CompTIA Network+ Practice Test (Lessons 1-16 Practice Questions)

A network manager installs a tool that throttles the bandwidth of attacking hosts and modifies suspect packets to render them harmless. Evaluate security technology tools and determine what specific functionality is being utilized. A. Network-Based Intrusion Prevention System (NIPS) B. Network-Based Intrusion Detection System (NIDS) C. Unified Threat Management (UTM) D. Signature management

A A Network-Based Intrusion Prevention System (NIPS) provides advanced measures that include throttling bandwidth of attacking hosts, applying complex firewall filters, and modifying suspect packets to render them harmless. A Network-Based Intrusion Detection System (NIDS) provides passive detection by logging intrusion incidents and displaying alerts at the management interface. Unified Threat Management (UTM) refers to a system that centralizes various security controls such as firewall, anti-malware, network intrusion prevention, and spam filtering into a single appliance. Signature-based detection means the engine is loaded with a database of attack patterns or signatures.

A network administrator deploys a firewall that analyzes the header and Hypertext Markup Language (HTML) code in Hypertext Protocol (HTTP) packets to match patterns in a threat database. Consider the types of firewalls and determine which firewall is on the network. A. Next Generation Firewall (NGFW) B. Appliance firewall C. Packet filtering firewall D. Router firewall

A A Next Generation Firewall (NGFW) is a layer 7 firewall that can inspect and parse the contents of packets at the Application layer. An appliance firewall is a stand-alone hardware firewall that performs only the function of a firewall. A packet filtering firewall is configured by specifying rules, which are called an Access Control List (ACL). Each rule defines a specific type of data packet and the appropriate action to take. A router firewall is similar to an appliance firewall with the exception that the functionality is built into the router firmware.

A network manager is responsible for two networks. Each network has a designated host that acts as a proxy for the computers within the network. What type of Virtual Private Network (VPN) will the network manager configure? A. Host-to-host B. Site-to-site C. Client-to-site D. Dynamic Multipoint

A A host-to-host Virtual Private Network (VPN) can connect two hosts or a server and its clients. This may be implemented if a single host on each network acts as a proxy for other network computers. A site-to-site VPN connects two or more local networks, each of which runs a VPN gateway (or router). Site-to-site VPNs are more likely to use compulsory tunneling. In a client-to-site VPN, the client connects over the public network to a VPN gateway, positioned on the edge of the local network. Client-to-site is the telecommuter model, allowing home-workers to connect to the corporate network. A dynamic multipoint VPN (DMVPN) allows Internet Protocol Security (IPSec) based VPNs to be set up dynamically, according to traffic requirements.

Consider the zones of a Public Switched Telephone Network (PSTN). Which of the following describes basic connectivity to a local exchange? A. A link is created between a home and a Central Office (CO). B. A cable is run from a Private Branch Exchange (PBX) directly to a local loop. C. A link is created between a Central Office (CO) to a toll office. D. A router is placed in a home to provide wireless service.

A A local exchange provides links between local access subscribers and provides transports to trunk exchanges. The local exchange is also referred to as a Class 5 office or a Central Office (CO). A Private Branch Exchange (PBX) connecting to a local loop does not complete the connection required to the central office. A local loop is cabling from the customer premises to the local exchange. A trunk office provides switching and interconnections between local exchanges within a metropolitan area or nationally, and to international gateway services. Trunk offices are also referred to as Class 4 or toll offices. Customer Premises Equipment (CPE) is the termination and routing equipment placed at the customer site.

A technician installs a cross-connect that utilizes modular jacks and connectors. The device has pre-wired Registered Jack (RJ)-45 connectors on one side. The other side has Insulation Displacement Connectors (IDCs). What is the technician installing? A. Patch panel B. Fiber distribution panel C. 66 block D. 110 block

A A patch panel is a type of cross-connect that utilizes modular jacks and connectors. A patch panel has 110 block Insulation Displacement Connector (IDC) terminals on one side and pre-wired Registered Jack (RJ)-45 jacks on the other side. A modern build or refurbishment might replace copper wiring with fiber optic cabling. Fiber distribution panels are used for the connections for this solution. A 66 block is used to terminate telephone cabling and legacy data applications (pre-category 5). A 110 block supports Category 5 and higher. This term can describe both a punch-down format and a distribution frame.

A network is designed for all nodes to share the bandwidth of the media. The nodes must contend to put signals on the media, and all nodes attach directly to a single cable. What type of topology does this demonstrate? A. Physical bus B. Point-to-point C. Logical topology D. Physical topology

A A physical bus topology with more than two nodes is a shared access topology, meaning that all nodes share the bandwidth of the media. Only one node can be active at any one time, so the nodes must contend to put signals on the media. All nodes attach directly to a single cable segment via cable taps. A point-to-point connection is a single link that is established between two nodes. A physical network topology describes the placement of nodes and how they are connected by the network media. A logical topology describes the flow of data through the network.

A technician is troubleshooting a report of an outage. The technician checks the switch port and notices a solid amber light. What information does the technician gain from the light color? A. The port is disabled. B. The link is connected, but there is no traffic. C. The link is not working or is disconnected at the other end. D. A fault has been detected.

A A solid amber light means that the port is disabled. The technician will need to enable the port to clear the trouble ticket. A solid green light means that the link is connected, but there is no traffic. If the green light is flickering, it would mean the link is operating normally (with traffic). If the light was not displaying, the technician would know that the link is not working or is disconnected at the other end. A blinking amber light means that a fault has been detected (duplex mismatch or spanning tree blocking, for example).

Identify the layer that does not add a header to the data payload. A. Physical B. Network C. Transport D. Application

A At each level, except the Physical layer, the sending nodes adds a header to the data payload which forms a chunk of data called a Protocol Data Unit (PDU). This process is known as encapsulation. At the Network layer, the Transmission Control Protocol (TCP) segment is wrapped in an Internet Protocol (IP) header. The IP packet is put into an Ethernet frame at the Data Link layer. At the Transport layer, a TCP header is added to the application. Data is generated by an application, such as Hypertext Transfer Protocol (HTTP), which will include an application header.

A host has an address of 169.254.101.201. What can an administrator infer from this address? A. The host did not receive a response to a DHCPDISCOVER broadcast. B. The network mask is 255.255.255.0. C. The host is configured with a static Internet Protocol (IP) address. D. The address is leased and the host must release the Internet Protocol (IP) after a specific period of time.

A Automatic Private Internet Protocol Addressing (APIPA) was developed as a means for clients that can not contact a Dynamic Host Configuration Protocol (DHCP) server to communicate on the local network. If a Windows host does not receive a response to a DHCPDISCOVER broadcast, a randomly selected address in the range of 169.254.1.1 to 169.254.254.254 will be assigned.

An attacker replaces the Internet Protocol (IP) address of www.companybank.com. Employee A goes to www.companybank.com to complete a transaction. The employee attempts to login to the website, and the attacker obtains the login credentials. What type of attack is Employee A a victim of? A. Domain Name System (DNS) poisoning B. Address Resolution Protocol (ARP) poisoning C. Man-in-the-Middle (MitM) attack D. Denial of Service (DoS) attack

A Domain Name System (DNS) poisoning is an attack that compromises the name resolution process. Typically, the attacker will replace the valid Internet Protocol (IP) address for a trusted website with the attacker's IP address. Address Resolution Protocol (ARP) poisoning works by broadcasting unsolicited ARP reply packets with a spoofed source address. A Man-in-the-Middle (MitM) attack is a specific type of spoofing attack where the attacker sits between two communicating hosts and openly intercepts and relays all communications between them. A Denial of Service (DoS) attack causes a service at a given host to fail or to become unavailable to legitimate users.

A network administrator is using Zenmap. The administrator enters the command nmap -sn 169.1.0.0/24. What will be the result? A. Suppressed host discovery scan B. Full Operating System (OS) fingerprinting C. Acknowledgement packets to port 80 and 443 D. Neighbor Discovery (ND) sweeps

A In Nmap, the switches -sn will be used to perform suppressed host discovery. This reduces the time consuming scan on a large Internet Protocol (IP) scope. If a host is detected, Nmap performs a port scan against that host to determine which services are running. This Operating System (OS) fingerprinting is time consuming. The -sn switch suppresses the scan and removes this function. The basic syntax of an Nmap command, without the -sn switch, results in the default behavior of Nmap to ping and send a Transmission Control Protocol (TCP) acknowledgement (ACK) packet to ports 80 and 443. Nmap will perform Neighbor Discovery (ND) sweeps. The -sn switch is a suppressed scan that removes this function.

What was developed by Cisco as a means of providing traffic engineering, Class of Service (CoS), and Quality of Service (QoS), within a packet switched network? A. Multiprotocol Label Switching (MPLS) B. Asynchronous Transfer Mode (ATM) C. Frame relay D. High-Level Data Link Control (HDLC)

A Multiprotocol Label Switching (MPLS) was developed by Cisco from Asynchronous Transfer Mode (ATM) as a means of providing traffic engineering, Class of Service (CoS), and Quality of Service (QoS), within a packet switched network. ATM is a transport mechanism for all types of data, including voice and video. ATM is designed to make highly efficient use of the available bandwidth. Frame relay provides data packet forwarding for services running over T-carrier lines or even dial-up. The advantage, when used with T-carrier, is that the customer can select an appropriate bandwidth level. The High-Level Data Link Control (HDLC) protocol is widely used to transfer data over a serial digital line, such as T1.

A network manager purchases a new server. The manager wants to ensure the server will fit in the current rack system. The rack system currently has space for 5U. The server is 8" tall. Calculate the space needed for the server to determine if the server will fit in the rack system. A. Yes, the server will fit. The server needs a minimum space of 5U. B. Yes, the server will fit. The server needs a minimum space of 4U. C. No, the server is too large for the rack space. The server needs a minimum space of 8U. D. No, the server is too large for the rack space. The server needs a minimum space of 14U.

A Rack systems are standard widths and can fit appliances using standard height multiples of 1.75", called units (U). The rack in the scenario has space for 5U, which equals 8.75". The server is 8" tall and therefore needs 5U of space. The server will fit but needs more than 4U of space. The server is 8" tall and 4U provides 7" of space. The server is not too large for the rack space. The minimum space for the server is 5U, versus 8U. The server does not need 14U of space. This could be incorrectly calculated by multiplying 1.75 by the server height (inches). The rack space available (5U) is multiplied by 1.75 for a return of 8.75" available.

Explain the use of remote network routes. A. For networks that are not directly attached B. For subnets to which the router is directly attached C. For routes to a specific Internet Protocol (IP) address D. For when a better network or host route is not found

A Routing table entries fall into four general categories. Remote network routes are for subnets and Internet Protocol (IP) networks that are not directly attached. Direct network routes are for subnets to which the router is directly attached. The router is used as a gateway to deliver packets to hosts on the same subnet by using Address Resolution Protocol (ARP). Host routes are for routes to a specific IP address. Default routes are used when a better network or host route is not found. If a packet's destination address does not match any other entries, this is the route that will be used. The default route is 0.0.0.0/0.

A company currently uses Telnet for remote access to end user clients. The network manager is aware of the vulnerabilities with this protocol. The manager is researching solutions to replace the use of Telnet. Which is the BEST solution to replace Telnet? A. Secure Shell (SSH) B. Secure Socket Layer (SSL) C. Transport Layer Security (TLS) D. Simple Network Management Protocol (SNMP)

A Telnet is an unsecure protocol as all communications are in cleartext. Telnet is often replaced by Secure Shell (SSH), but this may not be supported by legacy appliances. The HyperText Transfer Protocol (HTTP) is an unsecure protocol that can be made secure by using Secure Sockets Layer (SSL) with Transport Layer Security (TLS). TLS is used in conjunction with SSL to secure HTTP. Simple Network Management Protocol (SNMP) versions 1 and 2 are unencrypted. SNMPv3 supports encryption. A protocol, such as Internet Protocol Security (IPsec), can be used to encrypt SNMP traffic.

An Identity and Access Management (IAM) system proves that a user is who they claim to be when they access a resource. Which access control process is the IAM using? A. Authentication B. Identification C. Authorization D. Accounting

A The authentication process proves that a subject is who or what it claims to be, when it attempts to access the resource. Identification (ID) is the process of creating an account or ID that identifies the user, device, or process on the network. Authorization is the process of determining what rights subjects should have on each resource and enforcing those rights. Accounting is the process of tracking of authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.

Which monitoring alert can an administrator configure to measure the total amount of data transferred in a 24-hour period? A. Utilization B. Speed C. Resets D. Link status

A Utilization will measure the data transferred over a period of time. This can either be measured as the amount of data both sent and received or calculated as a percentage of available bandwidth. Speed will measure the rated speed of the interface. For Ethernet links, the interface speed should match both the host and switch ports. Resets measures the number of times an interface has restarted over the counter period. An interface that continually resets is described as flapping. Link status measures whether an interface is working. An alert will notify an administrator immediately so that troubleshooting can occur.

Analyze the process of subnetting. Determine why an administrator may find subnetting beneficial for a network. (Select two) A. To divide a network into logically distinct zones for security B. A network has a large number of hosts on the same Internet Protocol (IP) network C. A network uses the same physical and data link technologies throughout D. An organization has one Local Area Network (LAN) without a Wide Area Network (WAN)

A and B An administrator may find subnetting useful to divide a network into logically distinct zones for security and administrative control. It is inefficient to have very large numbers of hosts on the same Internet Protocol (IP) network. Subnetting will logically divide a network into smaller subnetworks, which will make it more efficient. Networks that use different physical and data link technologies should be logically separated as different subnets. Organizations with more than one site with Wide Area Network (WAN) links will find subnetting useful. The WAN link can form a separate subnet.

Host A and Host B connect to the same switch. Ports 1-14 have a separate Internet Protocol (IP) address range and subnet address than ports 15-28. Host A uses port 6, and Host B uses port 23. What can a technician determine from this information about Host A and Host B? (Select two) A. Host A and Host B are on separate Virtual Local Area Networks (VLANs). B. Host A and Host B must communicate through a layer 3 device. C. Host A and Host B are on the same logical and physical network. D. Host A and Host B can directly communicate through the shared switch.

A and B Host A and Host B are on separate Virtual Local Area Networks (VLANs). One way to implement a VLAN is by configuring the port interface on a switch. In this scenario, the switch has two VLANS configured. Host A and Host B must communicate through a layer 3 device. Each device is on a separate VLAN, which requires a layer 3 device to communicate. Host A and Host B are on the same physical network (shared switch) but are on separate logical networks (separate VLANs). Host A and Host B are on separate VLANS, resulting in a router being required to communicate. The hosts cannot use the switch to communicate.

Which layers of the Open System Interconnection (OSI) model make up the physical and logical topologies of network segments? (Select two). A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 4

A and B Layer 1, Physical layer, is responsible for physical topology. Physical and Logical topologies create network segments within the Open System Interconnection (OSI) model. Layer 2, Data Link layer, determines how multiple nodes that are on the same physical segment can share access to the network media. This is referred to as the logical topology. Layer 3, Network layer, is responsible for moving data around a network of networks, known as an internetwork. Layer 4, Transport layer, has the critical function of identifying each type of network application by assigning it a port number.

A network with two private subnets utilizes a Demilitarized Zone (DMZ) for a honeypot on a corporate firewall appliance. Evaluate the topology to determine which type it represents. A. Three-legged firewall B. Screened subnet C. Screened host D. DMZ host

A A Demilitarized Zone (DMZ) can be established using a single router and firewall appliance. A three-legged firewall is one with three network ports, each directing traffic to a separate subnet. A screened subnet uses two firewalls that are placed at either end of the DMZ. One restricts traffic on the external interface, while the other restricts traffic on the internal interface. Smaller network may use a screened host where Internet access is implemented using a dual-homed proxy or gateway server. A DMZ host is used by router vendors to mean an Internet-facing host or zone is not protected by the firewall.

