement physical controls to mitigate the risk of breaches. Which is the organization MOST likely to use? NGFW Biometrics TLS Password policies
Biometrics The organization will most likely use biometrics. Biometrics are based on a person's physical characteristics, such as a fingerprint. Given the difficulty of mimicking such characteristics, biometrics can be used to provide enhanced authentication. Biometric locks may be implemented at building entrances, user workstations, or at other physical access points. Transport Layer Security (TLS) is not a physical security control. TLS is a technical control used to protect data in motion from eavesdropping. Password policies are not designed to mitigate the risk of physical breaches. Password policies can be used to enforce password complexity, uniqueness, and other attributes.. A Next-Generation Firewall (NGFW) does not mitigate the risk of physical breaches. Firewalls are used to control network access to resources.
Which type of attack is primarily used to compromise user passwords? Ransomware Phishing Spoofing Brute force
Brute force Brute force attacks are primarily used to compromise user passwords. A brute force attack attempts a series of potential passwords until one that works is found. Most brute force attacks are based around dictionary attacks that work from a list of commonly used words, but more recent versions will also attempt variations that mix in letters and other characters or generate random values. Password lockout, locking an account after a number of failed logon attempts, is one method used to help prevent brute force attacks. Spoofing attacks are not used to compromise passwords. In a spoofing attack, the attacker's computer masquerades as a valid network client by using its IP address and, in some cases, its Media Access Control (MAC) address. For example, an attacker can connect to a port protected by MAC filtering by spoofing a valid MAC address. Phishing attacks are not primarily used to compromise user passwords. Phishing attacks use deceptive emails to try to collect sensitive or personal information. While this might include passwords, the goal is more likely financial information or information that can be used for identity theft. Ransomware attacks are not used to compromise passwords. Ransomware attacks take various forms, including: Locking the computer Encrypting user data to make it inaccessible Threatening to overwrite or delete all data Threatening to publish all data Some simple ransomware versions simply lock the system. In either case, the attack demands that a fee (ransom) be paid by a specified time to receive a code to unlock the system and remove the malware. There is always the risk that even paying the ransom, the victim never receives a recovery or unlock code.
What is the logical topology of a network wired with multilayer switches? Star Bus Ad hoc Mesh
Bus A network wired with multilayer switches is physically configured as a star network with connected stars, but it is logically a bus network. Ethernet networks were originally wired using a coaxial cable, and all nodes were connected directly to the network with the same level of access. Switches, even though they are physically wired as a star, logically emulate a bus network. This does not describe a mesh topology. In a mesh topology, all nodes are connected to each other, providing multiple communication paths between nodes. The internet is essentially a mesh network. This does not describe an ad hoc topology. An ad hoc topology is a wireless networking topology made up of point-to-point connections between wireless nodes with no central connection points.
A company is replacing a portion of its wired LAN with a wireless LAN configured for Wi-Fi Protected Access II (WPA2). The company needs to use the most secure encryption protocol for WPA2. Which protocol should the company implement? EAP-FAST EAP-TLS TKIP-RC4 CCMP-AES
CCMP-AES The Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES) is the default encryption protocol for Wi-Fi Protected Access II (WPA2). The standard requires mandatory use of CCMP-AES. Devices must support CCMP-AES to be certified as WPA2 devices. In addition to a high level of encryption, CCMP-AES supports data integrity and authentication. Temporal Key Integrity Protocol (TKIP) with Rivest Cipher 4 (RC4) is supported by WPA2 devices and can be implemented in addition to CCMP-AES to provide backward compatibility for legacy devices. If it is not needed for legacy device support, you are not required to configure TKIP-RC4. TKIP-RC4 was the default encryption protocol for the earlier WPA standard. Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) and EAP-Flexible Authentication via Secure Tunneling (EAP-FAST) are authentication protocols for initial client authentication, for when the client first connects to an access point, not encryption protocols for wireless broadcasts. Both are supported by WPA2 and provide for secure authentication.
A network administrator wants to monitor the impact of logging to a router's console. What should the administrator monitor for FIRST? Jitter CPU usage Giants Memory
CPU usage The administrator should first monitor for Central Processing Unit (CPU) usage. Most switches and routers support different logging levels and facilities. If an intense logging level such as debugging is activated, the CPU must process and display all the logged events. This can overwhelm the CPU, making it difficult to manage the switch. The administrator should not monitor memory. Routers and switches use memory to store routing tables, configurations, and other information. It is not likely console logging will impact memory. The administrator should not monitor for giants. On an Ethernet network, giant frames are larger than the 1500 byte maximum transmission unit (MTU). Giants are also known as jumbo frames. Console logging will not cause jumbo frames. The administrator should not monitor jitter. Jitter tracks the variation in packet latencies. Console logging may impact jitter if a router or switch CPU is at high utilization, but it is not the first metric that should be monitored in this scenario.
A network administrator wants to ensure duplex mismatches are identified quickly. Which statistic should the administrator monitor? Giants Latency Link state CRC errors
CRC errors The network administrator should monitor cyclic redundancy check (CRC) errors. When a frame is transmitted, a CRC function runs, and the resulting value is added to the frame. When the frame is received, the same function runs. If the frame has been changed, the values will not match. In this scenario, if a port is configured to use full-duplex, carrier-sense multiple access with collision detection (CSMA/CD) is disabled. This means collisions are likely to occur, which can cause CRC errors. The administrator should not monitor for giants. On an Ethernet network, giant frames are larger than the 1500 byte maximum transmission unit (MTU). Duplex mismatches will not necessarily cause giant frames. Giants are also known as jumbo frames. The administrator should not monitor for link state changes. Link state is a port status and changes occur when a port is enabled or disabled, or when a device is plugged into or unplugged from a port. Duplex mismatches will not cause link state changes. The administrator should not monitor for latency. Latency measures how long it takes for data to travel from source to destination. Duplex mismatches do not have a major impact on latency.
An attacker steals backup tapes from a datacenter. Which is the BEST option for detecting such physical breaches? Access control vestibule Biometrics Cameras Badge readers
Cameras Cameras are the best option for detecting physical breaches. Cameras can perform ongoing surveillance of an area. Depending on the complexity of the monitoring system, the camera may only get activated when motion is detected. Additionally, advanced monitoring systems can identify human activity and can be configured to send alerts to security staff. A badge reader uses an electronic lock that is deactivated when an employee swipes their badge through a reader. Badge readers are considered physical prevention controls. Biometric authentication uses uniquely identifiable attributes such as fingerprints or retinal scans to authenticate users. Biometric devices are considered physical prevention controls. An access control vestibule, also known as a mantrap, is a room with locking doors on each end. They are considered physical prevention controls.
A restaurant offers public Wi-Fi access to the Internet for its customers. A customer is prompted with a web page that requires the customer to agree to abide by use policies while connected. What is this an example of? MAC address filtering Captive portal NAC Multifactor authentication
Captive portal This is an example of using a captive portal as an access control. A captive portal displays a web page when a connection is made and can prompt for agreement to use policies, as in this example. The portal can also request additional authentication credentials, require registration, request payment, or take other actions. The page can also be informational only, providing use guidelines but not requiring agreement. This is not an example of network access control (NAC). NAC uses policies and protocols to ensure that a device meets minimum qualifications before allowing it access to a network. This can include items such as up-to-date patches, current virus definitions, operating system versions, and so forth. This is not an example of multifactor authentication. For an authentication scheme to be multifactor authentication, it must include at least two DIFFERENT factors from the following: Something you know Something you have Something you are Somewhere you are Something you do The web page prompt does not request any additional authentication factors. This is not an example of media access control (MAC) address filtering, though MAC address filtering can be integrated with captive portal. MAC address filtering would not be practical in this scenario because there is no way to know in advance the MAC address of customer devices.
A company is wiring a new office space to support 1000BaseT Ethernet. The network design calls for UTP cable. The majority of the cable will be routed through a suspended ceiling. Which cable should the company use? Cat 7 plenum Cat 7 PVC Cat 5e PVC Cat 5e plenum
Cat 5e plenum The company should use cat 5e plenum cable. Cat 5e unshielded twisted pair (UTP) cable is rated for use with 1000BaseT. Plenum cable should be used instead of PVC cable. Because the cable is being routed through the ceiling, fire-related risks must be considered. PVC cable insulation burns faster than plenum. PVC also releases hazardous fumes when it burns. Cat 7 cable should not be used. It is available as shielded twist pair (STP) only and is significantly more expensive and harder to work with than Cat 5e cable.
A company wants to run some additional cables to connect two floors. There is a rack on each floor with a dedicated switch. The solution has to support gigabit file transfers while minimizing the cost. What will the technician need to use? (Choose THREE). Cat 5 cable Cat 6 cable Punch down tool Fiber optic cable Media converter Patch panel
Cat 6 cable /Punch down tool/Patch panel The company should use a Cat 6 network cable, a patch panel, and a punch down tool. Category 6 cables are certified to support gigabit speeds. A patch panel allows a technician to break up the wiring system into sections and is a key component for achieving efficient cable management. A punch down tool is needed to connect network wires to a patch panel. The two main solutions are 66 and 110 blocks. The 66 blocks are used for telephone systems and are subject to crosstalk. The engineer should use a 110 block for terminating all network cables. The company should not use a fiber optic cable here. One of the requirements was to minimize the cost. Running fiber optic cables is more expensive and requires a dedicated patch panel or a media converter. A media converter is not needed for this project. The company would use a media converter to connect copper-based equipment to a fiber network. Category 5 cables cannot be used here because they offer up to 100 Mbps only. One of the requirements is to provide gigabit speeds, which requires at least a category 5e cable.
An office is configured with APs as shown in the exhibit. The office was originally configured with AP1 only, but the users farthest from the AP had problems connecting. There were also intermittent problems with bandwidth saturation. After installing AP2, users near the center of the office have trouble connecting and communicating and are experiencing latency problems. What should technicians do to correct the problem? Change AP1 to channel 3. Change the SSID for AP2 to OfficeAP2. Move both APs to the center of the room. Change AP2 to channel 6. Uninstall AP2 and move AP1 to the center of the room.
Change AP2 to channel 6. Technicians should change AP2 to channel 6. The problem is that the channels used by AP1 and AP2 overlap and are interfering with each other. Reconfiguring AP2 for channel 6 or higher would prevent the overlap and correct the problem. Technicians should not change AP1 to channel 3. This would increase the interference between the APs and make the problem worse. Technicians should not change the SSID for AP2 to OfficeAP2. This would do nothing to correct the problem. There is no problem with both APs having the same SSID as long as they are part of the same network. Technicians should not move both APs to the center of the room. The would increase the amount of overlap because of the close proximity and would probably make the problem worse. Technicians should not uninstall AP2 and move AP1 to the center of the room. This would resolve the problem with interference but users would still experience problems with bandwidth saturation (overcapacity).
A company's network is shown in the exhibit. PC1 is unable to access any resources in network B. What should the company do to fix the issue? Change the IP address on the router. Change the subnet mask on the router. Change the subnet mask on PC1. Change the IP address on PC1.
Change the IP address on PC1. The company should change the IP address on PC1. PC1 and the router are not in the same subnet and cannot communicate. The subnet mask has been configured as 255.255.255.128, which means /25 using CIDR notation. The router has the IP address of 10.10.10.10/25. The useable IP range in this subnet is 10.10.10.1 - 10.10.10.126. PC1 uses the IP address of 192.168.1.199, which is not in the same subnet. Changing any settings on the router is unnecessary and could affect multiple devices in the network. PC1 has been configured using the correct default gateway of 10.10.10.10. The company should not change the subnet mask on PC1. PC1 and the router are in the same local area network and should use the same subnet mask to communicate.
A recent network audit has highlighted the security issues on the access point shown in the exhibit. What should the company do? Enable the Hide SSID option. Change the channel bandwidth to 40MHz only. Change the channel bandwidth to 20MHz only. Change the authentication method to WPA-TKIP. Change the authentication method to WPA2-AES.
Change the authentication method to WPA2-AES. The company should change the authentication method to Wi-Fi Protected Access II (WPA2). There are two algorithms used for message integrity and confidentiality: TKIP, which is less secure, and AES. Sometimes this is referred to as WPA2-CCMP/AES. Open System means that there is no security in place and leaves the network open to everybody The WPA protocol uses TKIP and is considered insecure. The company should use WPA2-AES instead. Hiding the SSID is not necessary to improve the wireless security. Some reports indicate that hiding SSID can expose your network to new attacks and makes it very difficult for end users to connect to the access point. Changing the channel width will not improve security in this case. This setting might impact the performance and available bandwidth for wireless devices.
A company's WLAN is configured with one access point (AP) named AP1. AP1 has an SSID of AP1, is configured to use channel 1, and is configured for WPA2-PSK. The company deploys a second AP named AP2 and with an SSID of AP2. The AP is configured to use channel 6 and is configured for WPA2-PSK. It is also configured with a unique IP address range. The remaining configuration settings are left at the defaults. Technical Services discovers that someone has been hacking into AP2 and changing configuration settings. After the settings are corrected, they are changed again in a few days. How should Technical Services implement device hardening to prevent this from occurring? Change the default administrator's password on AP2. Disable SSID broadcast on both APs. Reconfigure both APs to use WPA2-Enterprise. Change AP2 to use channel 1.
Change the default administrator's password on AP2. They should change the administrative password on AP2 from the default. There is nothing in the scenario to indicate that Technical Services changed the default administrative password. Default administrative passwords for most devices are listed in various locations on the Internet. Not changing the password from the default leaves the access point (AP) open to hacking. They should not disable SSID broadcasting. This would not correct the problem. The SSID is used to identify the AP so a client can select an AP for a connection. The hacker probably already knows the SSIDs. Also, the hacker is likely connecting to the web interface screen using the IP address of the AP. Disabling SSID broadcasting does not prevent a serious hacker from finding and attacking an AP. The should not reconfigure APs to use Wi-Fi Protected Access II-Enterprise (WPA2-Enterprise). WPA2 is a security protocol used to authenticate clients when they connect and encrypt wireless communication. Changing from WPA2-PSK, which uses a passcode for access, to WPA2-Enterprise would not correct the problem because WPA2 is not used to secure administrative access. This solution would also require deploying a RADIUS server to provide centralized authentication and authorization. They should not change AP2 to channel 1. This would do nothing to correct the problem. The channel sets the specific frequency used for communication. Having both APs configured for channel 1 could cause interference between the APs and could result in communication problems.
A company has two access points, as shown in the exhibit. Users report intermittent access issues. What could the company do to fix the problem? (Choose two.) Change the overlapping area to 5%. Change to 5 Ghz. Assign a different SSID to AP1. Change the authentication method on AP1. Assign AP1 to channel 11.
Change to 5 Ghz. / Assign AP1 to channel 11. The company could change the channel on the access points (APs) or move to the 5Ghz band. The exhibit shows two access points using the 2.4Ghz band. This frequency offers only three non-overlapping channels: 1, 6, and 11. The company should either change the channels, so that they do not overlap, or move both access points to the 5Ghz band, which offers more channels to use. The company should not assign a different service set identifier (SSID) to AP1. Both access points should use the same SSID to allow users to roam between two access points in the same network. An SSID is the name for a Wi-Fi network. SSIDs are created on a wireless router or an access point. Both access points have been configured using a very secure protocol, Wi-Fi Protected Access II (WPA2) with Advanced Encryption Standard (AES). This is an optimal choice and should not be changed to a legacy solution, for example WPA or WEP. The overlapping area is within an accepted range of between 10% to 15%. Reducing the overlapping area to 5% might cause connectivity issues. To decrease the signal strength, the engineer could change the AP's transmit power settings.
Following a disaster, a network administrator is attempting to prioritize system restores. What should the admin do FIRST? Verify the MTBF. Verify the RPO. Check the RTO. Check the MTTR.
Check the RTO. The administrator should first check the Recovery Time Objective (RTO). The RTO specifies the amount of time allowed for a system to be restored. Lower RTOs are reserved for mission critical systems. Additionally, as some systems rely on others, RTOs will differ between system types. Mean time to repair (MTTR) measures the amount of time between a system's failure and when it is again operational. Organizations use this metric to plan backup and restore strategies. Recovery Point Objective (RPO) defines a point in time in the past that the organization wants to recover to. The RPO will not impact restoration priorities. Mean time between failures (MTBF) attempt to predict how long a system can operate before a failure will occur. This metric does not impact restoration priorities.
The marketing team uses a SaaS service to store raw video files. The team reports slow access to some resources on the SaaS platform. What should the network team do? Check the bandwidth. Migrate all users to a PaaS solution. Deploy a SAN network. Verify the ACL on the firewall.
Check the bandwidth. The network team should use a bandwidth speed tester to verify the available bandwidth. The marketing team uses a software-as-a-service (SaaS) solution to upload raw video files, which is a bandwidth-consuming process. SaaS provides access to software on a subscription basis. The team should not migrate all users to a platform-as-a-service (PaaS) solution. PaaS is used by software developers to create new applications. The network team should not deploy a storage area network (SAN) for this scenario. SAN is a sophisticated and expensive storage solution that uses dedicated hardware and software. Storing raw video files does not justify the deployment of SAN. It is unlikely that the problem is with an access control list (ACL) on the firewall. Users complain about slow uploads speeds. An ACL is designed to block access to a resource. The network team should verify the available bandwidth.
A wireless client reports their VoIP calls are choppy and sometimes drop. What should a network administrator do FIRST to troubleshoot this issue? Check the client's RSSI. Install omnidirectional antennas. Reduce EIRP. Add another SSID.
Check the client's RSSI. The network administrator should first check the client's Relative Received Signal Strength (RSSI). RSSI is a measurement of how well a wireless client can hear a wireless access point. In simple terms, RSSI measures the power of a received radio signal. RSSI is expressed in decibels per milliwatt, or dBm. The administrator should not reduce Effective Isotropic Radiated Power (EIRP). EIRP is used to express how much transmit energy an antenna radiates and reducing EIRP in this scenario will exacerbate the problem. The administrator should not add another Service Set Identifier (SSID). An SSID is also known as a network name and users specify the SSID when connected to a wireless network. Adding an SSID will not address VoIP performance issues. The administrator should not install omnidirectional antennas. Omnidirectional antennas are designed to spread the signal as evenly as possible in all directions. Depending on where the client is located in relation to the current antenna, this may or may not alleviate performance issues. However, the administrator must know the client's RSSI before placing a new antenna.
A security engineer installs an SSL certificate and an endpoint security package on a server. The deployment of a dedicated agent on a member server fails with the following error message: Error code: SSL_SEC_ERROR_EXPIRED_CERTIFICATE. License has expired! What should the engineer do first? Verify IP addresses on the servers. Renew the certificate. Check time settings. Change the SSL version.
Check time settings. The engineer should verify time settings first. The error message suggests that the certificate and license have expired. If the time and date settings are incorrect, the server is unable to verify these options and assumes a certificate has expired. Network Time Protocol (NTP) offers a flexible way to synchronize time and date settings in the network. NTP can be configured to authenticate the time source to ensure that only known sources are in use. The engineer should not renew the certificate as the first step. The scenario suggests that it is a new deployment and a valid certificate has been installed. The error message suggests an issue with time and date settings. The engineer should not verify IP addresses on the servers. The error message indicates that the servers have established a connection. There is no problem with IP connectivity here. The error message indicates a problem with a certificate that has expired. There is no information suggesting that a legacy or unsupported SSL version has been deployed.
An organization moves redundant hardware to a third-party hot site. Which term best describes this architecture? East-west flow Infrastructure as code Colocation DaaS
Colocation Colocation best describes this architecture. Colocation is the process of placing equipment in a third-party datacenter. A hot site mirrors a primary site and includes all the hardware, software, and connectivity required to support full operations. In this scenario, the organization is colocating redundant hardware to create a hot site at a third-party location. Infrastructure as code uses automation and orchestration techniques to deploy infrastructure such as servers and networking nodes in a predictable, repeatable way. Infrastructure as code may or may not be used in this scenario. East-west traffic flows describe traffic that flows between endpoints within the same datacenter. In this scenario, traffic will flow north and south, out of the on-premises data center. Desktop as a Service (DaaS) creates a cloud-hosted, virtual desktop environment. Deploying DaaS does not require moving redundant hardware to a third-party hot site.
A network technician discovers a router being managed on port 23. What should the technician do FIRST? Configure SSH. Install an IDS. Enable the firewall. Configure complex passwords.
Configure SSH. The technician should configure Secure Shell (SSH). In this scenario, the router is being managed on port 23, which is the standard port for Telnet. As Telnet does not support transport encryption and allows passwords to easily be captured, SSH should be configured so that administrators can connect securely to the router. The firewall should not be enabled. While a firewall can be used to reduce the attack surface of a host, it will not enforce transport encryption. The firewall should not be enabled. While a firewall can be used to reduce the attack surface of a host, it will not enforce transport encryption. An Intrusion Detection System (IDS) should not be installed. An IDS is designed to detect and alert on suspicious behavior.
A network administrator must capture all north-south packets at line rate for long-term storage and analysis. Traffic flows should not be impeded or interrupted. Which is the BEST option for meeting this requirement? Configure an inline IPS. Deploy a L2 switch. Configure a port mirror. Deploy a proxy server.
Configure a port mirror The administrator should configure a port mirror. Port mirroring is a feature offered by high-end network switches, firewalls, and other devices that copies all traffic from a source port to a destination port. This can be useful for traffic analysis, troubleshooting, and intrusion detection functions. Port mirrors do not impede or interrupt traffic. The administrator just needs to be sure the switch has enough processing power to handle the duplicate load and that the device connected to the mirrored port can capture traffic at line rate. The administrator should not deploy a proxy server. A proxy server does not facilitate a north-south packets capture. A proxy server is used to mediate requests between clients and web servers such that all requests appear to come from the proxy server. The administrator should not deploy a L2 switch. A Layer 2 switch does not necessarily facilitate a north-south packets capture. This depends on the capabilities offered by the hardware and software the switch uses. Most low-end switches do not support port mirroring. The administrator should not configure an inline Intrusion Prevention System (IPS). IPS can capture and analyze north-south traffic. However, installing the IPS inline means it will likely impede or interrupt flows. An IPS is used to detect and block malicious activity and is not designed for line-rate packet capture and storage.
A company has a Dynamic Host Configuration Protocol (DHCP) server with all of the subnet addresses specified as an IP address scope. The company deploys a new physical server as a database server in the 192.168.4.0/24 subnet. Applications that use the database server require the server to always have the same IP address. Company policy forbids the use of static addressing. What should the company do to set the addressing for the database server? Use a virtual IP (VIP) address. Configure an IP address reservation. Use an APIPA address. Specify an IP address exclusion.
Configure an IP address reservation. An IP address reservation should be configured on the DHCP server for the database server. This sets aside an address out of a configured address scope and ensures that the server always leases the same address. The computer to receive the reserved IP address is identified by its MAC address. An IP address exclusion should not be specified. An IP address exclusion is used when an address that is part of an address scope is configured as static on a device. This prevents the address from being leased to another device by the DHCP server. The excluded address is still part of the address scope. A VIP should not be used. A VIP is used when it is necessary to assign a shared IP address to multiple domain names, multiple servers, or multiple application instances (such as web servers) running on the same server. VIPs are also used with Network Address Translation (NAT) servers. An Automatic Private IP Addressing (APIPA) address should not be used. An APIPA address is generated automatically when a host configured for automatic address assignment is unable to lease an address from a DHCP server.
A network engineer must ensure communications between an organization's branch offices and main HQ cannot be eavesdropped on. What should the engineer do? Use private IP addresses on all sensitive servers. Segment unencrypted and encrypted traffic. Configure firewalls to only allow trusted connections. Configure site-to-site VPN between locations.
Configure site-to-site VPN between locations. The engineer should configure site-to-site Virtual Private Network (VPN) connections between locations. VPN is often used to securely connect users and sites across the internet. In this scenario, the engineer would likely configure site-to-site VPN using routers in each location. While using private IP addresses on all sensitive servers is a best practice, this will not ensure communications between sites are protected from eavesdropping. The engineer should not segment unencrypted and encrypted traffic. Network segmentation is done to isolate nodes. However, this approach will not protect site-to-site communications. While configuring firewalls to only allow trusted connections is a best practice, this will not ensure communications between sites are protected from eavesdropping.
To enhance performance and security, an organization defines VLANs on L2 switches. Switches will not host the same VLANs, but traffic for all VLANs must flow between switches. Which solution BEST meets this requirement? Connect all switches to a Layer 3 switch. Create an interface for each VLAN on all switches. Connect switches together on access ports. Configure tagging on switch interconnects.
Configure tagging on switch interconnects. Tagging should be configured on switch interconnects. A Virtual Local Area Network (VLAN) allows devices to be grouped logically with other nodes. In scenarios where multiple VLANs are used, the interconnected ports between switches must be able to carry traffic for more than one VLAN. Configuring 802.1Q tagging on a port makes this possible. Once configured, the switch uniquely tags traffic for each VLAN so the remote switch can forward traffic to ports on that VLAN. 802.1Q ports are also known as trunk ports. Switches should not be connected on access ports. Access ports can carry traffic for only one VLAN. Endpoints are typically connected to access ports. Interfaces for each VLAN should not be created on all switches. This would be done on a Layer 3 switch to allow routing between the VLANs. All switches do not need to be connected to a Layer 3 switch. This is not required to pass traffic for all VLANs. If required, a Layer 3 switch or router can be used to route traffic between VLANs.
The support team has been tasked with creating an alias name for a newly deployed server. What should the team do? To answer, complete the statement by choosing the correct answers from the drop-down menus. Connect To: Configure:
Connect To: DNS Server Configure: CNAME record The team should connect to a Domain Name System (DNS) server and configure a Canonical Name (CNAME) record. DNS is a service that translates domain names into IP addresses. There are multiple records in use. One of them is CNAME, which allows the team to create an alias for an existing entry. The team should not create a mail exchange (MX) record. MX records are used to determine where to deliver email messages. The team should not configure an IP reservation. DHCP servers can be configured to assign an IP address based on a MAC address using a reservation. A DHCP server is not the correct choice here. The team could not use it to create an alias. DHCP is a service responsible for assigning IP addresses. An NTP server cannot be used here. The team could configure an NTP server to synchronize clocks on network devices.
