CompTIA Network+ Final Assessment #1

A company is deploying a new Gigabit Ethernet solution. The company has a maximum distance requirement of 250 feet and has Category 6 (Cat 6) cable available. Recommend the best specification for the company. A. 1000BASE-T B. 1000BASE-SX C. 10GBASE-T D. 10GBASE-SR

A 1000BASE-T utilizes Category (Cat) 5e, Cat 6, and Cat 6A cable and has a maximum distance of 328 feet. This will meet all of the company's needs and will allow for use of the cable available. 1000BASE-SX utilizes Multi-Mode Fiber (MMF) and has a maximum distance of 721 feet. The company would not be able to utilize the existing cable. 10GBASE-T is a 10-Gigabit Ethernet (10GbE) solution that can utilize Cat 6, Cat 6A or Cat 7. The Cat 6 maximum distance is 180 feet which is under the requirement for the company. 10GBASE-SR is a 10GbE solution that utilizes Multi-Mode Fiber (MMF). This solution is expensive and does not allow the company to utilize the existing cable.

A technician discovers a Virtual Local Area Network (VLAN) mismatch error. Analyze VLAN characteristics and determine what is the cause of the error. A. The native Virtual Identification (VID) is set differently at either end of the trunk line. B. An untagged port is operating as a trunk. C. The native VLAN is set with the same Virtual Identification (VID) as the default VLAN. D. A frame with a tag is addressed to a port in the same VLAN.

A A Virtual Local Area Network (VLAN) mismatch error occurs when the native Virtual Identification (VID) is set differently at either end of a trunk link. Tagged ports will normally be one that is operating as a trunk, meaning that it is capable of transporting traffic addressed to multiple VLANs. An untagged port will not cause the error. The native VLAN is initially set with the same VID as the default VLAN (VID 1). This should be changed to make the native VID any suitable ID. This will not cause the error. If a frame is addressed to a port in the same VLAN on the same switch, no tag needs to be added. This will not cause the error.

A system sends a message that the system has matched a pattern that should be recorded. Evaluate event management in the logging system and determine what the system is providing. A. Notification B. Alert C. Heartbeat D. Threshold

A A notification is the message that a system sends to report the occurrence of an alert. A high priority alert may be displayed in the system dashboard. An alert means that the system has matched a pattern or filter that should be recorded and highlighted. Alerts can be generated by set thresholds. Most network monitors support heartbeat tests so that administrators can receive an alert if a device or server stops responding to probes. Alerts can be generated by setting thresholds for performance counters. Examples include packet loss, link bandwidth drops, and delay or jitter in real-time applications.

In an active directory environment, all resources on server-based systems use what to control access to the resource? A. Access Control List (ACL) B. Access key C. Group membership D. Permission

A All resources on server-based systems have an Access Control List (ACL) that is used to control access to the resource. When logging on to the network, the user must supply logon credentials. The credentials are compared with the security database and the server security service generates an access key for a user after the user is authenticated. The access key that is generated for the user contains the username and group memberships of the authenticated user. Access lists contain entries for all usernames and groups that have permission to use the resource. Permissions are security settings that control access to objects including file system items and network resources.

Which crosstalk measurement is equivalent to a signal-to-noise ratio (SNR)? A. Attenuation to Crosstalk Ratio (ACR) B. Far End (FEXT) C. Power Sum D. Near End (NEXT)

A Attenuation to Crosstalk Ratio (ACR) is equivalent to a signal-to-noise ratio (SNR). A high value means that the signal is stronger than any noise present; a result closer to 0 means the link is likely to be subject to high error rates. Far End (FEXT) crosstalk is measured at the recipient end. Power sum crosstalk calculations confirm that a cable is suitable for the type of application being utilized. This is measured by energizing three of the four pairs in turn. Near End (NEXT) crosstalk occurs close to the transmitter and is usually caused by excessive untwisting of pairs.

A technician needs to test a cable installation to verify that it is Electronic Industries Alliance (EIA)/Telecommunication Industries Association (TIA) Category 5e compliant. What tool can the technician use to verify the installation? A. Certifier B. Loopback adapter C. Cable tester D. Multimeter

A Certifiers can be used to test and certify cable installations to a performance category. A certifier will use defined transport performance specifications to ensure an installation exceeds the required performance characteristics for parameters such as attenuation and crosstalk. A loopback adapter will test for faulty ports and network cards. A packet sent by a Network Interface Card (NIC) will be received by itself. A cable tester will provide detailed information on the physical and electrical properties of a cable. They test and report on cable conditions, crosstalk, attenuation, and other characteristics of a cable run. A multimeter can be used to check physical connectivity.

A network administrator is noticing latency and jitter due to insufficient bandwidth. The administrator uses router policies to prioritize packets by classification for delivery. What framework is the administrator utilizing? A. Differentiated Services (DiffServ) B. Institute of Electrical and Electronic Engineers (IEEE) 802.1p C. Behavior Aggregates D. Control Plane

A Differentiated Services (DiffServ) framework classifies each packet passing through a device and router policies can then be defined to use the packet classification to prioritize delivery. Institute of Electrical and Electronic Engineers (IEEE) 802.1p can be used at Layer 2, independently or in conjunction with DiffServ, to classify and prioritize traffic passing over a switch or wireless access point. Behavior Aggregates are packets with the same DiffServ Code Point (DSCP) and destination. The control plane is a network function that makes decisions about how traffic would be prioritized and where it will be switched.

A technician is installing a horizontal cabling system that is compliant with Electronic Industries Association (EIA) 568. Evaluate the EIA 568 subsystems within a structured cabling system to determine what this system will connect. A. Will connect user work areas to the distribution frame B. Will connect secondary cross-connects to the main cross-connect C. Will connect to the access provider's network for inter-building communications D. Will connect clients to the network via a wall port

A Horizontal cabling connects user work areas to the nearest horizontal cross-connect. A horizontal cross-connect is also called a distribution frame. This is wired in a star topology. Backbone cabling connects horizontal cross-connects to the main cross-connect. These can also be described as vertical cross-connects because backbone cabling is more likely to run up and down between floors. This is wired in a star topology. The demarcation point is where the access provider's network terminates and the organizations network begins. The work area is the space where user equipment is located and connected to the network, usually via a wall port.

What action will a bridge take during transmission, if no record of the hardware address exists? A. The bridge will flood the frame to all segments except for the source segment. B. The bridge will listen to all traffic on all attached segments. C. The bridge will read the destination address in the frame and determine the port to which the network card attaches. D. The bridge will locate the hardware address in its port and forwards the transmission out of port 2 only.

A If no record of the hardware address exists or the frame is a broadcast or multicast, then the bridge floods the frame to all segments, except for the source segment. The bridge always listens to traffic for all segments, without regard to the hardware address record. A function of a bridge is to read destination addresses and performs this function with each transmission, not only those without a record of the hardware address. A bridge locates hardware addresses for all transmissions, not just those without a record of the hardware address.

What is connection-oriented and establishes a specific path for all packets to follow? A. Virtual circuit B. Point-to-point C. Hub and spoke D. Partial mesh

A Modern Wide Area Networks (WANs) make use of technology to combine the advantages of circuit and packet switching. Virtual circuit packet switching establishes a specific path for all packets to follow. This is known as a logical connection or a virtual circuit. Point-to-point is a single link to connect two sites. Hub and spoke topology functions like a star topology, where all communications are channeled via the hub network (each suite has one link to the hub). Partial mesh topology provides each site with a link to some of the other sites. Full mesh provides each site a link to every other site.

A host utilizing Internet Protocol version 6 (IPv6) has a Media Access Control (MAC) address of 00583b548aba. Use the interface identifier method to create the host's Interface ID. A. 0258.3bff.fe54.8aba B. 0058.3bff.fe54.8aba C. 0258.3bff.ff54.8aba D. 0258.3bff.ee54.8aba

A One method of determining the Interface ID is using the interface identifier method. A Media Access Control (MAC) address is 48 bits (6 bytes) and must be modified for a 64-bit Interface ID. The digits fffe are added in the middle of the address and the Universally or Locally (U/L) bit is flipped. The Interface ID in this scenario is 0258.3bff.fe54.8aba. The Interface ID 0058.3bff.fe54.8aba is not correct as the U/L bit was not flipped. The Interface ID 0258.3bff.ff54.8aba is not correct. The addition of ffff in the middle should have been fffe. The Interface ID 0258.3bff.ee54.8aba is not correct. The addition of ffee in the middle should have been fffe.

A managed router has an interface that is designed to connect to a modem and to provide remote access over a dial-up link. What type of interface provides this function? A. Auxiliary (AUX) B. Console C. Management D. Virtual Terminal

A The Auxarilly (AUX) port is designed to connect to a modem and provide remote access over a dial-up link. The console port requires connecting a terminal (a laptop, for instance) to the device via a separate physical interface, using a special console cable. The management port is a means of configuring a virtual network interface and Internet Protocol (IP) address on the device to use for management functions and connecting to it via one of the normal Ethernet ports. A network manager can use Telnet (unsecure) or Secure Shell (secure) to connect to a Command Line Interface (CLI) remotely over the management interface. This is referred to as a virtual terminal.

