NetPro Plus

Ace your homework & exams now with Quizwiz!

Internet Information Services

IIS is a web server that supports http, https, ftp, ftps, smtp, and nntp.

Extranet

An extranet is a private network that uses internet technologies, but its resources are made available to external (but trusted) users.

6.5 You have two switches connected together as shown in the following diagram. How many broadcast domains are in the network shown?

2

5.1 Your network has been assigned the Class C network address 200.78.151.0. Which of the following addresses can be assigned to hosts on your network? (Select three.)

200.78.151.252 200.78.151.12 200.78.151.111 -All hosts on this network must share the first three octets of the IP address (200.78.151). You cannot assign 200.78.151.0 to a host because this address indicates the address of the network. You cannot assign 200.78.151.255 because this address is reserved for the broadcast address.

5.10 Consider the following output from a dig command run on a Linux system. ; <<>> DiG 8.2 <<>> westsim111.com;;res options:init recurs defnam dnsrch;;got answer:;;->>HEADER<<-opcode:QUERY, status: NOERROR, id:4;;flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2, ADDITIONAL:0;;QUERY SECTION:;; westsim111.com, type = A, class = IN;;ANSWER SECTION:westsim111.com. 7h33m IN A 76.141.43.129;;AUTHORITY SECTION:westsim111.com. 7h33m IN NS dns1.deriatct111.com.westsim111.com. 7h33m IN NS dns2.deriatct222.com.;;Total query time: 78 msec;;FROM: localhost.localdomain to SERVER:default -- 202.64.49.150;;WHEN: Tue Feb 16 23:21:24 2005;;MSG SIZE sent: 30 rcvd:103 What is the IP address of the DNS server that performed this name resolution?

202.64.49.150 When the dig command is used to perform a manual DNS lookup, a range of information is provided. The IP address of the DNS server that performed the name resolution is shown in the bottom area of the output, on the end of the ;;FROM line.

6.6.5 A switch running STP is classified as a backup bridge. What state is it in?

Blocking

LC connector

- local connector - fiber optic - commonly used between floors on a building - latch like RJ-11 -Lift and Click

6.6.13 Match the EtherChannel protocol on the left with its characteristics on the right. Each protocol may be used once, more than once, or not at all.

-Desirable mode places the port in a negotiating state. Port Aggregation Protocol (PAgP) -Based on the 802.3ad standard. Link Aggregation Control Protocol (LACP) -Passive mode places the port into a passive negotiating state. Link Aggregation Control Protocol (LACP) -Auto mode places the port into a passive negotiating state. Port Aggregation Protocol (PAgP) -Active mode places the port in a negotiating state. Link Aggregation Control Protocol (LACP) Cisco switches can use the following protocols for EtherChannel configuration: Port Aggregation Protocol (PAgP) -Port Aggregation Protocol prevents loops, limits packet loss due to misconfigured channels, and aids in network reliability. PAgP operates in the following modes: -Auto places the port into a passive negotiating state and forms an EtherChannel if the port receives PAgP packets. While in this mode, the port does not initiate the negotiation. -Desirable places the port in a negotiating state to form an EtherChannel by sending PAgP packets. A channel is formed with another port group in either the auto or desirable mode. Link Aggregation Control Protocol (LACP) -Link Aggregation Control Protocol is based on the 802.3ad standard and has similar functions to PAgP. LACP is used when configuring EtherChannel between Cisco switches and non-Cisco switches that support 802.3ad. LACP operates in the following modes: -Passive places the port into a passive negotiating state and forms an EtherChannel if the port receives LACP packets. While in this mode, the port does not initiate the negotiation. -Active places the port in a negotiating state to form an EtherChannel by sending LACP packets. A channel is formed with another port group in either the active or passive mode.

13.1.3 Which of the following are solutions that address physical security? (Select two.)

-Escort visitors at all times. -Require identification and name badges for all employees. EXPLANATION Physical security controls physical access to the network or its components. Physical security controls include: Requiring identification or key cards before entry is permitted. Escorting visitors at all times. Keeping doors and windows locked. Keeping devices with sensitive information out of view of public users. Keeping the server room locked and locking computers to racks or tables to prevent theft.

10 Gigabit Ethernet

-GG45 connectors require a special set of tools that are different from the RJ45 crimping tool. -TERA connectors can be installed without any special tools.

Which pins in an RJ45 connector are used to transmit data when used on a 100BaseT Ethernet network? (Select two.)

-On a 100BaseT network cable, the RJ45 pin-outs are as follows: -Pin 1: Tx+ -Pin 2: Tx- -Pin 3: Rx+ -Pin 4: Unused -Pin 5: Unused -Pin 6: Rx- -Pin 7: Unused -Pin 8: Unused -For a 100BaseT cable, Pins 1 and 2 are used to transmit data; pins 3 and 6 are used to receive data.

5.5 Listed below are several DNS record types. Match the record type on the left with its function on the right.

-Points a host name to an IPv4 address. A -Provides alternate names to hosts that already have a host record. CNAME -Points a hostname to an IPv6 address. AAAA -Points an IP address to a host name. PTR -Identifies servers that can be used to deliver mail. MX Records are used to store entries for host names, IP addresses, and other information in the zone database. Below are some common DNS record types: *The A record maps an IPv4 (32-bit) DNS host name to an IP address. This is the most common resource record type. *The AAAA record maps an IPv6 (128-bit) DNS host name to an IP address. *The PTR record maps an IP address to a host name (in a manner of speaking, it points to an A record). *The MX record identifies servers that can be used to deliver email. *The CNAME record provides alternate names (or aliases) to hosts that already have a host record. Using a single A record with multiple CNAME records means that when the IP address changes, only the A record needs to be modified.

6.1 Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all.

1) Commonly sold at retail stores. Unmanaged switch 2) Provides port security features. Managed switch 3) Supports VLANs. Managed switch 4) Provides very few configuration options. Unmanaged switch 5) Can be configured over a network connection. Managed switch 6) Can be configured over a dedicated communication channel. Managed switch

6.1 Match each switch management method on left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all.

1) Competes with normal network traffic for bandwidth. In-band management 2) Uses a dedicated communication channel. Out-of-band management 3) Must be encrypted to protect communications from sniffing. In-band management 4) Does not compete with normal network traffic for bandwidth. Out-of-band management 5) Affected by network outages. In-band management

6.1 Match the Cisco device password type on the left with its function on the right.

1) Controls the ability to log on through a LAN or WAN interface configured on the device. VTY 2) Controls the ability to connect to the device using a web browser using HTTPS. SDM 3) Controls the ability to connect to the device using a direct connection. Console

OSI Layers

1. Physical 2. Data Link 3. Network 4. Transport 5. Session 6. Presentation 7. Application

4.2 What is the minimum cable specification that supports 1000 Mbps Ethernet?

1000 Mbps Ethernet (Gigabit Ethernet) requires at least Cat 5e cables.

4.2 Which Gigabit Ethernet standard can support long network segments up to a maximum of 5 km when used with single-mode fiber optic cable?

1000BaseLX supports segment lengths of up to 5 km when used with single-mode fiber optic cable. This maximum segment length is cut to 550 m when multimode fiber optic cable is used. 1000BaseSX supports segment lengths of only 550 meters. 1000BaseCX uses copper wire and supports segment lengths of only 25 meters. 1000BaseT uses twisted pair cables.

4.2 Which of the following Ethernet standards uses fiber-optic cabling? (Select two.)

100BaseFX and 1000BaseLX are Ethernet standards that use fiber optic cabling. Following the Ethernet naming conventions: F designates fiber-optic cables L designates long distances S designates short distances T designates twisted pair cables C designates copper cables.

4.2 Your network follows the 100BaseFX specifications for Fast Ethernet and uses half-duplex multi-mode cable. What is the maximum cable segment length allowed?

100BaseFX half-duplex multimode cable has a maximum segment length of 412 meters. 1000BaseSX and 1000BaseLX support multimode cable up to 550 meters. 10BaseFL supports fiber optic cable between 1,000 and 2,000 meters.

4.2 What topology is used with 100BaseTX Fast Ethernet networks? (Select two.)

100BaseTX Fast Ethernet networks use a physical star/logical bus topology when a hub is used or a physical star/logical star when a switch is used.

4.2 You have been tasked with designing an Ethernet network. Your client needs to implement a very high-speed network backbone between campus buildings, some of which are around 300 meters apart. Multi-mode fiber optic cabling has already been installed between buildings. Your client has asked that you use the existing cabling. Which Ethernet standard meets these guidelines? (Choose two.)

10GBaseSR and 1000BaseSX can operate within these parameters. Both will support segment lengths 300 meters long and can use multi-mode fiber optic cabling. 10BaseFL isn't a good choice because its data transmission rate is relatively slow. 1000BaseCX and 1000BaseT both use copper wiring.

Match each decimal value on the left with the corresponding hexadecimal value on the right. Not all decimal values have a corresponding hexadecimal value.

11 17 B 11 D 13 F 15 C 12 10 16

5.1 Assuming the network is indicated by the default portion of the IP address, which three of the following IP addresses belong to the Class A network 114.0.0.0? (Select three.)

114.122.66.12 114.0.0.15 114.58.12.0 -With a Class A network, the first octet indicates the network address. All hosts on the network must have the same value in the first octet (114).

8.1.12 You have recently installed a new Windows Server 2016 system. To ensure the accuracy of the system time, you have loaded an application that synchronizes the hardware clock on the server with an external time source on the internet. Now, you must configure the firewall on your network to allow time synchronization traffic through. Which of the following ports are you most likely to open on the firewall?

123 TCP/IP port 123 is assigned to the network time protocol (NTP). NTP is used to communicate time synchronization information between systems on a network. The hypertext transfer protocol (HTTP) uses TCP/IP port 80. HTTP is the protocol used to send requests to a web server and retrieve web pages from a web server. TCP/IP port 119 is used by the network news transfer protocol (NNTP). NNTP is used to access and retrieve messages from newsgroups. TCP/IP port 110 is used by the post office protocol version 3 (POP3). POP3 is used to download email from mail servers.

5.6 Which of the following are valid IPv6 IP addresses? Select all that apply.

141:0:0:0:15:0:0:1 6384:1319:7700:7631:446A:5511:8940:2552 An IPv6 IP address is a 128-bit address listed as eight 16-bit hexadecimal sections. Leading zeros can be omitted in each section. Therefore, 6384:1319:7700:7631:446A:5511:8940:2552 and 141:0:0:0:15:0:0:1 are both valid IPv6 IP addresses. A single set of all-zero sections can be abbreviated with two colons (::). Therefore, 141::15:0:0:1 is also a valid address.

Which of the following IP addresses is a valid IP address for a host on a public network?

142.15.6.1 A public network is a network that does not limit traffic to members of a corporation or other group. The internet is an example of a public network. Certain sets of IP addresses are reserved for private networks only and cannot be used on public networks. They are: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255

11.1.1 What is the speed of an OC-3 connection?

155 mbps EXPLANATION Optical Carrier (OC) is used to specify the speed of fiber optic networks conforming to the SONET standard. Common OC speeds are: OC-1 = 51.85 Mbps OC-3 = 155.52 Mbps OC-12 = 622.08 Mbps OC-24 = 1.244 Gbps OC-48 = 2.488 Gbps OC-192=9.952 Gbps

5.1 Which of the following is the last IP address that can be assigned to hosts on the 166.70.0.0 network using the default subnet mask?

166.70.255.254 -The last address you can assign to hosts on the 166.70.0.0 network is 166.70.255.254. The network address is a Class B address and uses a default subnet mask of 255.255.0.0. The last two octets are used for host addresses. 166.70.0.0 cannot be used as a host address because it is the network address. 166.70.255.255 cannot be used as a host address because it is the broadcast address.

5.2 Which of the following IP address ranges is reserved for automatic private IP addressing?

169.254.0.1 - 169.254.255.254 -The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.1 through 169.254.255.254 for automatic private IP addressing (APIPA). APIPA also sets the subnet mask on the network to 255.255.0.0.

Which of the following is not one of the ranges of IP addresses defined in RFC 1918 that are commonly used behind a NAT server?

169.254.0.1 - 169.254.255.254 169.254.0.1 - 169.254.255.254 is the range of IP addresses assigned to Windows DHCP clients if a DHCP server does not assign the client an IP address. This range is known as the Automatic Private IP Addressing (APIPA) range.

Which of the following is a valid IPv4 address? (Select two.)

172.16.1.26 2.2.2.2 EXPLANATION A valid IPv4 address consists of four 8-bit (1 byte) numbers separated by periods (for example, 10.0.0.65). Because they are eight bits long, these numbers are frequently called octets. Even though we typically express these numbers using decimal notation, it's important to remember that they are binary numbers. The lowest value one of these numbers can have is 00000000. The decimal equivalent for this number is simply 0. The highest value one these numbers can take is 11111111. The decimal equivalent of this number is 255. Therefore, in decimal notation, each octet must contain a number between 0 and 255 inclusively.

5.1 You've decided to use a subnet mask of 255.255.192.0 on the 172.17.0.0 network to create four separate subnets. Which network IDs will be assigned to these subnets in this configuration? (Select two.)

172.17.0.0 172.17.128.0 -The subnet mask used for the 172.17.0.0 network can be viewed in binary notation as 11111111.11111111.11000000.000000. Because the first two bits of the third octet are used for the network portion of the address, four subnets are possible: 172.17.0.0 172.17.64.0 172.17.128.0 172.17.192.0

5.1 Your network has been assigned the Class B network address of 179.113.0.0. Which three of the following addresses can be assigned to hosts on your network?

179.113.0.118 179.113.89.0 179.113.65.12 -All hosts on this network must share the first two octets of the IP address (179.113). You cannot assign 179.113.0.0 to a host because this address indicates the address of the network.

What is the decimal format of the following binary IP address? 11001110.00111010.10101010.01000011

206.58.170.67

Which of the following is the last IP address that can be assigned to hosts on the 211.70.0.0 network using the default subnet mask?

211.70.0.254 EXPLANATION The last address you can assign to hosts on the 211.70.0.0 network is 211.70.0.254. The network address is a Class C address and uses a default subnet mask of 255.255.255.0. The last octet is used for host addresses. 211.70.0.0 cannot be used as a host address because it is the network address. 211.70.0.255 cannot be used as a host address because it is the broadcast address.

You have a network that occupies all three floors of a building. The WAN service provider has installed the line for the WAN service in a wiring closet on the main floor. You have a second wiring closet on the main floor. You need to connect the two wiring closets. Which of the following are typically used to connect the two wiring closets? (Select two.)

25 pair Horizontal cross connect EXPLANATION A horizontal cross connect joins wiring closets on the same floor. 25 pair or 100 pair wiring punched down into 66 or 110 blocks are often used to connect the wiring closets together. A vertical cross connect connects the IDF to the MDF on a different floor.

You have been told to assign the IP address 21.155.67.188 to a host on the network using the default subnet mask. Which mask should you use?

255.0.0.0 EXPLANATION The default subnet mask for this address is 255.0.0.0. The address is a class A address, which begins with a number between 1 and 126 in the first octet. 21.0.0.0 is the subnet address. 255.255.0.0 is the default subnet mask for a class B address, and 255.255.255.0 is the default subnet mask for a class C address.

5.2 What is the network address and subnet mask used by APIPA? (Select two.)

255.255.0.0 169.254.0.0 -Automatic private IP addressing (APIPA) uses a network address of 169.254.0.0 with the default Class B subnet mask of 255.255.0.0. Host addresses are within the range of 169.254.0.1 and 169.254.255.254.

11.4.8 Which of the following ports are used with TACACS?

49 EXPLANATION Terminal Access Controller Access-Control System (TACACS) uses TCP and UDP ports 49. Port 22 is used by Secure Shell (SSH). Ports 50 and 51 are used by IPsec. Ports 1812 and 1813 are used by Remote Authentication Dial-in User Service (RADIUS). Port 3389 is used by Remote Desktop Protocol (RDP).

5.6 Which of the following tunneling methods is used to send IPv4 traffic through an IPv6 network?

4to6 tunneling is used to send IPv4 traffic through an IPv6 network by encapsulating IPv4 packets within IPv6 packets.

You want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions?

500 resolution, 50mm, .05 LUX

8.3.13 You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable?

53 The DNS service uses port 53.

8.1.11 Haley configures a website using Windows Server 2016 default values. What are the HTTP port and SSL port settings?

80 for HTTP; 443 for SSL The default TCP port setting for HTTP is 80. You can change that setting to another TCP setting that is not in use, but users will have to know they must request the non-default setting, or they will be unable to connect. The SSL port number is 443 and is only used with secure socket layers for encryption.

10.2.8 You are designing a wireless network for a client. Your client needs the network to support a data rate of at least 54 Mbps. In addition, the client already has a wireless telephone system installed that operates 2.4 GHz. Which 802.11 standard will work best in this situation?

802.11a is the best choice for this client. While both 802.11a and 802.11g each operate at 54 Mbps, 802.11g operates in the 2.4 GHz to 2.4835 GHz range; which will cause interference with the client's wireless phone system. 802.11a, on the other hand, operates in the 5.725 GHz to 5.850 GHz frequency range; which won't interfere with the phone system.

10.4.7 You are designing a wireless network for a client. Your client needs the network to support a data rate of at least 54 Mbps. In addition, the client already has a wireless telephone system installed that operates at 2.4 GHz. Which 802.11 standards will work best in this situation? (Select two.)

802.11a or 802.11n are the best choices for this client. While both 802.11a and 802.11g each operate at 54 Mbps, 802.11g operates in the 2.4 GHz to 2.4835 GHz range—which will cause interference with the client's wireless phone system. 802.11a and 802.11n, on the other hand, operate in the 5.725 GHz to 5.850 GHz frequency range. This won't interfere with the phone system. 802.11n can operate at speeds up to 600 Mbps.

10.2.1 What is the frequency of 802.11a networking?

802.11a wireless operates in the 5.75 GHz range. 802.11b and 802.11g operate in the 2.4 GHz range.

10.2.2 How many total channels are available for 802.11a wireless networks?

802.11a wireless uses the 5.75 GHz range which has a total of 23 channels. 802.11b and 802.11g use the 2.4 GHz range which has a total of 11 channels in the US.

10.2.3 How many total channels are available for 802.11g wireless networks?

802.11b and 802.11g use the 2.4 GHz range which has a total of 11 channels in the US. 802.11a wireless uses the 5.75 GHz range which has a total of 23 channels.

10.2.10 Which IEEE wireless standards specify transmission speeds up to 54 Mbps? (Select two.)

802.11g 802.11a Both the 802.11a and the 802.11g wireless standards specify maximum transmission speeds up to 54 Mbps. Bluetooth is a wireless standard commonly used to connect peripheral devices and operates at 720 Kbps. The 802.11b wireless standard provides transmission speeds of 11 Mbps. 802.1x is a wireless security standard that provides an authentication framework for 802-based networks.

10.4.6 You are designing a wireless network for a client. Your client needs the network to support a data rate of at least 150 Mbps. In addition, the client already has a wireless telephone system installed that operates 2.4 GHz. Which 802.11 standard will work best in this situation?

802.11n 802.11n is the best choice for this client. 802.11b and 802.11g both operate in the 2.4 GHz to 2.4835 GHz range, which will cause interference with the client's wireless phone system. 802.11a operates in the 5.725 GHz to 5.850 GHz frequency range. While this won't interfere with the phone system, its maximum speed is limited to 54 Mbps.

10.4.5 You are designing an update to your client's wireless network. The existing wireless network uses 802.11g equipment, which your client complains runs too slowly. She wants to upgrade the network to run at 150 Mbps or faster. Due to budget constraints, your client wants to upgrade only the wireless access points in the network this year. Next year, she will upgrade the wireless NICs in the workstations. She has also indicated that the system must continue to function during the transition period. Which 802.11 standard will work best in this situation?

802.11n 802.11n is the best choice for this client. 802.11a operates at a maximum speed of 54 Mbps. 802.11a isn't compatible with 802.11g network boards. 802.11b runs at only 11 Mbps.

10.2.9 You are designing an update to your client's wireless network. The existing wireless network uses 802.11b equipment; which your client complains runs too slowly. She wants to upgrade the network to run up to 600 Mbps. Due to budget constraints, your client wants to upgrade only the wireless access points in the network this year. Next year, she will upgrade the wireless network boards in her users' workstations. She has also indicated that the system must continue to function during the transition period. Which 802.11 standard will work best in this situation?

802.11n is the best choice for this client and provides up to 600 Mbps. With 802.11n, you may have a single device that uses multiple radios, one that can operate at one frequency and another that can operate on a different frequency. Because of this, 802.11n usually allows for compatibility between all 802.11 standards, depending upon the specific implementation. While 802.11g is compatible with 802.11b, it only provides up to 54 Mbps.

10.6.10 You are designing a wireless network implementation for a small business. The business deals with sensitive customer information, so data emanation must be reduced as much as possible. The floor plan of the office is shown below. Match each type of access point antenna on the left with the appropriate location on the floor plan on the right. Each antenna type can be used once, more than once, or not at all.

A Directional B Directional C Omni-directional D Directional E Directional F Directional G Directional There are three types of antennas you should be aware of: -A directional antenna creates a narrow, focused signal in a particular direction. The focused signal provides greater signal strength, increasing the transmission distance. It provides a stronger point-to-point connection, better equipping devices to handle obstacles. -An omni-directional antenna disperses the RF wave in an equal 360-degree pattern. It is used to provide access to many clients in a radius. -A parabolic antenna uses a parabolic reflector shaped like a dish. It is highly directional, concentrating the radio waves transmitted from the sender into a very narrow beam. Using a parabolic antenna on the receiver restricts it to receiving radio signals from only a single, very specific direction. It supports very high gain radio signals that can be transmitted over long distances, but requires a clear line-of-sight (LOS) between the sender and the receiver. In this scenario, data emanation can be reduced as follows: Directional antennae should be implemented along the perimeter of the office in locations A, B, D, E, F, and G with the radio pattern aimed towards the center of the office. An omnidirectional antenna can be implemented in the center of the office in location C. A parabolic antenna is not appropriate in this scenario and should not be implemented. A site survey should be conducted to verify that the radio signal from all of the access points does not emanate excessively outside the office.

10.6.1 Your consulting firm has been hired by a small business to implement a wireless network. The company leases two office suites within a business park approximately 200m apart, as shown below. The objectives of the implementation are as follows: Create a secure wireless network that doesn't emanate beyond each office space by implementing access points in locations A-D in each building. Connect the wireless networks at each office together with a secure outdoor wireless link using locations E and F. Drag the antenna type from the list on the left to the appropriate location on the right. Each antenna type can be used more than once or not at all.

A Normal gain directional antenna aimed east B Normal gain directional antenna aimed south C Normal gain directional antenna aimed north D Normal gain directional antenna aimed west E High-gain directional antenna aimed east F High-gain directional antenna aimed west

4.3 Use the exhibit to match the connector type on the left with the corresponding letter on the right.

A DB25 connectors are older serial connectors. B DB9 connectors are usually on the ends of RS232 serial cables. C RJ45 connectors are used for Ethernet networking with twisted pair cables. D RJ11 connectors are used for dial-up and some DSL internet connections. E LC connectors are used with fiber optic cables. F BNC connectors are used with coaxial cables on 10Base2 Ethernet networks. G F-Type connectors are used with coaxial cables that create cable TV and broadband cable connections.

3.1 You want a switch to have the ability to modify the media type the switch port supports. Which type of module might you use to make this possible?

A GBIC (gigabit interface converter) is a large transceiver that fits in a port slot. GBICs are used for Gigabit media, including copper and fiber optic. An SFP (small form-factor pluggable) is similar to a GBIC, but is smaller in size. An SFP is sometimes called a mini-GBIC.

Match the port security MAC address type on the left with its description on the right.

A MAC address manually identified as an allowed address. SecureConfigured A MAC address that has been learned and allowed by the switch. SecureDynamic A MAC address that is manually configured or dynamically learned that is saved in the config file. SecureSticky EXPLANATION MAC addresses are stored in RAM in the CAM table and are identified with the port and by a MAC address type. Port security uses the following three MAC address types: Type Description SecureConfigured A SecureConfigured address is a MAC address that has been manually identified as an allowed address. SecureDynamic A SecureDynamic address is a MAC address that has been dynamically learned and allowed by the switch. SecureSticky A SecureSticky address is a MAC address that is manually configured or dynamically learned and saved.

You have been asked to document the wiring in your building. You would like to identify the length of each Cat5 cable to verify that it meets Ethernet standards. You need to identify the length of the cables, but most cables run through walls and ceilings, making them difficult to trace. Which tool should you use?

A TDR is a special device that sends electrical pulses on a wire in order to discover information about the cable. The TDR measures impedance discontinuities; the echo received on the same wire in response to a signal on the wire. The results of this test can be used to: -Estimate the length of a wire. -Measure the cable impedance. -Identify the locations of splices and connectors on the wire. -Identify shorts, open circuits, and the location of the fault.

Octal Number

A base-8 number system that uses the digits 0-7.

4.4 You have a network connected using a physical star topology. One of the drop cables connecting a workstation has been removed. Which of the following best describes what affect this will have on network communications?

A break in a cable in a star means that the device connected to the central device (hub or switch) through that cable can no longer communicate on the network. All other hosts will be able to communicate with all other devices.

4.4 You have a network connected using a physical bus topology. One of the cables that connects a workstation to the bus breaks. Which of the following best describes what effect this will have on network communications?

A break in the network bus means that the end of the network bus is no longer terminated. For this reason, a break in the bus typically means that no devices can communicate. Identifying the location of the break is difficult on a true bus network.

6.7.4 You manage a network with multiple switches. You find that your switches are experiencing heavy broadcast storms. Which of the following will help reduce the effects of a broadcast storm?

A broadcast storm is excessive broadcast traffic that renders normal network communications impossible. Broadcast storms can be caused by switching loops that cause broadcast traffic to be circulated endlessly between switches or denial of service (DoS) attacks. To reduce broadcast storms: -Run the spanning tree protocol to prevent switching loops. -Implement switches with built-in broadcast storm detection, which limits the bandwidth that broadcast traffic can use. -Use VLANs to create separate broadcast domains on switches.

6.7.2 Select the statement that best describes a broadcast storm.

A broadcast storm occurs when there are so many broadcast messages on the network that they approach or exceed the network bandwidth.

Bus Topology

A bus topology consists of a trunk cable with nodes either inserted directly into the trunk or tapped into the trunk using offshoot cables called drop cables.

You manage a network that uses 1000BaseT Ethernet. You find that one device communicates on the network at only 100 Mbps. Which tool should you use to test the drop cable and the connection to the network?

A cable certifier is a multi-function tool that verifies or validates that a cable or an installation meets the requirements for a specific architecture implementation. For example, you would use a certifier to verify that a specific drop cable meets the specifications for 1000BaseT networking.

Cable Certifier

A cable certifier is a multi-function tool that verifies that a cable or an installation meets the requirements for a specific architecture implementation. For example, you would use a certifier to verify that a specific drop cable meets the specifications for 1000BaseT networking.

Cable Tester

A cable tester (or line tester) verifies that the cable can carry a signal from one end to the other and that all wires are in the correct positions.

fiber-optic cable

A cable that transmits data at close to the speed of light along glass or plastic fibers. Immune to Emi Immune to eavesdropping Glass/Plastic Core Cladding reflective layer High data transmission rates Expensive Difficult to work with/Fragile

directory service

A database stored on the network itself that contains information about users and network devices.

Demarc extension

A demarcation point where a network connectivity line terminates within or just outside of a building and may need to be extended further to accommodate the extended connectivity segment.

Punchdown Block

A device that connects one group of wires to another group of wires through a system of metal pegs that the wires are attached to.

Punchdown Block

A device used to connect network cables from equipment closets or rooms to other parts of a building. Connections to networking equipment such as hubs or switches are established from the punchdown block. Also used in telecommunications wiring to distribute phone cables to their respective lo

Loopback Plug

A device used to test a port in a computer or other device to make sure the port is working and might also test the throughput or speed of the port.

11.5.3 Review the output from the show interfaces fa0/1 command on the switch2 switch in the exhibit. What is wrong with the fa0/1 interface in this example?

A duplex mismatch exists with the device on the other end of the connection. EXPLANATION In this example, the following statistics indicate that a duplex mismatch error has occurred: Duplexing is set to half. There are a significant number of runts. There are a significant number of collisions. There are a significant number of late collisions.

3.3 You are the administrator of your company's network. You want to prevent unauthorized access to your intranet from the internet. Which of the following should you implement?

A firewall allows you to filter unwanted traffic from the internet to your network. Packet internet groper is better known by its acronym, PING, a TCP/IP command. A proxy server caches web pages. ICS allows you to connect a small network to the internet through a single connection.

3.3 Which of the following is the best device to deploy if you want to protect your private network from a public untrusted network?

A firewall is the best device to deploy if you want to protect your private network from a public untrusted network. Firewalls are used to control traffic entering and leaving your trusted network environment. Firewalls can manage traffic based on source or destination IP address, port number, service protocol, application or service type, user account, and even traffic content.

Main Distribution Frame (MDF)

A frame or rack that is used to interconnect and manage telecommunication wiring in a building. It functions like an old-time telephone switchboard, where operators used connecting wires to route telephone calls. Today's MDF describes the room that houses the traditional MDF along with networking patch panels. Often, rack-mounted equipment is also housed in an MDF.

3.2 Which of the following devices does not segment the network?

A hub does not create multiple segments on the network. A segment is a portion of the network that has different media, collision domains, or broadcast domains. A hub simply connects devices using the same media type. All devices are members of the same collision and broadcast domains.

9.3.1 In virtualization, what is the role of the hypervisor?

A hypervisor allows virtual machines to interact with the hardware without going through the host operating system. EXPLANATION A hypervisor is a thin layer of software that resides between the virtual operating system(s) and the hardware. A hypervisor allows virtual machines to interact with the hardware without going through the host operating system. A hypervisor manages access to system resources such as: CPU Storage RAM A physical machine (also known as the host operating system) has the actual hardware in place on the machine, such as the hard disk drive(s), optical drive, RAM, motherboard, etc. A virtual machine is a software implementation that executes programs like a physical machine. A virtual machine appears to be a self-contained and autonomous system. A virtual hard disk (VHD) is a file that is created within the host operating system and simulates a hard disk for the virtual machine.

LED

A light-emitting diode is a two-lead semiconductor light source that emits visible light when an electric current passes through it.

LAN

A local area network is a network in a small geographic area, like an office.

3.1 At which OSI model layer does a media converter operate?

A media converter operates at Layer 1 of the OSI model, the Physical Layer. The media converter translates frames into bits and transmits them on the transmission medium. At Layer 2, the MAC address is added to make the data into a frame. At layer 3, the IP address is added to the packet. A media converter does not alter or use the MAC address or the IP address.

Mesh Topology

A mesh topology exists when there are multiple paths between any two nodes on a network.

Mail User Agent

A messaging component used as a stand-alone application by the user.

MAN

A metropolitan area network is a network that covers an area as small as a few city blocks to as large as an entire metropolitan city.

10.7.10 You have decided to conduct a business meeting at a local coffee shop. The coffee shop you chose has a wireless hotspot for customers who want internet access. You decide to check your email before the meeting begins. When you open the browser, you cannot gain internet access. Other customers are using the internet without problems. You are sure your laptops wireless adapter works because you use a wireless connection at work. What is the likely cause of the problem?

A mismatched SSID. EXPLANATION A wireless client and the access point must be configured to use the same SSID. In this case, the client system was used on a different wireless network and may still be using the SSID from that network. To log onto this network, the system will need to be configured to use the same SSID as other customers in the coffee shop. Sometimes the SSID will automatically be detected by a wireless monitoring program. As a new SSID is detected, it will attempt to connect and use the new SSID and new access point. When this does not happen, you need to change the the SSID manually. The problem is not with LAN protocols, as TCP/IP is the protocol used on the internet, so there are no other choices. The WAP is not out of range, as other clients are accessing it. PPP is not required to make the internet connection.

5.7 Which of the following address types is shared by multiple hosts and used to form groups of computers that receive the same data stream?

A multicast address is an address that identifies a group of computers. Members of the group share the same multicast address.

Multimeter

A multimeter is a device used to test various electrical properties. A multimeter can measure several parameters:

10.3.1 You are an administrator of a growing network. You notice the network you have created is broadcasting, but you cannot ping systems on different segments of your network. What device should you use to fix this issue?

A network bridge is used to connect different segments of a network. A range extender increases the strength of a signal or widen the range a network can reach. An access point is used to broadcast the wireless network so users can access the network. A network hub is not very common today, but acts as a simple device that pushes data or traffic through to all users connected to the hub and would not be a good tool for connecting network segments.

Network

A network is a group of computers that can share information through interconnections.

Internetwork

A network with geographically dispersed WAN connections that connect multiple LANs is often called an internetwork

Binary Number

A number system that only has two values, typically 0 (zero) and 1 (one).

Hexadecimal Number

A numbering system with 16 symbols, 0-9 and A-F.

13.5.13 Which of the following is the strongest form of multi-factor authentication?

A password, a biometric scan, and a token device A password, a biometric scan, and a token device together are the strongest form of multi-factor authentication listed here. Multifactor authentication is any combination of two or more of the same or different authentication factors. The three common authentication factor types are something you know (such as a password), something you have (such as a smart card or a token device), or something you are (such as a biometric quality like a fingerprint).

Which of the following is used to terminate individual wires from a 25 pair or 100 pair cable using female RJ45 ports?

A patch panel is a device that typically connects individual stranded wires into female RJ45 connectors. For example, you might connect 4 pairs of wires from a punch down block to a port on the patch panel. On the patch panel, you then connect drop cables (cables with RJ45 connectors) to the patch panel on one end and a computer on the other end.

PAN

A personal area network is a very small network used for communicating between personal devices

Plenum Space

A plenum space is a part of a building that provides a pathway for the airflow needed by heating and air conditioning systems, such as above a dropped ceiling or below a raised floor.

Apache Web Server

A popular Web server that runs on most operating systems, particularly Windows and Linux.

8.1.9 You connect your computer to a wireless network available at the local library. You find that you can access all the websites you want on the internet except for two. What might be causing the problem?

A proxy server is blocking access to the websites. A proxy server can be configured to block internet access based on website or URL. Many schools and public networks use proxy servers to prevent access to websites with objectionable content.

How does a proxy server differ from a packet filtering firewall?

A proxy server operates at the Application layer, while a packet filtering firewall operates at the Network layer.

Open Systems Interconnection (OSI)

A reference model for how applications communicate over a network without regard to its underlying internal structure and technology.

8.2.1 An all-in-one security appliance is best suited for which type of implementation?

A remote office with no on-site technician. All-in one security appliances are best suited for small offices with limited space or a remote office without a technician to manage the individual security components.

4.4 You are creating an Ethernet network for your company. The shipping department is located in a different building that is located 150 meters from the main wiring closet. You connect a single Cat 6a cable to connect the wiring closet to the shipping building. Which of the following should you include in your plan?

A repeater regenerates the signal and removes the unwanted effects caused by attenuation. Attenuation is the loss of signal strength from one end of a cable to the other. In this example, the distance from the wiring closet to the other building exceeds the 100-meter maximum for Ethernet, so a repeater is necessary to regenerate the signal.

Ring Topology

A ring topology connects neighboring nodes until they form a ring.

4.3 Which of the following connectors is typically used on one end of a rollover cable?

A rollover cable has a serial connector on one end and an RJ45 connector on the other end. Alternatively, it might have an RJ45 connector on both ends and use a serial converter to convert from the RJ45 connector to a serial connector.

4.3 Which of the following standards is typically used in a rollover cable?

A rollover cable has a serial connector on one end and an RJ45 connector on the other end. RS232 is the standard for serial communications. RJ11 connectors are used for analog telephone lines. RG6 and RG58 are coaxial cable standards.

3.3 Which of the following hardware devices links multiple networks and directs traffic between networks?

A router is a device that links multiple networks and directs traffic between networks. Each network linked by routers has its own unique identifier called the network number or network address.

3.2 At which of the following OSI layers does a router operate?

A router operates at Layer 3, or the Network layer.

3.2 At which OSI layer does a router operate to forward network messages?

A router uses the logical network address specified at the Network layer to forward messages to the appropriate LAN segment. A bridge, on the other hand, uses the MAC address and works at the Data Link layer.

FTP Server

A server using the FTP or Secure FTP protocol that downloads or uploads files to remote computers.

You need to replace a fiber optic cable that is connecting two switches together. You inspect the existing fiber cable and determine that it uses LC connectors. You also notice the cable's ferrule has a slight slant to it. Which polish grade should you use to replace the existing cable?

A slight slant to the fiber ferrule indicates an Angled Physical Contact (APC) polish. Using a non-angled connector will cause excessive insertion loss.