Host A begins communications with Host B. The hosts use Internet Security Protocol (IPSec). The Internet Key Exchange (IKE) provides authentication and the key exchange. What will occur during phase I of the negotiations? (Select two) A. The Diffie-Hellman algorithm will create a secure channel. B. The Main Mode will transmit six messages. C. The hosts will establish which ciphers and key sizes to use. D. Aggressive Mode, the most secure mode, will transmit six messages.

A and B Phase I establishes the identity of the two hosts and performs a key agreement using an algorithm called Diffie-Hellman to create a secure channel. Phase I is usually initiated in Main Mode, which involves six messages. Phase II uses the secure channel created in Phase I to establish which ciphers and key sizes will be used with the Authentication Header (AH) and/or Encapsulation Security Payload (ESP) in the Internet Protocol Security (IPSec) session. The Aggressive Mode is an alternative to the Main Mode. The Aggressive Mode packs the information in the six messages into three messages. The three messages are sent in the clear, making it easier for a snooper to perform a dictionary or brute-force password guessing attack.

Which of the following policies will enforce separation of duties? (Select two) A. Administrators have separate accounts for management and general use. B. Employees must take a 1 week mandatory vacation, annually. C. Users can only use privileges to perform authorized job functions. D. Employees must be aware of, and in compliance with, legal and regulatory issues.

A and B Separation of duties is a means of establishing checks and balances against the possibility that critical systems or procedures can be compromised by rogue use of access permissions. Separate accounts for management and general use will assist with enforcing separation of duties. Mandatory vacations mean that employees are forced to take their vacation time, during which someone else fulfills their duties. Employees only being allowed to use privileges to perform authorized job functions is an example of rules of behavior. Employees being aware of, and in compliance with, legal and regulatory issues is another example of rules of behavior.

A homeowner uses a broadband speed tester on the residential network. What actions should the homeowner take? (Select two) A. Run the test in isolation. B. Run the test within the network to obtain the speed, with devices connected. C. Contact the Internet Service Provider (ISP) for lower than expected results. D. Check the router's logs for line condition statistics for lower than expected results.

A and C A broadband speed tester is a website that measures the time taken to download and upload a randomized stream of data to a web host. Ideally, the test should be run in isolation so that the link is not congested by traffic from other devices on the home network. The test should be performed in isolation, versus on the network with all of the other home devices. If the bandwidth obtained is lower than expected, the homeowner should contact the Internet Service Provider (ISP). Residential services are fully managed. Router logs would be checked for line condition statistics, if the test was not conducted on a home network with an ISP.

Identify the characteristics of a rogue Access Point (AP). (Select two) A. A rogue Access Point (AP) can be malicious or accidental. B. A rogue Access Point (AP) is used to perform a deauthentication attack. C. A rogue Access Point (AP) can be an evil twin. D. A rogue Access Point (AP) is used for geofencing.

A and C A rogue Access Point (AP) is one that has been installed on the network without authorization, whether with malicious intent or not. A rogue AP masquerading as a legitimate one is called an evil twin, or sometimes Wiphishing. A rogue AP is not used to perform a deauthentication attack. A deauthentication attack may be performed by an attacker in order to install a rogue AP on the network. A rogue AP is not used for geofencing. Geofencing means using the location services built into mobile devices to configure policies that are specific to the user's precise physical location.

Which of the following are accurate statements regarding endpoint and port security? (Select two) A. Endpoint security contrasts with the focus on perimeter security established by technologies such as firewalls. B. The portability of devices makes penetrating network perimeter security more difficult. C. Endpoint security adds defense in depth. D. Access to physical switch ports should be restricted to only employees.

A and C Endpoint security is a set of security procedures and technologies designed to restrict network access at a device level. Endpoint security contrasts with the focus on perimeter security established by topologies, such as Demilitarized Zone (DMZ), and technologies, such as firewalls. Endpoint security does not replace perimeter security but adds defense in depth. The portability of devices, such as removable storage, makes penetrating network perimeter security more straightforward. Access to the physical switch ports and switch hardware should be restricted to authorized staff. Not all employees should have access to these devices.

A single host on a network is unable to resolve names. Evaluate Domain Name System (DNS) configuration issues and determine which are the most likely to be the cause. (Select two). A. The DNS address is not configured. B. The DNS server is offline. C. The DNS service configuration is incorrect. D. The DNS suffix is incorrect.

A and D Host F, a single client in a network, is unable to resolve names. The issue is likely to lie with the client configuration. One possible reason is that the client has been configured without a Domain Name Service (DNS) server address or the wrong DNS server address. Another possible reason is that the client has the incorrect DNS suffix. If multiple clients are affected, the issue is likely to lie with the server service. One possible reason for this to occur is if the server is offline. Another reason for multiple clients to be affected is if the DNS service configuration is incorrect.

A host receives a non-authoritative answer from a Domain Name System (DNS) server. What can an administrator infer about the server? A. The server is an authoritative server. B. The server is a cache-only server. C. The server is a primary server. D. The server is a secondary server.

B Servers that do not maintain a zone are referred to as cache-only servers. A non-authoritative answer from a server is one that derives from a cached record, rather than directly from the zone records. Authoritative servers are name servers that hold complete records for a domain. A record in the zone identifies the server as a name server for the domain. Authoritative servers can be either primary or secondary. A primary server means that the zone can be edited. There is not enough information in the scenario to determine if the server is primary or secondary. A secondary server is a server that has a read-only copy of the zone. Secondary servers provide fault tolerance and load balancing.

A network administrator enters information into a routing table. The administrator updates the table when the topology changes. What type of routing is the administrator using? A. Default B. Static C. Learned D. Convergence

B Static routing is defined manually. The table only changes if the administrator edits the table. Any time that the topology changes each router will need to be updated manually. Default routing is a special type of static route that identifies the next hop router for an unknown destination. The default route is used only if there are no matches for the destination in the routing table. A learned route is the one that is communicated to the router by another router, by using a dynamic routing protocol. Convergence is the process whereby routers running dynamic routing algorithms agree on routes through the internetwork.

A host has an Internet Protocol (IP) address of 129.153.138.83. Evaluate classful addressing standards and determine the class of the host's network. A. Class A B. Class B C. Class C D. Class D

B The Internet Protocol (IP) address 129.153.138.83 is part of a Class B network. The first octet range for a Class B network is 128-191 and this IP has a first octet of 129. Hosts in a Class A network have a first octet range of 1-126. This IP has a first octet of 129 and is outside of this range. Hosts in a Class C network have a first octet range of 192-223. This IP has a first octet of 129 and is outside of this range. Class D addresses are 224.0.0.0 through 239.255.255.255 and are used for multicasting.

A user operating Host A opens a web browser and goes to www.mywebsite.com. A Transmission Control Protocol (TCP) connection is established. Simulate the third step that occurs to complete the connection. A. Host A sends a synchronization segment to the server with a randomly generated sequence number. B. Host A responds with an acknowledgement segment. Host A assumes the connection is established. C. The web server responds with a synchronization acknowledgement segment that contains its own randomly generated sequence number. D. The web server opens a connection with Host A and enters the established state.

B The Transmission Control Protocol (TCP) establishes a connection via a three-way handshake. The third step in this connection is for the client to respond with an acknowledgement (ACK) segment. The client assumes the connection is ESTABLISHED. The first step is for the client to send a synchronization (SYN) segment to the server with a randomly generated sequence number. The client enters the SYN-SENT state. The second step is for the server to respond with a SYN/ACK segment, which contains its own randomly generated sequence number. The server enters the SYN-RECEIVED state. The fourth step is for the server to open a connection with the client and to enter the ESTABLISHED state.

A technician has been tasked to determine the baud rate of a connection. Evaluate transmission medium characteristics and determine what the technician will be calculating. A. The amount of information that can be transmitted per second B. The number of symbols that can be transmitted per second C. The combination of signaling speed and encoding method D. The loss of signal strength between two measurements

B The baud rate is the number of symbols that can be transmitted per second. A signal transmitted over a communications channel consists of a series of events referred to as symbols. The baud rate is measured in hertz. The bit rate is the amount of information that can be transmitted, measured in bits per second. The data rate is determined by a combination of signaling speed (baud) and encoding method, but also by distance and noise. Attenuation is the loss of signal strength and is expressed in Decibels (dB). dB expresses the ratio between two measurements.

A technician is pulling cable from the telecommunications closet to a new office. What is the maximum length of the main cable to prevent attenuation? A. 245 feet B. 295 feet C. 325 feet D. 255 feet

B The main fixed cable run can be up to 295 feet (90 meters). The stranded-wire patch cords (between the computer and wall port) and jumpers (a stranded-wire cable without connectors used on cross-connects) can be up to 16 feet each, and no more than 33 feet in overall length. A cable that is 245 feet in length will be within the guidelines, but this is not the maximum length. A cable 325 feet in length will be over the maximum of 295 feet and has a higher chance of attenuation. A cable 255 feet in length will be within the guidelines, but this is not the maximum length.

A network technician discovers that a port with mismatched speed settings are the cause of an outage. Evaluate the types of issues that can occur in a network and determine what type of issue the scenario represents. A. Gateway B. Network Interface C. Dynamic Host Configuration Protocol (DHCP) D. Routing

B The network is experiencing network interface issues. Most adapters and switches successfully autonegotiate port settings. If this process fails, the adapter and port can end up with mismatched speed or duplex settings. If the interface Internet Protocol (IP) configuration is correct, a series of connectivity test using the ping command can be completed to determine where the fault lies, to verify if the netmask or gateway is the issue. The Dynamic Host Configuration Protocol (DHCP) provides IP addressing autoconfiguration to hosts without static IP parameters. Forwarding issues can also occur at layer 3. If a host's default gateway and some hosts on a remote network (but not all) can be pinged, there is a routing problem.

Host A transmits a frame to Host B. The frame is received by a switch into a port buffer. The port buffer holds the frame until it can be processed. When ready, the switch uses a high-speed backplane to send the frame out on port 3 for Host B. Which of the following does this scenario illustrate? A. Flooding B. Microsegmentation C. Autonegotiation D. Port mirroring

B The scenario is describing the actions taken by a switch during microsegmentation. No other devices, such as Host C, will see the activity on the network while this process takes place. If a Media Access Control (MAC) address cannot be found in the MAC address table, the switch acts like a hub and transmits the frame out of all of the ports, except for the source port. This is referred to as flooding. Switches are set to autonegotiate speed (10/100/1000) and full- or half-duplex operations. Port mirroring copies all packets sent to one or more source ports to a mirror, or destination, port.

A small business owner has a home office that consists of two computers and two printers. The network uses one router for connectivity. Which type of network does this scenario illustrate? A. Personal Area Network (PAN) B. Local Area Network (LAN) C. Wide Area Network (WAN) D. Campus Local Area Network (LAN)

B The small business owner is using a Local Area Network (LAN). LANs can be used for small office, home office, residential, and small to medium sized enterprise networks. A Personal Area Network (PAN) is a variety of devices, such as smartphones, tablets, headsets, and printers that are connected via close-range network links. A Wide Area Network (WAN) is a network of networks, connected by long-distance links. A campus LAN can cover a wide range of different types of sites from a whole building, a floor in a building, or multiple buildings.

Identify the function of a Cloud Access Security Broker. (Select two) A. Enforces access controls from the cloud provider to the enterprise network B. Scans for malware and rogue or non-compliant device access C. Monitors and audits user and resource activity D. Eliminates data exfiltration from managed devices

B and C A Cloud Access Security Broker (CASB) is enterprise management software designed to mediate access to cloud services by users across all types of devices. A CASB scans for malware and rogue or non-compliant device access. A CASB monitors and audits user and resource activity. A CASB enables single sign-on authentication and enforces access controls and authorizations from the enterprise network to the cloud provider, versus from the cloud provider to the enterprise network. A CASB mitigates, not eliminates, data exfiltration by preventing access to unauthorized cloud services from managed devices.

A junior technician escalates a trouble ticket to a senior technician. Which of the following are reasons for the technician to take this action? (Select two) A. The junior technician would escalate to form an action plan. B. The solution requires a major reconfiguration of the network. C. A customer becomes difficult to work with. D. The junior technician would escalate prior to repair even after identifying the problem.

B and C A valid reason to escalate a problem to a senior technician is that the scope of the problem is large, or the solution requires some major reconfiguration of the network. A customer that becomes difficult or abusive should be escalated to a senior technician or manager. A senior technician will have more experience dealing with these types of customers and will be better able to deal with the issue. An action plan would be something one would put in place if they knew what the issue is and were not needing to escalate. A repair would be part of an action plan, if the technician has identified the problem, the technician would proceed with repair.

Which of the following are examples of Personally Identifiable Information (PII)? (Select two) A. Time zone B. Static Internet Protocol (IP) address C. Date of birth D. Dynamic Internet Protocol (IP) address

B and C Personally Identifiable Information (PII) is data that can be used to identify, contact, or locate an individual. One example of PII is a static Internet Protocol (IP) address. A static IP address does not change and can be traced back to a specific person. Another example of PII is a date of birth. This information can be used with other data, such as name and place of birth, to identify a person or steal their identity. A time zone is not an example of PII. A time zone is not linked to a specific individual. A dynamic IP address is not considered PII. A dynamic IP address changes often and cannot be linked to a specific person.

Compare the Open System Interconnection (OSI) model and the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack and determine which statements accurately distinguish between the two. (Select two). A. The TCP/IP protocol stack consists of 5 layers compared to the 7 layers found in the OSI model. B. The Application layer of TCP/IP consolidates Layers 5-7 of the OSI model. C. PPP, PPTP, and L2TP occur at the Link layer of the TCP/IP protocol stack and occur at Layer 2 of the OSI model. D. TCP and UDP occur at the Internet layer of the TCP/IP protocol stack.

B and C The Application layer of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack covers the Session (layer 5), Presentation (layer 6), and the Application (layer 7) of the Open System Interconnection (OSI) model. Point-to-Point Protocol (PPP), Point-to-Point Tunneling Protocol (PPTP), and Layer 2 Tunneling Protocol (L2TP) all occur at the Link layer of the TCP/IP protocol stack. The TCP/IP protocol stack consists of 4 layers (Link, Internet, Transport, and Application) compared to the 7 layers (Physical, Data Link, Network, Transport, Session, Presentation, and Application) found in the OSI model. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) both occur at the Transport layer of the TCP/IP protocol stack.

Which of the following are generic Top-Level Domain (TLD) examples? (Select two) A. .edu B. .org C. .com D. .ca

B and C The Domain Name System (DNS) is a hierarchical system of distributed name server databases that contain information on domains and hosts within those domains. There are several types of Top-Level Domains (TLDs). One example of a generic TLD is .net. Other examples include .info and .biz. An example of a generic TLD is .com. This generic TLD is one of the most popular and widely used. The TLD .edu is an example of a sponsored TLD. Another example of a sponsored TLD is .gov. The TLD .ca is an example of a country code TLD. This TLD is used for Canada. Other examples include .uk (United Kingdom) and .de (Germany).

A telecommunications company installs a T1 circuit. Compare the characteristics of T-carrier systems to determine what this circuit will provide the company. (Select two) A. 672 Channels B. 24 Channels C. 1.544 Mbps Bandwidth D. 44.736 Mbps Bandwidth

B and C The first generation of Digital Signaling (DS) to be implemented on telecommunications networks was the Plesiochronous Digital Hierarchy (PDH) or T-carrier system. Each channel provides enough bandwidth for a voice communication session, digitized using Pulse Code Modulation (PCM). A T1 provides 24 channels. A T1 provides 1.544 Megabits per second (Mbps) of bandwidth compared to a DS0 that provides 64 Kilobits per second (Kbps) with only 1 channel. A T3, also called a DS3, provides 672 channels. This is 28 times more channels than what a T1 provides. A T3 provides 44.736 Mbps of bandwidth.

