Network + Post
Given a subnet mask of 255.255.192.0, what is the corresponding prefix notation?
/18 Given a subnet mask of 255.255.192.0, you should recognize the first two octets, each containing a value of 255, represent sixteen ones. To those 16 ones, you add two additional binary ones to create a decimal number of 192 (that is, 128 + 64 = 192). The sum of sixteen and two equals eighteen, which is the number used in the prefix (also known as slash) notation. Answer C is incorrect. The prefix notation of /26 equates to a dotted decimal subnet mask of 255.255.255.192. Answer A is incorrect. The prefix notation of /22 equates to 255.255.252.0. Answer D is incorrect. The prefix notation of /16 is the classful subnet mask of 255.255.0.0.
You have a Layer 2 switch. You have left all ports in the default VLAN. You connect five workstations. How many broadcast domains exist on this switch?
1 By default, there is one broadcast domain on the switch. If you create additional VLANs, this will create additional broadcast domains.
In the given figure, all the three wireless access points (APs) operate in the 2.4 GHz frequency band. Which three channels should be used by the APs?
1, 6, 11 Figure shows their coverage overlapping
What is the bandwidth of a T1 digital circuit?
1.544 Mbps A T1 digital circuit has a bandwidth of 1.544 Mbps. Answer C is incorrect. An E1 digital circuit has a bandwidth of 2.048 Mbps. Answer D is incorrect. A T3 digital circuit has a bandwidth of 44.7 Mbps. Answer A is incorrect. An E3 digital circuit has a bandwidth of 34.4 Mbps.
Refer to the exhibit. Given the network address translation (NAT) topology, identify the IP address that is the inside global IP address. (NOTE: To avoid using an organization's actual IP addresses in this question, all IP addresses are technically private IP addresses. However, assume that the 172.16.1.0/24 network and the 10.1.2.3 IP address are publicly routable.)
172.16.1.2 See figure 3 in OneNote The term "inside global" refers to a public (that is "global") IP address of a device on the "inside" of the network. In this case the IP address of 172.16.1.2 is the global IP address representing Client 1, which is on the inside of the network. Answer C is incorrect. The IP address of 192.168.1.2 is an inside local address since it refers to a private IP address (that is, local) for a device inside the network. Answer D is incorrect. The IP address of 192.168.1.1 is the IP address of the inside router interface, and not a NAT IP address. Answer E is incorrect. The IP address of 172.16.1.1 is the IP address of the outside router interface, and not a NAT IP address. Answer B is incorrect. The IP address of 10.1.2.3 is an outside global address, because it refers to the public (that is, global) IP address of a device outside the network.
A router's IP routing table has entries noted in the exhibit. To which next hop IP address will the router forward a packet destined for 10.1.2.1? Network Next Hop 10.0.0.0/8 10.2.2.2 10.1.0.0/16 192.168.1.2 10.1.1.0/24 172.16.1.2 0.0.0.0/0 10.3.3.2
192.168.1.2 When a router needs to route an IP packet, it consults its IP routing table to find the route that is the best match for the destination IP address. The best match is the route that has the longest prefix. Specifically, a route entry with the longest prefix is the most specific network. In this instance, the route entry for the 10.1.0.0/16 network is the most specific match, because it has the longest prefix that matches the destination IP address. The next hop IP address for the 10.1.0.0/16 network is 192.168.1.2. 10.0.0.0/8 is a match for the destination IP address of 10.1.2.1. However, it is not as specific as the 10.1.0.0/16 network. The 10.1.1.0/24 network does not include the destination IP address of 10.1.2.1. The 0.0.0.0/0 is a default route that can be used to route packets to networks not in a router's IP routing table. However, it is not needed in this instance, since two other IP routing table entries do match the destination IP address.
The IEEE 802.11n wireless standard has which of the following frequency band / maximum bandwidth parameters?
2.4 GHz or 5 GHz / > 300 Mbps The 802.11n standard can operate using the 2.4 GHz frequency band or the 5 GHz frequency band, or both. The theoretical maximum bandwidth of 802.11n exceeds 300 Mbps. Answer B is incorrect. The 802.11a standard uses a frequency band of 5 GHz and has a maximum bandwidth of 54 Mbps. Answer C is incorrect. The 802.11b standard uses a frequency band of 2.4 GHz and has a maximum bandwidth of 11 Mbps. Answer D is incorrect. The 802.11g standard uses a frequency band of 2.4 GHz and has a maximum bandwidth of 54 Mbps.
Which Syslog severity level is a condition where a specific operation failed to complete successfully?
4 A Syslog level of 4, with a name of "Warning," is a condition where a specific operation failed to complete successfully. Answer A is incorrect. A Syslog level of 0, with a name of "Emergency," is the most severe error condition, which renders a system unusable. Answer B is incorrect. A Syslog level of 1, with a name of "Alert," is a condition requiring immediate attention. Answer D is incorrect. A Syslog level of 7, with a name of "Debugging," provides highly detailed information (for example, information about individual packets), which is typically used for troubleshooting purposes.
What is the distance limitation of 100GBASE-ER4?
40km 10GBASE-ER and 10GBASE-EW both use single-mode fiber (SMF) as their media type, have a bandwidth capacity of 10 Gbps, and a distance limitation of 40 km. Also, 100GBASE-ER4 uses SMF as its media type, has a bandwidth capacity of 100 Gbps, and a distance limitation of 40 km. 10GBASE-LW uses single-mode fiber (SMF) as its media type, has a bandwidth capacity of 10 Gbps, and a distance limitation of 10 km. 10GBASE-SW uses multimode fiber (MMF) as its media type, has a bandwidth capacity of 10 Gbps, and a distance limitation of 300 m.
How big is the payload of an ATM cell?
48 bytes Asynchronous Transfer Mode (ATM) is a Layer 2 WAN technology that uses fixed-length cells as its protocol data unit, as opposed to the variable frames used by Frame-Relay. An ATM cell's 48 Byte payload size resulted from a compromise between the wishes of different countries as an international standard for ATM was being developed. Some countries, such as France and Japan, wanted a 32 Byte payload size, because smaller payload sizes worked well for voice transmission. However, other countries, including the United States, wanted a 64 Byte payload size, because they felt such a size would better support the transmission of both voice and data. In the end, the compromise was to use the average of 32 Bytes and 64 Bytes (that is, 48 Bytes).
You have a Layer 2 switch. You have left all ports in the default VLAN. You connect five workstations. How many collision domains exist on this switch?
5 There is one collision domain for each device connected. Therefore, there are five collision domains.
Approximately how many addresses are provided by a Class B scheme?
65,000 A Class B address accommodates approximately 65,000 addresses. This is why subnetting is so important. You cannot have a successful network with more than approximately 500 systems in one subnet. Answer D is incorrect. 16,000,000 is the approximate number supported in a Class A. Answer A is incorrect. A Class C supports 254 addresses. Answer B is incorrect. There is no class that supports approximately 35,000 addresses.
Which two of the following are true regarding a client-to-site and site-to-site virtual private networks (VPN)?
A site-to-site VPN interconnects two locations, as an alternative to a leased line, at a reduced cost. A client-to-site VPN (also known as a remote access VPN) interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost. The two primary categories of VPNs are site-to-site and client-to-site: A site-to-site VPN interconnects two sites, as an alternative to a leased line, at a reduced cost. A client-to-site VPN (also known as a remote access VPN) interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost. While a client-to-site VPN allows a user, with software on their client computer, to connect back to a centralized VPN termination device, a site-to-site VPN interconnects two sites without requiring the computers at those sites to have any specialized VPN software installed.
Which of the following best defines an IDS sensor?
An IDS sensor scans, audits, and monitors the security infrastructure for signs of attacks in progress. An intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior. It scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process. Answer C is incorrect. A firewall defines a set of rules dictating which types of traffic are permitted or denied as that traffic enters or exits a firewall interface. Answer B is incorrect. A virtual private network (VPN) can secure communication between two sites over an untrusted network. Answer A is incorrect. A demilitarized zone (DMZ) enables external clients to access data on private systems, such as web servers, without compromising the security of the internal network as a whole.
A corporate e-mail service would be classified as belonging to what Layer of the OSI Model?
Application The Application Layer (that is, Layer 7) of the OSI Model is concerned with application services (for example, file sharing and e-mail) and service advertisement. Answer A is incorrect. The Presentation Layer (that is, Layer 6) is concerned with data formatting and encryption. Answer D is incorrect. The Physical Layer (that is, Layer 1) is concerned with such things as how bits are represented on the medium. Answer B is incorrect. The Network Layer (that is, Layer 3) is concerned with such things as logical addressing (for example, IP addressing).