Users report that the internet is no longer accessible. You suspect that the line connecting your building to the internet is not working properly. Which of the following allows the service provider to remotely test the local loop?

A smartjack is a special loopback plug installed at the demarcation point for a WAN service. Technicians at the central office can send diagnostic commands to the smart plug to test connectivity between the central office and the demarc.

While viewing the status of the interfaces on a Cisco switch, you see an abnormally large number of CRC errors on one interface. This interface is connected to a user's workstation located in a cubicle on the second floor. What could cause this to happen?

A strong EMI emitter near the cable run connected to that interface.

13.4.3 In a variation of a brute force attack, an attacker may use a predefined list (dictionary) of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

A strong password policy

6.6.8 A switch running STP is in the listening state. A message destined for a different network segment arrives at the switch. Which of the following best describes what the switch will do?

A switch in listening state receives packets, but does not build its database or forward them. Switches in the listening state are in the process of defining their role on the network.

4.4 Angela is the network administrator for a rapidly growing company with a 100BaseT network. Users have recently complained about slow file transfers. While checking network traffic, Angela discovers a high number of collisions. Which connectivity device would best reduce the number of collisions and allow future growth?

A switch would be the best choice in this situation. A bridge will segment traffic and reduce collisions, but it would be harder to maintain and harder to add new bridges as the network grows. A router would allow growth and reduce collisions. Switches can provide those benefits at a lower cost per port and offer more administration options.

Intermediate distribution Frame (IDF)

A system for managing and interconnecting the telecommunications cable between end-user devices, typically workstations.

Time-Domain Reflectometer (TDR)

A time-domain reflectometer is a special device that sends electrical pulses on a wire in order to discover information about the cable. The TDR measures impedance discontinuities (the echo received on the same wire in response to a signal on the wire).

Toner Probe

A toner probe is composed of two devices that are used together to trace the end of a wire from a known endpoint to the termination point in the wiring closet. To use a toner probe:

3.1 Which device sends signals from a computer onto a network?

A transceiver (short for transmitter/receiver) sends signals to and receives signals from the network. It translates the parallel data stream of the computer to the serial data stream of the network and vice versa. Most transceivers are now built into network interface cards (NICs).

6.5 You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch in VLAN 1. What should you configure to allow communication between these two devices through the switches

A trunk port is used to connect two switches together. Typically, Gigabit Ethernet ports are used for trunk ports, although any port can be a trunking port. A trunk port is a member of all VLANs and carries traffic between the switches. When trunking is used, frames that are sent over a trunk port are tagged by the first switch with the VLAN ID so that the receiving switch knows which VLAN the frame belongs to. The trunking protocol describes the format that switches use for tagging frames with the VLAN ID. Because end devices do not understand the VLAN tags, the tag is removed from the frame by the switch before the frame is forwarded to the destination device. VLAN tagging is only used for frames that travel between switches on the trunk ports.

Crossover cable

A twisted pair patch cable in which the termination locations of the transmit and receive wires on one end of the cable are reversed. T568A to T568B

Straight Through Cable

A twisted pair patch cable in which the wire terminations in both connectors follow the same scheme. T568A to T568A

Straight-Through Cable

A twisted pair patch cable in which the wire terminations in both connectors follow the same scheme. T568A to T568A

multi-mode fiber (MMF)

A type of fiber optic cable that carries multiple light signals on a single strand. 50-100 um. Designed to operate at 850 nm and 1300 nm More affected by modal distortion. Shorter distances. Lower speeds. Simpler connections

5.7 Which type of address is used in a packet to address the packet to a single host?

A unicast address is an address that identifies a single host.

12.2.1 Which of the following is an example of an internal threat?

A user accidentally deletes the new product designs. EXPLANATION Internal threats are intentional or accidental acts by employees, including: Malicious acts such as theft, fraud, or sabotage. Intentional or unintentional actions that destroy or alter data. Disclosing sensitive information through snooping or espionage. External threats are the events originating outside of the organization that typically focus on compromising the organization's information assets. Examples are hackers, fraud perpetrators, and viruses. Natural events are the events that may reasonably be expected to occur over time. Examples are a fire or a broken water pipe.

You have a network that occupies all three floors of a building. The WAN service provider has installed the line for the WAN service into the building in a wiring closet on the main floor. You have a wiring closet on the two remaining floors directly above the wiring closet on the main floor. What would you use to connect the wiring closets together?

A vertical cross connect joins the main distribution frame (MDF) on the main floor to intermediate distribution frames (IDFs) on upper floors. Cabling runs vertically (up and down) between the MDF and the IDFs.

Voltage Event Recorder

A voltage event recorder keeps track of voltage conditions on a power line

Patch Panel

A wall-mounted panel of data receptors into which cross-connect patch cables from the punch-down block are inserted.

WAN

A wide area network is a group of LANs that are geographically isolated but are connected to form a large internetwork.

WLAN

A wireless LAN covers an area that is roughly the same size as a standard LAN.

13.8.3 Which exploit seeks to maliciously re-associate the IP address of a legitimate network host with the MAC address of the attacker's computer?

ARP poisoning EXPLANATION ARP spoofing (also known as ARP poisoning) uses spoofed ARP messages to associate a different MAC address with an IP address. ARP spoofing can be used to perform a man-in-the-middle attack. IP spoofing changes the IP address information within a packet. MAC spoofing occurs when an attacking device spoofs the MAC address of a valid host currently in the MAC address table of the switch. In a replay attack, the attacker uses a protocol analyzer or sniffer to capture authentication information going from the client to the server. The attacker then uses this information to connect at a later time and pretends to be the client.

13.8.1 Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP poisoning EXPLANATION ARP spoofing/poisoning associates the attacker's MAC address with the IP address of victim devices. When computers send an ARP request to get the MAC address of a known IP address, the attacker's system responds with its MAC address. MAC flooding overloads the switch's MAC forwarding table to make the switch function like a hub. The attacker floods the switch with packets, each containing different source MAC addresses. The flood of packets fills up the forwarding table and consumes so much of the memory in the switch that it causes the switch to enter a state called fail-open mode, in which all incoming packets are broadcast out all ports (as with a hub), instead of just to the correct ports, as per normal operation. A null session is the ability to log on using a blank username and password. In a hijacking attack, an attacker steals an open session, inserting himself into the session in place of the original client.

A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses NMAP to probe various network hosts to see which operating system they are running. Which process did the administrator use in the penetration test in this scenario?

Active fingerprinting EXPLANATION The administrator in this scenario used active fingerprinting. Active fingerprinting is a form of system enumeration that is designed to gain as much information about a specific computer as possible. It identifies operating systems based upon ICMP message quoting characteristics. Portions of an original ICMP request are repeated (or quoted) within the response, and each operating system quotes this information back in a slightly different manner. Active fingerprinting can determine the operating system and even the patch level. Passive fingerprinting works in much the same manner as active fingerprinting. However, it does not utilize the active probes of specific systems. Network enumeration (also called network mapping) involves a thorough and systematic discovery of as much of the corporate network as possible, using:

11.1.5 Which of the following are characteristics of ATM? (Select two.)

Adds labels to data units. Uses fixed-length cells of 53 bytes. EXPLANATION ATM is a WAN communication technology originally designed for carrying time-sensitive data, such as voice and video. However, it can also be used for regular data transport. ATM is a packet switching technology that uses fixed-length data units called cells. Each cell is 53 bytes. The cell header includes labels that identify the virtual path information. ATM switches in the WAN cloud use the virtual path to switch cells within the WAN to the destination. MPLS uses labels but supports variable-length packets. ISDN is a WAN technology that uses existing telephone lines (POTS) to connect to the WAN cloud. Both frame relay and ISDN use a CSU/DSU to connect the line to the WAN link.

Alien Crosstalk (AXT)

Alien crosstalk is introduced from adjacent, parallel cables. For example, a signal sent on one wire pair causes interference on a wire pair that is within a separate twisted pair cable bundle.

Which of the following is a characteristic of static routing when compared to dynamic routing?

All routes must be manually updated on the router.

5.6 Match the IPv6 address configuration method on the right with its definition on the left.

An IPv6 address can be configured using any of the following methods: -Static Full Assignment: The entire 128-bit address and all other configuration information is statically assigned to the host. -Static Partial Assignment: The prefix is statically assigned, and the interface ID is derived from the MAC address. -Stateless Autoconfiguration: Clients automatically generate the interface ID and learn the subnet prefix and default gateway through the neighbor discovery protocol (NDP). -Stateful DHCPv6: Provides each client an IP address, default gateway, and other IP configuration information. -Stateless DHCPv6: Supplies the client with the DNS server IP address only. Does not provide the client an IP address, and does not track the status of each client.

8.3.6 Which of the following describes how access lists can be used to improve network security?

An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers. An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers. Access lists are configured on routers and operate on Layer 3 information. Port security is configured on switches and filters traffic based on the MAC address in the frame. An intrusion detection system (IDS) or intrusion prevention system (IPS) examines patterns detected across multiple packets. An IPS can take defensive action when a suspicious pattern of traffic is detected.

12.3.7 Which of the following defines an acceptable use agreement?

An agreement that identifies the employee's rights to use company property, such as internet access and computer equipment, for personal use. EXPLANATION The acceptable use agreement identifies the employee's rights to use company property, such as internet access and computer equipment, for personal use. The non-compete agreement prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization. The employee monitoring agreement outlines the organization's monitoring activities. The non-disclosure agreement is a legal contract between the organization and the employee that specifies that the employee is not to disclose the organization's confidential information.

Riser Space

An area that connects multiple floors where cables can be run. This area cannot be a plenum space.

Short

An electrical short occurs when electrical signals take a path other than the intended path. In the case of twisted pair wiring, a short means that a signal sent on one wire arrives on a different wire.

Environmental Monitor

An environmental monitor does what its name implies—it monitors the environmental conditions of a specific area or device.

You have a network that occupies both floors of a building. The WAN service provider has installed the line for the WAN service in a wiring closet on the main floor. You have a second wiring closet on the second floor directly above the wiring closet that holds the demarc. Which of the following terms describes the closet on the second floor?

An intermediate distribution frame (IDF) is a wiring distribution point within a building that is smaller than the MDF. IDFs are typically located on each floor directly above the MDF, but you can place additional IDFs on each floor as necessary.

Intranet

An intranet is a private network that uses internet technologies.

Open Circuit

An open circuit is when a cut in the wire prevents the original signal from reaching the end of the wire. An open circuit is different from a short in that the signal stops (electricity cannot flow because the path is disconnected).

You are working with an existing fiber optic installation in your building. You want to know the length of each cable that runs through the walls. Which tool should you use?

An optical time domain reflector (OTDR) sends light pulses on a cable to discover information about the cable. The results of this test can be used to:

5.8 You administer a network with Windows Server 2016 and UNIX servers and Windows 10 Professional, Windows 7, and Macintosh clients. A Windows 7 computer user calls you one day and says he is unable to access resources on the network. You type ipconfig on the user's computer and receive the following output: 0 Ethernet adapter: IP address. . . . . . . . . : 169.254.1.17Subnet Mask . . . . . . . . : 255.255.0.0Default Gateway . . . . . . : You also check your NIC and see the link light on. What might the problem be?

An unavailable DHCP server.

You administer a network with Windows Server 2016 and UNIX servers and Windows 10 Professional, Windows 7, and Macintosh clients. A Windows 7 computer user calls you one day and says he is unable to access resources on the network. You type ipconfig on the user's computer and receive the following output: 0 Ethernet adapter: IP address. . . . . . . . . : 169.254.1.17 Subnet Mask . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . : You also check your NIC and see the link light on. What might the problem be?

An unavailable DHCP server. EXPLANATION If a Windows 7 client computer is configured to use DHCP and cannot locate one to receive IP addressing information, it assigns itself an IP address from the APIPA (Automatic Private IP Addressing) range of IP addresses. APIPA addresses include IP addresses from 169.254.0.0 to 169.254.255.254 and are reserved for this purpose. A lit link light on your NIC indicates a connection to the network.

4.3 You are implementing a SOHO network for a local business. The ISP has already installed and connected a cable modem in the business. The business has four computers that need to communicate with each other and the internet. The ISP's cable modem has only one RJ45 port. You need to set up the network within the following parameters: You must spend as little money as possible. You must not purchase unnecessary equipment. Computers need to have a gigabit connection to the network. New devices should not require management or configuration. You examine each computer and notice only one of the four computers has a wireless NIC; they all have Ethernet NICs. What should you purchase?

An unmanaged switch and CAT 5e cabling. You should purchase an unmanaged switch and CAT 5e cabling. Switches offer guaranteed bandwidth to each switch port and full-duplex communication. Unmanaged switches are autonomous in their function, requiring no port management or configuration. CAT 5e cabling supports transfer speeds up to 1000 Mbps.

Crosstalk

An unwanted transfer of signals between communication channels.

Which type of polish grade uses green-colored connectors to help you keep from using the wrong connector type?

Angled Physical Contact (APC) connecters are colored green to differentiate them from non-APC connectors.

13.1.14 Which of the following inter-facility system would prevent an access cardholder from giving their card to someone after they have gained access?

Anti-passback system EXPLANATION An anti-passback system is used when a physical access token is required for entry, and prevents a card holder from passing their card back to someone else. A mantrap is a specialized entrance with two doors that creates a security buffer zone between two areas. Once a person enters into the space between the doors, both doors are locked. To enter the facility, authentication must be provided. This may include visual identification and identification credentials. A turnstile is a barrier that permits entry in only one direction. Turnstiles are often used to permit easy exit from a secure area. Entry is controlled through a mantrap or other system that requires authentication for entry. A double entry door has two doors that are locked from the outside but with crash bars on the inside that allow easy exit. Double entry doors are typically used only for emergency exits, and alarms sound when the doors are opened.

13.3.1 Which of the following statements about the use of anti-virus software is correct?

Anti-virus software should be configured to download updated virus definition files as soon as they become available. Anti-virus software is only effective against new viruses if it has the latest virus definition files installed. You should configure your anti-virus software to automatically download updated virus definition files as soon as they become available.

Match the networking function or device on the left with its associated OSI model layer on the right.

Application HTTP Presentation ASCII Session Session ID number Transport Port numbers Network Router Data Link Switch Physical Modem

13.8.5 You have just purchased a new network device and are getting ready to connect it to your network. Which of the following should you do to increase its security? (Select two.)

Apply all patches and updates Change default account passwords EXPLANATION To secure new devices, apply all recent patches and updates and change the default user account passwords. For some systems, you can also increase security by changing the default account usernames. Default account names and passwords are well known and can be easily discovered. A backdoor is an unprotected access method or pathway. Backdoors are added by attackers or programmers during development. Backdoors that are present on new devices are typically hard-coded and must be removed by editing the code. Privilege escalation allows a user to take advantage of a software bug or design flaw in an application to gain access to system resources or additional privileges that are typically not available to normal users. Separation of duties is the concept of requiring more than one person's participation to complete a task. This helps prevent insider attacks because no one person has end-to-end control and no one person is irreplaceable.

Which of the following is the best recommendation for applying hotfixes to your servers?

Apply only the hotfixes that apply to software running on your systems. EXPLANATION Be sure to test patches before applying patches within your organization. A common strategy is to: Apply and test patches in a lab environment. Deploy patches to a set of systems, such as a single department. Deploy patches system-wide. You do not necessarily need to install every hotfix, patch, or service pack that is released. For example, if a hotfix applies to a service that you have disabled on your servers, applying that hotfix is not required. Service packs typically include all hotfixes and patches that have been released up to that point in time.

DHCP Server

Assigns an IP address to a computer when it first attempts to initiate a connection to the network

Which of the following routing protocols is used by routers on the internet for learning and sharing routes?

BGP is the protocol used on the internet. ISPs use BGP to identify routes between ASs. Very large networks can use BGP internally, but typically only share routes on the internet if the AS has two (or more) connections to the internet through different ISPs.

You are working with an older 10Base2 Ethernet network. Which of the following connector types will you most likely encounter?

BNC EXPLANATION A 10Base2 Ethernet network (also called a Thinnet) is an older type of network that uses coaxial cables with BNC connectors for communication. F-type connectors are used for cable and satellite TV connections as well as broadband cable connections. RJ11 connectors are typically used for dial-up and DSL connections. ST connectors are used with fiber optic cables.

You provide IT support for a dentist's office. The office has a limited number of wireless clients, so a simple wireless router is used to provide Wi-Fi access. On your latest visit, you check the manufacturer's website and discover that an update has been released by the wireless router manufacturer. You decide to download and install the update. Click the option you should use in the wireless router's configuration interface to prepare the device for the update.

Backup configuration EXPLANATION Prior to applying the update, you should back up the wireless router's existing configuration. That way, you can restore the device to a working state in the event the update causes more problems than it solves. It's not necessary to disable wireless access to the device's web-based configuration interface prior to loading the update. Enabling the remote access option would allow the configuration interface to be accessed from the internet side of the router, which isn't necessary, and could introduce a significant security risk.

Decimal

Base 10 Numbering System

12.1.9 You are in the habit of regularly monitoring performance statistics for your devices. You find that this month, a specific server has averaged a higher number of active connections than last month. Which type of document should you update to reflect this change?

Baseline EXPLANATION A baseline is a snapshot of the performance statistics of the network or devices. The baseline is used as a logical basis for future comparison. Baselines enable you to effectively monitor the performance of your system to determine when changes negatively impact performance or when systems need upgrades or replacement. It is important to measure network performance at subsequent intervals to see how your server is performing compared to the baseline. Change or history documentation keeps track of changes to the configuration of a device or the network. For example, you might record a change in a network interface card in a device or a repair to a WAN link. Change documentation is useful for troubleshooting to identify what has been done to the device and keeps track of changes in the configuration, as well as the rationale behind those changes. Configuration documentation identifies specific configuration information for a device. For example, a configuration document for a firewall might include information about the IP addresses assigned to each interface and opened firewall ports. A wiring schematic is a type of network diagram that focuses on the physical connections between devices. A network diagram shows the logical and/or physical layout of your network.

12.1.1 You are concerned about the amount of traffic that passed through a router on your network. You want to see how the amount of traffic has changed over time. Which document would help you identify past average network traffic?

Baseline EXPLANATION A baseline is a snapshot of the performance statistics of the network or devices. The baseline is used as a logical basis for future comparison. Baselines enable you to effectively monitor the performance of your system to determine when changes negatively impact performance or when systems need upgrades or replacement. It is important to measure network performance at subsequent intervals to see how your server is performing compared to the baseline. Logs contain a record of events that have happened on a system. Logging capabilities are built into operating systems, services, and applications. Log entries are generated in response to configuration changes, changes in system state, or in response to network conditions. A network diagram shows the logical and/or physical layout of your network. The network diagram could be a collection of diagrams showing the location and IP addresses of hubs, switches, routers, and firewalls.

10.2.4 Your organization uses an 802.11b wireless network. Recently, other tenants installed the following equipment in your building: A wireless television distribution system running at 2.4 GHz A wireless phone system running at 5.8 GHz A wireless phone system running at 900 MHz An 802.11a wireless network running in the 5.725 - 5.850 GHz frequency range An 802.11j wireless network running in the 4.9 - 5.0 GHz frequency range Since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?

Because the 802.11b standard operates within the 2.4 GHz to 2.4835 GHz radio frequency range, the most likely culprit is the wireless TV distribution system.

4.4 You are moving a client to a new location within an Ethernet network. Previous to the move, the client system did not have difficulty accessing the network. During the relocation, you attach patch cables from the client system to the wall jack and from the patch panel to the switch. Once connected, you do not get a link light on the network card or the switch. You swap out the cable running between the patch panel and the switch with a known working one, but you still cannot connect. Which of the following might you suspect is the problem?

Because the client system previously worked in a different location, the issue is not likely related to the client system. The NIC and switch LEDs' failure to light indicate that there isn't an end-to-end connection between the client and the switch. This means that either the patch cable between the wall jack and the client is faulty or the cable between the patch panel and the switch faulty. The cable connecting the switch and the patch panel was verified, leaving the cable run between the wall jack and the client system.

4.4 You have just connected four new computer systems to an Ethernet switch using spare patch cables. After the installation, only three systems are able to access the network. You verify all client network settings and replace the network card in the failed system. The client is still unable to access the network. Which of the following might you suspect is the real cause of the problem?

Bent and damaged patch cables will prevent client systems from accessing the network. In this scenario, a faulty patch cable is the most likely cause of the connection failure. The easiest way to test this is to simply swap out the cable and try a known working UTP patch cable.

3.2 How do switches and bridges learn where devices are located on a network?

Bridges and switches learn addresses by copying the MAC address of the source device and placing it into the MAC address table. The port number that the frame entered is also recorded in the table and associated with the source MAC address.

13.4.4 Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?

Buffer overflow A buffer overflow occurs when software code receives more input than it was designed to handle and the code's programmer failed to include input validation checks. When a buffer overflow occurs, the extra data is pushed into the execution stack and processed with the security context of the system itself. In other words, a buffer overflow attack often allows the attacker to perform any operation on a system.

You are building a wireless network within and between two buildings. The buildings are separated by more than 3000 feet. The wireless network should meet the following requirements: Wireless data within Building 1 should be protected with the highest degree of security. Wireless data within Building 2 should be accessible and permitted by any wireless client. Wireless signals between Buildings 1 and 2 should be protected with the highest degree of security. Wireless signals within Buildings 1 and 2 should cover the whole structure, but not extend to the outside. For each location on the image below, you need to select the following: Antenna option Security option Drag the items from the list on the left to the location identifier on the right. Items may be used more than once. Not all items will be used.

Building 1 - Location A Right-facing directional antenna WPA2 with CCMP Building 1 - Location B Omni-directional antenna WPA2 with CCMP Building 1 - Location C Left-facing directional antenna WPA2 with CCMP Building 1 - Location D Right-facing high-gain directional antenna WPA2 with CCMP Building 2 - Location A Omni-directional antenna WEP with open authentication Building 2 - Location B Left-facing high-gain directional antenna WPA2 with CCMP

Coaxial cable (coax)

Bus Topology Uses 2 conductors Inner conductor PVC Mesh Shield PVC jacket resistant to EMI

Logical

Bus-Messages are sent to all devices connected to the bus. Ring-Messages are sent from device to device in a predetermined order until they reach the destination device. Star-Messages are sent directly to (and only to) the destination device. Mesh-Messages are sent from one device to the next until they reach the destination device.

Physical=Logical

Bus=Bus/Star Ring=Ring/Star Star=Star Mesh=Mesh

12.2.9 In business continuity planning, what is the primary focus of the scope?

Business processes EXPLANATION Business processes are the primary focus of the scope of BCP. Company assets are the focus of risk assessment for security policy development, not BCP. Human life and safety are considerations for emergency response, but are not the focus of the BCP scope. Recovery time objective is a consideration in the development of emergency response, not an aspect of BCP scope.

10.1.5 All of the 802.11 standards for wireless networking support which type of communication path sharing technology?

CSMA/CA EXPLANATION 802.11x standards for wireless networking all support the CSMA/CA (carrier sense multiple access with collision avoidance) type of communication path sharing technology. This CSMA/CA allows multiple baseband clients to share the same communication medium. CSMA/CA works as follows: The system asks for permission to transmit. A designated authority (such as a hub, router, or access point), grants access when the communication medium is free. The system transmits data and waits for an ACK (acknowledgment). If no ACK is received, the data is retransmitted. Polling is a mechanism where one system is labeled as the primary system. The primary system polls each secondary system in turn to inquire whether they have data to transmit. Token passing is a mechanism that uses a digital pass card. Only the system holding the token is allowed to communicate. CSMA/CD is the technology used by Ethernet. CSMA/CD works as follows: The system listens for traffic. If the line is clear, the system begins transmitting. During the transmission, the system listens for collisions. If no collisions are detected, the communication succeeds. If collisions are detected, an interrupt jam signal is broadcast to stop all transmissions. Each system waits a random amount of time before starting over at step 1.

11.1.15 Which of the following devices is used on a WAN to convert synchronous serial signals into digital signals?

CSU/DSU EXPLANATION A CSU/DSU is a device that converts the signal received from the WAN provider into a signal that can be used by equipment at the customer site. A CSU/DSU is composed of two separate devices. The CSU terminates the digital signal and provides error correction and line monitoring. The DSU converts the digital data into synchronous serial data for connection to a router. The CSU/DSU might be two separate devices, one combined device, or integrated into a router. A modem converts digital signals to analog signals. A proxy server is a type of firewall that can filter based on upper-layer data. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity.

RG6

Cable Tv/Sat TV Cable Modems 75 Ohms resistance

11.3.7 Which of the following services are available regardless of whether the telephone company network is available?

Cable modem EXPLANATION A cable modem is a network connectivity service provided by the cable television service provider. Cable modem operates by adding a bi-directional channel connected directly to an internet service provider (ISP) through cable TV lines. It does not depend on phone lines for the connection. Dial-up refers to internet access provided over the telephone company analog network by modems. Integrated Services Digital Network (ISDN) is a method for providing digital connectivity service through the telephone company network. ISDN can combine multiple channels consisting of voice and data simultaneously. DSL is a digital service provided by telephone service providers. All of these methods operate over regular phone lines.

You are making Ethernet drop cables using Cat5e cable and RJ45 connectors. You need to remove the plastic coating over the cable to expose the individual wires. Which tool should you use?

Cable stripper

Which of the following geographic network types is made up of an interconnection of LANs?

Campus Area Network (CAN)

4.1 The media access control method of all Ethernet networks is __________.

Carrier sense multiple access with collision detection (CSMA/CD) is the media access control method of all Ethernet networks.

4.2 Which of the following are requirements of the 1000BaseT Ethernet standards? (Select three.)

Cat 5e cabling The cable length must be less than or equal to 100m RJ45 connectors Gigabit Ethernet (1000BaseT) has similar requirements to 100BaseT with connectors, cabling, and distances. The network cards are simply designed to transfer data ten times as fast.

Which of the following cable types often includes a solid plastic core that keeps the twisted pairs separated?

Cat 6

Which cable type often includes a solid plastic core that keeps the twisted pairs separated?

Cat 6 cables include a solid plastic core that keeps the twisted pairs separated and prevents the cable from being bent too tightly.

12.1.12 You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?

Change management EXPLANATION A change and configuration management policy provides a structured approach to secure company assets and make changes to company assets. Change management: Establishes hardware, software, and infrastructure configurations that are to be deployed universally throughout the corporation. Tracks and documents significant changes to the infrastructure. Assesses the risk of implementing new processes, hardware, or software. Ensures that proper testing and approval processes are followed before changes are allowed. An acceptable use policy (AUP) identifies the employees' rights to use company property, such as internet access and computer equipment, for personal use. A resource allocation policy outlines how resources are allocated. Resources could include staffing, technology, or budgets. Service level agreements (SLAs), sometimes called maintenance contracts, guarantee a network client a certain quality of a service from the provider.

12.3.15 Which component of a change and configuration management policy identifies the need for a proposed change?

Change request EXPLANATION A change request identifies the need for a change. It also documents the specific change to be made. A feasibility analysis identifies technical and budgetary considerations associated with a proposed change. It should also identify any potential impacts to the network. In the event that a change unintentionally causes problems, your change and configuration management process should include provisions for a rollback. A rollback makes it possible to revert the system back to the state it was in before the change was put into effect. Authorized downtime defines a maintenance window during which the system will be unavailable while the change is made.

11.1.8 Which network type establishes a dedicated physical connection between two hosts in order to transmit time-sensitive data?

Circuit-switched EXPLANATION A circuit-switched network establishes a dedicated physical circuit between two hosts that need to transfer time sensitive data, such as real-time audio and video. No other network host may use the medium until the communication is complete. An example of a circuit-switched network is the public switched telephone network.

5.1 You manage a server that uses an IP address of 192.168.255.188 with a mask of 255.255.0.0. Which of the following describes the address type?

Classless -Because the IP address is not using the default subnet mask, it is using classless addressing. Classless addressing modifies the length of the subnet mask, using a custom mask value instead of the default subnet mask.

5.1 Which of the following terms are often synonymous with or made possible with CIDR? (Select two.)

Classless VLSM -Classless inter-domain routing (CIDR) allows non-default subnet masks (variable-length subnet masks, or VLSMs). Routers use the following information to identify networks: -The beginning network address in the range. -The number of bits used in the subnet mask.

You have implemented a network where hosts are assigned specific roles, such as file sharing and printing roles. Other hosts access those resources, but do not host services of their own. What type of network do you have?

Client-server

13.4.10 You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?

Client-side scripts JavaScript is an example of client-side scripting, where the client system runs the scripts that are embedded in web pages. When pages download, the scripts are executed. ActiveX runs executable code within a browser, but ActiveX controls are not written using the JavaScript language. Server-side scripts execute on the server and modify the Web pages served to clients based on the results of the scripts. The Common Gateway Interface (CGI) is scripting language that is often used to capture data from forms in a web page and pass the data to an external program. CGI runs on the server to process web form data.

8.3.10 When designing a firewall, what is the recommended approach for opening and closing ports?

Close all ports; open only ports required by applications inside the DMZ. When designing a firewall, the recommended practice is to close all ports and then only open the ports that allow the traffic that you want inside the DMZ or the private network. Ports 20, 21, 53, 80, and 443 are common ports that are opened, but the exact ports you will open depend on the services provided inside the DMZ.

9.5.3 Which of the following are true regarding cloud computing? (Select three.)

Cloud computing is software, data access, computation, and storage services provided to clients through the internet. Correct Answer: Typical cloud computing providers deliver common business applications online that are accessed from another web service or software like a web browser. Correct Answer: The term "cloud" is used as a synonym for the internet. EXPLANATION Cloud computing does not require end user knowledge of the physical location and configuration of the system that delivers the services. Other cloud computing details include the following: Cloud computing is software, data access, computation, and storage services provided to clients through the internet. The term "cloud "is used as a synonym for the internet based on the basic cloud drawing used to represent the telephone network infrastructure (and, later, the internet) in computer network diagrams. Typical cloud computing providers deliver common business applications online that are accessed from another web service or software like a web browser, while the software and data are stored on servers.

12.2.3 Which of the following network strategies connects multiple servers together so that if one server fails, the others immediately take over its tasks, preventing a disruption in service?

Clustering EXPLANATION Clustering connects multiple servers together using special software. If one of the servers in the cluster fails, the other servers immediately take over the tasks the failed server was working on, resulting in no downtime for the end user. Adapter bonding increases the fault tolerance of a single server system by implementing multiple network boards that function as a single adapter. Mirroring also increases fault tolerance by creating a mirror copy of the server hard drive on one or more other hard drives. Storage area networks are usually used in conjunction with clustering to provide a common disk system that all servers in the cluster share.

11.3.11 Which type of internet service uses the DOCSIS specification?

Coaxial cable EXPLANATION The Data Over Cable Service Interface Specification (DOCSIS) defines coaxial cable networking specifications. It is used by cable TV providers to provide internet access over their existing coaxial cable infrastructure. It specifies channel widths and modulation techniques. It also defines the manner in which the core components of the network communicate.

Which of the following cables offers the best protection against EMI?

Coaxial cable offers better protection against EMI than twisted pair cables. Coaxial cable has a mesh conductor, which provides a ground and protects against EMI.

BNC/RG-58

Coaxial ethernet network cabling

6.7.9 You manage a network with a single switch. On each switch port, a hub connects multiple devices to the switch. Which condition are you most likely to experience on the network?

Collisions

11.5.4 Consider the network shown in the exhibit. When you run the show interfaces command on switch1, you observe a significant number of runts on the Gi0/1 interface. What does this statistic indicate?

Collisions are occurring. EXPLANATION Runts are frames that are too small. (The minimum frame size required is 64 bytes.) This is commonly caused by collisions. In this scenario, the collisions are probably caused by a duplex mismatch error. EMI or cross-talk on UTP cabling usually causes CRC errors. Using the wrong type of cabling would cause the connection to go down.

12.3.2 Match each third-party integration phase on the left with the tasks that need to be completed during that phase on the right. Each phase may be used once, more than once, or not at all.

Communicate vulnerability assessment findings with the other party. Ongoing operations Disable VPN configurations that allow partner access to your network. Off-boarding Compare your organization's security policies with the partner's policies. Onboarding Disable the domain trust relationship between networks. Off-boarding Identify how privacy will be protected. Onboarding Draft an ISA. Onboarding Conduct regular security audits. Ongoing operations

13.8.4 As the victim of a Smurf attack, what protection measure is the most effective during the attack?

Communicating with your upstream provider EXPLANATION The most effective protection measure the victim of a Smurf attack can perform during an attack is to communicate with upstream providers. A simple phone call to request filtering on your behalf can weaken the effectiveness of a Smurf attack. Turning off the connection to the ISP will result in the same effect of the Smurf attack itself, denial of service. Whether you disconnect or the attack disconnects you, your network will be unable to use its internet pipeline. Blocking all attack vectors with firewall filters will usually result in a self-imposed denial of service since most Smurf attacks produce thousands of attack vectors for the inbound flooding packets. Updating your anti-virus software has no effect on a Smurf attack.

Which of the following are advantages of using fiber optic cabling for a network?

Compared to other types of cabling, fiber optic cabling allows greater cable distances without a repeater and is immune to electromagnetic interference. However, it is more costly, and specialized training and equipment is required for installation.

10.4.11 Match each wireless term or concept on the left with its associated description on the right. Each term may be used more than once; not all descriptions have a matching term.

Compares the level of the Wi-Fi signal to the level of background radio signals. Signal to noise ratio Checks channel utilization and identifies sources of RF inference. Spectrum analysis Identifies how strong a radio signal is at the receiver. Received signal level Causes multiple copies of the same radio signal to be received by the receiving antenna. Bounce Degrades wireless network performance. Device saturation You should be familiar with the following wireless networking concepts and terms: -Bounce can cause multiple copies (one from each path) of the same signal to be received by the receiving antenna. -Received Signal Level (RSL) identifies how strong the radio signal is at the receiver. The closer you are to the transmitter, the stronger the RSL. -Signal to Noise Ratio (SNR) compares the level of the wireless network signal (RSL) to the level of background noise. -A spectrum analysis is used to check channel utilization and to identify sources of RF inference at each location where you plan to deploy an access point. -Device saturation occurs when the wireless network is fully utilized and can no longer support additional wireless clients. Adding more clients can severely degrade network performance.

You are a network technician for a small corporate network. The company owner has asked you to connect a new workstation to the network while a new employee is in an orientation meeting. In this lab, your task is to: Connect the workstation in Office 1 to the Ethernet local area network using twisted pair cable. Confirm that the Office 1 workstation is connected to the local network and the internet.

Complete the following steps: 1 Under Office 1, select Hardware to go to the workstation. 2 Above the computer, select Back to switch to the back view of the computer. 3 On the Shelf, expand the Cables category. 4 Select the RJ45 cable. 5 In the Selected Component window, drag and drop the connector to the Ethernet port on the computer. 6 In the Selected Component window, drag the other connector to the Ethernet port on the wall outlet. 7 Select Click to view Windows 10 on the monitor to confirm that the workstation has a connection to the local network and the internet. 8 In the notification area, right-click the Network icon and select Open Network and Sharing Center. The diagram should indicate an active connection to the network and the internet.

2.5.6 Install a UPS You are the IT administrator for a small corporate network. The area around your office complex is under construction. The power company informed you that there may be short interruptions to electrical service that could last up to 15 minutes. You need to add a UPS to the workstation and monitor in Office 1 so that work can be saved in the event of an outage. A UPS protects against over and under-voltage conditions. The battery included with the UPS provides backup power in case the main power is lost. In this lab, your task is to complete the following: Add a UPS for your computer: Plug the UPS into the wall outlet and turn it on. Plug the computer and monitor power cables into the appropriate UPS outlets. Plug the printer into the appropriate UPS outlets. Connect the network cables through the UPS to the computer. The cable from the wall connects to the IN port. Connect the USB cable to the UPS and the computer.

