Network+ Practice Test
Your company has just installed a brand new email server, but you determined that the server cannot send emails to another server during your initial testing. You decide to check the firewall's ACL to see if the server's outgoing email is being blocked. Which of the following ports should you ensure is open and not blocked by the firewall? A. 25 B. 110 C. 143 D. 22 Explanation OBJ-1.5: The Simple Mail Transfer Protocol (SMTP) uses port 25 and is an internet standard communication protocol for electronic mail transmission. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system.
A. 25
(This is a simulated Performance-Based Question. On the real exam, you may be given a chart with numerous ports and protocols and be asked to drag and drop them to match the ports with the protocols.) What ports do SMTP and SNMP utilize? A. 25, 161 B. 161, 443 C. 23, 25 D. 445, 3389 Explanation OBJ-1.5: SMTP (Simple Mail Transfer Protocol) uses port 25. SNMP (Simple Network Management Protocol) uses port 161. Port 23 is used by Telnet. Port 445 is used by the Server Message Block (SMB) protocol. Port 3389 is used by the Remote Desktop Protocol (RDP). Port 443 is used by the Hypertext Transfer Protocol Secure (HTTPS). If this were a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up.
A. 25, 161
Which network device operates at Layer 1? A. Hub B. Router C. Bridge D. Firewall Explanation OBJ-1.1: A hub is a layer 1 device and operates at the physical layer. Cables, hubs, repeaters, and wireless access points are all examples of layer 1, or physical layer, devices. The Physical Layer defines electrical and physical specifications for devices. The physical layer defines the relationship between a device and a transmission medium, such as a copper or optical cable. A Bridge is a layer 2 device. A switch is a layer 3 device. A firewall is a layer 3 through layer 7 device, depending on the type of firewall.
A. Hub
Which type of threat actor can accidentally or inadvertently cause a security incident in your organization? A. Insider threat B. Hacktivist C. APT D. Organized Crime Explanation OBJ-4.1: An insider threat is a type of threat actor assigned privileges on the system that cause an intentional or unintentional incident. Insider threats can be used as unwitting pawns of external organizations or make crucial mistakes that can open up exploitable security vulnerabilities. Hacktivists, Organized Crimes, and advanced persistent threats (APT) entities do not accidentally or unwittingly target organizations. Instead, their actions are deliberate. A hacktivist is an attacker that is motivated by a social issue or political cause. Organized crime is a type of threat actor that uses hacking and computer fraud for commercial gain. An advanced persistent threat (APT) is a type of threat actor that can obtain, maintain, and diversify access to network systems using exploits and malware.
A. Insider threat
Which of the following describes the ID of a specified native VLAN when traffic passes over a trunk? A. It becomes the default VLAN for untagged frames B. It becomes the default gateway for the port or ports C. It becomes the priority ID for all the VLAN traffic across the device D. It becomes the gateway of last resort for the switch or router Explanation OBJ-2.3: Trunk ports carry all traffic, regardless of VLAN number, between all switches in a LAN. The VLAN designation for a trunk port is its native or default VLAN. If the trunk port has a native VLAN that differs from the tag placed on the frame as it entered the access port, the switch leaves the tag on the frame and sends the tagged frame along to the next switch or switches. If the trunk port's native VLAN is the same as the access port's VLAN, then the switch drops the tag and sends the untagged frame out of the trunk port.
A. It becomes the default VLAN for untagged frames
Which of the following needs to be configured to allow jumbo frames on a network? A. MTU B. IPS C. MIB D. MAC Explanation OBJ-2.3: MTU is the largest unit that can be transmitted across a network. If the MTU is set at a value above 1500, the network is configured to support jumbo frames. A media access control address is a unique identifier assigned to a network interface controller for use as a network address in communications within a network segment. Management information base (MIB) is a collection of definitions which define the properties of the managed object within the device to be managed (such as a router, switch, etc.). An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats.
A. MTU
(This is a simulated Performance-Based Question. If this was the real certification exam, you would be asked to drag-and-drop the correct encryption onto the APs.) Your company has purchased a new office building down the street for its executive suites. You have been asked to choose the BEST encryption for AP1, AP2, and AP3 to establish a wireless connection inside the main building for visitors to use. Your boss has stated that the main building's internal wireless network is only going to be used by visitors and should not require the visitors to set up any special configuration on their devices to connect. Which of the following is the BEST encryption to use from the options below to meet your manager's requirements for the new visitors' Wireless Network? A. Open B. WPA C. WEP D. WPA-CCMP E. WPA2-TKIP Explanation OBJ-5.4: Since your manager has required that the visitors not be required to configure anything on their devices to connect, the only option you can choose is Open. This option presents no security for the visitor's wireless network, but it also requires no setup on the user's devices. All of the other options would require a pre-shared key and set up to allow the visitor
A. Open
Which of the following policies or plans would dictate which type of virtual private network connections will be authorized for use by an organization's employees? A. Remote access policy B. Acceptable use policy C. Data loss prevention policy D. Password policy Explanation OBJ-3.2: A remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network. A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used. A data loss prevention policy is a document that defines how organizations can share and protect data. It guides how data can be used in decision-making without it being
A. Remote access policy
An analyst reviews a triple-homed firewall configuration that connects to the internet, a private network, and one other network. Which of the following would best describe the third network connected to this firewall? A. Screened Subnet B. Staging Environment C. Availability Zone D. Data Zone Explanation OBJ-4.1: A triple-homed firewall connects to three networks internal (private), external (internet/public), and a screened subnet (formerly called a demilitarized zone or DMZ). The screened subnet is used to host systems that require access from external hosts. Data zones describe the state and location of data to help isolate and protect it from unauthorized/inappropriate use-for example, as data transitions from raw storage, processing, production, and analytical use. Data zones are associated with data lakes and designed to help manage big data used by analysts and scientists for data exploration and discovery tasks. An availability zone is an individual data center within a region of a cloud service provider's network. A staging environment is a pre-production enclave used for testing and development.
