Testout Midterm

Which of the following can you append to the end of the dig command to run a query for all the records in the zone? -axfr -mx -a -ns

-axfr EXPLANATION You can use the dig command to query a host for more information. You can change the default search by appending a switch to the end of the command. To run a query for all the records in the zone, you add -axfr to the dig command. Adding -a to the dig command queries address records. Adding -mx to the dig command queries mail exchange records. Adding -ns to the dig command queries name server records.

Which stratum level does the authoritative time device fall under? 0 2 1 3

0 EXPLANATION Stratum 0 is the highest level in the hierarchy. Stratum 0 is the authoritative time device itself, such as a GPS time source or atomic clock. The higher the stratum number, the lower it is on the stratum hierarchy, and the less precedence it has in relation to other time providers with a lower number.

What is the decimal form of the following binary IP address? 11001101.00111001.10101001.01000010 206.58.170.67 238.90.202.99 190.42.154.51 205.57.169.66

205.57.169.66 EXPLANATION The decimal equivalent of the 11001101.00111001.10101001.01000010 IP address is 205.57.169.66. To convert from binary to decimal, use the decimal equivalent of the following binary numbers: 10000000: 128 01000000: 64 00100000: 32 00010000: 16 00001000: 8 00000100: 4 00000010: 2 00000001: 1 To find the decimal form of a binary number, add up each decimal equivalent for each 1 bit in the address. For example, the equation for the number 11001101 is 128 + 64 + 8 + 4 + 2 = 205.

Your network follows the 100Base-FX specifications for Fast Ethernet and uses half-duplex multimode cable. What is the maximum cable segment length allowed? 100 meters 412 meters 550 meters 1,000 meters

412 meters EXPLANATION 100Base-FX half-duplex multimode cable has a maximum segment length of 412 meters. 1000Base-SX and 1000Base-LX support multimode cable up to 550 meters. 10Base-FL supports fiber optic cable between 1,000 and 2,000 meters.

Which of the following are valid IPv6 addresses? (Select two.) 6384:1319:7700:7631:446A:5511:8940:2552 165.15.78.53.100.1 192.168.2.15 141:0:0:0:15:0:0:1 127.0.0.1 343F:1EEE:ACDD:2034:1FF3:5012

6384:1319:7700:7631:446A:5511:8940:2552 141:0:0:0:15:0:0:1 EXPLANATION An IPv6 address is a 128-bit address listed as eight 16-bit hexadecimal sections. Leading 0s can be omitted in each section. Therefore, 6384:1319:7700:7631:446A:5511:8940:2552 and 141:0:0:0:15:0:0:1 are both valid IPv6 addresses. A single set of all-zero sections can be abbreviated with two colons (::). So, 141::15:0:0:1 is also a valid address.

Your network uses a network address of 137.65.0.0 with a subnet mask of 255.255.0.0. How many IP addresses are available to assign to network hosts on this network? 254 65534 2 16777214

65534 EXPLANATION Given a network address and subnet mask, you can have 2 to the n power - 2 (2 hosts per subnet). Begin by converting the subnet mask to a binary number. To find the number of valid hosts, n = the number of unmasked bits in the mask. In this example, there are 16 unmasked bits. So, the number of available hosts is 2 to the 16th power - 2, which equals 65534.

Which port is a DHCP Discover packet sent out on when a device first connects to a network? 53 68 80 67

67 EXPLANATION When a device first connects to a network, it sends out a DHCP Discover packet. This packet is a UDP broadcast sent out on port 67 to all devices on the network, asking if there's a DHCP server available. Port 68 is used by the DHCP relay agent to send out a DHCP broadcast packet to a client. Port 80 is used for HTTP. Port 53 is used by DNS.

Which port does the relay agent use when it sends DHCP information back to the client? 53 80 68 67

68 EXPLANATION When a DHCP server receives the DHCP Discover packet from the relay agent, the server sends back a DHCP Offer packet. The relay agent puts the DHCP information into a DHCP broadcast packet and sends it to the client on UDP port 68 on the local network. When a device first connects to a network, it sends out a DHCP Discover packet. This packet is a UDP broadcast sent out on port 67 to all the devices on the network, asking if there's a DHCP server available. Port 80 is used for HTTP. Port 53 is used by DNS.

Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use? A host-based firewall An IPS An IDS A network-based firewall

A network-based firewall EXPLANATION You should use a network-based firewall to create a screened subnet between two servers. A host-based firewall inspects traffic that's received by a host. It is not designed for use on a screened subnet. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. You cannot use an IDS to create a screened subnet. An active IDS (also called an intrusion protection system, or IPS) performs the functions of an IDS, but it can also react when security breaches occur.

You are making Ethernet drop cables using Cat5e cables and RJ45 connectors. You need to remove the plastic coating over the cable to expose the individual wires. Which tool should you use? Cable stripper Punch down tool Snips Crimping tool

Cable stripper EXPLANATION Use a cable stripper to remove a cable's plastic jacket or sheath. When you make drop cables or use punch down blocks, do not remove the plastic covering for individual wires. Use snips to cut cables. Use a punchdown tool to push wires into 66 or 110 blocks and cut the wires at the same time. A crimping tool is designed for RJ45 connectors to attach connectors to UTP cables.

Which of the following cable types often includes a solid plastic core that keeps the twisted pairs separated? Cat 5 Cat 3 Cat 5e Cat 6

Cat 6 EXPLANATION Cat 6 cables include a solid plastic core that keeps the twisted pairs separated and prevents the cable from being bent too tightly. Cat 3, Cat 5, and Cat 5e don't include a solid plastic core that keeps the twisted pairs separated.

Which of the following does the sudo iptables -F command accomplish? Lists all the current rules. Saves changes to iptables. Drops all incoming traffic. Clears all the current rules.

Clears all the current rules. EXPLANATION The sudo iptables -F command clears all the current rules. The sudo iptables -A INPUT -j DROP command drops all incoming traffic. The sudo iptables -L command lists all the current rules. The sudo /sbin/iptables-save command saves changes to iptables.

Which of the following is true about half-duplex mode? Collision detection is turned off. Collision detection is turned on. The device can send and receive at the same time. It requires switches with dedicated switch ports.

Collision detection is turned on. EXPLANATION Half-duplex mode requires that collision detection be turned on. Full duplex mode requires that collision detection is turned off, that the device can send and receive at the same time, and that there are dedicated switch ports.

You want to create a loopback plug using a single RJ45 connector. How should you connect the wires in the connector? Connect pin 1 to pin 3 and pin 2 to pin 6. Connect pin 1 to pin 3 and pin 2 to pin 4. Connect pin 1 to pin 2 and pin 3 to pin 3. Connect pin 1 to pin 8 and pin 2 to pin 7. Connect pin 1 to pin 5 and pin 2 to pin 6.

Connect pin 1 to pin 3 and pin 2 to pin 6. EXPLANATION To create a loopback plug or a crossover cable, connect pin 1 (Tx+) to pin 3 (Rx+) and pin 2 (Tx-) to pin 6 (Rx-). Connecting each pin to the opposite pin (1 to 8, 2 to 7, and so on) creates a rollover cable.

Which of the following combines several layers of security services and network functions into one piece of hardware? Unified Threat Management (UTM) Firewall Intrusion detection system (IDS) Circuit-level gateway

Unified Threat Management (UTM) EXPLANATION A Unified Threat Management (UTM) appliance combines several layers of security services and network functions into one piece of hardware. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A circuit-level gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules.

Which device combines multiple security features, such as anti-spam, load-balancing, and antivirus, into a single network appliance? Unified Threat Management (UTM) Next Generation Firewall (NGFW) Circuit-level gateway Packet-filtering firewall

Unified Threat Management (UTM) EXPLANATION A Unified Threat Management device combines multiple security features into a single network appliance. A single UTM device can provide several security features, including firewall, VPN, anti-spam, antivirus, and load balancing. A NGFW combines a traditional firewall with an application firewall. A circuit-level gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A packet-filtering firewall allows and blocks network traffic by examining information in the IP packet.

Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic? Negative False positive Positive False negative

False positive EXPLANATION A false positive traffic assessment means that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic. A positive traffic assessment means that the system detected an attack and the appropriate alarms and notifications were generated or the correct actions were performed to prevent or stop the attack. A negative traffic assessment means that the system deemed the traffic harmless and let it pass. A false negative traffic assessment means that harmful traffic passed without any alerts being generated or any actions being taken to prevent or stop it. This is the worst possible scenario.

You're working with an existing fiber optic installation in your building. You want to know the length of each cable that runs through the walls. Which tool should you use? Toner probe Smartjack OTDR Multimeter

OTDR EXPLANATION An optical time domain reflector (OTDR) sends light pulses on a cable to discover information about the cable. The results of this test can be used to: Estimate a wire's length. Measure a cable's impedance. Identify locations of splices and connectors on a wire. Identify shorts, open circuits, and fault locations. Use a toner probe to locate the end of a wire from a wall jack to the punchdown block. Use a multimeter to measure a device's electrical properties, such as voltage, amps, and resistance. A smartjack is a special loopback plug installed at a WAN service's demarcation point.

Which command would you use on a switch to enable management from a remote network? no shutdown ip address dhcp ip default-gateway 192.168.10.185 ip address 192.168.10.185 255.255.255.0

ip default-gateway 192.168.10.185 EXPLANATION To enable management from a remote network, configure the default gateway. To do so, use the following command in global configuration mode: switch(config)#ip default-gateway IP_address

You need to configure a Cisco RFC 1542-compliant router to forward any received DHCP frames to the appropriate subnet. The remote DHCP server's address is 172.16.30.1. Which of the following commands would you use to configure the router? ifconfig 172.16.30.1 host 172.16.30.1 ip address dhcp 172.16.30.1 ip helper-address 172.16.30.1

ip helper-address 172.16.30.1 EXPLANATION To configure a Cisco router to listen for DHCP traffic and route any received DHCP frames to the appropriate subnet, use the following command: ip helper-address [server_address] The ifconfig command is used on a Linux computer to display TCP/IP configuration information. The host command is used to query a specified host's A records. The ip address dhcp command is used to configure a Cisco switch to obtain its IP address from a DHCP server.

Which of the following are characteristics of Teredo tunneling? (Select three.) Has dual-stack hosts Has dual-stack routers Can be used to send data over the internet Uses an IPv6 address static association for the IPv4 address Is configured between routers at different sites Can't be used to send data over the internet Is configured between individual hosts

Has dual-stack hosts Can be used to send data over the internet Is configured between individual hosts EXPLANATION Teredo tunneling has the following characteristics. It: Is configured between individual hosts. Each host handles the encapsulation and de-encapsulation process. Uses dual-stack hosts and performs IPv6 tunneling to send data on an IPv4 network. Can be used to send data over the internet. Miredo tunneling is the Teredo tunneling equivalent used on Linux systems.

Which network component connects a device to transmission media and allows the device to send and receive messages? Client Network interface card Protocol Server

Network interface card EXPLANATION A network interface card (NIC) allows a device to send and receive messages over a transmission media. A client doesn't provide network services but instead consumes network services. Server operating systems are designed to do one thing, and that's to provide network resources. Protocols are rules or standards that describe how hosts communicate and exchange data.

Which of the following best describes NTP efficiency? One packet every five minutes is necessary to sync two machines to an accuracy of within a millisecond of one another. One packet per minute is necessary to sync two machines to an accuracy of within a millisecond of one another. One packet per second is necessary to sync two machines to an accuracy of within a millisecond of one another. Four packets per minute are necessary to sync two machines to an accuracy of within a millisecond of one another.

One packet per minute is necessary to sync two machines to an accuracy of within a millisecond of one another. EXPLANATION NTP is very efficient. Only one packet per minute is necessary to synchronize two machines to an accuracy of within a millisecond of one another.

What are the main differences between the OSPF and IS-IS routing protocols? OSPF is a link state protocol, while IS-IS is not. OSPF is an IGP routing protocol, while IS-IS is a BGP routing protocol. OSPF is a classful protocol, while IS-IS is a classless protocol. OSPF requires an area 0, while IS-IS does not.

OSPF requires an area 0, while IS-IS does not. EXPLANATION Like OSPF, IS-IS uses areas when designing the network. However, IS-IS does not require an area 0 like OSPF does. Because IS-IS was originally designed for non-IP protocols, it can more easily support IPv6 routing. Both OSPF and IS-IS have the following characteristics: Both are link state protocols. Both are classless protocols, supporting CIDR and VLSM. Both are interior gateway protocols that are used within an AS.

Which of the following terminates individual wires from a 25-pair or 100-pair cable using female RJ45 ports? 66 block 110 block Horizontal cross connect Patch panel

Patch panel EXPLANATION A patch panel is a device that typically connects individual stranded wires into female RJ45 connectors. For example, you might connect four pairs of wires from a punch down block to a port on the patch panel. On the patch panel, you then connect drop cables (cables with RJ45 connectors) to the patch panel on one end and a computer on the other end. Use 66 and 110 blocks to connect individual wires within a wiring closet. These punch down blocks connect the individual wires together, but they do not terminate in RJ45 connectors. A horizontal cross connect connects IDFs on the same floor.

Which of the following hardware devices links multiple networks and directs traffic between networks? Repeater Router Bridge Hub

Router EXPLANATION A router is a device that links multiple networks and directs traffic between networks. Each network linked by routers has its own unique identifier called the network number or network address. A hub and a repeater send received signals out all other ports. These devices do not examine the frame or the packet contents. Bridges learn addresses by copying the MAC address of the source device and placing it into the MAC address table.

Which of the following has the least default administrative distance? OSPF RIP Static route to an IP address External BGP

Static route to an IP address EXPLANATION A static route to an IP address has a default administrative distance of 1. The only thing that has a lower administrative distance is a connected interface or static route. When more than one protocol is enabled on a router, each protocol is given an administrative distance. When the best path is being determined, protocols with a lower administrative distance are chosen over those with a higher administrative distance. External BGP (Border Gateway Protocol) has an administrative distance of 20. RIP (Routing Information Protocol) has an administrative distance of 120. OSPF (Open Shortest Path First) has an administrative distance of 110.

You need to connect a workstation to a switch using a regular port on the switch (not an uplink port). The switch does not support auto-MDI. Which type of cable should you use? Straight-through Rollover Crossover Loopback

Straight-through EXPLANATION Use a straight-through cable to connect a workstation or router to a regular switch port. Use a crossover cable to connect a workstation to an uplink port. Use a rollover cable to connect a workstation to a switch's console port. Use a loopback plug to allow a workstation to communicate with itself through its own network adapter.

You have only one physical interface but want to connect two IP networks. Which of the following would allow you to do so? The sticky feature A loopback address Virtual IPs Subinterfaces

Subinterfaces EXPLANATION You can use subinterfaces to connect two IP networks through one parent physical interface. Each subinterface is given its own IP information and data can then be routed from one network to the other through the physical interface. A loopback address is a special IP address used for diagnostics and for troubleshooting the TCP/IP stack. Virtual IPs (VIPs) are IP addresses that are not associated with a single device. Multiple devices with an internet connection can share a VIP. They are used for one-to-many Network Address Translation, mobility, and fault tolerance. The sticky feature is a Cisco port security command that you can enable to automatically add MAC addresses to the Content Addressable Memory (CAM) table, or MAC address table.

Which of the following needs to be configured when a device receives its IP configuration from APIPA? Subnet Mask Default gateway IP lease time DNS server IP address

Subnet Mask IP address EXPLANATION When you use APIPA, only the IP address and subnet mask are configured. The default gateway and DNS server addresses are not assigned. Lease times only apply to IP addresses that are assigned by a DHCP server, not APIPA.

You've recently installed a new Windows server. To ensure system time accuracy, you've loaded an application that synchronizes the hardware clock on the server with an external time source on the internet. Now you must configure your network firewall to allow time synchronization traffic through. Which of the following ports are you MOST LIKELY to open on the firewall? 119 80 123 110

123 EXPLANATION TCP/IP port 123 is assigned to Network Time Protocol (NTP). NTP is used to communicate time synchronization information between systems on a network. HyperText Transfer Protocol (HTTP) uses TCP/IP port 80. HTTP is the protocol used to send requests to a web server and retrieve web pages from the web server. TCP/IP port 119 is used by the Network News Transfer Protocol (NNTP). NNTP is used to access and retrieve messages from newsgroups. TCP/IP port 110 is used by Post Office Protocol version 3 (POP3). POP3 is used to download email from mail servers.

Which port does Telnet use? 23 80 25 53

23 EXPLANATION Telnet uses port 23. HyperText Transfer Protocol (HTTP) uses port 80. Simple Mail Transfer Protocol (SMTP) uses port 25. Domain Name System (DNS) uses port 53.

You've implemented a network where hosts are assigned specific roles, such as file sharing and printing roles. Other hosts access those resources, but they don't host services of their own. Which type of network do you have? Intranet Extranet Client-server Peer-to-peer

Client-server In a client-server network, hosts have specific roles. For example, some hosts are assigned server roles, which allow them to provide network resources to other hosts. Other hosts are assigned client roles, which allow them to consume network resources. In a peer-to-peer network, each host can provide network resources to other hosts or access resources located on other hosts, and each host is in charge of controlling access to those resources. An intranet is a private network that uses internet technologies. Services on an intranet are only available to hosts that are connected to the private network. An extranet is a private network that uses internet technologies, but whose resources are made available to external (but trusted) users. For example, you might create a website on a private network that only users from a partner company can access.

Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery? TFTP ICMP IGMP DHCP

ICMP EXPLANATION Internet Control Message Protocol (ICMP) allows hosts to exchange messages to indicate a packet's status as it travels through a network. IGMP (Internet Group Management Protocol) establishes multicast group memberships, which allows a computer to send a single network packet to multiple hosts on a network at the same time. DHCP is used to automatically assign addresses and other configuration parameters to network hosts. TFTP (Trivial File Transfer Protocol) is often used when files need to be transferred between systems quickly.

At which layer of the OSI model do hubs operate? Physical Data Link Internet Layer 3

Physical EXPLANATION Hubs operate at Layer 1, or the Physical layer of the OSI model.

You need to terminate a Cat6 UTP cable with an RJ45 connector. Your organization's IT policy states that all cable connectors must be wired according to TIA568B standards. Drag the UTP wire on the left to the correct pin on the RJ45 connector on the right. Pin 1 Pin 2 Pin 3 Pin 4 Pin 5 Pin 6 Pin 7 Pin 8

Pin 1 - White with orange stripe Pin 2 - Solid orange Pin 3 - White with green stripe Pin 4 - Solid blue Pin 5 - White with blue stripe Pin 6 - Solid green Pin 7 - White with brown stripe Pin 8 - Solid brown EXPLANATION The T568B wiring standard specifies the following pinout for RJ45 connectors: Pin 1: White with orange stripe Pin 2: Solid orange Pin 3: White with green stripe Pin 4: Solid blue Pin 5: White with blue stripe Pin 6: Solid green Pin 7: White with brown stripe Pin 8: Solid brown

TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back? RST SYN/RST ACK SYN/ACK

SYN/ACK EXPLANATION If Computer 1 sends a SYN packet to Computer 2, Computer 2 receives the packet and sends a SYN/ACK packet to Computer 1. Computer 1 receives the SYN/ACK packet and replies back with an ACK packet, and the connection is complete. A SYN flag is used to start a connection between hosts. An ACK acknowledges the receipt of a packet. An RST resets a connection.

Which of the following cables offers the best protection against EMI? RG-6 Single-mode fiber optic Cat 5 Cat 5e

Single-mode fiber optic EXPLANATION Fiber optic cables offer the best protection against electromagnetic interference (EMI).

Which of the following geographic network types is typically managed by a city as a public utility? Personal area network (PAN) Wide area network (WAN) Metropolitan area network (MAN) Local area network (LAN)

Metropolitan area network (MAN) A metropolitan area network (MAN) is a network that can cover an entire city. A city typically owns and manages a MAN as a public utility. A PAN is a small network for communication between personal devices. A LAN is contained to an office and managed by a business. A WAN is a collection of LANs that are connected together to form a large internetwork. WAN connections are typically managed by an ISP.

A rack's height is measured in rack units (Us). How tall is a single rack unit? 1.5 inches tall 1.25 inches tall 1.75 inches tall 2 inches tall

1.75 inches tall EXPLANATION A single rack unit (1U) is 1.75 inches tall and represents one slot in the rack.

You're configuring a network firewall to allow SMTP outbound email traffic and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall? (Select two.) 21 143 443 110 25

110 25 EXPLANATION Simple Mail Transfer Protocol (SMTP) uses TCP/IP port 25. Post Office Protocol version 3 (POP3) uses TCP/IP port 110. File Transfer Protocol (FTP) uses TCP/IP port 21. Internet Message Access Protocol version 4 (IMAP4) uses TCP/IP port 143. Secure Sockets Layer (SSL) uses TCP/IP port 443.

Rack heights vary from a few rack units to many rack units. The most common rack heights are 24U and 42U. How tall is a 24U rack? 30 inches 36 inches 48 inches 42 inches

42 inches EXPLANATION A 24U rack is 42 inches tall. A single rack unit (1U) is 1.75 inches tall and represents one slot in the rack. Rack heights vary from a few rack units to many rack units. The most common rack heights are 24U and 42U.

While viewing the status of interfaces on a Cisco switch, you see an abnormally large number of CRC errors on one interface. This interface is connected to a user's workstation that is located in a cubicle on the second floor. What could cause this to happen? A strong EMI emitter near the cable connected to that interface. Two hosts on the network with the same MAC address. An incorrect subnet mask configured on the workstation. Collisions between two or more network hosts.

A strong EMI emitter near the cable connected to that interface. EXPLANATION The most likely cause is EMI or crosstalk on the UTP cabling, which can corrupt frames transmitted on the wire and cause a CRC error. On a hub-based Ethernet network, these errors are usually caused by collisions. However, because a switch is being used in this scenario, collisions can't occur. CRC errors are almost always Layer 1 errors. Duplicate MAC addresses would result in a Layer 2 error. Incorrect protocol or IP addressing configurations result in Layer 3 errors.

During network transmission, data is transferred to various routers, which forward the data to the appropriate network. If the source and destination network addresses reside on the same network, which protocol is used to determine the destination IP's MAC address? UDP HTTP GET TCP ARP

ARP EXPLANATION Address Resolution Protocol (ARP) is used to determine the host's MAC address using the destination IP address. An HTTP GET requests web page information from a web server. UDP and TCP are both Transport layer protocols.

A host wants to send a message to another host that has an IP address of 115.99.80.157, but it does not know the destination device's hardware address. Which protocol can be used to discover the MAC address? IGMP ICMP DNS ARP

ARP EXPLANATION Hosts use Address Resolution Protocol (ARP) to discover a host's hardware address. DNS is used to map hostnames to IP addresses. ICMP notifies routers of problems on the network and undeliverable packets. IGMP establishes multicast group memberships, which allows a computer to send a single network packet to multiple hosts on a network at the same time.

Match each networking function or device on the left with its associated OSI model layer on the right. Application layer Presentation layer Session layer Transport layer Network layer Data Link layer Physical layer

Application layer - HTTP Presentation layer - Encapsulation Session layer - Session ID number Transport layer - Port number Network layer - Router Data Link layer - Switch Physical layer - Modem EXPLANATION The following table describes how devices function at different layers of the OSI model: HTTP functions at the Application layer. Encapsulation happens at the Presentation layer. Session IDs are assigned at the Session layer. Port numbers are assigned at the Transport layer. Routers function at the Network layer. Switches function at the Data Link layer. Modems function at the Physical layer.

What is the purpose of a frame check sequence (FCS) footer? Control information Hold segment data Checksum error detection Contain logical network addresses

Checksum error detection EXPLANATION The Link layer converts packets into frames, adding physical device addressing information and a frame check sequence footer for error detection. It also converts the frames into bits (0s and 1s) for transmission across the transmission media. Control information is added at the Transport layer. The Transport layer breaks the data into pieces called segments. The Internet layer converts the segments into packets, adding logical network and device addresses.

You have a cable internet connection at home. The installer had connected the router near the outside wall of your house with RG6 cable. You move the cable router a distance of 50 meters using RG8 cables and special connector adapters. Which condition are you MOST LIKELY to experience? FEXT Echo EMI NEXT

Echo EXPLANATION An impedance mismatch (manifested by echo) occurs when you connect cables and devices that have a different impedance (resistance) rating. RG6 cables have a rating of 75 ohms, while RG8 cables have a rating of 50 ohms. Near-end crosstalk (NEXT) is crosstalk measured on the same end as the transmitter. Far-end crosstalk (FEXT) is crosstalk measured on the opposite end from the transmitter. Electromagnetic interference (EMI) and radio frequency interference are external signals that interfere with normal network communications.

Which of the following is the process of breaking a message into packets, adding controls and other information, and then transmitting the message through the transmission medium? Encapsulation Sequencing Transformation Segmentation

Encapsulation EXPLANATION Encapsulation is the process of breaking a message into packets, adding controls and other information, and then transmitting the message through the transmission medium. The Transport layer adds sequencing and control information. The Internet layer converts the segments into packets. Data flows down through the layers of the OSI model on the sending system and is transformed at each layer.

Which of the following functions are performed by the OSI Transport layer? (Select three.) Media access control, logical topology, and device identification Consistent data formatting between dissimilar systems End-to-end flow control Path identification and selection Reliable message delivery Data segmentation and reassembly Packet formatting for delivery through the medium

End-to-end flow control Reliable message delivery Data segmentation and reassembly EXPLANATION The Transport layer is responsible for breaking upper-layer data into segments and allowing reliable communication through end-to-end flow control, error detection, and error correction. Message transmission through a medium is performed at the Physical layer. Media access, logical topology, and device identification occur at the Data Link layer. Path identification and selection is a function of the Network layer. Data formatting is performed at the Presentation layer.

Which of the following hardware devices regenerate a signal out of all connected ports without examining the frame or packet contents? (Select two.) Switch Router Hub Bridge Repeater

Hub Repeater EXPLANATION A hub and a repeater send received signals out of all other ports. These devices do not examine the frame or packet contents. Switches and bridges use the MAC address in a frame for forwarding decisions. A router uses the IP address in a packet for forwarding decisions.

Which of the following connectors are used with fiber optic cables and include both cables in a single connector? (Select two.) MTRJ ST LC SC BNC

MTRJ LC EXPLANATION LC and MTRJ connectors have both fiber optic cables in a single connector. ST and SC connectors hold a single strand of fiber optic cabling. A cable using either one has two connectors on each end. A BNC connector is used with coaxial cable.

You have a large TCP/IP network and want to keep a host's real-time clock synchronized. Which protocol should you use? NTP SMTP SNMP FTP

NTP EXPLANATION Network Time Protocol (NTP) keeps computers' clocks synchronized. SMTP is used to send mail between email servers. SNMP lets network administrators set up alerts to monitor the state of a network. FTP (File Transfer Protocol) provides a generic method for transferring files.

At which OSI layer does a router operate to forward network messages? Data Link Transport Network Physical

Network EXPLANATION A router uses the logical network address specified at the Network layer to forward messages to the appropriate LAN segment. A bridge, on the other hand, uses the MAC address and works at the Data Link layer.

