CompTIA Network+ Practice Test (Lessons 1-16 Practice Questions)

A network administrator enters the command show mac address-table into the command prompt. What information will the network administrator get in return? (Select three). A. Media Access Control (MAC Address) B. Type C. Virtual Local Area Network (VLAN) D. Internet Protocol (IP) Address

A, B, and C The command show mac address-table will provide the known Media Access Control (MAC) addresses that map to interface ports on a switch. This information is useful to find the MAC addresses associated with a particular port. The type is included in the information which will either be dynamic or static. The Virtual Local Area Network (VLAN) information is also returned with this command. The Internet Protocol (IP) address is not information that is included with this command. This command is only concerned with the VLAN, MAC, Type, and the associated ports.

What systems interconnect Internet Protocol (IP) networks and perform packet forwarding processes? A. End B. Intermediate C. Routing D. Dynamic

B An Intermediate System (IS) is a device that interconnects Internet Protocol (IP) networks and can perform packet forwarding processes. These systems are used to send and receive data intended for the end user. An End System (ES) is a host without the capacity to forward packets to other IP networks. These are systems that are used directly by the user. The process of routing takes place when a host needs to communicate with a host on a different IP network or a different subnet. A dynamic routing protocol is used to learn about remote networks and the most efficient route to those networks.

What blocks traffic that does not conform to rules? A. Access Control List (ACL) B. State table C. Router D. Firewall

D A firewall processes traffic according to rules. Traffic must conform to a rule that allows it through the firewall. Any traffic that does not conform is blocked. Packet filtering firewalls are configured by specifying rules, which are called Access Control Lists (ACLs). Each rule defines a specific type of data packet and the appropriate action to take when a packet matches the rule. State tables are used by circuit-level stateful inspection firewalls. Information about each session is stored in a dynamically updated state table. Routers forward data to other networks. A firewall can be merged with a router to perform the function of blocking traffic, based on rules.

A network with two private subnets utilizes a Demilitarized Zone (DMZ) for a honeypot on a corporate firewall appliance. Evaluate the topology to determine which type it represents. A. Three-legged firewall B. Screened subnet C. Screened host D. DMZ host

A A Demilitarized Zone (DMZ) can be established using a single router and firewall appliance. A three-legged firewall is one with three network ports, each directing traffic to a separate subnet. A screened subnet uses two firewalls that are placed at either end of the DMZ. One restricts traffic on the external interface, while the other restricts traffic on the internal interface. Smaller network may use a screened host where Internet access is implemented using a dual-homed proxy or gateway server. A DMZ host is used by router vendors to mean an Internet-facing host or zone is not protected by the firewall.

A network manager installs a tool that throttles the bandwidth of attacking hosts and modifies suspect packets to render them harmless. Evaluate security technology tools and determine what specific functionality is being utilized. A. Network-Based Intrusion Prevention System (NIPS) B. Network-Based Intrusion Detection System (NIDS) C. Unified Threat Management (UTM) D. Signature management

A A Network-Based Intrusion Prevention System (NIPS) provides advanced measures that include throttling bandwidth of attacking hosts, applying complex firewall filters, and modifying suspect packets to render them harmless. A Network-Based Intrusion Detection System (NIDS) provides passive detection by logging intrusion incidents and displaying alerts at the management interface. Unified Threat Management (UTM) refers to a system that centralizes various security controls such as firewall, anti-malware, network intrusion prevention, and spam filtering into a single appliance. Signature-based detection means the engine is loaded with a database of attack patterns or signatures.

A network administrator deploys a firewall that analyzes the header and Hypertext Markup Language (HTML) code in Hypertext Protocol (HTTP) packets to match patterns in a threat database. Consider the types of firewalls and determine which firewall is on the network. A. Next Generation Firewall (NGFW) B. Appliance firewall C. Packet filtering firewall D. Router firewall

A A Next Generation Firewall (NGFW) is a layer 7 firewall that can inspect and parse the contents of packets at the Application layer. An appliance firewall is a stand-alone hardware firewall that performs only the function of a firewall. A packet filtering firewall is configured by specifying rules, which are called an Access Control List (ACL). Each rule defines a specific type of data packet and the appropriate action to take. A router firewall is similar to an appliance firewall with the exception that the functionality is built into the router firmware.

A network is designed for all nodes to share the bandwidth of the media. The nodes must contend to put signals on the media, and all nodes attach directly to a single cable. What type of topology does this demonstrate? A. Physical bus B. Point-to-point C. Logical topology D. Physical topology

A A physical bus topology with more than two nodes is a shared access topology, meaning that all nodes share the bandwidth of the media. Only one node can be active at any one time, so the nodes must contend to put signals on the media. All nodes attach directly to a single cable segment via cable taps. A point-to-point connection is a single link that is established between two nodes. A physical network topology describes the placement of nodes and how they are connected by the network media. A logical topology describes the flow of data through the network.

Identify the layer that does not add a header to the data payload. A. Physical B. Network C. Transport D. Application

A At each level, except the Physical layer, the sending nodes adds a header to the data payload which forms a chunk of data called a Protocol Data Unit (PDU). This process is known as encapsulation. At the Network layer, the Transmission Control Protocol (TCP) segment is wrapped in an Internet Protocol (IP) header. The IP packet is put into an Ethernet frame at the Data Link layer. At the Transport layer, a TCP header is added to the application. Data is generated by an application, such as Hypertext Transfer Protocol (HTTP), which will include an application header.

A host has an address of 169.254.101.201. What can an administrator infer from this address? A. The host did not receive a response to a DHCPDISCOVER broadcast. B. The network mask is 255.255.255.0. C. The host is configured with a static Internet Protocol (IP) address. D. The address is leased and the host must release the Internet Protocol (IP) after a specific period of time.

A Automatic Private Internet Protocol Addressing (APIPA) was developed as a means for clients that can not contact a Dynamic Host Configuration Protocol (DHCP) server to communicate on the local network. If a Windows host does not receive a response to a DHCPDISCOVER broadcast, a randomly selected address in the range of 169.254.1.1 to 169.254.254.254 will be assigned.

An attacker replaces the Internet Protocol (IP) address of www.companybank.com. Employee A goes to www.companybank.com to complete a transaction. The employee attempts to login to the website, and the attacker obtains the login credentials. What type of attack is Employee A a victim of? A. Domain Name System (DNS) poisoning B. Address Resolution Protocol (ARP) poisoning C. Man-in-the-Middle (MitM) attack D. Denial of Service (DoS) attack

A Domain Name System (DNS) poisoning is an attack that compromises the name resolution process. Typically, the attacker will replace the valid Internet Protocol (IP) address for a trusted website with the attacker's IP address. Address Resolution Protocol (ARP) poisoning works by broadcasting unsolicited ARP reply packets with a spoofed source address. A Man-in-the-Middle (MitM) attack is a specific type of spoofing attack where the attacker sits between two communicating hosts and openly intercepts and relays all communications between them. A Denial of Service (DoS) attack causes a service at a given host to fail or to become unavailable to legitimate users.

A network administrator is using Zenmap. The administrator enters the command nmap -sn 169.1.0.0/24. What will be the result? A. Suppressed host discovery scan B. Full Operating System (OS) fingerprinting C. Acknowledgement packets to port 80 and 443 D. Neighbor Discovery (ND) sweeps

A In Nmap, the switches -sn will be used to perform suppressed host discovery. This reduces the time consuming scan on a large Internet Protocol (IP) scope. If a host is detected, Nmap performs a port scan against that host to determine which services are running. This Operating System (OS) fingerprinting is time consuming. The -sn switch suppresses the scan and removes this function. The basic syntax of an Nmap command, without the -sn switch, results in the default behavior of Nmap to ping and send a Transmission Control Protocol (TCP) acknowledgement (ACK) packet to ports 80 and 443. Nmap will perform Neighbor Discovery (ND) sweeps. The -sn switch is a suppressed scan that removes this function.

Which of the following statements accurately describes Internet Protocol (IP)? A. Internet Protocol (IP) is connectionless. B. Internet Protocol (IP) works at the Data layer. C. Internet Protocol (IP) is reliable. D. Internet Protocol (IP) provides guaranteed delivery.

A Internet Protocol (IP) is connectionless in nature. Connectionless protocols is described as those who send information without ensuring the receiver is available. The package is addressed to the recipient and sent without verification. IP operates at the Network layer (layer 3) versus the Data layer and provides logical host and network addressing and routing. IP provides best-effort delivery of an unreliable nature. This is due to IP being a connectionless protocol.

A cloud provider has a data center that operates 250 shared servers. The company provisions the servers based on any of its customers' needs at the time. What provisioning approach is the cloud provider using? A. Resource pooling B. Rapid elasticity C. Measured service D. Something as a Service (SaaS)

A Resource pooling means that the hardware making up the cloud provider's data center is not dedicated or reserved to a single customer account. Cloud providers must be able to provision resources quickly due to changing customer demands. Rapid Elasticity means that the cloud can scale quickly to meet peak demand. Measured service results in the customer paying for the Central Processing Unit (CPU), memory, disk, and network bandwidth resources they are actually consuming. Something as a Service (SaaS) is referred to as the level of complexity and pre-configuration provided for cloud services. Something can refer to infrastructure, platform, or software.

Explain the use of remote network routes. A. For networks that are not directly attached B. For subnets to which the router is directly attached C. For routes to a specific Internet Protocol (IP) address D. For when a better network or host route is not found

A Routing table entries fall into four general categories. Remote network routes are for subnets and Internet Protocol (IP) networks that are not directly attached. Direct network routes are for subnets to which the router is directly attached. The router is used as a gateway to deliver packets to hosts on the same subnet by using Address Resolution Protocol (ARP). Host routes are for routes to a specific IP address. Default routes are used when a better network or host route is not found. If a packet's destination address does not match any other entries, this is the route that will be used. The default route is 0.0.0.0/0.