A host pings the website mywebsite.com. A firewall chain verifies what the rules are regarding the ping command and the website. What Linux chain is performing this action? A. OUTPUT B. INPUT C. FORWARD D. IPTABLES

A The OUTPUT chain is used for outgoing connections. One example is if a user tries to ping a website, such as mywebsite.com. The utility iptables will check its output chain to see what the rules are regarding ping and mywebsite.com. The INPUT chain is used for incoming connections. An example is a user attempts to Secure Shell (SSH) into the Linux server, iptables will attempt to match the Internet Protocol (IP) address and port to a rule in the input chain. The FORWARD chain is used for connections that are passing through the server, rather than being delivered locally. The command line utility iptables allows administrators to edit the rules enforced by the Linux kernel firewall.

A technician who does not have privileged access to the network driver is using Nmap port scanning. The technician needs to run a port discovery scan against an active Internet Protocol (IP) address. Recommend the type of scan the technician should use. A. -sT B. -sS C. -sU D. -p

A The Transmission Control Protocol (TCP) connect (-sT) results in Nmap using the Operating System (OS) to attempt a full TCP connection. This is used if privileged access is not available. The TCP Synchronize (SYN) (-sS) is a fast technique referred to as half-open scanning. The user must have privileged access to the network driver so that it can craft packets. The User Datagram Protocol (UDP) scans (-sU) scans UDP ports. Nmap waits for a response or timeout to determine the port state so UDP scanning can take a long time. The port range (-p) scan specifies a port range. Nmap scans 1,000 commonly used ports by default.

Evaluate the functions of the Transport layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack and determine which statement accurately depicts the Transport layer's role. A. The Transport layer establishes connections between the different applications that the source and destination hosts use to communicate. B. The Transport layer is where many of the high level protocols can be run, such as File Transfer Protocol (FTP). C. The Transport layer defines the host's connection to the network media and includes the hardware and software involved in the interchange of frames between hosts. D. The Transport layer provides addressing and routing functions along with the ability to fragment large frames from the Network Interface layer into smaller packets.

A The Transport layer establishes connections between the different applications that the source and destination hosts are communicating with. It breaks Application-layer information into segments. The Application layer is the layer at which many Transmission Control Protocol/Internet Protocol (TCP/IP) services (high level protocols) can be run, such as File Transfer Protocol (FTP). The Link layer defines the host's connection to the network media and includes the hardware and software involved in the interchange of frames between hosts. The Internet layer provides addressing and routing functions. It also provides the ability to fragment large frames from the Network layer into smaller packets.

A company owner requests the network manager to configure clients with a Domain Name System (DNS) resolver. The owner would like for the DNS configuration to block domains known to host malicious content and provide a filtered service. Which of the following DNS resolvers will provide the options requested? A. 149.112.112.112 B. 9.9.9.10 C. 149.112.112.10 D. 8.8.4.4

A The best solution is to use Quad9 which is sponsored by IBM. Quad9 has a special focus on blocking domains known to host malicious content. The filtered service is provided on 149.112.112.112 or 9.9.9.9. Quad9 also offers a non-secured service. This service can be obtained by using 9.9.9.10. The non-secured service provided by Quad9 can also be obtained by using 149.112.112.10. Google provides public Domain Name System (DNS) servers that are widely used. One of these servers is 8.8.4.4 and the other is 8.8.8.8. These servers do not provide the special focus on blocking domains known to host malicious content and also do not provide a filtered service.

An administrator enters the command tracert -h 6 www.mywebsite.com. What is the administrator's goal? A. To view the route taken from the host to the website with a maximum of 6 hops B. To view the route taken from the host to the website over Internet Protocol version 6 (IPv6) C. To view the route taken from the host to the website with a timeout of 6 milliseconds D. To view the route taken from the host to the website using 6 specified routers

A The command tracert -h 6 www.mywebsite.com will provide the administrator with the route taken from the host to the website with a maximum of 6 hops. The default number of hops is 30 if not specified. If the administrator would like to view the route taken using Internet Protocol version 6 (IPv6), the proper command would be tracert -6 www.mywebsite.com. To view the route taken with a maximum timeout of 6 milliseconds, the proper command would be tracert -w 6 www.mywebsite.com. The default value is 4000. The administrator can specify preferred routers (loose source routing) by using the switch -j.

Which of the following strings is a valid subnet mask? A. 11111111 11111100 00000000 00000000 B. 11111111 11000000 11111100 00000000 C. 11110000 10000000 00000000 00000000 D. 11111111 00000000 11111111 00000000

A The string 11111111 11111100 00000000 00000000 is a valid subnet mask. All of the ones are contiguous. The decimal equivalent is 255.252.0.0 and is acceptable. The string 11111111 11000000 11111100 00000000 is not a valid subnet mask. The ones are not contiguous. The second octet contains 0s and the third octet contains 1s. The decimal equivalent would be 255.192.252.0. The string 11110000 10000000 00000000 00000000 is not a valid subnet mask. The ones are not contiguous. The decimal equivalent would be 240.128.0.0. The string 11111111 00000000 11111111 00000000 is not a valid subnet mask. The ones are not contiguous. The decimal equivalent would be 255.0.255.0.

For "something you have" authentication, which of the following are possible options to use? (Select two) A. One-time password B. Digital certificate C. Fingerprint D. IP address

A and B "Something you have" authentication can use various items to authenticate, depending on the requirements of the network. One example of something you have is a One-Time Password (OTP). An OTP is generated by a hardware token. A digital certificate is another example of "something you have" authentication. Smart cards, tokens, and key fobs may contain a chip with the authentication data on a digital certificate. A fingerprint is used for "something you are" authentication. It means employing a biometric recognition system. An Internet Protocol (IP) address can be used for "somewhere you are" authentication. An IP address can show a user in a different location than expected, which can result in denial of authentication.

Identify features of an Asymmetrical Digital Subscriber Line (ADSL). (Select two) A. Primarily for residential customers B. Provides a fast downlink but a slow uplink bandwidth C. Primarily for business customers D. Provides the same downlink and uplink bandwidth

A and B Asymmetrical Digital Subscriber Lines (ADSLs) are a consumer version of DSL. Service providers may impose usage restrictions to limit the amount of data downloaded per month. ADSL provides a fast downlink but a slow uplink. There are various iterations of ADSL, with the latest (ADSL2+) offering downlink rates up to 24 Megabits per second (Mbps) and uplink rates up to 1 Mbps. Symmetrical DSL (SDSL) tends to be provided as a business package, rather than to residential customers. There are various types of SDSL services offered. SDSL provides the same downlink and uplink bandwidth.

Identify the benefits of Variable Length Subnet Masks (VLSMs). (Select two) A. Allow administrators to predict the need for future subnets and hosts B. Reduce the number of wasted Internet Protocol (IP) addresses C. Allow for consistent length netmasks to be used within the same network D. Allow allocation of subnetted ranges that are the same size throughout the network

A and B One benefit of Variable Length Subnet Masks (VLSMs) is that they allow a network designer to allocate ranges of Internet Protocol (IP) addresses to subnets that match the predicted need for the number of subnets and hosts. The use of VLSMs reduces the number of wasted IP addresses and additional routing interfaces that must be installed to connect several smaller subnets together. VLSMs allow different length netmasks to be used within the same IP network, allowing more flexibility in the design process. VLSMs do not allocate subnetted ranges of addresses that are the same size and use the same subnet mask throughout the network. Different netmasks produce different size IP ranges.

Analyze the process of decapsulation and select the options that accurately depict the process. (Select two) A. The receiving node performs decapsulation. B. The process extracts application data for processing by a software program. C. The sending nodes perform decapsulation. D. Some layers add a header to the data payload as the message travels from one node to another.

A and B The receiving nodes performs decapsulation. Decapsulation extracts application data for processing by a software program. The receiving nodes receives the stream of bits arriving at the Physical layer and decodes an Ethernet frame. It extracts the Internet Protocol (IP) packet from this frame and resolves the information in the header. The sending node performs encapsulation on a Protocol Data Unit (PDU). Encapsulation involves each layer adding a header to the data payload as the message is sent from one node to another. When a message is sent, it travels down the stack of layers on the sending node, reaches the receiving node using the transmission media, and then passes up the stack on that node.

What are the characteristics of an incremental backup? (Select two) A. It will include new files and files modified since the last backup. B. It will include all data modified since the last full backup. C. The archive attribute will be cleared. D. The archive attribute will not be cleared.