Which term does the OSI model use that's different from the TCP/IP model in reference to the terms frame, packet, and segment? HTTP Session Presentation Protocol data unit (PDU)

Protocol data unit (PDU) EXPLANATION The OSI model uses the term protocol data unit (PDU) instead of the terms frame, packet, and segment. The Presentation and Session layers are Layers 5 and 6 of the OSI model, respectively, and do not correspond to the use of frame, packet, and segment in the TCP/IP model. HyperText Transfer Protocol (HTTP) is the protocol in the Application layer that supports web requests.

Which tool should you use to extend network services beyond the demarc? Punch down tool Crimper Patch panel Tone generator

Punch down tool EXPLANATION A demarc is the location where the local network ends and the telephone company's network begins. This location is usually at a punchdown block in a wiring closet. You use a punch down tool to attach wires to the punchdown block. A tone generator sends a signal on the wire. A crimping tool is used to attach connectors to wires. Patch panels permit circuits to be arranged and rearranged by plugging and unplugging respective patch cords on a mounted hardware assembly.

You have a small home network connected to the internet using an RG-6 cable. You need to move the router, but you can't find anymore RG-6 cabling. Which cable type could you use instead? Cat 3 RG-58 RG-59 Cat 5e

RG-59 EXPLANATION RG-6 has an impedance rating of 75 ohms. It's important to use coaxial cables with the same impedance rating, and only RG-59 is rated for 75 ohms. Connecting coaxial cables with Cat 3 and Cat 5e cables requires a media converter.

Which of the following connectors is used with fiber optic cables and requires that you use a twisting motion to connect it? BNC SC ST F-type

ST EXPLANATION An ST connector is used with fiber optic cables and uses a twist-type connector. Use the mnemonic Set and Twist. An SC connector is used with fiber optic cables, but you plug it in instead of twist it in. F-type and BNC connectors employ a twist to connect, but they're used with coaxial cables.

Which type of optical fiber is normally used to connect two buildings that are several kilometers apart? Shielded twisted pair Multi-mode fiber Coaxial cable Single-mode fiber

Single-mode fiber EXPLANATION In this scenario, you would use single-mode fiber optic cables. Fiber optic is graded as single-mode or multi-mode. Single-mode consists of a very thin singular core, which produces fewer reflections. This provides greater effective bandwidth over greater distances. Multi-mode is less costly than single-mode fiber. Multi-mode is used to transmit over shorter distances, as the rays tend to disperse as the transmission distance increases. Coaxial and shielded twisted pair are not suitable for long distances between buildings.

You have a small network that uses a switch to connect multiple devices. Which physical topology are you using? Star Ring Mesh Bus

Star EXPLANATION A switch creates a network with a physical star topology. The physical star topology uses a logical bus topology and sends messages to all the devices connected to the hub. A mesh topology is a series of point-to-point links between devices. A ring topology uses a central device called an MSAU. A bus topology connects all devices to a trunk cable.

You're an application developer, and you're writing a program for exchanging video files through a TCP/IP network. You need to select a transport protocol that will guarantee delivery. Which TCP/IP protocol provides this capability? TCP FTP SIP UDP

TCP EXPLANATION In this scenario, you should write the application to use Transmission Control Protocol (TCP). TCP guarantees delivery through error checking and acknowledgments. FTP provides a generic method for transferring files. It can protect access to files by requiring usernames and passwords. UDP is a host-to-host protocol like TCP, but it doesn't acknowledge that each packet was transmitted. SIP is an open-source VoIP protocol.

Which of the following network services or protocols uses TCP/IP port 69? NNTP TFTP POP3 SMTP

TFTP EXPLANATION Trivial File Transfer Protocol (TFTP) uses TCP/IP port 69. TFTP is a connectionless service for downloading files from a remote system. It's often used for downloading firmware to networking devices. Network News Transfer Protocol (NNTP) is used to access and download messages from newsgroup servers. NNTP uses TCP/IP port 119. Simple Mail Transfer Protocol (SMTP) is used to send and receive email. SMTP uses TCP/IP port 25. Post Office Protocol version 3 (POP3) is used to download email from a remote system. POP3 uses TCP/IP port 110.

Which of the following are characteristics of an LC fiber optic connector? (Select two.) They are half the size of standard connectors. They use a housing and latch system similar to an RJ45 UTP connector. They use a one-piece bayonet connecting system. They are threaded. They can be used with either fiber optic or copper cabling.

They are half the size of standard connectors. They use a housing and latch system similar to an RJ45 UTP connector. EXPLANATION LC fiber optic connectors are small, at about half the size of other fiber optic connectors. Their appearance is similar to a typical RJ45 connector used with UTP wiring. Like an RJ45 connector, an LC fiber optic connector uses a small latch to lock the connector in a jack. ST uses a one-piece bayonet connecting system.

You've connected a cable certifier to an RJ45 wall jack, and the output shown below is displayed on the device. What does this output indicate? (Select two.) There are multiple shorts on this cable. This is a crossover cable. This is a straight-through cable. The cable is functioning correctly. There are multiple open pins on this cable.

This is a crossover cable. The cable is functioning correctly. EXPLANATION In this display, the cable being tested is a correctly wired crossover cable. Output with (x) characters between pins indicates that they're shorted. Straight-through connections are displayed using (-) characters in the cable certifier's output. Open connections are displayed with no characters or lines between pin numbers.

During TCP/IP communication between two network hosts, information is encapsulated on the sending host and decapsulated on the receiving host using the OSI model. Match the information format on the left with the appropriate layer of the OSI model on the right. Transport layer Network layer Data Link layer Physical layer

Transport layer - Segments Network layer - Packets Data Link layer - Frames Physical layer - Bits EXPLANATION Encapsulation is the process of breaking a message into packets, adding controls and other information, and transmitting the message through the transmission media. The following is the five-step data encapsulation/decapsulation process used by the OSI model: Upper layers prepare the data to be sent through the network. The Transport layer breaks the data into pieces called segments, adding sequencing and control information. The Network layer converts the segments into packets, adding logical network and device addresses. The Data Link layer converts packets into frames, adding physical device addressing information. The Physical layer converts the frames into bits for transmission across the transmission media.

How do switches and bridges learn where devices are located on a network? When a frame enters a port, the source IP address is copied from the frame header. When a frame enters a port, the destination IP address is copied from the frame header. When a frame enters a port, the destination MAC address is copied from frame header. When a frame enters a port, the source MAC address is copied from the frame header.

When a frame enters a port, the source MAC address is copied from the frame header. EXPLANATION Bridges and switches learn addresses by copying the MAC address of the source device and placing it into the MAC address table. The port number that the frame entered is also recorded in the table and associated with the source MAC address. The switch or the bridge cannot record the destination MAC address because it does not know the port that is used to reach the destination device.

Why might you use an RJ11 connector? You want to connect a 10GBaseT network to a switch card using a Cat 6 cable. You want to connect your computer to the internet with a DSL modem. You want to upgrade your 10BaseT network to 100BaseTX. You want to connect your computer to a network using a Cat 7 cable.

You want to connect your computer to the internet with a DSL modem. EXPLANATION RJ11 connectors are typically used for telephones and modems. RJ45 connectors are used for 100BaseTX. RJ45 connectors are used for 10GBaseT using Cat 6 cables. GG45 or TERA connectors are used with Cat 7 cables.

Which type of address is the IP address 198.162.12.254/24? Private Broadcast Unicast Multicast

Unicast EXPLANATION The IP address 198.162.12.254 is a unicast address that identifies a single host on the 198.162.12.0 subnet. 198.162.12.255 is the broadcast address for the subnet. Multicast addresses are in the range of 224.0.0.0 to 239.255.255.255. The private IPv4 address ranges are: 10.0.0.1 to 10.255.255.254 172.16.0.1 to 172.31.255.254 192.168.0.1 to 192.168.255.254

Your network follows the 100Base-TX specifications for Fast Ethernet. What is the maximum cable segment length allowed? 100 meters 500 meters 2,000 meters 1,000 meters

100 meters EXPLANATION Fast Ethernet using twisted-pair cables (either 100BaseT4 or 100BaseTX) has a maximum cable segment length of 100 meters. All Ethernet networks that use twisted-pair cable (Ethernet, Fast Ethernet, and Gigabit Ethernet) have a distance limitation of 100 meters.

A host has an address of 100.55.177.99/16. Which of the following is the broadcast address for the subnet? 100.255.255.255 255.255.255.0 100.55.255.255 255.255.0.0

100.55.255.255 EXPLANATION The broadcast address for the subnet is the last address on the subnet. In this example, the address uses 16 bits in the subnet mask (255.255.0.0), meaning that the first two octets indicate the subnet address (100.55.0.0), and the last two octets are used for host addresses. The last possible address on this subnet is 100.55.255.255.

You have been tasked with designing an Ethernet network. Your client needs to implement a very high-speed network backbone between campus buildings, some of which are around 300 meters apart. Multimode fiber optic cabling has already been installed between buildings. Your client has asked that you use the existing cabling. Which Ethernet standard meets these guidelines? (Choose two.) 1000Base-SX 10Base-FL 10GBase-SR 1000Base-T 10GBase-T

1000Base-SX 10GBase-SR EXPLANATION 10GBase-SR and 1000Base-SX can operate within these parameters. Both support segment lengths 300 meters long and can use multimode fiber optic cabling. 10Base-FL isn't a good choice because its data transmission rate is relatively slow. 10GBase-T and 1000Base-T both use copper wiring.

Which Gigabit Ethernet standard uses multimode fiber optic cabling and supports network segments up to a maximum of 550 meters long? 1000Base-SX 1000Base-CX 1000Base-T 1000Base-ZX

1000Base-SX EXPLANATION The 1000Base-SX standard uses multimode fiber optic cable with a maximum segment length of 550 meters. However, to implement segments this long, you must use 50-micron 500MHz/km multimode fiber optic cabling. Other types of cabling will shorten the maximum segment length. 1000Base-FX also supports lengths up to 550 meters using multimode cabling. 1000Base-FX supports distances up to 10 kilometers using single-mode cabling. 1000Base-ZX has a maximum segment length of up to 100 km. 1000Base-CX and 1000BaseT use copper cabling instead of fiber optic.

Which Gigabit Ethernet standard can support long network segments up to a maximum of 5 km when used with single-mode fiber optic cable? 1000BaseSX 1000BaseLX 1000BaseCX 1000BaseT

1000BaseLX EXPLANATION 1000BaseLX supports segment lengths of up to 5 km when used with single-mode fiber optic cable. This maximum segment length is cut to 550 m when multimode fiber optic cable is used. 1000BaseSX supports segment lengths of only 550 meters. 1000BaseCX uses copper wire and supports segment lengths of only 25 meters. 1000BaseT uses twisted-pair cables.

You want to implement an Ethernet network at very long distances using fiber optic cables. Which standard and cable type would you choose? (Select two.) Mutimode fiber 1000BaseCX 1000BaseSX 1000BaseLX Single-mode fiber

1000BaseLX Single-mode fiber EXPLANATION Of the standards listed in this question, 1000BaseLX provides the greatest cable length (think of the "L" in 1000BaseLX as "Long"). When using fiber optic across long distances, use single-mode fiber. Multimode fiber is cheaper, but it has a shorter maximum distance than single-mode fiber. 1000BaseSX stands for short fiber optic, and 1000BaseCX uses short copper within a wiring closet.

You would like to implement 10 Gbps Ethernet over a distance of 1 kilometer or greater. Which of the following would be the minimum requirement for this implementation? (Select two.) 10GBaseLR standards Single-mode fiber 10GBaseER standards 10GBaseSR standards Multimode fiber

10GBaseLR standards Single-mode fiber EXPLANATION For 10 Gbps at distances up to 10 kilometers, use 10GBaseLR with single-mode fiber. Multimode fiber is cheaper, but it has a shorter maximum distance than single-mode fiber. 10GBaseSR uses multi-mode fiber at distances up to 300 meters. 10GBaseER supports distances up to 40 kilometers using single-mode fiber.

Which of the following uses metal clips placed over plastic slots to connect individual copper wires? 110 block 100 pair 25 pair 66 block

110 block EXPLANATION A 110 block is a punch down block that uses metal clips fitted over plastic pins. To connect wires using a 110 block, place the wires in the plastic slots, attach the metal clip, and then punch down the connecting cable on the top of the clip. A 66 block uses metal pins to connect wires. Wires are placed in the pins, and pins within a row are electrically connected. 25 pair and 100 pair are cable bundles that include multiple pairs of copper wires (either 25 pairs of wires or 100 pairs of wires).

What is the correct binary form of the decimal IP address 192.168.1.1? 10101100.00010001.00000001.00000001 11000000.10101000.00000001.00000001 00001010.10101000.00000001.00000001 11000000.10101000.00000010.00000001

11000000.10101000.00000001.00000001 EXPLANATION The decimal equivalent of the 11000000.10101000.00000001.00000001 IP address is 192.168.1.1. To convert from binary to decimal, use the decimal equivalent of the following binary numbers: 10000000: 128 01000000: 64 00100000: 32 00010000: 16 00001000: 8 00000100: 4 00000010: 2 00000001: 1 For each bit position with a 1 value in the binary form of the address, add the decimal values for that bit. For example, the decimal equivalent of 11000000 is 128 + 64 + 0 + 0 + 0 + 0 + 0 + 0 = 192 The decimal equivalent of 10101100.00010001.00000001.00000001 is 172.17.1.1. The decimal equivalent of 00001010.10101000.00000001.00000001 is 10.168.1.1. The decimal equivalent of 11000000.10101000.00000010.00000001 is 192.168.2.1.

Which of the following ports does NTP run on? 80 21 443 123

123 EXPLANATION NTP runs on UDP port 123. HTTP operates on port 80. HTTPS traffic using TLS runs on port 443. FTP traffic runs on port 21.

Which of the following is the highest stratum level allowed? 20 10 15 5

15 EXPLANATION Stratum Level 15 is the highest level allowed.

Which port number is used by SNMP? 25 110 119 161

161 EXPLANATION Simple Network Management Protocol (SNMP) uses port 161. The other listed ports are used by the following protocols: SMTP uses port 25. POP3 uses port 110. NNTP uses port 119.

Which network address and subnet mask does APIPA use? (Select two.) 169.255.0.0 169.0.250.0 255.0.0.0 255.255.255.0 169.254.0.0 255.255.0.0

169.254.0.0 255.255.0.0 EXPLANATION Automatic Private IP Addressing (APIPA) uses a network address of 169.254.0.0 with a default Class B subnet mask of 255.255.0.0. Host addresses are within the range of 169.254.0.1 and 169.254.255.254.

Which of the following IP address ranges is reserved for Automatic Private IP Addressing (APIPA)? 169.192.0.0 - 169.192.254.255 169.168.0.1 - 169.168.255.255 169.254.0.1 - 169.254.255.254 192.168.0.0 - 192.168.255.254

169.254.0.1 - 169.254.255.254 EXPLANATION The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.1 through 169.254.255.254 for Automatic Private IP Addressing (APIPA). APIPA also sets the subnet mask on the network to 255.255.0.0.

Which of the following is NOT one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server? 192.168.0.1 to 192.168.255.254 172.16.0.1 to 172.31.255.254 169.254.0.1 to 169.254.255.254 10.0.0.1 to 10.255.255.254

169.254.0.1 to 169.254.255.254 EXPLANATION 169.254.0.1 to 169.254.255.254 is the IP address range assigned to Windows DHCP clients (if a DHCP server does not assign the client an IP address). This range is known as the Automatic Private IP Addressing (APIPA) range. The other three ranges listed in this question are defined as private IP addresses in RFC 1918, which are commonly used behind a NAT server.

Which of the following is a valid APIPA address? 10.23.0.50 169.254.32.50 192.168.0.50 169.0.0.50

169.254.32.50 EXPLANATION An IP address that is assigned by APIPA will be within the range of 169.254.0.0 to 169.254.255.254. 192.168.0.50 is a Class C private IP address. 10.0.0.50 is a Class A private IP address.

Your network has a network address of 172.17.0.0 with a subnet mask of 255.255.255.0. Which of the following are true concerning this network? (Select two.) 172.17.0.255 is the network broadcast address. 172.17.255.255 is the network broadcast address. 172.17.0.1 is reserved for the default gateway. 254 IP addresses can be assigned to host devices. 256 IP addresses can be assigned to host devices.

172.17.0.255 is the network broadcast address. 254 IP addresses can be assigned to host devices. EXPLANATION You can subnet a Class B address to provide additional subnet addresses. (Notice how, by using a custom subnet mask, the Class B address looks like a Class C address.) Network address: 172.17.0.0 Subnet mask: 255.255.255.0 Number of subnets: 256 Number of hosts per subnet: 254 Subnet addresses: 172.17.1.0, 172.17.2.0, 172.17.3.0, and so on Host address ranges: 172.17.1.1 to 172.17.1.254, 172.17.2.1 to 172.17.2.254, 172.17.3.1 to 172.17.3.254, and so on

Based on the address prefix for each IPv6 address on the right, identify the address type from the list on the left. (Addresses may not represent actual addresses used in production.) 2001:6789:9078::ABCE:AFFF:FE98:0001 FD00::8907:FF:FE76:ABC FEA0::AB89:9FF:FE77:1234 FF00:98BD:6532::1 FF02::1:2

2001:6789:9078::ABCE:AFFF:FE98:0001 Global unicast FD00::8907:FF:FE76:ABC Unique local FEA0::AB89:9FF:FE77:1234 Link-local FF00:98BD:6532::1 Multicast FF02::1:2 Multicast EXPLANATION Based on previous standards, global unicast addresses start with 20, but they can now include any prefix that isn't reserved. Addresses beginning with FC or FD are unique local addresses. Addresses beginning with FE8, FE9, FEA, or FEB are link-local addresses. Addresses beginning with FF are multicast addresses. There are no broadcast addresses in IPv6.

Consider the following output from a dig command run on a Linux system. ; <<>> DiG 8.2 <<>> westsim111.com;;res options:init recurs defnam dnsrch;;got answer:;;->>HEADER<<-opcode:QUERY, status: NOERROR, id:4;;flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2, ADDITIONAL:0;;QUERY SECTION:;; westsim111.com, type = A, class = IN;;ANSWER SECTION:westsim111.com. 7h33m IN A 76.141.43.129;;AUTHORITY SECTION:westsim111.com. 7h33m IN NS dns1.deriatct111.com.westsim111.com. 7h33m IN NS dns2.deriatct222.com.;;Total query time: 78 msec;;FROM: localhost.localdomain to SERVER:default -- 202.64.49.150;;WHEN: Tue Feb 16 23:21:24 2005;;MSG SIZE sent: 30 rcvd:103 What is the IP address of the DNS server that performed this name resolution? 202.64.49.150 16.23.21.24 192.168.1.100 76.141.43.129

202.64.49.150 EXPLANATION When you use the dig command to perform a manual DNS lookup, a range of information is provided to you. The IP address of the DNS server that performed the name resolution is shown at the bottom area of the output on the end of the ;;FROM line. The IP address shown in the answer section denotes the resolved IP address for the domain or host that the resolution was requested for. In this case, that address is 76.141.43.129. The other two answers are invalid.

You're working with an older 10Base2 Ethernet network. Which of the following connector types will you MOST LIKELY encounter? ST BNC RJ11 F-type

BNC EXPLANATION A 10Base2 Ethernet network (also called a thinnet) is an older type of network that uses coaxial cables with BNC connectors for communication. F-type connectors are used for cable and satellite TV connections as well as broadband cable connections. RJ11 connectors are typically used for dial-up and DSL connections. ST connectors are used with fiber optic cables.

You manage a network with two locations (Portland and Seattle). Both locations are connected to the internet. The computers in both locations are configured to use IPv6. You'd like to implement an IPv6 solution to meet the following requirements: Hosts in each location should be able to use IPv6 to communicate with hosts in the other location through the IPv4 internet. You want to use a site-to-site tunneling method instead of a host-to-host tunneling method. Which IPv6 solution should you use? 6to4 tunneling Teredo tunneling 4to6 tunneling ISATAP

6to4 tunneling EXPLANATION Use 6to4 tunneling to create a router-to-router tunnel between two sites through an IPv4 network. Use Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) to enable IPv6 hosts to communicate over a private IPv4 network within a site. ISATAP doesn't work between sites. Use Teredo tunneling to configure a host-to-host tunnel between two hosts separated by symmetric NAT. Use 4to6 tunneling to allow IPv4 traffic on an IPv6 network.

Which of the following is the open standard for tagging Layer 2 frames? RFC1918 802.1q NDP ARP

802.1q EXPLANATION 802.1q is the open standard for tagging Layer 2 frames and is used for implementing trunk porting. RFC1918 is used to create IP addresses on a private network. ARP (Address Resolution Protocol) works at Layer 3 to establish the MAC address that's linked to the gateway's IP address. NDP (Neighbor Discovery Protocol) works for address resolution with IPv6.

Multi-mode fiber is designed to operate at which of the following wavelengths? 1310 nm and 1550 nm 1300 nm and 1550 nm 850 nm and 1310 nm 850 nm and 1300 nm

850 nm and 1300 nm EXPLANATION Multi-mode fiber is designed to operate at 850 nm and 1300 nm. Single-mode fiber is optimized for 1310 nm and 1550 nm.

Which of the following must each device's MTU be set to for jumbo frames to transverse the network without risk of fragmentation? 1,500 9,000 3,000 6,000

9,000 EXPLANATION The MTU of each device in the network must be set to 9,000 for jumbo frames to transverse the network without fragmentation. If a device's MTU is set to 1,500, 3,000, or 6,000, a jumbo frame could be fragmented.

Which of the following IPv6 addresses is equivalent to the IPv4 loopback address of 127.0.0.1? FE80::1 :: FF02::1 ::1

::1 EXPLANATION The IPv6 loopback address is ::1. The local loopback address isn't assigned to an interface. It can be used to verify that the TCP/IP protocol stack has been properly installed on the host. :: is the unspecified address (also identified as ::/128). The unspecified address is used when there's no IPv6 address. It's typically used during system startup, or when the host hasn't yet configured its address. The unspecified address shouldn't be assigned to an interface. Multicast addresses have an FF00::/8 prefix. FF02::/8 is the multicast prefix for all nodes on the local link.

Which of the following BEST describes Ethernet flow control? A protocol designed to prevent looping in network traffic. A configuration that allows traffic from multiple VLANs on a single port. A configuration that allows frames larger than 1,500 bytes to pass through the port without fragmentation. A configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent.

A configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent. EXPLANATION Ethernet flow control is a configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent. Port tagging is a configuration that allows traffic from multiple VLANs on a single port. Setting your network devices' MTU to 9,000 is a configuration that allows frames larger than 1,500 bytes (known as jumbo frames) to pass through the ports without fragmentation. Spanning Tree Protocol is a protocol designed to prevent looping in network traffic.

Which of the following best describes DHCP scope exhaustion? When IP address lease times on a DHCP server are shortened. A denial of service from a lack of IP addresses in a DHCP server's pool. When an attacker adds a second DHCP server to a network and offers IP addresses to clients wanting to join the network. When a DHCP snooping technique is used to drop packets from untrusted DHCP servers.

A denial of service from a lack of IP addresses in a DHCP server's pool. EXPLANATION A denial of service from a lack of IP addresses in a DHCP server's pool is one form of DHCP scope exhaustion. Another form comes from inefficient IP address management in which the IP address pool is depleted faster than it can be refilled. A rogue DCHP server occurs when an attacker adds a second DHCP server to a network and offers IP addresses to client wanting to join the network. If the network administrator does not have control over a DHCP server, it is considered a rogue DHCP server. Shortening IP address lease times on a DHCP server can help prevent DHCP scope exhaustion. DHCP snooping techniques can help protect against rogue DHCP servers.

Which of the following is true about a network-based firewall? A network-based firewall is less expensive and easier to use than host-based firewalls. A network-based firewall are considered software firewalls. A network-based firewall is installed at the edge of a private network or network segment. A network-based firewall is installed on a single computer.

A network-based firewall is installed at the edge of a private network or network segment. EXPLANATION A network-based firewall is installed at the edge of a private network or network segment. Network-based firewalls are more expensive and require more configuration than other types of firewalls, but they are much more robust and secure. A host-based firewall is installed on a single computer in a network. Most network-based firewalls are considered hardware firewalls even though they use a combination of hardware and software.

Which of the following do hosts on a private network share if the network utilizes a NAT router? A virtual IP address A physical MAC address A virtual MAC address A physical IP address

A physical IP address EXPLANATION Hosts on a private network share the NAT router's physical IP address. The NAT router allows the hosts to share its physical IP address when connecting to the internet. Hosts on a private network do not share virtual or physical MAC addresses on a network that utilizes a NAT router. Each host retains its own MAC address. Hosts on a private network do not share a virtual IP address on a network that utilizes a NAT router.

How does a proxy server differ from a packet-filtering firewall? A proxy server is used to create a screened subnet, while a packet-filtering firewall can only be used with screened subnets. A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer. A proxy server can prevent unknown network attacks, while a packet-filtering firewall can only prevent known attacks. A proxy server includes filters for the session ID as well as the IP address and port number.

A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer. EXPLANATION A proxy server is a device that stands as an intermediary between a secure private network and the public. A proxy server is an Application layer firewall that is capable of filtering by information contained within the data portion of a packet (at the Application layer). A packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. A packet-filtering firewall operates at OSI Layer 3 (Network layer). A signature-based IDS uses patterns to detect known attacks, while an anomaly-based IDS can detect new and unknown attacks.

Which protocol is used by a device to ensure that an APIPA address is not already in use on the network? DHCP IP ARP TCP

ARP EXPLANATION When a host uses APIPA, it randomly picks an address from the APIPA range and sends out an Address Resolution Protocol (ARP) message to ensure that the address is not currently in use. Transmission Control Protocol (TCP) provides services that ensure accurate and timely delivery of network communications between two hosts. It is not used to verify if an IP address is currently in use on the network. Internet Protocol (IP) allows devices to communicate across different networks. It is not used to verify if an IP address is currently in use on the network. Dynamic Host Configuration Protocol (DHCP) is used to pass out IP addresses and other IP configuration information to network clients.

Which of the following devices is MOST LIKELY to be assigned a public IP address? A workstation on your company network that has internet access. A database server that's used by your company's website for storing customer information. A router on your company network that segments your LAN into two subnets. A router that connects your home network to the internet.

A router that connects your home network to the internet. EXPLANATION To connect a private network, home, or business to the internet, you must have a router with a public IP address. The public address allows hosts on the internet to send packets to the router. When you connect a private network to the internet, only the router interface connected to the internet needs a public address. You can then use Network Address Translation (NAT) and assign private addresses to hosts on your private network (including all the routers on the private network). The NAT router translates your private addresses into public addresses. You can even use NAT to place publicly available hosts, such as web servers, on a private network (although these servers are often placed on a special subnet that's connected to the internet and assigned public addresses). With port address translation, incoming messages sent to the publicly available servers are relayed to the private network. Servers that hold confidential data, such as database servers, are normally placed on a private network. Generally, they can only be contacted directly by the necessary devices (such as a web server).