Complete this lab as follows: Add a UPS to the Workspace as follows: On the Shelf, expand Outlets. Drag the UPS from the Shelf to the Workspace. Plug the UPS into the wall outlet and turn on the UPS as follows: Under Selected Components, drag the power plug to a power outlet on the wall plate. Click the power button on the UPS to turn on the battery backup. Plug the computer and monitor into the appropriate power outlets as follows: Under Partial Connections for the computer, select the power cord. Under Selected Component, drag the AC Power Connector (Male) to a battery backup outlet on the top of the UPS. Under Partial Connections for the monitor, select the power cord. Under Selected Component, drag the AC Power Connector (Male) to a battery backup outlet on the top of the UPS. Plug the printer into the appropriate power outlets as follows: Select the printer in the Workspace. Under Selected Component, drag AC Power Connector (Male) to a surge protected outlet on the bottom of the UPS. Printers typically require more power than can be supplied by the battery backup portion of a UPS. Connect to the network through the UPS as follows: Above the surge protector, select Side to switch to the side view of the UPS. Select the Cat6a cable connected to the network port on the wall plate. Drag the RJ45 Shielded Connector from the wall plate to the Network OUT port on the UPS to add protection to the network connection. The OUT port connects to the computer. On the Shelf, expand Cables. Select the Cat6a Cable. Under Selected Component, drag the RJ45 Shielded Connector to the Network IN port on the UPS. Under Selected Component, drag the unconnected RJ45 Shielded Connector to the network port on the wall plate. Connect the USB cable to the UPS and the computer as follows: Above the computer, select Back to switch to the back view of the computer. On the Shelf, select the USB cable. Under Selected Component, drag the USB Type B connector to the USB port on the UPS. Under Selected Component, drag USB Type A connector to an open USB port on the computer to allow the UPS to communicate with the computer. The USB cable allows the UPS to send signals to the computer to shut down when the battery is low. To verify the computer and monitor have power (optional): Above the computer, select Front to switch to the front view of the computer. Click the power button on the computer to maker sure it powers up.Click the power button on the monitor to make sure power is connected.If the UPS is on, you can disconnect the plug on the UPS from the wall to verify that the computer and the monitor remain on and have power from the battery.

You work as the IT administrator for a growing corporate network. You are in the process of creating an iSCSI storage area network (SAN) on the CorpiSCSI server. The server is currently connected to the network using an Ethernet cable. To increase the server's performance, you have decided to replace the existing Ethernet connection with a fiber optic connection. In this lab, your task is to complete the following: Connect the CorpiSCSI server to the switch using the appropriate fiber optic cable.Examine the port types on the switch.Examine the server's fiber optic NIC. When connecting the server, use the color coding on the end of the fiber optic cable to identify the Tx and Rx connection ends.Connector A (red) is Tx.Connector B (black) is Rx. Remove the server's previous Ethernet network connection and place the Ethernet cable on the Shelf. Verify that the server is connected to the network through the fiber optic connection.

Complete this lab as follows: 1 On the Shelf, expand the Cables category. 2 Drag the ST to LC fiber cable to the SFP 1 LC port on the switch. 3 In the Select Connector window, select the LC connector. 4 Above the rack, select Back to switch to the back view. 5 In the Selected Component pane, drag the ST Connector (A) to the Tx port on the CorpiSCSI server (the bottom server). 6 In the Selected Component pane, drag the ST Connector (B) to the Rx port on the CorpiSCSI server. 7 Disconnect the Cat5e Cable from the CorpiSCSI server as follows: 7a Drag the RJ45 connector from the back of the server to the Shelf. 7b Click the Front button above the rack. 7c Drag the highlighted RJ45 connector from the switch to the Shelf. 8 On the CorpiSCSI's monitor, select Click to view Windows Server 2016 (right-most monitor). 9 In the notification area, right-click the Network icon and select Open Network and Sharing Center. 10 Select Change adapter settings. 11 Verify that Ethernet 3 is connected to CorpNet.com. 12 Click Done to finish the lab.

You are a network technician for a small corporate network. Today you moved an unused workstation to the IT Administration office, and now you need to connect the computer to the Ethernet local area network and the internet. In this lab, your task is to connect the workstation to the wired network as follows: In the Networking Closet, use the appropriate twisted pair cable to make a connection between the patch panel and switch.Use port IT Adm on the patch panel.Use port 5 on the switch. In the IT Administration office:Connect the ITAdmin workstation to the local area network using the appropriate twisted pair cable.Configure ITAdmin to obtain IP and DNS addresses automatically from the server on the local network.Use the Network and Sharing Center to confirm that the workstation is properly connected to the local area network and the internet.

Complete this lab as follows: In the Networking Closet, connect the patch panel and switch as follows:On the Shelf, expand Cables.Select the Ethernet twisted pair cable.In the Selected Component pane, drag the connector to the IT Adm port on the patch panel.In the Selected Component pane, drag the other connector to port 5 on the switch (top row, fifth column from the left). Connect the ITAdmin workstation to the local area network as follows:From the navigation menu at the top, select Floor 1 Overview.In the IT Administration office, select Hardware.Above the computer, select Back to switch to the back view of the computer.On the Shelf, expand Cables.Select the Ethernet twisted pair cable.In the Selected Component pane, drag the connector to the Ethernet port on the computer.In the Selected Component pane, drag the other connector to the Ethernet port on the wall outlet. Configure the workstation to obtain IP and DNS addresses automatically from the server on the network as follows:On the ITAdmin monitor, select Click to view Windows 10.In the notification area, right-click the Network icon and select Open Network and Sharing Center. The Network and Sharing Center should indicate a bad connection to the internet.Select Ethernet.Select Properties.Select Internet Protocol Version 4 (TCP/IPv4).Select Properties.Select Obtain an IP address automatically.Select Obtain DNS server address automatically.Click OK.Click Close.Click Close.Open the Network and Sharing Center to confirm the connection to the network and the internet for the workstation. The Network and Sharing Center should indicate an active connection to the local network and the in

3.13.7 Select and Install a Sound Card You work at a computer repair store. A customer wants you to install a new sound card into his computer to run his home theater system. Currently, the computer uses the sound card built into the motherboard. You need to upgrade the computer with a better sound card that installs into an expansion card slot. In this lab, your task is to complete the following: Install the sound card with the optical output. View the Details for each card to identify the card with an optical audio connector. Boot into the BIOS and disable the onboard sound card. Boot into Windows and verify that the new sound card is recognized and the onboard sound card does not appear in Device Manager.

Complete this lab as follows: Install the sound card with the optical output as follows: On the Shelf, expand Sound Cards. Select a sound card. Select Details. Select Connectors to identify the sound card with the optical input. Close Details. Repeat steps 1b-1e for each sound card. Above the computer, select Motherboard to switch to the motherboard view. Drag the PCIe sound card to an open expansion slot on the motherboard. Boot into the BIOS and disable the onboard sound card as follows: Above the computer, select Front to switch to the front view of the computer. Click the power button on the computer. As the BIOS loads, press the F2 key to enter the BIOS setup program. From the left menu, expand System Configuration. Select Audio. Unmark Enable Audio. Select Apply. At the bottom of the window, select Send+Ctrl+Alt+Del. Verify that the new sound card is recognized and the onboard sound card does not appear in Device Manager as follows: Right-click Start and select Device Manager. Expand Sound, video and game controllers. Verify that the SoundMAX Integrated Digital Audio onboard audio card does not show and that the new SoundBlaster X-FI card does show.

Actions you were required to perform: Enable all of the ports to other devicesShow Details Enable the link between two of the three switches to prevent a switching loop

Complete this lab as follows: Select the internet and LAN ports on the router to enable the ports. Repeat step 1 for all of the ports on Switch1, Switch2, and Switch3. To prevent a switching loop, disable at least one of the redundant connections on a switch.

12.1.7 You want to make sure that the correct ports on a firewall are open or closed. Which document should you check?

Configuration documentation EXPLANATION Configuration documentation identifies specific configuration information for a device. For example, a configuration document for a firewall might include information about the IP addresses assigned to each interface and opened firewall ports. Configuration documentation has two goals: Document the configuration so that the device can be restored to the original configuration. Document the configuration so that the current configuration can be compared to the desired configuration. A wiring schematic is a type of network diagram that focuses on the physical connections between devices. A baseline is a snapshot of the performance statistics of the network or devices. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached.

10.3.4 You have configured a wireless access point to create a small network. For security, you have disabled SSID broadcast. From a client computer, you try to browse to find the access point. You see some other wireless networks in the area, but cannot see your network. What should you do?

Configure a profile on the wireless client. When the SSID broadcast is turned off, you must manually configure a profile on the client computer to identify the SSID of the access point. If you disable the SSID broadcast, you must statically configure wireless devices with the SSID before they can connect because they will be unable to dynamically detect the SSID. A beacon is a frame that the access point sends out periodically. When you turn off SSID broadcast, you prevent the access point from including the SSID in the beacon. On the client, the channel is typically detected automatically and is configured to match the channel used by the access point. In this scenario, the wireless card on the client is already enabled because you can see other wireless networks in the area.

You are the network administrator for a city library. Throughout the library, there are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do to fix this problem?

Configure port security on the switch. EXPLANATION Configuring port security on the switch can restrict access so that only specific MAC addresses can connect to the configured switch port. This would prevent the laptop computers from being permitted connectivity. Placing each library computer on its own access port would have no affect. VLANs are used to group broadcast traffic and do not restrict device connectivity as this scenario requires.

8.2.3 You recently installed a new all-in-one security appliance in a remote office. You are in the process of configuring the device. You need to: Increase the security of the device. Enable remote management from the main office. Allow users to be managed through Active Directory. You want to configure the device so you can access it from the main office. You also want to make sure the device is as secure as possible. Which of the following tasks should you carry out? (Select two.)

Configure the device's authentication type to use Active Directory. Change the default username and password. When configuring a new all-in-one security appliance, the first thing you should do is change the default username and password. The device's default login credentials can be found on the internet and used to access the device. Most all-in-one security appliances can be integrated with a centralized authentication method, such as Active Directory. This is done in the domain configuration. Denying login from the WAN interface or all external IP addresses would not allow you to remotely manage the device from your main office. Groups are used by the device only and are not used by an authentication server. Creating an Active Directory group would not allow centralized user management.

11.4.2 You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following is a required part of your configuration?

Configure the remote access servers as RADIUS clients.

13.3.13 To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again?

Configure the software to automatically download the virus definition files as soon as they become available. Anti-malware software is most effective if it has the latest virus definition files installed. Instead of manually updating the signature files, you should configure the software to automatically download updated virus definition files as soon as they become available. Use sfc.exe to repair infected files after malware has caused the damage. Using a different anti-virus software might help, but will not resolve the problem if you don't get the latest definition files.

You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two.)

Control access to the work area with locking doors and card readers. Relocate the switch to the locked server closet.

13.1.2 You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two.)

Control access to the work area with locking doors and card readers. Relocate the switch to the locked server closet. EXPLANATION In this scenario, you should recommend the client make the following changes: Relocate the switch to the locked server closet. Keeping it in a cubicle could allow an attacker to configure port mirroring on the switch and capture network traffic. Control access to the work area with locking doors and card readers. Controlling access to the building is critical for preventing unauthorized people from gaining access to computers. In this scenario, you were able to walk unescorted into the work area without any kind of physical access control other than the receptionist. Because the office manager will control who has access to the server closet key, it isn't necessary to implement a card reader on the server closet door. Using tape drives instead of hard disks wouldn't increase the security of the backups. Using separate perimeter security devices instead of an all-in-one device would be unlikely to increase the security of the network.

13.4.6 Which of the following is a text file that a website stores on a client's hard drive to track and record information about the user?

Cookie A cookie is a text file that a website provides to a client that is stored on a user's hard drive to track and record information about the user. Mobile code is self-contained software that is transferred to a web client to be executed. It allows client-side execution of web applications. A certificate is a digital proof of identity used to establish or verify a user's identity over a network or the internet. A digital signature is a cryptographic tool that is used to prove who a message is from and that the contents of the message did not change or become altered while in transit.

You have a computer that is connected to the internet through a NAT router. You want to use a private addressing scheme for your computer. Which of the following IP addresses could you assign to the computer? (Select all that apply.)

Correct Answer: 192.168.12.253 Correct Answer: 10.0.12.15 Correct Answer: 172.18.188.67 Of the addresses listed here, the following are in the private IP address ranges: 10.0.12.15 (private range = 10.0.0.0 to 10.255.255.255) 172.18.188.67 (private range = 172.16.0.0 to 172.31.255.255) 192.168.12.253 (private range = 192.168.0.0 to 192.168.255.255)

10.2.5 Which of the following are frequencies defined by 802.11 committees for wireless networking? (Select two.)

Correct Answer: 2.4 GHz Correct Answer: 5.75 GHz 802.11 specifications for wireless include standards for operating in the 2.4 GHz range (802.11b, 802.11g, and 802.11n) and the 5.75 GHz range (802.11a and dual-band devices using 802.11n)

10.7.11 After installing a new 2.4Ghz cordless phone system in your office, you notice that wireless network performance is adversely affected. Which of the following wireless networking standards are you most likely using? (Select two.)

Correct Answer: 802.11g Correct Answer: 802.11b EXPLANATION Both the 802.11b and 802.11g wireless networking standards use the 2.4Ghz frequency range. A cordless phone system on the same frequency range may affect the performance of the wireless network. 802.11a uses the 5Ghz frequency range, so it would not be affected by a cordless phone system that uses the 2.4Ghz frequency range. Bluetooth does use the 2.4Ghz frequency range, but is used more widely as a mechanism to connect consumer electronic devices like personal digital assistants (PDAs), cameras, and phones, rather than as a wireless local area networking (LAN) method.

10.6.7 You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the following components will be part of your design? (Select two.)

Correct Answer: AES encryption Correct Answer: 802.1x To configure WPA2 Enterprise, you need a RADIUS server to support 802.1x authentication. WPA2 uses AES for encryption.

13.5.7 Which of the following actions typically involves the use of 802.1x authentication? (Select two.)

Correct Answer: Allowing authenticated users full access to the network Correct Answer: Enabling or disabling traffic on a port EXPLANATION 802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. The access point enables or disables traffic on the port based on the authentication status of the user. Authenticated users are allowed full access to the network while unauthenticated users only have access to the RADIUS server. Remote access authentication is handled by remote access servers or a combination of remote access servers and a RADIUS server. VPN connections can be controlled by remote access servers or by a special device called a VPN concentrator.

11.4.3 Which of the following are characteristics of TACACS+? (Select two.)

Correct Answer: Allows the possibility of three different servers, one each for authentication, authorization, and accounting. Correct Answer: Uses TCP.

12.3.9 Which of the following are typically associated with human resource security policies? (Select two.)

Correct Answer: Background checks Correct Answer: Termination EXPLANATION Human resource policies related to security might include the following: Hiring policies, which identify processes to follow before hiring. For example, the policy might specify that pre-employment screening include a background check. Termination policies and procedures, which identify processes to be implemented when terminating employees. A requirement for job rotation, which cross-trains individuals and rotates users between positions on a regular basis. A requirement for mandatory vacations, which require employees to take vacations of specified length. Service level agreements (SLAs), sometimes called maintenance contracts, guarantee a subscriber a certain quality of a service from a network service provider. Password policies detail passwords requirements for the organization. A change and configuration management policy provides a structured approach to securing company assets and making changes.

8.2.2 Which of the following features are common functions of an all-in-one security appliance? (Select two.)

Correct Answer: Bandwidth shaping Correct Answer: Spam filtering All-in-one security appliances combine many security functions into a single device. Security functions in an all-in-one security appliance can include: Spam filter URL filter Web content filter Malware inspection Intrusion detection system In addition to security functions, all-in-one security appliances can include: Network switch Router Firewall TX uplink (integrated CSU/DSU) Bandwidth shaping

10.7.6 You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using? (Select two.)

Correct Answer: Bluetooth Correct Answer: 802.11b EXPLANATION Both the 802.11b and Bluetooth wireless standards use the 2.4 GHz RF range to transmit data. Cordless phones that operate at the same frequency can cause interference on the wireless network. Other devices, such as microwaves and electrical devices, may also cause interference. 802.11a uses the 5 GHz radio frequency, so they would not be affected by the 2.4 GHz phones used in the office. Infrared uses a light beam to connect computer and peripheral devices to create a personal area network (PAN).

9.3.4 Which of the following are advantages of virtualization? (Select two.)

Correct Answer: Centralized administration Correct Answer: Easy system migration to different hardware EXPLANATION Virtualization allows a single physical machine (known as the host operating system) to run multiple virtual machines (known as the guest operating systems). The virtual machines appear to be self-contained and autonomous systems. Advantages of virtualization include: Server consolidation The ability to migrate systems between different hardware Centralized management of multiple systems Increased utilization of hardware resources Isolation of systems and applications Disadvantages of virtualization include: A compromise in the host system could affect multiple guest systems. A failure in a shared hardware resource could affect multiple systems.

11.5.5 You are reviewing the output of the show interfaces command for the Gi0/1 interface on a switch. You notice a significant number of CRC errors displayed. What are the most likely causes? (Select two. Each response is a complete solution.)

Correct Answer: Collisions. Correct Answer: EMI or cross-talk on the cable connected to the interface. EXPLANATION CRC errors are received frames that did not pass the FCS check. These are usually caused by collisions, but they can also be caused by EMI or cross-talk on UTP cabling. All of these conditions can damage frames on the wire, causing a CRC error. Using the wrong type of cabling would cause the link to go down. A disabled interface on the other end of the cable would also cause the link to go down.

10.6.9 You are the wireless network administrator for your organization. As the size of the organization has grown, you've decided to upgrade your wireless network to use 802.1x authentication instead of using preshared keys. To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. What should you do? (Select two. Each response is a part of the complete solution.)

Correct Answer: Configure the RADIUS server with a server certificate. Correct Answer: Configure all wireless access points with client certificates. When using 802.1x authentication for wireless networks, a RADIUS server is implemented to centralize authentication. A centralized authentication database is used to allow wireless clients to roam between cells and authenticate to each using the same account information. PKI is required for issuing certificates. At a minimum, the RADIUS server must have a server certificate; however, to support mutual authentication, each RADIUS client must also have a certificate. Remember that each wireless access point in a RADIUS solution is a RADIUS client, not the wireless devices. The wireless access points forward the credentials from wireless devices to the RADIUS server for authentication. Preshared keys are not used for authentication in an 802.1x solution.

9.4.4 You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating system versions and editions. Currently, all of your testing virtual machines are connected to the production network through the hypervisor's network interface. You are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent problems, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select two. Each response is one part of the complete solution.)

Correct Answer: Connect the virtual network interfaces in the virtual machines to the virtual switch. Correct Answer: Create a new virtual switch configured for host-only (internal) networking. EXPLANATION To allow the virtual machines to communicate with each other while isolating them from the production network, complete the following: Create a new virtual switch configured for host-only (internal) networking. Connect the virtual network interfaces in the virtual machines to the virtual switch. Creating a bridged virtual switch would still allow the virtual machines to communicate on the production network through the hypervisor's network interface. Disconnecting the hypervisor's network cable, blocking the virtual machine's MAC addresses, or disabling the hypervisor's switch port would isolate the virtual machines from the production network, but would also prevent them from communicating with each other.

9.4.6 You are responsible for maintaining Windows workstation operating systems in your organization. Recently, an update from Microsoft was automatically installed on your workstations that caused an in-house application to stop working. To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed on production workstations. Currently, none of your testing virtual machines has a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates. What should you do? (Select two. Each response is one part of the complete solution.)

Correct Answer: Create a new virtual switch configured for bridged (external) networking. Correct Answer: Connect the virtual network interfaces in the virtual machines to the virtual switch. EXPLANATION To allow the virtual machines to communicate with the Microsoft update servers on the internet, complete the following: Create a new virtual switch configured for bridged (external) networking. Connect the virtual network interfaces in the virtual machines to the virtual switch. Creating an internal or host-only virtual switch would not allow the virtual machines to communicate on the production network through the hypervisor's network interface. Disabling the hypervisor's switch port would also isolate the virtual machines from the production network.

13.3.9 An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used in this scenario? (Select two. Both responses are different names for the same exploit.)

Correct Answer: DNS poisoning Correct Answer: Pharming

10.6.11 You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. What type of wireless antennae should you use on each side of the link? (Select two.)

Correct Answer: Directional Correct Answer: High-gain

13.1.10 Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry? (Select two.)

Correct Answer: Double-entry door Correct Answer: Turnstile EXPLANATION A double entry door has two doors that are locked from the outside but with crash bars on the inside that allow easy exit. Double entry doors are typically used only for emergency exits, and alarms sound when the doors are opened. A turnstile is a barrier that permits entry in only one direction. Turnstiles are often used to permit easy exit from a secure area. Entry is controlled through a mantrap or other system that requires authentication for entry. A mantrap is a specialized entrance with two doors that creates a security buffer zone between two areas. Once a person enters into the space between the doors, both doors are locked. To enter the facility, authentication must be provided. This may include visual identification and identification credentials. An anti-passback system is used when a physical access token is required for entry, and prevents a card holder from passing their card back to someone else. A Pan Tilt Zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas to monitor.

13.5.4 You want to implement an authentication method that uses public and private key pairs. Which authentication method should you use?

Correct Answer: EAP EXPLANATION Public and private key pairs are used by certificates for authentication and encryption. Extensible authentication protocol (EAP) allows the client and server to negotiate the characteristics of authentication. EAP is used to allow authentication using smart cards, biometrics (user physical characteristics), and certificate-based authentication. MS-CHAP is Microsoft's proprietary method for remote access connections. MS-CHAP uses a three-way handshake (challenge/response) to perform authentication using a hashed form of a shared secret (password). A Public Key Infrastructure (PKI) is a system of certificate authorities that issue certificates, but is not a mechanism used for authentication. IPsec is a tunneling protocol used for VPN connections that provides encryption and a weak form of authentication using certificates, but is not used specifically for authentication.

13.3.14 You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.)

Correct Answer: Educate users about malware. Correct Answer: Schedule regular full system scans. You should schedule regular full system scans to look for any malware. In addition, educate users about the dangers of downloading software and the importance of anti-malware protections.

10.6.15 Which of the following protocols or mechanisms is used to provide security on a wireless network? (Select three.)

Correct Answer: IPsec Correct Answer: WPA Correct Answer: 802.1x Remote Desktop Protocol (RDP) is used by Microsoft Windows Terminal Services applications, such as Remote Desktop. It is not used to provide security on wireless networks.

11.5.6 A workstation is connected to a switch on the Gi 0/2 interface using a straight-through cable. The Ethernet interface in the workstation has been manually configured to use a 100 Mbps link speed in full-duplex mode. Which of the following are true in this scenario? (Select three.)

Correct Answer: If the link speed is 1000 Mbps or faster, full-duplex is used. Correct Answer: If the link speed is 10 Mbps or 100 Mbps, half-duplex is used. Correct Answer: The switch attempts to sense the link speed. If it can't, the slowest link speed supported on the interface is selected. EXPLANATION By default, the link speed and duplex configuration for Ethernet interfaces in Cisco devices are set using IEEE 802.3u auto-negotiation. The interface negotiates with remote devices to determine the correct settings. However, auto-negotiation can be disabled on the Cisco device and/or other Ethernet network hosts. When this happens, devices with auto-negotiation enabled try to negotiate link speed and duplexing, but get no response. When auto-negotiation fails, Cisco devices that have auto-negotiation enabled default to the following: If possible, the interface attempts to sense the link speed. If this is not possible, the slowest link speed supported on the interface is used, which is usually 10 Mbps. If the selected link speed is 10 Mbps or 100 Mbps, then half-duplex is used. If it is 1000 Mbps or faster, then full-duplex is used. In this situation, link speed and duplex mismatches are likely to occur between network devices on the same link. When this happens, the link will probably be established and the interface will be in an up/up state, but it will perform very poorly.

9.4.8 You want to be able to monitor and filter VM-to-VM traffic within a virtual network. What should you do?

Correct Answer: Implement a virtual firewall within the hypervisor. EXPLANATION Virtualized hosts are susceptible to the same network exploits as physical network hosts and need to be protected by a firewall. By implementing a virtual firewall within the hypervisor itself, you can monitor and filter traffic on the virtual network as it flows between virtual machines. While routing VM-to-VM traffic through a physical firewall would work, it is very inefficient. A virtual router with VRF is used to create multiple networks from a single router interface. Configuring VLAN membership would not allow you to monitor and filter traffic.

11.3.14 Which of the following cellular network types use MIMO to increase 3G data throughput? (Select two.)

Correct Answer: LTE Correct Answer: HSPA+ EXPLANATION Both HSPA+ and LTE are 3G extensions that use multiple-input and multiple-output (MIMO) to increase bandwidth. EDGE was an intermediary network between 2G and 3G networks. WiMAX is a 4G specification that delivers high-speed internet service to large geographical areas. CDMA2000 is a 3G technology that adds additional traffic channels to increase bandwidth.

9.4.7 What key advantage does a virtual router have over a physical router?

Correct Answer: Multiple networks can be connected to a single interface. EXPLANATION The key advantage of a virtual router is that it can support multiple networks on a single router interface. It does this by using a different routing table for each network. Physical routers are limited to a single network on each interface. Like physical routers, virtual routers use routing protocols to route data between networks. The virtual router redundancy protocol is used by physical routers to specify backup routers in the case of a failure. Virtual routers do not offer significant performance increases.

9.4.9 Which of the following statements about virtual NICs are true? (Select two.)

Correct Answer: Multiple virtual NICs can be added to a virtual machine. Correct Answer: Virtual NICs need the appropriate driver installed to function. EXPLANATION Within each virtual machine, you can configure one or more virtual network interfaces, which function similarly to physical network interfaces. Virtual interfaces use Ethernet standards to transmit and receive frames on the network. The operating system within the virtual machine must have the appropriate driver installed to support the virtual network interface, just as with a physical network interface. When you configure a virtual network interface within a virtual machine's configuration, you can specify: The type of physical network interface to emulate. This allows the best possible driver support from the operating system within the virtual machine. A MAC address. Most hypervisors automatically assign a MAC address to each virtual network interface. Some hypervisors allow you to use a custom MAC address if needed. The network to connect to. Most hypervisors allow you to define many different virtual networks. When you configure a virtual network interface, you will select which virtual network you want it to be connected to.

11.1.12 Which of the following describe the channels and data transfer rates used for ISDN BRI? (Select two.)

Correct Answer: One D channel operating at 16 Kbps Correct Answer: Two B channels operating at 64 Kbps each EXPLANATION ISDN BRI uses two B channels operating at 64 Kbps each and one D channel operating at 16 Kbps. It is often called 2B + 1D. ISDN PRI uses 23 B channels (at 64 Kbps) and one D channel (at 64 Kbps). It is also called 23B + 1D.

11.1.6 Which of the following are the the WAN service provider's responsibility to maintain? (Select three.)

Correct Answer: PSE Correct Answer: Local loop Correct Answer: CO EXPLANATION WAN service providers are responsible for: Packet switching exchange (PSE)—equipment inside the WAN cloud. Central office (CO)—equipment that allows access to the PSE. Local loop—wiring that connects the customer to the CO. Customers are responsible for: Customer premises equipment (CPE)—any equipment at the customer site. Data terminal equipment (DTE)—devices that send local data to the WAN.

10.6.13 An attacker is trying to compromise a wireless network that has been secured using WPA2-PSK and AES. She first tried using AirSnort to capture packets, but found that she couldn't break the encryption. As an alternative, she used software to configure her laptop to function as an access point. She configured the fake access point with the same SSID as the wireless network she is trying to break into. When wireless clients connect to her access point, she presents them with a web page asking them to enter the WPA2 passphrase. When they do, she then uses it to connect a wireless client to the real access point. Which attack techniques did the attacker use in this scenario? (Select two.)

Correct Answer: Pharming Correct Answer: Evil twin The attacker in this scenario used the following attack techniques: Evil twin: In this exploit, an attacker near a valid wireless access point installs an access point with the same (or similar) SSID. Pharming: In this exploit, the access point is configured to display a bogus web page that prompts for credentials, allowing the attacker to steal those credentials. Denial of service attacks overload a target system to the point that it can no longer perform its desired function on the network. A man-in-the-middle attack occurs when the attacker gets in between a sender and receiver, posing as the sender to the receiver and as the receiver to the sender. A Smurf attack is a type of denial of service attack that uses spoofed ICMP echo response packets from an amplifier network to overload a target host.

10.6.14 You want to connect your client computer to a wireless access point that is connected to your wired network at work. The network administrator tells you that the access point is configured to use WPA2 Personal with the strongest encryption method possible. SSID broadcast is turned off. Which of the following must you configure manually on the client? (Select three.)

Correct Answer: Preshared key Correct Answer: AES Correct Answer: SSID WPA2 Personal uses a shared key for authentication. Once authenticated, dynamic keys are generated to be used for encryption. WPA2 supports AES and TKIP encryption, with AES being the stronger encryption method. With the SSID broadcast turned off, you will need to manually configure the SSID on the client.

13.4.2 user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. The computer runs Windows 7. When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. At his first logon, Bob is prompted to change his password, so he changes it to Fido, the name of his dog. What should you do to increase the security of Bob's account? (Select two.)

Correct Answer: Require users to set a stronger password upon initial logon. Correct Answer: Train users not to use passwords that are easy to guess.

10.7.14 Mobile devices in your organization use the access points shown in the figure below to connect to your wireless network. Recently, a catastrophic early morning power surge occurred. It was followed by an outage that lasted longer than your backup equipment could supply temporary power. After you powered the equipment back on, everything initially appeared to work correctly. However, ever since this event, some mobile users report that wireless network connections sometimes get dropped or perform very poorly. What should you do? (Select two.)

Correct Answer: Set access point B to use 802.11n wireless networking. Set the channel used by access point B to 11. EXPLANATION During the power surge and/or power outage, some of the configuration settings on access point B were lost or reset to default values. To fix the issues users are experiencing, you need to: Set access point B to use 802.11n wireless networking. This will rectify the poor performance users are experiencing while accessing the wireless network through access point B. Set the channel used by access point B to 11. 2.4 GHz channels overlap. In this scenario, the channel used by access point B (4) overlaps with the channels used by access points A (1) and C (6). This will rectify the dropped connections users are experiencing. Channels 5, 7, and 8 overlap with channel 6, so setting any access point to these channels will cause a conflict with access point C. Using the same SSID on all access points allows users to roam about the facility and stay connected to the same wireless network. While using 802.1x authentication would make the wireless network more secure, it will not address the issues users are experiencing. Configuring access points A and C to use 802.11b will cause all users to experience poor network performance.

8.3.5 You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply.)

Correct Answer: Source address of a packet Correct Answer: Destination address of a packet Correct Answer: Port number Firewalls allow you to filter by IP address and port number.

11.3.9 Which of the following are characteristics of VDSL? (Select two.)

Correct Answer: Supports both data and voice at the same time Correct Answer: Unequal download and upload speeds EXPLANATION Very High DSL (VDSL or VHDSL) is similar to asymmetrical DSL, but has higher speeds. Speeds can be up to 52 Mbps downstream and 12-16 Mbps upstream, depending on the distance. Newer VDSL2 provides up to 100 Mbps at a distance of 300 meters. Because both voice and digital data are supported on the same line at the same time, splitters are required. Symmetrical DSL (SDSL) provides equal download and upload speeds. The entire line is used for data; simultaneous voice and data is not supported. Splitters are not required because voice traffic does not exist on the line.

When would you typically use an RJ11 connector?

Correct Answer: When connecting a phone to a phone line

You have decided to implement Gigabit Ethernet on your network. Each switch port is connected to a single device. Following the installation, you find one device connected to a switch that is only running at 100 Mbps. Which of the following are likely causes?

Crosstalk EXPLANATION Crosstalk is interference caused by signals within the twisted pairs of wires. For example, current flow on one wire causes a current flow on a different wire. Crosstalk and other miswiring problems typically mean that a cable does not operate at the desired standard. Use a cable certifier to verify that that cable is properly configured to support the rated speed. A short is where the signal is received on an incorrect wire. A short will typically mean the cable does not work at all or communications are very limited and extremely slow. Collisions are eliminated when you connect a single device to each switch port. A switching loop occurs when there are multiple active paths between two switches. Switching loops lead to incorrect entries in a MAC address table, making it appear that a device is connected to the wrong port and causing unicast traffic to circulate in a loop between switches. VLANs create logical groupings of computers based on switch port. Because devices on one VLAN cannot communicate with devices in different VLANs, incorrectly assigning a port to a VLAN might prevent a device from communicating through the switch.

3.2 A switch is associated with which OSI model layer?

DATA LINK

5.3 You have a TCP/IP network with 50 hosts. There have been inconsistent communication problems between hosts. You run a protocol analyzer and discover that two hosts have the same IP address assigned. Which protocol can you implement on your network to help prevent problems such as this?

DHCP -You can use the dynamic host configuration protocol (DHCP) to set up a DHCP server that will assign IP addresses automatically to network hosts. DHCP servers will not assign the same IP address to two different hosts.

5.3 You have a network with 50 workstations. You want to automatically configure workstations with the IP address, subnet mask, and default gateway values. Which device should you use?

DHCP server -Use a DHCP server to deliver configuration information to hosts automatically. Using DHCP is easier than configuring each host manually.

A network switch detects a DHCP frame on the LAN that appears to have come from a DHCP server that is not located on the local network. In fact, it appears to have originated from outside the organization's firewall. As a result, the switch drops the DHCP message from that server. Which security feature was enabled on the switch to accomplish this?

DHCP snooping EXPLANATION Some switches provide DHCP snooping as a security feature. DHCP snooping filters untrusted DHCP messages. An untrusted DHCP message is received from outside the network or firewall. DHCP snooping acts like a firewall between DHCP clients and your DHCP servers. The switch maintains a DHCP snooping binding table that matches MAC addresses with DHCP messages. When DHCP snooping is enabled, the switch drops DHCP messages if the frame from the DHCP server is received from outside the network or firewall. It also drops DHCP messages if the source MAC address and the DHCP client MAC address do not match in the DHCP snooping binding table. IGMP snooping allows a switch to control which ports get IGMP traffic for a specific group. Port security restricts which hosts can connect to a switch port based on MAC addresses. Dynamic ARP Inspection is designed to prevent man-in-the middle attacks by validating ARP packets on the network.

5.5 You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. Which protocol should you implement?

DNS DNS is a system that is distributed throughout the internetwork to provide address/name resolution. For example, the name www.mydomain.com would be identified with a specific IP address.

13.3.15 While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred?

DNS poisoning Because the correct site shows when you use the IP address, you know that the main website is still functional and that the problem is likely caused by an incorrect domain name mapping. DNS poisoning occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses. In a DNS poisoning attack: Incorrect DNS data is introduced into the cache of a primary DNS server. The incorrect mapping is made available to client applications through the resolver.

5.5 You need to enable hosts on your network to find the IP address of logical names such as srv1.myserver.com. Which device would you use?

DNS server Use a DNS server to provide host-name-to-IP-address resolution.

10.1.4 Which wireless networking component is used to connect multiple APs together?

DS EXPLANATION The distribution system (DS) is the backbone or LAN that connects multiple APs (and BSSs) together. The DS allows wireless clients to communicate with the wired network and with wireless clients in other cells. An IBSS is a set of STAs configured in ad hoc mode. A BSS, or cell, is the smallest unit of a wireless network. An STA is a wireless NIC in an end device such as a laptop or wireless PDA. The term STA often refers to the device itself, not just the NIC.

Which wireless networking component is used to connect multiple APs together?

DS EXPLANATION The distribution system (DS) is the backbone or LAN that connects multiple APs (and BSSs) together. The DS allows wireless clients to communicate with the wired network and with wireless clients in other cells. An IBSS is a set of STAs configured in ad hoc mode. A BSS, or cell, is the smallest unit of a wireless network. An STA is a wireless NIC in an end device such as a laptop or wireless PDA. The term STA often refers to the device itself, not just the NIC.

11.3.6 Which of the following internet connection technologies requires that the location be within a limited distance of the telephone company central office?

DSL EXPLANATION There are several variations of the digital subscriber line (DSL) technology, which are collectively referred to as xDSL. DSL operates over existing telephone company copper wires. DSL operates concurrently with regular voice-grade communications by utilizing higher frequencies unused by voice transmissions. One of the consequences of splitting the signal in this manner is that DSL must operate within a fixed distance of the telephone company's network switching equipment. A cable modem can be provided as a means of internet access by the cable television company anywhere within the service area of the cable television company.

10.3.3 You have configured a wireless access point to create a small network. You have configured all necessary parameters. Wireless clients seem to take a long time to find the wireless access point. You want to reduce the time it takes for the clients to connect. What should you do?

Decrease the beacon interval. A beacon is a frame that the access point sends out periodically. The beacon announces the access point and the characteristics of the network (such as the SSID, supported speeds, and the signaling method used). To improve access times, decrease the beacon interval. As long as clients are configured with the SSID, they will be able to locate access points even if the SSID is not broadcasted in the beacon. The beacon is still sent to announce the access point. Adding the SSID to the beacon does not change how often the beacon is broadcast.

5.1 You have a small network, as shown in the Exhibit. You have configured the IP address and subnet mask on Wrk1. You want to be able to use Wrk1 to browse the internet to connect to sites like www.cisco.com. Which other parameters are required on the workstation? (Select two.

Default gateway DNS server address -To access a remote network, the workstation must be configured with a default gateway address. In addition, it must be configured with one or more DNS server addresses. The DNS server address is used to contact a DNS server and find the IP address of hosts using names such as www.cisco.com.

