N+ Bonus

What ports do FTP and SFTP utilize?

20,21

Alexander needs to set up two public-facing web servers and ensure that an attacker cannot access its intranet if those servers are compromised. Which of the following should he use?

A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing (public-facing) services to an untrusted, usually larger, network such as the Internet. A DMZ is a type of screen subnet. A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet. Virtual Network Computing is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol to remotely control another computer by transmitting the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network. Since Alexander wants to install two public-facing web servers on his network, he should place them in the DMZ.

Which of the following technologies combines the functionality of a firewall, malware scanner, and other security appliances into one device?

A Unified Threat Management (UTM) appliance enforces a variety of security-related measures, combining the work of a firewall, malware scanner, and intrusion detection/prevention. A UTM centralizes the threat management service, providing simpler configuration and reporting than isolated applications spread across several servers or devices. An intrusion detection system (IDS) is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system. Unlike an IPS, which can stop malicious activity or policy violations, an IDS can only log these issues and not stop them. An intrusion prevention system (IPS) conducts the same functions as an IDS but can also block or take actions against malicious events. A Syslog server is a server that collects diagnostic and monitoring data from the hosts and network devices across a given network.

Which of the following policies or plans would dictate how an organization would respond to an unplanned outage of their primary internet connection?

A business continuity plan is a document that outlines how a business will continue operating during an unplanned service disruption. A business continuity plan is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human capital and business partners, and essentially every other aspect of the business that might be affected. A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber attacks, and other disruptive events. An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work. System life cycle plans, also known as life cycle planning, describe the approach to maintaining an asset from creation to disposal. In the information technology world, we normally have a 5-phase lifecycle that is used for all of our systems and networks: Planning, Design, Transition, Operations, and Retirement.

The administrator modifies a rule on the firewall, and now all the FTP users cannot access the server any longer. The manager calls the administrator and asks what caused the extreme downtime for the server. In regards to the manager's inquiry, what did the administrator forget to do first?

A change request should be submitted through the change management process prior to any changes being made. Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies.

Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network?

A hybrid topology is a kind of network topology that is a combination of two or more network topologies, such as mesh topology, bus topology, and ring topology. A star topology is a network topology where each individual piece of a network is attached to a central node, such as a switch. A bus topology is a network topology in which nodes are directly connected to a common network media, such as a coaxial cable, known as the bus. A ring topology is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node to form a circular ring. The WAN connections are using a ring network topology, but each office is using a star topology. Therefore, the best description of this combined network is a hybrid topology.

An offsite tape backup storage facility is involved with a forensic investigation. The facility has been told they cannot recycle their outdated tapes until the conclusion of the investigation. Which of the following is the MOST likely reason for this?

A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. If a legal hold notice has been given to the backup service, they will not destroy the old backup tapes until the hold is lifted. The process of discovery is the formal process of exchanging information between the parties about the witnesses and evidence they will present at trial. The chain of custody is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. A data transport request is a formalized request to initiate a data transfer by establishing a circuit or connection between two networks.

You are creating a wireless link between two buildings in an office park utilizing the 802.11ac standard. The antenna chosen must have a small physical footprint and be lightweight as it will be mounted outside the building. Which type of antenna should you install?

A patch antenna is a type of radio antenna with a low profile, which can be mounted on a flat surface. A patch antenna is typically mounted to a wall or a mast and provides coverage in a limited angle pattern. Patch antennas can be directional or omnidirectional, but a directional antenna should be used for a connection between two buildings within line of sight of each other. A Yagi or directional antenna could also be used, but if the distance is smaller than about 300 feet between the buildings, a patch antenna would be sufficient. A Yagi would be utilized for longer distances instead, but these do weigh more and have a larger footprint. A whip antenna is a vertical omnidirectional antenna that is usually utilized in indoor environments. A whip antenna is omnidirectional and cannot be used for directional use cases.

Andy is a network technician who is preparing to configure a company's network. He has installed a firewall to segment his network into an internal network, a DMZ or screen subnet, and an external network. No hosts on the internal network should be directly accessible by their IP address from the Internet, but they should be able to reach remote networks if they have been assigned an IP address within the network. Which of the following IP addressing solutions would work for this particular network configuration?

A private IP address is an IP address reserved for internal use behind a router or other Network Address Translation (NAT) devices, apart from the public. Private IP addresses provide an entirely separate set of addresses that still allow access to a network without taking up a public IP address space. Automatic Private IP Addressing (APIPA) is a feature in operating systems (such as Windows) that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn't reachable. Classless IP addressing solutions allow for the use of subnets that are smaller than the classful subnets associated with Class A, Class B, or Class C networks. Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network.

What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them?

A reset (RST) flag is used to terminate the connection. This type of termination of the connection is used when the sender feels that something has gone wrong with the TCP connection or that the conversation should not have existed in the first place. For example, if a system receives information that is outside of an established session, it will send a RST flag in response. A finish (FIN) flag is used to request that the connection be terminated. This usually occurs at the end of a session and allows for the system to release the reserved resources that were set aside for this connection. A synchronization (SYN) flag is set in the first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake. Once received, the receiver sends back a SYN and ACK flag set in a packet which is then sent back to the initiator to confirm they are ready to initiate the connection. Finally, the initial sender replies with an ACK flag set in a packet so that the three-way handshake can be completed and data transmission can begin.

When using a Type 1 hypervisor virtualized environment, which of the following hardware types is necessary to connect the VMs to the corporate network?

A virtual machine includes a virtual NIC. A virtual NIC is a type of virtual adapter that can be configured on logical partitions to provide a network interface. This virtual NIC can be paired and mapped to a physical NIC to get the VM onto the network. Virtual Desktop Infrastructure (VDI) is a software technology that separates the desktop environment and associated application software from the physical client device that is used to access it. A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it.

What device is used to configure various hypervisor guests to use different VLANs in the same virtualization environment?

A virtual switch (vSwitch) is a software application that allows communication between virtual machines. A vSwitch does more than just forward data packets, it intelligently directs the communication on a network by checking data packets before moving them to a destination.