A service technician tests and confirms a theory for the probable cause of a problem. What should the technician do next? Create a plan of action. Escalate the problem. Apply preventive measures. Implement a solution.
Create a plan of action. After confirming a theory and the probable cause of a problem, the next step is to create a plan of action that identifies the actions that need to be taken to resolve the problem. The number and type of actions required depend on the problem specifics. A systematic troubleshooting methodology typically includes the following steps: Identify the problem (gather information, duplicate the problem if possible, question users, identify symptoms, determine if anything has changed, approach multiple problems individually). Establish a theory of probable cause (question the obvious, consider multiple approaches). Test the theory to determine cause (Once theory is confirmed determine next steps to resolve problem; if theory is not confirmed, establish new theory or escalate). Establish a plan of action to resolve the problem and identify potential effects. Implement the solution or escalate as necessary. Verify full system functionality and if applicable implement preventative measures. Document findings, actions, and outcomes. The technician should not immediately start implementing a solution. There needs to be a plan of action first, identifying what needs to be done. This also provides a way to document the actions taken. The technician should not apply preventive measures at this point. Preventive measures, if applicable, should be applied after implementing the solution and verifying that the system is functioning properly. The technician should not escalate the problem. Escalation should be limited to situations which the technician is not able or not authorized to handle. Creating a plan of action is something the technician should be authorized to do and is probably specifically called out as a one of a technician's job responsibilities.
A network engineer needs to be able to identify anomalies in LAN performance and availability. What should the engineer do FIRST? Verify the network SLA. Configure audit logs. Deploy SNMP agents. Create network baselines.
Create network baselines. The network engineer should first create network baselines. Baselines aim to track the performance of a system, application, or network over time. Using this information, the engineer can accurately plan the network capacity that will be required to support the services, servers, and applications deployed in an organization. Additionally, once normal network performance is documented, performance changes or anomalies can be identified. This allows an organization to respond proactively to performance issues before they escalate. The network engineer should not first deploy Simple Network Management Protocol (SNMP) agents. SNMP can collect performance and event information from network. However, without a network baseline, the engineer will not be able to identify performance anomalies. The network engineer should not first configure audit logs. On a network device, an audit log typically records administration and configuration activities. This will not aid in identifying network performance anomalies. The network engineer should not first verify the network Service Level Agreement (SLA). An SLA outlines an expected level of service, typically from a vendor. An SLA in this scenario might be used to identify what occurs when performance or availability anomalies are identified.
A switch is unable to learn the MAC address for VMs on a directly connect host. What should a network technician do to address this issue? Define a default route for the VM host. Create static ARP entries on the switch. Create a PTR record for each VM. Create a static route that points to each VM.
Create static ARP entries on the switch. The technician should create static Address Resolution Protocol (ARP) entries on the switch. ARP is used to resolve IP addresses to Media Access Control (MAC) addresses. MAC addresses are designed to be globally unique and are critical to layer 2 communications. Following resolution, the IP-to-MAC mapping is added to an ARP cache for a pre-determined amount of time. In scenarios where ARP resolution does not work properly, static ARP mappings can be defined. In this scenario, a default route for the VM host is not required. A default route is used when a route to a destination cannot be found. Defining a default gateway on a device creates a default route. A default route is a layer 3 construct. Static routes are used to specify a route to a network. Every router requires routes to properly process traffic and these routes can be dynamically learned via a routing protocol, statically created, or a combination of both. Static routes are layer 3 constructs. Pointer Record (PTR) do not map MAC addresses. PTR records map IP addresses to hostnames. PTR records facilitate reverse lookups, which resolve IP addresses to hostnames.
Match network protocols and services to the OSI model layer in which they are implemented. To answer, drag the appropriate OSI layer to each protocol or service. An OSI layer may be used once, more than once, or not at all. application network transport data link physical presentation session
DHCP: Application SMTP: Application ICMP: Network TCP: Transport DNS: Application FTP: Application The OSI model defines seven layers: Layer 1: PhysicalLayer 2: Data linkLayer 3: NetworkLayer 4: TransportLayer 5: SessionLayer 6: PresentationLayer 7: Application Dynamic Host Configuration Protocol (DHCP) is the service that provides automatic IP address assignment and automatic network property configuration. The protocol and service are implemented at the Application layer. Simple Mail Transfer Protocol (SMTP) is an Internet-standard protocol for sending and receiving email. SMTP is implemented at the Application layer. Two other email protocols, Post Office Protocol 3 (POP3) and Internet Message Access Protocol (IMAP), are also implemented at this layer, along with email clients. Internet Control Message Protocol (ICMP) is used for error reporting, diagnostics, and troubleshooting. ICMP is implemented at the Network layer. Transmission Control Protocol (TCP) is one of the core protocols of the TCP/IP protocol suite. TCP is a connection-oriented communication protocol that provides rules for establishing connections and sending data between applications. TCP is implemented at the Transport layer, along with the connectionless User Datagram Protocol (UDP). The Domain Name Service (DNS) provides resolution between host names and IP addresses and is implemented at the Application layer. The File Transfer Protocol (FTP) supports remote delivery of files and is implemented at the Application layer. FTP clients are also implemented at the Application layer.
A user reports odd behavior when attempting to access network resources from their Windows laptop. While reviewing the laptop's configuration, a network technician discovers that the hosts file has been modified. Which type of attack has the security administrator likely uncovered? On-path attack MAC spoofing DNS poisoning Domain hijacking
DNS poisoning A Domain Name System (DNS) poisoning attack adds new or overwrites existing cached hostname to Internet Protocol (IP) address entries. For example, an attacker could add in invalid DNS cache entry for comptia.org so that when a user navigates to comptia.org, they are instead directed to a malicious website. On a Windows system, the file that initially populates the DNS cache is known as the hosts file and is stored in the C:\windows\system32\drivers\etc directory. Media Access Control (MAC) spoofing does not rely on changes to system files. MAC spoofing involves mimicking the MAC address of a target host. By imitating another host in this way, an attacker can intercept network traffic meant for the target. Domain hijacking involves manipulating domain registrations in public domain name registries. In domain hijacking, the attacker is attempting to steal a domain name. An on-path attack occurs when an attacker intercepts communications between two nodes. Depending on the sophistication of the attack, the attacker may be able to read and even modify data in transit between the nodes. DNS poisoning, Address Resolution Protocol (ARP) poisoning, and Dynamic Host Configuration Protocol (DHCP) spoofing can all be used to perpetrate an on-path attack.
A NIDS reports several attempts to download files from an external IP address. The Technical Services department determines that the source is a website that is made to look like a site from which network users download reference materials and blank PDF forms. Users enter the correct URL for the website but are being sent to a different IP address. Which type of attack is this? VLAN hopping Evil twin DNS poisoning ARP poisoning
DNS poisoning The redirection is through a DNS poisoning attack. In a DNS poisoning attack, a fake IP address replaces the valid IP address for a server or other device. When users attempt to navigate to the server, they are sent to a different server This result of the redirection, users being sent to a fake website that looks like a valid website, is often referred to as a pharming attack. This is one of the forms that a pharming attack can take. Another is to use a close variation of a valid sites name and URL as a destination in a link. This is not an example of ARP poisoning. ARP poisoning is used to inject or replace Media Access Control (MAC) addresses in a host's ARP cache. The MAC address is used for final delivery of packets on a network, so ARP poisoning can be used to redirect traffic from its target to an attacker's computer. ARP poisoning is one of the ways that a man-in-the-middle attack is executed, where transmissions between two computers are monitored by a third computer. This is not an example of VLAN hopping. VLAN hopping is used to gain access to VLANs to which the attack would not have access. The attack is used as a way to intercept and collect data. This is not an example of an evil twin. An evil twin is a rogue access point that is set up to look like a valid access point. The rogue can be a wireless access point or a computer configured to act as a wireless access point.
A NIDS reports several attempts to download files from an external IP address. The Technical Services department determines that the source is a website that is made to look like a site from which network users download reference materials and blank PDF forms. Users enter the correct URL for the website but are being sent to a different IP address. Which type of attack is this? ARP poisoning VLAN hopping DNS poisoning Evil twin
DNS poisoning The redirection is through a DNS poisoning attack. In a DNS poisoning attack, a fake IP address replaces the valid IP address for a server or other device. When users attempt to navigate to the server, they are sent to a different server. This result of the redirection, users being sent to a fake website that looks like a valid website, is often referred to as a pharming attack. This is one of the forms that a pharming attack can take. Another is to use a close variation of a valid sites name and URL as a destination in a link. This is not an example of ARP poisoning. ARP poisoning is used to inject or replace Media Access Control (MAC) addresses in a host's ARP cache. The MAC address is used for final delivery of packets on a network, so ARP poisoning can be used to redirect traffic from its target to an attacker's computer. ARP poisoning is one of the ways that a man-in-the-middle attack is executed, where transmissions between two computers are monitored by a third computer. This is not an example of VLAN hopping. VLAN hopping is used to gain access to VLANs to which the attack would not have access. The attack is used as a way to intercept and collect data. This is not an example of an evil twin. An evil twin is a rogue access point that is set up to look like a valid access point. The rogue can be a wireless access point or a computer configured to act as a wireless access point.
Which OSI layer relies on burned-in hardware addresses? Data Link Session Transport Network
Data Link The Data Link layer, layer 2 of the Open Systems Interconnection (OSI) model, relies on burned-in hardware addresses. These addresses are known as Media Access Control (MAC) addresses and are burned-in, or programmed, into a network controller by the manufacturer. In theory, MAC addresses are globally unique. On a Transmission Control Protocol/Internet Protocol (TCP/IP) network, the Transport layer, layer 4 of the OSI model, uses ports to differentiate between services. For example, Hypertext Transfer Protocol (HTTP) uses the well-known TCP port 80. On a TCP/IP network, the Network layer, layer 3 of the OSI model, uses IP addresses. IP addresses are not burned-in hardware, they are logical addresses. The Session layer, layer 5 of the OSI model, does not use an addressing scheme. As its name indicates, the Session layer creates and manages network sessions.
A router must forward a packet to a subnet for which it does not have a route. Which route will the router MOST likely utilize? Exterior route Default route Static route Dynamic route
Default route The router will most likely utilize a default route. Depending on the routing protocols in use and the size of the routing table, routers may not store routes to every possible network destination. If a router does not have a route to a destination, it will discard packets clients sent to that destination. To prevent this, a default route can be created. Default routes are used to determine where packets should be sent when a more specific route cannot be determined. A static route is typically manually configured on a router, as opposed to being learned using a routing protocol. A default route may be static or dynamic. A dynamic route is learned from another router using a routing protocol, such as Open Shortest Path First (OSPF). A default route may be static or dynamic. Exterior routes are creating using exterior routing protocols, such as Exterior Border Gateway Protocol (eBGP).
A network administrator connects finance and marketing PCs to the same L2 switch. The administrator must ensure that marketing PCs do not communicate with finance PCs. Which is the BEST solution the administrator should deploy? Define data VLANs. Disable STP. Configure a screened subnet. Deploy an IPS.
Define data VLANs. The administrator should define data Virtual Local Area Networks (VLANs). A VLAN allows devices to be grouped logically with other nodes connected across multiple network switches. VLANs increase network efficiency by reducing the size of broadcast domains and enhance network security by segmenting the network and isolating nodes from one another. Communications between VLANs are facilitated using routers. The administrator should not configure a screened subnet. A screened subnet is used to host Internet-accessible servers on a protected network that is separate from the production Local Area Network (LAN). A screened subnet is also known as a demilitarized zone (DMZ). The administrator should not disable Spanning Tree Protocol (STP). In a switched Ethernet network, STP ensures a loop-free topology. The administrator should not deploy an Intrusion Prevention System (IPS). An IPS is used to detect and block malicious activity.
What is the purpose of on-boarding and off-boarding procedures? Defining procedures for specifying and adding new network devices and retiring and disposing of old devices Defining activities when an employee joins or leaves an organization Setting user access limits on remote access based on geographic location Setting data loss policies based on storage locations in relation to the internal network
Defining activities when an employee joins or leaves an organization On-boarding and off-boarding procedures define activities when an employee joins or leaves an organization. On-boarding activities would include activities such as orientation, training, assigning a network user account, and so on. Off-boarding activities include removing access to the network, return of company equipment and other materials, and paperwork related to leaving. Some off-boarding activities will likely be the same for all employees, while others may differ depending on whether an employee quits, retires, or is fired. On-boarding and off-boarding procedures are not related to data loss prevention (DLP) policies. DLP is related to protecting data and preventing the loss or improper modification or exposure of data. DLP is typically managed through a combination of network access privileges and DLP software. On-boarding and off-boarding procedures are not related to network devices and their use. These procedures and policies would be defined through system lifecycle policies. On-boarding and off-boarding procedures do not set access user access limits during remote access. This would be accomplished through user rights, remote access policies, and network access controls.
A company's network is shown in the exhibit. The DHCP server is configured with a scope for each network. Clients in the 192.168.4.0 and 192.168.4.128 subnets are unable to lease addresses from the DHCP server. Clients in the 192.168.2.0 subnet are able to lease addresses. What should the company do? Deploy DHCP relay agents in the 192.168.4.0 and 192.168.4.128 subnets. Configure IP exclusions for the 192.168.4.0 and 192.168.4.128 subnets. Deploy a DHCP relay agent in the 192.168.2.0 subnet. Open UDP port 53 on each of the routers.
Deploy DHCP relay agents in the 192.168.4.0 and 192.168.4.128 subnets. The company should deploy DHCP relay agents in the 192.168.4.0 and 192.168.4.128 subnets. The most likely problem is that the routers are not passing the DHCP client requests to the DHCP server. DHCP uses the same UDP ports as the BOOTP protocol, 67 and 68. If BOOTP relay is not enabled on or supported by the router, it will not pass the requests. A DHCP relay agent accepts requests from the clients and then sends them to the DHCP server in a packet structure passed by the router. The other option (not listed) is to enable BOOTP forwarding on each router. The company should not deploy a DHCP relay agent in the 192.168.2.0 subnet. This would not accomplish anything towards fixing the problem. The DHCP relay agent must be deployed on the same subnet(s) as the clients attempting to lease IP addresses. The company should not open UDP port 53 on each of the routers as a fix for DHCP address assignment. Port 53 is used for DNS services. The company should not configure IP exclusions for the 192.168.4.0 and 192.168.4.128 subnets. IP exclusions are used to identify IP addresses that should not be assigned by the DHCP server.
A company's ecommerce platform frequently crashes due to heavy traffic loads. Which is the BEST option for improving site availability for end users? Deploy a web server farm and configure active/active load balancing. Deploy a NAT gateway and configure port forwarding rules. Deploy an IDS between the network firewall and the web server. Place the web servers on the DMZ and configure restrictive ACLs.
Deploy a web server farm and configure active/active load balancing. The best option for improving site availability for end users is to deploy a web server farm and configure active/active load balancing. In active/active load balancing, a hardware or software load balancer distributes traffic across two or more nodes. In this scenario, the provider could build a web farm with all web servers hosting the same content. A load balancer could then be configured to distribute requests using the round-robin method. If any single server fails or is otherwise busy, the remaining servers can service requests. The provider should not place the web server on the demilitarized zone (DMZ) and configure restrictive Access Control Lists (ACLs). A DMZ, also known as a screened subnet, is used to host Internet-accessible servers on a protected network that is separate from the production Local Area Network (LAN). This approach will not necessarily enhance availability. The provider should not deploy a Network Address Translation (NAT) gateway and configure port forwarding rules. NAT is often used to enhance network privacy by hiding a network behind one or more public Internet Protocol (IP) addresses. This approach will not necessarily enhance availability. The provider should not deploy an Intrusion Detection System (IDS) between the network firewall and the web server. An IDS monitors and analyzes traffic and reports intrusion attempts.
A network technician must ensure that nodes can send traps when performance thresholds are breached. Which solution BEST meets this requirement? Configure a syslog server and forward syslog information from nodes. Install IDS software on each network node and define performance alerts. Configure network nodes to synchronize with a centralized NTP server. Deploy an SNMP management system and configure agents on nodes.
Deploy an SNMP management system and configure agents on nodes. The engineer should deploy a Simple Network Management Protocol (SNMP) management system and configure SNMP agents on nodes. SNMP can collect performance and event information from network devices and modify device configurations. When predefined performance thresholds are breached, SNMP agents can send trap notifications to an SNMP server. Many SNMP management systems can also be configured to alert on performance thresholds and system availability. The engineer should not configure a syslog server and forward syslog information from endpoints. Syslog is a standardized protocol that is used widely on network devices and servers. Syslog agents do not send traps. The engineer should not install Intrusion Detection System (IDS) software on each network node and define performance alerts. An IDS is designed to detect, record, and alert on malicious behavior, but does not send traps. The engineer should not configure network nodes to synchronize with a centralized Network Time Protocol (NTP) server. NTP is used to keep time synchronized between network devices, but does not send traps.
A server on the internal network is determined to be at risk for potential attack. The Technical Services team is directed to harden the server to minimize this risk. The network supports wired and wireless access. The server is connected through a wired connection. A server on the internal network is determined to be at risk for potential attack. The Technical Services team is directed to harden the server to minimize this risk. The network supports wired and wireless access. The server is connected through a wired connection. Which two actions should hardening include? (Choose two.) Schedule more frequent backups Disable unused ports Stop unnecessary services Add wireless access Bring patches up-to-date
Disable unused ports / Bring patches up-to-date Actions the company can take to harden the server include bringing patches and other updates up-to-date and disabling unused ports. Patching the server helps to close any known vulnerabilities. Disabling ports reduces the access footprint of the server so that there are fewer potential attack paths. Other actions that could be taken include: Update firmware, if it is out-of-date Strengthen passwords Change credentials on any default accounts Use secure protocols for communication Disable unnecessary services The company should not limit itself to stopping unnecessary services rather than disabling them. Stopping a service does not change how startup is configured. If the service is configured to start automatically, it will start again the next time the server is restarted. The company should not treat backups as device hardening. Backups are important and can be key to data recovery after an attack or data loss but do not do anything to prevent attacks directed at the server. The company should not add wireless access. This makes the server more susceptible to attacks because it opens an additional communication path. Also, wireless communication is sometimes less secure than wired connections, depending on how it is configured.
In a multi-tier networking architecture, where is VLAN routing MOST likely to occur? Access Distribution Top-of-rack Edge
Distribution In a multi-tier networking architecture, routing is most likely to occur at the distribution layer. The distribution layer is implemented using routers or layer 3 switches. Virtual Local Area Networks (VLANs) are defined on access switches and traffic between VLANs can be routed at the distribution layer. While some routing also likely occurs at the core, most modern network architectures dedicate the core to high-speed switching. Top-of-rack switches are common in medium to large datacenters and facilitate connectivity for devices mounted in datacenter racks. The top-of-rack switches are designed to provide high throughput between servers, and between clients and servers. Due to the overhead and latency it introduces, routing is not typically done on top-of-rack switches. The access layer provides connectivity for endpoints. Though VLANs are often defined on access switches, routing between these VLANs happens at the distribution layer. This reduces overhead, complexity, and costs as layer 3 switches, switches that can perform routing, are more expensive to purchase and maintain. In some designs, access switches are referred to as edge switches. The term might also be used for switches at an organization's Internet border, or edge.
What type of attack is designed to flood a server with traffic, either crashing the server or making it unavailable? DoS Logic bomb Brute force Ransomware
DoS A denial-of-service (DoS) attack floods a network or a specific server with more traffic than it can manage. This can cause a server or other targeted network device to crash or make it unavailable. Web servers are often targeted by this type of attack. The attack can also be targeted against a network, degrading performance and making network resources unavailable. DoS attacks can take different forms and are constantly evolving to find ways around preventive or mitigating techniques. Most attacks are distributed DoS (DDoS) attacks, meaning that the attack comes from multiple sources. Some are structured as reflective attacks that use spoofed source addresses, making it more difficult to identify and block the source. Reflective attacks are sometimes routed through servers, taking on the server's IP address as their source. Amplified attacks use different methods to increase the traffic volume as a way to make the attack more effective. This does not describe a ransomware attack. Ransomware attacks take various forms, including: Locking the computer Encrypting user data to make it inaccessible Threatening to overwrite or delete all data Threatening to publish all data A ransomware attack demands that a fee (ransom) be paid by a specified time to receive a recovery code to decrypt or recover the data. There is always the risk that even paying the ransom, the victim never receives a recovery or unlock code. This is not a brute force attack. A brute force attack attempts a series of potential passwords until one works. Most brute force attacks are based around dictionary attacks that work from a list of commonly used words, but more recent versions will also attempt variations that mix in letters and other characters or generate random values. This is not a logic bomb attack.
What is the last step in a systematic troubleshooting methodology? Implement the solution in the plan of action. Apply applicable preventive measures. Verify the that the system is fully functional. Document the solution and the process.
Document the solution and the process. The last step in a systematic troubleshooting methodology is to document the solution and the entire process. This includes your findings, actions taken, and the results of those actions. You need to document the problem and what you have done in case someone else needs to work on the same equipment in the future or if you see the same problem again. A systematic troubleshooting methodology typically includes the following steps: Identify the problem (gather information, duplicate the problem if possible, question users, identify symptoms, determine if anything has changed, approach multiple problems individually) Establish a theory of probable cause (question the obvious, consider multiple approaches) Test the theory to determine cause (Once theory is confirmed determine next steps to resolve problem; if theory is not confirmed, establish new theory or escalate.) Establish a plan of action to resolve the problem and identify potential effects Implement the solution or escalate as necessary Verify full system functionality and if applicable implement preventative measures Document findings, actions, and outcomes Verifying the that the system is fully functional and applying applicable preventive measures are both part of the same step. These actions are taken after implementing the solution and before preparing the final documentation. Implementing the solution in the plan of action is not the last step. After this, you still need to verify functionality, implement preventive measures, and document the solution.
While discussing a configuration issue with a switch manufacturer's technical support team, the in-house support team learns of a switch vulnerability. The vulnerability was fixed with a recent update. The support team needs to mitigate the vulnerability and avoid a potential attack with minimum risk to the network, downtime, and cost. What should in-house support do? Order new firmware chips and remove and replace the firmware. Purchase a new switch that has the vulnerability fixed to replace the existing switch. Download and install the most recent firmware update. Deploy an IDS to closely monitor activity with the switch.
Download and install the most recent firmware update. The in-house support team should download and install the most recent firmware update. The team should download the update from the manufacturer or, based on manufacturer instructions, check the file hash to ensure that it has not changed and then apply the update. This is the correct way to update a network device. This will apply any vulnerability fixes included in the update. The team should not order new firmware chips and remove and replace the firmware. Most modern switches are designed where the firmware is soldiered in place and is not considered a field replaceable unit, that is, a component that the in-house team could replace. Any attempt would likely void any warranty on the switch. The team should not purchase a new switch to replace the existing switch. This would be an unnecessary expense because there is no reason to replace the switch. The team should not deploy an intrusion detection system (IDS) to closely monitor activity with the switch. This would not prevent an attack. If an attack is detected, the IDS could send an alert so that the appropriate personnel could response to the attack.
A user complains about the transfer rates from a server in VLAN 4. A network administrator connects to a switch and receives the output shown in the exhibit. Which parameter is MOST likely misconfigured on the switch? Duplex Speed MDI mode Flow control
Duplex The duplex settings should be verified. The exhibit shows an output from a switch representing port status. There is only one active port in VLAN 4 - Port 5. The exhibit shows that the negotiated mode is 100HDx, which means 100 Mbps and half-duplex. Half-duplex indicates that frames can be transmitted in both directions, but not at the same time, which will heavily impact the performance of the network. The network administrator might also encounter a situation called a duplex mismatch error, where one side uses half-duplex and the other side uses full-duplex. The speed setting is not a problem here. The exhibit shows that all ports use 100 Mbps. The flow control will not fix the issue. Flow control could be enabled for high-performance servers that require loss-sensitive protocols. The medium dependent interface (MDI) setting is not the issue here. The Auto MDI mode is used to identify and correct cabling issues such as using a straight through cable instead of a crossover cable.
A company is designing a wireless LAN deployment. To help secure the network, the company wants to use an authentication protocol option that requires a client certificate on each wireless client. Which authentication protocol option should the company use? EAP-TLS EAP-PSK EAP-FAST PEAP
EAP-TLS The company should use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS). This helps to support secure authentication and can prevent unauthorized access, even if a user password is compromised. EAP-Flexible Authentication via Secure Tunneling (EAP-FAST) sends authentication criteria via a secure tunnel. This option requires a server certificate for establishing the tunnel, but it does not require a client certificate. Protected Extensible Authentication Protocol (PEAP) encapsulates authentication traffic within a secure tunnel. PEAP itself does not require a client certificate except when used to encapsulate EAP-TLS. EAP-Preshared Key (EAP-PSK) uses a preshared key value to implement secure mutual authentication between a client and server. EAP-PSK does not require a client or a server certificate. This protocol is supported in several implementations but is not supported by WPA2.
Compare characteristics of NAS and SAN storage technologies. To answer, choose the appropriate storage type from the drop-down menus. Emulates directly attached storage for servers accessing storage. Maintains its own file system, and data access is through remote file system I/O. Structured as a dedicated network consisting of multiple storage devices. Preferred solution when extreme high-speed data transfer is required.
Emulates directly attached storage for servers accessing storage: SAN Maintains its own file system, and data access is through remote file system I/O: NAS Structured as a dedicated network consisting of multiple storage devices: SAN Preferred solution when extreme high-speed data transfer is required: SAN Network attached storage (NAS) refers to a single storage device connected directly to the network. It is recognized and accessed through its IP address. The device maintains its own file system, and data access is through remote file system I/O, like any other shared network file server. NAS is necessary to support applications that require file-level access. A storage area network (SAN) is a dedicated network of storage devices. A SAN can support an assortment of storage devices, including disk arrays and tape libraries. Because storage is structured as block storage, it emulates directly attached storage for servers accessing storage. The accessing server is responsible for the file system. This is the preferred storage solution when extreme high-speed data transfer is required.