Summarize the purpose of the Internet Engineering Task Force (IETF). A. The IETF focuses on solutions to Internet problems and the adoption of new standards. B. The IETF allocates addresses to regional registries who then allocate them to local registries. C. The IETF encourages the development and availability of the Internet, and provides organizational resources to the IAB. D. The IETF manages allocation of IP addresses and maintenance of the top-level domain space.

A The Internet Engineering Task Force (IETF) focuses on solutions to Internet problems and the adoption of new standards. The IETF is governed by the Internet Architecture Board (IAB). The Internet Assigned Numbers Authority (IANA) allocates addresses to regional registries, who then allocate them to local registries or Internet service providers (ISPs). The purpose of Internet Society (ISOC) is to encourage the development and availability of the Internet. It provides organizational resources to the Internet Architecture Board (IAB). The Internet Assigned Numbers Authority (IANA) manages allocation of Internet Protocol (IP) addresses and maintenance of the top-level domain space.

Identify the protocol that provides the File/Print Sharing Service on a Windows network. A. Server Message Block (SMB) B. Network Time Protocol (NTP) C. HyperText Transfer Protocol (HTTP) D. Internet Message Access Protocol (IMAP)

A The Server Message Block (SMB) protocol provides the File/Print Sharing Service on a Windows Network. SMB allows a machine to share its files and printers to make them available for other machines to use. The Network Time Protocol (NTP) enables the synchronization of time-dependent applications. Many applications on networks are time-dependent and time-critical. The Hypertext Transfer Protocol (HTTP) enables clients, typically web browsers, to request resources from a server. The Internet Message Access Protocol (IMAP) is a mailbox access protocol. IMAP allows clients to authenticate themselves and retrieve messages from designated folders.

A network administrator would like to view the route taken by a packet as it travels to the destination host on a remote network. What command will the administrator use? A. tracert B. route C. route print D. route change

A The administrator will use the tracert Internet Control Message Protocol (ICMP) utility to trace the route taken by a packet as it hops to the destination host on a remote network. It can be used either with an Internet Protocol (IP) address or a host and domain name. It returns the IP address, or name, of each router used by the packet to reach its destination. The route command is used to view and modify the routing table on a Windows or Linux host. The route print command is used to show the routing table. The route change command is used to modify the routing table.

A network administrator suspects an issue with local addressing. The administrator would like to add an entry into the Address Resolution Protocol (ARP) table. Recommend the appropriate ARP utility command. A. arp -s B. arp -a C. arp -g D. arp -d

A The arp utility can be used to perform functions related to the Address Resolution Protocol (ARP) table cache. The utility arp -s IPAddressMACaddress adds an entry to the ARP cache. Under Windows, MACAddress needs to entered with hyphens between each hexadecimal byte. The arp -a utility shows the ARP cache contents. This can be used with IPAddress to view the ARP cache for the specified interface only. The arp -g utility provides the exact same information as the arp -a utility. The arp -d utility deletes all entries in the ARP cache. It can also be used with IPAddress to delete a single entry.

Evaluate the characteristics of the preamble of the Ethernet frame format, and determine which statement is an accurate reflection. A. The preamble is used for clock synchronization and consists of 8 bytes of alternating 1s and 0s. B. The preamble is a part of the Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) protocol and is the first step in the Ethernet frame format. C. The preamble is used for clock synchronization and consists of 8 bytes with two consecutive 0s at the end. D. The preamble is a part of the Carrier Sense Multiple Access/Collision Detection (CSMA/CD) protocol and is the first step in the Ethernet frame format.

A The preamble is used for clock synchronization. It consists of 8 bytes of alternating 1s and 0s, with the Start Frame Delimiter (SFD) being two consecutive 1s at the end. The preamble is not a part of the Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) and is not considered to be part of the frame. The preamble is used for clock synchronization, with the SFD being two consecutive 1s (not 0s) at the end. The preamble is a part of the Carrier Sense Multiple Access/Collision Detection (CSMA/CD) but is not considered the first step in the frame format.

Which monitoring alert can an administrator configure to measure the total amount of data transferred in a 24-hour period? A. Utilization B. Speed C. Resets D. Link status

A Utilization will measure the data transferred over a period of time. This can either be measured as the amount of data both sent and received or calculated as a percentage of available bandwidth. Speed will measure the rated speed of the interface. For Ethernet links, the interface speed should match both the host and switch ports. Resets measures the number of times an interface has restarted over the counter period. An interface that continually resets is described as flapping. Link status measures whether an interface is working. An alert will notify an administrator immediately so that troubleshooting can occur.

Analyze the process of subnetting. Determine why an administrator may find subnetting beneficial for a network. (Select two) A. To divide a network into logically distinct zones for security B. A network has a large number of hosts on the same Internet Protocol (IP) network C. A network uses the same physical and data link technologies throughout D. An organization has one Local Area Network (LAN) without a Wide Area Network (WAN)

A and B An administrator may find subnetting useful to divide a network into logically distinct zones for security and administrative control. It is inefficient to have very large numbers of hosts on the same Internet Protocol (IP) network. Subnetting will logically divide a network into smaller subnetworks, which will make it more efficient. Networks that use different physical and data link technologies should be logically separated as different subnets. Organizations with more than one site with Wide Area Network (WAN) links will find subnetting useful. The WAN link can form a separate subnet.

The owner of the company requests a briefing on the pros and cons of modifying the current network to include virtualization. Weigh the benefits and drawbacks and report the results. (Select two) A. There will be an upfront cost to upgrade equipment, but server consolidation will reduce equipment cost and energy consumption for the long term. B. Technicians will require training in order to manage the new network configuration, but it will be easier for the technicians to manage and update due to Virtual Desktop Infrastructure (VDI). C. Legacy applications that require older Operating System (OS) versions will not run on the new network configuration, but new applications with more features can be added during the deployment. D. A new server will be required for each application, but server consolidation will make managing the servers more efficient on the new network configuration.

A and B An upfront cost may be incurred by the company to upgrade equipment. Virtualization software may be required as well as upgrading current systems. Server consolidation can run several applications on one server, which will reduce equipment cost and reduce energy consumption. Training will be required on the new network configuration and how to manage a network that uses virtualization. Virtual Desktop Infrastructure (VDI) allows for low-cost thin client hardware to be deployed and provides better management. A benefit of virtualization is the ability to use legacy application that require older Operating System (OS) versions. Server consolidation means that multiple applications run on the same server, not that a new server is required for each application.

Host A and Host B connect to the same switch. Ports 1-14 have a separate Internet Protocol (IP) address range and subnet address than ports 15-28. Host A uses port 6, and Host B uses port 23. What can a technician determine from this information about Host A and Host B? (Select two) A. Host A and Host B are on separate Virtual Local Area Networks (VLANs). B. Host A and Host B must communicate through a layer 3 device. C. Host A and Host B are on the same logical and physical network. D. Host A and Host B can directly communicate through the shared switch.

A and B Host A and Host B are on separate Virtual Local Area Networks (VLANs). One way to implement a VLAN is by configuring the port interface on a switch. In this scenario, the switch has two VLANS configured. Host A and Host B must communicate through a layer 3 device. Each device is on a separate VLAN, which requires a layer 3 device to communicate. Host A and Host B are on the same physical network (shared switch) but are on separate logical networks (separate VLANs). Host A and Host B are on separate VLANS, resulting in a router being required to communicate. The hosts cannot use the switch to communicate.

Which layers of the Open System Interconnection (OSI) model make up the physical and logical topologies of network segments? (Select two). A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 4

A and B Layer 1, Physical layer, is responsible for physical topology. Physical and Logical topologies create network segments within the Open System Interconnection (OSI) model. Layer 2, Data Link layer, determines how multiple nodes that are on the same physical segment can share access to the network media. This is referred to as the logical topology. Layer 3, Network layer, is responsible for moving data around a network of networks, known as an internetwork. Layer 4, Transport layer, has the critical function of identifying each type of network application by assigning it a port number.

Identify the characteristics of the Transmission Control Protocol (TCP). (Select two) A. The protocol is connection-oriented. B. The protocol provides reliable delivery. C. The protocol works at the Network layer. D. The protocol divides data into bytes which are given a header.

A and B The Transmission Control Protocol (TCP) provides a connection-oriented method of communication. A connection-oriented method provides guaranteed delivery versus a connectionless-oriented method. TCP provides a reliable method of communicating by using acknowledgments and retransmissions of packets. TCP works at the Transport layer (layer 4) of the Open Systems Interconnection (OSI) model. This is one layer above the Network layer (layer 3). Protocols at the Transport layer are concerned with effective delivery of multiplexed application data. TCP takes data from the Application layer as a stream of bytes and divides it up into segments, each of which is given a header.

Evaluate the characteristics of a Media Access Control (MAC) address to determine which of the following are valid MAC addresses. (Select two) A. 00:82:3f:7b:2d:ab B. 00:82:3f:7h:2d:ag C. 0082.3f7b.2dab D. 00823f7h2dag

A and C One valid Media Access Control (MAC) address is 00:82:3f:7b:2d:ab. This address is 6 bytes and uses digits 0-9 and only letters A-F. One proper way to display a MAC is 6 groups of 2 hexadecimal digits. Another valid MAC is 0082.3f7b.2dab. This address also meets the character requirements and is 6 bytes. A MAC may be grouped as 3 groups of 4 hexadecimal digits with period separators. The MAC address 00:82:3f:7H:2d:ag is not a valid MAC address. The "h" and the "g" are outside of the allowable letters. Only letters A-F can be utilized in a MAC address. The MAC address 00823f7h2dag is not a valid MAC address as it contains characters outside of the allowable letters of A-F.

