Comptia Network+ (N10-009) General Questions, Set 3
You have been asked to install a media converter that connects a newly installed SMF to the existing Cat 6a infrastructure. Which type of media converter should you use? Coaxial to fiber Fiber to ethernet Fiber to coaxial Coaxial to ethernet
Fiber to ethernet OBJ 1.5: A media converter is a Layer 1 device that changes one type of physical network connection to another. In this case, we are converting single-mode fiber (SMF) cable to Cat 6a (ethernet) cable. For support or reporting issues, include Question ID: 63fe0ec03b7322449ddc29a1 in your ticket. Thank you. Domain 1 - Networking Concepts
Which network connection method provides visual interaction with a system through icons and windows for configuration and management? API SSH GUI Console
GUI OBJ 3.5 - GUI (Graphical User Interface) provides visual interaction with a system through icons, windows, and menus, allowing users to configure and manage devices using graphical elements rather than text-based commands. GUIs are user-friendly and intuitive, making them widely used for network device configuration and management tasks. API, or Application Programming Interface, allows software applications to interact with network devices programmatically but does not provide visual interaction for configuration and management. SSH, or Secure Shell, is a network protocol used for secure remote access to systems, typically providing command-line access rather than graphical interaction. Console refers to direct access to a system's command-line interface, which also does not involve graphical interaction. For support or reporting issues, include Question ID: 65e4f4d7bca75475d9170ac2 in your ticket. Thank you. Domain 3 - Network Operations
A college needs to provide wireless connectivity in a cafeteria with a minimal number of WAPs. What type of antenna will provide the BEST coverage? High gain omnidirectional antenna Low gain directional antenna Low gain omnidirectional antenna High gain directional antenna
High gain omnidirectional antenna OBJ 2.3: Omni-directional antennas broadcast radio frequencies in all directions creating a large sphere of coverage. The antenna has the capability to send and receive signals in a circumference around the antenna. Directional antennas broadcast radio frequencies in a single direction (unidirectional) or two directions (bidirectional) to create a zone or area of coverage. High gain antennas put out increase signal strengths and can reach further distances with fewer wireless access points (WAPs) than low gain antennas. Low gain antennas spread the power out across a wider volume in space, but the signal reaching the receivers is weaker and harder to process. For support or reporting issues, include Question ID: 63fe0ef53b7322449ddc2c40 in your ticket. Thank you. Domain 2 - Network Implementation
A network technician has received a report that workstations are unable to gain access to the network. During the troubleshooting process, the technician discovers that the switch connecting these workstations has failed. Which of the following is the QUICKEST option to configure a replacement switch? Baseline Syslog Archive Image
Image OBJ 3.3 - To image a switch, you can make a backup of the configuration and deploy it to a new/different switch. An image can contain the firmware and its configurations. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. An archive is a backup of the configurations for the network device. System Logging Protocol (Syslog) uses port 514 and is a way network devices can use a standard message format to communicate with a logging server. It was designed specifically to make it easy to monitor network devices. Devices can use a Syslog agent to send out notification messages under a wide range of specific conditions. For support or reporting issues, include Question ID: 63fe0f353b7322449ddc2f5c in your ticket. Thank you. Domain 3 - Network Operations
Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should access Dion Training's secure internal network. Which of the following technologies would allow you to configure this port and support both requirements? Configure a SIEM Create an ACL to allow access Implement NAC MAC filtering
Implement NAC OBJ 4.3: Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access. Network Access Control can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. In this scenario, implementing NAC can identify which machines are known and trusted Dion Training assets and provide them with access to the secure internal network. NAC could also determine unknown machines (assumed to be those of CompTIA employees) and provide them with direct internet access only by placing them on a guest network or VLAN. While MAC filtering could be used to allow or deny access to the network, it cannot by itself control which set of network resources could be utilized from a single ethernet port. A security information and event management (SIEM) system provides real-time analysis of security alerts generated by applications and network hardware. An access control list could define what ports, protocols, or IP addresses the ethernet port could be utilized. Still, it would be unable to distinguish between a Dion Training employee's laptop and a CompTIA employee's laptop like a NAC implementation could. For support or reporting issues, include Question ID: 63fe0f873b7322449ddc3354 in your ticket. Thank you. Domain 4 - Network Security
Paige, a network administrator, is experiencing slow internet speeds in her office network during peak hours. She suspects that insufficient bandwidth allocation might be the cause of the issue. Which of the following actions should Paige prioritize to address this problem? Implementing Quality of Service (QoS) Upgrading network switches Installing additional firewalls Adding more access points to the network
Implementing Quality of Service (QoS) OBJ 5.4 - Quality of Service (QoS) allows Paige to prioritize network traffic and allocate bandwidth effectively, ensuring that critical applications receive sufficient bandwidth during peak hours. Upgrading network switches, adding more access points, and installing additional firewalls may improve network performance in other aspects, but they do not directly address the issue of insufficient bandwidth allocation. For support or reporting issues, include Question ID: 65e8fe4e0a57c4bf80d088d7 in your ticket. Thank you. Domain 5 - Network Troubleshooting
Clifford needs to configure VLANs on his switch. He is looking to use a VLAN which is primarily used for untagged traffic but he is unsure of which one to use. Which VLAN should be used for this untagged traffic? Voice Native Duplex Data
Native OBJ 2.2 - The Native VLAN carries untagged traffic between switches. Voice VLAN is used for prioritizing VoIP traffic. Data VLANs carry regular user data traffic and can be tagged or untagged. Duplex refers to communication mode (full/half), not VLAN configuration. For support or reporting issues, include Question ID: 65ea58a82167b932f2976bb5 in your ticket. Thank you. Domain 2 - Network Implementation
The UPS that provides backup power to your server is malfunctioning because its internal battery has died. To replace the battery, you must shut down the server, unplug it from the UPS, and unplug the UPS from its power source (the wall outlet). You perform these actions but think that there has to be a better way to increase the server's availability in the future. Which of the following recommendations would BEST increase the server's availability based on your experience with this UPS battery replacement? Install a second UPS in the rack Replace the UPS with a generator Install a surge protector instead Add a redundant power supply to the server
OBJ 2.4: The BEST recommendation would be to install a redundant power supply in the server. Adding a second UPS would not solve the problem if the server still only has one power supply available. Switching from a UPS to a generator will not solve this issue, either, because generators also require scheduled maintenance and downtimes. Finally, adding a surge protector won't provide power when you need to power off a UPS for a battery replacement. For support or reporting issues, include Question ID: 63fe0f3d3b7322449ddc2fbb in your ticket. Thank you. Domain 2 - Network Implementation
A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password have been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all the networking devices, which of the following should the technician do to prevent the password from being sniffed on the network again? Ensure the password is 10 characters, containing letters and numbers Only allow administrators to access routers using port 22 Copy all configurations to routers using TFTP for security Use SNMPv1 for all configurations involving the router
Only allow administrators to access routers using port 22 OBJ 4.3: Port 22 uses SSH to authenticate a remote computer or user, or in this case, an administrator. Even if the router has been compromised, the new full rights user will not access their new account without the SSH key, which could only be provided by a true administrator. Telnet uses port 23 and passes all information as unencrypted traffic on the network. Telnet should always be disabled for security reasons, and SSH (which uses encryption) should be used instead. For support or reporting issues, include Question ID: 63fe0f6d3b7322449ddc3214 in your ticket. Thank you. Domain 4 - Network Security
A network technician wants to allow HTTP traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACLs should the technician implement? PERMIT SRCIP: ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT:80 PERMIT SRCIP 192.168.0.0/24 SPORT: ANY DSTIP:ANY DPORT 80 PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT ANY PERMIT SRCIP 192.168.0.0/24 SPORT:80 DSTIP:192.168.0.0/24 DPORT:80
PERMIT SRCIP 192.168.0.0/24 SPORT: ANY DSTIP:ANY DPORT 80 OBJ 4.3: This will permit traffic from the internal network (192.168.0.0/24) from any port to access the external network (any IP) to port 80 (HTTP). Since this is a stateless firewall, you must include the SPORT (source port) ANY to allow the outbound connection through the firewall. For support or reporting issues, include Question ID: 63fe0f673b7322449ddc31c9 in your ticket. Thank you. Domain 4 - Network Security
Which of the following is a DNS record type? LDAP PTR TTL DHCP
PTR OBJ 3.4: There are several types of DNS records, including A, AAAA, CNAME, PTR, SVR, and TXT. PTR records are used for the Reverse DNS (Domain Name System) lookup. Using the IP address, you can get the associated domain/hostname. An A record should exist for every PTR record. Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. For support or reporting issues, include Question ID: 63fe0ecd3b7322449ddc2a48 in your ticket. Thank you. Domain 3 - Network Operations
What parameter indicates the electrical demand on a system? Power Factor Power Load Power Consumption Current
Power Load OBJ 2.4 - Power load refers to the demand on an electrical system, indicating the amount of power required. Power factor relates to the efficiency of power usage, not the demand. Current is a measure of the flow of electrical charge, not necessarily the overall demand. Power consumption refers to the amount of power used over time, not necessarily the demand at a given moment. For support or reporting issues, include Question ID: 65ea567a5a5d627ed78b3059 in your ticket. Thank you. Domain 2 - Network Implementation
According to the OSI model, at which of the following layers is data encapsulated into a frame? Layer 4 Layer 2 Layer 3 Layer 1