Which of the following is a valid MAC address? AB.07.CF.62.16.BD FABC.875E.9BG6 95ABC2F4.ABC5.569D.43BF 145.65.254.10

AB.07.CF.62.16.BD EXPLANATION MAC addresses are comprised of 12 hexadecimal digits (ranging from 0-9 and A-F). They're typically represented as three sets of four hexadecimal digits or six sets of two hexadecimal digits, separated with periods. Regardless of the grouping and separator values, you look for 12 hex digits to determine whether a MAC address is valid.

Drag each description on the left to the appropriate switch attack type on the right. ARP spoofing/poisoning Dynamic Trunking Protocol MAC flooding MAC spoofing

ARP spoofing/poisoning - The source device sends frames to the attacker's MAC address instead of to the correct device. Dynamic Trunking Protocol - Should be disabled on the switch's end user (access) ports before implementing the switch configuration in to the network. MAC flooding - Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called fail open mode. MAC spoofing - Can be used to hide the identity of the attacker's computer or impersonate another device on the network. EXPLANATION Common attacks that are perpetrated against switches are MAC flooding, ARP spoofing/poisoning, and MAC spoofing. MAC flooding overloads the switch's MAC forwarding table to make the switch function like a hub. MAC flooding works in the following manner: The attacker floods the switch with packets, each containing a different source MAC address. The flood of packets fills up the forwarding table and consumes so much of the memory in the switch that it causes it to enter in to fail open mode. While in this mode, all incoming packets are broadcast out of all ports (as with a hub) instead of just to the correct ports, as per normal operations. The attacker captures all the traffic with a protocol analyzer/sniffer. ARP spoofing/poisoning associates the attacker's MAC address with the IP address of the victim's device. ARP spoofing works in the following manner: When computers send an ARP request for a known IP address's MAC address, the attacker's system responds with its own MAC address. The source device sends frames to the attacker's MAC address instead of to the correct device. Switches are indirectly involved in the attack because they do not verify the MAC address/IP address association. MAC spoofing changes the source MAC address on frames sent by the attacker. MAC spoofing is typically used to bypass 802.1x port-based security. MAC spoofing can be used to bypass wireless MAC filtering. MAC spoofing can be used to hide the identity of the attacker's computer or to impersonate another device on the network. Dynamic Trunking Protocol (DTP) switches have the ability to automatically detect trunk ports and negotiate the trunking protocol used between devices. DTP is not secure and allows unauthorized devices to possibly modify configuration information. You should disable DTP services on a switch's end user (access) ports before implementing the switch configuration on the network.

Your Cisco router has three network interfaces configured. S0/1/0 is a WAN interface that is connected to an ISP. F0/0 is connected to an Ethernet LAN segment with a network address of 192.168.1.0/24. F0/1 is connected to an Ethernet LAN segment with a network address of 192.168.2.0/24. You have configured an access control list on this router using the following rules: deny ip 192.168.1.0 0.0.0.255 any deny ip 192.168.2.0 0.0.0.255 any These rules will be applied to the WAN interface on the router. Your goal is to block any IP traffic coming in on the WAN interface that has a spoofed source address that makes it appear to be coming from the two internal networks. However, when you enable the ACL, you find that no traffic is being allowed through the WAN interface. What should you do? Add a permit statement to the bottom of the access list. Apply the access list to the Fa0/0 interface instead of the S0/1/0 interface. Apply the access list to the Fa0/1 interface instead of the S0/1/0 interface. Use the out parameter instead of the in parameter within each ACL rule.

Add a permit statement to the bottom of the access list. EXPLANATION The problem with this access list is that it only contains deny statements. On Cisco devices, there is an implicit deny any at the end of every access list. You need to add a permit statement and identify the type of traffic that is allowed.

You have a network that's connected using a physical star topology. One of the drop cables connecting a workstation has been removed. Which of the following BEST describes the effect that this will have on network communications? All devices except the device connected with the drop cable will be able to communicate. No devices will be able to communicate. All devices will be able to communicate. Only devices on one side of the missing cable will be able to communicate with each other, while only devices on the other side of the missing cable will be able to communicate with each other. Devices on one side of the missing cable will be able to communicate with each other, while devices on the other side of the missing cable will not be able to communicate.

All devices except the device connected with the drop cable will be able to communicate. EXPLANATION A cable break in a star topology means that the device connected to the central device (hub or switch) through that cable can no longer communicate on the network. All other hosts will be able to communicate with all other devices.

Which of the following gives the same IP address to multiple servers and manually defines different routes on an IPv4 network? Anycast BGP Multicast IGMP

BGP EXPLANATION Anycast only works on IPv6 networks. We can use Border Gateway Protocol (BGP) on an IPv4 network to give the same IP address to multiple servers and manually define different routes. Anycast only works on IPv6 networks. The Internet Group Management Protocol (IGMP) is used to identify multicast group members. It can also forward multicast packets to the segments where group members reside. Multicast is used to send a message to a specific group of devices.

During a network infrastructure upgrade, you replaced two 10 Mbps hubs with switches and upgraded from a Category 3 UTP cable to a Category 5e. During the process, you accidentally cut the Cat 5e patch cable that stretches from the network printer to the upgraded switch. What is the impact on your network? All network nodes authenticated by the same server as the printer will be unavailable. All network nodes, including the printer, will be available. All network nodes connected to the switch will be unavailable. All network nodes on the same subnet as the printer will be unavailable. All network nodes except the printer will be available.

All network nodes except the printer will be available. EXPLANATION UTP cable and switches are associated with a star network topology. In a star topology, each device is attached to the network using its own patch cable. If a cable were to fail for any reason, only the device connected by that cable would be unavailable.

Which of the following describes how an extended access control lists can improve network security? An access control list identifies traffic that must use authentication or encryption. r An access control list filters traffic based on the frame header, such as source or destination MAC address. An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.

An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. EXPLANATION An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. Access control lists are configured on routers, and they operate on Layer 3 information. Port security is configured on switches, which filter traffic based on the MAC address in the frame. An intrusion detection system (IDS) or intrusion prevention system (IPS) examines patterns detected across multiple packets. An IPS can take action when a suspicious pattern of traffic is detected.

Which of the following BEST describes an ARP spoofing attack? An attack that changes the source MAC address on frames. An attack in which a switch is flooded with packets, each containing a different source MAC address. An attack where a frame is manipulated to contain two tags. An attack that associates an attacker's MAC address with the IP address of a victim's device.

An attack that associates an attacker's MAC address with the IP address of a victim's device. EXPLANATION An ARP spoofing attack associates an attacker's MAC address with the IP address of a victim's device. MAC flooding is an attack in which a switch is flooded with packets, each containing a different source MAC address. MAC spoofing is an attack that changes the source MAC address on frames. Double tagging is a VLAN hopping attack where a frame is manipulated to contain two tags.

Which of the following is true about an intrusion detection system? An intrusion detection system can block malicious activities. An intrusion detection system maintains an active security role within the network. An intrusion detection system can terminate or restart other processes on the system. An intrusion detection system monitors data packets for malicious or unauthorized traffic.

An intrusion detection system monitors data packets for malicious or unauthorized traffic. EXPLANATION An intrusion detection system (IDS) monitors data packets for malicious or unauthorized traffic. However, an IDS takes no action to stop or prevent the attack. It maintains a passive, not an active, role in network security. It cannot terminate or restart other processes, and it cannot block malicious activities.

You administer a network with Windows Server 2016, UNIX servers, and Windows 10 Professional, Windows 8, and Macintosh clients. A Windows 8 computer user calls you one day and says that he is unable to access resources on the network. You type ipconfig on the user's computer and receive the following output: 0 Ethernet adapter: IP address. . . . . . . . . : 169.254.1.17Subnet Mask . . . . . . . . : 255.255.0.0Default Gateway . . . . . . : You also check your NIC and see that the link light is on. What might the problem be in this scenario? A missing default gateway The user changed their computer's configuration A bad NIC An unavailable DHCP server

An unavailable DHCP server EXPLANATION If a Windows 8 client computer is configured to use DHCP and can't locate one to receive IP addressing information, it assigns itself an IP address from the APIPA (Automatic Private IP Addressing) range of IP addresses. APIPA addresses include IP addresses from 169.254.0.0 to 169.254.255.254 and are reserved for this purpose. A lit link light on your NIC indicates a connection to the network.

You are implementing a SOHO network for a local business. The ISP has already installed and connected a cable modem for the business. The business has four computers that need to communicate with each other and the internet. The ISP's cable modem has only one RJ45 port. You need to set up the network within the following parameters: You must spend as little money as possible. You must not purchase unnecessary equipment. Computers need to have a gigabit connection to the network. New devices should not require management or configuration. You examine each computer and notice that only one of the four computers has a wireless NIC. They all have Ethernet NICs. What should you purchase? A new cable modem with a built-in switch and CAT 6a cabling. A managed switch and CAT 6 cabling. A hub and CAT 5e cabling. An unmanaged switch and CAT 5e cabling. A wireless AP and three new wireless NICs.

An unmanaged switch and CAT 5e cabling. EXPLANATION You should purchase an unmanaged switch and CAT 5e cabling. Switches offer guaranteed bandwidth to each switch port and full-duplex communication. Unmanaged switches are autonomous in their function, requiring no port management or configuration. CAT 5e cabling supports transfer speeds up to 1,000 Gbps. Purchasing a new cable modem with a built-in switch would be more expensive than an unmanaged switch. Additionally, CAT 6a cabling is unnecessary for this type of network. Because all of the computers already have wired NICs, purchasing a wireless AP and three new wireless NICs would introduce new costs. The wireless AP would also require additional management and configuration. Hubs suffer from collisions, so only half-duplex communication is possible. This also wouldn't support 1,000 Gbps speeds. A small business with four computers doesn't need the additional features that a managed switch provides.

You need to replace a fiber optic cable that's connecting two switches together. You inspect the existing cable and determine that it uses LC connectors. You also notice that the cable's ferrule has a slight slant to it. Which polish grade should you use to replace the existing cable? Angled Physical Contact polish Ultra Physical Contact polish Physical Contact polish Flat Physical Contact polish

Angled Physical Contact polish EXPLANATION A slight slant to the fiber ferrule indicates an Angled Physical Contact (APC) polish. Using a non-angled connector will cause excessive insertion loss. A Physical Contact (PC) polish is polished with a slight curvature. An Ultra Physical Contact (UPC) polish uses a higher grade polish and is slightly more curved than a PC polish. A Flat Physical Contact connector has little to no curvature and suffers from the most insertion loss.

Which IDS method defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline? Dictionary recognition Pattern matching Anomaly-based Misuse detection

Anomaly-based EXPLANATION Anomaly-based detection defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline. Dictionary recognition is a detection method. However, this method does not define a baseline of normal network traffic and then look for anything that falls outside of that baseline. Pattern matching is a detection method. However, this method does not define a baseline of normal network traffic and then look for anything that falls outside of that baseline. Misuse detection is a detection method. However, this method does not define a baseline of normal network traffic and then look for anything that falls outside of that baseline.

Which of the following allows the same IPv6 address to be assigned to multiple interfaces? Multicast Unicast Broadcast Anycast

Anycast EXPLANATION The anycast address is a unicast address that's assigned to more than one interface, typically ones that belong to different hosts. An anycast packet is routed to the nearest interface, having that address based on routing protocol decisions. Unicast transmissions are one-to-one communication between two devices. Unicast does not allow the same IPv6 address to be assigned to multiple interfaces. Multicast is used to send a message to a specific group of devices. Multicast does not allow the same IPv6 address to be assigned to multiple interfaces. A broadcast message sends data to all the hosts on the subnet. This does not allow the same IPv6 address to be assigned to multiple interfaces.

Which of the following works as an authoritative time device? System clock Digital clock Atomic clock Analog clock

Atomic clock EXPLANATION An atomic clock, or GPS time source, works as an authoritative time device. None of the other options are exact enough to be used as authoritative time devices.

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks? Circuit proxy Kernel proxy Multi-homed Bastion

Bastion EXPLANATION A bastion, or sacrificial, host is one that's unprotected by a firewall. The term bastion host is used to describe any device fortified against attack (such as a firewall). A sacrificial host might be a device intentionally exposed to attack, such as a honeypot. Circuit proxies and kernel proxies are types of firewall devices. Multi-homed describes a device with multiple network interface cards.

Which of the following BEST describes the special MAC address that multicast traffic frames are sent to? Begins with 01-00-5E and ends with a form of the router's IP address Begins with a form of the IP multicast group address and ends with 01-00-5E Begins with 01-00-5E and ends with a form of the IP multicast group address Begins with a form of the router's IP address and ends with 01-00-5E

Begins with 01-00-5E and ends with a form of the IP multicast group address EXPLANATION Frames that contain multicast traffic are sent to a special MAC address. The MAC address begins with 01-00-5E. The last portion is a form of the IP multicast group address.

Match each TCP/IP layers with its function. Breaks the data into pieces. Prepares the data to be sent. Adds physical addesses. Adds logical addresses.

Breaks the data into pieces. - Transport Prepares the data to be sent. - Application Adds physical addesses. - Link Adds logical addresses. - Internet EXPLANATION The Application layer prepares data to be sent through the network. The Transport layer breaks data into pieces called segments, adding sequencing and control information. The Internet layer converts segments into packets, adding logical network and device addresses. The Link layer converts packets into frames, adding physical device addressing information and a frame check sequence footer for error detection. It also converts the frames into bits (0s and 1s) for transmission across the transmission media.

Which of the following topologies connects all devices to a trunk cable? Star Mesh Bus Ring

Bus EXPLANATION A bus topology connects all devices to a trunk cable. A ring topology connects neighboring nodes until they form a ring. A star topology uses a hub or switch to connect all network connections to a single physical location. A mesh topology exists when there are multiple paths between any two nodes on a network.

Which of the following physical topologies are used with Ethernet networks? (Select two.) Bus Token Ring Star Mesh

Bus Star EXPLANATION Ethernet networks use either a physical bus or physical star topology. Hubs can also be cascaded to form a tree topology.

Which of the following is a valid MAC address? 73-99-12-61-15 C0-34-FF-15-01-8E 34-9A-86-1G-B3-24 83-5A-5B-0B-31-55-F1

C0-34-FF-15-01-8E EXPLANATION A MAC address is a unique identifier hard coded onto every network adapter card. A valid MAC address has a total of 12 hexadecimal numbers. Hexadecimal numbers contain the numbers 0 to 9 and the letters A to F. Valid values for each octet in a MAC address range anywhere from 00 to FF. Note that one of the answers would be a valid MAC address except it uses a G value, which is beyond the hexadecimal range.

Which of the following protocols prescribes what to do when a data channel is in use on a half-duplex device? ARP Auto-MDI-X NDP CSMA/CD

CSMA/CD EXPLANATION Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is a protocol used to prescribe what to do when a data channel is in use on a half-duplex device. Those steps are to send a jam signal, wait a random amount of time, attempt to resend the frame, and repeat until the channel is clear and the transmission is complete. Address Resolution Protocol (ARP) is a protocol used to establish associations between a MAC address and a given IP address. Neighbor Discovery Protocol (NDP) is a protocol used for address resolution with IPv6. Auto-MDIX, or auto-medium dependent crossover, is a line-sensing port that automatically decides which type of cable configuration is needed for a connection.

You need to connect two switches using their uplink ports. The switches do not support auto-MDI. Which type of cable should you use? Loopback Crossover Rollover Straight-through

Crossover EXPLANATION Use a crossover cable to connect two switches through their uplink ports or to connect two switches through regular ports. Use a straight-through cable to connect the uplink port on one switch to a regular port on another switch. Use a rollover cable to connect a workstation to a switch's console port. Use a loopback plug connected to a single port for troubleshooting.

Match each switch management method on the left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all. Competes with normal network traffic for bandwidth. Uses a dedicated communication channel. Must be encrypted to protect communications from sniffing. Does not compete with normal network traffic for bandwidth. Affected by network outages.

Competes with normal network traffic for bandwidth. - In-band management Uses a dedicated communication channel. - Out-of-band management Must be encrypted to protect communications from sniffing. - In-band management Does not compete with normal network traffic for bandwidth. - Out-of-band management Affected by network outages. - In-band management EXPLANATION You can perform switch management tasks through a network connection by using the management utilities. This is called in-band management because it uses a normal network switch connection to perform these tasks. Tools such as Telnet or SSH provide in-band management. Using the same network connection for both data and management has several drawbacks. For example: You must compete with normal network traffic for bandwidth. The network traffic created by the management utilities must be protected from sniffing to ensure that hackers cannot capture sensitive configuration information. If the network connection is unavailable or if the switch is unresponsive, you can't perform management tasks. Out-of-band management, on the other hand, overcomes these problems by using dedicated communication channels that separate server management traffic from normal network traffic. With network switches (and routers), you can use console redirection to redirect console output to a built-in serial or USB console port.

Computers A and B are on the same VLAN and are separated by two switches as shown in the exhibit. Computer A sends a frame to Computer B. Which of the following BEST describes the frame's composition as it travels from A to B? Computer A appends a VLAN ID to the frame. It travels from switch to switch and arrives at Computer B, where it removes the VLAN ID. Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The VLAN ID remains on the frame through the second switch up to Computer B. Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The second switch removes the VLAN ID before forwarding it to Computer B. Computer A sends a normal frame. The first switch forwards the frame to the second switch, where the VLAN ID is appended to the frame and forwarded to Computer B.

Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The second switch removes the VLAN ID before forwarding it to Computer B. EXPLANATION Only switches understand VLAN IDs, who use the IDs for inter-switch traffic. The first switch appends the VLAN ID, and the second switch removes it.

You have just connected four switches as shown in the Exhibit. Assuming the default switch configuration, how can you force switch C to become the root bridge? Remove link cable 6 from the configuration. Remove link cable 1 from the configuration. Remove link cables 1 and 6 from the configuration. Configure a priority number of 61440 for switch C. Configure a priority number of 4096 for switch C.

Configure a priority number of 4096 for switch C. EXPLANATION To force a specific switch to become the root bridge, configure a priority number lower than the default (32768). The switch with the lowest bridge ID becomes the root bridge. The bridge ID is composed of two parts, a bridge priority number and the MAC address assigned to the switch. When the default priority is used for all switches, the switch with the lowest MAC address becomes the root bridge.

What does the ip address dhcp command allow you to do? Configure a switch to act as a DHCP server. Send the DHCP server address for all connected devices. Specify the DHCP relay server for forwarding DHCP packets. Configure a switch to obtain an IP address from a DHCP server.

Configure a switch to obtain an IP address from a DHCP server. EXPLANATION You can use the ip address dhcp command to configure a switch or router to get its IP address from a DHCP server. You can configure the DHCP server to deliver the default gateway and DNS server addresses to a Cisco device as well. A manually configured default gateway address overrides any address received from the DHCP server.

You are the network administrator for a small consulting firm. The office network consists of 30 computers, one server, two network printers, and a switch. Due to security concerns, there is no wireless network available in the office. One of your users, Bob, travels to client sites and is generally not in the office. When Bob goes to client sites, he typically just connects to their wireless networks. When he's in the office, Bob connects his laptop to the network with an Ethernet cable. You need to make sure that Bob's laptop is setup so that when he plugs the Ethernet cable into his laptop, no further configuration is needed. Which of the following would be the BEST option to achieve this? Set up a separate DHCP server. Set up a separate computer for Bob to use when he's in the office Set up a wireless network in the office. Configure an alternate IP configuration.

Configure an alternate IP configuration. EXPLANATION In this scenario, you would want to configure an alternate IP configuration for the office network. An alternate IP configuration is a method you can use to assign a static IP address that can be used when there's no access to a DHCP server. You wouldn't want to set up and configure a wireless network or DHCP server in this scenario. That would require too many resources and is not necessary. Setting up a separate computer wouldn't be feasible since this would require too many resources and could lead to other issues for the user.

You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that's connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do? Create static MAC addresses for each computer and associate each address with a VLAN. Configure port security on the switch. Create a VLAN for each group of four computers. Remove the hub and place each library computer on its own access port.

Configure port security on the switch. EXPLANATION Configuring port security on the switch can restrict access so that only specific MAC addresses can connect to the configured switch port. This would prevent the laptop computers from connecting. Placing each library computer on its own access port would have no effect. VLANs are used to group broadcast traffic and do not restrict device connectivity as needed in this scenario.

You want to create a rollover cable that has an RJ45 connector on both ends. How should you connect the wires within the connectors? Connect pin 1 to pin 8, pin 2 to pin 7, pin 3 to pin 6, and pin 4 to pin 5. Connect each pin on one end to the same pin on the other end (pin 1 to pin 1, pin 2 to pin 2, etc.). Connect pin 1 to pin 3 and pin 2 to pin 6. Use the T568A standard on one end and the T568B standard on the other end.

Connect pin 1 to pin 8, pin 2 to pin 7, pin 3 to pin 6, and pin 4 to pin 5. EXPLANATION When terminated with an RJ45 connector on both ends, the wires within the connectors are rolled over to the opposite connectors as follows: Pin 1 connects to pin 8. Pin 2 connects to pin 7. Pin 3 connects to pin 6. Pin 4 connects to pin 5. A crossover cable uses the T568A standard on one end and the T568B standard on the other end. The crossover cable connects pin 1 to pin 3 and pin 2 to pin 6. Connecting each pin to the same pin on the other end creates a straight-through cable.

Which of the following tasks is associated with the Session layer? Connection establishment Data block breakdown IP address assignment Port number assignment

Connection establishment EXPLANATION Connection establishment is controlled through Session layer protocols. The Transport layer breaks down data into blocks called segments. It then appends a port number to identify which top-layer application needs to receive the data on the destination device. One very important thing that happens at the Network layer is IP address assignment.

Which of the following scenarios would typically utilize 802.1x authentication? Authenticating VPN users through the internet. Controlling access through a switch. Controlling access through a router. Authenticating remote access clients.

Controlling access through a switch. EXPLANATION 802.1x is an authentication method used on a LAN to allow or deny access based on a port or network connection. 802.1x is used for port authentication on switches and requires an authentication server to validate user credentials, which is typically a RADIUS server. Remote access authentication is handled by remote access servers or a combination of remote access servers and a RADIUS server. You can control VPN connections through remote access servers or through a special device called a VPN concentrator.

What is the basic purpose of the OSI Physical layer? Define when devices have access to the LAN. Define how physical network devices are identified on a network. Coordinate rules for sending and receiving electrical signals. Maintain a list of known networks and neighboring routers.

Coordinate rules for sending and receiving electrical signals. EXPLANATION The OSI Physical layer sets standards for sending and receiving electrical signals between devices. The Data Link layer defines how physical network devices are identified on a network and when devices have access to the LAN. The Network layer maintains a list of known networks and neighboring routers.

Which of the following are true about routed firewalls? (Select two.) Operates at Layer 2. Internal and external interfaces connect to the same network segment. Counts as a router hop. Supports multiple interfaces. Easily introduced to an existing network.

Counts as a router hop. Supports multiple interfaces. EXPLANATION On a routed firewall, the firewall is also a Layer 3 router. In fact, many hardware routers include firewall functionality. Transmitting data through this type of firewall counts as a router hop. A routed firewall usually supports multiple interfaces, each connected to a different network segment. A transparent firewall (which is also called a virtual firewall) works differently. It operates at Layer 2 and is not seen as a router hop by connected devices. Both the internal and external interfaces on a transparent firewall connect to the same network segment. Because it is not a router, you can easily introduce a transparent firewall into an existing network.

You want to connect the LAN port on a router to the uplink port on a switch. The switch does not support auto-MDI. Which type of cable should you use? Straight-through Loopback Rollover Crossover

Crossover EXPLANATION Use a crossover cable to connect a workstation or a router to a switch's uplink port. Use a straight-through cable to connect the router to a regular switch port. Use a rollover cable to connect a workstation to a router's console port. Use a loopback plug to allow a device to communicate with itself through its own network adapter.

You need to transfer data from one laptop to another, and you would like to use an Ethernet cable. You do not have a hub or a switch. Which type of cable should you use? Loopback Crossover Rollover Straight-through

Crossover EXPLANATION Use a crossover cable to connect two devices together in a back-to-back configuration. Use a straight-through cable to connect a workstation to a hub or switch port. Use a rollover cable to connect a workstation to the console port on a router or switch. Use a loopback plug to allow a device to communicate with itself through its own network adapter.

You've decided to implement Gigabit Ethernet on your network; each switch port is connected to a single device. Following the installation, you find one device connected to a switch that's only running at 100 Mbps. Which of the following is MOST LIKELY the cause? Collisions Impedance A short Crosstalk

Crosstalk EXPLANATION Crosstalk is interference caused by signals within a twisted pairs of wires. Crosstalk and other miswiring problems typically mean that a cable doesn't operate at the desired standard. Use a cable certifier to verify that the cable is properly configured to support the rated speed. A short is when the signal is received on an incorrect wire. A short typically means the cable doesn't work at all or communications are very limited and extremely slow. Collisions are eliminated when you connect a single device to each switch port. Impedance is mostly a factor in coaxial cables used for networking. Be sure to choose cables with the correct rating (50 or 75 ohm) based on the network type. Never mix cables that have different ratings.

You have a TCP/IP network with 50 hosts. There have been inconsistent communication problems between these hosts. You run a protocol analyzer and discover that two of them have the same IP address assigned. Which protocol can you implement on your network to help prevent problems such as this? TCP DHCP IGMP SNMP

DHCP EXPLANATION You can use Dynamic Host Configuration Protocol (DHCP) to set up a DHCP server that will assign IP addresses automatically to network hosts. DHCP servers do not assign the same IP address to two different hosts. TCP provides services that ensure accurate and timely delivery of network communications between hosts. SNMP (Simple Network Management Protocol) lets network hosts exchange configuration and status information. IGMP (Internet Group Management Protocol) defines host groups.

You have a network with 50 workstations. You want to automatically configure the workstations with the IP address, subnet mask, and default gateway values. Which device should you use? DNS server Gateway Router DHCP server

DHCP server EXPLANATION Use a DHCP server to deliver configuration information to hosts automatically. Using DHCP is easier than configuring each host manually. Use a gateway to provide access to a different network or a network that uses a different protocol. Use a router to connect multiple subnets. Use a DNS server to provide name resolution (for example, to get the IP address associated with a logical hostname).

You are a network technician for a small consulting firm. Many users have reported issues with accessing the network. After some initial troubleshooting, you discover that devices are not receiving their IP configurations. You look into the issue and discover that the network is being targeted by a denial-of-service attack. Which of the following is your network MOST likely experiencing? Rogue DNS server DHCP starvation attack APIPA On-path attack

DHCP starvation attack EXPLANATION The network is most likely experiencing a DHCP starvation attack. This attack exhausts all addresses in the DHCP scope, which leads to users being unable to receive their IP configurations. This attack might be a denial-of-service mechanism, or it may be used together with a rogue server to redirect traffic to a malicious computer. DNS is responsible for translating hostnames to IP addresses. A rogue DNS server would not lead to devices not receiving their IP configurations. If a host cannot contact the DHCP server, it's assigned an IP address using Automatic Private IP Addressing (APIPA). This would be a consequence to devices affected by the DHCP starvation attack, but it would not be the cause. An on-path attack occurs when a malicious user intercepts traffic between two devices. This would not lead to devices not receiving their IP configurations.