A company has several networks and subnets within a single location. Host A is located on the 192.153.1.0/24 subnet. Host B has the Internet Protocol (IP) address 192.153.2.16 and is connected to the same layer 3 switch as host A. Communication between these hosts require two hops. What does this scenario simulate? A. Remote network routes B. Host routes C. Direct network routes D. Default routes

C Direct network routes are for subnets to which the router is directly attached. Both hosts are on different subnets; a host will hop first to its gateway IP address before reaching the other host in the second hop. Remote network routes are for subnets and IP networks that are not directly attached. Communication will go out of the local gateway and over to other routers on the network. Host routes are routes to a specific IP address. An IP address with a netmask of 255.255.255.255 is an example of a single host route. Default routes are used when a better network or host route is not found.

A system administrator develops a physical diagram of cabling, using blue for WAN connections, white for patch-panel/switch connections, brown for LAN connections, and gray for virtual private network connections. Considering the color-coding the administrator plans to use, which color identifies a user's cubicle network connection? A. Blue B. White C. Brown D. Gray

C Having a standard results in system administrators being able to read and decipher a network diagram easily. A color-coding scheme is helpful. In this case, a brown cable represents LAN connections, such as those found in a user's cubicle. In this case, blue is used for wide area network (WAN) connections, such as from the firewall to the Internet. In this example, white is being used to identify patch cable runs to a switch. In this example, grey is used to identify any virtual private network (VPN) connections that may exist.

Host A sends a file to Host B. The router uses Neighbor Discovery (ND) to determine the interface address of the destination host and encapsulates the packet for delivery. This scenario validates which of the following statements? (Select two) A. The network operates on Internet Protocol version 4 (IPv4). B. The network operates on Internet Protocol version 6 (IPv6). C. The hosts are located on the same network. D. The router is using the default route.

B and C The network is operating on Internet Protocol v6 (IPv6). Neighbor Discovery (ND) uses IPv6 to determine the interface address of the destination host and encapsulates the packet in the appropriate frame format for delivery. The hosts are on the same network. ND is used for directly connected routes and directly connected routes are used for subnets to which the router is directly attached. Internet Protocol version 4 (IPv4) uses Address Resolution Protocol (ARP), not ND, to determine the interface address of the destination host. The default route is 0.0.0.0/0 (IPv4) or :/0 (IPv6), and is used if no route exists.

An employee arrives at work and uses a smart card to enter the building. The employee holds the badge up to the reader to gain access. Analyze smart card features to determine which of the following characteristics apply to this card. (Select two) A. The smart card is contact based. B. The smart card is contactless. C. The smart card uses 2.4 GHz proximity. D. The smart card uses 13.56 MHz proximity.

B and D A smart card is either contact based or contactless. Contactless cards transfer data using a tiny antenna embedded in the card. Most door access controls will use contactless readers to avoid wear-and-tear. The employee walked up to the door and held the card near the reader for access is an example of a contactless card. A contact based card must be physically inserted into a reader. This could be accomplished with a swiping system or pushing the card into the reader. 2.4 GHz is a band used in WiFi (Wireless) device communication. Contactless smart cards use 13.56 MegaHertZ (MHz) proximity. This is an upgrade from the older model contact based cards.

According to the original specification, a 4th Generation (4G) wireless device was supposed to deliver speeds at what rate? Select two. A. 168 Mbps for stationary and slow moving users B. 1 Gbps for stationary and slow moving users C. 150 Mbps for fast moving users D. 100 Mbps for fast moving users

B and D According to the original specification, a 4th Generation (4G) service was supposed to deliver 1 Gigabit per second (Gbps) for stationary or slow-moving users (including pedestrians). The original specification identified fast moving users, such as those in a moving vehicle, as receiving 100 Megabits per second (Mbps). Long Term Evolution (LTE) is a converged 4G standard that has a maximum downlink of 150 Mbps in theory, but no provider networks can deliver this speed. Evolved High Speed Packet Access (HSPA+) is a 3G standard that provides download speeds up to 168 Mbps.

A network manager implements geofencing to block anyone using a wireless device outside of the site perimeter. What are possible issues the network manager will face? (Select two) A. Most devices support Global Positioning Systems (GPS)-based location services. B. Global Positioning System (GPS) is not reliable when used indoors. C. New software would need to be installed on devices for the policy to take place. D. Many devices would need to be excluded from the policy.

B and D Geofencing means using the location services built into mobile devices to configure policies that are specific to the user's precise physical locations. One of the primary issues with geofencing is that the Global Positioning System (GPS) is not reliable when used indoors. Another issue is that many devices do not support GPS-based location services and would need to be excluded from the policy. Many devices do not support GPS-based location services. If most devices supported GPS, this policy would be easier to implement. New software would not need to be installed. The principle behind geofencing is using the location services that are already built into the mobile devices.

What is the function of an Independent Basic Service Set (IBSS)? A. Is a mesh station capable of discovering one another and peering. B. Allows clients to join a Wireless Local Area Network (WLAN) through the network name. C. Is a wireless technology that allows peer connections without the use of an access point. D. Is a special management frame broadcast by the Access Point (AP) to advertise the Wireless Local Area Network (WLAN).

C In an ad hoc topology, the system can connect wirelessly to and from other devices. In 802.11 documentation, this is referred to as an Independent Basic Service Set (IBSS). The 802.11s standard defines a Wireless Mesh Network (WMN). Unlike an ad hoc network, nodes in a WMN (called mesh stations) are capable of discovering one another and peering, forming a Mesh Basic Service Set (MBSS). Clients join a Wireless Local Area Network (WLAN) through the network name known as the Service Set Identifier (SSID). A beacon is a special management frame broadcast by the Access Point (AP) to advertise the WLAN.

Identify the layer of the Open Systems Interconnection (OSI) model where the Domain Name System (DNS) resides. A. Network B. Transport C. Application D. Data

C Name resolution protocols, such as the Domain Name System (DNS) sit at the Application layer (layer 7) of the Open Systems Interconnection (OSI) model. The Network layer (layer 3) has the Internet Protocol (IP) as one of the protocols that sit at this layer. IP is responsible for routing data between networks. The Transport layer (layer 4) subdivides datagrams. This layer has the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). The Data layer (layer 2) defines the format of data. The layer's header identifies the Media Access Control (MAC) address of both the sender and receiver of packets.

What are the interconnections between switches that provide redundant links? A. Access port B. Tagged port C. Trunk D. Inter-Switch Link

C One switch will not provide enough ports for all of the hosts on a large network. Multiple switches must be interconnected to build the network fabric. The interconnections between switches are referred to as trunks. A port that will only participate in a single Virtual Local Area Network (VLAN) can be configured as untagged, which is also referred to as an access port. A tagged port will normally be one that is operating as a trunk, meaning it is capable of transporting traffic addressed to multiple VLANs. An Inter-Switch Link (ISL) was once used to preserve frames for the receiving switch to forward it correctly across trunks.

Differentiate between the characteristics of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). (Select two) A. Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4) both only use values 0-9. B. Internet Protocol version 6 (IPv6) uses hexadecimal numbering while Internet Protocol version 4 (IPv4) uses decimal numbering. C. Internet Protocol version 6 (IPv6) uses an Options field in the header while Internet Protocol version 4 (IPv4) uses extension headers. D. Internet Protocol version 6 (IPv6) is a 128-bit addressing scheme while Internet Protocol version 4 (IPv4) is a 32-bit addressing scheme.

B and D Internet Protocol version 6 (IPv6) uses hexadecimal numbering due to the long sequences of bytes used in IPv6. Internet Protocol version 4 (IPv4) uses decimal numbering. IPv6 is a 128-bit addressing scheme while IPv4 is a 32-bit addressing scheme. The increase in size addresses space issues with IPv4. The 128-bit scheme allows for 340 undecillion unique addresses. IPv6 uses numeral values 0-9 and also characters A-F. IPv4 only uses values 0-9. IPv6 uses extension headers which replaced the Options field found in IPv4. The extension headers are predefined and cover functions such as fragmentation and reassembly, security, and source routing.

Which of the following provides an accurate depiction of network segmentation? (Select two) A. A switch is required to communicate outside of a Virtual Local Area Network (VLAN). B. Access controls enforce network segmentation. C. The networks are physically and logically separate. D. Segmentation can mitigate attacks by restricting it to a smaller group of hosts.

B and D Network segmentation may use Virtual Local Area Networks (VLANs), subnets, Virtual Private Networks (VPNs), and host virtualization. All of these types of systems enforce network segmentation by deploying access controls. Segmentation can mitigate attacks by restricting it to a smaller group of network hosts. An attack will affect fewer machines versus the entire network. A router is required to communicate outside of a Virtual Local Area Network (VLAN). The routers can be equipped with a firewall that applies additional rules to what is allowed in and out of the network. A switch restricts it to communications designated for the VLAN. The networks are not physically separate, but they are logically separate.

A network administrator is tasked with designing Session Initiation Protocol (SIP) Uniform Resource Indicator (URI). Develop two SIP URIs for a user named Sam Walker that works for mywebsite.com. The user's phone number is 123-456-7890. (Select two) A. sip:sam.walker.mywebsite.com B. sip:[email protected] C. sip:sam.walker.1234567890 D. sip:sam.walker@1234567890

B and D Session Initiation Protocol (SIP) endpoints are the end-user devices, such as Internet Protocol (IP)-enabled handsets or client and web conference software. Each device is assigned a unique SIP Uniform Resource Indicator (URI). One possible SIP in this scenario is sip:[email protected]. Another possible SIP in this scenario is sip:sam.walker@1234567890. This SIP uses the users name and phone number to create the unique address. The SIP sip:sam.walker.mywebsite.com is missing the "@" symbol prior to the mywebsite.com. This is a necessary symbol in SIP development. The SIP sip:sam.walker.1234567890 is also missing the "@" symbol prior to the phone number.

A network administrator reviews current device hardening policies to provide defense in depth for a network. Which areas should the administrator investigate? (Select two) A. An attack surface refers to the parts of the network an attacker will have access to. B. Vendors sometimes install backdoors on devices, such as switches and routers. C. Most devices enforce password complexity rules by default. D. Unused Internet Protocol (IP) ports introduce ways an attacker may gain access.

B and D Vendors sometimes deliberately install backdoors on devices such as routers and switches, often as a password reset mechanism. Internet Protocol (IP) ports that are unused should be disabled. Disabling unused ports will reduce the system's attack surface by limiting the ways an attacker can connect to a device. The attack surface refers to the range of things that an attacker could possibly exploit in order to compromise a device. It is important to disable unused administration interfaces and to secure those that are used. Most devices do not enforce complexity rules. The onus is on the user to choose something secure.

A technician needs to install a twisted pair cable solution that will provide a frequency of 200 MegaHertz (MHz) for up to 100 feet. The technician needs to achieve a capacity of 10 Gigabits per second (Gbps). The technician wants to keep cost in mind and not install a higher Category (Cat) than required. Consider the Electronic Industries Alliance (EIA) 568 Commercial Building Telecommunication Cabling Standards to determine which Cat cabling solution will meet the needs of the technician. A. Cat 5 B. Cat 5e C. Cat 6 D. Cat 6A

C A Category (Cat) 6 cable will provide the requirements. A Cat 6 cable will provide a frequency of 250 MegaHertZ (MHz) with a capacity of 10 Gigabits per second (Gbps) for up to 180 feet. A Cat 5 cable only provides a frequency of 100 MHz and a capacity of 100 Megabits per second (Mbps). This will not perform the requirements of the job. A Cat 5e cable will only provide 100 MHz and a capacity of 1 Gbps. A Cat 6A will provide 500 MHz with 10 Gbps for up to 328 feet. This is well over the requirements of the job. The technician can keep costs at a minimum by using a Cat 6 solution.

A network technician and manager have an argument. The technician places a scripted trap that runs when the technician's account is deleted. The technician then resigns from the company. What did the technician install? A. Crypto-malware B. Brute force C. Logic bomb D. Ransomware

C A logic bomb is a type of malware that executes in response to a system or user event. In the scenario, the disgruntled technician is an insider threat. Crypto-malware is a class of ransomware that attempts to encrypt data files on any fixed, removable, or network drives. The user will be unable to access the files without obtaining the private encryption key, which is held by the attacker. Brute force software tries to match the hash against one of every possible combinations to crack a password. Ransomware is a type of malware that tries to extort money from the victim.

A small company has a single public address assigned by its Internet Service Provider (ISP). Recommend a solution to the company that will control communications for Internet-based applications. A. Port forwarding B. Network Address Translation (NAT) C. Port Address Translation (PAT) D. Dynamic Network Address Translation (DNAT)

C Smaller companies may only be allocated a single address by their Internet Service Providers (ISPs). A means for multiple private Internet Protocol (IP) addresses to be mapped onto a single public address would be useful, and this function is provided by Port Address Translation (PAT). Port forwarding, known as Destination Network Address Translation (DNAT), uses the router's public address to forward incoming requests to a different IP. Network Address Translation (NAT) is a service that translates between a private and public addressing scheme, used by an Internet-facing device. Dynamic NAT is when the NAT device exposes a pool of public IP addresses, and the service builds a table of public to provide address mappings.

Under which of the following conditions is the FORWARD firewall chain used? A. An administrator is editing the rules enforced by the Linux kernel firewall. B. A user attempts to Secure Shell (SSH) into a Linux server. C. A Linux system is performing Network Address Translation (NAT). D. A user attempts to ping a web address.

C The FORWARD firewall chain is used for connections that are passing through a server, rather than being delivered locally. The command iptables is a command line utility provided by many Linux distributions that allows administrators to edit the rules enforced by the Linux kernel firewall. The INPUT firewall chain is used for incoming connections. An example is if a user attempts Secure Shell (SSH) into the Linux server. The OUTPUT firewall chain is used for outgoing connections. An example is if a user attempts to ping a web address, iptables will check its output chain to see what the rules are regarding ping and the web address.

An administrator downloads configuration files to a router over User Datagram Protocol (UDP) port 69. The router can read and write the files but cannot browse the directory or delete files. What remote management method does this scenario demonstrate? A. Secure File Transfer Protocol (SFTP) B. Passive File Transfer Protocol (FTP) C. Trivial File Transfer Protocol (TFTP) D. File Transfer Protocol (FTP) over Secure Sockets Layer (SSL)

C The administrator is using the Trivial File Transfer Protocol (TFTP). It is a connectionless protocol running over User Datagram Protocol (UDP) port 69. TFTP only supports reading and writing files but not directory browsing or file deletion. Secure File Transfer Protocol (SFTP) is a secure link created over Transmission Control Protocol (TCP) port 22. Passive File Transfer Protocol (FTP) connects to the server's control port, and the server then opens a random high port number and sends it to the client. FTP over Secure Sockets Layer (SSL) is a method of securing FTP. This can be accomplished using Explicit Transport Layer Security (TLS) over port 21 or by using Implicit TLS over port 990.

An attacker sends packets to a wireless client that results in the client not being able to communicate with the network. What type of attack is used in this scenario? A. Evil twin B. Deauthentication C. Disassociation D. Denial of Service (DoS)

C The attacker is using a disassociation attack. The difference between deauthentication and disassociation is that a disassociation attack sends packets that results in the client not being completely disconnected, but it cannot communicate on the network until it reassociates. A rogue Access Point (AP) masquerading as a legitimate one is called an evil twin. A deauthentication attack occurs by sending a stream of spoofed deauth frames to cause a client to deauthenticate from an AP. A Denial of Service (DoS) attack is accomplished with various methods. One possible method is to deauthenticate systems from the AP and add a rogue AP to the network. Clients will try to reauthenticate through the rogue AP.

A client uses the command STARTTLS. Explain what will occur as a result. Establish a secure connection before any Simple Mail Transfer Protocol (SMTP) commands. Verify a user name or email address. Upgrade an existing unsecure connection. Invert roles between client and server.

C The command STARTTLS is used to upgrade an existing unsecure connection to use Transport Layer Security (TLS). This is also referred to as explicit TLS or opportunistic TLS. The command SMTPS is used to establish a secure connection before any Simple Mail Transfer Protocol (SMTP) commands (HELO, for instance) are exchanged. This is also referred to as implicit TLS. The command VRFY is used to verify a user name or email address in SMTP. The command TURN is used to invert the roles between a client and server without the need to start a new connection.

