Jason Dion- Questions That I Got Wrong. Exam 2

You are currently troubleshooting a network connection error. When you ping the default gateway, you receive no reply. You checked the default gateway, and it is functioning properly, but the gateway cannot connect to any of the workstations on the network. Which of the following layers could be causing this issue?

OBJ-1.1: Ping requests occur at layer 3 (Network Layer). Therefore, the problem could exist in layer 1 (physical), layer 2 (data link), or layer 3 (network). Since Physical (layer 1) is the only choice from layers 1-3 given, it must be the correct answer. Also, since the gateway cannot reach any of the other devices on the network, it is most likely a cable (physical) issue between the gateway and the network switch.

Which of the following communication types are used in IPv6 to send a packet to the nearest interface that shares a common address in a routing table?

OBJ-1.4: An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the "nearest" interface having that address, according to the router's routing table. Anycast communications are sent to the nearest receiver in a group of receivers with the same IP. Anycast only works with IPv6. Multicasting is a technique used for one-to-many communication over an IP network. Multicast can be used with both IPv4 and IPv6. Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4. Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.

What is the broadcast address associated with the host located at 201.58.12.245/28?

OBJ-1.4: In classless subnets using variable-length subnet mask (VLSM), the broadcast address is the last IP address associated within an assigned range. In this example, the CIDR notation is /28, so each subnet will contain 16 IP addresses. Since the IP address provided is 201.58.12.245, the broadcast address will be 201.58.12.255.

You have just finished installing a new web application and need to connect it to your SQLnet database server. Which port must be allowed to enable communications through your firewall between the web application and your database server?

OBJ-1.5: SQLnet uses ports 1521, and is a relational database management system developed by Oracle that is fully compatible with the structured query language (SQL). Microsoft SQL uses ports 1433 and is a proprietary relational database management system developed by Microsoft that is fully compatible with the structured query language (SQL). MySQL uses ports 3306 and is an open-source relational database management system that is fully compatible with the structured query language (SQL). Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.

Mark is setting up a DHCP server on a segment of the corporate LAN. Which of the following options is NOT required in the DHCP scope to allow hosts on that LAN segment to be assigned a dynamic IP address and still be able to access the Internet and internal company servers?

OBJ-1.6: The DHCP must provide an IP address, subnet mask, default gateway, and DNS server to each client to effectively access the Internet. Using DHCP reservations is not required to be configured to meet the requirements provided in the question. DHCP reservations allow the DHCP server to pre-set an IP address to a specific client based on its MAC address. This ensures that the client will always get the same IP address from the DHCP server when it connects to the network. DHCP reservations are usually used with servers or printers on your internal network and are rarely used with end-user or client devices.

Which of the following layers within software-defined networking focuses on resource requests or information about the network?

OBJ-1.7: The application layer focuses on the communication resource requests or information about the network. The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.

A network technician has downloaded the latest operating system of a particular vendor's switch. This update includes new features and enhancements. What should the technician perform FIRST when updating the switch's operating systems?

OBJ-4.3: A preventive method is always to back up the current configuration to the NVRAM (SW# copy run start) in case the newly downloaded operating system doesn't work properly. This would allow the technician to restore the switch from the previous backup. It is a good idea to install the operating system during non-business hours, as well, but you should first always make a backup of the current configuration.

Which of the following layers is NOT used in a three-tiered data center network architecture?

OBJ-1.7: The control layer is used in software-defined networking (SDN), not the three-tiered data center network architecture. The Core Layer is considered the backbone of our network and is used to merge geographically separated networks back into one logical and cohesive unit. In general, you will have at least two routers at the core level, operating in a redundant configuration. The distribution or aggregation layer is located under the core layer and it provides boundary definition by implementing access lists and filters to define the policies for the network at large. The access or edge layer is located beneath the distribution or aggregation layer and is used to connect all the endpoint devices like computers, laptops, servers, printers, wireless access points, and others.

A network administrator needs to install a centrally located firewall that needs to block specific incoming and outgoing IP addresses without denying legitimate return traffic. Which type of firewall should the administrator install?

OBJ-2.1: A stateful firewall enhances security through packet filtering, and these types of firewalls also keep track of outbound requests and open the port for the returning traffic to enter the network. Since a centrally located firewall was required by the question, a network-based firewall should be chosen instead of a host-based firewall.