A technician configures an access point as shown in the exhibit. He creates a list of MAC addresses to allow on the network using MAC filtering. The technician realizes that despite this configuration, any device can still connect. What should the technician do? Change the method to Blacklisting. Enable MAC filtering globally. Change the order of IDs. Reboot the access point.
Enable MAC filtering globally. The MAC address filtering option has not been enabled. The technician can create a list of allowed MAC addresses, but he has to enable it globally for it to be used by the access point. MAC address filtering allows the technician to create a list of devices that are allowed to connect to the wireless network. Many reports suggest that it does not increase the security in the network, and it is rarely used in a production network. The technician should not change the method to Blacklisting. The technician wants to create a list of devices that are authorized to connect to the network. He should use a whitelist for that. Changing the order of IDs will not fix the issue. The access point processes all IDs in the list, and the order is irrelevant. The technician should not reboot the access point since this could cause a disruption to other authenticated users. The technician should enable the MAC filtering option.
A network administrator must configure a wireless controller to allow authentication for devices that do not support EAP. Once configured, client authentication must be automatic. However, unauthorized users should not be able to access network resources. Which of the following actions should the administrator take? Configure the controller to support TLS. Configure 802.1x on the controller and setup RADIUS. Require clients to use certificates to authenticate. Enable PSK authentication on the controller.
Enable PSK authentication on the controller. The administrator should enable Pre-Shared Key (PSK) authentication on the controller, preferably Wi-Fi Protected Access 2 PSK (WPA2-PSK). WPA2-PSK uses pre-shared keys to facilitate authentication. This is useful in scenarios where clients do not support Extensible Authentication Protocol (EAP). This is also useful in scenarios where clients may support EAP, but the network does not support centralized authentication using 802.1x, such as in a home network. The administrator should not require clients to use certificates to authenticate. Certificate-based authentication for wireless networks is facilitated by EAP-based protocols, such as Extensible Authentication Protocol - Transport Layer Security (EAP-TLS). The administrator should not configure 802.1x on the controller and setup Remote Authentication Dial-In User Service (RADIUS). 802.1x facilitates centralized authentication for wireless networks and does not support pre-shared keys. This approach requires EAP, and therefore does not meet the requirements listed in the question. The administrator should not configure the controller to support Transport Layer Security (TLS). TLS is used to encrypt network traffic.
An email server responds to a client's EHLO as shown below. 250-s1.domain.com Hello GP [12.16.14.57] 250-SIZE 51828800 250-PIPELINING 250-AUTH PLAIN LOGIN 250 HELP What should be done to enhance the system's security? Enable transport encryption on port 587. Implement email encryption on clients. Use port 587 for server-to-server email transfers. Require password complexity for clients.
Enable transport encryption on port 587. To enhance the system's security, transport encryption should be enabled on port 587. By default, Simple Mail Transfer Protocol (SMTP) does not require transport encryption. In this example, the server does not announce that it supports Transport Layer Security (TLS). It also advertises AUTH PLAIN LOGIN, meaning login credentials can be sent in clear text. If TLS is configured, the STARTTLS directive will be issued by the server. Port 587 is the standard client email submission port and is reserved for this purpose. In this scenario, email encryption should not be enabled. Secure/Multipurpose Internet Mail Extensions (S/MIME) uses Public Key Infrastructure (PKI) to ensure the integrity, authenticity, and confidentiality of email. However, S/MIME does not encrypt SMTP conversations. To enhance the system's security, password complexity should not be required. Password complexity will not mitigate the risk posed in the scenario. Until the transport encryption issue is resolved, an attacker can easily intercept complex passwords. To enhance the system's security, port 587 should not be used for email transfers. Port 587 is the default client-to-server email submission port. This port does not inherently require transport encryption.
A network technician has confirmed that faulty DNS records are causing connection timeouts. Which step of the troubleshooting methodology should the technician take NEXT? Document action taken Establish an action plan Verify system functionality Establish a theory
Establish an action plan The network technician should establish an action plan. This is step 4 of the troubleshooting methodology. The admin has identified the problem (step 1) as connection timeouts and established a theory (step 2) that faulty Domain Name System (DNS) records are causing the issue. The admin has tested the theory (step 3) to confirm this assumption. In step 4, the admin will determine which actions are required to resolve the issue. The admin should not verify system functionality. This is done after the action plan has been implemented. The admin should not document actions. This is done in the final step of the troubleshooting methodology. This refers to formally documenting the issue and resolution for the benefit of other admins. This is not meant to restrict notetaking during other troubleshooting steps. The admin does not need to establish a theory. This occurs early in the troubleshooting process, after the problem has been identified, and has already happened in this scenario.
Which statement describes traffic shaping? Excess traffic is returned to the sending node. Excess traffic is buffered until bandwidth is available. Excess traffic is immediately dropped. Excess traffic is marked with a decreased priority.
Excess traffic is buffered until bandwidth is available. With traffic shaping, excess traffic is buffered until bandwidth is available. This feature is provided by Quality of Service (QoS), which uses two primary mechanisms to classify traffic and enforce rate limiting techniques, policing and shaping. Depending on the vendor, these methods use a token bucket method to track a flow's rate of transfer, with each token representing a unit of traffic. In traffic shaping, if all the tokens have been consumed, packets are buffered until bandwidth is available for consumption. This bandwidth is represented as tokens. With traffic shaping, excess traffic is not immediately dropped. This occurs in QoS traffic policing. Like a shaper, a policer also uses the token bucket algorithm. When all the tokens have been consumed, traffic is not queued and is dropped. With traffic shaping, excess traffic is not marked with a decreased priority. Depending on how a traffic policer is configured, traffic can be marked down rather than dropped. QoS uses a packet marking mechanism, comparable to tagging, to identify a packet's priority. A policer can change this marking to indicate a lower priority. With traffic shaping, excess traffic is not returned to the sending node. Some rate limiting algorithms will either return the excess traffic or notify the sending node that the requests have been dropped and should be resubmitted at a later time.
Which is the BEST option for increasing availability of a network's gateway router group? STP RADIUS FHRP NTP
FHRP First Hop Redundancy Protocol (FHRP) is the best option for increasing availability of a network's gateway router group. FHRP allows a cluster of two or more routers to share a single virtual IP address. Depending on the implementation, a FHRP router group may have one active and one or more passive routers, or all routers may be active. Network Time Protocol (NTP) is not used to increase router availability. NTP is used to synchronize time on network nodes. Spanning Tree Protocol (STP) is not used to increase router availability. STP is used to prevent layer 2 switching loops in networks with redundant paths. Remote Authentication Dial-In User Service (RADIUS) is not used to increase router availability. RADIUS can be used to facilitate authenticated network access.
Which of the following is an example of valid multifactor authentication factors? Facial recognition and PIN Thumb print and retinal scan Smart card and proximity tag PIN and password
Facial recognition and PIN Using facial recognition and a personal identification number (PIN) is an example of multifactor authentication. For an authentication scheme to be multifactor authentication, it must include at least two DIFFERENT factors from the following: Something you know Something you have Something you are Somewhere you are Something you do You might see other factors listed. Multifactor authentication was originally based on three possible factors, but recently additional contextual factors have been added to the list. Something you know would be a value such as a password or PIN. Something you have refers to a physical device, like a smart card. Something you are refers to personally identifying features, such as fingerprint, retinal scan, or facial recognition. Contextual factors include somewhere you are and something you do. Verifying location can be through GPS or device IP address. Facial recognition is something you are and a PIN is something you know, so this is an example of multifactor authentication. A PIN and password do not qualify as multifactor authentication because they are both something you know. A smart card and proximity tag do not qualify as multifactor authentication because they are both something you have. Thumb print and retinal scan do not qualify as multifactor authentication because they are both something you are.
Which network security device protects LAN devices from malicious attackers on the Internet? Switch Load balancer Default gateway Firewall
Firewall A firewall is a network security device designed to protect Local Area Network (LAN) devices from malicious attackers on the Internet. Firewalls can be simple routers configured with strict access control lists (ACLs) that limit inbound and outbound traffic based on source and destination IP addresses. However, most next generation firewalls (NGFWs) track session states and offer complex rulesets. Beyond simple firewalling, they may also scan traffic for malware and offer intrusion prevention functionality. A load balancer is used to distribute user requests across all servers in a farm. Load balancers use one of several algorithms for distributing loads across multiple servers. For example, a simple load balancer alternates between two servers by sending one request to the first server and sending the next request to the second server. Load balancers can also facilitate redundancy by only sending requests to live servers. In IP networking, a node uses its default gateway when it needs to send a packet to a node on a different subnet. A default gateway often also functions as a gateway of last resort and is used when a node does not know how to route a packet to its destination. Default gateways provide routing capabilities and allow hosts to communicate across subnets. Network switches provide connectivity to wired network nodes. Traditionally, switches function at layer 2 (Data Link) of the Open Systems Interconnection model (OSI model). A layer 3 (Network) switch also offers routing capabilities.
A company wants to deploy a web server in a new DMZ. Which device should the company use to configure a new network zone and Layer 7 filtering policies? Web proxy Switch Firewall Hub
Firewall The company should use a firewall to configure a new network zone and apply Layer 7 filtering policies. A firewall guards the network and monitors all traffic. Firewalls can work at Layer 7 to offer application-awareness services. Next-generation firewalls (NGFWs) offer more features and can block network attacks. A demilitarized zone (DMZ) is a special network area kept separate from the internal network. The company could use a DMZ to deploy internet-facing servers and applications. The company should not use a switch for this deployment. A switch supports VLANs and access control lists (ACLs), but is very limited when it comes to security features and does not allow the company to monitor data at the Application Layer (Layer 7) of the OSI model.An ACL is a list of statements specifying an allowed or denied action. An ACL might allow traffic from one security zone (area) to another. A hub is a legacy Layer 1 device. Hubs do not support zones or any security options. The company should use a firewall to configure a new network zone. A proxy server acts as a gateway between a local computer and a resource on the Internet. Web proxy servers focus on web traffic and allow users to hide their real IP address or bypass security restrictions. The company could use a proxy server to monitor and filter outgoing traffic. A web proxy is not designed to configure a DMZ with Layer 7 filtering.
A company collects network traffic data from multiple subnets. Detailed analysis indicates that packets are being dropped by one of the routers. Technicians suspect this is due to misconfigured firewall ACLs. Where should technicians look for more detailed information? Firewall logs Vulnerability scans Event logs Port scans
Firewall logs Technicians should review the firewall logs. Firewall logs will have information about packets dropped and the reason they are dropped. Firewall rules define access control lists (ACLs) to determine when packets are passed or blocked and dropped by a firewall. When a packet is dropped because of ACL restrictions, it is recorded in the firewall log. Technicians should not review the event logs. Event logs contain entries generated by system, application, or auditing events. Dropped packets do not generate events that are logged in the event logs. Technicians should not review vulnerability scans. These might indicate weaknesses in firewall rules and ACLs, but they would not contain detailed information about dropped packets. Technicians should not review port scans. Ports scans identify open ports, not information about traffic and the status of packets.
The potential effects are evaluated in step 4. The network administrator should have a back-out plan in case the solution causes any disruptions to users or network devices. Gather more information from users. Escalate the issue to the server team. Reboot the servers. Check and replace the cabling in the communications room.
Gather more information from users. The technician should gather more information from users. Even if a ticket has a higher priority, the technician should follow the network troubleshooting methodology. The first step recommends questioning users and collecting information about the problem. The issue has not been described in detail and requires more information. At this stage, the technician could try and recreate the problem. Then, the technician should establish and test a theory of probable cause and establish a plan of action. They could then escalate the issue to another department at this stage. Finally, the technician can implement the solution, verify all systems, and document their findings. The technician should not reboot the servers, because they have not gathered all information and there is no theory in place. The technician could reboot the servers after creating and testing a plan if they decide that it is required to fix the problem. The technician should not escalate the issue yet. They first have to gather more information. There is nothing in the scenario to suggest that the problem is with the server. It might be a network issue or a local desktop problem. The technician should not check and replace the cables in the communications room. That would be considered the implementation of a solution. The technician has to question the users, establish and test a theory, and create a plan first.
A company recently implemented a bring your own device (BYOD) policy and is adding security controls over personal devices. The company wants to ensure that some managed apps and most company data will be unavailable when a device leaves the corporate campus. What should the company use to implement this? WPA2 Geofencing Geotagging EAP-FAST
Geofencing The company should use geofencing. Geofencing is a way of establishing an electronic perimeter. This can be done through GPS, radio frequency identification (RFID), cellular triangulation, or a combination of methods to establish a boundary. Features can be enabled or disabled when entering or leaving an area. The company should not use geotagging. Geotagging refers to associating a geographic location with a photo, video, text, or other post or data. This is typically discouraged from a security standpoint because it enables someone to track your location. The company should not use Wi-Fi Protected Access II (WPA2). WPA2 is a means of securing a wireless network through secure authentication and encrypted communication. WPA2 is built on the IEEE 802.11i wireless security standard. WPA2 does not provide for interactive BYOD feature control based on location. The company should not use Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST). EAP-FAST is a secure authentication protocol that establishes a secure communication tunnel for passing client certification credentials. It is not related to location-based awareness.
Which metric is used to determine routes when using RIP? Latency Hop count Bandwidth Reliability
Hop count Routing Information Protocol (RIP) is a distance-vector routing protocol that uses hop count, or the number of routers between the communicating hosts, to determine the best route. RIPv1, the original version, has been replaced by two newer versions that add features not supported by the original version. RIPv2 added support for Classless Inter-Domain Routing (CIDR). RIPng added support for IPv6 networking. RIP does not consider bandwidth in determining a route, but bandwidth is used as the primary factor with Open Shortest Path First (OSPF). OSPF is a link-state routing protocol and is the most common routing protocol in current use. OSPF is well-suited to large networks because of its ability to respond quickly to changes in available routes. OSPF also lets you configure a routing hierarchy, designating backbone routes as opposed to all other routes. OSPF supports IPv6 and CIDR. RIP does not consider reliability, but reliability can be part of the metric calculation for the Enhanced Interior Gateway Routing Protocol (EIGRP). EIGRP is considered an advanced distance-vector routing protocol that is not limited to just hop count in determining best paths. EIGRP supports IPv6 and CIDR but does not support hierarchical routing. Latency, specified as delay in the metric formula, can also be used in EIGRP routing metrics.
What are two main differences between a hub and a switch? (Select TWO) Hubs unicast all packets, while switches broadcast all messages. Hubs are limited to four ports, while switches offer an unlimited number of ports. Hubs do not understand MAC addresses, while switches maintain a CAM address table. Hubs can be managed using HTTP, while switches offer a command-line interface only. Hubs work at Layer 1, while switches work at Layer 2.
Hubs do not understand MAC addresses, while switches maintain a CAM address table. Hubs work at Layer 1, while switches work at Layer 2. Hubs are obsolete devices that work at the physical layer of the OSI model (Layer 1). When a frame arrives at a hub, it performs frame flooding. All the ports of a hub form a single collision domain. A switch works at the Data Link layer of the OSI model (Layer 2) and works with MAC addresses to identify a network device in the network. MAC addresses are stored in a Content Addressable Memory (CAM) table. When a new frame arrives at a switch, it is identified and kept in the CAM table for a short period of time. Hubs do not work with MAC addresses. They flood all frames to all ports. Hubs are not limited to four ports. There are hubs with 8, 16, and more ports. Hubs do not unicast packets. Hubs broadcast all messages and have no control over traffic. Switches work with MAC addresses and can unicast packets. Hubs are Layer 1 devices and cannot be managed using a web browser. Switches, on the other hand, can be accessed using the command-line interface, SNMP, and HTTP/HTTPS. Switches offer a lot of security features, such as DHCP snooping, ARP inspection, and port security.
A network administrator is concerned about ESD in a data center. Which monitor will the administrator MOST likely deploy to validate this concern? Flooding Power Temperature Humidity
Humidity The network administrator should deploy humidity monitors. As humidity drops in a data center, the air becomes dry. This increases the risk of electrostatic discharge (ESD). ESD can damage sensitive electronic components. The administrator should not deploy power monitors. Power monitoring may be used to ensure continuous operations or efficient electricity usage. The administrator should not deploy flooding monitors. Flooding monitors detect water pooling. The administrator should not deploy temperature monitors. Temperature monitors may be used to ensure equipment does not get too hot. Though temperature and humidity are related environmental factors, a humidity sensor is the best option for validating ESD concerns.
A company has its own comms rooms and an on-premises data center containing all its servers and network devices. A network engineer wants to add some cloud on-demand solutions to the existing infrastructure. Which cloud model should the company use? Hybrid Private CASB Public
Hybrid The company should use the hybrid cloud solution. A hybrid model combines on-premises infrastructure or a private cloud with a public cloud service. There are three main types of cloud delivery models: private, public, and hybrid. A private cloud is fully managed and owned by an enterprise. A public cloud solution is offered by cloud service providers. Finally, a hybrid model combines the features of the first two models. For example, the company could keep all sensitive applications inside the organization's network, while using some cloud applications and services. A hybrid model allows an organization to migrate gradually to the cloud. In many cases, there are special legal requirements that might slow down the process of migrating all data to the cloud. The company can consider using a hybrid model. A cloud access security broker (CASB) is not a cloud delivery mode. The company could use CASBs as a cloud security solution to enforce inline controls and policies.
Which mechanism monitors and manages virtual machine instances? Hypervisor vNIC VIP VLAN
Hypervisor A hypervisor manages virtual machine instances and is called a Virtual Machine Monitor (VMM). A hypervisor allows an administrator to deploy multiple virtual machines and control all virtualized hardware resources. There are two types of hypervisors: type 1 (bare-metal) and type 2 (hosted). A virtual IP address (VIP) does not manage virtual machines. A VIP is a virtual IP address for end devices, for example for load balancing purposes. A virtual network interface card (vNIC) does not manage virtual machines. An administrator creates a vNIC to deploy a virtual machine and connect it to the network. Virtual local area network (VLAN) is a concept of grouping network resources. A company could use VLANs to isolate virtual machines.
A company deploys a host as shown in the exhibit. The host needs to be configured with a static address. What values should be used to configure the host? To answer, drag the appropriate value to each configuration parameter. A value may be used once, more than once, or not at all.
IP Address: 192.168.4.57 Subnet Mask: 255.255.255.192 Default Gateway: 192.168.4.1 The company should use the following values:* IP Address: 192.168.4.57* Subnet Mask: 255.255.255.192* Default Gateway: 192.168.4.1The address 192.168.4.57 is a valid host address on the 192.168.4.0/26 subnet. Valid addresses range from 192.168.4.1 through 192.168.4.62. A subnet mask of 255.255.255.192 is equivalent to a Classless Inter-Domain Routing (CIDR) value of /26. The default gateway is the router interface facing the subnet, which is 192.168.4.1 in this scenario. 192.168.4.63 cannot be assigned to a host. This is the broadcast address for the 192.168.4.0/26 subnet. 192.168.4.101 should not be used. This is out of the bounds for the 192.168.4.0/26 subnet and would be part of a different subnet. 192.168.4.195 and 192.168.6.2 should not be used as the default gateway. Neither interface directly faces the subnet. 255.255.255.128 should not be used as the subnet mask. This would be equivalent to a CIDR value of /25. 255.255.255.224 should not be used as the subnet mask. This would be equivalent to a CIDR value of /27.
PC1 and PC2 are connected to a managed switch. PC1 uses port F0/5, which is in VLAN 7, and PC2 uses port F0/11, which is in VLAN 12. What is the minimum required configuration by a technician on PC1 and PC2 to exchange data? IP address and default gateway IP address, subnet mask, and default gateway IP address, subnet mask, default gateway, and MAC address IP address and subnet mask
IP address, subnet mask, and default gateway PC1 and PC2 should be configured with a valid IP address, subnet mask, and default gateway. An IP address and subnet mask are required for communication in the same VLAN. PC1 and PC2 are in two different VLANs, which means they need a dedicated default gateway. A VLAN is considered a subnet and requires a Layer 3 device (such as a router) to support routing. PC1 and PC2 should not be configured with a dedicated MAC address. MAC addresses are burned into a network interface card and do not have to be assigned manually. An IP address and default gateway are not enough. PC1 and PC2 need a subnet mask to identify both network and subnetwork ranges.
PC1 fails to receive an IP address in the network shown in the exhibit. What should be configured to fix the problem? DHCP option 66 on Router 2 DHCP option 66 on Router 1 Conditional forwarder on Router 2 IP helper address on Router 2 Conditional forwarder on Router 1 IP helper address on Router 1 Port forwarding on Router 1 Port forwarding on Router 2
IP helper address on Router 1 The company should configure an IP helper address on Router 1. An IP helper is also called DHCP relay. It forwards DHCP packets between a client and an external DHCP server. This configuration is required because PC1 and the DHCP server are not connected to the same network segment. Port forwarding will not fix the issue. DHCP messages are dropped by Router 1 and cannot be forwarded without a DHCP relay agent. Port forwarding is used to open ports on a router or firewall, for example for an internal email server. DHCP option 66 is used for specifying a Trivial File Transfer Protocol (TFTP) server. The company could use this feature for a Voice over IP (VoIP) network. A conditional forwarder cannot be used in this scenario. Conditional forwarders are configured on domain name system (DNS) servers to redirect traffic to other DNS servers.
A company wants to configure a site-to-site VPN link between two offices. Users in each office should have access to resources in the other office, including shared folders and network services. What type of VPN should the company use? PPTP VPN SSL VPN IPSec VPN TLS VPN
IPSec VPN The company should use an IPSec VPN. An IPSec VPN can be used for remote client connections and to create site-to-site VPN connections. An IPSec VPN creates a full WAN link between the sites, with the ability to access resources from either end of the connection. Resource access is limited based on permissions, not on technology support. The company should not use an SSL VPN or TLS VPN. In common usage, the term SSL VPN is used to describe both types of VPN connections. This type of VPN supports a connection over port 443, making it easy to implement for most network firewalls. This is the same port used for HTTPS connections. A significant limit is that access is limited to websites, web applications, and web-aware applications rather than providing support for full site-to-site connections. PPTP is an older remote access protocol and is no longer in common use. It can be used to create a VPN link, but this is not recommended, especially because of potential security issues.
A company has configured some services and applications using a PaaS platform. The network team wants to create a secure connection from an onsite router to the new platform. Which of the following would be the BEST protocol to implement? IPsec L2TP SSL/TLS PPTP
IPsec The network team should use Internet Protocol Security (IPsec). IPsec is an umbrella of protocols that the team can use to create a site-to-site virtual private network (VPN) between an on-site router and the Platform as a Service (PaaS) platform. Point-to-Point Tunneling Protocol (PPTP) should not be used because it has proven vulnerabilities. PPTP used to be deployed as a remote-access VPN solution. The team should use IPsec instead. Transport Layer Security (TLS) is not an optimal choice here. The team has to create a site-to-site VPN tunnel. There are no industry standards for site-to-site tunnels based on TLS/SSL. The team could use TLS to provide remote access VPN with certificates. IPsec is a better choice here. The company could use TLS to create a web portal for remote users and provide access to internal resources. Layer 2 Tunneling Protocol (L2TP) should not be used in this scenario, as it does not offer any encryption. L2TP can be combined with IPsec to provide a secure connection. L2TP/IPsec is a popular solution for remote access VPN. PaaS is one of the three main categories of cloud computing. It offers a framework to develop and customize applications.
A company contracts with a cloud provider. The cloud provider is responsible for virtualized hardware, storage, and network support. The company is responsible for installing, licensing, and maintaining the operating system and server applications. Which type of service does this describe? IaaS SECaaS SaaS PaaS
IaaS This is an example of infrastructure as a service (IaaS). This cloud provider manages and maintains the underlying infrastructure, including hardware, storage, and network infrastructure. The subscriber is responsible for installing and maintaining everything else, including the operating system and any applications. This is a service model that gives the subscriber complete control over its applications and services but without the expense of maintaining a hardware host platform. This is not an example of platform as a service (PaaS). PaaS is most often used as a development platform with most of the infrastructure and management requirements being the responsibility of the cloud provider. The subscriber provides the development platform and its own data. Everything else is provided by the cloud provider, including hardware, operating system, storage, access to APIs, and runtime environment. This is not an example of software as a service (SaaS). SaaS refers to a subscription application service. The subscriber has access to the application, and all management is the responsibility of the cloud provider. Common examples include customer resource management (CRM) applications, productivity applications, and file storage and sharing applications. This is not an example of security as a service (SECaaS). SECaaS is an arrangement in which a security company is contracted to provide security support. Services provided can vary, but they typically include antimalware and updates, authentication, intrusion detection, and security event management.
What is the first step when troubleshooting a network problem? Identify the problem. Establish a probable cause theory. Establish a plan of action. Change the most obvious potential cause.
Identify the problem. The first thing you should do is identify the problem. This starts by gathering as much information as you can about the problem, such as problem symptoms and recent changes. You would also talk to users to get their input about the problem. You need as much information about what is wrong before you can start trying to determine how to fix it. A systematic troubleshooting methodology typically includes the following steps: Identify the problem (gather information, duplicate the problem if possible, question users, identify symptoms, determine if anything has changed, approach multiple problems individually). Establish a theory of probable cause (question the obvious, consider multiple approaches). Test the theory to determine cause (Once theory is confirmed determine next steps to resolve problem; if theory is not confirmed, establish new theory or escalate). Establish a plan of action to resolve the problem and identify potential effects. Implement the solution or escalate as necessary. Verify full system functionality and if applicable implement preventative measures. Document findings, actions, and outcomes. You cannot develop any theories about the probable cause until after you have gathered what information you can about the problem. You should not establish a plan of action unless you have developed a theory about the probable cause and tested your theory. You should not make any changes unless you have established a theory of the cause and developed a plan of action.