A. Screened Subnet
You have been asked to select the best WAN connection for a new network at Dion Training. The company has stated that they must have a guaranteed throughput rate on their Internet connection at all times. Based on this requirement, what type of WAN connection should you recommend? A. T-1 B. DSL C. Dial-up D. Cable broadband Explanation OBJ-1.2: A T-1 connection provides a guaranteed 1.544 Mbps of throughput. Dial-up, DSL, and cable broadband do not provide a guaranteed throughput rate. Instead, these services provide a variable throughput rate based on network conditions and demand in the area of your business.
A. T-1
After installing some new switches in your network, you notice that a switching loop has begun to occur. You contact the manufacturer's technician support for your switches and they recommended that you enable 802.1d. Which of the following BEST represents why the manufacturer suggested this? A. The Spanning Tree Protocol uses BPDU to detect loops in network topologies B. The Spanning Tree Protocol uses split horizon to prevent loops in network topologies C. The Link Aggregation Control Protocol uses BPDU to detect loops in network topologies D. The Link Aggregation Control Protocol uses split horizon to prevent loops in network topologies Explanation OBJ-2.3: The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. The Spanning Tree Protocol operates at Layer 2 of the OSI model to detect switching loops. STP is defined in the IEEE 802.1d standard. The Link Aggregation Control Protocol (LACP) enables you to assign multiple physical links to a logical interface that will appear as a single link to a route processor. LACP is used to combine multiple network
A. The Spanning Tree Protocol uses BPDU to detect loops in network topologies
A network administrator is tasked with building a wireless network in a new building located next door to your company's office building. The wireless clients should not be able to communicate with other wireless clients but should be able to communicate with any wired users on the network. The users must be able to seamlessly migrate between the buildings while maintaining a constant connection to the LAN. How should the administrator configure the new wireless network in this new building? A. Use the same SSIDs on different channels and AP isolation B. Use the different SSIDs on the same channels with VLAN C. Use the same SSIDs on the same channels with AP isolation D. Use different SSIDs on different channels and VLANs Explanation OBJ-2.4: For users to be able to seamlessly migrate between the two buildings, both Access Points (AP) must use the same SSIDs. To prevent frequency interference, though, each device needs to select a different and non-overlapping channel to utilize. Finally, the AP isolation should be enabled. Access Point (AP) isolation is a technique for preventing mobile devices connected to an AP from communicating directly with each other.
A. Use the same SSIDs on different channels and AP isolation
What device is used to configure various hypervisor guests to use different VLANs in the same virtualization environment? A. Virtual Switch B. Virtual Router C. NIC teaming D. Virtual firewall Explanation OBJ-1.2: A virtual switch (vSwitch) is a software application that allows communication between virtual machines. A vSwitch does more than just forward data packets, it intelligently directs the communication on a network by checking data packets before moving them to a destination.
A. Virtual Switch
Which of the following should be implemented to allow wireless network access for clients in the lobby using a shared password as the key? A. WPA2 B. Geofencing C. IPsec D. Firewall Explanation OBJ-4.3: Wi-Fi Protected Access 2 Pre-Shared Key or WPA2-PSK is a system of encryption used to authenticate users on wireless local area networks using a shared password as the key. WPA2-PSK [AES] is the recommended secure method of making sure no one can listen to your wireless data while it is being transmitted back and forth between your router and other devices on your network. A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies, not a shared password. Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network and is used in virtual private networks. A geofence is a virtual perimeter for a real-world geographic area. Geofencing does not use shared passwords to secure your next, it uses GPS coordinates or other locat
A. WPA2
Mathan has just purchased a domain name and created an A record to bind his domain name to an IP address. Which of the following tools should he use to verify the record was created properly? A. dig B. tcpdump C. arp D. ipconfig Explanation OBJ-5.3: The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network. The tcpdump tool is a text-based packet capture and analysis tool that can capture packets and display the contents of a packet capture (pcap) file. The ipconfig command is used on Windows devices to display the current TCP/IP network configuration and refresh the DHCP and DNS settings on a given host.