Identify the examples of open questions a network manager may ask users in step one of the Computing Technology Industry Association (CompTIA) Network+ troubleshooting methodology. (Select two) A. What happens when the webpage opens? B. What is the response status code? C. What other applications are working correctly? D. Is a shortcut to the database on the desktop?

A and C Open questions invite someone to explain in their own words. "What happens when the webpage opens?" is an example of an open question. The user can explain in their own words the issue that is occuring. "What other applications are working correctly?" is an example of an open question. The user can list other applications that are, or not, working. Closed questions invite a yes or no answer or a fixed response. "What is the response status code?" is one example. This is a fixed response answer. "Is a shortcut to the database on the desktop?" is another example of a closed question. The user will respond with yes or no.

A host has an Internet Protocol (IP) address of 172.20.152.104. What information does this IP address provide? (Select two) A. It is a private address. B. It is a public address. C. It is a Class B address. D. It is a Class C address.

A and C Private Internet Protocol (IP) addresses can be drawn from one of the pools of addresses defined in Request for Comment (RFC 1918). One of the pools of addresses is 172.16.0.0 to 172.31.255.255. The IP address in the scenario (172.20.152.104) falls within this range and is, therefore, a private IP address. The pool of private IP addresses 172.16.0.0 to 172.31.255.255 is reserved for Class B private addresses. The IP falls within this range. The IP 172.20.52.104 falls within the private IP address pool and is not a public IP address. The pool of private IP address 192.168.0.0 to 192.168.255.255 is reserved for Class C private addresses. The IP address is outside of this range.

Identify the characteristics of a Fully Qualified Domain Name (FQDN). (Select two) A. Each label cannot exceed 63 characters. B. The total length cannot exceed 256 characters. C. Characters in the labels are case sensitive. D. A trailing period represents the root.

A and D Each part of the Fully Qualified Domain Name (FQDN), defined by a period, can be no more than 63 characters. The periods are excluded in the character count. The FQDN is a combination of the host name and a domain suffix. A FQDN must include the trailing period when configuring name records. The trailing period represents the root of the hierarchy. The trailing period can usually be omitted in most use cases, excluding when configuring name records. The total length cannot exceed 253 characters versus 256 characters. The labels in FQDN are not case sensitive.

A network manager is configuring a firewall. Prepare guidelines for the network manager to follow. (Select two) A. Only allow the minimum amount of traffic required. B. The final default rule in a firewall is implicit allow. C. The rules are processed from bottom to top. D. The most specific rules are placed at the top.

A and D Firewalls are configured on the principle of least access. This means to only allow the minimum amount of traffic required for the operation of valid network services, and no more. The rules that are the most specific and must override others are placed at the top. The final default rule in a firewall is implicit deny, versus allow. This rule is to block any traffic that has not matched a rule. The rules are processed from top to bottom. The reason for this process is that rules that are most specific and must override others are placed at the top.

A single host on a network is unable to resolve names. Evaluate Domain Name System (DNS) configuration issues and determine which are the most likely to be the cause. (Select two). A. The DNS address is not configured. B. The DNS server is offline. C. The DNS service configuration is incorrect. D. The DNS suffix is incorrect.

A and D Host F, a single client in a network, is unable to resolve names. The issue is likely to lie with the client configuration. One possible reason is that the client has been configured without a Domain Name Service (DNS) server address or the wrong DNS server address. Another possible reason is that the client has the incorrect DNS suffix. If multiple clients are affected, the issue is likely to lie with the server service. One possible reason for this to occur is if the server is offline. Another reason for multiple clients to be affected is if the DNS service configuration is incorrect.

A destination network uses Network Address Translation (NAT). What type of addressing scheme will the network use? A. Private B. Outside Global C. Local D. Inside Global

B A destination network that is using Network Address Translation (NAT) is described as having outside global and outside local addressing schemes. NAT is a service translating between a private (local) addressing scheme used by hosts on the Local Area Network (LAN) or a Demilitarized Zone (DMZ). Local (or private) is when NAT is used to translate the addressing scheme used by hosts on the LAN or DMZ. In a basic NAT status configuration (a simple 1:1), mapping is made between the inside local (private) network address and the public (inside global) address.

Identify the component in a virtual platform that will manage the virtual environment and facilitate interaction with the computer hardware and network. A. Host B. Hypervisor C. Virtual Machine (VM) D. Application virtualization

B A hypervisor, or Virtual Machine Monitor (VMM), manages the virtual environment and facilitates interaction with the computer hardware and network. A host is the platform that will host the virtual environment. Optionally, there may be multiple computers networked together. A Virtual Machine (VM), or guest operating system, is an operating system installed under the virtual environment. The number of operating systems is generally only restricted by hardware capacity. Application virtualization is software that is run on a server and either accessed by a remote desktop client or streamed to the client.

A packet is sent from Host A to Host B. The protocol field contains ESP/50. Analyze the protocols that run directly on Internet Protocol (IP). What information does the packet contain? A. Information which routers use to exchange information about paths B. Information in an encrypted form of Internet Protocol Security (IPSec) C. Information to tunnel packets across an intermediate network D. Information for status messaging

B A package that contains ESP/50 in the protocol field is for Encapsulating Security Payload (ESP) and is used with the encrypted form of Internet Protocol Security (IPSec). ESP/50 is coupled with an Authentication Header (AH/51). An EIGRP/88 protocol field is for an Enhanced Interior Gateway Routing Protocol (EIGRP) and is used by routers to exchange information about paths to remote networks. A GRE/47 protocol field is for Generic Routing Encapsulation (GRE) and is used to tunnel packets across an intermediate network.

A company has a 20% drop in productivity in the previous quarter. Management believes this is due to employees conducting personal business online at work. Management asks the network manager to provide a solution. Recommend a solution for management. A. Deploy a reverse proxy server B. Deploy a content filter C. Deploy a firewall D. Deploy a proxy server

B Content filters, also called web security gateways, are designed for corporate control over employees' Internet use. It can be implemented as a standalone appliance or proxy server software. A reverse proxy server provides for protocol-specific inbound traffic. A reverse proxy can be configured to listen for client requests from a public network and create the appropriate request to the internal server. A packet filtering firewall has the basic function of inspecting packets to determine whether to block them or allow them to pass. A proxy server works on a store-and-forward model. A proxy deconstructs each packet, performs analysis, then rebuilds the packet and forwards it on, providing the packet conforms to the rules.

Consider the features of Protocol Data Units (PDUs) and determine what role encapsulation performs during communications. A. Enables communication between nodes at the same layer B. Describes how data should be packaged C. Describes where data should go D. Enables systems to communicate by exchanging data

B Encapsulation describes how data should be packaged for transmission. The basic process of encapsulation is for the protocol to add fields in a header to the data it receives from an application or other protocol. Same layer interaction is communications between nodes at the same layer. At each layer, for two nodes to communicate, they must be running the same protocol. Addressing is the term used in Protocol Data Units (PDUs) for describing where data should go. A protocol is a set of rules that enable systems to communicate by exchanging data in a structured format.

A software scans files and re-computes a hashsum for the local version. The software then verifies that the hashsum matches the correct value. Evaluate security tools and determine what software is performing this action. A. Signature management B. File Integrity Monitoring (FIM) C. Host-Based Intrusion Protection System (HIPS) D. Host-based Intrusion Detection System (HIDS)

B File Integrity Monitoring (FIM) software audits key system files to make sure they match the authorized versions. FIM does this by computing a secure checksum, also known as a hashsum. Signature management detection means the engine is loaded with a database of attack patterns or signatures. Host-Based Intrusion Prevention System (HIPS) provides an active response that can act to preserve the system in its intended state. HIPS can prevent system files from being modified or deleted. Host-Based Intrusion Detection System (HIDS) captures information from a single host, such as a server, router or firewall.

A user sells large amounts of stolen merchandise online. The user looks to hide the identity of a system used to complete all sales transactions. Which technique would best accomplish this? A. Man-in-the-Middle (MitM) B. Internet Protocol (IP) spoofing C. Sniffing D. Phishing

B Internet Protocol (IP) spoofing is accomplished by changing the source address recorded in the IP packet. IP spoofing can be used to disguise the real identity of the user's host machine. Man-in-the-Middle is a specific method of spoofing where a threat actor sits between two communicating hosts and openly intercepts and relays all communications between them. Sniffing refers to capturing and reading data packets as they move over the network between hosts. Phishing is an email-based attack that attempts to trick users into providing information by appearing as legitimate communications.

A packet is being sent from Network 1 to Network 4. The shortest route is for the packet to use the path 1234. A router fails at Network 3 and the packet uses an alternate path of 1254. This scenario depicts the application of which of the following technology? A. Circuit-switched path B. Packet switching C. Circuit D. Fragmentation

B Packet switching provides the ability for one host to forward information to another using any available path. It is considered robust because it can automatically recover from communications link failures. A circuit-switched path is designed so that routers negotiate a link, then once the connection is established, all communications are forwarded along the same path. If this circuit were broken, the computers would stop communicating immediately. A circuit is a dedicated path established between two locations, such as two routers or two modems. Fragmentation is the capability of the Internet Protocol (IP) to divide large messages into numerous small packets meaning that a single packet can be resent at relatively little cost if it is lost or damaged during transmission.

A host receives a non-authoritative answer from a Domain Name System (DNS) server. What can an administrator infer about the server? A. The server is an authoritative server. B. The server is a cache-only server. C. The server is a primary server. D. The server is a secondary server.