What class of IP address is 172.16.1.2?
B You can determine the class of an IP address by examining its first octet. Since 172 is in the range 128 - 191, it is a Class B IP address. Answer A is incorrect. An IP addresses whose first octet is in the range 1 - 126 is a Class A IP address. Answer C is incorrect. An IP address whose first octet is in the range 192 - 223 is a Class C IP address. Answer B is incorrect. An IP address whose first octet is in the range 224 - 239 is a Class D IP address. Note that Class D IP addresses are never used as source IP addresses. Rather, they are only used as destination multicast addresses.
What is a routing protocol that is used for moving prefixes back and forth between different autonomous systems?
BGP OSPF, RIP, and IS-IS are all examples of IGPs. Protocols that are designed to route within an autonomous system. BGP is an EGP; it is designed to share prefix information between these systems.
What is a routing protocol that is used for moving prefixes back and forth between different autonomous systems?
BGP OSPF, RIP, and IS-IS are all examples of IGPs. Protocols that are designed to route within an autonomous system. BGP is an EGP; it is designed to share prefix information between these systems.
While DHCP is not the only protocol used for dynamically assigning IP addresses to clients, it does offer a more robust set of features. Which of the following is a predecessor to DHCP, offering a reduced feature set?
BOOTP BOOTP was developed as a method of assigning IP address, subnet mask, and default gateway information to diskless workstations. DHCP offers a more robust solution to IP address assignment than the solution offered by BOOTP. DHCP does not require a statically configured database of MAC address to IP address mappings. Also, DHCP has a wide variety of options beyond basic IP address, subnet mask, and default gateway parameters. For example, a DHCP server can educate a DHCP client about the IP address of a WINS server, or even an administrator-defined parameter (for example, the IP address of a TFTP server from which a configuration file could be downloaded). Address Resolution Protocol (ARP) is a protocol used to resolve a MAC address corresponding to a known IP address. Domain Name System (DNS) is a protocol used to resolve an IP address corresponding to a fully-qualified domain name (FQDN).
A wireless LAN (WLAN) containing only one access point (AP) is known as what type of WLAN?
BSS A Basic Service Set (BSS) WLAN uses a single AP. BSS WLANs are said to run in infrastructure mode (as opposed to ad-hoc mode), because wireless clients connect to an AP, which is typically connected to a wired network infrastructure. Answer D is incorrect. An Independent Basic Service Set (IBSS) WLAN can be created without the use of an access point (AP). This type of ad hoc WLAN can be useful for temporary connections between wireless devices. For example, you might temporarily interconnect two laptop computers to transfer a few files. Answer B is incorrect. An Extended Service Set (ESS) WLAN is a WLAN containing two or more APs. Like a BSS WLAN, ESS WLANs operate in infrastructure mode. Answer C is incorrect. A Service Set Identifier (SSID) can be thought of as the name of a WLAN. Often, an AP will broadcast the name of a WLAN's SSID, thus allowing wireless devices to see that the WLAN is available.
Which QoS mechanism does not reorder packets and simply uses first-in, first-out logic?
Best Effort Three different QoS mechanisms are commonly used: best effort, integrated services (IntServ), and differentiated services (DiffServ). When traffic is not reordered at all and is simply forwarded as fast as possible, it is referred to as "best effort."
Which of the following approaches to wireless LAN (WLAN) security involves the use of an authentication server?
802.1X Rather than having all devices in a WLAN be configured with the same PSK, a more scalable approach is to require each wireless user to authenticate using their own credentials (for example, a username and password). Allowing each user to have their own set of credentials prevents the compromising of one password from impacting the configuration of all wireless devices. IEEE 802.1X is a technology that allows wireless clients to authenticate with an authentication server (typically, a Remote Authentication Dial-In User Service (RADIUS) server). Answer B is incorrect. An AP can be configured with a listing of MAC addresses that are permitted to associate with the AP. If a malicious user attempts to connect via their laptop (whose MAC address is not on the list of trusted MAC addresses), that user is denied access. One drawback to "MAC address filtering" is the administrative overhead required to keep an approved list of MAC addresses up-to-date. Another issue with MAC address filtering is a knowledgeable user could falsify the MAC address of their wireless network card, making their device appear to be an approved device. Answer C is incorrect. A Service Set Identifier (SSID) can be broadcast by an access point (AP) to let users know the name of a WLAN. For security purposes, an AP might be configured not to broadcast its SSID. However, knowledgeable users could still determine the SSID of an AP by examining captured packets. Answer D is incorrect. To encrypt transmission between a wireless client and an AP (in addition to authenticating a wireless client with an AP), both the wireless client and the AP could be preconfigured with a matching string of characters (that is, a pre-shared key (PSK)). The PSK could be used as part of a mathematical algorithm to encrypt traffic, such that if an eavesdropper intercepted the encrypted traffic, they would not be able to decrypt the traffic without knowing the PSK. While using a PSK can be effective in providing security for a small network (for example, a SOHO network), it lacks scalability. For example, in a large corporate environment, a PSK being compromised would necessitate the reconfiguration of all devices configured with that PSK.
What is a native VLAN?
A native VLAN is the VLAN on an IEEE 802.1Q trunk that does not have any tag bytes added. An IEEE 802.1Q trunk can simultaneously carry traffic for multiple VLANs. One, and only one, VLAN in a 802.1Q trunk is untagged. Frames belonging to all other VLANs each receive four tag bytes. The name of this untagged VLAN is the native VLAN. All traffic in a 802.1Q trunk is in-band. An EtherChannel virtual port does have a special VLAN type.
Refer to OneNote 1. for drawing
A proxy server takes a request from a client and forwards that request out to another network, for example, the Internet. When the destination host replies, the reply is sent to the proxy server, which forwards that reply to the originating client. In addition to basic proxy functionality, a proxy server might also cache the content it receives. For example, if multiple clients visited the same website on the Internet, instead of downloading that site's graphics multiple times, the proxy server could cache the content from the first request. Subsequent requests for the same content could then be served up by the proxy server, resulting in a bandwidth savings. Some proxy servers are also able to act as content filters, which can block access to certain URLs (for example, URLs pointing to social networking sites). Answer D is incorrect. A virtual private network (VPN) is a logical tunnel formed through a network, such as the Internet. While VPNs can terminate on a router, for scalability, VPN concentrators can be used to terminate one or more VPN tunnels. Answer C is incorrect. While many proxy servers are capable of performing content caching, some networks use dedicated appliances to perform this content caching. These appliances are commonly referred to as caching engines or content engines. As an example, a corporate branch office can locally cache information from a server located at the corporate headquarters location. Multiple requests from branch office clients for the content can then be serviced from the content engine at the branch office, thus eliminating the repetitive transfer of the same data. Depending on traffic patterns, such an arrangement might provide significant WAN bandwidth savings. Answer A is incorrect. A load balancer, which is also known as a content switch, can distribute requests for content coming into a server farm across multiple servers containing identical content. If one of those servers needed to be taken down for maintenance, the load balancer could be configured not to forward requests to that server.
Identify the purpose of a DHCP scope.
A scope acts as a pool of IP addresses from which a DHCP server can assign IP addresses to DHCP clients. A DHCP server can be configured to assign IP addresses to devices belonging to different subnets. Specifically, the DHCP server can determine the source subnet of the DHCP request and select an appropriate address pool from which to assign an address. One of these address pools (which typically corresponds to a single subnet) is called a scope. Answer B is incorrect. A DCHP reservation is a hardcoded assignment of an IP address to a specific MAC address. Answer C is incorrect. DHCP options are the elements of IP address information that a DHCP server can assign to a DHCP client. Examples of DHCP options include DNS server and WINS server IP addresses. Answer D is incorrect. A lease is a temporary IP address assignment that a DHCP server assigns to a DHCP client.
Which of the following user authentication technologies uses digital certificates and a certificate authority (CA)?
PKI Public Key Infrastructure (PKI) uses digital certificates and a certificate authority (CA) to allow secure communication across a public network. Answer B is incorrect. IEEE 802.1X is a type of network admission control (NAC), which can permit or deny a wireless or wired LAN client access to a network. The device seeking admission to the network is called the "supplicant." The device to which the supplication connects (either wirelessly or through a wired connection) is called the "authenticator." The device which checks the supplicant's credentials and permits or denies the supplicant to access the network is called an "authentication server." Usually, an authentication server is a RADIUS server. Answer A is incorrect. Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) is a Microsoft-enhanced version of CHAP, offering a collection of additional features not present with CHAP, including two-way authentication. Answer D is incorrect. Microsoft Remote Access Server (RAS) is the predecessor to Microsoft Routing and Remote Access Server (RRAS). Both RAS and RRAS are Microsoft Windows Server® features allowing Microsoft Windows® clients to remotely access a Microsoft Windows® network.
