NETWORKING CHAPTER 6,7,8 (TEST OUT) - Practice Questions
Which options are you able to set on a firewall? (Select three.) -Packet source address -Digital signature -Sequence number -Acknowledgement number -Port number -Packet destination address
-Packet source address -Port number -Packet destination address (6.1.8)
Which of the following are specific to extended Access control lists? (Select two.) -Should be placed as close to the destination as possible. -Use the number ranges 100-199 and 2000-2699. -Are the most used type of ACL. -Are used by route maps and VPN filters. -Identify traffic based on the destination address.
-Use the number ranges 100-199 and 2000-2699. -Are the most used type of ACL. (6.2.13)
Which of the following BEST describes Ethernet flow control? A )A protocol designed to prevent looping in network traffic. B )A configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent. C )A configuration that allows frames larger than 1,500 bytes to pass through the port without fragmentation. D )A configuration that allows traffic from multiple VLANs on a single port.
A configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent. 7.3.16
Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use? A )A network-based firewall B )An IDS C )An IPS D )A host-based firewall
A network-based firewall (6.2.13)
Which of the following do hosts on a private network share if the network utilizes a NAT router? A )A physical MAC address B )A physical IP address C )A virtual IP address D )A virtual MAC address
A physical IP address 7.6.5
How does a proxy server differ from a packet-filtering firewall? A ) A proxy server is used to create a screened subnet, while a packet-filtering firewall can only be used with screened subnets. B ) A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer. C ) A proxy server can prevent unknown network attacks, while a packet-filtering firewall can only prevent known attacks. D ) A proxy server includes filters for the session ID as well as the IP address and port number.
A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer. (6.1.8)
Which of the following describes how access control lists can improve network security? A )Which of the following describes how access control lists can improve network security? B )An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. C )An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. D )An access control list filters traffic based on the frame header, such as source or destination MAC address.
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. (6.2.13)
Which of the following BEST describes an ARP spoofing attack? A )An attack where a frame is manipulated to contain two tags. B )An attack in which a switch is flooded with packets, each containing a different source MAC address. C )An attack that changes the source MAC address on frames. D )An attack that associates an attacker's MAC address with the IP address of a victim's device.
An attack that associates an attacker's MAC address with the IP address of a victim's device. 7.4.11
Which IDS method defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline? A )Anomaly-based B )Pattern matching C )Misuse detection D )Dictionary recognition
Anomaly-based 6.4.5
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks? A )Kernel proxy B )Circuit proxy C )Multi-homed D )Bastion
Bastion 6.3.5
Which of the following protocols prescribes what to do when a data channel is in use on a half-duplex device? A )ARP B )NDP C )Auto-MDI-X D )CSMA/CD
CSMA/CD 7.2.11
Which of the following does the sudo iptables -F command accomplish? A ) Lists all the current rules. B ) Clears all the current rules. C ) Saves changes to iptables. D ) Drops all incoming traffic.
Clears all the current rules. (6.1.8)
You have just connected four switches as shown in the Exhibit. Assuming the default switch configuration, how can you force switch C to become the root bridge? A )Configure a priority number of 61440 for switch C. B )Configure a priority number of 4096 for switch C. C )Remove link cable 6 from the configuration. D )Remove link cables 1 and 6 from the configuration.
Configure a priority number of 4096 for switch C. 7.4.11
Which of the following scenarios would typically utilize 802.1x authentication? A )Authenticating remote access clients. B )Authenticating VPN users through the internet. C )Controlling access through a switch. D )Controlling access through a router.
Controlling access through a switch. 7.4.11
Which of the following is a method of VLAN hopping? A )ARP spoofing B )MAC flooding C )MAC spoofing D )Double tagging
Double tagging 7.4.11
Jake is a network administrator for a hospital. There is medical equipment that relies on having uninterrupted internet connectivity. Which of the following types of routing protocols should Jake focus on to ensure that the hospital's network connectivity remains reliable? A )Exterior dynamic routing protocols B )Distance vector routing protocols C )Link state routing protocols D )Interior dynamic routing protocols
Exterior dynamic routing protocols 7.5.11
Which of the following chains is used for incoming connections that aren't delivered locally? A ) Output B )Reject C )Drop D )Forward
Forward (6.1.8)
Which of the following is a device that can send and receive data simultaneously? A )Full-duplex B )Unmanaged C )Managed D )Honeypot
Full-duplex 7.1.8
As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? A )VPN concentrator B )Protocol analyzer C )Host-based IDS D )Network-based IDS E )Port scanner
Host-based IDS 6.4.5
Under which of the following circumstances might you implement BGP on your company network and share routes with internet routers? A )If the network has over 15 areas and uses IPv6. B )If the network is connected to the internet using multiple ISPs. C )If the network has over 15 hops. D )If the network is connected to the internet using public addressing.
If the network is connected to the internet using multiple ISPs. 7.5.11
As a network administrator, you have 10 VLANs on your network that need to communicate with each other. Which of the following network devices is the BEST choice for allowing communication between 10 VLANs? A )Load balancer B )Repeater C )Layer 3 switch D )Layer 2 switch
Layer 3 switch 7.1.8
An attacker hides his computer's identity by impersonating another device on a network. Which of the following attacks did the attacker MOST likely perform? A )MAC spoofing attack B )ARP spoofing attack C )DTP attack D )VLAN hopping attack
MAC spoofing attack 7.4.11
Which of the following BEST describes port aggregation? A )Multiple ports linked together and used as a single logical port. B )A priority-based flow control that allows you to prioritize network traffic. C )IEEE network standard 802.3. D )Multiple VLANs traveling through a single port.