Layer 2 OBJ 1.1: The data layer, or layer 2, is the second layer of the seven-layer OSI model. The data link layer encapsulates data into frames for delivery between nodes on the same network. Data is transmitted at Layers 5, 6, and 7 of the OSI model. At Layer 4, the data is encapsulated into segments. At layer 3, the segments are encapsulated into packets. At layer 2, the packets are encapsulated into frames. At layer 1, the frames are encapsulated into bits. For support or reporting issues, include Question ID: 63fe0eae3b7322449ddc28c6 in your ticket. Thank you. Domain 1 - Networking Concepts
Dion Training is configuring a new branch office in Florida and wants to assign it a portion of their public Class C IPv4 address space. Dion Training has been assigned a Class C scope of 187.15.3.0/24. The new branch office in Florida will require 23 devices that will need IP addresses assigned. What is the correct CIDR notation for the new subnet in order to accommodate the 23 devices while allocating the minimum number of addresses? /29 /28 /26 /27
/27 OBJ 1.7: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have 23 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 25 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). Since we need 25 IP addresses, we need to round up to a block of 32. To symbolize a CIDR block with 32 IP addresses, we would use /27, which is 2^5 = 2. Domain 1 - Networking Concepts
What port number does IMAP utilize? 993 995 110 143
143 OBJ 1.4: Internet Message Access Protocol (IMAP) uses port 143, and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Internet Message Access Protocol (IMAP) over SSL uses port 993 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Post Office Protocol version 3 over SSL (POP3 over SSL) uses port 995 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server that operates using an SSL or TLS encrypted tunnel. For support or reporting issues, include Question ID: 63fe0ebf3b7322449ddc2990 in your ticket. Thank you. Domain 1 - Networking Concepts
A small real estate office has about 15 workstations and would like to use DHCP to assign classful IP addresses to each workstation. The subnet only has one octet for the host portion of each device. Which of the following IP addresses could be assigned as the default gateway? 169.254.0.1 10.0.0.1 192.168.0.1 172.16.0.1
192.168.0.1 OBJ 1.7: Since the question wants a classful IP addressing scheme to be assigned to devices, and only one octet being available for the host portion, it would need to be a Class C address. The only Class C address to choose from is 192.168.0.1 based on the options provided. The IP 10.0.0.1 is a Class A address. The IP 172.16.0.1 is a Class B address. The IP 169.254.0.01 is an APIPA (reserved) address. A non-routable IP address (in this case 192.168.0.1), also known as a private IP address, is not assigned to any organization and does not need to be assigned by an Internet Service Provider. Therefore, the 192.168.0.1 could be assigned to the outside local IP address of the router in a Network Address Translation based network. For support or reporting issues, include Question ID: 63fe0ec93b7322449ddc2a19 in your ticket. Thank you. Domain 1 - Networking Concepts
(This is a simulated Performance-Based Question. On the real exam, you may be given a chart with numerous ports and protocols and be asked to drag and drop them to match the ports with the protocols. This question doesn't have an image) What ports do SMTP and SNMP utilize? 25, 161 445, 3389 23, 25 161, 443
25, 161 OBJ 1.4: SMTP (Simple Mail Transfer Protocol) uses port 25. SNMP (Simple Network Management Protocol) uses port 161. Port 23 is used by Telnet. Port 445 is used by the Server Message Block (SMB) protocol. Port 3389 is used by the Remote Desktop Protocol (RDP). Port 443 is used by the Hypertext Transfer Protocol Secure (HTTPS). If this were a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up. For support or reporting issues, include Question ID: 63fe0ee63b7322449ddc2b82 in your ticket. Thank you. Domain 1 - Networking Concepts
(This is a simulated Performance-Based Question. On the real exam, you may be given a chart with numerous ports and protocols and be asked to drag and drop them to match the ports with the protocols. This question doesn't have an image.) What ports do HTTPS and RDP utilize? 443, 445 443, 25 443, 3389 443, 161
443, 3389 OBJ 1.4: HTTPS (HyperText Transfer Protocol Secure) uses port 443. RDP (Remote Desktop Protocol) uses port 3389. Port 445 is used by the Server Message Block (SMB) protocol. Port 161 is used by the Simple Network Management Protocol (SNMP). Port 3389 is used by the Remote Desktop Protocol (RDP). Port 25 is used by the Simple Mail Transfer Protocol (SMTP). For support or reporting issues, include Question ID: 63fe0eca3b7322449ddc2a25 in your ticket. Thank you. Domain 1 - Networking Concepts
What port number does SMTP TLS utilize? 995 587 993 25
587 OBJ 1.4: The Simple Mail Transfer Protocol (SMTP) TLS uses port 587 and is an internet standard communication protocol for electronic mail transmission. The Simple Mail Transfer Protocol (SMTP) uses port 25 and is an internet standard communication protocol for electronic mail transmission. Post Office Protocol version 3 over SSL (POP3 over SSL) uses port 995 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server that operates using an SSL or TLS encrypted tunnel. Internet Message Access Protocol (IMAP) over SSL uses port 993 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. For support or reporting issues, include Question ID: 63fe0eee3b7322449ddc2be6 in your ticket. Thank you. Domain 1 - Networking Concepts
A telecommunications company is planning to deploy a new wireless network infrastructure to meet the increasing demands for high-speed internet access in urban areas. The network engineers are evaluating different frequency bands to ensure optimal performance and minimal interference in densely populated regions. Which frequency band would be most suitable for the telecommunications company to consider for their new wireless network deployment in urban areas? 2.4GHz 5GHz 6GHz 60GHz
6GHz OBJ 2.3 - Recently opened for unlicensed use, the 6Ghz band provides additional spectrum capacity with less interference, making it ideal for high-speed wireless networks in urban areas. 2.4 GHz is commonly used but prone to congestion and interference in urban environments due to widespread usage by various devices like microwaves and Bluetooth devices. 5 GHz offers faster speeds and less congestion compared to 2.4GHz, but it may still face interference in densely populated urban areas. While capable of extremely high data rates, 60 GHz is more suitable for short-range applications like indoor Wi-Fi due to limited penetration capabilities and susceptibility to atmospheric absorption. For support or reporting issues, include Question ID: 65dfa8bee725db53d7e219ac in your ticket. Thank you. Domain 2 - Network Implementation
Which of the following levels would a debugging condition generate? 6 7 0 1
7 OBJ 3.2: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications. For support or reporting issues, include Question ID: 63fe0f503b7322449ddc30ab in your ticket. Thank you. Domain 3 - Network Operations
Your company is currently using a 5 GHz wireless security system, so your boss has asked you to install a 2.4 GHz wireless network to use for the company's computer network to prevent interference. Which of the following can NOT be installed to provide a 2.4 GHz wireless network? 802.11b 802.11ac 802.11g 802.11n
802.11ac OBJ 2.3: Wireless networks are configured to use either 2.4 GHz or 5.0 GHz frequencies, depending on the network type. 802.11a and 802.11ac both utilize a 5.0 GHz frequency for their communications. 802.11b and 802.11g both utilize a 2.4 GHz frequency for their communications. 802.11n utilizes either 2.4 GHz, 5.0 GHz, or both, depending on the Wi-Fi device's manufacturer. For support or reporting issues, include Question ID: 63fe0f183b7322449ddc2df2 in your ticket. Thank you. Domain 2 - Network Implementation
A client has asked you to provide their local office with the BEST solution for a wireless network based on their requirements. The client has stated that their users will need a wireless network that provides a maximum of 54 Mbps of bandwidth and operates in the 2.4GHz frequency band. Which of the following wireless network types should you install to meet their needs? 802.11a 802.11ac 802.11b 802.11g
802.11g OBJ 2.3: 802.11g provides transmission over short distances at up to 54 Mbps in the 2.4 GHz band. It is backward compatible with 802.11b (which only operates at 11 Mbps). While an 802.11ac network would be the fastest solution, it does not operate in the 2.4 GHz frequency band. 802.11a operates in the 5 GHz frequency band at up to 54 Mbps. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. The 2.4 GHz frequency band is used by 802.11b, 802.11g, and 802.11n. The 5 GHz frequency band is used by 802.11a, 802.11n, 802.11ac, and 802.11ax. The 6 GHz frequency band is used by Wi-Fi 6E under the 802.11ax standard. For support or reporting issues, include Question ID: 63fe0f133b7322449ddc2db6 in your ticket. Thank you. Domain 2 - Network Implementation
Christine, a network administrator, is tasked with configuring DNS records to ensure seamless communication within the company's network. As part of her task, she needs to map domain names to their corresponding IPv4 addresses to facilitate hostname resolution. Which specific record type should Christine use to achieve this mapping between domain names and IPv4 addresses? AAAA A CNAME PTR
A OBJ 3.4 - The Address (A) record is used to map a domain name to an IPv4 address. This record type is essential for translating human-readable domain names into machine-readable IP addresses, facilitating communication over the internet. AAAA is used to map a domain name to an IPv6 address, a Canonical Name (CNAME) is for aliasing one domain name to another, a Pointer (PTR) is for reverse DNS lookups. For support or reporting issues, include Question ID: 65e5e913bc2531bc75079e8a in your ticket. Thank you. Domain 3 - Network Operations
In the context of network infrastructure documentation, what does a "cable map" primarily entail? A comprehensive inventory detailing the serial numbers and manufacturing dates of network cables. A statistical report showcasing the frequency and duration of cable-related outages within a network. A graphical representation delineating the physical connections between networking components via cables. An in-depth analysis of cable insulation materials and their respective impedance characteristics.
A graphical representation delineating the physical connections between networking components via cables. OBJ 3.1: Cable maps visually represent the physical connections between network devices via cables, aiding in network management and troubleshooting. While cable maps involve cables, they focus on connections rather than material analysis. Serial numbers and manufacturing dates are not the primary focus of a cable map, which emphasizes connections. Cable maps do not typically encompass outage statistics but rather provide a visual guide to cable connections. For support or reporting issues, include Question ID: 65d35b3938e47a5098a307a9 in your ticket. Thank you. Domain 3 - Network Operations
Which of the following best illustrates the most suitable use case for a Software-Defined Wide Area Network (SD-WAN)? A small office/home office setting with a single location. A home network with limited devices and internet usage. A multinational corporation with branch offices worldwide requiring centralized network management. A local café offering free Wi-Fi to customers with occasional connectivity needs.