What is a very common protocol found on dedicated leased lines?
PPP PPP is very commonly used over dedicated leased lines. Answer A is incorrect. HDLC is much less popular because it lacks the robust features of PPP. Answers D and C are incorrect. ADSL and DSL are technologies used to provide high-speed WAN links themselves.
What is a very common protocol found on dedicated leased lines?
PPP PPP is very commonly used over dedicated leased lines. Answer C is incorrect. HDLC is much less popular because it lacks the robust features of PPP. Answers D and A are incorrect. ADSL and DSL are technologies used to provide high-speed WAN links themselves.
What technology is typically used in conjunction with DSL?
PPPoE A popular WAN technology (specifically, an Internet access technology) in residences and as businesses is digital subscriber line (DSL). Note that DSL connections typically use a variant of PPP called PPP over Ethernet (PPPoE). Answers A and D are incorrect. PPP and HDLC are not typically found in this environment. Answer C is incorrect. Metro Ethernet is a competing technology to DSL.
What type of network allows interconnected devices to share their resources with one another but would have issues regarding scalability?
Peer-to-peer Peer-to-peer networks allow interconnected devices (for example, PCs) to share their resources with one another. Those resources could be, for example, files or printers. Answer C is incorrect. A client-server network can have a dedicated file server that provides shared access to files, and a networked printer could also be available as a resource to the network's clients. Client-server networks are commonly used by businesses. Since resources are located on one or more servers, administration is simpler than trying to administer network resources on multiple client devices. Answer B is incorrect. When interconnecting multiple sites (for example, multiple corporate locations) via WAN links, a hub and spoke topology has a WAN link from each remote site (that is, each spoke site) to the main site (that is, the hub site). This approach is very similar to the star topology used in LANs. Answer A is incorrect. Multiprotocol Label Switching (MPLS) is a technology commonly seen in service provider networks, where forwarding decisions are made based on an MPLS label (which is contained in a 32-bit MPLS header) as opposed to an IP address. This header is inserted between a packet's Layer 2 and Layer 3 headers. Therefore, MPLS is often said to be a Layer 2.5 technology.
Which layer of the OSI Model is concerned with how bits are represented on the medium?
Physical The Physical Layer, residing at the bottom of the OSI Model (that is, Layer 1) is concerned with how bits are represented on the medium, wiring standards, physical topology, synchronizing bits, bandwidth usage, and multiplexing strategy.
Identify the quality of service (QoS) mechanism that can set a bandwidth limit on traffic and drop packets attempting to exceed that bandwidth limit.
Policing Policing and traffic shaping are both traffic conditioners, each of which can set a bandwidth limit on traffic. However, policing has the ability to drop excess packets, while traffic shaping delays excess traffic. Answers D and A are incorrect. Link Fragmentation and Interleaving (LFI) and RTP Header Compression (cRTP) are both link efficiency mechanisms, which attempt to make a more efficient use of relatively limited WAN bandwidth. LFI can fragment large packets and interleave smaller packets (for example, voice over IP packets) in amongst the fragmented packets. As a result, the smaller packets can exit a slow-speed interface sooner, and not experience excessive delay. cRTP can take the Layer 3 and Layer 4 headers of a Real-time Transport Protocol (RTP) packet (used to carry voice over IP traffic), which totals 40 Bytes in size, and compress them down to only two or four Bytes (two Bytes without UDP checksums and four Bytes with UDP checksums).
Which of the following is a type of network interface device (NID) that includes circuitry to perform such functions as converting between framing formats on a digital circuit?
Smart Jack A smart jack is a type of network interface device (see the definition for demarc) that adds circuitry. This circuitry adds such features as converting between framing formats on a digital circuit (for example, a T1), supporting remote diagnostics, and regenerating a digital signal. Answer C is incorrect. A demarcation point (also known as a demarc or a demarc extension) is the point in a telephone network where the maintenance responsibility passes from a telephone company to the subscriber (unless the subscriber has purchased inside wiring maintenance). This demarc is typically located in a box mounted to the outside of a customer's building (for example, a residential home). This box is called a network interface device (NID). Answer A is incorrect. The tip and ring wires are the red and green wires found in an RJ-11 wall jack, which carry voice, ringing voltage, and signaling information between an analog device (for example, a phone or a modem) and a telephone's wall jack. Answer B is incorrect. An NT1 is an ISDN device that interconnects a 4-wire ISDN circuit with a 2-wire ISDN circuit.
Refer to the exhibit. Consider the topology. What needs to be configured on router R1 in order for the DHCP client to successfully send a DHCPDISCOVER message to the DHCP server?
DHCP Relay Agent A DHCPDISCOVER message is sent as a broadcast. By default, a broadcast cannot cross a router boundary. Therefore, if a client resides on a different network than the DHCP server, the client's next-hop router should be configured as a DHCP relay agent, which allows a router to relay DHCP requests to either a unicast IP address or a directed broadcast address for a network. Answer D is incorrect. A scope is a pool of addresses (which typically corresponds to a single subnet) from which a DHCP server assigns an IP address to requesting DHCP clients. Answer B is incorrect. When a network device is assigned an IP address from an appropriate DHCP scope, that assignment is not permanent. Rather it is a temporary assignment referred to as a lease. Answer C is incorrect. You can statically configure a DHCP reservation, where a specific MAC address is mapped to a specific IP address that will not be assigned to any other network device.
A DHCP reservation involves the exchange of four messages between a DHCP client and a DHCP server. What is the first of these messages?
DHCPDISCOVER The steps involved in a DHCP reservation are as follows: Step 1. When a DHCP client initially boots, it has no IP address, default gateway, or other such configuration information. Therefore, the way a DHCP client initially communicates is by sending a broadcast message (that is, a DHCPDISCOVER message to a destination address of 255.255.255.255) in an attempt to discover a DHCP server. Step 2. When a DHCP server receives a DHCPDISCOVER message, it can respond with a unicast DHCPOFFER message. Since the DHCPDISCOVER message is sent as a broadcast, more than one DHCP server might respond to this discover request. However, the client typically selects the server that sent the first DHCPOFFER response received by the client. Step 3. The DHCP client communicates with this selected server by sending a unicast DHCPREQUEST message asking the DHCP server to provide IP configuration parameters. Step 4. Finally, the DHCP server responds to the client with a unicast DHCPACK message. This DHCPACK message contains a collection of IP configuration parameters.
Which options should be included in a bring-your-own-device policy?
Detailed presentation on the exit policies for employees D Integration between it and the acceptable use policy Many different pieces should at least be included in a bring-your-own-device (BYOD) policy; these include the following: An explicit and detailed list of what devices are actually permitted For each device or device category, an explicit security policy The appropriate corporate support policy for each device or device category A clear delineation of what applications and data are owned by the corporation versus what are owned by the user and/or employee An explicit list of applications permitted in the BYOD environment An integration of the BYOD policy with the acceptable use policy (AUP) A detailed presentation on the exit policies for employees as they relate to BYOD
Which of the following are recommendations for developing a password policy?
Do not allow words to be spelled out completely. C Ensure uniqueness from previous passwords.
Refer to the exhibit. Consider the network topology. Which (if any) device in the topology has an incorrect IP address? (Assume that if two devices belong to one subnet, and another device belongs to a different subnet, that device (belonging to a different subnet than the other two devices) has an incorrect IP address.)
Drawing 2 in OneNote R1 The network shown has subnetted the 192.168.1.0 network using a 26-bit subnet mask (that is, 255.255.255.192). To determine which device (if any) is assigned an incorrect IP address, you need to determine the subnets created by the 26-bit subnet mask applied to the 192.168.1.0 network. Step 1. The interesting octet for a 26-bit subnet mask is the fourth octet, because the fourth octet is the last octet to contain a 1 in the 26-bit subnet mask (that is, 11111111.11111111.11111111.11000000, which could alternately be written as 255.255.255.192). Step 2. The decimal value of the fourth octet in the subnet mask is 192. Therefore, the block size is 64 (that is, 256 - 192 = 64). Step 3. The first 192.168.1.0 subnet is 192.168.1.0/26 (that is, 192.168.1.0/26 with the two borrowed bits in the fourth octet set to 0). Step 4. Beginning with the first subnet of 192.168.1.0/26 and counting by the block size of 64 in the interesting octet yields the following subnets: 192.168.1.0/26 192.168.1.64/26 192.168.1.128/26 192.168.1.192/26 By examining the fourth octet of each IP address shown in the topology, we can determine that all devices belong to the 192.168.1.0/26 network (because the fourth octet values for all IP addresses are in the range of 0-63). However, a value of 0 in the fourth octet represents the network address (that is, 192.168.1.0/26) for the subnet. Also, a value of 63 in the fourth octet (that is, where the six host bits are set to a 1) represents the directed broadcast address for the subnet (that is, 192.168.1.63/26). In this case, the router's interface connected to the 192.168.1.0/26 subnet is assigned the directed broadcast address (that is, 192.168.1.63) of the network. Therefore, we can conclude that R1 (that is, the router) has an incorrect IP address.
