Network+ Practice Test C
Which layer of the OSI model is the functioning layer for ATM? A. Application Layer B. Data link Layer C. Network Layer D. Session Layer
Answer B is correct. Asynchronous Transfer Mode (ATM) is a Layer 2 (Data link Layer) WAN technology that operates using the concept of private virtual circuits (PVCs) and switched virtual circuits (SVCs). It uses a high-speed cell switching technology that can handle data as well as real-time voice and video. The ATM protocol breaks up transmitted data into 53-byte cells. A cell is analogous to a packet or frame, except that an ATM cell is always fixed in length and is relatively small and fast, whereas a frame's length can vary. ATM switches these small cells through an ATM network very quickly by setting up a virtual connection between the source and destination nodes.
Which of the following ping command options specifies the time stamp for count hops in IPv4 addresses only? A. -i TTL B. -f C. -n count D. -s count
Answer D is correct. The ping -s count command specifies the time stamp for count hops in IPv4 addresses only. Answer A is incorrect. The ping -i TTL command specifies the Time to Live (TTL) of the packet. Answer B is incorrect. The ping -f command sets the Don't Fragment flag in the packet for IPv4 addresses only. Answer C is incorrect. The ping -n count command specifies the number of echo requests to send.
How many broadcast domains are created when an unmanaged 12-port switch is used? A. 0 B. 1 C. 6 D. 12
Answer B is correct. All devices on a switch belong to the same broadcast domain unless different VLANs are configured. Therefore, there will be only one broadcast domain for any unmanaged switch. VLANs are used to create additional broadcast domains on switches.
Which of the following IP addresses is reserved for private use? A. 197.168.3.100 B. 172.168.5.0 C. 10.100.200.0 D. 169.253.10.20
Answer C is correct. Private IP addresses are not routable on the Internet. They are intended for use on private networks only. There are three ranges reserved for private, non-routable IP addresses.
A technician is troubleshooting a customer's network connectivity issue. He needs to determine the IP address of the customer's router. The customer has an IP address of 192.168.1.55/24. Which of the following is the address of the customer's router? A. 192.168.100.1 B. 192.168.0.5 C. 192.168.1.1 D. 192.168.5.55
Answer C is correct. The given IP address is a Class C address with a default class C (/24) subnet mask. A 24-bit subnet mask will result into only one subnet. Converting in binary, the /24 subnet mask will be 11111111. 11111111. 11111111. 00000000. There are 8 host bits which results into 254 hosts (2n-2, where n is number of host bits). Therefore, the subnet address will be 192.168.1.0, the broadcast address will be 192.168.1.255, and the assignable addresses will be from 192.168.1.1 to 192.168.1.254. The first assignable IP address on the network is normally assigned to the router, which is the default gateway address of the network. Therefore, 192.168.1.1 will be the IP address of the customer's router.
Which DNS record is used to resolve hostnames for IPv6 addresses? A. A B. SOA C. CNAME D. AAAA
Answer D is correct. The AAAA record is an IPv6 address record that maps a hostname to an IPv6 address. It is used to resolve hostnames for IPv6 addresses. Answer A is incorrect. The A record is an IPv4 address record that maps a hostname to an IPv4 address. Answer C is incorrect. The CNAME record is an alias of an existing record that allows multiple DNS records to map to the same IP address. Answer B is incorrect. The SOA record is a start of authority record that provides authoritative information about a DNS zone.
Which of the following leased line has a maximum data rate of 1.544Mbps? A. T1 B. E1 C. T3 D. E3
Answer A is correct. T1 circuits were originally used in telephony networks, with the intent of one voice conversation being carried in a single channel (that is, a single DS0). A single 64Kbps channel is called a Digital Signal 0 (DS0). A T1 circuit consists of 24 DS0s, and the bandwidth of a T1 circuit is 1.544Mbps. Answer B is incorrect. An E1 circuit contains 32 DS0s and has a bandwidth capacity of 2.048Mbps. Answer C is incorrect. A T3 circuit contains 672 DS0s into a single physical connection and has a bandwidth capacity of 44.7Mbps. Answer D is incorrect. An E3 circuit consists of 16 E1 (512 DS0s) and has an increased bandwidth of 34.4Mbps.
A network administrator has configured RIPv2 as the routing protocol for the company's network. What metric will be in use for deciding the best path to the network? A. Bandwidth B. Hop count C. Cost D. Infinite
Answer B is correct. Routing Information Protocol (RIP) is a distance-vector routing protocol that uses a metric of hop count. It has a maximum allowable hop count of 15 by default and a hop count of 16 would be deemed unreachable. RIP is considered to be an IGP. RIP version 2 (RIPv2) is mostly the same as RIPv1. The main difference is RIPv2 being a classless routing protocol while RIPv1 is a classful routing protocol. It is also more scalable than RIPv1.
An attacker after gaining access to a facility, places a wireless access point to make it look as though it belongs to the network. He then begins eavesdropping on the wireless traffic. Which of the following attacks has he performed? A. Evil twin B. War chalking C. Logic bomb D. War driving
Answer A is correct. Evil twin is a technique where an attacker sets up a wireless network that masquerades as a legitimate Wi-Fi hotspot. Then the attacker scans network traffic to discover passwords and other sensitive information. Answer B is incorrect. War chalking is a process in which once an open WLAN (or a WLAN whose SSID and authentication credentials are known) is found in a public place, a user might write a symbol on a wall (or some other nearby structure) to let others know the characteristics of the discovered network. Answer C is incorrect. A logic bomb is an attacker's malicious code that resides in a software system and will be triggered when certain conditions are met. Answer D is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere.
n organization has been facing an increased number of successful social engineering attacks. Which of the following can help in reducing these attacks in the near future? A. End-user awareness training B. Acceptable use policy C. Vulnerability analysis D. Memorandum of understanding
Answer A is correct. In social engineering, attackers sometimes use social techniques (which often leverage people's desire to be helpful) to obtain confidential information. Hackers further exploit this information to gain access to a user's computer or network. In social engineering, the mental ability of people is involved to trick someone rather than their technical skills. The best way to reduce social engineering attacks is end-user awareness training. It helps employees understand their responsibilities and how they should behave so that they can help protect the organization's information and critical data. Answer B is incorrect. An acceptable use policy (AUP) defines a set of rules that restrict how a network or a computer system may be used. It defines what a user can or cannot do with his or her computer during business hours. For example, using company's Internet connection for checking sports scores or social media websites may be unacceptable or inappropriate according to the AUP policy. Answer D is incorrect. The memorandum of understanding (MOU) is an agreement between two or more organizations that details a common line of action. It is often used in cases where parties do not have a legal commitment or in situations where the parties cannot create a legally enforceable agreement. Answer C is incorrect. Vulnerability analysis, also known as vulnerability assessment, is a process that defines systematic examination of a critical infrastructure, and identifies and classifies security vulnerabilities in a computer, network, or communications infrastructure.