A company hires a cloud service to provide servers, load balancers, and storage area network (SAN) devices. What cloud service type is the company using? A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Infrastructure as a Service (IaaS) D. Something as a Service (Saas)

C The company is using Infrastructure as a Service (IaaS). This is a means of provisioning resources, such as servers, load balancers, and Storage Area Network (SAN) components, quickly. Software as a Service (SaaS) is a different model of provisioning software applications. The company would be able to use pay-as-you-go or a lease arrangement versus buying a set number of licenses. Platform as a Service (PaaS) is between SaaS and IaaS. The company may provide hardware and a web application but not configure it. The company's developers would create the software that runs using the platform. Something as a Service (Saas) refers to something as infrastructure, platform, or software. The models IaaS, SaaS, and PaaS are the types of services.

A technician locates a drawer full of fiber optic patch cords. The cords are not packaged or labeled. The technician is looking for a patch cord with a Single Mode Fiber (SMF) connector. The patch cords all have various color connectors. A non-APC connector type is desired. What color is the connector that the technician is looking for? A. Green B. Black C. Blue D. Beige

C The connector for Single Mode Fiber (SMF) is blue. The cables themselves are usually yellow with the blue connector attached. A green connector is used for Angle Polished Connectors (APCs). The angle prevents back reflections, which will degrade performance. A black connector is used for Multimode Fiber (MMF) connectors. The black connectors are usually used for Optical Multimode 2 (OM2). A beige connector is used for MMF connectors. The beige connector is usually used for Optical Multimode 1 (OM1). Aqua and violet are other color connectors that are found to be used in MMF.

A network administrator is deploying a mesh network topology. The network has 20 nodes. Calculate the number of links required for this deployment. A. 20 B. 19 C. 190 D. 200

C The formula for determining the number of links required for a mesh network topology is n(n-1)/2, where n is the number of nodes. This scenario would be 20(20-1)/2 = 20(19)/2 = 380/2 = 190 The count of 200 links may be stated if the administrator forgot to subtract 1 from the equation prior to multiplying and dividing. The count of 20 could be incorrectly stated if it is believed that one link per node is required. The count of 19 could be incorrectly stated if the administrator simply subtracted 1 from the node count.

A frame with a payload of 32 bytes is attempting to transmit over an Ethernet network. Decide what will occur. A. The payload will fail to transmit based on minimum size. B. The payload will transmit due to being under the maximum size. C. The payload will receive extra padding with redundant data to increase the size. D. The payload will experience a reduction in size due to being over the maximum size.

C The minimum length of an Ethernet frame is 64 bytes, so the payload must be at least 46 bytes. If the payload is less than 46 bytes it is automatically padded with redundant data. The payload will not fail to transmit based on being under the required size minimum. Instead, it will be padded with redundant data. The payload has both a minimum and maximum size requirement. A payload that is under the maximum but also under the minimum must be padded prior to being transmitted. The standard maximum Ethernet frame is 1518 bytes and this transmission is well below the maximum.

A network manager needs to secure a critical client. The manager's primary goal is to prevent modification of the system. Which can the manager use to prevent modification of the system? A. Host-Based Intrusion Detection System (HIDS) B. Signature-Based Detection C. Host-Based Intrusion Prevention System (HIPS) D. Unified Threat Management Device

C The network manager can use a Host-Based Intrusion Prevention System (HIPS). HIPS provides active response and can act to preserve the system in its intended state and prevent system files from being modified or deleted. A Host-Based Intrusion Detection System (HIDS) captures information from a single host, such as a server, router, or firewall. Signature-based detection means the engine is loaded with a database of attack patterns or signatures. Unified Threat Management (UTM) refers to a system that centralizes various security controls such as firewall, anti-malware, network intrusion prevention, and spam filtering into a single appliance.

A technician uses the residential cabling standard Telecommunications Industry Association (TIA 570) to terminate copper cabling. What wire color will the technician place in the number three pin? A. Green/White B. Orange C. Orange/White D. Green

C The residential cabling standard (TIA 570) mandates the use of the copper termination standard T568A. When using T568A, the orange/white wire will be placed in the third pin. The copper termination standard T568B is the alternate to T568A. The T568B standard will have the green/white wire color in the third pin. The T568A standard has the orange wire in the sixth pin. The blue and blue/white wires are placed between the orange/white and orange wires in this standard. The T568B standard has the green wire in the sixth pin with the blue and blue/white wires placed between the green/white and green wires.

A network manager becomes aware of network degradation. The manager uses the Computing Technology Industry Association (CompTIA) Network+ troubleshooting methodology. Analyze this methodology and determine the third troubleshooting step the manager will employ. A. Establish a theory of probable cause. B. Establish a plan of action. C. Test the theory to determine cause. D. Implement the solution or escalate, as necessary.

C The third step in the Computer Technology Industry Association (CompTIA) Network+ troubleshooting methodology is to test the theory to determine cause. The manager will move to step four if the theory is confirmed and will go back to step two if the theory is not confirmed. The second step is to establish a theory of probably cause. This is accomplished by questioning the obvious and considering multiple approaches. The fourth step is to establish a plan of action to resolve the problem and identify potential effects. The fifth step is to implement the solution or escalate, as necessary.

Identify Type I hypervisors that run on a bare metal virtual platform. (Select two) A. Parallels B. Virtual Box C. XENServer D. Hyper-V

C and D A bare metal virtual platform means that the hypervisor (Type I hypervisor) is installed directly onto the computer. One example of this type of hypervisor is Citrix's XENServer. Another example of a Type I hypervisor is Microsoft's Hyper-V. The hardware needs to support only the base system requirements for the hypervisor, plus resources for the type and number of guest Operating Systems (OSes) that will be installed. In a guest OS, or host-based, system, the hypervisor application (Type II hypervisor) is itself installed onto a host operating system. One example of this type of hypervisor is Parallels Workstation. Another example of a Type II hypervisor is Oracle Virtual Box.

Compare the Metro Ethernet Forum (MEF) standards to conclude which specifications Ethernet over Fiber uses. A. SONET OC-192 B. 10GBASE-LR C. 10GBASE-SW D. 10GBASE-EW

B A Metropolitan Ethernet (also called Metro Ethernet) network is a Metropolitan Area Network (MAN) based on Ethernet standards. Standards for Metro Ethernet are developed by the Metro Ethernet Forum (MEF). A 10GBASE -X stands for 10 Gigabytes per second (Gbps) baseband. Ethernet over Fiber uses the 802.3 10GBASE-LR and 10GBASE-ER specifications. The LR stands for long reach while ER stands for extended reach. Ethernet over Synchronous Optical Network (SONET)/Synchronous Digital Hierarchy (SDH) uses SONET OC-192. The 10GbE Wide Area Network (WAN) Physical layer (PHY) uses the same wavelength and interface types. 10Gbe WAN PHY uses 10GBASE-SW, where SW stands for short wavelength. 10Gbe WAN PHY also uses 10GBASE-EW and is used for extra long wavelength.

Two hubs are connected by a crossover cable on port 1 on both ends. Multiple hosts are connected to both hubs. Select the statements that accurately demonstrate the functionalities of hosts and/or hubs in this example. (Select all that apply) A. A host sends frames using its receive (Rx) pair. B. Hub A performs a crossover and floods the regenerated transmission through its receive (Rx) pair. C. A host receives data packets on its receive (Rx) pair from Hub B. D. Hub A receives a transmission from Hub B at port 1 on its receive (Rx) pair.

C and D A host receives data packets on its receive (Rx) pair when connected to a hub. A host will send data packets on its transmit (Tx) pair. The crossover cable connecting two hubs via port 1 will allow Hub A to receive a proper transmission on its Rx pair. Hub B will send the transmission from its Tx pair. A host sends frames using its Tx pair. A host receives frames using its Rx pair. A hub will perform a crossover and flood a regenerated transmission through other ports using each ports' Tx pair. Each host connected to those ports will receive the transmission via their Rx pair.

Evaluate the roles of Layer 1 and Layer 2 of the Open Systems Interconnection (OSI) model. Which of the following devices are part of Layer 2? (Select two) A. Hub B. Modem C. Bridge D. Network Interface Card

C and D Layer 2 is the Data Link layer. This layer is responsible for transferring data between nodes on the same logical segment. A bridge joins two network segments while minimizing the performance reduction. A Network Interface Card (NIC) joins a host to network media and enables it to communicate over the network by assembling and disassembling frames. Layer 1 is the Physical layer. A node is any device that can communicate on the network and can be used to describe endpoint devices or forwarding devices. A hub is a multiport repeater deployed as the central point of connection for nodes. A modem is a device that converts between digital and analog signal transmissions and is found at the Physical layer.

Differentiate between the characteristics of a Local Area Network (LAN) and a Wide Area Network (WAN). A. A LAN is limited in size and typically has less than 1000 nodes while a WAN is unlimited in size. B. A WAN is limited in size and typically has less than 1000 nodes while a LAN is unlimited in size. C. A LAN is a network with one geographic location while a WAN is spread across multiple geographic locations with shared links. D. A WAN is a network with one geographic location while a LAN is spread across multiple geographic locations with shared links.

C A network in a single location is often described as a Local Area Network (LAN). Networks in different geographic locations with shared links are called Wide Area Networks (WANs). A LAN does not have a limit to the size of the network and can include residential networks with a couple of nodes to an enterprise network with thousands of nodes. A WAN does not have a limit to the size of the network. A WAN may consist of two locations, each containing a small number of nodes or consisting of hundreds of locations with thousands of nodes. A WAN is spread across several geographic locations with shared links while a LAN has a single geographic location.

A packet is being sent from a host on Network A to a host on Network B. A layer 3 network address determines the forwarding decision and a table determines the interface to use to forward the packet. What type of device is making the forwarding decision? A. Hub B. Bridge C. Router D. Switch

C A router is being utilized on the network. Routers make forwarding decisions based on layer 3 network addresses and they use a routing table to determine the next hop interface to use to forward a packet. A switch makes forwarding decisions based on layer 2 Media Access Control (MAC) addresses. When devices communicate with different network segments through switches, they are limited to hosts within the same broadcast domain. A hub does not use routing tables and broadcasts data across all of the network connections. A bridge connects two Local Area Networks (LANs) and do not reroute packets.

An administrator installs a wireless router. What step will the administrator take after connecting the router to a power source? A. Connect a computing device to the router, using a cable for the initial router configuration. B. Navigate to the router's administrative utility. C. Connect the WAN port of the router to the modem with an Ethernet cable. D. Enter the information needed to connect the router to the Internet.

C After the router is connected to a power source and turned on, the next step is to connect the router's WAN interface to a modem by using an Ethernet cable. The next step is to connect a computing device to the router, using a cable for the initial router configuration. After connecting a computing device, the administrator will navigate to the router's administrative utility. The information needed to connect the router to the Internet will be entered in the administrative utility.

Which device is high performing and deploys to combine links in a large enterprise or service provider's infrastructure? A. Routers B. Layer 3 switches C. Aggregation Switches D. Top-of-Rack (ToR) switches

C Aggregation switches are used for very high-performing switches deployed to aggregate links in a large enterprise or service provider's infrastructure. This increases the Gigabits per second for access and uplink ports. Routers provide connectivity between subnetworks based on their Internet Protocol (IP) address. Layer 3 switches have the ability to route traffic efficiently between Virtual Local Area Networks (VLANs). On a campus Ethernet network, the internal routers will typically be moving traffic between VLANs. Top-of-Rack (ToR) switches are models designed to provide high-speed connectivity to a rack of server appliances.

A network uses a Virtual Private Network (VPN) that requires a Remote Access Server (RAS) listening on port 443. An encrypted tunnel sends authentication credentials to a Remote Authentication Dial-In User Service (RADIUS) server for processing. What type of VPN does the network use? A. Point-to-Point Tunneling Protocol (PPTP) B. Transport Layer Security (TLS) C. Internet Protocol Security (IPSec) D. Dynamic Multipoint VPN (DMVPN)

B A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a Remote Access Server (RAS) listening on port 443. The client makes a connection to the server and is authenticated. This creates an encrypted tunnel for the user to submit authentication credentials, normally processed by a Remote Authentication Dial-In User Service (RADIUS) server. The Point-to-Point Tunneling Protocol (PPTP) is a legacy VPN protocol that has been deprecated because it does not offer adequate security. Internet Protocol Security (IPSec) is a set of open, non-proprietary standards that can be used to secure data as it travels across the network or the Internet. A Dynamic Multipoint VPN (DMVPN) allows IPSec-based VPNs to be set up dynamically, according to traffic requirements and demand.

A company installs a circuit alarm to protect critical information. Evaluate alarms and tamper detection to determine what will activate the alarm. A. Movement occurs in a room B. A fence is cut C. An employee presses a panic button D. A duress code is entered into a lock

B A circuit-based alarm sounds when the circuit is opened or closed, depending on the type of alarm. This could be caused by a door or window opening or by a fence being cut. A motion-based alarm is linked to a detector triggered by any movement within a relatively large area, such as a room. A duress alarm is triggered manually by staff, if they come under threat. An employee pressing a panic button is one example of a duress alarm. Some electronic entry locks can be programmed with a duress code that is different from the ordinary access code. This will open the gateway but also alert security personnel that the lock has been operated under duress.

A communications company delivers broadband Internet to a residential area that has been set up for a hybrid fiber coax (HFC) network. The company must use a media converter in this type of network to deliver broadband Internet to offices and homes. What type of media converter will the company most likely use? A. Single mode fiber to multimode fiber B. Fiber to Coaxial C. Multimode fiber to Ethernet D. Single mode fiber to Ethernet

B A fiber to coaxial media converter is a type of converter that is often used in Hybrid Fiber Coax (HFC) networks to deliver broadband Internet to offices and homes. A single mode fiber (SMF) to multimode fiber (MMF) media converter passive (unpowered) devices that convert between the two fiber cabling types. A MMF to Ethernet media converter converts the light signals carried over MMF media to Ethernet media. A SMF to Ethernet media converter changes light signals from SMF cabling into electrical signals carried over a copper wire Ethernet network (and vice versa).

A packet is sent from Host A to Host B. The protocol field contains ESP/50. Analyze the protocols that run directly on Internet Protocol (IP). What information does the packet contain? A. Information which routers use to exchange information about paths B. Information in an encrypted form of Internet Protocol Security (IPSec) C. Information to tunnel packets across an intermediate network D. Information for status messaging

B A package that contains ESP/50 in the protocol field is for Encapsulating Security Payload (ESP) and is used with the encrypted form of Internet Protocol Security (IPSec). ESP/50 is coupled with an Authentication Header (AH/51). An EIGRP/88 protocol field is for an Enhanced Interior Gateway Routing Protocol (EIGRP) and is used by routers to exchange information about paths to remote networks. A GRE/47 protocol field is for Generic Routing Encapsulation (GRE) and is used to tunnel packets across an intermediate network.

What is an inflexible, step-by-step listing of the actions that must be completed for a given task? A. Standard B. Procedure C. Best practice D. Policy

B A procedure is an inflexible, step-by-step listing of the actions that must be completed for a given task. A standard is a measure by which to evaluate compliance with the policy. Best practices are guidelines that can be written for areas of policy where there are not procedures, either because the situation has not been fully assessed or because the decision-making process is too complex. A policy is an overall statement of intent. Correct working practices are established by using procedures, standards and best practices. Policy is the overall intent of these three document types.

A network administrator needs to extend the distance of the network and would also like to segment the network. What should the system administrator deploy to accomplish this? A. Broadcast domain B. Crossover cable C. Bridge D. Hub

C An Ethernet bridge provides communications between two or more segments. A bridge can extend the maximum distance of a network and can also be used to segment the network. Segments on different bridge ports are in separate collision domains but are in the same broadcast domains. A broadcast domain is not implemented to segment the network. Crossover cables can be used to link hubs together. A hub acts like a repeater so that every port receives transmissions sent from any other port. A hub extends the maximum distance of a network but does not segment a network.