12.2.14 Which of the following is not a valid response to a risk discovered during a risk analysis?

Denial EXPLANATION Denial, or ignoring risk, is not a valid response. Denying risk rather than properly addressing risk is a negligent activity that can be used against an organization in court if a security breach occurs that damages investors or the public. Valid responses to risk are acceptance, assignment, and mitigation.

13.1.4 Which of the following can be used to stop piggybacking from occurring at a front entrance where employees swipe smart cards to gain entry?

Deploy a mantrap EXPLANATION Piggybacking is the activity where an authorized or unauthorized individual gains entry into a secured area by exploiting the credentials of a prior person. Often, the first person will authenticate, unlock the door, and then hold it open for the next person to enter without forcing them to authenticate separately. Piggybacking can be stopped by a mantrap. A mantrap is a single-person room with two doors. It often includes a scale to prevent piggybacking. It requires proper authentication before unlocking the inner door to allow authorized personal into a secured area. Those who fail to properly authenticate are held captive until authorities respond. A security camera may deter piggybacking, but it does not directly stop piggybacking. Using weight scales inside a mantrap will stop piggybacking, but they are not useful or effective without the mantrap. The use of conventional keys as opposed to electronic locks does little to prevent piggybacking and may actually make piggybacking more prevalent.

Optical Time-Domain Reflectometer (OTDR)

Detects the location of a fault in a fiber cable by sending light down the fiber-optic cable and measuring the time required for the light to bounce back from the cable fault. The OTDM can then mathematically calculate the location of the fault.

6.4 Which of the following statements describe how VLANs affect broadcast traffic within an internetwork? (Select two.)

Devices on the same VLAN have the same subnet address. Correct Answer: Broadcast traffic is transmitted only within a VLAN.

6.4 Which of the following best describes the concept of a VLAN?

Devices on the same network logically grouped as if they were on separate networks.

13.2.11 On your way into the back entrance of the building at work one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do?

Direct him to the front entrance and instruct him to check in with the receptionist.

10.6.4 Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?

Disable SSID broadcast Wireless access points are transceivers that transmit and receive information on a wireless network. Each access point has a service set ID (SSID) that identifies the wireless network. By default, access points broadcast the SSID to announce their presence and make it easy for clients to find and connect to the wireless network. Turn off the SSID broadcast to keep a wireless 802.11x network from being automatically discovered. When SSID broadcasting is turned off, users must know the SSID to connect to the wireless network. This helps to prevent casual attackers from connecting to the network, but any serious hacker with the right tools can still connect to the wireless network.

Which of the following actions should you take to reduce the attack surface of a server?

Disable unused services. EXPLANATION Attack surface reduction (ASR) cuts down on the software or services running on a system. By removing unnecessary software, features, or services, you eliminate possible attacks directed at those components. When removing unnecessary components: Use role separation by installing services on separate physical systems. If a single system is compromised, only the few services on that system will be affected. For many new systems, unnecessary services are often installed by default. Following installation, you should remove unneeded services, protocols, and applications. When removing existing services, determine the unneeded services and their dependencies before altering the system. Adding anti-malware or a host-based IDS adds a level of protection (defense in depth), but does not reduce the number of components running on the system. Applying patches is necessary to fix security problems with software or the operating system, but if the system is not running a specific piece of software, the patches that apply to that software are irrelevant and will not need to be applied.

12.2.11 You manage the website for your company. The Web1 server hosts the website. This server has the following configuration: Dual core processor Dual power supplies RAID 5 volume One RAID controller Two 1000 Mbps network adapters Which component is a single point of failure for the website?

Disk controller EXPLANATION A single point of failure means that failure in one component will cause the entire website to be unavailable. In this scenario, the disk controller is a single point of failure. If the disk controller fails, content for the website will be unavailable. To prevent a single point of failure, provide redundant components. Dual power supplies, multiple network connections, and fault tolerant volumes (RAID 1, RAID 5, or RAID 0 + 1) can all sustain a failure in one component and continue to function.

10.5.1 Which of the following enterprise wireless deployment models uses access points with enough intelligence to allow the creation of guest WLANs for keeping public wireless traffic separate from private traffic?

Distributed wireless mesh infrastructure A distributed wireless mesh architecture moves some of the network intelligence from the controller out to the individual access points. In this configuration, the controller is no longer a bottleneck. The APs are smart enough to communicate directly with each other to create more efficient data paths for network traffic.

10.4.4 Your wireless network consists of multiple 802.11n access points that are configured as follows: SSID (hidden): CorpNet Security: WPA2-PSK using AES Frequency: 5.7 GHz Bandwidth per channel: 20 MHz This network is required to support an ever-increasing number of devices. To ensure there is sufficient capacity, you want to maximize the available network bandwidth. What should you do?

Double the bandwidth assigned per channel to 40 MHz. 802.11n access points provide an option to allocate double the bandwidth per channel (increasing it to 40 MHz), which results in double the data rate. The 802.11a standard only supports data rates up to 54 Mbps, which is much slower than 802.11n. Antenna diversity implements multiple antennas to combat multipath interference and improve the reliability of a wireless link; however, it does not increase throughput. TKIP is considered less secure than AES and does not increase the throughput of a wireless network.

8.3.14 In the output of the netstat command, you notice that a remote system has made a connection to your Windows Server 2016 system using TCP/IP port 21. Which of the following actions is the remote system most likely performing?

Downloading a file TCP/IP port 21 is assigned to the file transfer protocol (FTP). A system connected on this port is most likely downloading a file from an FTP server application hosted on the system.

13.4.7 When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?

Drive-by download A drive-by download is an attack where software or malware is downloaded and installed without explicit consent from the user. Drive-by downloads can occur in a few different ways: Through social engineering, the user is tricked into downloading the software. The user might not realize that clicking a link will install software, or the user might know that something is being installed, but not have a full understanding of what it is or what it does. By exploiting a browser or operating system bug, a site is able to install software without the user's knowledge or consent. An SQL injection attack occurs when an attacker includes database commands within user data input fields on a form, and those commands subsequently execute on the server. A DLL injection attack occurs when a program is forced to load a dynamic-link library (DLL). This DLL then executes under the security context of the running application, which executes malicious code included with the injected DLL. A Trojan horse is a program that masquerades as a legitimate program. In this scenario, you were not necessarily aware that a program was being installed, nor did the program present itself as a useful program for you to install.

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. There is no default route configured on the router. The router receives a packet addressed to network 10.1.0.0/16. What will the router do with the packet?

Drop the packet.

A user reports that network access from her workstation is very slow. The problem does not seem to be affecting any other users. Which of the following conditions is the most likely cause?

Duplex mismatch

You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connections to internal hosts. What type of network address translation (NAT) should you implement?

Dynamic Use dynamic NAT to share public addresses with multiple private hosts. Dynamic NAT allows private hosts to access the internet, but does not allow internet hosts to initiate contact with private hosts.

A network switch is configured to perform the following validation checks on its ports: All ARP requests and responses are intercepted. Each intercepted request is verified to ensure that it has a valid IP-to-MAC address binding. If the packet has a valid binding, the switch forwards the packet to the appropriate destination. If the packet has an invalid binding, the switch drops the ARP packet. Which security feature was enabled on the switch to accomplish this task?

Dynamic ARP Inspection

5.5 Which of the following services automatically creates and deletes host records when an IP address lease is created or released?

Dynamic DNS Dynamic DNS (DDNS) enables clients or the DHCP server to update records in the zone database automatically whenever an IP address lease is created or renewed.

13.5.9 You are a contractor that has agreed to implement a new remote access solution based on a Windows Server 2016 system for a client. The customer wants to purchase and install a smart card system to provide a high level of security to the implementation. Which of the following authentication protocols are you most likely to recommend to the client?

EAP Of the protocols listed, only EAP provides support for smart card authentication.

Which of the following routing protocols is classified as a hybrid routing protocol?

EIGRP

12.3.1 Arrange the steps in the change and configuration management process on the left into correct completion order on the right.

EXPLANATION The change and configuration management processes used in most organizations include the following steps: -Identify the need for a change. -Conduct a feasibility analysis that includes technical and budgetary considerations. Identify any potential impacts to the network. -Define a procedure for implementing the change. -Notify all affected parties of the pending change. -Implement the change. This includes identifying a maintenance window when the system will be unavailable. -Test the implementation to make sure it conforms to the plan and does not adversely affect the network. -Document the change.

9.4.3 You have configured a virtual network that includes the following virtual components: Four virtual machines (Virtual OS1, Virtual OS2, etc.) One virtual switch The virtual switch is connected to a physical network to allow the virtual machines to communicate with the physical machines out on the physical network. Given the port configuration for the virtual switch and the physical switch in the table below, click on all of the virtual and physical machines that Virtual OS1 can communicate with.

EXPLANATION Virtual OS1 can communicate with the following machines: Virtual OS3 Physical OS1 Physical OS2 Physical OS3 Physical OS4 The virtual switch port configuration allows Virtual OS1 to communicate with machines on Virtual Network1 and the physical network. P5 on the virtual switch is configured to allow communication between the virtual and physical machines as if they were on the same real physical network. Virtualized networks allow virtual servers and desktops to communicate with each other, and can also allow communication with network devices out on the physical network via the host operating system. Virtual networks typically include the following components:

You have a cable internet connection at home. The installer had connected the router near the outside wall of your house with RG6 cable. You move the cable router a distance of 50 meters using RG8 cables and special connector adapters. Which condition are you most likely to experience?

Echo EXPLANATION An impedance mismatch (manifested by echo) occurs when you connect cables and devices that have a different impedance (resistance) rating. Impedance is mostly a factor in coaxial cables used for networking. Be sure to choose cable with the correct rating (50 or 75 ohm) based on the network type, and do not mix cables with different ratings. RG6 cables have a rating of 75 ohms, while RG-8 cables have a rating of 50 ohms. Attenuation is the loss of signal strength from one end of a cable to the other. Electromagnetic interference (EMI) is interference that comes from an external source. Common sources of EMI include nearby generators, motors (such as elevator motors), radio transmitters, welders, transformers, and fluorescent lighting. Near-end crosstalk (NEXT) is crosstalk measured on the same end as the transmitter. For example, when a signal is sent on one wire, near-end crosstalk measures the interference on another wire at the same connector near the source of the original signal. Far-end crosstalk (FEXT) is crosstalk measured on the opposite end from the transmitter. For example, when a signal is sent on one wire, far-end crosstalk measures the interference on another wire at the opposite end from the source signal.

Electromagnetic Interference (EMI)

Electrical interference from one device to another, resulting in poor performance of the device being interfered with. Examples: Static on your TV while running a blow dryer, or placing two monitors too close together and getting a "shaky" screen.

EMI

Electromagnetic interference (EMI) is a disturbance generated by an external source that affects an electrical circuit by electromagnetic induction, electrostatic coupling, or conduction.

11.4.7 Which of the following is a characteristic of TACACS+?

Encrypts the entire packet, not just authentication packets.

Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is a part of a complete solution.)

Enroll the devices in a mobile device management system. Configure and apply security policy settings in a mobile device management system.

6.3 The FastEthernet 0/0 interface on a switch is currently disabled. You need to enable it so a workstation can be connected to it. Drag the command on the left to the appropriate configuration step on the right. It is possible that not all commands are required.

Enter global configuration mode. conf t Enter interface configuration mode. int fa0/0 Enable the interface. no shut Verify that the interface is enabled. show interface status

13.2.9 Dumpster diving is a low-tech means of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy.

You are a network administrator for your company. A frantic user calls you one morning exclaiming that nothing is working. What should you do next in your troubleshooting strategy?

Establish the symptoms.

4.2 Ethernet 100BaseFX networks use what type of cabling?

Ethernet 100BaseFX networks use fiber optic cabling.

4.1 Which of the following physical topologies are used with Ethernet networks? (Select two.)

Ethernet networks use either a physical bus or physical star topology. Hubs can also be cascaded to form a tree topology.

What is the primary benefit of CCTV?

Expands the area visible to security guards.

You have just signed up for a broadband home internet service that uses coaxial cable. Which connector type will you most likely use?

F-type

F-type connectors are typically used with which of the following cable standards? (Select two.)

F-type connectors are used with coaxial cable. They are typically used for cable TV and satellite installations using RG-6 or RG-59 cables.

5.6 Which of the following is a valid IPv6 address?

FEC0::AB:9007 FEC0::AB:9007 is a valid IPv6 address. The :: in the address replaces blocks of consecutive 0's. The longer form of this address would be FEC0:0000:0000:0000:0000:0000:00AB:9007. Leading 0's within a quartet can be omitted. You can only omit one block of 0's using the double colon. Each number in the IPv6 address must be between 0-9 or A-F; G is not a valid number for the IPv6 address. An address without double colons should have a total of 32 hexadecimal numbers in 8 blocks.

8.3.15 You want to allow users to download files from a server running the TCP/IP protocol. You want to require user authentication to gain access to specific directories on the server. Which TCP/IP protocol should you implement to provide this capability?

FTP You should implement the file transfer protocol (FTP). It enables file transfers and supports user authentication. The trivial file transfer protocol (TFTP) enables file transfer, but does not support user authentication.

File Transfer

FTP TFTP SFTP SCP

8.3.7 Which of the following is likely to be located in a DMZ?

FTP server An FTP server is the most likely component from this list to be located in a DMZ (demilitarized zone) or a buffer subnet. A DMZ should only contain servers that are to be accessed by external visitors. Often it is assumed that any server placed in the DMZ will be compromised. Therefore, no mission critical or sensitive systems are located in a DMZ. A domain controller may appear in a DMZ when the DMZ is an entire isolated domain, but this practice is not common. User workstations are never located in a DMZ. Unless specifically deployed for just the DMZ, backup servers are never located in a DMZ.

Far-end crosstalk (FEXT)

Far-end crosstalk (FEXT) is measured on the end without the transmitter. For example, when a signal is sent on one wire pair, far-end crosstalk measures the interference on an adjacent wire pair at the opposite connector end.

4.2 Your network follows the 100BaseTX specifications for Fast Ethernet. What is the maximum cable segment length allowed?

Fast Ethernet using twisted pair cables (either 100BaseT4 or 100BaseTX) has a maximum cable segment length of 100 meters. All Ethernet networks that use twisted pair cable (Ethernet, Fast Ethernet, Gigabit Ethernet) have a distance limitation of 100 meters.

Upon conducting a visual inspection of the server room, you see that a switch displays LED collision lights that are continually lit. You check the LED on the corresponding workstation and see that it is flashing rapidly even though it is not sending or receiving network traffic at that time. What is the cause of the network collisions?

Faulty network card EXPLANATION Sometimes when a NIC fails, it doesn't just stop working, but begins to flood the network with transmissions. This is called jabbering. A single network card can slow down and entire network by continually transmitting onto the network. A jabbering network card can be identified by a slower than normal network, by high occurrences of collisions displayed on the hub or switch, and by LEDs on a network card indicating a high level of transmissions even though a user is not using the network.

4.4 Upon conducting a visual inspection of the server room, you see that a switch displays LED collision lights that are continually lit. You check the LED on the corresponding workstation and see that it is flashing rapidly even though it is not sending or receiving network traffic at that time. What is the cause of the network collisions?

Faulty network card Sometimes when a NIC fails, it doesn't just stop working, but begins to flood the network with transmissions. This is called jabbering. A single network card can slow down and entire network by continually transmitting onto the network. A jabbering network card can be identified by a slower than normal network, by high occurrences of collisions displayed on the hub or switch, and by LEDs on a network card indicating a high level of transmissions even though a user is not using the network.

12.3.14 Which component of a change and configuration management policy identifies technical and budgetary considerations associated with a proposed change and also identifies any potential impacts to the network?

Feasibility analysis EXPLANATION A feasibility analysis identifies technical and budgetary considerations associated with a proposed change. It should also identify any potential impacts to the network. In the event that a change unintentionally causes problems, your change and configuration management process should include provisions for a rollback. A rollback makes it possible to revert the system back to the state it was in before the change was put into effect. Authorized downtime defines a maintenance window during which the system will be unavailable while the change is made. A change request identifies the need for a change.

Single-mode fiber (SMF)

Fiber cables with core diameters of about 8-10 um; light follows a single path (use light in the 1310 nm and 1550 nm range) Uses high-power, highly directional modulated light sources; single-mode fibers are used with lasers. Less affected by Modal distortion. Longer Distances. Higher Speeds.

Of the following cables, which offer the best protection against EMI?

Fiber optic cables offer the best protection against electromagnetic interference (EMI).

You are the network administrator for a small organization. Recently, you contracted with an ISP to connect your organization's network to the internet to provide users with internet access. Since doing so, it has come to your attention that an intruder has invaded your network from the internet on three separate occasions. What type of network hardware should you implement to prevent this from happening again?

Firewall EXPLANATION The role of a firewall is to provide a barrier between an organization's network and a public network, such as the internet. Its job is to prevent unauthorized access into the organization's private network. To do this, the firewall examines incoming packets and determines whether they should be allowed to enter based on a set of rules defined by the network administrator.

8.1.1 Which of the following is a firewall function?

Firewalls often filter packets by checking each packet against a set of administrator-defined criteria. If the packet is not accepted, it is simply dropped.

9.4.5 Match the virtualization feature on the right with the appropriate description on the left.

Flexibility Moving virtual machines between hypervisor hosts. Testing Verifying that security controls are working as designed. Server consolidation Performing a physical-to-virtual migration (P2V). Sandboxing Isolating a virtual machine from the physical network. EXPLANATION Some of the advantages and features of virtualization include the following: Flexibility: Because they are self-contained, virtual machines are easy to move between hypervisor hosts as needed. Testing: Virtual machines can be configured in a lab environment that mirrors your production network for testing purposes, such as testing security controls to verify that they are working as designed. Server consolidation: Server consolidation allows you to move physical systems onto just a few hypervisors with many virtual machines. A physical-to-virtual migration (P2V) moves an operating system off physical hardware and onto a virtual machine. Isolation: A sandboxed virtual machine is isolated from the physical network to allow testing to be performed without impacting the production environment.

4.2 You would like to implement 10 Gbps Ethernet over a distance of 1 kilometer or greater. Which of the following would be the minimum requirement for the implementation? (Select two.)

For 10 Gbps at distances up to 10 kilometers, use 10GBaseLR with single-mode fiber.

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The router is also configured with a static route of 0.0.0.0 with a mask of 0.0.0.0. The router receives a packet addressed to network 10.1.0.0/16. What will the router do with the packet?

Forward the packet to the next hop router specified by the route to network 0.0.0.0.

11.1.9 Which of the following WAN technologies provides packet switching over high-quality digital lines at speeds greater than 1.544 Mbps?

Frame relay EXPLANATION Frame relay networks are packet-switched networks that operate at T1 or T3 speeds. Frame relay achieves faster speeds by using high-quality digital lines, which require less extensive error control than X.25 networks. POTS stands for plain old telephone system. In the United States, ISDN networks can only offer speed up to 1.544 Mbps.

10.1.2 Match the wireless signaling method on the left with its definition on the right. (Not all of the signaling methods match a definition.)

Frequency Hopping Spread Spectrum (FHSS) FHSS uses a narrow frequency band and hops data signals in a predictable sequence from frequency to frequency over a wide band of frequencies. Direct-Sequence Spread Spectrum (DSSS) DSSS uses a transmitter that breaks data into pieces and sends the pieces across multiple frequencies in a defined range. DSSS is more susceptible to interference and less secure then FHSS. Orthogonal Frequency-Division Multiplexing (OFDM) OFDM breaks data into very small data streams in order to send the information across long distances where environmental obstacles may be an issue.

Match the network access protection (NAP) component on the left with its description on the right.

Generates a statement of health (SoH) that reports the client configuration for health requirements. NAP client Runs the System Health Validator (SHV) program. NAP server Is clients' connection point to the network. Enforcement server (ES) Contain resources accessible to non-compliant computers on the limited-access network. Remediation server EXPLANATION NAP uses the following components: -The NAP client generates a statement of health (SoH) that reports the client configuration for health requirements. -A NAP server runs the System Health Validator (SHV). -The enforcement server (ES) is clients' connection point to the network. -The remediation server contain resources accessible to non-compliant computers on the limited-access network.

Which protocol is used to securely browse a website?

HTTPS is a secure form of HTTP that uses SSL to encrypt data before it is transmitted. HTTP is used by web browsers and web servers to exchange files (such as web pages) through the World Wide Web and intranets.

3.2 Which of the following devices operates at the OSI model Layer 1?

HUB A hub operates at OSI model Layer 1 (Physical layer). It regenerates electrical signals and sends those signals out all hub ports without regard to the upper-layer data.

8.1.4Which of the following are true about reverse proxy? (Select two.)

Handles requests from the internet to a server in a private network. Can perform load balancing, authentication, and caching. A reverse proxy server handles requests from the internet to a server located inside a private network. Reverse proxies can perform load balancing, authentication, and caching. Reverse proxies often work transparently, meaning clients don't know they are connected to a reverse proxy.

13.1.13 Match each physical security control on the left with an appropriate example of that control on the right. Each security control may be used once, more than once, or not at all.

Hardened carrier Protected cable distribution Biometric authentication Door locks Barricades Perimeter barrier Emergency escape plans Safety Alarmed carrier Protected cable distribution Anti-passback system Physical access control Emergency lighting Safety Exterior floodlights Perimeter barrier EXPLANATION Physical security controls and their functions include the following: Perimeter barriers secure the building perimeter and restrict access to only secure entry points. Examples include barricades and floodlights. Door locks allow access only to those with the proper key. For example, a biometric authentication system requires an individual to submit to a finger print or retina scan before a door is unlocked. Physical access controls are implemented inside the facility to control who can go where. For example, an anti-passback system prevents a card holder from passing their card back to someone else. Safety controls help employees and visitors remain safe while on site. For example, consider devising escape plans that utilize the best escape routes for each area in your organization. In addition, emergency lighting should be implemented that runs on protected power and automatically switches on when the main power goes off. A protected distribution system (PDS) encases network cabling within a carrier. This enables data to be securely transferred through an area of lower security. In a hardened carrier PDS, network cabling is run within metal conduit. In an alarmed carrier PDS, an electronic alarm system is used to detect attempts to compromise the carrier and access the cable within it.

RRJ45

Has eight connectors. Supports up to four pairs of wires. Uses a locking tab to keep the connector secure in an outlet. Used for Ethernet and some token ring connections.

RJ11

Has four connectors. Supports up to two pairs of wires. Uses a locking tab to keep the connector secure in an outlet. Used primarily for telephone wiring.

13.2.8 Which of the following is a common social engineering attack?

Hoax virus information emails

Which of the following intrusion detection and prevention systems uses fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data?

Honeypot

8.1.7 You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?

Host-based firewall A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect your computer from attacks when there is no network-based firewall, such as when you connect to the internet from a public location. A network-based firewall inspects traffic as it flows between networks. For example, you can install a network-based firewall on the edge of your private network that connects to the internet to protect your data from attacks from internet hosts. A VPN concentrator is a device connected to the edge of a private network that is used for remote access VPN connections. Remote clients establish a VPN connection to the VPN concentrator and are granted access to the private network. A proxy server is an Application layer firewall that acts as an intermediary between a secure private network and the public. Access to the public network from the private network goes through the proxy server.

Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)?

Hotfix EXPLANATION A hotfix is an operating system patch that corrects a specific known problem. Microsoft typically releases hotfixes monthly. Service packs include a collection of hotfixes and other system updates. Service packs are not released as often, but contain all hotfixes released up to that point in time.

10.1.1 An access point that conforms to the IEEE 802.11b standard behaves similarly to what other networking device?

Hub EXPLANATION An access point functions like a hub by connecting multiple wireless hosts to a wired Ethernet network.

3.2 At which layer of the OSI model do hubs operate?

Hubs operate at Layer 1, or the Physical layer of the OSI model.

HTTP

Hypertext Transfer Protocol

HTTPS

Hypertext Transfer Protocol Secure

Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?

ICMP

Control Protocols

ICMP IGMP

You have a network that occupies both floors of a building. The WAN service provider has installed the line for the WAN service in a wiring closet on the main floor. You have a second wiring closet on the second floor directly above the wiring closet that holds the demarc. Which of the following terms describes the closet on the second floor?

IDF

You are asked to recommend an email retrieval protocol for a company's sales team. The sales team needs to access email from various locations and possibly different computers. The sales team does not want to worry about transferring email messages or files back and forth between these computers. Which email protocol is designed for this purpose?

IMAP4

Which of the following protocols stores email on the mail server and allows users to access messages from various client devices without having to download the emails?

IMAP4 allows a mail server to store messages users can access from various locations using various client devices. A POP3 server requires the user to download his or her email. SMTP allows a user to send email to a server. The NTP protocol synchronizes the clocks of all computers on a network.

8.3.4 You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?

IP address A router acting as a firewall at Layer 3 is capable of making forwarding decisions based on the IP address. The MAC address is associated with OSI model Layer 2 and is used by switches and wireless access points to control access. The session ID is used by a circuit-level gateway, and usernames and passwords are used by Application layer firewalls.

5.1 You have a small network with a single subnet connected to the internet as shown in the Exhibit. The router has been assigned the two addresses shown. You need to manually configure the workstation to connect to the network. The workstation should use RouterA as the default gateway and DNS1 as the DNS server address. From the drop-down options, select the appropriate parameters to configure the workstation's TCP/IP settings.

IP address 192.168.12.46 Subnet mask 255.255.255.240 Default Gateway 192.168.12.34 DNS Server 198.162.1.22 -Use 192.168.12.46 for the IP address. With a 28-bit mask, the router is on subnet 192.168.12.32, and valid addresses are 192.168.12.33 to 192.168.12.46. You cannot use 192.168.12.32 because it is the subnet address. You cannot use 192.168.12.47 because it is the broadcast address. -A 28-bit mask is 255.255.255.240 in binary. -For the default gateway address, use the address assigned to the router interface that is on the same subnet as the workstation (in this example, 192.168.12.34). -For the DNS server address, use the IP address assigned to the DNS server (198.162.1.22).

8.1.6 You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?

IP address A router acting as a firewall at Layer 3 is capable of making forwarding decisions based on the IP address.

5.1 You have a workstation connected to a small branch network using a single switch. The network does not have any routers and is not connected to the internet. What are the minimum configuration parameters required on the workstation to be able to communicate with all hosts on the network?

IP address and subnet mask -On a single subnet, you only need to configure an IP address and a subnet mask. The default gateway identifies the router address used to reach remote networks. You would only use the default gateway if the network was connected to another subnet or the internet.

9.2.2 What are other names for a VoIP server? (Select two.)

IP-PBX VoIP PBX A VoIP server is also known as a VoIP PBX or an IP-PBX since a VoIP server provides many of the functions of a traditional phone system PBX. Quality of service (QoS) can be configured on network devices to give priority to VoIP traffic. Jitter can cause unusual sound effects in a VoIP call. A hard phone is a VoIP endpoint that is really a computer built to look like and work like a phone.

11.3.1 Which of the following WAN technologies provides digital dial-up connections on two 64 Kbps data channels?

ISDN BRI ISDN BRI is a dial-up-only service. Basic Rate ISDN provides access to two 64 Kbps data channels (B channels) and one 16 Kbps service channel (D channel). The two B channels can be used together for a total data transfer rate of 128 Kbps. Data compression can further increase the data transfer rate.

9.5.5 You were recently hired by a small start-up company. The company is in a small office and has several remote employees. You have been asked to find a business service that would accommodate the current size of the company, but would also be able to scale as the company grows. The service needs to provide adequate storage, as well as additional computing power. Which cloud service model should you use?

IaaS EXPLANATION Infrastructure as a service (IaaS) delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. The client deploys and runs software without purchasing servers, data center space, or network equipment. Software as a service (SaaS) delivers software applications to the client either over the internet or on a local area network. Platform as a service (PaaS) delivers everything a developer needs to build an application onto the cloud infrastructure. The deployment comes without the cost and complexity of buying and managing the underlying hardware and software layers. Data as a service (DaaS) stores and provides data from a centralized location without requiring local collection and storage.

12.3.11 Your organization is in the process of negotiating an interoperability agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established between your domain and their domain. This configuration will allow users in their domain to access resources in your domain and vice versa. As a security administrator, which tasks should you complete during this phase? (Select two.)

Identify how data ownership will be determined. Identify how data will be shared. EXPLANATION During the onboarding phase of a third-party relationship, several issues need to be considered and a plan formulated to address them, including: How data ownership will be determined. How data will be shared. Security and compliance audits should be conducted during the ongoing operations phase of the relationship. Partner passwords should be reset during the off-boarding phase.

Open Impedance Mismatch (Echo)

Impedance is the measure of resistance within the transmission medium. Impedance is measured in ohms (Ω). All cables must have the same impedance rating. The impedance rating for the cable must match the impedance of the transmitting device. Impedance is mostly a factor in coaxial cables used for networking. Be sure to choose cable with the correct rating (50 or 75 ohm) based on the network type. Never mix cables with different ratings. When signals move from a cable with one impedance rating to a cable with another rating, some of the signal is reflected back to the transmitter, distorting the signal. With video (cable TV), impedance mismatch is manifested as ghosting of the image. Cable distance does not affect the impedance of the cable.

10.7.2 Your wireless network consists of multiple 802.11n access points that are configured as follows: SSID (hidden): CorpNet Security: WPA2-PSK using AES Frequency: 5.75 GHz Bandwidth per channel: 40 MHz Because of the unique construction of your organization's facility, there are many locations that do not have a clear line of sight between network clients and access points. As a result, radio signals are reflected along multiple paths before finally being received. The result is distorted signals that interfere with each other. What should you do?

Implement antenna diversity. Antenna diversity implements two or more radio antennae to improve the quality and reliability of a wireless link. In environments where there is no clear line of sight between transmitter and receiver, the radio signal is reflected along multiple paths before finally being received. This can introduce phase shifts, time delays, attenuation, and distortion that interfere with each another on the receiving antenna. You can rectify the situation by implementing antenna diversity two ways: Spatial diversity uses multiple antennas that are physically separated from one another. Pattern diversity uses two or more co-located antennas with different radiation patterns. Using a RADIUS authentication solution increases wireless network security, but it doesn't address the issue of multipath interference. Reducing radio power could help solve multipath interference issues in some situations, but it may make it worse in others. This is also true of directional access points.

13.4.1 As you are helping a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: Minimum password length = 10 Minimum password age = 4 Maximum password age = 30 Password history = 6 Account lockout clipping level = 3 Require complex passwords that include numbers and symbols Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down?

Implement end-user training. EXPLANATION The best solution is to implement end-user training. Instruct users on the importance of security and teach them how to create and remember complex passwords. Making any other changes would violate the security policy and reduce the overall security of the passwords.

4.4 You've connected a cable certifier to an RJ45 wall jack and the output shown below is displayed on the device. What does this output indicate? (Select two.)

In this example, any connections displayed with no characters between the pin numbers are open connections. This problem is usually caused by: Poor connections between the wire and the RJ45 jack. Individual wires broken within the UTP cable. Output with x characters between pins indicates that they are shorted. Correctly functioning connections are displayed using - characters in the output of the cable certifier. Cross-over connections are displayed with lines between the crossed-over pins.

4.3 You manage the two-location network shown in the exhibit. Workstations and servers at each location connect to a patch panel using behind-the-wall wiring. The patch panel then connects network hosts to one of three 1000BASE-T switches. Routers are implemented at each location to connect the two networks together using a private WAN. The switch ports have auto-MDIX disabled. Drag the cable type on the left to the most appropriate network location on the right. Each cable type can be used more than once.

In this scenario, the following cables should be used in the following locations: Drop cables = Cat 6 straight-through UTP. Patch cables = Cat 6 straight-through UTP. Uplink cables = Cat 6 crossover UTP (Cat 6 straight-through UTP can be used instead if auto-MDIX is enabled on the switch ports). WAN cable = Single-mode fiber optic.

4.4 A user from the sales department calls to report that he is experiencing problems connecting to the sales file server. All users in the sales department connect to the sales server through a single Ethernet switch. No other users have reported problems connecting to the sales server. Which of the following troubleshooting actions are you most likely to perform first?

In this scenario, you are most likely to replace the network card in the user's computer. As there is only one user experiencing a problem, you are unlikely to replace the network card in the server or replace the Ethernet switch. For the same reason, you are also unlikely to replace the network card drivers on the server. If more than one user were experiencing the problem, any of the options could be a valid troubleshooting step.

Which type of optical fiber is normally used to connect two buildings that are several kilometers apart?

In this scenario, you would use single-mode fiber optic cables. Fiber optic is graded as single-mode or multi-mode. Single-mode consists of a single very thin core, which produces fewer reflections. This provides greater effective bandwidth over greater distances.

5.10 A user reports that he can't browse to a specific website on the internet. From his computer, you find that a ping test to the web server succeeds. A traceroute test shows 17 hops to the destination web server. What is the most likely cause of the problem?

Incorrect DNS server address In this scenario, a ping test to the website succeeds, while accessing the website through the browser does not work. Users type host names in the browser to go to websites, but host names must be translated to IP addresses by a DNS server. Either the workstation is using the wrong address for the DNS server, the DNS server is not available, or the DNS server does not have an entry for the website.

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation cannot communicate with any other host on the network. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix. : mydomain.local Description . . . . . . . : Broadcom network adapter Physical Address . . . . . : 00-AA-BB-CC-74-EF DHCP Enabled. . . . . . . : No Autoconfiguration Enabled . . : Yes IPv4 Address. . . . . . . : 192.168.2.102(Preferred) Subnet Mask . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.1.1 DNS Servers . . . . . . . : 192.168.2.20 What is the most likely cause of the problem?

Incorrect IP address EXPLANATION In this example, the IP address assigned to the host is on the wrong subnet. The host address is on the 192.168.2.0/24 subnet, but the other devices are using addresses on the 192.168.1.0 subnet (the scenario states that you are connecting the workstation to this subnet).

5.8 You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation cannot communicate with any other host on the network. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix. : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled. . . . . . . : NoAutoconfiguration Enabled . . : YesIPv4 Address. . . . . . . : 192.168.2.102(Preferred)Subnet Mask . . . . . . . : 255.255.255.0Default Gateway. . . . . . : 192.168.1.1DNS Servers . . . . . . . : 192.168.2.20 What is the most likely cause of the problem?

Incorrect IP address In this example, the IP address assigned to the host is on the wrong subnet. The host address is on the 192.168.2.0/24 subnet, but the other devices are using addresses on the 192.168.1.0 subnet (the scenario states that you are connecting the workstation to this subnet).

You manage a local area network with several switches. A new employee has started today, so you connect her workstation to a switch port. After connecting the workstation, you find that the workstation cannot get an IP address from the DHCP server. You check the link and status lights and see that the connection is working properly. A ping to the loopback address on the workstation succeeds. No other computers seem to have the problem. Which of the following is the most likely cause of the problem?

Incorrect VLAN assignment The most likely cause is that the switch port is a member of a VLAN that is different from the VLAN for the DHCP server and other devices. It is possible that unused ports on the switch were assigned to a VLAN that is different from the VLAN used by other devices. The duplex setting would probably not prevent traffic between the workstation and the switch; it would simply mean that both devices would perform collision detection. A problem might occur if one device were manually configured for full-duplex, and the other were configured for half-duplex. A switching loop occurs when there are multiple active paths between two switches. Switching loops lead to incorrect entries in a MAC address table, making a device appear to be connected to the wrong port and causing unicast traffic being circulated in a loop between switches. Switching loops would typically affect multiple devices, not just one. The default gateway setting affects whether the device can communicate with hosts on different subnets, but this value is typically received from the DHCP server.

5.8 You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address. . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled . . . . . . . : NoAutoconfiguration Enabled. . . : YesIPv4 Address . . . . . . . : 192.168.1.102(Preferred)Subnet Mask . . . . . . . : 255.255.255.0Default Gateway. . . . . . . . . : 192.168.2.1DNS Servers. . . . . . . . . . . : 192.168.2.20 What is the most likely cause of the problem?

Incorrect default gateway In this example, the default gateway address is incorrect. The default gateway address must be on the same subnet as the IP address for the host. The host address is on the 192.168.1.0/24 subnet, but the default gateway address is on the 192.168.2.0 subnet.

5.8 You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address. . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled . . . . . . . : NoAutoconfiguration Enabled. . . : YesIPv4 Address . . . . . . . : 192.168.1.102(Preferred)Subnet Mask. . . . . . . . : 255.255.0.0Default Gateway . . . . . . : 192.168.1.1DNS Servers . . . . . . . : 192.168.1.20192.168.1.27 What is the most likely cause of the problem?

Incorrect subnet mask In this example, the network is using a mask of 255.255.255.0 (24-bits), but the workstation is configured to use a mask of 255.255.0.0.

5.3 Your Windows DHCP server had a default lease time of eight days. However, you have decided to reconfigure this DHCP server to dynamically assign IP addresses to DHCP clients using a lease duration of four days. What impact, if any, will this have on the network?