What remediation strategies are the MOST effective in reducing the risk to an embedded ICS from a network-based compromise? (Select TWO)

OBJ-2.1: Segmentation is the best method to reduce the risk to an embedded ICS system from a network-based compromise. Additionally, you could disable unused services to reduce the footprint of the embedded ICS. Many of these embedded ICS systems have a large number of default services running. So, by disabling the unused services, we can better secure these devices. By segmenting the devices off the main portion of the network, we can also better protect them. A NIDS might detect an attack or compromise, but it would not reduce the risk of the attack succeeding since it can only detect it. Patching is difficult for embedded ICS devices since they usually rely on customized software applications that rarely provide updates.

Max is a network technician who just terminated the ends on a new copper cable used between two legacy switches. When he connects the two switches using the cable, they fail to establish a connection. What is MOST likely the issue?`

OBJ-2.3: There are two types of cable, Straight-through and Crossover. In this instance, a crossover cable would need to be used to communicate with legacy switches since they won't support MDIX. A medium dependent interface crossover (MDIX) is a version of the medium dependent interface (MDI) enabling a connection between corresponding devices, such as a switch to another switch. If the switch doesn't MDIX, then you must use a crossover cable to connect them. Bend radius cannot be the correct answer to this question since copper cables are being used and not fiber cables. Bend radius is a concern when using fiber cables as it leads to increase reflections and a decrease in signal strength. An RJ-11 connector only has 6 pins and is smaller than an RJ-45 connector. The technician would visually be able to see the difference as the RJ-11 connector would not fit properly in the switchports.

Which type of antenna broadcasts an RF signal in a specific direction with a narrow path?

OBJ-2.4: Directional antennas broadcast radio frequencies in a single direction (unidirectional) or two directions (bidirectional) to create a zone or area of coverage. Unidirectional antennas focus the broadcast signal in a single direction instead of all directions, focusing the transmission and making the signal stronger. A specific type of unidirectional antenna is known as a Yagi antenna. Omnidirectional antennas broadcast radio frequencies in all directions creating a large sphere of coverage. The antenna has the capability to send and receive signals in a circumference around the antenna. A patch antenna is a type of antenna with a low profile that can be mounted on a surface. A patch antenna can be omnidirectional, bidirectional, or unidirectional, therefore it is not the best answer to this question and unidirectional should be chosen instead.

Dion Training has created a guest wireless network for students to use during class. This guest network is separated from the corporate network for security. Which of the following should be implemented to require the least amount of configuration for a student to access the Internet over the guest network?

OBJ-2.4: Since security was not listed as a requirement for the guest wireless network, it would be easiest not to set up any encryption, passwords, or authentication mechanisms on the network. Instead, you should enable the SSID broadcast for the guest network so students can easily find and connect to it. Using two-factor authentication, 802.1x, or WEP would require the students to complete additional configurations prior to connecting to the guest network.

Which of the following encryption types was used by WPA to better secure wireless networks than WEP?

OBJ-2.4: Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.

A technician is troubleshooting a workstation connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology?

OBJ-5.1: Based on the network troubleshooting methodology, you should try to test your theory to determine the cause once you have established a theory of probable cause. In this scenario, the technician has a theory that the static ARP entry is the cause of the problem. Since this issue has already caused the workstation not to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn't fix the issue, you would need to develop a new hypothesis to test. The troubleshooting steps are to (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine the cause, (4) Establish a plan of action to resolve the problem and identify potential effects, (5) Implement the solution or escalate as necessary, (6) Verify full system functionality and if applicable implement preventative measures, and (7) Document findings, actions, outcomes, and lessons learned.

Which of the following components is used by an agent to send a complete set of key-pair values about a significant event or condition that is occurring in real-time by providing a full list of variables and values for a given device to a manager?