An organization has been provided a limited IP address range from the ISP. With increasing users on the company's network, the company wants to use a method that can translate internal network IP addresses to external ones. Which of the following should be used to achieve this? A. NAT B. VLANs C. ACL D. DMZ
Answer A is correct. Network Address Translation (NAT) is the translation of an IP address used within one network to a different IP address known within another network. One network is designated as the inside network and the other is designated as the outside. NAT allows private IP addresses (as defined in RFC 1918) to be translated into Internet-routable IP addresses (public IP addresses). Two approaches to NAT are called DNAT and SNAT. Static NAT is designed to allow one-to-one mapping between local and global addresses, while Dynamic NAT maps an unregistered IP address to a registered IP address from a pool of registered IP addresses. Answer D is incorrect. A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Answer C is incorrect. Access control lists (ACLs) are rules usually applied to router interfaces that specify permitted and denied traffic. Firewalls along with ACLs provide enhanced security for filtering the traffic flowing through a network. Answer B is incorrect. VLANs are logically segmented switched networks that provide complete independence of the physical and logical topologies. VLANs are configured to supply segmentation services, flexibility, and security in LAN configurations. All workstations and servers of a particular workgroup are configured for the same VLAN.
A network technician is receiving complaints from the management board that they are unable to do meetings from the conference room. The network is too slow and there are frequent disconnections. The network technician finds that the conference room and cafeteria are located on either side of a single hallway where there is only one access point. He also observers that there are large number of people in the cafeteria. Which of the following best describes the cause of this issue? A. Overcapacity B. Incorrect WAN standard C. SSID Mismatch D. Channel overlap
Answer A is correct. Overcapacity is the main cause of the issue, as there is only a single access point connecting the users in the conference room and cafeteria. Wireless users share the same frequency channel to communicate to the same access point. If too many users are connecting to the same access point at the same time, they will start experiencing slowness and packet drops due to overcapacity. Answers B and C are incorrect because if there is any error in manually configuring WAN standard or SSID, the users will not be able to connect to the access point at all. Answer D is incorrect because channel overlap occurs when the wireless frequencies from two or more access points overlap and it causes interference resulting into intermittent connectivity or a drop in signal-to-noise ratio.
A network technician receives an urgent call from a user. The user faced a wireless connectivity issue and demanded an immediate resolution. The technician begins offering suggestions for a fix. The first few suggestions do not resolve the issue. Which of the following steps in the troubleshooting methodology should the technician have performed first? A. Identifying the problem B. Verifying system functionality C. Establishing a theory of probable cause D. Documenting findings
Answer A is correct. The first step in the troubleshooting methodology should always be Identifying the problem. An effective troubleshooting begins with a clear problem definition. This involves gathering more information from the users by questioning, duplicating the problem if necessary, identifying symptoms, and determining if anything has changed. This helps a technician to get a better insight about the problem and an assumption regarding the cause of the problem can be made. Answers B, C, and D are incorrect because these are further steps to be followed in the troubleshooting methodology. The steps of the troubleshooting methodology in order are: Identify the problem. Establish a theory of probable cause. Test the theory to determine the cause. Establish a plan of action to resolve the problem and identify potential effects. Verify full system functionality and, if applicable, implement preventive measures. Document findings, actions, and outcomes.
Ann, a user on a company's network, is not able to access the shared printer and other resources. However, she can reach the Internet. Other users are not having any such problem. What can be the cause of this issue? A. Incorrect VLAN assignment B. Misconfigured default gateway C. Incorrect DNS configuration D. Duplex mismatch
Answer A is correct. The issue is arising due to incorrect VLAN assignment. If a user is accidentally assigned to the wrong VLAN in a switch, it's as if that the user is transported to another place in the network. This explains Ann's inability to communicate with the printer, as she is on a different VLAN. Answer D is incorrect because a duplex mismatch would result in slow communication. Answer C is incorrect because if a host has an incorrect DNS configuration, the host will be unable to, for example, browse the Internet using domain names (as opposed to IP addresses). Answer B is incorrect because a misconfigured default gateway will not allow users on one subnet to connect to the Internet while they can still be able to efficiently communicate with each other.
A network technician in a company has decided to teach basic network troubleshooting to some of the end-users. However, it has to be done remotely and most of the users are non-technical. Which of the following documents should the network technician consider for effective transfer of knowledge? A. Equipment labeling B. Acceptable use policy C. Rollback Process D. Baseline
Answer A is correct. The network technician should be using the equipment labeling document for effectively making the users understand about the network and the used devices. Since the users are non-technical, they have to be made aware of each and everything to prevent confusion and mistakes when they make changes to any device or network configuration. The following areas will prove helpful: Port Labeling: Ports on switches, patch panels, and other systems should be properly labeled, and the wall outlets to which they lead should match. System Labeling: Systems that are installed in racks, such as servers, firewall appliances, and redundant power supplies, should also be labeled with IP addresses and DNS names that the devices possess. Circuit Labeling: Circuits entering the facility should also be labeled. Label electrical receptacles, circuit breaker panels, and power distribution units. Include circuit information, voltage and amperage, the type of electrical receptacle, and where in the data center the conduit terminates. Naming Conventions: A naming system or convention, which guides and organizes labeling and ensures consistency. Answer B is incorrect. An acceptable use policy (AUP) defines a set of rules that restrict how a network or a computer system may be used. It defines what a user can or cannot do with his or her computer during business hours. This policy is sometimes referred to as a fair use policy. Answer C is incorrect because a rollback process document will be needed only after the users are well aware of the network and they have to make some changes to the network. A rollback process document contains the plans for reversing the changes and recovering from any adverse effects from the change. Those making the changes should be completely briefed in these rollback procedures, and they should exhibit a clear understanding of them prior to implementing the changes. Answer D is incorrect because a baseline is a collection of data portraying the characteristics of a network under normal operating conditions. It is a document that contains performance statistics for computers and other devices in the network. Administrators record a device's or a network's baseline performance when they make any changes or upgrade in the network.
