TEL243 Internetworking Lab (NETWORK PRO) Quizzes

The output of this command...... ping www.utah.edu -t ......would do what?

"ping" until user forces a 'stop' of the command

A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ASCII output only. Which of the following tcpdump options will achieve this output?

-SX port 443

To increase the 'byte' size of a 'ping' packet, use the ______ option with the ping command.

-l

What is a common "file extension" for batch files?

.bat

Match the Class of Service (CoS) priority on the left with its corresponding value on the right.

0-Best effort (default) 1-Backgroud 2-Excellent effort 3-Critical applications 4-Video(<100ms latency) 5-Video(<10ms latency) 6-Internetwork control 7-Network control

11.1.3 Practice Questions

11.1.3 Practice Questions

11.2.6 Practice Questions

11.2.6 Practice Questions

11.3.9 Practice Questions

11.3.9 Practice Questions

11.4.12 Practice Questions

11.4.12 Practice Questions

11.5.7 Practice Questions

11.5.7 Practice Questions

11.6.13 Practice Questions

11.6.13 Practice Questions

11.7.9 Practice Questions

11.7.9 Practice Questions

11.8.5 Practice Questions

11.8.5 Practice Questions

What is the speed of an OC-3 connection?

155 mbps Optical Carrier (OC) is used to specify the speed of fiber optic networks conforming to the SONET standard. Common OC speeds are: OC-1 = 51.85 Mbps OC-3 = 155.52 Mbps OC-12 = 622.08 Mbps OC-24 = 1.244 Gbps OC-48 = 2.488 Gbps OC-192 = 9.952 Gbps T3 is 44.736 Mbps. E3 is 34.368 Mbps.

Which of the following is NOT one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server?

169.254.0.1 to 169.254.255.254

Which frequencies does Zigbee operate on?

2.4 GHz, 900 MHz, and 868 MHz Explanation Zigbee is a specification based on IEEE 802.15.4. The WPANs operate on 2.4 GHz, 900 MHz, and 868 MHz frequencies.

What is the maximum number of nodes Z-Wave allows on its mesh network?

232

Which Class of Service (CoS) priority value should be assigned to a video conference call?

4

8.4.6 Practice Questions

8.4.6 Practice Questions

8.5.7 Practice Questions

8.5.7 Practice Questions

8.6.8 Practice Questions

8.6.8 Practice Questions

Which of the following is true about a community string?

A community string identifies devices under the same administrative control.

Which of the following best describes DHCP scope exhaustion?

A denial of service from a lack of IP addresses in a DHCP server's pool. Explanation A denial of service from a lack of IP addresses in a DHCP server's pool is one form of DHCP scope exhaustion. Another form comes from inefficient IP address management in which the IP address pool is depleted faster than it can be refilled. A rogue DCHP server occurs when an attacker adds a second DHCP server to a network and offers IP addresses to client wanting to join the network. If the network administrator does not have control over a DHCP server, it is considered a rogue DHCP server. Shortening IP address lease times on a DHCP server can help prevent DHCP scope exhaustion. DHCP snooping techniques can help protect against rogue DHCP servers.

Which of the following describes an on-path attack?

A false server intercepts communications from a client by impersonating the intended server.

Which of the following is true about processor performance?

A healthy system's CPU utilization should average around 40%.

Which of the following do hosts on a private network share if the network utilizes a NAT router?

A physical IP address Explanation Hosts on a private network share the NAT router's physical IP address. The NAT router allows the hosts to share its physical IP address when connecting to the internet. Hosts on a private network do not share virtual or physical MAC addresses on a network that utilizes a NAT router. Each host retains its own MAC address. Hosts on a private network do not share a virtual IP address on a network that utilizes a NAT router.

Which of the following pieces of information are you MOST likely to find in a policy document?

A requirement for using encrypted communications for web transactions

Which of the following correctly describes the T1 carrier system? (Select two.)

A single T1 channel can transfer data at 64 Kbps. T1 lines use two pairs of copper wire.

Which of the following describe a system image backup?

A system image contains everything on the system volume, including the operating system, installed programs, drivers, and user data files.

Which of the following is an example of an internal threat?

A user accidentally deletes the new product designs. Explanation Internal threats are intentional or accidental acts by employees, including: Malicious acts such as theft, fraud, or sabotage. Intentional or unintentional actions that destroy or alter data. Disclosing sensitive information through snooping or espionage. External threats are the events that originate outside of the organization and typically focus on compromising the organization's information assets. Examples are hackers, fraud perpetrators, and viruses. Natural events are events that may reasonably be expected to occur over time. Examples are a fire or a broken water pipe.

What is the main difference between a worm and a virus?

A worm can replicate itself, while a virus requires a host for distribution. Explanation A worm is a self-replicating program that uses a network to replicate itself to other systems. A worm does not require a host system to replicate. Both viruses and worms can cause damage to data and systems, and both spread from system to system, although a worm can spread itself, while a virus attaches itself to a host for distribution.

Listen to exam instructions You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you found one packet. Using the captured information shown, which of the following is the name of the company requesting payment?

ACME, Inc

IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)

AH & ESP Authentication Header and Encapsulating Security Payload Explanation IPsec is implemented through two separate protocols, which are called Authentication Header (AH) and Encapsulating Security Payload (ESP). AH provides authentication and non-repudiation services to verify that the sender is genuine and that the data was not modified in transit. ESP provides data encryption services for the data within the packet.

This is a protocol used to resolve IP addresses into MAC (Ethernet) addresses....

ARP

Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network?

ARP poisoning

Which of the following attacks can also be used to perform denial of service (DoS) attacks?

ARP spoofing

A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses Nmap to probe various network hosts to see which operating system they are running. Which process did the administrator use for the penetration test in this scenario?

Active fingerprinting Explanation The administrator in this scenario used active fingerprinting. Active fingerprinting is a form of system enumeration that is designed to gain as much information about a specific computer as possible. It identifies operating systems based upon ICMP message quoting characteristics. Portions of an original ICMP request are repeated (or quoted) within the response, and each operating system quotes this information back in a slightly different manner. Active fingerprinting can determine the operating system and even the patch level. Passive fingerprinting works in much the same manner as active fingerprinting. However, this technique does not utilize active probes of specific systems. Network enumeration (also called network mapping) involves a thorough and systematic discovery of as much of the corporate network as possible, using: Social engineering Wardriving War dialing Banner grabbing Firewalking Firewalking uses traceroute techniques to discover which services can pass through a firewall or a router. Hping and Firewalk are common firewalking tools.

While browsing the internet, you notice that the browser displays ads linked to recent keyword searches you performed. Which attack type is this an example of?

Adware

Which of the following improvements to SNMP are included in version 3? (Select two.)

Agent and manager authentication SNMP message encryption

Which of the following defines an Acceptable Use Agreement?

An agreement that identifies the employees' rights to use company property, such as internet access and computer equipment, for personal use.

Which of the following components do switches use to optimize network performance by performing switching operations in hardware rather than using the CPU and software?

An application-specific integrated circuit

Which of the following BEST describes an inside attacker?

An unintentional threat actor (the most common threat). Explanation An insider could be a customer, a janitor, or even a security guard. But most of the time, it's an employee. Employees pose one of the biggest threats to any organization, as an unintentional threat actor is the most common insider threat. A hacker is any threat agent who uses their technical knowledge to bypass security, exploit a vulnerability, or gain access to protected information. An authorized hacker is a good individual who tries to help a company see the vulnerabilities that exist in their security infrastructure. Attacks from nation states are generally extremely well-supported and funded.

Some users report that frequent system crashes have started happening on their workstations. Upon further investigation, you notice that these users all have received a recent update to the same application. Where would you go to conduct a root cause analysis?

Application log

Which of the following BEST describes the key difference between DoS and DDoS?

Attackers use numerous computers and connections. Explanation The DoS attacks that you probably hear the most about are distributed denial-of-service attacks (DDoS attacks). The key difference is these attacks use numerous computers and numerous internet connections across the world to overload the target systems. DDoS attacks are usually executed through a network of devices that the attacker has gained control of. DoS attacks use a single connection to attack a single target. With all DoS attacks, the attacker sends a large number of legitimate-looking requests to the server in a way that the server cannot determine which requests are valid and which are not. This barrage of requests overwhelms the system to the point that the server cannot manage the capacity, resulting in the server being inaccessible to other users.

What is the primary purpose of RADIUS?

Authenticate remote clients before access to the network is granted.

An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. Which type of social engineering is this individual engaging in?

Authority Explanation Authority social engineering entails an attacker either lying about having authority or using their high status in a company to force victims to perform actions that exceed their authorization level.

What is the primary countermeasure to social engineering?

Awareness Explanation The primary countermeasure to social engineering is awareness. If users are unaware of the necessity for security and are not properly trained, they are vulnerable to numerous social engineering exploits. Awareness training focused on preventing social engineering should include methods for authenticating personnel over the phone, assigning classification levels to information and activities, and educating your personnel on which information should not be distributed. A written security policy is a countermeasure against social engineering, but without awareness training, it is useless. Heavy management oversight may provide some safeguards that protect users from social engineering, but management is less effective than awareness. Traffic filters are not countermeasures for social engineering because they do not focus on solving the human problem inherent in social engineering attacks.

Where can you check your CPU's temperature?

BIOS

You want to make sure that the correct ports on a firewall are open or closed. Which document should you check?

Baseline configurations Explanation Baseline configuration documentation identifies specific configuration information for a device. For example, a configuration document for a firewall might include information about the IP addresses assigned to each interface and open firewall ports. A wiring diagram is a type of network diagram that focuses on the physical connections between devices. A site survey ensures that a wireless network performs as desired. A traditional intermediate distribution frame is a smaller wiring distribution frame or rack within a building.

Which deviation in power is the longest?

Blackout

Which of the following is the term for when a system is unable to keep up with the demands placed on it?

Bottleneck

You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?

Brute force attack Explanation In a brute force attack, every password is eventually found because the technique is to test every possible keystroke for each single key in a password until the correct one is found. Keyloggers log or record every keystroke on the computer keyboard to obtain passwords and other important data. A pass-the-hash attack is a hacking technique where an attacker uses an underlying NTLM (New Technology LAN Manager) or hash of a user's password to gain access to a server without ever using the actual plaintext password. Password sniffing is a passive way for attackers to gain access to an account. The sniffer collects data that is in transit on a LAN. If access is gained on one system on a LAN, data can be gathered from traffic being sent from any other system on the network. The sniffer runs in the background, making it undetectable.

In business continuity planning, what is the primary focus of the scope?