A new piece of malware attempts to exfiltrate user data by hiding the traffic and sending it over a TLS-encrypted outbound traffic over random ports. What technology would be able to detect and block this type of traffic?

A web application firewall (WAF) or application-aware firewall would detect both the accessing of random ports and TLS encryption and identify it as suspicious. An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, and TLS connections are created and maintained by applications. A stateless packet inspection firewall allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.). A stateful packet inspection firewall monitors the active sessions and connections on a network. The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules. Neither a stateless nor stateful inspection firewall operates at layer 6 or layer 7, so they cannot inspect TLS connections. An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. An IDS only monitors the traffic on the network, it cannot block traffic.

Barbara has connected her personal wireless router to a network jack inside her office. The router cannot get a DHCP address even though her corporate laptop can get a DHCP address when connected to the same jack. Barbara checked the router's configuration to ensure it is set up to obtain a DHCP address. Which of the following is the MOST likely reason that the router is not getting a DHCP address?

Allow lists specify MAC addresses as a security measure implemented by the administrator to only grant access to a specific user. It avoids a person with malicious intentions to access the corporate network. Since the router has a different MAC address, it is blocked from connecting to the wired network. Allow listed MAC addresses can be implemented automatically using different forms of port security on a network switch.

Which of the following communication types are used in IPv6 to send a packet to the nearest interface that shares a common address in a routing table?

An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the "nearest" interface having that address, according to the router's routing table. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. Multicast can be used with both IPv4 and IPv6. Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.

Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line?

An analog modem is a device that converts the computer's digital pulses to tones that can be carried over analog telephone lines and vice versa. DSL is the other type of Internet connection that uses an RJ-11 connection to a phone line. A DOCSIS modem is a cable modem and would require a coaxial cable with an F-type connector. An access point is a wireless device that connects to an existing network using twisted pair copper cables and an RJ-45 connector. A multilayer switch can use either twisted pair copper cables using an RJ-45 connector or a fiber optic cable using an MTRJ, ST, SC, or LC connector.

What is a common technique used by malicious individuals to perform an on-path attack on a wireless network?

An evil twin is the most common way to perform an on-path attack on a wireless network. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user's knowledge. A man-in-the-middle or on-path attack consists of sitting between the connection of two parties and either observing or manipulating traffic. This could be through interfering with legitimate networks or creating fake networks that the attacker controls. ARP spoofing, session hijacking, and amplified DNS attacks are not techniques specific to attacking wireless networks.

A user's smartphone is displaying text in other languages in their web browser when accessing the company's main website. Which of the following is the MOST likely cause of the issue?

An on-path attack (previously known as a man-in-the-middle attack) is a general term when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or impersonate one of the parties, making it appear as if a normal exchange of information is occurring. For example, if your user and server are both in the United States (English language), but the attacker is performing the on-path attack from Russia, then the server will utilize the Russian language in the text since it sees the connection coming from a Russian IP address. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point by sending a deauthentication frame to the victim's machine.

The fiber-optic connection between two of the Dion Training offices was broken. A network technician used a fusion splicer to repair the cable, but now the connection is experiencing reduce transmission efficiency, slower connection speed, and intermittent downtime. Which of the following is the MOST likely reason for these issues?

An optical link budget is a calculation that considers all the anticipated losses along the length of a fiber optic connection. Signal loss across a fiber optic cable occurs naturally due to the distance of the cable, as well as from losses due to multiplexing, bends in the cable, imperfect connections, patches, or splices along the fiber optic cable. If the circuit is designed with a low optical link budget and subsequently needs to be repaired or spliced, it would create a fiber connection that becomes too weak to pass the light across the entire fiber optic cable.

You have just finished installing a small network consisting of a router, a firewall, and a single computer. The computer is connected to the firewall and the firewall is connected to the router. What type of physical network topology have you created in this scenario?

As described, this network would resemble a physical bus network topology because the router connects directly to the firewall, and the firewall connects directly to the computer. This would form a single line (or bus) from one device to the next. A bus topology uses a single cable that connects all the included nodes and the main cable acts as a backbone for the entire network. A ring topology connects every device to exactly two other neighboring devices to form a circle. Messages in a ring topology travel in one direction and usually rely on a token to control the flow of information. A star topology connects all of the other nodes to a central node, usually a switch or a hub. A star topology is the most popular network topology in use on local area networks. A mesh topology connects every node directly to every other node. This creates a highly efficient and redundant network, but it is expensive to build and maintain.

Due to numerous network misconfiguration issues in the past, Dion Training adopted a policy that requires a second technician to verify any configuration changes before they are applied to a network device. When the technician inspects a newly proposed configuration change from a coworker, she determines that it would improperly configure the AS number on the device. Which of the following issues could have resulted from this configuration change if it was applied?

BGP (Border Gateway Protocol) is used to route data between autonomous systems (AS). A collection of networks within the same administrative domain is called an autonomous system (AS). The routers within an AS to use an interior gateway protocol, such as the Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF) protocol, exchange routing information among themselves. Autonomous systems operate at layer 3 and are focused on wired networks. Therefore, the frequency mismatch, decreased wireless coverage areas, and spanning tree ports would not be affected by the improper configuration of an AS number on a device.

A technician is troubleshooting a workstation connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology?

Based on the network troubleshooting methodology, you should try to test your theory to determine the cause once you have established a theory of probable cause. In this scenario, the technician has a theory that the static ARP entry is the cause of the problem. Since this issue has already caused the workstation not to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn't fix the issue, you would need to develop a new hypothesis to test. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

A technician needs to limit the amount of broadcast traffic on a network and allow different segments to communicate. Which of the following should the technician install to satisfy this requirement?

By adding a multilayer (layer 3) switch, the technician can improve network routing performance and reduce broadcast traffic. Creating a VLAN provides LAN segmentation, as well, within the network and the multilayer switch can conduct the routing between VLANs as needed. Just adding a single router would only create two broadcast domains, but adding the multilayer switch and configuring VLANs would allow you to add as many broadcast domains as you need. Each VLAN is its own broadcast domain. A bridge is a layer 2 device, it does not break apart broadcast domains. A firewall isn't designed to break apart broadcast domains, this is a job for a router or a layer 3 switch.