A multinational corporation with branch offices worldwide requiring centralized network management. OBJ 1.8 - SD-WAN is ideal for large organizations with distributed branches, offering centralized control, enhanced security, and optimized performance over geographically dispersed networks. SD-WAN's benefits are underutilized in small, single-location setups. SD-WAN is overkill for home networks with limited complexity. SD-WAN is unnecessary and also would be underutilized for a small-scale public Wi-Fi setup like a local café. For support or reporting issues, include Question ID: 65e4d86ecfd6b407e1743339 in your ticket. Thank you. Domain 1 - Networking Concepts
What is a common technique used by malicious individuals to perform a man-in-the-middle or on-path attack on a wireless network? An evil twin Amplified DNS attacks ARP spoofing Session hijacking
An evil twin OBJ 4.2: Evil Twin access points are the most common way to perform a man-in-the-middle attack on a wireless network. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge. A man-in-the-middle or on-path attack consists of sitting between the connection of two parties and either observing or manipulating traffic. This could be through interfering with legitimate networks or creating fake networks that the attacker controls. ARP spoofing, session hijacking, and amplified DNS attacks are not techniques specific to attacking wireless networks. For support or reporting issues, include Question ID: 63fe0f893b7322449ddc336d in your ticket. Thank you. Domain 4 - Network Security
Which of the following layers within software-defined networking focuses on resource requests or information about the network? Application layer Control layer Management plane Infrastructure layer
Application layer OBJ 1.8 - The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations. For support or reporting issues, include Question ID: 63fe0ea63b7322449ddc2860 in your ticket. Thank you. Domain 1 - Networking Concepts
A technician wants to update the organization's disaster recovery plans. Which of the following would allow network devices to be replaced quickly if a device fails? Network Baseline Vendor documentation Proper asset tagging and labeling Archives/backups
Archives/backups OBJ 3.3 - In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event. Having an archive or backup of the data and device configurations would minimize the downtime associated with replacing a failed device. For support or reporting issues, include Question ID: 63fe0f333b7322449ddc2f43 in your ticket. Thank you. Domain 3 - Network Operations
Which network solution is commonly implemented to allow guests and employees to use personal devices to access the organization's network? BYOD VLAN Screened Subnet VPN
BYOD OBJ 4.1: BYOD is correct. It facilitates guest and personal device access while maintaining corporate network security. VLANs segregate network traffic but don't specifically address guest or personal device access. VPNs create secure connections but are not designed for guest access. Screened subnets isolate public-facing servers, not personal devices. For support or reporting issues, include Question ID: 65d356c7194b1942f2402284 in your ticket. Thank you. Domain 4 - Network Security
Which practice in infrastructure as code (IaC) involves creating separate code segments to work on different features or fixes independently? Template-based configuration Infrastructure provisioning Continuous delivery Branching
Branching OBJ 1.8 - Branching in version control systems allows developers to work on different features or fixes in isolation, keeping changes separate until they are merged back into the main codebase, promoting collaboration and code organization. Continuous delivery focuses on automating the software delivery process to ensure frequent and reliable releases. Infrastructure provisioning involves creating and managing computing resources. Template-based configuration involves using predefined templates to configure infrastructure components. For support or reporting issues, include Question ID: 65e907eb93b8d475a949023e in your ticket. Thank you. Domain 1 - Networking Concepts
Which of the following communication types cannot be used with IPv6? Anycast Multicast Unicast Broadcast
Broadcast OBJ 1.4: Broadcast only works with IPv4. Broadcast communication has one sender, but it sends the traffic to every device on the network. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only sends the signal once, which is then received by multiple hosts simultaneously. Multicast can be used with both IPv4 and IPv6. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6. For support or reporting issues, include Question ID: 63fe0ebb3b7322449ddc2963 in your ticket. Thank you. Domain 1 - Networking Concepts
You have been asked to run to the store and purchase a network cable for your boss's new laptop. He tells you that he needs the network cable to support at least 750 Mbps, but he also doesn't want to spend a lot of money. Which of the following network cables should you purchase to meet the high bandwidth and low price requirements? CAT 5e CAT 6 CAT 5 CAT 7
CAT 5e OBJ 1.4: You should purchase a CAT 5e cable since it can support up to 1000 Mbps (1 Gbps) of bandwidth and is the cheapest option provided that will meet your boss' bandwidth requirements. CAT 5 cables only support 100 Mbps. Therefore, it won't meet the requirements. CAT 6 and CAT 7 cables will support 1 Gbps and 10 Gbps, respectively, but they are more expensive than CAT 5e cables. Therefore, the CAT 5e cable is the best choice for the requirements provided by your boss. For support or reporting issues, include Question ID: 63fe0ea73b7322449ddc286a in your ticket. Thank you. Domain 1 - Networking Concepts
A network is using OSPF for the internal routing protocol. One of the interfaces connected to the internet is congested. The data is going out to the internet slowly, but is frequently queued by the router prior to sending due to the congestion and lower than normal speeds. "show interface" returned the following output: Fast Ethernet 0 is up, line protocol is up Int ip address is 10.20.130.5/25 MTU 1500 bytes, BW 10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set Keep alive 10Half duplex, 100Mb/s, 100 Base Tx/Fx Received 1052993 broadcasts0 input errors 983881 packets output, 768588 bytes 0 output errors, 0 collisions, 0 resets What would best resolve this issue? Assign a public IP address to the interface Modify the CIDR notation to a classful subnet mask Change the duplex setting from half to full Set the loopback address as 127.0.0.1
Change the duplex setting from half to full OBJ 5.4: Based on the output provided, the interface is set to half-duplex. Since there are no errors, collisions, or resets, the interface appears to be connected directly to another switchport or interface in their own collision domain. Therefore, the duplex can be set to full duplex and this will effectively double the throughput on this interface. The loopback address on all interfaces is set to 127.0.0.1 by default, therefore there is no need to make this configuration change. The output shows "loopback not set", which indicates the interface is currently in production or operational mode. If the "loopback is set", this means the interface has a loopback plug installed and you are conducting diagnostics on the interface. The CIDR notation of /25 indicates a subnet with 126 usable hosts. If you modified the CIDR notation to use a classful subnet mask for a Class A network (10.0.0.0/8) it would create 16.7 million usable hosts in a single broadcast domain and would drastically slow down the network. The speed of the network is not influenced by whether a public or private IP address is used by the interface, therefore this is an incorrect option. Domain 5 - Network Troubleshooting
Dion Training was assigned a Class C public IP range of 156.245.2.0/24. Dion Training wants to divide up these addresses and share them across their four offices. Which of the following IP addressing technologies should Dion Training use? APIPA Classless Teredo tunneling Private
Classless OBJ 1.7: Classless IP addressing solutions allow for the use of subnets that are smaller than the classful subnets associated with Class A, Class B, or Class C networks. Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network. A private IP address is an IP address reserved for internal use behind a router or other Network Address Translation (NAT) devices, apart from the public. Private IP addresses provide an entirely separate set of addresses that still allow access to a network without taking up a public IP address space. Automatic Private IP Addressing (APIPA) is a feature in operating systems (such as Windows) that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn't reachable. For support or reporting issues, include Question ID: 63fe0eeb3b7322449ddc2bb9 in your ticket. Thank you. Domain 1 - Networking Concepts
Which of the following type of sites would contain little to no hardware and could take days or weeks to become ready for use during a disaster? Cloud site Warm site Hot site Cold site
Cold site OBJ 3.3 - A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization's enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment. For support or reporting issues, include Question ID: 63fe0f2e3b7322449ddc2f02 in your ticket. Thank you. Domain 3 - Network Operations
Joan is experiencing performance issues with her department's network, and narrows down the problem to the increase in large data transfers within her organization. When she inquires, she is told that this will be an ongoing issue and likely will continue as the company is expected to continue expanding. Upon speaking with the IT department about the issue, they suggest that a MTU adjustment might help alleviate this problem. What MTU adjustment are they likely referring to? Enabling jumbo frames Implementation of QoS policies Implementing VLANs Decreasing the MTU
Enabling jumbo frames OBJ 2.2 - Jumbo frames increase MTU, reducing overhead and improving performance for large data transfers. Decreasing MTU can lead to further fragmentation and performance degradation. VLANs separate broadcast domains and are not directly related to the MTU. QoS policies manage traffic prioritization, but do not address the underlying MTU problem in this scenario. For support or reporting issues, include Question ID: 65ea58e32167b932f2976bba in your ticket. Thank you. Domain 2 - Network Implementation
A network administrator recently set up a network computer lab and discovered some connectivity issues. The administrator can ping the fiber uplink interface, but none of the new workstations plugged into the switch are responding to the technician's ICMP requests. Which of the following actions should the technician perform next? Verify the ports on the switch are full-duplex Determine if the link lights are lit for the ports Verify that the uplink interface is configured correctly Determine if port security is enabled on the ports
Determine if the link lights are lit for the ports OBJ 5.2: A technician can use the LEDs on the switchports to quickly monitor activity and performance for the interfaces. By determining if the link lights are lit for the ports, the administrator can verify if there is any activity on the network, if the ports are enabled, and if the Layer 1 components are working properly. Additionally, some switches have LEDs to indicate if the switchport is operating in half-duplex or full-duplex, and the speed of the link. For support or reporting issues, include Question ID: 63fe0f983b7322449ddc342c in your ticket. Thank you. Domain 5 - Network Troubleshooting
An increased amount of web traffic to an e-commerce server is observed by a network administrator but without increasing the number of financial transactions. Which kind of attack might the company be experiencing? Phishing Bluejacking ARP spoofing DoS
DoS OBJ 4.2: A DoS attack or denial-of-service attack works by overloading a server with multiple requests (more than it can handle), thus eventually knocking the server offline. When a denial-of-service attack occurs, there will be an increase in the amount of web traffic on the server, but since that traffic is not being sent by legitimate customers there will be no financial transactions occurring. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptop computers, sending a vCard which typically contains a message in the name field to another Bluetooth-enabled device via the OBEX protocol. For support or reporting issues, include Question ID: 63fe0f8a3b7322449ddc3381 in your ticket. Thank you. Domain 4 - Network Security
Tyler, a network engineer, is tasked with deploying a new wireless network in an office located in a region where wireless transmission regulations are stringent. They decide to utilize the 802.11h standard to ensure compliance. Which feature of the 802.11h standard is most beneficial for adhering to these regulatory requirements? Increased data throughput Dynamic frequency selection Enhanced encryption methods Reduced power consumption
Dynamic frequency selection OBJ 2.3 - Dynamic Frequency Selection (DFS) is a key feature of the 802.11h standard that allows wireless networks to detect radar signals and switch to another channel automatically to avoid interference. This capability is particularly beneficial in regions with stringent wireless transmission regulations, as it helps ensure that the wireless network operates within legal frequency bands and avoids interfering with critical services like radar operation. Reduced power consumption is beneficial for energy efficiency but does not contribute to compliance with regulations that govern wireless channel usage and interference avoidance. Increased data throughput is a performance enhancement feature and does not specifically relate to meeting regulatory requirements for wireless transmissions. While enhanced encryption methods improve network security, they do not directly address regulatory compliance regarding wireless channels and frequencies. For support or reporting issues, include Question ID: 65f32c8f2c3fe3e9e089ad7d in your ticket. Thank you. Domain 2 - Network Implementation
Darren is tasked with improving the network's resilience and flexibility in handling traffic between VLANs in their corporate office. To achieve this, he decides to set up SVIs on their core switch to facilitate inter-VLAN routing. This setup will allow devices in different VLANs to communicate with each other without requiring a dedicated physical router for each VLAN. Which of the following actions is MOST crucial for Darren to perform to ensure successful communication between VLANs? Ensure each SVI is assigned to the correct VLAN and has the appropriate IP addressing. Set up a VLAN database to store configuration details for each SVI. Configure a DHCP server on each SVI to assign IP addresses to devices in each VLAN. Install additional physical interfaces on the switch for each SVI created.