Increased network traffic -Decreasing lease time does slightly increase network traffic because clients will have to renew their IP addresses more often. However, decreasing the lease time also makes it so that you use your addresses more efficiently.

6.4 Which of the following are reasons to configure VLANs on a switch as opposed to using switches without VLANs? (Select two.)

Increased security Increased number of broadcast domains

10.5.4 Match each type of access point on the left with the wireless network architecture where it is commonly used on the right. Each type of access point may be used once, more than once, or not at all.

Independent access point infrastructure Intelligent AP Hub-and-spoke infrastructure Lightweight AP Distributed wireless mesh infrastructure Intelligent AP

13.1.8 Which of the following CCTV types would you use in areas with little or no light?

Infrared EXPLANATION Infrared cameras can record images in little or no light. LUX is a measure of sensitivity to light. The lower the number, the less light needed for a clear image. Infrared cameras have a low LUX rating, meaning that little light is needed. A c-mount camera has interchangeable lenses and is typically rectangular in shape. A pan tilt zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas.

You have worked as the network administrator for a company for seven months. One day, all picture files on the server become corrupted. You discover that a user downloaded a virus from the internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss is adamant that no more events like this one take place. What should you do?

Install a network virus detection software solution.

You have worked as the network administrator for a company for seven months. One day, all picture files on the server become corrupted. You discover that a user downloaded a virus from the internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss is adamant that this situation does not reoccur. What should you do?

Install a network virus detection software solution.

8.1.2 You would like to control internet access based on users, time of day, and websites visited. How can you do this?

Install a proxy server. Allow internet access only through the proxy server. Use a proxy server to control internet access based on users, time of day, and websites visited. You configure these rules on the proxy server, and all internet access requests are routed through the proxy server.

4.4 Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running. What should you do?

Install shielded cables near the elevator. Interference is a signal that corrupts or destroys regular networking signals. Interference affects the availability of a network because normal communications are not possible. Sources of interference include elevators, generators, motors, and fluorescent lights.

13.4.5 While using a web-based order form, an attacker enters an unusually large value in the quantity field. The value entered is large enough to exceed the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario?

Integer overflow An integer overflow occurs when a computational operation results in a numeric value that exceeds the maximum size of the integer type used to store it in memory. When this occurs, the value will wrap around and start again at its minimum value in much the same way a mechanical odometer in a car rolls over to zero when the maximum number of miles it can record has been exceeded. This allows an attacker to manipulate the value of variables, leading to unintended system behavior. In this scenario, the attacker has manipulated the quantity while purchasing items from an online store. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the web application processes the order form as a return instead of a purchase, and the attacker's account is refunded a large sum of money.

ICMP

Internet Control Message Protocol

IGMP

Internet Group Management Protocol

IP

Internet Protocol

Participation

Internet, Intranet, Extranet

Which of the following statements is true? A system image backup:

Is saved as a .vhd file. EXPLANATION A system image backup consists of an entire volume backed up to a .vhd file. It contains everything on the system, including the operating system, installed programs, drivers, and user data files.

5.3 Which two of the following statements about the dynamic host configuration protocol (DHCP) are true?

It can deliver other configuration information in addition to IP addresses. A DHCP server assigns addresses to requesting hosts. -DHCP servers deliver IP addresses as well as other host configuration information to network hosts. DHCP can be configured to assign any available address to a host, or it can assign a specific address to a specific host.

3.2 Which of the following best describes how a switch functions?

It connects multiple cable segments (or devices) and forwards frames to the appropriate segment.

3.1 Which of the following statements accurately describes how a modem works? (Select two.)

It demodulates analog data from a telephone network into digital PC data. It modulates digital data from the PC into analog data and transmits it on a telephone network.

13.3.10 You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file?

It has been moved to a secure folder on your computer. Quarantine moves the infected file to a secure folder, where it cannot be opened or run normally. By configuring the software to quarantine any problem files, you can view, scan, and possibly repair those files. Quarantine does not automatically repair files. Deleting a file is one possible action to take, but this action removes the file from your system.

3.1 Which of the following is true about the MAC address? (Select two.)

It is typically represented by hexadecimal numbers. It is a 48-bit address. The MAC address is a 12-digit (48-bit) hexadecimal number (each number ranges from 0-9 or A-F).

6.6.7 A switch is running STP is in the learning state. A message destined for a different network segment arrives at the switch. Which of the following best describes what the switch will do?

It uses the source MAC address and network segment information to build its bridge database, but does not forward the message.

Which of the following are characteristics of coaxial network cable? (Select three.)

It uses two concentric metallic conductors. The ends of the cable must be terminated. It has a conductor made from copper in the center of the cable.

9.2.9 Your company uses VoIP for phone calls. Recently, employees have been complaining about phone calls with unusual sound effects. Which type of problem is occurring on the VoIP system?

Jitter EXPLANATION Because VoIP transmits call data using IP packets over a packet-switched network, VoIP is susceptible to the following problems: Latency occurs when data takes a long time to arrive at the receiving device. Delays cause long pauses between speaking and receiving and can result in callers continually interrupting each other. Jitter is a variation in the delay of individual packets. Jitter causes strange sound effects as the delay of packets fluctuates. Packet loss occurs when packets do not arrive at all. Packet loss causes drop-outs in the conversation. Echo occurs when you hear your own voice in the telephone receiver while you are talking. Excessive delay can cause unacceptable levels of echo.

13.1.15 Which of the following is the most important way to prevent console access to a network switch?

Keep the switch in a room that is locked by a keypad. EXPLANATION To control access to the switch console, you must keep it in a locked room. A console connection can only be established with a direct physical connection to the device. If the switch is in a locked room, only those with access will be able to make a console connection. In addition, even if you had set console passwords, users with physical access to the device could perform password recovery and gain access.

13.7.5 Which of the following protocols can your portable computer use to connect to your company's network via a virtual tunnel through the internet? (Select two.)

L2TP PPTP

Which of the following connectors are used with fiber optic cables and include both cables in a single connector? (Select two.)

LC and MTRJ connectors have both fiber optic cables in a single connector.

Which of the following are characteristics of an LC fiber optic connector? (Choose two.) -They use a housing and latch system similar to an RJ45 UTP connector. -They can be used with either fiber optic or copper cabling. -They use a one-piece bayonet connecting system. -They are threaded. -They are half the size of standard connectors. -They are threaded.

LC fiber optic connectors are small, about half the size of other fiber optic connectors. Their appearance is similar to a typical RJ45 connector used with UTP wiring. Like an RJ45 connector, an LC fiber optic connector uses a small latch to lock the connector in a jack.

The Data Link Layer of the OSI model is comprised of two sublayers. What are they? (Select two.) LAT DLC LLC SAN MAC

LLC MAC

12.3.3 What is the most common security policy failure?

Lack of user awareness EXPLANATION The most common security policy failure is a lack of user awareness. If users are not aware of the policies to follow or procedures to comply with, they do not know how to perform their work tasks securely. When an organization makes the effort to produce a security policy, improperly outlined procedures are rarely a problem. This issue is usually discovered and corrected early in the security policy development process. Overlooking critical assets is not a common problem. During the asset identification stage of risk analysis and security policy development, every asset is examined for importance. A security policy is not complete unless it assigns specific tasks and responsibilities to roles and individuals within the organization.

9.2.10 You are on a phone call using VoIP. You notice that it takes several seconds for the person on the other end to respond to questions you ask. Which type of problem is occurring?

Latency EXPLANATION Because VoIP transmits call data using IP packets over a packet-switched network, VoIP is susceptible to the following problems: Delay (or latency), which occurs when data takes a long time to arrive at the receiving device. Delays cause long pauses between speaking and receiving and can result in callers continually interrupting each other. International standards call for a delay of 150 milliseconds or less. Jitter, which is a variation in the delay of individual packets. Jitter causes strange sound effects as the delay of packets fluctuates. Packet loss, which occurs when packets do not arrive at all. Packet loss causes dropouts in the conversation. Echo, which occurs when you hear your own voice in the telephone receiver while you are talking. Excessive delay can cause unacceptable levels of echo.

LDAP

Lightweight Directory Access Protocol

9.2.3 What is one benefit of placing VoIP gateways in geographically separated branch offices that have an existing WAN connection?

Long-distance PSTN charges can be reduced by switching VoIP calls to the PSTN in locations where only local call charges would be incurred. VoIP gateways convert voice and fax calls between the PSTN and an IP network. A WAN connection can carry VoIP calls from a distant location to a geographically separated branch office. A VoIP gateway located at the branch office can switch the call to the PSTN, where only local phone charges would be incurred.

13.4.9 Which of the following attacks, if successful, causes a switch to function like a hub?

MAC flooding EXPLANATION MAC flooding overloads the switch's MAC forwarding table to make the switch function like a hub. The attacker floods the switch with packets, each containing different source MAC addresses. The flood of packets fills up the forwarding table and consumes so much of the memory in the switch that it causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out all ports (as with a hub), instead of just to the correct ports, as per normal operation. ARP poisoning associates the attacker's MAC address with the IP address of victim devices. When computers send an ARP request to get the MAC address of a known IP address, the attacker's system responds with its MAC address. MAC spoofing is changing the source MAC address on frames sent by the attacker. In a replay attack, the attacker uses a protocol analyzer or sniffer to capture authentication information going from the client to the server. The attacker then uses this information to connect at a later time and pretend to be the client.

11.1.3 Which of the following technologies uses variable-length packets, adds labels to packets as they enter the WAN cloud, and uses the labels to switch packets and prioritize traffic?

MPLS EXPLANATION MPLS is a WAN data classification and data carrying mechanism. MPLS is a packet switching technology that supports variable-length frames. MPLS adds a label to packets between the existing Network and Data Link layer formats. Labels are added when the packet enters the MPLS network and removed when the packet exits the network. Information in the label is used to switch the packet through the MPLS network to the destination. MPLS labels can identify the route or even the network type to use. MPLS labels are often used to provide different classes of service for data streams. ATM is a WAN communication technology that uses labels but has fixed-length cells of 53 bytes. Frame relay is a protocol used to connect to a WAN over dedicated (leased) lines. ISDN is a WAN technology that provides increased bandwidth within the local loop. SONET is a standard for networking over an optical medium. SONET is classified as a transport protocol, in that it can carry other types of traffic such as ATM, Ethernet, and IP. Most PSTN networks use SONET within the long-distance portion of the PSTN network.

11.1.11 Which networking technology creates virtual links between two remote network endpoints by prefixing packets with a header containing one or more labels?

MPLS EXPLANATION Multiprotocol Label Switching (MPLS) creates virtual links between two remote network endpoints by prefixing packets with a header containing one or more labels. MPLS determines routing using the contents of each packet's label. This allows the creation of an endpoint-to-endpoint virtual circuit across a variety of network media. Ethernet, ISDN, and frame relay WAN networks do not use labels.

Which of the following are characteristics of an MTRJ fiber optic connector? (Select two.)

MTRJ connectors can be used with either multi-mode or single-mode fiber optic cabling. The connector is made from plastic and uses metal guide pins to ensure that it is properly aligned in the jack.

Which of the following tasks do routers perform? (Select two.)

Maintain information about paths through an internetwork. Route data based on logical network addresses.

12.2.8 What is the primary goal of business continuity planning?

Maintaining business operations with reduced or restricted infrastructure capabilities or resources EXPLANATION The primary goal of BCP is maintaining business operations with reduced or restricted infrastructure capabilities or resources. Minimizing the risk to the organization from delays and interruptions in providing services is a goal of DRP. If your organization cannot provide services, it is experiencing a disaster. Minimizing decision-making during the development process is not a valid goal of BCP or DRP; decisions should be made during development. The correct DRP goal is to minimize decisions during an emergency. Protecting an organization from major computer services failure is a goal of DRP, not BCP. If computer services fail, business continuity is interrupted, which is considered a disaster.

13.3.4 An attacker captures packets as they travel from one host to another with the intent of altering the contents of the packets. Which type of attack is being executed?

Man-in-the-middle attack

10.5.2 Match each wireless device on the left with its corresponding characteristics on the right. Each device may be used once, more than once, or not at all.

Manages all of the APs that are connected to it. Wireless controller Supports 30 to 50 wireless clients per access point. Wireless controller Provides NAT routing and an Ethernet switch in one device. Consumer-grade (SOHO) wireless router Supports a maxiumum of 5-10 wireless clients. Consumer-grade (SOHO) wireless router Pushes wireless configuration settings to connected access points. Wireless controller

12.3.10 Which business document is a contract that defines a set of terms that will govern future agreements between two parties?

Master service agreement EXPLANATION A master service agreement is a contract that defines terms that will govern future agreements between two parties. The purpose of this document is to allow the parties to quickly negotiate future agreements without having to repetitively renegotiate the same terms over and over. A statement of work is a contract that defines the tasks, time frame, and deliverables that a vendor agrees to with a client. A memorandum of understanding provides a brief summary of which party in the relationship is responsible for performing specific tasks. An interconnection security agreement documents how the information systems of each party in the relationship will be connected and how they will share data.

Which of the following tests can be performed by a TDR? (Select two.)

Measure the length of a cable. Identify the location of a fault on a cable.

You want to implement a fault tolerant topology as you connect routers on your wide area network. Which of the following topologies meets your needs?

Mesh

You have a network that uses a logical bus topology. How do messages travel through the network?

Messages are broadcast to all devices connected to the network.

You have a network that uses a logical ring topology. How do messages travel through the network?

Messages travel from one device to the next until they reach the destination device.

When multiple routes to a destination exist, what is used to select the best possible route?

Metric

which of the following geographic network types are typically managed by a city as a public utility?

Metropolitan area network (MAN)

You manage a network with multiple subnets connected to the internet. A user reports that she can't access the internet. You investigate the problem and find that she can access all hosts on the private network, including subnets, but no hosts on the internet. Which of the following is likely the cause of the problem?

Missing default route on a router

You manage a network with multiple subnets connected to the internet. A user reports that she can't access the new server used in the accounting department. You check the problem and find out that her computer cannot access any server on that subnet. However, the computer does access other computers on other subnets as well as the internet. Which of the following is most likely the cause of the problem?

Missing route on the default gateway router

12.2.13 When recovery is being performed due to a disaster, which services are to be stabilized first?

Mission critical EXPLANATION Restore mission critical services first. If mission critical services are not restored within their maximum tolerable downtime, the organization is no longer viable. Restore the least critical services last. Financial support and outside communications are restored only after all other services with a higher level of criticality have been restored.

11.1.2 To access the internet through the PSTN, what kind of connectivity device must you use?

Modem EXPLANATION To establish a connection to the internet through the public telephone network (PSTN/POTS) you must use a modem (modulator/demodulator), which converts digital PC data into analog signals that can be transmitted through standard telephone lines.

11.2.4 Which of the following are benefits of LCP? (Select three.)

Monitors data dropped on the link and avoids frame looping Provides load balancing across multiple links Negotiates the use (or lack) of authentication before starting the session EXPLANATION Benefits of LCP include the following: Negotiates the use of authentication before starting the session. Monitors data dropped on the link and avoids frame looping (error detection). Compresses data at the source and decompresses data at the destination (compression). Provides load balancing across multiple links (multilink). LCP does not encapsulate protocols; NCP handles that task. LCP is a data link layer protocol, so it does not provide support for physical interfaces. Because PPP is a point-to-point protocol, no logical or physical addressing is necessary.

13.1.1 You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with a username of admin01 and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?

Move the router to a secure server room. EXPLANATION In this scenario, the router is not physically secure. Anyone with access to the area could gain access to the router and manipulate its configuration by plugging into the console port. The device should be moved to a secure location, such as a server room, that requires an ID badge for access. You should not use a Telnet client to access the router configuration. Telnet transfers data in clear text over the network connection, exposing sensitive data to sniffing. The user name and password used to access the router configuration are reasonably strong. Encrypted type 7 passwords on a Cisco device are less secure than those protected with MD5. Using TFTP to manage the router configuration could expose sensitive information to sniffers, as it transmits data in clear text.

Match the wireless networking term or concept on the left with its appropriate description on the right. Each term may be used once, more than once, or not at all.

Moving an wireless device between access points within the same wireless network. Roaming Used by Cisco wireless equipment to route frames back and forth between the wireless network and the wired LAN. LWAPP Specifies the number of clients that utilize the wireless network. Device density Automatically partitions a single broadcast domain into multiple VLANs. VLAN pooling Graphically displays wireless signal strength within an area. Heat map Connects two wired networks over a Wi-Fi network. Wireless bridge Identifies relative strength of a radio signal at the receiver. Heat map The number of useful bits delivered from sender to receiver within a specified amount of time. Goodput

10.5.3 Match the wireless networking term or concept on the left with its appropriate description on the right. Each term may be used once, more than once, or not at all.

Moving an wireless device between access points within the same wireless network. Roaming Used by Cisco wireless equipment to route frames back and forth between the wireless network and the wired LAN. LWAPP Specifies the number of clients that utilize the wireless network. Device density Automatically partitions a single broadcast domain into multiple VLANs. VLAN pooling Graphically displays wireless signal strength within an area. Heat map Connects two wired networks over a Wi-Fi network. Wireless bridge Identifies relative strength of a radio signal at the receiver. Heat map The number of useful bits delivered from sender to receiver within a specified amount of time. Goodput You should be familiar with the following wireless networking terms and concepts: -Device density specifies the number of clients that utilize the wireless network. -Roaming is moving an wireless device between access points within the same wireless network. -The Lightweight Access Point Protocol (LWAPP) is used by Cisco wireless equipment to route frames back and forth between the wireless network and the wired LAN. -VLAN pooling automatically partitions a single broadcast domain into multiple VLANs. -A wireless bridge connects two wired networks over a Wi-Fi network. -A heat map graphically displays the relative wireless signal strength within a wireless deployment. -Goodput refers to the number of useful bits delivered from the sender to the receiver within a specified amount of time.

13.5.6 Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Mutual authentication MS-CHAP v2 allows for mutual authentication, where the server authenticates to the client. Both CHAP and MS-CHAP use a three-way handshake process for authenticating users with usernames and passwords. The password (or shared secret) value is hashed, and the hash, not the shared secret, is sent for authentication.

Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed. Which solution should you use?

NAC EXPLANATION Network Access Control (NAC) controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirements. Conditions that can be part of the connection requirements include requiring that computers have: Anti-virus software with up-to-date definition files An active personal firewall Specific operating system critical updates and patches A client that is determined by the NAC agent to be healthy is given access to the network. An unhealthy client who has not met all the checklist requirements is either denied access or can be given restricted access to a remediation network, where remediation servers can be contacted to help the client to become compliant. A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the internet). A virtual LAN (VLAN) is a logical grouping of computers based on switch port. VLAN membership is configured by assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A network-based IDS (NIDS) scans network traffic to look for intrusion attempts. Network address translation (NAT) modifies the IP addresses in packets as they travel from one network (such as a private network) to another (such as the internet). NAT allows you to connect a private network to the internet without obtaining registered addresses for every host. Hosts on the private network share the registered IP addresses.

9.1.4 You manage a network with three dedicated storage devices, as shown in the diagram. Users on the network see only a single file server. Which network-based storage technology is being used?

NAS with clustering NAS with clustering is being used. A NAS device is an appliance that is dedicated to file storage. With clustering, multiple NAS devices are grouped together to provide a degree of fault tolerance. To users on the network, the cluster appears as a single file server. Without clustering, the NAS devices would appear as three separate file servers. Because client devices are connected directly to the switch, it cannot be an iSCSI or Fiber Channel SAN implementation. iSCSI and Fibre Channel SANs both use special switches to create the SAN fabric that client systems are not connected to directly.

11.2.7 Which of the following protocols is used by PPP to enable support for multiple Network layer protocols?

NCP EXPLANATION PPP uses the network control protocol (NCP) to support multiple upper-layer protocols. LCP is used to establish the link, negotiate compression and authentication, detect errors, and tear down the link.

3.2 Which of the following devices operate at the Data Link layer of the OSI model? (Select three.)

NIC Bridge Switch Network interface cards (NICs), bridges, and switches all operate at the OSI Data Link layer. They use the physical device address (MAC address) to identify packets. Hubs and repeaters operate at the Physical layer--they simply repeat packets without regard to addresses. Routers function at the Network layer--they examine the logical device and network address to perform routing tasks.

Near-end crosstalk (NEXT)

Near-end crosstalk (NEXT) is measured on the same end as the transmitter. For example, when a signal is sent on one wire pair, near-end crosstalk measures the interference on an adjacent wire pair at the same connector end.

12.2.4 If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?

Negligence EXPLANATION An organization with sufficient due care has shown that they have taken every reasonable effort to protect their assets and environment. If a security breach occurs, then the organization is not held negligent for the losses. Even with a strong security solution, asset loss is always possible. Even with strong due care, an organization is still liable for damages incurred. Due care does not remove requirement to investigate security breaches.

11.2.6 PPP supports authentication, compression, and multiple Network layer protocols. Which of the following correctly sequences these functions when a PPP link is established?

Negotiate compression settings, perform authentication, negotiate Network layer protocols EXPLANATION PPP uses the following process to open a session: Exchange LCPs to establish the link and negotiate communication parameters (such as compression settings). Perform authentication (optional). Exchange NCPs to negotiate the Network layer protocols.

Transport Layers

Network and Transport

Which of the following media types can you save backup files on? (Select two.)

Network attached storage (NAS) External hard drives EXPLANATION Backups can be saved to: Secondary internal hard drives External hard drives Optical drives USB flash drives Network shares .vhd files Network attached storage (NAS) or storage area network (SAN). Backup files cannot be saved to: The same disk being backed up A system disk A Bitlocker-enabled volume A tape drive

12.1.4 When troubleshooting a router, you want to identify which other devices are connected to the router, as well as the subnet addresses of each connected subnet. Which type of document would most likely have this information?

Network diagram EXPLANATION A network diagram shows the logical and/or physical layout of your network. The network diagram could be a collection of diagrams showing the following information: The location and IP addresses of hubs, switches, routers, and firewalls. The relationship of remote locations and the WAN links that connect remote locations. Subnets within your network, including the subnet addresses and routers connecting each subnet. A wiring schematic is a type of network diagram that focuses on the physical connections between devices. The wiring diagram typically shows the location of drop cables and ports within offices or cubicles and a labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations. A baseline is a snapshot of the performance statistics of the network or devices. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but goes beyond the policy by identifying specific steps that are to be implemented.

Network Protocols

Network, Transport, Session, Presentation, and Application

8.3.2 Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?

Network-based firewall

6.2 You are configuring a switch so that you can manage it using PuTTY from the same network segment as the switch. On the switch, you enter the following commands: switch#config terminal switch(config)#interface vlan1 switch(config-if)#ip address 192.168.1.10 255.255.255.0 Will this configuration work?

No, the no shutdowncommand needs to be entered. By default, the Vlan1 interface is set to administratively down, preventing remote access. Use the following commands to configure the switch IP address and allow management: switch#config terminal switch(config)#interface vlan1 switch(config-if)#ip address 192.168.1.10 255.255.255.0 switch(config-if)#no shutdown Because the switch is being accessed from the same network segment, the ip default-gateway command doesn't need to be used. The ip address dhcp command only allows the switch to obtain an IP address using DHCP.

You are installing networking wiring for a new Ethernet network at your company's main office building. The project specifications call for Cat 5e UTP network cabling and RJ45 wall jacks. Near the end of the project, you run out of wire before the last few runs are complete. You have a spool of Cat 3 network cable in storage. Upon investigation, it appears very similar to Cat 5e wiring. Should you use Cat 3 cabling as a substitute for Cat 5e cabling to finish the project?

No. Cat 5e cabling has more twists per inch than Cat 3 cabling, reducing cross-talk and supporting higher data rates.

You are installing networking wiring for a new Ethernet network at your company's main office building. The project specifications call for Cat 5e UTP network cabling and RJ45 wall jacks. Near the end of the project, you run out of wire before the last few runs are complete. You have a spool of Cat 3 network cable in storage. Upon investigation, it appears very similar to Cat 5e wiring.

No. Cat 5e cabling has more twists per inch than Cat 3 cabling, reducing cross-talk and supporting higher data rates. While Cat 3 and Cat 5e cabling may appear similar physically, they are electrically different. Cat 5e cabling is twisted much tighter than Cat 3 cabling. This reduces cross talk and enables Cat 5e wiring to support much faster data transmission rates.

You are building a new network for a small startup financial services company. Security is paramount, so each organization within the company will have their own network segments separated by routers. Funds are limited, and you have been asked to keep costs to a minimum. You have acquired a used fiber optic switch and want to use it to create a fiber optic backbone that interconnects all of the routers. You purchased several used multi-mode GBIC modules on eBay that you will install in each router to allow them to connect to the switch. Both the switch and the GBIC modules use MTRJ connectors. You purchased several used 1-meter multi-mode patch cables from Amazon. But when they arrived, you noticed that they use LC connectors. Fortunately, with some force, you found that you are able to get the LC connectors on the cables to lock into the MTRJ connectors on the GBIC modules and on the switch. Will this implementation work?

No. You should purchase patch cables that use MTRJ connectors.

You are building a new network for a small startup financial services company. Security is paramount, so each organization within the company will have its own network segment separated by a router. However, funds are limited, and you have been asked to keep costs to a minimum. You have acquired a used fiber optic switch and want to use it to create a fiber optic backbone that interconnects all of the routers. You purchased several used single-mode GBIC modules on eBay that you will install in each router to allow them to connect to the switch. Both the switch and the GBIC modules use MTRJ connectors. You connect each module to the switch with 1-meter multimode patch cables. Will this implementation work?

No. You shouldn't use multi-mode patch cables with single-mode GBIC modules.

Which of the following routing protocols divides the network into areas, with all networks required to have an area 0 (area 0 identifying the backbone area)?

OSPF divides a large network into areas. Each autonomous system requires an area 0 that identifies the network backbone. All areas are connected to area 0, either directly or indirectly through another area. Routes between areas must pass through area 0.

Which of the following best describes OSPF?

OSPF is a classless link-state routing protocol.

Which of the following routing protocols uses relative link cost as the metric?

OSPF is a link-state routing protocol used for routing within an AS. OSPF uses relative link cost for the metric.

What are the main differences between the OSPF and IS-IS routing protocols?

OSPF requires an area 0, while IS-IS does not.

You have a web server that will be used for secure transactions for customers who access the website over the internet. The web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?

Obtain a certificate from a public PKI.

13.5.5 You have a web server that will be used for secure transactions for customers who access the website over the internet. The web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?

Obtain a certificate from a public PKI. Computers must trust the CA that issues a certificate. For computers that are used on the internet and accessible to public users, obtain a certificate from a public CA such as VeriSign. By default, most computers trust well-known public CAs.

4.2 You want to implement an Ethernet network at very long distances using fiber optic cables. Which standard and cable type would you choose? (Select two.)

Of the standards listed in this question, 1000BaseLX provides the greatest cable length (think of the "L" in 1000BaseLX as "long"). When using fiber optic across long distances, use single-mode fiber.

11.3.15 Which of the following describe the EDGE cellular technology? (Select two.)

Offers speeds of 400-1,000 Kbps The first internet-compatible technology EXPLANATION The EDGE cellular technology was an intermediary between 2G and 3G networks. EDGE was the first cellular technology to be truly internet-compatible and has speeds of 400-1,000 Kbps. MIMO is used by HSPA+, LTE, and 4G networks.

10.7.5 You are setting up a wireless hotspot in a local coffee shop. For best results, you want to disperse the radio signals evenly throughout the coffee shop. Which of the following antenna types would you use on the AP to provide a 360-degree dispersed wave pattern?

Omni-directional An omni-directional antenna provides a 360-degree dispersed wave pattern. In this configuration, signals are dispersed evenly in all directions, making this antenna well suited for environments where clients are accessing the network from various locations, such as coffee shops. A dispersed wireless signal is weaker and, therefore, is restricted to shorter signal distances. A directional wireless antenna focuses a signal in a particular direction. The focused signal allows for greater transmission distances and a stronger signal. Directional antennas are sometimes used to establish a wireless point-to-point connection where greater transmission distances are often required.

5.6 You have a server at work with a custom application installed. Connections to the server that use the custom application must use IPv6. The server is currently running IPv4. You are the only person who connects to the server, and you always use your Linux laptop for the connection. Your laptop supports both IPv4 and IPv6. The rest of your company network runs only IPv4. You need a cost-effective solution to allow your laptop to connect to the server. Your solution must also support communication through NAT servers. Which client software should you use to connect to the server?

On Linux, Miredo client software is used to implement Teredo tunneling. Teredo tunneling establishes a tunnel between individual hosts. Hosts must be dual-stack hosts so they can tunnel IPv6 packets inside IPv4 packets. Teredo works through NAT.

11.2.8 Two routers with the host names SLC and PROVO have been configured to connect using PPP with CHAP authentication through their BRI0 interfaces. Attempts to establish a session between the two routers fail. You check the running configuration on both routers and find the output shown below: hostname SLCenable password ciscousername PROVO password vanilla!!interface Serial0ip address 172.16.55.129 255.255.255.252encapsulation pppppp authentication chap! ! - remaining output omitted -- hostname PROVOenable password ccnausername SLC password chocolate!!interface Serial0ip address 172.16.55.130 255.255.255.252encapsulation pppppp authentication chap! ! - remaining output omitted -- What should you do to correct the problem?

On SLC, change the username password to chocolate. EXPLANATION The username passwords used by each router must match. In this scenario, changing the username password on SLC to chocolate would correct the problem (you could also change the password on PROVO to vanilla). The username configured on each router must match the host name of the remote router that it will be connecting to. The IP addresses assigned to the interfaces are both on the 172.16.55.128 subnet. You cannot assign that address to a host.

10.6.8 You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?

On a RADIUS server 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. Authentication requests received by the wireless access point are passed to a RADIUS server that validates the logon credentials (such as the username and password).

5.9 You work in an office that uses Linux servers and Windows servers. The network uses the TCP/IP protocol. You are sitting at a workstation that uses Windows 10. An application you are using is unable to contact a Windows server named FileSrv2. Which command can you use to determine whether your computer can still contact the server?

On a TCP/IP-based network, you can use the ping command to check connectivity between a source and destination computer.

10.7.4 You need to place a wireless access point in your two-story building. While trying avoid interference, which of the following is the best location for the access point?

On the top floor In general, place access points high up to avoid interference problems caused by going through building foundations. Do not place the access point next to sources of interference such as other wireless transmitting devices (cordless phones or microwaves) or other sources of interference (motors or generators).

You work for a large multinational organization that has an extensive global network that is interconnected using WAN links and routers. Lately, users in one location have complained that they are unable to access resources stored on a server named FS23 in a South American branch office. To troubleshoot the issue, you have done the following: Verified that the server is up and running. Verified that the various routers in between the two locations are up and running. You suspect that perhaps one of the routers between the two locations may be dropping packets. To test this theory, you enter the ping FS23 -f -l 1500 command on your workstation. The ping command returns the following command for each ping packet sent: "Packet needs to be fragmented but DF set." What does this mean?

One of the intermediate routers is an MTU black hole.

9.1.5 Which of the following are typical components of a NAS device? (Select two.)

One or more NICs A minimal network OS A NAS device typically consists of: A RAID array with terabytes of storage space. A motherboard with a processor and memory. One or more NICs. A minimal network operating system.

13.1.5 Which of the following is not an example of a physical barrier access control mechanism?

One-time passwords EXPLANATION A one-time password is a logical or technical access control mechanism, not a physical barrier access control mechanism. A biometric lock is an entryway security device that keeps a door or gate locked until an authorized individual provides a valid biometric, such as a hand scan. A mantrap is a small room with two doors. Authorized users must authenticate to enter the room and then further authenticate to exit the room and enter the secured environment. If the second authentication fails, the intruder is retained in the room until authorities respond. A fence is a perimeter protection device designed to deter intruders and define the boundary of protection employed by an organization.

8.3.11 After blocking a number of ports to secure your server, you are unable to send email. To allow email service, which of the following needs to be done?

Open port 25 to allow SMTP service. The simple mail transfer protocol (SMTP) uses TCP port 25 and is responsible for sending email. If port 25 is blocked, users will not be able to send email, but they could receive email using port 110 and the POP3 protocol.

8.3.9 Match the firewall type on the left with its associated characteristics on the right. Each firewall type may be used once, more than once, or not at all.

Operates at Layer 2. Virtual firewall Operates at Layer 3. Routed firewall Counts as a hop in the path between hosts. Routed firewall Does not count as a hop in the path between hosts. Virtual firewall Each interface connects to a different network. Routed firewall Each interface connects to the same network segment. Virtual firewall

T568B

Orange white Orange Green white Blue Blue white Green Brown white Brown

You've connected a cable certifier to an RJ45 wall jack, and the output shown below is displayed on the device. What does this output indicate? (Select two.)

Output with x characters between pins indicates that they are shorted. Straight-through connections are displayed using - characters in the output of the cable certifier. Open connections are displayed with no characters or lines between the pin numbers.

10.7.9 You have been hired to troubleshoot a wireless connectivity issue for two separate networks located within a close proximity. Both networks use a WAP from the same manufacturer, and all settings, with the exception of SSIDs, remain configured to the default. Which of the following might you suspect as the cause of the connectivity problems?

Overlapping channels. EXPLANATION Overlapping wireless networks should use different channels to ensure that they do not conflict with each other. In this case, each WAP is using the default channel which, by default, is the same for each WAP. The solution to the problem would be to configure different channels for each access point. To configure client connectivity, the wireless client and the access point must share the same SSID, channel, and WEP encryption strength. In this case, the SSIDs were changed for each station, so they are not the problem.

Network Geography

PAN, LAN, WLAN, MAN, WAN, CAN

13.5.15 Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once.

PIN Something you know Smart card Something you have Password Something you know Retina scan Something you are Fingerprint scan Something you are Hardware token Something you have Voice recognition Something you are Wi-Fi triangulation Somewhere you are Typing behaviors Something you do EXPLANATION Something you know authentication requires you to provide a password or some other data. This is the weakest type of authentication. Examples of something you know authentication controls are: Passwords, codes, or IDs PINs Passphrases (long, sentence-length passwords) Something you have (also called token-based authentication) is authentication based on something users have in their possession. Examples of something you have authentication controls are: Swipe cards Photo IDs Smart cards Hardware tokens Something you are authentication uses a biometric system. A biometric system attempts to identify a person based on metrics or a mathematical representation of the subject's biological attribute. This is the most expensive and least accepted form of authentication but is generally considered to be the most secure. Common attributes used for biometric systems are: Fingerprints Hand topology (side view) or geometry (top-down view) Palm scans Retina scans Iris scans Facial scans Voice recognition Somewhere you are (also known as geolocation) is a supplementary authentication factor that uses physical location to verify a user's identity. Examples of implementations include: An account is locked unless the user has passed through the building's entrance using an ID card. If the user is within RFID range of the workstation, authentication requests are allowed. GPS or Wi-Fi triangulation location data is used to determine a device's location. If the user and the device are in a specified location, authentication requests are allowed. If not, the device is locked. Something you do is a supplementary authentication factor that requires an action to verify a user's identity. Example implementations include: Analyzing a user's handwriting sample against a baseline sample before allowing authentication. Analyzing a user's typing behaviors against a baseline sample before allowing authentication.

11.4.9 You are configuring your computer to dial up to the internet. What protocol should you use?

PPP EXPLANATION PPP, or point-to-point protocol, lets you dial up and connect to the internet.

11.4.11 You have just signed up for internet access using a local provider that gives you a fiber optic line into your house. From there, Ethernet and wireless connections are used to create a small network within your home. Which of the following protocols would be used to provide authentication, authorization, and accounting for the internet connection?

PPPoE EXPLANATION PPP over Ethernet (PPPoE) is used for connections that have an always on state, such as DSL or fiber optic running Ethernet. PPPoE is a modification of PPP that allows for negotiation of additional parameters that are typically not present on a regular Ethernet network. ISPs typically implement PPPoE to control and monitor internet access over broadband links. The point-to-point protocol (PPP) is used for dial-up connections. RDP and ICA are Remote Desktop protocols. L2TP is a VPN protocol.

11.4.10 Which of the following protocols or services is commonly used on cable internet connections for user authentication?

PPPoE EXPLANATION The point-to-point protocol over Ethernet (PPPoE) is commonly used on cable internet connections for user authentication. Like its dial-up counterpart, the point-to-point protocol (PPP), PPPoE requires that users provide authentication information before a connection is granted. The Routing and Remote Access Service (RRAS) is a software program used on Windows systems to provide remote connectivity capabilities to users. Although it could be used for authentication services on a cable internet access system, it is not commonly used for this purpose. The point-to-point protocol (PPP) is a user authentication system commonly deployed on dial-up remote access connections. Remote Desktop Protocol (RDP) is the protocol used by Windows Terminal Services applications, including Remote Desktop.