What variant of Domain Name System (DNS) overcomes the size limitations of the original version of DNS through the use of pseudo-resource-records?
EDNS Extension Mechanisms for DNS (EDNS) supports features not supported in the original version of DNS (for example, security) while maintaining backward compatibility with the original version of DNS. Rather than using new flags in the header, which would impact backward compatibility, EDNS sends optional pseudo-resource-records between devices supporting EDNS. These records support sixteen new DNS flags. Answer B is incorrect. Fully-qualified domain name (FQDN) is an address specifying all necessary domain and sub-domain information to uniquely identify a target system. Answer D is incorrect. Start of Authority (SOA) is a DNS record that provides authoritative information about a DNS zone, such as contact information for the zone's administrator. Answer A is incorrect. Canonical Name (CNAME) is a DNS record that is an alias of an existing record, thus allowing multiple DNS records to map to the same IP address.
A Cisco router has learned a network via three different routing protocols: OSPF, EIGRP, and RIP. Which route will the router believe (that is, inject into the router's IP routing table)?
EIGRP When a router learns a route from different routing sources (for example, statically configured, directly connected, or dynamically learned), the routing source with the lowest administrative distance (AD) is injected into the router's IP routing table. EIGRP has an AD of 90. OSPF has an AD of 110, and RIP has an AD of 120. Therefore, the route learned via EIGRP is used by the router.
Consider the following wireless network (WLAN) topology. A wireless client running IEEE 802.11g is having connectivity issues when attempting to roam between access points (APs). What is the most likely issue?
Encryption type AP-1 is using WPA2 as the encryption type, while AP-2 is using WPA. This mismatched encryption type can prevent a WLAN client from roaming between APs. Since AP-1 uses 802.11n (on the 2.4 GHz band) it can be backward compatible with 802.11g and 802.11b (which also use the 2.4 GHz band). Also, the channel separation should be at least five channels (with the exception of Channel 14) when using the 2.4 GHz band, and in this example, there are ten channels of separation. So, channel separation is not an issue. The overlapping AP coverage areas (called "cells") are adhering to the best practice recommendation of a 10 - 15 percent overlap.
Which of the following copper connector types is most commonly used for cable TV connections?
F connector An F-connector is frequently used for cable TV (including cable modem) connections. Answer E is incorrect. A Bayonet Neill-Concelman (BNC) connector (also referred to as British Naval Connector in some literature) can be used for a variety of applications, including being used as a connector in a 10BASE-2 Ethernet network. Answer A is incorrect. A type 45 registered jack (RJ-45) is an eight-pin connector found in most Ethernet networks. However, most Ethernet implementations only use four of the eight pins. Answer B is incorrect. A 9-pin D-subminiature (DB-9) connector is commonly used as a connector for asynchronous serial communications. One of the more popular uses of a DB-9 connector is to connect the serial port on a computer with an external modem. Answer C is incorrect. A type 11 registered jack (RJ-11) has the capacity to be a six-pin connector. However, most RJ-11 connectors have only two or four conductors. An RJ-11 connector is found in most home telephone networks. However, most home phones only use two of the six possible pins.
Which of the following protocols is used for transferring files with a remote host in a non-secure fashion?
FTP File Transfer Protocol (FTP) is used to transfer files with a remote host in a non-secure fashion. Answer A is incorrect. Secure Shell (SSH) is used to securely connect to a remote host, typically via a terminal emulator. Answer B is incorrect. Secure FTP (SFTP) provides FTP file transfer service over a Secure Shell (SSH) connection. Answer C is incorrect. Secure Copy (SCP) provides a secure file transfer service over an SSH connection and offers a file's original data and time information, which is not available with FTP.
Which of the following security attacks leverages the PORT command?
FTP Bounce FTP supports a variety of commands for setting up a session and managing file transfers. One of these commands is the PORT command and can, in some cases, be used by an attacker to access a system that would otherwise deny the attacker. This type of attack is called an "FTP bounce" attack. Answer A is incorrect. A Smurf attack can use Internet Control Message Protocol (ICMP) traffic, directed to a subnet, to flood a target system with Ping replies. Answer B is incorrect. A denial-of-service (DoS) attack occurs when an attacker sends the target system a flood of data or requests that consume the target system's resources. Answer C is incorrect. A distributed denial-of-service (DDoS) attack can increase the amount of traffic flooded to a target system, as compared to a DoS attack. Specifically, the attacker compromises multiple systems, and those compromised systems, called "zombies," can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.
Which IPv6 address type is indicated by the first four hex characters of an address ranging from 2000 to 3999?
Globally routable unicast There are a few IPv6 address types, the most common ones include globally routable unicast addresses (2000 to 3999), link-local (FE80), and multicast (FF)
Which IPv6 address type is indicated by the first four hex characters of an address ranging from 2000 to 3999?
Globally routable unicast There are a few IPv6 address types, the most common ones include globally routable unicast addresses (2000 to 3999), link-local (FE80), and multicast (FF).
What technology is similar to WiMAX and offers wireless broadband service? The maximum data rate is 84 Mbps.
HSPA+ Like WiMAX, Evolved High-Speed Packet Access (HSPA+) is a technology offering wireless broadband service. The maximum data rate for HSPA+ is 84 Mbps. All other options listed are alternative media for wireless, but none of them match this description.
What does RIP use for a metric?
Hop Count RIP is not a sophisticated routing protocol. It does not consider bandwidth when it is using its metric. The metric is a simple hop count. OSPF uses cost, which is based on bandwidth. EIGRP uses a composite metric using bandwidth and delay by default.
What does RIP use for a metric?
Hop count RIP is not a sophisticated routing protocol. It does not consider bandwidth when it is using its metric. The metric is a simple hop count. OSPF uses cost, which is based on bandwidth. EIGRP uses a composite metric using bandwidth and delay by default.
What WAN topology enables you to minimize WAN expenses by not directly connecting any two remote locations?
Hub and Spoke A hub-and-spoke topology enables you to minimize costs by not directly connecting any two spoke locations. A ring topology would connect all remote locations to each other. A full mesh would also connect all remote locations, and a partial mesh topology would connect some.
Which IoT technology is commonly used in remote controls to transmit information using a form of light?
IR-Infrared Many different Internet of Things (IoT) technologies have been and are being introduced. One such technology is used with devices that use Infrared (IR) to relay information with light pulses.
What term defines a variation in the delay of packets in the network?
Jitter The variation in delay in the network is called jitter. Answer B is incorrect. Latency refers to just the delay itself. Answer D is incorrect. Attenuation is the weakening of a signal over a distance. Answer C is incorrect. Crosstalk refers to the interference of a signal from a neighboring signal.
Identify the quality of service (QoS) function that alters bits in a frame, cell, or packet.
Marking Marking alters bits within a frame, cell, or packet to indicate how the network should treat that traffic. Marking alone does not change how the network treats a packet. Other tools (for example, queuing tools) can, however, reference those markings and make decisions based on the markings. Answer D is incorrect. Classification is the process of placing traffic into different categories. Classification does not, however, alter any bits in a frame or packet. Answer A is incorrect. If an interface's output queue fills to capacity, newly arriving packet are discarded (that is, tail dropped). To prevent this behavior, a congestion avoidance technique called Random Early Detection (RED) can be used. After a queue depth reaches a configurable level (that is, the minimum threshold), RED introduces the possibility of packet discard. If the queue depth continues to increase, the possibility of discard increases until a configurable maximum threshold is reached. After the queue depth has exceeded the maximum threshold, there is a 100 percent probability of packets being discarded. Answer B is incorrect. When a device, such as a switch or a router, receives traffic faster than it can be transmitted, the device attempts to buffer (that is, store) the extra traffic until bandwidth becomes available. This buffering process is called queuing or congestion management.
Which issue is commonly related to a network device becoming a black hole for traffic?
Mismatched MTU The maximum transmission unit (MTU) indicates the largest packet size on an interface. If a larger packet is received, then a device will drop it; commonly this also includes the transmission of a message indicating why, but if this feature is disabled, the device will become a black hole for traffic.
What IP traffic type should you use if you want to send out a video stream to 23 of the systems in the marketing department? There are 50 total systems in this department.