B Servers that do not maintain a zone are referred to as cache-only servers. A non-authoritative answer from a server is one that derives from a cached record, rather than directly from the zone records. Authoritative servers are name servers that hold complete records for a domain. A record in the zone identifies the server as a name server for the domain. Authoritative servers can be either primary or secondary. A primary server means that the zone can be edited. There is not enough information in the scenario to determine if the server is primary or secondary. A secondary server is a server that has a read-only copy of the zone. Secondary servers provide fault tolerance and load balancing.

A network administrator enters information into a routing table. The administrator updates the table when the topology changes. What type of routing is the administrator using? A. Default B. Static C. Learned D. Convergence

B Static routing is defined manually. The table only changes if the administrator edits the table. Any time that the topology changes each router will need to be updated manually. Default routing is a special type of static route that identifies the next hop router for an unknown destination. The default route is used only if there are no matches for the destination in the routing table. A learned route is the one that is communicated to the router by another router, by using a dynamic routing protocol. Convergence is the process whereby routers running dynamic routing algorithms agree on routes through the internetwork.

A host has an Internet Protocol (IP) address of 129.153.138.83. Evaluate classful addressing standards and determine the class of the host's network. A. Class A B. Class B C. Class C D. Class D

B The Internet Protocol (IP) address 129.153.138.83 is part of a Class B network. The first octet range for a Class B network is 128-191 and this IP has a first octet of 129. Hosts in a Class A network have a first octet range of 1-126. This IP has a first octet of 129 and is outside of this range. Hosts in a Class C network have a first octet range of 192-223. This IP has a first octet of 129 and is outside of this range. Class D addresses are 224.0.0.0 through 239.255.255.255 and are used for multicasting.

A user operating Host A opens a web browser and goes to www.mywebsite.com. A Transmission Control Protocol (TCP) connection is established. Simulate the third step that occurs to complete the connection. A. Host A sends a synchronization segment to the server with a randomly generated sequence number. B. Host A responds with an acknowledgement segment. Host A assumes the connection is established. C. The web server responds with a synchronization acknowledgement segment that contains its own randomly generated sequence number. D. The web server opens a connection with Host A and enters the established state.

B The Transmission Control Protocol (TCP) establishes a connection via a three-way handshake. The third step in this connection is for the client to respond with an acknowledgement (ACK) segment. The client assumes the connection is ESTABLISHED. The first step is for the client to send a synchronization (SYN) segment to the server with a randomly generated sequence number. The client enters the SYN-SENT state. The second step is for the server to respond with a SYN/ACK segment, which contains its own randomly generated sequence number. The server enters the SYN-RECEIVED state. The fourth step is for the server to open a connection with the client and to enter the ESTABLISHED state.

A technician has been tasked to determine the baud rate of a connection. Evaluate transmission medium characteristics and determine what the technician will be calculating. A. The amount of information that can be transmitted per second B. The number of symbols that can be transmitted per second C. The combination of signaling speed and encoding method D. The loss of signal strength between two measurements

B The baud rate is the number of symbols that can be transmitted per second. A signal transmitted over a communications channel consists of a series of events referred to as symbols. The baud rate is measured in hertz. The bit rate is the amount of information that can be transmitted, measured in bits per second. The data rate is determined by a combination of signaling speed (baud) and encoding method, but also by distance and noise. Attenuation is the loss of signal strength and is expressed in Decibels (dB). dB expresses the ratio between two measurements.

A network technician discovers that a port with mismatched speed settings are the cause of an outage. Evaluate the types of issues that can occur in a network and determine what type of issue the scenario represents. A. Gateway B. Network Interface C. Dynamic Host Configuration Protocol (DHCP) D. Routing

B The network is experiencing network interface issues. Most adapters and switches successfully autonegotiate port settings. If this process fails, the adapter and port can end up with mismatched speed or duplex settings. If the interface Internet Protocol (IP) configuration is correct, a series of connectivity test using the ping command can be completed to determine where the fault lies, to verify if the netmask or gateway is the issue. The Dynamic Host Configuration Protocol (DHCP) provides IP addressing autoconfiguration to hosts without static IP parameters. Forwarding issues can also occur at layer 3. If a host's default gateway and some hosts on a remote network (but not all) can be pinged, there is a routing problem.

Host A transmits a frame to Host B. The frame is received by a switch into a port buffer. The port buffer holds the frame until it can be processed. When ready, the switch uses a high-speed backplane to send the frame out on port 3 for Host B. Which of the following does this scenario illustrate? A. Flooding B. Microsegmentation C. Autonegotiation D. Port mirroring

B The scenario is describing the actions taken by a switch during microsegmentation. No other devices, such as Host C, will see the activity on the network while this process takes place. If a Media Access Control (MAC) address cannot be found in the MAC address table, the switch acts like a hub and transmits the frame out of all of the ports, except for the source port. This is referred to as flooding. Switches are set to autonegotiate speed (10/100/1000) and full- or half-duplex operations. Port mirroring copies all packets sent to one or more source ports to a mirror, or destination, port.

A small business owner has a home office that consists of two computers and two printers. The network uses one router for connectivity. Which type of network does this scenario illustrate? A. Personal Area Network (PAN) B. Local Area Network (LAN) C. Wide Area Network (WAN) D. Campus Local Area Network (LAN)

B The small business owner is using a Local Area Network (LAN). LANs can be used for small office, home office, residential, and small to medium sized enterprise networks. A Personal Area Network (PAN) is a variety of devices, such as smartphones, tablets, headsets, and printers that are connected via close-range network links. A Wide Area Network (WAN) is a network of networks, connected by long-distance links. A campus LAN can cover a wide range of different types of sites from a whole building, a floor in a building, or multiple buildings.

A network administrator is calculating the throughput between two hosts. The administrator transfers a 2146.5 Megabytes (MB) file in 30 minutes. Solve the throughput between the two hosts in Megabits per second (Mbps). A. 4.55 Mbps B. 9.54 Mbps C. 4.77 Mbps D. 19.09 Mbps

B The throughput for transferring a 2146.5 MB file in 30 minutes is 9.54 Mbps (Megabits per second). 1 B (Byte) = 8 (b) bits. 2146.5 MB (Megabytes) = 17172 Mb (Megabits). 30 minutes = 1800 seconds. 17172 Mb / 1800 secs = 9.54 Mbps. A 4.55 Mbps throughput would account for transferring a 1023.75 MB file in 30 minutes. 1023.75 MB = 8190 Mb. 8190 Mb / 1800 secs = 4.55 Mbps. A 4.77 Mbps throughput would account for transferring a 1071 MB file in 30 minutes. 1071 MB = 8586 Mb. 8586 Mb / 1800 secs = 4.77 Mbps. A 19.09 Mbps throughput would equate to transferring a 4295.25 MB file in 30 minutes. 4295.25 MB file = 34362 Mb. 34362 Mb / 1800 secs = 19.09 Mbps.

Identify the function of a Cloud Access Security Broker. (Select two) A. Enforces access controls from the cloud provider to the enterprise network B. Scans for malware and rogue or non-compliant device access C. Monitors and audits user and resource activity D. Eliminates data exfiltration from managed devices

B and C A Cloud Access Security Broker (CASB) is enterprise management software designed to mediate access to cloud services by users across all types of devices. A CASB scans for malware and rogue or non-compliant device access. A CASB monitors and audits user and resource activity. A CASB enables single sign-on authentication and enforces access controls and authorizations from the enterprise network to the cloud provider, versus from the cloud provider to the enterprise network. A CASB mitigates, not eliminates, data exfiltration by preventing access to unauthorized cloud services from managed devices.

A junior technician escalates a trouble ticket to a senior technician. Which of the following are reasons for the technician to take this action? (Select two) A. The junior technician would escalate to form an action plan. B. The solution requires a major reconfiguration of the network. C. A customer becomes difficult to work with. D. The junior technician would escalate prior to repair even after identifying the problem.

B and C A valid reason to escalate a problem to a senior technician is that the scope of the problem is large, or the solution requires some major reconfiguration of the network. A customer that becomes difficult or abusive should be escalated to a senior technician or manager. A senior technician will have more experience dealing with these types of customers and will be better able to deal with the issue. An action plan would be something one would put in place if they knew what the issue is and were not needing to escalate. A repair would be part of an action plan, if the technician has identified the problem, the technician would proceed with repair.

Compare the Open System Interconnection (OSI) model and the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack and determine which statements accurately distinguish between the two. (Select two). A. The TCP/IP protocol stack consists of 5 layers compared to the 7 layers found in the OSI model. B. The Application layer of TCP/IP consolidates Layers 5-7 of the OSI model. C. PPP, PPTP, and L2TP occur at the Link layer of the TCP/IP protocol stack and occur at Layer 2 of the OSI model. D. TCP and UDP occur at the Internet layer of the TCP/IP protocol stack.

B and C The Application layer of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack covers the Session (layer 5), Presentation (layer 6), and the Application (layer 7) of the Open System Interconnection (OSI) model. Point-to-Point Protocol (PPP), Point-to-Point Tunneling Protocol (PPTP), and Layer 2 Tunneling Protocol (L2TP) all occur at the Link layer of the TCP/IP protocol stack. The TCP/IP protocol stack consists of 4 layers (Link, Internet, Transport, and Application) compared to the 7 layers (Physical, Data Link, Network, Transport, Session, Presentation, and Application) found in the OSI model. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) both occur at the Transport layer of the TCP/IP protocol stack.

Which of the following are generic Top-Level Domain (TLD) examples? (Select two) A. .edu B. .org C. .com D. .ca

B and C The Domain Name System (DNS) is a hierarchical system of distributed name server databases that contain information on domains and hosts within those domains. There are several types of Top-Level Domains (TLDs). One example of a generic TLD is .net. Other examples include .info and .biz. An example of a generic TLD is .com. This generic TLD is one of the most popular and widely used. The TLD .edu is an example of a sponsored TLD. Another example of a sponsored TLD is .gov. The TLD .ca is an example of a country code TLD. This TLD is used for Canada. Other examples include .uk (United Kingdom) and .de (Germany).