A and C An incremental backup will include new files and files modified since the last backup. The backup will have a low backup time and a high restore time. Incremental backups save time during backups but can be more time-consuming when the system must be restored. An incremental backup will clear the archive attribute. The archive attribute is set when a file is modified and allows backup software to determine which files have been changed. A differential backup will include all data modified since the last full backup. The backup and restore time will be moderate. The archive attribute is not cleared during a differential backup.

Differentiate between routers and switches. (Select two). A. Routers make forwarding decisions on layer 3 addresses while switches make forwarding decisions based on layer 2 addresses. B. Routers and switches both use Internet Protocol (IP) addresses to make forwarding decisions. C. Routers are designed to interconnect networks while switches are limited to hosts within the same broadcast domain. D. Routers flood broadcast traffic while switches do not typically forward broadcast traffic.

A and C Routers make forwarding decisions based on layer 3 network addresses. Switches make forwarding decision based on layer 2 Media Access Control (MAC) addresses. Routers are designed to interconnect networks and support connectivity to distant networks. Switches are limited to hosts within the same broadcast domain (link-local). Routers use Internet Protocol (IP) addresses while switches use MAC addresses for forwarding decisions. Routers may also be able to utilize other types of layer 3 protocol addresses. Routers do not typically forward broadcast traffic, though this can be overridden by configuring router settings. Switches flood broadcast traffic.

A network manager is implementing new Virtual Local Area Networks (VLANs) within a physical network. Recommend guidelines that the network manager can follow while configuring the network. (Select two) A. Design subnets for each VLAN and design a VLAN numbering system. B. Assign a unique native Virtual Identification (VID) on each trunk port. C. Map the logical topology to the physical switch topology. D. The maximum number of hosts in a single VLAN (/24 subnet) does not exceed 200.

A and C The network manager will need to design subnets for each Virtual Local Area Network (VLAN) and design a VLAN numbering system. VLAN 1 should not be used. The logical topology will be mapped to the physical switch topology and the trunk links identified. The interfaces that will participate in the trunk links will be tagged with the VLANs they are permitted to carry. The same (versus unique) native Virtual Identification (VID) will be assigned on each trunk port. The network manager will aim for no more than 250 hosts in a single VLAN (/24 subnet).

A network manager is establishing policies for a new Remote Access Server (RAS). Recommend policies that the manager should implement. (Select two) A. Restrict access to current employees only. B. Restrict employee access to defined times of day and days of the week. C. Allow employees privileges to the entire network. D. Allow logging and audit logons and attempted logons.

A and D Access to a remote access server should be limited to those who are active employees, that need access to the system. Logging and auditing access logins and attempted logins will allow the administrator to identify misuse and possible attempted attacks. Employees privileges and access should be limited to what they need to do their job and not have access to the entire network. While restricting access based on a set schedule may be valuable in some organizations, it is not a common practice. Limiting hours may also prevent last-second work that could be of importance to a company (such as an emergency).

Explain vulnerabilities a network manager should be aware of within a signature detection solution. (Select two) A. The protection is only as good as the last signature update. B. It is easy to configure pattern matching. C. It generates more false negatives than false positives. D. It is ineffective at detecting previously unknown threats.

A and D One of the principle vulnerabilities of signature detection is that the protection is only as good as the last signature update. Another principle vulnerability is that no protection is provided against threats that cannot be matched in the pattern database, making it ineffective at detecting previously unknown threats. It is not easy, but rather difficult, to configure pattern matching that can detect attacks based on a complex series of communications. Profile-based detection is usually harder to set up and generates more false positives than false negatives than 1:1 pattern matching.

A network technician using the Computer Technology Industry Association (CompTIA) Network+ troubleshooting methodology is in the fourth step of troubleshooting. Consider the steps of this troubleshooting methodology and determine what three options the technician may take. (Select three) A. Repair B. Escalate C. Replace D. Ignore

A, C, and D The fourth step in the CompTIA troubleshooting methodology is to establish a plan of action. One of the options in this step is to repair the hardware or software that is creating the issue. Another option in this step is to replace the hardware or software. This is often more expensive and may be time-consuming. The final option in this step is to ignore the issue. Not all problems are critical, and if neither repair or replace is cost-effective, it may be best either to find a workaround or document the issue. Escalation commonly occurs at the third step in the troubleshooting methodology. If escalation occurs at the third step, the technician will not perform the fourth step.

A system administrator enters the command ping 127.0.0.1. What will the system administrator be able to verify from the results? A. The Internet Protocol (IP) of a workstation is added correctly and the network adapter is functioning B. The Transmission Control Protocol/Internet Protocol (TCP/IP) is installed and loaded correctly C. The default gateway is up and running and that it can communicate with a host on the local network D. The workstation can communicate with a remote host through a router

B 127.0.0.1 is the loopback address used to verify that the Transmission Control Protocol/Internet Protocol (TCP/IP) is installed and loaded correctly. The loopback address is a reserved Internet Protocol (IP) address used for testing purposes. The ping command followed by the IP address of the workstation will verify that the IP address is added correctly and to verify that the network adapter is functioning properly. The ping command followed by the IP address of the default gateway will verify it is up and running and that the workstation can communicate with a host on the local network. The ping command followed by the IP address of a remote host will verify communications through a router.

A network manager installs a passive sensor on the network that logs intrusion incidents. The tool does not have an Internet Protocol (IP) address and is undetectable by attackers. Evaluate the types of Intrusion Detection Systems (IDSs) and Intrusion Protection Systems (IPSs) to determine which is performing this function. A. Network-Based Intrusion Prevention Systems (NIPS) B. Network-Based Intrusion Detection System (NIDS) C. Host-Based Intrusion Prevention System (HIPS) D. Host-Based Intrusion Detection System (HIDS)

B A Network-Based Intrusion Detection System (NIDS) is a packet sniffer (referred to as a sensor) with an analysis engine to identify malicious traffic and a console to allow configuration of the system. NIDS provides passive detection and does not have an Internet Protocol (IP) address which makes it undetectable by attackers. A Network-Based Intrusion Prevention System (NIPS) provides active responses to any network threats that it matches. A Host-Based Intrusion Prevention System (HIPS) provides an active response that can act to preserve the system in its intended state. A Host-Based Intrusion Detection System (HIDS) captures information from a single host.

A network administrator has implemented a Spanning Tree Protocol (STP) to prevent Layer 2 loops. The administrator notices a reduction in performance after the deployment. What is likely the cause? A. The root switch is a part of the core switch group. B. The root switch is on a low-bandwidth segment. C. The network is converged. D. The network is not converged.

B A Spanning Tree Protocol (STP) should not be configured with a root switch on a low-bandwidth segment. Performance will suffer and is likely the cause of the administrator's reduction in performance. The STP should have a root switch that is part of a high-bandwidth backbone or in a core switch group. When all ports on all bridges are in forwarding or blocking states the network is converged. This is necessary for communications to take place. When the network is not converged communications cannot take place. This would stop communications versus reducing performance.

A technician is installing a fiber optic connection. The technician is using a bayonet-style connector that uses a push and twist locking mechanism. Evaluate the types of fiber optic connectors to determine which the technician is using. A. Subscriber Connector (SC) B. Straight Tip (ST) Connector C. Lucent Connector (LC) D. Mechanical Transfer Registered Jack (MTRJ)

B A Straight Tip (ST) connector is an early bayonet-style connector that uses a push and twist locking mechanism. A Subscriber Connector (SC) is a push/pull design, allowing for simple insertion and removal. It can be used for single or multimode. A Lucent Connector (LC) is a small form factor connector with a tabbed push/pull design. LC is similar to SC, but the smaller size allows for higher port density. A Mechanical Transfer Registered Jack (MTRJ) is a small form factor duplex connector with a snap-in design used for multimode networks.

A system administrator downloads an executable file to a Windows machine. The file is located at C:\Users\Admin\Desktop\Test. The administrator needs to perform a file integrity check using the Message-Digest 5 (MD5) algorithm. What command will the administrator use to perform this action? A. certutil -checksum C:\Users\Admin\Desktop\Test MD5 B. certutil -hashfile C:\Users\Admin\Desktop\Test MD5 C. certutil -hashfile MD5 C:\Users\Admin\Desktop\Test D. certutil -checksum MD5 C:\Users\Admin\Desktop\Test

B A file integrity check can be performed using the certutil utility, which will produce a checksum. The correct syntax is certutil -hashfile File Algorithm. "File" is replaced with the file and its location, and "Algorithm" is replaced with the algorithm desired. The proper command for this scenario is certutil -hashfile C:\Users\Admin\Desktop\Test MD5. The certutil utility does not include a -checksum option. The -hashfile option is used in its place. The preferred algorithm to use (e.g. MD5, SHA256) is placed at the end of the command string and not before the file location. The file name along with its path are never placed at the end of the command string. Any mistake in its syntax will produce an error.