Multiple ports linked together and used as a single logical port. 7.3.16
Which of the following is a method that allows you to connect a private network to the internet without obtaining registered addresses for every host? A )BGP B )NAT C )EIGRP D )OSPF
NAT 7.6.5
You are configuring a switch so that you can manage it using PuTTY from the same network segment. On the switch, you enter the following commands: switch#config terminal switch(config)#interface vlan 1 switch(config-if)#ip address 192.168.1.10 255.255.255.0 Will this configuration work? A )No. The ip default-gateway command needs to be set. B )Yes. The switch can now be accessed by PuTTY using the IP address 192.168.1.10. C )No. The switch needs to obtain an IP address from the DHCP server using the ip address dhcp command. D )No. The no shutdown command needs to be entered.
No. The no shutdown command needs to be entered. 7.2.11
What are the main differences between the OSPF and IS-IS routing protocols? A )OSPF requires an area 0, while IS-IS does not. B )OSPF is an IGP routing protocol, while IS-IS is a BGP routing protocol. C )OSPF is a link state protocol, while IS-IS is not. D )OSPF is a classful protocol, while IS-IS is a classless protocol.
OSPF requires an area 0, while IS-IS does not. 7.5.11
Which of the following is a firewall function? A )FTP hosting B )Encrypting C )Frame filtering D )Packet filtering
Packet filtering 6.2.13
What is the main difference between RIP and RIPv2? A )RIP use hop count for the metric, while RIPv2 uses a relative link cost. B )RIP has a limit of 15 hops, while RIPv2 increases the hop count limit. C )RIP is a classful protocol, while RIPv2 is a classless protocol. D )RIP is a distance vector protocol, while RIPv2 is a link state protocol.
RIP is a classful protocol, while RIPv2 is a classless protocol. 7.5.11
Which of the following BEST describes dynamic routing? A )Routing is done within an autonomous system. B )Routing is done between autonomous systems. C )Routing entries are manually added to routing tables. D )Routers learn about networks by sharing routing information with each other.
Routers learn about networks by sharing routing information with each other. 7.5.11
Which of the following uses access control lists (ACLs) to filter packets as a form of security? A )Screened router B )Screened subnet C )Screened-host gateway D )Dual-homed gateway
Screened router 6.3.5
Which of the following can serve as a buffer zone between a private, secured network and an untrusted network? A )Intranet B )Screened subnet C )Extranet D )Padded cell
Screened subnet 6.3.5
Which of the following is another name for a firewall that performs router functions? A )Dual-homed gateway B )Screened-host gateway C )Screened subnet D )Screening router
Screening router 6.3.5
Which of the following NAT implementations maps a single private IP address to a single public IP address on the NAT router? A )IP masquerade B )Dynamic NAT C )Static NAT D )Many-to-one NAT
Static NAT
Which of the following has the least default administrative distance? A )OSPF B )External BGP C )RIP D )Static route to an IP address
Static route to an IP address 7.5.11
You have only one physical interface but want to connect two IP networks. Which of the following would allow you to do so? A )The sticky feature B )Virtual IPs C )A loopback address D )Subinterfaces
Subinterfaces 7.5.11
Which of the following is a communication device that connects other network devices through cables and receives and forwards data to a specified destination within a LAN? A )Router B )Access point C )Hub D )Switch
Switch 7.1.8
In which type of device is a MAC address table stored? A )Router B )Switch C )Repeater D )Hub
Switch 7.2.11
Which of the following switch attacks bypasses the normal functions of a router to communicate between VLANs and gain unauthorized access to traffic on another VLAN? A )ARP spoofing B )Dynamic Trunking Protocol attack C )MAC spoofing D )Switch spoofing
Switch spoofing 7.4.11
Which of the following describes the worst possible action by an IDS? A )The system correctly deemed harmless traffic as inoffensive and let it pass. B )The system identified harmless traffic as offensive and generated an alarm. C )The system detected a valid attack and the appropriate alarms and notifications were generated. D )The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts. 6.4.5
In which of the following tables does a NAT router store port numbers and their associated private IP addresses? A )Translation table B )ARP table C )MAC address table D )Routing table
Translation table 7.6.5
You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch in VLAN 1. What should you configure to allow communication between these two devices through the switches? A )Layer 3 switching B )Trunking C )Bonding D )Spanning Tree
Trunking 7.2.11
You have two switches connected together as shown in the following diagram. How many broadcast domains are in the network? A )Zero B )One C )Two D )Four
Two 7.4.11
Which device combines multiple security features, such as anti-spam, load-balancing, and antivirus, into a single network appliance? A ) Next Generation Firewall (NGFW) B ) Unified Threat Management (UTM) C ) Packet-filtering firewall D ) Circuit-level gateway
Unified Threat Management (UTM) (6.1.8)
Which of the following combines several layers of security services and network functions into one piece of hardware? A )Circuit-level gateway B )Unified Threat Management (UTM) C )Intrusion detection system (IDS) D )Firewall
Unified Threat Management (UTM) (6.2.13)
You've just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis? A )Update the signature files. B )Check for backdoors. C )Modify clipping levels. D )Generate a new baseline.
Update the signature files. 6.4.5
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to the internet users. Which solution should you use? A )Use a single firewall. Put the server and the private network behind the firewall. B )Use a single firewall. Put the web server in front of the firewall and the private network behind the firewall. C )Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet. D )Use firewalls to create a screened subnet. Place the web server and the private network inside the screened subnet.
Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet. 6.3.5
Which of the following attacks manipulates a switch's auto-negotiation setting to access a virtual local area network that's connected to the same switch as the attacker's virtual local area network? A )MAC spoofing B )VLAN spoofing C )ARP spoofing D )VLAN spoofing
VLAN spoofing 7.4.11
Which of the following is the BEST solution to allow access to private resources from the internet? A )Packet filters B )FTP C )VPN D )Subnet
VPN 6.3.5
For which of the following devices does a voice VLAN prioritize traffic? A )Hub B )Bridge C )Layer 3 switch D )VoIP phone
VoIP phone 7.2.11
Which command would you use on a switch to enable management from a remote network? A )no shutdown B )ip address 192.168.10.185 255.255.255.0 C )ip default-gateway 192.168.10.185 D )ip address dhcp
ip default-gateway 192.168.10.185 7.2.11
How many network interfaces does a dual-homed gateway typically have? A )two B )four C )three D )one
three 6.3.5
Easy solution for making small appliances (such as lamps, coffee makers, and toasters) smart.
Plug 8.6.8
How many types of full virtualization are there? A )One B )Three C )Four D )Two
Two 8.3.4
Which hypervisor is for bare metal use? A )Hyper-V B )Type 1 C )Type 2 D )VMWare
Type 1 8.3.4
Which of the following BEST describes an enterprise-level hypervisor? A )Type 1 B )Type 2 C )VM D )VHD
Type 1 8.3.4
What is the MOST common Transport layer protocol that VoIP uses? A )FTP B )SMTP C )TCP D )UDP8.2.7
UDP 8.2.7
Upper management has asked you if there is a way to integrate phone calls, emails, and instant messaging into a single platform. Which of the following systems should you recommend? A )Quality of Service B )PSTN C )Voice over IP D )Unified communications
Unified communications 8.2.7
Which of the following scenarios would cause a problem in asymmetric routing? A )Using two stateful firewalls in the traffic flow. B )Using two routers in the traffic flow. C )Using two routers in the traffic flow. D )Using a hub in the traffic flow.
Using two stateful firewalls in the traffic flow.
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation? A )VPN B )Port security C )Spanning Tree D )VLAN
VLAN
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. Which of the following should you use in this situation? A )Port security B )VLAN C )VPN D )Spanning Tree
VLAN 7.2.11
You need to provide DHCP and file sharing services to a physical network. These services should be deployed using virtualization. Which type of virtualization should you implement? A )Network as a Service (NaaS) B )Virtual servers C )Virtual networks D )Virtual desktops
Virtual servers 8.4.6
A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned both networks. A )Stop and restart the RIP protocol on the router. B )Wait for convergence to take place. C )Stop and restart the RIP protocol on the router. D )Force RIP to perform an immediate update.
Wait for convergence to take place.
Which of the following must each device's MTU be set to for jumbo frames to transverse the network without risk of fragmentation? A )6,000 B )1,500 C )9,000 D )3,000
9,000 7.3.16
Which of the following BEST defines a SAN? A )A block-level storage network B )A mid-tier speed switch C) A top-of-rack switch D )A Core layer switch
A block-level storage network 8.1.9
Which of the following best describes DHCP scope exhaustion? A )When IP address lease times on a DHCP server are shortened. B )A denial of service from a lack of IP addresses in a DHCP server's pool. C )When an attacker adds a second DHCP server to a network and offers IP addresses to clients wanting to join the network. D )When a DHCP snooping technique is used to drop packets from untrusted DHCP servers.
A denial of service from a lack of IP addresses in a DHCP server's pool. 7.7.5
Larry is tasked with implementing a VoIP system in the office. He presents his research to his boss, who wants to use the current hard phones to save money. What BEST explains why this is not possible? A )Hard phones don't conform to IEEE 805.3. B )The old phones don't provide conferencing, but VoIP hard lines do. C )A hard phone does not have the internal computing parts to accept VoIP transmissions. D )Regular hard phones only work with SNMP, and VoIP hard phones use UDP and TCP.
A hard phone does not have the internal computing parts to accept VoIP transmissions. 8.2.7
In virtualization, what is the role of a hypervisor? A )A hypervisor has the actual hardware in place on the machine, such as the hard disk drive(s), optical drive, RAM, and motherboard. B )A hypervisor allows virtual machines to interact with the hardware without going through the host operating system. C )A hypervisor is created within the host operating system and simulates a hard disk for the virtual machine. D )A hypervisor is a software implementation that executes programs like a physical machine.
A hypervisor allows virtual machines to interact with the hardware without going through the host operating system. 8.3.4
Which of the following is true about a network-based firewall? A ) A network-based firewall is less expensive and easier to use than host-based firewalls. B ) A network-based firewall is installed on a single computer. C ) A network-based firewall is installed at the edge of a private network or network segment. D ) A network-based firewall are considered software firewalls.
A network-based firewall is installed at the edge of a private network or network segment. (6.1.8)
Which of the following BEST describes VoIP (Voice over Internet Protocol)? A )A protocol optimized for voice data transmission (telephone calls) through a wireless network. B )A series of protocols optimized for voice (telephone calls) and digital data transmission through a packet-switched IP network. C )A protocol optimized for voice data transmission (telephone calls) through a packet-switched IP network. D )A protocol optimized for voice data transmission (telephone calls) through a 5G switched IP network.
A protocol optimized for voice data transmission (telephone calls) through a packet-switched IP network. 8.2.7
IPsec is implemented through two separate protocols. What are these protocols called? (Select two.) -SSL -ESP -EPS -ESPN -L2TP -AH
-AH -ESP 8.5.7
Can change colors, track motion, stream audio over Bluetooth, and double as a connected camera, but it's only smart when turned on. It doesn't work when turned off.
