Newtwork + questions 201 - 300
QUESTION 284 A technician is establishing connectivity through a VPN for remote server access. Which of the following protocols should be utilized to configure this VPN connection securely? A. IPSec B. IGRP C. L2TP D. PPTP
Answer: A Explanation:
QUESTION NO: 268 A Chief Information Officer (CIO) tasks the network engineer with protecting the network from outside attacks. Placing which of the following devices on the network perimeter would provide the MOST security for the system? A. Firewall B. NGFW C. Content filter D. IDS/IPS
Answer: B Explanation: A next-generation firewall is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functions, such as an application firewall using in-line deep packet inspection, an intrusion prevention system.
QUESTION NO:266 Which of the following BEST explains the purpose of signature management as a mitigation technique? A. Hardening devices B. Segmenting the network C. Detecting malicious activity D. Restricting user credentials
Answer: C Explanation: A signature is a set of rules that an IDS and an IPS use to detect typical intrusive activity, such as DoS attacks. You can easily install signatures using IDS and IPS management software such as Cisco IDM. ... As sensors scan network packets, they use signatures to detect known attacks and respond with predefined actions.
UESTION NO: 202 A home user has purchased a new smart TV to stream online video services. The smart TV is unable to connect to the wireless network after several attempts. After returning from vacation, the home user tries again and can connect the TV to the wireless network. However, the user notices a laptop is no longer able to connect to the network. Which of the following is the MOST likely cause? A. The DHCP scope has been exhausted. B. The security passcode has been changed. C. The SSID is hidden. D. The AP configuration was reset.
wer: A Explanation:
UESTION NO: 208 A technician set up a new SOHO network recently. The installed router has four Ethernet ports, however, the customer has seven devices that need wired connections. Which of the following should the technician do to BEST meet the customer's requirements? A. Install a six-port switch. B. Configure port forwarding on the router. C. Install WAPs near the devices. D. Configure the switchports as EtherChannel ports.
wer: A Explanation:
UESTION NO: 209 A technician is performing a maintenance task on a weekly basis and wants to ensure the task is properly documented and able to be performed by other technicians. Which of the following types of documentation should the technician complete? A. Standard operating procedure B. Work order C. Performance baseline D. Logical diagram E. Change management
wer: A Explanation:
UESTION NO: 213 A network technician downloaded new firmware for the company firewall. Which of the following should the network technician verify to ensure the downloaded file is correct and complete? A. File hash B. File date C. File type D. File size
wer: A Explanation:
UESTION NO: 223 A network administrator is redesigning network security after an attack. During the attack, an attacker used open cubicle locations to attach devices to the network. The administrator wants to be able to monitor future attacks in a safe environment and determine the method of attack. Which of the following should the administrator do to BEST meet this requirement? A. Create a VLAN for the unused ports and create a honeyspot on the VLAN. B. Install a BPDU guard on switchports and enable STP. C. Create a DMZ for public servers and secure a segment for the internal network. D. Install antivirus software and set an ACL on the servers.
wer: A Explanation:
UESTION NO: 259 An administrator wants to implement an additional authentication factor to the remote SSH servers. Which of the following accomplishes this goal with the principle of "something you have"? A. Certificate B. Pattern C. Password D. Fingerprint
wer: A Explanation:
UESTION NO: 270 A technician has deployed an additional DHCP server for redundancy. Clients in certain subnets are not receiving DHCP leases from the new DHCP server. Which of the following is the MOST likely cause? A. The new DHCP server's IP address was not added to the router's IP helper list. B. The new DHCP server is not receiving the requests from the clients. C. The ARP cache of the new DHCP server needs to be updated. D. The ARP table on the router needs to be cleared.
wer: A Explanation:
UESTION NO: 278 A network engineer at a multinational company is asked to purchase mobile phones for senior executives who often travel internationally. The executives want their phones to work with wireless carriers in multiple countries when they travel. Which of the following cellular standards should these new phones support? A. GSM B. TDM C. CDMA D. PSTN
wer: A Explanation:
UESTION NO: 296 A network technician is segmenting network traffic into various broadcast domains. Which of the following should the network technician utilize? A. VLAN B. STP C. ACL D. BPDU
wer: A Explanation:
UESTION NO: 255 A technician wants to deploy a network that will require wireless client devices to prompt for a username and password before granting access to the wireless network. Which of the following must be configured to implement this solution? A. EAP-PEAP B. CCMP-AES C. WPA2-PSK D. TKIP-RC4
wer: A Explanation: WPA2-PSK you only need a password to get access. EAP deals with both authentication and authorization. PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.
UESTION NO: 292 A technician has installed multiple new PC clients and is connecting them to the network. Only one client is receiving IP addressing information. Which of the following should the technician verify as the NEXT troubleshooting step? A. DHCP scope B. DHCP lease C. Default gateway D. DNS zone
wer: A Explanation: A DHCP scope is a valid range of IP addresses that are available for assignment or lease to client computers on a particular subnet. In a DHCP server, a scope is configured to determine the address pool of IPs that the server can provide to DHCP clients. Scopes determine which IP addresses are provided to the clients.