A company has a secondary datacenter in a remote location. The datacenter staff handles cable management and power management. The building's security is also handled by the datacenter staff with little oversight from the company. Which of the following should the technician do to follow the best practices?

By ensuring locking cabinets and racks are used, the staff would have keyed or RFID card locks installed. This provides an extra layer of physical security to the servers, which is considered a best practice.

When a criminal or government investigation is underway, what describes the identification, recovery, or exchange of electronic information relevant to that investigation?

By process of elimination, you can easily answer this question. Data transport is the transport of data, while the first responder is the first person to arrive on the scene. Encryption is a method of putting data into a tunnel so that it is completely secure. This leaves us with eDiscovery. eDiscovery is the term that refers to the process of evidence collection through digital forensics. eDiscovery is conducted during an incident response.

Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?

Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request. Secure Sockets Layer (SSL) is a security protocol developed by Netscape to provide privacy and authentication over the Internet. SSL is application-independent that works at layer 5 [Session] and can be used with a variety of protocols, such as HTTP or FTP. Client and server set up a secure connection through PKI (X.509) certificates. Carrier-sense multiple access with collision avoidance (CSMA/CA) is a type of network multiple access method that uses carrier sensing, but nodes attempt to avoid collisions by beginning transmission only after the channel is sensed to be idle. CSMA/CA occurs in the background when communicating with a wireless access point and would not prevent the user from authenticating to the captive portal. A WPA2 security key is a preshared password used to authenticate and connect to a wireless access point. If the user connected to the SSID, then the WPA2 security key was valid.

Which of the following provides a standard nomenclature for describing security-related software flaws?

Common Vulnerabilities and Exposures (CVE) is an element of the Security Content Automation Protocol (SCAP) that provides a standard nomenclature for describing security flaws or vulnerabilities. A SIEM is a solution that provides a real-time or near-real-time analysis of security alerts generated by network hardware and applications. A VPC is a private network segment made available to a single cloud consumer on a public cloud. The Sarbanes-Oxley Act (SOX) dictates requirements for storing and retaining documents relating to an organization's financial and business operations, including the type of documents stored and their retention periods.

You have recently been hired as a security analyst at Dion Training. On your first day, your supervisor begins to explain the way their network is configured, showing you the physical and logical placement of each firewall, IDS sensor, host-based IPS installations, the networked spam filter, and the DMZ. What best describes how these various devices are placed into the network for the highest level of security?

Defense in depth is the concept of layering various network appliances and configurations to create a more secure and defensible architecture. Dion Training appears to be using various host-based and network-based devices to ensure there are multiple security layers in the network.

Which encryption type MOST likely is used for securing the key exchange during a client-to-server VPN connection?

ISAKMP is used in IPsec, which is commonly used in securing the key exchange during the establishment of a client-to-server VPN connection. TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The Advanced Encryption Standard (AES) is a symmetric key encryption and is not used for key exchanges.

You are scanning a target as part of a penetration test. You discovered that the network uses Snort configured as a network-based IDS. Which of the following occurs when an alert rule has been matched in Snort during your scan?

If Snort is operating as an IDS, it will not block the connection or drop the packet. Instead, Snort will evaluate the entire packet and check all the alert rules, logging any matches it finds, and then allow it to continue onward to its destination.

Your company wants to create highly available datacenters. Which of the following will allow the company to continue maintaining an Internet presence at all sites if the WAN connection at their own site goes down?

If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available. Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF is an Interior Gateway Protocol (IGP), therefore it will not help be able to reroute the organization's WAN connections. The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork. VRRP is used for your internal clients and will not affect the routing of traffic between WANs or autonomous systems. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle. A load balancer would work at one site, but would not allow routing of the WAN connections at all the other sites since they rely on autonomous systems and BGP is used to route traffic between autonomous systems.

A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem?

If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address. APIPA is not configured on the VLAN's switch, it is configured by default on client and server devices, such as the workstation in this scenario. A small form-factor pluggable (SFP) transceiver is used on routers as a hot-pluggable network interface module, they are not used in workstations. The workstation's OS update status is unlikely to cause the network connectivity issue, but a network interface driver might. Therefore, the most likely cause of this issue is the switchport was configured as a trunking port instead of an access port.

What describes an IPv6 address of ::1?

In IPv6, ::1 is the loopback address. In IPv4, the loopback address is 127.0.0.1. The loopback address is used to send a test signal sent to a network destination to diagnose problems. A broadcast address is an IP address that is used to target all systems on a specific subnet network instead of single hosts. A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service. The address shown is not a broadcast or multicast address. A public address is routable over the internet but ::1 is a loopback address and therefore not publicly routable on the internet.

You are configuring a network to utilize SNMPv3 to send information from your network devices back to an SNMP manager. Which of the following SNMP options should you enable to ensure the data is transferred confidentially?

In SNMPv3, the authPriv option ensures that the communications are sent with authentication and privacy. This uses MD5 and SHA for authentication and DES and AES for privacy and encryption.

Your network relies on the use of ATM cells. At which layer of the OSI model do ATM cells operate?

In the data link layer (layer 2) of the OSI model, the basic unit of transfer is called a frame. In an ATM network, though, these frames are called cells and are of a fixed (53 octets or bytes) length that allows for faster switching of the cells across the network.

Which device actively defends the network by detecting threats and shutting down ports or changing configurations to prevent attacks?

Intrusion Protection Systems (IPS) can reconfigure themselves based on the threats experienced. Firewalls maintain a static configuration and cannot change their configurations automatically.

John is investigating a performance issue on a server and has begun by gathering its utilization statistics. John notices that the statistics are outside of the normal, acceptable ranges. What should John do next?

John should conduct a baseline review to compare the statistics he collected against the previous baseline. He can then use this information further to investigate the drop in the server's performance. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.

What is true concerning jumbo frames?

Jumbo frames are Ethernet frames whose MTU is greater than 1500. To increase performance, you should use jumbo frames only when you have a dedicated network or VLAN, and you can configure an MTU of 9000 on all equipment. Because of this, jumbo frames are most commonly used in a storage area network (SAN).