Business processes Explanation Business processes are the primary focus of the scope within business continuity planning (BCP).

Which of the following devices is used on a WAN to convert synchronous serial signals into digital signals?

CSU/DSU

You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simplify this process?

Capture filters

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before you implement that device?

Change Management Explanation A Change Management Policy provides a structured approach to secure company assets and make changes to those assets. This type of policy: Establishes hardware, software, and infrastructure configurations that are to be deployed universally throughout the corporation. Tracks and documents significant changes to the infrastructure. Assesses the risk of implementing new processes, hardware, or software. Ensures that proper testing and approval processes are followed before changes are allowed.

What is spoofing?

Changing or falsifying information in order to mislead or re-direct traffic.

Which of the following statements about DSCP are true? (Select two.)

Classification occurs at Layer 3. It uses the DiffServ field to add precedence values.

Which of the following are true regarding cloud computing? (Select three.)

Cloud computing consists of software, data access, computation, and storage services provided to clients through the internet. Typical cloud computing providers deliver common business applications online. They are accessed from another web service or software, like a web browser. The term cloud is used as a synonym for the internet. Explanation Cloud computing does not require end user knowledge of the delivery system's physical location and configuration. Other cloud computing details include the following: Cloud computing consists of software, data access, computation, and storage services provided to clients through the internet. The term cloud is used as a synonym for the internet. This is based on the basic cloud drawing used to represent the telephone network infrastructure and the internet in computer network diagrams. Typical cloud computing providers deliver common business applications online that are accessed from another web service or software, like a web browser. The software and data are stored on servers.

Which type of internet service uses the DOCSIS specification?

Coaxial cable

Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?

Collectors Explanation Collectors are responsible for gathering all event logs from configured devices and securely sending them to the Security Information and Event Management (SIEM) system. Collectors are basically the middleman between devices and the SIEM system. The data handling component receives the data from the collectors and then reads, analyzes, and separates the data into different categories. SIEM alerts are responsible for triggering alerts if any data exceeds the established thresholds. Security automation is a feature of a SOAR system.

Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all.

Commonly sold at retail stores. Unmanaged switch Provides port security features. Managed switch Supports VLANs. Managed switch Provides very few configuration options. Unmanaged switch Can be configured over a network connection. Managed switch Can be configured over a dedicated communication channel. Managed switch

What does SNMP use to identify a group of devices under the same administrative control?

Community strings

Which of the following are benefits that a VPN provides? (Select two.)

Compatibility Cost savings Explanation Benefits provided by VPNs include the following: Cost savings - VPNs reduce connectivity costs while increasing remote connection bandwidth. Security - by using appropriate encryption and authentication protocols, data being transmitted across the VPN can be secured from prying eyes. Scalability - because VPNs use the internet, you can add additional users without adding significant infrastructure. Compatibility - you can implement VPNs across many different WAN types, including broadband technologies. A faster connection is not a benefit provided by a VPN. VPN connections are usually a bit slower. While setting up a VPN isn't necessarily difficult, it does require a few extra steps and setup. Easy setup and configuration is not considered a benefit of a VPN. Service metering is an advantage of cloud computing.

Match each switch management method on the left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all.

Competes with normal network traffic for bandwidth. In-band management Uses a dedicated communication channel. Out-of-band management Must be encrypted to protect communications from sniffing. In-band management Does not compete with normal network traffic for bandwidth. Out-of-band management Affected by network outages. In-band management

Your organization uses a time-keeping application that only runs on Windows 2000 and does not run on newer OS versions. Because of this, there are several Windows 2000 workstations on your network. Last week, you noticed unusual activity on your network coming from the workstations. After further examination, you discover that they were victims of a malicious attack and were being used to infiltrate the network. You find out that the attackers were able to gain access to the workstations because of the legacy operating system being used. Your organization still needs to use the Windows 2000 workstations (which need to be connected to the internet) but you want to make sure that the network is protected from future attacks. Which solution should you implement to protect the network while also allowing operations to continue as normal?

Configure VLAN membership so that the Windows 2000 workstations are on their own VLAN.

Your organization uses a time-keeping application that only runs on Windows 2000 and does not run on newer OS versions. Because of this, there are several Windows 2000 workstations on your network. Last week, you noticed unusual activity on your network coming from the Windows 2000 workstations. After further examination, you discovered that the Windows 2000 workstations were the victim of a malicious attack and were being used to infiltrate the network. You find out that the attackers were able to gain access to the workstations because of the legacy operating system being used. The organization still needs to use the Windows 2000 workstations, which need to be connected to the internet, but you want to make sure the network is protected from future events. Which solution should you implement to protect the network while also allowing operations to continue as normal?

Configure VLAN membership so that the Windows 2000 workstations are on their own VLAN. Explanation The best solution is to place the Windows 2000 workstations in their own VLAN. If you use VLAN network segmentation, the workstations will still have access to the internet, but network access can be heavily restricted. This greatly reduces the damage a workstation can cause if it were to become compromised again.

You manage your company's website, which uses a cluster of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage and a single connection to your ISP. You want to provide redundancy so that a failure on a single component doesn't cause the website to become unavailable. What should you add to your configuration to accomplish this?

Connect one server to the internet through a different ISP.

You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating system versions and editions. Currently, all of your test virtual machines are connected to the production network through the hypervisor's network interface. You are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent problems, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select two. Each response is one part of the complete solution.)

Connect the virtual network interfaces in the virtual machines to the virtual switch. Create a new virtual switch configured for host-only (internal) networking.

You have a website that uses multiple servers for different types of transactions. For example, one server is responsible for static web content, while another is responsible for secure transactions. You would like to implement a device to speed up access to your web content. The device should be able to distribute requests between the various web servers using specialized hardware, not just software configurations. In addition, SSL sessions should use the hardware components in the device to create the sessions. Which type of device should you use to accomplish this?

Content switch

Which of the following is a text file that a website stores on a client's hard drive to track and record information about the user?

Cookie Explanation A cookie is a text file that a website provides to a client. It is stored on a user's hard drive to track and record information about the user. Mobile code is self-contained software that is transferred to a web client to be executed. It allows client-side execution of web applications. A certificate is a digital proof of identity used to establish or verify a user's identity over a network or the internet. A digital signature is a cryptographic tool that is used to prove who a message is from and that the contents of the message did not change or become altered while in transit.

You are responsible for maintaining Windows workstation operating systems in your organization. Recently, an update from Microsoft was automatically installed on your workstations that caused an in-house application to stop working. To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed on production workstations. Currently, none of your test virtual machines has a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates. What should you do? (Select two. Each response is one part of the complete solution.)`

Create a new virtual switch configured for bridged (external) networking. Connect the virtual network interfaces in the virtual machines to the virtual switch. Explanation To allow the virtual machines to communicate with the Microsoft update servers on the internet, complete the following: Create a new virtual switch configured for bridged (external) networking. Connect the virtual network interfaces in the virtual machines to the virtual switch. Creating an internal or host-only virtual switch would not allow the virtual machines to communicate on the production network through the hypervisor's network interface. Disabling the hypervisor's switch port would also isolate the virtual machines from the production network.

A user reports that she can't connect to the internet. After some investigation, you find that the wireless router has been misconfigured. You're responsible for managing and maintaining the wireless access point. What should you do next?

Create an action plan.

A security administrator logs on to a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Which type of scan did she conduct in this scenario?

Credentialed scan Explanation In a credentialed scan, the security administrator authenticates to the system prior to starting the scan. A credentialed scan usually provides detailed information about potential vulnerabilities. For example, a credentialed scan of a Windows workstation allows you to probe the Registry for security vulnerabilities. With a non-credentialed scan, the security administrator does not authenticate to the system prior to running the scan. A non-intrusive scan is the most common type of scan you will see performed. It looks for vulnerabilities and gives you a report on what it found. An intrusive scan finds a potential vulnerability and then actively attempts to exploit it.

Which of the following allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network?

DNAT Explanation DNAT (Destination Network Address Translation) is also called port forwarding and allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network. Dynamic NAT automatically maps internal IP addresses with a dynamic port assignment. In this implementation, many internal private IP addresses are mapped to one public IP address on the NAT router. IP masquerade is another name for Dynamic NAT and many-to-one NAT. OSPF (Open Shortest Path First) is a link-state routing protocol used for routing within an autonomous system.

You suspect that cache poisoning or spoofing has occurred on your network. Users are complaining of strange web results and being redirected to undesirable sites. Which log would help you determine what's going on?

DNS logs

Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps hostnames to IP addresses?

DNS poisoning

Windows "PowerShell" is a command-line interface similar to _____ , but with expanded functionality.

DOS

Which of the following internet connection technologies requires that the location be within a limited distance of the telephone company's central office?

DSL

Which of the following are the customer's responsibility to maintain? (Select two.)

DTE CPE

Which level of the OSI model does a Layer 2 switch operate at?

Data Link layer

You have just connected a new computer to your network. The network uses static IP addressing. You find that the computer can communicate with hosts on the same subnet, but not with hosts on a different subnet. No other computers are having issues. Which of the following configuration values would you MOST likely need to change?

Default gateway

Which device is NAT typically implemented on?

Default gateway router

Which of the following is an attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?

Denial-of-service attack

Which of the following can you use to stop piggybacking from occurring at a front entrance where employees swipe smart cards to gain entry?

Deploy a mantrap.

Which of the following information are you MOST likely to find in a procedure document?

Details on how to test and deploy patches Explanation A procedure is a step-by-step process outlining how to implement a specific action. For example, you might have a procedure document that identifies how patches are tested and applied within your network.

Which of the following is a best practice when establishing a baseline?

Determine baselines over time by analyzing network traffic.

Users report that the network is down. As a help desk technician, you investigate and determine that a specific router is configured so that a routing loop exists. What should you do next?

Determine if escalation is needed.

A user reports that she can't connect to a server on your network. You check the problem and find out that all users are having the same problem. What should you do next?

Determine what has changed.

Anabel purchased a smart speaker. She connected it to all the smart devices in her home. Which of the following communication models is she using?

Device-to-device Explanation The device-to-device, or machine-to-machine (M2M), communication model is meant mostly for systems with devices transferring small data packets to each other at a very low data rate. The devices could include thermostat, light bulbs, door locks, CCTV cameras, refrigerators, and wearable devices. The device-to-gateway model means that the IoT device doesn't directly interact with the cloud or the client. Instead, the device interacts with an intermediate device, or gateway, which then contacts the cloud to send and receive data. The back-end data-sharing model is an expanded version of the device-to-cloud model. This means the data sent from the IoT device to the cloud can be accessed by authorized third parties. The device-to-cloud model means that the devices communicate with the cloud instead of directly with the end user to send data and receive commands.