A network technician in a company has to assist a security team that wants to capture all traffic on a single subnet between the router and the core switch. The team has to ensure that there are only a single collision and a broadcast domain between the router and the switch to collect the traffic easily. Which of the following should the technician install to best meet the goal? A. Hub B. Media converter C. Bridge D. Router
Answer A is correct. The technician should install a hub for this purpose. A hub is a simple device operating at Layer 1 of the OSI model. It does not make forwarding decisions and is used for connecting a small network. All devices connected to a hub belong to the same collision domain and broadcast domain. A hub is a multiple-port repeater, which receives a digital signal and reamplifies or regenerates it and then forwards it out to all active ports without looking at any data. Answer D is incorrect because unlike a hub, each port on a router is a separate collision domain and a separate broadcast domain. Answer C is incorrect because even though all ports on a bridge belong to the same broadcast domain, the number of collisions domains are one per port. Therefore, a bridge divides a network into separate collision domains. Answer B is incorrect because a media converter is used to convert from one media type to another. For example, from one mode of fiber to another mode or from fiber to Ethernet.
A network technician has recently performed an upgrade to all of its printers to connect multi-function devices. Now, users can print to the new devices, but they also need the ability to scan and fax files from their computers. Which of the following should the technician update to allow this functionality? A. Printer firmware B. Device software C. NIC drivers D. Printer drivers
Answer A is correct. The technician should perform an update to the printer firmware to add the additional functionality of allowing users to scan and fax files apart from printing. Firmware updates are either designed to correct a bug or flaw in the system or increase the functionality of a device by adding new features. The process of updating firmware is known as flashing in which the new firmware instructions are written over the old ones. Answers B and D are incorrect because the technician has already performed the upgrade to all the printers that includes the update to drivers and software. Answer C is incorrect because there is no connectivity issue between the printers and the user's devices. Therefore, there is no need to update the NIC drivers.
In an organization, many users are reporting that they are unable to access the Internet in the evening. Users working in the day shift are not having such problem. Which of the following can be the cause of this issue? A. MAC filtering B. Time-based ACL C. Jamming D. Port security
Answer B is correct. Access Control List (ACL) is the most commonly used method to implement a procedure to control inbound and outbound traffic on a network. Access control lists (ACLs) are rules usually applied to router interfaces that specify permitted and denied traffic. Firewalls along with ACLs provide enhanced security for filtering the traffic flowing through a network. The rules in the ACL specify which combinations of source IP address, destination address in IP port numbers are allowed. ACLs can also be time-based that enables a network administrator to apply firewall rules based on particular times of the day, the day of the week, or the day of the month. This helps in providing more control over permitting or denying access to resources. For example, employees may not be able to access Internet after their working hours in the evening or during lunch hours, and so on. Answer A is incorrect. MAC address filtering is a security method that enables a device to allow only certain MAC addresses to access a network. It can be configured on a Wireless Access Point (WAP) to allow only certain system MAC addresses to communicate with the rest of the network. Answer D is incorrect. Port security is used to block input based on the media access control (MAC) address to an Ethernet, Fast Ethernet, or Gigabit Ethernet port. It denies the port access to a workstation when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port. Answer C is incorrect. Jamming is the transmission of radio signals that disrupt communications by decreasing the signal to noise ratio. It is a technique that an attacker can use to implement a denial-of-service (DoS) attack against a legitimate wireless network.
Ann, a network technician is replacing the existing cables in her company's remote location. She has to re-install a new cabling solution that will have 10 Gbps speed and can also be run between the structural and drop-down ceilings providing safety in case of fires. Which of the following will best meet this requirement? A. STP B. Plenum, Cat 6a C. PVC, Cat 6 D. Plenum, Cat 6
Answer B is correct. Cat 6a plenum rated cables will best meet the requirement of having 10 Gbps speed and providing safety in case of fires and accidents. Cat 6a cables support twice as many frequencies as Cat 6 and can be used for 10GBASE-T networks, which can transmit data at a rate of 10 billion bits per second (10 Gbps). Also, whenever a cable is used in an enclosed environment, like between the structural and drop-down ceilings, security becomes an important factor. As enclosed spaces are often humid and vulnerable to temperature extremes, it becomes important to plan properly for such conditions. In case of fire, normal cable produces toxic gas. Therefore, plenum-rated cables are used for such spaces. Answers D and C are incorrect because Cat 6 cables are used for 1000BASE-T and carry data at a rate of 1 Gbps. Also, PVC can produce toxic gases in case of fires. Answer A is incorrect because both unshielded twisted pair (UTP) cable and shielded twisted pair (STP), as well as coaxial cables are available in plenum and non-plenum varieties. Therefore, it specifically had to be a plenum-rated cable for use in the plenum area.
A network technician wants to implement a network topology that is scalable and easy to troubleshoot. Which of the following topologies would the network technician use? A. Mesh B. Star C. Bus D. Ring
Answer B is correct. Star topologies are the easiest to troubleshoot and can easily scale to large sizes. A star network topology is the most common network in use today. In this, the components or nodes connect back to a centralized device, such as a switch. If one of the nodes fails, other will continue to work, thus minimizing the risk of failure of entire network. Answer C is incorrect. A bus network topology typically uses a cable running through the area requiring connectivity. Devices that need to connect to the network then tap into this nearby cable. A fault in the cable or any device can cause failure of the entire network. Answer A is incorrect. A mesh topology connects every device to every other device using a series of point-to-point connections. This makes the mesh topology very expensive and difficult to scale, but it creates several possible signal paths, providing a high level of fault tolerance. Answer D is incorrect. A ring topology connects every computer to two other computers, forming a physical "ring." In a ring topology, signals generally travel in one direction around the ring as they are passed from one computer to another. If a cable failure occurs, there is a break in the ring, which causes the entire network to stop responding.
A network technician in a company reports to the management that multiple switches require a major update. Which of the following should be followed for the accomplishment of this task? A. Non-disclosure agreement B. Change management policy C. Acceptable use policy D. Statement of work
Answer B is correct. The change management policy explains the process by which changes are permitted in the network. This often consists of a series of approvals and testing steps. The change management policy outlines the steps involved in suggesting, considering, planning, executing, and documenting any change in the network configuration. This document helps in ensuring the accuracy of network information and can also prove critical in security response and troubleshooting operations. Answer C is incorrect. An acceptable use policy (AUP) defines a set of rules that restrict how a network or a computer system may be used. It defines what a user can or cannot do with his or her computer during business hours. This policy is sometimes referred to as a fair use policy. Answer D is incorrect. A statement of work (SOW) spells out all details concerning what work is to be performed, deliverables, and the timeline a vendor must execute in performance of specified work. Answer A is incorrect. A non-disclosure agreement (NDA) is a contract between parties that agree not to disclose confidential information covered by the agreement. It creates a confidential relationship between the parties, thereby protecting the confidential business secrets or other important information.