A network administrator wants to separate web servers on the network logically. Which of the following network device will need to be configured?

Logical separation of network devices is accomplished using VLANs, which are configured on the network switches. A hub is a layer 1 device and provides no logical separation. An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats. A host-based intrusion detection system is a form of network security that works to detect identified threats. Neither a IPS nor HIDS can logically separate the web servers on the network.

You have just finished installing a new web application and need to connect it to your Microsoft SQL database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?

Microsoft SQL uses ports 1433, and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). SQLnet uses ports 1521 and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Which type of wireless technology are OFDM, QAM, and QPSK examples of?

Modulation is the process of varying one or more properties of a periodic waveform, called the carrier signal, with a separate signal called the modulation signal that typically contains information to be transmitted. WiFi can use different digital modulation schemes for data transmission. Common types of modulation include Orthogonal frequency-division multiplexing (OFDM), Quadrature Amplitude Modulation (QAM), and Quadrature Phase-shift keying (PSK). Frequency is the number of occurrences of a repeating event per unit of time. Wireless networks utilize three different frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. Interference occurs when two radios are transmitting or receiving on the same frequencies. Spectrum refers to the range of frequencies used by a radio transmitter or receiver, such as the 2.4 GHz spectrum which includes frequencies from 2.412 GHz to 2.472 GHz in the United States.

You have been asked to troubleshoot a router which uses label-switching and label-edge routers to forward traffic. Which of the following types of protocols should you be familiar with to troubleshoot this device?

Multi-protocol label switching (MPLS) is a mechanism used within computer network infrastructures to speed up the time it takes a data packet to flow from one node to another. The label-based switching mechanism enables the network packets to flow on any protocol. Border Gateway Protocol (BGP) refers to a gateway protocol that enables the internet to exchange routing information between autonomous systems (AS). Open Shortest Path First (OSPF) is a link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. BGP, OSPF, and EIGRP do not use label-switching technology.

A NAC service has discovered a virus on a client's laptop. Where should the laptop be redirected to in order to be remediated?

Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), the user or system authentication, and network security enforcement. When NAC detects an issue with a client, it places them in a quarantine network until the device can be remediated to meet the entry requirements for the given network.

Dion Training wants to implement a technology that will automatically test any wireless device that connects to their network before allowing the device full access to the corporate network and its resources. Which of the following should be implemented?

Network Access Control is an approach to computer security that attempts to unify endpoint security technology, user or system authentication, and network security enforcement. Effective network access control restricts access to only those devices that are authorized and compliant with security policies, meaning they have all the required security patches and anti-intrusion software. When a device connects to the network, it is placed into an automated testing area. If it passes the compliance testing, it is placed into the full corporate network. If it fails the compliance testing, it is placed into quarantine where it remains until it has been remediated or upgraded to meet the compliance requirements. A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. A pre-shared key is used to encrypt data traversing over a WEP, WPA, or WPA2 wireless network. A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet.

Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on? (SELECT TWO)

Network Access Control is used to identify an endpoint's characteristics when conducting network authentication. The GPS location of the device will provide the longitude and latitude of the user, which could be compared against the GPS coordinates of the building. Port security enables an administrator to configure individual switch ports to allow only a specified number of source MAC addresses to communicate using a given switchport. This would not help to locate the individual based on their location, though. Geo-IP, or geolocation and country lookup of a host based on its IP address, would identify the country of origin of the user, but not whether they are within the building's confines. Geo-IP is also easily tricked if the user logs in over a VPN connection.

Which of the following tools would allow you to detect running services, applications, or operating systems on the network's clients, servers, or devices by sending specifically crafted packets to them and analyzing their responses?

Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network's clients, servers, and devices. A protocol analyzer is used to capture, monitor, and analyze data transmitted over a communication channel. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. While you may be able to identify the services, applications, or operating systems using tcpdump by analyzing the captured packets, tcpdump will not send specifically crafted packets to the devices as it is a passive reconnaissance tool. The ping command is used to test whether a given target is reachable across an IP network by sending an ICMP Echo Request packet and receiving an ICMP Echo Reply.

What is considered a classless routing protocol?

OSPF is known as a classless protocol. Classless routing protocols are those protocols that include the subnet mask information when the routing tables or updates are exchanged. Other classless routing protocols include EIGRP, RIPv2 (or newer), and IS-IS.

Which of the following WAN technologies would MOST likely be used to connect several remote branches that have no fiber, microwave, or satellite connections available?

POTS (Plain Old Telephone System) is connected to almost every facility in the United States. DSL and dial-up services can be received over POTS. OC-3 is a type of fiber connection. WiMAX is a type of microwave connection. Starlink is a type of satellite connection.

A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?

Packet captures contain every packet that is sent and received by the network. By using a program like Wireshark to analyze the packet captures, you can see what kind of information and metadata is contained within the packets. By conducting this type of packet analysis, an attacker (or cybersecurity analyst) can determine if software versions are being sent as part of the packets and their associated metadata.

Which of the following is the BEST antenna configuration to use for AP4 and AP5 to control the signal propagation and minimize the chances of the signal being intercepted?

Parabolic antennas work well for outside wireless applications where you want directional control of the signal (such as when connecting two buildings) and over a longer distance (such as "down the street" as in this scenario). The other possible option was the Directional antennas, but the signal strength of 5 dB would not be sufficient for an outdoor wireless connection over the distance presented in this scenario.

You are working as a network administrator and are worried about the possibility of an insider threat. You want to enable a security feature that would remember the Layer 2 address first connected to a particular switch port to prevent someone from unplugging a workstation from the switch port and connecting their laptop to that same switch port. Which of the following security features would BEST accomplish this goal?

Port security, also known as persistent MAC learning or Sticky MAC, is a security feature that enables an interface to retain dynamically learned MAC addresses when the switch is restarted or if the interface goes down and is brought back online. This is a security feature that can be used to prevent someone from unplugging their office computer and connecting their laptop to the network jack without permission since the switch port connected to that network jack would only allow the computer with the original MAC address to gain connectivity.

The corporate network uses a centralized server to manage credentials for all of its network devices. What type of server is MOST likely being used in this configuration?