An employee uses Video Teleconferencing (VTC) for a meeting with geographically separated team members. The service provider uses traffic policing mechanisms to ensure that the call quality is not affected by other data. What is the service provider establishing? A. Forward Equivalence Class (FEC) B. Session Initiation Protocol (SIP) trunk C. Multiprotocol Label Switching (MPLS) D. Virtual Channel (VC)

B A service provider establishes a Session Initiation Protocol (SIP) trunk by identifying the use of an Internet access channel for voice and video conferencing and then uses traffic policing mechanisms to ensure that call quality is not affected by other data passing over the link. Forward Equivalence Class (FEC) is applied to a stream of packets and is a label, with a special designation, in Multiprotocol Label Switching (MPLS). MPLS is a means of providing traffic engineering, Class of Service (CoS), and Quality of Service (QoS), within a packet switched network. Individual connections in Asynchronous Transfer Mode (ATM) are called Virtual Channels (VCs). VCs support the connection-oriented transport between endpoints.

What systems interconnect Internet Protocol (IP) networks and perform packet forwarding processes? A. End B. Intermediate C. Routing D. Dynamic

B An Intermediate System (IS) is a device that interconnects Internet Protocol (IP) networks and can perform packet forwarding processes. These systems are used to send and receive data intended for the end user. An End System (ES) is a host without the capacity to forward packets to other IP networks. These are systems that are used directly by the user. The process of routing takes place when a host needs to communicate with a host on a different IP network or a different subnet. A dynamic routing protocol is used to learn about remote networks and the most efficient route to those networks.

A company has a 20% drop in productivity in the previous quarter. Management believes this is due to employees conducting personal business online at work. Management asks the network manager to provide a solution. Recommend a solution for management. A. Deploy a reverse proxy server B. Deploy a content filter C. Deploy a firewall D. Deploy a proxy server

B Content filters, also called web security gateways, are designed for corporate control over employees' Internet use. It can be implemented as a standalone appliance or proxy server software. A reverse proxy server provides for protocol-specific inbound traffic. A reverse proxy can be configured to listen for client requests from a public network and create the appropriate request to the internal server. A packet filtering firewall has the basic function of inspecting packets to determine whether to block them or allow them to pass. A proxy server works on a store-and-forward model. A proxy deconstructs each packet, performs analysis, then rebuilds the packet and forwards it on, providing the packet conforms to the rules.

Consider the features of Protocol Data Units (PDUs) and determine what role encapsulation performs during communications. A. Enables communication between nodes at the same layer B. Describes how data should be packaged C. Describes where data should go D. Enables systems to communicate by exchanging data

B Encapsulation describes how data should be packaged for transmission. The basic process of encapsulation is for the protocol to add fields in a header to the data it receives from an application or other protocol. Same layer interaction is communications between nodes at the same layer. At each layer, for two nodes to communicate, they must be running the same protocol. Addressing is the term used in Protocol Data Units (PDUs) for describing where data should go. A protocol is a set of rules that enable systems to communicate by exchanging data in a structured format.

A software scans files and re-computes a hashsum for the local version. The software then verifies that the hashsum matches the correct value. Evaluate security tools and determine what software is performing this action. A. Signature management B. File Integrity Monitoring (FIM) C. Host-Based Intrusion Protection System (HIPS) D. Host-based Intrusion Detection System (HIDS)

B File Integrity Monitoring (FIM) software audits key system files to make sure they match the authorized versions. FIM does this by computing a secure checksum, also known as a hashsum. Signature management detection means the engine is loaded with a database of attack patterns or signatures. Host-Based Intrusion Prevention System (HIPS) provides an active response that can act to preserve the system in its intended state. HIPS can prevent system files from being modified or deleted. Host-Based Intrusion Detection System (HIDS) captures information from a single host, such as a server, router or firewall.

A user sells large amounts of stolen merchandise online. The user looks to hide the identity of a system used to complete all sales transactions. Which technique would best accomplish this? A. Man-in-the-Middle (MitM) B. Internet Protocol (IP) spoofing C. Sniffing D. Phishing

B Internet Protocol (IP) spoofing is accomplished by changing the source address recorded in the IP packet. IP spoofing can be used to disguise the real identity of the user's host machine. Man-in-the-Middle is a specific method of spoofing where a threat actor sits between two communicating hosts and openly intercepts and relays all communications between them. Sniffing refers to capturing and reading data packets as they move over the network between hosts. Phishing is an email-based attack that attempts to trick users into providing information by appearing as legitimate communications.

A technician notes that jitter is an issue with a wireless device. What is the technician referring to? A. A measure of the Round-Trip Time (RTT) of individual packets. B. A variable delay in the Round-Trip Time (RTT) of packets. C. A device is within the supported range but has a weak signal. D. Too many client devices are connecting to the same Access Point (AP).

B Jitter is a variable delay in the Round-Trip Time (RTT) of packets. Real-time applications such as Voice over Internet Protocol (VoIP) are sensitive to latency and jitter, as they result in poor call quality or lags in media streaming. Latency is a measure of the RTT of individual packets. The nature of the wireless radio medium, as well as additional layers of security, makes it high latency compared to a wired network. If a device is within the supported range, but the signal is very weak or it cannot get a connection, there is likely to be interference. Overcapacity, or device saturation, occurs when too many client devices connect to the same Access Point (AP).

Analyze network authentication protocols and determine which protocol provides authentication when accessing a Windows 2016 server. A. LAN Manager (LANMAN) B. Kerberos C. Remote Authentication Dial-in User Service (RADIUS) D. Terminal Access Controller Access Control System (TACACS+)

B Kerberos provides Single Sign-On (SSO). Once authenticated, a user is trusted by the system and does not need to re-authenticate to access different resources. This method was selected by Microsoft as the network logon provider for Windows 2000 and later. Local Area Network (LAN) Manager (LANMAN) authentication protocol is a challenge/response authentication method that uses an encrypted hash of the user's password. Remote Authentication Dial-In User Service (RADIUS) is one way of implementing an Authentication, Authorization, and Accounting (AAA) server. Remote access devices function as client devices of the RADIUS server. Terminal Access Controller Access Control System (TACACS+) is a similar protocol to RADIUS but is designed to be more flexible and reliable.

Compare the configurations and determine which is characteristic of a Basic Service Set (BSS). A. Each station is configured to connect through a base station or Access Point (AP). B. An Access Point (AP) mediates communications between wireless stations and provides a wireless bridge to a cabled network segment. C. A group of wireless stations combine and provide a bridge to a cabled network segment. D. The Wireless Access Point (WAP) is attached to other WAPs by using standard cabling, and transmits and receives network traffic to and from wireless devices.

B Most wireless networks are deployed in an infrastructure topology. The Access Point (AP) mediates communications between wireless stations and can also provide a bridge to a cabled network segment. In 802.11 documentation, this is referred to as a Basic Service Set (BSS). In an infrastructure topology, each station is configured to connect through a base station or AP. More than one BSS can be grouped together. When this occurs, it is called an Extended Service Set (ESS). The Wireless Access Point (WAP) is normally attached to a Local Area Network (LAN) by using standard cabling, and transmits and receives network traffic to and from wireless devices, acting as a bridge.

A company hires a contractor to perform ethical hacking on the network with a goal to install a logic bomb on a host. The contractor succeeds in which step by logging into the host? A. Verifying a threat exists B. Exploiting vulnerabilities C. Bypassing security controls D. Actively testing security controls

C Bypassing security controls consists of looking for easy ways to attack a system. For example, if a system is protected by a firewall, the contractor may attempt to gain physical access to a system. The threat in this case is the contractor, who is trying to install a logic bomb. No threat verification is required. Exploiting vulnerabilities uses surveillance, social engineering, network scanners, and vulnerability scanning tools to identify vulnerabilities that could be exploited. Actively testing security controls probes controls for configuration weaknesses and errors, such as weak passwords or software vulnerabilities.

On a production network, which is the MOST likely location of a honeypot? A. In an unprotected and untrusted area outside of the private network B. In a protected but untrusted area between the Internet and the private network C. In a protected and trusted area between the Internet and the private network D. In an unprotected but trusted area outside of the private network

B On a production network, a honeypot is more likely to be located in a protected but untrusted area between the Internet and Demilitarized Zone (DMZ). The DMZ is the private network. A honeypot located in an unprotected and untrusted area outside of the private network will not provide the information needed to know if an attacker can penetrate a security zone. A honeypot located in a protected and trusted area between the Internet and the DMZ will put the legitimate systems at risk, if the honeypot is accessed by an attacker. A honeypot located outside of the private network will not provide information on whether an attacker can penetrate a security zone.

A packet is being sent from Network 1 to Network 4. The shortest route is for the packet to use the path 1234. A router fails at Network 3 and the packet uses an alternate path of 1254. This scenario depicts the application of which of the following technology? A. Circuit-switched path B. Packet switching C. Circuit D. Fragmentation

B Packet switching provides the ability for one host to forward information to another using any available path. It is considered robust because it can automatically recover from communications link failures. A circuit-switched path is designed so that routers negotiate a link, then once the connection is established, all communications are forwarded along the same path. If this circuit were broken, the computers would stop communicating immediately. A circuit is a dedicated path established between two locations, such as two routers or two modems. Fragmentation is the capability of the Internet Protocol (IP) to divide large messages into numerous small packets meaning that a single packet can be resent at relatively little cost if it is lost or damaged during transmission.

What is the principal means of obtaining secure remote access to a Linux server? A. Telnet B. Secure Shell (SSH) C. Remote Desktop Protocol (RDP) D. Virtual Network Computing (VNC)

B Secure Shell (SSH) is the principal means of obtaining secure remote access to a Linux server. The main uses of SSH are for remote administration and Secure File Transfer (SFTP). Telnet is terminal emulation software that supports a remote connection to another computer. Telnet is not a secure method for a remote connection. Remote Desktop Protocol (RDP) is Microsoft's protocol for operating remote Graphical User Interface (GUI) connections to a Windows machine. Virtual Network Computing (VNC) is a freeware product with similar functionality to RDP. VNC does not provide connection security and should only be used over a secure connection, such as a Virtual Private Network (VPN).

An attacker floods Media Access Control (MAC) addresses to try to overload the switch's Content Addressable Memory (CAM). What will be the result, if the attacker is successful? (Select two) A. The switch will start working like a router and flood all traffic out of all ports. B. It will allow the attacker to spoof the switch's MAC address. C. The switch will start working like a hub and flood all traffic out of all ports. D. It will allow the attacker to sniff all unicast traffic processed by the switch.

C and D One use of Media Access Control (MAC) flooding is to facilitate eavesdropping. The attacker floods MAC addresses to try to overload the switch's MAC port mapping table or Content Addressable Memory (CAM). This causes the switch to start working like a hub and floods all traffic out of all ports. A MAC flooding attack also will allow the attacker to sniff all unicast traffic processed by the switch. The attacker floods MAC addresses to try to overload a switch's MAC port mapping table. It does not have the effect of behaving like a layer 3 router or the ability to modify a routing table. A host may try to spoof a MAC address, which can be prevented by configuring Dynamic Host Configuration Protocol (DHCP) snooping.

A system administrator enters ipconfig /all into a command prompt. What will be a result of this action? A. The command will force a Dynamic Host Configuration Protocol (DHCP) to renew the lease. B. The command will release the Internet Protocol (IP) address obtained by the Dynamic Host Configuration Protocol (DHCP). C. The command will register the host with a Domain Name System (DNS) server. D. The command will allow the administrator to confirm if the Dynamic Host Configuration Protocol (DHCP) is enabled.

D The command ipconfig /all displays the configuration parameters for each interface to which the Transmission Control Protocol/Internet Protocol (TCP/IP) is bound, including whether the Dynamic Host Configuration Protocol (DHCP) is enabled for the interface. The command ipconfig /renew will force a DHCP client to renew the lease it has for an IP address. The command ipconfig /release will release the IP address obtained from a DHCP server so that the interface(s) will no longer have an IP address. The command ipconfig /registerdns will register the host with a Domain Name System (DNS) server, if it supports dynamic updates.

A company's network connects to a telecommunications carrier over a digital trunk line. Evaluate telecommunications hardware and software and determine what the company is utilizing. A. Voice over Internet Protocol (VoIP) gateway B. Foreign Exchange Office (FXO) gateway C. Voice over Internet Protocol (VoIP)-based Private Branch Exchange (PBX) D. Time Division Multiplexing (TDM)-based Private Branch Exchange (PBX)

D The company has implemented a Time Division Multiplexing (TDM)-based Private Branch Exchange (PBX). A TDM-based PBX connects to the telecommunications carrier over a digital trunk line, which will support multiple channels. A Voice over Internet Protocol (VoIP) PBX uses the organizations Internet link to connect to a VoIP service provider, which facilitates the inward and outward dialing to voice-based telephone networks. A VoIP gateway is a means of translating between a VoIP system and voice-based equipment and neworks, such as Public Switched Telephone Network (PSTN) lines. A Foreign Exchange Office (FXO) gateway is an analog version of a VoIP gateway.

Windows machines on a network are failing to obtain an Internet Protocol (IP) configuration. Analyze this type of network issue and determine possible reasons for this failure. (Select two) A. The Dynamic Host Configuration Protocol (DHCP) reservation has not been configured. B. The client has been configured without a Domain Name System (DNS) address. C. The device time is not set correctly and the Internet Protocol (IP) address shows as expired. D. There are no more addresses available in the current scope.

C and D The Dynamic Host Configuration Protocol (DHCP) provides automatic Internet Protocol (IP) addressing to hosts with an expiration time and date. If the host time is incorrect, it may think the lease has expired and continue to release and renew until the time is corrected. The DHCP pool is a range of IP addresses to lease out. If IP addresses are exhausted, new requests cannot be fulfilled. A DHCP reservation is a permanent IP address assignment to a host. Even if a reservation pool is not configured, a standard DHCP pool can still provide IP addresses to requesting hosts, if available. If the client has been configured without a Domain Name System (DNS) address, then a name resolution issue will occur.

Explain how the Transmission Control Protocol (TCP) provides reliability. (Select two) A. Breaks Packet Data Units (PDUs) from the Network layer into a segment format B. Enables the sending host to tell the other host when sending rate must be slowed C. Performs a handshake to establish and end connections D. Provides a Negative Acknowledgement (NACK) when packets are lost or damaged

C and D The Transmission Control Protocol (TCP) provides orderly connection establishment and teardown. The client and server perform a handshake to establish and end connections. TCP provides a Negative Acknowledgement (NACK) when packets are lost or arrive in a damaged state. The NACK forces retransmission. TCP breaks Packet Data Units (PDUs) from the Application layer into a segment format and uses sequence numbers to allow the receiver to rebuild the message. TCP provides flow control, which enables one side to tell the other when the sending rate must be slowed. This is not limited to only the sending host.

A wire map tester finds there is a continuity issue on a cable. Which statement best defines the issue? A. Two conductors are joined at some point, usually because the insulating wire is damaged, or a connector is poorly wired. B. The conductors are incorrectly wired into the terminals at one or both ends of the cable. C. The conductors from one pair have been connected to pins belonging to a different pair. D. A conductor does not form a circuit because of cable damage, or the connector is not properly wired.

D A continuity issue is from a conductor that does not form a circuit because of cable damage, or the connector is not properly wired. A short is where two conductors are joined at some point, usually because the insulating wire is damaged, or a connector is poorly wired. An incorrect pin-out or mismatched standards results from the conductors being incorrectly wired into the terminals at one or both ends of the cable. A crossed pair results from the conductors from one pair having been connected to pins belonging to a different pair.