A technician is building a new patch cable. What tool will the technician use to attach a connector to the cable? A. Snip B. Cable crimper C. Wire stripper D. Punch down

B A patch cable is created using a cable crimper. This tool fixes a jack to a cable. The tools are specific to the type of connector and cable, though some may have modular dies to support a range of Regional Jacks (RJs). Electrician scissors (snips) are designed for cutting copper wire along with stripping insulation and cable jackets. Wire strippers are tools that have replaceable blades for different data cable types. Wire strippers are an alternative to snips. A punch down tool is used to terminate fixed cables. These tools fix conductors to an Insulation Displacement Connector (IDC) such as a 110 block, for example.

A network is designed so that each node competes with the other connected nodes for use of the transmission media. Analyze the characteristics of transmission media and the associated protocols. Which type of system did the network use? A. Deterministic B. Contention-based C. Carrier Sense Multiple Access D. Media Access Control

B Contention-based Media Access Control (MAC) systems are designed so that each network node within the same collision domain competes with the other connected nodes for use of the transmission media. Deterministic media access has a central device that specifies when and for how long each node can transmit. This is beneficial when network access is time critical. Carrier Sense Multiple Access (CSMA) are the Ethernet protocols governing contention and media access. Media Access Control (MAC) refers to the methods a network technology uses to determine when nodes can communicate on the media.

A company's Change Advisory Board (CAB) has approved a modification to the network. The modification will result in significant changes to the configuration. What plan should the company's network manager have in place to mitigate unforeseen issues? A. Reactive B. Rollback C. Proactive D. Request for Change (RFC)

B Every change should be accompanied by a rollback (or remediation) plan. This will reverse the change if it has harmful or unforeseen consequences. Change is sometimes considered reactive. Reactive change is where the change is forced on the organization. Change that is called proactive is where the need for change is initiated internally. Changes can also be categorized according to their potential impact and level of risk. A Request for Change (RFC) is a document used in a formal change management process. The need or reasons for change and the procedure for implementing the change is captured in this document.

Which of the following technologies were deployed during the transition from 3rd Generation (3G) to 4th Generation (4G) wireless devices? A. General Packet Radio/Enhanced Data Rates for GSM Evolution (GPRS/EDGE) B. Evolved High Speed Packet Access (HSPA+) C. Long Term Evolution (LTE) D. Evolution Data Optimized (EV-DO)

B Evolved High Speed Packet Access (HSPA+) is a 3G standard developed via several iterations from the Universal Mobile Telecommunications System (UMTS). General Packet Radio Services/Enhanced Data Rates for GSM Evolution (GPRS/EDGE) is a precursor to 3rd Generation (3G) devices. Long Term Evolution (LTE) is a converged 4th Generation (4G) standard supported by both the Global System for Mobile Communication (GSM) and Code Division Multiple Access (CDMA) providers. LTE has a maximum downlink of 150 Megabits per second (Mbps) in theory, but no provider networks can deliver this speed. CDMA2000/Evolution Data Optimized (EV-DO) are the main 3G standards deployed by CDMA network providers.

An attacker successfully accessed information about a network's configurations and security systems. What type of information gathering process did the attacker use? A. Social engineering B. Footprinting C. Eavesdropping D. Port scanning

B Footprinting is a process of information gathering in which the attacker attempts to learn about the configuration of the network and security systems. Social engineering is the act of persuading users to give information or locating information. Social engineering can be used for footprinting. Eavesdropping, also called sniffing, refers to capturing and reading data packets as they move over the network. Eavesdropping can be used for footprinting. Port scanning specifically aims to enumerate the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) application ports that are open on a host. Port scanning is also used for footprinting.

A company implements a patch management policy of only applying patches that solve current issues. What is a valid justification for this policy? A. The company does not have enough personnel available to apply all patches. B. An update that fixes a vulnerability could cause software compatibility issues. C. The administrator will not be required to keep up to date with security bulletins. D. This policy provides the best protection against attacks and against flaws in software.

B It is well recognized that updates, particularly service releases, can cause problems. These problems are often with software application compatibility. It takes a considerable amount of work to only apply patches that solve a particular problem. The administrator will need to keep up to date with security bulletins, version changes, and updates released by the developer or manufacturer. A patch management approach that only applies patches that fix an issue requires administrators to keep up to date with security bulletins, version changes, and updates released by the developer or manufacturer. Applying all of the latest patches ensures the system is as secure as possible, in terms of software vulnerabilities.

What is a purpose of network segmentation? A. Prevents attacks by deploying additional access controls B. Mitigates attacks by restricting the network to a smaller group of hosts C. Allows internal connectivity while limiting external connectivity D. Provides separate physical networks that mitigate attacks

B Network segmentation is one technique used to mitigate network attacks. Segmentation can mitigate an attack by restricting it to a smaller group of network hosts. Network segmentation does not prevent attacks by deploying additional access controls. Access controls are what is used to enforce network segmentation. When a host is assigned to a Virtual Local Area Network (VLAN), the switch restricts it to communications designed for that VLAN. To communicate outside of the VLAN the host uses a router. This is not the purpose of segmentation. Segmentation provides separate logical networks within the same physical network.

A company network employs an authentication architecture that authenticates administrative access to routers and switches and uses the reliable delivery of the Transmission Control Protocol (TCP) over port 49. Analyze types of authentication architecture to determine which of the following the company uses. A. Remote Authentication Dial-in User Service (RADIUS) B. Terminal Access Controller Access Control System (TACACS+) C. Authentication, Authorization, and Accounting (AAA) D. Lightweight Directory Access Protocol (LDAP)

B Terminal Access Controller Access Control System (TACACS+) is often used in authenticating administrative access to routers and switches and uses Transmission Control Protocol (TCP) over port 49. Remote Authentication Dial-in User Service (RADIUS) is one way of implementing an AAA server. RADIUS servers typically use User Datagram Protocol (UDP) over ports 1812 and 1813. Authentication, Authorization, and Accounting (AAA) is an authentication architecture that was developed to mediate authentication operations between devices. RADIUS and TACACS+ are two ways of implementing an AAA server. Lightweight Directory Access Control Protocol (LDAP) is used for most directory service implementations. LDAP is not a directory standard, but a protocol used to query and update a X.500 directory.

A Simple Network Management Protocol (SNMP) monitor uses the Get command. What is the purpose of this command? A. To inform the monitor of a notable event B. To query the agent for a single Object Identifier (OID) C. To walk a Management Information Base (MIB) subtree D. To discover the complete layout of a Management Information Base (MIB) subtree

B The Get command is used to query the agent for a single Object Identifier (OID). This command is used by the Simple Network Management Protocol (SNMP) monitor to perform regular polling. The Trap command is used to inform the monitor of a notable event. The threshold for triggering traps can be set for each value. A Management Information Base (MIB) subtree can be walked by a SNMP monitor by using multiple Get and Get Next commands. When a SNMP monitor walks a MIB subtree, the complete layout of the MIB is discovered.

A network administrator is using a routing protocol that uses the User Datagram Protocol (UDP) port 520 for routers to exchange messages. Which routing protocol did the administrator deploy? A. Enhanced Interior Gateway Routing Protocol (EIGRP) B. Routing Information Protocol (RIP) C. Open Shortest Path First (OSPF) Protocol D. Border Gateway Protocol (BGP)

B The Routing Information Protocol (RIP) uses the User Datagram Protocol (UDP) port 520 (the version developed for Internet Protocol version 6 uses port 521), and is a distance-vector Interior Gateway (IGP). The maximum hop count is 15, which limits the size of a RIP network. The Enhanced Interior Gateway Routing Protocol (EIGRP) uses Native Internet Protocol (IP) 88, and is a hybrid distance-vector IGP. The Open Shortest Path First (OSPF) uses Native IP 89, and is a link-state IGP. The Border Gateway Protocol (BGP) uses Transmission Control Protocol (TCP) port 179, and is a hybrid distance-vector Exterior Gateway Protocol (EGP).

Which field in the User Datagram Protocol (UDP) verifies the datagram? A. Source port B. Checksum C. Destination port D. Message length

B The User Datagram Protocol (UDP) works at the Transport layer but is a connectionless, non-guaranteed method of communication. The structure of a UDP datagram includes four fields and the header is 8 bytes. The checksum field in the UDP verifies the datagram. This field is 2 bytes. The source port field provides the UDP port of the sending host. This field is 2 bytes. The destination port provides the UDP port of the destination host. This field is 2 bytes. The message length field provides the size, in bytes, of the UDP message. This field is 2 bytes.

Host A sends a message to Host B. The routing table uses 0.0.0.0/0 to route the packet. What is the scenario simulating? A. Remote network routes B. Default routes C. Direct network routes D. Host routes

B The default route is used when a better network or host route is not found. The address of the default route is 0.0.0.0/0. Remote network routes are used for subnets and Internet Protocol (IP) networks that are not directly attached. In this scenario, it is unknown if the two hosts are in the same network or subnet. Direct network routes are used for subnets to which the router is directly attached. This scenario does not provide enough information to determine if the hosts are directly attached to the router. Host routes are used for routes to a specific IP address. The default address of 0.0.0.0/0 was used, which eliminates this as an option.