RADIUS is used to manage credentials for network devices centrally. Remote Authentication Dial-In User Service is a networking protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service. TACACS+ is an older username and login system that uses authentication to determine access, while RADIUS combines authorization AND authentication. For this question, either RADIUS or TACACS would be an acceptable answer. Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos is used in Windows Active Directory domains for authentication. The domain name system (DNS) protocol is the protocol used to provide names for an IP address based on their mappings in a database using TCP/UDP port 53. The file transfer protocol (FTP) is the protocol used to transfer files across the internet over ports 20 and 21.

A company is setting up a brand new server room and would like to keep the cabling infrastructure out of sight but still accessible to the network administrators. Infrastructure cost is not an issue. Which of the following should be installed to meet the requirements?

Raised floors allow the cabling to be placed under the floor, but still accessible to the network administrators. A conduit is a tube through which power or data cables pass. Conduits are usually metal or plastic pipes, and it makes accessing the cables difficult when maintenance is going to be performed. Cable trays are a mechanical support system that can support electrical cables used for power distribution, control, and communication. Cable trays can be installed on the ceiling or under the floor if you are using a raised floor system. If cable trays are installed in the ceiling, they can be difficult to reach and work on. Patch panels are useful in a cable distribution plant, but they will not allow the cables to be distributed throughout the entire work area. A patch panel is a piece of hardware with multiple ports that helps organize a group of cables. Each of these ports contains a wire that goes to a different location. Patch panels and cable trays may be used to form the backbone of your cable distribution plant, but to meet the requirements of the question you should use raised floors in conjunction with these.

Lynne is a home user who would like to share music throughout the computers in her house using an external USB hard drive connected to a router that she purchased over a year ago. The manufacturer states that the router can recognize drives up to 4TB in size, but she cannot get her 3TB hard drive to show up on the network. Which of the following should Lynne do to solve this issue?

Routers can be updated by conducting a firmware flash. This is similar to upgrading or patching your computer's operating system or even updating a device driver. By flashing the firmware, it can provide the ability to communicate with newer devices and remove known software vulnerabilities from the device.

A network administrator has determined that the ingress and egress traffic of a router's interface are not correctly reported to the monitoring server. Which of the following can be used to determine if the router interface uses 64 bit versus 32-bit counters?

SNMP Walk can be used to determine if the counter is using 32 bits or 64 bits by querying the OID of the endpoint (router interface). This is a complex topic beyond the scope of the Network+ exam (how to use the SNMP Walk tool) and usually serves as a type of in-depth question that CompTIA might ask to determine if a candidate has actual real-world experience in networking or just studied from a textbook. Some instructors like to claim that CompTIA uses these types of questions to determine if someone is cheating because only people who studied from a "brain dump" are likely to get this question correct! This type of question reminds you that it is ok not to know all the answers on test day. Just take your best guess, and then move on!

You have just finished installing a new web application and need to connect it to your SQLnet database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?

SQLnet uses ports 1521, and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Microsoft SQL uses ports 1433 and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Last night, your company's system administrators conducted a server upgrade. This morning, several users are having issues accessing the company's shared drive on the network. You have been asked to troubleshoot the problem. What document should you look at first to create a probable theory for the cause of the issue?

Since everything worked before the server upgrade and doesn't now, it would be a good idea to first look at the change management documentation that authorized the change/upgrade. This should include the specific details of what was changed and what things may have been affected by the change. This is the best place to start when determining what changed since yesterday. Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies.

The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?

Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client. MAC filtering does not use a password or preshared key. WEP uses a pre-shared key to secure a wireless network, but WPA uses a stronger encryption standard than WEP.

A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. Which of the following is MOST likely the cause of the connectivity issue?

Since the scenario states the VoIP phone works properly from the old desk, it is properly configured and the hardware itself works. This indicates the problem must be caused by the new desk which contains a different network cable from the switch to the wall jack in the cubicle. This is most likely a bad cable, such as one with a short in it. To verify this theory, the technician should use a cable tester to verify if the cable does have a short or not. While attenuation is a possible cause of the problem described, it is unlikely since the employee only moved a few desks (10-15 feet), and is not a large enough distance to cause significant attenuation issues.

Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue?

Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the "nbtstat -R" command to purge and reload the cached name table from the LMHOST file on their Windows workstation. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host. The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server.

A network technician is selecting the best way to protect a branch office from as many different threats from the Internet as possible using a single device. Which of the following should meet these requirements?

Since this is a branch office and you want to protect it from as many threats as possible, using a Unified Threat Management (UTM) device would be best. A UTM will protect you from most things using a single device. A network-based firewall would provide basic protection, but a UTM will include anti-virus and other protections beyond just a firewall's capabilities. Host-based firewalls are great, but the network-based firewall or UTM device is configured to protect all devices on a network whereas a host-based firewall only protects the single host device. A network-based intrusion detection system (NIDS) can detect threats, but it cannot stop or prevent them.

A network's design includes gateways connecting an assembly-line network. The assembly-line network uses specialized cabling and interfaces to allow the assembly-line robots to communicate with one another. Which type of network would you classify this design as?

Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS) are used in manufacturing and assembly-line networks. SCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Industrial control system (ICS) is a collective term used to describe different types of control systems and associated instrumentation, which includes the devices, systems, networks, and controls used to operate and/or automate industrial processes. Network Function Virtualization (NFV) is a way to reduce cost and accelerate service deployment for network operators by decoupling functions like a firewall or encryption from dedicated hardware and moving them to virtual servers. Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. Channel Service Unit/Data Service Unit (CSU/DSU) is a hardware device about the size of an external modem that converts digital data frames from the communications technology used on a local area network (LAN) into frames appropriate to a wide-area network (WAN) and vice versa.

Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?

TACACS+ is an extension to TACACS (Terminal Access Controller Access Control System) and was developed as a proprietary protocol by Cisco. The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that operates on port 1812 and provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service, but Cisco did not develop it. Kerberos is a network authentication protocol designed to provide strong mutual authentication for client/server applications using secret-key cryptography developed by MIT. Challenge-Handshake Authentication Protocol (CHAP) is used to authenticate a user or network host to an authenticating entity. CHAP is an authentication protocol but does not provide authorization or accounting services.