A disgruntled employee performs a man-in-the-middle attack on a company's network. All the layer 2 traffic, which was destined for the default gateway, is redirected to the employee's network. What kind of attack has the employee performed? A. Phishing B. ARP cache poisoning C. Evil twin D. Amplified DNS attack
Answer B is correct. The employee has performed the ARP cache poisoning attack. In this attack, the attacker sends ARP messages to a network to associate the attacker's MAC address with the IP address of another host. This will cause traffic meant for an IP address to be sent to the attacker instead. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination. Answer A is incorrect. Phishing is a type of Internet fraud attempted by hackers. Hackers try to log into a system by masquerading as a trustworthy entity and acquire sensitive information, such as username, password, bank account details, credit card details, and so on. Answer D is incorrect. An amplified DNS attack is a popular form of Distributed Denial of Service (DDoS). In this attack, the attackers use open DNS servers that are publicly accessible to flood a target system with DNS response traffic. Answer C is incorrect. An evil twin is a special type of rogue access point designed to appear like a legitimate access point on a network. It then helps attackers to carry out a wireless attack by capturing authentication information from the unsuspecting network user.
A network technician while troubleshooting a Linux system wants to display the associated IP address of a network adapter. Which of the following commands should he use? A. traceroute B. ifconfig C. ipconfig D. dig
Answer B is correct. The network technician should use the ifconfig. The ifconfig command displays the current configuration of TCP/IP on a given workstation including the current IP address, DNS configuration, Windows Internet Naming Service (WINS) configuration, and default gateway. Answer C is incorrect. The ipconfig command is not a Linux command. It is a Windows command that performs the same function as the ifconfig command. Answer D is incorrect. The dig command queries the DNS related information. Answer A is incorrect. The traceroute command displays every router hop along the path from a source host to a destination host on an IP network.
Which of the following would be the most efficient subnet mask for a point-to-point link? A. /28 B. /32 C. /30 D. /29
Answer C is correct .A point-to-point link will contain a maximum of two hosts. The number of assignable IP addresses in a subnet can be determined by the following formula: Number of assignable IP addresses in a subnet = 2h - 2,where h is the number of host bits in a subnet mask. Now, a /30 subnet mask consists of 30 contiguous 1s followed by 2 zeroes. Therefore, the number of host bits in a /30 subnet mask is 2. From the above-mentioned formula, the number of assignable IP addresses will be 22 - 2 = 2.
A company wants to secure its WLAN network by implementing a method that will provide a web page before the users asking for authentication credentials before allowing them access to the network. Which of the following will help in satisfying this requirement? A. BPDU Guard B. Kerberos C. Captive portal D. Honeypot E. DMZ
Answer C is correct. A captive portal is a web page to which users are directed when they attempt to connect to the WLAN. It appears before the user is able to access the network resource. It asks users to provide network credentials and after accepting them it presents them to the authentication server. In the case of a guest network, it may only ask for agreement to the usage policy of the guest network. Answer B is incorrect. Kerberos is a client/server authentication protocol that works by issuing tickets to users who log in instead of a username and password combination. Answer A is incorrect. BPDU guard helps in identifying rogue or misplaced switches in a network topology. It blocks the port where unexpected BPDUs are arriving from another switch or attacker. Answer E is incorrect. A demilitarized zone (DMZ) is a physical or logical subnetwork that contains and exposes external services of an organization to a larger network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Answer D is incorrect. A honeypot is a system strategically configured to be attractive to hackers and to lure them into spending enough time attacking them while information is gathered about the attack.
A network technician has been given the permission to exploit a weakness in the company's network. This process is known as: A. social engineering. B. vulnerability scanning. C. penetration testing. D. port mirroring.
Answer C is correct. A penetration test is designed to simulate an attack on a system, network, or application. Its value lies in its potential to discover security holes that may have gone unnoticed. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security audit. Answer D is incorrect. Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system. Answer A is incorrect. Social engineering is a method of using people so that they voluntarily provide all sensitive information such as business information or trade secrets. A social engineer takes advantage of people's weaknesses for gaining something or for self-advantage. Answer B is incorrect. Vulnerability scanning is a process in which a Penetration Tester uses various tools to assess computers, computer systems, networks or applications for weaknesses. It differs from penetration testing in a way that penetration testing is the exploitation of the discovered weakness.
A company wants a cloud service solution that can provide a deployment platform for its applications and it doesn't need to worry about the infrastructure requirements. Which of the following cloud services should be used for this purpose? A. IaaS B. SaaS C. PaaS D. NaaS
Answer C is correct. In Platform as a service (PaaS), the vendor provides the hardware platform or data center and the software running on the platform for companies that are developing applications. The advantage of PaaS is that the companies can focus on creating the software and not have to worry about the servers and infrastructure that are being used for that development. Answer B is incorrect. In Software as a service (SaaS), the vendor provides the entire solution. This includes the operating system, infrastructure software, and the application. Answer A is incorrect. In Infrastructure as a service (IaaS), the vendor provides the hardware platform or data center, and the company installs and manages its own operating systems and application systems. Answer D is incorrect. In Network as a Service (NaaS), a network is hosted and managed by a third party on behalf of the company. For many enterprises, it makes more sense to outsource the management of the network to a third party when it is not cost effective to maintain a networking staff.
A junior network technician is configuring voice control of devices in the office cabin of the CEO. Which type of IoT network is being established here? A. MAN B. LAN C. PAN D. CAN
Answer C is correct. Internet of Things (IoT) refers to the emerging trend today to connect every day objects to the Internet in order to make them "smart." The key technologies that make IoT possible are Z-Wave, Ant+, Bluetooth, NFC, IR, RFID, and 802.11. Therefore, the network that the junior network technician is trying to establish will be a Personal Area Network (PAN). PAN is a network of devices in the area of a person typically within a range of 10 meters and commonly using a wireless technology such as Bluetooth or IR. Answer D is incorrect. A campus area network (CAN) refers to a network that encompasses several buildings (for example, buildings on a college campus).Answer A is incorrect. A metropolitan area network (MAN) interconnects locations scattered throughout a metropolitan area. Answer B is incorrect. A local area network (LAN) interconnects network components within a local region such as an office building, a single department within a corporate office, or even a home office.