Bulb 8.6.8
Which IDS type can alert you to trespassers? A )VMIDS B )NIDS C )HIDS D )PIDS
PIDS 6.4.5
Which component is MOST likely to allow physical and virtual machines to communicate with each other? A )Virtual desktop B )Virtual switch C )VHD D )Host operating system
Virtual switch 8.4.6
Which of the following are examples of newer devices that are often automated using IoT technology? (Select three.) -Streaming media devices -Tablets -Security systems -Home appliances -Headsets -Computer monitors -Printers
-Streaming media devices -Security systems -Home appliances 8.6.8
Which of the following are true about routed firewalls? (Select two.) -Operates at Layer 2. -Counts as a router hop -Internal and external interfaces connect to the same network segment. -Supports multiple interfaces. -Easily introduced to an existing network.
-Supports multiple interfaces. -Counts as a router hop 6.2.13
Which of the following are true about reverse proxy? (Select two.) -Handles requests from inside a private network out to the internet. -Sits between a client computer and the internet. -Can perform load balancing, authentication, and caching. -Clients always know they are using reverse proxy. -Handles requests from the internet to a server on a private network.
-Can perform load balancing, authentication, and caching. -Handles requests from the internet to a server on a private network. (6.1.8)
Which of the following are advantages of virtualization? (Select two.) -Improved detection of host-based attacks. -Centralized administration. -Redundancy of hardware components for fault tolerance. -Reduced utilization of hardware resources. -Easy system migration to different hardware. 8.3.4
-Centralized administration. -Easy system migration to different hardware. 8.3.4
Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all.(Unmanaged switch/Managed switch) -Commonly sold at retail stores. -Provides port security features. -Supports VLANs. -Provides very few configuration options. -Can be configured over a network connection. -Can be configured over a dedicated communication channel.
-Commonly sold at retail stores. (Unmanaged switch) -Provides port security features. (Managed switch) -Supports VLANs. (Managed switch) -Provides very few configuration options. (Unmanaged switch) -Can be configured over a network connection. (Managed switch) -Can be configured over a dedicated communication channel. (Managed switch) 7.1.8
Match each switch management method on the left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all. (In-band management/Out-of-band management) -Competes with normal network traffic for bandwidth. -Uses a dedicated communication channel. -Must be encrypted to protect communications from sniffing. -Does not compete with normal network traffic for bandwidth. -Affected by network outages.
-Competes with normal network traffic for bandwidth. (In-band management) -Uses a dedicated communication channel. (Out-of-band management) -Must be encrypted to protect communications from sniffing (In-band management). -Does not compete with normal network traffic for bandwidth. (Out-of-band management) -Affected by network outages. (In-band management). 7.1.8
You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating system versions and editions. Currently, all of your test virtual machines are connected to the production network through the hypervisor's network interface. You are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent problems, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select two. Each response is one part of the complete solution.) -Create a new virtual switch configured for bridged (external) networking. -Connect the virtual network interfaces in the virtual machines to the virtual switch. -Create MAC address filters on the network switch that block each virtual machine's virtual network interfaces. -Disconnect the network cable from the hypervisor's network interface. -Disable the switch port that the hypervisor's network interface is connected to. -Create a new virtual switch configured for host- only (internal) networking.
-Connect the virtual network interfaces in the virtual machines to the virtual switch. -Create a new virtual switch configured for host- only (internal) networking. 8.4.6
Which of the following are benefits that a VPN provides? (Select two.) -Metering -Easy setup -Cost savings -Compatibility -Faster connection
-Cost savings -Compatibility 8.5.7
You are responsible for maintaining Windows workstation operating systems in your organization. Recently, an update from Microsoft was automatically installed on your workstations that caused an in-house application to stop working. To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed on production workstations. Currently, none of your test virtual machines has a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates. What should you do? (Select two. Each response is one part of the complete solution.) -Create a new virtual switch configured for internal networking. -Create a new virtual switch configured for host- only networking. -Create a new virtual switch configured for bridged (external) networking. -Connect the virtual network interfaces in the virtual machines to the virtual switch. -Disable the switch port that the hypervisor's network interface is connected to.
-Create a new virtual switch configured for bridged (external) networking. -Connect the virtual network interfaces in the virtual machines to the virtual switch. 8.4.6
What are two major concerns regarding IoT devices? (Select two.) -Short life span -Privacy -Accessibility -Hacking -Availability
-Hacking -Privacy 8.6.8
Which of the following are true of the IS-IS routing protocol? (Select two.) -It divides large networks into areas. -It uses bandwidth and delay for the metric. -A router is the boundary between one area and another. -It is best suited for small networks. -It supports IPv6 routing. -It is a classful protocol.
-It divides large networks into areas. -It supports IPv6 routing. 7.5.11
Which of the following statements are true about virtual NICs? (Select two.) -Multiple virtual NICs can be added to a virtual machine. -The type of NIC installed in the physical machine determines the type of virtual NIC that is emulated. -Virtual NICs need the appropriate driver to function. -Virtual NICs can only communicate with other virtual NICs. -Virtual NICs don't have a MAC address.
-Multiple virtual NICs can be added to a virtual machine. -Virtual NICs need the appropriate driver to function. 8.4.6
Which statements accurately describe the port states of both bridges and switches? (Select two.) -In the learning state, the MAC address table cannot be populated because the port is blocked. -In the learning state, all ports are in a forwarding state. -Ports in a blocked state cannot receive BPDUs. -In the learning state, the MAC address table can be populated, but frames are not forwarded. -Ports in a blocked state still receive BPDUs.