A. dig
What is the network ID associated with the host located at 205.12.35.26/27? A. 205.12.35.48 B. 205.12.35.0 C. 205.12.35.36 D. 205.12.35.32 Explanation OBJ-1.4: In classless subnets using variable length subnet mask (VLSM), the network ID is the first IP address associated within an assigned range. In this example, the CIDR notation is /27, so each subnet will contain 32 IP addresses. This means that there eight networks in this class C range: 205.12.35.0, 205.12.35.32, 205.12.35.64, 205.12.35.96, 205.12.35.128, 205.12.35.160, 205.12.35.196, and 205.12.35.224. Since the IP address provided is 205.12.35.26, it will be in the 205.12.35.0/27 network.
B. 205.12.35.0
You have just finished installing a small network consisting of a router, a firewall, and a single computer. The computer is connected to the firewall and the firewall is connected to the router. What type of physical network topology have you created in this scenario? A. Star B. Bus C. Mesh D. Ring Explanation OBJ-1.2: As described, this network would resemble a physical bus network topology because the router connects directly to the firewall, and the firewall connects directly to the computer. This would form a single line (or bus) from one device to the next. A bus topology uses a single cable that connects all the included nodes and the main cable acts as a backbone for the entire network. A ring topology connects every device to exactly two other neighboring devices to form a circle. Messages in a ring topology travel in one direction and usually rely on a token to control the flow of information. A star topology connects all of the other nodes to a central node, usually a switch or a hub. A star topology is the most popular network topology in use on local area networks. A mesh topology connects every node directly to every other node. This creates a highly efficient and redunda
B. Bus
Which of the following policies or plans would dictate how an organization would respond to an unplanned outage of their primary internet connection? A. Incident response plan B. Business continuity plan C. Disaster recovery plan D. System life cycle plan Explanation OBJ-3.2: A business continuity plan is a document that outlines how a business will continue operating during an unplanned service disruption. A business continuity plan is more comprehensive than a disaster recovery plan and contains contingencies for business processes, assets, human capital and business partners, and essentially every other aspect of the business that might be affected. A disaster recovery plan is a documented, structured approach that documents how an organization can quickly resume work after an unplanned incident. These unplanned incidents include things like natural disasters, power outages, cyber attacks, and other disruptive events. An incident response plan contains a set of instructions to help our network and system administrators detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten dai
B. Business continuity plan
Last night, your company's system administrators conducted a server upgrade. This morning, several users are having issues accessing the company's shared drive on the network. You have been asked to troubleshoot the problem. What document should you look at first to create a probable theory for the cause of the issue? A. Physical network diagram B. Change management documentation C. Release notes for the server software D. Cable management plan Explanation OBJ-3.2: Since everything worked before the server upgrade and doesn't now, it would be a good idea to first look at the change management documentation that authorized the change/upgrade. This should include the specific details of what was changed and what things may have been affected by the change. This is the best place to start when determining what changed since yesterday. Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies.
B. Change management documentation
Jason wants to use his personal cell phone for work-related purposes. Because of his position, Jason has access to sensitive company data, which might be stored on his cell phone during its usage. The company is concerned about this but believes that it might be acceptable with the proper security controls in place. Which of the following should be done to protect both the company and Jason if they allow him to use his personal cell phone for work-related purposes? A. Establish an AUP that allows a personal phone to be used for work-related purposes B. Conduct real-time monitoring of the phone's activity and usage C. Establish an NDA that states Jason cannot share confidential data with others D. Establish a consent to monitoring policy so that the company can audit Jason's cell phone usage Explanation OBJ-3.1: While all four are good options, the BEST solution is to conduct real-time monitoring of the phone's activity since it is a technical control that could quickly identify an issue. The other options are all administrative controls (policies), which are useful but would not actually identify if the sensitive data was leaked from Jason's phone.
B. Conduct real-time monitoring of the phone's activity and usage
Which encryption type MOST likely is used for securing the key exchange during a client-to-server VPN connection? A. AES B. ISAKMP C. TKIP D. Kerberos Explanation OBJ-4.4: ISAKMP is used in IPsec, which is commonly used in securing the key exchange during the establishment of a client-to-server VPN connection. TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The Advanced Encryption Standard (AES) is a symmetric key encryption and is not used for key exchanges.