Host A sends a file to Host B. The router uses Neighbor Discovery (ND) to determine the interface address of the destination host and encapsulates the packet for delivery. This scenario validates which of the following statements? (Select two) A. The network operates on Internet Protocol version 4 (IPv4). B. The network operates on Internet Protocol version 6 (IPv6). C. The hosts are located on the same network. D. The router is using the default route.

B and C The network is operating on Internet Protocol v6 (IPv6). Neighbor Discovery (ND) uses IPv6 to determine the interface address of the destination host and encapsulates the packet in the appropriate frame format for delivery. The hosts are on the same network. ND is used for directly connected routes and directly connected routes are used for subnets to which the router is directly attached. Internet Protocol version 4 (IPv4) uses Address Resolution Protocol (ARP), not ND, to determine the interface address of the destination host. The default route is 0.0.0.0/0 (IPv4) or :/0 (IPv6), and is used if no route exists.

Differentiate between the characteristics of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). (Select two) A. Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4) both only use values 0-9. B. Internet Protocol version 6 (IPv6) uses hexadecimal numbering while Internet Protocol version 4 (IPv4) uses decimal numbering. C. Internet Protocol version 6 (IPv6) uses an Options field in the header while Internet Protocol version 4 (IPv4) uses extension headers. D. Internet Protocol version 6 (IPv6) is a 128-bit addressing scheme while Internet Protocol version 4 (IPv4) is a 32-bit addressing scheme.

B and D Internet Protocol version 6 (IPv6) uses hexadecimal numbering due to the long sequences of bytes used in IPv6. Internet Protocol version 4 (IPv4) uses decimal numbering. IPv6 is a 128-bit addressing scheme while IPv4 is a 32-bit addressing scheme. The increase in size addresses space issues with IPv4. The 128-bit scheme allows for 340 undecillion unique addresses. IPv6 uses numeral values 0-9 and also characters A-F. IPv4 only uses values 0-9. IPv6 uses extension headers which replaced the Options field found in IPv4. The extension headers are predefined and cover functions such as fragmentation and reassembly, security, and source routing.

Which of the following provides an accurate depiction of network segmentation? (Select two) A. A switch is required to communicate outside of a Virtual Local Area Network (VLAN). B. Access controls enforce network segmentation. C. The networks are physically and logically separate. D. Segmentation can mitigate attacks by restricting it to a smaller group of hosts.

B and D Network segmentation may use Virtual Local Area Networks (VLANs), subnets, Virtual Private Networks (VPNs), and host virtualization. All of these types of systems enforce network segmentation by deploying access controls. Segmentation can mitigate attacks by restricting it to a smaller group of network hosts. An attack will affect fewer machines versus the entire network. A router is required to communicate outside of a Virtual Local Area Network (VLAN). The routers can be equipped with a firewall that applies additional rules to what is allowed in and out of the network. A switch restricts it to communications designated for the VLAN. The networks are not physically separate, but they are logically separate.

A network administrator is tasked with designing Session Initiation Protocol (SIP) Uniform Resource Indicator (URI). Develop two SIP URIs for a user named Sam Walker that works for mywebsite.com. The user's phone number is 123-456-7890. (Select two) A. sip:sam.walker.mywebsite.com B. sip:[email protected] C. sip:sam.walker.1234567890 D. sip:sam.walker@1234567890

B and D Session Initiation Protocol (SIP) endpoints are the end-user devices, such as Internet Protocol (IP)-enabled handsets or client and web conference software. Each device is assigned a unique SIP Uniform Resource Indicator (URI). One possible SIP in this scenario is sip:[email protected]. Another possible SIP in this scenario is sip:sam.walker@1234567890. This SIP uses the users name and phone number to create the unique address. The SIP sip:sam.walker.mywebsite.com is missing the "@" symbol prior to the mywebsite.com. This is a necessary symbol in SIP development. The SIP sip:sam.walker.1234567890 is also missing the "@" symbol prior to the phone number.

Differentiate between the characteristics of a Local Area Network (LAN) and a Wide Area Network (WAN). A. A LAN is limited in size and typically has less than 1000 nodes while a WAN is unlimited in size. B. A WAN is limited in size and typically has less than 1000 nodes while a LAN is unlimited in size. C. A LAN is a network with one geographic location while a WAN is spread across multiple geographic locations with shared links. D. A WAN is a network with one geographic location while a LAN is spread across multiple geographic locations with shared links.

C A network in a single location is often described as a Local Area Network (LAN). Networks in different geographic locations with shared links are called Wide Area Networks (WANs). A LAN does not have a limit to the size of the network and can include residential networks with a couple of nodes to an enterprise network with thousands of nodes. A WAN does not have a limit to the size of the network. A WAN may consist of two locations, each containing a small number of nodes or consisting of hundreds of locations with thousands of nodes. A WAN is spread across several geographic locations with shared links while a LAN has a single geographic location.

A packet is being sent from a host on Network A to a host on Network B. A layer 3 network address determines the forwarding decision and a table determines the interface to use to forward the packet. What type of device is making the forwarding decision? A. Hub B. Bridge C. Router D. Switch

C A router is being utilized on the network. Routers make forwarding decisions based on layer 3 network addresses and they use a routing table to determine the next hop interface to use to forward a packet. A switch makes forwarding decisions based on layer 2 Media Access Control (MAC) addresses. When devices communicate with different network segments through switches, they are limited to hosts within the same broadcast domain. A hub does not use routing tables and broadcasts data across all of the network connections. A bridge connects two Local Area Networks (LANs) and do not reroute packets.

Which device is high performing and deploys to combine links in a large enterprise or service provider's infrastructure? A. Routers B. Layer 3 switches C. Aggregation Switches D. Top-of-Rack (ToR) switches

C Aggregation switches are used for very high-performing switches deployed to aggregate links in a large enterprise or service provider's infrastructure. This increases the Gigabits per second for access and uplink ports. Routers provide connectivity between subnetworks based on their Internet Protocol (IP) address. Layer 3 switches have the ability to route traffic efficiently between Virtual Local Area Networks (VLANs). On a campus Ethernet network, the internal routers will typically be moving traffic between VLANs. Top-of-Rack (ToR) switches are models designed to provide high-speed connectivity to a rack of server appliances.

A network administrator needs to extend the distance of the network and would also like to segment the network. What should the system administrator deploy to accomplish this? A. Broadcast domain B. Crossover cable C. Bridge D. Hub

C An Ethernet bridge provides communications between two or more segments. A bridge can extend the maximum distance of a network and can also be used to segment the network. Segments on different bridge ports are in separate collision domains but are in the same broadcast domains. A broadcast domain is not implemented to segment the network. Crossover cables can be used to link hubs together. A hub acts like a repeater so that every port receives transmissions sent from any other port. A hub extends the maximum distance of a network but does not segment a network.

A company has several networks and subnets within a single location. Host A is located on the 192.153.1.0/24 subnet. Host B has the Internet Protocol (IP) address 192.153.2.16 and is connected to the same layer 3 switch as host A. Communication between these hosts require two hops. What does this scenario simulate? A. Remote network routes B. Host routes C. Direct network routes D. Default routes

C Direct network routes are for subnets to which the router is directly attached. Both hosts are on different subnets; a host will hop first to its gateway IP address before reaching the other host in the second hop. Remote network routes are for subnets and IP networks that are not directly attached. Communication will go out of the local gateway and over to other routers on the network. Host routes are routes to a specific IP address. An IP address with a netmask of 255.255.255.255 is an example of a single host route. Default routes are used when a better network or host route is not found.

Identify the layer of the Open Systems Interconnection (OSI) model where the Domain Name System (DNS) resides. A. Network B. Transport C. Application D. Data

C Name resolution protocols, such as the Domain Name System (DNS) sit at the Application layer (layer 7) of the Open Systems Interconnection (OSI) model. The Network layer (layer 3) has the Internet Protocol (IP) as one of the protocols that sit at this layer. IP is responsible for routing data between networks. The Transport layer (layer 4) subdivides datagrams. This layer has the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). The Data layer (layer 2) defines the format of data. The layer's header identifies the Media Access Control (MAC) address of both the sender and receiver of packets.

What are the interconnections between switches that provide redundant links? A. Access port B. Tagged port C. Trunk D. Inter-Switch Link

C One switch will not provide enough ports for all of the hosts on a large network. Multiple switches must be interconnected to build the network fabric. The interconnections between switches are referred to as trunks. A port that will only participate in a single Virtual Local Area Network (VLAN) can be configured as untagged, which is also referred to as an access port. A tagged port will normally be one that is operating as a trunk, meaning it is capable of transporting traffic addressed to multiple VLANs. An Inter-Switch Link (ISL) was once used to preserve frames for the receiving switch to forward it correctly across trunks.

A small company has a single public address assigned by its Internet Service Provider (ISP). Recommend a solution to the company that will control communications for Internet-based applications. A. Port forwarding B. Network Address Translation (NAT) C. Port Address Translation (PAT) D. Dynamic Network Address Translation (DNAT)

C Smaller companies may only be allocated a single address by their Internet Service Providers (ISPs). A means for multiple private Internet Protocol (IP) addresses to be mapped onto a single public address would be useful, and this function is provided by Port Address Translation (PAT). Port forwarding, known as Destination Network Address Translation (DNAT), uses the router's public address to forward incoming requests to a different IP. Network Address Translation (NAT) is a service that translates between a private and public addressing scheme, used by an Internet-facing device. Dynamic NAT is when the NAT device exposes a pool of public IP addresses, and the service builds a table of public to provide address mappings.