Multicast Unicast is excellent for sending packets directly to a single system. Broadcast is suitable for sending a packet to all systems. Multicast is ideal in this situation. You can send packets to just those systems that are interested in receiving the traffic. This is typically a subset of all of the systems.
What is the name of the protocol used with IPv6 to learn the Layer 2 addresses that exist on the same local network?
NDP Whereas the Address Resolution Protocol (ARP) is used for IPv4, IPv6 uses the Network Discovery Protocol (NDP) for a similar purpose to translate between IPv6 addresses and device Layer 2 MAC addresses.
Which of the following is a vulnerability scanner product from Tenable Network Security®?
Nessus Tenable Network Security® has a vulnerability scanning product called Nessus®, which is available from Nessus-Professional. A few of the product features include: performing audits on systems without requiring an agent to be installed on the systems, checking system configurations for compliance with an organization's policy, auditing systems for specific content (for example, credit card information or adult content), performing continuous scanning, thus reducing the time required to identify a network vulnerability, and scheduling scans to run once, daily, weekly, or monthly. Answer B is incorrect. Nmap is a publicly available network security scanner, which can be downloaded from nmap.org. Nmap offers features such as: scanning and sweeping features, which identify services running on systems in a specified range of IP addresses, using a stealth approach to scanning and sweeping making the scanning and sweeping less detectable by hosts and IPS technology, and using OS fingerprinting technology to identify an operating system running on a target system (including a percentage of confidence that the OS was correctly detected). Answer D is incorrect. A honeypot acts as a distractor. Specifically, a system designated as a honeypot appears to be an attractive attack target. One school of thought on the use of a honeypot is to place one or more honeypot systems in a network to entice attackers into thinking a system is real. The attackers then use their resources attacking the honeypot, resulting in their leaving the real servers alone. Another use of a honeypot is to use it as a system that is extensively monitored, in order to learn what an attacker is attempting to do on the system. Answer A is incorrect. For larger networks, a network administrator might deploy multiple honeypots, which forms a honeynet.
A network administrator can use which of the following to locate a break in a fiber optic cable?
OTDR An optical time domain reflectometer (OTDR) can locate a cable fault in fiber optic cabling. Answer A is incorrect. A time domain reflectometer (TDR) can locate a cable fault in copper cabling. Answer C is incorrect. A multimeter can be used to check a variety of electrical characteristics for a copper cable. These characteristics include resistance (in Ohms), current (in Amps), and voltage (in Volts). Answer D is incorrect. An environmental monitor can be used to send an alert if the temperature (or humidity) in a room (which might contain network equipment sensitive to temperature or humidity) rises above or drops below administratively configured thresholds.
What type of antenna radiates power at relatively equal power levels in all directions?
Omnidirectional An omnidirectional antenna radiates power at relatively equal power levels in all directions (somewhat similar to the theoretical isotropic antenna). Answer A is incorrect. A unidirectional antenna can focus its power in a specific direction, thus avoiding potential interference with other wireless devices and perhaps reaching greater distances than those possible with an omnidirectional antenna. Answer C is incorrect. A Yagi antenna is a type of directional antenna. Answer B is incorrect. A sector antenna provides a pie-shaped coverage area.
Which MPLS element is the provider's router that connects to the customer?
PE There are many different MPLS elements, including the Customer Premises Equipment (CPE), Customer Edge (CE), Edge Label Switch Router (ELSR), Provider Edge (PE), Label Switch Router (LSR), and Provider (P) routers. The PE router is the MPLS provider's router that connects to the customer.
Which of the following is a type of network interface device (NID) that includes circuitry to perform such functions as converting between framing formats on a digital circuit?
Smart jack A smart jack is a type of network interface device (see the definition for demarc) that adds circuitry. This circuitry adds such features as converting between framing formats on a digital circuit (for example, a T1), supporting remote diagnostics, and regenerating a digital signal. Answer C is incorrect. A demarcation point (also known as a demarc or a demarc extension) is the point in a telephone network where the maintenance responsibility passes from a telephone company to the subscriber (unless the subscriber has purchased inside wiring maintenance). This demarc is typically located in a box mounted to the outside of a customer's building (for example, a residential home). This box is called a network interface device (NID). Answer A is incorrect. The tip and ring wires are the red and green wires found in an RJ-11 wall jack, which carry voice, ringing voltage, and signaling information between an analog device (for example, a phone or a modem) and a telephone's wall jack. Answer B is incorrect. An NT1 is an ISDN device that interconnects a 4-wire ISDN circuit with a 2-wire ISDN circuit.
Which of the following installation practices could result in non-standard pin-outs in network cabling?
Splitting pairs in a cable An unshielded twisted pair (UTP) cable consists of eight separate copper leads. However, only four of those eight leads are used for data (two transmit leads and two receive leads). This results in four unused leads. Some installers use those four extra leads to support a second Ethernet connection on a single UTP cable. While such an approach can function, non-standard wires are being used for connecting the second Ethernet connection. Therefore, you should be aware of any non-standard pin-outs used in the network you are troubleshooting. While a 110 block supports higher speeds than a 66 block, using one block versus another does not impact network cabling pinouts. If a punch down tool is not used when punching down wires on a 66 block or a 110 block, damage could occur to the blades on the block. However, the use of a punch down tool does not impact network cabling pinouts.
Which two of the following are firewall inspection types?
Stateful Packet filtering Some firewalls inspect traffic based solely on a packet's header. This type of firewall is called a "packet filtering firewall." Other firewalls, however, can recognize that a packet is part of a session that might have been originated inside the local network or outside the local network. This type of firewall is called a "stateful firewall." Answer C is incorrect. A hardware firewall is a network appliance that acts as a firewall. This appliance could have multiple interfaces for connecting to areas of a network requiring varying levels of security. Answer D is incorrect. A software firewall is a computer running firewall software, which can protect the computer itself (for example, preventing incoming connections to the computer). Alternately, a software firewall could be a computer with more than one network interface card running firewall software. This type of software firewall could filter traffic attempting to pass through the computer (that is, coming in one of the network interface cards and leaving via a different network interface card).
In the modern LAN, what type of device is typically used at the center of a star topology?
Switch A switch operates at Layer 2 and functions based on Layer 2 MAC addresses. Answer A is incorrect. The switch has replaced the hub at the center of the star topology that is formed to create the LAN. Answers D and C are incorrect. A router is used to route between these various star topologies, whereas a firewall is used, typically at the network's edge, to provide security in and out of the network.
Which of the following requires two types of authentication (but no more) from a user seeking admission to a network?
TFA Two-factor authentication (TFA) requires two types of authentication from a user seeking admission to a network. A user might have to know something (for example, a password) and have something (for example, a specific fingerprint, which can be checked with a biometric authentication device). Answer C is incorrect. Similar to two-factor authentication, multifactor authentication requires two or more types of successful authentication before granting access to a network. Answer B is incorrect. Single sign-on (SSO) allows a user to authenticate only once in order to gain access to multiple systems, without requiring the user to independently authenticate with each system. Answer A is incorrect. An Extensible Authentication Protocol (EAP) specifies how authentication is performed by IEEE 802.1X. A variety of EAP types exist, for example: Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST), Extensible Authentication Protocol-Message Digest 5 (EAP-MD5), and Extensible Authentication Protocol-Transport Layer Security (EAP-TLS).
Which of the following protocols is used for transferring files with a remote host in a non-secure fashion and without requiring user credentials?
TFTP Trivial File Transfer Protocol (TFTP) is used to transfer with a remote host in a non-secure fashion, and without requiring user credentials. However, File Transfer Protocol (FTP) typically does, however, require users to log in. Secure Shell (SSH) is used to securely connect to a remote host, typically via a terminal emulator. Secure FTP (SFTP) provides FTP file transfer service over a Secure Shell (SSH) connection. Secure Copy (SCP) provides a secure file transfer service over a SSH connection and offers a file's original data and time information, which is not available with FTP.
Which of the following is a Microsoft Windows® command that displays what Layer 2 MAC address corresponds to a Layer 3 IP address?
arp The "arp" command can be used to see what a Layer 2 MAC address corresponds to a known Layer 3 IP address. Additionally, the "arp" command can be used to statically add a MAC address to IP address mapping into a PC's ARP table (sometimes called the ARP cache). Answer D is incorrect. The "ipconfig" command can be used to display IP address configuration parameters on a Microsoft Windows® PC. Additionally, if DHCP is used by the PC, the "ipconfig" command can be used to release and renew a DHCP lease, which is often useful when troubleshooting. Answer A is incorrect. The "nbtstat" command displays NetBIOS information for IP-based networks. The nbt prefix of the "nbtstat" command refers to NetBIOS over TCP/IP, which is called NBT, or NetBT. This command can, for example, display a listing of NetBIOS device names learned by a Microsoft Windows® PC. Answer B is incorrect. The "netstat" command can be used to display a variety of information about IP-based connections on a PC. For example, you can view information about current sessions, including source and destination IP addresses and port numbers. You can also display protocol statistics.