Ensure each SVI is assigned to the correct VLAN and has the appropriate IP addressing. OBJ 2.2 - Ensuring each Switch Virtual Interface (SVI) is correctly assigned to its corresponding VLAN and has the appropriate IP addressing is essential for inter-VLAN routing. This setup enables devices in different VLANs to communicate through the core switch without needing a physical router for each VLAN. Configuring a DHCP server on each SVI can be beneficial for IP address management but is not crucial for the SVIs to facilitate inter-VLAN routing. Installing additional physical interfaces on the switch for each SVI created is unnecessary since SVIs are virtual interfaces that do not require physical ports. Setting up a VLAN database is useful for managing VLANs but does not directly affect the functionality of SVIs for inter-VLAN routing. For support or reporting issues, include Question ID: 65f23986fd52b6e50251d5ce in your ticket. Thank you. Domain 2 - Network Implementation
Dion Training's corporate network just suffered a wide-scale network outage. After gathering information, Susan believes that the core switch has a bad module, so she tests her theory by looking at the links on the module and finds they are not on. What is the NEXT step in the network troubleshooting methodology they should perform? Document her findings and actions taken so far Implement the solution or escalate as necessary Establish a plan of action to solve the problem Determine if anything has changed on the switch
Establish a plan of action to solve the problem OBJ 5.1: The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Since the technician has already identified the problem, established a theory, and tested the theory, the next logical step is to establish a plan of action to resolve the problem and identify potential effects. In this case, that plan of action might include replacing the faulty module in the core switch in an effort to restore services. For support or reporting issues, include Question ID: 63fe0fa13b7322449ddc349d in your ticket. Thank you. Domain 5 - Network Troubleshooting
Which step in the troubleshooting methodology involves identifying changes made to the network configuration before the issue arose? Test the theory to determine the cause Establish a theory of probable cause Document findings, actions, and outcomes Implement the solution or escalate as necessary
Establish a theory of probable cause OBJ 5.1: Establishing a theory of probable cause involves gathering information from the user and identifying any changes made to the network configuration before the issue occurred. This is crucial as it helps narrow down potential causes and directs further troubleshooting efforts effectively. The other options are part of the subsequent steps: once a probable cause is identified, it's tested to confirm it's the actual cause, then a solution is implemented or escalated if necessary, and finally, findings, actions, and outcomes are documented. For support or reporting issues, include Question ID: 65d386857b0375fddcdb3b79 in your ticket. Thank you. Domain 5 - Network Troubleshooting
Your organization has recently experienced issues with network modifications being made without proper authorization. To address this, you've been tasked with implementing a new procedure to ensure that all network changes are documented, approved, and tracked efficiently. Which of the following methods would best achieve this objective? Implement a policy that requires all network changes to be verbally communicated to the IT department head who gives their approval before implementation. Advise team members to send individual emails to the IT department with their change requests for informal approval. Create a shared document where team members can list their intended network changes for informal peer review at their convenience. Establish an online request process tracking/service request system so all changes are submitted, reviewed, and approved before implementation.
Establish an online request process tracking/service request system so all changes are submitted, reviewed, and approved before implementation. OBJ 3.1 - Establishing an online request process tracking/service request system ensures that all network changes are documented, reviewed, and approved in a formal and organized manner. This process helps in maintaining a record of all changes, facilitating accountability, and minimizing unauthorized or incorrect changes that could lead to network issues. Individual emails do not provide a centralized, organized method for tracking and reviewing network change requests, leading to potential oversight and lack of accountability. A shared document may improve transparency but lacks formal review and approval processes, making it less effective in controlling unauthorized changes. Verbal communication does not provide a verifiable, documented trail of requests and approvals, making it difficult to track and verify changes. Domain 3 - Network Operations
You are troubleshooting a 3 foot long fiber patch cable that you suspect is causing intermittent connectivity between two switches. Which of the following tools should you use to measure the signal as it transmits over the fiber optic cable? Cable tester Optical time domain reflectometer Fiber light meter Loopback adapter
Fiber light meter OBJ 5.5: A fiber light meter, also known as an optical power meter, is used to measure the power in an optical signal over a fiber optic cable. A fiber light meter could be used to test if the cable is broken, but it would not be able to determine where the break in the fiber cable is located. An Optical Time Domain Reflectometer (OTDR) is used by organizations to certify the performance of new fiber optics links and detect problems with existing fiber links. An OTDR can identify if a fiber cable is broken and provide an approximately location for the break. A cable tester is used to verify the electrical connections in a twisted pair or coaxial cable. A loopback adapter is a plug that is used to test the physical port or interface on a network device. For support or reporting issues, include Question ID: 63fe0faa3b7322449ddc350b in your ticket. Thank you. Domain 5 - Network Troubleshooting
Employees in a remote branch office report experiencing connectivity issues when trying to communicate with devices in other departments within the organization. Upon investigation, the network administrator finds that users can access resources within their own department's subnet and reach the internet without any problems. However, attempts to communicate with devices in different subnets, including those in the main office or other branch offices, fail consistently. What is the most likely reason for this connectivity issue? Incorrect IP address assignment Address pool exhaustion Incorrect subnet mask configuration Incorrect default gateway configuration
Incorrect subnet mask configuration OBJ 5.3 - An incorrect subnet mask configuration can cause devices to misinterpret network boundaries, leading to communication issues with devices on other subnets. In this scenario, the fact that users can communicate within their own department's subnet and the internet but not with devices in different subnets indicates that the subnet boundaries might not be properly defined. The other options represent other potential network issues, but based on the symptoms described in the scenario, the misconfiguration of the subnet mask is the most likely cause of the problem. For support or reporting issues, include Question ID: 65ea550f5a5d627ed78b303b in your ticket. Thank you. Domain 5 - Network Troubleshooting
After many published security concerns, your company decides that in order to improve the security stance of your organization they would like to switch to using a Zero Trust system. As a network technician, you are asked to prepare for implementing this process. Which of the following best describes the Zero Trust Architecture (ZTA) that you are being asked to help prepare for? It is a security framework that relies solely on perimeter defenses such as firewalls and antivirus software to protect against external threats. It is a security model based which assumes threats are already inside the network, and no entity, whether inside or outside, should be trusted by default. It is a strategy that emphasizes total reliance on third-party security vendors for all aspects of network protection. It is a trust-based approach where all users and devices within the network are granted unrestricted access to resources.
It is a security model based which assumes threats are already inside the network, and no entity, whether inside or outside, should be trusted by default. OBJ 1.8 - Zero Trust Architecture operates on the principle that threats could already be present inside the network, a common term used is to "assume breach", requiring all access attempts to be scrutinized regardless of user credentials or location. The other options listed overlook this fundamental aspect of ZTA, which rejects the notion of perimeter-based security, implicit trust, and reliance on single-layer defenses. For support or reporting issues, include Question ID: 65df9809080853a6ec88e7b0 in your ticket. Thank you. Domain 1 - Networking Concepts
Which of the following types of telecommunication links is used to provide a business with a private telecommunications circuit between two or more locations, usually using a buried fiber optic cable? Satellite Cable Leased line DSL
Leased line OBJ 1.5: A leased line is a private telecommunications circuit between two or more locations provided according to a commercial contract, normally over a fiber-optic connection. Data Over Cable Service Interface Specification (DOCSIS) is used to connect a client's local area network to a high-bandwidth internet service provider over an existing coaxial cable TV system. A satellite connection is a wireless connection spread across multiple satellite dishes located both on earth and in space that provides remote areas with valuable access to core networks. A digital subscriber line (DSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connection to the Internet. Domain 1 - Networking Concepts
Sam is upgrading the Wi-Fi infrastructure in his office and is considering whether to install Autonomous or Lightweight access points (APs). When Sam goes to compare Lightweight APs vs Autonomous APs, which statement will he find is true? Autonomous APs provide greater flexibility and customization options. Lightweight APs require less configuration and management effort. Lightweight APs offer better performance in high-density environments. Autonomous APs are more cost-effective in the long run.