Under which of the following conditions is the FORWARD firewall chain used? A. An administrator is editing the rules enforced by the Linux kernel firewall. B. A user attempts to Secure Shell (SSH) into a Linux server. C. A Linux system is performing Network Address Translation (NAT). D. A user attempts to ping a web address.

C The FORWARD firewall chain is used for connections that are passing through a server, rather than being delivered locally. The command iptables is a command line utility provided by many Linux distributions that allows administrators to edit the rules enforced by the Linux kernel firewall. The INPUT firewall chain is used for incoming connections. An example is if a user attempts Secure Shell (SSH) into the Linux server. The OUTPUT firewall chain is used for outgoing connections. An example is if a user attempts to ping a web address, iptables will check its output chain to see what the rules are regarding ping and the web address.

What protocol allows for multiple physical routers that each require unique Internet Protocol (IP) addresses, to serve as a single default gateway for a subnet? A. Virtual Router Redundancy Protocol (VRRP) B. Routing Information Protocol (RIP) C. Hot Standby Router Protocol (HSRP) D. Border Gateway Protocol (BGP)

C The Hot Standby Router Protocol (HSRP) allows for multiple physical routers to serve as a single default gateway for a subnet. To do this, each router must have an interface connected to the subnet, with its own Internet Protocol (IP) address. The Virtual Router Redundancy Protocol (VRRP) is similar to HSRP with a primary difference of the routers do not require unique IP addresses. The Routing Information Protocol (RIP) is a long-established distance vector-based routing protocol that uses a hop count metric to determine the distance to the destination network. The Border Gateway Protocol (BGP) is designed to be used between routing domains and is used as the routing protocol on the Internet, primarily between Internet Service Providers (ISPs).

Compare the features of reserved address ranges and determine the purpose of Internet Protocol (IP) address 169.254.0.0. A. Clients use it as a source address for a Dynamic Host Configuration Protocol (DHCP) lease. B. Hosts use it to broadcast to the local network. C. Hosts use it for automatic private addressing. D. It is set aside for use in documentation and examples.

C The Internet Protocol (IP) address 169.254.0.0 to 169.254.255.255 is used by hosts for automatic private IP addressing. Reserved address ranges are for special use only and are not publicly routable. The IP address 0.0.0.0/8 is used when a specific address is unknown. This is typically used as a source address by a client seeking a Dynamic Host Configuration Protocol (DHCP) lease. The IP address 255.255.255.255 is used to broadcast to the local network when the local network address is not known. The IP addresses 192.0.2.0/24, 198.51.100.0/24, and 203.0.113.0/24 are set aside for use in documentation and examples.

Summarize the functions of the Link layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack. A. The Link layer establishes connections between the different applications that the source and destination hosts use to communicate. B. The Link layer is where many of the high level protocols can be run, such as File Transfer Protocol (FTP). C. The Link layer defines the host's connection to the network media and includes the hardware and software involved in the interchange of frames between hosts. D. The Link layer provides addressing and routing functions along with the ability to fragment large frames from the Network Interface layer into smaller packets.

C The Link layer defines the host's connection to the network media and includes the hardware and software involved in the interchange of frames between hosts. The Transport layer establishes connections between the different applications that source and destination hosts are communicating with. It breaks Application layer information into segments. The Application layer is the layer at which many Transmission Control Protocol/Internet Protocol (TCP/IP) services (high level protocols) can be run, such as File Transfer Protocol (FTP). The Internet layer provides addressing and routing functions. It also provides the ability to fragment large frames from the Network layer into smaller packets.

A technician is converting an analog input to digital. The technician is using the Nyquist theorem to determine the Kbps needed. The frequency range is 10,000 Hz and the sample size is 1 byte. Calculate the total Kbps the conversion requires. A. 80 Kbps B. 20 Kbps C. 160 Kbps D. 10 Kbps

C The Nyquist theorem calls for the sampling rate to be twice the signal bandwidth. In this scenario, the frequency range is 10,000 Hertz (Hz) and twice the rate is 20,000 Hz, which converts to 20 Kilohertz (KHz). The sample size is 1 byte, which equals 8 bits. To determine the Kilobits per second (Kbps), multiply 20 KHz x 8 bits. The Kbps required is 160. The technician may return an incorrect Kbps of 80 if the original frequency range is not doubled. 20 KHz is the result after doubling the frequency range. 10 Kbps could be incorrectly calculated by converting the original 10,000 Hz to 10KHz then multiplying by 1 byte.

A client uses the command STARTTLS. Explain what will occur as a result. Establish a secure connection before any Simple Mail Transfer Protocol (SMTP) commands. Verify a user name or email address. Upgrade an existing unsecure connection. Invert roles between client and server.

C The command STARTTLS is used to upgrade an existing unsecure connection to use Transport Layer Security (TLS). This is also referred to as explicit TLS or opportunistic TLS. The command SMTPS is used to establish a secure connection before any Simple Mail Transfer Protocol (SMTP) commands (HELO, for instance) are exchanged. This is also referred to as implicit TLS. The command VRFY is used to verify a user name or email address in SMTP. The command TURN is used to invert the roles between a client and server without the need to start a new connection.

A company hires a cloud service to provide servers, load balancers, and storage area network (SAN) devices. What cloud service type is the company using? A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Infrastructure as a Service (IaaS) D. Something as a Service (Saas)

C The company is using Infrastructure as a Service (IaaS). This is a means of provisioning resources, such as servers, load balancers, and Storage Area Network (SAN) components, quickly. Software as a Service (SaaS) is a different model of provisioning software applications. The company would be able to use pay-as-you-go or a lease arrangement versus buying a set number of licenses. Platform as a Service (PaaS) is between SaaS and IaaS. The company may provide hardware and a web application but not configure it. The company's developers would create the software that runs using the platform. Something as a Service (Saas) refers to something as infrastructure, platform, or software. The models IaaS, SaaS, and PaaS are the types of services.

A network administrator is deploying a mesh network topology. The network has 20 nodes. Calculate the number of links required for this deployment. A. 20 B. 19 C. 190 D. 200

C The formula for determining the number of links required for a mesh network topology is n(n-1)/2, where n is the number of nodes. This scenario would be 20(20-1)/2 = 20(19)/2 = 380/2 = 190 The count of 200 links may be stated if the administrator forgot to subtract 1 from the equation prior to multiplying and dividing. The count of 20 could be incorrectly stated if it is believed that one link per node is required. The count of 19 could be incorrectly stated if the administrator simply subtracted 1 from the node count.

A frame with a payload of 32 bytes is attempting to transmit over an Ethernet network. Decide what will occur. A. The payload will fail to transmit based on minimum size. B. The payload will transmit due to being under the maximum size. C. The payload will receive extra padding with redundant data to increase the size. D. The payload will experience a reduction in size due to being over the maximum size.

C The minimum length of an Ethernet frame is 64 bytes, so the payload must be at least 46 bytes. If the payload is less than 46 bytes it is automatically padded with redundant data. The payload will not fail to transmit based on being under the required size minimum. Instead, it will be padded with redundant data. The payload has both a minimum and maximum size requirement. A payload that is under the maximum but also under the minimum must be padded prior to being transmitted. The standard maximum Ethernet frame is 1518 bytes and this transmission is well below the maximum.

A network manager needs to secure a critical client. The manager's primary goal is to prevent modification of the system. Which can the manager use to prevent modification of the system? A. Host-Based Intrusion Detection System (HIDS) B. Signature-Based Detection C. Host-Based Intrusion Prevention System (HIPS) D. Unified Threat Management Device

C The network manager can use a Host-Based Intrusion Prevention System (HIPS). HIPS provides active response and can act to preserve the system in its intended state and prevent system files from being modified or deleted. A Host-Based Intrusion Detection System (HIDS) captures information from a single host, such as a server, router, or firewall. Signature-based detection means the engine is loaded with a database of attack patterns or signatures. Unified Threat Management (UTM) refers to a system that centralizes various security controls such as firewall, anti-malware, network intrusion prevention, and spam filtering into a single appliance.

A network manager becomes aware of network degradation. The manager uses the Computing Technology Industry Association (CompTIA) Network+ troubleshooting methodology. Analyze this methodology and determine the third troubleshooting step the manager will employ. A. Establish a theory of probable cause. B. Establish a plan of action. C. Test the theory to determine cause. D. Implement the solution or escalate, as necessary.

C The third step in the Computer Technology Industry Association (CompTIA) Network+ troubleshooting methodology is to test the theory to determine cause. The manager will move to step four if the theory is confirmed and will go back to step two if the theory is not confirmed. The second step is to establish a theory of probably cause. This is accomplished by questioning the obvious and considering multiple approaches. The fourth step is to establish a plan of action to resolve the problem and identify potential effects. The fifth step is to implement the solution or escalate, as necessary.

Identify Type I hypervisors that run on a bare metal virtual platform. (Select two) A. Parallels B. Virtual Box C. XENServer D. Hyper-V

C and D A bare metal virtual platform means that the hypervisor (Type I hypervisor) is installed directly onto the computer. One example of this type of hypervisor is Citrix's XENServer. Another example of a Type I hypervisor is Microsoft's Hyper-V. The hardware needs to support only the base system requirements for the hypervisor, plus resources for the type and number of guest Operating Systems (OSes) that will be installed. In a guest OS, or host-based, system, the hypervisor application (Type II hypervisor) is itself installed onto a host operating system. One example of this type of hypervisor is Parallels Workstation. Another example of a Type II hypervisor is Oracle Virtual Box.