Which of the following allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network? Dynamic NAT DNAT IP masquerade OSPF

DNAT EXPLANATION DNAT (Destination Network Address Translation) is also called port forwarding and allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network. Dynamic NAT automatically maps internal IP addresses with a dynamic port assignment. In this implementation, many internal private IP addresses are mapped to one public IP address on the NAT router. IP masquerade is another name for Dynamic NAT and many-to-one NAT. OSPF (Open Shortest Path First) is a link-state routing protocol used for routing within an autonomous system.

You want to implement a protocol on your network that allows computers to find a host's IP address from a logical name. Which protocol should you implement? ARP Telnet DNS DHCP

DNS EXPLANATION DNS is a system that's distributed throughout an internetwork to provide address and name resolution. For example, the name www.mydomain.com is identified with a specific IP address. ARP (Address Resolution Protocol) is a protocol for finding a known MAC address's IP address. DHCP is a protocol used to assign IP addresses to hosts. Telnet is a remote management utility.

You need to enable hosts on your network to find the IP address of logical names, such as srv1.myserver.com. Which device should you use? DNS server Bandwidth shaper IDS IPS

DNS server EXPLANATION A DNS server provides hostname-to-IP address resolution. A bandwidth shaper modifies the flow of traffic to keep it within predefined limits. A load balancer accepts incoming client requests and distributes them to other servers. An IDS (intrusion detection system) detects security threats, while an IPS (intrusion prevention system) can both detect and respond to security threats.

Which level of the OSI model does a Layer 2 switch operate at? Session layer Network layer Data Link layer Transportation layer

Data Link layer EXPLANATION A Layer 2 switch operates at the second layer of the OSI model, which is the Data Link layer. A Layer 2 switch does not operate at the fourth or fifth layer of the OSI model, which are the Transportation and Session layers. A Layer 3 switch can operate at the second and third layers of the OSI model, which are the Data Link and Network layers.

In the OSI model, which of the following functions are performed at the Presentation layer? (Select two.) Data format specifications Data frame transmission Data encryption and compression End-to-end flow control Network services

Data format specifications Data encryption and compression EXPLANATION The Presentation layer encrypts data, changes and converts character sets, and compresses data. File formats (such as .jpg, .wmv, and .wav) are part of the Presentation layer. The Application layer provides network services. End-to-end flow control is provided by the Transport layer. Frame transmission occurs at the Physical layer.

You have just connected a new computer to your network. The network uses static IP addressing. You find that the computer can communicate with hosts on the same subnet, but not with hosts on a different subnet. No other computers are having issues. Which of the following configuration values would you MOST likely need to change? IP address Default gateway DNS server Subnet mask

Default gateway EXPLANATION You should check the computer's default gateway setting; this value is used to send packets to other subnets. If it's incorrect, packets won't be sent to the correct router. In this scenario, the host can communicate with other hosts on the same subnet, meaning that the IP address and subnet mask are correctly configured. The DNS server address is likely not the problem, as name resolution is not mentioned in the scenario. In addition, if name resolution were a problem, it could affect access to both local and remote hosts.

Which device is NAT typically implemented on? Default gateway router AD server ISP router RADIUS server

Default gateway router EXPLANATION NAT is typically implemented on a default gateway router. You cannot use an AD server, a RADIUS server, or an ISP router to configure NAT.

Which of the following describes the point where the service provider's responsibility to install and maintain wiring and equipment ends and the customer's begins? Punch down block Vertical cross connect IDF Demarc

Demarc EXPLANATION When you contract with a local exchange carrier (LEC) for data or telephone services, they install a physical cable and a termination jack on your premises. The demarcation point (demarc) is the line that marks the boundary between the Telco equipment and the private network or telephone system. Typically, the LEC is responsible for all the equipment on one side of the demarc, and the customer is responsible for all the equipment on the other side of the demarc. A punch down block is a block used to connect individual copper wires together. While the demarc might terminate in a punch down block, punchdown blocks are used within other locations at the customer site. An intermediate distribution frame (IDF) is a smaller wiring distribution point within a building. IDFs are typically located on each floor directly above the main distribution frame (MDF), although additional IDFs can be added on each floor as necessary. A vertical cross connect connects the IDF to the MDF on a different floor.

Which of the following BEST describes a stateful inspection? Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing. Designed to sit between a host and a web server and communicate with the server on behalf of the host. Allows all internal traffic to share a single public IP address when connecting to an outside entity. Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.

Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. EXPLANATION Stateful firewalls, also referred to as stateful multilayer firewalls, determine the legitimacy of traffic based on the state of the connection from which the traffic originated. The stateful firewall maintains a state table that tracks the ongoing record of active connections. A virtual private network (VPN) is a network that provides secure access to a private network through a public network or the internet. Virtual private networks offer secure connectivity between many entities, both internally and remotely. Their use of encryption provides an effective defense against sniffing. Network Address Translation (NAT) separates IP addresses into two sets. This technology allows all internal traffic to share a single public IP address when connecting to an outside entity. You can implement a firewall on circuit-level gateways or application-level gateways. Both of these firewall designs sit between a host and a web server and communicate with the server on behalf of the host. They can also cache frequently accessed websites for faster web page loading.

You have a network that's connected using a full physical mesh topology. The link between Device A and Device B is broken. Which of the following BEST describes the effect that this will have on network communications? Device A will not be able to communicate with any other device. Device A will be able to communicate with all other devices. Device A will be able to communicate with any device except for Device B. No devices will be able to communicate with any other device.

Device A will be able to communicate with all other devices. EXPLANATION With a mesh topology, a break in a single link has no effect on communications. Data can be routed to the destination device by taking a different (sometimes longer) path through the mesh topology.

When a device renews its DHCP lease, which two steps in the DHCP process are skipped? Renew ACK Discover Request Offer

Discover Offer EXPLANATION When a new device connects to a network, it goes through a four-step process to obtain the IP configuration from the DHCP server. The four steps in the process are: Discover, Offer, Request, and Acknowledge. The DHCP renewal process occurs when there is 50 percent remaining on the device's lease time. This process skips the DHCP Discover and DHCP Offer steps. The client sends the DHCP request packet to the server, which responds with the DHCP Ack packet and renews the IP configuration.

Which of the following is a method of VLAN hopping? Double tagging MAC spoofing MAC flooding ARP spoofing

Double tagging EXPLANATION Double tagging is a VLAN hopping method that occurs when an attacker is connected to a host on one VLAN and the target host is on a VLAN connected to another switch. In double tagging, the frame is manipulated to include two tags, one for the first switch and one for the target VLAN's switch. MAC spoofing is changing the source MAC address on frames. The attacker's system sends frames with the spoofed MAC address. The switch reads the source address contained in the frames and associates the MAC address with the port where the attacker is connected. ARP spoofing/poisoning associates the attacker's MAC address with the IP address of the victim's device. MAC flooding overloads the switch's MAC forwarding table to make the switch function like a hub.

You are the network administrator for a consulting firm. Your network consists of:40 desktop computersTwo serversThree network switchesTwo network printers You've been alerted to an issue with two desktop computers that are having problems communicating with the network. When only one computer is on, everything is fine. But when both computers are connected, the network connection is randomly dropped or interrupted. Which of the following would be the MOST likely cause for this? Rogue DNS server Duplicate MAC Addresses Incorrect default gateway Exhausted DHCP scope

Duplicate MAC Addresses EXPLANATION The most likely cause for the issue in this scenario is that both computers have the same MAC address. This address is unique, so there shouldn't be duplicate addresses on a network. However, it is possible for two hosts to have the same MAC address due to spoofing, a mistake during manufacturing, or if users choose a self-assigned address instead of the vendor-assigned hardware address. If two computers have the same MAC address, reaching either host will be inconsistent and can cause other problems as well. DNS is responsible for translating hostnames to IP addresses. A rogue DNS server would not cause the issues experienced in this scenario. Exhausted DHCP scope means that all the addresses within the DHCP scope were depleted. Consequently, a legitimate user is denied an IP address requested through DHCP and isn't able to access the network. This would not cause the issues experienced in this scenario. The gateway is responsible for routing traffic between networks. This would not cause the issues experienced in this scenario.

Which of the following services automatically creates and deletes host records when an IP address lease is created or released? Forward lookup Dynamic DNS DHCP Relay Dynamic NAT

Dynamic DNS EXPLANATION Dynamic DNS (DDNS) enables clients or the DHCP server to update records in the zone database automatically. This occurs whenever an IP address lease is created or renewed. A forward lookup is the process of resolving a hostname to an IP address. A DHCP relay is used to forward DHCP requests to a DHCP server on a different subnet. Dynamic NAT automatically maps internal IP addresses with a dynamic port assignment.

Which of the following routing protocols is a hybrid that uses a composite number for its metric based on bandwidth and delay? BGP EIGRP RIP OSPF

EIGRP EXPLANATION Enhanced Interior Gateway Routing Protocol (EIGRP) is a hybrid protocol that uses a composite number for its metric based on bandwidth and delay. RIP uses hop count as its metric and is for networks with 15 or less hops. OSPF is a link state routing protocol used for routing within an AS and uses relative link cost as its metric. BGP is an advanced distance vector protocol (also called a path vector protocol) that uses path, rules, and policies instead of a metric to make routing decisions.

You manage a network with multiple switches. You find that your switches are experiencing heavy broadcast storms. Which of the following will help reduce the effects of these broadcast storms? Enable Spanning Tree on the switches. Disable auto-duplex detection. Manually set the speed for each switch port. Configure each switch with a single trunk port.

Enable Spanning Tree on the switches. EXPLANATION A broadcast storm is excessive broadcast traffic that renders normal network communications impossible. Broadcast storms can be caused by switching loops that cause broadcast traffic to be circulated endlessly or by denial of service (DoS) attacks. To reduce broadcast storms, you can: Run Spanning Tree protocol to prevent switching loops. Implement switches with built-in broadcast storm detection, which limits the bandwidth that broadcast traffic can use. Use VLANs to create separate broadcast domains on switches.

Jake is a network administrator for a hospital. There is medical equipment that relies on having uninterrupted internet connectivity. Which of the following types of routing protocols should Jake focus on to ensure that the hospital's network connectivity remains reliable? Distance vector routing protocols Interior dynamic routing protocols Exterior dynamic routing protocols Link state routing protocols

Exterior dynamic routing protocols EXPLANATION Jake should focus on exterior dynamic routing protocols to provide redundancy in internet connectivity and ensure that the medical equipment is constantly connected to the internet. BGP (Border Gateway Protocol) is an example of an exterior dynamic routing protocol. Interior dynamic routing protocols route paths within an autonomous system and are not used for connecting to external systems (including to the internet). Link state routing protocols and distance vector routing protocols are used for routing within an autonomous system.

You've just signed up for a broadband home internet service that uses coaxial cabling. Which connector type will you MOST LIKELY use? BNC RJ45 F-type RJ11

F-type EXPLANATION Use an F-type connector for broadband cable connections that use coaxial cabling. Use a BNC connector for 10Base2 Ethernet networks. Use an RJ11 connector for modem connections to a phone line. Use an RJ45 connector for an Ethernet network that uses twisted pair cabling.

Which of the following IPv6 addresses is used by a host to contact a DHCP server? FF02::2 FE80::1:2 FF02::1:2 FE80::2

FF02::1:2 EXPLANATION FF02::1:2 is the IPv6 address used to contact a DHCP server. All addresses with the FF00::/8 prefix are multicast addresses. IPv6 uses multicasts instead of broadcasts. FF02::2 is the multicast address for all routers on the local link; FF02::1 is for all hosts on the link. FE80::/10 is the prefix for link-local unicast addresses.

You have just connected four new computer systems to an Ethernet switch using spare patch cables. After the installation, only three systems are able to access the network. You verify all client network settings and replace the network card in the failed system. The client is still unable to access the network. Which of the following might you suspect is the real cause of the problem? Faulty IP stack Failed patch cable Failed switch Incorrect LAN protocol Incorrect routing table

Failed patch cable EXPLANATION Bent and damaged patch cables prevent client systems from accessing the network. In this scenario, a faulty patch cable is the most likely cause of the connection failure. The easiest way to test this is to simply swap out the cable and try a known good UTP patch cable.

You are moving a client to a new location within an Ethernet network. Previous to the move, the client system did not have difficulty accessing the network. During the relocation, you attach patch cables from the client system to the wall jack and from the patch panel to the switch. Once connected, you do not get a link light on the network card or the switch. You swap out the cable running between the patch panel and the switch with a known good one, but you still cannot connect. Which of the following might you suspect is the problem? Failed patch cable between the client system and the wall jack Server software configuration error Faulty termination Failed network card Incorrect duplex settings Failed switch

Failed patch cable between the client system and the wall jack EXPLANATION Because the client system previously worked in a different location, the issue is not likely related to the client system. The NIC and switch LEDs' failure to light indicates that there isn't an end-to-end connection between the client and the switch. This means that either the patch cable between the wall jack and the client is faulty or the cable between the patch panel and the switch is faulty. The cable connecting the switch and the patch panel was verified, leaving the cable between the wall jack and the client system. It is unlikely that the issue is a failed network card, as the system was functioning in a different location, eliminating the possibility of hardware or software on the client system being the problem. The failure is limited to a connection issue between a single client and a switch. If the switch failed, all clients connected to that switch would not be able to connect. Incorrect duplex settings would not prevent NIC and switch LEDs from lighting.

Upon conducting a visual inspection of the server room, you see that a switch displays LED collision lights that are continually lit. You check the LED on the corresponding workstation and see that it is flashing rapidly even though it is not sending or receiving network traffic at that time. What is the cause of the network collisions? Incorrect duplex settings Adapter controller card failure Faulty switch Faulty network card

Faulty network card EXPLANATION Sometimes when a NIC fails, it doesn't just stop working, but it begins to flood the network with transmissions. This is called jabbering. A single network card can slow down an entire network by continually transmitting signals. You can identify a jabbering network card by slower than normal speeds, high occurrences of collisions displayed on the hub or switch, and LEDs on the network card, indicating a high level of transmissions even though a user is not accessing the network.

Which type of cabling do Ethernet 100BaseFX networks use? Fiber optic Unshielded twisted pair Shielded twisted pair Coaxial

Fiber optic EXPLANATION Ethernet 100BaseFX networks use fiber optic cabling.

Which of the following are characteristics of a packet-filtering firewall? (Select two.) Filters IP address and port Stateful Filters based on sessions Stateless Filters based on URL

Filters IP address and port Stateless EXPLANATION A packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. A packet-filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject each packet without considering whether the packet is part of a valid and active session. A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session. Application-level gateways filter on Application layer data, which might include data such as URLs within an HTTP request.

You are the network administrator for a small organization. Recently, you contracted with an ISP to connect your organization's network to the internet. Since doing so, it has come to your attention that an intruder has invaded your network from the internet on three separate occasions. Which type of network hardware should you implement to prevent this from happening again? Firewall Switch Hub Router

Firewall EXPLANATION A firewall's role is to provide a barrier between an organization's network and a public network, such as the internet. The firewall's job is to prevent unauthorized access to the organization's private network. To do this, the firewall examines incoming packets and determines whether they should be allowed to enter based on a set of rules defined by the network administrator. Routers offer some packet-based access control, but it is not as extensive as what a full-fledged firewall provides. Hubs are not sufficient for managing the interface between a trusted and an untrusted network. Switches use the MAC address in a frame for forwarding decisions.

Which of the following creates a visual representation of physical components along with a clearly defined set of principles and procedures? Floor plan Logical network diagram Wiring diagram Rack diagram

Floor plan EXPLANATION A floor plan creates a visual representation of physical components along with a clearly defined set of principles and procedures. A logical network diagram isn't so much about the physical layout of devices, but more of how traffic flows across the network. A rack diagram, or rack elevation, is a map of the IT equipment layout within a server rack. A wiring diagram is a map of the physical connections and physical layout of the electrical and circuit systems in a building.

Which of the following chains is used for incoming connections that aren't delivered locally? Output Forward Drop Reject

Forward EXPLANATION Forward is a chain that's used for incoming connections that aren't delivered locally. An example is iptables used on a router. The traffic is not destined for the router, but the router forwards the traffic to the destination device. Drop is an action that drops the connection. Reject is an action that does not allow the connection but does send a response back. Output is a chain for outgoing connections.

You are the network administrator for a small consulting firm. The firm has recently rolled out a new intranet site, and you are responsible for configuring the DNS. You are able to connect to the intranet site by using the IP address, but you cannot connect when you use the hostname. Which of the following do you need to configure so that the site can be accessed with the hostname? Forward lookup zone Reverse lookup zone :Dynamic DNS CNAME record

Forward lookup zone EXPLANATION In this scenario, you would most likely need to configure the forward lookup zone. The forward lookup zone matches the hostname to the IP address. You wouldn't need to configure the reverse lookup zone since you can access the intranet site using the IP address. A reverse lookup zone matches the IP address to the hostname. Dynamic DNS (DDNS) enables clients or the DHCP server to update records in the zone database automatically. This occurs whenever an IP address lease is created or renewed. This is not necessary in this scenario. The CNAME record provides alternate names (or aliases) to hosts that already have a host record. Using a single A record with multiple CNAME records means that when the IP address changes, only the A record needs to be modified. This is not necessary in this scenario.

Which of the following is a device that can send and receive data simultaneously? Managed Unmanaged Full-duplex Honeypot

Full-duplex EXPLANATION A full-duplex device can send and receive data simultaneously. A honeypot is a security system used to decoy attackers. A managed device is a network device that can receive instructions and return responses to various components. An unmanaged switch is a simple plug-and-play device that needs no configuration to work.

Which of the following does the DHCP relay agent use to tell the DHCP server which pool of addresses to use? DHCP ACK GIADDR DHCP scope Subnet mask

GIADDR EXPLANATION The relay agent adds the Gateway IP Address (GIADDR) field to the DHCP request that defines the gateway, or network, that the client belongs to. The GIADDR tells the DHCP server the pool of addresses to use when assigning an IP address to the client. The DHCP scope is configured on the DHCP server. The scope defines the DHCP information for the network. The DHCP scope is not used by the relay agent to tell the DHCP server which pool of addresses to use. The DHCP ACK is the final step in the DHCP process. The DHCP ACK is not used by the relay agent to tell the DHCP server which pool of addresses to use. The subnet mask is configured on the DHCP scope and defines which network the client belongs to. The subnet mask is not used by the relay agent to tell the DHCP server which pool of addresses to use.

Consider the following IPv6 address: FD01:0001:0001:005::7/64 Drag the component parts of this address on the left to the corresponding descriptions on the right. (Not all descriptions on the right have corresponding components on the left.) Global routing prefix Subnet ID Interface ID Prefix length Global ID Unique local unicast prefix

Global routing prefix - FD01:0001:0001:005 Subnet ID - :005 Interface ID - ::7 Prefix length - /64 Global ID - Unique local unicast prefix - FD EXPLANATION The IPv6 address FD01:0001:0001:005::7/64 is a unique local unicast address. As such, it's composed of the following component parts: Unique local unicast prefix: FD Global routing prefix: FD01:0001:0001:005 Subnet ID: 005 Interface ID: ::7 Prefix length: /64

You need to design an IPv6 addressing scheme for your network. The following are key requirements for your design: Infrastructure hosts, such as routers and servers, are assigned static interface IDs. However, workstations, notebooks, tablets, and phones are assigned interface IDs dynamically. Internet access must be available to all hosts through an ISP. Site-to-site WAN connections are created using leased lines. Which type of IPv6 addressing is most appropriate for hosts on this network? Anycast addressing Unique local unicast addressing Link-local addressing Global unicast addressing

Global unicast addressing EXPLANATION You should use global unicast addressing in this scenario because internet access is required by network hosts. Global unicast addressing uses registered addresses and is equivalent to public addressing in IPv4. Because the addresses are registered with IANA, no other organization can use them on any public network, including on the internet. Unique local unicast addresses are private addresses used for communication within a site or between a limited number of sites. These addresses aren't registered with IANA and can't be used on a public network without address translation. Link-local addresses are assigned to all IPv6 interfaces on the network by default, but they can only be used on the local subnet. Routers never forward packets destined for local-link addresses to other subnets. Anycast addresses are used to locate the nearest server of a specific type. For example, this could be the nearest DNS or network time server.

Which of the following are advantages of using fiber optic cabling for a network? (Select two.) Greater cable distances without a repeater Easy to work with Immunity to electromagnetic interference Lower installation cost No special training or equipment is required

Greater cable distances without a repeater Immunity to electromagnetic interference EXPLANATION Compared to other types of cabling, fiber optic cabling allows greater cable distances without a repeater and is immune to electromagnetic interference. However, it is more costly, difficult to work with, and specialized training and equipment is required for installation.

Which of the following is the first place a computer looks at during the name resolution process? HOSTS file Forward lookup zone DNS server :Reverse lookup zone

HOSTS file EXPLANATION The HOSTS file is a local text file on each computer that maps hostnames to IP addresses. The HOSTS file was used previously for smaller networks, but it is too complicated to use on networks or the internet. Even though the HOSTS file is rarely used today, it is still the first place that a computer looks at during the name resolution process. A computer contacts the DNS server if it is unable to find a match in the local HOSTS file. The forward lookup zone matches the hostname to the IP address. This is not the first place a computer looks at during the name resolution process. A reverse lookup zone matches the IP address to the hostname. This is not the first place a computer looks at during the name resolution process.

Which of the following are true about reverse proxy? (Select two.) Handles requests from inside a private network out to the internet. Handles requests from the internet to a server on a private network. Sits between a client computer and the internet. Clients always know they are using reverse proxy. Can perform load balancing, authentication, and caching.

Handles requests from the internet to a server on a private network. Can perform load balancing, authentication, and caching. EXPLANATION A reverse proxy server handles requests from the internet to a server located inside a private network. Reverse proxies can perform load balancing, authentication, and caching. Reverse proxies often work transparently, meaning clients don't know they are connected to a reverse proxy.

What are the small, rapid variations in a system clock called? Drift Dispersion Jitter Skew

Jitter EXPLANATION Jitter refers to small, rapid variations in a system clock. Dispersion measures how scattered the time offsets (in seconds) are from a given time server. Skew measures the difference (in hertz) between a clock's actual frequency and the frequency necessary to keep a more accurate time. Drift measures how quickly a clock's skew changes in hertz per second.

As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? Network-based IDS Host-based IDS Protocol analyzer VPN concentrator Port scanner

Host-based IDS EXPLANATION A host-based IDS is installed on a single host and monitors all traffic coming into the host. A host-based IDS can analyze encrypted traffic because the host operating system decrypts that traffic as it's received. A network-based IDS is a dedicated device installed on the network. It analyzes all traffic on the network. It cannot analyze encrypted traffic because the packet's contents are encrypted so that only the recipient can read them. A protocol analyzer examines packets on the network, but it cannot look at the contents of encrypted packets. A port scanner probes a device to identify open protocol ports. A VPN concentrator is a device used to establish remote access VPN connections.

You have been given a laptop to use for work. You connect the laptop to your company network, use the laptop from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? Proxy server Network-based firewall VPN concentrator Host-based firewall

Host-based firewall EXPLANATION A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect your computer from attacks when there is no network-based firewall, such as when you connect to the internet from a public location. A network-based firewall inspects traffic as it flows between networks. For example, you can install a network-based firewall on the edge of your private network to protect your data from internal attacks. A VPN concentrator is a device connected to the edge of a private network that's used for remote access VPN connections. Remote clients establish a VPN connection to the VPN concentrator and are granted access to the private network. A proxy server is an Application layer firewall that acts as an intermediary between a secure private network and the public. Access to the public network from the private network goes through the proxy server.

Your manager has asked you to implement a network infrastructure that will accommodate failed connections. Which of the following network topologies provides redundancy for a failed link? Mesh Star Bus Ring

Mesh EXPLANATION In a mesh topology, each network device is interconnected with all other network nodes. This creates multiple data paths. If a link fails, the data has an alternate route to its destination. A star topology connects network devices to the network with a single patch cable. A patch cable failure makes the connected device unavailable. A bus topology has a single point of failure. If there's a break on the network medium, the network becomes unavailable. A single break on a physical ring topology disables the network.

Which organization is responsible for allocating public IP addresses? IEEE CompTIA IETF IANA

IANA EXPLANATION The Internet Assigned Numbers Authority (IANA) is responsible for allocating IP addresses used on the internet. When you want to obtain a public IP address, you typically get the address from your ISP. The ISP has received addresses from a Regional Internet Registry (RIR), which was previously assigned a block of addresses from IANA. IANA is operated by the Internet Corporation for Assigned Names and Numbers (ICANN), so you might also say that ICANN is responsible for assigning public IP addresses as well. IETF is an organization that's responsible for setting standards on the internet. For example, IETF has defined the standards for NAT as well as other protocols. IEEE is an organization that sets networking standards for technologies such as Ethernet and wireless networking. CompTIA is a professional organization that represents computing technology companies and individuals.

Which protocol does an IP host use to inform a router that it wants to receive specific multicast frames? IGMP SMTP ICMP SNMP

IGMP EXPLANATION IP hosts use IGMP (Internet Group Management Protocol) to inform multicast-enabled routers that they want to receive specific multicast frames. ICMP notifies routers of problems on the network and of undeliverable packets. SNMP (Simple Network Management Protocol) lets network administrators set up alerts to monitor the state of a network. SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used to send email.

You have a small network with a single subnet connected to the internet, as shown in the exhibit. The router has been assigned the two addresses shown. You need to manually configure the workstation to connect to the network. The workstation should use RouterA as the default gateway and DNS1 as the DNS server address. From the drop-down menu options, select the appropriate parameters to configure the workstation's TCP/IP settings. IP address Subnet mask Default gateway DNS server

IP address - 192.168.12.46 Subnet mask - 255.255.255.240 Default gateway - 192.168.12.34 DNS server - 198.162.1.22 EXPLANATION The correct answers are the following: Use 192.168.12.46 for the IP address. With a 28-bit mask, the router is on subnet 192.168.12.32, and valid addresses are 192.168.12.33 to 192.168.12.46. You can't use 192.168.12.32 because it's the subnet address. You can't use 192.168.12.47 because it's the broadcast address. A 28-bit mask is 255.255.255.240 in binary. For the default gateway address, use the address assigned to the router interface that's on the same subnet as the workstation (in this example, that's 192.168.12.34). For the DNS server address, use the IP address assigned to the DNS server (198.162.1.22).

Which of the following would a device use to receive NTP configuration from a NTP server that's located on a different network? UDP relay agent NTP relay agent IP helper NTP helper

IP helper EXPLANATION The IP helper performs the same actions as a DHCP relay agent for other UDP-based protocols, such as NTP. As with DHCP relay, the IP helper forwards to servers that are located on different networks or subnets. The process that takes place is identical when forwarding UDP packets.