Lightweight APs offer better performance in high-density environments. OBJ 2.3 - Lightweight APs are designed to handle high-density environments more efficiently, making them suitable for offices with a large number of users or devices. Lightweight APs typically require more configuration and centralized management, but they offer benefits in terms of scalability and optimization. Lightweight APs offer less customization compared to Autonomous APs, but they provide better performance and easier management. While Autonomous APs may have lower initial costs, Lightweight APs usually offer better long-term value due to their improved performance and scalability. For support or reporting issues, include Question ID: 65ea578c2167b932f2976b97 in your ticket. Thank you. Domain 2 - Network Implementation
You have been asked to help design a new architecture for Dion Training's website. The current architecture involves a single server that hosts the website in its entirety. The company's newest course has been creating a lot of interest on social media. The CIO is concerned that the single server will not be able to handle the increased demand that could result from this increased publicity. What technology should you implement in the new architecture to allow multiple web servers to serve up the courses and meet this expected increase in demand from new students? DLP VPN concentrator Load Balancer RAID
Load Balancer OBJ 1.2: A load balancer allows for high availability and the ability to serve increased demand by splitting the workload across multiple servers. RAID is a high availability technology that allows for multiple hard disks to act logically act as one to handle more throughput, but this will not solve the higher demand on the server's limited processing power like a load balancer would. A VPN concentrator is a networking device that provides secure creation of VPN connections and delivery of messages between VPN nodes. A data loss prevention (DLP) system is focused on ensuring that intellectual property theft does not occur. Therefore, a DLP will not help meet the increased demand from new students. For support or reporting issues, include Question ID: 63fe0f4c3b7322449ddc307e in your ticket. Thank you. Domain 1 - Networking Concepts
What is used to distribute traffic across multiple sets of devices or connections in order to increase the overall efficiency of the network and its data processing? Load balancing Fault tolerance Traffic shaping High availability
Load balancing OBJ 3.3 - Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle. Traffic shaping, also known as packet shaping, is the manipulation and prioritization of network traffic to reduce the impact of heavy users or machines from affecting other users. Traffic shaping is used to optimize or guarantee performance, improve latency, or increase usable bandwidth for some kinds of packets by delaying other kinds. High availability (HA) is a component of a technology system that eliminates single points of failure to ensure continuous operations or uptime for an extended period. Fault tolerance refers to the ability of a system (computer, network, cloud cluster, etc.) to continue operating without interruption when one or more of its components fail. For support or reporting issues, include Question ID: 63fe0f463b7322449ddc302e in your ticket. Thank you. Domain 3 - Network Operations
Which of the following components is used to describe the structure of a device subsystem using a hierarchical namespace containing all of the variables that may be set or read using SNMP? OID Granular trap MIB Verbose trap
MIB OBJ 3.2: The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. The management information base (MIB) is a translation file that is used to describe the structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers (OID). A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol. A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. A granular trap contains a unique object identifier (OID) number and a value for that OID. A verbose trap may contain all the information about a given alert or event as its payload. A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network. For support or reporting issues, include Question ID: 63fe0f503b7322449ddc30b0 in your ticket. Thank you. Domain 3 - Network Operations
Which of the following types of agreements is a non-legally binding document used to detail what common actions each party intends to perform? AUP NDA MOU SLA
MOU OBJ 3.1: A memorandum of understanding (MOU) is a non-binding agreement between two or more organizations to detail what common actions they intend to take. A non-disclosure agreement (NDA) is a documented agreement between two parties that define what data is considered confidential and cannot be shared outside of that relationship. An NDA is used to protect an organization's intellectual property. A service level agreement (SLA) is a documented commitment between a service provider and a client, where the quality, availability, and responsibilities are agreed upon by both parties. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. For support or reporting issues, include Question ID: 63fe0f4a3b7322449ddc305b in your ticket. Thank you. Domain 3 - Network Operations
The network technician, Eduardo, has received a large number of complaints from users that the network is experiencing poor performance and excessive load times. The network technician determines that an attacker is creating a malicious flood of network traffic by sending ping requests. What can the network technician do to prevent this from occurring? Delete the malicious user's account Modify the ACL to block ICMP traffic Update the client's antivirus software Upgrade the router's firmware
Modify the ACL to block ICMP traffic OBJ 5.3: A ping request sends an ICMP echo request packet to the specified target and then waits for the response. The target will then return an ICMP echo reply to the system that sent the request. This was originally designed to test the connectivity between two systems over a given network, but has been used by attackers to create a denial-of-service condition by flooding a target with ping requests or replies. To prevent this from occurring, a network technician should block all ICMP requests, or at the very least block all ICMP requests from outside of the local area network. Blocking all ICMP requests would eliminate the ping request flood, although it may become harder to diagnose network issues in the future as ICMP is used heavily in network troubleshooting by the ping and tracert/traceroute commands. A firmware update will upgrade your device with advanced operational instructions without needing a hardware upgrade. Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware. A user account is an identity created for a person in a computer or computing system. The flood of ping requests occurs using ICMP traffic, not a particular user account, virus, or missing feature in a router. Therefore, blocking ICMP requests is the best answer. For support or reporting issues, include Question ID: 63fe0f5c3b7322449ddc313d in your ticket. Thank you. Domain 5 - Network Troubleshooting
Dion Training wants to implement a technology that will automatically test any wireless device that connects to their network before allowing the device full access to the corporate network and its resources. Which of the following should be implemented? DMZ PSK VPN NAC
NAC OBJ 4.3: Network Access Control is an approach to computer security that attempts to unify endpoint security technology, user or system authentication, and network security enforcement. Effective network access control restricts access to only those devices that are authorized and compliant with security policies, meaning they have all the required security patches and anti-intrusion software. When a device connects to the network, it is placed into an automated testing area. If it passes the compliance testing, it is placed into the full corporate network. If it fails the compliance testing, it is placed into quarantine where it remains until it has been remediated or upgraded to meet the compliance requirements. A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. A pre-shared key is used to encrypt data traversing over a WEP, WPA, or WPA2 wireless network. A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. For support or reporting issues, include Question ID: 63fe0f823b7322449ddc3318 in your ticket. Thank you. Domain 4 - Network Security
Jason is conducting a security audit of Dion Training's VPN concentrator. As he reviews the connection logs, he notices a teleworking employee is connected to the company's VPN with an unexpected source IP address that is located in California. Jason knows that none of the employees work from California, though. What might the employee be using that is causing their IP address to be located in California? ICS/SCADA Voice gateway WLAN controller Proxy server
Proxy server OBJ 1.2: A proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. For example, if the employee is located in Florida but is connected to a proxy server in California, all of their network traffic will go from Florida to California, and then to the final destination. In this example, the final destination was the VPN concentrator for Dion Training, so the California IP address is entered into the VPN concentrator's logs. ICS (industrial control systems) and SCADA (supervisory control and data acquisition systems) are devices and network systems that are used to monitor and manage the manufacturing or industrial process assets of an organization. A wireless LAN controller is used in combination with the Lightweight Access Point Protocol to manage light-weight access points in large quantities by the network administrator or network operations center. The voice gateway is used to connect the enterprise VoIP network with the telecommunications provider, using a number of different connectivity methods, such as PSTN, ISDN, and SIP. ICS/SCADA, WLAN controllers, and voice gateways would not change the IP address of the requesting client as it attempts to connect to the company's VPN. For support or reporting issues, include Question ID: 63fe0ef73b7322449ddc2c59 in your ticket. Thank you. Domain 1 - Networking Concepts
Your company hosts all of the company's virtual servers internally in your own datacenter. If a total failure or disaster occurs, the server images can be restored on a cloud provider and accessed through a VPN. Which of the following types of cloud services is your company using in this scenario? Public IaaS Community PaaS Hybrid SaaS Private SaaS
Public IaaS OBJ 1.3: Infrastructure as a service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on-demand, on a pay-as-you-go basis. Since the company is hosting all of its servers as virtual machines, they could quickly restore their datacenter capabilities by restoring the VM images to a public cloud IaaS solution and then connect to them using a VPN. Platform as a Service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. Software as a Service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider. For support or reporting issues, include Question ID: 63fe0eb13b7322449ddc28e9 in your ticket. Thank you. Domain 1 - Networking Concepts
A NAC service has discovered a virus on a client's laptop. Where should the laptop be redirected to in order to be remediated? Quarantine network Botnet Honeypot DMZ subnet
Quarantine network OBJ 4.3: Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), the user or system authentication, and network security enforcement. When NAC detects an issue with a client, it places them in a quarantine network until the device can be remediated to meet the entry requirements for the given network. A honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them. A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. For support or reporting issues, include Question ID: 63fe0f8c3b7322449ddc339a in your ticket. Thank you. Domain 4 - Network Security
What distinguishes the Rapid Spanning Tree Protocol (RSTP) from the original Spanning Tree Protocol (STP) in terms of convergence time after a network topology change? RSTP introduces a discarding state that is not present in STP, significantly speeding up convergence. RSTP relies on manual administrator intervention to achieve faster convergence compared to STP. RSTP can achieve faster convergence by using point-to-point links to quickly negotiate and transition port states. RSTP uses the same timer-based mechanism as STP but with shorter default times.