A company contacts their Internet provider and asks for options to upgrade the bandwidth. The company requests a minimum of 80 Megabits per second (Mbps). The Internet provider notes the range required for the upgrade is 250 feet. What is the best solution for the company? A. Symmetrical Digital Subscriber Line (SDSL) B. Asymmetrical Digital Subscriber Line (ADSL) C. Very High Bitrate Digital Subscriber Line (VDSL) D. Very High Bitrate Digital Subscriber Line 2(VDSL2)

D A solution that will provide 80 Megabits per second (Mbps) with a range of 250 feet is a Very High Bitrate Digital Service Line 2 (VDSL2). A VDSL2 specifies a short range of 300 feet (100 meters) with a rate of 100 Mbps (bi-directional). Symmetrical DSL (SDSL) is used for business customers, but this solution will not provide 80 Mbps bi-directional. Asymmetrical DSL (ADSL) is primarily used for residential customers, and provides downlink rates up to 24 Mbps and uplink rates up to 1 Mbps. VDSL achieves higher bitrates and will support 26 Mbps bi-directional with a range of 1000 feet (300 meters). This rate does not meet the 80 Mbps required by the company.

Which of the following is a weakness that causes security breach when an accidental trigger or intentional exploit occurs? A. Threat B. Exploit C. Risk D. Vulnerability

D A vulnerability is a weakness that could be accidentally triggered or intentionally exploited to cause a security breach. A threat is the potential for a threat agent or threat actor (something or someone that may trigger a vulnerability accidentally or exploit it intentionally) to exercise a vulnerability. The path or tool used by the threat actor can be referred to as the threat vector. An exploit is a specific means of using a vulnerability to gain control of a system or damage it in some way. A risk is the likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

Access requests are processed by a Remote Desktop Protocol (RDP) client machine, versus the server. What is the network using? A. Network Level Authentication (NLA) B. RDP Restricted Admin (RDPRA) C. Kerberos D. Remote Credential Guard

D Remote Credential Guard means that any access requests are processed by the Remote Desktop Protocol (RDP) client machine, not on the server. Network Level Authentication (NLA) requires the client to authenticate before a full remote session is started. An RDP server that does not enforce NLA can be subject to a Denial of Service (DoS) attack. Making an RDP connection to a compromised workstation means an adversary could obtain the password hash for the account used to connect. RDP Restricted Admin (RDPRA) was unsuccessful in mitigating this vulnerability. Kerberos uses a Ticket Granting Ticket (TGT) for authentication.

A network administrator deploys a Terminal Access Controller Access Control System (TACACS+) on the network. Consider ports and protocols to determine which Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port the system will use. A. UDP port 1812 B. TCP port 636 C. UDP 389 D. TCP port 49

D Terminal Access Controller Access Control System (TACACS+) uses Transmission Control Protocol (TCP) over port 49, and the reliable delivery offered by TCP makes it easier to detect when a server is down. Remote Authentication Dial-in User Service (RADIUS) uses User Datagram Protocol (UDP) ports 1812 and 1813, but some implementations use UDP ports 1645 and 1646. Lightweight Directory Access Protocol Secure (LDAPS) works over TCP port 636. LDAPS provides a means for the server to authenticate to the client and configure a secure channel for communications. Lightweight Directory Access Protocol (LDAP) messaging uses TCP port 389 and UDP port 389, by default.

A technician is deploying a new wireless solution that works only in the 5 Gigahertz (GHz) band. The technican's goal is to achieve a throughput like that of Gigabit Ethernet. Which Institute of Electrical and Electronic Engineers (IEEE) standard is the technician using in this scenario? A. 802.11n B. 802.11g C. 802.11b D. 802.11ac

D The 802.11ac standard continues the development of 802.11n technologies. The main distinction is that 802.11ac works only in the 5 GHz band. The aim for 802.11ac is to get throughput like that of Gigabit Ethernet or better. 802.11n standard increases bandwidth by multiplexing the signals from 2 to 4 separate antennas in a process called Multiple Input Multiple Output (MIMO). Products can use both 2.4 GHz and 5 GHz channels. 802.11g offered a relatively straightforward upgrade path from 802.11b. 802.11g offers backwards support for legacy 802.11b clients. 802.11b standardized the use of the carrier method Direct Sequence Spread Spectrum (DSSS). 802.11b works in the 2.4 GHz band.

How many bits is the Network ID in the Internet Protocol (IPv6) global unicast address format? A. 3 B. 16 C. 64 D. 45

D The Network ID portion of Internet Protocol version 6 (IPv6) global unicast address format is 45-bits. They are allocated in a hierarchical manner to regional registries, Internet Service Providers (ISPs), and end users. The first 3 bits indicate that the address is within the global scope. In hexadecimal, globally scoped unicast address will start with a 2 (0010) or 3 (0011). The Subnet is 16 bits and identifies the site-specific subnet address. The final 64 bits in the IPv6 global unicast address format is reserved for the Interface ID. This completes the 128-bit addressing scheme.

A network uses Internet Protocol version 6 (IPv6) and the Domain Name System (DNS) servers are using a security protocol (DNSSEC). A network administrator is troubleshooting why some record transfers are too large. What port should be configured on the DNS server to allow the large record transfers? A. User Datagram Protocol (UDP) port 37 B. Transmission Control Protocol (TCP) port 37 C. User Datagram Protocol (UDP) port 53 D. Transmission Control Protocol (TCP) port 53

D The Transmission Control Protocol (TCP) port 53 allows larger record transfers (over 512 bytes) on Domain Name System (DNS) servers. Larger transfers might be required if Internet Protocol version 6 (IPv6) is deployed on the network or if the DNS server is using a security protocol (DNSSEC). A DNS server is usually configured to listen for queries on the User Datagram Protocol (UDP) port 53. In this scenario, this is likely the configured protocol prior to troubleshooting. UDP port 37 is used for the time protocol. This provides a host the date and time. TCP port 37 is also used for the time protocol, which provides a host the date and time.

A network administrator is testing an application's communication with another server. However, it seems the server is not receiving communication via port 23. What command can an administrator run in the command line to verify if the server is listening on port 23? A. netstat -r | find ":23" B. netstat -sp | find ":23" C. netstat -o | find ":23" D. netstat -an | find ":23"

D The administrator can use netstat -an | find ":23" to confirm if the server is listening on port 23. The -a switch displays all connections and the -n switch displays ports and addresses in numerical format. Finding ":23" will filter results to that exact port number in the same way it is displayed. The -r switch in the netstat command will display the IP routing table in the command line window. The -s switch in the netstat command will display protocol statistics, such as packets received, errors and discards. The -p switch displays connections by protocol. The -o switch shows the process identifier (PID) number that is associated with each connection displayed in the command line window.

Consider wireless radio technologies to determine the maximum speed Circuit Switched Data (CSD) provides. A. 34 Mbps B. 48 Kbps C. 150 Mbps D. 14.4 Kbps

D The cell network was built primarily to support voice calls. In 2nd Generation (2G) data access was provided on top, using Circuit Switched Data (CSD). CSD is similar to a dial-up modem and is only capable of 14.4 Kilobits per second (Kbps). Evolved High Speed Packet Access (HSPA+) is a 3rd Generation (3G) standard that provides upload speeds up to 34 Megabits per second (Mbps). General Packet Radio Services/Enhanced Data Rates for GSM Evolution (GPRS/EDGE) is a precursor to 3G. GPRS offers up to 48 Kbps. Long Term Evolution (LTE) is a converged 4th Generation (4G) standard that provides a downlink of 150 Mbps.

A 802.11b wireless device joins a network, and the throughput of the entire Wireless Local Area Network (WLAN) is affected. Consider frequency mismatch issues to determine what is the MOST likely cause. A. The adapter does not support 5 GHz. B. The client is not configured to use the correct channel. C. The client and Access Points (APs) do not support the same Multiple Input Multiple Output (MIMO). D. Compatibility mode is enabled.

D With compatibility mode enabled, when an older device joins the network, the throughput of the network can be affected. This is because using 802.11b adds overhead via preamble and collision avoidance frames. The 802.11b standard uses the 2.4 GHz frequency; however, the device using this standard does successfully connect without having to use the 5 GHz band. The client may not be configured to use the correct channel. Normally, this is auto-detected by the client but should be verified. This is NOT the most likely cause of the issue. For 802.11n/ac, if a client device is not achieving the expected throughput or distance, the client and Access Points (APs) need to be checked to ensure they support the same Multiple Input Multiple Output (MIMO) configuration.

A network administrator enters the command show mac address-table into the command prompt. What information will the network administrator get in return? (Select three). A. Media Access Control (MAC Address) B. Type C. Virtual Local Area Network (VLAN) D. Internet Protocol (IP) Address

A, B, and C The command show mac address-table will provide the known Media Access Control (MAC) addresses that map to interface ports on a switch. This information is useful to find the MAC addresses associated with a particular port. The type is included in the information which will either be dynamic or static. The Virtual Local Area Network (VLAN) information is also returned with this command. The Internet Protocol (IP) address is not information that is included with this command. This command is only concerned with the VLAN, MAC, Type, and the associated ports.

A destination network uses Network Address Translation (NAT). What type of addressing scheme will the network use? A. Private B. Outside Global C. Local D. Inside Global

B A destination network that is using Network Address Translation (NAT) is described as having outside global and outside local addressing schemes. NAT is a service translating between a private (local) addressing scheme used by hosts on the Local Area Network (LAN) or a Demilitarized Zone (DMZ). Local (or private) is when NAT is used to translate the addressing scheme used by hosts on the LAN or DMZ. In a basic NAT status configuration (a simple 1:1), mapping is made between the inside local (private) network address and the public (inside global) address.

Which of the following statements accurately describes Internet Protocol (IP)? A. Internet Protocol (IP) is connectionless. B. Internet Protocol (IP) works at the Data layer. C. Internet Protocol (IP) is reliable. D. Internet Protocol (IP) provides guaranteed delivery.

A Internet Protocol (IP) is connectionless in nature. Connectionless protocols is described as those who send information without ensuring the receiver is available. The package is addressed to the recipient and sent without verification. IP operates at the Network layer (layer 3) versus the Data layer and provides logical host and network addressing and routing. IP provides best-effort delivery of an unreliable nature. This is due to IP being a connectionless protocol.

A cloud provider has a data center that operates 250 shared servers. The company provisions the servers based on any of its customers' needs at the time. What provisioning approach is the cloud provider using? A. Resource pooling B. Rapid elasticity C. Measured service D. Something as a Service (SaaS)

A Resource pooling means that the hardware making up the cloud provider's data center is not dedicated or reserved to a single customer account. Cloud providers must be able to provision resources quickly due to changing customer demands. Rapid Elasticity means that the cloud can scale quickly to meet peak demand. Measured service results in the customer paying for the Central Processing Unit (CPU), memory, disk, and network bandwidth resources they are actually consuming. Something as a Service (SaaS) is referred to as the level of complexity and pre-configuration provided for cloud services. Something can refer to infrastructure, platform, or software.

Evaluate the characteristics of the preamble of the Ethernet frame format, and determine which statement is an accurate reflection. A. The preamble is used for clock synchronization and consists of 8 bytes of alternating 1s and 0s. B. The preamble is a part of the Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) protocol and is the first step in the Ethernet frame format. C. The preamble is used for clock synchronization and consists of 8 bytes with two consecutive 0s at the end. D. The preamble is a part of the Carrier Sense Multiple Access/Collision Detection (CSMA/CD) protocol and is the first step in the Ethernet frame format.

A The preamble is used for clock synchronization. It consists of 8 bytes of alternating 1s and 0s, with the Start Frame Delimiter (SFD) being two consecutive 1s at the end. The preamble is not a part of the Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) and is not considered to be part of the frame. The preamble is used for clock synchronization, with the SFD being two consecutive 1s (not 0s) at the end. The preamble is a part of the Carrier Sense Multiple Access/Collision Detection (CSMA/CD) but is not considered the first step in the frame format.

The owner of the company requests a briefing on the pros and cons of modifying the current network to include virtualization. Weigh the benefits and drawbacks and report the results. (Select two) A. There will be an upfront cost to upgrade equipment, but server consolidation will reduce equipment cost and energy consumption for the long term. B. Technicians will require training in order to manage the new network configuration, but it will be easier for the technicians to manage and update due to Virtual Desktop Infrastructure (VDI). C. Legacy applications that require older Operating System (OS) versions will not run on the new network configuration, but new applications with more features can be added during the deployment. D. A new server will be required for each application, but server consolidation will make managing the servers more efficient on the new network configuration.

A and B An upfront cost may be incurred by the company to upgrade equipment. Virtualization software may be required as well as upgrading current systems. Server consolidation can run several applications on one server, which will reduce equipment cost and reduce energy consumption. Training will be required on the new network configuration and how to manage a network that uses virtualization. Virtual Desktop Infrastructure (VDI) allows for low-cost thin client hardware to be deployed and provides better management. A benefit of virtualization is the ability to use legacy application that require older Operating System (OS) versions. Server consolidation means that multiple applications run on the same server, not that a new server is required for each application.

Identify the characteristics of the Transmission Control Protocol (TCP). (Select two) A. The protocol is connection-oriented. B. The protocol provides reliable delivery. C. The protocol works at the Network layer. D. The protocol divides data into bytes which are given a header.

A and B The Transmission Control Protocol (TCP) provides a connection-oriented method of communication. A connection-oriented method provides guaranteed delivery versus a connectionless-oriented method. TCP provides a reliable method of communicating by using acknowledgments and retransmissions of packets. TCP works at the Transport layer (layer 4) of the Open Systems Interconnection (OSI) model. This is one layer above the Network layer (layer 3). Protocols at the Transport layer are concerned with effective delivery of multiplexed application data. TCP takes data from the Application layer as a stream of bytes and divides it up into segments, each of which is given a header.

Identify the component in a virtual platform that will manage the virtual environment and facilitate interaction with the computer hardware and network. A. Host B. Hypervisor C. Virtual Machine (VM) D. Application virtualization

B A hypervisor, or Virtual Machine Monitor (VMM), manages the virtual environment and facilitates interaction with the computer hardware and network. A host is the platform that will host the virtual environment. Optionally, there may be multiple computers networked together. A Virtual Machine (VM), or guest operating system, is an operating system installed under the virtual environment. The number of operating systems is generally only restricted by hardware capacity. Application virtualization is software that is run on a server and either accessed by a remote desktop client or streamed to the client.

A network administrator is calculating the throughput between two hosts. The administrator transfers a 2146.5 Megabytes (MB) file in 30 minutes. Solve the throughput between the two hosts in Megabits per second (Mbps). A. 4.55 Mbps B. 9.54 Mbps C. 4.77 Mbps D. 19.09 Mbps

B The throughput for transferring a 2146.5 MB file in 30 minutes is 9.54 Mbps (Megabits per second). 1 B (Byte) = 8 (b) bits. 2146.5 MB (Megabytes) = 17172 Mb (Megabits). 30 minutes = 1800 seconds. 17172 Mb / 1800 secs = 9.54 Mbps. A 4.55 Mbps throughput would account for transferring a 1023.75 MB file in 30 minutes. 1023.75 MB = 8190 Mb. 8190 Mb / 1800 secs = 4.55 Mbps. A 4.77 Mbps throughput would account for transferring a 1071 MB file in 30 minutes. 1071 MB = 8586 Mb. 8586 Mb / 1800 secs = 4.77 Mbps. A 19.09 Mbps throughput would equate to transferring a 4295.25 MB file in 30 minutes. 4295.25 MB file = 34362 Mb. 34362 Mb / 1800 secs = 19.09 Mbps.

A film production company needs to deploy a new Ethernet solution. The company requires high bandwidth data transfers and needs a maximum distance of 18 miles. Which of the following is the best solution for the company? A. 1000BASE-SX B. 1000BASE-LX C. 10GBASE-LR D. 10GBASE-ER

D The best solution for the company is going to be a 10-Gigabit Ethernet (10GbE) solution. This multiplies the nominal speed of Gigabit Ethernet by a factor of 10. A 10GBASE-ER specification coupled with a Single Mode Fiber (SMF) 9/125 will provide a maximum distance of 25 miles or 40 kilometers. Gigabit Ethernet specifications start with 1000BASE- and is 10 times faster than Fast Ethernet. A 1000BASE-SX will provide a maximum distance of 721 feet or 220 meters. A 1000BASE-LX will reach a maximum distance of 3.1 miles or 5 kilometers. A 10GBASE-LR will not meet the distance requirement as the maximum is 6.2 miles or 10 kilometers.