UESTION NO: 221 A technician is replacing a failed SOHO router for a customer who has an existing switch, cable modem, and static IP address. The user has a web server that faces the Internet so users can visit and leave comments. Which of the following BEST describes the correct configuration for this customer's requirements? A. The modem is placed in bridge mode, the router is placed behind the modem, and the web server is placed behind the router. B. The router is placed in bridge mode, the modem is placed behind the router, and the web server is placed behind the modem. C. The web server is placed in bridge mode, the router is placed behind the web server, and the modem is placed behind the router. D. The switch is placed in bridge mode, the modem is placed behind the router, and the router is placed behind the modem.
wer: A Explanation: Alignment of the devices is the giveaway You can't put the server on bridge mode, you can't put the switch on bridge mode, if you have a router that can go on bridge you shouldn't do it because it will leave your network insecure, and the only device that can go on bridge mode is the modem. Modem goes to bridge mode then feeds that information to the router then the router forwards that information to the webserver
UESTION NO: 215 Which of the following will listen on the line to ensure there is no traffic transmitting and implement a back-off timer if a collision occurs? A. CSMA/CD B. CSMA/CA C. MPLS D. OSPF
wer: A Explanation: Carrier-sense multiple access with collision detection is a media access control method used most notably in early Ethernet technology for local area networking. It uses carrier-sensing to defer transmissions until no other stations are transmitting.
UESTION NO: 251 While working on a Linux-based OS, a technician experiences an issue accessing some servers and some sites by name. Which of the following command-line tools should the technician use to assist in troubleshooting? A. dig B. iptables C. ifconfig D. traceroute
wer: A Explanation: Dig (Domain Information Groper) is a powerful command-line tool for querying DNS name servers. The dig command, allows you to query information about various DNS records, including host addresses, mail exchanges, and name servers. It is the most commonly used tool among system administrators for troubleshooting DNS problems because of its flexibility and ease of use. iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets.
UESTION NO: 265 Wireless users have been experiencing connectivity problems. Investigation shows neighboring wireless appliances, which are not connected to the network, have been on the same 5GHz frequency to communicate. Which of the following wireless performance problem concepts defines this issue? A. Interference B. Distance limitation C. Signal-to-noise ratio D. Absorption
wer: A Explanation: In telecommunications, an interference is that which modifies a signal in a disruptive manner, as it travels along a communication channel between its source and receiver. The term is often used to refer to the addition of unwanted signals to a useful signal. Common examples include: Electromagnetic interference (EMI)
UESTION NO: 235 A web application is unable to authenticate customers so they can access their bills. The server administrator has tested the LDAP query but is not receiving results. Which of the following is the NEXT step the server administrator should take to correct the problem? A. Check port 636 to see if it is being blocked. B. Change service port 636 to port 389. C. Restart the web server. D. Verify the browser is using port 443.
wer: A Explanation: It is LDAP protocol over TLS/SSL. It seems that LDAP query failed because port 636 is blocked. If you change from port 636 to port 389, you just made the connection unsecure. Customers reviewing billing information should do so on a secure connection. Doesn't specifically say what kind of billing information in the question, but there's no telling what kind of PPI is stored on the user's account then they log in to view their bill.
UESTION NO: 262 A network administrator has created a new VLAN for the server and clients within the accounting department and wants to outline how it integrates with the existing network. Which of the following should the administrator create? A. Logical diagram B. Physical diagram C. Rack diagram D. Configuration diagram
wer: A Explanation: Logical network diagrams focus in on how traffic flows across the network, IP addresses, admin domains, how domains are routed, control points, and so on. ... A physical network diagram will, ideally, show the network topology exactly as it is: with all of the devices and the connections between them.
UESTION NO: 229 A network technician recently installed a new server on a network. The technician must ensure the server does not have any unnecessary services running. The IP address of the server is 204.211.38.50. Which of the following commands would allow the technician to make this determination? A. nmap B. pathping C. route D. nslookup
wer: A Explanation: Nmap is a free and open-source network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. The PathPing command is a command-line network utility supplied in Windows 2000 and beyond that combines the functionality of ping with that of tracert. It is used to locate spots that have network latency and network loss. nslookup is a network administration command-line tool for querying the Domain Name System to obtain domain name or IP address mapping, or other DNS records.
UESTION NO: 287 An AP is configured to authenticate clients by using their Active Directory username and password. The AP uses UDP to connect to the authentication service, which then queries Active Directory. Which of the following authentication services is being used by the AP in this scenario? A. RADIUS B. TACACS+ C. LDAP D. Kerberos
wer: A Explanation: Remote Authentication Dial-In User Service is a networking protocol, operating on ports 1812 and 1813, that provides centralized authentication, authorization, and accounting management for users who connect and use a network service
UESTION NO: 281 While logged into a financial application, a user gets errors when trying to write to the database. The network administrator is not familiar with the application and how it communicates with the database. Which of the following documentation types should the network administrator use to troubleshoot the data flow? A. Logical diagram B. Physical diagram C. Network baseline D. Change management log
wer: A Explanation: So while any data flow diagram maps out the flow of information for a process or system, the logical diagram provides the "what" and the physical provides the "how." They are two different perspectives on the same data flow, each designed to visualize and improve the system.
UESTION NO: 297 After rebooting a PC, a user is no longer able to connect to the corporate network. As a test, the technician plugs a different laptop into the same network jack and receives an IP address of 169.254.112.137. Which of the following is MOST likely causing the issue? A. DHCP scope exhaustion B. Improper DNS setting C. Incorrect ACL setting D. Port-security violation
wer: A Explanation: The I starts with 169 meaning a DHCP issue. Exhausting a DHCP scope can sneak up on you, so you may want to implement some IP address management, or IPAM. This would allow you to monitor and get notification if your DHCP pool gets low. And if you have a lot of transient users that move in and out of the network every day, you might want to lower your lease time.
UESTION NO: 233 A VoIP system will require 23 concurrent voice channels and one signaling channel. Which of the following types of WAN service would provide the BEST connectivity to the PSTN? A. PRI B. BRI C. E1/E3 D. DSL
wer: A Explanation: The Primary Rate Interface is a telecommunications interface standard used on an Integrated Services Digital Network for carrying multiple DS0 voice and data transmissions between the network and a user. PRI is the standard for providing telecommunication services to enterprises and offices.