What are the four primary systems of IoT technology?

Devices, gateway, data storage, and remote control

Which backup strategy backs up only files that have the archive bit set and does not mark them?

Differential Explanation A differential backup backs up only files that have the archive bit set, and it does not mark them as having been backed up. Incremental and differential backups only back up files that have their archive bit set. The copy backup strategy is used by the NTBACKUP.EXE backup utility on Windows servers. It backs up all files regardless of whether the archive bit is set. However, it does not mark them as backed up.

On your way into the back entrance of your work building one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do?

Direct him to the front entrance and instruct him to check in with the receptionist.

You suspect that a bad video driver is causing a user's system to randomly crash and reboot. Where would you go to identify and confirm your suspicions?

Dump files

You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?

Dumpster diving

Which of the following are examples of social engineering attacks? (Select two.)

Dumpster diving Shoulder surfing

Based on a review of physical security at your office, you have recommended several improvements. Your plan includes installing smart card readers, IP cameras, signs, and an access logbook. In this lab, your task is to: Implement your physical security plan by dragging the correct items from the shelf onto the various locations in the building. As you drag the items from the shelf, the possible drop locations are highlighted. To implement your plan, you must: Install two IP security cameras in the appropriate location to record which employees access the key infrastructure. The security cameras should operate over the TCP/IP network. Install the smart card key readers in the appropriate location to control access to key infrastructure. The key card readers should be contactless and record more information than the card's ID. Install a Restricted Access sign on the networking closet door to control access to the infrastructure. Install the visitor log on the lobby desk.

EXPLANATION Complete this lab as follows: Install the IP security cameras: From the Shelf, expand CCTV Cameras. Drag an IP Security Camera from the shelf to the highlighted circle inside the networking closet. Drag an IP Security Camera from the shelf to the highlighted circle just outside the networking closet. Install the smart card key readers: From the Shelf, expand Door Locks. Drag a smart card reader from the shelf to the highlighted location outside the building's front door. Drag a smart card reader from the shelf to the highlighted location outside the networking closet's door. Install the Restricted Access sign: From the Shelf, expand Restricted Access Signs. Drag the Restricted Access sign from the shelf to the networking closet door. Install the visitor log: From the Shelf, expand Visitor Logs. Drag the visitor log from the shelf to the lobby desk.

Which of the following conditions can low humidity result in?

Electrostatic discharge

A new assistant network administrator was recently hired by your organization to relieve some of your workload. You assigned the assistant network administrator to replace a defective patch cable that connected port 1 on your patch panel to one of your network switches. You noticed that it took him an unusually long time to complete this task. Once done, users almost immediately began to report that the network had gone down. Upon entering the server room, you see that the assistant administrator has configured your network rack as shown below. What should you do? (Choose two. Each response is a complete solution.)

Enable STP on each switch. Remove the patch cable connecting the first switch to the third switch.

You manage a network with multiple switches. You find that your switches are experiencing heavy broadcast storms. Which of the following will help reduce the effects of these broadcast storms?

Enable Spanning Tree on the switches Explanation A broadcast storm is excessive broadcast traffic that renders normal network communications impossible. Broadcast storms can be caused by switching loops that cause broadcast traffic to be circulated endlessly or by denial of service (DoS) attacks. To reduce broadcast storms, you can: Run Spanning Tree protocol to prevent switching loops. Implement switches with built-in broadcast storm detection, which limits the bandwidth that broadcast traffic can use. Use VLANs to create separate broadcast domains on switches.

Which other service is IPsec composed of, in addition to AH?

Encapsulating Security Payload (ESP) Explanation IPsec is composed of two services, which are called Authentication Header (AH) and Encapsulating Security Payload (ESP). AH is primarily used for authenticating the two communication partners in an IPsec link. ESP is primarily used to encrypt and secure the data transferred between IPsec partners. IPsec employs ISAKMP (Internet Security Association and Key Management Protocol) for encryption key management.

Which of the following is the term for a calculation of how often bits are damaged in transit due to electromagnetic interference?

Error rate

You are the desktop administrator for your company. You would like to manage the computers remotely using a tool with a graphical user interface (GUI). Which actions should you take to accomplish this? (Select two. Each answer is a possible solution.)

Establish a Remote Desktop connection to each computer. Open Computer Management and connect to each remote computer. Explanation To remotely manage computers using a graphical user interface, you can use Remote Desktop or a preconfigured console, such as Computer Management. When you use Computer Management, connect to the remote computer and then utilize a snap-in to view and manage its components. Use Remote Shell and Telnet to execute commands on a remote computer. You initiate a Remote Assistance session by sending an assistance invitation.

Dumpster diving is a low-tech way of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy.

You are a network administrator for your company. A frantic user calls you one morning exclaiming that nothing is working. What should you do next in your troubleshooting strategy?

Establish the symptoms.

A web server on your network hosts your company's public website. You want to make sure that an NIC failure doesn't prevent the website from being accessible on the internet. Which solution should you implement?

Ethernet bonding

A web server on your network hosts your company's public website. You want to make sure that a NIC failure on the server does not prevent the website from being accessible on the internet. Which solution should you implement?

Ethernet bonding Explanation Ethernet bonding (also called NIC teaming) logically groups two or more physical connections to the same network. If one NIC fails, the second NIC with a connection to the same network can still be used.

Week 3...

Exam 1

What is the primary benefit of CCTV?

Expands the area visible to security guards.

Which of the following provides a layout of all electrical, plumbing, HVAC, and networking wiring and components?

Floor plan Explanation A floor plan provides a layout of all electrical, plumbing, HVAC, and networking wiring and components. A rack diagram, network diagram, and wiring diagram provide layouts for networking infrastructure, but they do not include electrical, plumbing, and HVAC information.

Your network uses the following backup strategy. You create: Full backups every Sunday night. Incremental backups Monday night through Saturday night. On a Thursday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?

Four Explanation In this scenario, you would need to perform the following four restore procedures: Restore the full backup from Sunday. Restore the incremental backup from Monday. Restore the incremental backup from Tuesday. Restore the incremental backup from Wednesday. If you did a full backup every night, you would restore only a single backup (Wednesday's backup). If you did full backups with differential backups, you would restore the last full backup along with the last differential backup.

Which backup strategy backs up all files from a computer's file system (regardless of whether the file's archive bit is set or not) and then marks them as backed up?

Full Explanation A full backup backs up all files from a computer's file system regardless of whether a file's archive bit is turned on or off. It also marks them as backed up. A full backup backs up all files regardless of whether the archive bit is set or not. An incremental backup backs up only files that have the archive bit set, but it marks them as having been backed up. A normal backup is a type of backup that is unique to the NTBACKUP.EXE utility on the Windows server. This type also flags the files as having been backed up.

Which of the following is a device that can send and receive data simultaneously?

Full-duplex

This 'PowerShell' cmdlet (pronounced command-let), will help you list and sort all of the processes currently running on your computer.

Get-Process

What are two major concerns regarding IoT devices? (Select two.)

Hacking Privacy Explanation Hackers and privacy are two majors concerns for IoT users. Because IoT devices are closely connected, all a hacker has to do is exploit one vulnerability to manipulate all the data, rendering it unusable. Also, companies that make and distribute consumer IoT devices could use those devices to obtain and sell users' personal data.

Match each physical security control on the left with an appropriate example of that control on the right. Each security control may be used once, more than once, or not at all.

Hardened carrier - Protected cable distribution Biometric authentication - Door locks Barricades - Perimeter barrier Emergency escape plans - Safety Alarmed carrier - Protected cable distribution Anti-passback system - Physical access control Emergency lighting - Safety Exterior floodlights - Perimeter barrier

Which of the following is a common social engineering attack?

Hoax virus information emails.

Which of the following are examples of newer devices that are often automated using IoT technology? (Select three.)

Home appliances Streaming media devices Security systems

Which of the following intrusion detection and prevention systems uses fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data?

Honeypot Explanation A honeypot is a device or virtual machine that entices intruders by displaying a vulnerability, displaying a configuration flaw, or appearing to contain valuable data. A Trojan horse is a malicious program that is disguised as legitimate or desirable software. A zombie is a computer that's infected with malware and that allows remote software updates and control by a command and control center (called a zombie master). A botnet refers to a group of zombie computers that are commanded from a central control infrastructure.

Most equipment is cooled by bringing cold air in the front and ducting the heat out the back. What is the term for where heat is sent?

Hot aisle

You manage a server at work that has just been configured with a new application. Consequently, the server has crashed several times during the last week. You think that you've resolved the problem, but you'd like to be able to manage the server remotely just in case more issues occur. Which of the following protocols should you use for remote management? (Select two.)

ICA & VNC Explanation Use a remote access protocol to remotely manage devices. A remote access protocol allows you to interact with a computer's desktop without being present at the console. There are multiple protocols you can use for remote desktop connections. Virtual Network Computing (VNC) was originally designed for UNIX. Applications that use VNC include RealVNC, TightVNC, UltraVNC, and Vine Server. Independent Computing Architecture (ICA) is the protocol used by Citrix products (WinFrame and MetaFrame/XenApp). Remote Desktop Protocol (RDP) is the protocol developed by Microsoft and used in Microsoft's Terminal, Remote Desktop, and Remote Assistance solutions. Aqua Connect has now licensed RDP and created a version for Mac OS X. PPP (Point-to-Point Protocol) is a protocol that's used to control remote access. PPP allows the authentication, authorization, and accounting of remote access connections. PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol) are VPN protocols that provide a secure connection to a destination host or network through the internet .

You were recently hired by a small startup company. The company is in a small office and has several remote employees. You have been asked to find a business service that can both accommodate the company's current size and scale as the company grows. The service needs to provide adequate storage as well as additional computing power. Which cloud service model should you use?

IaaS Explanation Infrastructure as a Service (IaaS) delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. The client deploys and runs software without purchasing servers, data center space, or network equipment.

A router periodically goes offline. Once it goes offline, you find that a simple reboot puts the router back online. After doing some research, you find that the MOST likely cause is a bug in the router software. A new patch is available from the manufacturer that is supposed to eliminate the problem. What should you do next?

Identify possible side effects of the solution.

A user reports that he can't connect to a specific website. You go to the user's computer and reproduce the problem. What should you do next?

Identify the affected areas of the network.

A user is unable to connect to the network. You investigate the problem and determine that the network adapter is defective. You replace the network adapter and verify that it works. What should you do next?