An employee receives a notice that a certificate is untrusted. A network manager is investigating the cause of the notice. Which of the following is the most common reason for a certificate to not be trusted? A. Time is not correctly synchronized. B. The certificate issuer is not trusted. C. The name and Uniform Resource Locator (URL) do not match. D. The certificate is not being used for its stated purpose.

B The most common reason for a certificate to not be trusted is that the certificate issuer is not trusted. If a web server receives a certificate from a Certificate Authority (CA), the CA's certificate must be stored in the browser's trusted root store. Time must be correctly synchronized between a server and client in order to be trusted. This is not the most common reason to be untrusted. If a certificate's subject name does not match the Uniform Resource Locator (URL) the certificate will not be trusted. This is not the most common reason. A certificate not being used for its stated purpose will also cause the certificate to not be trusted, but this is not the most common reason.

A network administrator enters the command tcpdump host 100.20.38.001. Consider the tcpdump switches and determine what type of information the administrator is looking to receive. A. All of the traffic host 100.20.38.001 sends B. All of the traffic host 100.20.38.001 sends and receives C. All of the traffic host 100.20.38.001 receives D. All of the traffic on the network except for traffic from host 100.20.38.001

B The tcpdump utility is a command-line packet capture utility. The command tcpdump host 100.20.38.001 will filter the information to only the traffic being sent and received by the specified host. If the administrator was looking for only sent traffic, the src switch would be used versus host. The tcpdump command will provide traffic that is sent and received. If the administrator wanted only traffic being received by the specified host, the dst switch would be utilized versus host. This utility returns destination parameters. The host 100.20.38.001 is not being excluded. This utility and switch are excluding all other traffic.

A network administrator is using Wireshark to reconstruct packet content for a Transmission Control Protocol (TCP) session. Which of the following is the network administrator using? A. tcpdump B. Follow TCP Stream C. Statistics D. nmap -sS

B Wireshark allows administrators to apply display filters using more powerful sets of expressions. In this scenario, the administrator will use the Follow TCP Stream context command to reconstruct the packet contents for a Transmission Control Protocol (TCP) session. Wireshark is capable of parsing the headers of hundreds of network protocols. A filter can be applied using the same expression syntax as tcpdump. The Statistics menu is used to access traffic analysis tools in Wireshark. The command nmap -sS is used within Nmap port scanning and is a half-open scan. The scanning hosts requests a connection without acknowledging the request.

Summarize the characteristics and roles of Layer 2 of the Open Systems Interconnection (OSI) model. (Select two) A. Specifies the process of transmitting and receiving signals from the network medium B. Transfers data between nodes on the same logical segment C. Bridges and switches are two devices that operate in this layer D. Repeaters and wireless access points are two devices that operate in this layer

B and C Layer 2 is the Data Link layer. This layer is responsible for transferring data between nodes on the same logical segment. Devices found at Layer 2 include bridges and switches. A bridge joins two network segments while switches are an advanced type of bridge with many ports. Layer 1, Physical layer, specifies the process of transmitting and receiving signals from the network medium. This layer also specifies physical topology and physical interface. Repeaters are found at the Physical layer and are a device that amplifies an electronic signal to extend the maximum allowable distance for a media type. Wireless access points are found at Layer 2 and allow nodes with wireless network cards to communicate.

A network manager is performing a process known as flashing the chip. Analyze patch management practices to determine characteristics of this process. (Select two) A. This process updates drivers that link the operating system to the device. B. This process updates software instructions in the flash memory. C. The software vendor supplies the setup program. D. The process is for updating endpoint systems only.

B and C Updating firmware is known as flashing the chip. Firmware is defined as software instructions that are stored in flash memory. This type of chip does not require a power supply, so the data does not have to be moved in and out of disk storage. Flashing the chip is generally accomplished via a vendor-supplied setup program. The process is for updating firmware versus drivers. Drivers are software that provides an interface between the operating system and the device. Firmware on devices such as routers and firewalls may also be flashed for new features and security updates. The process is not for only updating endpoint systems such as a workstation.

A network manager installs a circuit-level stateful inspection firewall. Explain the characteristics of the firewall. (Select two) A. The firewall will inspect and parse contents of packets at the Application layer. B. The firewall will maintain information about sessions between two hosts. C. The firewall's functionality is built into the router firmware. D. The firewall will conserve processing effort by using a state table.

B and D A circuit-level stateful inspection firewall maintains stateful information about a session established between two hosts (including malicious attempts to start a bogus session). Information about each session is stored in a dynamically updated state table. Once a connection has been allowed, the firewall allows traffic to pass unmonitored, in order to conserve processing effort. A Next Generation Firewall (NGFW) is one that can inspect and parse the contents of packets at the Application layer. A router firewall is similar to an appliance firewall with the exception that the functionality is built into the router firmware.

A network manager implements Internet Protocol Security (IPSec). The manager wants the connection to be as secure as possible. Which policies in IPSec will the manager choose to assign? (Select two) A. Authentication Header (AH) B. Encapsulation Security Payload (ESP) C. Transport mode D. Tunnel mode

B and D Encapsulation Security Payload (ESP) provides confidentiality and authentication by encrypting the packet, rather than simply calculating a Hash Message Authentication Code (HMAC). Tunnel mode encrypts the whole Internet Protocol (IP) packet and a new IP header is added. This mode is also known as router implementation. The Authentication Header (AH) protocol performs a cryptographic hash on the packet plus a shared secret key and adds this HMAC in its header as an Integrity Check Value (ICV). The payload is not encrypted so this protocol does not provide confidentiality and is consequently not often used. Transport mode does not encrypt the IP header for each packet. The payload is the only encrypted item.

A host boots up and contacts the Dynamic Host Configuration Protocol (DHCP) server. Analyze the role of the DHCP server. Which optional settings may the server provide the host? (Select two) A. Internet Protocol (IP) address B. Default gateway C. Subnet mask D. Time synchronization

B and D The Dynamic Host Configuration Protocol (DHCP) server can be configured to supply other settings, known as DHCP options. Each option is identified by a tag byte or decimal value between 0-255. One common DHCP option is the default gateway, which is the Internet Protocol (IP) address of the router. DHCP provides time synchronization that is handled by the Network Time Protocol (NTP). The DHCP server must provide an IP address to a client. This is not an optional item for the DHCP server to provide. In addition to an IP address, the DHCP server must also supply a subnet mask. This is not an optional item.

A company implements a Port-based Network Access Control (PNAC) mechanism. Evaluate the Institute of Electrical and Electronics Engineers (IEEE) 802.1X standard to determine what features the PNAC mechanism will provide. (Select two) A. The authenticating server is typically a Terminal Access Controller Access Control System (TACACS+) B. A switch or router will perform authentication of the attached device before activating a port. C. Unauthenticated hosts will always be blocked from the network. D. The switch will enable the Extensible Authentication Protocol over LAN (EAPoL).

B and D The Institute of Electrical and Electronics Engineers (IEEE) 802.1X standard defines a Port-based Network Access Control (PNAC) mechanism. PNAC means that the switch (or router) performs authentication of the attached device before activating the port. The switch, referred to as the authenticator, enables the Extensible Authentication Protocol over LAN (EAPoL) protocol only and waits for the device to supply authentication data. The authenticating server is typically a Remote Authentication Dial-in User Service (RADIUS), versus a Terminal Access Controller Access Control System (TACACS+). Unauthenticated hosts may be placed in a guest Virtual Local Area Network (VLAN) with only limited access to the rest of the network.

Host A sends a packet to Host B. A corrupted routing table causes a delay and the package begins to loop. The router discards the packet. What type of message will the Internet Control Message Protocol (ICMP) send? A. Destination unreachable B. Redirect C. Time exceeded D. Request timed out

C A "time exceeded" message displays when the Time to Live (TTL) value reaches 0. The TTL field in a packet has a maximum value of 255, and is eventually reduced to 0 if the packet is looping. A "destination unreachable" message indicates that a host cannot be contacted. This might be caused by a configuration error or by a host or router not being available. A "redirect" message is sent if there is a more efficient route. The router still delivers the original message. A "request timed out" message will display if the host is unavailable or cannot route a reply to a host.

Which of the following is an example of a hotfix? A. A collection of updates released since the last service pack B. A collection of updates that includes product improvements C. An update designed and released to certain customers D. An update that fixes a bug in a software program

C A hotfix is an update designed for and released to certain customers only, though they may be included in later service packs. This and other types of updates resolve issues that a vendor has identified in the initial release of its product, based on additional testing and customer feedback. A collection of updates released since the last service pack are called update rollups. A collection of updates that includes product improvements are service packs. The included product improvements are what differentiates a service pack from update rollups. An update fixes bugs in a software program. An update may be identified as a general update, security update, or critical update.