You just started work as a network technician at Dion Training. You have been asked to determine if Ethernet0/0 is currently connected using OSPF or EIGRP on one of the network devices. Which of the following commands should you enter within the command line interface?

The "show route" command is used on a Cisco networking device to display the current state of the routing table for a given network device. To determine if Ethernet0/0 is connected using OSPF or EIGRP, you would need to use the "show route" command to display the current status. The "show configuration" command is used on a Cisco networking device to display the device's current configuration. The "show interface" command is used on a Cisco networking device to display the statistics for a given network interface. The "show diagnostic" command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device.

A network technician wants to centrally manage the switches and segment the switches into separate broadcast domains. The Dion Training network is currently using VLAN 1 for all of its devices and uses a single private IP address range with a 24-bit mask. Their supervisor wants VLAN 100 to be the management subnet and all of the switches must share VLAN information. Which of the following should the technician configure to meet these requirements?

The 801.q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffic will be sent to the native or default VLAN, VLAN 1. By default, VLAN 1 is enabled and all unused ports are assigned to it. VLSM stands for Variable Length Subnet Mask where the subnet design uses more than one mask in the same network which means more than one mask is used for different subnets of a single class A, B, or C network. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard and Rapid Reconfiguration of Spanning Tree is defined in the IEEE 802.1w standard. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.

Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 3.5 Gbps?

The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi 6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108 Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz channel to provide additional bandwidth.

Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera's security concerns? (Select TWO)

The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network. While enabling two-factor authentication on the device's website is a good practice, it will not increase the IoT device's security. While disabling the wireless connectivity to the thermostat will ensure it cannot be hacked, it also will make the device ineffective for the customer's normal operational needs. WEP is considered a weak encryption scheme, so you should use WPA2 over WEP whenever possible. Finally, upgrading the wireless access point's firmware is good for security, but it isn't specific to the IoT device's security. Therefore, it is not one of the two BEST options.

The UPS that provides backup power to your server is malfunctioning because its internal battery has died. To replace the battery, you must shut down the server, unplug it from the UPS, and unplug the UPS from its power source (the wall outlet). You perform these actions but think that there has to be a better way to increase the server's availability in the future. Which of the following recommendations would BEST increase the server's availability based on your experience with this UPS battery replacement?

The BEST recommendation would be to install a redundant power supply in the server. Adding a second UPS would not solve the problem if the server still only has one power supply available. Switching from a UPS to a generator will not solve this issue, either, because generators also require scheduled maintenance and downtimes. Finally, adding a surge protector won't provide power when you need to power off a UPS for a battery replacement.

A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?

The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for security and privacy management for internal and external networks. This can provide a security and privacy management mechanism by logical or physical separation of DNS information for network-internal access and access from an insecure, public network like the Internet. Under this configuration, there are two sets of DNS information, and the results are provided based upon the source address of the requester (internal or external). Dynamic NAT is a many-to-one mapping of a private IP address or subnets inside a local area network to a public IP address or subnet outside the local area network. The traffic from different zones and subnets over trusted (inside) IP addresses in the LAN segment is sent over a single public (outside) IP address. A DMZ (demilitarized zone), a type of screened subnet, is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. An access control list (ACL) is a list of permissions associated with a system resource (object). A firewall is configured with an access control list to filter network traffic based on the assigned rules.

The network administrator is troubleshooting the switchports for a file server with dual NICs. The file server needs to be configured for redundancy, and the dual NICs need to be combined for maximum throughput. What feature on the switch should the network administrator ensure is enabled for best results?

The Link Aggregation Control Protocol (LACP) is the 802.3ad protocol is used to group numerous physical ports to make one high bandwidth path. This method can increase bandwidth and therefore, throughput. LACP can also provide network redundancy and load balancing. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. A Bridge Protocol Data Unit (BPDU) is used by STP to prevent the bridge loops. Load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

Which of the following components is used to identify a variable that may be set or read using SNMP?

The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol.

After installing some new switches in your network, you notice that a switching loop has begun to occur. You contact the manufacturer's technical support for your switches and they recommended that you enable 802.1d. Which of the following BEST represents why the manufacturer suggested this?

The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. The Spanning Tree Protocol operates at Layer 2 of the OSI model to detect switching loops. STP is defined in the IEEE 802.1d standard. The Link Aggregation Control Protocol (LACP) enables you to assign multiple physical links to a logical interface that will appear as a single link to a route processor. LACP is used to combine multiple network connections in parallel to increase throughput beyond what a single connection could sustain and to provide redundancy in case one of the links should fail. LACP is defined in the IEEE 802.3ad standard. Split horizon is used by routing protocols at layer 3 to prevent routing loops, and it does not affect switching loops.

Which of the following protocols are designed to avoid loops on a Layer 2 network?

The Spanning Tree Protocol is part of the 802.1d standard and avoids loops in the switching network (layer 2). The 802.1q standard is used to define virtual LANs (VLANs) on an ethernet network. RIPv2 is a layer 3 distance-vector protocol for local and wide-area networks, and does not prevent or avoid loops by default. Open Shortest Path First (OSPF) is a layer 3 link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF does not avoid or prevent loops by default. Instead, RIP and OSPF both rely on split horizon and route poisoning to avoid layer 3 loops.

Which of the following protocols must be implemented for two switches to share VLAN information?

The VLAN Trunking Protocol (VTP) allows a VLAN created on one switch to be propagated to other switches in a group of switches in a VTP domain. Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches to ensure that you do not create loops when you have redundant paths in your network. Multiprotocol Label Switching is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows. The Point-to-Point Tunneling Protocol is an obsolete method for implementing virtual private networks. MPLS, STP, and PPTP are not used to share VLAN information like VTP and the 802.1q standard do.