Identify the results and side effects of the solution.

You want to be able to monitor and filter VM-to-VM traffic within a virtual network. What should you do?

Implement a virtual firewall within the hypervisor. Explanation Virtualized hosts are susceptible to the same network exploits as physical network hosts and need to be protected by a firewall. By implementing a virtual firewall within the hypervisor itself, you can monitor and filter traffic on the virtual network as it flows between virtual machines.

As you are helping a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. You check your company's Password Policy and find that the following settings are currently required: Minimum password length = 10 Minimum password age = 4 Maximum password age = 30 Password history = 6 Account lockout clipping level = 3 Require complex passwords that include numbers and symbols Which of the following is the best action to take to make remembering passwords easier so that the user no longer has to write their password down?

Implement end user training.

You have been using SNMP on your network for monitoring and management, but you're concerned about the security of this configuration. What should you do to increase security in this situation?

Implement version 3 of SNMP

Which of the following does an agent send to the manager to confirm the receipt of a transmission?

Inform

Which of the following CCTV types would you use in areas with little or no light?

Infrared

Which of the following is the MOST effective protection against IP packet spoofing on a private network?

Ingress and egress filters

Which of the following lists the basic computing and processing steps in order?

Input, processing, output, and storage

You notice that a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices?

Internet of Things (IoT) Explanation These smart devices are part of a growing ecosystem known as the Internet of Things (IoT). Environments that contain these types of devices are known as static environments. A static environment is one that never changes (or changes very infrequently) and that a network administrator has very little control over. For example, a smart television in an office has embedded technology that might never be updated, which creates a security hole in the company's network.

You have purchased a solar backup power device to provide temporary electrical power to critical systems in your data center should the power provided by the electrical utility company go out. The solar panel array captures sunlight, converts it into direct current (DC), and stores it in large batteries. The power supplies on the servers, switches, and routers in your data center require alternating current (AC) to operate. Which electrical device should you implement to convert the DC power stored in the batteries into AC power that can be used in the data center?

Inverter

Which of the following is true about an unmanaged switch?

It can connect to all devices in a small area.

Which of the following best describes spyware?

It monitors the actions you take on your machine and sends the information back to its originating source.

Which of the following is true about Network Address Translation?

It supports up to 5,000 concurrent connections.

When packets arrive at their destination at different speeds, they sometimes arrive out of order. What does this cause?

Jitter

Which of the following is the MOST important way to prevent console access to a network switch?

Keep the switch in a room that is locked by a keypad.

Drag each penetration test characteristic on the left to the appropriate penetration test name on the right.

Known test - The tester has detailed information about the target system prior to starting the test. Partially known test - The tester has the same amount of information that would be available to a typical insider in the organization. Unknown test - The tester has no prior knowledge of the target system. Single-blind test - Either the attacker has prior knowledge about the target system or the administrator knows that the test is being performed. Double-blind test - The tester does not have prior information about the system, and the administrator has no knowledge that the test is being performed. Explanation Penetration testing is classified by the knowledge that the attacker and system personnel have prior to the attack. In an unknown test, the tester has no prior knowledge of the target system. In a known test, the tester has detailed information prior to starting the test. In a partially known test, the tester has the same amount of information that would be available to a typical insider in the organization. In a single-blind test, one side has advanced knowledge. Either the attacker has prior knowledge about the target system or the defender has knowledge about the impending attack. In a double-blind test, the penetration tester does not have prior information about the system, and the network administrator has no knowledge that the test is being performed. A double-blind test provides more accurate information about a system's security.

You are the IT security administrator for a small corporate network. You believe a hacker has penetrated your network and is infiltrating it using ARP poisoning. In this lab, your task is to discover whether ARP poisoning is taking place as follows: Use Wireshark to capture packets on the enp2s0 interface for five seconds. Analyze the Wireshark packets to determine whether ARP poisoning is taking place.Use the 192.168.0.2 IP address to help make your determination. Answer the questions.

Lab Questions Q1What is the MAC address of the first responding device? Q2What is the MAC address of the duplicate responding device? EXPLANATION Complete this lab as follows: Use Wireshark to capture packets on the enp2s0 interface for five seconds. From the Favorites bar, select Wireshark. Maximize the window for easier viewing. Under Capture, select enp2s0.Select the blue fin to begin a Wireshark capture. After capturing packets for five seconds, select the red box to stop the Wireshark capture. Analyze the Wireshark packets to determine whether ARP poisoning is taking place. In the Apply a display filter field, type arp and press Enter to only show ARP packets. In the Info column, look for lines containing the 192.168.0.2 IP address. From the top right, select Answer Questions. Answer the questions. Select Score Lab.

As a network administrator, you have 10 VLANs on your network that need to communicate with each other. Which of the following network devices is the BEST choice for allowing communication between 10 VLANs?

Layer 3 switch

On your network, you have a VLAN for the sales staff and a VLAN for the production staff. Both need to be able to communicate over the network. Which of the following devices would work BEST for communication between VLANs?

Layer 3 switch

Which Syslog level indicates an emergency that could severely impact the system and cause it to become unusable?

Level 0

Which Syslog severity level indicates a debugging message?

Level 7

Which of the following devices accepts incoming client requests and distributes those requests to specific servers?

Load balancer

Which of the following controls is an example of a physical access control method?

Locks on doors

Which of the following technologies uses variable-length packets, adds labels to packets as they enter the WAN cloud, and uses the labels to switch packets and prioritize traffic?

MPLS

What is the name of the computer that queries agents and gathers responses by sending messages?

Manager

Which of the following is data temporarily stored on?

Memory chips Explanation Data can be stored temporarily on memory chips (this is often considered to be part of processing). A hard drive is used to store data long term. A keyboard is considered to be an input device A printed page is considered to be output

Which invention made it possible to have an entire computer on a single circuit board?

Microchip Explanation Jack Kirby invented the microchip in 1959. This made it possible to have an entire computer on a single circuit board. This made computers much smaller and cheaper to manufacture. The transistor was invented in 1947. Transistors replaced bulky vacuum tubes and mechanical relays. This made computers smaller. Silicon is the material used to make transistors. Vacuum tubes were used in many early computers to relay information through the system.

Which type of switch optimizes network performance by using ASIC to perform switching at wire speed?

Multilayer switch

Which key advantage does a virtual router have over a physical router?

Multiple networks can connect to a single interface. Explanation The key advantage to a virtual router is that it can support multiple networks on a single router interface. A virtual router does this by using a different routing table for each network. Physical routers are limited to a single network on each interface. Like physical routers,

Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches have been installed. Which solution should you use?

NAC Explanation Network Access Control (NAC) controls access to a network by not allowing computers to access network resources unless they meet certain predefined security requirements. Conditions that can be part of the connection requirements include requiring that computers have: Antivirus software with up-to-date definition files An active personal firewall Specific, critical operating system updates and patches A client that is determined by the NAC agent to be healthy is given access to the network. An unhealthy client who has not met all the checklist requirements is either denied access or can be given restricted access to a remediation network, where remediation servers can be contacted to help the client to become compliant. A screened subnet is a buffer network that sits between a private network and an untrusted network (such as the internet). A virtual LAN (VLAN) is a logical grouping of computers based on switch port. VLAN membership is configured by assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A network-based IDS (NIDS) scans network traffic to look for intrusion attempts. Network Address Translation (NAT) modifies the IP addresses in packets as they travel from one network (such as a private network) to another (such as the internet). NAT allows you to connect a private network to the internet without obtaining registered addresses for every host. Hosts on the private network share the registered IP addresses.

Which of the following is a method that allows you to connect a private network to the internet without obtaining registered addresses for every host?

NAT

Which of the following provides information on the subnets within your network, including the subnet addresses and the routers connecting each subnet?

Network diagram Explanation A network diagram includes a layout of the subnets within your network, including the subnet addresses and the routers connecting each subnet. A wiring diagram, rack diagram, and floor plan provide information about your physical network, but they do not include subnet information.

You are in the process of implementing a network access protection (NAP) infrastructure to increase your network's security. You are currently configuring the remediation network that non-compliant clients will connect to in order to become compliant. You need to isolate the remediation network from the secure network. Which technology should you implement to accomplish this task?

Network segmentation

You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for virtualization. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a straight-through UTP cable that will run across the floor of the data center. To protect equipment from power failures, you also plan to install a UPS on the rack along with redundant power supplies for the server. Will this configuration work?

No, you should not run a cable across the data center floor.

Which of the following is a contract in which both parties agree not to share proprietary or confidential information gathered during the business relationship?

Non-Disclosure Agreement Explanation A Non-Disclosure Agreement (NDA) is a contract in which both parties agree not to share proprietary or confidential information gathered during the business relationship.

Your 24U rack currently houses two 4U server systems. To prevent overheating, you've installed a rack-mounted environmental monitoring device within the rack. Currently, the device shows that the temperature within the rack is 70 degrees Fahrenheit (21 degrees Celsius). What should you do?

Nothing, the temperature within the rack is within acceptable limits.

Which of the following attack types consists of capturing packets as they travel from one host to another with the intent of altering the contents?

On-path Explanation Capturing packets between two existing communication partners is a type of on-path attack. As this attack's name implies, traffic is intercepted somewhere in the middle of the communication. The best way to protect against on-path attacks is to use session encryption or line encryption solutions. Passive logging is a means of recording information about network traffic or system operations without affecting either in any way. Spamming is sending a victim unwanted and unrequested email messages. Spoofing changes or falsifies information in order to mislead or re-direct traffic.

Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived. On a Wednesday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?

One Explanation You would need to perform a single restore procedure. You would simply restore the last full backup from Wednesday to restore all of the data. The fact that you archived one backup each week is irrelevant to restoring the latest data. The archived copy is only used to restore something to a specific point in time. If you had used full and differential backups, you would restore the last full and last differential backups. If you had used full and incremental backups, you would restore the last full and each subsequent incremental backup.

Which of the following are backed up during a differential backup?

Only files that have changed since the last full backup. Explanation A differential backup only captures files that have changed since the last full backup. This backup strategy can create a shorter restoration time than an incremental backup, but this may consume more disk space, depending on the frequency of file changes. Restoration is a two-step process. You first load the last full backup and then finish the restoration by loading the last differential backup.

Which of the following are backed up during an incremental backup?

Only files that have changed since the last full or incremental backup. Explanation An incremental backup only captures files that have changed since the last full or incremental backup. The primary attraction to this backup plan is that it requires less storage space and processing time to complete. Restoration starts from the last full backup and then requires the loading of each subsequent incremental backup for a full restoration.