A network manager is configuring a management and monitoring system for a network. Recommend guidelines that the administrator can utilize for the configuration. (Select two) A. Configure the server to provide information to the monitoring system. B. Install the monitoring system on each host on the network. C. Identify metrics to use for monitoring network health and performance. D. Record baseline measurements for selected metrics.

C and D The administrator will identify metrics to use to monitor network health and performance. The administrator will also record baseline measurements for the selected metrics. This will allow the administrator to view changes over a period of time and after significant network modifications. The endpoints will be configured to provide information to the management and monitoring system, versus the server. The systems management software will be installed on a secure server or workstation, ensuring that it meets the processor and storage requirements for the number of hosts that are being monitored.

What blocks traffic that does not conform to rules? A. Access Control List (ACL) B. State table C. Router D. Firewall

D A firewall processes traffic according to rules. Traffic must conform to a rule that allows it through the firewall. Any traffic that does not conform is blocked. Packet filtering firewalls are configured by specifying rules, which are called Access Control Lists (ACLs). Each rule defines a specific type of data packet and the appropriate action to take when a packet matches the rule. State tables are used by circuit-level stateful inspection firewalls. Information about each session is stored in a dynamically updated state table. Routers forward data to other networks. A firewall can be merged with a router to perform the function of blocking traffic, based on rules.

What connectivity logging tool can an administrator use that provides passive detection by logging incidents and displays alerts at the management interface? A. Network-Based Intrusion Prevention Systems (NIPS) B. Host-Based Intrusion Protection System (HIPS) C. Host-Based Intrusion Detection System (HIDS) D. Network-Based Intrusion Detection System (NIDS)

D The basic functionality of Network-Based Intrusion Detection Systems (NIDS) is to provide passive detection by logging intrusion incidents and to display an alert at the management interface or to email the administrator account. A Network-Based Intrusion Prevention System (NIPS) can provide an active response to any network threats that it matches. A Host-Based Intrusion Protection System (HIPS) provides an active response that can act to preserve the system in its intended state. HIPS can prevent system files from being modified or deleted. A Host-Based Intrusion Detection System (HIDS) captures information from a single host, such as a server, router, or firewall.

A network administrator needs to update a routing table in Windows. The destination Internet Protocol (IP) is 192.168.6.0. The subnet mask for the destination IP is 255.255.0.0. The router's IP is 192.168.7.1 and the cost of the route is 4. Develop the command that will add this route to the table. A. route add 192.168.7.1 mask 255.255.0.0 192.168.6.0 metric 4 B. route add 192.168.6.0 192.168.7.1 mask 255.255.0.0 cost 4 C. route add 192.168.6.0 mask 255.255.0.0 192.168.7.1 cost 4 D. route add 192.168.6.0 mask 255.255.0.0 192.168.7.1 metric 4

D The correct command to add this route to the table is route add 192.168.6.0 mask 255.255.0.0 192.168.7.1 metric 4. The proper syntax is route add DestinationIP mask Netmask GatewayIP metric MetricValue. If the host is multi-homed, the interface will complete the syntax. The command route add 192.168.7.1 mask 255.255.0.0 192.168.6.0 metric 4 has the DestinationIP and the GatewayIP reversed in the syntax. The command route add 192.168.6.0 192.168.7.1 mask 255.255.0.0 cost 4 has the mask and GatewayIP reversed, and has the metric mislabeled as cost. The command route add 192.168.6.0 mask 255.255.0.0 192.168.7.1 cost 4 has the metric incorrectly labeled as cost.

Analyze the characteristics of a routing table. What is the purpose of the interface parameter? A. Provides the ability to define routes to specific hosts B. Provides the Internet Protocol (IP) address of the next router along the path C. Provides a preference value assigned to the route with lowest values having priority D. Provides the local port to use to forward a packet along the chosen route

D The interface parameter provides the local port to use to forward a packet along the chosen route. The destination (Internet Protocol) IP address and netmask parameter provides the ability to define routes to specific hosts but are more generally directed to network identification. The gateway, or next hop, parameter provides the IP address of the next router along the path. The metric parameter provides a preference value assigned to the route. The low values are preferred over high values. The value of the metric may be determined by various parameters.

Evaluate the Institute of Electrical and Electronic Engineers (IEEE) 802.11 standards to determine what occurs during the Multiple Input Multiple Output (MIMO) process. A. The bandwidth is increased by multiplexing the signals from 2 to 4 separate antennas. B. The Access Point (AP) uses its multiple antennas to process a spatial stream of signals in the direction of a particular station. C. The Access Point (AP) mediates communications between wireless stations and provides a bridge to a cabled network segment. D. Bandwidth increases from using the option to consolidate two adjacent 20 MegaHertZ (MHz) channels to a single 40 MHz channel.

A The 802.11n standard increases bandwidth by multiplexing the signals from 2 to 4 separate antennas in a process called Multiple Input Multiple Output (MIMO). In Multiuser MIMO (MU-MIMO), the Access Point (AP) uses its multiple antennas to process a spatial stream of signals in the direction of a particular station, separately to other streams. In an infrastructure topology, each station is configured to connect through a base station or AP. The AP mediates communications between wireless stations and can also provide a bridge to a cabled network segment. 802.11n can obtain more bandwidth with the option to use two adjacent 20 MegaHertZ (MHz) channels as a single 40 MHz channel, referred to as channel bonding.

Summarize the purpose of the Internet Engineering Task Force (IETF). A. The IETF focuses on solutions to Internet problems and the adoption of new standards. B. The IETF allocates addresses to regional registries who then allocate them to local registries. C. The IETF encourages the development and availability of the Internet, and provides organizational resources to the IAB. D. The IETF manages allocation of IP addresses and maintenance of the top-level domain space.

A The Internet Engineering Task Force (IETF) focuses on solutions to Internet problems and the adoption of new standards. The IETF is governed by the Internet Architecture Board (IAB). The Internet Assigned Numbers Authority (IANA) allocates addresses to regional registries, who then allocate them to local registries or Internet service providers (ISPs). The purpose of Internet Society (ISOC) is to encourage the development and availability of the Internet. It provides organizational resources to the Internet Architecture Board (IAB). The Internet Assigned Numbers Authority (IANA) manages allocation of Internet Protocol (IP) addresses and maintenance of the top-level domain space.

Which Secure Shell (SSH) authentication method uses a Ticket Granting Ticket (TGT)? A. Kerberos B. Username/password C. Host-based authentication D. Public key authentication

A The Kerberos method uses a Ticket Granting Ticket (TGT) for authentication. The client submits the TGT to the server using the Generic Security Services Application Program Interface (GSSAPI). The username/password method involves the client submitting credentials that are verified by the Secure Shell (SSH) server. The credentials are verified against a local user database or a server. The host-based authentication method is used when the server is configured with a list of authorized client public keys. Public key authentication adds the remote user's public key to a list of keys authorized for each local account on the SSH server.

Consider the following two pieces of information: 1) a network has 25 devices that run for 250 hours each, and 2) the same network experiences failures from 5 of its servers. Utilize this information to solve the Mean Time to Failure (MTTF). A. 250 hours B. 1,250 hours C. 6,250 hours D. 50 hours

A The Mean Time to Failure (MTTF) is 250 hours. The calculation for MTTF is the total time divided by the number of devices. In this scenario, 25 devices ran for 250 hours. The calculation is (25*250)/25 = 250 hours. The Mean Time Between Failures (MTBF) is 1,250 hours, not the MTTF. The MTBF calculation is (25*250)/5 = 1,250. The MTTF is not 6,250. This may be incorrectly calculated by multiplying the time by devices (25*250) = 6,250. The MTTF is not 50 hours. This may be incorrectly calculated by dividing the hours by the failures (250/5) = 50.

Identify the protocol that provides the File/Print Sharing Service on a Windows network. A. Server Message Block (SMB) B. Network Time Protocol (NTP) C. HyperText Transfer Protocol (HTTP) D. Internet Message Access Protocol (IMAP)

A The Server Message Block (SMB) protocol provides the File/Print Sharing Service on a Windows Network. SMB allows a machine to share its files and printers to make them available for other machines to use. The Network Time Protocol (NTP) enables the synchronization of time-dependent applications. Many applications on networks are time-dependent and time-critical. The Hypertext Transfer Protocol (HTTP) enables clients, typically web browsers, to request resources from a server. The Internet Message Access Protocol (IMAP) is a mailbox access protocol. IMAP allows clients to authenticate themselves and retrieve messages from designated folders.

A network administrator would like to view the route taken by a packet as it travels to the destination host on a remote network. What command will the administrator use? A. tracert B. route C. route print D. route change

A The administrator will use the tracert Internet Control Message Protocol (ICMP) utility to trace the route taken by a packet as it hops to the destination host on a remote network. It can be used either with an Internet Protocol (IP) address or a host and domain name. It returns the IP address, or name, of each router used by the packet to reach its destination. The route command is used to view and modify the routing table on a Windows or Linux host. The route print command is used to show the routing table. The route change command is used to modify the routing table.

A network administrator suspects an issue with local addressing. The administrator would like to add an entry into the Address Resolution Protocol (ARP) table. Recommend the appropriate ARP utility command. A. arp -s B. arp -a C. arp -g D. arp -d

A The arp utility can be used to perform functions related to the Address Resolution Protocol (ARP) table cache. The utility arp -s IPAddressMACaddress adds an entry to the ARP cache. Under Windows, MACAddress needs to entered with hyphens between each hexadecimal byte. The arp -a utility shows the ARP cache contents. This can be used with IPAddress to view the ARP cache for the specified interface only. The arp -g utility provides the exact same information as the arp -a utility. The arp -d utility deletes all entries in the ARP cache. It can also be used with IPAddress to delete a single entry.

A network manager is configuring a secure remote access Virtual Private Network (VPN). Recommend guidelines for the manager to follow. (Select two) A. Implement Virtual Private Network (VPN) technology to support access to the network by remote clients and secure communications between sites. B. Install the Virtual Private Network (VPN) concentrator inside of the network and use a firewall configuration to prevent compromise. C. Select a Virtual Private Network (VPN) protocol that gives the most effective security while also supported by servers and client devices. D. Develop a remote access policy to ensure each employee can connect and ensure that the network is not compromised by remote clients with weak security configurations.

A and C One guideline when configuring a secure remote access Virtual Private Network (VPN) is to implement VPN technology to support access to the network by remote clients over the Internet and secure communications between sites across public networks. The manager needs to select a VPN protocol that gives the most effective security while also supported by servers and client devices. The VPN concentrator should be installed on the network edge, versus inside of the network, and a firewall configuration should be in place to prevent compromise. The manager needs to develop a remote access policy to ensure only authorized users, not all employees, can connect and ensure that the network is not compromised by remote clients with weak security configurations.

Evaluate the characteristics of a Media Access Control (MAC) address to determine which of the following are valid MAC addresses. (Select two) A. 00:82:3f:7b:2d:ab B. 00:82:3f:7h:2d:ag C. 0082.3f7b.2dab D. 00823f7h2dag

A and C One valid Media Access Control (MAC) address is 00:82:3f:7b:2d:ab. This address is 6 bytes and uses digits 0-9 and only letters A-F. One proper way to display a MAC is 6 groups of 2 hexadecimal digits. Another valid MAC is 0082.3f7b.2dab. This address also meets the character requirements and is 6 bytes. A MAC may be grouped as 3 groups of 4 hexadecimal digits with period separators. The MAC address 00:82:3f:7H:2d:ag is not a valid MAC address. The "h" and the "g" are outside of the allowable letters. Only letters A-F can be utilized in a MAC address. The MAC address 00823f7h2dag is not a valid MAC address as it contains characters outside of the allowable letters of A-F.

Identify the examples of open questions a network manager may ask users in step one of the Computing Technology Industry Association (CompTIA) Network+ troubleshooting methodology. (Select two) A. What happens when the webpage opens? B. What is the response status code? C. What other applications are working correctly? D. Is a shortcut to the database on the desktop?

A and C Open questions invite someone to explain in their own words. "What happens when the webpage opens?" is an example of an open question. The user can explain in their own words the issue that is occuring. "What other applications are working correctly?" is an example of an open question. The user can list other applications that are, or not, working. Closed questions invite a yes or no answer or a fixed response. "What is the response status code?" is one example. This is a fixed response answer. "Is a shortcut to the database on the desktop?" is another example of a closed question. The user will respond with yes or no.

A host has an Internet Protocol (IP) address of 172.20.152.104. What information does this IP address provide? (Select two) A. It is a private address. B. It is a public address. C. It is a Class B address. D. It is a Class C address.

A and C Private Internet Protocol (IP) addresses can be drawn from one of the pools of addresses defined in Request for Comment (RFC 1918). One of the pools of addresses is 172.16.0.0 to 172.31.255.255. The IP address in the scenario (172.20.152.104) falls within this range and is, therefore, a private IP address. The pool of private IP addresses 172.16.0.0 to 172.31.255.255 is reserved for Class B private addresses. The IP falls within this range. The IP 172.20.52.104 falls within the private IP address pool and is not a public IP address. The pool of private IP address 192.168.0.0 to 192.168.255.255 is reserved for Class C private addresses. The IP address is outside of this range.

Differentiate between the characteristics of a 66 block and a 110 block. (Select two) A. A 66 block has a capacity of 50 pairs while a 110 block has a capacity of 25-300 pairs. B. A 66 block has a capacity of 25 pairs while a 110 block has a capacity of 50-300 pairs. C. A 66 block supports Category 5 (Cat 5) and lower cabling while a 110 block supports Cat 6 and higher. D. A 66 block supports pre-Category 5 (pre-Cat 5) and lower cabling while a 110 block supports Cat 5 and higher.

A and D A 66 block provides 50 rows of 4 Insulation Displacement Connector (IDC) terminals. The 25-pair cable from the access provider is terminated on one side of the block while the other side of the block terminates the wiring from the Private Branch Exchange (PBX). A 110 block has a capacity of 25-300 pairs, depending on the configuration. A 66 block supports legacy data applications (pre-Category 5). A 110 block supports 100 MegaHertZ (MHz) (Category 5) and greater. A 66 block has a capacity of 50 pairs, versus 25. A 110 block has a capacity of 25-300, versus 50-300. A 66 block supports pre-Category 5 while a 110 block supports Category 5 and better.

Identify the characteristics of a Fully Qualified Domain Name (FQDN). (Select two) A. Each label cannot exceed 63 characters. B. The total length cannot exceed 256 characters. C. Characters in the labels are case sensitive. D. A trailing period represents the root.

A and D Each part of the Fully Qualified Domain Name (FQDN), defined by a period, can be no more than 63 characters. The periods are excluded in the character count. The FQDN is a combination of the host name and a domain suffix. A FQDN must include the trailing period when configuring name records. The trailing period represents the root of the hierarchy. The trailing period can usually be omitted in most use cases, excluding when configuring name records. The total length cannot exceed 253 characters versus 256 characters. The labels in FQDN are not case sensitive.

A network manager is configuring a firewall. Prepare guidelines for the network manager to follow. (Select two) A. Only allow the minimum amount of traffic required. B. The final default rule in a firewall is implicit allow. C. The rules are processed from bottom to top. D. The most specific rules are placed at the top.

A and D Firewalls are configured on the principle of least access. This means to only allow the minimum amount of traffic required for the operation of valid network services, and no more. The rules that are the most specific and must override others are placed at the top. The final default rule in a firewall is implicit deny, versus allow. This rule is to block any traffic that has not matched a rule. The rules are processed from top to bottom. The reason for this process is that rules that are most specific and must override others are placed at the top.