Jeff, a technician, is troubleshooting an issue where a user has snapped the retention tab off of a network cable. Which of the following tools would help Jeff to replace the RJ-45 connector? A. Multimeter B. Punch down tool C. Crimper D. Cable tester
Answer C is correct. Jeff should use a wire crimper for this purpose. Wire crimpers are the most common tools found in a network administrator's tool kit. A wire crimper looks like a pair of pliers. It is used to connect different types of connectors to the cable. To attach the connector, the cable and connector are inserted into the crimper and its handles are pressed. This connects the connector to the cable. Answer B is incorrect. A punch down tool is used when terminating wires on a punch-down block. It is designed to properly insert an insulated wire between the two contact blades, without damaging the blades. Answer A is incorrect. A multimeter is used to check a variety of a cable's electrical characteristics like resistance (in ohms), current (in amps), and voltage (in volts). Answer D is incorrect. A cable tester is used to check the conductors in an Ethernet cable.
Ann, a network technician, has set up an FTP server for a company to distribute software updates for the company's products. For security reasons, each customer is provided with a unique username and password. Several customers have discovered a virus in one of the security updates. The network technician tested all files before uploading them but on retesting the file, found the virus. Which of the following could the technician do for the customers to validate the proper security patch? A. Use TFTP for tested and secure downloads. B. Configure a honeypot. C. Provide an MD5 hash for each file. D. Provide biometric authentication.
Answer C is correct. The network technician should provide an MD5 hash for each file. It will make sure whether the file has been changed or not. MD5 is an algorithm that is used to verify data integrity. It achieves this by creating a 128-bit message digest from data input of any length that is unique to that specific data. If the customers get the same hash digest on running the file through the same algorithm, it will conclude that the file has not been corrupted by any kind of virus. Answer D is incorrect because providing a biometric authentication will only authenticate the users of the file and not the integrity of the file. Answer A is incorrect because TFTP is a protocol that transfers files with a remote host and does not require authentication of user credentials. It does not offer any kind of integrity check for the files. Answer B is incorrect because configuring a honeypot will not provide any method to the clients by which they can check the integrity of the firmware update file.
A technician is troubleshooting a point-to-point fiber-optic connection at a remote site of a company that has no connectivity to the main site. The technician verifies that the switch and the send-and-receive light levels are within an acceptable range. Also, both fiber SFPs are confirmed as working. Which of the following should the technician use to reveal the location of the fault? A. Loopback plug B. CSU/DSU C. OTDR D. Tone generator
Answer C is correct. The network technician should use an Optical Time Domain Reflectometer (OTDR) to locate exactly where the fault exists in the fiber-optic cable. An OTDR uses a light meter, which sends light down a fiber-optic cable and when the light encounters a cable fault, a portion of the light reflects back to the source. Based on the speed of light in the medium and on the amount of time required for the reflected light to return to the source, the OTDR can mathematically determine where the cable fault lies. Answer D is incorrect. Tone generator or probe is a simple copper cable tester specifically designed to trace cables hidden in floors, ceilings, or walls. It can also be used to track cables from the patch panels to their destinations. Answer A is incorrect. A loopback plug is used to confirm that a network interface is functional (for example, that it can transmit and receive traffic). A loopback plug takes the transmit pins on an Ethernet connector and connects them to the receive pins, such that everything that is transmitted is received back on the interface. Answer B is incorrect. A Channel service unit/data service unit (CSU/DSU) is a Layer 1 device that connects the serial ports on a router to the ISP provider's network and connects directly to the demarcation point (demarc) or location.
A network technician is setting up a wireless access point for a SOHO location. The user has demanded exclusive use of the 5GHz band. Which of the following wireless standards should the network technician use for this purpose? A. 802.11g B. 802.11n C. 802.11ac D. 802.11b
Answer C is correct. The network technician should use the IEEE 802.11ac standard for this purpose. It operates in the 5GHz range and uses more simultaneous streams than 802.11n. It also features multi-user MIMO (MU-MIMO). Answers D and A are incorrect. The IEEE 802.11b and 802.11g standards operate in the 2.4GHz band. Answer B is incorrect. The IEEE 802.11n standard can operate in the 2.4GHz band, the 5GHz band, or both simultaneously.
Which of the following devices can be used between two LAN segments to have a single broadcast domain? A. Firewall B. Hub C. Router D. Bridge
Answer D is correct. A bridge can be used to join two or more LAN segments and all ports on a bridge belong to the same broadcast domain. Unlike a hub, which blindly forwards the received bits, a bridge makes intelligent forwarding decisions based on the destination MAC address present in a frame. Answer B is incorrect. A hub is a simple device operating at Layer 1 of the OSI model. It does not make forwarding decisions and is used for connecting a small network. Answer C is incorrect. A router is a Layer 3 device, meaning that it makes forwarding decisions based on logical network address (for example, IP address) information. Each port on a router is a separate collision domain and a separate broadcast domain. Answer A is incorrect. A firewall is a network security appliance that protects a trusted network (corporate network) from an untrusted network such as the Internet. It stands as a guard at the door of a network, protecting it from malicious Internet traffic.
A company's remote site recently faced a brownout issue that resulted in malfunctioning of many network devices. The network technician has been asked to implement a solution that will prevent any such occurrence in future. Which of the following will be helpful in the event of another brownout? A. CSU/DSU B. Load balancer C. VPN concentrator D. UPS
Answer D is correct. A brownout is a temporary reduction in voltage. When a brownout occurs, the voltage drops below its normal level and then returns. It can cause a serious damage to the IT loads because the power doesn't go off completely rather the devices continue to get a reduced power, causing malfunction. The best way to prevent a brownout situation is to have an uninterrupted power supply (UPS). When the power levels drop below the acceptable levels, the UPS will supply power from its battery so the network devices can keep functioning normally. Answer A is incorrect. A Channel service unit/data service unit (CSU/DSU) is a Layer 1 device that connects the serial ports on a router to the ISP provider's network and connects directly to the demarcation point (demarc) or location. Answer B is incorrect. A load balancer is a device that is used to distribute network or application traffic across multiple computers or networks. It increases the capacity and reliability of applications. A load balancer acts as a reverse proxy. Answer C is incorrect. A VPN concentrator is a device that allows remote users to build a VPN tunnel and connect to the VPN concentrator for access to the network. The device terminating the ends of a tunnel generally requires heavy data processing like encryption and authentication for each tunnel, resulting in a heavy processor burden on that device. A VPN concentrator performs these processor-intensive processes required to terminate multiple VPN tunnels.