With Wireshark, you've used a filter to capture only the desired packet types. Using the information shown in the image, which of the following BEST describes the effects of using the host 192.168.0.34 filter?

Only packets with 192.168.0.34 in either the source or destination address are captured.

Which of the following is required to establish a new network switch and configure its IP address for the first time?

Out-of-band management

Which of the following methods is best to have when a network goes down?

Out-of-band management

Which of the following describes the lines used in a local loop for dial-up telephone access?

POTS

You are traveling throughout North America to many metropolitan and rural areas. Which single form of internet connectivity provides the greatest potential connectivity wherever you travel?

PSTN

You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?

Packet sniffer

Which network type divides transmitted data into smaller pieces and allows multiple communications on the network medium?

Packet-switched

When implementing a Multiprotocol Label Switching (MPLS) WAN, which data unit is managed by the routers at different sites?

Packets

Your disaster recovery plan (DRP) calls for backup media to be stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies that you must choose a method that uses the least amount of backup media but also allows you to quickly back up and restore files. Which backup strategy would BEST meet the DRP's specifications?

Perform a full backup once per week and a differential backup the other days of the week.

Match each social engineering description on the left with the appropriate attack type on the right.

Phishing- An attacker sends an email pretending to be from a trusted organization, asking users to access a website to verify personal information. Whaling- An attacker gathers personal information about the target individual, who is a CEO. Spear phishing- An attacker gathers personal information about the target individual in an organization. Dumpster diving- An attacker searches through an organization's trash for sensitive information. Piggybacking- An attacker enters a secure building by following an authorized employee through a secure door without providing identification. Vishing- An attacker uses a telephone to convince target individuals to reveal their credit card information.

Which of the following Security Orchestration, Automation, and Response (SOAR) system components helps to document the processes and procedures that are to be used by a human during a manual intervention?

Playbook Explanation Playbooks are linear checklists of required steps and actions that are to be taken to respond to an alert. While playbooks do support automated actions, they are often used to document the processes and procedures that are to be used by a human during a manual intervention. Runbooks consist of a series of conditional steps to perform actions, such as sending notifications or threat containment. They are not used to document the processes and procedures for a manual intervention. The Orchestration component of the Security Orchestration, Automation, and Response (SOAR) system is responsible for gathering data and information from across the network. This is not used to document the processes and procedures for a manual intervention. The Response component of a SOAR system allows the system to automatically take actions against threats. It is not used to document the processes and procedures for a manual intervention.

Which port does Remote Desktop use?

Port 3389 Explanation By default, Remote Desktop requires port 3389. Secure Shell (SSH) uses port 22. Telnet uses port 23. MMC snap-ins require an exception for Remote Administration, which opens ports 135 and 445.

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that's connected to a hub with three other computers. The hub is connected to a switch that's connected to the router. When you run the software, you see frames addressed to the four workstations but not to the router. Which feature should you configure on the switch?

Port mirroring

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?

Port scanner

You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services. Which tool should you use?

Port scanner Explanation Use a port scanner to check for open ports on a system or firewall. Compare the list of open ports with the list of ports allowed by your Network Design and Security Policy. Typically, a port is open when a service starts or is configured on a device. Open ports for unused services expose the server to attacks directed at that port. Use a packet sniffer to examine packets on a network. With a packet sniffer, you can identify packets directed toward specific ports, but you won't be able to tell if those ports are open. Examine system logs to look for events that have happened on your system. These events might include a service starting up, but this would not likely reflect open ports.

You maintain the network for an industrial manufacturing company. You're concerned about the dust in the area getting into server components and affecting network availability. Which of the following should you implement?

Positive pressure system

A network utilizes a network access control (NAC) solution to defend against malware. When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. What is this process called?

Posture assessment Explanation When a wired or wireless host tries to connect to a network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. This is called a posture assessment. The agent then submits the results of the assessment as a Statement of Health (SoH) to the system health validator (SHV). If the host does not meet the client health requirements configured in the NAC system, the host is placed on a quarantine network to be remediated. Port security is configured on a switch to restrict connections to hosts with specific MAC addresses.

A user has entered a search string into an application and clicked on the search icon. Which of the following is the NEXT step in the computing process?

Processing Explanation Processing occurs after input has been provided to a computer. In this case, the user's input was a text string and mouse click. Processing takes the mouse click on the search icon to start the search process. Input is information provided to a computing process. Output is the result of a computing process. Storage is where output data is retained for later.

You want to identify the traffic that is generated and sent through a network by a specific application on a device. Which tool should you use?

Protocol analyzer

What is the purpose of using Ethernet bonding? (Select two.)

Provides a failover solution for network adapters Increases network performance

Match each description on the left with the appropriate cloud technology on the right.

Public cloud- Provides cloud services to just about anyone. Private cloud- Provides cloud services to a single organization. Community cloud- Allows cloud services to be shared by several organizations. Hybrid cloud- Integrates one cloud service with other cloud services.

When analyzing assets, which analysis method assigns financial values to assets?

Quantitative Explanation Quantitative analysis assigns a financial value, or a real number (and the cost required to recover from a loss) to each asset. Qualitative analysis seeks to identify costs that cannot be concretely defined. Transfer and acceptance are responses to risk, not risk analysis methods.

Which of the following is a role service that allows users with the Remote Desktop Connection client and an internet connection to connect on an internal network.

RD Gateway Explanation Remote Desktop Gateway (RD Gateway) is a role service that allows users with the Remote Desktop Connection client and an internet connection to connect on an internal network. A Remote Desktop Resource Authorization Policy (RD RAP) identifies the internal resources that users can access. A Remote Desktop Connection Authorization Policy (RD CAP) identifies the users who can establish a connection through the RD Gateway server. Remote Desktop is a software tool.

Which of the following protocols or services would you associate with Windows Remote Desktop network traffic?

RDP Explanation Remote Desktop Protocol (RDP) is used by Windows Remote Desktop applications, including Remote Desktop Connection. A Remote Desktop Resource Authorization Policy (RD RAP) identifies the internal resources that users can access. Network News Transport Protocol (NNTP) is used to access newsgroups and download messages. It is not associated with Windows Terminal. Wi-Fi Protected Access (WPA) is a security mechanism designed to provide protection on wireless networks. It is not associated with Windows Terminal.

You are in the middle of a big project at work. All of your work files are on a server at the office. You want to be able to access the server desktop, open and edit files, save the files on the server, and print files to a printer that's connected to a computer at home. Which protocol should you use?

RDP Explanation To access the server's desktop, use Remote Desktop Protocol (RDP). RDP is Microsoft's own remote access protocol, but other available protocols include VNC and ICA. With this remote desktop solution, you can access a device's desktop and work with applications and files on that device. Device redirection allows you to redirect sound, drives, or printing at the remote computer to your local computer. Telnet and SSH are command line utilities used for remote management. FTP (File Transfer Protocol) is used for file transfer. While you might use this protocol to transfer files, it does not give you access to a remote system's desktop.

This 'distance vector algorithm' uses hop counts; with a max of 15, to determine routing metrics.

RIP

This routing protocol is for smaller networks and broadcasts (255.255.255.255) updates every 30 seconds by default.

RIP

What is the main difference between RIP and RIPv2?

RIP is a classful protocol, while RIPv2 is a classless protocol.

In addition to performing regular backups, what must you do to protect your system from data loss?

Regularly test restoration procedures.

You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. You notice that a router/firewall-content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two.)

Relocate the switch to the locked server closet. Control access to the work area with locking doors and card readers.

Which of the following is a tool that allows access to the graphical desktop environment of another Windows client system over a network connection?

Remote Desktop Explanation Remote Desktop is a software tool that allows access to the graphical desktop environment of another Windows client system over a network connection. While SSH and VPNs help to provide remote access, they are not specific to Windows client systems. The Remote Desktop Gateway is not the software tool used to directly provide the graphical desktop environment to the user.

You work as the IT security administrator for a small corporate network. Occasionally, you and your co-administrators need to access internal resources when you are away from the office. You would like to set up a Remote Access VPN using pfSense to allow secure access. In this lab, your task is to use the pfSense wizard to create and configure an OpenVPN Remote Access server using the following guidelines: Sign in to pfSense using: Username: admin Password: P@ssw0rd (zero) Create a new certificate authority certificate using the following settings: Name: CorpNet-CA Country Code: GB State: Cambridgeshire City: Woodwalton Organization: CorpNet Create a new server certificate using the following settings: Name: CorpNet Country Code: GB State: Cambridgeshire City: Woodwalton Configure the VPN server using the following settings: Interface: WAN Protocol: UDP on IPv4 only Description: CorpNet-VPN Tunnel network IP: 198.28.20.0/24 Local network IP: 198.28.56.18/24 Concurrent Connections: 4 DNS Server 1: 198.28.56.1 Configure the following: A firewall rule An OpenVPN rule Set the OpenVPN server just created to Remote Access (User Auth). Create and configure the following standard remote VPN users: Username Password Full Name blindley L3tM31nNow Brian Lindley jphillips L3tM31nToo Jacob Phillips

Required Actions Create a new certificate authority certificate Set the CA Descriptive name to CorpNet-CA Set the Country Code to GB (Great Britain) Set the State or Province to Cambridgeshire Set the City to Woodwalton Set the Organization name to CorpNet Create a new server certificate named CorpNet Configure the VPN server Configure the WAN interface Protocol set to UDP on IPv4 only Description set to CoprNet-VPN Tunnel Network set to 198.28.20.0/24 Local network set to 198.28.56.18/24 Concurrent connections set to 4 Set DNS server to 198.28.56.1 Configure the firewall rules Add the Firewall Rule Add the OpenVPN rule Set the OpenVPN server to Remote Access (User Auth) Configure the following standard VPN users Create Brian Lindley's account. Username is blindley Password is L3tM31nNow Full name is Brian Lindley Create Jacob Phillips' account. Username is jphillips Password is L3tM31nToo Full name is Jacob Phillips Complete this lab as follows: Sign in to the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero). Select SIGN IN or press Enter. Start the VPN wizard and select the authentication backend type. From the pfSense menu bar, select VPN > OpenVPN. From the breadcrumb, select Wizards. Under Select an Authentication Backend Type, make sure Local User Access is selected. Select Next. Create a new certificate authority certificate. For Descriptive Name, enter CorpNet-CA. For Country Code, enter GB. For State, enter Cambridgeshire. For City, enter Woodwalton. For Organization, enter CorpNet. Select Add new CA. Create a new server certificate. For Descriptive Name, enter CorpNet. Verify that all of the previous changes (Country Code, State/Providence, and City) are the same. Use all other default settings. Select Create new Certificate. Configure the VPN server. Under General OpenVPN Server Information: Use the Interface drop-down menu to select WAN. Verify that the Protocol is set to UDP on IPv4 only. For Description, enter CorpNet-VPN. Under Tunnel Settings: For Tunnel Network, enter 198.28.20.0/24. For Local Network, enter 198.28.56.18/24. For Concurrent Connections, enter 4. Under Client Settings, in DNS Server1, enter 198.28.56.1. Select Next. Configure the firewall rules. Under Traffic from clients to server, select Firewall Rule. Under Traffic from clients through VPN, select OpenVPN rule. Select Next. Select Finish. Set the OpenVPN server just created to Remote Access (User Auth). For the WAN interface, select the Edit Server icon (pencil). For Server mode, use the drop-down and select Remote Access (User Auth). Scroll to the bottom and select Save. Configure the following Standard VPN users. From the pfSense menu bar, select System > User Manager. Select Add. Configure the User Properties as follows: Username: Username Password: Password Full name: Full name Scroll to the bottom and select Save. Repeat steps 8b-8d to create the remaining VPN users.