UESTION NO: 291 A technician has a remote site that often has congestion issues. When this happens, the remote router cannot be managed using SSH because the session drops. Which of the following is a possible solution to the issue? A. Out-of-band management B. HTTPS management URL C. Client-to-site VPN D. Router ACL
wer: A Explanation: While In-Band Management is the ability to administer a network via the LAN, Out-of-Band Management is a solution that provides a secure dedicated alternate access method into an IT network infrastructure to administer connected devices and IT assets without using the corporate LAN.
UESTION NO: 290 A network technician notices that most of the nodes in the 10.10.74.0/23 address space return either 1 or 2 node hop after running a tracert; however, some of the new servers are showing a hop count larger than 10. Which of the following is the MOST likely reason for this? A. New servers are being provisioned in the cloud. B. Those servers have host-based firewalls. C. Some of the servers are configured to use different gateways. D. Part of the subnet is configured to use different VLANs.
wer: A Explanation: assumed the servers are in the same company which probably don't use that many routers/gateway, so answer A makes more sense.
UESTION NO: 249 A network technician has salvaged several Ethernet cables from a datacenter. The technician attempts to use the cables to connect desktops to the network without success. Which of the following is MOST likely the issue? A. The cables have an incorrect pin-out. B. The cables are UTP instead of STP. C. The cables are Cat 6 instead of Cat 5. D. The cables are not plenum rated.
wer: A Explanation: cross over cable vs straight cable
UESTION NO: 206 Which of the following would allow a network technician to access files on a remote system? (Choose two.) A. FTP B. TFTP C. VLSM D. SIP E. SMTP F. IMAP
wer: A,B Explanation:
UESTION NO: 211 Which of the following are characteristics of jumbo frames? (Choose two.) A. Commonly used on SAN B. MTU size greater than 1500 C. MTU size greater than 10000 D. Commonly used on IaaS E. MTU size greater than 12000
wer: A,B Explanation: A jumbo frame is an Ethernet frame with a payload greater than the standard maximum transmission unit (MTU) of 1,500 bytes. Jumbo frames are used on local area networks that support at least 1 Gbps and can be as large as 9,000 bytes.
UESTION NO: 280 Which of the following should a network administrator use to configure Layer 3 routes? (Choose two). A. Multilayer switch B. Firewall C. Hub D. Bridge E. Modem F. Media converter
wer: A,B Explanation: The Layer 3 forwarding (routing) logic forwards IP packets between VLANs. Layer 3 switches typically support two configuration options to enable IPv4 routing inside the switch, specifically to enable IPv4 on switch interfaces.
UESTION NO: 237 Which of the following devices are MOST often responsible for 802.1q tagging? (Choose two.) A. Switch B. Router C. IDS D. Hub E. IPS F. Network tap
wer: A,B Explanation: These may also be referred to as "trunk" or "access" respectively. The purpose of a tagged or "trunked" port is to pass traffic for multiple VLAN's, whereas an untagged or "access" port accepts traffic for only a single VLAN. Generally speaking, trunk ports will link switches, and access ports will link to end devices.
UESTION NO: 273 Ann, a customer, recently upgraded her SOHO Internet to gigabit fiber from cable. She was previously getting speeds around 75Mbps down and 25Mbps up. After the upgrade, Ann runs a speed test on her desktop and gets results of 1000Mbps down and 100Mbps up. A technician connects directly to the router and sees the correct 1000Mbps speeds. Which of the following is MOST likely the cause? (Choose two). A. All ports should be configured for full duplex. B. There is a 10/100 switch on the network. C. The connections are using Cat 5 cable. D. The connections are using Cat 6 cable. E. There is a transceiver mismatch at the fiber termination point. F. Signal attenuation on the new fiber has reached the upper limits.
wer: A,C Explanation: Question clearly says "upgraded her SOHO Internet to gigabit fiber from cable" previously she;s getting 75Mbps and 25Mbps up meaning she's using CAT5. going from 75mbs to 1gb so adjustments need to be made to support the new speed.
UESTION NO: 253 A technician is surveying a college's network equipment rooms and connectivity. Which of the following types of documentation does the technician need to perform a detailed site survey? (Choose three.) A. IDF/MDF documentation. B. Cable run label documentation. C. Network configuration documentation. D. Performance baseline documentation. E. Standard operating procedure documentation. F. Change management documentation. G. Rack diagram documentation.
wer: A,C,G Explanation: An Intermediate Distribution Frame (IDF) is a free-standing or wall mounted rack for wiring or cable from a MDF and leading to individual cables for each piece of equipment such as workstations, personal computers and other end-user devices. Network documentation is a technical record of the hardware, software, servers, directory structure, user profiles, data, and how it all works together. Network documents should include any information that helps administrators and IT professionals to keep the network up and running smoothly. A rack diagram, also known as a rack elevation, is a visual representation of the organization of IT equipment within a server rack used to track and manage data center assets.
UESTION NO: 238 A network technician is installing a new wireless network in a small office. Due to environmental concerns, the customer wants the network to run exclusively on the 5GHz frequency. Which of the following wireless technologies should the technician install to BEST meet this requirement? (Choose two.) A. 802.11ac B. 802.11b C. 802.11g D. 802.11n E. Bluetooth F. Z-Wave
wer: A,D Explanation:
UESTION NO: 256 Which of the following protocols are classified as connectionless? (Choose two.) A. TFTP B. FTP C. HTTP D. SNMP E. SSH F. IMAP
wer: A,D Explanation: TFTP (Trivial File Transfer Protocol): TFTP is a a simple form of the File Transfer Protocol (FTP). TFTP uses the User Datagram Protocol (UDP) and provides no security features. It has least amount of overhead, and as a result the fastest file transfer protocol. SNMP uses UDP over IP. It Used to monitor and manage network devices Notable connectionless protocols are: Internet Protocol (IP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), Internetwork Packet Exchange (IPX), Transparent Inter-process Communication, NetBIOS, and Fast and Secure Protocol (FASP).