You're concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? Port scanner IDS Packet sniffer IPS

IPS EXPLANATION Use an intrusion prevention system (IPS) to both detect and respond to attacks. An intrusion detection system (IDS) can detect attacks and send notifications, but it cannot respond to attacks. Use a port scanner to check for open ports on a system or a firewall. Use a packet sniffer to examine packets on your network.

You have a network that uses a logical bus topology. How do messages travel through the network? Messages are sent to a central device that forwards them to the destination devices. Messages are broadcast to all devices connected to the network. Messages are sent directly to the correct destination device. Messages travel from one device to the next until they reach the destination device.

Messages are broadcast to all devices connected to the network. Messages sent using a physical bus topology are broadcast to all devices on the network. The device in the middle of a star topology, which is typically a hub, receives the message and forwards it on to all other devices. In a ring topology, messages travel from one device to the next until they reach the destination device.

What role does ARP play in the routing process? If a router does not know a destination device's MAC address, it sends an ARP broadcast containing the destination device's IP address and requesting its MAC address. If a router knows a destination host's MAC and IP address, it sends an ARP request to update the other routers' routing tables. ARP does not play any role in the routing process. Switches use ARP to map IP addresses to MAC addresses in collision domains. If a router does not know a destination device's IP address, it sends an ARP broadcast containing the destination device's MAC address and requesting its IP address.

If a router does not know a destination device's MAC address, it sends an ARP broadcast containing the destination device's IP address and requesting its MAC address. EXPLANATION ARP (Address Resolution Protocol) resolves IP addresses into MAC addresses. Routers and other network devices use ARP when their routing tables don't contain the MAC addresses of devices on the local LAN that they need to forward frames to.

Under which of the following circumstances might you implement BGP on your company network and share routes with internet routers? If the network has over 15 hops. If the network is connected to the internet using public addressing. If the network is connected to the internet using multiple ISPs. If the network has over 15 areas and uses IPv6.

If the network is connected to the internet using multiple ISPs. EXPLANATION Very large networks can use BGP internally, but they typically only share routes on the internet if the AS (autonomous system) has two or more connections to the internet through different ISPs. If your network has over 15 hops, use a routing protocol other than RIP. Use OSPF or IS-IS to divide your network into areas. Private networks that use public IP addresses do not need to share routes with internet routers. It is typically the ISP's responsibility to configure routes on the private network, even when public addressing is being used. A single route out of the private network is all that's required if the network has a single connection to the internet.

You recently created a new network segment for the Development department. Because the hosts are now on a different network segment, they can no longer contact the DHCP server. Both network segments are connected via a Cisco router. Which of the following would be the BEST action to take to fix the problem? Move the DHCP server to the new network segment. Configure the router to forward broadcast messages. Implement an IP helper address on the router. Install and configure a new DHCP server on the Development network segment.

Implement an IP helper address on the router. EXPLANATION When an IP helper address is implemented on a Cisco router, DHCP broadcasts are forwarded to the specified IP address on the DHCP server. This allows hosts on a different network segment to contact the DHCP server. Installing and configuring a new DHCP would work, but it would not be the best solution. A new DHCP server would introduce additional costs and management overhead. Configuring the router to forward broadcast messages exposes the network to denial-of-service attacks. Moving the DHCP server would introduce the same problem to hosts in other network segments.

A user reports that they cannot browse to a specific website on the internet. From the user's computer, a computer tech finds that a ping test to the web server succeeds. A traceroute test shows 17 hops to the destination web server. What is the MOST likely cause of the problem? Incorrect default gateway address Duplicate IP addresses Incorrect subnet mask value Incorrect DNS server address

Incorrect DNS server address EXPLANATION In this scenario, a ping test to the website succeeds, while accessing the website through the browser does not work. Users type hostnames in the browser to go to websites, but hostnames must be translated into IP addresses by a DNS server. Either the workstation is using the wrong address for the DNS server, the DNS server is not available, or the DNS server does not have an entry for the website. Because the ping and traceroute tests work, you know that the IP address, subnet mask, and default gateway values are correct.

You are a network technician for a small consulting firm. One of your users is complaining that they are unable to connect to the local intranet site. After some troubleshooting, you've determined that the intranet site can be connected to by using the IP address but not the hostname. Which of the following would be the MOST likely reason for this? Incorrect default gateway Incorrect subnet mask Incorrect DNS settings Incorrect DHCP configuration

Incorrect DNS settings EXPLANATION In this scenario, the most likely cause would be incorrect DNS settings. Since you can connect to the intranet site using the IP address but not the hostname, this points to a DNS issue. None of the other options would be an issue here since you're able to connect to the intranet site with the IP address.

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation cannot communicate with any other host on the network. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix. : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled. . . . . . . : NoAutoconfiguration Enabled . . : YesIPv4 Address. . . . . . . : 192.168.2.102(Preferred)Subnet Mask . . . . . . . : 255.255.255.0Default Gateway. . . . . . : 192.168.1.1DNS Servers . . . . . . . : 192.168.2.20 What is the MOST likely cause of the problem? Incorrect IP address Incorrect subnet mask Incorrect default gateway Incorrect DNS server address

Incorrect IP address EXPLANATION In this example, the IP address assigned to the host is on the wrong subnet. The host address is on the 192.168.2.0/24 subnet, but the other devices are using addresses on the 192.168.1.0 subnet (the scenario states that you're connecting the workstation to this subnet).

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address. . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled . . . . . . . : NoAutoconfiguration Enabled. . . : YesIPv4 Address . . . . . . . : 192.168.1.102(Preferred)Subnet Mask . . . . . . . : 255.255.255.0Default Gateway. . . . . . . . . : 192.168.2.1DNS Servers. . . . . . . . . . . : 192.168.2.20 What is the most likely cause of the problem? Incorrect subnet mask Incorrect default gateway Incorrect IP address Incorrect DNS server address

Incorrect default gateway EXPLANATION In this example, the default gateway address is incorrect. The default gateway address must be on the same subnet as the IP address for the host. The host address is on the 192.168.1.0/24 subnet, but the default gateway address is on the 192.168.2.0 subnet.

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address. . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled . . . . . . . : NoAutoconfiguration Enabled. . . : YesIPv4 Address . . . . . . . : 192.168.1.102(Preferred)Subnet Mask. . . . . . . . : 255.255.0.0Default Gateway . . . . . . : 192.168.1.1DNS Servers . . . . . . . : 192.168.1.20192.168.1.27 What is the MOST likely cause of the problem? Incorrect subnet mask Incorrect default gateway Incorrect DNS server address Incorrect IP address

Incorrect subnet mask EXPLANATION In this example, the network is using a mask of 255.255.255.0 (24-bits), but the workstation is configured to use a mask of 255.255.0.0.

You've configured your organization's DHCP server to dynamically assign IP addresses and changed the default lease time from eight to four days. What impact, if any, will this have on the network? No impact Increased network traffic Decreased network traffic Router performance will improve Network bandwidth will increase

Increased network traffic EXPLANATION Decreasing lease time does slightly increase network traffic because clients have to continually renew their IP addresses. But decreasing the lease time also makes it so that you use your addresses more efficiently. There is no correlation to bandwidth increase or router performance increase.

In the OSI model, which of the following functions are performed at the Application layer? (Select two.) Standard setting for sending and receiving signals. Integration of network functionality into the host operating system. Enabling of communication between network clients and services. Communication setup, maintenance, and teardown. Device control for data transmission rates.

Integration of network functionality into the host operating system. Enabling of communication between network clients and services. EXPLANATION The Application layer enables network services and integrates network functionality into the host operating system. Applications actually run above the OSI Application layer. The setup, maintenance, and teardown of communication happens at the Session layer. The Data Link layer controls the rate of data transmission between hosts (flow control). The Physical layer sets standards for sending and receiving electrical signals between devices.

Which of the following is true about an unmanaged switch? It can connect to all devices in a small area. It supports link aggregation. It allows port configuration. It is capable of VLAN creation.

It can connect to all devices in a small area. EXPLANATION An unmanaged switch is faster and more economical than a managed switch and can connect all devices within a small area, like a home or small office. Managed switches allow VLAN creation for segmentation; unmanaged switches do not. Managed switches support link aggregation; unmanaged switches do not. Managed switches allow port configuration; unmanaged switches do not.

Which of the following statements about Dynamic Host Configuration Protocol (DHCP) are true? (Select two.) It cannot be configured to assign the same IP address to the same host each time it boots. It is only used to deliver IP addresses to hosts. It can deliver other configuration information in addition to IP addresses. IP addresses cannot be excluded from a range of delivered addresses. A DHCP server assigns addresses to requesting hosts.

It can deliver other configuration information in addition to IP addresses. A DHCP server assigns addresses to requesting hosts. EXPLANATION DHCP servers deliver IP addresses as well as other host configuration information to network hosts. DHCP can be configured to assign any available address to a host, or it can assign or exclude a specific address on a specific host.

Which of the following BEST describes how a switch functions? It connects multiple cable segments (or devices) and forwards frames to the appropriate segment. It connects multiple cable segments (or devices) and broadcasts frames to all of its ports. It connects multiple segments of different architectures. It translates frames and broadcasts them to all of its ports. It connects multiple segments of different architectures. It translates frames and forwards them to the appropriate segment.

It connects multiple cable segments (or devices) and forwards frames to the appropriate segment. EXPLANATION Switches have multiple ports and can connect multiple segments or devices. The switch forwards frames to the appropriate port. They function similarly to a hub, except instead of sending packets to all ports, switches send packets only to the destination computer's port. A bridge is a device that connects two (or more) media segments on the same subnet. It filters traffic between both segments based on the MAC address in the frame.

Which of the following statements accurately describe how a modem works? (Select two.) It modulates digital data from a telephone network into analog data that a PC can use. It demodulates analog data from a telephone network into digital PC data. It demodulates analog PC data into digital data that can be transmitted through a telephone network. It communicates over a telephone network using digital signals. It modulates digital data from a PC into analog data and transmits it on a telephone network.

It demodulates analog data from a telephone network into digital PC data. It modulates digital data from a PC into analog data and transmits it on a telephone network. EXPLANATION Modem is shorthand for modulator/demodulator. A modem's job is to convert (or modulate) digital data from a PC into analog telephone signals and transmit them through a telephone network. Modems also receive analog data from the telephone network and convert (or demodulate) it into digital PC data.

Which of the following is true about an NIDS? It can access encrypted data packets. It detects malicious or unusual incoming and outgoing traffic in real time. It can analyze fragmented packets. It can monitor changes that you've made to applications and systems.

It detects malicious or unusual incoming and outgoing traffic in real time. EXPLANATION An NIDS (network-based intrusion detection system) detects malicious or unusual incoming and outgoing traffic in real time. An NIDS cannot analyze encrypted data or analyze fragmented packets. An HIDS (host-based intrusion detection system) can monitor changes that you've made to applications and systems

Which of the following are true of the IS-IS routing protocol? (Select two.) It divides large networks into areas. It uses bandwidth and delay for the metric. A router is the boundary between one area and another. It is a classful protocol. It is best suited for small networks. It supports IPv6 routing.

It divides large networks into areas. It supports IPv6 routing. EXPLANATION IS-IS (Intermediate System to Intermediate System) is a link state routing protocol used for routing within an AS. IS-IS is classless and uses relative link cost for the metric. Large networks are divided into areas, and IS-IS is best suited for large, private networks. A network link is the boundary between one area and another.

Which of the following are characteristics of a coaxial network cable? (Select two.) The conductors within the cable are twisted around each other to eliminate crosstalk. It has a conductor made from copper in its center. It is composed of four pairs of 22-gauge copper wire. It uses two concentric metallic conductors. It uses RJ45 connectors.

It has a conductor made from copper in its center. It uses two concentric metallic conductors. EXPLANATION Coaxial cable is composed of a central copper conductor surrounded by an insulator, which is then surrounded by a second metallic mesh conductor. The name coaxial is derived from the fact that both of these conductors share a common axis. Both ends of a coaxial cable must be terminated. Twisted pair is composed of four pairs of 22-gauge copper wire. The wires are twisted to reduce crosstalk, and they use RJ45 connectors.

Which of the following are true about a MAC address? (Select two.) It is a 48-bit address. It is a 64-bit address. It is typically represented by octets of decimal numbers between 0-255. It is typically represented by hexadecimal numbers. It is a 32-bit address.

It is a 48-bit address. It is typically represented by hexadecimal numbers. EXPLANATION A MAC address identifies a network adapter's physical address. It's a 12-digit (48-bit) hexadecimal number with each number ranging from 0-9 or A-F. The address is often written as 00-B0-D0-06-BC-AC or 00B0.D006.BCAC. However, dashes, periods, and colons can be used to divide it as well. An IPv4 address is 32 bits and uses octets of decimal numbers between 0-255. An IPv6 address is a 64-bit address that uses 32 hexadecimal numbers.

Which of the following is true about Network Address Translation? It cannot forward DNS requests to the internet. It allows external hosts to initiate communication with internal hosts. It provides end-device to end-device traceability. It supports up to 5,000 concurrent connections.

It supports up to 5,000 concurrent connections. EXPLANATION Hosts on a private network share the IP address of the NAT router. NAT works by translating private addresses NAT supports up to 5,000 concurrent connections. This can consume processor and memory resources, but allows one NAT router to translate for a large network. Network address translation can forward DNS requests to the internet. NAT does not provide end-device to end-device traceability, but this also provide some security to hosts within the private network as their IP addresses are not shared publicly. NAT does not allow external hosts to initiate communication with internal hosts. All communication is through the NAT router.

Which of the following is true about single-mode fiber optic network cabling? Its central core is smaller than the standard multi-mode fiber optic cabling core. It's optimized for 850 nm and 1300 nm light sources. It's less expensive than multi-mode fiber optic cabling. It has shorter segment lengths than multi-mode fiber optic cabling.

Its central core is smaller than the standard multi-mode fiber optic cabling core. EXPLANATION Single-mode fiber optic cabling provides one path (or mode) for light to travel. It supports longer transmission distances than multi-mode fiber optic cabling, and it's also more expensive. Single-mode cabling also has a central core that's much smaller than the standard multi-mode fiber optic cabling core. Single-mode fiber cabling is optimized for 1310 nanometer (nm) and 1550 nm light sources.

Which recommendation should you follow while using 110 blocks for connecting Cat5 and higher data cables? Connect wires using the T568B standard. Connect wires using the T568A standard. Use C-5 connectors. Keep wire pairs twisted up to within one half of an inch of the connector.

Keep wire pairs twisted up to within one half of an inch of the connector. EXPLANATION When you use Cat5 (or higher) wiring, preserve the twists in each wire pair to within one half of an inch of the connecting block. Use C-4 connectors to connect four pairs of wires. When connecting data wires on a 110 block, you typically connect wires in the following order: White wire with a blue stripe followed by the solid blue wire. White wire with an orange stripe followed by the solid orange wire. White wire with a green stripe followed by the solid green wire. White wire with a brown stripe followed by the solid brown wire. T568A and T568B are used to connect wires within an RJ45 connector when making drop cables.

At which OSI model layer does a media converter operate? Layer 1 Layer 2 Layer 3 Layer 4

Layer 1 EXPLANATION A media converter operates at Layer 1 of the OSI model, which is the Physical layer. The media converter translates frames into bits and transmits them on the transmission medium. At Layer 2, the MAC address is added to make the data into a frame. At Layer 3, the IP address is added to the packet. At Layer 4, the port and socket number are assigned.

Workstation3 has started communicating with Workstation2. It sends a frame to the default gateway. Identify the Layer 2 and Layer 3 addresses used by the Cisco 2600 router to forward the data to Workstation2 by dragging the corresponding address from the list on the left to its location on the right. Layer 2 source address Layer 3 source address Layer 2 destination address Layer 3 destination address

Layer 2 source address - 000b5f2a2222 Layer 3 source address - 192.168.11.11 Layer 2 destination address - 080046987654 Layer 3 destination address - 192.168.10.12 EXPLANATION The Cisco 2600 router is the default gateway. When it receives a frame from Workstation3, it examines the Layer 3 address in the packet to locate the destination device. Then it creates a new frame and modifies the source and destination Layer 2 addresses (MAC addresses) as follows: The source Layer 2 address is its own MAC address on the same segment as the destination device, which is 000b5f2a222. The destination Layer 2 address is the MAC address of the destination device, which is 080046987654. The source and destination Layer 3 addresses (IP addresses) do not change. The source IP address is the IP address of Workstation3, which is 192.168.11.11. The destination IP address is the IP address of Workstation2, which is 192.168.10.12.

Workstation2 needs to send data to Workstation3. Identify the Layer 2 and Layer 3 addresses Workstation2 will use to send the data by dragging the corresponding address from the list on the left to its location on the right. Layer 2 source address Layer 3 source address Layer 2 destination address Layer 3 destination address

Layer 2 source address - 080046987654 Layer 3 source address - 192.168.10.12 Layer 2 destination address - 000b5f2a2222 Layer 3 destination address - 192.168.11.11 EXPLANATION Workstation2 will use the following addresses to send the data: The source Layer 2 address is its own MAC address, which is 080046987654. The source Layer 3 address is its own IP address, which is 192.168.10.12. The destination Layer 2 address is the MAC address of the default gateway router, which is 000b5f2a2222. The MAC address is the address of the interface connected to the same subnet as Workstation2. The destination Layer 3 address is the IP address of the destination device (Workstation3), which is 192.168.11.11.

On your network, you have a VLAN for the sales staff and a VLAN for the production staff. Both need to be able to communicate over the network. Which of the following devices would work BEST for communication between VLANs? Load balancer Layer 3 switch Layer 2 switch Repeater

Layer 3 switch EXPLANATION A Layer 3 switch can route between VLANs. A load balancer is a network device that distributes incoming HTTP requests. It does not route between VLANs. A Layer 2 switch cannot route between VLANs. A repeater is a network device that boosts, or forwards, wireless signals from the router to cover a larger area.

As a network administrator, you have 10 VLANs on your network that need to communicate with each other. Which of the following network devices is the BEST choice for allowing communication between 10 VLANs? Layer 3 switch Load balancer Repeater Layer 2 switch

Layer 3 switch EXPLANATION A Layer 3 switch is the best network device to provide communication between 10 VLANs. Providing communication between VLANs is one of the most important functions of this type of switch. A repeater is a network device that boosts, or forwards, wireless signals from the router to cover a larger area. A load balancer is a network device that distributes incoming HTTP requests. A Layer 2 switch cannot perform inter-VLAN routing.

You're troubleshooting an IP addressing issue, and you issue a command to view the system's TCP/IP configuration. The command you use produces the following output: fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet6 fe80::2a0:83ff:fe30:57a%fxp0 prefixlen 64 scopeid 0x1inet 192.168.1.235 netmask 0xfffffc00 broadcast 255.255.255.255ether 00:a0:83:30:05:7amedia: Ethernet autoselect (100baseTX <full-duplex>)status: activelo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7inet 127.0.0.1 netmask 0xff000000 Which of the following operating systems are you working on? Windows Server 2019 Linux Windows 10 Windows Server 2016

Linux EXPLANATION The output shown is from the ifconfig command run on a Linux system. Keep in mind that while you can still use ifconfig, the ip command has essentially replaced ifconfig as the Linux tool for configuring network adapters. The equivalent command on Windows 10, Windows 2019, and Windows Server 2016 is ipconfig.

Which of the following features does UDP provide? (Select two.) Low overhead Connectionless datagram services Packet acknowledgement Data packet sequencing Lost packet retransmission

Low overhead Connectionless datagram services EXPLANATION UDP is a connectionless protocol used by applications that need low overhead and don't require guaranteed delivery. TCP provides data packet sequencing, packet acknowledgement, and lost packet retransmission.

An attacker hides his computer's identity by impersonating another device on a network. Which of the following attacks did the attacker MOST likely perform? DTP attack ARP spoofing attack MAC spoofing attack VLAN hopping attack

MAC spoofing attack EXPLANATION In a MAC spoofing attack, an attacker hides his or her computer's identity by changing the source MAC address on frames to make it look like their computer is actually a different computer. A DTP attack is an attack that takes advantage of the Dynamic Trunking Protocol to allow unauthorized devices on to a network. An ARP spoofing attack is an attack that associates an attacker's MAC address with the IP address of a victim's device. VLAN hopping is an attack focused on gaining access to traffic on another VLAN without using a router.

Which of the following terms identifies the wiring closet in the basement or ground floor that typically includes the demarcation point? Horizontal cross connect 110 block IDF MDF

MDF EXPLANATION The main distribution frame (MDF) is the main wiring point for a building. The MDF is typically located on the bottom floor or basement. The LEC typically installs the demarc to the MDF. An intermediate distribution frame (IDF) is a smaller wiring distribution point within a building. IDFs are typically located on each floor directly above the MDF, but you can place additional IDFs on each floor as necessary. A horizontal cross connect joins wiring closets on the same floor. A smart jack is a special loopback plug installed at the demarcation point for a WAN service. Technicians at the central office can send diagnostic commands to the smart plug to test connectivity between the central office and the demarc. Use 66 and 110 blocks to connect individual wires within a wiring closet.

Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all. Commonly sold at retail stores. Provides port security features. Supports VLANs. Provides very few configuration options. Can be configured over a network connection. Can be configured over a dedicated communication channel.

Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all. Commonly sold at retail stores. - Unmanaged switch Provides port security features. - Managed switch Supports VLANs. - Managed switch Provides very few configuration options. - Unmanaged switch Can be configured over a network connection. - Managed switch Can be configured over a dedicated communication channel. - Managed switch EXPLANATION You cannot configure the low-end switches available from many retail stores. These are called unmanaged switches. To implement an unmanaged switch, you simply plug it in to a power outlet and connect your network devices with UTP cables. While unmanaged switches are convenient and easy to implement, they lack many of the advanced management and security features available on managed switches. For example, managed switches provide port security and support VLANs.

You have a server that has a 100BaseFX network interface card you need to connect to a switch. The switch only has 100BaseTX switch ports. Which device should you use? Hub Media converter Repeater Bridge

Media converter EXPLANATION Use a media converter to convert from one media type to another within the same architecture. Use a bridge to connect two devices that use different network architectures. For example, you can use a bridge to connect a wired network to wireless clients. A hub or repeater connects devices using the same media type.

Which of the following is the protocol used for address resolution when you switch from IPv4 to IPv6? ARP CSMA/CD Auto-MDIX NDP

NDP EXPLANATION Neighbor Discovery Protocol (NDP) is the protocol that replaced ARP in IPv6 and is used for address resolution. Address Resolution Protocol (ARP) is used for address resolution with IPv4. Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is a protocol used to prescribe what to do when a data channel is in use on a half-duplex device. Auto-MDIX, or auto-medium dependent crossover, is a line-sensing port that automatically decides which type of cable configuration is needed for a connection.

You have a network that uses a logical ring topology. How do messages travel through the network? Messages are sent to a central device that forwards them to the destination devices. Messages travel from one device to the next until they reach the destination device. Messages are sent directly to the destination device only. Messages are sent to all devices connected to the network.

Messages travel from one device to the next until they reach the destination device. EXPLANATION In a logical ring topology, messages travel to each device in turn. If the message isn't intended for that device, the message is forwarded to the next device on the network. Messages sent using a physical bus topology are broadcast to all devices on the network. The device in the middle of the star topology, which is typically a hub, receives the message and forwards it on to all other devices.

You have a server at work with a custom application installed. Connections to the server that use the custom application must use IPv6, but the server is currently running IPv4. You're the only person who connects to the server, and you always use your Linux laptop for the connection. Your laptop supports both IPv4 and IPv6, but the rest of your company network runs only IPv4. You need a cost-effective solution to allow your laptop to connect to the server. Your solution must also support communication through NAT servers. Which client software should you use to connect to the server? Miredo 6to4 ISATAP 4to6

Miredo EXPLANATION On Linux, Miredo client software is used to implement Teredo tunneling. Teredo tunneling establishes a tunnel between individual hosts. Hosts must be dual-stack hosts so that they can tunnel IPv6 packets inside of IPv4 packets. Teredo works with NAT. ISATAP and 6to4 tunneling both require at least one router. You only need to tunnel between two individual computers. 4to6 tunneling is used to send IPv4 traffic through an IPv6 network by encapsulating IPv4 packets within IPv6 packets.

Which of the following address types shares multiple hosts and groups of computers that receive the same data stream? Broadcast Multicast Unicast Half-duplex

Multicast EXPLANATION A multicast address is an address that identifies a group of computers. Members of the group share the same multicast address. A unicast address is an address that identifies a single host. A broadcast address is an address that's sent to all hosts. Broadcast traffic is typically only forwarded with one subnet, but not between two. A half-duplex address uses a separate channel for sending and receiving, but the channels are shared by multiple devices and can only be used by one single device at a time.

Which type of address is the IP address 232.111.255.250? Broadcast Private Multicast Unicast

Multicast EXPLANATION The address 232.111.255.250 is a multicast address. A multicast address is an address that identifies a group of computers. Members of the group share the same multicast address, and multicast addresses are in the range of 224.0.0.0 to 239.255.255.255. A unicast address is an address that identifies a single host. A broadcast address is an address that is sent to all hosts. Broadcast addresses are the last possible address on a subnet (typically ending in 255). The private IPv4 address ranges are: 10.0.0.1 to 10.255.255.254 172.16.0.1 to 172.31.255.254 192.168.0.1 to 192.168.255.254

Which address type do people use to support video conference calls consisting of multiple participants? Multicast Anycast Unicast Loopback

Multicast EXPLANATION Unified communication (UC) systems typically use unicast network transmissions. An example of a unicast transmission is a one-on-one VoIP phone call. UC systems also support multicast transmissions. Examples of a multicast transmission are conference phone calls or video conference calls consisting of multiple users. The anycast address is a unicast address that's assigned to more than one interface, typically belonging to different hosts. The local loopback address for the local host is 0:0:0:0:0:0:0:1 (also identified as ::1 or ::1/128).

You want to measure the voltage, amps, and ohms of various devices. Which tool should you use? Toner probe Certifier Multimeter Voltage event recorder

Multimeter EXPLANATION A multimeter is a device that tests various electrical properties. For example, most multimeters can measure: AC and DC voltage Current (amps) Resistance (ohms) Capacitance Frequency A voltage event recorder tracks voltage conditions on a power line. Basic recorders keep track of the occurrence of under- or over-voltage conditions, while more advanced devices track conditions over time and create a graph, saving data from a program running on a computer. A toner probe is two devices used to trace the end of a wire from a known endpoint onto the termination point in the wiring closet. A cable certifier is a multi-function tool that verifies or validates that a cable or an installation meets the requirements for a specific architectural implementation.

Which of the following BEST describes port aggregation? Multiple ports linked together and used as a single logical port. IEEE network standard 802.3. A priority-based flow control that allows you to prioritize network traffic. Multiple VLANs traveling through a single port.

Multiple ports linked together and used as a single logical port. EXPLANATION Multiple ports linked together and used as a single logical port is called link aggregation. Multiple VLANs traveling through a single port is called port tagging or port trunking. The 802.3 IEEE network standard refers to an 802.3 Ethernet network. The IEEE standard for prioritized flow control is 802.1Qbb. It is not port aggregation itself.