You are the IT security administrator for a small corporate network. Your manager has received several concerning emails. He has asked you to view his email and determine whether these messages are hazardous or safe. In this lab, your task is to: Read each email and determine whether the email is legitimate. Delete any emails that are attempts at social engineering. Keep all emails that are safe.

Required Actions Delete the Microsoft Windows Update Center phishing email Delete the Jim Haws malicious attachment email Delete the Executive Recruiting whaling email Delete the Riverdale Estates HOA Online Banking phishing email Delete the Grandma White forwarded email hoax Delete the Daisy Knudsen spear phishing email Delete the Rachelle Hancock malicious attachment email Delete the Grandma White forwarded email hoax

You work part time at a computer repair store and are currently on site at a customer's premises. Your customer has signed up for DSL internet access. The phone company has turned DSL access on, and the office has obtained DSL service from the ISP. All connectors on the wall plate are for WAN connections only, and you don't have LAN connections inside the office. In this lab, your task is to: Install the DSL router and provide power. Connect the DSL router to the phone line. Connect the computer to the DSL router. Connect the phone to a phone outlet with a DSL filter in between the two. When you're finished, the DSL router should be connected to the internet, and the phone should be able to make analog phone calls.

Required Actions Install the DSL routerHide DetailsPlace the DSL router in the workspace areaDC Power connected to DSL routerAC Power Adapter connected to the wall outletRJ-11 cable connected to router and wall phone outlet Connect the computer to the DSL router Add a filter between the phone and the phone cable connected to the outlet EXPLANATION Complete this lab as follows: Install the DSL router and provide power.Under Shelf, expand Routers.Drag Router, DSL Ethernet to the Workspace area.Place the router next to the outlets.Above the router, select Back.Under Shelf, expand Cables.Select the Power Adapter.From the Selected Component pane:Drag the DC Power Connector to the port on the DSL router.Drag the AC Power Adapter to the wall outlet. Connect the DSL router to the phone line.Under Shelf, select UTP Cable, 2-pair, RJ-11.From the Selected Component pane:Drag an RJ-11 Connector to the RJ11 port on the router.Drag the other RJ-11 Connector to a phone port on the wall outlets. Connect the computer to the DSL router.Above the computer, select Back.Under Shelf, select Cat6a Cable, RJ45.From the Selected Component pane:Drag an RJ45 Shielded Connector to the network port on the computer.Drag the other unconnected RJ45 Shielded Connector to a network port on the DSL router. When implementing DSL, install a filter between the phone port and each phone.Above the phone, select Back.Under Shelf, expand Filters.Drag the DSL Filter to the phone port.Under Shelf, expand Cables.Select UTP Cable, 2-pair, RJ-11.From the Selected Component pane:Drag an RJ-11 Connector to the RJ11 port on the filter.Drag the unconnected RJ-11 Connector to the phone port on the wall outlet.

Of the following restoration processes, which would result in the fastest restoration of all data if a system failure occurred on Friday?

Restore the full backup from Sunday and the last differential backup. Explanation The fastest method for restoring data to its most current state is to restore the full backup and then the last differential backup. Differential backups include all changes since the last full backup (or any other backup method that reset the archive bit). Restoring the full backup and the last incremental backup is an incomplete restore because all of the incremental backups must be used. However, restoring several backup sets rather than a single set is slower. You only need to use the last differential backup.

Creating fake resources such as honeypots, honeynets, and tarpits fulfills which of the following main intrusion detection and prevention goals? (Select two.)

Reveals information about an attacker's methods and gathers evidence for identification or prosecution purposes. Offers attackers a target that occupies their time and attention while distracting them from valid resources. Explanation By using honeypots, honeynets, and tarpits, you can fulfill the following intrusion detection and protection goals: Attackers are offered targets that will occupy their time and attention, distracting them from valid resources. You can observe attackers and gather information about their attack methods or gather evidence for identification or prosecution purposes.

Which of the following BEST describes dynamic routing?

Routers learn about networks by sharing routing information with each other.

You are unsure if the gateway address is correct for one of your subnetworks because traffic is not leaving the network. Which of the following tables could you look at to check if the gateway address is correct?

Routing table Explanation Routing tables contain gateway address information. MAC address tables, IP address tables, and state tables do not contain gateway address information. MAC address tables contain information about source MAC addresses and destination MAC addresses. ARP tables contain neighbor information and link MAC addresses to IP addresses. Stateful devices keep track of the state of network connections, like TCP streams in a state table.

Which of the following internet services provides equal upload and download bandwidth?

SDSL

Because of an unexplained slowdown on your network, you decide to install monitoring software on several key network hosts to locate the problem. You will then collect and analyze the data from a central network host. Which protocol will the software use to detect the problem?

SNMP

Which protocol uses traps to send notifications from network devices?

SNMP

Which of the following is a protocol used for terminal emulation?

SSH Explanation Most administrators use Secure Shell (SSH) for terminal emulation. VNC, ICA, and RDP are remote access protocols.

Telnet is inherently unsecure because its communication is in plaintext and is easily intercepted. Which of the following is an acceptable alternative to Telnet?

SSH Explanation SSH (Secure Shell) is a secure and acceptable alternative to Telnet. SSH allows secure interactive control of remote systems. SSH uses RSA public key cryptography for both connection and authentication. SSH also uses the IDEA algorithm for encryption by default but is able to use Blowfish and DES as well. Remote Desktop, while a remote control mechanism, is limited to a few versions of Windows and is not very secure. Point-to-Point Protocol (PPP) and Serial Line Interface Protocol (SLIP) are not remote access authentication protocols. They are used to establish a connection, not provide authentication.

Which of the following protocols can you use to securely manage a network device from a remote connection?

SSH Explanation SSH allows secure interactive control of remote systems. It is a secure and acceptable alternative to Telnet. SFTP (Secure File Transfer Protocol) uses Secure Shell (SSH) to secure data transfers. TLS (Transport Layer Security) ensures that messages being transmitted on the internet are private and tamper-proof. TLS is often used to add security to other protocols.

Which protocol does HTTPS use to offer greater security for web transactions?

SSL Explanation HTTPS (HyperText Transfer Protocol Secure) uses Secure Sockets Layer (SSL) to offer greater security for web transactions. IPsec uses HMAC (Hash-Based Message Authentication Code) to provide message integrity checks. Password Authentication Protocol (PAP) transmits login credentials in cleartext. Challenge Handshake Authentication Protocol (CHAP) protects login credentials using a hash and allows periodic re-authentication.

You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points (like coffee shops and libraries). As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols is MOST likely to be allowed through the widest number of firewalls?

SSL Explanation Ports must be open on firewalls to allow VPN protocols. For this reason, using SSL (Secure Sockets Layer) for a VPN often works through firewalls when other solutions do not because SSL uses port 443, which is a port that's often already open to allow HTTPS traffic. In addition, some NAT (Network Address Translation) solutions do not work well with VPN connections. PPTP (Point-to-Point Tunneling Protocol) uses port 1723. L2TP (Layer 2 Tunneling Protocol) uses ports 1701 and 500. IPsec uses UDP port 500 for IKE (Internet Key Exchange).

Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network?

SaaS Explanation Software as a Service (SaaS) delivers software applications to the client either over the internet or on a local area network.

You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan?

Security guards

Which of the following provides a VPN gateway that encapsulates and encrypts outbound traffic from a site and sends the traffic through a VPN tunnel to the VPN gateway at the target site?

Site-to-site IPsec VPN Explanation Site-to-site IPsec VPNs connect networks across an untrusted network, such as the internet. The VPN gateway encapsulates and encrypts outbound traffic from a site and sends the traffic through a VPN tunnel to the VPN gateway at the target site. Clients send and receive normal unencrypted TCP/IP traffic through a VPN gateway. The receiving VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network.

Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against?

Sniffing

What is the definition of any attack involving human interaction of some kind?

Social Engineering Explanation Social engineering refers to any attack involving human interaction of some kind. Attackers who use social engineering try to convince a victim to perform actions or give out information they wouldn't under normal circumstances. An opportunistic attack is typically automated and involves scanning a wide range of systems for known vulnerabilities, such as old software, exposed ports, poorly secured networks, and default configurations. An authorized hacker helps companies find vulnerabilities in their security infrastructure. Social engineers are master manipulators and use multiple tactics on their victims.

Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing

A router on the border of your network detects a packet with a source address from an internal client, but the packet was received on the internet-facing interface. Which attack form is this an example of?

Spoofing Explanation This scenario is an example of spoofing, which is the act of changing or falsifying information in order to mislead or re-direct traffic. In this scenario, the received packet cannot be valid and from the stated source. Snooping is the act of spying on private information or communications. One type of snooping is sniffing. Sniffing is the act of capturing network packets in order to examine their contents. Spamming is sending a victim unwanted and unrequested email messages.

You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?

Static Explanation Static translation consistently maps an unregistered IP address to the same registered IP address on a one-to-one basis. Static NAT is particularly useful when a device needs to be assigned the same address so it can be accessed from outside the network. This works well for web servers and other similar devices. Dynamic translation would not work for these servers because it maps an unregistered host IP address to any available IP address configured in a pool of one or more registered IP addresses. Accessing a server assigned one of these addresses would be nearly impossible because the addresses are still shared by multiple hosts.

Which of the following NAT implementations maps a single private IP address to a single public IP address on the NAT router?