B. ISAKMP
(This is a stimulated Performance-Based Question.) You are a network administrator troubleshooting an issue with a newly installed web server. The web server is available to internal network users, but users outside the internal network (Internet users) cannot reach the server. You run a IPCONFIG and receive the configuration below: IP: 192. 168. 0. 10 NETMASK: 255. 255. 254. 0 GATEWAY: 192. 168. 0. 2 DNS: 10. 10. 0. 255 Which of the following is the MOST LIKELY reason why the server is unreachable from the Internet? A. The configured DNS server is not reachable by the webserver B. NAT has not been configured on the border firewall C. The gateway IP has been misconfigured D. The Layer 3 switch port connecting the webserver is blocking port 80
B. NAT has not been configured on the border firewall
Which of the following policies or plans would dictate the complexity requirements for a wireless network's shared secret key? A. Data loss prevention policy B. Password policy C. Acceptable use policy D. Remote access policy Explanation OBJ-3.2: A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. A data loss prevention policy is a document that defines how organizations can share and protect data. It guides how data can be used in decision-making without it being exposed to anyone who should not have access to it. The goal of a data loss prevention policy is to minimize accidental or malicious data loss. A remote access policy is a document t
B. Password policy
A company has just installed a VoIP system on its network. Before the installation, all of the switches were replaced with layer 3 multilayer switches to all for the VoIP devices to be placed on separate VLANs and have the packets routed accurately between them. What type of network segmentation technique is the an example of? A. Honeynet implementation B. Performance optimization C. Compliance enforcement D. Separate public/ private networking Explanation OBJ-4.1: Voice over Internet Protocol (VoIP) performance optimization can help a business improve the quality of its video and audio communications over the Internet by decreasing the size of the broadcast domain through the creation of VLANs. Each VLAN can contain the VoIP devices for a single department or business unit, and traffic is routed between the VLANs using layer 3 multilayer switches to increase the performance of the voice communication systems. Performance optimization helps companies bolster the availability, accessibility, security, and overall performance of their networks. Compliance enforcement involves dividing up one network into smaller sections to better control the flow of traffic across the network and to re
B. Performance optimization
A network's design includes gateways connecting an assembly-line network. The assembly-line network uses specialized cabling and interfaces to allow the assembly-line robots to communicate with one another. Which type of network would you classify this design as? A. CSU/DSU B. SCADA/ICS C. EIGRP D. NFV Explanation OBJ-2.1: Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS) are used in manufacturing and assembly-line networks. SCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Industrial control system (ICS) is a collective term used to describe different types of control systems and associated instrumentation, which includes the devices, systems, networks, and controls used to operate and/or automate industrial processes. Network Function Virtualization (NFV) is a way to reduce cost and accelerate service deployment for network operators by decoupling functions like a firewall or encryption from dedicated hardware and moving them to virtual servers. Enhanced Interior Gateway Rout
B. SCADA/ICS
A technician is setting up a new network and wants to create redundant paths through the network. Which of the following should be implemented to prevent performance degradation within the network? A. Port Mirroring B. Spanning tree C. VLAN D. ARP inspection Explanation OBJ-2.3: The Spanning Tree Protocol (STP) is a network protocol that builds a logical loop-free topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. If you have redundant links set up, it is important to utilize STP to prevent loops within the network. If a loop occurs, the performance of the entire network can be degraded due to broadcast storms. Port mirroring is used on a network switch to send a copy of network packets seen on one switch port to a network monitoring connection on another switch port. Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer
B. Spanning tree
A technician has been troubleshooting a network problem, has determined the likely cause of the issue, and implemented a solution. What is the NEXT step they should perform according to the CompTIA troubleshooting methodology? A. Establish a plan of action to resolve the problem B. Verify system functionality C. Document findings, actions, outcomes, and lessons learned D. Test the theory to determine the cause Explanation OBJ-5.1: The next step would be to "verify full system functionality and, if applicable, implement preventive measures" since you just finished the "implement a solution or escalate as necessary" step. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.
B. Verify system functionality
A network technician at a warehouse must implement a solution that will allow a company to track shipments as they enter and leave the facility. The warehouse workers must scan and concurrently upload large images of items to a centralized server. Which of the following technologies should they utilize to meet these requirements? A. Bluetooth B. Wi-Fi C. NFC D. RFID Explanation OBJ-2.4: Wi-Fi is the best solution to meet this organization's needs. 802.11ac is a very fast high-speed Wi-Fi network capable of 1 Gbps speeds over a 5 GHz spectrum and is perfect for uploading large image files quickly over a wireless local area network. Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. While the warehouse might want to also utilize RFID to allow for the accurate scanning of items using radio frequency tracking tags, RFID cannot upload large images of the items to the centralized server since it is limited to 2 KB of data per RFID tag. Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM bands, f
B. Wi-Fi
Dion Training is adding a new screen subnet that will host a large number of VDIs and wants to assign them a small portion of their public Class C IPv4 address space. Dion Training has been assigned a Class C scope of 187.15.3.0/24. There will be a total of 105 VDI clients that will each need an IP address assigned. What is the correct CIDR notation for the new subnet in order to accommodate the 105 VDI clients while allocating the minimum number of addresses? A. /28 B. /27 C. /25 D. /26 Explanation OBJ-1.4: To answer this question, you must be able to perform a basic subnetting calculation. First, you need to determine the number of IP addresses that will be needed. In this scenario, you have 105 clients that will each need an IP address, but you also need one IP address for the network and a second IP for the broadcast. This means you need 107 IP addresses total. IP addresses are assigned in multiples of 2 (1, 2, 4, 8, 16, 32, 64, 128, 256). Since we need 107 IP addresses, we need to round up to a block of 128. To symbolize a CIDR block with 128 IP addresses, we would use /25, which is 2^7 =128.