UESTION NO: 214 A technician is troubleshooting network connectivity issues with a remote host. Which of the following tools would BEST inform the technician of nodes between the client and the remote host? (Choose two.) A. tracert B. ping C. tcpdump D. pathping E. netstat F. nslookup G. route
wer: A,D Explanation: The PathPing command is a command-line network utility supplied in Windows 2000 and beyond that combines the functionality of ping with that of tracert. It is used to locate spots that have network latency and network loss. traceroute and tracert are computer network diagnostic commands for displaying possible routes and measuring transit delays of packets across an Internet Protocol network
UESTION NO: 203 A security guard notices an authorized individual, who is dressed like a lab technician, has entered a secure area of the hospital with a large group. Which of the following security attacks is taking place? A. Evil twin B. Social engineering C. Insider threat D. Phishing
wer: B Explanation: It's not an insider threat because the individual is "posing" as someone who is credible and convincing. It's obvious that the security guard recognized the person, but knows that the individual doesn't have the required access. IF that individual went unnoticed and carried out some sort of malicious intent, then it would be an insider threat. However, the person was trying to use a disguise in hopes of unwittingly fooling people into thinking that [they] had every right to be there.
UESTION NO: 201 A junior network technician is working in the field and needs to connect to the company's remote server, however, doing so will require the junior technician to use the public Internet. Because security is a concern, which of the following is the BEST method to use? A. Telnet B. SSH C. SFTP D. VNC
wer: B Explanation:
UESTION NO: 207 Which of the following provides two-factor authentication? A. Username + password B. Smart card + PIN C. Fingerprint + retina scan D. Key fob + ID card
wer: B Explanation:
UESTION NO: 230 Joe, an employee at a large regional bank, wants to receive company email on his personal smartphone and tablet. To authenticate on the mail server, he must first install a custom security application on those mobile devices. Which of the following policies would BEST enforce this requirement? A. Incident response policy B. BYOD policy C. DLP policy D. Remote access policy
wer: B Explanation:
UESTION NO: 244 A second router was installed on a network to be used as a backup for the primary router that works as a gateway. The infrastructure team does not want to change the IP address of the gateway on the devices. Which of the following network components should be used in this scenario? A. Loopback IP B. Virtual IP C. Reserved IP D. Public IP
wer: B Explanation:
UESTION NO: 257 Users in a school lab are reporting slow connections to the servers and the Internet. Other users in the school have no issues. The lab has 25 computers and is connected with a single 1Gb Ethernet connection on Cat 5e wiring to an unmanaged switch. There are also three spare Cat 5e cable runs, which are not in use. The school wants to double the connection speed between the lab and the servers without running new cables. Which of the following would be the BEST solution? A. Plug in a second spare cable at each end to double the speed. B. Replace the switches with ones that utilize port bonding and use the spare cables. C. Replace the switches with 10Gb switches and utilize the existing cabling. D. Plug in a second cable and set one port to TX and one port to RX.
wer: B Explanation:
UESTION NO: 276 Which of the following would a company place at the edge of its network if it wants to view and control which Internet applications are being used? A. VPN concentrator B. NGFW C. IDS/IPS D. Proxy server
wer: B Explanation:
UESTION NO: 294 A network administrator is purchasing a mobile phone for a manager who is traveling internationally. The phone needs to be able to make and receive calls in multiple countries outside of North America. Which of the following cellular technologies should the administrator look for in the phone? A. CDMA B. GSM C. TDMA D. CSMA
wer: B Explanation:
UESTION NO: 285 A network technician receives a request for a disaster recovery solution. Management has requested no downtime in the event of a disaster. Which of the following disaster recovery solutions is the appropriate choice? A. Hot site B. Business continuity C. File backups D. Virtual snapshot
wer: B Explanation: Business continuity is an organization's ability to ensure operations and core business functions are not severely impacted by a disaster or unplanned incident that take critical systems offline.
UESTION NO: 267 A network technician installs a web server on the firewall. Which of the following methods should the technician implement to allow access to outside users without giving access to the inside network? A. VLAN B. DMZ C. SNMP D. NTP
wer: B Explanation: DMZ will separate the server from the network completely as an isolated point. VLAN means hosting the server inside the network on a different LAN.