Refer to the exhibit. What command produced the output shown on your Windows workstation? Interface: 192.168.1.19 --- 0xb Internet Address Physical Address Type 192.168.1.1 00-23-97-6f-72-be dynamic 192.168.1.2 90-84-0d-ee-26-ad dynamic 192.168.1.7 78-e7-d1-bf-33-a8 dynamic 192.168.1.10 d8-30-62-34-b0-77 dynamic 192.168.1.13 00-90-a9-d0-c8-b5 dynamic 192.168.1.14 84-8f-69-f5-5f-3d dynamic 192.168.1.16 20-c9-d0-44-96-41 dynamic 192.168.1.21 00-1b-78-6d-76-fc dynamic 192.168.1.25 a8-86-dd-ac-a5-a5 dynamic 192.168.1.36 00-90-a9-01-bb-04 dynamic 192.168.1.56 68-5b-35-cf-28-1d dynamic 192.168.1.128 38-aa-3c-1f-07-c1 dynamic 192.168.1.202 f0-27-65-f6-b3-b3 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 224.0.1.60 01-00-5e-00-01-3c static 239.255.255.250 01-00-5e-7f-ff-fa static
arp -a This output is from the use of arp -a. Ping, netstat, and nbtstat are all valid command-line tools, but none of these display the ARP cache in the manner shown here.
Refer to the exhibit. What command produced the output shown on your Windows workstation? Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : C8-60-00-BE-99-4C DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c441:3b73:36aa:9b51%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.19(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 248012800 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-3D-D6-B6-C8-60-00-BE-99-4C DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : Enabled
ipconfig/all
Refer to the exhibit. What command produced the output shown on your Windows workstation? Local Area Connection: Node IpAddress: [192.168.1.50] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host Address Life [sec] ------------------------------------------------------------ 192.168.1.150 <20> UNIQUE 192.168.1.150 440 192.168.1.241 <20> UNIQUE 192.168.1.241 395 192.168.1.50 <20> UNIQUE 192.168.1.50 392 AZSCO-CISCO-S2 <00> UNIQUE 192.168.1.150 555 AZSCO-CISCO-S2 <20> UNIQUE 192.168.1.150 555 THE-WALLACES-TI<20> UNIQUE 192.168.1.1 202
nbtstat When troubleshooting, it often helps to know the IP address of a known NetBIOS name. You can view a PC's NetBIOS name cache, which lists this information, with the nbtstat -c command. Ipconfig, netstat, and nslookup are all valid command-line troubleshooting tools, but none of them produce the output shown.
Refer to the exhibit. What command produced the output shown on your Windows workstation? Server: UnKnown Address: 192.168.1.1 Non-authoritative answer: Name: cbtnuggets.com Address: 172.31.194.74
nslookup
Identify the quality of service (QoS) mechanism that can set a bandwidth limit on traffic and drop packets attempting to exceed that bandwidth limit.
policing Policing and traffic shaping are both traffic conditioners, each of which can set a bandwidth limit on traffic. However, policing has the ability to drop excess packets, while traffic shaping delays excess traffic. Answers A and B are incorrect. Link Fragmentation and Interleaving (LFI) and RTP Header Compression (cRTP) are both link efficiency mechanisms, which attempt to make a more efficient use of relatively limited WAN bandwidth. LFI can fragment large packets and interleave smaller packets (for example, voice over IP packets) in amongst the fragmented packets. As a result, the smaller packets can exit a slow-speed interface sooner, and not experience excessive delay. cRTP can take the Layer 3 and Layer 4 headers of a Real-time Transport Protocol (RTP) packet (used to carry voice over IP traffic), which totals 40 Bytes in size, and compress them down to only two or four Bytes (two Bytes without UDP checksums and four Bytes with UDP checksums).
Which two of the following virtual private network (VPN) tunneling protocols can be used to provide security for HTTPS?
TLS SSL Secure Sockets Layer (SSL) provides cryptography and reliability for upper layers (that is, Layers 5 - 7) of the OSI Model. Introduced in 1995, SSL has largely been replaced by Transport Layer Security (TLS). However, recent versions of SSL (for example, SSL 3.3) have been enhanced to be more comparable with TLS. Both SSL and TLS are able to provide secure web browsing via Hypertext Transfer Protocol Secure (HTTPS). Transport Layer Security (TLS) has largely replaced SSL as the VPN protocol of choice for providing cryptography and reliability to upper layers of the OSI Model. For example, when you securely connect to a website using HTTPS, you are probably using TLS. Answer C is incorrect. Layer 2 Tunneling Protocol (L2TP) is a VPN protocol that lacks security features, such as encryption. However, L2TP can still be used for a secure VPN connection if it is combined with another protocol that does provide encryption. Answer B is incorrect. Point-to-Point Tunneling Protocol (PPTP) is an older VPN protocol (which supported the Dial-Up Networking feature in older versions of Microsoft Windows®). Like L2TP and L2F, PPTP lacks native security features. However, Microsoft's versions of PPTP bundled with various versions of Microsoft Windows® were enhanced to offer security features.
Subnetting extends a classful subnet mask of an IP network to create additional subnets. However, what IP addressing approach removes bits from a classful subnet mask, to summarize multiple classful networks?
CIDR Classless Inter-Domain Routing (CIDR) shortens a classful subnet mask by removing 1s from the classful mask. As a result, CIDR allows contiguous classful networks to be aggregated. CIDR could be used by a service provider to aggregate multiple classful IP address spaces under their administration. Answer B is incorrect. The Extended Unique Identifier (EUI-64) format can be used to cause a router to automatically populate the low-order 64 bits of an IPv6 address, based on an interface's Media Access Control (MAC) address. Answer A is incorrect. Anycast is an IPv6 data flow, in which multiple devices can be assigned a single IPv6 address. An anycast communication flow is one-to-nearest (from the perspective of a router's routing table). Answer D is incorrect. Automatic IP Address Assignment (APIPA) is a non-routable automatically assigned IP address in the range 169.254.0.0 - 169.254.255.255.
Which of the following pieces of equipment can be used to determine the supported frequency range of a cable?
Cable certifier
Which type of unshielded twisted pair (UTP) is commonly used in Ethernet 10BASE-T networks, which carry data at a rate of 10 Mbps (although it can carry data at a maximum rate of 16 Mbps, as seen in some Token Ring networks)?
Cat 3 Category 3 (Cat 3) cable is commonly used in Ethernet 10BASE-T networks, which carry data at a rate of 10 Mbps (where Mbps stands for megabits per second, meaning millions of bits per second). However, Cat 3 cable can carry data at a maximum rate of 16 Mbps, as seen in some Token Ring networks. Answer C is incorrect. Category 5 (Cat 5) cable is commonly used in Ethernet 100BASE-TX networks, which carry data at a rate of 100 Mbps. However, Cat 5 cable can be used to carry ATM traffic at a rate of 155 Mbps. Most Cat 5 cables consist of four pairs of 24 gauge wires. Each of these pairs is twisted, with a different number of twists per meter. However, on average, one pair of wires has a twist every five cm. Answer B is incorrect. Category 5e (Cat 5e) cable is an updated version of Cat 5 and is commonly used for 1000BASE-T networks, which carry data at a rate of 1 Gbps. Cat 5e cable offers reduced crosstalk, as compared to Cat 5 cable. Answer A is incorrect. Like Cat 5e cable, Category 6 (Cat 6) cable is commonly used for 1000BASE-T Ethernet networks. Some Cat 6 cable is made of thicker conductors (for example, 22 gauge or 23 gauge wire), although some Cat 6 cable is made from the same 24 gauge wire used by Cat 5 and Cat 5e. Cat 6 cable does have thicker insulation and offers reduced crosstalk, as compared with Cat 5e. Answer E is incorrect. Category 6a (Cat 6a), or augmented Cat 6, supports twice as many frequencies as Cat 6 and can be used for 10GBASE-T networks, which can transmit data at a rate of 10 billion bits per second (that is, 10 Gbps).
Which DLP target activity level addresses data in operation?
Client level DLP policies target activities at three levels: in operation (client level), in transit (network level), and at rest (storage level).
Which of the following reflect the media type, bandwidth capacity, and distance limitation combination of 10BASE5 Ethernet?