Evaluate Virtual Private Network (VPN) protocols and determine what function the Generic Routing Encapsulation (GRE) protocol performs. A. Provides identification of the destination address to support tunneling directly between two spokes. B. Provides authentication and key exchange for the Internet Protocol Security (IPSec) protocol suite. C. Provides tunneling and supports a wide range of features that includes the ability to establish multipoint links. D. Provides confidentiality by encrypting data packets and integrity by signing each packet.

C The Generic Routing Encapsulation (GRE) protocol is a tunneling protocol similar to the Point-to-Point Protocol (PPP), but supports a wider range of features, including the ability to establish multipoint links. The Next Hop Router Protocol (NHRP) is used to identify destination addresses. The hub in a Dynamic Multipoint Virtual Private Network (DMVPN) uses this information to facilitate the creation of a dynamic Internet Protocol Security (IPSec) tunnel between the two spokes. The Internet Security Association and Key Management Protocol (ISAKMP) provides authentication and key exchange for the IPSec protocol suite. This is also referred to as the Internet Key Exchange (IKE). The Internet Protocol Security (IPSec) suite provides confidentiality by encrypting data packets and integrity by signing each packet.

What protocol allows for multiple physical routers that each require unique Internet Protocol (IP) addresses, to serve as a single default gateway for a subnet? A. Virtual Router Redundancy Protocol (VRRP) B. Routing Information Protocol (RIP) C. Hot Standby Router Protocol (HSRP) D. Border Gateway Protocol (BGP)

C The Hot Standby Router Protocol (HSRP) allows for multiple physical routers to serve as a single default gateway for a subnet. To do this, each router must have an interface connected to the subnet, with its own Internet Protocol (IP) address. The Virtual Router Redundancy Protocol (VRRP) is similar to HSRP with a primary difference of the routers do not require unique IP addresses. The Routing Information Protocol (RIP) is a long-established distance vector-based routing protocol that uses a hop count metric to determine the distance to the destination network. The Border Gateway Protocol (BGP) is designed to be used between routing domains and is used as the routing protocol on the Internet, primarily between Internet Service Providers (ISPs).

Compare the features of reserved address ranges and determine the purpose of Internet Protocol (IP) address 169.254.0.0. A. Clients use it as a source address for a Dynamic Host Configuration Protocol (DHCP) lease. B. Hosts use it to broadcast to the local network. C. Hosts use it for automatic private addressing. D. It is set aside for use in documentation and examples.

C The Internet Protocol (IP) address 169.254.0.0 to 169.254.255.255 is used by hosts for automatic private IP addressing. Reserved address ranges are for special use only and are not publicly routable. The IP address 0.0.0.0/8 is used when a specific address is unknown. This is typically used as a source address by a client seeking a Dynamic Host Configuration Protocol (DHCP) lease. The IP address 255.255.255.255 is used to broadcast to the local network when the local network address is not known. The IP addresses 192.0.2.0/24, 198.51.100.0/24, and 203.0.113.0/24 are set aside for use in documentation and examples.

Summarize the functions of the Link layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack. A. The Link layer establishes connections between the different applications that the source and destination hosts use to communicate. B. The Link layer is where many of the high level protocols can be run, such as File Transfer Protocol (FTP). C. The Link layer defines the host's connection to the network media and includes the hardware and software involved in the interchange of frames between hosts. D. The Link layer provides addressing and routing functions along with the ability to fragment large frames from the Network Interface layer into smaller packets.

C The Link layer defines the host's connection to the network media and includes the hardware and software involved in the interchange of frames between hosts. The Transport layer establishes connections between the different applications that source and destination hosts are communicating with. It breaks Application layer information into segments. The Application layer is the layer at which many Transmission Control Protocol/Internet Protocol (TCP/IP) services (high level protocols) can be run, such as File Transfer Protocol (FTP). The Internet layer provides addressing and routing functions. It also provides the ability to fragment large frames from the Network layer into smaller packets.

Consider the following two pieces of information: 1) a network has 20 devices that ran for 125 hours each, and 2) the same network eventually experienced failures from 5 of its servers. Utilize this information to solve the Mean Time Between Failures (MTBF). A. 125 hours B. 625 hours C. 500 hours D. 25 hours

C The Mean Time Between Failures (MTBF) is 500. The calculation for MTBF is the total time divided by the number of failures. In this scenario, 20 devices ran for 125 hours each with 5 failures. The calculation is (125*20)/5 = 500 hours. The Mean Time to Failure (MTTF) is 125, not the MTBF. The MTTF calculation is the total time divided by the number of devices. This scenario would be (125*20)/20 with a result of 125 hours. 625 hours is not the MTBF. This could incorrectly be computed by multiplying the number of failures by the number of hours (5*125). 25 hours is also incorrect. This could incorrectly be computed by dividing 125 by the number of failures.

A technician is converting an analog input to digital. The technician is using the Nyquist theorem to determine the Kbps needed. The frequency range is 10,000 Hz and the sample size is 1 byte. Calculate the total Kbps the conversion requires. A. 80 Kbps B. 20 Kbps C. 160 Kbps D. 10 Kbps

C The Nyquist theorem calls for the sampling rate to be twice the signal bandwidth. In this scenario, the frequency range is 10,000 Hertz (Hz) and twice the rate is 20,000 Hz, which converts to 20 Kilohertz (KHz). The sample size is 1 byte, which equals 8 bits. To determine the Kilobits per second (Kbps), multiply 20 KHz x 8 bits. The Kbps required is 160. The technician may return an incorrect Kbps of 80 if the original frequency range is not doubled. 20 KHz is the result after doubling the frequency range. 10 Kbps could be incorrectly calculated by converting the original 10,000 Hz to 10KHz then multiplying by 1 byte.

Host A and Host B are on the same local network. Host A sends a communication to Host B. Local address resolution is a five-step process, and some of the steps are listed below. Select the fourth step that will occur as local address resolution takes place. A. Host A checks its Address Resolution Protocol (ARP) table cache for the required hardware address of Host B. B. Host A receives a reply, updates its cache table, and establishes communication. C. If the Media Access Control (MAC) address is not present in cache, Address Resolution Protocol (ARP) will build a request and broadcast it onto the network. D. If Host B recognizes its own address, it updates its cache with the Media Access Control (MAC) address of Host A and then replies to Host A.

D Both the sending and receiving hosts are on the same local network. The fourth step in local address resolution is if the target host recognizes its own address, it updates its cache with the Media Access Control (MAC) address of the source host. It then replies to the source host. The first step is the source host checks its Address Resolution Protocol (ARP) table cache for the required hardware address of the destination host. The fifth step is the source host receives a reply, updates its cache table, and communication is established. The second step is if the MAC address is not present in cache, ARP builds a request and broadcasts it onto the network.

Two nodes are communicating over a fiber optic cable connection. Evaluate the types of transmission media and determine which of the following use two nodes to conduct their communication. A. Digital Signaling B. Line Coding C. Unbounded media D. Bounded media

D Bounded media, also called cabled, is a physical signal conductor that connects two nodes. Examples of this type of transmission media are fiber optic cable and copper connections. Many transmission media and network products support simple digital signaling, but this is not a type of transmission media. Line coding is a transmission technique used by digital signaling and is also not a type of transmission media. Line coding is essentially a series of discrete pulses. Unbounded media, also called wireless, uses free space between nodes, such as microwave radio.

A signal is on both the transmit and receive lines of a cable at the same time. The node broadcasts a jam signal and one node waits for three seconds while the second node waits five seconds to resend the transmit. This is an example of which of the following Carrier Sense Multiple Access (CSMA) protocols? A. Carrier sense B. Multiple access C. Collision avoidance D. Collision detection

D Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol defines methods for detecting a collision on different types of media. When a signal is present on the interface's transmit and receives lines simultaneously, the node will broadcast a jam signal. CSMA with Collision Avoidance (CA) use schemes such as "request to send" to gain access to the media. Nodes listen to the media before transmitting and transmit only if the media is clear. Carrier sense detects activity on the media. This is the first part of CSMA and is not one of the two protocols. Multiple Access is for multiple nodes using the same media and is the second part of CSMA and is not one of the protocols.

Summarize the role of Layer 6 in the Open System Interconnection (OSI) model. A. Provides an interface for software programs on network hosts that have established a communications channel B. Administers the process of establishing the dialog, managing data transfer, and then ending the session C. Moves data around an internetwork using logical network and host IDs D. Transforms data between the format required for the network and the format required for the application

D Layer 6 is known as the Presentation layer. This layer transforms data between the format required for the network and the format required for the application. The Application layer, Layer 7, provides an interface for software programs on network hosts that have established a communications channel to exchange data. The Session layer, Layer 5, represents the dialog control functions that administer the process of establishing the dialog, managing data transfer, and then ending the session. This can occur via simplex, half-duplex, or duplex. The Network layer, Layer 3, is responsible for moving data around a network of networks, known as an internetwork, using logical network and host IDs. The networks are often heterogeneous.

A system administrator is responsible for 25 servers at a remote location. The administrator learns of a server outage; it does not have any network connectivity. The administrator uses remote access to troubleshoot the server and to review the logs. Analyze remote management methods and determine which of the following the system administrator used. A. Remote Desktop Protocol (RDP) B. Virtual Network Computing (VNC) C. Trivial File Transfer Protocol (TFTP) D. Lights-Out Management (LOM)

D Lights-Out Management (LOM) is an example of Out-Of-Band (OOB) management. LOM uses a dedicated management channel to access servers and network devices. The servers and devices can be managed remotely, whether or not they are turned on. It also works if the operating system is not working or has yet to be installed. Remote Desktop Protocol (RDP) is Microsoft's protocol for operating remote Graphical User Interface (GUI) connections to a Windows machine. Virtual Network Computing (VNC) is a freeware product with similar functionality to RDP. Trivial File Transfer Protocol (TFTP) is a file transfer service. TFTP is connectionless and does not provide the guaranteed delivery offered by the File Transfer Protocol (FTP).

A technician receives a report that a wireless device has a weak signal. The technician verifies that the device is within the supported range. Further troubleshooting identifies that a great deal of refraction is the cause of the issue. What device or object can cause this problem? A. Mirrors B. Walls C. Cordless phone D. Water

D Refraction will cause interference with a wireless device. Glass or water can cause radio waves to bend and take a different path to the receiver. This can cause the data rate to drop. Reflection, or bounce, can be caused by mirrors or shiny surfaces that cause the signals to reflect, meaning a variable delay is introduced. Absorption refers to the degree to which walls and windows will reduce signal strength. To minimize absorption from office furniture, use ceiling mounted Access Points (APs). Electromagnetic Interference (EMI) is interference from a powerful radio or electromagnetic source, working in the same frequency band.

A farming company hired a technician to service their telephone lines to get their Digital Subscriber Line (DSL) Internet service and telephones working again with their telecommunications provider. Users have reported that their desk phones do not have a dial tone. During troubleshooting, the technician discovers that there is no dial tone at the demarcation point either. What conclusion can the technician make at this point? A. The issue is likely within the horizontal cabling. B. The issue is likely in the telecommunications room. C. The issue is likely within the backbone cabling. D. The issue is likely within the responsibility of the communications provider.

D The demarcation point is where the provider's network terminates, and the company's network begins. The telecommunications provider has the responsibility to ensure the telephone lines provide service to the demarcation point. The technician can confirm this with a dial tone. Horizontal cabling connects user work areas to the nearest horizontal cross-connect (HCC). The HCC is a wiring closet that holds a patch panel that is attached to the main facility by a backbone cable. The telecommunications room houses HCCs. Essentially, this is a termination point for the horizontal cabling along with a connection to the backbone cabling. Backbone cabling connects horizontal HCCs to the main cross-connect (optionally via intermediate cross-connects). These can also be described as vertical cross-connects.

A network administrator implements traffic policies for routing boundaries. Which layer of the network hierarchy will perform this function? A. Access B. Core C. Data Center D. Distribution

D The distribution layer provides fault-tolerant interconnections between different access blocks and either the core or other distribution blocks. This layer can be used to implement traffic policies such as routing boundaries. The access layer allows end-user devices, such as computers and printers, to connect to the network. The core layer provides a highly available network backbone. Devices such as client and server computers should not be attached directly to the core. The data center layer is a network area that hosts network services, such as authentication, application servers, and storage area networks.

The help desk receives an increase in calls from employees stating that the network is slow. A network manager uses a network performance tool and notices that 10% of the end user devices are using 80% of the network. Further investigation reveals that the users with the most bandwidth are streaming music. What is occurring on the network? A. Throughput B. Top talkers C. Thresholds D. Bottleneck

D The network is experiencing a bottleneck. A bottleneck is a point of poor performance that reduces the productivity of the whole network. The users streaming music to their device is causing a reduction in available bandwidth which is slowing down resources for other users. Throughput is the amount of data flowing through a network. Throughput is tested by sending a packet from Host A to Host B and measuring the amount of time it takes to arrive at the destination. Top talkers are interfaces generating the most outgoing traffic, in terms of bandwidth. Thresholds can be used to trigger a trap alert and are configured using a management system.

A network manager creates new zones for the network. Recommend a security device that controls traffic between the zones. A. Demilitarized Zone B. Proxy C. Bastion host D. Firewall

D The network manager will use a firewall to control traffic between zones. A firewall is software or hardware that filters traffic passing into and out of a network segment. A Demilitarized Zone (DMZ) is an Internet-facing host that accepts inbound connections from the Internet. If communication is required between hosts on either side of a DMZ, a host within the DMZ will act as a proxy. Bastion hosts are hosts in the DMZ that are not fully trusted by the internal network because of the possibility that they could be compromised from the Internet.

What describes the placement of nodes and how they connect with network media? A. Point-to-point B. Physical bus C. Logical topology D. Physical topology

D The physical network topology describes the placement of nodes and how they are connected by the network media. A point-to-point connection is a single link that is established between two nodes. It is the 1:1 relationship that defines a point-to-point link. Because only two devices share the connection, they are guaranteed a level of bandwidth. A physical bus topology with more than two nodes is a shared access topology, meaning that all nodes share the bandwidth of the media. Only one node can be active at any time. The logical topology describes the flow of data through the network.

A critical server is required to have high availability. The Maximum Tolerable Downtime (MTD) for the server is five-nines. The previous year the server experienced unplanned outages that totaled 00:08:25 (hh:mm:ss). Consider the MTD for five-nines and determine if the server met the metric. A. Yes, the server met the Maximum Tolerable Downtime (MTD) metric. The server experienced outages less than 00:52:34. B. Yes, the server met the Maximum Tolerable Downtime (MTD) metric. The server experienced outages less than 08:45:36. C. No, the server did not meet the Maximum Tolerable Downtime (MTD) metric. The server experienced outages greater than 00:00:32. D. No, the server did not meet the Maximum Tolerable Downtime (MTD) metric. The server experienced unplanned outages greater than 00:05:15.

D The server did not meet the Maximum Tolerable Downtime (MTD). The server experienced unplanned outages greater than 00:05:15. Five-nines (99.999%) availability means that the server cannot have outages greater than 00:05:15. The server did not meet the MTD. A server with a MTD of 00:52:34 will have an availability of four-nines (99.99%). This server has an availability of five-nines resulting in an MTD of 00:05:15. A server with a MTD of 08:45:36 has an availability of three-nines (99.9%). A server with a MTD of 00:00:32 has an availability of six-nines (99.9999%).

A company has a need for increased security control. The company currently has two network technicians and a small budget for the project. Given this scenario, which is the BEST solution for the company? A. Signature management B. File Integrity Monitoring (FIM) C. Network-Based Intrusion Prevention System (NIPS) D. Unified Threat Management (UTM)

D Unified Threat Management (UTM) refers to a system that centralizes various security controls such as firewall, anti-malware, network intrusion prevention, spam filtering, and content inspection into a single appliance. UTM was created in response to difficulties that administrators face in deploying discrete security systems; namely, managing several complex platforms as well as meeting the significant cost requirements. Signature management detection means the engine is loaded with a database of attack patterns or signatures. File Integrity Monitoring (FIM) software audits key system files to make sure they match the authorized versions. A Network-Based Intrusion Prevention System (NIPS) provides an active response to any network threats that it matches.