Static NAT Explanation Static NAT maps a single private IP address to a single public IP address on the NAT router. IP masquerade and many-to-one NAT are simply different names for Dynamic NAT. Dynamic NAT automatically maps internal IP addresses with a dynamic port assignment. In this implementation, many internal private IP addresses are mapped to one public IP address on the NAT router.

Which of the following has the least default administrative distance?

Static route to an IP address

When troubleshooting network issues, it's important to carry out tasks in a specific order. Drag each trouble shooting task on the left to the correct step on the right.

Step 1: Identify the problem. Step 2: Establish a theory of probable cause. Step 3: Test the theory to determine the cause. Step 4: Establish a plan of action. Step 5: Implement the solution or escalate. Step 6: Verify full system functionality. Step 7: Document findings, actions, and outcomes.

Which of the following provides a computer system with the ability to retrieve and manipulate data at a future time?

Storage

Which of the following played vital roles in the advancement of national defense, science, and social change?

Supercomputers Explanation Supercomputers have processing capabilities designed to solve problems that are too complex for regular computers. They play vital roles in the advancement of national defense, science, and social change. A smartphone is a mobile phone that functions as a computer and allows users to access the internet. The world wide web is a system for making digital resources publicly available over the internet. The web and web browsers paved the way for email, chatrooms, and social media sites. Microchips paved the way for personal computer ownership.

What is a VPN (virtual private network) primarily used for?

Support secure communications over an untrusted network. Explanation A VPN (virtual private network) is primarily used to support secure communications over an untrusted network. You can use a VPN over a local area network, across a WAN connection, over the internet, and even between a client and a server over a dial-up internet connection.

Which of the following purposes is a VPN primarily used for?

Support secured communications over an untrusted network.

Which of the following is the least effective power loss protection for computer systems?

Surge protector

Which of the following is a communication device that connects other network devices through cables and receives and forwards data to a specified destination within a LAN?

Switch

Which of the following can cause broadcast storms?

Switching loops

Which of the following is a standard for sending log messages to a central logging server?

Syslog

Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts occurred. Which log type should you check?

System

Which of the following protocols are often added to other protocols to provide secure data transmission? (Select two.)

TLS SSL Explanation Both Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols that are used with other protocols to add security. In addition, you can use Secure Shell (SSH) to add security when using unsecure protocols. HTTPS (HyperText Transfer Protocol Secure) is the secure form of HTTP that uses SSL. SMTP (Simple Mail Transfer Protocol) is used for sending email. SNMP (Simple Network Management Protocol) is for network management tasks.

You are a network administrator for your company. A user calls and tells you that after stepping on the network cable in her office, she can no longer access the network. You go to the office and see that some of the wires in the Cat 5 network cable are now exposed. You make another cable and attach it from the wall plate to the user's computer. What should you do next in your troubleshooting strategy?

Test the solution.

What is the definition of bandwidth?

The amount of data that can be transferred from one place to another in a specific amount of time.

Put the following events from computer history in the order they happened: Drag events here with oldest at top

The correct order is: Herman Hollerith develops electronic tabulating machine (1890) International Business Machines, or IBM, is formed (1911) Scientists at Bell Laboratories invent the transistor (1947) Jack Kilby invents the microchip (1959) The Apple II is released for home consumers (1977) The World Wide Web becomes available to the public (1994) Apple releases the iPhone (2007)

Which of the following could be to blame if your computer is regularly crashing or restarting?

The processor is too hot.

What is the definition of latency?

The speed at which data packets travel from source to destination and back.

Which of the following is considered part of a smart home?

Thermostat Explanation The term smart home refers to a home with devices that can be controlled remotely over the internet with a smartphone or computer. Thermostats can learn the residents' daily routines and adjust the temperature of the home accordingly. Items that typically connect to a video, audio, or data network as a core part of their functionality are not considered part of a smart home.

Match each smart device with its description.

Thermostat- Learns from your habits and schedule, allows you to control the climate in your home remotely, shows you energy consumption in real time, and adjusts itself depending on ambient conditions. Switch- Allows you to control hardwired lights, ceiling fans, fireplaces, small appliances, and garbage disposals. Bulb- Can change colors, track motion, stream audio over Bluetooth, and double as a connected camera, but it's only smart when turned on. It doesn't work when turned off. Plug Easy solution for making small appliances (such as lamps, coffee makers, and toasters) smart. Security camera Uses an RF transmitter. May include such features as motion detection, scheduled recording, remote viewing, and automatic cloud storage. Door lock Uses a wireless protocol and a cryptographic key to execute the authorization process. It can also monitor access and send alerts related to the status of the device. Speaker/digital assistant Uses voice recognition software and activates through a Wake Word or Hot Word.

This Windows 'PowerShell' command will produce what output? --- Get-Alias dir

This will show that the 'dir' command is an alias for the Get-ChildItem cmdlet.

Which of the following technologies does GSM use to allow multiple connections on the same frequency?

Time-division multiple access

Why should you store backup media off site?

To prevent the same disaster from affecting both the network and the backup media

Which of the following is a type of input device?

Touchscreen

Which invention allowed computers to become smaller in size?

Transistors Explanation The transistor was invented in 1947. Transistors replaced bulky vacuum tubes and mechanical relays. This made computers smaller. Vacuum tubes were used in many early computers to relay information through the system. Silicon is the material used to make transistors, but it is not what allowed computers to become smaller in size. Laptops are smaller, portable computers. They are not the invention that allowed computers to become smaller in size.

In which of the following tables does a NAT router store port numbers and their associated private IP addresses?

Translation table Explanation A NAT router stores port numbers and their associated private IP addresses in a translation table. NAT uses this table to know which host to send the incoming traffic to. A routing table is for routing packets from one network to another. A MAC address table is used by Ethernet switches to know where to forward traffic within a network segment. An ARP table associates MAC addresses with IP addresses.

Which of the following are IPsec modes of operation? (Select two.)

Transport mode Tunnel mode Explanation Tunnel mode and transport mode are the two IPsec modes of operation. Single mode and multimode are types of fiber optic network cable. Secure mode is a wireless LAN setting.

When an event occurs, the agent logs details regarding the event. What is this event called?

Trap

Which of the following is a secure doorway that can be used with a mantrap to allow an easy exit but actively prevents re-entrance through the exit portal?

Turnstiles

Your network uses the following backup strategy. You create: Full backups every Sunday night. Differential backups Monday night through Saturday night. On Thursday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?

Two Explanation You would need to perform two restore procedures. You would do the following: Restore the full backup from Sunday. Restore the differential backup from Wednesday. If you did a full backup every night, you would restore only a single backup (Wednesday's backup). If you did full backups with incremental backups, you would restore the last full backup along with each incremental backup.

Which of the following describe the channels and data transfer rates used for ISDN BRI? (Select two.)

Two B channels operating at 64 Kbps each. One D channel operating at 16 Kbps.

Which of the following ensures that power is supplied to a server or device during short power outages?

Uninterruptible power supply

What should you try first if your antivirus software does not detect and remove a virus?

Update your virus detection software.

As a 'network tech' you want to create an automated script on a Windows computer....How would you "comment" your script so you have some built-in notes to give you information about your script commands?

Use 'REM'

Kate, a network administrator, has been tasked with staying within the company budget. She has a large network and doesn't want to spend more than she needs to on purchasing and registering multiple public IP addresses for each of the hosts on her network. Which of the following methods could help her provide internet access but also keep costs low and limit the number of registered IP addresses her organization needs to purchase?

Use Network Address Translation Explanation Using NAT will allow the hosts on Kate's network to be private and to utilize just one registered public IP address. Using Layer 2 switches will not impact the public IP address situation. Using Layer 3 switches would only improve the public IP address situation if NAT were implemented on them. Using PoE (Power over Ethernet) devices will not impact the public IP address situation.

Your computer seems to be running slowly. In particular, you notice that the hard drive activity light remains lit when you run multiple applications and switch between open windows. This happens even though you aren't saving large files. What should you do to troubleshoot the problem?

Use Resource Monitor to monitor memory utilization.

You are the network administrator for a growing business. When you were hired, the organization was small, and only a single switch and router were required to support your users. During this time, you monitored log messages from your router and switch directly from each device's console. The organization has grown considerably in recent months. Now you manage eight individual switches and three routers. It's becoming more and more difficult to monitor these devices and stay on top of issues in a timely manner. What should you do?

Use Syslog to implement centralized logging.

You are concerned that an attacker can gain access to your web server, make modifications to the system, and alter the log files to hide his or her actions. Which of the following actions would BEST protect the log files?

Use Syslog to send log entries to another server.

You just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card for access. You backed up the router configuration to a remote location with an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with the username admin and the password admin. You used the MD5 hashing algorithm to protect the password. What else should you do to increase the security of this device? (Select two.)

Use an SSH client to access the router configuration. Change the default administrative username and password. Explanation In this scenario, you need to address the following two key security issues: You should use an SSH (Secure Shell) client to access the router configuration. Telnet transfers data over the network connection in cleartext, exposing sensitive data to sniffing. You should change the default administrative username and password. Default usernames and passwords are readily available from websites on the internet. Encrypted Type 7 passwords on a Cisco device are less secure than those protected with MD5. Using HTTP and TFTP (Trivial File Transfer Protocol) to manage the router configuration could expose sensitive information to sniffers, as they transmit data in cleartext.

Five salespeople work out of your office. They frequently leave their laptops on the desks in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST way to address your concerns?

Use cable locks to chain the laptops to the desks.

Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the BEST countermeasure for securing the captured network traffic?

Use encryption for all sensitive traffic.

Which of the following scenarios would cause a problem in asymmetric routing?

Using two stateful firewalls in the traffic flow. Explanation When you have asymmetrical routing, the outbound traffic would go through one stateful firewall and the inbound traffic would come through the second stateful firewall. The second firewall would drop the packets because it wouldn't have any record of them in its state table. That information would be recorded in the first firewall. Unless you've specifically programmed a hub as stateful, it would not have problems with asymmetrical routing. In general, routers do not have problems with asymmetric routing, regardless of number. Switches do not have problems with asymmetric routing, regardless of number.

The 'file transfer protocol' (ftp) can be used to access a remote server, list directory contents and 'copy' files to your local computer.....all done through an encrypted connection to TCP port 86.

Usually not, as 'ftp' is by default insecure and default to TCP port 21

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?

VLAN

Which of the following remote protocols was originally designed for UNIX?

VNC Explanation Virtual Network Computing (VNC) was originally designed for UNIX. ICA, ICA, and RDP are remote desktop protocols. However, they were not originally designed for UNIX. You can use a virtual private network (VPN) for remote access, but it is not a protocol that was originally designed for UNIX.