What type of firewall establishes Demilitarized Zone (DMZ) configurations? A. Packet filtering B. Internal C. Border D. Stateless

C Demilitarized Zone (DMZ) configurations are established by border firewalls. Border firewalls filter traffic between the trusted local network and untrusted external networks, such as the Internet. A packet filtering firewall is stateless. This means that it does not preserve information about the connection between two hosts. Internal firewalls can be placed anywhere within the network, either inline or as host firewalls, to filter traffic flows between different security zones. Packet filtering is a stateless technique because the firewall examines each packet in isolation and has no record of previous packets.

A network manager is creating a diagram of the network. What will the network manager include at the Logical layer of the schematic diagram? A. Asset identification and cable links B. Interconnections between switches and routers C. Internet Protocol (IP) addresses of router interfaces D. Configuration information and performance baselines

C Diagrams can be used to model physical and logical relationships at different levels of scale and detail. A schematic is a simplified representation of a system. The schematic will include the Internet Protocol (IP) addresses of router interfaces at the Logical layer. The Physical layer will include asset identification and cable links. Color coding can be used to represent the cable type. The Data Link layer will show the interconnections between switches and routers. The Application layer will provide server instances and ports in use. Configuration information and performance baselines also can be included at the Application layer.

Which logs in a Simple Network Management Protocol (SNMP) monitoring agent records the initial configuration? A. General B. History C. System D. Audit

C Logs are one of the most valuable sources of performance, troubleshooting, and security information. Logs can be categorized into several functions. The System logs record the initial configuration, or setup, and subsequent changes to the configuration. The General logs, also called Application logs, record system or application initiated incidents. The History logs, also called Security logs, record user activity. Audit logs are another name for the History and Security logs that record user activity. Audit logs typically associate an action with a particular user, and is one of the reasons that it is critical that users not share log-on details.

A network administrator is troubleshooting an issue with email on the network. Messages that relay between the Simple Mail Transfer Protocol (SMTP) servers and the Message Transfer Agents (MTAs) are not transmitting. Recommend the port the administrator should verify in the configuration. A. Port 587 B. Port 465 C. Port 25 D. Port 110

C Port 25 is used for message relay between Simple Mail Transfer Protocol (SMTP) servers, or Message Transfer Agents (MTAs). Port 587 is used by mail clients or Message Submission Agents (MSAs) to submit messages for delivery by an SMTP server. Port 465 is used by some providers and mail clients for message submission over implicit Transport Layer Security (TLS). Port 110 is used by the Post Office Protocol (POP). This is an early example of a mailbox protocol and can be a different service running on the same machine as the SMTP server.

What remote administration tool does not support file transfer directly but allows an administrator to use the same commands as a local user? A. Secure Shell (SSH) B. Remote Desktop Protocol (RDP) C. Telnet D. Virtual Network Computing (VNC)

C Telnet is terminal emulation software used to support a remote connection to another computer. It does not support file transfer directly. A user can connect to a remote client and use the same commands as the local user. Secure Shell (SSH) is used for remote administration and Secure File Transfer (SFTP). Remote Desktop Protocol (RDP) is Microsoft's protocol for operating remote Graphical User Interface (GUI) connections to a Windows machine. RDP can be used to publish software applications on a server, rather than installing them locally on each client. Virtual Network Computing (VNC) is a freeware product with similar functionality to RDP. VNC does not provide connection security and should only be used over a secure connection.

A network administrator applies the Bridge Protocol Data Unit (BPDU) Guard to filter Spanning Tree Protocol (STP) traffic. What is the goal of the network administrator? A. To have ports drop all Bridge Protocol Data Units (BPDUs) they receive B. To prevent other switches connected to the guarded port to become the root C. To disable ports that receive a Bridge Protocol Data Unit (BPDU) D. To prevent topology changes in the Spanning Tree Protocol (STP)

C The Bridge Protocol Data Unit (BPDU) Guard command causes a port configured with PortFast that receives a BPDU to become disabled. This helps protect against misconfiguration or a possible malicious attack. The BPDU Filter command causes the port to drop all BPDUs. This could cause traffic to loop if used improperly. The Root Guard command means that a switch will not accept attempts from switches connected to the guarded port to become the root. The BPDU Guard command will not prevent topology changes in the Spanning Tree Protocol (STP). The commands are used to filter STP traffic.

A large frame fragments into smaller packets. In evaluating the layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack, which of the following is responsible for completing this task? A. Link layer B. Transport layer C. Internet layer D. Application layer

C The Internet layer provides addressing and routing functions. It also provides the ability to fragment large frames from the Network Interface layer into smaller packets. The Link layer defines the host's connection to the network media and includes the hardware and software involved in the interchange of frames between the hosts. The Transport layer establishes connections between the different applications that the source and destination hosts are communicating with. The Application layer is where many of the Transmission Control Protocol/Internet Protocol (TCP/IP) services, such as the File Transfer Protocol (FTP), can be run.

Host A sends a file to Server B. The file transfer is complete and the connection will close. Simulate the second step in the process of closing the Transmission Control Protocol (TCP) connection. A. Host A sends a finish (FIN) segment to Server B and enters the FIN-WAIT1 state. B. Host A receives an acknowledgement (ACK) segment and enters the FIN-WAIT2 state. C. Server B sends an acknowledgement (ACK) segment and enters the CLOSE-WAIT state. D. Server B receives an acknowledgement (ACK) segment from Host A and closes the connection.

C The Transmission Control Protocol (TCP) closes a connection using a process referred to as the teardown. The second step in the process is for the server to respond with an acknowledgement (ACK) segment and enter the CLOSE-WAIT state. The first step in the process is for the client to send a finished (FIN) segment to the server and enter the FIN-WAIT1 state. This occurs when the file transfer completes. The third step is for the client to receive the ACK segment and enter the FIN-WAIT2 state. The fifth step is for the server to close the connection after it receives the ACK from the client.

Evaluate the Extensible Authentication Protocol (EAP) to determine what the authenticator component provides within the framework. A. Is typically a RADIUS or a TACACS+ server that performs the authentication. B. Uses a certificate to set up an encrypted tunnel for user authentication. C. Establishes a channel for the server to exchange credentials using the EAPoL protocol. D. Uses a PAC to set up the tunnel for user authentication.

C The authenticator component is a device that receives the authentication request. The authenticator establishes a channel for the supplicant and the authentication server to exchange credentials using the Extensible Authentication Protocol (EAP) over Local Area Network (LAN) (EAPoL) protocol. It blocks any other traffic. The authentication server is typically a Remote Authentication Dial-in User Service (RADIUS) or a Terminal Access Controller Access Control System (TACACS+) server that performs the authentication. A Protected Extensible Authentication Protocol (PEAP) uses a certificate to set up an encrypted tunnel for user authentication. Flexible Authentication via Secure Tunneling (EAP-FAST) uses a Protected Access Credential (PAC) to set up the tunnel for user authentication.

A new small company hires one technician that is responsible for designing and maintaining the network. The technician realizes a need for a Demilitarized Zone (DMZ). The primary concerns are knowledge and budget. Recommend a solution to the technician. A. Screened subnet B. Three-legged firewall C. Screened host D. Demilitarized Zone (DMZ) host

C The best solution is to deploy a screened host. Smaller networks may not have the budget or technical expertise to implement a Demilitarized Zone (DMZ). In this case, Internet access can still be implemented using a dual-homed proxy/gateway server acting as a screened host. A screened subnet requires two firewalls placed at either end of the DMZ. One restricts traffic on the external interface and the other restricts traffic on the internal interface. A three-legged firewall can establish a DMZ using a single router/firewall appliance with three network ports. A DMZ host is an Internet-facing host or zone not protected by the firewall.

Identify the default subnet mask for a Class C network. A. 255.0.0.0 B. 255.255.0.0 C. 255.255.255.0 D. 255.255.255.255

C The default subnet masks correspond to the three classes of unicast Internet Protocol (IP) addresses. The default masks comprise whole octets. The default mask for Class C networks is 255.255.255.0. The default subnet mask for a Class A network is 255.0.0.0. The default subnet mask for a Class B network is 255.255.0.0. 255.255.255.255 is a special broadcast address that is reserved for transmissions to the internal network. This broadcast address is only used internally, and is used to broadcast to the local network when the local network address is unknown.