-Ports in a blocked state still receive BPDUs. -In the learning state, the MAC address table can be populated, but frames are not forwarded. 7.2.11
How should you place devices on the network to best protect the servers? (Select two.) -Put the web server on the private network. -Put the database server inside the screened subnet. -Put the database server on the private network. -Put the web server inside the screened subnet. -Put the database server and the web server inside the screened subnet.
-Put the database server on the private network. -Put the web server inside the screened subnet. 6.3.5
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) -Put the web server inside the screened subnet. -Put the database server on the private network. -Put the web server on the private network. -Put the database server outside the screened subnet.
-Put the web server inside the screened subnet. -Put the web server on the private network. 6.2.13
Which of the following are characteristics of a packet-filtering firewall? (Select two.) -Filters based on sessions -Filters based on URL -Stateful -Stateless -Filters IP address and port
-Stateless -Filters IP address and port 6.2.13
Which of the following are true regarding cloud computing? (Select three.) -The term cloud is used as a synonym for the internet. -Cloud computing requires end user knowledge of the delivery system's physical location and configuration. -Typical cloud computing providers deliver common business applications online. They are accessed from another web service or software, like a web browser. -Cloud computing consists of software, data access, computation, and storage services provided to clients through the internet.
-The term cloud is used as a synonym for the internet. -Typical cloud computing providers deliver common business applications online. They are accessed from another web service or software, like a web browser. -Cloud computing consists of software, data access, computation, and storage services provided to clients through the internet. 8.5.7
Which of the following are IPsec modes of operation? (Select two.) -Secure mode -Tunnel mode -Transport mode -Multimode -Single mode
-Tunnel mode -Transport mode 8.5.7
What are the two protocols used most often with IoT devices? (Select two.) -Zbot -Zensys -Zigbee -Zerg -Z-Wave
-Zigbee -Z-Wave 8.6.8
A workstation's network board is currently configured as follows: -Network Speed = Auto -Duplexing = Auto The workstation is experiencing poor network performance, and you suspect that the network board is incorrectly detecting the network speed and duplex settings. Upon investigation, you find that it's running at 10 Mbps half-duplex. You know that your network switch is capable of much faster throughput. To fix this issue, you decide to manually configure these settings on the workstation. Before you do so, you need to verify the switch port configuration for the connected workstation. Given that it's a Cisco switch, which commands can you use on the switch to show a list of all switch ports and their current settings? (Select two.) -show interface -show interface ethernet counters -show interface capabilities -show running-config interface -show interface switchport
-show interface -show running-config interface 7.7.5
Which of the following is NOT one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server? A )192.168.0.1 to 192.168.255.254 B )10.0.0.1 to 10.255.255.254 C )172.16.0.1 to 172.31.255.254 D )169.254.0.1 to 169.254.255.254
169.254.0.1 to 169.254.255.254 (7.6.5)
Which frequencies does Zigbee operate on? A )2.4 GHz, 500 MHz, and 818 MHz B )2.7 GHz, 400 MHz, and 865 MHz C )1.4 GHz, 90 MHz, and 500 MHz D )2.4 GHz, 900 MHz, and 868 MHz
2.4 GHz, 900 MHz, and 868 MHz 8.6.8
What is the maximum number of nodes Z-Wave allows on its mesh network? A )231 B )232 C )322 D )223
232 8.6.8
Which of the following is the open standard for tagging Layer 2 frames? A )RFC1918 B )ARP C )802.1q D )NDP
802.1q 7.2.11
Your Cisco router has three network interfaces configured. S0/1/0 is a WAN interface that is connected to an ISP. F0/0 is connected to an Ethernet LAN segment with a network address of 192.168.1.0/24. F0/1 is connected to an Ethernet LAN segment with a network address of 192.168.2.0/24. You have configured an access control list on this router using the following rules: deny ip 192.168.1.0 0.0.0.255 any deny ip 192.168.2.0 0.0.0.255 any These rules will be applied to the WAN interface on the router. Your goal is to block any IP traffic coming in on the WAN interface that has a spoofed source address that makes it appear to be coming from the two internal networks. However, when you enable the ACL, you find that no traffic is being allowed through the WAN interface. What should you do? A )Apply the access list to the Fa0/1 interface instead of the S0/1/0 interface. B )Add a permit statement to the bottom of the access list. C )Use the out parameter instead of the in parameter within each ACL rule. D )Apply the access list to the Fa0/0 interface instead of the S0/1/0 interface.
Add a permit statement to the bottom of the access list. 6.2.13
Which of the following BEST describes the main purpose of the codec used in VoIP? A )An algorithm to control poor quality transmissions. B )An algorithm to compress data in order to save on bandwidth. C )An algorithm that exclusively controls sound quality. D )An algorithm for external calls to be made over VoIP.
An algorithm to compress data in order to save on bandwidth. 8.2.7
Which of the following is true about an intrusion detection system? A )An intrusion detection system monitors data packets for malicious or unauthorized traffic. B )An intrusion detection system can block malicious activities. C )An intrusion detection system can terminate or restart other processes on the system. D )An intrusion detection system maintains an active security role within the network.
An intrusion detection system monitors data packets for malicious or unauthorized traffic. 6.4.5
You manage a network with multiple switches. You find that your switches are experiencing heavy broadcast storms. Which of the following will help reduce the effects of these broadcast storms? A )Configure each switch with a single trunk port. B )Disable auto-duplex detection. C )Manually set the speed for each switch port. D )Enable Spanning Tree on the switches.