Coax/10 Mbps/500 m 10BASE5 Ethernet (also known as thicknet) uses coax cable, has a bandwidth capacity of 10 Mbps, and a distance limitation of 500 m. Answer A is incorrect. 10BASE2 Ethernet (also known as thinnet) uses coax cable, has a bandwidth capacity of 10 Mbps, and a distance limitation of 185 m. Answer B is incorrect. 10BASE-T Ethernet uses Cat 3 (or higher) UTP, has a bandwidth capacity of 10 Mbps, and a distance limitation of 100 m. Answer C is incorrect. 100BASE-TX Ethernet uses Cat 5 (or higher) UTP cable, has a bandwidth capacity of 100 Mbps, and a distance limitation of 100 m.
Which phase of an incident response plan focuses on the protection of resources and determining operational status?
Contain The book defines many potential phases that may exist within an incident response policy. These include Prepare, Identify, Contain, Eradicate, Recover, and Review. The Contain phase, in this case, refers to initially ensuring resource protection and then to determining operational system status.
Which of the following remote access security technologies is a client-server authentication protocol and uses the concept of a trusted third party (that is, a Key Distribution Center) that hands out tickets that are used instead of a username and password combination?
Kerberos Kerberos is a client-server authentication protocol, which supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (that is, a Key Distribution Center) that hands out tickets that are used instead of a username and password combination. Answer B is incorrect. Remote Authentication Dial-In User Service (RADIUS) is a UDP-based protocol used to communicate with an AAA server. Unlike TACACS+, RADIUS does not encrypt an entire authentication packet, but only the password. However, RADIUS does offer more robust accounting features than TACACS+. Also, RADIUS is a standards-based protocol, while TACACS+ is a Cisco-proprietary protocol. Answer C is incorrect. Terminal Access Controller Access-Control System Plus (TACACS+) is a TCP-based protocol used to communicate with an AAA server. Unlike RADIUS, TACACS+ encrypts an entire authentication packet, rather than just the password. TACACS+ does offer accounting features, but they are not as robust as the accounting features found in RADIUS. Also, unlike RADIUS, TACACS+ is a Cisco-proprietary protocol. Answer D is incorrect. Challenge-Handshake Authentication Protocol (CHAP) performs a one-way authentication for a remote access connection. However, authentication is performed through a three-way handshake (that is, challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated without sending credential information across a network.
What protocol is used to bundle links together in order to improve bandwidth availability and redundancy?
LACP Link Aggregation Control Protocol can be used to assist in the formation of port channel bundles of physical links. Answer A is incorrect. HDLC is a WAN encapsulation protocol. Answer C is incorrect. ARP is used to resolve MAC addresses to IP addresses. Answer B is incorrect. VTP is the VLAN Trunking Protocol, which can be used to maintain VLAN database consistency in the enterprise.
What protocol is used to bundle links together in order to improve bandwidth availability and redundancy?
LACP Link Aggregation Control Protocol can be used to assist in the formation of port channel bundles of physical links. Answer B is incorrect. HDLC is a WAN encapsulation protocol. Answer D is incorrect. ARP is used to resolve MAC addresses to IP addresses. Answer C is incorrect. VTP is the VLAN Trunking Protocol, which can be used to maintain VLAN database consistency in the enterprise.
A T3 connection is an example of which WAN type?
Leased line A T1 and T3 are both examples of a leased line. Frame Relay is an example of a packet-switched WAN, and ISDN is an example of circuit switched. ATM is an example of cell switched.
A T3 connection is an example of which WAN type?
Leased lines A T1 and T3 are both examples of a leased line. Frame Relay is an example of a packet-switched WAN, and ISDN is an example of circuit switched. ATM is an example of cell switched.
Which of the following are sublayers of the Data Link Layer (that is, Layer 2) of the OSI Model?
MAC and LLC Layer 2 of the OSI Model (that is, the Data Link layer) contains two sublayers, the Media Access Control (MAC) and Logical Link Control (LLC) sublayers. However, Point-to-Point Protocol (PPP) is a Layer 2 encapsulation type, and Link Access Procedure on the D Channel (LAPD) is a Layer 2 protocol used by Integrated Services Digital Network (ISDN).
Which type of fiber optic connector contains two fiber strands in a single connector?
MTRJ The most unique characteristics of a media termination recommended jack (MTRJ) connector is that two fiber strands (that is, a transmit strand and a receive strand) are included in a single connector. An MTRJ connector is connected by pushing the connector into the terminating device, and it can be removed by pulling the connector from the terminating device. Answer D is incorrect. A straight tip (ST) connector is sometimes referred to as a bayonet connector, due to the long tip extending from the connector. ST connectors are most commonly used with multimode fiber (MMF). An ST connector connects to a terminating device by pushing the connector into the terminating equipment and then twisting the connector housing to lock it in place. Answer A is incorrect. Different literature defines an SC connector as subscriber connector, standard connector, or square connector. The SC connector is connected by pushing the connector into the terminating device, and it can be removed by pulling the connector from the terminating device. Answer B is incorrect. A Lucent connector (LC) connects to a terminating device by pushing the connector into the terminating device, and it can be removed by depressing the tab on the connector and pulling it out of the terminating device.
Identify the quality of service (QoS) function that alters bits in a frame, cell, or packet.
Marking Marking alters bits within a frame, cell, or packet to indicate how the network should treat that traffic. Marking alone does not change how the network treats a packet. Other tools (for example, queuing tools) can, however, reference those markings and make decisions based on the markings. Answer C is incorrect. Classification is the process of placing traffic into different categories. Classification does not, however, alter any bits in a frame or packet. Answer B is incorrect. If an interface's output queue fills to capacity, newly arriving packet are discarded (that is, tail dropped). To prevent this behavior, a congestion avoidance technique called Random Early Detection (RED) can be used. After a queue depth reaches a configurable level (that is, the minimum threshold), RED introduces the possibility of packet discard. If the queue depth continues to increase, the possibility of discard increases until a configurable maximum threshold is reached. After the queue depth has exceeded the maximum threshold, there is a 100 percent probability of packets being discarded. Answer A is incorrect. When a device, such as a switch or a router, receives traffic faster than it can be transmitted, the device attempts to buffer (that is, store) the extra traffic until bandwidth becomes available. This buffering process is called queuing or congestion management.
Which of the following standards specifies a type of coaxial cable typically used for short distance applications, such as carrying composite video between two nearby devices, and has a characteristic impedance of 75 Ohms?
RG59 RG-59 is typically used for short distance applications, such as carrying composite video between two nearby devices. This cable type has loss characteristics such that it is not appropriate for long distance applications. RG-59 cable has a characteristic impedance of 75 Ohms. Answer A is incorrect. Single-mode fiber (SMF) is a fiber optic cable whose core has a diameter that is only large enough to transport light arriving at one angle (that is, a single mode). While only allowing a single mode of light to be transported by the fiber optic cable eliminates multimode delay distortion, SMF is typically more expensive than MMF. Answer E is incorrect. RG-58 has loss characteristics and distance limitations similar to those of RG-59. However, the characteristic impedance of RG-58 is 50 Ohms, and this type of coax was popular in early 10BASE2 Ethernet networks. Answer D is incorrect. Multimode fiber (MMF) is a fiber optic cable type whose core has a diameter capable of transporting light arriving at different angles (that is, modes). While this type of cable is typically less expensive to manufacture (as compared to single-mode fiber), the different modes of light propagation can lead to multimode delay distortion and can corrupt data transmissions over long distances. Answer C is incorrect. Like RG-59 cable, RG-6 cable has a characteristic impedance of 75 Ohms. RG-6 is commonly used by local cable companies to connect individual homes to a cable company's distribution network.
Which of the following can often be categorized as an encryption device (that is, a device capable of participating in an encrypted session)?
Router VPN Concentrator Firewall Enterprise firewalls, VPN concentrators, and routers are typically capable of participating in an encrypted session, meaning that they can support encryption protocols, such as Advanced Encryption Standard (AES). Answer B is incorrect. An Ethernet hub is a Layer 1 device and does not run any encryption algorithms.
What variation of network address translation (NAT) allows you to statically configure the inside global address assigned to a specific device inside your network?
SNAT Static NAT (SNAT) statically configures an inside global address assigned to a specific device inside your network. Answer D is incorrect. Dynamic NAT (DNAT) automatically assigns an inside global address from a pool of available addresses. Answer C is incorrect. Port address translation (PAT) allows multiple inside local addresses to share a single inside global address. Sessions are kept separate through the tracking of port numbers associated with each session.
Identify the Simple Network Management Protocol (SNMP) component that is a piece of software, which runs on a managed device (for example, a server, router, or a switch).