UESTION NO: 264 A technician has installed an older IP camera as a temporary replacement for a recently failed newer one. The technician notices that when the camera's video stream is off, the ping roundtrip time between the camera and the network DVR is consistently less than 1ms without dropped packets. When the camera video stream is turned on, the ping roundtrip time increases dramatically, and network communication is slow and inconsistent. Which of the following is MOST likely the issue in this scenario? A. VLAN mismatch B. Duplex mismatch C. Cat 6 RX/TX reversed D. Damaged cable
wer: B Explanation: On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex. The effect of a duplex mismatch is a link that operates inefficiently. Camera streaming is off, half duplex is used for camera to DVR. Steaming is on = Full duplex
UESTION NO: 241 Ann, a new employee within a department, cannot print to any of the printers in the department or access any of the resources that others can. However, she can access the Internet. The network engineer has confirmed that Ann's account has been set up the same as the others. There are no access lists restricting Ann's access. Which of the following could be the issue for this lack of access? A. Duplex/speed mismatch B. VLAN mismatch C. DNS server issue D. DHCP server issue E. Spanning tree blocked ports
wer: B Explanation: VLAN mismatch is caused by a switch configured incorrectly. Duplex/speed mismatch will cause collisions, slowing down the network. The other options doesnt fit the question. So, the answer is B
UESTION NO: 299 A network technician travels to a remote office to set up a new SOHO for the company. Wireless networking should be used at the remote office. The network technician sets up all the related wireless network equipment, and the last step is to connect the users' devices to the company network. To complete this step, which of the following should be used to secure the remote network location? A. Host-based firewalls B. WPA2/WPA C. Open access D. Port filtering
wer: B Explanation: WPA (Wi-Fi Protected Access) and WPA2 are two of the security measures that can be used to protect wireless networks. WPA uses TKIP (Temporal Key Integrity Protocol) while WPA2 is capable of using TKIP or the more advanced AES algorithm.
UESTION NO: 219 A technician is setting up VoIP phones on a wireless network. Users report that calls are choppy and sometimes dropped. The technician has measured two characteristics using simple command-line tools that verify the problem. Which of the following characteristics did the technician measure? (Choose two.) A. Reflection B. Latency C. Interference D. Packet loss E. Signal-to-noise ratio F. Attenuation
wer: B,D Explanation: Though all of the choices are valid in terms of quality. But the problem itself say "command line" meaning A, C,E and F will be crossed out already since these are parameters. While B and D can be provided by using command line tools (e.g pathping).
UESTION NO: 289 A network administrator wants to narrow the scope of a subnet to two usable IP addresses within a class C network. Which of the following is the correct CIDR notation? A. 10.10.50.0/30 B. 172.16.20.0/30 C. 192.1.0.124/30 D. 192.168.0.192/24 E. 192.170.10.0/24
wer: C Explanation:
UESTION NO: 210 A company is allowing its employees to use their personal computers, tablets, and IoT devices while at work. However, there are rules and guidelines to which employees must adhere. Which of the following documents applies to these employees? A. NDA B. SOP C. BYOD D. SLA
wer: C Explanation:
UESTION NO: 224 A company has just refreshed the hardware in its datacenter with new 10G Ethernet switches. A technician wishes to set up a new storage area network but must use existing infrastructure. Which of the following storage standards should the technician use? A. iSCSI B. Fibre Channel C. NAS D. InfiniBand
wer: C Explanation:
UESTION NO: 226 A network technician is installing a new SOHO branch office that requires the use of a DOCSIS- compatible modem. The modem needs to be connected to the ISP's network at the demarc. Which of the following cable types should be used? A. UTP B. Multimode C. Coaxial D. Serial
wer: C Explanation:
UESTION NO: 227 A technician needs to order cable that meets 10GBaseT and fire safety requirements for an installation between a drop ceiling and a standard ceiling. Which of the following should the technician order to ensure compliance with the requirements? A. PVC Cat 5 B. Plenum Cat 5e C. Plenum Cat 6a D. PVC Cat 7
wer: C Explanation:
UESTION NO: 234 A network administrator is going to be performing a major upgrade to the network. Which of the following should the administrator use in case of a failure? A. Baseline report B. Vulnerability report C. Rollback plan D. Business continuity plan
wer: C Explanation:
UESTION NO: 246 A critical vulnerability is discovered on a network device. The vendor states it has already patched this vulnerability in its current release. Which of the following actions should an administrator take? A. Change the default password B. Use a firewall in front of the device. C. Update the firmware. D. Upgrade the configuration.
wer: C Explanation:
UESTION NO: 247 A technician has been alerted of incoming HTTP traffic on the LAN segment that should not contain any web servers. The technician has the IP address of the destination host and wants to determine if the socket for HTTP is open. Which of the following should the technician perform? A. Baseline assessment B. Packet analysis C. Port scan D. Patch-level assessment
wer: C Explanation:
UESTION NO: 254 A technician is connecting a PC to a switchport. At the wiring closet, the technician is unable to identify which cable goes from patch panel A connected to the switch to patch panel B connected to the PC. Which of the following tools should the technician use to resolve the issue? A. Cable tester B. Multimeter C. Tone generator D. OTDR
wer: C Explanation:
UESTION NO: 258 A technician is downloading an ISO from a vendor's website. To ensure the integrity of the download, which of the following should be verified? A. File size B. Vendor URL C. File hashing D. Encryption
wer: C Explanation:
UESTION NO: 269 Management has requested that a wireless solution be installed at a new office. Which of the following is the FIRST thing the network technician should do? A. Order equipment B. Create network diagrams C. Perform a site survey D. Create an SSID.
wer: C Explanation:
UESTION NO: 286 A network technician receives a new firmware update for a network device. The technician wants to ensure the file has not been tampered with. Which of the following techniques should the technician use to ensure the integrity of the file? A. Cyclic redundancy check B. System integrity check C. Hash comparison D. Root guard
wer: C Explanation:
UESTION NO: 295 A network administrator is downloading a large patch that will be uploaded to several enterprise switches simultaneously during the day's upgrade cycle. Which of the following should the administrator do to help ensure the upgrade process will be less likely to cause problems with the switches? A. Confirm the patch's MD5 hash prior to the upgrade. B. Schedule the switches to reboot after an appropriate amount of time. C. Download each switch's current configuration before the upgrade. D. Utilize FTP rather than TFTP to upload the patch.
wer: C Explanation:
UESTION NO: 283 A network technician wants to address PCs on a subnet with IPv6 in addition to IPv4. The subnet currently uses a DHCP server that only supports IPv4. Which of the following should the technician use to assign IPv6 addresses automatically without DHCP? A. APIPA B. MAC reservations C. EUI-64 D. IPv4 to IPv6 tunnel
wer: C Explanation: "Which of the following should the technician use to assign IPv6 addresses automatically without DHCP?" EUI-64 (Extended Unique Identifier) is a method we can use to automatically configure IPv6 host addresses. An IPv6 device will use the MAC address of its interface to generate a unique 64-bit interface ID. 6in4 is an IPv6 transition mechanism for migrating from Internet Protocol version 4 (IPv4) to IPv6. It is a tunneling protocol that encapsulates IPv6 packets on specially configured IPv4 links according to the specifications of RFC 4213. The IP protocol number for 6in4 is 41, per IANA reservation.