How many bits is the Network ID in the Internet Protocol (IPv6) global unicast address format? A. 3 B. 16 C. 64 D. 45

D The Network ID portion of Internet Protocol version 6 (IPv6) global unicast address format is 45-bits. They are allocated in a hierarchical manner to regional registries, Internet Service Providers (ISPs), and end users. The first 3 bits indicate that the address is within the global scope. In hexadecimal, globally scoped unicast address will start with a 2 (0010) or 3 (0011). The Subnet is 16 bits and identifies the site-specific subnet address. The final 64 bits in the IPv6 global unicast address format is reserved for the Interface ID. This completes the 128-bit addressing scheme.

Two hubs are connected by a crossover cable on port 1 on both ends. Multiple hosts are connected to both hubs. Select the statements that accurately demonstrate the functionalities of hosts and/or hubs in this example. (Select all that apply) A. A host sends frames using its receive (Rx) pair. B. Hub A performs a crossover and floods the regenerated transmission through its receive (Rx) pair. C. A host receives data packets on its receive (Rx) pair from Hub B. D. Hub A receives a transmission from Hub B at port 1 on its receive (Rx) pair.

C and D A host receives data packets on its receive (Rx) pair when connected to a hub. A host will send data packets on its transmit (Tx) pair. The crossover cable connecting two hubs via port 1 will allow Hub A to receive a proper transmission on its Rx pair. Hub B will send the transmission from its Tx pair. A host sends frames using its Tx pair. A host receives frames using its Rx pair. A hub will perform a crossover and flood a regenerated transmission through other ports using each ports' Tx pair. Each host connected to those ports will receive the transmission via their Rx pair.

Evaluate the roles of Layer 1 and Layer 2 of the Open Systems Interconnection (OSI) model. Which of the following devices are part of Layer 2? (Select two) A. Hub B. Modem C. Bridge D. Network Interface Card

C and D Layer 2 is the Data Link layer. This layer is responsible for transferring data between nodes on the same logical segment. A bridge joins two network segments while minimizing the performance reduction. A Network Interface Card (NIC) joins a host to network media and enables it to communicate over the network by assembling and disassembling frames. Layer 1 is the Physical layer. A node is any device that can communicate on the network and can be used to describe endpoint devices or forwarding devices. A hub is a multiport repeater deployed as the central point of connection for nodes. A modem is a device that converts between digital and analog signal transmissions and is found at the Physical layer.

Windows machines on a network are failing to obtain an Internet Protocol (IP) configuration. Analyze this type of network issue and determine possible reasons for this failure. (Select two) A. The Dynamic Host Configuration Protocol (DHCP) reservation has not been configured. B. The client has been configured without a Domain Name System (DNS) address. C. The device time is not set correctly and the Internet Protocol (IP) address shows as expired. D. There are no more addresses available in the current scope.

C and D The Dynamic Host Configuration Protocol (DHCP) provides automatic Internet Protocol (IP) addressing to hosts with an expiration time and date. If the host time is incorrect, it may think the lease has expired and continue to release and renew until the time is corrected. The DHCP pool is a range of IP addresses to lease out. If IP addresses are exhausted, new requests cannot be fulfilled. A DHCP reservation is a permanent IP address assignment to a host. Even if a reservation pool is not configured, a standard DHCP pool can still provide IP addresses to requesting hosts, if available. If the client has been configured without a Domain Name System (DNS) address, then a name resolution issue will occur.

Explain how the Transmission Control Protocol (TCP) provides reliability. (Select two) A. Breaks Packet Data Units (PDUs) from the Network layer into a segment format B. Enables the sending host to tell the other host when sending rate must be slowed C. Performs a handshake to establish and end connections D. Provides a Negative Acknowledgement (NACK) when packets are lost or damaged

C and D The Transmission Control Protocol (TCP) provides orderly connection establishment and teardown. The client and server perform a handshake to establish and end connections. TCP provides a Negative Acknowledgement (NACK) when packets are lost or arrive in a damaged state. The NACK forces retransmission. TCP breaks Packet Data Units (PDUs) from the Application layer into a segment format and uses sequence numbers to allow the receiver to rebuild the message. TCP provides flow control, which enables one side to tell the other when the sending rate must be slowed. This is not limited to only the sending host.

A network manager is configuring a management and monitoring system for a network. Recommend guidelines that the administrator can utilize for the configuration. (Select two) A. Configure the server to provide information to the monitoring system. B. Install the monitoring system on each host on the network. C. Identify metrics to use for monitoring network health and performance. D. Record baseline measurements for selected metrics.

C and D The administrator will identify metrics to use to monitor network health and performance. The administrator will also record baseline measurements for the selected metrics. This will allow the administrator to view changes over a period of time and after significant network modifications. The endpoints will be configured to provide information to the management and monitoring system, versus the server. The systems management software will be installed on a secure server or workstation, ensuring that it meets the processor and storage requirements for the number of hosts that are being monitored.

Which of the following is a weakness that causes security breach when an accidental trigger or intentional exploit occurs? A. Threat B. Exploit C. Risk D. Vulnerability

D A vulnerability is a weakness that could be accidentally triggered or intentionally exploited to cause a security breach. A threat is the potential for a threat agent or threat actor (something or someone that may trigger a vulnerability accidentally or exploit it intentionally) to exercise a vulnerability. The path or tool used by the threat actor can be referred to as the threat vector. An exploit is a specific means of using a vulnerability to gain control of a system or damage it in some way. A risk is the likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

Host A and Host B are on the same local network. Host A sends a communication to Host B. Local address resolution is a five-step process, and some of the steps are listed below. Select the fourth step that will occur as local address resolution takes place. A. Host A checks its Address Resolution Protocol (ARP) table cache for the required hardware address of Host B. B. Host A receives a reply, updates its cache table, and establishes communication. C. If the Media Access Control (MAC) address is not present in cache, Address Resolution Protocol (ARP) will build a request and broadcast it onto the network. D. If Host B recognizes its own address, it updates its cache with the Media Access Control (MAC) address of Host A and then replies to Host A.

D Both the sending and receiving hosts are on the same local network. The fourth step in local address resolution is if the target host recognizes its own address, it updates its cache with the Media Access Control (MAC) address of the source host. It then replies to the source host. The first step is the source host checks its Address Resolution Protocol (ARP) table cache for the required hardware address of the destination host. The fifth step is the source host receives a reply, updates its cache table, and communication is established. The second step is if the MAC address is not present in cache, ARP builds a request and broadcasts it onto the network.

Two nodes are communicating over a fiber optic cable connection. Evaluate the types of transmission media and determine which of the following use two nodes to conduct their communication. A. Digital Signaling B. Line Coding C. Unbounded media D. Bounded media

D Bounded media, also called cabled, is a physical signal conductor that connects two nodes. Examples of this type of transmission media are fiber optic cable and copper connections. Many transmission media and network products support simple digital signaling, but this is not a type of transmission media. Line coding is a transmission technique used by digital signaling and is also not a type of transmission media. Line coding is essentially a series of discrete pulses. Unbounded media, also called wireless, uses free space between nodes, such as microwave radio.

A signal is on both the transmit and receive lines of a cable at the same time. The node broadcasts a jam signal and one node waits for three seconds while the second node waits five seconds to resend the transmit. This is an example of which of the following Carrier Sense Multiple Access (CSMA) protocols? A. Carrier sense B. Multiple access C. Collision avoidance D. Collision detection

D Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol defines methods for detecting a collision on different types of media. When a signal is present on the interface's transmit and receives lines simultaneously, the node will broadcast a jam signal. CSMA with Collision Avoidance (CA) use schemes such as "request to send" to gain access to the media. Nodes listen to the media before transmitting and transmit only if the media is clear. Carrier sense detects activity on the media. This is the first part of CSMA and is not one of the two protocols. Multiple Access is for multiple nodes using the same media and is the second part of CSMA and is not one of the protocols.

Summarize the role of Layer 6 in the Open System Interconnection (OSI) model. A. Provides an interface for software programs on network hosts that have established a communications channel B. Administers the process of establishing the dialog, managing data transfer, and then ending the session C. Moves data around an internetwork using logical network and host IDs D. Transforms data between the format required for the network and the format required for the application

D Layer 6 is known as the Presentation layer. This layer transforms data between the format required for the network and the format required for the application. The Application layer, Layer 7, provides an interface for software programs on network hosts that have established a communications channel to exchange data. The Session layer, Layer 5, represents the dialog control functions that administer the process of establishing the dialog, managing data transfer, and then ending the session. This can occur via simplex, half-duplex, or duplex. The Network layer, Layer 3, is responsible for moving data around a network of networks, known as an internetwork, using logical network and host IDs. The networks are often heterogeneous.

A network uses Internet Protocol version 6 (IPv6) and the Domain Name System (DNS) servers are using a security protocol (DNSSEC). A network administrator is troubleshooting why some record transfers are too large. What port should be configured on the DNS server to allow the large record transfers? A. User Datagram Protocol (UDP) port 37 B. Transmission Control Protocol (TCP) port 37 C. User Datagram Protocol (UDP) port 53 D. Transmission Control Protocol (TCP) port 53

D The Transmission Control Protocol (TCP) port 53 allows larger record transfers (over 512 bytes) on Domain Name System (DNS) servers. Larger transfers might be required if Internet Protocol version 6 (IPv6) is deployed on the network or if the DNS server is using a security protocol (DNSSEC). A DNS server is usually configured to listen for queries on the User Datagram Protocol (UDP) port 53. In this scenario, this is likely the configured protocol prior to troubleshooting. UDP port 37 is used for the time protocol. This provides a host the date and time. TCP port 37 is also used for the time protocol, which provides a host the date and time.