An administrator has configured a new 250 Mbps WAN circuit, but a bandwidth speed test shows poor performance when downloading larger files. The download initially reaches close to 250 Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the interface on the router and sees the following: DIONRTR01# show interface eth 1/1 GigabitEthernet 1/1 is up, line is up Hardware is GigabitEthernet, address is 000F.33CC.F13A Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Member of L2 VLAN 1, port is untagged, port state is forwarding Which of the following actions should be taken to improve the network performance for this WAN connection?

The WAN interface (eth 1/1) is currently untagged and is being assigned to the default VLAN (VLAN 1). If there are numerous devices in the default VLAN, the VLAN may be overloaded or oversubscribed leading to a reduction in the network performance. To solve this issue, you would assign the WAN interface to a VLAN with less traffic or to its own VLAN. By adding an 802.1q tag (VLAN tag) to the interface, you can assign it to its own individual VLAN and eliminate potential overloading or oversubscription issues. The interface is already set to full-duplex (fdx) and it operating in full-duplex (fdx). Therefore, the issue is not a duplexing mismatch. The configuration shows that the interface is already using a GigabitEthernet, so you do not need to replace the transceiver with a 1000Base-T module. Also, the physical layer is working properly and a link is established, as shown by the output "GigabitEthernet 1/1 is up", showing the current transceiver is functioning properly at 1 Gbps. While issuing the shutdown command and then re-enabling the interface could clear any errors, based on the interface status shown we have no indications that errors are being detected or reported.

Which of the following layers within software-defined networking focuses on resource requests or information about the network?

The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.

An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted if this change is not immediate. The request comes directly from management and was just approved through the emergency change management process. Which of the following should the technician do?

The best answer is to make the change, document the requester, and document all the network changes. All changes to the enterprise network should be approved through the normal change management processes. If there is an urgent need, there is an emergency change management process that can be used for approval. This is known as an emergency change approval board (ECAB). An ECAB can be executed extremely quickly to gain approval, and then the documentation can be completed after the change is made when using the emergency change management processes.

You are assisting the company with developing a new business continuity plan. What would be the BEST recommendation to add to the BCP?

The business continuity plan focuses on the tasks carried out by an organization to ensure that critical business functions continue to operate during and after a disaster. By keeping redundant links between core devices, critical business services can be kept running if one link is unavailable during a disaster. Some of the other options are good ideas, too, but this is the BEST choice to maintain a high availability network that can continue to operate during periods of business disruption.

Which of the following layers is NOT used in a three-tiered data center network architecture?

The control layer is used in software-defined networking (SDN), not the three-tiered data center network architecture. The Core Layer is considered the backbone of our network and is used to merge geographically separated networks back into one logical and cohesive unit. In general, you will have at least two routers at the core level, operating in a redundant configuration. The distribution or aggregation layer is located under the core layer and it provides boundary definition by implementing access lists and filters to define the policies for the network at large. The access or edge layer is located beneath the distribution or aggregation layer and is used to connect all the endpoint devices like computers, laptops, servers, printers, wireless access points, and others.

Which of the following layers within software-defined networking focuses on providing network administrators the ability to oversee network operations, monitor traffic conditions, and display the status of the network?

The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations. The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements.

Which of the following weaknesses exist in WPS-enabled wireless networks?

The most prominent attack against WPS0-enabled wireless networks involves brute-forcing the 8-digit PIN that client uses to enroll their devices without knowing the pre-shared key. WPS checks each half of the PIN individually, reducing the number of possible combinations from a maximum of 100,000,000 to only 11,000. This only takes a few minutes to crack on most modern computers, as long as the WAP doesn't have a lockout after a certain number of failures. The lockout mechanism may also be triggered based on the client's MAC, so you can often spoof MAC to bypass this defense.

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the back-end authentication system supports EAP and TTLS. What should the network administrator implement?

The network administrator can utilize 802.1x using EAP-TTLS with PAP for authentication since the backend system supports it. Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users.

Which of the following terms represents the maximum amount of data, as measured in time, that an organization is willing to lose during an outage?

The recovery point objective (RPO) is the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan's maximum allowable threshold or tolerance. The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in continuity. The mean time to repair (MTTR) measures the average time it takes to repair a network device when it breaks. The mean time between failures (MTBF) measures the average time between when failures occur on a device.

Rick is configuring a Windows computer to act as a jumpbox on his network. He implements static routing to control the networks and systems the jumpbox communicates with. Which of the following commands did he use to configure this on the Windows machine?

The route command is used to create, view, or modify manual entries in the network routing tables of a computer or server. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path.

Which of the following levels would a debugging condition generate?

The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Which of the following levels would an emergency condition generate?

The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Which of the following levels would an error condition generate?

The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

Students at Dion Training have been reporting extreme performance degradation across the network every Friday morning. Which of the following should the network technician review FIRST to identify the root cause of the network performance issues?

The technician should first review the utilization on the network during the time period where network performance issues are being experienced. This will then be compared to the average performance of the network throughout the rest of the week. In turn, this could be compared against the baseline.

Scott is a brand new network technician at Dion Training. He has been told to remote into the edge switch from his desk and enable DHCP snooping. Which of the following commands should he use?

The telnet command is used to open a command-line interface on a remote computer or server. Telnet operates in plain text mode and should never be used over an untrusted or public network. While it would be better for Scott to use SSH for security reasons, telnet is still the best answer based on the options presented in this question. Nmap, or Network Mapper, is a cross-platform, open-source tool used to scan IP addresses and ports on a target network, and to detect running services, applications, or operating systems on that network's clients, servers, and devices. A trivial file transfer protocol (TFTP) server is used to send or receive files over a TCP/IP network. TFTP servers are commonly used to transfer firmware images and configuration files to network appliances like routers, switches, firewalls, and VoIP devices. The ip command is a suite of tools used for performing network administration tasks, such as displaying the current TCP/IP network configuration, refreshing the DHCP and DNS settings, assigning an IP address, and configuring TCP/IP settings for a given interface.

Dion Training's corporate network appears to be suffering from a broadcast storm and you have been asked to assist in troubleshooting. You just arrived in the main distribution frame and see another technician looking at the equipment rack. What step of the troubleshooting methodology should you perform NEXT?

The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Since you just arrived at the main distribution frame, you need to begin by identifying the problem. This could include gathering information, questioning users or the other technician, identifying symptoms, determining if anything has changed, or trying to duplicate the problem.