A network is experiencing forwarding issues. A technician can ping a host's default gateway but not all of the hosts on a remote network. At what layer of the Open Systems Interconnection (OSI) model is this issue occurring? A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 4

C The issue on the network is a routing problem. Routing occurs at layer 3 (Network) of the Open Systems Interconnection (OSI) model. Devices at layer 1 (Physical) include hubs and Network Interface Cards (NICs). This is usually the first layer checked during troubleshooting. An outage could have a simple solution such as a making sure all cables are connected. Layer 2 (Data Link) contains devices such as bridges. Bridges forward packets based on the destinations Media Access Control (MAC) address. Layer 4 (Transport) transfers data to end-point systems and is also responsible for end-to-end data recovery.

Which routing algorithm metric measures transit time? A. Bandwidth B. Load C. Latency D. Reliability

C The latency metric is a delay-based metric that measures transit time. This metric is most important if the route is used to carry time sensitive data, such as voice or video. The bandwidth metric looks at the maximum achievable bandwidth on a link and does not consider the available bandwidth. This is a less efficient metric than delay-based metrics. The load metric, also called link utilization, bases routing decisions on how busy a route is. The reliability metric is an assigned value that routers can assess when determining an effective path.

A technician receives a trouble ticket for an employee workstation. The technician believes the issue may be cable related. The technician verifies that the necessary cables are plugged into the back of the workstation. What is the next step in troubleshooting? A. Verify the patch cord by swapping the cable to the wall socket. B. Verify the patch cable between the patch panel and the switch. C. Attempt to ping a known working system on the local subnet. D. Plug the problem system into a different network socket.

C The next step is to attempt to ping a known working system on the local subnet. If the system can ping another local system, the problem is not in the cabling at this device. If the system cannot ping another local system, the next step is to verify the patch cord by swapping the cable to the wall socket. If the patch cord to the wall socket is not the issue, the next step is to verify the patch cable between the patch panel and the switch. Once the patch cable between the patch panel and switch has been verified, the next step is to plug the problem system into a different network socket.

Analyze the naming convention of Ethernet media specifications. What does the second part of the convention tell the user? A. Bit rate B. Media type C. Signal mode D. Distance

C The signal mode is the second part of the three-part convention. All types of Ethernet use baseband transmissions, so the only specification for Ethernet will be xBASE-y. The bit rate is the first part of the three-part convention. This will be in megabits or gigabits per second. An example is 10BASE-y, where 10 is the bit rate or 10 Mbps. The designator for the media type is the third part of the three-part convention. An example is 10BASE-T where T identifies the use of twisted pair copper cabling. Distance is not included in the specification naming convention.

A technician is monitoring the bandwidth each protocol consumes and identifying the most active network hosts. What is the technician performing? A. Packet analysis B. Wireshark C. Traffic analysis D. Nmap

C Traffic analysis is performed to monitor statistics related to communications flows, such as bandwidth consumed by each protocol or host, identifying the most active network hosts, and monitoring link utilization and reliability. A packet analyzer works in conjunction with a packet sniffer. Both live capture and saved captures can be analyzed. The data provided in the packet analyzer is used to perform the traffic analysis. Wireshark is an open source graphical packet capture and analysis utility. This program can be used to capture the data that will be used for traffic analysis. The Network Mapper (Nmap) Security Scanner is widely used for scanning remote hosts and networks, both as an auditing and penetration testing tool.

Differentiate between the characteristics of 2.4 gigahertz (GHz) and 5 GHz frequencies in wireless technologies. (Select two) A. 2.4 GHz bands support more individual channels with less congestion. B. 2.4 GHz experiences less interference due to the amount of technologies using 5 GHz. C. 2.4 GHz is better at propagating through solid surfaces than 5 GHz. D. 2.4 GHz provides a longer range than 5 GHz.

C and D 2.4 gigahertz (GHz) is better at propagating through solid surfaces than 5 GHz. 2.4 GHz provides a longer range than 5 GHz. The reason for the longer ranges is due to the ability to better propagate through solid surfaces. 5 GHz is less effective at propagating through solid surfaces, reducing the maximum range. 2.4 GHz supports fewer individual channels than 5 GHz. 5 GHz band supports more individual channels and suffers less congestion than 2.4 GHz. 2.4 GHz has more interference than 5 GHz. Wireless technology, such as Bluetooth, uses 2.4 GHz which increases the risk of interference. 5 GHz suffers less interference, meaning it supports higher data rates at shorter ranges.

A network administrator is deploying a distributed switching solution. Recommend guidelines the network administrator should follow. (Select two) A. Disable spanning tree to prevent loops around redundant circuits B. Connect access points to access layer switches to facilitate wired networking C. Determine the bandwidth requirements within the core and distribution layer D. Enable the appropriate portfast guards on all access layer ports

C and D The administrator should determine the bandwidth requirements within the core and distribution layer (typically 10 Gigabits per second) and provision appropriate switch modules, transceivers, and cabling. The appropriate portfast guards on all access layer ports should be enabled. The spanning tree should be enabled to prevent loops around redundant circuits and ensure the selection of a root bridge within the core or distribution layer as appropriate. Disabling the spanning tree would not prevent loops. The access points should be connected to access layer switches to facilitate wireless networking versus wired networking.

A system administrator uses Information Technology Infrastructure Library (ITIL) for configuration management. What is a Configuration Item (CI) element in ITIL? A. Things, processes, or people that contribute to the delivery of an Information Technology (IT) service B. A representation of the way a network was designed C. Tools and databases that collect, store, manage, update, and present information D. An asset that requires specific management procedures prior to using it to deliver a service

D A Configuration Item (CI) is an asset that requires specific management procedures for it to be used to deliver the service. Each CI must be identified by a label. CIs are defined by their attributes, which are stored in a Configuration Management Database (CMDB). Service assets are things, processes, or people that contribute to the delivery of an Information Technology (IT) service. A baseline represents both the way a network is designed and how devices are configured. A baseline can be a configuration baseline or a performance baseline. A Configuration Management System (CMS) are the tools and databases that collect, store, manage, update, and present information about CIs.

Identify the record in reverse lookup zones that resolves an Internet Protocol (IP) address to a host name. A. Canonical Name (CNAME) B. Mail Exchanger (MX) C. Text (TXT) D. Pointer (PTR)

D A Domain Name System (DNS) server may have two types of zones: forward lookup and reverse lookup. A Pointer (PTR) record is found in reverse lookup zones and is used to resolve an Internet Protocol (IP) address to a host name. A Canonical Name (CNAME) record is used to represent an alias for a host. A Mail Exchanger (MX) record is used to identify an email server for the domain. A Text (TXT) record is used to store any free-form text that may be needed to support other network services.

A technician supporting a network with contention-based access methods needs to eliminate the effect of contention. Which action should the technician take to improve transmission? A. Install a switch and configure it for half-duplex, and use the CSMA/CD protocol B. Install a switch and configure it for half-duplex, and do not use the CSMA/CD protocol C. Install a switch and configure it for full duplex, and use the CSMA/CD protocol D. Install a switch and configure it for full duplex, and do not use the CSMA/CD protocol

D A switch establishes a circuit between two nodes that are exchanging messages. Using a switch means that each switch port is in a separate collision domain. Collisions will not occur in full-duplex mode and the Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is not used. Installing a switch is recommended but configuring it for half-duplex will still result in collisions. If this configuration is used, the CSMA/CD protocol would be used. A switch configured for half-duplex leaves it vulnerable to collisions. Not using the CSMA/CD protocol would leave the switch open to collisions without protection. A switch configured to full-duplex is recommended but the CSMA/CD protocol is not needed.

A technician needs to install a twisted pair cable solution that will provide a frequency of 400 MegaHertZ (MHz) for up to 300 feet. The technician wants to keep cost in mind and not install a higher Category (Cat) than required. Consider the Electronic Industries Alliance (EIA) 568 Commercial Building Telecommunication Cabling Standards to determine which Cat cabling solution will meet the needs of the technician. A. Cat 5 B. Cat 5e C. Cat 6 D. Cat 6A

D Cat 6A provides a frequency up to 500 megahertz (Mhz) with a capacity of 10 gigabits per second (Gbps) and a max distance of 328 feet (100 meters). Cat 5 provides a frequency up to 100 MHz and a maximum distance of 328 feet. It can support a bandwidth of up to 100 megabits per second (Mbps). Cat 5e provides a frequency of 100 MHz and a maximum distance of 328 feet. It can support a bandwidth of up to 1 Gbps. Cat 6 provides a frequency of 250 MHz. It can support a bandwidth of up to 1Gbps up to 328 feet, or 10 Gbps up to 180 feet.

Which of the following types of topology has wiring connecting each of its nodes to its neighbors, in a closed loop? A. Star B. Bus C. Mesh D. Ring

D In a physical ring topology, each node is wired to its neighbor in a closed loop. A node receives a transmission from its upstream neighbor and passes it to its downstream neighbor. In a star network, each endpoint node is connected to a central forwarding node, such as a hub, switch, or router. A physical bus topology with more than two nodes is shared access topology, meaning that all nodes share the bandwidth of the media. A mesh network topology requires that each device has a point-to-point link with every other device on the network.