A network technician configured a network device. After restarting, the device was unresponsive. Even after doing a hard reset, the device was not restored to factory defaults and did not display any output. Which of the following has the technician most likely performed? A. Driver update B. Antivirus update C. Operating system update D. Firmware update
Answer D is correct. Firmware updates are either designed to correct a bug or flaw in the system hardware or increase the functionality of a device by adding new features. The process of updating firmware is known as flashing in which the new firmware instructions are written over the old ones. A failure in performing the firmware update properly may result in the device becoming unusable or needing to be returned to the manufacturer for repair. Some of the important points to keep in mind while performing a firmware upgrade on any device are: Always verify that the firmware file is correct for the device to be upgraded prior to performing the upgrade. Always read the release notes that come with the firmware. Never upgrade firmware on a device that is running on battery power. Only upgrade devices that are physically plugged into a reliable power source. Never power down the device while the firmware upgrade is in process. Answer A is incorrect. Drivers are files that allow a peripheral or component to talk to the hardware layer of the hosting device. Drivers also need to be updated from time to time to improve a device's performance, add new features to it, and/or fix problems with it. Answer C is incorrect. Operating system updates are related to the problem in the software of the product. Operating system updates might add new features, patch problems, or fix security holes. Answer B is incorrect. Antivirus software is an application that scans files for executable code that matches patterns, known as signatures or definitions, that are known to be common to viruses. Antivirus updates must be managed as they are made available. Antivirus updates can include enhancements, bug fixes, or new features being added to the software engine, improving the manner in which the software operates.
A network administrator is setting up a web-based application that needs to be continually accessible to the end users. Which of the following concepts would best ensure this requirement? A. Cold site B. Traffic shaping C. Snapshot D. High availability
Answer D is correct. High availability is a system design that guarantees a certain amount of operational uptime during a given period. The design attempts to minimize unplanned downtime, i.e., the time users are unable to access resources. It also helps to keep the company's system uptime running in the event of a disaster. Load balancing is one of the methods that can be used to provide high availability of a service. Answer C is incorrect. A snapshot is a read-only copy of the data at a specific point in time. It is one of the data backup methods. Snapshots can speed the data recovery process when it is needed. Answer B is incorrect. Traffic shaping or packet shaping is another form of bandwidth optimization. It works by delaying packets that meet a certain criterion to guarantee usable bandwidth for other applications. Answer A is incorrect. A cold site is one of the recovery sites that contains only electrical and communications wiring, air conditioning, plumbing, and raised flooring. No communications equipment, networking hardware, or computers are installed at a cold site until it is necessary to bring the site to full operation.
A network technician has recently installed a new wireless access point on the company's wireless network. All the settings for the new access point were copied from the baseline. Due to this change, the network technician is getting reports from the sales department that they are having irregular wireless connectivity, while other departments are having no such problem. What can be the possible cause of this issue? A. Incorrect WAN standard B. Channel mismatch C. Incorrect SSID D. Incorrect AP placement
Answer D is correct. Incorrect AP placement can be the possible cause of the issue. Wireless APs should be strategically located in a building to provide sufficient coverage to all desired coverage areas. To maintain coverage between overlapping coverage areas, wireless APs having nonoverlapping channels should be used (for example, channels 1, 6, and 11 for wireless networks using the 2.4-GHz band of frequencies). A common design recommendation is that overlapping coverage areas (using nonoverlapping channels) should have an overlap of approximately 10 percent to 15 percent. Answers B, C, and A are incorrect, as all the entries were copied from the baseline. If there is any mismatch in channel, WAN standard, or SSID, the users will not be able to connect to the AP at all.
Which of the following combinations will form a two-factor authentication process? A. Retina scan, fingerprint B. Password, PIN C. ID card, key fob D. Smart card, PIN
Answer D is correct. Multifactor authentication is designed to add an additional level of security to the authentication process by verifying more than one characteristic of a user before allowing access to a resource. Users can be identified in one of the following ways: By something you know (password) By something you are (retinas, fingerprint, facial recognition) By something you possess (smart card) By somewhere you are (location) By something you do (behavior) Two-factor authentication is when two of the above factors are being tested, while multifactor is when more than two of the above factors are being tested. So, a combination of a smart card (something you possess) and PIN (something you know) represents a two-factor authentication process. Answers C, B, and A are incorrect because these combinations represent only a single factor for authentication. A combination of ID card and key fob represents something you possess, a password and PIN combination represents something you know, and a combination of retina scan and fingerprint represents something you are.
A network technician has to set up a firewall on a company's network that would assign private IP addresses to users inside the network and show a public IP address out to the Internet. Which of the following should the network technician use to achieve this goal? A. Mac filtering B. Port security C. AES D. NAT
Answer D is correct. Network Address Translation (NAT) is a feature available on routers that allows private IP addresses used within an organization to be translated into a pool of one or more publicly routable IP addresses. One network is designated as the inside network and the other is designated as the outside. NAT allows private IP addresses to be translated into Internet-routable IP addresses (public IP addresses). Two approaches to NAT are called DNAT and SNAT. Static NAT is designed to allow one-to-one mapping between local and global addresses, while Dynamic NAT maps an unregistered IP address to a registered IP address from a pool of registered IP addresses. Answer A is incorrect. MAC address filtering is a security method that enables a device to allow only certain MAC addresses to access a network. It can be configured on a Wireless Access Point (WAP) to allow only certain system MAC addresses to communicate with the rest of the network. Answer B is incorrect. Port security is used to block input based on the media access control (MAC) address to an Ethernet, Fast Ethernet, or Gigabit Ethernet port. It denies the port access to a workstation when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port. Answer C is incorrect. The Advanced Encryption Standard (AES) is an encryption standard that comprises three block ciphers: AES-128, AES-192, and AES-256. Each AES cipher has a 128-bit block size, with key sizes of 128, 192, and 256 bits, respectively. WPA2 standard uses AES along with CCMP (CCMP-AES) to provide both encryption and data integrity on wireless network.
A network administrator on vacation was asked by the management to come online for few minutes to complete some documentation work. The network administrator tried to log into the corporate server from his hotel room, but the login prompt was not appearing. Which of the following policies is making this constraint? A. Acceptable use policy B. Privileged user agreement C. Bring your own device D. Remote access policy
Answer D is correct. Remote access policy can be causing constraints due to which the login prompt is not appearing. The remote access policy typically applies to remote connections to the company's network, including reading or sending email and viewing intranet web resources. It also tends to cover other remote access option, including dial-up, VPN, and web portal access. Such a policy can limit users from accessing the corporate's network from other locations. Answer A is incorrect. An acceptable use policy defines a set of rules that restrict how a network or a computer system may be used. It defines what a user can or cannot do with his or her computer during business hours. This policy is sometimes referred to as a fair use policy. Answer B is incorrect. A privileged user agreement is used whenever a user is given some right normally possessed by the administrator. They thus possess a privileged user account and agree to use these rights responsibly. Answer C is incorrect. A bring your own device (BYOD) policy allows users to bring their own devices to their place of work and use them to access company resources, including the Internet, printers, software applications, and file servers.