Which of the following technologies deliver multiple voice calls over a copper wire if you have an ISDN or T-1 connection?

Time-division multiplexing allows for two or more signals or bitstreams to be transferred in what appears to be simultaneous sub-channels in one communication channel but is physically taking turns on the channel. This is the technology used in a single PRI (ISDN or T-1) service to essentially share a single cable but pass multiple voice calls over it. Analog circuit switching is used by telephone providers on the Public Switched Telephone Network (PSTN), not with ISDN or T-1 connections. Time-division spread spectrum is not a real thing, spread spectrum is used in Wi-Fi, but it is based on frequency and not time. CSMA/CD is the carrier sense multiple access collision detection that is used for ethernet access at layer 2 of the OSI model. CSMA/CD is not used with ISDN or T-1 connections.

Your boss has asked you to select the technology for a new wireless network for the office. She stated that the new network must allow users to connect their laptops, smartphones, and tablets wirelessly. The technology selected should utilize the longest range possible without signal loss. Which of the following wireless technologies should be selected to meet these requirements?

To meet these requirements, you should recommend 802.11ac because it allows for faster speeds than wireless b, g, and n, and it provides the longest ranges of the options provided. The 802.11ac can reach 115 feet (35 meters) using 8 MIMO streams for higher bandwidth, or up to 230 feet (70 meters) using only 4 MIMO streams to provide greater coverage at a lower bandwidth. The 802.11ac (Wireless AC or Wi-Fi 5) standard utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive data at higher speeds.

While working as a security analyst, you have been asked to monitor the SIEM. You observed network traffic going from an external IP to an internal host's IP within your organization's network over port 443. Which of the following protocols would you expect to be in use?

Transport Layer Security (TLS) is used to secure web connections over port 443. Since port 443 was in use, you should expect either HTTPS, SSL, or TLS to be used as the protocol. If not, this would be suspicious activity and should be investigated. In fact, since this was a connection from the external IP to an internal host over port 443, this is suspicious and could be indicative of a remote access trojan on your host.

Which of the following describes the ID of a specified native VLAN when traffic passes over a trunk?

Trunk ports carry all traffic, regardless of VLAN number, between all switches in a LAN. The VLAN designation for a trunk port is its native or default VLAN. If the trunk port has a native VLAN that differs from the tag placed on the frame as it entered the access port, the switch leaves the tag on the frame and sends the tagged frame along to the next switch or switches. If the trunk port's native VLAN is the same as the access port's VLAN, then the switch drops the tag and sends the untagged frame out of the trunk port.

Which network element enables unified communication devices to connect to and traverse traffic onto the PSTN?

Unified Communications (UC) enables people to use different modes of communication, media, and devices to communicate with anyone, anywhere, anytime. To accomplish this, a UC gateway is needed. Unified communications (UC) refers to the integration of multiple forms of real-time communications including voice, video, collaboration, and text messaging. A UC gateway connects your IP-based voice system to the Public Switched Telephone Network (PSTN).

You suspect that your server has been the victim of a web-based attack. Which of the following ports would most likely be seen in the logs to indicate the attack's target?

Web-based attacks would likely appear on port 80 (HTTP) or port 443 (HTTPS). An attack against Active Directory is likely to be observed on port 389 LDAP. An attack on an FTP server is likely to be observed on port 21 (FTP). An attack using the remote desktop protocol would be observed on port 3389 (RDP).

You are trying to connect to a router using SSH to check its configuration. Your attempts to connect to the device over SSH keep failing. You ask another technician to verify that SSH is properly configured, enabled on the router, and allows access from all subnets. She attempts to connect to the router over SSH from her workstation and confirms all the settings are correct. Which of the following steps might you have missed in setting up your SSH client preventing you from connecting to the router?

When configuring your SSH connection, you must ensure that a key is established between your client and the server. If you never set up an SSH key, you will need to generate a new key to get SSH to connect properly. Since the other technician was able to connect on her machine, we can rule out a SSH server issue, so it must be an issue with your account or client. The only option that relates solely to your account or client is the possibility that a key was not properly generated for your client.

Which of the following features is supported by Kerberos but not by RADIUS?

Whether you learned the in-depth details of each of these protocols during your studies or not, you should be able to answer this question by remembering that Kerberos is all about 'tickets.' Kerberos uses a system of tickets to allow nodes to communicate over a non-secure network and securely prove their identity. Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos is used in Windows Active Directory domains for authentication. Single sign-on (SSO) is a type of mutual authentication for multiple services that can accept the credential from one domain or service as authentication for other services. The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request.

Jason wants to use his personal cell phone for work-related purposes. Because of his position, Jason has access to sensitive company data, which might be stored on his cell phone during its usage. The company is concerned about this but believes that it might be acceptable with the proper security controls in place. Which of the following should be done to protect both the company and Jason if they allow him to use his personal cell phone for work-related purposes?

While all four are good options, the BEST solution is to conduct real-time monitoring of the phone's activity since it is a technical control that could quickly identify an issue. The other options are all administrative controls (policies), which are useful but would not actually identify if the sensitive data was leaked from Jason's phone.

A network technician at a warehouse must implement a solution that will allow a company to track shipments as they enter and leave the facility. The warehouse workers must scan and concurrently upload large images of items to a centralized server. Which of the following technologies should they utilize to meet these requirements?

Wi-Fi is the best solution to meet this organization's needs. 802.11ac is a very fast high-speed Wi-Fi network capable of 1 Gbps speeds over a 5 GHz spectrum and is perfect for uploading large image files quickly over a wireless local area network. Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. While the warehouse might want to also utilize RFID to allow for the accurate scanning of items using radio frequency tracking tags, RFID cannot upload large images of the items to the centralized server since it is limited to 2 KB of data per RFID tag. Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz and building personal area networks. Bluetooth would not allow the worker to have full coverage throughout the warehouse due to the short distance requirement between a transmitter and receiver. Near-Field Communication (NFC) is a set of communication protocols for communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection with a simple setup that can be used to bootstrap more capable wireless connections.