You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you need enter your username and password in a new website so you can manage your email and spam using the new service. What should you do?

Verify that the email was sent by the administrator and that this new service is legitimate.

Which of the following statements are true about virtual NICs? (Select two.)

Virtual NICs need the appropriate driver to function. Multiple virtual NICs can be added to a virtual machine. Explanation Within each virtual machine, you can configure one or more virtual network interfaces, which function similarly to physical network interfaces. Virtual interfaces use Ethernet standards to transmit and receive frames on a network. The operating system within the virtual machine must have the appropriate driver installed to support the virtual network interface, just as with a physical network interface. When you configure a virtual network interface within a virtual machine's configuration, you can specify: The type of physical network interface to emulate. This allows the best possible driver support from the operating system within the virtual machine. A MAC address. Most hypervisors automatically assign a MAC address to each virtual network interface. Some hypervisors allow you to use a custom MAC address if needed. The network to connect to. Most hypervisors allow you to define many different virtual networks. When you configure a virtual network interface, you select which virtual network you want it to connect to.

You have configured a virtual network that includes the following virtual components: Four virtual machines (Virtual OS1, Virtual OS2, Virtual OS3, and Virtual OS4) One virtual switch The virtual switch is connected to a physical network to allow the virtual machines to communicate with the physical machines out on the physical network. Given the port configuration for the virtual switch and the physical switch in the table below, click on all of the virtual and physical machines that Virtual OS1 can communicate with.

Virtual OS1 can communicate to all Physical OS's 1, 2, 3, and 4 and Virtual OS3. Explanation Virtual OS1 can communicate with the following machines: Virtual OS3 Physical OS1 Physical OS2 Physical OS3 Physical OS4 The virtual switch port configuration allows Virtual OS1 to communicate with machines on Virtual Network1 and the physical network. P5 on the virtual switch is configured to allow communication between the virtual and physical machines as if they were on the same real physical network. Virtualized networks allow virtual servers and desktops to communicate with each other, and they also allow communication with network devices out on the physical network via the host operating system. Virtual networks typically include the following components: Virtual switches, which allow multiple virtual servers and/or desktops to communicate on virtual network segments and/or the physical network. Virtual switches are often configured in the hypervisor. Virtual network adapters, which are created and assigned to a desktop or server in the hypervisor. They have the following characteristics: Multiple network adapters could be assigned to a single virtual machine. Each network adapter has its own MAC address. Each network adapter is configured to connect to only one network at a time (meaning a virtual network or the physical network, but not both). Virtual OS2 and Virtual OS4 belong to Virtual Network2 and are only able to communicate with each other.

You have configured a virtual network that includes the following virtual components: Four virtual machines (Virtual OS1, Virtual OS2, Virtual OS3, and Virtual OS4) One virtual switch The virtual switch is connected to a physical network to allow the virtual machines to communicate with the physical machines out on the physical network. Given the port configuration for the virtual switch and the physical switch in the table below, click on all of the virtual and physical machines that Virtual OS1 can communicate with.

Virtual OS1 can communicate with the following machines: Virtual OS2 Virtual OS3 (Port assignment for P1, P2 and P3 are Virtual Network 1)

You need to provide DHCP and file sharing services to a physical network. These services should be deployed using virtualization. Which type of virtualization should you implement?

Virtual servers Explanation Server virtualization runs multiple instances of a server operating system on a single physical computer. With server virtualization, you can migrate servers on older hardware to newer computers or add virtual servers to computers with extra, unused hardware resources.

Which component is MOST likely to allow physical and virtual machines to communicate with each other?

Virtual switch Explanation Virtual switches allow multiple virtual servers and/or desktops to communicate on virtual network segments and/or the physical network. Virtual switches are often configured in the hypervisor.

You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need?

Vulnerability scanner Explanation Use a vulnerability scanner to gather information about systems, such as the running applications or services. A vulnerability scanner often combines functions found in other tools and can perform additional functions, such as identifying open firewall ports, missing patches, and default or blank passwords. A port scanner is a tool that probes systems for open ports. A port scanner tells you which ports are open in the firewall, but it cannot identify services running on a server if the firewall port has been closed. A network mapper is a tool that can discover devices on a network and show those devices in a graphical representation. Network mappers typically use a ping scan to discover devices and a port scanner to identify open ports on those devices. Use a protocol analyzer to identify traffic that is sent on the network medium and traffic sources. Services could still be running on a server that do not generate the network traffic that a protocol analyzer would catch.

What is the main difference between vulnerability scanning and penetration testing?

Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. Explanation Penetration testing simulates an actual attack on the network and is conducted from outside the organization's security perimeter. Vulnerability scanning is typically performed internally by users with administrative access to the system. The goal of both vulnerability scanning and penetration testing is to identify the effectiveness of security measures and identify weaknesses that can be fixed. While some penetration testing is performed with no knowledge of the network, penetration testing could be performed by testers with detailed information about the systems. Both vulnerability scanning and penetration testing can use similar tools, although you should avoid illegal tools in both activities.

Which SNMP component uses GETNEXT messages to navigate the MIB structure?

Walk

Which log file type is one of the most tedious to parse but can tell you exactly when a user logged onto your site and what their location was?

Web server logs

A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of attack BEST describes the scenario?

Whaling Explanation Whaling is a form of social engineering attack that targets senior executives and high-profile victims. Social engineering is an attack that exploits human nature by convincing someone to reveal information or perform an activity.

Which of the following forms of networking is highly susceptible to eavesdropping and must be secured accordingly?

Wireless

Which type of documentation would you consult to find the location of RJ45 wall jacks and their endpoints in the intermediate distribution closet?

Wiring schematic Explanation A wiring schematic is a type of network diagram that focuses on the physical connections between devices. The wiring diagram typically shows: The location of drop cables and ports within offices or cubicles. The path that wires take between wiring closets and offices. A labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations. A baseline is a record that shows normal network statistics. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but it doesn't necessarily define how the goal is to be reached. A procedure is a step-by-step process outlining how to implement a specific action. A procedure is guided by goals defined in the policy but goes beyond it by identifying specific steps that are to be implemented.

Which of the following was the most widely used personal computer application until the mid-90s?

Word processing

You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for file storage and a database server. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a crossover UTP plenum cable that will run through the suspended tile ceiling in the data center. To provide power for the new devices, you had an electrician install several new 20-amp wall outlets near the new rack. Each device on the rack will be plugged directly into one of these new wall outlets. What is wrong with this configuration? (Select two.)

You should implement a UPS between the wall outlet and the network devices. You should implement redundant power supplies for the network devices.

Entering the following at the CMD prompt may fail....Why?.... rmdir NameOfDirectory

Your directory may have subdirectories and not allow deletion to protect the data

What are the two protocols used most often with IoT devices? (Select two.)

Z-Wave Zigbee Explanation Zigbee and Z-Wave are two radio protocols many IoT devices work with because they are designed for low-data rate, low-power applications. They link all IoT devices to form a mesh network.

Which of the following tools would you use to view the MAC addresses associated with IP addresses that the local workstation has contacted recently?

arp

To display the ARP table and all of the current entries......enter _______ at the command prompt.

arp -a

When working at the Windows DOS prompt, what command will move you back one directory location?

cd ..

When working at the CMD prompt, entering ______ will clear your screen.

cls

The _____ command gives you a listing of the files, programs and subdirectories in the current directory.

dir

When looking to find more help about the ....dir..... command, enter ___________.

dir /?

When working at the Windows CLI (DOS prompt), what command would give you more information (the help listing) about the 'dir' command and it's use?

dir /?

You are troubleshooting a connectivity problem on a Linux server. You're able to connect to another system on the local network but not to a server on a remote network. You suspect that the default gateway information for the system may be configured incorrectly. Which of the following commands would you use to view the default gateway information on the Linux server?

ifconfig

Which TCP/IP utility gives you the following output?

ipconfig

You want to see the burned-in, hardware address of your windows PC.....Enter ________ at a command prompt.

ipconfig /all

If you want to 'release' your IP address......enter _________ at a command prompt.

ipconfig /release

When creating a new DIR, you may enter __________ at the CMD prompt.

mkdir

Examine the following output: Active ConnectionsProto Local Address Foreign Address StateTCP SERVER1:1036 localhost:4832 TIME_WAITTCP SERVER1:4798 localhost:1032 TIME_WAITTCP SERVER1:1258 pool-141-150-16-231.mad.east.ttr:24076 CLOSE_WAITTCP SERVER1:2150 cpe-66-67-225-118.roc.res.rr.com:14100 ESTABLISHEDTCP SERVER1:268 C872c-032.cpe.net.cale.rers.com:46360 ESTABLISHEDTCP SERVER1:2995 ip68-97-96-186.ok.ok.cox.net:23135 ESTABLISHED Which of the following utilities produced this output?

netstat

Entering the following at a Windows PC, CLI prompt would start what program?.....notepad yourname.txt

notepad

Which TCP/IP utility gives the following output?

ping

Which of the following utilities would you use to view the routing table?

route Explanation Use the route command to display the routing table contents and to add or remove static routes. The tracert command uses ICMP packets to test connectivity between devices and display the path between them. Responses from each hop on the route are measured three times to provide an accurate representation of how long a packet takes to reach and be returned by that host. The mtr command on Linux is a combination of the ping and traceroute commands. The dig command resolves (looks up) a hostname's IP address.

A workstation's network board is currently configured as follows: Network Speed = Auto Duplexing = Auto The workstation is experiencing poor network performance, and you suspect that the network board is incorrectly detecting the network speed and duplex settings. Upon investigation, you find that it's running at 10 Mbps half-duplex. You know that your network switch is capable of much faster throughput. To fix this issue, you decide to manually configure these settings on the workstation. Before you do so, you need to verify the switch port configuration for the connected workstation. Given that it's a Cisco switch, which commands can you use on the switch to show a list of all switch ports and their current settings? (Select two.)

show interface show running-config interface Explanation To view the speed and duplex settings of interfaces on a Cisco switch, you can use one of the following commands: -show running-config interface (displays concise summary information) -show interface (displays extended information) -The show interface capabilities command displays information about interface capabilities, not the current switch configuration. -The show interface ethernet counters command displays interface statistics. -The show interface switchport command displays VLAN information regarding switch interfaces.

While working on a Linux server, you're unable to connect to the Windows Server system on the internet. You are able to ping the default gateway on your own network, so you suspect that the problem lies outside the local network. Which utility would you use to track the route a packet takes as it crosses the network?

traceroute