At what point in a troubleshooting methodology is it appropriate to escalate a problem? (Choose TWO.) If it is determined that preventive measures are appropriate If the technician is unable to confirm a theory and unable to establish a new theory If the problem results in downtime If the information gathered indicates multiple possible theories If no appropriate solution is available
If the technician is unable to confirm a theory and unable to establish a new theory If no appropriate solution is available It is appropriate to escalate a problem if the technician is unable to confirm a theory and unable to establish a new theory or if no appropriate solution is available. Either of these situations indicates that the person troubleshooting the problem is unable to make any further progress. A problem should be escalated when either of these situation occurs. A systematic troubleshooting methodology typically includes the following steps: Identify the problem (gather information, duplicate the problem if possible, question users, identify symptoms, determine if anything has changed, approach multiple problems individually). Establish a theory of probable cause (question the obvious, consider multiple approaches). Test the theory to determine cause (Once theory is confirmed determine next steps to resolve problem; if theory is not confirmed, establish new theory or escalate). Establish a plan of action to resolve the problem and identify potential effects. Implement the solution or escalate as necessary. Verify full system functionality and if applicable implement preventative measures. Document findings, actions, and outcomes. It is common to find that preventive measures are appropriate after resolving a problem, so there is no reason to escalate a problem because preventive measures are applicable. If the information gathered indicates multiple possible theories, it is the service technician's responsibility to test the theories and determine which is the correct, or at least best, theory. This does not justify escalation. Many types of problems can result in downtime, including problems that can be fixed relatively quickly and easily. Downtime, in itself, does not justify escalation.
During a DDoS attack, a technician is unable to access a critical router. What should the technician do to prevent this issue in the future? Place the router in a screened subnet. Require multifactor authentication. Deploy an IDS on the router network. Implement out-of-band management.
Implement out-of-band management. The technician should implement out-of-band management. Out-of-band management uses isolated networks and connectivity options to manage network nodes. This is done to increase security as well as availability in the event the primary network fails. In this scenario, the Distributed Denial-of-Service (DDoS) attack is likely flooding the network, making the router unreachable. If it existed, the technician could use the isolated out-of-band network to manage the router. The technician should not place the router in a screened subnet as this will not mitigate the DDoS attack. A screened subnet, also known as a demilitarized zone (DMZ), is used to host Internet-accessible servers on a protected network that is separate from the production Local Area Network (LAN). The technician should not require multifactor authentication. In this scenario, multifactor authentication will not reduce the impact of the DDoS attack. Multifactor authentication requires at least two different authentication factors for successful authentication. Authentication factors can be something you know, something you have, or something you are. The technician should not deploy an Intrusion Detection System (IDS) on the router network. An IDS is designed to detect and alert on suspicious behavior. However, it will not prevent a DDoS.
A network administrator implements a change on a switch to fix a network issue. According to the troubleshooting methodology, what should the network administrator do next? Implement preventative measures. Identify potential effects of the change. Document all findings in a final report. Duplicate the problem, if possible in a lab environment.
Implement preventative measures. The network administrator should implement preventative measures, as defined in step 6 of the Structured Troubleshooting Methodology. The solution has been implemented successfully (step 5), and the issue should now be fixed. Step 6 specifies verifying the network functionality and recommends implementing preventative measures. There are seven steps in the Structured Troubleshooting Methodology: Identify the problem. Establish a theory of probable cause. Test the theory to determine the cause. Establish a plan of action to resolve the problem and identify potential effects. Implement the solution or escalate as necessary. Verify full system functionality and, if applicable, implement preventative measures. Document findings, actions, and outcomes. The technician should not document all findings until the last step (step 7). At this stage, the network administrator should focus on verifying that the issue is gone and implement proactive solutions. The issue has been fixed, so there is no need to duplicate the problem. Duplicating and troubleshooting an issue would be done in one of the previous steps. The potential effects are evaluated in step 4. The network administrator should have a back-out plan in case the solution causes any disruptions to users or network devices.
A network consultant determines that a company can improve its performance by implementing jumbo frames. The network is configured with 10/100/1000 switches, and all hosts are configured with Gigabit Ethernet network adapters. The network is wired with Cat 5e UTP cable. What must the company do to support jumbo frames? Configure each switchport in dynamic auto mode. Enable STP on all switches. Increase the MTU to 9000. Replace the cable with Cat 6 UTP cable.
Increase the MTU to 9000. The company should increase the maximum transmission unit (MTU) to 9000 on all network devices. The default MTU, and therefore the default maximum frame size, on an Ethernet network is 1500 bytes. Jumbo frames can have a maximum size of up to 9000 bytes. The MTU needs to be increased on all network devices. Mixed MTU values can degrade network performance. The company should not replace the cable with Cat 6 UTP cable. Jumbo frame support requires, at a minimum, gigabit network adapters (1000BaseT), which is supported by the existing Cat 5e cable. If the cable did not support the traffic, you would expect to already have communication errors and performance problems. There is no reason to enable spanning tree protocol (STP) to support jumbo frames. STP is not related to frame size. STP is designed to prevent transmission loops from being created when a network has multiple switches. The company should not configure each switchport in dynamic auto mode. Dynamic auto mode means that a port can be used to create a trunk connection with another port. Trunk connections are used to make connections between switches. Enabling dynamic auto mode on each switchport puts the network at greater risk of attack. A rogue switch could be used to create a trunk connection, giving the attacker access to all VLANs.
Which of the following is the primary benefit of moving a datacenter to the cloud? Reduced reliance on redundant Internet connections Increased elasticity in response to seasonal workload Reduced costs associated with patch management Increased security of stored and transmitted data
Increased elasticity in response to seasonal workload Moving a datacenter to the cloud will increase elasticity in response to seasonal workload. As it relates to IT infrastructure resources, elasticity is the ability to expand or reduce allocated resources based on compute and storage requirements. For example, an e-commerce site could scale out its web server farm during busy shopping times or seasons. Moving a datacenter to the cloud does not necessarily increase the security of stored and transmitted data. As the amount of data crossing the Internet will likely increase due to on-premises users accessing resources that have been relocated to the cloud, it is likely that security for transmitted data will decrease. Moving a datacenter to the cloud will not reduce costs associated with patch management. While cloud service providers (CSPs) are responsible for the management and maintenance of the underlying infrastructure, users are responsible for managing and maintaining the operating systems, applications, and services they have deployed in the cloud. Moving a datacenter to the cloud will not reduce reliance on redundant Internet connections. As on-premises users will access resources relocated to the cloud, redundant Internet connections may be even more critical for ongoing operations.
Which type of backup takes the least time and uses the least amount of disk space? Incremental Differential Full Copy
Incremental An incremental backup takes the least time and uses the least amount of disk space. The typical backup sequence starts with a full backup. This also resets the bit that identifies a file as changed and needing backup. When an incremental backup is run, it backs up only those files changed (or added) since the full backup. When the next incremental backup is run, it backs up only those files changed since the previous incremental backup, and so on. Disk recovery requires recovery from the full backup and then each incremental backup in the order in which they were made. A full backup backs up all files when it runs, so it is the most time consuming and, as a single backup, requires the most disk space. A differential backup backs up all data changed since the last full backup. That means that each subsequent differential backup takes longer and uses more space that the one before. Disk recovery requires recovery from the full backup and the most recent differential backup. A copy backup is similar to a full backup in that it backs up all files, changed or not, but it does not reset the flag identifying a file as changed, so it does not interrupt a backup sequence.
An attacker posing as a janitor manages to access a storage cabinet where sensitive printed documents are kept. Which physical preventative control should the organization implement to address this risk? Install alarms on all doors leading to the storage cabinet. Install a locked cabinet that limits access to the documents. Install surveillance cameras throughout the storage area. Define a policy that forbids unauthorized access to the cabinet.
Install a locked cabinet that limits access to the documents. The organization should install a locked cabinet that limits access to the documents. A control's function defines what the control does, and includes detective, corrective, and preventative features, among others. A physical preventative control is a physical component, such as a lock, a wall, or a fence, that prevents access to a secure location. The organization should not install surveillance cameras throughout the storage area. Cameras are physical detective controls. The organization should not define a policy that forbids unauthorized access to the storage cabinet. Such a policy is an administrative preventative control, not a physical control. The organization should not install alarms on all doors leading to the storage cabinet. Alarms are physical detective controls.
Users connect to a network using wireless laptops and report intermittent access issues with a NAS server. The access point and the NAS server are connected to a switch using a 100 Mbps link. The status of the access point is shown in the exhibit. What should the support team do to fix the connectivity issue? Install more access points. Change the IEEE mode to 802.11n. Change security to WPA2-AES. Enable SSID isolation.
Install more access points. The support team should install more access points. The exhibit shows 125 connected clients. Access points support hundreds of concurrent associated devices, but it is not a recommended approach to have that many. In this case, 125 users will probably exceed the bandwidth that the access point can provide. This phenomenon is called overcapacity. There is no clear indication how many clients can be connected to a single access point, but most network engineers limit this number to 30-50 clients. Changing the security settings is not going to fix the issue. Although the access point uses an insecure legacy protocol Wi-Fi Protected Access (WPA) with Temporal Key Integrity Protocol (TKIP), changing it to WPA2-AES will not increase the available bandwidth. WPA2-AES will improve the security of the wireless network. The access point uses the IEEE 802.11ac Wave 1 standard, which supports gigabit speeds. The 802.11n standard is slower and offers the maximum data rate of 450 Mbps. Changing to 802.11n will decrease wireless performance. SSID isolation cannot fix the problem. The team could use the SSID isolation feature to prevent wireless clients from accessing resources on the local area network or other wireless clients.
What is the role of an MIB when implementing SNMP for network management? It is the software package installed on each managed client. It is a collection of manageable device definitions that identifies device property information. It is a server configured to collect device information and issue command requests. It provides the method for authentication and encryption of messages used for device management.
It is a collection of manageable device definitions that identifies device property information. A management information base (MIB) is a database of device definitions. The MIB contains information about device properties necessary for device management. Simple Network Management Protocol (SNMP) uses the MIB for device-specific management information. MIB files are available for various sources, including device manufacturers, to facilitate network management. The device configured to collect device information and issue command requests is known as the Network management station (NMS). The NMS uses GetRequest messages to retrieve information from managed devices and SetRequest messages to issue changes to properties and variables to manage devices. The software installed on managed devices is known as the SNMP agent. For many devices, the SNMP agent is installed by default. Transport Security Model (TSM) provides the method for authentication and encryption of messages used for device management. The TSM specification supports SSH and TLS for encrypted communication.
A user reports their VoIP calls seem choppy. A network administrator is concerned congestion may be causing variation in packet delays. What should the administrator monitor to confirm this concern? Duplex CRC errors Latency Jitter
Jitter If the network administrator is concerned congestion may be causing variation in packet delays, they should monitor jitter. Jitter aims to quantify the variation in timings for packet arrival. In Voice over IP (VoIP) calls on a high-performing network, packet delivery should be relatively smooth, with packets arriving in order at a similar rate. While some jitter is expected, values over 15 milliseconds may be a concern for VoIP calls. Latency measures how long it takes for data to travel from source to destination. Like jitter, high latencies can cause issues for some applications, like VoIP. In essence, latency measures network delay and jitter measures the variations in latency. In networks, duplex settings control whether a node can send and receive simultaneously. In half-duplex mode, a node cannot send and receive simultaneously. In full-duplex mode, a node can do both at the same time. Typically, a node can only be configured for full-duplex if directly connected to a switch port. When a frame is transmitted, a cyclic redundancy check (CRC) function runs, and the resulting value is added to the frame. When the frame is received, the same function runs. If the frame has been changed, the values will not match and a CRC error will be logged.
Which network device uses ASICs to handle the packet switching for inter-VLAN communication? L2 switch L3 switch L4 router L7 firewall
L3 switch An L3 switch uses an application-specific integrated circuit (ASIC) to perform packet-switching operations. Routers and firewalls perform routing in software. The Network layer (Layer 3) is responsible for addressing, packet-forwarding, and routing services. The Data Link layer (Layer 2) encapsulates packets into network frames and works with physical addresses (MAC addresses) in a local area network (LAN). Switches can work at layer 2 and layer 3 at the same time to provide efficient inter-VLAN routing. Virtual Local Area Networks (VLANs) are logical subnetworks that can be created on a switch. A Layer 3 device (for example a router, L3 switch, or firewall) is required for inter-vlan communication. By default, all traffic between VLANs will be allowed. A network administrator can create an access control list (ACL) to deny data flows. An L2 switch works at the Data Link Layer of the OSI model (Layer 2) and does not offer routing capabilities. L4 routers and firewalls offer inter-VLAN routing, but they do not use ASICs to handle the packet switching.
The connection between an access and distribution is over utilized. Which should a network engineer use to increase bandwidth between the switches? LACP 802.11ax Flow control CDMA
LACP Link Aggregation Control Protocol (LACP) can be used to increase bandwidth between the switches. LACP aggregates two or more Ethernet interfaces. This allows the interfaces to operate as a single virtual interface, which increases throughput and enhances availability. In this scenario, LACP must be configured on both switches and the same number of ports must be added to the LACP channel on both ends. If two 1Gbps interfaces are configured with LACP, the effective bandwidth should be close to 2Gbps. 802.11ax is a wireless networking standard. Also known as Wi-Fi 6, 802.11ax offers over 3Gbps per stream and works well in dense environments. It is not used to increase bandwidth between switches. Code Division Multiple Access (CDMA) is a cellular technology used on 2G and 3G cellular networks. It is not used to increase bandwidth between switches. Flow control can be used to manage data transfer rates between switches. However, it is not used to increase bandwidth between switches.
Which protocol is an open, vendor-neutral standard protocol for accessing and maintaining directory services? SNMP IMAP LDAP SMTP
LDAP Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral standard protocol for accessing and maintaining directory services. LDAP can be used to locate organizations and resources in a directory services network and supports several operations used for maintaining the directory database. A common use of LDAP is user object management. Because LDAP is vendor-neutral, it is not limited to any directory services implementation, such as Microsoft's Active Directory Domain Services (AD DS). Simple Network Management Protocol (SNMP) is an industry-standard protocol used to collect information about and manage network devices. Its use is specific to devices, not directory services. Simple Mail Transfer Protocol (SMTP) and Internet Message Access Protocol (IMAP) are both industry-standard protocols that support email. SMTP is used for clients to send email messages to mail servers and to transfer messages between servers. IMAP is used by clients to retrieve email messages from mail servers.
A medium-sized company is moving into a new office space. The office is being prewired with Cat 6 cabling. Employees will be moving their own equipment and will need to connect into the network. Technical Services wants to help ensure that the move goes as smoothly as possible. What should Technical Services use to ensure this? Logical network diagram Work instructions Labeling Physical network diagram
Labeling Technical Services should use labeling to help ensure that the move goes smoothly. Each cable should be clearly labeled as to the device that should be connected at that point. This will enable employees with little or no technical experience to connect their own devices. Technical Services should not prepare a logical or physical network diagram for this purpose, although both are recommended as ways to document the network. A logical network diagram shows network hierarchies, server roles, naming conventions, and so forth. A physical network diagram shows the servers and network devices on a network and their relative locations. Neither has the information that employees would need to correctly connect their devices. Technical Services should not provide work instructions. Work instructions provide the information needed to perform a task. It would not include information about cable and device locations.
A company wants to connect a remote office using a satellite internet service. What should be the main concern for this deployment? Latency Attenuation Compatibility Availability of the service
Latency Latency is the main drawback of a satellite internet service. Latency is described as the amount of delay that occurs in a data transmission. A satellite-based internet service uses satellites, which are thousands of miles away, so there is no easy solution to latency in this type of service. The main advantage of a satellite internet connection is availability. It is a solution that can be easily deployed in rural areas, even in areas with limited cellular coverage. Attenuation is not related to a satellite service. Attenuation means a reduction in the strength of a signal in a fiber optic cable. A company could use an optical time domain reflectometer (OTDR) to calculate fiber attenuation. Compatibility is not a problem in this deployment. A technician would install all equipment and a special modem, which offers wireless and wired connectivity options for end users.
Which layer of the OSI model are web browsers and email clients implemented at? Layer 6 Layer 4 Layer 7 Layer 5
Layer 7 Web browsers and email clients are implemented at Layer 7, the Application layer, of the OSI model. This includes the protocols supporting these functions, including HTTP, HTTPS, POP3, and SMTP. High-level functions are implemented at this layer, such as remote file and printer access, resource sharing, and virtual terminals. Layer 6 is the Presentation layer. The Presentation layer handles character code translation, such as EBCDIC to ASCII, data compression, and data encryption. Layer 5 is the Session layer. The Session layer establishes, manages, and terminates communication sessions. It manages the dialog between two hosts. Layer 4 is the Transport layer. The Transport layer is responsible for error-free message delivery and message sequencing. The Transport layer divides messages into segments for delivery and re-assembles messages on receipt.
In a two-tier datacenter network, servers are connected to which type of switch? Leaf Distribution Spine Core
Leaf In a two-tier datacenter network, servers are connected to leaf switches. Two-tier datacenter networks use spine and leaf switches to provide low-latency, high-throughput connectivity. Spine switches are mesh connected to leaf switches and servers, storage devices, and other datacenter endpoints connect directly to leaf switches. In multi-tier architectures, servers do not connect directly to the core. Instead, they connect to top-of-rack or leaf switches. Spine and distribution switches connect to the core. In a two-tier datacenter network, spine switches aggregate leaf switch connections. Each leaf switch is typically connected to all spine switches. Distribution switches are part of a three-tier network architecture. Access switches connect to distribution switches, which in turn connect to the core.
Which device would be used to distribute user requests across all servers in a farm? Proxy server DNS server Load balancer Firewall
Load balancer A load balancer is used to distribute user requests across all servers in a farm. Load balancers use one of several algorithms for distributing loads across multiple servers. For example, a simple load balancer alternates between two servers by sending one request to the first server and sending the next request to the second server. Load balancers can also facilitate redundancy by only sending requests to live servers. A proxy server is not used to distribute user requests across all servers in a farm. A proxy server acts as an intermediary between a client and a server and makes requests on behalf of clients such that the requests appear to come from the proxy itself. A Domain Name System (DNS) server is not used to distribute user requests across all servers in a farm. A DNS server resolves hostnames to IP addresses. A firewall is not used to distribute user requests across all servers in a farm. A firewall is a security device which uses rules and built-in logic to examine requests and allow or deny packets.
A systems administrator cannot ping a file server running Windows Server. Users can access files on the server without any problems. What should the administrator check? TCP/IP settings NTFS permissions ARP cache Local firewall rules
Local firewall rules The administrator should check local firewall rules. Many servers and network devices block Internet Control Message Protocol (ICMP) packets for security reasons. The administrator should open a local firewall on the server and verify all settings. He should create a new inbound rule and allow ICMP packets. The ping command uses ICMP to verify host reachability. ICMP is a control protocol that can report a number of errors, for example destination unreachable, time exceeded, and more. It is unlikely that the problem is with TCP/IP settings, because users can access files on the server. New Technology File System (NTFS) permissions are granted to a group or a particular user. NTFS permissions apply to file and folder access rights. NTFS does not block ICMP packets. It is unlikely the problem is with the Address Resolution Protocol (ARP) cache. Users can access files on the server, which suggests that there is no connectivity problem. ARP maps an IP address to a physical media access control (MAC) address in a local area network.
One of a company's office areas is shown in the exhibit. The shaded area shows where devices can get a reliable connection with the access point (AP). Devices in the unshaded area are either unable to connect to the AP or have a weak connection. The company plans to deploy a wireless range extender. The possible locations (A, B, C and D) are shown in the answer area. Where should the company deploy the wireless range extender? Click to indicate the BEST location for the device. Refer to picture
Location B The wireless range extender should be deployed at location B. The device acts as a wireless repeater, rebroadcasting the signals it receives. The device must be in the broadcast range of the AP and as close as possible to the devices it needs to connect to. In this scenario, B is the location that better fulfills these requirements. The wireless range extender should not be deployed at location A or D. Because these locations are so near the AP, it would provide little, if any, improvement. The wireless range extender should not be deployed at location C or E. These locations are outside of the broadcast range of the AP and would do nothing to improve support for the devices.
A company is changing its network design as shown in the exhibit. The company plans to deploy a web server and a honeypot in the DMZ. Which two documents does the company need to update? (Select TWO.) Logical network diagram Physical network diagram Change management document Rack diagram Standard operating procedure
Logical network diagram Physical network diagram The company should update the logical and physical network diagrams. A logical network diagram shows network hierarchies, server roles, naming conventions, and so forth. A physical network diagram shows the servers and network devices on a network and their relative locations. The proposed changes impact both diagrams. The company should not update a rack diagram. A rack diagram does not apply in this scenario. A rack diagram is a two-dimensional representation of organization of equipment in a rack enclosure. Standard operating procedure (SOP) does not apply in this scenario. An SOP is step-by-step instructions to help workers complete a complex task. A chaThe company should update the logical and physical network diagrams. A logical network diagram shows network hierarchies, server roles, naming conventions, and so forth. A physical network diagram shows the servers and network devices on a network and their relative locations. The proposed changes impact both diagrams. The company should not update a rack diagram. A rack diagram does not apply in this scenario. A rack diagram is a two-dimensional representation of organization of equipment in a rack enclosure. Standard operating procedure (SOP) does not apply in this scenario. An SOP is step-by-step instructions to help workers complete a complex task. A change management document does not apply in this scenario. A change management document gives the guidelines for proposing, implementing, and tracking changes to the network.nge management document does not apply in this scenario. A change management document gives the guidelines for proposing, implementing, and tracking changes to the network.
A company has offices on several floors of a building. All connections to external public lines come in through a central area and are routed to distribution points on each floor. The distribution points on each floor connect to the internal network. Where is the cabling and equipment for the central area documented in detail? IDF documentation Physical network diagram MDF documentation Logical network diagram
MDF documentation The area described is referred to as the main distribution frame (MDF). This is a cable rack with the external telecommunication wiring. This is documented in the MDF documentation. The distribution points on each floor are intermediate distribution frames (IDFs). This is where the connection is made between the MDF and the internal network and is documented in the IDF documentation. This does not describe a logical or physical network diagram. A logical network diagram shows network hierarchies, server roles, naming conventions, and so forth. A physical network diagram shows the servers and network devices on a network and their relative locations. Neither provides the detailed documentation described.
A company is developing its business continuity and disaster recovery plans. The company needs to determine the reliability of a critical network device. Continuity plans will depend on how frequent the device is likely to fail. Which value should be used to determine this? MTTR MTBF RPO RTO
MTBF The mean time between failure (MTBF) is the value to use to project how often you can expect a device to fail. This defines how long the device should be operational before it fails. This value is usually available from the manufacturer's specification sheets. The team should not use the mean time to repair (MTTR) value. This is the typical time it takes to repair a device after a failure occurs, but it does not imply how often failure occurs. The team should not use the recovery time objective (RTO). This is the maximum time to return a critical device to operation before serious consequences occur. The team should not use the recovery point objective (RPO). This determines the maximum time of data loss allowable, or the point to which data must be recovered to restore operations.
An organization plans a new 802.11 deployment. The organization wants to maximize performance by allowing simultaneous communication streams between clients and WAPs. Which should the organization deploy? FHRP MU-MIMO GSM LACP
MU-MIMO The organization should deploy Multiuser - Multiple Input, Multiple Output (MU-MIMO). MU-MIMO allows a Wireless Access Point (WAP) to communicate simultaneously with multiple users, using multiple communication streams per user. For example, a WAP could simultaneously send and receive data with three users using the same airspace. This significantly increases network throughput and allows each WAP to support more users. MU-MIMO was introduced in the 802.11ac wireless specification and has been enhanced in the 802.11ax specification. Link Aggregation Control Protocol (LACP) is used on Ethernet networks to aggregate interfaces. This allows the interfaces to operate as a single virtual interface, which increases throughput and enhances availability. LACP is not used in wireless networks. First Hop Redundancy Protocol (FHRP) allows a cluster of two or more routers to share a single virtual IP address. FHRP is not used in wireless networks. Global System for Mobile Communications (GSM) is a cellular technology used on 2G and 3G cellular networks. GSM is not used in 802.11 deployments.
A network engineer must ensure internet-based SMTP servers can locate their organization's SMTP servers. Which record should the engineer create on a public DNS server? PTR MX SRV TXT
MX The engineer should create a mail exchanger (MX) record for the organization's Simple Mail Transfer Protocol (SMTP) servers. When an SMTP server has an email addressed to an organization, the server performs an MX record lookup to determine the name or names of the destination organization's SMTP servers. These names can in turn be matched to Internet Protocol (IP) addresses using address (A) records which the server can use to initiate an SMTP session. Service (SRV) records are not used to locate SMTP servers. SRV records are used to facilitate services such as voice over IP (VoIP). SRV records map services to ports. Text (TXT) records are not used to locate SMTP servers. TXT records can hold human readable text for a variety of purposes. Protocols like Sender of Policy Framework (SPF) use TXT records to combat email SPAM. Pointer (PTR) records are not used to locate SMTP servers. PTR records map IP addresses to hostnames. PTR records facilitate reverse lookups, which resolve IP addresses to hostnames.
A company subscribes to connect all of its offices to the local MAN. The MAN uses a single-mode fiber backbone. The company needs to connect its offices to the backbone. Each office has a wired router with a firewall, a 10/100/1000 switch, and is wired with UTP cable. Each office also has a wireless access point connected to the switch. Which device should the company use to connect to the MAN? Multilayer switch VPN concentrator CSU/DSU Media converter
Media converter The company should use a media converter to connect to the metropolitan area network (MAN). MAN is a network that spans a city and provides high-speed communication. A MAN is typically wired with fiber optic cable. A media converter makes the connection between the office and the MAN. The media converter converts between fiber optic and copper cable and performs additional necessary functions such as matching transmission speeds. A VPN concentrator would not be used to connect to the MAN fiber optic cable. A VPN concentrator is used to create multiple VPN connections and is typically used when configuring secure site-to-site connections. A Channel Service Unit/Data Service Unit (CSU/DSU) is not used to make connections to fiber optic lines. It is used to connect digital signals from a LAN to an analog carrier, such as a T1 line. A multilayer switch would not be used to make the connection to the MAN. A multilayer switch is part of the internal network infrastructure.