C. /25
Which of the following protocols are designed to avoid loops on a Layer 2 network? A. OSPF B. 802.1q C. 802.1d D. RIPv2 Explanation OBJ-2.3: The Spanning Tree Protocol is part of the 802.1d standard and avoids loops in the switching network (layer 2). The 802.1q standard is used to define virtual LANs (VLANs) on an ethernet network. RIPv2 is a layer 3 distance-vector protocol for local and wide-area networks, and does not prevent or avoid loops by default. Open Shortest Path First (OSPF) is a layer 3 link-state routing protocol that was developed for IP networks and is based on the Shortest Path First (SPF) algorithm. OSPF does not avoid or prevent loops by default. Instead, RIP and OSPF both rely on split horizon and route poisoning to avoid layer 3 loops.
C. 802.1d
Which of the following communication types can only be used with IPv6? A. Multicast B. Unicast C. Anycast D. Broadcast Explanation OBJ-1.4: Anycast only works with IPv6. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Broadcast only works with IPv4. Broadcast communication has one sender, but it sends the traffic to every device on the network. Multicasting is a technique used for one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only sends the signal once, which is then received by multiple hosts simultaneously. Multicast can be used with both IPv4 and IPv6. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.
C. Anycast
John is investigating a performance issue on a server and has begun by gathering its utilization statistics. John notices that the statistics are outside of the normal, acceptable ranges. What should John do next? A. Archive the logs B. Conduct a vulnerability scan C. Conduct a baseline review D. Conduct a port scan Explanation OBJ-3.1: John should conduct a baseline review to compare the statistics he collected against the previous baseline. He can then use this information further to investigate the drop in the server's performance. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.
C. Conduct a baseline review
A network technician wants to centrally manage the switches and segment the switches into separate broadcast domains. The Dion Training network is currently using VLAN 1 for all of its devices and uses a single private IP address range with a 24-bit mask. Their supervisor wants VLAN 100 to be the management subnet and all of the switches must share VLAN information. Which of the following should the technician configure to meet these requirements? A. Configure STP and 802.1w on the inter-switch connections with native VLAN 100 B. Configure VTP and 802.1x on all inter-switch connections with native VLAN 100 C. Configure VLSM for the IP address range D. Configure STP and 802.1q on the inter-switch connections with native VLAN 100 E. Configure VTP and 802.1q on the inter-switch connections with native VLAN 100 Explanation OBJ-2.2: The 801.q standard is used to define VLAN tagging (or port tagging) for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. Traffic should be properly tagged when combined over a single trunk port to ensure they are not sent to the wrong VLAN by mistake. If VLAN tagging is not enabled, all of the VLAN traffi
C. Configure VLSM for the IP address range E. Configure VTP and 802.1q on the inter-switch connections with native VLAN 100
A technician is attempting to resolve an issue with users on the network who cannot access websites like DionTraining.com and Google.com. The technician can ping their default gateway. DNS servers, and the websites using its IP address successfully. The technician tries to use the command "ping dionTraining.com" and receives an error message stating "Ping request could not find host diontraining.com." Which of the following actions should the technician attempt next to resolve this issue? A. Use NSLOOKUP to resolve the URLs manually B. Ensure ICMP messages transit through the firewall C. Ensure port 53 is enabled on the firewall D. Update the HOST file with the URL and IP for the websites Explanation OBJ-5.5: The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. When a client wants to access a website, it will make a request to the DNS server over port 53 to translate the domain name to its corresponding IP address. Since the technician is only able to access the servers using their IP addresses, this validates that the connectivity is functioning correct
C. Ensure port 53 is enabled on the firewall
You have been assigned to assist with deploying a new web-based application to your company's intranet. After installing the application, it was identified that the database server is becoming overloaded by the number of requests that the users create. The team lead has proposed adding a device between the web server and the database server to alleviate the issue. Which of the following is being implemented by adding this new device? A. Conduct port sniffing and protocol analysis B. Implement clustering and NIC teaming on the database server C. Implement load balancing and provide high availability D. Conduct content filtering and network analysis Explanation OBJ-3.3: The device being added is most likely a load balancer. Adding this device will allow the delivery team to install a series of database servers to handle the requests by dividing the incoming requests among the various servers. NIC teaming would be an action that occurs on the database server itself. It is not a separate device. The other options are focused on troubleshooting efforts, not increasing the database server's capability or availability.
C. Implement load balancing and provide high availability
Which of the following network performance metrics is used to represent variable delay experienced by a client when receiving packets from a sender? A. Bandwidth B. Latency C. Jitter D. Throughput Explanation OBJ-3.2: Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video conferences, voice-over IP, and virtual desktop infrastructure clients. Latency is the measure of time that it takes for data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a workstation to the distant end and back. Throughput is an actual measure of how much data is successfully transferred from the source to a destination. Bandwidth is the maximum rate of data transfer across a given network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a source to a destination under ideal conditions. Therefore, we often measure throughput, instead of bandwidth, to monitor our network performance.