RSTP can achieve faster convergence by using point-to-point links to quickly negotiate and transition port states. OBJ 2.2 - The Rapid Spanning Tree Protocol (RSTP) achieves faster convergence compared to the original Spanning Tree Protocol (STP) through the use of point-to-point links. This allows RSTP to quickly negotiate and transition port states without relying on the timer-based mechanism of STP, resulting in significantly faster recovery from topology changes. RSTP's faster convergence is designed into the protocol and does not rely on manual intervention by administrators. This automated, rapid response to changes is a core advantage of RSTP over STP. While RSTP does improve on STP, it does not simply use shorter default timer settings. RSTP introduces new port roles and states, but the key to its faster convergence is not the introduction of a discarding state but how it quickly transitions through port states. For support or reporting issues, include Question ID: 65f8f378ae2d2e107f47fd67 in your ticket. Thank you. Domain 2 - Network Implementation
A network administrator is assigned an approved change request with a change window of 120 minutes. After 90 minutes, the change is stuck on step five of a five-step change. The network manager decides to initiate a rollback. Which describes what the network administrator should do next? Return the system back to the original state before the change Return the system to step four since this was the last working step Leave the change as is and inform users of a workaround Request additional time since the change is near completion
Return the system back to the original state before the change OBJ 3.1: By performing a rollback, the administrator will change everything back to the last known good configuration before the change is started. This would involve resetting everything back to how it was before the configuration and installation of the changes were begun in this maintenance window. For support or reporting issues, include Question ID: 63fe0f4e3b7322449ddc308d in your ticket. Thank you. Domain 3 - Network Operations
Jenna, a network administrator, wants to automate the process of assigning IPv6 addresses to devices without the need for manual configuration or DHCPv6 servers. She also wants to ensure that devices can generate their own unique IPv6 addresses based on the network prefix provided by the router. Which IPv6 address assignment method should she implement to meet these requirements? SLAAC IPv6 Link-Local addressing DHCPv6 Static IPv6 addressing
SLAAC OBJ 3.4 - Stateless Address Autoconfiguration (SLAAC) is an IPv6 address assignment method that allows devices to automatically generate their own IPv6 addresses based on the network prefix advertised by the router. With SLAAC, devices use information provided in Router Advertisement (RA) messages to form their IPv6 addresses without requiring manual configuration or the presence of DHCPv6 servers. This method is efficient, scalable, and suitable for networks where dynamic address assignment is desired without relying on central DHCP servers. IPv6 Link-Local addressing allows devices on the same network segment to communicate with each other without the need for routers. However, Link-Local addresses are not globally routable and are primarily used for communication within the same subnet. In the scenario, Jenna wants devices to generate unique IPv6 addresses based on the network prefix provided by the router, which goes beyond the scope of Link-Local addressing. Static IPv6 addressing involves manually assigning IPv6 addresses to devices, typically by network administrators. While static addressing provides stability and predictability, it is labor-intensive and not suitable for large-scale deployments where automation and dynamic address assignment are desired. DHCPv6 is a protocol used for dynamically assigning IPv6 addresses and providing additional network configuration information to devices. However, in the scenario described, Jenna wants to automate the address assignment process without the need for DHCPv6 servers. For support or reporting issues, include Question ID: 65e4f8b682ed6dce6dd2eeb5 in your ticket. Thank you. Domain 3 - Network Operations
Which of the following network protocols is used to send email from one server to another server? RDP SNMP POP3 SMTP
SMTP OBJ 1.4: Simple Mail Transfer Protocol (SMTP) is a well-known application that uses port 25 for sending email from one server to another server. Remote Desktop Protocol (RDP) is an application that uses port 3389 to allow a user to connect to another computer over a network connection graphically. Simple Network Management Protocol (SNMP) is an application that uses port 161 for the management and monitoring of network-connected devices in Internet Protocol networks. Post Office Protocol v3 (POP3) is an application that uses port 110 to receive and hold email until a client is ready to receive it. The key to answering this question is understanding the acronyms and their meaning. For support or reporting issues, include Question ID: 63fe0edf3b7322449ddc2b24 in your ticket. Thank you. Domain 1 - Networking Concepts
Shaun is planning the network infrastructure for a manufacturing plant where high levels of electrical interference are present due to heavy machinery. The network must ensure stable and reliable connectivity for the plant's control systems. Which of the listed cable types should he use to MINIMIZE the impact of electrical interference on network connectivity while delivering optimal performance? STP Cat5e UTP Cat5e STP Cat6 UTP Cat6
STP Cat6 OBJ 5.2 - STP (Shielded Twisted Pair) Cat6 is the most appropriate choice for environments with high electrical interference, as the shielding provides protection against electromagnetic interference (EMI), ensuring more stable and reliable connectivity for sensitive applications such as control systems in a manufacturing plant. STP Cat5e also offers shielding against EMI, Cat6 cables are designed for higher performance and better handling of potential interference. UTP Cat6 and UTP Cat5 lack the shielding necessary to adequately protect against the interference present in such environments, making them less suitable for ensuring the network's stability and reliability in this scenario. For support or reporting issues, include Question ID: 65ecf0a969aa1dbaceda0d71 in your ticket. Thank you. Domain 5 - Network Troubleshooting
What is the primary focus of Secure Access Service Edge (SASE)? Enhancing encryption protocols for cloud-based applications. Securing network access for remote users and branch offices. Protecting data centers from cyber threats. Optimizing network performance for high-bandwidth applications.
Securing network access for remote users and branch offices. OBJ 1.8 - Secure Access Service Edge (SASE) is a network architecture that combines network security functions with wide-area networking (WAN) capabilities to provide secure access to applications and data for remote users and branch offices. SASE focuses on delivering comprehensive security services, such as secure web gateways, firewall as a service, and zero-trust network access, to ensure that users can securely connect to corporate resources regardless of their location. The other options describe aspects related to network security and optimization, but they do not accurately represent the primary focus of SASE. For support or reporting issues, include Question ID: 65e9062f93b8d475a9490216 in your ticket. Thank you. Domain 1 - Networking Concepts
What lockable device is the MOST crucial for safeguarding physical networking equipment? Fire Extinguisher Mount Server Rack Enclosure Cable Management Tray Biometric Door Lock
Server Rack Enclosure OBJ 2.4: A lockable server rack enclosure is essential for safeguarding physical networking equipment, providing both physical security and controlled access to critical infrastructure. While important for safety, a fire extinguisher mount is not directly related to safeguarding networking equipment from unauthorized access. While biometric door locks enhance security, they are not specific to the protection of physical networking equipment within a server rack. Cable management trays help organize cables but do not serve as a lockable device for securing networking equipment. For support or reporting issues, include Question ID: 65c4fba577122992d044b465 in your ticket. Thank you. Domain 2 - Network Implementation
Finley is tasked with improving the security posture of their company's network. They need a solution that can quickly identify unauthorized access attempts or suspicious activities. Which of the following would best suit Finley's needs? Setting up an anomaly alerting/notification system Enabling Quality of Service (QoS) for traffic prioritization Configuring a baseline metrics comparison tool Implementing a DHCP snooping feature
Setting up an anomaly alerting/notification system OBJ 3.2 - Setting up an anomaly alerting/notification system is the most direct and effective solution for Finley's needs. It can monitor network activities and automatically alert them about unauthorized access attempts or suspicious activities, enhancing the network's security posture. Implementing a DHCP snooping feature can protect against certain types of attacks but is more focused on DHCP-related security and does not provide broad monitoring for unauthorized access or suspicious activities. Enabling Quality of Service (QoS) is crucial for managing traffic prioritization but does not contribute to identifying or alerting about security breaches or unauthorized access attempts. Configuring a baseline metric comparison tool can help in understanding the normal performance parameters of the network but may not provide immediate alerts for security-related anomalies. For support or reporting issues, include Question ID: 65f329232c3fe3e9e089ad5f in your ticket. Thank you. Domain 3 - Network Operations
What is a key benefit of Secure Access Service Edge (SASE) architecture for organizations with a distributed workforce? Simplified management of security policies and configurations. Enhanced data encryption for data stored in cloud applications. Improved scalability for on-premises network infrastructure. Reduced latency for accessing centralized data centers.