A company wants to connect devices so that there are many redundant interconnections. Which topology should the company use? Bus Star Mesh Ad-hoc
Mesh The company should use a mesh topology. In a mesh topology each node in the network is connected to all the other nodes with a dedicated link. This kind of network offers full redundancy and is commonly used for high-availability sites and services. A full mesh topology is expensive to deploy, because all nodes have to be directly interconnected. Instead of a full mesh, the company could consider a partial mesh, which connects most of the nodes and is cheaper to maintain. The company should not use a star topology. A star topology is based on a central device, such as a switch or a hub. All network nodes are connected to a central point. It does not offer full redundancy like a mesh topology. A bus topology does not offer any level of redundancy, because all nodes are connected to the same backbone. If the backbone fails, the whole network goes down. An ad-hoc network is a wireless topology called computer-to-computer. In an ad-hoc connection, two devices can exchange data directly rather than using a wireless access point (WAP).
Which statement describes a primary benefit provided by multifactor authentication? Federated authentication Mitigation of phishing attacks Protection of data in motion Required use of biometrics
Mitigation of phishing attacks Multifactor authentication can help reduce the impact from successful phishing attacks. Multifactor authentication requires at least two different authentication factors for successful authentication. Authentication factors can be something you know, something you have, or something you are. Multifactor authentication mitigates phishing and other social engineering attacks that successfully compromise a user's password, as the attack will be unable to provide a second factor. Multifactor authentication does not protect data in motion. Data in motion can be protected using transport encryption protocols such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec). Multifactor authentication does not necessarily facilitate federated authentication. In federated authentication, trusted partner organizations are allowed to authenticate user access to an organization's resources. For example, a shopping site may allow a user to authenticate using their Google account. Multifactor authentication does not require the use of biometrics. Multifactor authentication requires two or more authentication factors, and many multifactor authentication systems utilize something you have and something you know as factors.
A consultant is setting up a SOHO network for a customer. The customer's local cable TV provider will be the network ISP. Which device should be used to connect to the cable signal? Media converter Modem Switch Bridge
Modem The consultant should use a modem. Modems are used when connecting and sending signals over dial-up telephone lines, cable, or satellite link. A typical configuration is to then connect to a wireless router which would also act as an access point for wireless devices. The consultant should not use a media converter. A media converter converts between fiber optic and copper cable and performs additional necessary functions such as matching transmission speeds. The consultant should not use a bridge. A bridge is used when connecting network segments. A bridge is often used when connecting different media types, such as connecting a coax segment to a twisted pair segment. The connected segments are still part of the same broadcast domain, which is the propagation boundary for broadcast transmissions. A bridge creates two collision domains. A collision domain is a network segment on which Ethernet traffic from different devices might collide. The consultant should not use a switch. A switch is used to connect network devices to the network infrastructure. A switch does not support direct connection to cable. Each port of a switch is its own collision domain; that is, the device connected to the port does not compete with other devices. Each VLAN configured on a switch is a separate broadcast domain. A Small Office/Home Office (SOHO) network is deployed for a small office with a few employees or a home environment.
An office area is prewired with Cat 5e cable. Technicians need to test cable continuity. Cable terminate at a 110 block in a secure server room. RJ-45 jacks are installed at the device end of each cable. One technician will go from jack to jack with a loopback plug. What should the technician working in the server room use? Multimeter Spectrum analyzer Tone generator Punchdown tool
Multimeter The technician in the server room should use a multimeter. When the technician connects a loopback plug at the jack, it connects the send and receive pairs to complete a circuit. A technician can use a multimeter to connect to pins on the punchdown block to test the circuit. Most digital multimeters include a continuity test setting that generates an audible tone if a circuit passes the test. The technician should not use a tone generator. A tone generator can be used for continuity testing, but it is not used with a loopback plug. Testing would require a tone generator at one end and a headset or speaker to hear the tone at the other end. The technician should not use a spectrum analyzer. A spectrum analyzer is used for radio frequency (RF) analysis, not for testing wired connections. You would use this device to identify signals that might interfere with wireless LAN (WLAN) communications and help identify the best channel to use, for example. The technician would not use a punchdown tool. A punchdown tool is used for connecting wires to a patch panel and does not have a role in testing. It would be needed if a cable needs to be reconnected or replaced.
Which two are benefits of mesh-connected distribution routers? (Select TWO.) NIC teaming Multipathing Simplified routing Bridging Load balancing
Multipathing Load balancing Multipathing, or multipath routing, and load balancing are benefits of mesh-connected distribution routers. In a three-tier network architecture, distribution routers sit between edge or access routers and the network core. To increase availability and performance, distribution routers are often connected to the core and to each other to form a mesh. In the event a connection is unavailable or congested, routers can utilize alternative paths for communications. Network interface card (NIC) teaming is not a benefit of mesh-connected distribution routers. NIC teaming allows multiple NICs to be combined to increase throughput and availability. Bridging is not a benefit of mesh-connected distribution routers. Bridging is commonly used to connect different types of networks. Simplified routing is not a benefit of mesh-connected distribution routers. Due to the increase in path diversity, routing configuration becomes more complex. In many cases, dynamic routing protocols are deployed to automate the mesh network configuration.
A team with members from two companies is designing a new product. All members of the project team sign a legally binding document that details what they may and may not discuss outside the project team. What is this an example of? NDA DLP AUP SLA
NDA This is an example of a non-disclosure agreement (NDA). An NDA is a legally binding document between two or more parties regarding the restricting or release of confidential material, knowledge, or other information. This is a way of protecting trade secrets and non-public information about a business. This is not an example of a service level agreement (SLA). An SLA is an agreement between an organization and its customers defining minimum expectations for services provided. This includes issues such as maximum downtime and service availability. This is not an example of an acceptable use policy (AUP). An AUP provides guidelines for the appropriate use of company resources. It often also identifies specifically disallowed uses. This is not an example of a data loss prevention (DLP) policy. A DLP policy is a way of protecting data through strategies implemented through access rights and specialized DLP software. DLP is designed to prevent unauthorized release, deletion, or modification of data.
The network technical team needs to configure two network connections working in parallel between a server and a switch to improve available bandwidth. The switch is already configured to support the communication. What should the team configure on the server? Load balancing Clustering NIC teaming Port aggregation
NIC teaming The team should configure NIC teaming on the server. NIC teaming configures two or more network adapters to work in parallel. This provides for improved bandwidth, load balancing between the adapters, and fault tolerance should one of the adapters fail. The team should not configure port aggregation. This is configured at the switch side of the connection, causing two switch ports to work in parallel. The scenario states that the switch side of the connection is already configured, so port aggregation has been configured. The team should not configure load balancing. This is not a feature that would be directly configured on the server, but which would be implemented at some level because of NIC teaming. Load balancing is used to distribute traffic between two or more servers or devices. Clustering would not be configured on a single server. Clustering is configured on a team of multiple servers, enabling a server to take over should a server in the cluster fail.
Which protocol provides time synchronization service over the global Internet? ICMP SNMP IPAM NTP
NTP Network Time Protocol (NTP) is a clock synchronization protocol that provides synchronization services over the internet. Time synchronization is based on Coordinated Universal Time (UTC) and is designed to allow no more than a few milliseconds variance between computers subscribing to the service. IP address management (IPAM) is not related to time synchronization. IPAM supports tracking and information associated with a network's IP address space. It can provide detailed information such as subnets in use, free IP address space, and host names associated with IP addresses. Simple Network Management Protocol (SNMP) is used to monitor and manage network devices. It is not a time synchronization service. SNMP lets you collect information about network devices in a multivendor environment and issue configuration commands. Internet Control Message Protocol (ICMP) is not a time synchronization protocol. It is a messaging protocol used for error reporting, troubleshooting, and diagnostics. ICMP is used by various commands, such as ping and tracert (traceroute), and it can also be used by the nmap command when attempting to map a network.
To monitor network availability, a network technician needs to produce traffic statistics like those shown below. Which tool or technology will the technician MOST likely deploy? IP packet size distribution (46255 total packets):1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608.000 .009 .000 .002 .000 .000 .000 .003 .000 .000 .000 .000 .000 .000 .000 .002 .000 .000 .008 .931 .000 .000 .000 .000 .000 .000 tcpdump syslog Stateful firewall NetFlow
NetFlow The technician will most likely deploy NetFlow. NetFlow is a network protocol that is used to capture packets and analyze traffic statistics on network nodes. In most NetFlow implementations, network devices are configured with the Internet Protocol (IP) address of a NetFlow collector, which is a dedicated system that collects NetFlow data. The NetFlow collector may have advanced analytical, reporting, and alerting functionality. The example in the stem shows NetFlow data captured by a router. The technician will not use tcpdump. tcpdump is a popular, command-line protocol analyzer used on *nix operating systems. The technician will not use a stateful firewall. Stateful firewalls offer traditional packet filtering capabilities, but they can also track session states, meaning they track the entire conversation between two nodes. The technician will not use syslog. Syslog is used to send status, diagnostic, and event information from network nodes to a centralized server.
Which layer of the OSI model do routers operate at? Transport Data Link Network Session
Network Routers operate at the Network layer (Layer 3) of the OSI model. The network layer manages host IP addresses and maps IP addresses to physical Media Access Control (MAC) addresses. Routers are responsible for directing traffic between subnets and provide the boundary between subnets. The Data Link layer (Layer 2) is where physical addressing is managed through MAC addresses. It is also responsible for establishing and ending links between hosts and managing data frames. The Transport layer (Layer 4) is responsible for error-free message delivery and message sequencing. The Transport layer divides messages into segments for delivery and reassembles messages on receipt. The TCP and UDP protocols are implemented at the Transport layer. The Session layer (Layer 5) establishes, manages, and terminates communication sessions. It manages the dialog between two hosts, working at the Session layer of each host.
Which of the following is a limitation of vSwitch technology? Network traffic cannot flow between vSwitches on the same host. Each vSwitch on a host requires a minimum of two physical NICs. Each host can only support one vSwitch with a maximum of 256 virtual ports. Each vSwitch on a host must be configured to use the same physical NIC.
Network traffic cannot flow between vSwitches on the same host. One limitation of the vSwitch technology is that network traffic cannot flow between vSwitches on the same host. A vSwitch, or virtual switch, is the software equivalent of a physical Layer 2 switch. vSwitch technology is used by most virtualization platforms to provide connectivity between virtual machines (VMs) and the physical network. Each VM has one or more virtual network adapters (vNICs) which connect to a virtual switch, and each virtual switch is linked to the physical network by one or more physical network adapters. Traffic cannot flow between vSwitches on the same host because popular vSwitch platforms, such as VMware vSphere Switch, do not allow vSwitches on the same host to be connected. As a result, switch loops cannot be created, which negates the need for loop detection and prevention protocols such as Spanning Tree Protocol (STP). VM hosts are not limited to one vSwitch with a maximum of 256 virtual ports. The number of supported vSwitches and ports varies between platforms, but even type 2 hypervisors like VMware Workstation support multiple vSwitches per host. Each vSwitch on a host does not require a minimum of two physical NICs. Only one physical NIC per vSwitch is required. It is important to note that vSwitches cannot share the same physical NIC. Each vSwitch on a host must not be configured to use the same pNIC. In order to maintain vSwitch autonomy and prevent switching loops, each vSwitch requires at least one dedicated pNIC.
Which routing protocol requires each node to build a complete network map? RIP OSPF EIGRP BGP
OSPF Open Shortest Path First (OSPF) requires each node to build a complete network map. OSPF is considered a link-state routing protocol and routers share link-state data with neighboring routers. As link-state data is shared, each router learns the complete network topology of an Autonomous System (AS). The routers then use the Shortest Path First (SPF) algorithm to calculate routes to all destinations in the AS. Enhanced Interior Gateway Routing Protocol (EIGRP) combines features from link-state and distance vector routing protocols. As a result, EIGRP is referred to as a hybrid routing protocol. EIGRP uses hop count and other metrics, such as bandwidth, when making routing decisions. EIGRP routers do not build a complete network map. Routing Information Protocol (RIP) is considered a distance vector protocol and RIP routers share the routes they have learned with neighboring routers. Each route includes a metric that represents the hop count, or distance, to a route destination. When making routing decisions, a RIP router chooses the route with the lowest distance. RIP routers do not build a complete network map. Border Gateway Protocol (BGP) is considered a path-vector routing protocol and is the routing protocol used on the internet. BGP routers do not build a complete network map.
A network engineer is troubleshooting an issue with an underground fiber optic cable. Based on initial testing, the engineer suspects the cable has been broken. Which tool should the engineer use to locate the break as accurately as possible? c Cable tester Toner TDR
OTDR The engineer should use an Optical Time Domain Reflectometer (OTDR) to locate the break. This tool sends pulses of light from a laser down a fiber optic strand and measures the intensity of light that is reflected along with precise timestamps. This information can be used to locate cable bends, impurities in the glass or between connectors, as well as the distance from the source to a break in the cable. Depending on the type, a cable tester can be used to test copper or fiber optic cables. A copper tester is used to verify basic electrical continuity and ensure proper pin layout and termination. While a fiber tester can measure optical power and verify connectivity, it cannot be used to locate the location of a cable break. A Time Domain Reflectometer (TDR) is more advanced than a cable tester and, like an OTDR, measures the strength of reflected signals to calculate cable loss and locate breaks. TDRs are used with copper cables. A toner is a simple tool used in wiring closets and at patch panels to locate a target cable or port. A tone generator is placed on the desired source cable or port, and a tone tracer is passed across a patch panel or cable bundle until it beeps, identifying the target cable.
A technician determines there is a break in the fiber optic cable routed between two buildings. The technician needs to determine the distance to the break. What should the technician use? Spectrum analyzer OTDR Multimeter Light meter
OTDR The technician should use an optical time-domain reflectometer (OTDR). An OTDR is a fiber optic test device that can be used to determine detailed characteristics of a fiber line. This includes the ability to determine the approximate distance to a break in the cable. The technician should not use a light meter. A light meter, or optical power meter, is used to make precise measurements of attenuation in a fiber optic cable by detecting the loss in a known light signal. It can also be used to test continuity but not the distance to a break. The technician should not use a multimeter. A multimeter is one to the tools used to test and troubleshoot copper cable by measuring voltage, current, and resistance or impedance. It is not used to troubleshoot optical media. A spectrum analyzer is a radio frequency test, troubleshooting, and diagnostic device. A spectrum analyzer can be used to determine the broadcast frequencies in use and the power level of the signals.
A company is developing several web applications. The company does not have the hardware resources to support the development and does not want to incur the expense of additional hardware. The company wants to use its own development application and data, but it wants hardware, operating system and storage management to be the responsibility of a third-party provider. Which type of service does this describe? SaaS PaaS SECaaS IaaS
PaaS This is a description of platform as a service (PaaS). PaaS is most often used as a development platform with most of the infrastructure and management requirements being the responsibility of the cloud provider. The subscriber provides the development platform and its own data. Everything else is provided by the cloud provider, including hardware, operating system, storage, access to APIs, and runtime environment. Software as a service (SaaS) refers to a subscription application service. The subscriber has access to the application and all management is the responsibility of the cloud provider. Common examples include customer resource management (CRM) applications, productivity applications, and file storage and sharing applications. With infrastructure as a service (IaaS), the subscriber has a significant part of the management responsibility. The cloud provider is responsible for hardware, virtualization, data storage, and network infrastructure. Everything else, including the operating system, any applications, runtime environment and data, is the responsibility of the subscriber. Security as a service (SECaaS) is a way of contracting with a third party for network security support. This can include a wide array of services such as intrusion detection, penetration testing, antimalware, security incident management, authentication, and so forth. Support is typically structured so that the subscriber retains responsibilities for which it has the personnel and expertise to do so, and works with security professionals from the provider.
The network support team needs to determine whether data is being encrypted when it is sent over the network. Which process should the team use? Log review Vulnerability scanning Port scanning Packet analysis
Packet analysis The team should use packet analysis or traffic analysis. This is the process of capturing network traffic and analyzing the traffic content. This would enable the team to determine if the data portion of the packet is encrypted. The team should not use port scanning. This would tell the team nothing about the traffic being sent across the network. Port scanning is used to identify which TCP and UDP ports are open on network hosts. The team should not use vulnerability scanning. Vulnerability scanning is used to identify known weaknesses present in the network and on network hosts. The team should not use log review. Log review would let the team see events that have been generated by network hosts, but it would provide no insight into network packet content.
A network administrator is troubleshooting poor wireless performance used for a building-to-building backhaul and suspects the WAP antenna needs to be replaced. Which antenna type should the administrator deploy to maximize gain? Directional Parabolic dish Yagi Omnidirectional
Parabolic dish The network administrator should deploy a parabolic dish antenna. A parabolic dish antenna is like a satellite dish and heavily focuses radio frequency (RF) energy in a tight beam. Parabolic dish antennas are used to connect wireless LANs across areas where cabling might be difficult to install. Some parabolic antennas can send 5 GHz signals over 10 miles. A parabolic antenna offers about 20 dBi gain. The network administrator should not deploy a yagi antenna. A yagi antenna is a type of directional antenna that can also be used for short-haul point-to-point installations. A yagi antenna offers about 10 dBi gain. The network administrator should not deploy a yagi antenna. A yagi antenna is a type of directional antenna that can also be used for short-haul point-to-point installations. A yagi antenna offers about 10 dBi gain. The network administrator should not deploy a directional antenna. Directional antennas are designed to radiate RF energy in a particular direction. The coverage pattern is often described as egg-shaped. Directional antennas offer about 10 dBi gain.
Against which type of attack is end user training most effective? Phishing Man-in-the-middle War driving Evil twin
Phishing End user training is one of the most effective ways to defend against phishing and other social engineering attacks. Phishing attacks use deceptive emails to try to collect sensitive or personal information. Users can be trained to recognize phishing attempts and the actions to take when they occur. This can be enhanced through technical controls, such as email filtering. User training cannot defend against a man-in-the-middle attack. In this type of attack, the attacker enters the communication path between two computers, usually a client and a server, and collects the data passed between the computers. Ways to prevent man-in-the middle attacks include the use of secure encrypted protocols, strong encryption as wireless access points, and use of virtual private networks (VPNs). User training does not effectively defend against war driving. War driving is the process of physically going to different locations with a mobile device to find unsecured access points. The best defense is encrypting data communication and requiring secure authentication. User training does not defend against an attack by an evil twin. An evil twin is a rogue access point configured to look like a valid access point. The attack is able to gather information after a user connects to a rogue access point. Rogue access points are one of the methods used to launch a man-in-the-middle attack.
A network engineer is concerned about the security of sensitive east-west traffic flows. Which is the BEST option for addressing this concern? Require TLS for customer connections to cloud resources. Configure site-to-site VPN for remote branch offices. Place firewalls between datacenter network segments. Place a firewall at the public/private network perimeter.
Place firewalls between datacenter network segments. The best option for securing sensitive east-west traffic flows is to place firewalls between datacenter network segments. East-west traffic flows describe traffic that flows between endpoints within the same datacenter. By placing firewalls between datacenter network segments, traffic can be scanned, and Access Control Lists (ACLs) can be used to block access to unnecessary services. East-west traffic is also known as lateral traffic. Placing a firewall at the public/private network perimeter will protect north-south traffic flows. North-south traffic flows outside a datacenter network, typically between trusted and untrusted networks. Site-to-site Virtual Private Networks (VPN) protect north-south traffic flows. Data flows from a datacenter to the remote site and back. Requiring Transport Layer Security (TLS) for customer connections to cloud resources will protect north-south traffic flows. Data flows from remote customers to the datacenter and back.
An organization plans to deploy WAPs in all its offices. Due to cost constraints, some mounting locations will only be reachable using Cat 6a cabling. Which of the following should the organization also plan to deploy to ensure that WAPs function properly? PoE+ STP LACP 802.1q
PoE+ The organization should also deploy Power over Ethernet+ (PoE+). PoE+ can delivery up to 30 watts of power over Category 5 or higher twisted pair cabling. This can be used in scenarios where installing traditional power outlets is cost prohibitive or otherwise not feasible. PoE+ provides enough power to run Wireless Access Points (WAPs), Voice over Internet Protocol (VoIP) phones, cameras, and other similar devices. Link Aggregation Control Protocol (LACP) is used on Ethernet networks to aggregate interfaces. This allows the interfaces to operate as a single virtual interface, which increases throughput and enhances availability. LACP is not used to deliver power to devices. 802.1q allows tags to be added to an Ethernet frame for Virtual Local Area Network (VLAN) identification. 802.1q is also known as VLAN or port tagging. It is not used to deliver power to WAPs. Spanning Tree Protocol (STP) is not used to deliver power to devices. STP ensures a loop-free topology in switched Ethernet networks.
Part of a company's network is shown in the exhibit. Client computers are configured to receive IP addresses automatically from the DHCP server. All client computers currently have valid IP addresses. Part of a company's network is shown in the exhibit. Client computers are configured to receive IP addresses automatically from the DHCP server. All client computers currently have valid IP addresses. What is the most likely cause? The DNS server is failing. Port 53 is blocked on the 192.168.1.1 interface. The 192.168.1.1 interface is failing. Port 53 is blocked on the 192.168.1.129 interface.
Port 53 is blocked on the 192.168.1.1 interface. The most likely cause is that port 53 is blocked on the 192.168.1.1 interface. DNS name resolution uses port 53. Because name resolution is failing on the 192.168.1.0 subnet only, the most likely problem is that the port is blocked on the interface facing that subnet. Port 53 is not blocked on the 192.168.1.129 interface. If it were, then other subnets would also be experiencing name resolution problems. The 192.168.1.1 interface is not failing. If the interface were failing, then computers on the 192.168.1.0 would be unable to access resources in other subnets. You know that the DNS server is not failing because name resolution works for other subnets.
A network administrator wants to secure a server. Which is the BEST tool for determining which services or applications are responding to network requests? dig Protocol analyzer SIEM Port scanner
Port scanner A port scanner is the best tool for determining which services or applications are responding to network requests. A port scanner is a tool that scans network nodes and attempts to identify which ports are responding. For example, if a web service is running on a server, a port scanner will likely detect that ports 80 and 443 are open. Nmap is the most popular and widely used port scanner available today. Other tools, such as vulnerability scanners, also use port scanning techniques. Security Information and Event Management (SIEM) software is designed to ingest data from a variety of network components, such as user workstations or laptops, network routers and switches, firewalls, servers, and other appliances. The software then analyzes the data to identify trends, pending security issues, and security breaches. While SIEM software might record information about applications or services running on the server, it is not the best tool for determining which of those are responding to network requests. A protocol analyzer can be used to capture network packets and investigate packet headers and payloads. Like SIEM software, a protocol analyzer may help the administrator discover information about the server. However, it is not the best tool for determining which of those are responding to network requests. Wireshark and tcpdump are popular protocol analyzers. The Domain Information Groper (dig) utility can be used to issue queries to Domain Name System (DNS) servers. This is useful for troubleshooting name resolution issues.
In-house technicians plan to emulate a penetration attempt. They want to see if they can learn what services are running on network servers. What should they use? Packet analysis Traffic analysis Port scanning Vulnerability scanning
Port scanning The technicians should use port scanning. A port scanner attempts to connect to ports on a computer and determine which ports are open. Most services have well-known ports associated with them. By identifying the ports that are open on a computer, you can get some idea of the services configured on that computer. This information can be used to identify the services running on a server. This is a relatively passive activity and can often go undetected. A port scanner can be used for both valid network management and malicious purposes. You could use a port scanner to look for services installed and configured on a computer, but it can also be used to identify vulnerabilities in preparation for hacking into a network. Technicians should not use vulnerability scanning. This looks for known vulnerabilities, but it does not necessarily report all services running on a server. Technicians should not use packet or traffic analysis. These terms are often used interchangeably because the same utilities are frequently used for both purposes. This is the process of capturing and storing network traffic for analysis. You can analyze traffic patterns for potential anomalies and look at packet content in detail.
A company deploys a new wireless network. The company secures access using WPA2-Personal. What is required for a client to connect to an access point? Recognized MAC address User name and password Pre-shared key Client certificate
Pre-shared key WPA2-Personal, also known as WPA2-PSK, uses a pre-shared key (PSK) of 64 hexadecimal digits or passphrase of 8 to 63 printable ASCII characters. Users are prompted to enter the PSK or passphrase the first time a client connects to the network. WPA2-Personal is designed for use in home office or small business office network environments. A client certificate is not required to support WPA2-Personal. A client certificate is needed in some configurations, such as using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) for secure authentication. WPA2-Personal does not require a user name and password to connect to the access point. However, in most network environments, a user name and password (or other authentication factors) will be required for users to access network resources. A recognized Media Access Control (MAC) address is not part of WPA2 access control, but most access points can be configured with MAC filtering to limit access to known addresses.
Based on SANS Institute recommendations, in what order should incident response phases be carried out? To answer, arrange the phases in the correct order.
Preparation Identification Containment Investigation Eradication Recovery Lessons Learned Preparation includes user training, hardening systems to mitigate vulnerabilities, and putting security policies in place. It also includes getting the tools needed for incident response together and preparing necessary forms. Identification is the process of identifying and classifying the incident. This is where the incident response team determines whether there is an actual incident or if it is simply an unusual, but benign, activity. Containment is the process of limiting the scope and impact of the incident. The team must determine the operational status of any devices impacted and make an effort to keep critical resources available. Investigation is the first step in trying to determine what happened to cause the incident. During this process it is important to document any activities and to use chain of custody forms to track any evidence seized. This phase is sometimes included in the Eradication phase. Eradication is the process of taking steps to remove what caused the incident. The steps required will depend on the type of incident and the resulting damage. This often includes actions such as virus removal. Recovery is the process of bringing the network and its resources back to a functional state. This may include reinstalling software, restoring data from backups, and other necessary activities. Lesson learned, sometimes referred to as the incident follow-up, is a post incident review. It should cover items such as things that could have been done in advance to prevent the incident, problems encountered during the incident response, as so forth. There should be ongoing communication between the incident response team and trusted stakeholders throughout the response process.