UESTION NO: 231 A technician is allocating the IP address space needed for a new remote office. This office will contain the engineering staff with six employees and the digital marketing staff with 55 employees. The technician has decided to allocate the 192.168.1.0/24 block to the remote office. The engineering staff has been allocated the 192.168.1.64/29 subnet. Using the LEAST amount of space possible, which of the following would be the last usable IP address in the engineering subnet? A. 192.168.1.62 B. 192.168.1.63 C. 192.168.1.70 D. 192.168.1.71
wer: C Explanation: 192.168.1.64/29... 32-29=3 the last 3 are 4+2+1= 7, 7+64=71 - 1 for the reserved last address.
UESTION NO: 218 A server in a LAN was configured to act as a gateway between all company computers and an external network. Which of the following networking devices offers the ability to increase both performance and security? A. Load balancer B. IDS C. Proxy server D. Wireless controller
wer: C Explanation: A proxy server acts as a gateway between you and the internet. It's an intermediary server separating end users from the websites they browse. ... Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests.
UESTION NO: 236 Which of the following is networking stand-alone hardware that will permit any WiFi-compliant device to connect to a wired network? A. Wireless hub B. Wireless firewall C. Wireless access point D. Wireless bridge
wer: C Explanation: A standalone access point provides the same functionality in wireless network which a switch or hub provides in the wired network. It provides connectivity between the different wireless devices. It accepts frame from the connected device and, based on its physical address, forwards it to the destination device.
UESTION NO: 261 Users on a LAN segment are reporting a loss of connectivity to network services. The client PCs have been assigned with 169.254.X.X IP addresses. Which of the following IP address schemas is being utilized? A. Private IP B. Static IP C. APIPA D. Loopback
wer: C Explanation: APIPA stands for Automatic Private IP Addressing (APIPA). It is a feature or characteristic in operating systems (eg. Windows) which enables computers to self-configure an IP address and subnet mask automatically when their DHCP(Dynamic Host Configuration Protocol) server isn't reachable
UESTION NO: 204 Which of the following DNS record types allows IPv6 records to be resolved to DNS names? A. PTR B. A C. AAAA D. SRV
wer: C Explanation: An AAAA record maps a domain name to the IP address (Version 6) of the computer hosting the domain. An AAAA record is used to find the IP address of a computer connected to the internet from a name. ... For example, all the DNSimple name servers are assigned to an IPv6 address and can be queried via either IPv4 or IPv6.
UESTION NO: 242 A technician is configuring a printer for a client. The technician connects the printer to the network, but is unsure how to determine its switchport. Which of the following should the technician do FIRST to locate the switchport? A. Perform a DNS lookup on the server. B. Set up an SSH session to the desktop. C. Reference the ARP table in the router. D. Configure port security on the switch.
wer: C Explanation: Contents. Each switch has an ARP (Address Resolution Protocol) table to store the IP addresses and MAC addresses of the network devices. The ARP table is used to determine the destination MAC addresses of the network nodes, as well as the VLANs and ports from where the nodes are reached.
UESTION NO: 288 Which of the following should be configured on the network to achieve performance for the FCoE storage traffic? A. PoE B. DHCP snooping C. Jumbo frames D. Virtual IP
wer: C Explanation: Fibre Channel over Ethernet (FCoE) is a computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit Ethernet networks (or higher speeds) while preserving the Fibre Channel protocol.
UESTION NO: 232 An administrator is troubleshooting a user's intermittent wireless connectivity issue. Other users across the hallway can connect and use the wireless network properly. Upon inspection of the connection details, the administrator finds the following: Which of the following is MOST likely the cause of the poor wireless connection? A. Channel overlap B. Overcapacity C. Incorrect antenna type D. Latency
wer: C Explanation: Had to be C because other users in the same area (but in a different direction from the AP) could connect fine. Probably using a uni-directional or patch antenna.
UESTION NO: 252 A network administrator has had difficulty keeping track of IP address assignments on networking devices and clients recently. Which of the following is the BEST technology to aid in this scenario? A. DNS B. DHCP C. IPAM D. NTP
wer: C Explanation: IP address management (IPAM) tools are software products that integrate the management of DHCP and DNS. It is used to plan, track, and manage the IP addresses. With the integration of DNS ad DHCP each process is kept abreast of changes made to the other service. Many prod ucts offer additional functionality as well such as tracking of information such as IP addresses in use, the devices an IP is assigned to at what time, as well as to which user an IP was assigned.
UESTION NO: 300 The length of an IPv6 address is: A. 32 bits B. 64 bits C. 128 bits D. 256 bits
wer: C Explanation: IPv6 differs from IPv4 in many ways, including address size, format, notation, and possible combinations. An IPv6 address consists of 128 bits (as opposed to the 32-bit size of IPv4 addresses) and is expressed in hexadecimal notation.