Simplified management of security policies and configurations. OBJ 1.8 - One of the primary benefits of Secure Access Service Edge (SASE) architecture is the simplified management of security policies and configurations. With SASE, security policies can be centrally managed and enforced across distributed users and devices, regardless of their location. This approach reduces the complexity of managing security across multiple sites and remote access scenarios, leading to improved security posture and operational efficiency. The other options may offer benefits but are not specifically associated with the primary advantage of SASE. For support or reporting issues, include Question ID: 65e9069b93b8d475a9490220 in your ticket. Thank you. Domain 1 - Networking Concepts
Howard is an IT consultant who is designing a long-distance network for a client that requires minimal signal loss and high bandwidth over distances greater than 10 kilometers. Which type of cable should Howard recommend for this project? Cat6 Single-mode fiber Multi-mode Fiber STP Cabling
Single-mode fiber OBJ 5.2: Single-mode fiber optic cables are best suited for long-distance applications due to their ability to carry signals over greater distances with minimal signal loss, making them the ideal choice for this scenario. Multi-mode fiber optic cables are optimized for high bandwidth over short to medium distances and are not the best choice for long-distance applications. Cat 6 cables are used for shorter, local, ethernet-based connections and do not support long-distance network requirements. Shielded twisted pair (STP) cables are used to minimize electromagnetic interference but are not suitable for long-distance communications. For support or reporting issues, include Question ID: 65ed03e404c046a4fbad0d32 in your ticket. Thank you. Domain 5 - Network Troubleshooting
In which type of non-technical attack does an attacker attempt to trick a user into providing sensitive information? Evil twin Bluesnarfing Social engineering On-path
Social engineering OBJ 4.2: Social engineering is the art of convincing people to reveal confidential information to the intruder. Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection. Bluesnarfing is a technical exploit, not one that relies on tricking a user like social engineering would. An on-path attack, formerly known as a man-in-the-middle attack, is a technical method used by attackers to place themselves between a victim's client and a server to intercept or modify communications between the two devices. This is another form of technical attack and it does not rely on tricking a user. An evil twin a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge. An evil twin is another technical means of attack that could be combined with an on-path attack to collect sensitive information from a victim. The best answer, though, still is a social engineering attack since those manipulate and trick a user into directly providing sensitive information to an attacker. For support or reporting issues, include Question ID: 63fe0f573b7322449ddc3104 in your ticket. Thank you. Domain 4 - Network Security
A project manager is tasked with the planning of a new network installation. The customer requires that everything discussed in the meetings is installed and configured when a network engineer arrives onsite. Which document should the project manager provide the customer? Statement of Work Security Policy Acceptable Use Policy Service Level Agreement
Statement of Work OBJ 3.1: A Statement of Work (SOW) is a document that outlines all the work that is to be performed, as well as the agreed-upon deliverables and timelines. A service-level agreement (SLA) is a written agreement that qualitatively and quantitatively specifies the service committed by a vendor to a customer. Security policy is a definition of what it means to be secure for a system, organization, or other entity. For an organization, it addresses the constraints on the behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys, and walls. An acceptable use policy, acceptable usage policy, or fair use policy, is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. For support or reporting issues, include Question ID: 63fe0f3e3b7322449ddc2fca in your ticket. Thank you. Domain 3 - Network Operations
Dion Training's network technicians are about to upgrade a Cisco 3900-series router, but they first want to create a copy of the router's configuration and IOS files to serve as a backup. Which of the following tool should the technicians utilize? tcpdump traceroute TFTP server show route
TFTP server OBJ 5.5: A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. The "show route" command is used on a Cisco networking device to display the current state of the routing table for a given network device. The traceroute command is used on Linux, Unix, and OS X devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. For support or reporting issues, include Question ID: 63fe0fa63b7322449ddc34d9 in your ticket. Thank you. Domain 5 - Network Troubleshooting
A customer is trying to configure an 802.11b wireless card in an old laptop to connect to an 802.11g wireless router. When the customer scans for the wireless network's SSID (Dion-Corp), it is not displayed within Windows. What is the MOST likely reason that the SSID is not being displayed? 802.11g and 802.11b use different frequencies The wireless router is not configured for DHCP support The broadcast is disabled on the wireless router The wireless router is configured with WPA2 encryption
The broadcast is disabled on the wireless router OBJ 2.3: If the SSID (Secure Set Identifier) is disabled, then the wireless network name will not be broadcast to any available devices within range. Both Wireless B and G use the same frequency band (2.4 GHz) and would not cause this issue. Similarly, encryption that is enabled or disabled would not affect the SSID broadcast since the SSID is sent out in cleartext. DHCP support is used once a device connects to the network. Therefore it would not affect the SSID broadcast. For support or reporting issues, include Question ID: 63fe0fad3b7322449ddc3533 in your ticket. Thank you. Domain 5 - Network Troubleshooting
a restaurant recently installed a new network-connected electronic signboard to display their menu items to customers. The signboard came preconfigured with a public IP address so that the central office can remotely connect to it and update the menu items and prices displayed. The installer unboxed the new device, hung it on the wall, plugged it into the network, and the menu appeared. The next day, the manager sees that the menu items have all been changed to include vulgar names and prices like $6.66. the signboard has been vandalized by an attacker. What is the MOST likely reason the attackers were able to access and modify the signboard's display? The default credentials were never changed during its installation Unnecessary services were not disabled during its installation The self-signed digital certificate of the signboard had expired The default port, port 80, was left open during its installation
The default credentials were never changed during its installation OBJ 4.3: We know that the signboard was installed with all of the defaults still in place because the installer simply removed it from the box, hung it on the wall, and plugged it in). This means that it is most likely that the electronic signboard default credentials were never changed. While the other options may cause an issue, the unchanged default username and passwords are the biggest threat and most likely the root cause of the digital vandalism since the attacker could simply login to the device using its public IP address and the default username/password to make any changes they desired.
Samuel is in the process of upgrading the wireless access points (APs) in the office to provide better speed and coverage. He selects a set of APs boasting the latest Wi-Fi 6 technology. After installation, he realizes that the new APs are not communicating effectively with the existing network infrastructure, leading to slow performance and intermittent connectivity issues. What is the most likely reason for the connectivity issues Samuel is experiencing with the new wireless access points? The new APs are not compatible with the existing network cabling. The new APs are set to a wireless channel that is overcrowded. The network's current router does not support Wi-Fi 6. The firewall is blocking traffic from the new APs.
The network's current router does not support Wi-Fi 6. OBJ 5.2 - The most likely issue is that the existing network infrastructure, specifically the router, does not support the Wi-Fi 6 standard. This discrepancy can lead to performance issues and connectivity problems, as the advanced features and speeds of Wi-Fi 6 cannot be utilized fully. Network cabling typically does not impact wireless access point functionality unless the APs also have wired connections that are incompatible. A firewall blocking traffic would likely result in no connectivity at all, rather than slow performance and intermittent issues. Channel overcrowding can cause performance issues, but it would not be the primary concern when upgrading to Wi-Fi 6 APs, as they are designed to better manage channel utilization. For support or reporting issues, include Question ID: 65ed17bc4817542170e02829 in your ticket. Thank you. Domain 5 - Network Troubleshooting
Keith is a network engineer who is troubleshooting a recently deployed fiber optic link that exhibits high packet loss and intermittent connectivity issues. The link uses appropriate multimode fiber and compatible SFP transceivers on both ends. Which of the following should Keith investigate as the most likely cause of the issue? The routing protocol configuration affecting the fiber link. The VLAN configuration on the switches connected by the fiber link. The duplex settings of the ports where the fiber link is connected. The signal strength at both ends of the fiber link.
The signal strength at both ends of the fiber link. OBJ 5.2 - Investigating the signal strength at both ends of the fiber link is crucial when experiencing high packet loss and intermittent connectivity. Issues like dirty connectors, bends in the fiber, or too long of a cable run can degrade signal strength, leading to the observed symptoms. VLAN configuration is essential for network segmentation and traffic management but would not cause high packet loss and intermittent connectivity on a physical fiber link. Duplex settings are relevant for copper-based Ethernet connections and do not apply to fiber optic links, which inherently support full duplex. Routing protocol configuration is crucial for determining the path of data packets across a network but does not directly impact the physical layer's signal strength and quality on a fiber link. For support or reporting issues, include Question ID: 65ed1059dddf308c8ba8f8b3 in your ticket. Thank you. Domain 5 - Network Troubleshooting
You are configuring a new connection between two data centers using fiber optics. After setting up the connection, you notice that there's no link light, and the connection is not established. Both ends of the connection are using SFP+ transceivers. Which of the following is the most likely issue? The fiber cables are not compatible with the SFP+ transceivers used. There is a mismatch between the transceivers at each end. The fiber patch panel is not properly labeled. The IP addressing scheme for the devices connected at both ends does not match.
There is a mismatch between the transceivers at each end. OBJ 5.2 - A mismatch between the transceivers at each end can prevent the link from establishing. Different transceiver types (e.g., multi-mode vs. single-mode, different wavelengths, or speed capabilities) can cause incompatibility issues, leading to no connectivity. The IP addressing scheme is crucial for communication over the network, but it does not affect the physical link establishment between two devices using fiber optics. Proper labeling of the fiber patch panel is essential for organization and troubleshooting, however it would not directly cause a lack of connectivity as long as the correct fibers are connected between the SFP+ transceivers. Fiber cables must be compatible with the transceivers used, but the scenario explicitly states that SFP+ transceivers are in use, implying that the issue lies not with the cable type but with the transceiver match. For support or reporting issues, include Question ID: 65ed0fcbdddf308c8ba8f8ae in your ticket. Thank you. Domain 5 - Network Troubleshooting
In a corporate network, the IT team needs a method to organize and manage different broadcast domains efficiently. Which feature enables administrators to dynamically add, modify, and delete broadcast domains without disrupting network operations? VLAN Database ARP (Address Resolution Protocol) NAT (Network Address Translation) DNS (Domain Name System)
VLAN Database OBJ 2.2: A VLAN Database allows administrators to dynamically manage broadcast domains by adding, modifying, or deleting them without affecting the overall network. NAT is used for translating private to public IP addresses and does not provide a mechanism for dynamic management of broadcast domains. ARP is used for mapping IP addresses to MAC addresses and does not handle the dynamic organization of broadcast domains. DNS is responsible for resolving domain names to IP addresses and does not offer a solution for organizing or modifying broadcast domains. For support or reporting issues, include Question ID: 65c4ff1177122992d044b479 in your ticket. Thank you. Domain 2 - Network Implementation
Larry is tasked with designing a network architecture that includes a screened subnet. What is the primary purpose of incorporating this sort of screened subnet into a network design? To serve as an isolated environment for testing new applications before they are deployed to the production network. To provide a secure area for the storage of backup data, separate from the main network infrastructure. To act as a buffer zone between the internal network and the internet, hosting public-facing services such as web servers. To increase the network's bandwidth by distributing traffic across multiple subnets.