A small company subscribes to a popular productivity application suite. All employees access the applications through a web browser interface. Employees store their data locally on their own computers. Which cloud delivery model does this describe? Public Private Community Hybrid
Public This is an example of a public cloud. Multiple users and organizations have access to applications or other services through a subscription agreement. This is essentially a shared software model. Subscribers have minimal control over the application, such as personal preference settings and data storage locations. Many public cloud applications also provide storage support in addition to other application infrastructure. This is also an example of software as a service (SaaS). Most SaaS subscriptions are hosted on public clouds. This is not an example of a private cloud. A private cloud is hosted on a private network to ensure strict security and data privacy. This is not an example of a hybrid cloud. A hybrid cloud combines cloud-based and on-premises service and resources. This could be, for example, a cloud-based application that uses secure on-premises data with a secure communication channel between the two. This is not an example of a community cloud. A community cloud is a specialized type of private could in which access is limited to a select group of users or organizations. It provides a platform for businesses or other organizations to work on a joint project or share research.
Which is the BEST tool or technology for ensuring the performance of Voice over IP (VoIP) applications? NetFlow NGFW QoS SNMP
QoS Quality of Service (QoS) is the best technology for ensuring the performance of Voice over IP (VoIP) applications. QoS is a feature on network devices that helps to manage bandwidth usage and reserve bandwidth for latency sensitive applications such as voice, IPTV, and video conferencing. Once QoS priorities are configured on a router or switch, QoS marks packets based on service type and then uses these markings to prioritize the desired traffic types. Simple Network Management Protocol (SNMP) is used to send status, diagnostic, and event information from network nodes to a centralized server. SNMP can also collect performance and event information from network devices. SNMP is not used to ensure the performance of Voice over IP (VoIP) applications. On its own, a Next-Generation Firewall (NGFW) does not ensure the performance of VoIP applications. Some firewalls include support for QoS, but this is not guaranteed. Firewalls are used to control network access to resources. NetFlow is a network protocol that is used to capture packets and analyze traffic statistics on network nodes. NetFlow does not ensure the performance of VoIP applications.
What should a company use as an authentication and authorization server for WPA2-Enterpise? TACACS+ LDAP RADIUS Kerberos
RADIUS Wi-Fi Protected Access II (WPA2)-Enterprise requires a RADIUS server for authentication and authorization. This is the only authentication option supported for WPA2-Enterprise. This is also referred to as WPA2-802.1x mode. WPA2 can also be implemented as WPA2-PSK (WPA2-Personal). This uses a string of 64 hexadecimal digits or a passcode (password) of up to 63 printable ASCII characters for authentication. Kerberos is an authentication protocol that is commonly used on the Internet and on directory service networks. It provides secure authentication and supports Windows, Linux, UNIX, and other operating systems. Kerberos cannot be used for WPA2-Enterprise authentication. Lightweight Directory Access Protocol (LDAP) is a protocol for accessing and maintaining directory information services, not for authentication.
A company expands its corporate campus. All new buildings are configured to support wireless LANs. The company wants to use WPA2-Enterprise to ensure wireless security and provide for centralized control of authentication and authorization. What type of network device is needed to provide centralized authentication and authorization? Wireless LAN controller NGFW RADIUS server Proxy server
RADIUS server The company needs to use a Remote Authentication Dial-In User Service (RADIUS) server to support WPA2-Enterprise. In this configuration, the RADIUS server is responsible for authentication and authorization, as well as related accounting activities (also known as AAA). The wireless access point (WAP) or wireless LAN controller is configured as a RADIUS client. The WAP passes the authentication request to the RADIUS server. A wireless LAN controller is a network device that provides for central control and management of multiple WAPs. A wireless controller does not provide centralized authentication and authorization. It can forward authentication requests from clients to the RADIUS server for authentication, but it cannot perform the authentications. A wireless LAN controller can also mitigate radio interference, provide load balancing, provide for failover, and improve bandwidth usage. The company should not use a proxy server. A proxy server adds a layer of protection between internal network hosts and external websites. The proxy server uses its own address instead of the internal host's when connecting to an external site and returns the result to the originally requesting host. Most web proxy servers will also cache the result and serve subsequent requests from the cache instead of issuing a new request to the external server. The company should not use a Next-Generation Firewall (NGFW). An NGFW provides traditional firewall functionality but adds advanced functionality, including acting as an application-level firewall with deep packet inspection. An NGFW does not provide support for centralized authentication and authorization.
A company wants to support multiple client computers running an application installed on a computer that runs Windows Server 2016. The clients should be able to take advantage of the memory and processor resources on the server. Each client will have a unique data set. Which technology should the company use? VNC SSH VPN RDP
RDP The company should use Remote Desktop Protocol (RDP). RDP is a Microsoft-proprietary desktop sharing protocol. Different operating systems are supported as clients, but the server must be a Microsoft Windows server. A new session is started as each client's user logs on, and each client can launch a new instance of the application. Key presses and mouse clicks are passed to the server, and changes to the display screen are returned to the client. Data is stored on the client computer. The company should not use Virtual Network Computing (VNC). VNC is a platform-independent desktop sharing system. The client logs on to and is authenticated by the server. Any clients connecting to the server share the same session, which means they share the same screen, and keyboard and mouse actions are accepted from the server and from any connected client, so this would not meet the scenario requirements. The company should not use secure shell (SSH). SSH lets you open and use a remote command session to run command-line commands and does not provide the type of application support required. The company should not use a virtual private network (VPN) connection. A VPN is used to create a secure connection over an unsecured network and is most often used when connecting over the Internet. It can be used to connect a remote client to an internal network or to connect two sites.
Which is considered solely a distance vector protocol? RIP OSPF EIGRP BGP
RIP Routing Information Protocol (RIP) is considered a distance vector protocol. A RIP shares the routes it has learned with neighboring routers. Each route includes a metric that represents the hop count, or distance, to a route destination. When making routing decisions, a RIP router chooses the route with the lowest distance. Open Shortest Path First (OSPF) is considered a link-state routing protocol. Each router learns the complete network topology of an Autonomous System (AS) and uses this information to calculate routes to all destinations in the AS. Enhanced Interior Gateway Routing Protocol (EIGRP) is considered a hybrid routing protocol. EIGRP uses features from both distance vector and link-state routing protocols. EIGRP uses hop count and other metrics, such as bandwidth, when making routing decisions. Border Gateway Protocol (BGP) is considered a path-vector routing protocol. BGP is the routing protocol used on the Internet.
A malware attack encrypts the data on a critical network server. A dialog box displays on the server display screen with instructions about how to pay for a recovery code to decrypt the server data. Which type of attack does this scenario describe? Deauthentication Man-in-the-middle Brute force Ransomware
Ransomware This is an example of a ransomware attack. Ransomware attacks take various forms, including: Encrypting user data to make it inaccessible Threatening to overwrite or delete all data Threatening to publish all data This attack demands that a fee (ransom) be paid by a specified time to receive a recovery code, in this case, to decrypt the data. There is always the risk that even paying the ransom, the victim never receives a recovery or unlock code. This is not a brute force attack. A brute force attack attempts a series of potential passwords until one works. Most brute force attacks are based around dictionary attacks that work from a list of commonly used words, but more recent versions will also attempt variations that mix in letters and other characters or generate random values. This is not a deauthentication attack. A deauthentication attack is a type of wireless LAN denial-of-service (DoS) attack in which packets are sent that forcibly disconnect clients from an access point. This type of attack is sometimes used to force connections to a rogue access point, compromise user passwords, or set up for a man-in-the-middle attack. This is not an example of a man-in-the-middle attack. In this type of attack, the attacker enters the communication path between two computers, usually a client and a server, and collects the data passed between the computers.
A company needs to use physical security devices to secure a server room.The following requirements must be met: Entrance to the storage area should be limited to select employees only. It should be possible to track any equipment removed from the room. It should be possible to configure an alarm to sound if anyone is in the room after normal business hours. What should the company do? To answer, drag the appropriate physical security device to each location. A physical security device may be used once, more than once, or not at all.
Refer to Picture Door: Biometric Lock Computer: Asset tracking tag Computer: Asset tracking tag Empty Space: Motion detector The company should place a biometric lock on the door, asset tracking tags on equipment, and install a motion detector inside the room. A biometric lock requires a personally identifying feature, such as finger or thumb print, retinal scan, or facial recognition. This limits access to only those employees identified as having authorization. Asset tracking tags enable tracking of assets after they are removed. The signal sent by the tag can be tracked by various types of devices, including smart phones. A motion detector is activated by motion in the room. This can be connected to an alarm that is turned on after hours only. There is no requirement for video surveillance. Video surveillance could be used for additional monitoring of the area.
Threat of flooding causes a company to move large vertical filing cabinets from the basement to the main office area. Users start complaining of problems connecting to the WLAN and delayed response from the network. Network analysis shows a high level of corrupted packets. What is the most likely cause? Reflection Interference Absorption Attenuation
Reflection The most likely problem is reflection, also referred to as signal bounce. Introduction of the vertical filing cabinets means that signals can bounce off of the filing cabinets, and multiple paths of propagation are created. This causes bits and partial packets to be received at delayed intervals. This can cause corruption of the transmitted data and result in latency issues. The problem is not absorption, which is when signals are absorbed by materials through which they pass near or through and lost. Highly absorbent materials include water, concrete, ceramic, and brick. The problem is not absorption, which is when signals are absorbed by materials through which they pass near or through and lost. Highly absorbent materials include water, concrete, ceramic, and brick. The problem is not attenuation, which is loss of signal strength over distance. Wireless LAN (WLAN) components have not moved, so attenuation has not changed.
A company routes Cat 5e UTP cabling through a part of its manufacturing floor that generates a great deal of Electromagnetic interference (EMI). The cables are routed loosely through the ceiling, about 3 meters above the equipment. Computers connected to the cabling experience communication errors any time the equipment is running. The company needs a reliable, cost-effective solution. Management will not authorize converting to fiber optic cabling. What should the company do? Replace the Cat 5e UTP cable with Cat 6 UTP cable. Reroute the cable through existing power conduit. Reroute the cable along the floor. Replace the Cat 5e UTP cable with Cat 5e STP cable.
Replace the Cat 5e UTP cable with Cat 5e STP cable. The company should replace the Cat 5e unshielded twisted pair (UTP) cable with Cat 5e shielded twisted pair (STP) cable. Electromagnetic interference (EMI) can come from several sources, such as compressors, cutting equipment, and other manufacturing equipment. EMI can induce stray signals in UTP cabling, degrading communication. The preferred solution is usually to avoid EMI sources. Otherwise, STP cable should be used to block the EMI. The company should not use Cat 6 UTP. Cat 6 cable is an improvement over Cat 5e cable, supporting higher data rates and making crosstalk less likely, but it is still susceptible to EMI. You should not route the cable through the existing power conduit. This can cause excessive voltages to be induced on the data cable, which can result in equipment damage. You should not route the cable along the floor. This will not fix the problem and, since the cable would be closer to the equipment, could make the problem worse. It would also make the cable susceptible to physical damage.
A network administrator prepares to install an outdoor WAP and determines EIRP is lower than the install requires. What should the administrator do to address this issue? Reorient the WAP. Decrease the WAP transmit power. Disable SSID broadcast. Replace the antenna cables.
Replace the antenna cables. The administrator should replace the antenna cables. Effective Isotropic Radiated Power (EIRP) is used to express how much transmit energy an antenna radiates. Calculating EIRP requires knowing the transmit power of the wireless access point (WAP), the gain provided by the antenna, and the loss introduced by any antenna cables and connectors. Replacing the antenna cables with lower loss cables will improve EIRP. The administrator should not reorient the WAP. For WAPs with internal antennas, AP orientation is important when maximizing signal strength for intended clients. However, AP orientation will not alter EIRP calculations. The administrator should not decrease the WAP transmit power. WAP transmit power is part of the EIRP equation and directly affects signal strength. Reducing transmit power will lower EIRP. The administrator should not disable Service Set Identifier (SSID) broadcast. The SSID is the wireless network name. If SSID broadcast is disabled, users will need to manually enter the SSID when connecting to the network.
A company opens new warehouse space on its company campus. Network wiring for the warehouse is routed through a 110 punch block and patch panel. Wiring out to devices uses Cat 5e UTP cable. Several devices in the warehouse experience communication problems. After extensive testing, the problem is determined to be crosstalk. The company needs to correct the problem. Infrastructure changes should be kept to a minimum. The company needs to correct the problem. Infrastructure changes should be kept to a minimum. Replace the failing cables with Cat 5e STP cables. Replace all cabling with fiber optic cable. Replace the 110 punchdown block with a 66 punchdown block. Replace the failing cables with Cat 6 cables.
Replace the failing cables with Cat 6 cables. The company should replace the failing cables with Cat 6 cables. Crosstalk occurs when a signal on one cable pair creates transmission errors with another pair through inductive or capacitive coupling. Crosstalk is minimized in copper wires through the twists placed in the pairs. Cat 6 cable is produced with much more stringent specifications for preventing crosstalk than Cat 5 or Cat 5e cable. The company should replace the failing cables with Cat 6 cables. Crosstalk occurs when a signal on one cable pair creates transmission errors with another pair through inductive or capacitive coupling. Crosstalk is minimized in copper wires through the twists placed in the pairs. Cat 6 cable is produced with much more stringent specifications for preventing crosstalk than Cat 5 or Cat 5e cable. The company should not replace the 110 punchdown block with a 66 punchdown block. A 66 punchdown block is not rated for network cabling above Cat 3. A 110 block can be used with Cat 5 and Cat 6 cable types. The company should not replace all cabling with fiber optic cable. This would solve the problem but would require significant infrastructure changes to add support for fiber optic. In addition, a media converter would likely be needed to transfer signals from copper cable to fiber optic.
The nslookup command fails and shows the error in the exhibit. What should the support team create to fix the problem? Reverse lookup zone Static route entry TXT record CNAME record APIPA address Refer to Exhibit >Set type=ptr >10.10.10.201 Server: Unkown Address: ::1 *** UnKnown can't find 201.10.10.10 in-addr.arpa : Non0existent domain
Reverse lookup zone The support team should create a reverse lookup zone. The error indicates a missing Pointer (PTR) record. PTR records resolve IP addresses to fully-qualified domain names (FQDN). The team should create a reverse lookup zone on a domain name system (DNS) server and verify the PTR records. The support team should not create a Canonical Name (CNAME) record. A CNAME record creates an alias by mapping a name to another name. The error suggests a problem with a PTR record. The team should not use a TXT record. TXT records contain information for sources outside of the main domain and are not related to reverse lookups. Automatic Private IP Addressing (APIPA) is a feature of Microsoft Windows operating systems. APIPA allows a computer to automatically assign an IP address when there is no DHCP server in the network. APIPA is not related to DNS records and zones. Creating a static route entry will not solve the problem. The problem is not related to the routing of packets. The team has to create a reverse DNS zone.
Users report that messages about duplicate IP addresses keep displaying on their computers. What should technicians suspect as a cause? Host firewall settings Name resolution errors Rogue DHCP server Exhausted DHCP scope
Rogue DHCP server The likely problem is a rogue DHCP server with a duplicate scope or duplicate addresses within its defined scopes. When a device requests to lease an IP address, any DHCP server with a valid available IP address will respond to the request. If a rogue DHCP server has duplicate addresses available, it can result in duplicate IP address assignments. The problem is not an exhausted IP address scope. A device will configure itself with an Automatic Private IP Addressing (APIPA) address if it is unable to lease an address due to an exhausted scope. IP address assignment is not related to name resolution. A name resolution error would not result in duplicate IP address assignment. Host firewall settings can control the data into or out of a host computer. Host firewall settings could prevent a device from being able to lease an address from a DHCP server but would not cause duplicate IP addresses.
Which device should a company use to configure a new area within OSPF? IPS IDS Router L2 Switch
Router The company should use a router to configure a new area in Open Shortest Path First (OSPF). OSPF is a link-state routing protocol and uses areas to group routers. The company could configure OSPF on a router to enable a dynamic exchange of routing tables and achieve fast convergence times. The company should not use a Layer 2 (L2) switch. L2 switches work at the Data Link layer and do not support routing. An Intrusion Prevention Systems (IPS) and an Intrusion Detection Systems (IDS) do not support OSPF. The company could use an IPS or IDS to protect the network against malicious activity. An IDS is a passive device that can identify a network attack, while an IPS can identify and stop a threat.
Following updates to A records, a client is no longer able to connect a web server. What should be done FIRST? Check for errors with a packet analyzer. Run ipconfig /flushdns on the client. Run netstat on the web server. Run traceroute on the client.
Run ipconfig /flushdns on the client. The ipconfig /flushdns command can be used on Windows-based systems to flush hostname to IP address mappings that have been previously resolved and are now stored in a local cache. In this scenario, the web server is using the cached IP address for the database server. The traceroute command can be used to verify and troubleshoot connectivity between endpoints. Traceroute reports the latency at each router hop between a source and destination. This command is not used to troubleshoot Domain Name System (DNS) related issues. The netstat command can be used to show the active and listening connections on a host. This is useful for investigating local network issues but is not used to troubleshoot DNS-related issues. A packet analyzer is used to capture and view the contents of network packets. While a packet analyzer could be used in this case to evaluate the requests made by the web server, this tool is best used for complex network issues that cannot be resolved using other tools.
Which technology will an organization MOST likely deploy to manage industrial machinery? SCADA SIP SNMP SIEM
SCADA The organization will most likely deploy Supervisory Control and Data Acquisition (SCADA). SCADA is a type of Industrial Control System (ICS) that is deployed to monitor and manage production machinery, plant operations, and energy and water distribution systems. SCADA devices can be placed locally in production facilities or in the field, such as a flow monitoring sensor on a water supply pipe. Some SCADA devices passively monitor using sensors, while others actively control pumps, valves, motors, and other machine components. A Security Information and Event Management (SIEM) is designed to ingest data from a variety of network components, such as user workstations or laptops, network routers and switches, firewalls, servers, and other appliances. The SIEM then analyzes the data to identify trends, pending security issues, and security breaches. A SIEM does not manage industrial machinery. Simple Network Management Protocol (SNMP) is used to send status, diagnostic, and event information from network nodes to a centralized server. SNMP can also collect performance and event information from network devices. SNMP is not used to manage industrial machinery. Session Initiation Protocol (SIP) is used to initiate and manage sessions for real-time communications such as voice over IP (VoIP) and video conferencing. SIP is not used to manage industrial machinery.
Which is used with multimode fiber? 110 block RJ45 F-type SFP
SFP Small form-factor pluggable (SFP) transceivers are used with multimode fiber. SFPs are often referred to as optics because they contain the laser circuitry used to transmit pulses of light over fiber optic cables. Most modern enterprise switches include a block of SFP ports and many vendors offer core and other high-capacity switches that only include SFP ports. Register jack 45 (RJ45) connectors are not used with multimode fiber. RJ45 connectors support eight conductors and are used to terminate Ethernet cables. F-type connectors are not used with multimode fiber. F-type connectors are used to terminate coax cables. 110 blocks are not used with multimode fiber. 110 blocks, also known as punch down blocks, are used to connect telephone or data lines.
A company deploys a server on its perimeter network. The server will be used for transferring files. Specific requirements include: Users authenticate with a user ID and password. All communication between the server and client is encrypted. Open ports on the perimeter firewall are kept to a minimum. No certificate is required at the server or client. What should the company select as a solution? FTPS SFTP FTP TFTP
SFTP The company should select FTP over SSH (SFTP) as its file transfer method. SFTP uses the secure shell (SSH) protocol for authentication and data security. SFTP supports simple authentication based on user ID and password but can optionally be implemented using certificate-based authentication if greater security is required. All communication between the server and client is encrypted, including the user ID and password used for authentication. SFTP uses a single port, port 22, on both the client and server. FTP over SSL (FTPS) is another secure transfer option, but there are some significant differences between FTPS and SFTP. FTPS can be configured for authentication through user ID and password, but connecting with a server through FTPS requires a server certificate for SSL authentication. Also, FTPS requires multiple ports. By default, you must open either port 21 or 990 as the command and control port and identify a range of data ports, typically 2000 through 2500. FTP and Trivial FTP (TFTP) are not secure transfer options. FTP can be configured to require user ID and password, but this information is passed in clear text. TFTP is used when less command and control is required and is often referred to as a lightweight protocol, meaning it has minimal overhead. FTP requires ports 20 and 21. TFTP uses port 69.
A company must implement additional monitoring and analysis to meet compliance requirements related to work done for new customers. The company needs a solution that can collect log, event, and other security information from a variety of sources and correlate and analyze the data to identify threats. It should provide for long-term storage of the data collected and be able to identify trending threats. What type of device solution should the company use? SNMP SIEM Server log IDS
SIEM The company should implement a security information and event management (SIEM) device or service. SIEM solutions vary in the functionality that they provide but most, at minimum, meet the scenario requirements. SIEM devices can collect data from network devices directly or through the use of client agents. Data is accepted in different formats. They provide for both real-time monitoring and reporting as well as analysis over time. One of the most common reasons for implementing SIEM technologies is to assist with meeting compliance requirements. An intrusion detection system (IDS) does not meet the scenario requirements. There are two common versions of IDS system. A signature-based system is designed to identify potential threats based on software signatures. An anomaly-based system relies on unexpected or "odd" network activity as opposed to a baseline. An IDS does not collect log or event data and does not provide the type of analysis needed. A server log does not meet the scenario requirements. A server log is a network collection device, but it is limited to log information only and supports limited data formats. Usually, it is also restricted to a limited set of devices. A server log is primarily for collection and storage and is not designed to perform detailed analysis. Simple Network Management Protocol (SNMP) is a standard protocol for collecting information from network devices and sending configuration requests to devices. Data collection is limited to information such as device type, configuration parameters, device properties, and so forth. It does not perform the type of data collection, correlation, and analysis needed.
A company has deployed a new access point. A network administrator wants to proactively monitor the number of connected clients and available resources using a secure protocol. What Layer 7 network protocol should be used? Telnet SMTP SNMP SSH
SNMP The network administrator should enable Simple Network Management Protocol (SNMP). SNMP is an application layer protocol that can be deployed to proactively monitor and manage network devices. The different versions of SNMP are SNMP version 1, SNMP version 2c, and SNMP version 3. SNMPv1 and SNMPv2c use a community string for authentication only. SNMPv3 improves security by offering confidentiality, integrity, and authentication. SNMP uses UDP port 161. Simple Mail Transfer Protocol (SMTP) cannot be used to monitor a network device. SMTP is a Layer 7 mail transport protocol. SMTP uses TCP port 25. Secure Shell (SSH) and telnet provide a command line interface for remote management of a network device. The network administrator could connect to the access point and monitor all resources manually. SSH and telnet are not designed to provide continuous monitoring and proactive features. SSH uses public-key cryptography to provide a secure connection with a remote device. Telnet is clear text and does not encrypt any traffic. SSH uses TCP port 22, and telnet uses TCP port 23.
Which DNS resource record type is used to identify and locate web servers in a network? NS SRV CNAME MX
SRV An SRV resource record is used to identify and locate web servers in a network. SRV records are used to identify servers that provide specific services to the network by host name, IP address, and port. You can also set precedence by configuring priority values, which provides a limited type of load balancing. NS resource records are name server records that are used to identify DNS servers that are authoritative for a zone, which includes both primary and secondary DNS servers. The primary authoritative DNS server for a zone is specified in the SOA resource record. A zone is a contiguous portion of a DNS namespace that sets administrative boundaries. A zone can contain an entire domain namespace or a partitioned portion of the namespace. MX resource records are used to identify mail exchange servers. Mail exchange servers are responsible for mail delivery, processing, and forwarding. Canonical Name (CNAME) resource records are used to define an alias for a domain host. A host will have a single host name record (an A record for IPv4 and an AAAA record for IPv6) but can have multiple CNAME aliases. A host's IP address can be retrieved using its A (or AAAA) record or one of its CNAME records.
A technician needs to execute command-line management commands on a Linux server located in a remote office. The technician should be required to log on at the server. All communication should be encrypted. What should the technician use? SSH RDP Telnet VNC
SSH The technician should use secure shell (SSH). SSH lets you open and use a remote command session to run command-line commands. SSH requires authentication, and all session communication is encrypted. This provides for secure communication over an unsecure path, such as the Internet. The technician should not use Telnet. Telnet supports remote command sessions and requires authentication, but it does not support encryption. The technician should not use Virtual Network Computing (VNC). VNC is a graphic remote desktop sharing system that can be used to control another computer. Keystrokes and mouse actions are passed to the remote computer, and desktop screens are returned. VNC does not have native support for encryption, so it would not meet the requirement. The technician should not use Remote Desktop Protocol (RDP). This provides for a connection through a remote desktop interface but is a Microsoft proprietary protocol and is supported with Microsoft Windows computers only as the managed computers.
A network administrator connects all top-of-rack switches using a mesh architecture. Which of the following is required for error-free operations in this environment? VLANs STP PoE LACP
STP Spanning Tree Protocol (STP) is required to operate effectively in this environment. In a switched Ethernet network, STP ensures a loop-free topology. Loops in a layer 2 network can cause frames to be forwarded repeatedly, impacting network performance significantly. In this scenario, the switches are connected using a mesh architecture, which means that each switch is connected to all the other switches. STP will evaluate switch-to-switch connections and block redundant connections that would create switching loops. Virtual Local Area Networks (VLANs) are not required to operate effectively in this environment. A Virtual Local Area Network (VLAN) allows devices to be grouped logically with other nodes. Link Aggregation Control Protocol (LACP) is used on Ethernet networks to aggregate interfaces. This allows the interfaces to operate as a single virtual interface, which increases throughput and enhances availability. LACP is not required in this scenario and will not prevent switching loops. Power over Ethernet (PoE) is not required to operate effectively in this environment. PoE is used to deliver power to devices like Wireless Access Points (WAPs) over twisted pair cabling. PoE will not prevent switching loops.
A consultant is helping set up an office in a remote rural area. The office needs a high bandwidth WAN link with the main office, which is located several hundred miles away. Which type of transmission medium should the consultant recommend? Wireless (cellular) Satellite Copper Fiber optic
Satellite The consultant should recommend using a satellite link to create a satellite-based WAN connection. This is likely the only high bandwidth option available in a rural area. This solution would require the installation of a dish for sending and receiving data at the remote office. One potential concern with satellite internet is latency, due to signal delays because of the distances traveled. Copper and fiber optic are not realistic options in this scenario, even though they are higher bandwidth solutions than satellite WAN. The options that a remote office is likely to use, either cable modem or telephone company DSL, would not be available in a remote rural area. Cellular-based wireless WAN is not a good option in this scenario. Cellular coverage has expanded but is still not available in all areas. Even if it is available, this option provides limited bandwidth.