A change control board meets weekly to review all change requests on a network. The board documents all approved changes. How will this process be MOST beneficial to ensuring firewall security on the network? A. Reduce the possibility of blocking packets that should be allowed through the network B. Reduce the possibility of accidental blocking of ports that should be open for the firewall to function C. Reduce the number of users reporting incidents connected with the failure of data traffic D. Reduce the possibility of packets allowed through that should be blocked

D One outcome of a misconfigured firewall is that packets may be allowed through that should be blocked. This problem will not be reported through reports from users and will not be identified until a vulnerability is exploited or an audit occurs. A change control board can ensure that firewall configuration changes are made with each applicable network change. Packets that are being blocked that should be allowed through the network will be reported. This issue is less of a security concern and will be identified quickly. Ports that are blocked are less of a security concern and will be reported for troubleshooting and repair. The number of trouble tickets is not a security concern.

A network manager needs to implement an up-to-date solution that will detect intrusions based on attack patterns and provide alerts. Recommend a solution that will meet the needs of the network manager. A. File Integrity Monitoring (FIM) B. Unified Threat Management (UTM) C. Intrusion Prevention System (IPS) D. Signature-based detection

D Signature-based detection means that the engine is loaded with a database of attack patterns or signatures. If traffic matches a pattern, the engine generates an incident. File Integrity Monitoring (FIM) software audits key system files to make sure they match the authorized versions. Unified Threat Management (UTM) refers to a system that centralizes various security controls into a single appliance. One of the security controls provided by UTM may be signature-based detection. Compared to the passive logging of an Intrusion Detection System (IDS), an Intrusion Prevention System (IPS) can provide an active response to any network threats that it matches. This means that it provides a remedy to the threat.

A network administrator discovers a service while using Nmap. The administrator would like to probe the host to discover the software operating each port. Recommend a switch the administrator can use to perform this action. A. -sT B. -sS C. -sU D. -sV

D The -sV or -A switch can be used to probe a host more intensively to discover the software or software version operating each port. The process of identifying an Operating System (OS) or software application from its responses to probes is called fingerprinting. The -sT command is used when privileged access is not available. Nmap uses the OS to attempt a full Transmission Control Protocol (TCP) connection. The -sS switch is a fast technique known as half-open scanning. The scanning host requests a connection without acknowledging it. The -sU switch scans User Datagram Protocol (UDP) ports. Nmap waits for a response or timeout to determine the port state.

Which Transmission Control Protocol (TCP) header field provides the type of content in the segment? A. Checksum B. Window C. Urgent Pointer D. Flags

D The Flags field in the Transmission Control Protocol (TCP) header provides the type of content in the segment. The Checksum field in the TCP header ensures validity of the segment. The checksum is calculated on the value of not only the TCP header and payload but also part of the Internet Protocol (IP) header. The Window field in the TCP header provides the amount of data the host is willing to receive before sending another acknowledgement. The Urgent Pointer field in the TCP header specifies the end of any data in the segment that is urgent data.

An attacker capitalizes on a weakness in a software application before the developer is able to release a patch. Evaluate security concepts and determine what method the attacker is using. A. Threat B. Risk C. Footprinting D. Zero-day exploit

D The attacker is using a zero-day exploit. A zero-day exploit is a vulnerability that is exploited before the developer becomes aware or able to release a patch, beforehand. A threat is the potential for a threat agent or threat actor to exercise a vulnerability. The path or tool used by the threat actor can be referred to as the threat vector. A risk is the likelihood and impact of a threat actor exercising a vulnerability. Footprinting is a process of information gathering, in which the attacker attempts to learn about the configuration of the network and security systems.

A network administrator is experiencing problems with packet delivery. The network administrator enters arp -d 100.23.56.10 into the command line. Analyze the arp command and the associated switches to determine what will occur. A. The contents of the Address Resolution Protocol (ARP) table will be displayed for 100.23.56.10. B. An entry will be added to the Address Resolution Protocol (ARP) table for 100.23.56.10. C. The Address Resolution Protocol (ARP) table will block 100.23.56.10 from communicating. D. The Address Resolution Protocol (ARP) table will delete the cache for 100.23.56.10.

D The command arp -d 100.23.56.10 will delete the cache for 100.23.56.10. The switch -d * can also be utilized to delete all of the entries in the Address Resolution Protocol (ARP) table. If the network administrator wanted to see the contents of the ARP table, the correct command would be arp -a 100.23.56.10. If the network administrator wanted to add an entry to the ARP table, the correct command would be arp -s 100.23.56.10 MACAddress. The Media Access Control (MAC) address is required for this command. The command will not block the host from communicating. The cache will simply be cleared for this host. The next time communication occurs, which includes 100.23.56.10, a new cache will be added.

A network administrator uses Microsoft's Hyper-V virtualization platform to create a virtual external switch. What result will this produce? A. The switch will create a bridge that is usable only by Virtual Machines (VMs) on the host (and the host itself) while restricting access to the wider physical network. B. The switch will only be usable by the Virtual Machines (VMs) and the VMs cannot use the switch to communicate with the host. C. The switch will bind the host's Media Access Control (MAC) to the Virtual Machines (VMs), enabling communication on the virtual network. D. The switch will bind to the host's Network Interface Card (NIC) to allow the Virtual Machine (VM) to communicate on the physical network, via a bridge.

D The external switch will bind to the host's Network Interface Card (NIC) to allow the Virtual Machine (VM) to communicate on the physical network, via a bridge. An internal switch will create a bridge that is usable only by VMs on the host and the host itself. This type of switch does not permit access to the wider physical network. A private switch is only usable by the VMs, and the switch cannot communicate with the host. The external switch binds to the NIC not the Media Access Control (MAC), and connects to the physical network not the virtual network.

What parameter in a routing table provides the Internet Protocol (IP) address of the next router along the path? A. Netmask B. Interface C. Metric D. Gateway

D The gateway, or net hop, provides the Internet Protocol (IP) address of the next router along the path. The destination IP address and netmask parameter provides routes that can be defined to specific hosts but are more generally directed to network identification. The interface provides the local port to use to forward a packet along the chosen route. The metric provides a preference value assigned to the route, with low values being preferred over high ones. The value may be determined by different parameters, such as how far the next hop router is.

A network administrator suspects a host is compromised. The administrator is generating a new key for Hypertext Transfer Protocol Secure (HTTPS). How will the administrator accomplish this action? A. Change the user keys by using the utility ssh-keygen. B. Delete the public key from the appliance and regenerate the key pair on the user's client device. C. Send a CSR with the compromised key material and submit it to the CA that issues digital certificates. D. Send a CSR with new key material and submit it to the CA that issues digital certificates.

D The host key must be changed if any compromise of the host is suspected. The administrator will make a Certificate Signing Request (CSR) with new key material and submit it to the Certificate Authority (CA) that issues digital certificates. New key material will be used to make a CSR versus the compromised key material. If the administrator needed to generate a new key for Secure Shell (SSH), the ssh-keygen utility would be used. In the case of Secure Shell (SSH), if a user's private key is compromised, the administrator will delete the public key from the appliance, and then regenerate the key pair on the user's client device.

A system administrator cannot contact a remote Internet Protocol (IP) address. The administrator has successfully used the ping command for the loopback address, the local workstation, and another host. What is the next troubleshooting step the administrator should take? A. Use the tracert command to investigate the route B. Manually add the route using the route command C. Check for a name resolution problem D. Check the default gateway parameter on the local host

D The next troubleshooting step is to check the default gateway parameter on the local host to verify if it is correct. The default gateway parameter will provide information to the host on how to route packets outside of the local subnet. If the default gateway parameters are correct, the next step is to use the tracert command to investigate the route being taken. The administrator can manually add the route by using the route command after verifying the gateway parameter and using the tracert command. If all of the tests for Internet Protocol (IP) are successful but the administrator still cannot ping a remote node by its name, the administrator should consider a name resolution issue.

A Synchronous Optical Network (SONET) uses a Point-to-Point Protocol (PPP). Simulate the process of the network establishing a PPP connection to determine the third step. A. The Link Control Protocol (LCP) negotiates link parameters, such as frame size. B. The client and server negotiate the use of an authentication protocol and exchange authentication messages. C. The link is open and PPP frames are exchanged. D. The Network Control Protocols (NCPs) configure the layer 3 protocol(s) for use on the local network.

D The third step in establishing a Point-to-Point Protocol (PPP) connection is the Network Control Protocols (NCPs) are selected to configure the layer 3 protocol(s) to be used on the local network. The first step is the Link Control Protocol (LCP) negotiates link parameters, such as frame size. The second step is the client and server negotiate the use of an authentication protocol and exchange authentication messages. The fourth step is the link is open and PPP frames are exchanged. The fifth, and final step, is the LCP exchanges packets to terminate the connection.