Which of the following is a method that allows you to connect a private network to the internet without obtaining registered addresses for every host? NAT EIGRP OSPF BGP

NAT EXPLANATION Network Address Translation (NAT) is a method that transfers private addresses to a NAT router's public address. This allows you to connect a private network to the internet without obtaining registered addresses for every host. OSPF (Open Shortest Path First) is a dynamic routing protocol that operates within a single autonomous system. EIGRP (Enhanced Interior Gateway Routing Protocol) is a dynamic routing protocol for sharing routing information with other routers on the same autonomous system. BGP (Border Gateway Protocol) is an exterior gateway protocol that manages the routing between autonomous systems.

You have a network that's connected using a physical bus topology. One of the cables that connects a workstation to the bus breaks. Which of the following BEST describes the effect that this will have on network communications? All devices except the device connected with the drop cable will be able to communicate. All devices will be able to communicate. Only devices on one side of the break will be able to communicate with each other, while only devices on the other side of the break will be able to communicate with each other. No devices will be able to communicate. Devices on one side of the break will be able to communicate with each other, while devices on the other side will not be able to communicate.

No devices will be able to communicate. EXPLANATION A break in the network bus means that the end of the network bus is no longer terminated. For this reason, a break in the bus typically means that no devices can communicate. Identifying the location of the break is difficult on a true bus network.

You're installing network wiring for a new Ethernet network at your company's main office building. The project specifications call for Cat 5e UTP network cabling and RJ45 wall jacks. Near the end of the project, you run out of wire before the last few runs are complete. You have a spool of Cat 3 network cable in storage. Upon closer inspection, it appears very similar to the Cat 5e wiring. To finish the project, should you use the Cat 3 cabling as a substitute for the Cat 5e cabling? No. Cat 5e cabling uses a thicker copper wire than Cat 3 cabling, enabling higher data transmission rates. No. Cat 5e cabling has more twists per inch than Cat 3 cabling, reducing crosstalk and supporting higher data rates. No. The sheath surrounding Cat 5e cabling is much thicker than the Cat 3 sheath, creating an extra layer of shielding that reduces crosstalk and supports higher data rates. Yes. You can use Cat 3 cabling as a substitute for Cat 5e cabling since they're electrically identical.

No. Cat 5e cabling has more twists per inch than Cat 3 cabling, reducing crosstalk and supporting higher data rates. EXPLANATION While Cat 3 and Cat 5e cabling may appear physically similar, they're electrically different. Cat 5e cabling is twisted much more tightly than Cat 3 cabling. This reduces crosstalk and enables Cat 5e wiring to support much faster data transmission rates.

You are configuring a switch so that you can manage it using PuTTY from the same network segment. On the switch, you enter the following commands: switch#config terminalswitch(config)#interface vlan 1switch(config-if)#ip address 192.168.1.10 255.255.255.0 Will this configuration work? Yes. The switch can now be accessed by PuTTY using the IP address 192.168.1.10. No. The switch needs to obtain an IP address from the DHCP server using the ip address dhcp command. No. The no shutdown command needs to be entered. No. The ip default-gateway command needs to be set.

No. The no shutdown command needs to be entered. EXPLANATION By default, the Vlan1 interface is set to administratively down, preventing remote access. Use the following commands to configure the switch's IP address and allow remote management: switch#config terminalswitch(config)#interface vlan 1switch(config-if)#ip address 192.168.1.10 255.255.255.0switch(config-if)#no shutdown Because the switch is being accessed from the same network segment, the ip default-gateway command doesn't need to be used. The ip address dhcp command only allows the switch to obtain an IP address using DHCP.

You're building a new network for a small financial services startup company. Security is paramount, so each organization within the company will have their own network segments separated by routers. Funds are limited, and you've been asked to keep costs to a minimum. You've acquired a used fiber optic switch, and you want to use it to create a fiber optic backbone that interconnects all of the routers. You've purchased several used multi-mode GBIC modules on eBay that you'll install on each router to allow them to connect to the switch. Both the switch and the GBIC modules use MTRJ connectors. You've purchased several used 1-meter, multi-mode patch cables from Amazon. But when they arrived, you noticed that they use LC connectors. Fortunately, with some force, you found that you're able to get the LC connectors on the cables to lock into the MTRJ connectors on the GBIC modules and on the switch. Will this implementation work? No. You should use a specialized backbone fiber optic switch to create a backbone network for routers. No. You should purchase patch cables that use MTRJ connectors. Yes. All of the requirements for implementing a fiber optic network have been met. No. You should use single-mode patch cables to connect a GBIC module to a switch.

No. You should purchase patch cables that use MTRJ connectors. EXPLANATION For light to pass through a fiber optic connector, the fiber within the jack must line up perfectly with the fiber in the connector. Using the wrong connector will result in misaligned fibers. This will disrupt the light signal, even if you're able to successfully lock the connector into the jack. In this scenario, you should purchase patch cables that use MT-RJ connectors.

You're building a new network for a small financial services startup company. Security is paramount, so each organization within the company will have its own network segment separated by a router. However, funds are limited, and you've been asked to keep costs to a minimum. You've acquired a used fiber optic switch, and you want to use it to create a fiber optic backbone that interconnects all of the routers. You've purchased several used single-mode GBIC modules on eBay that you'll install on each router to allow them to connect to the switch. Both the switch and the GBIC modules use MTRJ connectors. You connect each module to the switch with 1-meter multimode patch cables. Will this implementation work? No. You shouldn't use multi-mode patch cables with single-mode GBIC modules. No. You should purchase fiber optic equipment that use FC connectors. No. You shouldn't use standard fiber optic switches to create a backbone network for routers. Yes. All of the requirements for implementing a fiber optic network have been met.

No. You shouldn't use multi-mode patch cables with single-mode GBIC modules. EXPLANATION Some GBIC/SFP modules use multi-mode fiber, while others use single-mode. You must use the correct type of fiber optic cable and connector required by the specific adapter. You can't mix and match different types of cable. In this scenario, connecting a single-mode GBIC to multi-mode fiber will introduce a catastrophic signal loss of up to 99%.

Which of the following is required to establish a new network switch and configure its IP address for the first time? In-band management Client-to-site VPN Out-of-band management Site-to-site VPN

Out-of-band management EXPLANATION Out-of-band management is required when you establish a new network switch and configure its IP address for the first time. A client-to-site VPN is a connection where remote clients connect to the server through the internet and to a LAN behind a server. In-band management can only be used after the switch has been configured with an IP address and authentication information through out-of-band management. A site-to-site VPN is a connection between networks that creates a secure link through VPN gateways.

Which of the following methods is best to have when a network goes down? Site-to-site VPN In-band management Out-of-band management Client-to-site VPN

Out-of-band management EXPLANATION Out-of-band management uses a dedicated communication channel that can be used to reach network nodes even when the network goes down. In-band management requires no physical connection. If the network goes down, this method will no longer be connected, either. A client-to-site VPN is a connection where remote clients connect to the server through the internet and to a LAN behind the server. If the network goes down, there will be no connection with a client-to-site VPN. A site-to-site VPN is a connection between networks that creates a secure link through VPN gateways. This connection would also be lost if the network goes down.

Which IDS type can alert you to trespassers? VMIDS NIDS HIDS PIDS

PIDS EXPLANATION A PIDS (perimeter intrusion detection system) can alert you to physical trespassers. VMIDS, NIDS, and HIDS are IDS types. However, they cannot alert you to physical trespassers.

Which of the following is a firewall function? Encrypting Frame filtering Packet filtering FTP hosting

Packet filtering EXPLANATION Firewalls often filter packets by checking each one against a set of administrator-defined criteria. If a packet is not accepted, it is simply dropped.

What do you need to configure on a firewall to allow traffic directed to the public resources on the screened subnet? Packet filters FTP VPN Subnet

Packet filters EXPLANATION Packet filters on a firewall allow traffic directed to the public resources inside the screened subnet. Packet filters also prevent unauthorized traffic from reaching the private network. A subnet is used to segment a network. A VPN (virtual private network) provides a secure outside connection to an internal network's resources. A VPN does not need to be configured on the firewall to allow traffic to the public resources on the screened subnet. FTP (File Transfer Protocol) is a protocol that's used to transfer files. You do not need to configure this on the firewall to allow traffic to the public resources on the screened subnet.

Which options are you able to set on a firewall? (Select three.) Packet source address Acknowledgement number Port number Packet destination address Checksum Sequence number Digital signature

Packet source address Port number Packet destination address EXPLANATION Firewalls allow you to set filters by source or destination IP address and port number. They do not filter by checksum, acknowledgement number, sequence number, or digital signature.

Your manager has asked you to implement a wired network infrastructure that will accommodate failed connections. You don't have a large budget, so you decide to provide redundancy for only a handful of critical devices. Which of the following network topologies should you implement? Bus Star Full mesh Partial mesh

Partial mesh EXPLANATION In a partial mesh topology, only some redundant paths exist. A partial mesh topology is more practical and less expensive than a full mesh topology. In a full mesh topology, every device has a point-to-point connection with every other device. This provides full redundancy, but it's expensive and impractical. A star topology connects network devices to the network with a single patch cable. A patch cable failure makes the connected device unavailable. A bus topology has a single point of failure. If there's a break in the network media, the network becomes unavailable.

You've implemented a network where each device provides all other devices on the network with access to shared files. Which type of network do you have? Client-server Multiple access Polling Peer-to-peer

Peer-to-peer In a peer-to-peer network, each host can provide network resources to other hosts or access resources located on other hosts, and each host is in charge of controlling access to those resources. In a client/server network, hosts have specific roles. For example, some hosts are assigned server roles, which allow them to provide network resources to other hosts. Other hosts are assigned client roles, which allow them to consume network resources. Polling is a media access method where a single device grants permission to other devices to access the network. Multiple access describes a media access method where each device determines when the medium is free.

Which of the following are included as part of the Data Link layer specifications? (Select two.) Digital data conversion Physical network device identification Physical topology Data transmission between hosts Cable and connector specifications

Physical network device identification Data transmission between hosts EXPLANATION The Data Link layer controls device identification on networks, as well as how messages travel through the network (the logical topology). The other functions listed here are performed by the Physical layer.

You're adding new wires in your building for some new offices. The building has a false ceiling that holds the lights and provides an air path for heating and air conditioning. You'd like to run your Ethernet cables in this area. Which type of cable must you use? Plenum-rated cable Cat 5e or Cat 6a cables Fiber optic cables STP cables

Plenum-rated cable EXPLANATION Plenum-rated cable is fire resistant and non-toxic. You must use plenum-rated cable to wire in air spaces used by heating and air conditioning systems. Cat 5e cables provide better EMI protection than Cat 5 cables, and Cat 6a cables are an improvement over Cat 6 specifications. However, neither of these qualities are a requirement for use in a ceiling area. If an area has a lot of EMI, you might consider using STP or fiber optic cables, but this isn't a requirement in a ceiling area. Typically, you can avoid EMI sources by re-routing cables.

You have a large Power over Ethernet flat screen that you are installing in a conference room that requires 70 watts of power. Which of the following IEEE standards does your PoE switch need to provide power for the flat screen? PoE++ Type 3 PoE++ Type 4 PoE+ PoE

PoE++ Type 4 EXPLANATION You would need PoE++ Type 4, which provides up to 71. 3 watts of power. PoE provides up to 15.4 watts of power and would not be sufficient to power the flat screen. PoE+ provides up to 25.5 watts of power and would not be sufficient to power the flat screen. PoE++ Type 3 provides up to 51 watts of power and would not be sufficient to power the flat screen.

You are preparing to attach wires in a 110 block. You want to connect the wires and trim off the excess at the same time. Which of the following should you do? (Select two.) Use a punch down tool with a straight blade. Point the cut side of the tool towards the wire end. Point the cut side of the tool toward the connected end of the wire. Use a punch down tool with a notched blade. Use the end without a cutting blade.

Point the cut side of the tool towards the wire end. Use a punch down tool with a notched blade. EXPLANATION Use a punch down tool to connect wires to a 110 or 66 block. When using a punch down tool, choose the right blade for the job: Use a notched blade for a 110 block. Use a straight blade for a 66 block. For both blade types, you can use the end without a cutting blade if you want to punch down without cutting the wire. When using the cutting blade, point the cut side of the punch down tool toward the wire's end that you want to trim.

Listed below are several DNS record types. Match each record type on the left with its function on the right. Points a hostname to an IPv4 address Provides alternate names to hosts that already have a host record Points an IP address to a hostname Points a hostname to an IPv6 address Identifies servers that can be used to deliver mail

Points a hostname to an IPv4 address - A Provides alternate names to hosts that already have a host record - CNAME Points an IP address to a hostname - PTR Points a hostname to an IPv6 address - AAAA Identifies servers that can be used to deliver mail - MX EXPLANATION Records are used to store entries for hostnames, IP addresses, and other information in the zone database. Below are some common DNS record types: The A record maps an IPv4 (32-bit) DNS hostname to an IP address. This is the most common resource record type. The AAAA record maps an IPv6 (128-bit) DNS hostname to an IP address. The PTR record maps an IP address to a hostname. In essence, it points to an A record. The MX record identifies servers that can be used to deliver email. The CNAME record provides alternate names (or aliases) to hosts that already have a host record. Using a single A record with multiple CNAME records means that when the IP address changes, only the A record needs to be modified.

Your organization's management wants to monitor all the customer services calls. The calls are taken on VoIP phones. Which of the following configurations would BEST help you set up a way to monitor the calls? Port mirroring Spanning Tree Protocol Priority-based flow control LACP

Port mirroring EXPLANATION Port mirroring provides copies of packets from a selected port for monitoring and analysis. LACP is Link Aggregation Control Protocol. It allows you to link up to eight ports together to act as a single logical port. Spanning Tree Protocol is a protocol designed to prevent looping in network traffic. Priority-based flow control is protocol that allows you to prioritize traffic on your network by category.

Which of the following switch features allows you to configure how the switch's MAC address table is filled? Port mirroring Spanning Tree Protocol Port security Auto-negotiation

Port security EXPLANATION Port security allows you to choose from dynamic locking, static locking, or a combination of both to fill the MAC address table. This is done to protect the switch from MAC flooding and other vulnerabilities. Port mirroring provides copies of packets from a selected port for monitoring and analysis. Auto-negotiation is a default setting on Ethernet devices in which connected devices communicate to select the speed, duplex, and flow control parameters for their transmissions.

Which statements accurately describe the port states of both bridges and switches? (Select two.) Ports in a blocked state still receive BPDUs. In the learning state, the MAC address table cannot be populated because the port is blocked. In the learning state, the MAC address table can be populated, but frames are not forwarded. Ports in a blocked state cannot receive BPDUs. In the learning state, all ports are in a forwarding state.

Ports in a blocked state still receive BPDUs. In the learning state, the MAC address table can be populated, but frames are not forwarded. EXPLANATION The following are true for both bridges and switches: In the learning state, ports do not forward frames but still populate the MAC address table based on received frames. In the blocking state, ports receive BPDUs but do not forward frames. In the listening state, all ports are blocked.

Match each layer of the TCP/IP model on the left with the corresponding layer of the OSI model on the right. Each option on the left can be used more than once. Presentation layer Data Link layer Application layer Session layer Network layer Transport layer

Presentation layer - Application Data Link layer - Network Application layer - Application Session layer - Application Network layer - Internetwork Transport layer - Transport EXPLANATION The TCP/IP model maps to the OSI model as follows: The Application layer corresponds to the OSI model's Session, Presentation, and Application layers. The Transport layer matches the OSI model's Transport layer. The Internetwork layer is comparable to the OSI model's Network layer. The Network layer (sometimes called the Link layer) corresponds to the OSI model's Physical and Data Link layers.

CorpServ is a small company with 14 client systems and a network printer. Because there are only a limited number of network systems, you decide to use APIPA addressing. With APIPA configured, all the systems are able to communicate with each other, but you're having trouble configuring internet access. What is the MOST LIKELY cause of the problem? Private addresses cannot directly communicate with hosts outside the local subnet. All client systems must be rebooted. The default gateway is not set on the client systems. The DNS server is unavailable to resolve internet host names.

Private addresses cannot directly communicate with hosts outside the local subnet. EXPLANATION APIPA assigns private addresses that are designed for use on single-subnet networks that do not use routers. If you require internet access, APIPA cannot be used to provide clients direct access to the internet. APIPA is enabled by default and will assign an address if the DHCP server is unavailable. APIPA assigns only an IP address and subnet mask. A default gateway and DNS server are not required to access network resources.

You are managing a network and have used firewalls to create a screened subnet. You have a web server that internet users need to access. It must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) Put the database server on the private network. Put the database server inside the screened subnet. Put the database server and the web server inside the screened subnet. Put the web server inside the screened subnet. Put the web server on the private network.

Put the database server on the private network. Put the web server inside the screened subnet. EXPLANATION Publicly accessible resources (servers) are placed inside the screened subnet. Examples of publicly accessible resources include web, FTP, or email servers. Devices that should not be accessible to public users are placed on the private network. If you have a public server that communicates with another server (such as a database server), and that server shouldn't have direct contact with public hosts, place it on the private network and only allow traffic from the public server to cross the inner firewall. Placing the database server and the web server inside the screened subnet would not provide the necessary traffic flow.

You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) Put the web server inside the screened subnet. Put the web server on the private network. Put the database server outside the screened subnet. Put the database server on the private network. Put the database server inside the screened subnet.

Put the web server inside the screened subnet. Put the database server on the private network. EXPLANATION Publicly accessible resources (servers) are placed inside the screened subnet. Examples of publicly accessible resources include web, FTP, and email servers. Devices that should not be accessible to public users are placed on the private network. If you have a public server that communicates with another server (such as a database server) and that server should not have direct contact with public hosts, place the server on the private network and allow only traffic from the public server to cross the inner firewall.

What is the main difference between RIP and RIPv2? RIP is a classful protocol, while RIPv2 is a classless protocol. RIP has a limit of 15 hops, while RIPv2 increases the hop count limit. RIP use hop count for the metric, while RIPv2 uses a relative link cost. RIP is a distance vector protocol, while RIPv2 is a link state protocol.

RIP is a classful protocol, while RIPv2 is a classless protocol. EXPLANATION RIPv1 is a classful protocol, meaning that the subnet mask is not included in routing updates. With RIP, only the default subnet mask is used to identify networks. RIPv2 is a classless protocol, meaning that the subnet mask is included in routing updates. RIPv2 supports variable-length subnet masks (VLSM). Both RIP and RIPv1 are distance vector protocols and use hop count for the metric. RIP and RIPv2 have a limit of 15 hops between any two networks.

Which of the following connectors is used with Ethernet 100BaseTX networks? ST GG45 BNC RJ45

RJ45 EXPLANATION RJ45 connectors are used with Ethernet 100BaseTX networks. RJ11 connectors are used with phone, dial-up internet, and DSL modem connections. BNC connectors are used with coaxial cable. GG45 connectors are used with Cat 7 cables and support 10-Gbps Ethernet (10GBASE-T).

Which of the following connector types would you most likely use to connect to a T1 WAN service? RJ11 RJ45 RJ48c GG45

RJ48c EXPLANATION An RJ48c connector is similar to an RJ45 connector, but it has different pin-outs. RJ48c connectors are commonly used for T1 WAN connections. RJ45 connectors are used for Ethernet. RJ11 connectors are used for dial-up (modem) connections and some DSL connections. GG45 are used with Cat 7 cabling.

Which of the following standards does a rollover cable typically use? RG58 RJ11 RG6 RS232

RS232 EXPLANATION A rollover cable typically has a serial connector on one end and an RJ45 connector on the other end. RS232 is the standard for serial communications. RJ11 connectors are used for analog telephone lines. RG6 and RG58 are coaxial cable standards.

What is the process of a DNS server asking other DNS servers to perform name resolution known as? Dynamic DNS Forward lookup zone Reverse lookup zone Recursive lookup

Recursive lookup EXPLANATION When a computer's hostname is used to request a website or network device, recursion is employed to find the IP address. A recursive lookup is the process of a DNS server asking other DNS servers to perform name resolution. The forward lookup zone matches the hostname to the IP address. A reverse lookup zone matches the IP address to the hostname. Dynamic DNS (DDNS) enables clients or the DHCP server to update records in the zone database automatically. This occurs whenever an IP address lease is created or renewed.

If dynamic DNS is in use, which of the following events causes a dynamic update of the host records? (Select two.) Add a CNAME record to the DNS server. Renew the DHCP server's IP address lease. Clear the browser cache on a workstation. Add an MX record to the DNS server. Enter the ipconfig /registerdns command on a workstation.

Renew the DHCP server's IP address lease. Enter the ipconfig /registerdns command on a workstation. EXPLANATION Dynamic DNS (DDNS) enables clients or the DHCP server to update records in the zone database automatically. Dynamic updates occur when: A network host's IP address is added, released, or changed. The DHCP server changes or renews an IP address lease. The client's DNS information is manually changed using the ipconfig /registerdns command. Clearing a browser's cache has no effect on DNS records. Because you need to manually add and create MX and CNAME records, they have no effect on DDNS.

You are the network administrator for a large hospital. One of your users, Suzie, calls you stating that she is unable to access any network resources. After some initial troubleshooting, you realize that her computer is using the IP address 169.254.0.52. You've confirmed that the network's physical connection is connected properly. Which of the following should you do next? Ping the gateway. Renew the IP address. Reboot the DNS server. Reboot the DHCP server.

Renew the IP address. EXPLANATION In this scenario, the first step would be to attempt to renew the IP address. If the device is unable to pull a new IP address on the subnet, that might indicate an issue with the DHCP server itself or the DHCP configuration. Rebooting the DHCP server is not an appropriate next step in this scenario. This would take down the entire network. You need to perform more troubleshooting before getting to this step. Rebooting the DNS server would not be appropriate in this scenario as DNS has nothing to do with APIPA addressing. Pinging the gateway would not be appropriate in this scenario. As this is a large network, the gateway device is most likely not responsible for handing out IP addresses.

A user from the sales department calls to report that he is experiencing problems connecting to the sales file server. All users in the sales department connect to this server through a single Ethernet switch. No other users have reported problems connecting to the sales server. Which of the following troubleshooting actions are you MOST likely to perform first? Reinstall the network card drivers on the sales server. Replace the Ethernet switch in the sales department. Replace the network card in the sales server. Replace the network card in the user's computer.

Replace the network card in the user's computer. EXPLANATION In this scenario, you are most likely to replace the network card in the user's computer. As there is only one user experiencing the problem, you are unlikely to replace the network card in the server or replace the Ethernet switch. For the same reason, you are also unlikely to replace the network card drivers on the server. If more than one user were experiencing the problem, any of these options could be a valid troubleshooting step.

Which of the following DHCP scope options assigns a static IP configuration to a device using that device's MAC address? IP range Exclusion Default gateway Reservation

Reservation EXPLANATION Reservations are static IP addresses that are not dynamically assigned by the DHCP server. Reservations are assigned by the DHCP server using the device's MAC address. Whenever the device with the specified MAC address connects to the network, the DHCP server assigns it the reserved static IP configuration. Exclusions are IP addresses that the DHCP server does not assign. The IP range defines the range of IP addresses that the DHCP server can assign. The default gateway defines where data packets that are leaving the network should go.

Based on the diagram, which type of proxy server is handling the client's request? Open proxy server Reverse proxy server Forward proxy server Circuit-level proxy server

Reverse proxy server EXPLANATION A reverse proxy server handles requests from the internet to an internal network. Instead of requests for a server going directly to the server, they first go to the reverse proxy server. A forward proxy server handles requests from an internal network out to the internet. An open proxy server is accessible to any user on the internet and is used to forward requests to and from anywhere on the internet. A circuit-level proxy server is typically used as a stateful firewall to allow or deny sessions.

Which of the following topologies connects each device to a neighboring device? Bus Mesh Star Ring

Ring EXPLANATION In ring topologies, each device connects to a neighboring device so that a ring is formed. The bus topology connects all devices to a trunk cable. A star topology uses a hub or switch to connect all network connections to a single physical location. A mesh topology exists when there are multiple paths between any two nodes on a network.

You are a network technician for a small consulting firm. Many users have reported issues with accessing the network. After some initial troubleshooting, you discover that many devices have the same IP address assigned or incorrect IP configurations. Which of the following would be the MOST likely cause for this? Rogue DNS server Exhausted DHCP scope Rogue DHCP server Incorrect default gateway

Rogue DHCP server EXPLANATION In this scenario, a rogue DHCP server would be the most likely cause for the duplicate and incorrect IP configurations. A rogue DHCP server is an unauthorized DHCP server. When a rogue DHCP server exists on a network, some hosts will receive configuration information from the correct DHCP server and others from the rogue one. This will lead to conflicting and incorrect IP configurations. Exhausted DHCP scope means that all the addresses within the DHCP scope were depleted. Consequently, a legitimate user is denied an IP address requested through DHCP and isn't able to access the network. This would not cause duplicate or incorrect IP configurations. The gateway is responsible for routing traffic between networks. This would not cause duplicate or incorrect IP configurations. DNS is responsible for translating hostnames to IP addresses. This would not cause duplicate or incorrect IP configurations.

You have purchased a new router that you need to configure. You need to connect a workstation to the router's console port to complete the configuration tasks. Which type of cable would you most likely use? Rollover Straight-through RG6 Crossover

Rollover EXPLANATION Use a rollover cable to connect a workstation to the console port on a router or switch. The rollover cable has an RJ45 connector on one end to connect to the console port. The other end has a serial connector to connect to the workstation's serial port. You then run a terminal emulation program on the workstation to connect to the console on the router or switch in order to perform configuration and management tasks. Use a straight-through or crossover Ethernet cable to connect devices using the Ethernet RJ45 ports. An RG6 cable is a coaxial cable.

In the OSI model, what is the primary function of the Network layer? Ensure that packets are delivered with no loss or duplication. Transmit data frames. Route messages between networks. Enable communication between network clients and services.

Route messages between networks. EXPLANATION The Network layer is responsible for routing messages between networks. The Transport layer provides a transition between the upper and lower layers of the OSI model. The Data Link layer defines how to verify that data received from the Physical layer is error free (using parity and cyclic redundancy check [CRC]).

Which of the following BEST describes dynamic routing? Routers learn about networks by sharing routing information with each other. Routing entries are manually added to routing tables. Routing is done between autonomous systems. Routing is done within an autonomous system.

Routers learn about networks by sharing routing information with each other. EXPLANATION In dynamic routing, routers dynamically learn about networks by sharing routing information with other routers through dynamic routing protocols. Dynamic routing protocols automatically add entries to the routing table. Interior routing is done within an autonomous system. With interior routers, you own and control the router, determine where routers are located, and control the interfaces that connect the routers to your system. Static routing entries are manually added to the routing table. Static entries remain in the routing table until they are manually removed. Exterior routing is done between autonomous systems. In most organizations, exterior routing is limited to a single router that connects the organization's network to the internet via an ISP. This router is often called a border router or an edge router.