Which type of cable uses an 8-10 micron core? Multimode Cat 8 Single-mode RG-6
Single-mode Single-mode cable uses an 8-10 micron core. Single-mode, fiber optic cable uses a glass core to transmit pulses of light. By comparison, the diameter of a human hair is around 75 microns. In lab tests, single-mode fiber can transmit data in the terabits per second range. Due to low attenuation, single-mode fiber can transmit data up to and beyond 10 kilometers. Multimode cable uses a 50 micron or 62.5 micron core, depending on the type. The larger core makes multimode cable less expensive than single-mode but results in lower throughput and shorter maximum cable lengths. RG-6 is common coaxial cable which uses an 18 American wire gauge (AWG) core, which is 1 millimeter in diameter. Category 8 (Cat 8) cable is shielded twisted pair cable. Internally, Cat 8 cable consists of eight individually shielded copper strands.
A company expands its corporate campus and builds new facilities for its warehouse and additional offices. The company needs to run a high-bandwidth link between the buildings. The buildings are approximately 4 km (about 2.5 miles) apart. What kind of cable should the company use? Single-mode fiber Cat 7 Cat 5e Multimode fiber
Single-mode fiber The company should use single-mode fiber. The primary factor that determines this is the distance between the buildings. Single-mode fiber supports distances of 15 km (10 miles) or more. This cable carries a single mode, or a single broadcast signal. Multimode fiber would not be appropriate for this application. Depending on the specific construction and the cable's use, maximum cable length is typically a value between 500 m (546 yards) and 2 km (1.2 miles). Multimode cable carries multiple signals through the same fiber core. Because of its design to carry multiple modes, the cable has a higher attenuation (signal loss over distance) than single-mode cable. Cat 5e and Cat 7 are both high-bandwidth copper cables but support maximum lengths of no more than 100 m (328 feet). Cat 5e is readily available in unshielded twisted pair (UTP) and shielded twisted pair (STP) versions. Cat 7 is STP only.
A company is expanding its office space. The current space is configured as a wired network. The new space will be set up as a wireless network. The company needs to identify potential sources of interference in the network office space. What should the company use? Spectrum analyzer Protocol analyzer WiFi analyzer Bandwidth tester
Spectrum analyzer The company should use a spectrum analyzer. This is a device that analyzes the radio frequency (RF) spectrum and provides information about the frequencies in use and signal strength. This is a way to identify signals that might interfere with wireless LAN (WLAN) communications and help identify the best channel to use. The company should not use a WiFi analyzer. This device is used to test communications and network use for an existing WLAN. It can also be used to identify the devices attached to the network and to look for rogue access points. The company should not use a protocol analyzer. A protocol analyzer collects and analyzes network traffic to provide information such as protocols in use. This functionality is often included in a packet analyzer, which is a device that can perform detailed traffic analysis. The company should not use a bandwidth tester. This device is used to test bandwidth usage and available bandwidth on an existing network. It is commonly used to test Internet access speed.
A large organization has offices in several locations around the world. Each geographic location has primary responsibility for its network administration and management. The company wants to ensure consistent instructions and management throughout the company. What should the company use to help ensure this? AUP Network configuration baselines Standard operating procedures (SOP) Change management SLA
Standard operating procedures (SOP) The company should implement standard operating procedures (SOP) to help ensure consistent management throughout all locations. An SOP identifies step-by-step instructions to help workers complete a complex periodic or repeated task. This will ensure that administrators are taking the same actions in the same way throughout the company. The company should not change management in this scenario. Change management deals with the guidelines for proposing, implementing, and tracking changes to the network. Documented change management is useful in tracking some activities but does not provide guidelines for how to perform the activities. Network configuration baselines do not apply in this situation. These refer to initial network configuration rather than ongoing management activities. The company should not use an acceptable use policy (AUP) to ensure consistent management. An AUP provides guidelines for the appropriate use of company resources. For example, an AUP might specify that company computers cannot be used to download games or entertainment content from the Internet. The company should not use a service level agreement (SLA) to ensure consistent management. An SLA is an agreement between an organization and its customers that defines minimum expectations for services provided. This includes issues such as maximum downtime and service availability.
Refer to the exhibit. Which device allows node D to communicate with node E? Load balancer Switch Default gateway Proxy
Switch Node B, a network switch, allows nodes D and E to communicate. Network switches provide connectivity to wired network nodes. Traditionally, switches function at layer 2 (Data Link) of the Open Systems Interconnection model (OSI model). A layer 3 (Network) switch also offers routing capabilities. A load balancer does not allow nodes D and E to communicate. A load balancer is used to distribute user requests across all servers in a farm. Load balancers use one of several algorithms for distributing loads across multiple servers. For example, a simple load balancer alternates between two servers by sending one request to the first server and sending the next request to the second server. Load balancers can also facilitate redundancy by only sending requests to live servers. In this graphic, node C is a load balancer. A proxy server does not allow nodes D and E to communicate. A proxy server acts as an intermediary between a client and a server and makes requests on behalf of clients such that the requests appear to come from the proxy itself. Although proxies can technically be used in Local Area Network (LAN) environments, they are most used between LANs and the Internet. In this graphic, a proxy server would mostly likely be placed at node A's location. A default gateway does not allow nodes D and E to communicate. In IP networking, a node uses its default gateway when it needs to send a packet to a node on a different subnet. A default gateway often also functions as a gateway of last resort and is used when a node does not know how to route a packet to its destination. Default gateways provide routing capabilities and allow hosts to communicate across subnets. In this graphic, node D would use node A as its default gateway. This would allow it to communicate with nodes F and G.
A network administrator needs to ensure network availability by sending status, diagnostic, and event information from network nodes to a centralized server. Which technology should the administrator use? FHRP RADIUS Syslog nmap
Syslog Syslog is used to send status, diagnostic, and event information from network nodes to a centralized server. Syslog is a standardized protocol that is used widely on network devices and servers. A syslog agent or process runs on these devices and can be configured to send syslog messages to a centralized server. Depending on the syslog server implementation used, the server may provide additional data analysis, log aggregation and search functions, and alerting. Remote Authentication Dial-In User Service (RADIUS) is not used to send status, diagnostic, and event information from network nodes to a centralized server. RADIUS provides Authentication, Authorization, and Accounting (AAA) functionality for networked systems. First Hop Redundancy Protocol (FHRP) is not used to send logging information to a centralized server. FHRP allows a cluster of two or more routers to share a single virtual IP address. nmap is a network scanner utility supported on a variety of operating systems. nmap is not used to send logging information to a centralized server.
A company wants to implement an authentication and authorization solution for network devices that also directly supports device management. What should the company use? SNMP RADIUS Kerberos TACACS+
TACACS+ The company should use Terminal Access Controller Access-Control System Plus (TACACS+). TACACS+ is a proprietary set of protocols that supports authentication, authorization, and accounting (AAA). It also provides support for network device management by authorizing router commands on a per-user or per-group basis. All TACAC+ traffic is encrypted, helping make it a secure solution. Remote Authentication Dial-In User Service (RADIUS) is a network protocol that provides for centralized authentication, authorization, and accounting support for internal networks and the Internet. Authentication information is maintained in a RADIUS server. However, RADIUS does not provide support for device management. Simple Network Management Protocol (SNMP) is a network protocol that supports network device monitoring and management. It supports a wide variety of network devices and is well-suited for use in a multivendor environment. SNMP does not provide any support for authentication and authorization. Kerberos is an authentication protocol that is commonly used on the Internet and on directory service networks. It provides secure authentication and supports Windows, Linux, UNIX, and other operating systems. Kerberos provides authentication only and does not perform authorization or provide for device management.
A company has deployed a new Microsoft Windows server behind a firewall. A systems administrator has been experiencing problems querying and modifying items in Active Directory from a remote location using an LDAP-based application. Which protocol should be allowed through the firewall? TCP port 636 UDP port 53 UDP port 69 TCP port 22 TCP port 3389
TCP port 636 TCP port 636 should be allowed through the firewall. Lightweight Directory Access Protocol (LDAP) over SSL is a secure protocol used to query and modify items in directory services such as Active Directory. Remote Desktop Protocol (RDP) uses TCP port 3389. RDP can be used to connect to a server remotely. However, RDP does not support querying and modifying items in Active Directory. By default, RDP does not use SSL and is vulnerable to a man-in-the-middle attack. Secure Shell (SSH) uses TCP port 22 to provide secure remote access to a system, for example a router, a switch, or Linux server. SSH was created to replace telnet, which does not support public-key cryptography features. SSH does not offer a direct way to connect to directory services. Trivial File Transfer Protocol (TFTP) uses UDP port 69. TFTP is used to send and receive files on network devices. TFTP is not used to connect to Active Directory. Domain Name System (DNS) uses UDP port 53 for DNS queries. DNS uses TCP for larger packets and zone database transfers. DNS is required for Active Directory to run but is not used to query or modify directory items.
Which two attack types are examples of social engineering attacks? (Choose two.) Tailgating Logic bomb Man-in-the-middle Phishing Spoofing
Tailgating Phishing Phishing and tailgating are examples of social engineering attacks. Phishing attacks use deceptive emails to try to collect sensitive or personal information. Users can be trained to recognize phishing attempts and the actions to take when they occur. This can be enhanced through technical controls, such as email filtering. Tailgating is a physical attack in which someone enters a secure area simply by following someone who is authorized to enter into the area. A man-in-the-middle attack is not a type of social engineering attack. In this type of attack, the attacker enters the communication path between two computers, usually a client and a server, and collects the data passed between the computers. A spoofing attack is not considered a type of social engineering attack. In a spoofing attack, the attacker's computer masquerades as a valid network client by using its IP address and, in some cases, its Media Access Control (MAC) address. For example, an attacker can connect to a port protected by MAC filtering by spoofing a valid MAC address. It should be noted that social engineering might be one of the methods used to gather information that is used to launch a spoofing attack. A logic bomb is not a type of social engineering attack. A logic bomb is malicious code left in an application that executes when specific conditions are met. The form that the attack takes and the impact of the attack when it executes vary depending on the programmer's goals. Because custom code is used, logic bombs usually go undetected by antimalware software. In some cases, a logic bomb is the result of an insider threat, left behind by a disgruntled employee.
A user reports their laptop cannot connect to the network. Which action is a network technician MOST likely to perform after establishing a theory of probable cause? Determine if the user recently made changes. Test connectivity to a remote server with ping. Search a knowledge base for related issues. Create an image of the laptop's hard drive.
Test connectivity to a remote server with ping. The network technician will most likely test connectivity to a remote server with ping after establishing a theory of probable cause. During this step, the technician will test their theory to determine the cause of an issue. Depending on the output received from the ping command, the technician may determine the network interface card (NIC) is faulty. During the first step of the troubleshooting methodology, identifying the problem, the technician would question the user to determine if they recently made changes. If the technician anticipated making changes to the laptop's configuration, the technician may decide to create an image of the laptop's hard drive during the first step of the troubleshooting methodology. The technician would search a knowledge base for related issues immediately after identifying the problem as part of establishing a theory of probably cause.
A company deploys six new computers that are configured for automatic address assignment to the 192.168.4.0/26 subnet. The DHCP server that hosts the scope for the subnet is deployed on the same subnet. Four of the new computers are able to lease valid IP addresses. The remaining two computers have the following addresses: 169.254.12.7 169.254.14.2 What is most likely wrong? The TCP/IP stack did not load correctly on the two computers. The DHCP scope is exhausted. The two computers were initially assigned duplicate IP addresses. The DHCP server is failing.
The DHCP scope is exhausted. The most likely problem is that the DHCP scope is exhausted. The computers are configured with Automatic Private IP Addressing (APIPA) addresses. APIPA addresses are used when a computer is configured for automatic IP addressing and is unable to lease an address from a DHCP server. If the scope is exhausted, then there are no addresses available for lease, so the computers would configure themselves with APIPA addresses. The other new computers were able to lease valid IP addresses, which indicates that the DHCP server is working. You know that the TCP/IP stack loaded on the computers because they have IP addresses. If the TCP/IP stack did not load, the computers would not have IP addresses. There is nothing to indicate that the two computers were initially assigned duplicate IP addresses. If they had, one or both computers would attempt to lease new addresses.
An ISP has suffered several unscheduled outages every day for a week. What is the MOST likely result of this activity? NetFlow data will be reviewed. Change management will be implemented. The SLA will be violated. The MOU will be updated.
The SLA will be violated. If an Internet Service Provider (ISP) suffers unscheduled outages every day for a week, the most likely outcome is that the service-level agreement (SLA) will be violated. SLAs are designed to define a level of service an ISP is contractually obligated to provide, and ISPs often tout their SLA uptime guarantees. For example, an ISP may advertise 99.99999% uptime, indicating that outages are rare. Most SLAs outline penalties, which usually equate to refunds, when its requirements are not met. A Memorandum of Understanding (MOU) is an agreement between two or more parties. Typically, an MOU is created as part of a mutually beneficial partnership between organizations. It is unlikely a client will have an MOU with an ISP. Change management is designed to evaluate the impact of changes before they occur and track changes once they are made. If the ISP's outages were cause by configuration change errors, change management may be implemented. However, it is not clear that is the case in this scenario. NetFlow is a network protocol that is used to capture packets and analyze traffic statistics on network nodes. It is unlikely NetFlow data will be reviewed in this scenario.
A company is configuring an internal network with routed subnets based on the following class B address range: 172.30.8.0/21 The company wants to set up the following subnets: Network A - 600 hosts Network B - 100 hosts Network C - 56 hosts Network D - 40 hosts The company wants to keep the unused addresses in each subnet to a minimum. Which network address ranges should the company use? Network A: 172.30.8.0/22 Network B: 172.30.12.0/25 Network C: 172.30.12.128/26 Network D: 172.30.12.192/27 Network A: 172.30.8.0/22 Network B: 172.30.10.0/25 Network C: 172.30.10.128/26 Network D: 172.30.10.192/26 Network A: 172.30.8.0/22 Network B: 172.30.12.0/25 Network C: 172.30.12.128/26 Network D: 172.30.12.192/26 Network A: 172.30.8.0/23 Network B: 172.30.10.0/25 Network C: 172.30.10.128/26 Network D: 172.30.10.192/26
The base address, 172.30.8.0/21, supports up to 2046 host addresses with an address range of 172.30.8.1 through 172.30.15.254. You should use the following subnets: Network A: 172.30.8.0/22 Network B: 172.30.12.0/25 Network C: 172.30.12.128/26 Network D: 172.30.12.192/26 This is an example of Classless Inter-Domain Routing (CIDR), or supernetting, using variable length subnet masks (VLSMs) to configure subnets of various sizes. Network A supports up to 1022 hosts. Network B supports up to 126 hosts. Networks C and D support up to 62 hosts each. The host address ranges are: Network A: 172.30.8.1 through 172.30.11.254 Network B: 172.30.12.1 through 172.30.12.126 Network C: 172.30.12.129 through 172.30.12.190 Network D: 172.30.12.193 through 172.30.12.254 Each of the addresses configured has a unique scope, so there is no risk of duplicate IP addresses. The number of hosts supported depends on the number of bits in the subnet mask. An IPv4 address is a 32-bit binary address. The subnet mask determines which part of the address is the network address and which part is the host address. The /xx determines how many bits are used for the network address. The remaining bits are available for host address values, except for two reserved addresses. All zeroes are used as the network address and all ones are used as the subnet's broadcast address. For 131.192.164.0/23, nine bits are available for host addresses. To calculate the number of hosts: 2^9 (2 to the power of 9) - 2 = 512-2 = 510For 131.192.166.0/24:2^8-2 = 256-2 = 254.For 131.192.167.64/26 and 131.192.167.128/26:2^6-2 = 64-2 = 62
Which statement describes SDN? Each layer employs distributed management. The control plane is decoupled from the data plane. The application and infrastructure layers are combined. Each router runs a dedicated routing protocol process.
The control plane is decoupled from the data plane. In Software-Defined Networking (SDN), the control plane is decoupled from the data plane. SDN is designed to abstract network management from vendor-specific hardware and distributed configuration management. In traditional networking architecture, the control and data planes are tied closely together and are managed at the device, such as a router. SDN consolidates management centrally and makes the network programmable. In SDN, each router does not run a dedicated routing protocol process. Routing processes are instead managed on centralized controllers. In SDN, the application and infrastructure layers are not combined. The SDN architecture deploys three layers, application, control, and infrastructure. In SDN, each layer does not employ distributed management. SDN aims to centralize management using SDN controllers. This allows network functions to be separated from underlying configurations.
A technician has configured a new SSID on an AP using the 5Ghz frequency. He has connected to it with a mobile phone. A test laptop is unable to show the new SSID in the list of available networks. What would be the MOST likely reason for that? There is a pre-shared key mismatch between the AP and the laptop. The laptop has a driver issue. The laptop has a single-band wireless card. There is an issue with the AP.
The laptop has a single-band wireless card. The test laptop has a single-band wireless card. The technician should install a dual-band card. A dual band card uses the 2.4Ghz and the 5Ghz bands to receive wireless signals. The 5Ghz frequency offers better speeds and more channels. The latest wireless standard 802.11ac utilizes the 5Ghz band for gigabit wireless connections and is backwards compatible with legacy devices and standards. It is unlikely that there is a problem with the driver. The technician can see a list of available networks, which indicates the card is working without any problems. The technician has tested the new SSID using a mobile phone, which indicates that there is no misconfiguration on the access point (AP) itself. The issue is not with a pre-shared key. The technician cannot see the SSID in the list of available networks. A pre-shared key has to be entered after selecting a network.
A company runs call center services with 25 agents. Agents report that their softphones have random quality issues. Which performance parameter should be verified in the network? The minimum frame size of 9 k The minimum bandwidth of 50 Mbps The maximum of 150 ms of delay The maximum of 10% of packet loss
The maximum of 150 ms of delay The company should verify the delay parameter. The recommended design recommendations for Voice over IP (VoIP) are: No more than 150 ms one-way end-to-end delay No more than 1% of packet loss No more than 30 ms of jitter Users will notice quality issues if any of these parameters is not met. A network administrator could also verify the Quality of Service (QoS) settings to make sure that the VoiP traffic is isolated and receives the highest priority. The maximum packet loss value should be kept below 1%, not 10% for a quality VoIP call. The available bandwidth is not a key factor for most VoiP networks and depends on the number of concurrent calls, codecs in use, and QoS settings. On average, the company should provide at least 10 Mbps for 100 phone lines. It is more important to verify the delay, packet loss, and jitter values, which may affect the quality of calls. The frame size of 9k is not required to provide the highest quality of VoiP network. A standard frame supports up to 1500 bytes, but a network administrator can enable jumbo frames to support up to 9000 bytes of data. Jumbo frames can improve network performance but can increase the packet loss. It is not a recommended setting to improve the quality of a VoiP network.
Which statement BEST describes a warm backup recovery site? The site has computer equipment, network hardware, and data communication installed and configured, but it does not have recent backups of corporate data. The site has the necessary facilities infrastructure to support business operations but not computer or network hardware. The site has the necessary facilities infrastructure to support business operations with computer and network hardware stored onsite, but this equipment is not set up nor configured for use. The site has computer equipment, network hardware, and data communication installed and configured with a current duplicate of critical data.
The site has computer equipment, network hardware, and data communication installed and configured, but it does not have recent backups of corporate data. A warm site is a site that has computer equipment, network hardware, and data communication installed and configured, but which does not have recent backups of corporate data. A warm site is designed to be able to continue operations once current backups are delivered and applied. A site that has the necessary facilities infrastructure to support business operations, but which does not have any equipment set up and configured, is a cold site. This applies whether or not the necessary equipment is stored onsite. It takes significant effort and can take several days to resume operations using a cold site. A hot site has computer equipment, network hardware, and data communication installed and configured with a current duplicate of critical data. This enables operations to continue most quickly, usually in no more than a few hours.
A company's wireless LAN is configured with three access points configured as follows: AP1:* SSID: CompAP* Channel: 1* Security: WPA2-PSK AP2:* SSID: CompAP* Channel: 6* Security: WPA2-PSK AP3:* SSID: CompAP* Channel: 11* Security: WPA2-PSK A user is moved to a cubicle in a different part of the office building. The user is prompted for a passphrase when attempting to connect to any wireless device to the network. Why is this happening? The user is connecting to an AP operating on a different channel. The user is blocked by MAC filtering. The user is outside of the operational range of any AP. The user is connecting to an AP with a different passphrase.
The user is connecting to an AP with a different passphrase. The most likely problem is that the user is connecting to an AP with a different passphrase. WPA2-PSK uses a passcode or passphrase for authentication when a device connects. The user's devices are attempting to connect to an AP. After a user successfully connects, it persists the passphrase used. If the passphrase is changed or if the user attempts to connect to an AP with a different passphrase, the user is prompted for the passphrase. The problem is not that the AP is operating on a different channel. The client will reconfigure itself automatically to match the AP's channel. The problem is not that the client device is outside of the range of any AP. If the devices were out of range, the user would not be prompted for connection information. The problem is not related to MAC filtering. If the client were being blocked by MAC filtering, it would not prompt for authentication information.
Match each statement with the appropriate switch port protection. To answer, select the appropriate switch port protection from the drop-down menus. This protection enforces the placement of root bridges in the network to provide a consistent network environment. This protection helps ensure a predictable active network topology by denying ports that should not particpate in STP from receiving TCNS. This protection monitors traffic and packet types and reacts to block DoS and DDoS attempts
This protection enforces the placement of root bridges in the network to provide a consistent network environment: Root guard This protection helps ensure a predictable active network topology by denying ports that should not particpate in STP from receiving TCNS: BPDU guard This protection monitors traffic and packet types and reacts to block DoS and DDoS attempts: Flood guard Root guard enforces the placement of root bridges in the network to provide a consistent network environment. Root guard can be enabled on all switch ports that should not be able to negotiate a root bridge. The root bridge is the switch that is at the root of your spanning tree, defining communication between multiple switches. Spanning Tree Protocol (STP) is used to build a logical, loop-free topology that branches out from the root bridges. BPDU guard helps ensure a predictable active network topology by denying ports that should not participate in STP from receiving topology change notifications (TCNs) by way of Bridge Protocol Data Unit (BPDU) frames. BPDU frames are used to initiate STP network reconfiguration in response to network changes. This is one of the methods used to prevent introducing rogue switches into a network. Flood guard refers to a device that monitors traffic to identify high levels of traffic, traffic floods, as a way to mitigate and hopefully stop denial-of-service (DoS) and distributed DoS (DDoS) attacks. This is typically implemented through an external device, such as a firewall. DHCP snooping is the process of monitoring DHCP activity and tracking IP address assignments. It is primarily used as a way to detect rogue DHCP servers. Switch port mode refers to a port's Dynamic Trunking Protocol (DTP) setting as a way to configure trunking between switches and preventing rogue trunks
Which mechanism is used by TCP to set up and synchronize a new TCP/IP connection? Three-way handshake Sliding window Port number Code field
Three-way handshake The three-way handshake method is used to initiate and establish a TCP connection. There are three steps involved: SYN, SYN-ACK, and ACK. A client sends the first message (SYN) to open a new connection. The target device can accept this request by sending the SYN-ACK packet. Finally, the client responds with an ACK packet to confirm the message. TCP is a reliable connection-oriented protocol that offers segment sequencing, acknowledgments, and flow control. UDP, on the other hand, is connectionless, unreliable, and offers no windowing. UDP is used by real-time services like voice and video services. Transmission Control Protocol (TCP) uses the concept of a sliding window (windowing) to provide flow control. A TCP window is the amount of data a sender can send before it gets an acknowledgment. The receiver can adjust the transmission window for efficient data exchange. Windowing is not used to establish a new connection. Port numbers are not used for establishing a connection. They identify services and processes. For example, TCP port 80 is used by web browsers (HTTP). Well-known ports (0-1023) are managed by the IANA. Code fields are not used for establishing a new connection. Internet Control Message Protocol (ICMP) uses special codes to indicate an error condition. For example, the destination unreachable message uses code type 3.
An ISP has installed a DWDM device at a new location. What would be the MOST likely reason for that? To secure the network. To solve the fiber exhaust problem. To convert copper to fiber. To create an isolated network.
To solve the fiber exhaust problem. A Dense Wavelength Division Multiplexing (DWDM) device would be installed to solve the fiber exhaust problem. A DWDM device allows an ISP to increase bandwidth and transport different data streams simultaneously over a single fiber network. Fiber exhaust means that the demand for fiber exceeds the fiber capacity. DWDM is not used to convert copper to fiber. The ISP would use a media converter for that. A DWDM is used to combine optical signals into a single stream and send it over a fiber-optic cable. DWMD is not used to secure the network. The ISP would use a firewall for that. DWDM would not be deployed to isolate the network. An ISP could use a number of solutions, for example VLANs, firewall zones, or physical connections.
Which OSI layer uses segments as its PDU? Network Physical Data Link Transport
Transport The Transport layer of the Open Systems Interconnection (OSI) model uses segments as its protocol data unit (PDU). The OSI model serves as a blueprint for network communications and is divided into seven distinct layers. Each layer performs a specific set of tasks and runs its own protocols. Protocols like Transmission Control Protocol (TCP) run at layer 4, the Transport layer. TCP stores its header, trailer, and data in segments. The Physical layer, layer 1 of the OSI model, uses bits as its PDU. The Data Link layer, layer 2 of the OSI model, uses frames as its PDU. The Network layer, layer 3 of the OSI model, uses packets as its PDU.