Enable Spanning Tree on the switches. 7.7.5
Which other service is IPsec composed of, in addition to AH? A )Encapsulating Security Payload (ESP) B )Encryption File System (EFS) C )Advanced Encryption Standard (AES) D )Extended Authentication Protocol (EAP)
Encapsulating Security Payload (ESP) 8.5.7
What are the three layers of an SDN? A )SaaS, IaaS, and PaaS B )Physical, Control, and Virtualized C )Software, Management, and Construction D )Application, Control, and Infrastructure
Application, Control, and Infrastructure 8.1.9
Dan, a network administrator, gets an email from the CEO. She is upset because people keep talking over each other on conference calls. Which option BEST describes Dan's first step to remedy this problem? A )Check the latency configuration. Latency should be set between 75 and 150 milliseconds. B )Check to see if the VoIP server is in the cloud. C )Check the latency configuration. Latency under 250 milliseconds is not recommended. D )Hold a telephone etiquette training course for upper management.
Check the latency configuration. Latency should be set between 75 and 150 milliseconds. 8.2.7
Computers A and B are on the same VLAN and are separated by two switches as shown in the exhibit. Computer A sends a frame to Computer B. Which of the following BEST describes the frame's composition as it travels from A to B? A )Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The VLAN ID remains on the frame through the second switch up to Computer B. B )Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The second switch removes the VLAN ID before forwarding it to Computer B. C )Computer A appends a VLAN ID to the frame. It travels from switch to switch and arrives at Computer B, where it removes the VLAN ID. D )Computer A sends a normal frame. The first switch forwards the frame to the second switch, where the VLAN ID is appended to the frame and forwarded to Computer B.
Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The second switch removes the VLAN ID before forwarding it to Computer B. 7.3.16
Your organization uses a time-keeping application that only runs on Windows 2000 and does not run on newer OS versions. Because of this, there are several Windows 2000 workstations on your network. Last week, you noticed unusual activity on your network coming from the Windows 2000 workstations. After further examination, you discovered that the Windows 2000 workstations were the victim of a malicious attack and were being used to infiltrate the network. You find out that the attackers were able to gain access to the workstations because of the legacy operating system being used. The organization still needs to use the Windows 2000 workstations, which need to be connected to the internet, but you want to make sure the network is protected from future events. Which solution should you implement to protect the network while also allowing operations to continue as normal? A )Implement a host-based firewall on each Windows 2000 workstation and configure Windows to automatically download and install updates. B )Install antivirus software on the Windows 2000 workstations and configure Windows to automatically download and install updates. C )Create a dedicated network for the Windows 2000 workstations that's completely isolated from the rest of the network, including a separate internet connection. D )Configure VLAN membership so that the Windows 2000 workstations are on their own
Configure VLAN membership so that the Windows 2000 workstations are on their own VLAN. 8.4.6
What does the ip address dhcp command allow you to do? A )Send the DHCP server address for all connected devices. B )Specify the DHCP relay server for forwarding DHCP packets. C )Configure a switch to obtain an IP address from a DHCP server. D )Configure a switch to act as a DHCP server.
Configure a switch to obtain an IP address from a DHCP server. 7.2.11
Which of the following routing protocols is a hybrid that uses a composite number for its metric based on bandwidth and delay? A )OSPF B )BGP C )EIGRP D )RIP
EIGRP 7.5.11
Which of the following are the components of a SAN? A )Distribution switches, targets, and SAN fabric B )SAN fabric, core switches, and the initiator C) Hosts, storage, and SAN fabric D )Access switches, SAN fabric, and hosts
Hosts, storage, and SAN fabric 8.1.9
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that's connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do? A )Configure port security on the switch. B )Remove the hub and place each library computer on its own access port. C )Create static MAC addresses for each computer and associate each address with a VLAN. D )Create a VLAN for each group of four computers.
Configure port security on the switch. 7.4.11
Within an SDN, what is commonly referred to as the brains? A )Hosts B )Initiators C )Controllers D )Fabric
Controllers 8.1.9
Amber's employer has asked her to research what is needed to best utilize current assets in creating a scalable network. Amber knows that the company has two very robust servers. What is her BEST solution? A )Convert the current servers to host servers using Type 2 hypervisors. B )Sell the current assets and purchase specially made Type 2 hypervisor servers for virtualization. C )Do nothing since everything is moving to the cloud. D )Convert the existing servers into host servers for virtualization using a Type 1 hypervisor.
Convert the existing servers into host servers for virtualization using a Type 1 hypervisor. 8.3.4
Which of the following allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network? A )IP masquerade B )Dynamic NAT C )OSPF D )DNAT
DNAT 7.6.5
Which level of the OSI model does a Layer 2 switch operate at? A )Data Link layer B )Network layer C )Session layer D )Transportation layer
Data Link layer 7.1.8
You have just connected a new computer to your network. The network uses static IP addressing. A )Default gateway B )Subnet mask C )IP address D )DNS server
Default gateway 7.7.5
Which device is NAT typically implemented on? A )AD server B )ISP router C )RADIUS server D )Default gateway router
Default gateway router 7.6.5
Which of the following BEST describes a stateful inspection? A )Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. B )Allows all internal traffic to share a single public IP address when connecting to an outside entity. C )Designed to sit between a host and a web server and communicate with the server on behalf of the host. D )Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing.