To act as a buffer zone between the internal network and the internet, hosting public-facing services such as web servers. OBJ 4.3 - A screened subnet, often implemented using a demilitarized zone (DMZ), is designed to improve security by separating the internal network from the external internet and reducing the risk of external attacks reaching the internal network directly. A screened subnet's focus is on security rather than on increasing the network's bandwidth or traffic distribution. The primary purpose of a screened subnet is not for data storage but for enhancing network security by segregating certain types of traffic or services. A screened subnet's main role is not for testing applications but for securely managing access to public-facing services. For support or reporting issues, include Question ID: 65f20852a2dbc8418b69cb61 in your ticket. Thank you. Domain 4 - Network Security
Why might an administrator choose static routing over dynamic routing in a segment of a network? To reduce the need for router configuration To increase the network's resilience to future topology changes To control the exact path that traffic takes through the network To enhance the automatic rerouting capabilities
To control the exact path that traffic takes through the network OBJ 2.1 - An administrator might choose static routing to control the exact path that traffic takes through the network. Static routing allows for precise control over routing decisions, enabling administrators to determine the specific routes that packets should follow, which can be crucial for security, compliance, or performance reasons. Static routing actually increases the need for router configuration since each route must be manually entered and maintained, which is more demanding than dynamic routing protocols that adjust routes automatically. Increasing the network's resilience to topology changes is a characteristic of dynamic routing protocols. Static routing requires manual reconfiguration in response to network changes, which can decrease resilience if not promptly updated. Enhancing the automatic rerouting capabilities is a feature of dynamic routing protocols, not static routing. For support or reporting issues, include Question ID: 65f32874e6895e8946f54510 in your ticket. Thank you. Domain 2 - Network Implementation
Samantha is assigned to configure port security on her network's switches to restrict unauthorized access. Which of the following BEST describes the purpose of implementing port security in which Samantha is attempting? To limit the number of MAC addresses allowed to transmit data through a switch port. To dynamically assign IP addresses to devices connected to the network. To automatically encrypt data packets as they traverse through the switch and throughout the network. To create virtual networks within a switch to isolate traffic for better identification.
To limit the number of MAC addresses allowed to transmit data through a switch port. OBJ 4.3 - To limit the number of MAC addresses allowed to transmit data through a switch port. Port security is a feature used on switches to restrict the input to a port to specific MAC addresses and limit the number of MAC addresses that can be learned on a single port, thereby preventing unauthorized access. Port security does not deal with the assignment of IP addresses, which is typically managed by DHCP. Creating virtual networks or VLANs is not the purpose of port security; it is done for network segmentation. Port security does not encrypt data packets; encryption is handled by other protocols like IPsec. For support or reporting issues, include Question ID: 65f20941a2dbc8418b69cb66 in your ticket. Thank you. Domain 4 - Network Security
Drew, an experienced network engineer at Dion Training, has been tasked with setting up a new DNS infrastructure to support a secure and efficient network environment. As part of this setup, he needs to ensure that the network can authenticate DNS queries and provide detailed logging for network troubleshooting and security audits. He decides to use a reverse zone to make his job easier. Why would Drew choose a reverse zone for this task? To map hostnames to IP addresses for easier web access To replicate DNS information across different servers for redundancy To authenticate user access to network resources To map IP addresses to hostnames for better logging and security
To map IP addresses to hostnames for better logging and security OBJ 3.4 - Drew would choose a reverse zone because it allows mapping IP addresses back to hostnames, which is crucial for detailed logging and enhancing network security through better traceability of network requests and activities. This functionality is essential for troubleshooting and conducting security audits by providing the ability to identify the source of network requests. Mapping hostnames to IP addresses is the primary function of forward zones, not reverse zones. Authenticating user access to network resources is typically handled by network security protocols and identity management systems, not DNS zone types. Replicating DNS information across different servers for redundancy is the role of secondary zones, which does not directly facilitate mapping IP addresses to hostnames for logging and security purposes. For support or reporting issues, include Question ID: 65f2f7182bdae866be26357f in your ticket. Thank you. Domain 3 - Network Operations
A large university campus is expanding its wireless network to cover new buildings. The IT department wants to ensure seamless connectivity for students and staff as they move across different parts of the campus without having to reconnect to different Wi-Fi networks. Which approach should the IT department take to facilitate this requirement? Set up each access point to broadcast multiple SSIDs to ensure that users can connect to the network closest to their current location. Configure each access point with a unique SSID corresponding to its physical location on campus. Implement a guest network SSID that covers the entire campus, separate from the main network SSIDs used in individual buildings. Use the same ESSID across all access points to create a single unified wireless network across the campus.
Use the same ESSID across all access points to create a single unified wireless network across the campus. OBJ 2.3 - Using the same extended service set identifier (ESSID) across all access points allows the creation of a unified wireless network. This enables students and staff to roam seamlessly across the campus without the need to reconnect to different Wi-Fi networks, as their devices automatically maintain a continuous connection to the network identified by the ESSID. Implementing a guest network SSID separate from the main network does not address the need for seamless connectivity across different campus areas for students and staff. Setting up each access point to broadcast multiple SSIDs could provide flexibility but would complicate the user experience and does not support seamless connectivity. Configuring each access point with a unique SSID would result in multiple disjointed networks, forcing users to manually select and connect to different networks as they move around. For support or reporting issues, include Question ID: 65f3350b2c3fe3e9e089adb9 in your ticket. Thank you. Domain 2 - Network Implementation
Kenneth, a network security specialist, notices unusual traffic patterns on the network monitoring tools. After a detailed analysis, he discovers that traffic meant for a secure VLAN is somehow being accessed from an unsecured VLAN. This raises concerns about potential security breaches. Kenneth realizes this might be due to a misconfiguration or an attack on the network infrastructure. What is the most likely cause of the traffic from a secure VLAN being accessed from an unsecured VLAN as observed by Kenneth? The DHCP server is assigning IP addresses from the secure VLAN to devices on the unsecured VLAN. VLAN hopping attack has been launched against the network. The firewall is improperly configured, allowing all traffic through. The switches are configured with the default VLAN settings.
VLAN hopping attack has been launched against the network. OBJ 4.2 - VLAN hopping is a network attack technique where an attacker sends packets to a network in a way that they can hop from the unsecured VLAN to the secure VLAN. This typically occurs due to switch misconfigurations like allowing dynamic trunking protocol (DTP) frames from untrusted ports. DHCP misconfigurations can lead to incorrect IP assignments but are unrelated to the issue at hand. Improper firewall configurations affect network traffic but do not facilitate VLAN hopping. Default VLAN settings can lead to various issues, however they do not directly cause VLAN hopping as described. For support or reporting issues, include Question ID: 65ed1bd05635bcd84cacce1f in your ticket. Thank you. Domain 4 - Network Security
Which characteristic represents the potential difference between two points in an electrical circuit? Voltage Power Factor Current Resistance
Voltage OBJ 2.4 - Voltage represents the potential difference between two points in an electrical circuit. Power factor relates to the efficiency of power usage, not voltage. Current is the flow of electrical charge, not potential difference. Resistance opposes the flow of current, unrelated to voltage. For support or reporting issues, include Question ID: 65ea56af5a5d627ed78b305e in your ticket. Thank you. Domain 2 - Network Implementation
During a routine security audit, Shane is tasked with identifying unauthorized devices on the network. To accomplish this, he decides to inspect the IP-to-MAC address mappings on a device. Which command would be most effective for this purpose? ipconfig arp netstat dig
arp OBJ 5.5 - The arp command is used to view or modify the IP-to-MAC address mappings in the ARP cache, making it suitable for identifying potentially unauthorized devices by examining their IP-to-MAC relationships. dig is used for querying DNS name servers for information about host addresses, mail exchanges, nameservers, and is not used for inspecting IP-to-MAC address mappings. netstat displays network connections and statistics, it does not provide IP address mappings. ipconfig shows the current TCP/IP network configuration on Windows systems, but it does not display IP-to-MAC address mappings. For support or reporting issues, include Question ID: 65ecf952bab7b43aab696c94 in your ticket. Thank you. Domain 5 - Network Troubleshooting
Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine? ip nslookup tracert route
route OBJ 5.5: The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. For support or reporting issues, include Question ID: 63fe0fbb3b7322449ddc35dd in your ticket. Thank you. Domain 5 - Network Troubleshooting
You suspect an IP conflict within your network. To investigate the address resolution mappings and identify potential conflicts, which command would you utilize? show arp show interface show ip route show mac-address-table
show arp OBJ. 5.5 - 'show arp' is the direct command for viewing the ARP table, which maps IP addresses to their corresponding MAC addresses, aiding in the identification of IP conflicts. 'show ip' route displays the routing table, which helps in understanding the paths packets take but does not show address resolution mappings. 'show interface' provides the status and configuration of interfaces 'show mac-address-table' only reveals the MAC address entries in a switch's table. For support or reporting issues, include Question ID: 65ed09eb85f368aa706fb434 in your ticket. Thank you. Domain 5 - Network Troubleshooting
While working as a network technician, Vivienne wants to check the power status of a switch to troubleshoot a network outage issue. Which command should Vivienne input to display the power supply status of the switch? show interface show route show power show mac-address-table
show power OBJ 5.5 - To display the power supply status of a switch, Vivienne would be using the command "show power." Yes, it really does exactly as asked, as this command provides information about the power status of the switch, including power supply units, their status, and power consumption. show mac-address-table, show route, and show interface are commands used for different purposes, such as viewing MAC address table entries, routing information, and interface details, respectively. For support or reporting issues, include Question ID: 65e5ec2af390ad47fd04a440 in your ticket. Thank you. Domain 5 - Network Troubleshooting
Preparing for the installation of new PoE devices, you need to check the current power usage and available capacity on your PoE-enabled switch. Which command would yield this information? show power inline show interfaces show inventory show cdp neighbors
show power inline OBJ. 5.5 - show power inline provides detailed information on power usage and availability for each PoE port, crucial for planning the addition of new PoE devices. show cdp neighbors "offers details on directly connected Cisco devices, not power usage. show inventory lists the hardware inventory of the device but does not provide power capacity or usage details. show interfaces displays interface status and configurations without specific information on PoE power usage. For support or reporting issues, include Question ID: 65ed0b2e85f368aa706fb43e in your ticket. Thank you. Domain 5 - Network Troubleshooting
Which of the following tools should you use to create a pcap file? tcpdump TFTP server nmap tracert
tcpdump OBJ 5.5: The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network's clients, servers, and devices. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. For support or reporting issues, include Question ID: 63fe0f9c3b7322449ddc345a in your ticket. Thank you. Domain 5 - Network Troubleshooting