A network engineer has installed three gigabit switches. The switches will provide access to NAS devices for end users. What should the engineer configure to avoid a bottleneck in the network with big file transfers? VRRP Trunks with port aggregation FTP with SSH Port security HSRP QoS policy
Trunks with port aggregation The engineer should configure trunks with port aggregation to avoid a bottleneck. A trunk is a special type of link that can carry traffic from multiple VLANs across switches. Port aggregation allows the network engineer to combine two or more ports on a switch to improve the aggregated file transfer speeds. Even though the company has ordered gigabit switches, a link between them would provide 1 Gbps only for all users, which could cause a bottleneck in the network. Port security will not improve the file transfer speeds. The network engineer could use port security to filter Media Access Control (MAC) addresses and limit the number of hosts in the network. The engineer should not use file transfer protocol (FTP) with secure shell (SSH) in this scenario. This would not help avoid a bottleneck. FTP with SSH is called FTPS and is used for secure file transfers. The engineer should not implement a quality of service (QoS) policy here. It would not increase the bandwidth that is needed between all switches. QoS could improve overall user experience, but it will not help to prevent a bottleneck. The engineer should use port aggregation to improve the file transfer speeds between switches. The engineer should not use Hot Standby Router Protocol (HSRP) or Virtual Router Redundancy Protocol (VRRP). HSRP and VRRP are designed to provide a virtual gateway for end devices and do not offer any aggregation services.
A company is installing a large rack-mounted infrastructure to support a web server farm. High-availability is a critical concern for the company. You need to recommend a solution that will ensure continued availability without interruption if AC line power is lost. What type of technology does the company need to ensure this? Standby generator Power conditioner UPS Redundant power supply
UPS The company should use an uninterruptable power supply (UPS). A UPS is a battery backup system with an internal power inverter. Line power is delivered through the UPS even if AC line power is available. If AC power is lost, the power inverter converts the DC power in the batteries to AC for distribution to equipment. Power to the rack is not interrupted, so operations are not interrupted. The company should not use a power conditioner, also known as a line conditioner. A power conditioner is designed to improve the quality of power delivered by regulating power levels and removing power spikes and other transient problems. A power conditioner does not provide power if AC line power is lost. The company should not use a standby generator as the primary power source. That is because a backup generator takes at least a few seconds to come online, so there would be an interruption. A standby generator could be used as further backup to a UPS. The standby generator would be brought online before the UPS batteries drop to low to provide necessary power. The company should not use a redundant power supply. This is a second power supply that would continue to provide power to the rack if one power supply is lost, but it would not help if line power is lost. There are two basic redundant configurations. A 3+1 configuration protects against the failure of one power supply. A 2+2 configuration protects against the failure of any two power supplies. You can further help ensure availability by using two power bars and plugging the power supplies into different power bars.
A junior network engineer receives a new router to configure. Which two configuration tasks should the engineer perform BEFORE he copies a standard configuration template onto the router? (Choose two.) Clear the routing table. Create an ACL. Update the firmware. Change the default username and password. Change the MAC address.
Update the firmware. \ Change the default username and password. The engineer should change the default username and password and update the firmware. Numerous new network devices arrive with no password or a default password. The engineer should change the default password, because it opens the device to unauthorized access during the configuration phase. The engineer should check for updates and upload the latest firmware before he copies a standard configuration template on it. A new image can be downloaded from a manufacturer's website and might address a lot of vulnerabilities. There is no need to change the media access control (MAC) address. The MAC address is a unique address that is assigned by the manufacturer of a device and cannot be changed. The engineer should not create an access control list (ACL). ACL is used to filter traffic and provide an additional layer of security for a network device. ACLs might be applied during the configuration phase. There is no need to clear the routing table. The engineer has received a new router, which is not connected to the network, and there will be no entries in the routing table.
A company wants to open a new office. A wireless site survey reveals that there are 12 access points in the area immediately around the office and that they use channels 1, 6, and 11. What should the company do to address the interference problem? Use the 5 GHz band. Install an omnidirectional antenna. Configure channel bonding at 2.4 GHz. Implement 802.1x.
Use the 5 GHz band. The company should consider using the 5 GHz band. The wireless on-site survey shows that there are many access points in the area and they are using all the available frequency space of the 2.4 GHz band. There are three non-overlapping channels in the 2.4 GHz band: 1, 6, and 11, which means the company would face some interference. The 5 GHz band offers more channels and can transmit data at faster speeds. Channel bonding will not solve the interference problem. The company could use channel bonding to combine two adjacent channels to increase throughput, however. If there are many devices in the area, channel bonding can introduce more interference, because more channels are in use. There are no available 2.4 GHz channels for the company to use in this environment, so aggregating them will not fix the problem. The company should move to the 5 GHz band. Installing an omnidirectional antenna will not solve the interference problem. An omnidirectional antenna might offer better coverage but will not increase the number of non-overlapping channels. The 802.1x protocol cannot be used to address the problem of interference. The company could consider the 802.1x infrastructure to enhance security and implement a centralized server for authentication.
Users complain about intermittent connection issues with a file server. A junior technician has gathered all information and determined that no changes have been made in the network. What should the technician do next? Escalate the problem to a senior engineer. Establish a plan of action to fix the issue. Use the OSI model to establish a theory of probable cause. Test the most common solutions.
Use the OSI model to establish a theory of probable cause. The technician should use the Open Systems Interconnection (OSI) model to establish a theory of probable cause. There are seven steps in the Structured Troubleshooting Methodology. The technician has completed Step 1 by questioning all users and checking whether anything has been changed in the network. Step 2 requires brainstorming ideas to establish a theory of probable cause. Here is the seven-step methodology: Identify the problem Establish a theory of probable cause Test the theory to determine the cause Establish a plan of action to resolve the problem and identify potential effects Implement the solution or escalate as necessary Verify full system functionality and, if applicable, implement preventative measures Document findings, actions, and outcomes The technician should not escalate the problem yet. They should establish a theory of probable cause. Creating a plan of action is step number 4. The technician needs to complete step 3 first: create and test a theory of probable cause. The technician should not test the most common solutions. The next recommended step is to establish a theory.
A network administrator would change the ID on a switch's native VLAN to mitigate what type of attack? Rogue trunking VLAN hopping DDoS ARP attack
VLAN hopping A network administrator would change the ID on a switch's native Virtual Local Area Network (VLAN) to mitigate a VLAN hopping attack. VLAN hopping is an attack in which the attacker's computer gains access to a port that would normally not be accessible to that computer. One way the attack is executed is through a double-tagging attack, in which frames are given two tags, one for the attacking switch and one for the target switch, making it look like the frame was intended for the target switch. An administrator would not change the ID on a switch's native VLAN to mitigate a rogue trunk. A rogue trunk occurs when a rogue switch establishes a trunk connection with a network switch. The attack then has access to all VLANs through the trunk, making this another version of a VLAN hopping attack. This attack is avoided by disabling trunking on any port that should not be used as a trunk. An administrator would not change the ID on a switch's native VLAN to mitigate a distributed denial-of-service (DDoS) attack. In a DDoS attack packets are streamed at a target device or network at a high rate. This is designed to crash the device or make it unavailable. There are several ways to mitigate DDoS attacks by using devices that can block traffic type or recognize the attack and act to block the attacking computers. Devices used include intrusion protection systems (IPSs), firewalls, and routers. Security settings available on switches, including bandwidth limiting and configuring access control lists (ACLs), can also help to prevent DDoS attacks. An administrator would not change the ID on a switch's native VLAN to mitigate an address resolution protocol (ARP) attack. An ARP attack floods a switch with ARP broadcasts, causing the switch to redirect traffic to attacker's computer
A network administrator would change the ID on a switch's native VLAN to mitigate what type of attack? DDoS VLAN hopping Rogue trunking ARP attack
VLAN hopping A network administrator would change the ID on a switch's native Virtual Local Area Network (VLAN) to mitigate a VLAN hopping attack. VLAN hopping is an attack in which the attacker's computer gains access to a port that would normally not be accessible to that computer. One way the attack is executed is through a double-tagging attack, in which frames are given two tags, one for the attacking switch and one for the target switch, making it look like the frame was intended for the target switch. An administrator would not change the ID on a switch's native VLAN to mitigate a rogue trunk. A rogue trunk occurs when a rogue switch establishes a trunk connection with a network switch. The attack then has access to all VLANs through the trunk, making this another version of a VLAN hopping attack. This attack is avoided by disabling trunking on any port that should not be used as a trunk. An administrator would not change the ID on a switch's native VLAN to mitigate a distributed denial-of-service (DDoS) attack. In a DDoS attack packets are streamed at a target device or network at a high rate. This is designed to crash the device or make it unavailable. There are several ways to mitigate DDoS attacks by using devices that can block traffic type or recognize the attack and act to block the attacking computers. Devices used include intrusion protection systems (IPSs), firewalls, and routers. Security settings available on switches, including bandwidth limiting and configuring access control lists (ACLs), can also help to prevent DDoS attacks. An administrator would not change the ID on a switch's native VLAN to mitigate an address resolution protocol (ARP) attack. An ARP attack floods a switch with ARP broadcasts, causing the switch to redirect traffic to the attacker's computer.
Most of a company's network administrators are Windows operating system specialists. The company is cross training administrators to help perform periodic management and administrative tasks on Linux servers. This includes a mix of command-line and graphic utilities. Some of the administrators being trained are in remote offices. All trainers are in the company's main office. The administrators being trained log on and work locally from a Linux server. The trainer will connect to the Linux server from a client computer. Both computers need to display the same screen and allow commands and utilities to be used from either computer. Which remote connection technology should the trainers use? VNC RDP Telnet SSH
VNC The trainers should use Virtual Network Computing (VNC). VNC is a platform-independent desktop sharing system. The client logs on to and is authenticated by the server. Any clients connecting to the server share the same session, which means they share the same screen, and keyboard and mouse actions are accepted from the server and from any connected client. This would give the trainer a way to walk the trainee through procedures and observe as the trainee practices. The trainers should not use Remote Desktop Protocol (RDP). RDP is a Microsoft-proprietary desktop sharing protocol. Different operating systems are supported as clients, but the server must be a Microsoft Windows server, so RDP would not work in this scenario. Each connection to the server opens a new session, so users cannot join a shared session for training. The trainers should not use secure shell (SSH) or Telnet. Both allow you to open and use a remote command session to run command-line commands. Neither provides a graphic interface. The primary difference between the two is that SSH uses secure encrypted communications and Telnet does not. VNC can be run in the context of an SSH session, but SSH by itself does not meet the solution requirements.
A user complains they are unable to connect to the corporate network. A network administrator has verified other users are able to browse network resources without issues. The administrator runs ipconfig on the user's workstation, which returns the following result: Ethernet adapter ETH0: Connection-specific DNS Suffix: IPv4 Address. . . . . . . . . . . : 169.254.0.255 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : What should the administrator do to troubleshoot the issue? Verify the DHCP scope is not exhausted. Verify the local firewall is deactivated. Enter a correct subnet mask for the address. Manually enter a default gateway address.
Verify the DHCP scope is not exhausted. The administrator should verify the Dynamic Host Configuration Protocol (DHCP) scope is not exhausted. Microsoft operating systems include a feature known as Automatic Private IP Addressing (APIPA). APIPA allows a Windows system to self-assign an IP address from a predefined range (169.254.0.1 to 169.254.255.254) if it is unable to obtain an address via the DHCP process. If DHCP has allocated all addresses in a scope, the client will use APIPA. The administrator should not manually enter a default gateway address. Though a default gateway is required to communicate across subnets, it is not required for local communications. Even if a default gateway address were assigned, unless other nodes used the same addressing scheme, communications would fail. The administrator should not enter a correct subnet mask for the address. The subnet mask used in this scenario is correct for APIPA. A subnet mask is used to determine which subnet a node resides on. The administrator should not verify the local firewall is deactivated. Though a misconfigured firewall could interrupt communications, the administrator needs to resolve the IP address issue first.
A company needs to have a reliable record of everyone who enters or leaves a locked secure area of the building. What should the company use?. Sign-in log Biometric lock Video surveillance Motion detector
Video surveillance The company should use video surveillance. This is an automatic method of recording the image of anyone entering or leaving the area. Even if one person unlocks the door to the area and lets someone else through, both will be recorded. The company should not use a motion detector. This could be used to record if and when someone entered the secure area, but it does not record who. The company should not use a sign-in log. The problem with this is that it relies on people signing in. There is nothing to prevent someone from entering the area without signing the log. The company should not use a biometric lock. This would record who unlocked the area, but not if anyone else entered with them.
For redundancy purposes, a network engineer installs a new router and enables a load balancing protocol. What type of address should he assign as a default gateway to end devices? Loopback Virtual IP IPv6 APIPA
Virtual IP The network engineer should configure a virtual IP address (VIP). End users will use the VIP as their default gateway. A VIP is a virtual IP address that is shared between compatible network devices that are running a dedicated protocol. The network engineer has deployed a new router and has enabled load balancing for efficiency and redundancy purposes. The main advantage of using a VIP is that it is a transparent solution for end users. Both routers in the load balancing set can be reached with the same VIP. If one router fails, the second can take over. The network engineer should not use a loopback address. A loopback address uses the special-purpose IP address of 127.0.0.1 and is called localhost. The engineer could use the loopback address to test the local TCP/IP stack. An Automatic Private IP Addressing (APIPA) address cannot be used in this scenario. APIPA allows a Windows-based device to automatically self-configure an IP address if there is no DHCP server available. APIPA uses a range of IP addresses: 169.254.0.1 - 169.254.255.254 with a subnet mask of 255.255.0.0. IPv6 does not offer any built-in redundancy or load balancing options. Routers can use an IPv6 address, but the network engineer has to assign a VIP address as a virtual IP address on both devices. IPv6 is the successor protocol to IPv4.
A network administrator plans to deploy a wireless network. What should they use to provide the strongest encryption for wireless communications? WPA2 Enterprise WPA with TKIP WPA2 with TKIP WPA Enterprise
WPA2 Enterprise The network administrator should deploy Wi-Fi Protected Access 2 (WPA2). WPA2 uses Advanced Encryption Standard (AES) as its cipher. Depending on the wireless system in use, AES uses 128, 192, or 256-bit encryption keys. AES has not been officially cracked. The network administrator should not use Wi-Fi Protected Access (WPA) Enterprise. WPA Enterprise uses Temporal Key Integrity Protocol (TKIP) encryption. Though TKIP uses 128-bit keys, it has been cracked. WPA2 and WPA Enterprise use Remote Authentication Dial-In User Service (RADIUS) based authentication. The network administrator should not use WPA with TKIP. WPA with TKIP usually refers to WPA with pre-shared key (PSK) authentication. This is also sometimes called WPA Personal. The network administrator should not use WPA2 with TKIP. TKIP provides key rotation for wireless communications. However, it has been deprecated in favor of AES.
An organization plans to contract with a cloud service provider (CSP) for a disaster recovery site that will host backup critical system hardware. When the primary datacenter fails, data will be restored, and the secondary site will be activated. Costs must be minimized. Which type of disaster recovery site should the organization deploy? Warm site Hot site Cold site Mobile site
Warm site The organization should deploy a warm site. A warm site includes power, networking, and server hardware. In the event of a disaster, the servers must be powered on, and operating systems installed or updated. Data from the most recent primary site backups can then be restored. A warm site does not typically host all the same hardware as the primary site, and often provides just enough processing capability for the organization to operate while the primary site is restored. A hot site mirrors primary site and includes all the hardware, software, and connectivity required to support full operations. Data is mirrored from the primary to the hot site on a frequent schedule, if not in real time. A mobile site can be compared to a warm site. The provider supplies a trailer with power, networking, and hardware, and systems must be configured, and data restored. A cold site is a facility with power, but typically does not host any server hardware. During a failover, hardware must be installed, network connectivity provisioned, and data restored. Cold sites are the least expensive recovery option but require the longest time to spin up.
A network administrator has captured the following messages on the firewall: 10.10.10.10:64391 > 188.12.1.1:80 188.12.1.1:80 > 10.10.10.10:64391 10.10.10.10:64392 > 83.122.1.1:80 Which application has generated that traffic? VoIP softphone Web browser FTP client DNS agent
Web browser The output has been generated by a web browser. The destination port number is port 80, which identifies HTTP. The source port number is dynamically created by a local device (from the range of ports 49152- 65535). Instead of a firewall capture, a network administrator could use the netstat command on a local computer to display protocol statistics and current TCP/IP connections. DNS would use port 53, not 80. DNS converts website names into numerical IP addresses. FTP uses TCP ports 20 and 21 for file transfers. FTP is considered insecure because it does not encrypt the network traffic. FTP can be protected by implementing SSH or SSL (SFTP and FTPS). Voice over IP (VoIP) systems do not use TCP port 80. Depending on the protocol, the capture would have a set of UDP protocols, for example ports 16376-32767 for RTP traffic.
A company is setting up the wireless LAN (WLAN) shown in the answer area. The company must determine which antennas to use. The risk of intercepting the signal between the buildings must be minimized. Full coverage must be provided inside of each building. Which antennas should the company use? To answer, drag the appropriate antenna type to each access point. An antenna type may be used once, more than once, or not at all. Refer to Picture
Wireless bridge A: 14 dBi right-facing Wireless bridge B: 14 dBi left-facing Access point 1: 5 dBi omnidirectional Access point 2: 5 dBi omnidirectional The company should use a 14 dBi right-facing with bridge A and 14 dBi left-facing with bridge B. Both internal access points should use 5 dBi omnidirectional antennas. An antenna's gain is measured in relative decibels (dB) in relation to a standard antenna used for reference. Gain refers to the relative measure of an antenna's ability to direct a signal in a specific direction. The dBi value is commonly used, which is decibels measured relative to an isotropic reference antenna. An isotropic antenna is one that radiates equally in all directions. This helps determine the antenna's coverage area. For example, you would expect a 2 dBi antenna to have a 360 degree field of coverage, making it appropriate for use as an internal antenna for host connections. A higher dBi antenna has a narrower field and more directional signal. This makes it well suited for applications such as connecting buildings on a corporate campus. The narrow field pattern makes it less likely that someone would be able to intercept the signal. This means that a 14 dBi directional antenna is the best choice for connecting the buildings with a narrow broadcast that is less likely to be intercepted. A 5 dBi omnidirectional antenna provides wide coverage throughout the client areas inside of the buildings.
Match the network requirements to the network devices. Drag the appropriate device to each requirement. A device may be used once, more than once, or not at all. A company needs a device to help centralize authentication, mitigate radio interference, provide load balancing, and improve bandwidth usage. A company needs to evenly distribute traffic between web servers deployed in its perimeter network. A company needs to add a layer of protection between internal network hosts and external websites.
Wireless controller Load balancer Proxy server A wireless controller (or wireless LAN controller) can centralize authentication by forwarding requests to an authentication server, mitigate radio interference, provide load balancing, and improve bandwidth usage. It also provides for failover. Many versions can display a visualized map of the wireless network. Most include enhanced security features, such as detecting rogue access points and preventing some types of attacks. A load balancer can evenly distribute traffic between web servers deployed in the perimeter network. A load balancer is a device that is designed to distribute network or application traffic between multiple servers, decreasing the burden on any individual server. Distribution can be simply sent to each server in turn, based on the current number of connections to a server, or based on the current processing load on a server. A proxy server adds a layer of protection between internal network hosts and external websites. The proxy server uses its own address instead of the internal host's when connecting to an external site and returns the result to the originally requesting host. Most web proxy servers will also cache the result and serve subsequent requests from the cache instead of issuing a new request to the external server. A Remote Authentication Dial-In User Service (RADIUS) server does not match any of the scenarios. A RADIUS server provides a central point for managing authentication, authorization, and accounting (AAA). A content filter does not match any of the scenarios. A content filter can be software installed on a computer or a combination of software and a filtering device. A content filter is most commonly used to block objectionable content from websites or email
Which type of vulnerability would NOT be reported by a vulnerability scan? Zero day Configuration errors Missing passwords Missing patches
Zero day One type of vulnerability that would not be reported by a vulnerability scan is a zero day vulnerability. By definition, a zero day vulnerability is unknown and previously undetected. Because there is no current reference by which to identify the vulnerability, it would go undetected. A vulnerability scan is designed to look for a wide range of vulnerabilities, such as: Missing patches Missing passwords Configuration errors Out-of-date virus definitions Unnecessary open ports Unnecessary running services Vulnerability scans are typically run on a periodic basis by in-house personnel. Many commercial security software suites include vulnerability scanners. There are also stand-alone versions. You should exercise caution before using web-based vulnerability scanners if you are not familiar with the source. These are often scams to sell you software you might not need or malicious software that will try to install malware on the computer being scanned.
Which command line interface command should a systems administrator use to verify the hardware address of a device connected to a local area network? nslookup arp pathping ipconfig
arp The systems administrator should use the arp command. The arp command shows a table with the Address Resolution Protocol (ARP) cache. ARP is a mapping of IP addresses to hardware addresses (MAC addresses). If a device is in the same LAN and is actively used, it will be visible in the ARP cache table. Here is the full Windows command that displays the current ARP entries: arp -a The systems administrator should not use the ipconfig command. The ipconfig command shows TCP/IP settings, including the local hardware address only. The systems administrator wants to verify a MAC address of a remote device, which cannot be achieved using the ipconfig command. The nslookup command cannot be used in this scenario. The systems administrator could use the nslookup command to troubleshoot Domain Name System (DNS) issues. The pathping command does not provide information about MAC addresses. The pathping command combines the functionality of the ping and tracert commands to provide a table with routing hops.
A network technician receives a report which includes the following output. ;; QUESTION SECTION:;comptia.org. IN A ;; ANSWER SECTION:comptia.org. 60 IN A 3.219.13.186 ;; Query time: 91 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Oct 21 18:57:50 UTC 2021 ;; MSG SIZE rcvd: 56 Which tool should the technician use to recreate this data? tracert dig nslookup netstat
dig The Domain Information Groper (dig) utility generated the provided output. dig can be used to issue queries to Domain Name System (DNS) servers. This is useful for troubleshooting name resolution issues. In the output, dig locates the address (A) record for comptia.org and displays the IP address associated with that name. The bottom half of the output displays information about the query, including the IP address of the responding DNS server, 8.8.8.8. tracert did not generate the provided output. This utility traces the network path a packet may take from its source node to the destination endpoint. nslookup did not generate the provided output. Like dig, nslookup is used to query DNS servers. However, nslookup is primarily used on Windows systems and formats its output differently from dig. netstat did not generate the provided output. netstat displays detailed information about outbound and inbound connections on a host.
Which provides access to a SAN over TCP/IP? RAID SDN iSCSI SCADA
iSCSI Internet Small Computer Systems Interface (iSCSI) can provide access to a storage area network (SAN). iSCSI is a block storage protocol designed to run over Transmission Control Protocol / Internet Protocol (TCP/IP) networks. This means that off-the-shelf switches and other networking equipment can support iSCSI and that special hardware is not required. Redundant Array of Inexpensive Disks (RAID) creates arrays of disks and can be used to increase performance and/or availability. A SAN may use RAID-based storage, but RAID does not provide SAN access using TCP/IP. Software-Defined Networking (SDN) aims to separate network control and data planes to make networking systems programmable, automatable, and highly modular. SDN does not provide SAN access over TCP/IP. Supervisory Control and Data Acquisition (SCADA) is a type of Industrial Control System (ICS) that is deployed to monitor and manage production machinery, plant operations, and energy and water distribution systems. SCADA does not provide SAN access over TCP/IP.
A network technician troubleshoots connectivity to a server. The technician needs to determine if a connection from a client is active as well as the port being used for the connection. Which tool should the technician use? netstat arp tracert route
netstat The technician should use netstat. Without parameters, this tool displays information about active connections on a node, including the port being used. netstat parameters can be used to gather additional information such as which executables are associated with a connection, Ethernet metrics, and other networking statistics. The technician should not use route. The route tool can be used to view and modify the routing table on a host. The technician should not use tracert. This tool traces the network path a packet may take from its source node to the destination endpoint. The technician should not use arp. This tool displays the contents of the Address Resolution Protocol (ARP) cache.
The host shown in the exhibit is unable to communicate with other network hosts. This is a recent problem. Each subnet has a subnet mask of 255.255.255.0. The technical team needs to determine whether the TCP/IP protocol stack loaded and whether the computer's NIC is working. Which command should they run? ping 127.0.0.1 ping 233.0.0.1 ping 192.168.5.2 ping 192.168.5.255
ping 127.0.0.1 The team should run the following command: ping 127.0.0.1 This is the IPv4 loopback address, which is used to test the TCP/IP stack and NIC without sending traffic out to the network. The command, if successful, would return a result similar to the following: Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0msThere is also an IPv6 loopback address with a value of:0:0:0:0:0:0:0:1This can also be written as: ::1 The team should not run the following:ping 192.168.5.2This would attempt to contact the router interface facing the subnet, but it has already been determined that the host cannot contact other devices. The team should not run the following:ping 233.0.0.1This is a multicast address (Class D address). This is used when you want to send data out to multiple multicast hosts at the same time. The team should not run the following:ping 192.168.5.255This is not a valid host address. This is the broadcast address for the subnet. This address is used when traffic needs to be received and processed by all hosts on the subnet.
A network engineer is troubleshooting a network performance issue. Which tool can the engineer use to view packet headers and content in ASCII or hex? nmap NetFlow netstat tcpdump
tcpdump The engineer can use tcpdump. tcpdump is a popular, command-line protocol analyzer used on *nix operating systems. tcpdump includes many features, including the ability to view the contents of network packets in hex or ASCII. Additionally, each packet's headers, which include source and destination addresses, ports, and protocols in use are also displayed. netstat is not used to view packet content. netstat displays detailed information about outbound and inbound connections on a host. NetFlow is a network protocol that is used to capture and analyze traffic statistics on network nodes. NetFlow is not used to view packet content. nmap is network scanner utility supported on a variety of operating systems. nmap is not used to view packet content.
A network technician wants to deploy a new virtual firewall. The firewall has to support three interfaces: G0/0, G0/1, and G0/2. What should the technician configure at the VM level for these interfaces? VLAN iSCSI vNIC Trunk
vNIC The technician should configure a virtual Network Interface Card (vNIC). Each interface requires a separate virtual NIC to operate. The technician should add three vNICs during the creation of a virtual machine (VM). Internet SCSI (iSCSI) cannot be used here. iSCSI is a storage networking standard and does not offer virtual interfaces. The technician should not configure a trunk. A trunk is used to pass VLAN information between two switches. Finally, VLAN is not enough here. The technician should create a vNIC first, which could be associated with a VLAN, if necessary.