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. 6.2.13
Anabel purchased a smart speaker. She connected it to all the smart devices in her home. Which of the following communication models is she using? A )Device-to-cloud B )Back-end data-sharing C )Device-to-device D )Device-to-gateway
Device-to-device 8.6.8
What are the four primary systems of IoT technology? A )Devices, gateway, data storage, and remote control B )Devices, sensors, apps, and internet C )Devices, gateway, sensors, and apps D )Devices, data storage, remote control, and internet
Devices, gateway, data storage, and remote control 8.6.8
Uses a wireless protocol and a cryptographic key to execute the authorization process. It can also monitor access and send alerts related to the status of the device.
Door lock 8.6.8
Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic? A )Positive B )False negative C )Negative D )False positive
False positive 6.4.5
Brett has been tasked with creating a new SAN. The company currently has Gigabit internet, and his CTO wants to use Fibre Channel over Ethernet (FCoE) in the SAN. Brett tells the CTO that this will not work. Which of the following BEST describes the problem? A )Fibre Channel over Ethernet is still only conceptual. B )Fibre Channel over Ethernet is slower than iSCSI. C )Fibre Channel over Ethernet requires 10 Gigabit internet. D )Fibre Channel over Ethernet requires all new, specialized equipment.
Fibre Channel over Ethernet requires 10 Gigabit internet. 8.1.9
John is using a host machine with a Type1 hypervisor. He has 40 virtual servers using unmodified guest OSs. Which type of virtualization BEST describes this configuration? A )Full virtualization B )Regular Type 2 virtualization C )Partial virtualization D )Paravirtualization
Full virtualization 8.3.4
Which of the following are considered VoIP endpoints? A )Hard phones and soft phones B )Satellite phones and soft phones C )Soft phones and PBX D )Hard lines and cell phones
Hard phones and soft phones 8.2.7
What BEST describes the designed purpose of InfiniBand? A )Unlimited 10 Gigabit internet B )Cloud platforms C )High-performance supercomputers D )Jumbo frames
High-performance supercomputers 8.1.9
You have been given a laptop to use for work. You connect the laptop to your company network, use the laptop from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? A ) Proxy server B ) Network-based firewall C ) Host-based firewall D ) VPN concentrator
Host-based firewall (6.1.8)
You're concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? A )Packet sniffer B )Port scanner C )IPS D )IDS
IPS 6.4.5
You were recently hired by a small startup company. The company is in a small office and has several remote employees. You have been asked to find a business service that can both accommodate the company's current size and scale as the company grows. The service needs to provide adequate storage as well as additional computing power. Which cloud service model should you use? A )SaaS B )DaaS C )PaaS D )IaaS
IaaS 8.5.7
You want to be able to monitor and filter VM-to-VM traffic within a virtual network. What should you do? A )Create a virtual router with VRF technology. B )Define VLAN memberships on each VM. C )Implement a virtual firewall within the hypervisor. D )Route VM-to-VM traffic through a physical firewall and back to the virtual network.
Implement a virtual firewall within the hypervisor. 8.4.6
Which option BEST describes the third layer in the SDN architecture? A )Application B )Infrastructure C )Management D )Contol
Infrastructure 8.1.9
You notice that a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices? A )Dynamic environment B )The smartnet C )Internet of Things (IoT) D )Internet of smart devices
Internet of Things (IoT) 8.6.8
Which of the following is true about an unmanaged switch? A )It supports link aggregation. B )It is capable of VLAN creation. C )It can connect to all devices in a small area. D )It allows port configuration.
It can connect to all devices in a small area. 7.1.8
Which of the following is true about an NIDS? A )It detects malicious or unusual incoming and outgoing traffic in real time. B )It can access encrypted data packets. C )It can monitor changes that you've made to applications and systems. D )It can analyze fragmented packets.
It detects malicious or unusual incoming and outgoing traffic in real time. 6.4.5
Which of the following is true about Network Address Translation? A )It provides end-device to end-device traceability. B )It allows external hosts to initiate communication with internal hosts. C )It supports up to 5,000 concurrent connections. D )It cannot forward DNS requests to the internet.
It supports up to 5,000 concurrent connections. 7.6.5
Amber, a network administrator, is conducting VoIP training for other IT team members. Melanie, a new team member, is confused about the difference between latency and jitter. What is the BEST way to explain the difference? A )Latency is caused by sampling; jitter is not. B )Latency is the up and down variation in jitter. C )Jitter is the up and down variation in latency. D )Jitter is caused by an inadequate codec.
Jitter is the up and down variation in latency. 8.2.7
On your network, you have a VLAN for the sales staff and a VLAN for the production staff. Both need to be able to communicate over the network. Which of the following devices would work BEST for communication between VLANs? A )Load balancer B )Layer 3 switch C )Repeater D )Layer 2 switch
Layer 3 switch 7.1.8
Which key advantage does a virtual router have over a physical router? A )It has faster routing performance. B )Multiple networks can connect to a single interface. C )Routing protocols are not necessary for routing data between networks. D )It allows Virtual Router Redundancy Protocol (VRRP).