C. Jitter
A company owns four kiosks that are near a shopping center. The owner is concerned about someone accessing the Internet via the kiosk's wireless network. What should be implemented to provide wireless access only to the employees working at the kiosk? A. Firewall B. Web Filtering C. MAC Filtering D. Host-Based antivirus Explanation OBJ-4.3: MAC Filtering will control access to the network by restricting access to only certain devices. MAC address filtering allows you to block traffic coming from certain known machines or devices. The router uses the MAC address of a computer or device on the network to identify it and block or permit access. Traffic coming in from a specified MAC address will be filtered depending upon the policy. In this scenario, you should implement an allow list that only allows approved MAC addresses to connect to and communicate over the wireless network.
C. MAC Filtering
You have just moved into a new apartment in a large building. Your wireless network is acting strangely, so you are worried that it may be due to interference from the numerous other wireless networks in each of the other apartments in this building. You want to determine what wireless signals are within the walls of your apartment and their relative strength. What technique should you utilize to determine whether the nearby wireless networks are causing interference with your own Wi-Fi network? A. Perform a bandwidth speed test B. Perform a packet capture C. Perform a site survey D. Perform a port scan Explanation OBJ-5.4: If you suspect interference within your apartment or other personal spaces, you should conduct a site survey to identify what wireless signals are emanating into your apartment and the RSSI of those signals. This will allow you to choose the least used frequency/channel to increase your own signal strength and reduce the wireless network's interference. For example, if you are using a 2.4 GHz wireless network, you should aim to use either channel 1, 6, or 11 to minimize interference.
C. Perform a site survey
Dion Training has configure a new web server and connected to their screened subnet. A network technician wants to ensure the server is properly hardened and that it only allows inbound HTTPS requests while blocking any HTTP requests. Which of the following tools should the technician utilize? A. Nslookup B. IP scanner C. Port Scanner D. NetFlow analyzer Explanation OBJ-5.3: A port scanner is used to determine which ports and services are open and available for communication on a target system. The port scanner will scan the server and display any open ports. If the technician finds that port 443 (HTTPS) is open and all other ports are closed, then they know the server has been properly hardened. A NetFlow analyzer is used to perform monitoring, troubleshooting, inspection, interpretation, and synthesis of network traffic flow data. An IP scanner is used to monitor a network's IP address space in real-time and identify any devices connected to the network. The nslookup command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The nslookup command has an interactive and non-interactive mode.
C. Port Scanner
Your boss is looking for a recommendation for a cloud solution that will only allow your company's employees to use the service while preventing anyone else from accessing it. What type of cloud model would you recommend to ensure the contents are best secured from those outside your company? A. Community Cloud B. Public Cloud C. Private Cloud D. Hybrid Cloud Explanation OBJ-1.8: A private cloud service would be the best recommendation to protect and secure the services from those outside the company from accessing its contents. The private cloud is defined as computing services offered either over the Internet or a private internal network and only to select users instead of the general public. Private cloud computing gives businesses many of the benefits of a public cloud including self-service, scalability, and elasticity with the additional control and customization available from dedicated resources over a computing infrastructure hosted on-premises. Private clouds also deliver a higher level of security and privacy through both company firewalls and internal hosting to ensure operations and sensitive data are not accessible to third-party providers. A public cloud contains service
C. Private Cloud
Dion Training wants to purchase an email marketing solution to better communicate with their students. A promising new startup has a new offering to provide access to their product from a central location rather than requiring Dion Training to host the product on their internal network. Dion Training wants to ensure that their sensitive corporate information is not accessible by any startup's other clients. Which type of cloud server should Dion Training look to purchase to meet these needs? A. Public SaaS B. Hybrid IaaS C. Private SaaS D. Community IaaS Explanation OBJ-1.8: SaaS (Software as a Service) is a cloud model whereby a service provider provides a software service and makes the service available to customers over the Internet. Examples of SaaS solutions include Microsoft Office 365, Microsoft Exchange Online, and Google Docs. Because of the concerns with sensitive corporate information being processed by the SaaS, Dion Training should ensure a Private SaaS is chosen. A private cloud is a particular model of cloud computing that involves a distinct and secure cloud-based environment in which only the specified client (Dion Training in this case) can operate. A public cloud cont
C. Private SaaS
The corporate network uses a centralized server to manage credentials for all of its network devices. What type of server is MOST likely being used in this configuration? A. Kerberos B. FTP C. RADIUS D. DNS Explanation OBJ-4.1: RADIUS is used to manage credentials for network devices centrally. Remote Authentication Dial-In User Service is a networking protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service. TACACS+ is an older username and login system that uses authentication to determine access, while RADIUS combines authorization AND authentication. For this question, either RADIUS or TACACS would be an acceptable answer. Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos is used in Windows Active Directory domains for authentication. The domain name system (DNS) protocol is the protocol used to provide names for an IP address based on their mappings in a database using TCP/UDP port 53. The file transfer protocol (FTP) is the protocol used to trans