OBJ-3.1: The Simple Network Management Protocol (SNMP) uses ports 161 and 162, and it is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. A trap is an asynchronous notification from the agent to the manager. A trap is sent by the agent to notify the management of a significant event that is occurring in real-time, such as an alarming condition. A verbose trap may contain all the information about a given alert or event as its payload. A granular trap contains a unique object identifier (OID) number and a value for that OID. A verbose trap contains more information and data than a granular trap, and therefore requires more bandwidth to send the verbose trap over the network. A unique objective identifier (OID) identifies a variable that can be read or set using the SNMP protocol. The management information base (MIB) is a translation file that is used to describe the structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers (OID).

The Security Operations Center is trying to determine if there are any network anomalies currently being observed. To assist them, you gather information about the current performance of the network. Which of the following should you also gather to compare the current information against?

OBJ-3.1: While all of the network artifacts, such as logs, pcap files, and NetFlow data, are useful, the general terms for the historical network performance data is a baseline. A baseline may be created from these other types of data, but the baseline is the MOST correct answer based on the question. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.

A wireless networking technician has completed an assessment of a wireless network and documented the detected signal strengths in various locations. Which of the following best describes this document?

OBJ-3.2: A wireless site survey report will usually take the form of a floorplan with a color-coded series of rings on it to show the signal strengths of wireless network signals in various locations. This is often referred to as a "heat map" by technicians. The technician performing the survey will document this information and use it as a tool during troubleshooting and optimization efforts concerning the wireless coverage in a specific office or building. A logical network diagram illustrates the flow of information through a network and shows how devices communicate with each other. It typically includes elements like subnets, network objects and devices, routing protocols and domains, voice gateways, traffic flow, and network segments. Network baselining is the act of measuring and rating the performance of a network in real-time situations. Providing a network baseline requires testing and reporting of the physical connectivity, normal network utilization, protocol usage, peak network utilization, and average throughput of the network usage. A network audit entails collecting data, identifying threats and areas of weakness, and compiling a formal audit report. This report is then sent on to network administrators and other relevant parties.

Which of the following types of fire suppression systems utilizes a sprinkler system with water to extinguish a fire but requires both an actuator and the sprinklers to be tripped prior to water being released?

OBJ-3.3: A fire suppression system is an engineered set of components that are designed to extinguish an accidental fire in a workplace or datacenter. A pre-action system minimizes the risk of accidental release from a wet pipe system. With a pre-action system, both a detector actuation like a smoke detector and a sprinkler must be tripped prior to water being released. A wet pipe system is the most basic type of fire suppression system, and it involved using a sprinkler system and pipes that always contain water in the pipes. Special suppression systems, like a clean agent system, use either a halocarbon agent or inert gas. When releases, the agents will displace the oxygen in the room with the inert gas and suffocates the fire. Heating Ventilation and Air Conditioning (HVAC) units are responsible for maintaining the proper temperature and humidity within a datacenter.

The network administrator noticed that the border router has high network capacity loading during non-working hours. This excessive load is causing outages for the company's web servers. Which of the following is the MOST likely cause of the issue?

OBJ-4.2: A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to the Internet. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. Session hijacking, also known as TCP session hijacking, is a method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. An evil twin is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user's knowledge.

A user's smartphone is displaying text in other languages in their web browser when accessing the company's main website. Which of the following is the MOST likely cause of the issue?

OBJ-4.2: An on-path attack (previously known as a man-in-the-middle attack) is a general term when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or impersonate one of the parties, making it appear as if a normal exchange of information is occurring. For example, if your user and server are both in the United States (English language), but the attacker is performing the on-path attack from Russia, then the server will utilize the Russian language in the text since it sees the connection coming from a Russian IP address. A denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. A reflective DNS attack is a two-step attack used in DDoS attacks. The attacker sends a large number of requests to one or more legitimate DNS servers while using a spoofed source IP of the targeted victim. The DNS server then replies to the spoofed IP and unknowingly floods the targeted victim with responses to DNS requests that it never sent. A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point by sending a deauthentication frame to the victim's machine.

A network administrator recently set up a network computer lab and discovered some connectivity issues. The administrator can ping the fiber uplink interface, but none of the new workstations plugged into the switch are responding to the technician's ICMP requests. Which of the following actions should the technician perform next?

OBJ-5.2: A technician can use the LEDs on the switchports to quickly monitor activity and performance for the interfaces. By determining if the link lights are lit for the ports, the administrator can verify if there is any activity on the network, if the ports are enabled, and if the Layer 1 components are working properly. Additionally, some switches have LEDs to indicate if the switchport is operating in half-duplex or full-duplex, and the speed of the link.