Multiple networks can connect to a single interface. 8.4.6
Which of the following is the protocol used for address resolution when you switch from IPv4 to IPv6? A )CSMA/CD B )Auto-MDIX C )NDP D )ARP
NDP 7.2.11
Which of the following is required to establish a new network switch and configure its IP address for the first time? A )Out-of-band management B )Client-to-site VPN C )Site-to-site VPN D )In-band management
Out-of-band management 7.1.8
Which of the following methods is best to have when a network goes down? A )Site-to-site VPN B )Client-to-site VPN C )Out-of-band management D )In-band management
Out-of-band management 7.1.8
What do you need to configure on a firewall to allow traffic directed to the public resources on the screened subnet? A )FTP B )VPN C )Subnet D )Packet filters
Packet filters 6.3.5
Which form of virtualization does not virtualize the hardware? A )Hypervisor B )Partial virtualization C )Full virtualization D )Paravirtualization
Paravirtualization 8.3.4
You have a large Power over Ethernet flat screen that you are installing in a conference room that requires 70 watts of power. Which of the following IEEE standards does your PoE switch need to provide power for the flat screen? A )PoE B )PoE+ C )PoE++ Type 4 D )PoE++ Type 3
PoE++ Type 4 7.3.16
Which of the following switch features allows you to configure how the switch's MAC address table is filled? A )Port mirroring B )Port security C )Spanning Tree Protocol D )Auto-negotiation
Port security 7.3.16
Which hardware components are controlled by the hypervisor? A )RAM, power supply, motherboard B )RAM, CPU, storage C )CPU, storage, power supply D )Storage, CPU, GPU
RAM, CPU, storage 8.3.4
You are unsure if the gateway address is correct for one of your subnetworks because traffic is not leaving the network. Which of the following tables could you look at to check if the gateway address is correct? A )State table B )Routing table C )ARP table D )MAC address table
Routing table 7.7.5
Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network? A )SaaS B )DaaS C )PaaS D )IaaS
SaaS 8.5.7
Uses an RF transmitter. May include such features as motion detection, scheduled recording, remote viewing, and automatic cloud storage.
Security camera 8.6.8
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database? A )Stateful inspection-based IDS B )Signature-based IDS C )Anomaly analysis-based IDS D )Heuristics-based IDS
Signature-based IDS 6.4.5
Which of the following provides a VPN gateway that encapsulates and encrypts outbound traffic from a site and sends the traffic through a VPN tunnel to the VPN gateway at the target site? A )GRE over IPsec B )Remote access VPN C )Site-to-site IPsec VPN D )SSL VPN
Site-to-site IPsec VPN 8.5.7
You manage a single subnet with three switches. The switches are connected to provide redundant paths between themselves. Which feature prevents switching loops and ensures that there is only a single active path between any two switches? A )PoE B )Spanning Tree C )802.1x D )Trunking
Spanning Tree 7.2.11
Uses voice recognition software and activates through a Wake Word or Hot Word.
Speaker/digital assistant 8.6.8
You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers? A )Overloading B )Dynamic C )Static D )Restricted
Static
Which resource is nearly impossible to decrease once allocated in virtualization? A )CPU B )RAM C )NIC D )Storage
Storage 8.3.4
What is a VPN (virtual private network) primarily used for? A )Allow remote systems to save on long distance charges. B )Allow the use of network-attached printers. C )Support secure communications over an untrusted network. D )Support the distribution of public web documents.
Support secure communications over an untrusted network. 8.5.7
Allows you to control hardwired lights, ceiling fans, fireplaces, small appliances, and garbage disposals.
Switch 8.6.8
Which of the following can cause broadcast storms? A )Switching loops B )Duplicate MAC addresses C )Duplicate IP addresses D )Routing loops
Switching loops 7.7.5
Dan, a network administrator, has noticed a consistent increase in bandwidth consumption since installing a new VoIP system. The increase is outside of the parameters given by the vendor. What is MOST likely the issue Dan needs to address? A )His ISP needs to give him more bandwidth. B )The codec needs to be replaced with a more efficient one. C )The hard phones need to be replaced. D )VoIP phones should be limited to necessary personnel only.
The codec needs to be replaced with a more efficient one. 8.2.7
A switch receives a frame with a destination MAC address that is not found in its MAC address table. What happens next? A )The frame stops at the switch and is not forwarded until the destination MAC address is manually added to the MAC address table. B )The frame is rejected and returned to the source host. C )The frame is replicated and sent to every active port on the switch except the source port. D )The frame is replicated and sent to every active port on the switch.
The frame is replicated and sent to every active port on the switch except the source port. 7.2.11
Learns from your habits and schedule, allows you to control the climate in your home remotely, shows you energy consumption in real time, and adjusts itself depending on ambient conditions.
Thermostat 8.6.8
Which of the following is considered part of a smart home? A )Telephone B )Laptop C )Thermostat D )TV
Thermostat 8.6.8
VoIP uses several protocols. Which layer of the OSI model do these protocols reside on? A )Presentation B )Transport C )Data Link D )Physical
Transport 8.2.7
Which of the following is true about a firewall? A ) You must manually specify which traffic you want to allow through the firewall. Everything else is blocked. B ) Implicit deny is used to deny permissions to a specific user even when the rest of the user's group is allowed access. C ) Firewalls protect against email spoofing attacks. D ) Host-based firewalls and network-based firewalls can be installed separately, but they cannot be placed together to provide multiple layers of protection.
You must manually specify which traffic you want to allow through the firewall. Everything else is blocked. (6.1.8)
In which of the following situations would you MOST likely implement a screened subnet? A )You want to encrypt data sent between two hosts using the internet. B )You want to protect a public web server from attack. C )You want users to see a single IP address when they access your company network. D )You want to detect and respond to attacks in real time.
You want to protect a public web server from attack. 6.3.5
You are in the process of configuring an iSCSI storage area network (SAN) for your network. You want to configure a Windows Server system to connect to an iSCSI target defined on a different server system. You also need to define iSCSI security settings, including CHAP and IPsec. Which tool should you use? A )Multipath I/O B )Internet Storage Name Service C )iSCSI option under File and Storage Services in Server Manager D )iSCSI Initiator
iSCSI Initiator 8.1.9
Which of the following utilities would you use to view the routing table? A )tracert B )traceroute C )mtr D )route
route 7.7.5