C. RADIUS
A network technician has just installed a new point-to-point 200-meter single-mode fiber link between two local routers within the Dion Training offices. The fiber has been connected to each router, but the interface fails to come up. The network technician has double-checked the interface configuration on both routers, both SFPs have been hard looped to confirm they are functioning, connectors on both ends of the links have been cleaned, and there is sufficient power. What is the MOST likely cause of the problem? A. Wrong IP address B. Distance limitations C. Wavelength mismatch D. Duplex mismatch Explanation OBJ-5.2: Wavelength mismatch occurs when two different transceivers are used at each end of the cable. For example, if one SFP uses a 1310nm transceiver and the other end uses a 850 nm transceiver, they will be unable to communicate properly and the link will remain down. A duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half-duplex while the other one operates in full-duplex. The effect of a duplex mismatch is a link that operates inefficiently. All networking cables have a limited supported distance. For exa
C. Wavelength mismatch
You are assisting a member of Dion Training's security team during an incident response. The team member asks you to determine if any strange TCP connections are occurring on a given workstation. You open the command prompt on the workstation. Which of the following tools would provide you with information on any TCP connections currently established on the workstation? A. tracert B. route C. netstat D. arp Explanation OBJ-5.3: Netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (incoming and outgoing), routing tables, and several network interface and network protocol statistics. It is useful when determining if a workstation is attempting outbound connections due to malware (beaconing activity) or has ports open and listening for inbound connections. The tracert command is used on Windows devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. The arp command is used to view and modify the local address resolution protocol (ARP) cache of a device, which contains recently resolved MAC addresses of IP hosts on the network
C. netstat
Which of the following IEEE specifications describes the use of power over ethernet (POE)? A. 802.1x B. 802.3ad C. 802.1d D. 802.3af Explanation OBJ-2.3: Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af. The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network. This defines port security. The user's identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.
D. 802.3af
Your company has installed a guest wireless network in the break room. According to company policy, employees may only connect to the network and use it during their lunch break. Which of the following policies should you have each employee sign to show they understand and accept the use conditions for this guest network? A. MOU B. NDA C. SLA D. AUP Explanation OBJ-3.2: An acceptable use policy (AUP), acceptable usage policy, or fair use policy is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. In this scenario, this is the most appropriate policy to utilize. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share for certain purposes, but wish to restrict access to. A serv
D. AUP
Which of the following weaknesses exist in WPS-enabled wireless networks? A. Utilizes TKIP to secure the authentication handshake B. Utilizes a 40-bit encryption key C. Utilizes a 24-bit initialization vector D. Brute force occurs within 11,000 combinations Explanation OBJ-2.4: The most prominent attack against WPS0-enabled wireless networks involves brute-forcing the 8-digit PIN that client uses to enroll their devices without knowing the pre-shared key. WPS checks each half of the PIN individually, reducing the number of possible combinations from a maximum of 100,000,000 to only 11,000. This only takes a few minutes to crack on most modern computers, as long as the WAP doesn't have a lockout after a certain number of failures. The lockout mechanism may also be triggered based on the client's MAC, so you can often spoof MAC to bypass this defense.
D. Brute force occurs within 11,000 combinations
Which media access control technology will listen to a cable to ensure there is no traffic being transmitted before sending its traffic but will implement a back-off timer if a collision does occur? A. Token B. CSMA/CA C. Demand priority D. CSMA/CD Explanation OBJ-2.3: In networking technologies that use CSMA/CD as their access method, a device first listens to the network media to make sure there is no signal already present from another device before it tries to place its own signal on the media. If a carrier signal is detected on the media, which indicates that a device is currently transmitting a signal, no other device can initiate a transmission until the carrier stops. If no carrier is detected, any device can transmit a signal. If two devices listen to the wire and detect no carrier signal, they may decide to send signals simultaneously. If this happens, a collision occurs between the two signals generated. Next, both devices detect the collision and stop transmitting their signals immediately, sending out a jamming signal that informs all other devices on the network that a collision has occurred and should not transmit. Meanwhile, the two devices whose signals created the col
D. CSMA/CD
What would be used in an IP-based video conferencing deployment? A. NFC B. RS-232 C. 56k modem D. Codec Explanation OBJ-2.1: The term "codec" is a concatenation of "encoder" and "decoder." In video conferencing, a codec is a software (or can be hardware) that compresses (encodes) raw video data before it is transmitted over a network. Generally, audio/video conferencing systems utilize the H.323 protocol with various codecs like H.263 and H.264 to operate. A 56k modem is a legacy device, also called a dial-up modem. These devices are too slow to allow an IP-based video conferencing system deployment. RS-232 is a standard protocol used for serial communication, and is too slow to support IP-based video conferencing systems. Near Field Communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 4cm or less to initiate a connection. NFC is not used with IP-based video conferencing systems.