UESTION NO: 239 Which of the following concepts would BEST describe when a company chooses to use a third- party vendor to host and administer a critical application? A. SaaS B. IaaS C. PaaS D. CASB
wer: C Explanation: Keyword "host" meaning a third party is providing a platform SAAS = You control nothing... Vendor controls everything (Salesforce.com, Google apps, etc...) PAAS = You control only the app... Vendor controls servers, storage, network, and OS (Azure, etc...) IAAS = You control app & OS... Vendor controls servers, storage, and network (AWS, Rackspace, etc...) On PREM = You control everything... Vendor controls nothing
UESTION NO: 293 Which of the following WAN technologies swaps the header on a packet when internally switching from one provider router to another? A. ATM B. Frame relay C. MPLS D. PPP
wer: C Explanation: Multiprotocol Label Switching (MPLS) is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows.[1] The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS can encapsulate packets of various network protocols, hence the "multiprotocol" reference on its name. MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL.
UESTION NO: 272 A technician is configuring a new server with an IP address of 10.35.113.47 on the 10.35.112.0 subnet to allow for the maximum number of hosts. When configuring network settings, which of the following is the correct subnet mask? A. 10.35.112.0/30 B. 10.35.112.0/24 C. 255.255.240.0 D. 255.255.248.0 E. 255.255.255.0
wer: C Explanation: Now, I had to think about it for a moment, thinking that we only had to find the correct mask based on the subnet and IP addresses, then both 255.255.240.0 and 255.255.248.0 could be possible. I just did not bother to finish the actual question, the key aspect being: the MAXIMUM NUMBER OF HOSTS... Answers A and B are IP addresses so we can get rid of them, not valid subnet masks. Since the values 10 and 35 are the only ones repeated in both IP addresses we have to assume that the subnet mask will start with two full octet values: 255.255. That rules out answer E. The number values for each bit of the third octet would run as follows: 128 192 224 240 248 252 254 255 1 1 1 1 1 1 1 1 a subnet mask of 255.255.248.0 leaves us with three bits for hosts (2046). a subnet mask of 255.255.240.0 leaves us with 4 bits for possible host calculation (4094) and is the answer.
UESTION NO: 298 A network administrator is concerned about clients being able to access the local Internet while connected to the corporate VPN. Which of the following should be disabled on the client to prevent this? A. TLS B. Remote file access C. Split tunneling D. HTTPS
wer: C Explanation: Split Tunnel - Routes and encrypts all OSU-bound requests over the VPN. Traffic destined to sites on the Internet (including Zoom, Canvas, Office 365, and Google) does not go through the VPN server in split tunnel mode.
UESTION NO: 225 A network technician needs to install a new access switch. After installing the new switch, the technician begins to move connections from the old switch to the new switch. The old switch used a GBIC with SC connectors, and the new switch uses an SFP with LC connectors. After connecting the SC connector to the SC-to-LC adapter and plugging it into the switch, the link does not come up as expected. Which of the following should a network technician perform NEXT? A. Replace SFP with a new one. B. Fall back to the old switch. C. Transpose the fiber pairs. D. Replace multimode with single-mode cable.
wer: C Explanation: Transposition is the periodic swapping of positions of the conductors of a transmission line, in order to reduce crosstalk and otherwise improve transmission. In telecommunications this applies to balanced pairs whilst in power transmission lines three conductors are periodically transposed.
UESTION NO: 277 A technician wants to physically connect two office buildings' networks. The office buildings are located 600ft (183m) apart. Which of the following cable types is the BEST choice? A. Cat 5e B. Cat 6a C. Multimode D. Coaxial
wer: C Explanation: Typical transmission speed and distance limits are 100 Mbit/s for distances up to 2 km (3280ft), 1 Gbit/s up to 1000 m, and 10 Gbit/s up to 550 m. Because of its high capacity and reliability, multi-mode optical fiber generally is used for backbone applications in buildings.
UESTION NO: 212 A network administrator gets a call regarding intermittent network outages across the country. Which of the following should be used to connect to the network so the administrator can troubleshoot this issue from home? (Choose two.) A. FTP B. SMTP C. VPN D. SSH E. SNMP
wer: C,D Explanation:
UESTION NO: 205 A network technician has recently installed new VoIP phones at all employee's desks to support a new SIP cloud VoIP solution. However, the technician is unable to make a call from the device after testing. Which of the following should the technician verify? (Choose two.) A. TCP 443 is allowed. B. UDP 1720 is allowed. C. UDP 5060 is allowed. D. UDP 5061 is allowed. E. TCP 8080 is allowed. F. TCP 8181 is allowed.
wer: C,D Explanation: the two ports 5060 & 5061 both are on UDP/TCP and are both associated SIP by IANA. In particular, port 5060 is assigned to clear text SIP, and port 5061 is assigned to encrypted SIP, also known as SIP-TLS (SIP over a TLS, Transport Layer Security, encrypted channel). Unfortunately, the standard TLS (successor of SSL) can only be established over TCP. Does this mean SIP UDP-based communications have to travel unencrypted? Fortunately not. An IETF draft covering SIP-DTLS is on the queue (DTLS is Datagram TLS, that is, UDP. SIP clients typically use TCP or UDP on port numbers 5060 or 5061 for SIP traffic to servers and other endpoints. Port 5060 is commonly used for non-encrypted signaling traffic whereas port 5061 is typically used for traffic encrypted with Transport Layer Security (TLS).