Your company has two office buildings which are connected via a copper network cable that is buried underground. There is some construction being performed near the buildings. Now, the second building discovers they have suffered a network outage that doesn't appear to be temporary. What is the MOST likely cause of the outage?

OBJ-5.2: Since the issue started after construction began, it is most likely that the construction crew broke the cable during digging operations. This can cause an open circuit or short circuit, depending on how the cable was cut or broken by the construction workers. This can be verified using a Time-Domain Reflectometer to determine exactly where in the cable the break has occurred. Once the location is identified, the cable can be repaired or spliced to return it to normal operations.

(This is a simulated Performance-Based Question.) You are testing a cable you found in your network closet. You connect a cable tester to both sides of the cable to verify the pinout of the Ethernet cable. After testing each pin, your cable tester gives you the following output:

OBJ-5.2: This is a patch cable (also known as a straight-through cable), as indicated by the matching of the Tx and Rx pins (pins 1, 2, 3, and 6) on both sides of the cable. Additionally, you may have noticed that there is an open on this cable on pin 4 since it is not sending a signal from pin 4 to pin 4 in the diagram. A crossover cable would have pins crossing from one side to the other, such as pin 1 going to pin 6. A rollover cable has opposite pin assignments on each end of the cable, such as pin 1 going to pin 8, pin 2 going to pin 7, etc. An RG-6 cable only has one internal copper wire, not 8 as shown in this diagram for a twisted-pair copper cable.

You have installed and configured a new wireless router. The clients and hosts can ping each other. The network uses a fiber optic WAN connection with 1 Gbps throughput. The wired clients have fast connections, but the wireless clients are displaying high latency when a ping is performed. The wireless clients are also only receiving 300 Mbps when downloading files from the Internet. Which of the following is MOST likely the cause of the slow speeds experienced by the wireless clients?

OBJ-5.4: If interference in the wireless spectrum occurs, more retransmissions will be needed (and thereby slowing speeds experienced and increasing latency). A high signal-to-noise ratio is a good thing on wireless networks and leads to faster speeds and lower retransmissions. The fiber connection itself is only used for the WAN connection, therefore you can use wired or wireless infrastructure for your internal LAN and connect the LAN to the WAN connection at the router. The wireless network is already getting throughputs of 300 Mbps, so it must be using 802.11n, 802.11ac, or 802.11ax for its wireless access points. If you switched to 802.11g, you would slow down the wireless network more since it has a maximum throughput of 54 Mbps.

It has been determined by network operations that there is a severe bottleneck on its mesh topology network. The field technician has chosen to use log management and found that one router makes routing decisions slower than the others on the network. Which of the following types of issues would you classify this as?

OBJ-5.5: Routing decisions are processed by the router and rely on the networking device's central processing unit (CPU). The CPU performance can become a severe bottleneck in the network performance if you have an underpowered router for a large enterprise environment. Network device power issues would cause network outages, not network slowdowns as this scenario presented. The scenario did not state that this mesh network is a storage area network, therefore it is not a SAN issue. Similarly, the scenario did not mention authentication issues, therefore the network performance issue is not caused by delayed RADIUS responses.

While troubleshooting, a technician notices that some clients using FTP still work and that pings to the local routers and servers are working. The technician tries to ping all known nodes on the network, and they reply positively, except for one of the servers. The technician notices that ping works only when the hostname is used but not when FQDN is used. What server is MOST likely offline?

OBJ-5.5: The DNS Server translates Fully Qualified Domain Names (FQDN) to IP addresses. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. A WINS server is a Microsoft Windows-based server running the Windows Internet Name Service (WINS) that can accept NetBIOS name registrations and queries. WINS servers maintain a database of NetBIOS name to IP address mappings for WINS clients on the network and speed up NetBIOS name resolution by eliminating broadcasts. Since the technician can ping the server using its hostname, the WINS server is working properly. Since the technician cannot ping the server using its fully qualified domain name (FQDN), the DNS server is likely offline.

Which of the following network devices is used to separate broadcast domains?

router