D. Codec
You have recently been hired as a security analyst at Dion Training. On your first day, your supervisor begins to explain the way their network is configured, showing you the physical and logical placement of each firewall, IDS sensor, host-based IPS installion, the networked spam filter, and the DMZ. What best describes how these various devices are placed into the network for the highest level of security? A. Load balancer B. Network segmentation C. UTM D. Defense in depth Explanation OBJ-4.1: Defense in depth is the concept of layering various network appliances and configurations to create a more secure and defensible architecture. Dion Training appears to be using various host-based and network-based devices to ensure there are multiple security layers in the network.
D. Defense in depth
Which of the following is a logical host on the network that is configured with known vulnerabilities so that an attacker's techniques can be studied in order to improve your network defenses? A. Virtual terminal B. Botnet C. CVE D. Honeypot Explanation OBJ-4.1: A honeypot is a computer security mechanism set to detect, deflect, or in some manner counteract attempts of unauthorized use of information systems. A honeypot is a security mechanism that creates a virtual trap to lure attackers. An intentionally compromised computer system allows attackers to exploit vulnerabilities so you can study their techniques and improve your security policies. The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. CVE is a website and database, not something you install or configure on your network. A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them. A virtual terminal allows a PC to connect to a remote server, usually to perform a file transfer or run an application.
D. Honeypot
Dion Training's corporate network appears to be suffering from a broadcast storm and you have been asked to assist in troubleshooting. You just arrived in the main distribution frame and see another technician looking at the equipment rack. What step of the troubleshooting methodology should you perform NEXT? A. Establish a plan of action to resolve the problem B. Establish a theory of probable cause C. Test a theory to determine the cause D. Identify the problem Explanation OBJ-5.1: The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned. Since you just arrived at the main distribution frame, you need to begin by identifying the problem. This could include gathering information, questioning users or the other technician, identifying symptoms, determining if anything has changed, or trying to duplicate the prob
D. Identify the problem
Today, your company's network started to experience network connectivity issues for various workstations around the company. As you begin troubleshooting, you identify that all the workstations receive their connectivity from a single switch on the 3rd floor of the office building. You start searching the 3rd floor for the cause of this issue and find a small wired router plugged into a network jack in the sales manager's office. From this small wired, he has connected his workstation and a small Smart TV to watch Netflix while working. You question the sales manager about when he brought in the new router. He states that he just hooked it up this morning. What type of issue did the sales manager accidentally introduced into the network by installing the router? A. Switching Loop B. Evin Twin C. VLAN mismatch D. Rogue DHCP server Explanation OBJ-5.5: Routers usually contain their own DHCP servers. When the sales manager installed the wired router, he inadvertently introduced a secondary DHCP server into the network. This could cause the same IP addresses to be assigned to two different workstations, resulting in connectivity issues for those workstations. Had the sales manager installed
D. Rogue DHCP server
Dion Training has just purchased a new domain name and needs to indicate which DNS server is the definitive information source for the domain. Which type of DNS record should be created? A. A B. AAAA C. MX D. SOA Explanation OBJ-1.6: A Start of Authority (SOA) resource record indicates which Domain Name Server (DNS) is the best source of information for the specified domain. An AAAA record associates your domain name with an IPv6 address. An A record associates your domain name with an IPv4 address. An MX record is used for outgoing (SMTP) and incoming (POP3/IMAP) traffic.
D. SOA
There are two switches connected using both a Cat 6 cable and a Cat 5e cable. Which type of problem might occur with this setup? A. Auto-sensing ports B. Missing route C. Improper cable types D. Switching loop Explanation OBJ-2.3: A switching loop is when there is more than one Layer 2 path exists between two endpoints. This can be prevented by using the STP (Spanning Tree Protocol). The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Both Cat 6 and Cat 5e are compatible with each other and can both operate at speeds of up to 1000 Mbps (1 Gbps), so it is not an improper cable type issue. Auto-sensing ports refer to a feature found in network adapters that allows them to automatically recognize the current local network's speed and adjust its own setting accordingly. This would not be an issue since the switch can detect the appropriate speed to use with the Cat 6 and Cat 5e cables. Routes are used at layer 3, but switches are layer 2 devices. Therefore, the switches do not need to use a route to pass traffic
D. Switching loop
Which of the following protocols must be implemented for two switches to share VLAN information? A. PPTP B. STP C. MPLS D. VTP Explanation OBJ-2.3: The VLAN Trunking Protocol (VTP) allows a VLAN created on one switch to be propagated to other switches in a group of switches in a VTP domain. Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches to ensure that you do not create loops when you have redundant paths in your network. Multiprotocol Label Switching is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows. The Point-to-Point Tunneling Protocol is an obsolete method for implementing virtual private networks. MPLS, STP, and PPTP are not used to share VLAN information like VTP and the 802.1q standard do.
D. VTP