UESTION NO: 245 Which of the following can be done to implement network device hardening? (Choose two.) A. Implement spanning tree B. Perform VLAN hopping C. Patch and update D. Perform backups E. Enable port mirroring F. Change default admin password
wer: C,F Explanation:
UESTION NO: 248 Which of the following creates a secure remote connection at the OSI network layer? A. L2TP B. SSL C. DTLS D. IPSec
wer: D Explanation: In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs). Transport Layer --> SSL Network Layer --> IPSec Data link layer --> PPTP, L2TP Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private
UESTION NO: 216 A network technician receives a call from a branch office about a problem with its wireless connectivity. The user states the office is hosting a large meeting that includes some online training with local businesses. The guest users have all brought devices to connect to the guest network at the branch office. All users are connected to a single WAP and are reporting that connections keep dropping and network spends are unusable. Which of the following is the MOST likely cause of this issue? A. DHCP exhaustion B. Channel overlapping C. Interference D. Overcapacity
wer: D Explanation:
UESTION NO: 243 A router is set up to utilize RIPv2 to route traffic throughout the network. Which of the following routing metrics is used to determine the path? A. Distance B. Bandwidth C. Speed D. Hop count
wer: D Explanation:
UESTION NO: 250 A company decides to deploy customer-facing, touch-screen kiosks. The kiosks appear to have several open source service ports that could potentially become compromised. Which of the following is the MOST effective way to protect the kiosks? A. Install an IDS to monitor all traffic to and from the kiosks. B. Install honeypots on the network to detect and analyze potential kiosk attacks before they occur. C. Enable switchport security on the ports to which the kiosks are connected to prevent network-level attacks. D. Create a new network segment with ACLs, limiting kiosks' traffic with the internal network.
wer: D Explanation:
UESTION NO: 260 A junior technician is setting up a voice control device so the Chief Executive Officer (CEO) will be able to control various things in the office. Of which of the following types of IoT technologies is this an example? A. LAN B. WAN C. SAN D. PAN
wer: D Explanation:
UESTION NO: 263 Which of the following would indicate that a circuit speed should be increased? A. Low latency B. Low bandwidth consumption C. High number of SIEM alerts D. High packet drops
wer: D Explanation:
UESTION NO: 275 Which of the following protocols is associated with a three-way handshake? A. UDP B. ICMP C. GRE D. TCP
wer: D Explanation:
UESTION NO: 282 Joe, a network engineer, is attempting to install wireless in a large work area. He installs the access point in the middle of the work space. When testing, he notices a -60dB reading on one side of the room and a -92dB reading on the other side. Which of the following is MOST likely the issue? A. External interference B. Distance limitations C. Channel overlap D. Incorrect antenna type
wer: D Explanation:
UESTION NO: 274 A user reports intermittent performance issues on a segment of the network. According to the troubleshooting methodology, which of the following steps should the technician do NEXT after collecting initial information from the customer? A. Document findings, actions, and outcomes. B. Establish a theory of probable cause. C. Establish a plan of action to resolve the problem. D. Duplicate the problem, if possible.
wer: D Explanation: Duplicating the problem is part of 'Identifying the problem' so you're still on step one. D is the correct answer. Identify the problem: • Gather information. • Duplicate the problem, if possible. • Question users. • Identify symptoms. • Determine if anything has changed. • Approach multiple problems individually.
UESTION NO: 222 A network technician is attempting to troubleshoot a connectivity issue. The issue is only reported during the evening hours, and only a single workstation loses connectivity. Which of the following is the MOST likely cause of the issue? A. The router has a time-based ACL, applied for the network segment. B. A light source is creating EMI interference, affecting the UTP cabling. C. Nightly backups are consuming excessive bandwidth. D. The user has violated the AUP, and Internet access has been restricted.
wer: D Explanation: "The issue is only reported during the evening hours", meaning the issue has happened numerous times. I would think the tech will be aware of the violation, so trouble shooting would not be necessary. This question of poorly structured. But, by process of elimination D has to be the answer. Answers A B and C will not effect a single computer.
UESTION NO: 217 Which of the following BEST describes an exploit? A. A router with default credentials B. An open mail relay server C. An SNMPv1 private community D. A privilege escalation script
wer: D Explanation: An exploit is a code that takes advantage of a software vulnerability or security flaw. ... When used, exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network. In some cases, an exploit can be used as part of a multi-component attack.
UESTION NO: 228 Which of the following physical security devices is used to detect unauthorized server room access? A. Access badge B. Biometrics C. Smart card D. Video surveillance
wer: D Explanation: Biometrics, smart cards, access badges don't keep track of you doing anything. They let you in if you are authorized.
UESTION NO: 271 Greater bandwidth and availability are required between two switches. Each switch has multiple 100Mb Ethernet ports available. Which of the following should a technician implement to help achieve these requirements? A. Spanning tree B. Clustering C. Power management D. Port aggregation
wer: D Explanation: Port aggregation lets you combine two Gigabit Ethernet ports on the Nighthawk router to improve the aggregated file transfer speed. If a device supports Ethernet aggregation like a NAS or managed network switch, you can use the Ethernet aggregate ports 1 and 2 to cable the device to your router.
UESTION NO: 220 Which of the following ports should a network technician open on a firewall to back up the configuration and operating system files of a router to a remote server using the FASTEST method possible? A. UDP port 22 B. TCP port 22 C. TCP port 25 D. UDP port 53 E. UDP port 69
wer: E Explanation: The correct answer is E. UDP port 69. TFTP is faster than SCP, SFTP because of UDP and no security. But it is not secure protocol - no encryption, no authentication.
UESTION NO: 240 A content filter is set to analyze XML and JSON that users access from the Internet. At which of the following layers is this analysis taking place? A. 1 B. 3 C. 5 D. 7 E. 6
wer: E Explanation: it is Presentation layer (6). Presentation layer involves decoding/translating data types like xml and JSON