13.7.4 You want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network. Which of the following protocols is suitable for this task?

PPTP EXPLANATION PPTP is used with VPNs, which allow you to send data securely over a public network.

11.3.3 You are moving to an area where DSL will be available in the next six months. Which method of internet connectivity should you implement until DSL is available if your existing connectivity needs are minimal?

PSTN EXPLANATION Dial-up networking using the public switched telephone network (PSTN) offers sufficient network connectivity for a relatively minimal investment. You can use dial-up with little hardware, setup, or connection costs. The other modes of networking provide greater capability than you require at more of an investment in equipment than is worthwhile for such a short period of time.

11.1.13 You are traveling throughout North America to many metropolitan and rural areas. Which single form of internet connectivity provides the greatest potential connectivity wherever you travel?

PSTN EXPLANATION Network access using a modem over the telephone company network (PSTN) is not the fastest method for internet connectivity. However, it has the advantage of being available virtually anywhere that regular voice-grade communications are available. Broadband cable is dependent on service offerings from the regional cable television company, which does not have as great a presence as the telephone company. To use broadband cable, the service must be added to the cable TV lines. DSL and ISDN are offered through the telephone company; however, they are not available in all service areas. And even when available, they require that the subscriber be within a certain proximity of telephone company equipment.

Which of the following terms identifies the network of dial-up telephone and long-distance lines?

PSTN EXPLANATION The Public Switched Telephone Network (PSTN) is the network used for placing local and long-distance phone calls. The local loop uses analog signals over POTS (regular telephone cable wires). The long-distance network typically uses digital signaling over fiber optic (typically using SONET). Integrated Services Digital Network (ISDN) is a WAN technology that provides increased bandwidth within the local loop. Frame relay is a protocol used to connect to a WAN over dedicated (leased) lines. ATM is a WAN communication technology originally designed to carry time-sensitive data, such as voice and video. Voice over IP (VoIP) is a method for carrying phone calls over an IP-based network

13.1.6 You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which camera type should you choose?

PTZ EXPLANATION A pan tilt zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas (cameras without PTZ capabilities are manually set looking a specific direction). Automatic PTZ mode automatically moves the camera between several preset locations; manual PTZ lets an operator remotely control the camera positon. A bullet camera has a built-in lens and is long and round in shape. Most bullet cameras can be used indoors or outdoors. A c-mount camera has interchangeable lenses and is typically rectangular in shape. Most c-mount cameras require a special housing to be used outdoors. A dome camera is a camera protected with a plastic or glass dome. These cameras are more vandal-resistant than other cameras. PTZ cameras can be bullet, c-mount, or dome cameras.

9.5.2 Which of the following best describes the platform as a service (PaaS) cloud computing service model?

PaaS delivers everything a developer needs to build an application onto the cloud infrastructure. EXPLANATION Platform as a service (PaaS) delivers everything a developer needs to build an application on the cloud infrastructure. The deployment comes without the cost and complexity of buying and managing the underlying hardware and software layers. Software as a service (SaaS) delivers software applications to the client either over the internet or on a local area network. Infrastructure as a service (IaaS) delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. The client deploys and runs software without purchasing servers, data center space, or network equipment. Data as a service (DaaS) stores and provides data from a centralized location without requiring local collection and storage.

8.3.1 Match the firewall type on the right with the OSI layer at which it operates. Each OSI Layer may be used once, more than once, or not at all.

Packet filtering firewall OSI Layer 3 Circuit-level proxy OSI Layer 5 Application-level gateway OSI Layer 7 Routed firewall OSI Layer 3 Transparent firewall OSI Layer 2

11.1.7 Which network type divides transmitted data into smaller pieces and allows multiple communications on the network medium?

Packet-switched EXPLANATION A packet-switched network divides data into small units called packets. These packets are routed by their destination addresses. In a packet-switched network, multiple hosts can use the network medium at the same time. An Ethernet computer network is an example of a packet-switched network.

vertical cross connect

Part of a network's backbone that supplies connectivity between a building's floors. For example, vertical cross-connects might connect an MDF and an IDF or IDFs and telecommunications closets within a building.

A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try and determine which operating systems are running on network hosts. Which process did the administrator use in the penetration test in this scenario?

Passive fingerprinting EXPLANATION The administrator in this scenario used passive fingerprinting. Passive fingerprinting is a form of system enumeration that is designed to gain as much information about network computers as possible. It passively listens to network traffic generated by network hosts and attempts to identify which operating systems are in use based upon the ICMP message quoting characteristics they use. Portions of original ICMP requests are repeated (or quoted) within each response. Each operating system quotes this information back in a slightly different manner. Active fingerprinting works in much the same manner as passive fingerprinting. However, it utilizes active probes of specific systems instead of passive monitoring. Network enumeration (also called network mapping) involves a thorough and systematic discovery of as much of the corporate network as possible, using: Social engineering Wardriving War dialing Banner grabbing Firewalking Firewalking uses traceroute techniques to discover which services can pass through a firewall or a router. Hping and Firewalk are common firewalking tools.

13.5.12 Which of the following is the most common form of authentication?

Password Passwords are the most common form of authentication. Most secure systems require only a username and password to provide users with access to the computing environment. Many forms of online intrusion attacks focus on stealing passwords. This makes using strong passwords very important. Without a strong password policy and properly trained users, the reliability of your security system is greatly diminished.

Patch Panel

Patch panels permit circuits to be arranged and rearranged by plugging and unplugging respective patch cords in a mounted hardware assembly.

You have implemented a network where each device provides all other devices on the network with access to shared files. What type of network do you have?

Peer-to-peer

13.2.12 Match the social engineering description on the left with the appropriate attack type on the right.

Phishing An attacker sends an email pretending to be from a trusted organization, asking users to access a website to verify personal information. Whaling An attacker gathers personal information about the target individual, who is a CEO. Spear phishing An attacker gathers personal information about the target individual in an organization. Dumpster diving An attacker searches through an organization's trash for sensitive information. Piggybacking An attacker enters a secure building by following an authorized employee through a secure door without providing identification. Vishing An attacker uses a telephone to convince target individuals to reveal their credit card information.

13.2.4 Users on your network report that they have received an email stating that the company has just launched a new website. The email asks employees to click the website link in the email and log in using their username and password. No one in your company has sent this email. What type of attack is this?

Phishing EXPLANATION Phishing uses an email and a spoofed website to obtain sensitive information. In a phishing attack: A fraudulent message that appears to be legitimate is sent to a target. The message guides the target to a website that appears to be legitimate. The fraudulent website asks the victim to provide sensitive information, such as an account number and password.

UTP Cable Types

Phone cable -Rj11 Cat 3-cat6a -RJ45 Cat 7 -GG45/TERA

Architecture Layers

Physical and Data Link

Network Architecture

Physical and Data Link

Which pins in an RJ45 connector are used to transmit data when used on a 100BaseT Ethernet network? (Select two.)

Pin 1 Pin 2

10Base-T (IEEE 802.3)

Pin 1: Transmit+ Pin 2: Transmit- Pin 3: Receive+ Pin 6: Receive- Pins 4, 5, 7, and 8 are unused.

10.7.1 Which of the following recommendations should you follow when placing access points to provide wireless access for users within your company building?

Place access points above where most clients are. EXPLANATION Follow a few guidelines for placing wireless access points: Devices often get better reception from access points that are above or below. If possible, place access points higher up to avoid interference problems caused by going through building foundations. For security reasons, do not place APs near outside walls. The signal will extend outside beyond the walls. Placing the AP in the center of the building decreases the range of the signals available outside of the building. When using multiple access points, place access points evenly through the area, taking care to minimize the overlap of the broadcast area while ensuring adequate coverage for all areas.

You are adding new wires in your building for some new offices. The building has a false ceiling that holds the lights and provides an air path for heating and air conditioning. You would like to run your Ethernet cables in this area. Which type of cable must you use?

Plenum rated cable

You are adding new wires in your building for some new offices. The building has a false ceiling that holds the lights and provides an air path for heating and air conditioning. You would like to run your Ethernet cables in this area.

Plenum rated cable is fire resistant and non-toxic. You must use plenum rated cable to wire in air spaces used by heating and air conditioning systems. You cannot use PVC jacketed cable to wire above ceilings because it is toxic when burned.

9.2.13 Which of the following features is used with digital IP phones to supply power through a switch port?

PoE EXPLANATION Power over Ethernet (PoE) supplies power to end devices through the RJ45 Ethernet switch port. Power to the phone is carried on unused wires within the drop cables. Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on each switch and is used to select a single path between any two switches. Trunking allows a switch to forward VLAN traffic between switches. 802.1x is an authentication protocol used with port security or port authentication.

9.2.12 Which switch features are typically used with VoIP? (Select two.)

PoE VLAN EXPLANATION When configuring Voice over IP (VoIP), switches with Power over Ethernet (PoE) capabilities provide power to the VoIP phone through an Ethernet cable, the same cable that is used for transmitting data signals. Virtual LANs (VLANs) are often used to distinguish voice traffic from data traffic so that Quality of Service (QoS) measures can be applied to traffic that is part of the voice VLAN. Bonding allows multiple switch ports to be used at the same time to reach a specific destination. Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on each switch and is used to select a single path between any two switches. Mirroring sends traffic from all switch ports to a switch port you designate as the mirrored port.

12.1.10 A new law was recently passed that states that all businesses must keep a history of the emails sent between members of the board of directors. You need to ensure that your organization complies with this law. Which document type would you update first in response to this new law?

Policy EXPLANATION Based on the new law, you would likely need to update your policy statement first. A policy is a document that describes the overall goals and requirements for a network. Policies are often written in response to regulations. After you have updated the policy to identify that the new law will be followed, you would likely need to update procedure documents to identify how the policy (and the law) will be implemented. Next, you might make the necessary changes on specific devices and then update the configuration and change documents for those devices to reflect the new configuration and the actions you took.

PVC

Polyvinyl chloride is a type of plastic use to shield objects such as coaxial cable.

Which of the following associates a port number with a host on a private network?

Port address translation (PAT) associates a port number with the translated address. Use PAT to allow multiple private hosts to share a single public address. Each private host is associated with a unique port number.

13.5.1 You manage a network that uses switches. In the lobby of your building, there are three RJ45 ports connected to a switch. You want to make sure that visitors cannot plug their computers into the free network jacks and connect to the network. But employees who plug into those same jacks should be able to connect to the network. What feature should you configure?

Port authentication

You manage a network that uses switches. In the lobby of your building are three RJ45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers into the free network jacks and connect to the network, but you want employees who plug into those same jacks should be able to connect to the network. What feature should you configure?

Port authentication EXPLANATION Use port authentication to prevent unauthorized access through switch ports. Port authentication is provided by the 802.1x protocol and allows only authenticated devices to connect to the LAN through the switch. Authentication uses usernames and passwords, smart cards, or other authentication methods. When a device first connects, the port is set to an unauthorized state. Ports in unauthorized states can only be used for 802.1x authentication traffic. After the server authenticates the device or the user, the switch port is placed in an authorized state, and access to other LAN devices is allowed. With a VLAN, you assign each port to a VLAN. If the ports in the lobby were assigned to one VLAN, you could control the type of access through the switch for those ports, but could not modify the access based on user. If you use a VLAN, both visitors and employees would have the same access through those ports. Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on each switch and is used to select a single path between any two switches. Mirroring sends traffic from all switch ports to a switch port you designate as the mirrored port. Bonding allows multiple switch ports to be used at the same time to reach a specific destination.

Which of the following techniques allows incoming traffic addressed to a specific port to move through a NAT router and be forwarded to a specific host?

Port forwarding is a type of static NAT implementation where a specific port is mapped to a private IP address. Incoming traffic that is addressed to a specific port is then forwarded to the specified host.

Which type of security uses MAC addresses to identity devices that are allowed or denied a connection to a switch?

Port security

A network utilizes a network access control (NAC) solution to protect against malware. When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. What is this process called?

Posture assessment EXPLANATION When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. This is called a posture assessment. The agent then submits the results of the assessment as a statement of health (SoH) to the system health validator (SHV). If the host does not meet the client health requirements configured in the NAC system, then it is placed on a quarantine network, where it is remediated. Port security is configured on a switch to restrict connections to hosts with specific MAC addresses.

What does an IDS that uses signature recognition use to identify attacks?

Potential attack activity compared to a database of known attacks.

Match each layer of the TCP/IP model on the left with the corresponding layer of the OSI model on the right. Each option on the left can be used more than once.

Presentation Application Data Link Network Access Application Application Session Application Network Internet Transport Host-to-Host

10.3.5 You have a small wireless network that uses multiple access points. The network uses WPA and broadcasts the SSID. WPA2 is not supported by the wireless access points. You want to connect a laptop computer to the wireless network. Which of the following parameters will you need to configure on the laptop? (Select two.)

Preshared key TKIP encryption To connect to the wireless network using WPA, you need to use a preshared key and TKIP encryption. A preshared key used with WPA is known as WPA-PSK or WPA Personal. AES encryption is used by WPA2. The channel is automatically detected by the client. The basic service set identifier (BSSID) is a 48-bit value that identifies an AP in an infrastructure network or a STP in an ad hoc network. The client automatically reads the BSSID and uses it to keep track of APs as they roam between cells.

You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. All computers on your home network can connect to the internet. From your work office, you try to access your home computer using its IP address, but are unable to communicate with the server. You are able to connect to other hosts on the internet. Why can't you access the server?

Private addresses are not accessible through the internet.

5.2 CorpServ is a small company with 14 client systems and a network printer. Because there are only a limited number of networked systems, you decide to use APIPA addressing for the network. With APIPA configured, all systems are able to communicate with each other, but you are having trouble configuring Internet access. What is the likely cause of the problem?

Private addresses cannot directly communicate to hosts outside the local subnet. -APIPA assigns private addresses designed for use on single-subnet networks that do not use routers. If internet access is required, APIPA cannot be used to provide clients direct access to the internet. APIPA is enabled by default and will assign an address if the DHCP server is unavailable.

9.5.4 Match each description on the left with the appropriate cloud technology on the right.

Public cloud Provides cloud services to just about anyone. Private cloud Provides cloud services to a single organization. Community cloud Allows cloud services to be shared by several organizations. Hybrid cloud Integrates one cloud service with other cloud services. EXPLANATION Cloud computing can be implemented in several different ways, including the following: A public cloud can be accessed by anyone. Cloud-based computing resources are made available to the general public by a cloud service provider. The service provider may or may not require a fee for using these resources. For example, Google provides many publicly accessible cloud applications, such as Gmail and Google Docs. A private cloud provides resources to a single organization. Access is restricted to only the users within that organization. An organization commonly enters into an agreement with a cloud service provider that provides secure access to cloud-based resources. The organization's data is kept separate and secure from any other organization using the same service provider. A community cloud is designed to be shared by several organizations. Access is restricted to only users within the organizations who are sharing the community cloud infrastructure. Community clouds are commonly hosted externally by a third party. A hybrid cloud is composed of a combination of public, private, and community cloud resources from different service providers. The goal behind a hybrid cloud is to expand the functionality of a given cloud service by integrating it with other cloud services.

Your computer has an IP address of 161.13.5.15. Your computer is on a:

Public network Most IP addresses are public IP addresses. However, certain ranges have been reserved for private networks. These are: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255

13.2.3 How can an organization help prevent social engineering attacks? (Select two.)

Publish and enforce clearly written security policies Educate employees on the risks and countermeasures

8.3.3 You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)

Put the web server inside the DMZ. Put the database server on the private network.

9.2.5 How can QoS be configured so that large data transfers will not block VoIP calls by using too much network bandwidth?

QoS can be configured on network devices to give priority to VoIP traffic. Network devices can examine the type of service or precedence bits in the header of an IP packet to determine the type of traffic. QoS settings can be configured on a network devices to give VoIP traffic priority over normal computer traffic.

12.2.10 When analyzing assets, which analysis method assigns financial values to assets?

Quantitative EXPLANATION Quantitative analysis assigns a financial value, or a real number, and the cost required to recover from a loss to each asset. Qualitative analysis seeks to identify costs that cannot be concretely defined using quantitative analysis. Transfer and acceptance are responses to risk, not risk analysis methods.

11.4.1 Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)

RADIUS TACACS+

13.5.2 Which of the following is a platform independent authentication system that maintains a database of user accounts and passwords that centralizes the maintenance of those accounts?

RADIUS The Remote Authentication Dial-In User Service (RADIUS) is an authentication system that allows the centralization of remote user account management. The Remote Authentication Dial-In User Service (RADIUS) is an authentication system that allows the centralization of remote user account management. The Routing and Remote Access Service (RRAS) is a software component on a Windows Server system that provides remote access capabilities for users. A network access server (NAS) is a server or other system that acts as a gateway for remote user connections. The NAS passes authentication requests to the RADIUS server, which then checks the credentials of the user attempting to connect. NAS is also an acronym for network attached storage. Extensible authentication protocol (EAP) is an authentication protocol that supports the use of devices such as smart cards. It does not maintain a database of user accounts and passwords.

11.4.14 Which type of device is required to implement port authentication through a switch?

RADIUS server EXPLANATION Port authentication is provided by the 802.1x protocol and allows only authenticated devices to connect to the LAN through the switch. 802.1x requires a RADIUS server (also called an AAA server) to validate the authentication credentials. A router or a Layer 3 switch are required to enable communication between VLANs. A proxy server controls access based on URL or other upper-layer information.

11.4.12 You want to set up a service that allows multiple users to dial in to the office server from modems on their home computers. What service should you implement?

RAS EXPLANATION RAS stands for Remote Access Service, which enables users to dial in to a server from remote locations. ISDN is a digital communications network that uses existing phone lines. PPP is a remote access protocol. You will likely configure your RAS server to accept PPP connections. RIP stands for routing information protocol and allows routers to share information.

Which of the following statements about RIP is true?

RIP uses hop counts as the cost metric.

Why might you use an RJ11 connector?

RJ11 connectors are typically used for telephones and modems.

Which connector is used with Ethernet 100BaseT networks?

RJ45 connectors are used with Ethernet 100BaseT networks.

6.6.12 You need to configure spanning tree on a Cisco switch. You'd like to use a protocol that conforms to the 802.1w standards. Which protocol should you use?

Rapid PVST+ Rapid PVST+ is the IEEE 802.1w standard. RSTP improves convergence by actively confirming that a switch is ready to transition to a forwarding state, eliminating the listening and learning stages. RSTP defines several new types of links and uses fewer spanning tree states.

12.1.3 You need to find out what kind of laws might apply to the design and operation of your network. Which type of document would you consult?

Regulation EXPLANATION A regulation is a requirement published by a government or other licensing body that must be followed. While you are not responsible for writing regulations, you are responsible for knowing which regulations apply to your organization and making sure that those regulations are understood and adhered to. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. Policies are often written in response to regulations. A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but go beyond the policy by identifying specific steps that are to be implemented. The use of consistent procedures ensures that the goals defined in a policy are met and provides consistency in actions performed by multiple administrators. A baseline is a snapshot of the performance statistics of the network or devices. The baseline is used as a logical basis for future comparison. Baselines enable you to effectively monitor the performance of your system to determine when changes negatively impact performance or when systems need upgrades or replacement.

11.4.13 You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that server that you need. You want the connection to be as secure as possible. Which type of connection will you need?

Remote access EXPLANATION Use a remote access connection to connect directly to a server at a remote location. You could use a VPN connection through the internet to connect to the server security. However, the connection would involve connecting to the internet through a local ISP, then establishing a VPN connection to the server. While the VPN connection through the internet is secure, it is not as secure as a direct remote connection to the server. An intranet is an internal network that only internal users can access.

10.7.7 You are implementing a wireless network inside a local office. You require a wireless link to connect a laptop in the administrator's office directly to a system in the sales department. In the default configuration, the wireless AP uses a 360-dispersed RF wave design. After installation, the signal between the two systems is weak, as many obstacles interfere with the signal. Which of the following strategies could you try to increase signal strength?

Replace the omni-directional antenna with a directional antenna. EXPLANATION A directional antenna is designed to create a narrow, focused signal in a particular direction. This focused signal provides greater signal strength between two points and increases the distance that the signal can travel. Because directional antennas provide a stronger point-to-point connection, they are better equipped to handle obstacles that may be in the way of the signal. The default antenna used with this configuration is an omni-directional antenna that disperses the RF wave in an equal 360-degree pattern. This antenna is commonly used to provide access to many clients in a radius.

10.6.12 Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?

Rogue access point EXPLANATION A rogue access point is an unauthorized access point added to a network or an access point that is configured to mimic a valid access point. Examples include: An attacker or an employee with access to the wired network installs a wireless access point on a free port. The access port then provides a method for remotely accessing the network. An attacker near a valid wireless access point installs an access point with the same (or similar) SSID. The access point is configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point. An attacker configures a wireless access point in a public location, then monitors traffic of those who connect to the access point. A man-in-the-middle attack is used to intercept information passing between two communication partners. A rogue access point might be used to initiate a man-in-the-middle attack, but in this case the rogue access point was connected without malicious intent. Social engineering exploits human nature by convincing someone to reveal information or perform an activity. Phishing uses an email and a spoofed website to gain sensitive information.

12.3.13 Which component of a change and configuration management policy specifies options for reverting a system back to the state it was in before a change was made?

Rollback EXPLANATION In the event that a change unintentionally causes problems, your change and configuration management process should include provisions for a rollback. A rollback makes it possible to revert the system back to the state it was in before the change was put into effect. Authorized downtime defines a maintenance window during which the system will be unavailable while the change is made. A change request identifies the need for a change. A feasibility analysis identifies technical and budgetary considerations for a change. It also identifies any potential impacts to the network.

Which of the following is undetectable software that allows administrator-level access?

Rootkit EXPLANATION A rootkit is a set of programs that allows attackers to maintain permanent administrator-level hidden access to a computer. A rootkit: Is almost invisible software. Resides below regular antivirus software detection. Requires administrator privileges to install, then maintains those privileges to allow subsequent access. Might not be malicious. Often replaces operating system files with alternate versions that allow hidden access. A worm is a self-replicating virus. A Trojan horse is a malicious program that is disguised as legitimate or desirable software. A logic bomb is designed to execute only under predefined conditions and lays dormant until the predefined condition is met. Spyware is software that is installed without the user's consent or knowledge and is designed to intercept or take partial control over the user's interaction with the computer.

11.2.2 RouterA is connected to RouterB through Serial1. You want to configure the link to use PPP with CHAP authentication with a password of cisco. Which set of commands would you use on RouterA to complete the configuration?

RouterA(config)#int s1 RouterA(config-if)#encap ppp RouterA(config-if)#ppp auth chap RouterA(config)#username RouterB password cisco EXPLANATION To complete this configuration, you need to: Identify the interface you want to configure with the int s1 command. Set PPP encapsulation with the encapsulation command. Set the PPP authentication to CHAP with the ppp authentication command. Identify RouterB and the password with the username command.

In the OSI model, what is the primary function of the Network layer?

Routes messages between networks

6.4 You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the same switch which is in VLAN 2. What should you configure so that the two devices can communicate?

Routing

5.4 You have a Windows Server 2016 system that you want to use as a DHCP relay agent. Which Windows Server 2016 service would you use to do this?

Routing and Remote Access In Windows Server 2016, the DHCP Relay Agent role is enabled and configured using the Routing and Remote Access service. Before a Windows server can be used as a DHCP Relay Agent, the Routing and Remote Access service (RRAS) must be installed.

6.6.2 Which of the following solutions would you implement to eliminate switching loops?

Run the spanning tree protocol to prevent switching loops. A switching loop occurs when there are multiple active paths between switches. The spanning tree protocol runs on each switch and is used to select a single path between any two switches. Switch ports that are part of that path are placed in a forwarding state. Switch ports that are part of redundant but unused paths are placed in a blocking (non-forwarding) state.

9.2.8 Which of the following protocols is used by VoIP to set up, maintain, and terminate a phone call?

SIP EXPLANATION The session initiation protocol (SIP) is used to set up, maintain, tear down, and redirect the call. The real-time transport protocol (RTP) contains the actual voice data. SSH is used for secure remote administration of a network device. TLS is used to add security to other protocols. NTP is used for synchronizing clocks on network devices.

EMAIL

SMTP POP3 IMAP4

What protocol sends email to a mail server?

SMTP sends email to a mail server.

Network Management

SNMP RTE(TELNET) SSH

Secure Shell

SSH

13.6.2 Telnet is inherently insecure because its communication is in plaintext and is easily intercepted. Which of the following is an acceptable alternative to Telnet?

SSH EXPLANATION SSH (Secure Shell) is a secure and acceptable alternative to Telnet. SSH allows secure interactive control of remote systems. SSH uses RSA public key cryptography for both connection and authentication. SSH uses the IDEA algorithm for encryption by default, but is able to use Blowfish and DES.

13.6.4 Which of the following protocols can be used to securely manage a network device from a remote connection?

SSH EXPLANATION SSH allows for secure interactive control of remote systems. SSH is a secure and acceptable alternative to Telnet. SFTP is a file transfer protocol that uses Secure Shell (SSH) to secure data transfers. TLS ensures that messages being transmitted on the Internet are private and tamper proof. TLS is often used to add security to other protocols.

10.7.3 You have physically added a wireless access point to your network and installed a wireless networking card in two laptops running Windows. Neither laptop can find the network, and you have come to the conclusion that you must manually configure the wireless access point (AP). Which of the following values uniquely identifies the network AP?

SSID The SSID (service set identifier) identifies the wireless network. All PCs and access points in a LAN share the same SSID. WEP (Wired equivalent privacy) is used to add a layer of security to the transmission, while the channel identifies the frequency that the card and AP will communicate on.

13.6.7 Which protocol does HTTPS use to offer greater security in web transactions?

SSL

13.6.3 You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols would be most likely to be allowed through the widest number of firewalls?

SSL EXPLANATION Ports must be opened in firewalls to allow VPN protocols. For this reason, using SSL for the VPN often works through firewalls when other solutions do not because SSL uses port 443--a port that is often already open to allow HTTPS traffic. In addition, some NAT solutions do not work well with VPN connections.

Security Protocols

SSL TLS

13.6.6 Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)

SSL TLS EXPLANATION Both Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols that are used with other protocols to add security. In addition, Secure Shell (SSH) can be used to add security when using unsecure protocols.

13.6.1 You can use a variety of methods to manage the configuration of a network router. Match the management option on the right with its corresponding description on the left. (Each option may be used once, more than once, or not at all.)

SSL Uses public-key cryptography HTTP Transfers data in clear text SSH Uses public-key cryptography Telnet Transfers data in clear text Console port Cannot be sniffed EXPLANATION The following router management options transfer data in clear text and should not be used: HTTP Telnet The following management options use public-key cryptography to protect data transferred between the router and the management station: SSL (used in conjunction with HTTP) SSH The most secure way to manage a router's configuration is to connect the management station to the router's console port. This creates a dedicated transmission path that can't be sniffed by hosts on the network.

TCP Protocols

SSL-Secure Sockets Layer TLS-Transport Layer Security HTTP-Hypertext Transfer Protocol FTP-File Transfer Protocol SFTP-Secure File Transfer Protocol SCP-Secure Copy SMTP-Simple Mail Transfer Protocol POP3-Post Office Protocol IMAP-Internet Map Access Protocol TELNET SSH-Secure Shell

Which of the following connectors is used with fiber optic cables and requires that you use a twisting motion to connect it?

ST

STP

STP stands for shielded twisted pair. Shielding is electrically conductive foil or braided material that is wrapped around pairs of wires, around the overall cable, or both.

9.5.1 Which of the following cloud computing solutions will deliver software applications to a client either over the internet or on a local area network?

SaaS Software as a service (SaaS) delivers software applications to the client either over the internet or on a local area network.

11.3.4 Which of the following is most susceptible to interference-related to atmospheric conditions?

Satellite EXPLANATION All networks are subject to extreme atmospheric conditions. Severe weather conditions can interrupt power telephone and other services. Satellite-based networking, however, is susceptible even to relatively mild atmospheric events such as fog and other conditions that can impair satellite transmissions.

11.3.2 A healthcare organization provides mobile clinics throughout the world. Which network technology should you select to transfer patient statistical data to a central database via the internet to ensure network connectivity for any clinic located anywhere in the world, even remote areas?

Satellite EXPLANATION Satellite capability is available even in areas that do not have a local network infrastructure. Satellite requires a local portable transmitter with an antenna directed skyward to a satellite. Satellite service providers offer nearly 100% global network coverage by maintaining a series of satellites circling the earth in geosynchronous orbit. Dial-up, ISDN ,and cable modem require a local network infrastructure provided by either the telephone company or cable television company.

13.1.7 You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan?

Security guards EXPLANATION When used in a preventative way, you must have a guard or other person available who monitors one or more cameras. Only a security guard can interpret what the camera sees to make appropriate security decisions. Even with sufficient lighting on a low-lux or infrared camera, a camera is not a useful preventative measure without a security guard present to interpret images and make security decisions. A pan tilt zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas.

You use Cat5e twisted pair cable on your network. Cables are routed through walls and the ceiling. A user puts a screw in the wall to hang a picture and pierces the cable so that a signal sent on pin 1 arrives on the cable connected to pin 7. Which term describes this condition?

Short circuit

Demarc

Short for demarcation point, is the line that marks the boundary between the telecommunications equipment and your private network

9.1.3 Which of the following does not accurately describe an iSCSI SAN?

Should be implemented on a standard production network with other network traffic. ISCI should never be implemented on a standard production network. The performance of the SAN will be heavily impacted. Best practice is to use dedicated network infrastructure.

13.2.2 Which of the following are examples of social engineering? (Select two.)

Shoulder surfing Dumpster diving

Radio Frequency Interference (RFI)

Signals caused by cordless phones, microwave ovens, and wireless devices that interfere with wireless networking.

Which type of optical fiber is normally used to connect two buildings that are several kilometers apart?

Single-mode

Which of the following is true about single-mode fiber optic network cabling?

Single-mode fiber optic cabling provides one path (or mode) for the light to travel. It supports longer transmission distances than multi-mode fiber optic cable, and it's also more expensive. Single-mode cabling also has a central core that is much smaller than standard multi-mode fiber optic cabling core.

Which of the following are examples of Type 2 authentication credentials? (Select two.)

Smart card Photo ID

13.3.3 Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf

Which of the following are denial of service attacks? (Select two.)

Smurf Fraggle

8.1.15 You are monitoring network traffic on your network, and you see traffic between two network hosts on port 1720. What is the source of this network traffic?

Someone is using voice over IP (VoIP) to make a telephone call. Someone on the network is using voice over IP (VoIP) to make a telephone call. Some VoIP implementations use the H.323 protocol to set up, maintain, tear down, and redirect calls. H.323 uses port 1720.

What is modified in the most common form of spoofing on a typical IP packet?

Source address

13.3.8 An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. What kind of attack has occurred in this scenario?

Spam EXPLANATION Spam is unwanted and unsolicited email sent to many recipients. Spam: Can be benign, such as emails trying to sell products. Can be malicious, containing phishing attacks, drive-by downloads, or malware. Can contain malware as attachments. Wastes bandwidth and could fill the inbox, resulting in a denial of service condition.

6.6.15 You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support?

Spanning tree

6.6.1 You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?

Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on each switch and is used to select a single path between any two switches. Without the spanning tree protocol, switches that are connected with multiple links would form a switching loop, where frames are passed back and forth continuously. Spanning tree provides only a single active path between switches. Switch ports that are part of that path are placed in a forwarding state. Switch ports that are part of redundant but unused paths are placed in a blocking (non-forwarding) state. When an active path goes down, the spanning tree protocol automatically recovers and activates the backup ports necessary to provide continued connection between devices.

12.3.6 Match each interoperability agreement document on the left with the appropriate description on the right. Each document may be used once, more than once, or not at all.

Specifies exactly which services will be performed by each party. SLA Binds a vendor in an agreement to provide services on an ongoing basis. BPO Provides a summary of which party is responsible for performing specific tasks. MOU Documents how the networks will be connected. ISA Defines how disputes will be managed. SLA Specifies a preset discounted pricing structure. BPO

5.4 You are configuring the DHCP Relay Agent role on a Windows server. Which of the following is a required step for the configuration?

Specify which server network interface the agent listens on for DHCP messages. -When configuring the DHCP Relay Agent role, you need to specify which server network interface the agent will listen on for DHCP messages.

Which of the following topologies connects each network device to a central hub?

Star

8.1.8 Which of the following are characteristics of a circuit-level gateway? (Select two.)

Stateful Filters by session A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session. Packet filtering firewalls are stateless and filter by on IP address and port number. Application-level gateways filter by the application layer data, which might include data such as URLs within an HTTP request.

5.6 You manage a network that uses IPv6 addressing. When clients connect devices to the network, they generate an interface ID and use NDP to learn the subnet prefix and default gateway. Which IPv6 address assignment method is being used?

Stateless autoconfiguration -With stateless autoconfiguration, clients automatically generate an interface ID and learn the subnet prefix and default gateway through the neighbor discovery protocol (NDP). -With static full assignment, the entire 128-bit address and all other configuration information is statically assigned. -Static partial assignment generates the interface ID from the MAC address, and clients are statically assigned the prefix. -Stateful DHCPv6 is when the DHCP server provides each client with an IP address, default gateway, and other IP configuration information.

12.3.4 Which business document is a contract that defines the tasks, time frame, and deliverables that a vendor must perform for a client?

Statement of work

You are the network administrator for a small company that implements NAT to access the internet. You recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these five servers?

Static Static translation consistently maps an unregistered IP address to the same registered IP address on a one-to-one basis. Static NAT is particularly useful when a device needs to be assigned the same address so it can be accessed from outside the network, such as web servers and other similar devices.

9.1.2 Arrange the Fibre Channel (FC) SAN implementation tasks in the order they should be performed to build a redundant FC SAN.

Step 1 Install two Fiber Channel host bus adapters in each server that will access the shared storage on the SAN. Step 2 Deploy two FC switches. Step 3 Using fiber optic cables, connect each server to each FC switch by connecting one FC HBA to one FC switch and the other FC HBA to the other FC switch. Step 4 Deploy the shared storage devices, such as an external RAID device containing multiple hard disk drives and two FC HBAs. Using fiber optic cables, connect each storage device to each FC switch by connecting one FC HBA to one FC switch and the other FC HBA to the other FC switch.

5.1 Which of the following best describes the purpose of using subnets?

Subnets divide an IP network address into multiple network addresses.

5.1 You manage a subnet that uses the subnet address 198.162.1.0/23. Which of the following best describes how addressing is configured for the subnet?

Supernetting -Supernetting is performed by taking the default subnet mask and making it smaller (using less bits)

11.3.5 Which of the following is a characteristic of SDSL?

Supports data traffic only (no voice) EXPLANATION Symmetrical DSL (SDSL) has the following features: The entire line is used for data, making simultaneous voice and data impossible. Speeds between 1.544-2.048 Mbps are possible. Upload and download speeds are equal. Line splitters are not required because voice traffic is not on the line. ADSL and VDSL have unequal upload and download speeds. Both support simultaneous voice and data traffic, so splitters are required. VDSL supports speeds up to 100 Mbps.

3.2 Which of the following devices operates at the OSI model Layer 2?

Switch

6.4 Which of the following connectivity hardware is used to create a VLAN?

Switch

6.4 You can create a virtual LAN using which of the following?

Switch

6.4 You want to reduce collisions by creating separate collision domains and virtual LANs. Which of the following devices should you choose?

Switch

What device is used to create a physical star topology?

Switch

Which of the following devices is used on a LAN and offers guaranteed bandwidth to each port?

Switch

3.2 Which of the following devices operate at OSI model Layer 2? (Select two.)

Switch NIC

6.4 When you configure VLANs on a switch, which of the following is used to identify a device's VLAN membership?

Switch port

Which of the following devices operate at the Data Link layer of the OSI model? (Select three.)

Switches Bridges Network interface cards (NICs)

6.5 Which of the following statements accurately describes a VLAN ID?

Switches append a VLAN ID to the header of each frame to identify the virtual network it belongs to.

6.6.6 Switches running STP are in the process of exchanging BPDUs and redefining their roles. Which port state are the switches currently in?

Switches that are exchanging STP configuration information to define their roles are in the listening state. After listening, designated bridges progress to learning and then forwarding. Backup bridges return to blocking.

6.6.3 Which problem does the spanning tree protocol prevent?

Switching loops from developing when redundant paths are implemented between switches. The spanning tree protocol is a long-standing protocol that runs in the background of bridged and switched networks to keep message loops from occurring.

Which of the following correctly describes the T1 carrier system? (Select two.)