Routing data between computers on a network requires several mappings between different addresses. Which of the following statements is true? Routers use ARP to resolve known IP addresses into MAC addresses. ICMP lets routers bypass the general network broadcast by providing a dynamic table of IP-to-MAC address mappings. Diskless workstations use ARP to ask a server for an IP address. Routers use DNS to resolve MAC addresses of diskless workstations into IP addresses based on the information contained in other routers' routing tables.

Routers use ARP to resolve known IP addresses into MAC addresses. EXPLANATION ARP lets routers resolve known IP addresses into MAC addresses by broadcasting requests to the network. DNS is used to map hostnames to IP addresses. ARP is used to map IP addresses to MAC addresses. Diskless workstations use BOOTP to discover their IP address, the server's IP address, and the boot files they should use. ICMP notifies routers of problems on the network and undeliverable packets.

You have a Windows Server 2016 system that you want to use as a DHCP relay agent. Which Windows Server 2016 service would you use to do this? Routing and Remote Access DNS SMB Internet Information Services (IIS) Manager

Routing and Remote Access EXPLANATION On Windows Server 2016, you configure and enable the DHCP relay agent role with the Routing and Remote Access service. Before you can use a Windows server as a DHCP relay agent, you must install the Routing and Remote Access service (RRAS). IIS is a commonly used web server that runs on Windows. A DNS server resolves easy-to-use domain names, such as google.com or amazon.com, into numerical IP addresses that computers understand. An SMB (Server Message Block) server provides shared resources, like folders, files, and printers, to network hosts.

You are unsure if the gateway address is correct for one of your subnetworks because traffic is not leaving the network. Which of the following tables could you look at to check if the gateway address is correct? ARP table MAC address table Routing table State table

Routing table EXPLANATION Routing tables contain gateway address information. MAC address tables, IP address tables, and state tables do not contain gateway address information. MAC address tables contain information about source MAC addresses and destination MAC addresses. ARP tables contain neighbor information and link MAC addresses to IP addresses. Stateful devices keep track of the state of network connections, like TCP streams in a state table.

You want a switch to have the ability to modify the media type the switch port supports. Which type of module might you use to make this possible? MAC SFP QSFP ARP GBIC

SFP GBIC EXPLANATION Older network adapters used an external transceiver that matched the media type. While nearly all current network adapters come with a built-in transceiver type, new devices, such as switches and routers, use transceiver modules that allow you to modify a port's media type by changing the transceiver. There are several types of transceiver modules. A GBIC (gigabit interface converter) is a large transceiver that fits in a port slot. GBICs are used for Gigabit media, including copper and fiber optic. An SFP (small form-factor pluggable) is similar to a GBIC but is smaller in size. An SFP is sometimes called a mini-GBIC. An XFP transceiver is similar in size to an SFP, but it's used for 10-gigabit networking. QSFP (a quad, or 4-channel, small form-factor pluggable) is a compact hot-pluggable transceiver that's also used for data communication applications. A Media Access Control (MAC) address is a unique identifier burned into the ROM of every Ethernet NIC. A host uses ARP to discover a device's MAC address from its IP address.

Your company has just acquired another company in the same city. You need to integrate the two email systems so that messages can be exchanged between email servers. Currently, each network uses an email package from a different vendor. Which TCP/IP protocol enables message exchange between systems? SMTP IMAP4 ICMP POP3

SMTP EXPLANATION Simple Mail Transfer Protocol (SMTP) specifies how messages are exchanged between email servers. Email clients use POP3 and IMAP4 to download email messages from email servers. ICMP (Internet Control Message Protocol) is used with ping and traceroute to communicate network information.

Which of the following connectors usually require polishing as part of the assembly process? (Select two.) BNC F-type RJ45 ST SC

ST SC EXPLANATION The fiber optic cable assembly process is more complex than other assemblies. It's necessary to polish the exposed fiber tip to ensure that light is passed from one cable to the next with minimal dispersion.

Which of the following uses access control lists (ACLs) to filter packets as a form of security? Screened subnet Screened-host gateway Dual-homed gateway Screened router

Screened router EXPLANATION A screening router is the router that is most external to the network and closest to the internet. It uses access control lists (ACLs) to filter packets as a form of security. A dual-homed gateway is a firewall device that typically has three network interfaces. One is connected to the internet, one is connected to the public subnet, and one is connected to the private network. A screened-host gateway resides within the screened subnet, requiring users to authenticate to access resources within the screened subnet or the intranet. A screened subnet uses two firewalls. The external firewall is connected to the internet and allows access to public resources. The internal firewall connects the screened subnet to the private network.

Which of the following can serve as a buffer zone between a private, secured network and an untrusted network? Screened subnet Intranet Padded cell Extranet

Screened subnet EXPLANATION A screened subnet is a network that's placed between a private, secured network and the internet (untrusted network) to grant external users access to internally controlled services. In essence, it serves as a buffer zone for your network. An intranet is a private network that happens to employ internet information services. An extranet is a division of a private network that's accessible to a limited number of users, such as business partners, suppliers, and certain customers. A padded cell is an intrusion detection countermeasure that's used to delay intruders enough to record meaningful information about them for discovery and prosecution.

Which of the following is another name for a firewall that performs router functions? Screened-host gateway Dual-homed gateway Screened subnet Screening router

Screening router EXPLANATION A firewall performing router functions is considered a screening router. A screening router is the router that is most external to your network and closest to the internet. It uses access control lists (ACLs) to filter packets as a form of security. A dual-homed gateway is a firewall device that typically has three network interfaces. One is connected to the internet, one is connected to the public subnet, and one is connected to the private network. A screened-host gateway resides within the screened subnet, requiring users to authenticate in order to access resources within the screened subnet or the intranet. A screened subnet uses two firewalls. The external firewall is connected to the internet and allows access to public resources. The internal firewall connects the screened subnet to the private network.

Which of the following will not function properly if there is a time mismatch error? Security certificates Windows login Program installation Event logging

Security certificates EXPLANATION If there is a time mismatch error, security certificates suspect malicious behavior and block connections. Event logging still functions properly if a system's time is off. Program installation and logging into Windows are not affected by time mismatch errors.

What is the first thing a device does when it connects to a network? Sends a DHCP Discover packet Sends a DHCP Offer packet Sends a DHCP Request packet Sends a DHCP ACK packet

Sends a DHCP Discover packet EXPLANATION When a device first connects to a network, it sends out a DHCP Discover packet. This packet is a UDP broadcast sent out on port 67 to all the devices on the network, asking if there's a DHCP server available. All the other answers occur later in the DHCP process.

Which of the following connectors is typically used for the ends of a rollover cable? Serial F-type RJ11 BNC RJ45

Serial RJ45 EXPLANATION A rollover cable has a serial connector on one end and an RJ45 connector on the other end. Alternatively, a rollover cable might have an RJ45 connector on both ends and use a serial converter to convert from the RJ45 connector to a serial connector. BNC and F-type connectors are used with coaxial cables. RJ11 connectors are used for telephones.

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database? Stateful inspection-based IDS Heuristics-based IDS Signature-based IDS Anomaly analysis-based IDS

Signature-based IDS EXPLANATION A signature-based IDS, or pattern matching-based IDS, is a detection system that searches for intrusion or attack attempts by recognizing patterns that are listed in a database. A heuristics-based IDS is able to perform some level of intelligent statistical analysis of traffic to detect attacks. Anomaly analysis-based IDSs look for changes in the normal patterns of traffic. Stateful inspection-based IDSs search for attacks by inspecting packet contents and associating one packet with another. These searches look for attacks in overall data streams rather than individual packets.

You are the network administrator for a small consulting firm. You've set up an NTP server to manage the time across all the machines in the network. You have a computer that's experiencing a slight time drift of just a few seconds. Which time correction should you use to fix the system's clock? Skew Slew Jitter Slam

Slew EXPLANATION If time is off by just a few seconds, slewing is better for putting it back on track. Slewing is a slower, methodical method of correcting the time, but the risk of problems occurring is much less. Slamming is used if the time is off by quite a bit and slewing will take too long. While this is a quick and immediate fix, slamming can cause some programs to function improperly. Jitter refers to small, rapid variations in a system's clock. Skew measures the difference (in hertz) between a clock's actual frequency and the frequency necessary to keep a more accurate time.

Users report that the internet is no longer accessible. You suspect that the line connecting your building to the internet isn't working properly. Which of the following allows the service provider to remotely test the local loop? Horizontal cross connect Smartjack Demarc extension Demarc

Smartjack EXPLANATION A smartjack is a special loopback plug installed at a WAN service's demarcation point. Technicians at the central office can send diagnostic commands to the plug to test connectivity between the central office and the demarc. The demarcation point (demarc) is the line that marks the boundary between telco equipment and the private network or telephone system. A demarc extension extends the demarcation point from its original location to another location within the building. A horizontal cross connect connects wiring closets on the same floor.

You manage a single subnet with three switches. The switches are connected to provide redundant paths between themselves. Which feature prevents switching loops and ensures that there is only a single active path between any two switches? Spanning Tree 802.1x PoE Trunking

Spanning Tree EXPLANATION Spanning Tree is a protocol on a switch that allows it to maintain multiple paths between other switches within a subnet. Spanning Tree runs on each switch and is used to select a single path between any two switches. Without this protocol, switches that are connected with multiple links would form a switching loop, where frames are passed back and forth continuously. 802.1x is an authentication protocol used with port security (or port authentication). Power over Ethernet (PoE) supplies power to end devices through the RJ45 Ethernet switch port. Trunking identifies ports that are used to carry VLAN traffic between switches. A trunk port is a member of all VLANs defined on all switches.

You are configuring the DHCP relay agent role on a Windows server. Which of the following is a required step for the configuration? Connect an RFC 1542-compliant router to the Windows server. Specify which server network interface the agent listens on for DHCP messages. Use the ip helper-address command to specify the remote DHCP server. Configure the Windows server to be on the same subnet as the DHCP server.

Specify which server network interface the agent listens on for DHCP messages. EXPLANATION When you configure the DHCP relay agent role, you need to specify which server network interface the agent will listen on for DHCP messages. The ip helper-address command is used to configure DHCP relay on Cisco routers, not Windows servers. An RFC 1542-compliant router is not necessary for DHCP relay when you use a Windows server DHCP relay agent. Configuring the Windows server to be on the same subnet as the DHCP server would prevent it from being able to relay DHCP messages from a different subnet.

You manage a network that uses IPv6 addressing. When clients connect devices to the network, they generate an interface ID and use NDP to learn the subnet prefix and default gateway. Which IPv6 address assignment method is being used? Static partial assignment Static full assignment Stateless autoconfiguration Stateful DHCPv6

Stateless autoconfiguration EXPLANATION With stateless autoconfiguration, clients automatically generate an interface ID and learn the subnet prefix and default gateway through Neighbor Discovery Protocol (NDP). With static full assignment, the entire 128-bit address and all other configuration information is statically assigned. Static partial assignment generates the interface ID from the MAC address, and clients are statically assigned the prefix. Stateful DHCPv6 is when the DHCP server provides each client with an IP address, default gateway, and other IP configuration information.

You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers? Overloading Static Dynamic Restricted

Static EXPLANATION Static translation consistently maps an unregistered IP address to the same registered IP address on a one-to-one basis. Static NAT is particularly useful when a device needs to be assigned the same address so it can be accessed from outside the network. This works well for web servers and other similar devices. Dynamic translation would not work for these servers because it maps an unregistered host IP address to any available IP address configured in a pool of one or more registered IP addresses. Accessing a server assigned one of these addresses would be nearly impossible because the addresses are still shared by multiple hosts.

Which of the following NAT implementations maps a single private IP address to a single public IP address on the NAT router? Many-to-one NAT Static NAT IP masquerade Dynamic NAT

Static NAT EXPLANATION Static NAT maps a single private IP address to a single public IP address on the NAT router. IP masquerade and many-to-one NAT are simply different names for Dynamic NAT. Dynamic NAT automatically maps internal IP addresses with a dynamic port assignment. In this implementation, many internal private IP addresses are mapped to one public IP address on the NAT router.

You have a small network with three subnets, as shown in the exhibit. IP addresses for each router interface are also indicated in the exhibit. How many IP addresses that you can assign to hosts remain on each subnet? SubnetA = 253, SubnetB = 4, SubnetC = 29 SubnetA = 254, SubnetB = 6, SubnetC = 30 SubnetA = 61, SubnetB = 0, SubnetC = 5 SubnetA = 125, SubnetB = 0, SubnetC = 13 SubnetA = 62, SubnetB = 0, SubnetC = 6 SubnetA = 126, SubnetB = 2, SubnetC = 14

SubnetA = 125, SubnetB = 0, SubnetC = 13 EXPLANATION The scenario asks you how many addresses remain that can be assigned to hosts. In this scenario, remember to remove the following addresses from each range: The subnet address The broadcast address Addresses assigned to the router interfaces (For SubnetA and SubnetC, one address is assigned. For SubnetB, two addresses have been assigned.) The following mask values provide for the following number of hosts: A mask of /25 provides 126 host addresses, with one of those being used by the router. A mask of /30 provides for two host addresses, with both addresses being used by routers. A mask of /28 provides for 14 host addresses, with one of those being used by the router.

Which of the following best describes the purpose of using subnets? Subnets let you connect a private network to the internet. Subnets combine multiple IP network addresses into one network address. Subnets divide an IP network address into multiple network addresses. Subnets place each device within its own collision domain.

Subnets divide an IP network address into multiple network addresses. EXPLANATION Subnets divide an IP network address into multiple network addresses. This allows you to have several smaller networks while using only one network address. With supernetting, multiple smaller subnets are combined into a single larger subnet. With modern switched networks, each switch port represents its own collision domain. Network Address Translation (NAT) allows you to connect a private network to the internet.

In which type of device is a MAC address table stored? Repeater Switch Router Hub

Switch EXPLANATION A Layer 2 switch stores MAC addresses in a table, which the switch uses to know where to forward frames. A router is a Layer 3 device and stores ARP tables, not MAC address tables. A hub cannot learn or store MAC addresses. They are Layer 1 devices. A repeater is a Layer 1 device that boosts a signal by electrically amplifying it. A repeater does not store MAC address tables.

Which of the following is a communication device that connects other network devices through cables and receives and forwards data to a specified destination within a LAN? Router Hub Access point Switch

Switch EXPLANATION A switch is a communication device that connects other network devices through cables and receives and forwards data to a specified destination within a LAN. A router is a communication device that connects computer networks and receives and forwards data through the internet. A hub is a communication device that connects other devices on a network, but hubs broadcast all incoming data to all active ports. An access point is a network connector that provides wireless signals for other devices.

Angela is the network administrator for a rapidly growing company with a 100BaseT network. Users have recently complained about slow file transfers. While checking network traffic, Angela discovers a high number of collisions. Which connectivity device would BEST reduce the number of collisions and allow future growth? Switch Hub Bridge Router

Switch EXPLANATION A switch would be the best choice in this situation. A bridge would segment traffic and reduce collisions, but it would be harder to maintain and harder to add new bridges as the network grows. A router would also allow growth and reduce collisions, but switches can provide those benefits at a lower cost per port and offer more administration options. A hub is not a good choice in this scenario.

Which of the following switch attacks bypasses the normal functions of a router to communicate between VLANs and gain unauthorized access to traffic on another VLAN? ARP spoofing Switch spoofing MAC spoofing Dynamic Trunking Protocol attack

Switch spoofing EXPLANATION Switch spoofing, also known as VLAN spoofing, is an attack that bypasses the normal functions of a router to communicate between VLANs and gain unauthorized access to traffic on another VLAN. It does this by taking advantage of a switch's default setting called dynamic auto or dynamic desirable. The attacker uses this function to imitate a trunking switch and gain access to the traffic on multiple VLANs. VLAN, or switch, spoofing is a method of VLAN hopping. MAC spoofing is changing the source MAC address on frames. The attacker's system sends frames with the spoofed MAC address. The switch reads the source address contained in the frames and associates the MAC address with the port where the attacker is connected. ARP spoofing/poisoning associates the attacker's MAC address with the IP address of a victim's device. Switches have the ability to automatically detect trunk ports and negotiate the trunking protocol used between devices. Dynamic Trunking Protocol is not secure and allows unauthorized devices to modify configuration information.

Which of the following can cause broadcast storms? Switching loops Duplicate IP addresses Routing loops Duplicate MAC addresses

Switching loops EXPLANATION Switching loops can cause broadcast storms. The broadcast packets are forwarded to each port on each switch. The switches will then rebroadcast the packets endlessly and flood the network. Duplicate MAC addresses, duplicate IP addresses, and routing loops do not cause broadcast storms.

In which of the following tables does a NAT router store port numbers and their associated private IP addresses? Routing table MAC address table ARP table Translation table

Translation table EXPLANATION A NAT router stores port numbers and their associated private IP addresses in a translation table. NAT uses this table to know which host to send the incoming traffic to. A routing table is for routing packets from one network to another. A MAC address table is used by Ethernet switches to know where to forward traffic within a network segment. An ARP table associates MAC addresses with IP addresses.

You are the network administrator for a small consulting firm. Users are complaining that they are unable to reach network resources. After some troubleshooting, you've confirmed that the DHCP server is down. Your network devices should be receiving an APIPA address so that they can at least communicate on the internal network, but many devices are not receiving this address. Which of the following is the MOST likely reason the devices are not receiving their APIPA addresses? Alternate IP addresses need to be configured. APIPA is not enabled. The DNS lease has not expired. The DHCP lease has not expired.

The DHCP lease has not expired. EXPLANATION In this scenario, the most likely reason that some devices are not receiving an APIPA address is because their DHCP lease is still active. Many devices retain their DHCP assigned address until their current lease expires. DNS would not be applicable to this scenario. APIPA does not need to be enabled. An alternate IP address does not need to be configured for APIPA.

You are the network administrator for a large hospital. One of your users, Suzie, calls you stating that she is unable to access any network resources. After some initial troubleshooting, you realize that her computer is using the IP address 169.254.0.52. You've performed the following troubleshooting steps so far: Verified physical network connection Attempted to renew the IP address Discovered other devices are experiencing the same issue Which of the following is the MOST likely cause for Suzie's issue? The DNS server is misconfigured or down. The gateway router is down. The computer is assigned a static IP address. The DHCP server is misconfigured or down.

The DHCP server is misconfigured or down. EXPLANATION In this scenario, the most likely cause is that the DHCP server is down or misconfigured. The fact that other computers are experiencing the same issue shows that this is a network-wide issue. This would indicate an issue with the DHCP server. The DNS server or gateway router would have no bearing on this issue. The computer has most likely not been assigned a static IP address. While this could be an issue, the fact that all the other devices are experiencing the same problem indicates that this is not the problem.

After you install a new DHCP server on your network, you need to verify that the network devices are receiving IP addressing via DHCP. You reboot a Windows 10 client system and, using the ipconfig /all command, receive the following information: After you install a new DHCP server on your network, you need to verify that the network devices are receiving IP addressing via DHCP. You reboot a Windows 10 client system and, using the ipconfig /all command, receive the following information: Ethernet adapter Local Area Connection 1:Description . . . . . . . . . . . : Intel(R) Ethernet ConnectionPhysical Address. . . . . . . . . : 02-00-4C-4F-3F-50DHCP Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesAutoconfiguration IPv4 Address. . : 169.254.25.129Subnet Mask . . . . . . . . . . . : 255.255.0.0Default Gateway . . . . . . . . . :DNS Servers . . . . . . . . . . . : Which of the following statements are true? (Select two). The client system is configured to use DHCP. DHCP is disabled on the client system. The network is configured to use static IP addressing. The network subnet mask is incorrect. The client system is unable to reach the DHCP server. The default gateway address needs to point to the DHCP server.

The client system is configured to use DHCP. The client system is unable to reach the DHCP server EXPLANATION A system configured as a DHCP client will attempt to locate a DHCP server during the boot process. If the client system is unable to locate the DHCP server and obtain IP information, an APIPA address is used. The client also configures itself with a Class B subnet mask of 255.255.0.0. The output from the ipconfig command shows that the client system has been configured to receive IP information from a DHCP server. As such, the client system attempted to locate the DHCP server. When it couldn't, it received the APIPA address of 169.254.25.129 and a subnet mask of 255.255.0.0. The default gateway does not have to be present to access a DHCP server.

A switch receives a frame with a destination MAC address that is not found in its MAC address table. What happens next? The frame is replicated and sent to every active port on the switch. The frame is rejected and returned to the source host. The frame stops at the switch and is not forwarded until the destination MAC address is manually added to the MAC address table. The frame is replicated and sent to every active port on the switch except the source port.

The frame is replicated and sent to every active port on the switch except the source port. EXPLANATION When a switch receives a frame with a destination MAC address that is not found in its MAC address table, the switch replicates the frame and sends it to every active port on the switch except the source port. The frame is replicated, but it is not sent to every active port on the switch. It is sent to every one except the port the frame came from. The frame is not rejected and returned. The frame does not stop at the switch until the destination MAC address is manually added to the table.

Which IP address do broadcast messages use? 224.0.0.1 224.0.0.0 The last valid IP address on the subnet The first valid IP address on the subnet

The last valid IP address on the subnet EXPLANATION We use broadcast messages to send data to all the hosts on the subnet. The last IP address on the subnet is reserved for broadcast messages. The first valid IP address on a subnet is reserved for the network ID. 224.0.0.1 is used for the query messages from routers. The 224.0.0.0 address range is reserved for local subnets.

On a typical network, what happens if a client attempts to receive DHCP configuration from a DHCP server that's located on a different subnet? The client will not send a DHCP request. The DHCP request is automatically forwarded to the server. The router drops the DHCP request. The request needs to be manually forwarded to the server.

The router drops the DHCP request. EXPLANATION When a DHCP server is on a different network, the router drops the packet because routers do not forward broadcast packets to other networks. DHCP requests are not automatically forwarded to another network. You need to configure a DHCP relay agent for this. Clients still send out DHCP requests even if they do not know where the DHCP server is. DHCP requests are not manually forwarded.

Which of the following describes the worst possible action by an IDS? The system correctly deemed harmless traffic as inoffensive and let it pass. The system detected a valid attack and the appropriate alarms and notifications were generated. The system identified harmless traffic as offensive and generated an alarm. The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts. EXPLANATION The worst possible action an IDS can perform is identifying harmful traffic as harmless and allowing it to pass without generating any alerts. This condition is known as a false negative. Positive traffic assessment means that the system detected a valid attack and the appropriate alarms and notifications were generated. Negative traffic assessment means that the system correctly deemed harmless traffic as inoffensive and let it pass. False positive traffic assessment means that the system identified harmless traffic as offensive and triggered an alarm.

Which of the following are characteristics of an MTRJ fiber optic connector? (Select two.) They must never be used with single-mode fiber optic cables. They use metal guide pins to ensure accurate alignment. They're called push-in-and-twist connectors. They use a keyed bayonet. They can be used with multi-mode fiber optic cables.

They use metal guide pins to ensure accurate alignment. They can be used with multi-mode fiber optic cables. EXPLANATION MTRJ connectors can be used with either multi-mode or single-mode fiber optic cabling. The connector is made from plastic and uses metal guide pins to ensure that it's properly aligned in the jack. ST has a keyed bayonet connector and is called a push-in-and-twist connector.

What is it called when a system's clock begins to be off by a few seconds or even minutes? Slew Slam Dispersion Time drift

Time drift EXPLANATION Time drift is when a system's clock begins to be off by a few seconds or minutes. Using Network Time Protocol (NTP) can help reduce the risk of time drift. Slewing is an NTP correction method where the time is adjusted a few milliseconds at a time until it's correct again. Slamming is an NTP correction method where the time is hard reset to the correct time. Dispersion measures how scattered the time offsets (in seconds) are from a given time server

You are the network administrator for a consulting firm. A website that users on your network visit has a habit of frequently changing its IP address. When these IP mappings change, users are unable to connect until you clear the DNS cache. Which of the following settings should you configure so that the cache does not need to be manually cleared every time? Time to live Reverse lookup zone Forward lookup zone CNAME record

Time to live EXPLANATION Because IP mappings can change frequently, you should configure the DNS time to live (TTL). When the TTL expires, the recursive server clears its cache. The next time the site is requested, the recursive process repeats. The forward lookup zone matches the hostname to the IP address. This is not necessary in this scenario. A reverse lookup zone matches the IP address to the hostname. This is not necessary in this scenario. The CNAME record provides alternate names (or aliases) to hosts that already have a host record. Using a single A record with multiple CNAME records means that when the IP address changes, only the A record needs to be modified. This is not necessary in this scenario.

Which device sends signals from a computer onto a network? Gateway Cable Transceiver Router

Transceiver EXPLANATION A transceiver (short for transmitter/receiver) sends signals to and receives signals from a network. It translates a computer's parallel data stream to the network's serial data stream, and vice versa. Most transceivers are now built into network interface cards (NICs). A cable transfers the data signals on a network. A router uses its routing table to determine the best route for packets to be sent. A gateway converts data from one protocol or format to another on the network.

You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch in VLAN 1. What should you configure to allow communication between these two devices through the switches? Layer 3 switching Trunking Spanning Tree Bonding

Trunking EXPLANATION A trunk port connects two switches together. Typically, Gigabit Ethernet ports are used for trunk ports, although any port can be a trunking port. A trunk port is a member of all VLANs and carries traffic between the switches. With trunking, frames that are sent over a trunk port are tagged by the first switch with the VLAN ID so that the receiving switch knows which VLAN the frame belongs to. The trunking protocol describes the format that switches use for tagging frames with the VLAN ID. Because end devices do not understand VLAN tags, the tag is removed from the frame by the switch before the frame is forwarded to the destination device. VLAN tagging is only used for frames that travel between switches on the trunk ports. Use a Layer 3 switch or a router to enable devices in different VLANs to communicate with each other. Spanning Tree is a protocol on a switch that allows it to maintain multiple paths between other switches within a subnet. Spanning Tree runs on each switch and is used to select a single path between any two switches. Bonding allows multiple switch ports to be used at the same time to reach a specific destination.

You have two switches connected together as shown in the following diagram. How many broadcast domains are in the network? Zero One Two Four Five

Two EXPLANATION There are two broadcast domains. Each VLAN is in its own broadcast domain. When you connect devices to a switch, each switch port connection is in its own collision domain. In this graphic, there are five collision domains.

Which of the following protocols does DHCP use when it sends out IP configuration? TCP IP SMTP UDP

UDP EXPLANATION DHCP uses User Datagram Protocol (UDP) when it sends out configuration information to clients. Transmission Control Protocol (TCP) provides services that ensure accurate and timely delivery of network communications between hosts. It is not used to verify if an IP address is currently in use on the network. Internet Protocol (IP) allows devices to communicate across different networks. It is not used to verify if an IP address is currently in use on the network. Simple Mail Transfer Protocol (SMTP) is used to send outgoing emails.