An employee at a company received a call from someone in the IT department asking for information about the company's network. The caller explained that the information would be used to improve connection speed, thus improving performance. However, the caller ID on the phone indicated that the call came from outside the company. Which of the following types of attack has occurred? A. Insider threat B. Session hijacking C. Spoofing D. Social engineering
Answer D is correct. Social engineering refers to the act of attempting to illegally obtain sensitive information by pretending to be a credible source. Common social engineering tactics include sending emails, making phone calls, or even starting up a conversation in person. In social engineering, attackers manipulate people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. Answer A is incorrect. An insider threat refers to an attacker who resides inside the network, like an employee of the company. Answer B is incorrect. Session hijacking refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system. TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentications only occur at the start of a TCP session, this allows the hacker to gain access to a machine. Answer C is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc.
A network administrator creates a virtual machine in the cloud. The employees also want to connect to it remotely using RDP. Which of the following default ports needs to be opened for this purpose? A. 443 B. 5005 C. 53 D. 3389
Answer D is correct. TCP port 3389 is used by Remote Desktop Protocol (RDP), which is a Microsoft protocol that allows a user to view and control the desktop of a remote computer. RDP is an excellent tool for remote clients, allowing them to connect to their work computer from home or perform work on other applications without running or installing any of the software on their home computer. RDP works somewhat like telnet. However, the large advantage that RDP has over Telnet is that RDP provides a GUI interface connection. Answer A is incorrect. TCP port 443 is used by HTTPS to securely retrieve content from a web server. Answer B is incorrect. TCP port 5005 is used by RTP to deliver media-based data (such as Voice over IP) through the network. Answer C is incorrect. UDP port 53 is used by DNS to resolve domain names to corresponding IP addresses.
A user has performed multiple JSON and XML edits. This relates to an operation at which of the following OSI layers? A. Application B. Session C. Physical D. Presentation
Answer D is correct. The Presentation layer is the sixth layer of the OSI model. It gets its name from its purpose that it presents data to the Application layer. It is responsible for data translation and code formatting. The presentation layer performs the following functions: Data encryption/decryption Character/string conversion Data compression Graphic handling JSON and XML are the two most common formats for data interchange and therefore, the Presentation layer is responsible for how the data looks or is formatted, which is then presented to the applications working at the Application layer. Answer A is incorrect. The Application layer or Layer 7 of the OSI model provides application services to a network. It supports services used by end-user applications. Answer C is incorrect. The Physical layer or Layer 1 of the OSI model is concerned with the transmission of bits on the network along with the physical and electrical characteristics of the network. Answer B is incorrect. The Session layer is responsible for setting up, managing, and then tearing down sessions between Presentation layer entities.
A network technician has to perform maintenance on many of the company's web servers during a scheduled change window. This maintenance should not affect the service availability. Which of the following network devices should the network technician use for this purpose? A. IDS B. Throughput tester C. VPN concentrator D. Load balancer
Answer D is correct. The network technician should use a load balancer for this purpose. A load balancer is a device that is used to distribute network or application traffic across multiple computers or networks. It increases the capacity, reliability, and availability of applications. A load balancer balances the load between multiple servers instead of relying on only one, reduces the response time, maximizes throughput, and allows better allocation of resources. A load balancer can be implemented as a software or hardware solution and is usually associated with a device like a router, a firewall, NAT, and so on. Under the most common implementation, the load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available (if a server that should be available is busy or down, it is taken out of the rotation). Answer C is incorrect. A VPN concentrator is a device that allows remote users to build a VPN tunnel and connect to the VPN concentrator for access to the network. The device terminating the ends of a tunnel generally requires heavy data processing like encryption and authentication for each tunnel, resulting in a heavy processor burden on that device. A VPN concentrator performs these processor-intensive processes required to terminate multiple VPN tunnels. Answer B is incorrect. A throughput tester is a network appliance that typically has multiple network interfaces and can generate high volumes of pseudo-random data. It is generally used to observe how the network performs under a heavy load. Answer A is incorrect. An IDS (intrusion detection system) device is used to detect several types of malicious behaviors that can compromise the security and trust of a system. However, it does not reside inline with the traffic, i.e., analyzed traffic does not flow through the IDS device and therefore it makes them passive.
A network technician in a company is diagnosing a time-out issue generated from an employee's web browser. The employee's web browser issues standard HTTP get and post commands to interact with the website. Having this information, the technician would like to analyze the entire TCP handshake of the HTTP requests offline. Which of the following tools will help the technician in this work? A. Spectrum analyzer B. Vulnerability analyzer C. Port scanner D. Protocol analyzer
Answer D is correct. The network technician should use a protocol analyzer for this purpose. The protocol analyzer is used to capture traffic flowing through a network switch. This helps in viewing contents of a packet traveling on a network and diagnose network related issues such as, slow performance, and so on. A protocol analyzer can serve the following purposes: Helps in troubleshooting hard-to-solve problems Helps in detecting and identifying malicious software (malware) Helps in gathering information such as baseline traffic patterns and network-utilization metrics Helps in identifying unused protocols so that they can be removed from the network Provides a traffic generator for penetration testing Possibly even work with an IDS Answer C is incorrect. A port scanner is a software tool designed to search a network host for open ports. A network administrator often uses this tool to check the security of their networks. Answer B is incorrect. A vulnerability analyzer is used to check applications, particularly web applications, for known flaws. Answer A is incorrect. A spectrum analyzer measures the magnitude of an input signal versus frequency within the full frequency range of the instrument. The primary use of the spectrum analyzer is to measure the power of the spectrum of known and unknown signals.