T1 lines use two pairs of copper wire. A single T1 channel can transfer data at 64 Kbps. EXPLANATION The T1 carrier system consists of 24 separate channels. Each channel provides 64 Kbps of data throughput. A T1 line is traditionally implemented using two pairs of twisted copper wire; two wires are used for transmission, and two wires are used for reception. Lately, many ISPs provide T1 carrier service using a variety of network media, including fiber optic cable, coaxial cable, and radio waves.

11.1.10 You are implementing internet connectivity for a new start-up company. Your client will provide online storefronts for retailers. To do this, they have calculated that their internet connection must provide a data rate of at least 20-30 Mbps. Which type of service should you implement?

T3 EXPLANATION The T3 carrier service is similar to T1; however, it provides a throughput of 44.736 Mbps. The T1 service provides a data rate of only 1.544 Mbps. T3 is the only listed service that provides a data rate fast enough for the client in this scenario.

13.5.3 Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)

TACACS+ RADIUS Both RADIUS and TACACS+ are protocols used for centralized authentication, authorization, and accounting used with remote access. Remote access clients send authentication credentials to remote access servers. Remote access servers are configured as clients to the RADIUS or TACACS+ servers and forward the authentication credentials to the servers. The servers maintain a database of users and policies that control access for multiple remote access servers.

UDP Protocols

TFTP-Trivial FIle Transfer Protocol DHCP-Dynamin Host Configuration Protocol NTP-Network Time Protocol SNMP

Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)

TLS SSL

5.6 Which of the following are characteristics of Teredo tunneling? (Select three.)

Teredo tunneling has the following characteristics: -Tunnel endpoints are configured on hosts. -Hosts are dual-stack hosts and perform tunneling to send IPv6 packets on the IPv4 network. -Works through NAT.

If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?

Terminate the intruder's session. EXPLANATION If maintaining confidentiality is of the utmost importance to your organization, then disconnecting an intruder is the best response. Allowing an intruder to spend any additional time inside of your network once discovered can lead to further breaches of confidentiality. Delaying, auditing, and monitoring become important responses if prosecution is important.

Terminator

Terminators absorb signals and prevent them from reflecting repeatedly back and forth on the cable.

What is the primary purpose of penetration testing?

Test the effectiveness of your security perimeter.

You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix?

Test the hotfix, then apply it to all servers. In this scenario, you should test the hotfix and, following a successful test, apply the hotfix to all other servers. Applying it only to the server that was compromised will not protect other servers with the same vulnerability. A common testing strategy is to: Apply and test patches in a lab environment. Deploy patches to a set of systems, such as a single department. Deploy patches system-wide.

You are a network administrator for your company. A user calls and tells you that after stepping on the network cable in her office, that she can no longer access the network. You go to the office and see that one of the user's stiletto heels has broken and exposed some of the wires in the Cat 5 network cable. You make another cable and attach it from the wall plate to the user's computer. What should you do next in your troubleshooting strategy?

Test the solution.

4.2 You have been tasked with designing a high-speed Ethernet network. Your client's building already has 150-ohm shielded twisted pair (STP) wiring installed. Due to budget constraints, they have asked you to reuse the existing wiring instead of installing new fiber optic cabling. Which Ethernet standard could you implement in this situation?

The 1000BaseCX standard specifies 150-ohm STP cabling. The maximum cable length is 25 meters. The 10BaseFL, 1000BaseSX, 1000BaseLX, and 1000BaseZX standards employ fiber optic cabling. 1000BaseT uses Category 5 UTP instead of STP cabling.

4.2 Which Gigabit Ethernet standard uses multimode fiber optic cabling and supports network segments up to a maximum of 550 meters long?

The 1000BaseSX standard uses multimode fiber optic cable with a maximum segment length of 550 meters. However, to implement segments this long, you must use 50-micron 500MHz/km multimode fiber optic cable. Other types of cable will shorten the maximum segment length. 1000BaseFX also supports lengths up to 550 meters using multimode cable. 1000BaseFX supports distances up to 10 kilometers using single mode cable. 1000BaseZX has a maximum segment length of up to 100 km. 1000BaseCX and 1000BaseT use copper cabling instead of fiber optic.

Application Layer (7)

The Application layer integrates network functionality into the host operating system and enables communication between network clients and services. HTTP Telnet FTP TFTP SNMP

Common Internet File System

The Common Internet File System (CIFS) is the standard way that computer users share files across corporate intranets and the Internet.

5.5 If dynamic DNS is being used, which of the following events will cause a dynamic update of the host records? (Select two.)

The DHCP server renews an IP address lease. The ipconfig /registerdns command is entered on a workstation. Dynamic DNS (DDNS) enables clients or the DHCP server to update records in the zone database automatically. Dynamic updates occur when: -A network host's IP address is added, released, or changed. -The DHCP server changes or renews an IP address lease. -The client's DNS information is manually changed using the ipconfig /registerdns command.

8.3.12 You administer a web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the website as follows: IP address: 192.168.23.8 HTTP Port: 1030 SSL Port: 443 Users complain that they can't connect to the website when they type www.westsim.com. What is the most likely source of the problem

The HTTP port should be changed to 80. The default HTTP port for the web is 80. You can change the default port; however, port 80 is the default port used by web browsers to make a connection to a web server. If you change the default port, the users must specify the correct port number, or they won't be able to connect to the server.

Host-to-Host

The Host-to-Host layer is comparable to the Transport layer of the OSI model. It is responsible for error checking and reliable packet delivery. TCP/UDP User Datagram Protocol

10.2.7 Which data transmission rate is defined by the IEEE 802.11b wireless standard?

The IEEE 802.11b standard defines wireless transmission rates up to 11 Mbps. Wireless network interface cards and wireless access points (also called wireless hubs or wireless routers) will automatically negotiate the best transmission speed up to 11 Mbps based on current network traffic load and the quality of the wireless connection between the client and access point. The wireless communications are affected by distance, dense physical obstructions, and other electromagnetic interference producing devices. The IEEE 802.11a standard defines wireless transmission rates up to 2 Mbps. The IEEE 802.11g standard defines wireless transmission rates up to 56 Mbps. The IEEE 802.3 standard defines Ethernet 10baseT cable based transmissions of 10 Mbps.

4.1 A network is connected following the IEEE 802.3 specifications. Which of the following best describes when a device can transmit messages?

The IEEE 802.3 committee describes the CSMA/CD media access method. Devices listen to the network to determine if the transmission media is free before transmitting.

5.1 You have a small network connected to the internet as shown in the Exhibit. You need to configure the default gateway address on Wrk1 so that it can communicate with hosts on the internet. Which address would you use for the default gateway address?

The IP address assigned to Fa0/0 on Router1. -When assigning the default gateway address, use the address of the router interface connected to the same network that is used to reach remote networks. In this scenario, the workstation must be configured with the IP address assigned to the Fa0/0 interface on Router1. This default gateway configuration allows the workstation to communicate with hosts on the other internal subnet as well as with hosts on the network.

Internet Layer

The Internet layer is comparable to the Network layer of the OSI model. It is responsible for moving packets through a network. Address Resolution Protocol (ARP) Internet Control Message Protocol (ICMP) Internet Group Management Protocol (IGMP)

6.3 A switch receives a frame addressed to the MAC address FF:FF:FF:FF:FF:FF. What will the switch do with the frame?

The MAC address FF:FF:FF:FF:FF:FF identifies the broadcast address, meaning all hosts on the subnet. Switches forward broadcast frames out all ports except for the port on which the frame was received.

8.1.14 You are monitoring network traffic on your network, and you see traffic between two network hosts on port 2427. Which kind of network traffic uses this port?

The MGCP protocol is generating traffic, which VoIP uses to send voice data over a network. Someone on the network is using voice over IP (VoIP) to make a telephone call. Some VoIP implementations use the media gateway control protocol (MGCP) to set up, maintain, tear down, and redirect calls. MGCP uses port 2427.

Network Access Layer

The Network Access layer corresponds to the Physical and Data Link layers of the OSI model. It is responsible for describing the physical layout of the network and formatting messages on the transmission medium.

Network Layer (3)

The Network layer describes how data is routed across networks and on to the destination. IP/Packets. Router

Which of the following TCP/IP protocols do email clients use to download messages from a remote mail server?

The POP3 protocol is part of the TCP/IP protocol suite. It is used to retrieve email from a remote server to a local client over a TCP/IP connection.

Physical Layer (1)

The Physical layer of the OSI model sets standards for sending and receiving electrical signals between devices. Binary bits Modem

Presentation Layer (6)

The Presentation layer formats, or presents, data in a compatible form for receipt by the Application layer or the destination system. Encryption/Decryption ASCII

Which connector type would you most likely use to connect to a T1 WAN service?

The RJ48c connector is similar to an RJ45 connector, but has different pin-outs. RJ48c connectors are commonly used for T1 WAN connections.

You need to terminate a Cat 6 UTP cable with an RJ45 connector. Your organization's IT policy states that all cable connectors must be wired according to TIA568A standards.

The T568A wiring standard specifies the following pin-out for RJ45 connectors: Pin 1: White with green stripe Pin 2: Solid green Pin 3: White with orange stripe Pin 4: Solid blue Pin 5: White with blue stripe Pin 6: Solid orange Pin 7: White with brown stripe Pin 8: Solid brown

You want to use the T568B standard for adding connectors to your Cat5 cable. Starting with pin 1, which order should you use for the wires within the connector?

The T568B standard uses the following order of wires in the connector: white/orange, orange, white/green, blue, white/blue, green, white/brown, brown.

You need to terminate a Cat 6 UTP cable with an RJ45 connector. Your organization's IT policy states that all cable connectors must be wired according to TIA568B standards.

The T568B wiring standard specifies the following pin-out for RJ45 connectors: Pin 1: White with orange stripe Pin 2: Solid orange Pin 3: White with green stripe Pin 4: Solid blue Pin 5: White with blue stripe Pin 6: Solid green Pin 7: White with brown stripe Pin 8: Solid brown

Which of the following protocols includes extensive error checking to ensure that a transmission is sent and received without mistakes?

The TCP protocol includes error checking.

TCP Transport Control Protocol/IP Internet Protocol

The TCP/IP model incorporates the general concepts and structure of the OSI model.

Transport Layer (4)

The Transport layer provides a transition between the upper and lower layers of the OSI model, making the upper and lower layers transparent from each other. Segmentation, sequencing, and combination. Port Numbers Segments Reliable Message Delivery Flow Control

11.5.9 Your organization recently opened a branch office. You contracted with a WAN service provider to connect the branch office network to your home office network. Recently, your CEO conducted a video conference with the employees at the branch office. The employees complained that the video was choppy and the audio was frequently out of sync with the video. What is the most likely cause of this poor WAN performance?

The WAN provider is throttling bandwidth on the link. EXPLANATION In this scenario, its possible that the WAN service provider is the cause of the problem. You should check the contract with the service provider to make sure they aren't throttling the bandwidth of the WAN link. It's not uncommon for service providers to impose bandwidth or utilization caps that could be hampering communications. Because connectivity exists between the home and branch office networks in this scenario, the following are very unlikely to be the cause of the problem: A disabled WAN interface A protocol mismatch An authentication mismatch An IP address misconfiguration

5.7 Which type of address is the IP address 198.162.12.254/24?

The address 198.162.12.254 is a unicast address that identifies a single host on the 198.162.12.0 subnet.

5.7 Which type of address is the IP address 232.111.255.250?

The address 232.111.255.250 is a multicast address. A multicast address is an address that identifies a group of computers. Members of the group share the same multicast address. Multicast addresses are in the range of 224.0.0.0 to 239.255.255.255.

5.9 Which TCP/IP utility gives you the following output?

The arp -a command shows the current entries in the computer's ARP cache.

5.3 Due to widespread network expansion, you have decided to upgrade the network by configuring a DHCP server. The network uses Linux, Windows, and Mac OS X client systems. You configure the server to distribute IP addresses from 192.168.2.1 to 192.168.2.100. You use the subnet mask of 255.255.255.0. After making all setting changes on the DHCP server, you reboot each client system, but they are not able to obtain an IP address from the DHCP server. Which of the following would explain the failure?

The clients must be configured to obtain IP addressing from a DHCP server. -Once a DHCP server has been configured for the network, each client system has to be told to look for a DHCP server to obtain its IP addressing. Selecting DHCP to obtain IP addressing information is typically as easy as selecting a radio button. If the client is not set to DHCP, it will look for a statically assigned IP address.

11.5.7 Consider the network shown in the exhibit. You have been experiencing intermittent connectivity issues with switch2. To check the status of the interfaces, you run the following commands: switch2# show interfaces fa0/1 statusPort Name Status Vlan Duplex Speed TypeFa0/1 connected 3 a-half a-100 10/100BaseTX switch2# show interfaces Gi0/1 statusPort Name Status Vlan Duplex Speed TypeGi0/1 connected trunk a-full a-1000 1000BaseTX switch2# show interfaces Gi0/2 statusPort Name Status Vlan Duplex Speed TypeGi0/2 connected trunk a-full a-1000 1000BaseTX What is the issue with this network?

The device connected to the Fa0/1 interface has auto-negotiation disabled. EXPLANATION A duplex mismatch probably exists on the Fa0/1 interface. Note that duplexing has been automatically set to half, which is the default behavior for Cisco devices when auto-negotiation fails. To fix the issue, check the Gi0/1 interface on router1 to see if auto-negotiation has been disabled. You could manually configure the Fa0/1 interface on switch2 to use the same duplexing and link speed settings as the interface on the router, or you could re-enable auto-negotiation on the router interface. The Gi0/1 and Gi0/2 interfaces on switch2 appear to be functioning correctly with full duplexing and full link speed automatically configured.

5.10 You are troubleshooting a network connectivity issue on a Unix system. You are able to connect to remote systems by using their IP address, but unable to connect using the host name. You check the TCP/IP configuration and note that a DNS server IP address is configured. You decide to run some manual resolution queries to ensure that the communication between the Unix system and the DNS server are working correctly. Which utilities can you use to do this? (Choose two.)

The dig and nslookup commands allow you to perform manual DNS lookups from a Linux or Unix system. This can be very useful when you are troubleshooting name resolution issues.

Which of the following methods would you use to create a crossover cable?

The easiest way to create a crossover cable is to arrange the wires in the first connector using the T568A standard and arrange the wires in the second connector using the T568B standard. A crossover cable connects the transmit pins on one connector to the receive pins on the other connector (pin 1 to pin 3 and pin 2 to pin 6).

What are the characteristics of coaxial network cable? (Select three.)

The ends of the cable must be terminated. It has a conductor made from copper in the center of the cable. It uses two concentric metallic conductors.

Which of the following connectors usually require polishing as part of the assembly process?

The fiber optic cable assembly process is more complex than other assemblies. It is necessary to polish the exposed fiber tip to ensure that light is passed from one cable to the next with minimal dispersion.

What information does the next hop entry in a routing table identify?

The first router in the path to the destination network.

Which protocols allows hosts to exchange messages to indicate problems with packet delivery?

The internet control message protocol (ICMP) allows hosts to exchange messages to indicate a packet's status as it travels through the network.

Internet

The internet is a large world-wide public network.

You are asked to recommend an email retrieval protocol for a company's sales team. The sales team needs to access email from various locations and possibly different computers. The sales team does not want to worry about transferring email messages or files back and forth between these computers. Which email protocol is designed for this purpose?

The internet message access protocol version 4 (IMAP) is an email retrieval protocol designed to enable users to access their email from various locations without transferring messages or files back and forth between computers. Messages remain on the remote mail server and are not automatically downloaded to a client system.

5.9 Which TCP/IP utility gives you the following output?

The ipconfig command shows the computer's TCP/IP configuration information. winipcfg also shows the TCP/IP configuration, but in a Windows graphical format.

Logical Topology

The logical topology describes the way messages are sent.

Which of the following terms identifies the wiring closet in the basement or a ground floor that typically includes the demarcation point?

The main distribution frame (MDF) is the main wiring point for a building. The MDF is typically located on the bottom floor or basement. The LEC typically installs the demarc to the MDF. An intermediate distribution frame (IDF) is a smaller wiring distribution point within a building. IDFs are typically located on each floor directly above the MDF, but you can place additional IDFs on each floor as necessary.

vertical cross connect

The main or vertical cross-connect is the location where outside cables enter the building for distribution. This may include Internet and phone cabling.

4.2 You are planning a network for an educational campus. Due to the size of the buildings and the distance between them, you have elected to use 10BaseFL hubs, cabling, and network interface cards. What is the maximum length for the network cable between a workstation and a hub?

The maximum length for a 10BaseFL network segment is 2000 meters (2 km). Because a 10BaseFL network uses a physical star topology, a segment is defined as one of the arms of the star (between the hub and a host). That means the fiber optic cable between the hub and a workstation can be up to 2000 meters long. 1000BaseSX and 1000BaseLX support multimode cable up to 550 meters. 100 meters is the maximum twisted pair cable length.

3.1 NetPro Which network component connects a device to transmission media and allows the device to send and receive messages?

The network interface card (NIC) allows a device to send and receive messages over the transmission media.

You have a large TCP/IP network and want to keep a host's real time clock synchronized. What protocol should you use?

The network time protocol (NTP) lets you keep clocks synchronized.

6.4 Which of the following are true regarding using multiple VLANs on a single switch? (Select two.)

The number of collision domains remains the same. The number of broadcast domains increases.

Examine the following output: Server: to.xct.mirrorxhq.netAddress: 209.53.4.130Name: westxsim.comAddress: 64.78.193.84 Which of the following utilities produced this output?

The output is from the nslookup command on a Windows Server system. nslookup is a tool that allows you to send manual DNS resolution requests to a DNS server. The output displays the IP address and host name of the DNS server that performed the resolution, and the IP address and host name of the target specified for resolution. nslookup can be a useful tool when troubleshooting DNS name resolution problems.

5.9 Which TCP/IP utility gives you the following output?

The output of the ping command shows you the results of four echo request/reply contacts with a destination host.

5.10 Consider the following output. ;; res options: init recurs defnam dnsrch;;got answer:;;->>HEADER<<-opcode:QUERY, status; NOERROR,id:4;;flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2, ADDITIONAL:0;;QUERY SECTION:;; westsim111.com, type = A, class = IN;;ANSWER SECTION:westsim111.com. 7h33m IN A 76.141.43.129;;AUTHORITY SECTION:westsim111.com. 7h33m IN NS dns1.deriatct111.com.westsim111.com. 7h33m IN NS dns2.deriatct222.com.;;Total query time: 78 msec;;FROM: localhost.localdomain to SERVER: default -- 202.64.49.150;;WHEN: Tue Feb 16 23:21:24 2005;;MSG SIZE sent: 30 rcvd: 103 Which of the following utilities produced this output?

The output shown is from the dig command run on a Linux system. Although nslookup and dig provide some of the same information, you can tell this output came from dig because dig produces significantly more detail in its default usage.

5.9 Examine the following output: Active Connections Proto Local Address Foreign Address State TCP SERVER1:1036 localhost:4832 TIME_WAIT TCP SERVER1:4798 localhost:1032 TIME_WAIT TCP SERVER1:1258 pool-141-150-16-231.mad.east.ttr:24076 CLOSE_WAIT TCP SERVER1:2150 cpe-66-67-225-118.roc.res.rr.com:14100 ESTABLISHED TCP SERVER1:268 C872c-032.cpe.net.cale.rers.com:46360 ESTABLISHED TCP SERVER1:2995 ip68-97-96-186.ok.ok.cox.net:23135 ESTABLISHED Which of the following utilities produced this output?

The output shown is produced by the netstat command. netstat reports the TCP/IP ports open on the local system, as well as identifying the protocol and remote host connected to that port. This information can be very useful when looking for security weaknesses, as a TCP/IP port that is open to traffic unnecessarily represents a security risk.

5.9 Examine the following output. Reply from 64.78.193.84: bytes=32 time=86ms TTL=115 Reply from 64.78.193.84: bytes=32 time=43ms TTL=115 Reply from 64.78.193.84: bytes=32 time=44ms TTL=115 Reply from 64.78.193.84: bytes=32 time=47ms TTL=115 Reply from 64.78.193.84: bytes=32 time=44ms TTL=115 Reply from 64.78.193.84: bytes=32 time=44ms TTL=115 Reply from 64.78.193.84: bytes=32 time=73ms TTL=115 Reply from 64.78.193.84: bytes=32 time=46ms TTL=115 Which of the following utilities produced this output?

The output shown was produced by the ping utility. Specifically, the information output was created using theping -t command. The -t switch causes packets to be sent to the remote host continuously until stopped manually. ping is a useful tool for testing connectivity between devices on a network. Using the -t switch with ping can be useful in determining whether the network is congested, as such a condition will cause sporadic failures in the ping stream.

Physical Topology

The physical topology describes the way the network is wired.

11.2.1 Your client has acquired several small companies and would like to connect them together into one network. Not all of the routers are Cisco devices, and compatibility is a concern. Which WAN encapsulation method should you recommend your client use?

The point-to-point (PPP) protocol is not proprietary. For this reason, it is the best choice for connecting dissimilar vendor devices. Cisco HDLC is the default serial encapsulation method, but it is only supported on Cisco devices. PAP is a PPP authentication protocol. Ethernet is not a WAN protocol.

3.3 You are the network administrator for a small organization. Recently, you contracted with an ISP to connect your organization's network to the internet to provide users with internet access. Since doing so, it has come to your attention that an intruder has invaded your network from the internet on three separate occasions. What type of network hardware should you implement to prevent this from happening again?

The role of a firewall is to provide a barrier between an organization's network and a public network, such as the internet. Its job is to prevent unauthorized access into the organization's private network. To do this, the firewall examines incoming packets and determines whether they should be allowed to enter based on a set of rules defined by the network administrator.

Intermediate Distribution Frame IDF

The room where all the horizontal runs from all the work areas on a given floor in a building come together.

Mail Delivery Agent

The service that downloads email from a mail transfer agent.

Which TCP/IP protocol will enable message exchange between systems?

The simple mail transfer protocol (SMTP) specifies how messages are exchanged between email servers. Email clients use POP3 and IMAP4 to download email messages from email servers.

You have a network configured to use the OSPF routing protocol. Which of the following describes the state when all OSPF routers have learned about all other routes in the network?

The term "convergence" is used to describe the condition when all routers have the same (or correct) routing information. Convergence requires some time, but once it is reached, it means that any router has learned about all other networks that are being advertised (or shared) on the network.

10.7.12 A user calls to report that she is experiencing intermittent problems while accessing the wireless network from her laptop computer. While talking to her, you discover that she is trying to work from the coffee room two floors above the floor where she normally works. What is the most likely cause of her connectivity problem?

The user is out of the effective range of the wireless access point on her floor. EXPLANATION Because the user is only experiencing intermittent problems, the most likely cause is that she is out of the effective range of the wireless network access point. All of the other answers listed may be appropriate if the user was unable to connect to the network at all. However, as the user is experiencing only intermittent problems, none of the other answers is likely to cure the problem.

You are monitoring network traffic on your network. You see a large amount of traffic between a Windows workstation and a Windows server on the following ports: 137 138 139 What is the source of this network traffic?

The workstation is using NetBIOS to access shared resources on the server.

6.7.5 While viewing the status of the interfaces on a Cisco switch, you see an abnormally large number of oversized Ethernet frames being received on one interface. This interface is connected to a workstation located on the second floor. What could cause this to happen?

The workstation's network board is jabbering. Frames that are too long are typically caused by a faulty network card that jabbers (constantly sending garbage data).

11.5.8 Your organization recently opened a branch office in a remote area. Because of its location, traditional WAN connectivity was not available, so you contracted with a satellite provider to connect the branch office network to your home office network. Recently, your CEO conducted a video conference with the employees at the branch office. The employees complained that the video was choppy and the audio was frequently out of sync with the video. What is the most likely cause of this poor WAN performance?

There is latency on the WAN link. EXPLANATION In this scenario, its very likely that the satellite link itself is the cause of the problem. Because the radio signals used by satellite links must travel thousands of miles into space and back, several milliseconds of latency are introduced. For some types of network communications, such as saving a file or sending an email, this latency is not a problem. However, for time-sensitive communications such as a video conference, the latency inherent in the satellite link can cause poor network performance. Because connectivity exists between the home and branch office networks, the following are very unlikely to be the cause of the problem: A disabled WAN interface A protocol mismatch An authentication mismatch An IP address misconfiguration

10.4.1 What is the risk associated with smart technology used in networked devices such as smart refrigerators, environmental controls, or industrial equipment?

They are vulnerable to exploits due to weaker security. Devices with embedded smart technology are not designed to be customized or directly configured by system administrators. For example, you cannot install anti-malware software on a smart TV. Because of this weaker security, smart technology devices are vulnerable to exploits and attacks.

RG58

Thinnet 50 Ohms resistance

You've connected a cable certifier to an RJ45 wall jack, and the output shown below is displayed on the device. What does this output indicate? (Select two.)

This is a crossover cable. The cable is functioning correctly. In this example, the cable being tested is a correctly wired crossover cable. Output with x characters between pins indicates that they are shorted. Straight-through connections are displayed using - characters in the output of the cable certifier. Open connections are displayed with no characters or lines between the pin numbers.

13.5.8 When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identity to the target system?

Ticket

11.3.13 Which of the following technologies does GSM use to allow multiple connections on the same frequency?

Time division multiple access EXPLANATION GSM uses time division multiple access (TDMA) to allow multiple connections on the same frequency. Code division multiple access (CDMA) is not used by GSM, but it is the technology used by most mobile service providers in the United States. Multiple-input and multiple-output (MIMO) is a method for increasing data throughput and link range. Frequency division multiplexing (FDMA) is used primarily for satellite communications.

10.4.9 You are building a wireless network within and between two buildings. The buildings are separated by more than 3000 feet. The wireless network should meet the following requirements: Wireless data within Building 1 should be protected with the highest degree of security. Wireless data within Building 2 should be accessible and permitted by any wireless client. Wireless signals between Buildings 1 and 2 should be protected with the highest degree of security. Wireless signals within Buildings 1 and 2 should cover the whole structure, but not extend to the outside. For each location on the image below, you need to select the following: Antenna option Security option Drag the items from the list on the left to the location identifier on the right. Items may be used more than once. Not all items will be used.

To answer this question correctly, you should choose the following: Building 1 - Location A = Right-facing directional antenna, WPA2- CCMP Building 1 - Location B = Omni-directional antenna, WPA2- CCMP Building 1 - Location C = Left-facing directional antenna, WPA2- CCMP Building 1 - Location D = Right-facing parabolic antenna, WPA2- CCMP Building 2 - Location A = Omni-directional antenna, WEP with open authentication Building 2 - Location B = Left-facing parabolic antenna, WPA2- CCMP Be aware of the following types of security: Wired Equivalent Privacy (WEP) is an optional component of the 802.11 specifications, but is easily broken. When using WEP, use open authentication. Wi-Fi Protected Access 2 (WPA2) resolves the weaknesses inherent in WEP. WPA2 uses counter mode with the CBC-MAC protocol (CCMP), also known as AES-CCMP. *Note that WPA2 does not use TKIP.*

6.3 You need to configure the FastEthernet 0/1 interface on a switch to automatically detect the appropriate link speed and duplex setting by negotiating with the device connected to the other end of the link. Drag the command on the left to the appropriate configuration step on the right. It is possible that not all of the commands are required.

To complete the requirements of this scenario, you need to use the following commands: Enter global configuration mode: conf t Enter interface configuration mode: int fa0/1 Configure the interface to automatically detect the line speed: speed auto Configure the interface to automatically detect duplex settings: duplex auto

10.4.10 What purposes does a wireless site survey fulfill? (Choose two.)

To identify existing or potential sources of interference. To identify the coverage area and preferred placement of access points.

5.10 You need to perform a reverse lookup of the 10.0.0.3 IP address. Which command can you use to accomplish this? (Select two. Each response is a complete solution.)

To perform a reverse lookup of the 10.0.0.3 IP address, use either of the following commands: dig -x 10.0.0.3 nslookup 10.0.0.3

3.3 Which of the following is a good reason to install a firewall?

To prevent hackers from accessing your network. Firewalls prevent unauthorized users from accessing private networks connected to the internet. You should never allow public access to your DHCP server

Why should you store backup media off site?

To prevent the same disaster from affecting both the network and the backup media. EXPLANATION Backup media should be stored off site to prevent the same disaster from affecting the network and the backup media. If your primary facility is destroyed by fire, your only hope of recovery is off site data storage. Off site storage does not significantly reduce the possibility of media theft because it can be stolen while in transit or at your storage location. Off site storage is not a government regulation. Off site storage does not make the restoration process more efficient because additional time is spent retrieving backup media from its off site storage location.

13.5.14 Which of the following is an example of three-factor authentication?

Token device, keystroke analysis, cognitive question Three-factor authentication uses three items for authentication, one each from each of the authentication types: Type I (something you know, such as a password, PIN, passphrase, or cognitive question) Type II (something you have, such as a smart card, token device, or photo ID) Type III (something you are, such as fingerprints, retina scans, voice recognition, or keyboard dynamics)

Topology

Topology is the term used to describe how devices are connected and how messages flow from device to device.

12.2.5 Purchasing insurance is what type of response to risk?

Transference EXPLANATION An organization can transfer risk through the purchase of insurance. When calculating the cost of insurance and the deductible, balance the cost against the expected loss from the incident.

TCP

Transmission Control Protocol

TCP

Transmission Control Protocol - provides reliable, ordered, and error-checked delivery of a stream of packets on the internet. TCP is tightly linked with IP and usually seen as TCP/IP in writing.

13.7.12 Which of the following protocols encrypts data and is a newer version of the Secure Socket Layer (SSL) protocol?

Transport TLS ensures that messages being transmitted on the internet are private and tamper proof. TLS is a new version of SSL and is used to increase security by encrypting data using public key cryptography. TLS is implemented through two protocols: TLS record can provide connection security with encryption (with DES for example). TLS handshake provides mutual authentication and choice of encryption method. Layer Protocol (TLS) DMVPN allows more than one connection through a VPN. Its infrastructure consists of a hub with multiple spokes that connect to reach the company site. The spokes also have the ability to communicate with one another via a dynamic IPsec VPN tunnel. GRE is a tunneling protocol that was developed by Cisco. GRE can be used to route any Layer 3 protocol across an IP network. GRE creates a tunnel between two routers, encapsulates packets by adding a GRE header and a new IP header to the original packet, does not offer any type of encryption, and can be paired with other protocols, such as IPsec or PPTP, to create a secure VPN connection. IPsec provides authentication and encryption, and it can be used in conjunction with L2TP or by itself as a VPN solution, but is not a newer version of SSL.

13.6.5 Which security protocols use RSA encryption to secure communications over an untrusted network? (Select two.)

Transport layer security Secure sockets layer EXPLANATION Transport layer security (TLS) and its predecessor secure sockets layer (SSL) are cryptographic protocols that secure communications over untrusted IP networks such as the internet using RSA encryption. They use asymmetric cryptography to first verify the identity of both communicating parties and then to exchange a symmetric encryption key. This symmetric key is then used to encrypt data being sent between both hosts. The point-to-point tunneling protocol (PPTP) does not provide an encryption mechanism and must be used with other protocols to secure communications

13.3.5 Which option is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously?

Trojan horse A Trojan horse is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously. Trojan horses are very common on the internet. To keep your systems secure and free from such malicious code, you need to take extreme caution when downloading any type of file from just about any site on the internet. If you don't fully trust the site or service that is offering a file, don't download it.

The UDP transport protocol provides which of the following features? (Select all that apply.)

UDP is a connectionless protocol used by applications that need low overhead and do not require guaranteed delivery.

12.2.2 What is the greatest threat to theft of data in most secure organizations?

USB devices EXPLANATION The greatest threat to the confidentiality of data in most secure organizations is portable devices (including USB devices). There are so many devices that can support file storage that stealing data has become easy, and preventing data is very difficult.

4.4 During a network infrastructure upgrade, you have replaced two 10 Mbps hubs with switches and upgraded from Category 3 UTP cable to Category 5e. During the process, you accidentally cut the Cat 5e patch cable that stretches from the network printer to the upgraded switch. What is the impact on the network?

UTP cable and switches are associated with a star network topology. In a star topology, each device is attached to the network using its own patch cable. If the cable were to fail for any reason, only the device connected by that cable would be unavailable.

UTP

UTP stands for unshielded twisted pair. UTP cables are easy to work with and less expensive than shielded cables.

9.2.6 Upper management has asked you if there is a way to integrate phone calls, emails, and instant messaging into a single platform. Which of the following systems should you recommend?

Unified communication EXPLANATION Unified communications (UC) integrates multiple types of communications into a single system. UC systems can integrate the following real-time communications: Voice calls Audio conferencing Video conferencing (VTC) Desktop sharing Instant messaging UC systems can also provide non-real-time communication integration, including: Texting Voicemail Email Faxing Voice over IP only provides voice calling integration with an IP network. Quality of Service is used to ensure that voice data is given higher priority on the network. The PSTN is the traditional method used for phone calls.

13.3.11 If your anti-virus software does not detect and remove a virus, what should you try first?

Update your virus detection software.

5.6 You manage a network with two locations, Portland and Seattle. Both locations are connected to the internet. All computers in both locations are configured to use IPv6. You would like to implement an IPv6 solution to meet the following requirements: Hosts in each location should be able to use IPv6 to communicate with hosts in the other location through the IPv4 internet. You want to use a site-to-site tunneling method instead of a host-to-host tunneling method. Which IPv6 solution should you use?

Use 6to4 tunneling to create a router-to-router tunnel between two sites through an IPv4 network. Use Teredo on two hosts separated by symmetric NAT to configure host-to-host tunneling. Use the intra-site automatic tunnel addressing protocol (ISATAP) to enable IPv6 hosts to communicate over a private IPv4 network within a site; ISATAP does not work between sites.

5.3 Which of the following strategies are used to prevent duplicate IP addresses being used on a network? (Select two.)

Use Automatic Private IP Addressing. Install a DHCP server on the network. -To avoid duplicate IP addresses being used by network systems, automatic IP assignment is used. Both the DHCP service and APIPA can automatically assign addresses to client systems.

You are troubleshooting a connectivity problem in which one client system is unable to connect to a server. Both the server and client system are connected to the same Ethernet network switch. No other users have complained of a problem, and you suspect that faulty network cabling might be to blame. Which of the following troubleshooting steps are you most likely to perform first?

Use a cable tester to test the cable between the computer system and the network switch.

4.3 You want to connect the LAN port on a router to the uplink port on a switch. The switch does not support auto-MDI. Which type of cable should you use?

Use a crossover cable to connect a workstation or a router to the uplink port on a switch. Use a straight-through cable to connect the router to a regular switch port. Use a rollover cable to connect a workstation to the console port of a router. Use a loopback plug to allow a device to communicate with itself through its own network adapter.

4.3 You need to transfer data from one laptop to another, and you would like to use an Ethernet cable. You do not have a hub or a switch. Which type of cable should you use?

Use a crossover cable to connect two devices together in a back-to-back configuration.

4.3 You need to connect two switches using their uplink ports. The switches do not support auto-MDI.

Use a crossover cable to connect two switches through their uplink ports or to connect two switches through regular ports. Use a straight-through cable to connect the uplink port on one switch to a regular port on another switch. Use a rollover cable to connect a workstation to the console port of the switch. Use a loopback plug connected to a single port for troubleshooting.

10.7.13 While configuring a new 802.11g wireless network, you discover another wireless network within range that uses the same channel ID that you intend to use. Which of the following strategies are you most likely to adopt in order to avoid a conflict between the networks?

Use a different channel ID. EXPLANATION Overlapping wireless networks should use different channels to ensure that they do not conflict with each other. Even though you should use a different SSID anyway, you would also need to configure a different channel for each of the wireless networks. Using 802.11b instead of 802.11g would not avoid a conflict between the networks and would limit the speed of the wireless network to 11Mbps as opposed to 54Mbps available with 802.11g. Using Wired Equivalent Privacy (WEP) is a prudent security measure; however, it does not prevent the conflicts that can occur with overlapping wireless networks that use the same channel ID.

3.1 You have a server that has a 100BaseFX network interface card that you need to connect to a switch. The switch only has 100BaseTX switch ports. Which device should you use?

Use a media converter to convert from one media type to another media type within the same architecture. Use a bridge to connect two devices that use different network architectures. A hub or a repeater connects devices using the same media type.

You are working with 25 pair wires and 66 blocks. You have pushed the wires onto the 66 block, but now you need to cut off the excess end of each wire.

Use a punch down tool to push wires into 66 or 110 blocks and cut wires at the same time. The punch down tool has a blade on one side that cuts off the excess wires.

4.3 You have purchased a new router that you need to configure. You need to connect a workstation to the router's console port to complete the configuration tasks. Which type of cable would you most likely use?

Use a rollover cable to connect a workstation to the console port of a router or a switch. The rollover cable has an RJ45 connector on one end to connect to the console port. The other end has a serial connector to connect to the serial port of the workstation. You then run a terminal emulation program on the workstation to connect to the console of the router or switch to perform configuration and management tasks.