Which of the following time standards does NTP use? PDT EDT CDT UTC

UTC EXPLANATION Network Time Protocol (NTP) uses Coordinated Universal time (UTC) instead of time zones. Each device is responsible for converting the time to the local time zone. The other options are United States time zones: EDT = Eastern Time PDT = Pacific Time CDT = Central Time

Which type of address identifies which single host to send a packet to? Simplex Broadcast Unicast Multicast

Unicast EXPLANATION A unicast address is an address that identifies a single host. A broadcast address is an address that's sent to all hosts. Broadcast traffic is typically only forwarded with one subnet, but not between two. A multicast address is an address that identifies a group of computers. Members of the group share the same multicast address. Simplex communication uses a single channel for both sending and receiving.

You've just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis? Check for backdoors. Modify clipping levels. Generate a new baseline. Update the signature files.

Update the signature files. EXPLANATION Signature recognition (also referred to as pattern matching, dictionary recognition, or misuse detection) looks for patterns in network traffic and compares them to known attack patterns called signatures. Signature-based recognition cannot detect unknown attacks. It can only detect attacks identified by published signature files. For this reason, it's important to update signature files on a regular basis. Anomaly recognition (also referred to as behavioral, heuristic, or statistical recognition) monitors traffic to define a standard activity pattern as normal functionality. Clipping levels or thresholds identify deviations from that norm. When the threshold is reached, the system generates an alert or takes an action.

Which of the following strategies do we use to prevent duplicate IP addresses from being used on a network? (Select two.) Configure a HOSTS file for local IP resolution. Use Automatic Private IP Addressing (APIPA). Set the Windows Network Monitoring utility to identify potential IP conflicts. Install a DHCP server on the network. Configure client systems to use static IP assignment.

Use Automatic Private IP Addressing (APIPA). Install a DHCP server on the network. EXPLANATION To avoid duplicate IP addresses being used by network systems, we utilize automatic IP assignment. Both the DHCP service and APIPA can automatically assign addresses to client systems. Clients configured to use static IP addressing may inadvertently have duplicate IP addresses assigned to them. In such a case, one of the systems will not be able to log onto the network.

Kate, a network administrator, has been tasked with staying within the company budget. She has a large network and doesn't want to spend more than she needs to on purchasing and registering multiple public IP addresses for each of the hosts on her network. Which of the following methods could help her provide internet access but also keep costs low and limit the number of registered IP addresses her organization needs to purchase? Use Layer 3 switches. Use PoE devices. Use Network Address Translation. Use Layer 2 switches.

Use Network Address Translation. EXPLANATION Using NAT will allow the hosts on Kate's network to be private and to utilize just one registered public IP address. Using Layer 2 switches will not impact the public IP address situation. Using Layer 3 switches would only improve the public IP address situation if NAT were implemented on them. Using PoE (Power over Ethernet) devices will not impact the public IP address situation.

You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to the internet users. Which solution should you use? Use firewalls to create a screened subnet. Place the web server and the private network inside the screened subnet. Use a single firewall. Put the web server in front of the firewall and the private network behind the firewall. Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet. Use a single firewall. Put the server and the private network behind the firewall.

Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet. EXPLANATION A screened subnet is a buffer network (or subnet) that sits between a private network and an untrusted network, such as the internet. A common configuration uses two firewalls, with one connected to the public network and one connected to the private network. Publicly accessible resources (servers) are placed inside the screened subnet. Examples of publicly accessible resources include web, FTP, or email servers. Private resources that are not accessible from the internet are placed behind the screened subnet (behind the inner firewall). Placing the web server inside the private network would mean opening ports on the firewall that lead to the private network, which could expose other devices to attacks. Placing the web server outside the firewall would leave it unprotected.

Which of the following are specific to an extended Access control lists? (Select two.) Are used by route maps and VPN filters. Use the number ranges 100-199 and 2000-2699. Are the most used type of ACL. Should be placed as close to the destination as possible. Identify traffic based on the destination address.

Use the number ranges 100-199 and 2000-2699. Are the most used type of ACL. EXPLANATION Standard ACLs: Identify traffic based on the destination address. Are used by route maps and VPN filters. Use the number ranges 1-99 and 1300-1999. Should be placed as close to the destination as possible. Extended ACLs: Are the most used type of ACL. Are used for access rules that permit or deny traffic through a device. Can filter by multiple factors including source protocol, source host name, destination host name, etc. Use the number ranges 100-199 and 2000-2699. Should be placed as close to the source as possible.

Which of the following scenarios would cause a problem in asymmetric routing? Using two routers in the traffic flow. Using a hub in the traffic flow. Using two stateful firewalls in the traffic flow. Using two switches in the traffic flow.

Using two stateful firewalls in the traffic flow. EXPLANATION When you have asymmetrical routing, the outbound traffic would go through one stateful firewall and the inbound traffic would come through the second stateful firewall. The second firewall would drop the packets because it wouldn't have any record of them in its state table. That information would be recorded in the first firewall. Unless you've specifically programmed a hub as stateful, it would not have problems with asymmetrical routing. In general, routers do not have problems with asymmetric routing, regardless of number. Switches do not have problems with asymmetric routing, regardless of number.

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation? VLAN Spanning Tree VPN Port security

VLAN EXPLANATION You should define virtual LANs (VLANs) on the switch. To do so, a port on the switch is associated with a specific VLAN. Only devices connected to ports that are members of the same VLAN can communicate with each other. Routers are used to allow communication between VLANs if necessary. Use a virtual private network (VPN) to connect two hosts securely through an unsecure network (such as the internet). VPN tunneling protocols protect data as it travels through the unsecure network. Spanning Tree is a switch protocol that allows redundant paths between switches. Port security is a method of requiring authentication before allowing a network connection.

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. Which of the following should you use in this situation? Spanning Tree VPN VLAN Port security

VLAN EXPLANATION You should define virtual LANs (VLANs) on the switch. With a VLAN, a switch port is associated with a VLAN, and only devices connected to ports that are members of the same VLAN can communicate with each other. You can use routers to allow communication between VLANs if necessary. Use a virtual private network (VPN) to connect two hosts securely through an unsecure network (such as the internet). VPN tunneling protocols protect data as it travels through the unsecure network. Spanning Tree is a switch feature that allows redundant paths between switches. Port security is a method of requiring authentication before a network connection is allowed.

Which of the following attacks manipulates a switch's auto-negotiation setting to access a virtual local area network that's connected to the same switch as the attacker's virtual local area network? Dynamic Trunking Protocol attack ARP spoofing MAC spoofing VLAN spoofing

VLAN spoofing EXPLANATION VLAN spoofing manipulates a switch's auto-negotiation setting to access a virtual local area network that's connected to the same switch as the attacker's virtual local area network. A DTP attack is an attack that takes advantage of the Dynamic Trunking Protocol to allow unauthorized devices on a network. MAC spoofing is an attack that changes the source MAC address on frames. An ARP spoofing attack is an attack that associates an attacker's MAC address with the IP address of a victim's device.

Which of the following is the BEST solution to allow access to private resources from the internet? Packet filters VPN FTP Subnet

VPN EXPLANATION A VPN (virtual private network) provides a secure, outside connection to an internal network's resources. A VPN server can be placed inside the screened subnet. Internet users have to authenticate to the VPN server to communicate with the private network. Only communications coming through the VPN server are allowed through the inner firewall. Packet filters on a firewall allow traffic directed to the public resources inside the screened subnet. Packet filters also prevent unauthorized traffic from reaching the private network. They do not allow access to private resources from the internet. A subnet is used to segment a network. File Transfer Protocol (FTP) is a protocol used to transfer files. This does not allow access to private resources from the internet.

You have a network that occupies all three floors of a building. The WAN service provider has installed the line in a wiring closet on the main floor. You have a wiring closet on the two remaining floors directly above the wiring closet on the main floor. What would you use to connect the wiring closets together? Vertical cross connect Smart jack Demarc extension Horizontal cross connect

Vertical cross connect EXPLANATION A vertical cross connect joins the main distribution frame (MDF) on the main floor to intermediate distribution frames (IDFs) on upper floors. Cabling runs vertically (up and down) between the MDF and the IDFs. A horizontal cross connect joins IDFs on the same floor. Cabling runs horizontally (sideways) between the IDFs. A smart jack is a special loopback plug installed at the demarcation point for a WAN service. Technicians at the central office can send diagnostic commands to the smart plug to test connectivity between the central office and the demarc. A demarc extension extends the demarcation point from its original location to another location within the building. The demarc extension typically consists of a single wire bundle that attaches to the existing demarc and supplies a termination point to a different location. You might need a demarc extension if your network occupies an upper floor of a building. The LEC typically installs the demarc on the MDF on the bottom floor, and you'll need to install an extension to place the demarc on the IDF on your floor.

For which of the following devices does a voice VLAN prioritize traffic? Bridge Layer 3 switch VoIP phone Hub

VoIP phone EXPLANATION A VoIP phone is a phone that transmits sound over the internet. It works best when a voice VLAN is created to prioritize its traffic. A hub is a device that broadcasts data to every computer that is connected to it. A Layer 3 switch is a device that can provide all the functions of a Layer 2 switch along with routing. A bridge is a device that creates a single network from multiple network segments.

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned both networks. The next hop router for network 192.168.3.0 has changed. You need to make the change with the least amount of effort possible. What should you do? Manually reconfigure the default route to point to the new next hop router. Stop and restart the RIP protocol on the router. Force RIP to perform an immediate update. Wait for convergence to take place.

Wait for convergence to take place. EXPLANATION When you use a routing protocol, changes in routing information take some time to be propagated to all routers on the network. The term convergence is used to describe the condition when all routers have the same (or correct) routing information. Static routes in a routing table must be updated manually. Restarting RIP might actually increase the time required for changes to be learned. Forcing an update (if the router supports it) is not a requirement, as the periodic sharing of routes will eventually update the routing table entry.

Due to wide network expansion, you've decided to upgrade your network by configuring a DHCP server. The network uses Linux, Windows, and Mac OS X client systems. You configure the server to distribute IP addresses from 192.168.2.1 to 192.168.2.100. You use the subnet mask of 255.255.255.0. After you make all the setting changes on the DHCP server, you reboot each client system, but they are not able to obtain an IP address from the DHCP server. Which of the following explains the failure? DHCP does not function in a heterogeneous computing environment. 192.168.x.x requires a Class C subnet mask. You must configure the clients to obtain IP addressing from a DHCP server. You must reboot the DHCP server.

You must configure the clients to obtain IP addressing from a DHCP server. EXPLANATION Once a DHCP server has been configured for the network, each client system has to be told to look for the server to obtain its IP addressing. Selecting DHCP to obtain IP addressing information is typically as easy as selecting a radio button. If the client is not set to DHCP, it will look for a statically assigned IP address. The DHCP service is supported by all major operating systems today. Using DHCP among different client systems would not be a problem. Rebooting the DHCP server would not be helpful if the client systems aren't configured to use the DHCP service.

Which of the following is true about a firewall? Implicit deny is used to deny permissions to a specific user even when the rest of the user's group is allowed access. Firewalls protect against email spoofing attacks. You must manually specify which traffic you want to allow through the firewall. Everything else is blocked. Host-based firewalls and network-based firewalls can be installed separately, but they cannot be placed together to provide multiple layers of protection.

You must manually specify which traffic you want to allow through the firewall. Everything else is blocked. EXPLANATION By default, most firewalls deny all traffic, which is called implicit deny. You must manually specify which traffic you want to allow through the firewall. Everything else is blocked. Explicit deny is used to deny permissions to a specific user even when the rest of the user's group is allowed access. You can use a host-based firewall in addition to a network-based firewall to provide multiple layers of protection. Firewalls do not offer protection against all attacks (such as email spoofing attacks).

In which of the following situations would you MOST likely implement a screened subnet? You want to encrypt data sent between two hosts using the internet. You want users to see a single IP address when they access your company network. You want to protect a public web server from attack. You want to detect and respond to attacks in real time.

You want to protect a public web server from attack. EXPLANATION A screened subnet is a network placed between a private, secured network and the internet to grant external users access to internally controlled services. In essence, it serves as a buffer zone for your network. An intranet is a private network that happens to employ internet information services. An extranet is a division of a private network that's accessible to a limited number of users, such as business partners, suppliers, and certain customers. A padded cell is an intrusion detection countermeasure that's used to delay intruders enough to record meaningful information about them for discovery and prosecution.

Which TCP/IP utility gives you the following output? Interface: 192.168.4.101 on Interface 0x3Internet Address Physical Address Type192.168.1.23 00-d1-b6-b7-c2-af dynamic ipconfig nslookup arp tracert

arp EXPLANATION This output is displayed when you use the arp -a command to look at the ARP cache. Use the nslookup utility to perform manual DNS lookups on Windows. Use ipconfig to view network configuration information on Windows systems. The tracert utility allows you to track a packet's route as it traverses the network.

Which of the following tools would you use to view the MAC addresses associated with IP addresses that the local workstation has contacted recently? netstat arping nbtstat arp

arp EXPLANATION Use the arp command to view the MAC addresses associated with IP addresses that the local workstation has contacted recently. When a workstation uses arp to find an IP address's MAC address, it places that information in its ARP table. Use the arping command to send an ARP request to a specified IP address. arping works much like ping in that the host with the specified IP address responds. netstat shows IP-related statistics (like incoming and outgoing connections) and active sessions, ports, and sockets. nbtstat displays the NetBIOS name tables for both the local and remote computers and the NetBIOS name cache.

Which of the following is the top-level domain in www.testout.com.'s fully qualified domain name (FQDN)? com . (period) testout www

com EXPLANATION com is the top-level domain (TLD) in this example. The TLD is the second level in the DNS hierarchy. TLDs have extensions such as com, edu, org, and others. www is the FQDN's hostname. testout is this FQDN's domain name. The .(period) at the end of the FQDN is the root level.

Consider the following output. ;; res options: init recurs defnam dnsrch;;got answer:;;->>HEADER<<-opcode:QUERY, status; NOERROR,id:4;;flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2, ADDITIONAL:0;;QUERY SECTION:;; westsim111.com, type = A, class = IN;;ANSWER SECTION:westsim111.com. 7h33m IN A 76.141.43.129;;AUTHORITY SECTION:westsim111.com. 7h33m IN NS dns1.deriatct111.com.westsim111.com. 7h33m IN NS dns2.deriatct222.com.;;Total query time: 78 msec;;FROM: localhost.localdomain to SERVER: default -- 202.64.49.150;;WHEN: Tue Feb 16 23:21:24 2005;;MSG SIZE sent: 30 rcvd: 103 Which of the following utilities produced this output? dig nslookup ping nbtstat

dig EXPLANATION The output shown is from the dig command that was run on a Linux system. Although nslookup and dig provide some of the same information, you can tell that this output came from dig because this command produces significantly more detail in its default usage. Use nbtstat to view information on NetBIOS over TCP/IP (NetBT) name resolutions. Use ping to test connectivity between network systems.

You are using Linux and need to perform a reverse lookup of the IP address 10.0.0.3. Which command would you use to accomplish this? (Select two.) arp 10.0.0.3 nslookup 10.0.0.3 dig -x 10.0.0.3 nbtstat -a 10.0.0.3

dig -x 10.0.0.3 EXPLANATION To perform a reverse lookup of the IP address 10.0.0.3 on Linux use the dig -x 10.0.0.3 commands. The ipconfig command is used to perform a forward or reverse DNS lookup. The arp 10.0.0.3 command displays the MAC address of the network host with an IP address of 10.0.0.3. The nbtstat -a 10.0.0.3 command displays the NETBIOS name of the host assigned an IP address of 10.0.0.3.

You've been called in to troubleshoot a connectivity problem on a newly installed Windows Server system. The system is operating well and is able to communicate with other systems on the local network. However, it's unable to access any systems on other segments of the corporate network. You suspect that the system's default gateway parameter hasn't been configured or may be configured incorrectly. Which of the following utilities are you MOST likely to use to view the system's default gateway information? ipconfig tcpdump ifconfig netstat

ipconfig EXPLANATION Use the ipconfig utility to view the TCP/IP configuration of a Windows Server system. The information displayed by ipconfig includes default gateway information. tcpdump is a packet analyzer that runs in a command line utility. Use the ifconfig command to view the TCP/IP configuration on a Linux, Unix, or Macintosh system. Keep in mind that while you can still use ifconfig, the ip command has essentially replaced ifconfig as the Linux tool for configuring network adapters. Use the netstat command to view TCP connection statistics.

You are a network technician for a small consulting firm. One of your responsibilities is to manage the intranet site and configuration. You recently had to update the site's IP mapping due to a server upgrade. A user is having an issue with connecting to the intranet site now. When the user attempts to connect through their web browser, they receive a message that the page cannot be displayed. If you type in the IP address, the page loads fine. Which of the following commands should you use to fix this issue? ipconfig /flushdns ipconfig /registerdns ipconfig /release ipconfig /displaydns

ipconfig /flushdns EXPLANATION In this scenario, the best option is to run the ipconfig /flushdns command. This will remove all entries from the device's DNS resolver cache and force the computer to update the DNS mappings the next time the user attempts to connect to the intranet site. ipconfig /registerdns refreshes all DHCP leases and re-registers DNS names. This command would not fix this user's issue. ipconfig /displaydns displays the contents of the DNS resolver cache. This command would not fix this user's issue. ipconfig /release clears the current IP configuration. This command would not fix this user's issue.

Which of the following commands do you use to clear the local DNS cache? ipconfig /release ipconfig /flushdns dig -x nslookup set type=PTR

ipconfig /flushdns EXPLANATION You use the ipconfig /flushdns command to clear the local DNS cache. Local computers have a cache of recently resolved DNS names that holds the names and matching IP addresses. This is the first place a computer looks to find a DNS name. If the host's IP address has changed, clearing the local DNS cache forces the record to be updated. The ipconfig /release command clears the current IP configuration. This does not clear the local DNS cache. The dig -x command finds the hostname for the queried IP address. The nslookup set type=PTR command specifies a computer name if the query is an IP address. Otherwise, it specifies the pointer to other information.

Which two commands do you use to force a new IP configuration? ipconfig /release ipconfig /flushdns ipconfig /renew ipconfig ipconfig /all

ipconfig /release ipconfig /renew EXPLANATION To force a computer to receive a new IP configuration, you use the ipconfig /release command followed by the ipconfig /renew command. ipconfig /flushdns removes all entries from the DNS resolver cache. ipconfig displays basic IP configuration information. ipconfig /all displays a detailed list of the current IP configuration.

Examine the following output: Active ConnectionsProto Local Address Foreign Address StateTCP SERVER1:1036 localhost:4832 TIME_WAITTCP SERVER1:4798 localhost:1032 TIME_WAITTCP SERVER1:1258 pool-141-150-16-231.mad.east.ttr:24076 CLOSE_WAITTCP SERVER1:2150 cpe-66-67-225-118.roc.res.rr.com:14100 ESTABLISHEDTCP SERVER1:268 C872c-032.cpe.net.cale.rers.com:46360 ESTABLISHEDTCP SERVER1:2995 ip68-97-96-186.ok.ok.cox.net:23135 ESTABLISHED Which of the following utilities produced this output? netstat dig nslookup ifconfig

netstat EXPLANATION The output shown is produced by the netstat command. netstat reports the open TCP/IP ports on the local system, and it also identifies the protocol and remote host connected to that port. This information can be very useful when you're looking for security weaknesses, as a TCP/IP port that's open to traffic represents an unnecessary security risk. ifconfig is a tool used on Unix, Linux, and Macintosh systems to view the configuration of network interfaces, including TCP/IP network settings. The dig command allows you to perform manual DNS lookups from a Linux or Unix system. This can be very useful when you troubleshoot name resolution issues. In addition to Linux and Unix systems, nslookup allows you to perform manual DNS lookups from a Windows system.

Your computer is sharing information with a remote computer using the TCP/IP protocol. Suddenly, the connection stops working and appears to hang. Which command can you use to check the connection? ping ipconfig netstat arp

netstat EXPLANATION Use the netstat command to check the status of a TCP connection. ping sends an ICMP echo request/reply packet to a remote host. Hosts use arp to discover a device's MAC address from its IP address. Use ipconfig to view network configuration information on Windows systems.

Which TCP/IP utility gives you the following output? netstat -r netstat -a netstat netstat -s

netstat -r EXPLANATION netstat -r shows you the computer's routing table. netstat -s displays network activity statistics for TCP, UDP, and IP. netstat -a shows detailed information for active connections. netstat shows the active connections.

Which of the following commands should you use to check the route a packet takes between a workstation and the DNS server? nslookup tracert ping dig

tracert EXPLANATION The tracert command is used to test the route between a workstation and the DNS server. Running this command shows you each stop, or hop, a packet takes to reach its destination. ping is used to test the connectivity between two devices, but it does not show the route the packet will take. dig is used to query a host. Dig does not show the route a packet will take. nslookup queries a host's IP address. It does not show the route a packet will take.

Examine the following output: Server: to.xct.mirrorxhq.netAddress: 209.53.4.130Name: westxsim.comAddress: 64.78.193.84 Which of the following utilities produced this output? netstat ipconfig nslookup tracert

nslookup EXPLANATION The output is from the nslookup command on a Windows Server system. nslookup is a tool that allows you to send manual DNS resolution requests to a DNS server. The output displays the IP address and hostname of the DNS server that performed the resolution and the IP address and hostname of the target specified for resolution. nslookup can be a useful tool when troubleshooting DNS name resolution problems. The ipconfig utility is used on a Windows system to view the TCP/IP configuration of network interfaces. netstat is used to view protocol connections that have been established by the system as well as which incoming TCP/IP ports are in use by the system. tracert is a tool used to view information on the route a packet takes as it traverses the network to a remote host.

Mary calls to tell you that she can't connect to an intranet server called WebSrv1. From her computer, you ping the server's IP address. The ping test is successful. Which tool would you use on her workstation next to troubleshoot the problem? arp tracert nslookup netstat

nslookup EXPLANATION Use nslookup to troubleshoot name resolution problems. Because the ping test was successful, you know that both the client and the server can communicate using TCP/IP with IP addresses. This tells you that the problem is related to name resolution. Use tracert to track the route that a packet takes as it crosses a network. You wouldn't typically use these commands to troubleshoot a name resolution problem, though they may be useful if you're unable to connect to the DNS server. The arp command displays a network host's MAC address. netstat is used to view protocol connections that have been established by the system as well as which incoming TCP/IP ports are in use by the system.

You are troubleshooting a network connectivity issue on a Unix system. You're able to connect to remote systems by using their IP address, but you're unable to connect using the hostname. You check the TCP/IP configuration and notice that a DNS server IP address is configured. You decide to run some manual resolution queries to ensure that the communication between the Unix system and the DNS server are working correctly. Which utilities can you use to do this? (Select two.) traceroute tracert arp nslookup dig

nslookup dig EXPLANATION The dig and nslookup commands allow you to perform manual DNS lookups from a Linux or Unix system. This can be very useful when you're troubleshooting name resolution issues. Use tracert and traceroute to track the route that a packet takes as it crosses a network. You wouldn't typically use these commands to troubleshoot a name resolution problem, though they may be useful if you're unable to connect to the DNS server. The arp command displays a network host's MAC address.

Which TCP/IP utility gives you the following output? arp -a ping ipconfig ifconfig

ping EXPLANATION The output of the ping command shows you the results of four echo request/reply contacts with a destination host. The arp -a command shows the current entries in a computer's ARP cache. Use the ifconfig command to view the TCP/IP configuration on a Linux, Unix, or Macintosh system. Keep in mind that while you can still use ifconfig, the ip command has essentially replaced ifconfig as the Linux tool for configuring network adapters. Use the ipconfig utility to view the TCP/IP configuration of a Windows Server system.

Examine the following output: Reply from 64.78.193.84: bytes=32 time=86ms TTL=115Reply from 64.78.193.84: bytes=32 time=43ms TTL=115Reply from 64.78.193.84: bytes=32 time=44ms TTL=115Reply from 64.78.193.84: bytes=32 time=47ms TTL=115Reply from 64.78.193.84: bytes=32 time=44ms TTL=115Reply from 64.78.193.84: bytes=32 time=44ms TTL=115Reply from 64.78.193.84: bytes=32 time=73ms TTL=115Reply from 64.78.193.84: bytes=32 time=46ms TTL=115 Which of the following utilities produced this output? ifconfig nslookup tracert ping

ping EXPLANATION The output shown was produced by the ping utility. Specifically, the information output was created using the ping -t command. The -t switch causes packets to be sent to the remote host continuously until you stop it manually. ping is a useful tool for testing connectivity between devices on a network. Using the -t switch with ping can be useful in determining whether the network is congested. If it is, there will be sporadic failures in the ping stream. tracert is similar to ping in that it tests connectivity between two hosts on a network. The difference is that tracert reports information on all intermediate devices between the host system and the target system. ping, on the other hand, doesn't report information on intermediate devices. nslookup is a tool provided on Linux, Unix, and Windows systems that allows manual name resolution requests to be made to a DNS server. This is useful when you troubleshoot name resolution problems. ifconfig is a tool for Unix, Linux, and Macintosh systems that's used to view the configuration of network interfaces, including TCP/IP network settings.

Which of the following utilities would you use to view the routing table? tracert mtr dig route traceroute

route EXPLANATION Use the route command to display the routing table contents and to add or remove static routes. The tracert command uses ICMP packets to test connectivity between devices and display the path between them. Responses from each hop on the route are measured three times to provide an accurate representation of how long a packet takes to reach and be returned by that host. The mtr command on Linux is a combination of the ping and traceroute commands. The dig command resolves (looks up) a hostname's IP address.

A workstation's network board is currently configured as follows: Network Speed = Auto Duplexing = Auto The workstation is experiencing poor network performance, and you suspect that the network board is incorrectly detecting the network speed and duplex settings. Upon investigation, you find that it's running at 10 Mbps half-duplex. You know that your network switch is capable of much faster throughput. To fix this issue, you decide to manually configure these settings on the workstation. Before you do so, you need to verify the switch port configuration for the connected workstation. Given that it's a Cisco switch, which commands can you use on the switch to show a list of all switch ports and their current settings? (Select two.) show interface capabilities show interface switchport show running-config interface show interface show interface ethernet counters

show running-config interface show interface EXPLANATION To view the speed and duplex settings of interfaces on a Cisco switch, you can use one of the following commands: show running-config interface (displays concise summary information) show interface (displays extended information) The show interface capabilities command displays information about interface capabilities, not the current switch configuration. The show interface ethernet counters command displays interface statistics. The show interface switchport command displays VLAN information regarding switch interfaces.

How many network interfaces does a dual-homed gateway typically have? two one three four

three EXPLANATION A dual-homed gateway is a firewall device that typically has three network interfaces. One is connected to the internet, one is connected to the public subnet, and one is connected to the private network.

While working on a Linux server, you're unable to connect to your Windows Server system across the internet. You're able to ping the default gateway on your own network, so you suspect that the problem lies outside of the local network. Which utility would you use to track the route a packet takes as it crosses the network? ifconfig traceroute tracert ipconfig

traceroute EXPLANATION traceroute is a Linux utility that allows you to track a packet's route as it traverses the network. The traceroute utility is used on Linux systems, while tracert is used on Windows systems. ipconfig and ifconfig are utilities used to obtain TCP/IP configuration on Windows and Linux systems, respectively.