SNMP agent An SNMP agent is a piece of software, which runs on a managed device (for example, a server, router, or switch). Answer C is incorrect. An SNMP manager runs a network management application. This SNMP manager is sometimes referred to as a Network Management System (NMS). Answer A is incorrect. Information about a managed device's resources and activity is defined by a series of objects. The structure of these management objects is defined by a managed device's Management Information Base (MIB). Answer D is incorrect. An SNMP trap message is an unsolicited message sent from a managed device to an SNMP manager, which can be used to notify the SNMP manager about a significant event that occurred on the managed device.
If you are working on an isolated test network (that is, a test bed), what piece of equipment can you use to simulate a heavy network load?
Throughput tester A throughput tester is a network appliance, which typically has multiple network interfaces and can generate high volumes of pseudo-random data. You could, for example, connect a throughput tester to a proposed network that has been mocked up in a test bed, to observe how the network performs under a heavy load. Also, you can attach a throughput tester to a production network to determine the actual throughput of that existing network. Answer D is incorrect. A toner probe allows you to place a tone generator at one end of a connection (for example, someone's office), and use a probe on a punch down block to audibly detect the pair of wires to which the tone generator is connected. A toner probe comes in two pieces, the tone generator and the probe. Another common name for a toner probe is a "fox and hound," where the tone generator is the fox, and the probe (which searches for the tone) is the hound. Answer C is incorrect. Different unshielded twisted pair (UTP) categories support different data rates over specific distances. If you are working with existing cable and want to determine its category, or if you simply wish to test the supported frequency range (and therefore, data throughput) of a cable, you can use a cable certifier. Answer B is incorrect. A cable tester can be used to test the conductors in an Ethernet cable. A cable tester is comprised of two parts. By connecting these parts of the cable tester to each end of a cable under test, you can check the wires in the cable for continuity (that is, check to make sure there are no opens, or breaks, in a conductor). Additionally, you can verify an RJ-45 connector's pinouts (that is, that the wires are connected to appropriate pins in an RJ-45 connector).
What can you add to a network to mitigate a power failure that might otherwise make an Ethernet switch unusable?
UPS An uninterruptible power supply (UPS) allows a connected device (for example, an Ethernet switch) to continue operating in the event of a power failure. However, the amount of time the UPS (which contains a battery) can provide power to a connected device depends on the UPS's capacity and the power required by the attached device. Answer D is incorrect. Medium Dependent Interface Crossover (MDIX) is a technology supported by many modern Ethernet switches that automatically selects appropriate transmit and receive wires in an Ethernet cable. This allows you to connect an Ethernet switch port to another Ethernet device, without being concerned about whether you should use a straight-through cable or a crossover cable. Answer A is incorrect. A gigabit interface converter (GBIC) is a 1 Gbps switch port module, which can be quickly inserted into or removed from a modular Ethernet switch. This modularity allows you to quickly swap out the GBIC while troubleshooting. Answer C is incorrect. Spanning Tree Protocol (STP) allows you to have redundant links interconnecting Layer 2 devices, while preventing a switching loop, which could result in a variety of issues (for example, MAC address table corruption and broadcast storms).
Which of the following network appliances performs the most processor-intensive tasks and is critical in IPSec environments?
VPN concentrator While several router models can terminate a virtual private network (VPN) circuit, a dedicated device, called a VPN concentrator, could be used instead. A VPN concentrator is designed to perform the processor-intensive processes required to terminate multiple VPN tunnels. For example, running encryption algorithms, such as Advanced Encryption Standard (AES), can be very processor intensive. Answers A and B are incorrect. Some clients are configured to forward their packets, which are seemingly destined for the Internet, to a proxy server. This proxy server receives a client's request, and on behalf of that client (that is, as that client's proxy), the proxy server sends the request out to the Internet. When a reply is received from the Internet, the proxy server forwards the response on to the client. Proxy servers can also act as a content filter. Content filtering restricts clients from accessing certain URLs. For example, many companies use content filtering to prevent their employees from accessing popular social networking sites, in an attempt to prevent a loss of productivity. Answer D is incorrect. For companies with a large Internet presence (for example, a search engine company, an online bookstore, or a social networking site), a single server could be overwhelmed with the glut of requests flooding in from the Internet. To alleviate the burden placed on a single server, a content switch (also known as a load balancer) distributes incoming requests across the multiple servers in the server farm, where all of the servers contain the same data.
Which of the following network appliances performs the most processor-intensive tasks and is critical in IPSec environments?
VPN concentrator While several router models can terminate a virtual private network (VPN) circuit, a dedicated device, called a VPN concentrator, could be used instead. A VPN concentrator is designed to perform the processor-intensive processes required to terminate multiple VPN tunnels. For example, running encryption algorithms, such as Advanced Encryption Standard (AES), can be very processor intensive. Answers C and B are incorrect. Some clients are configured to forward their packets, which are seemingly destined for the Internet, to a proxy server. This proxy server receives a client's request, and on behalf of that client (that is, as that client's proxy), the proxy server sends the request out to the Internet. When a reply is received from the Internet, the proxy server forwards the response on to the client. Proxy servers can also act as a content filter. Content filtering restricts clients from accessing certain URLs. For example, many companies use content filtering to prevent their employees from accessing popular social networking sites, in an attempt to prevent a loss of productivity. Answer D is incorrect. For companies with a large Internet presence (for example, a search engine company, an online bookstore, or a social networking site), a single server could be overwhelmed with the glut of requests flooding in from the Internet. To alleviate the burden placed on a single server, a content switch (also known as a load balancer) distributes incoming requests across the multiple servers in the server farm, where all of the servers contain the same data.
What technology is an IETF version of HSRP?
VRRP VRRP is an IETF open standard that operates almost identically to HSRP from Cisco Systems. Answer D is incorrect. GLBP is another Cisco-specific technology for Layer 3 redundancy. Answers A and B are incorrect. NAT and PAT are for translating IPv4 addresses.
What virtual network device allows Microsoft Active Directory (AD) services, UNIX-based web services, and DNS services to be co-resident on the same network device?
Virtual server A virtual server allows multiple server instances (which might be running different operating systems) to reside on the same physical server. Answer A is incorrect. A virtual desktop allows a user's data to be stored in a data center, rather than on a hard drive on the user's office computer. Answer B is incorrect. A virtual private branch exchange (PBX) is usually a voice over IP (VoIP) solution, where voice is encapsulated inside data packets for transmission across a data network. Answer C is incorrect. Some virtual servers support virtual switch technology that allows you to have Layer 2 control (for example, VLAN separation and filtering) for virtual servers co-resident on a single physical server.
Which of the following approaches to wireless LAN (WLAN) security uses RC4 as its encryption algorithm?
WEP A WLAN using Wired Equivalent Privacy (WEP) has an AP configured with a static WEP key. Wireless clients needing to associate with an AP are configured with an identical key (making this a pre-shared key (PSK) approach to security). Also, WEP uses RC4 as its encryption algorithm. RC4 uses a 24-bit initialization vector (that is, an IV), which is a string of characters added to the transmitted data, such that the same plain text data frame will never appear as the same WEP-encrypted data frame. However, the IV is transmitted in clear text. So, if a malicious user, using packet capture software, captures enough packets having the same WEP key, and since the malicious user can see the IV in clear text, they can use a mathematical algorithm to determine the static WEP key. The Wi-Fi Alliance (a non-profit organization formed to certify interoperability of wireless devices) developed their own security standard, WPA, to address the weaknesses of WEP. Answers B, D, and C are incorrect. WPA uses Temporal Key Integrity Protocol (TKIP) for enhanced encryption. While TKIP does rely on an initialization vector, the IV is expanded from WEP's 24-bit IV to a 48-bit IV. Also, broadcast key rotation can be used, which causes a key to change so quickly, an eavesdropper would not have time to exploit a derived key. TKIP leverages Message Integrity Check (MIC), which is sometimes referred to as Message Integrity Code (MIC). MIC can confirm that data was not modified in transit. In 2004, the IEEE 802.11i standard was approved, and required stronger algorithms for encryption and integrity checking than those seen in previous WLAN security protocols such as WEP and WPA. The requirements set forth in the IEEE 802.11i standard are implemented in the Wi-Fi Alliance's WPA version 2 (WPA2) security standard. WPA2 uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption. Both WPA and WPA2 can optionally operate in enterprise mode, where users are authenticated against an authentication server's database, rather than a client being configured with a PSK.
What are the three levels of security associated with events appearing in Microsoft Windows® application logs?
Warning Information Error
Consider the fully-qualified domain name (FQDN) host1.pearsonitcertification.com; what is the top-level domain in the FQDN?
com Top-level domain (TLD) refers to the last portion of a domain name, the part that follows the last "dot" in the name. HTTP refers to the protocol being used, host1 refers to a host at pearsonitcertification.com and pearsonitcertification is a sub-domain beneath the top-level domain of .com.