A network administrator is testing an application's communication with another server. However, it seems the server is not receiving communication via port 23. What command can an administrator run in the command line to verify if the server is listening on port 23? A. netstat -r | find ":23" B. netstat -sp | find ":23" C. netstat -o | find ":23" D. netstat -an | find ":23"

D The administrator can use netstat -an | find ":23" to confirm if the server is listening on port 23. The -a switch displays all connections and the -n switch displays ports and addresses in numerical format. Finding ":23" will filter results to that exact port number in the same way it is displayed. The -r switch in the netstat command will display the IP routing table in the command line window. The -s switch in the netstat command will display protocol statistics, such as packets received, errors and discards. The -p switch displays connections by protocol. The -o switch shows the process identifier (PID) number that is associated with each connection displayed in the command line window.

What connectivity logging tool can an administrator use that provides passive detection by logging incidents and displays alerts at the management interface? A. Network-Based Intrusion Prevention Systems (NIPS) B. Host-Based Intrusion Protection System (HIPS) C. Host-Based Intrusion Detection System (HIDS) D. Network-Based Intrusion Detection System (NIDS)

D The basic functionality of Network-Based Intrusion Detection Systems (NIDS) is to provide passive detection by logging intrusion incidents and to display an alert at the management interface or to email the administrator account. A Network-Based Intrusion Prevention System (NIPS) can provide an active response to any network threats that it matches. A Host-Based Intrusion Protection System (HIPS) provides an active response that can act to preserve the system in its intended state. HIPS can prevent system files from being modified or deleted. A Host-Based Intrusion Detection System (HIDS) captures information from a single host, such as a server, router, or firewall.

A film production company needs to deploy a new Ethernet solution. The company requires high bandwidth data transfers and needs a maximum distance of 18 miles. Which of the following is the best solution for the company? A. 1000BASE-SX B. 1000BASE-LX C. 10GBASE-LR D. 10GBASE-ER

D The best solution for the company is going to be a 10-Gigabit Ethernet (10GbE) solution. This multiplies the nominal speed of Gigabit Ethernet by a factor of 10. A 10GBASE-ER specification coupled with a Single Mode Fiber (SMF) 9/125 will provide a maximum distance of 25 miles or 40 kilometers. Gigabit Ethernet specifications start with 1000BASE- and is 10 times faster than Fast Ethernet. A 1000BASE-SX will provide a maximum distance of 721 feet or 220 meters. A 1000BASE-LX will reach a maximum distance of 3.1 miles or 5 kilometers. A 10GBASE-LR will not meet the distance requirement as the maximum is 6.2 miles or 10 kilometers.

A system administrator enters ipconfig /all into a command prompt. What will be a result of this action? A. The command will force a Dynamic Host Configuration Protocol (DHCP) to renew the lease. B. The command will release the Internet Protocol (IP) address obtained by the Dynamic Host Configuration Protocol (DHCP). C. The command will register the host with a Domain Name System (DNS) server. D. The command will allow the administrator to confirm if the Dynamic Host Configuration Protocol (DHCP) is enabled.

D The command ipconfig /all displays the configuration parameters for each interface to which the Transmission Control Protocol/Internet Protocol (TCP/IP) is bound, including whether the Dynamic Host Configuration Protocol (DHCP) is enabled for the interface. The command ipconfig /renew will force a DHCP client to renew the lease it has for an IP address. The command ipconfig /release will release the IP address obtained from a DHCP server so that the interface(s) will no longer have an IP address. The command ipconfig /registerdns will register the host with a Domain Name System (DNS) server, if it supports dynamic updates.

A company's network connects to a telecommunications carrier over a digital trunk line. Evaluate telecommunications hardware and software and determine what the company is utilizing. A. Voice over Internet Protocol (VoIP) gateway B. Foreign Exchange Office (FXO) gateway C. Voice over Internet Protocol (VoIP)-based Private Branch Exchange (PBX) D. Time Division Multiplexing (TDM)-based Private Branch Exchange (PBX)

D The company has implemented a Time Division Multiplexing (TDM)-based Private Branch Exchange (PBX). A TDM-based PBX connects to the telecommunications carrier over a digital trunk line, which will support multiple channels. A Voice over Internet Protocol (VoIP) PBX uses the organizations Internet link to connect to a VoIP service provider, which facilitates the inward and outward dialing to voice-based telephone networks. A VoIP gateway is a means of translating between a VoIP system and voice-based equipment and neworks, such as Public Switched Telephone Network (PSTN) lines. A Foreign Exchange Office (FXO) gateway is an analog version of a VoIP gateway.

A network administrator needs to update a routing table in Windows. The destination Internet Protocol (IP) is 192.168.6.0. The subnet mask for the destination IP is 255.255.0.0. The router's IP is 192.168.7.1 and the cost of the route is 4. Develop the command that will add this route to the table. A. route add 192.168.7.1 mask 255.255.0.0 192.168.6.0 metric 4 B. route add 192.168.6.0 192.168.7.1 mask 255.255.0.0 cost 4 C. route add 192.168.6.0 mask 255.255.0.0 192.168.7.1 cost 4 D. route add 192.168.6.0 mask 255.255.0.0 192.168.7.1 metric 4

D The correct command to add this route to the table is route add 192.168.6.0 mask 255.255.0.0 192.168.7.1 metric 4. The proper syntax is route add DestinationIP mask Netmask GatewayIP metric MetricValue. If the host is multi-homed, the interface will complete the syntax. The command route add 192.168.7.1 mask 255.255.0.0 192.168.6.0 metric 4 has the DestinationIP and the GatewayIP reversed in the syntax. The command route add 192.168.6.0 192.168.7.1 mask 255.255.0.0 cost 4 has the mask and GatewayIP reversed, and has the metric mislabeled as cost. The command route add 192.168.6.0 mask 255.255.0.0 192.168.7.1 cost 4 has the metric incorrectly labeled as cost.

A network administrator implements traffic policies for routing boundaries. Which layer of the network hierarchy will perform this function? A. Access B. Core C. Data Center D. Distribution

D The distribution layer provides fault-tolerant interconnections between different access blocks and either the core or other distribution blocks. This layer can be used to implement traffic policies such as routing boundaries. The access layer allows end-user devices, such as computers and printers, to connect to the network. The core layer provides a highly available network backbone. Devices such as client and server computers should not be attached directly to the core. The data center layer is a network area that hosts network services, such as authentication, application servers, and storage area networks.

Analyze the characteristics of a routing table. What is the purpose of the interface parameter? A. Provides the ability to define routes to specific hosts B. Provides the Internet Protocol (IP) address of the next router along the path C. Provides a preference value assigned to the route with lowest values having priority D. Provides the local port to use to forward a packet along the chosen route

D The interface parameter provides the local port to use to forward a packet along the chosen route. The destination (Internet Protocol) IP address and netmask parameter provides the ability to define routes to specific hosts but are more generally directed to network identification. The gateway, or next hop, parameter provides the IP address of the next router along the path. The metric parameter provides a preference value assigned to the route. The low values are preferred over high values. The value of the metric may be determined by various parameters.

The help desk receives an increase in calls from employees stating that the network is slow. A network manager uses a network performance tool and notices that 10% of the end user devices are using 80% of the network. Further investigation reveals that the users with the most bandwidth are streaming music. What is occurring on the network? A. Throughput B. Top talkers C. Thresholds D. Bottleneck

D The network is experiencing a bottleneck. A bottleneck is a point of poor performance that reduces the productivity of the whole network. The users streaming music to their device is causing a reduction in available bandwidth which is slowing down resources for other users. Throughput is the amount of data flowing through a network. Throughput is tested by sending a packet from Host A to Host B and measuring the amount of time it takes to arrive at the destination. Top talkers are interfaces generating the most outgoing traffic, in terms of bandwidth. Thresholds can be used to trigger a trap alert and are configured using a management system.

A network manager creates new zones for the network. Recommend a security device that controls traffic between the zones. A. Demilitarized Zone B. Proxy C. Bastion host D. Firewall

D The network manager will use a firewall to control traffic between zones. A firewall is software or hardware that filters traffic passing into and out of a network segment. A Demilitarized Zone (DMZ) is an Internet-facing host that accepts inbound connections from the Internet. If communication is required between hosts on either side of a DMZ, a host within the DMZ will act as a proxy. Bastion hosts are hosts in the DMZ that are not fully trusted by the internal network because of the possibility that they could be compromised from the Internet.

What describes the placement of nodes and how they connect with network media? A. Point-to-point B. Physical bus C. Logical topology D. Physical topology

D The physical network topology describes the placement of nodes and how they are connected by the network media. A point-to-point connection is a single link that is established between two nodes. It is the 1:1 relationship that defines a point-to-point link. Because only two devices share the connection, they are guaranteed a level of bandwidth. A physical bus topology with more than two nodes is a shared access topology, meaning that all nodes share the bandwidth of the media. Only one node can be active at any time. The logical topology describes the flow of data through the network.

A company has a need for increased security control. The company currently has two network technicians and a small budget for the project. Given this scenario, which is the BEST solution for the company? A. Signature management B. File Integrity Monitoring (FIM) C. Network-Based Intrusion Prevention System (NIPS) D. Unified Threat Management (UTM)

D Unified Threat Management (UTM) refers to a system that centralizes various security controls such as firewall, anti-malware, network intrusion prevention, spam filtering, and content inspection into a single appliance. UTM was created in response to difficulties that administrators face in deploying discrete security systems; namely, managing several complex platforms as well as meeting the significant cost requirements. Signature management detection means the engine is loaded with a database of attack patterns or signatures. File Integrity Monitoring (FIM) software audits key system files to make sure they match the authorized versions. A Network-Based Intrusion Prevention System (NIPS) provides an active response to any network threats that it matches.