A company's management has given a list of requirements to the network technician for a LAN connection using CAT6 cabling in an older building. The technician has to keep the environmental factors in mind during network installation. Which of the following should the network technician consider when deciding whether or not to use plenum-rated cables? A. Workstation model B. Window placement C. Floor composition D. Ceiling airflow condition
Answer D is correct. Whenever a cable is used in an enclosed environment, security becomes an important factor. As enclosed spaces are often humid and vulnerable to temperature extremes, it becomes important to plan properly for such conditions. In case of fires, normal cable produces toxic gas. Plenum is the space between ceilings which is used to circulate air through the building space. This space is also used for wiring and cabling. This is a place where fires can easily start. Therefore, network cables should be plenum rated otherwise when cables burn, their insulation gives off a poisonous smoke that gets circulated around the building. Plenum-rated cables come in fire-retardant plastic jacket that eliminates the risk of toxic smoke being circulated around the building. Answers B, C, and A are incorrect because these are not related with use of plenum cables.
Which of the following can be used to authenticate remote workers connecting from an offsite location? Each correct answer represents a complete solution. Choose two. A. 802.1x B. RADIUS C. DHCP D. DNS
Answers A and B are correct. A Remote Authentication Dial-in User Service (RADIUS) server is used as a central authentication database for users requiring network access. It is a server with a database of user accounts and passwords. ISP's usually use the RADIUS servers to authenticate their customer's Internet connections. Users requiring remote access first connect to one or more remote access servers. Then the remote access servers forward the authentication requests to the central RADIUS server. IEEE 802.1X is a standards-based method of enforcing user authentication. 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device that wants to gain access to the network. The authenticator is a network device, such as an Ethernet switch, that forwards the supplicant's authentication request on to an authentication server, and the authentication server, such as the RADIUS server, checks the supplicant's credentials. Answer D is incorrect. A DNS server performs the task of taking a domain name and resolving that name into a corresponding IP address. Answer C is incorrect. A DHCP server dynamically assigns IP address information (for example, IP address, subnet mask, DNS server's IP address, and default gateway's IP address) to network devices.
As part of a transition from a static to a dynamic routing protocol on an organization's internal network, the routing protocol must support IPv4 and VLSM. Based on these requirements, which of the following should the network administrator use? Each correct answer represents a complete solution. Choose two. A. OSPF B. IS-IS C. RIPv1 D. NTP
Answers A and B are correct. VLSM stands for variable-length subnet masks. It allows classless routing, meaning that the routing protocols send subnet mask information along with the route updates. By sending the subnet mask information with the updates, they can support variable-length subnet masks. This saves address space. If a routing protocol that supports VLSMs is not used, then every router interface, every node (PC, printer, server, and so on), would have to use the same subnet mask. The protocols that support VLSM are OSPF, IS-IS, RIPv2, and EIGRP. Answer C is incorrect because RIPv1 is a classful subnet mask and therefore, it doesn't support VLSM. Answer D is incorrect because NTP is not a routing protocol. It is used by a network device to synchronize its clock with a time server (NTP server).
A network technician is setting up a web server for hosting a web application of a company. Both secured and unsecured access have to be provided to the front end. Which of the following ports must be opened for this? Each correct answer represents a complete solution. Choose two. A. 80 B. 143 C. 25 D. 443
Answers A and D are correct. HTTP and HTTPS are the protocols that are used to manage communications between web browsers and web servers and they open the right resource when a link is clicked. HTTP uses TCP port 80 while HTTP uses TCP port 443 to retrieve content from a web server. HTTPS is a secure version of HTTP that provides many security tools for keeping communications between a web browser and a server secure. Answer C is incorrect. SMTP uses TCP port 25 for sending emails. Answer B is incorrect. IMAP uses TCP port 143 for retrieving emails from an email server.
Which of the following are not considered link state routing protocols? Each correct answer represents a complete solution. Choose all that apply. A. OSPF B. RIP C. RIPv2 D. IS-IS
Answers B and C are correct. RIP and RIPv2 are distance vector routing protocols. OSPF and IS-IS are link state. RIP and RIPv2 use only hop count to find the best path to a remote network. The maximum number of allowable hops between two routers in a RIP-based network is 15 by default. Therefore, hop count of 16 would be deemed unreachable or infinite. Answers A and D are incorrect because OSPF and IS-IS are link state routing protocols.
Which of the following are characteristics of jumbo frames? Each correct answer represents a complete solution. Choose three. A. MTU > 10000 B. MTU > 1500 C. Used in SAN D. MTU > 600 E. Improve network performance
Answers B, C, and E are correct. Maximum Transmission Unit (MTU) is a parameter on a router's interfaces that defines the largest packet size the interface will forward. Jumbo frames are Ethernet frames with more than 1,500 bytes of payload. Jumbo frames have the potential to reduce overhead and CPU cycles. In high-speed networks, such as those typically used in a SAN, it may be advisable to enable jumbo frames to improve performance. Setting the MTU greater than 1500, will have fewer but larger frames going over the network and putting a larger payload into each frame, allows the CPUs on switches and routers to process fewer frames, one frame at a time. Enabling jumbo frames can improve network performance by making data transmissions more efficient.
A network administrator has to implement a physical security control method that can prevent an attacker from gaining access to a network closet or server room. Which of the following will help in achieving this goal? Each correct answer represents a complete solution. Choose two. A. CCTVs B. IP cameras C. Proximity readers D. Mantraps
Answers C and D are correct. Mantraps are used to limit a user access to a restricted area like a network closet or server room. A mantrap is a small space with two sets of interlocking doors. In a mantrap, the first set of doors must be closed before opening the second set. It allows only a single person through a door or entry at a time, requiring every person to authenticate. Proximity readers are door controls that read a card from a short distance and are used to control access to sensitive rooms like a network closet or server room. These devices can also provide a log of all entries and exits. Usually, a card contains the user information required to authenticate and authorize the user to enter the room. Answers A and B are incorrect because CCTVs and IP cameras can be used for monitoring an area, but they cannot provide the necessary physical security measure that can stop anyone from gaining access to an area. They can be used for investigating purposes.
A network technician is setting up a new wireless network. With the WPA2 standard in use, which of the following will provide both data confidentiality and data integrity? Each correct answer represents a complete solution. Choose two. A. TKIP B. RC4 C. AES D. CCMP
Answers C and D are correct. The WPA2 standard uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption or confidentiality. CCMP is an IEEE 802.11i encryption protocol created to replace both TKIP (the mandatory protocol in WPA) and WEP, the earlier, insecure protocol. CCMP, part of the 802.11i standard, uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key, a 128-bit block, and 10 rounds of encoding per the FIPS 197 standard. Answers A and B are incorrect. TKIP is used by WPA for encryption. TKIP uses the original WEP programming but wraps additional code at the beginning and end to encapsulate and modify it. Like WEP, TKIP uses the RC4 stream encryption algorithm as its basis.