12.1.14 You manage a network with a single switch. All hosts connect to the network through the switch. You want to increase the security of devices that are part of the accounting department. You want to make sure that broadcast traffic sent by accounting computers is only received by other accounting computers, and you want to implement ACLs to control traffic sent to and between accounting computers through the network. Which of the following is the BEST solution?

Use a router to configure a subnet for the accounting computers. EXPLANATION To separate broadcast traffic and filter network traffic with access control lists (ACLs), use a router to create an additional subnet for the accounting computers. You could use a VLAN to separate broadcast traffic for the accounting computers, but the ACL, would not be able to filter traffic within the VLAN. Use network access control (NAC) to allow only devices that meet specific health requirements (such as having anti-virus or patches) to connect to the network. Use MAC filtering on a switch to allow or deny access through the switch based on the connecting device's MAC address.

4.3 You need to connect a workstation to a switch using a regular port on the switch (not an uplink port). The switch does not support auto-MDI. Which type of cable should you use?

Use a straight-through cable to connect a workstation or router to a regular switch port. Use a crossover cable to connect the workstation to the uplink port. Use a rollover cable to connect the workstation to the console port of the switch. Use a loopback plug to allow a workstation to communicate with itself through its own network adapter.

13.4.8 You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card for entry. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with the username admin and the password password. What should you do to increase the security of this device?

Use a stronger administrative password.

You have just been hired as a network administrator. A user has just changed offices and needs you to activate the network and telephone connections in his office. However, the wiring at the punch down block is labeled poorly, and you are unable to tell which wires go to the user's office. What should you do?

Use a tone generator to locate the correct wiring.

You have just signed up for a broadband home internet service that uses coaxial cable. Which connector type will you most likely use?

Use an F-type connector for broadband cable connections that use coaxial cable.

13.1.12 Five salesmen who work out of your office. They frequently leave their laptops laying on the desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best way to address your concerns?

Use cable locks to chain the laptops to the desks.

5.10 Mary calls to tell you that she can't connect to an intranet server called WebSrv1. From her computer, you ping the server's IP address. The ping test is successful. Which tool would you use on her workstation next to troubleshoot the problem?

Use nslookup to troubleshoot name resolution problems. Because the ping test was successful, you know that both the client and the server can communicate using TCP/IP with IP addresses. This tells you that the problem is related to name resolution.

5.9 Which of the following tools would you use to view the MAC addresses associated with IP addresses that the local workstation has contacted recently?

Use the arp command to view the MAC addresses associated with IP addresses that the local workstation has contacted recently. When a workstation uses ARP to find the MAC address of an IP address, it places that information in its ARP table.

5.9 You are troubleshooting a connectivity problem on a Linux server. You are able to connect to another system on the local network, but are not able to connect to a server on a remote network. You suspect that the default gateway information for the system may be configured incorrectly. Which of the following commands would you use to view the default gateway information on the Linux server?

Use the ifconfig command on systems running Linux to view information on the TCP/IP configuration of network adapters.

5.8 Your office has both Windows and Linux computers. You want to be able to view the address of the default gateway that a computer is using. Which of the following utilities could you use? (Select two.)

Use the ipconfig command on Windows or the route command on Linux to view the default gateway. The ipconfig command will also show the IP configuration for network interfaces, including the IP address, subnet mask, and DNS server addresses being used by a Windows computer.

5.9 You have been called in to troubleshoot a connectivity problem on a newly installed Windows Server 2016 system. The system is operating satisfactorily and is able to communicate with other systems on the local network. However it is unable to access any systems on other segments of the corporate network. You suspect that the default gateway parameter for the system has not been configured, or may be configured incorrectly. Which of the following utilities are you most likely to use to view the default gateway information for the system?

Use the ipconfig utility to view the TCP/IP configuration of a Windows Server 2003 system. The information displayed by ipconfig includes default gateway information.

5.9 Your computer is sharing information with a remote computer using the TCP/IP protocol. Suddenly, the connection stops working and appears to hang. Which command can you use to check the connection?

Use the netstat command to check the status of a TCP connection.

MTRJ Connector

Used with single-mode and multi-mode cabling. Composed of a plastic connector with a locking tab. Uses metal guide pins to ensure that it is properly aligned. A single connector with one end holds both cables. Uses a ceramic ferrule to ensure proper core alignment and prevent light ray deflection.

UDP

User Datagram Protocol

UDP

User Datagram Protocol. Used instead of TCP when guaranteed delivery of each packet is not necessary. UDP uses a best-effort delivery mechanism.

12.3.12 You have installed anti-virus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the computer's user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should you add to your security measures to help prevent this from happening again?

User awareness training EXPLANATION Many anti-virus prevention measures are ineffective if users take actions that put their computers at risk (such as downloading and running files or copying unscanned files to their computers). If users are educated about malware and about the dangers of downloading software, the overall security of the environment improves. A proxy server controls access to the internet based on username, URL, or other criteria. Account lockout helps prevent attackers from guessing passwords. Firewall ports might be used by some malware, but will not prevent malware introduced by downloading and installing a file.

11.2.3 Which of the following statements about the functionality of LCP are true? (Select three.)

Usernames and passwords may be required during the handshake. Data can be compressed at the source and decompressed at the destination. LCP provides multilink support. EXPLANATION The link control protocol (LCP) is a sublayer within the PPP protocol stack. LCP options provide authentication, compression, error detection, and multilink functionality. Multiple protocols are encapsulated in PPP by NCP. LCP is not a Layer 3 protocol, so it does not provide logical addressing. Remote terminal access is a function of the X.25 protocol.

13.7.8 Which of the following statements about SSL VPN are true? (Select two.)

Uses port 443. Encrypts the entire communication session. EXPLANATION SSL VPN uses the SSL protocol to secure communications. SSL VPN: Authenticates the server to the client using public key cryptography and digital certificates. Encrypts the entire communication session. Uses port 443, which is already open on most firewalls.

6.4 You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. Which of the following should you use in this situation?

VLAN

6.4 Your company is a small start-up that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?

VLAN

6.7.3 You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?

VLAN

Your company is a small start-up that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?

VLAN EXPLANATION Define virtual LANs (VLANs) on the switch. A port on the switch is associated with a VLAN. Only devices connected to ports that are members of the same VLAN can communicate with each other. Routers are used to allow communication between VLANs if necessary. Use virtual private network (VPN) to securely connect two hosts through an unsecured network (such as the internet). VPN tunneling protocols protect data as it travels through the unsecured network. Spanning tree is a switch feature that allows redundant paths between switches. Port security is a method of requiring authentication before a network connection is allowed.

6.7.1 You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access. Which feature should you implement?

VLANs

13.7.1 A group of salesmen in your organization would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?

VPN concentrator EXPLANATION With a remote access VPN, a server on the edge of a network (called a VPN concentrator) is configured to accept VPN connections from individual hosts. Hosts that are allowed to connect using the VPN connection are granted access to resources on the VPN server or the private network.

13.1.9 Which of the following CCTV camera types lets zoom the focus in and out?

Varifocal EXPLANATION A varifocal camera lens lets you adjust the focus (zoom). A fixed lens camera has a set focal length. Infrared cameras can record images in little or no light. A c-mount camera has interchangeable lenses and is typically rectangular in shape. You can change the focal length of a c-mount camera by changing the lens, but you can't zoom the focus unless the lens is a varifocal lens.

8.1.3 Which of the following are true of a circuit proxy filter firewall? (Select two.)

Verifies sequencing of session packets. Operates at the Session layer.

12.3.8 Your organization entered into an interoperability agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase? (Select two.)

Verify compliance with the IA documents. Conduct periodic vulnerability assessments. EXPLANATION During the ongoing operations phase of the relationship, you should: Regularly verify compliance with the IA documents. Conduct periodic vulnerability assessments to verify that the network interconnections created by the relationship have not exposed or created security weaknesses. BPO negotiations and MOU drafting should have taken place during the onboarding phase of the relationship. User and group accounts should have been disabled during the off-boarding phase.

13.2.5 You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you need enter your username and password at a new website so you can manage your email and spam using the new service. What should you do?

Verify that the email was sent by the administrator and that this new service is legitimate.

9.4.1 You have configured a virtual network that includes the following virtual components: Four virtual machines (Virtual OS1, Virtual OS2, etc.) One virtual switch The virtual switch is connected to a physical network to allow the virtual machines to communicate with the physical machines out on the physical network. Given the port configuration for the virtual switch and the physical switch in the table below, click on all of the virtual and physical machines that Virtual OS1 can communicate with.

Virtual OS1 can communicate with the following machines: Virtual OS2 Virtual OS3 The virtual switch port configuration allows these three virtual machines to communicate as if the machines were part of a real physical network. Virtualized networks allow virtual servers and desktops to communicate with each other and can also allow communication with network devices out on the physical network via the host operating system. Virtual networks typically include the following components: Virtual switches allow multiple virtual servers and/or desktops to communicate on virtual network segments and/or the physical network. Virtual switches are often configured in the hypervisor. Virtual network adapters are created and assigned to a desktop or server in the hypervisor. Multiple network adapters can be assigned to a single virtual machine. Each network adapter has its own MAC address. Each network adapter is configured to connect to only one network at a time (meaning a virtual network or the physical network, but not both). Virtual OS4 and all of the other Physical OS machines are configured to communicate on the physical network.

12.1.13 Which of the following terms describes a test lab environment that does not require the use of physical hardware?

Virtual sandbox EXPLANATION A virtual sandbox is a virtual environment that can be used to test new deployments and software updates without affecting the production environment. Offsite virtual storage is used to store files and documents on a remote network. Network as a service (NaaS) is a network implementation contracted by a third party. NaaS virtualizes the entire network infrastructure of a production environment. Switches use VLANs to create separate logical LANs.

9.4.2 You need to provide DHCP and file share services to a physical network. These services should be deployed using virtualization. Which type of virtualization should you implement?

Virtual servers EXPLANATION Server virtualization runs multiple instances of a server operating system on a single physical computer. With server virtualization, you can migrate servers on older hardware to newer computers or add virtual servers to computers with extra unused hardware resources. Virtual desktops do not provide DHCP services. Virtual networks allow virtual servers and desktops to communicate with each other, and they can also allow communication with network devices out on the physical network via the host operating system. Network as a service (NaaS) servers and desktops that are all virtualized and managed by a contracted third party.

9.3.3 Which component is most likely to allow physical and virtual machines to communicate with each other?

Virtual switch Virtual switches allow multiple virtual servers and/or desktops to communicate on virtual network segments and/or the physical network. Virtual switches are often configured in the hypervisor. A virtual hard disk (VHD) is a file that is created within the host operating system and simulates a hard disk for the virtual machine. A physical machine (also known as the host operating system) has the actual hardware in place on the machine, such as the hard disk drive(s), optical drive, RAM, motherboard, etc. A virtual desktop is a virtual machine in a software implementation of a computer that executes programs like a physical machine.

6.4 You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access. Which feature should you implement?

Vlans

6.4 You need to keep users in all other departments from accessing the servers used by the finance department. Which of the following technologies should you use to logically isolate the network?

Vlans

9.2.1 Which VoIP device helps establish the connection between two VoIP phones?

VoIP server A VoIP server helps establish the connection between two VoIP phones. Once the connection is established, the two phones communicate directly with each other.

10.6.2 Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?

WEP, WPA Personal, and WPA2 Personal Shared key authentication can be used with WEP, WPA, and WPA2. Shared key authentication used with WPA and WPA2 is often called WPA Personal or WPA2 Personal. WPA Enterprise and WPA2 Enterprise use 802.1x for authentication. 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients.

A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The next hop router for network 192.168.3.0 has changed. You need to make the change with the least amount of effort possible. What should you do?

Wait for convergence to take place.

WDM

Wave Division Multiplexing (WDM) joins several light wavelengths (colors) onto a single strand of fiber. 160 signals 16tbps

8.1.13 You are configuring a firewall to allow access to a server hosted on the demilitarized zone of your network. You open TCP/IP ports 80, 25, 110, and 143. Assuming that no other ports on the firewall need to be configured to provide access, which applications are most likely to be hosted on the server?

Web server and email server TCP/IP port 80 is associated with accessing web pages from a web server using the hypertext transfer protocol (HTTP). Email can be accessed using a number of protocols, including the simple mail transfer protocol (SMTP), the post office protocol version 3 (POP3) and the internet message access protocol version 4 (IMAP4). SMTP uses TCP/IP port 25, while POP3 uses TCP/IP port 110, and IMAP4 uses TCP/IP port 143.

Which protocol is used on the World Wide Web to transmit web pages to web browsers?

Web servers and browsers use or hypertext transfer protocol (HTTP) , to transmit web pages on the internet. This protocol is often confused with hypertext markup language (HTML), which is used to create web content.

12.2.12 You manage a website for your company. The website uses three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply. Considering the availability of your website, which component represents a single point of failure?

Website storage EXPLANATION In this scenario, the shared storage is a single point of failure. A single point of failure means that failure in one component will cause the entire website to become unavailable. If the storage unit fails, then the website content will be unavailable. Failure in a single network card, power supply, or even in a single server will not make the website unavailable. Any of these failures will take one server offline. But because of the server cluster, other servers will still be available to process incoming requests.

13.2.10 A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario?

Whaling Whaling is a form of a social engineering attack that targets senior executives and high-profile victims. Social engineering is an attack that exploits human nature by convincing someone to reveal information or perform an activity.

10.4.8 You have been hired to design a wireless network for a SOHO environment. You are currently in the process of gathering network requirements from management. Which of the following questions should you ask? (Select three.)

What type of data will be transmitted on the network? Is the size of the business expected to grow in the future? How many devices will need to be supported? The first thing you do when designing a wireless network is gather network requirements. Meet with all stakeholders and decision-makers to discuss the implementations and gather detailed information. For example, you should: -Identify the intended use of the wireless network. -Identify the location of wireless service areas. -Anticipate the number of wireless devices that need to be supported in each area. -Discuss future network needs so that you can plan for expansion. -Discuss data encryption and network security requirements. -Mounting points or sources of interference should be considered in the network design phase, after all requirements have been gathered.

Consider the 850 nm multimode fiber optic cable shown below connected at 200m. How much loss can you expect between the transmitter and the receiver?

When calculating a loss budget for a segment of fiber optic cable, use the following guidelines: -Connectors = 0.3 dB loss each -Splices = 0.3 dB loss each -Multimode cabling = 3 dB loss per 1000 meters (850 nm) or 1 dB loss per 1000 meters (1300 nm) -Single mode cabling = 0.5 dB loss per 1000 meters (1310 nm) or 0.4 dB loss per 1000 meters (1550 nm)

9.2.4 When would you consider changing the codec used in your VoIP system? (Select two.)

When sound quality is poor. When VoIP data consumes too large a portion of your network bandwidth. A special algorithm called a codec compresses VoIP data to reduce bandwidth consumption. A codec determines the sound quality of the VoIP call and the amount of bandwidth that it will require. A more efficient codec can better compress VoIP data so that it will not consume as much bandwidth. Often, better compression will reduce the sound quality of VoIP calls. Conversely, a codec can preserve sound quality at the cost of using more bandwidth. A good codec can preserve sound quality and reduce bandwidth consumption.

4.3 You want to create a rollover cable that has an RJ45 connector on both ends. How should you connect the wires within the connectors?

When terminated with an RJ45 connector on both ends, the wires within the connectors are rolled over to the opposite connector as follows: Pin 1 connects to pin 8 Pin 2 connects to pin 7 Pin 3 connects to pin 6 Pin 4 connects to pin 5 A crossover cable uses the T568A standard on one end and the T568B standard on the other end. The crossover cable connects pin 1 to pin 3 and pin 2 to pin 6. Connecting each pin to the same pin on the other end creates a straight-through cable.

12.2.7 When is choosing to do nothing about an identified risk acceptable?

When the cost of protecting the asset is greater than the potential loss. EXPLANATION You might choose to accept a risk and do nothing if the cost associated with a threat is acceptable or if the cost of protecting the asset from the threat is unacceptable. For example, if the cost of protecting the asset is greater than the cost associated with the threat, you would decide to accept the potential loss rather than spend money to protect the asset. In this case, you would plan for how to recover from the threat, but not implement any measures to avoid it. An intangible asset is a resource that has value and may be saleable even though it is not physical or material. While assigning a value to intangible assets can be difficult, this does not mean that they cannot or should not be protected. The likely frequency of a threat occurring affects the annual loss expectancy, which will also affect the comparison of the cost of countermeasures to the cost associated with a successful attack, but does not immediately rule out implementing countermeasures.

Which of the following describes the point where the service provider's responsibility to install and maintain wiring and equipment ends, and the customer's responsibility begins?

When you contract with a local exchange carrier (LEC) for data or telephone services, they install a physical cable and a termination jack onto your premises. The demarcation point (demarc) is the line that marks the boundary between the telco equipment and the private network or telephone system. Typically, the LEC is responsible for all equipment on one side of the demarc, and the customer is responsible for all equipment on the other side of the demarc.

LEC

When you contract with a local exchange carrier (LEC) for data, internet, or telephone services, they install a physical cable and a termination jack onto your premises.

LEC

When you contract with a local exchange carrier LEC for data, internet, or telephone services, they install a physical cable and a termination jack onto your premises.

Which recommendation should you follow while using 110 blocks for connecting Cat 5 and higher data cables?

While using Cat5 (or higher) wiring, preserve the twists in each wire pair to within one-half of an inch of the connecting block.

Drag each penetration test characteristic on the left to the appropriate penetration test name on the right.

White box test The tester has detailed information about the target system prior to starting the test. Grey box test The tester has the same amount of information that would be available to a typical insider in the organization. Black box test The tester has no prior knowledge of the target system. Single-blind test Either the attacker has prior knowledge about the target system or the administrator knows that the test is being performed. Double-blind test The tester does not have prior information about the system, and the administrator has no knowledge that the test is being performed. Penetration testing is classified by the knowledge that the attacker and system personnel have prior to the attack. In a black box test, the tester has no prior knowledge of the target system. In a white box test, the tester has detailed information prior to starting the test. In a grey box test, the tester has the same amount of information that would be available to a typical insider in the organization. In a single-blind test, one side has advanced knowledge; either the attacker has prior knowledge about the target system or the defender has knowledge about the impending attack. In a double-blind test, the penetration tester does not have prior information about the system, and the network administrator has no knowledge that the test is being performed. A double-blind test provides more accurate information about the security of the system.

You want to use the T568A standard to add connectors to your Cat5 cable. Starting with pin 1, which order should you use for the wires within the connector?

White/green, green, white/orange, blue, white/blue, orange, white/brown, brown

10.6.5 Which of the following provides security for wireless networks?

Wi-Fi protected access (WPA) provides encryption and user authentication for wireless networks. Wired equivalent privacy (WEP) also provides security, but WPA is considered more secure than WEP.

11.3.12 Which of the following forms of networking are highly susceptible to eavesdropping and must be secured accordingly?

Wireless EXPLANATION All forms of networking are potentially vulnerable to eavesdropping. Wireless networks by definition broadcast network transmissions openly and therefore can be detected by outsiders. For this reason, wireless networks should maintain data encryption to minimize the risk of transmitting information to unintended recipients. Other forms of networking, while potentially susceptible to eavesdropping, cannot be detected as readily as wireless.

12.1.6 Which of the following documents would likely identify that drop cables on your network use the T568A standard?

Wiring schematic EXPLANATION A wiring schematic is a type of network diagram that focuses on the physical connections between devices. In this example, the wiring schematic would include the pin connector standard to use. This information might also be included in a procedure document. A procedure is a step-by-step process that outlines how to implement a specific action. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. In this example, the policy might state that a consistent wiring scheme should be used, but that scheme would be detailed in the procedure document or a wiring schematic. A network diagram shows the logical and/or physical layout of your network. Change or history documentation keeps track of changes to the configuration of a device or the network. A baseline is a snapshot of the network or device performance statistics.

12.1.2 Which type of documentation would you consult to find the location of RJ45 wall jacks and their endpoints in the intermediate distribution closet?

Wiring schematic EXPLANATION A wiring schematic is a type of network diagram that focuses on the physical connections between devices. The wiring diagram typically shows: The location of drop cables and ports within offices or cubicles. The path that wires take between wiring closets and offices. A labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations. A baseline is a record that shows normal network statistics. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but go beyond the policy by identifying specific steps that are to be implemented.

12.1.5 You are troubleshooting the connection of a computer in an office to the punch down block in the distribution closet. Which document would you consult to identify the termination of the cable on the punch down block based on the wall jack location in the office?

Wiring schematic EXPLANATION A wiring schematic is a type of network diagram that focuses on the physical connections between devices. The wiring diagram typically shows: The location of drop cables and ports within offices or cubicles. The path that wires take between wiring closets and offices. A labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations. A logical network diagram shows the relationship of devices on the network, but often does not include specific details, such as the wall jacks and punch down locations for drop cables. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but goes beyond the policy by identifying specific steps that are to be implemented.

12.1.8 You are troubleshooting a workstation connection to the network. During your troubleshooting, you move the cable in the wiring closet to a different port on the patch panel. Which type of document should you update?

Wiring schematic EXPLANATION In this scenario, you have modified the wiring by moving the cable from one patch panel port to another. This type of information is typically included in a wiring schematic. A logical network diagram shows the relationship of devices, but would not typically include details such as patch panel ports and wall jacks connecting the device to the network. A baseline is a snapshot of the performance statistics of the network or devices. A procedure is a step-by-step process outlining how to implement a specific action.

4.4 You have a network connected using a full physical mesh topology. The link between device A and device B is broken. Which of the following best describes what affect this will have on network communications? is broken.

With a mesh topology, a break in a single link has no effect on communications. Data can be routed to the destination device by taking a different (sometimes longer) path through the mesh topology.

You are an application developer, and you are writing a program for exchanging video files through a TCP/IP network. You need to select a transport protocol that will guarantee delivery. Which TCP/IP protocol provides this capability?

Write the application to use the transmission control protocol (TCP). TCP guarantees delivery through error checking and acknowledgments.

6.5 Which of the following benefits apply only to creating VLANs with switches and not to segmenting the network with regular switches?

You can create multiple broadcast domains.

5.3 You are implementing a DHCP server for your segment. Your segment's IP address is 192.168.1.0. Your default gateway address is 192.168.1.254. Your DNS server address is 192.168.1.1. Your default gateway is configured as a NAT router to translate addresses between network segments. You configured the 03 Router option on your DHCP server so it can deliver the IP address of the default gateway to workstations. After configuring your workstations to get their IP addressing information dynamically, your users complain that they are unable to access websites on the internet. How can you resolve this problem?

You must configure your DHCP server with an option that delivers the IP address of the DNS server (Option 06). -In this scenario, the DHCP server hasn't been configured to deliver the IP address of the DNS server to the workstations. When users try to access websites with a browser, they receive an error message because their workstations can't resolve URLs into IP addresses. -To fix this problem, you must enable the 06 Domain Name Server option on the DHCP server and configure it with the IP address of your DNS server. -You could statically configure APIPA on each workstation with the IP address of the DNS server, but doing this would defeat the purpose of implementing a DHCP server in the first place.

You are building network cables and attaching RJ45 connectors to each end. Which tool do you need for this task?

You should use a crimping tool designed for RJ45 connectors to attach connectors to UTP cable.

10.4.3 To optimize your network, you want to configure your wireless AP to use a channel that meets the following criteria: Non-overlapping Low utilization Low interference You performed a spectrum analysis to identify 2.4 GHz wireless channel utilization, as shown in the exhibit. (To read the spectrum analysis, imagine a line coming down from the center of the highest point of each wave. For example, the four waves whose crests are over channel 11 belong to channel 11.) Based on the results, which channel should you configure your wireless AP to use?

You should use channel 1. Based on the results, the only channel that meets all the criteria is channel 1. Channels 3 and 8 overlap. Channel 6 is heavily utilized and would cause issues. Channel 11 isn't used as much as channel 6, but the signal interference is much stronger.

8.3.8 In which of the following situations would you most likely implement a demilitarized zone (DMZ)?

You want to protect a public web server from attack. Use a demilitarized zone (DMZ) to protect public hosts on the internet, such as a web server, from attack. The DMZ uses an outer firewall that prevents internet attacks. Inside the DMZ are all publicly accessible hosts. A second firewall protects the private network from the internet.

In which of the following situations would you use port security?

You want to restrict the devices that could connect through a switch port. EXPLANATION Use port security on a switch to restrict the devices that can connect to a switch. Port security uses the MAC address to identify allowed and denied devices. When an incoming frame is received, the switch examines the source MAC address to decide whether to forward or drop the frame. Port security cannot prevent sniffing or MAC address spoofing attacks. Use an access list on a router to control sent and received packets.

You have a private network connected to the internet. Your routers will not share routing information about your private network with internet routers. Which of the following best describes the type of routing protocol you would use?

You would use an interior gateway protocol (IGP) on routers within your network. Routing protocols can be classified based on whether they are routing traffic within or between autonomous systems. An interior gateway protocol (IGP) routes traffic within an AS; an exterior gateway protocol (EGP) routes traffic between ASs.

13.7.10 You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file?

Your copy is the same as the copy posted on the website. A hash is a function that takes a variable-length string (message) and compresses and transforms it into a fixed-length value. Hashes ensure the data integrity of files and messages in transit. The sender and the receiver use the same hashing algorithm on the original data. If the hashes match, then the data can be assumed to be unmodified.

10.4.2 Which protocol is well known for its use in the the home security and home automation industry, uses a mesh topology, makes devices act as repeaters, and has a low data transfer rate?

Z-Wave The Z-Wave protocol is mostly used in the home security and automation market and uses only a mesh topology. Each device that is added acts as a repeater and increase the strength of the network. Z-Wave has a low data transfer rate. Ant+ is can be used in a mesh topology, but is generally used to monitor sensor data. NFC is commonly used for mobile pay solutions and connections like blue tooth, but has to be several inches within another device to connect. 802.11 AC is a wireless networking standard that offers high-speed data transfer.

Which of the following topologies connects all devices to a trunk cable? a) Bus b) Tree c) Ring d) Star

a) Bus

Which of the following geographic network types is made up of an interconnection of LANs?

a) CAN b) MAN c) WAN d) WLAN

Which of the following are included as part of Data Link layer specifications? (Select two.) a) Controlling how messages are propagated through the network. b) Composing electrical signals as they pass through the transmission medium. c) Synchronizing individual bits as they are transmitted through the network. d) Identifying physical network devices.

a) Controlling how messages are propagated through the network. d) Identifying physical network devices.

Which of the following geographic network types are typically managed by a city as a public utility?

a) Local area network (LAN) b) Wide area network (WAN) c) Personal area network (PAN) d) Metropolitan area network (MAN)

You have implemented a network where each device provides all other devices on the network with access to shared files. What type of network do you have?

a) Multiple Access b) Peer-to-Peer c) Polling d) Client-server

Configure the workstation to obtain IP and DNS addresses automatically from the server on the network as follows:

a) On the ITAdmin monitor, select Click to view Windows 10. b) In the notification area, right-click the Network icon and select Open Network and Sharing Center. The Network and Sharing Center should indicate a bad connection to the internet. c) Select Ethernet. d) Select Properties. e) Select Internet Protocol Version 4 (TCP/IPv4). f) Select Properties. g) Select Obtain an IP address automatically. h) Select Obtain DNS server address automatically. i) Click OK. j) Click Close. k) Click Close. l) Open the Network and Sharing Center to confirm the connection to the network and the internet for the workstation. The Network and Sharing Center should indicate an active connection to the local network and the internet.

You have implemented a network where hosts are assigned specific roles, such as file sharing and printing roles. Other hosts access those resources, but do not host services of their own.

a) Peer-to-peer b) Client-server c) Extranet d) Intranet

Mail Transfer Agent

an application layer software package on the mail server.

Which TCP/IP utility gives you the following output? Interface: 192.168.4.101 on Interface 0x3Internet Address Physical Address Type192.168.1.23 00-d1-b6-b7-c2-af dynamic

arp

Which of the following are functions of the MAC sublayer? (Select two.) a) Creating routing tables based on MAC addresses b) Letting devices on the network have access to the LAN c) Mapping hardware addresses to link-layer addresses d) Defining a unique hardware address for each device on the network

b) Letting devices on the network have access to the LAN d) Defining a unique hardware address for each device on the network

You have implemented an ad hoc wireless network that doesn't employ a wireless access point. Every wireless network card can communicate directly with any other wireless network card on the network. What type of physical network topology has been implemented in this type of network? a) Star b) Mesh c) Bus d) Ring e) Tree

b) Mesh

Your manager has asked you to implement a network infrastructure that will accommodate failed connections. Which of the following network topologies provides redundancy for a failed link? a) Star b) Mesh c) Bus d) Ring

b) Mesh

Which of the following functions are performed at the Physical layer of the OSI model? a) Data translation b) Moving data across network cables c) Enabling network services d) Conversation identification e) Provisioning environments where you can run network applications

b) Moving data across network cables

Which OSI model layer is responsible for guaranteeing reliable message delivery? a) Session b) Transport c) Data Link d) Application

b) Transport

Which of the following tasks is associated with the Session layer? a) Acknowledgement coordination b) Transmission synchronization c) Connection establishment d) Host ID number assignment

c) Connection establishment

In the OSI model, which of the following functions are performed at the Application layer? (Select all that apply.) a) Conversation identification b) Data translation c) Integrating network functionality into the host operating system d) Enabling communication between network clients and services

c) Integrating network functionality into the host operating system d) Enabling communication between network clients and services

You have a network that uses a logical ring topology. How do messages travel through the network? a) Messages are sent to all devices connected to the network. b) Messages are sent to a central device that forwards them to the destination devices. c) Messages travel from one device to the next until they reach the destination device. d) Messages are sent directly to the destination device only.

c) Messages travel from one device to the next until they reach the destination device.

In which of the following topologies does each device on the network act as a repeater, sending the signal to the next device? a) Bus b) Tree c) Ring d) Star

c) Ring

Which of the following topologies connects each device to a neighboring device? a) Bus b) Tree c) Ring d) Star

c) Ring

In the OSI model, which of the following functions are performed at the Presentation layer? (Select two.) a) Provide network services b) Maintain separate client connections c) Specify data format (such as file formats) d) Transmit data frames e) Handle general network access, flow control, and error recovery f) Encrypt and compress data

c) Specify data format (such as file formats) f) Encrypt and compress data

Which of the following topologies connects each network device to a central hub? a) Ring b) Mesh c) Star d) Bus

c) Star

You have a small network that uses a switch to connect multiple devices. Which physical topology are you using? a) Mesh b) Bus c) Star d) Ring

c) Star

What device is used to create a physical star topology? a) Router b) Bridge c) Switch d) Firewall

c) Switch

You have a network that uses a logical bus topology. How do messages travel through the network? a) Messages travel from one device to the next until they reach the destination device. b) Messages are sent directly to the correct destination device. c) Messages are sent to a central device that forwards them to the destination devices. d) Messages are broadcast to all devices connected to the network.

d) Messages are broadcast to all devices connected to the network.

Your manager has asked you to implement a wired network infrastructure that will accommodate failed connections. You don't have a large budget, so you decide to provide redundancy for only a handful of critical devices a) Bus b) Star c) Full Mesh d) Partial Mesh

d) Partial Mesh

In the OSI model, what is the primary function of the Network layer? a) Ensures that packets are delivered with no loss or duplication b) Transmits data frames c) Allows applications to establish, use, and end a connection d) Routes messages between networks

d) Routes messages between networks

Which of the following functions are performed by the OSI Transport layer? (Select three.) a)Format packets for delivery through the media b)Control media access, logical topology, and device identification c)Consistent data formatting between dissimilar systems d)Reliable message delivery e)Data segmentation and reassembly f)End-to-end flow control g)Path identification and selection

d)Reliable message delivery e)Data segmentation and reassembly f)End-to-end flow control

Patch cables

have different connector types. ST to SC

9.1.1 You are in the process of configuring an iSCSI storage area network (SAN) for your network. You want to configure a Windows Server 2016 system to connect to an iSCSI target defined on a different server system. You also need to define iSCSI security settings, including CHAP and IPsec. Which tool should you use?

iSCSI Initiator Run the iSCSI Initiator to connect to an iSCSI target defined somewhere on the SAN fabric. You can also use this utility to define iSCSI security settings, including CHAP and IPsec.

5.9 You work in an office that uses Linux servers and Windows servers. The network uses both the TCP/IP protocol. The Linux server is used as an FTP server. Today you have received several calls from people who are unable to contact the Linux server at its known IP address. You are sitting at the Linux server and want to check its IP address. Which command should you use?

ifconfig Use the ifconfig command to show the TCP/IP configuration for a Linux computer.

In a SAN implementation, the servers that connect to shared storage devices are called __________.

initiators

9.1.6 In a SAN implementation, the servers that connect to shared storage devices are called __________.

initiators The servers that connect to shared storage devices are called initiators. They use initiator software to connect to and communicate with the SAN targets.

5.4 You need to configure a Cisco RFC 1542-compliant router to forward any received DHCP frames to the appropriate subnet. The address of the remote DHCP server is 172.16.30.1 Which of the following commands would you use to configure the router?

ip helper-address 172.16.30.1 -To configure a Cisco router to listen for DHCP traffic and route any received DHCP frames to the appropriate subnet, use the following command: ip helper-address [server_address] -The ifconfig command is used on a Linux computer to display TCP/IP configuration information. -The host command is used to query the A records of a specified host. -The ip address dhcp command is used to configure a Cisco switch to obtain its IP address from a DHCP server.

You need to configure a Cisco RFC 1542-compliant router to forward any received DHCP frames to the appropriate subnet. The address of the remote DHCP server is 172.16.30.1 Which of the following commands would you use to configure the router?

ip helper-address 172.16.30.1 EXPLANATION To configure a Cisco router to listen for DHCP traffic and route any received DHCP frames to the appropriate subnet, use the following command: ip helper-address [server_address] The ifconfig command is used on a Linux computer to display TCP/IP configuration information. The host command is used to query the A records of a specified host. The ip address dhcp command is used to configure a Cisco switch to obtain its IP address from a DHCP server.

You are troubleshooting a network connectivity issue on a Unix system. You are able to connect to remote systems by using their IP address, but unable to connect using the host name. You check the TCP/IP configuration and note that a DNS server IP address is configured. You decide to run some manual resolution queries to ensure that the communication between the Unix system and the DNS server are working correctly. Which utilities can you use to do this? (Choose two.)

nslookup dig EXPLANATION The dig and nslookup commands allow you to perform manual DNS lookups from a Linux or Unix system. This can be very useful when you are troubleshooting name resolution issues.

Which of the following commands would display the output shown here?

route print

11.5.1 You are troubleshooting physical layer issues with the Gi0/1 interface in a router. You need to view and analyze the number of collisions detected on the interface. Which command should you use?

show interfaces gi0/1 EXPLANATION The show interfaces gi0/1 command displays statistics about the Gi0/1 interface, including the number of collisions and late collisions. The show interfaces gi0/1 status command displays summary information about the interface status. The output displays the port, name, status, VLAN assignment, duplex configuration, interface speed, and link type. The show interfaces gi0/1 description command displays the line and protocol status of the interface. The show controllers command is used to display configuration parameters for serial interfaces (not Ethernet interfaces), such as the type of serial cable and which end of the cable is connected to the device (DCE or DTE).

11.5.2 You are troubleshooting physical layer issues with the Gi0/1 interface in a router. You suspect that a duplex mismatch error has occurred, and you need to determine the duplex settings configured on the interface. Which commands could you use? (Choose two. Each response is a complete solution.)

show interfaces gi0/1 status show interfaces gi0/1 EXPLANATION Both the show interfaces gi0/1 command and the show interfaces gi0/1 status command display configuration information for the Gi0/1 interface, including the duplex configuration. Using this information, you can identify duplex mismatch errors. The show interfaces gi0/1 description command displays the line and protocol status of the interface. The show controllers command is used to display configuration parameters for serial interfaces (not Ethernet interfaces), such as the type of serial cable and which end of the cable is connected to the device (DCE or DTE). The show interfaces counters command displays the traffic on the physical interface.

6.7.8 The network board in a workstation is currently configured as follows: Network speed = Auto Duplexing = Auto The workstation is experiencing poor network performance, and you suspect that the network board is not correctly detecting the network speed and duplex settings. Upon investigation, you find that it is running at 10 Mbps half-duplex. You know that your network switch is capable of much faster throughput. To fix this issue, you decide to manually configure these settings on the workstation. Before you do so, you need to verify the configuration of the switch port that the workstation is connected to. Given that it is a Cisco switch, which commands can be used on the switch to show a list of all switch ports and their current settings? (Select two.)

show running-config interface show interface To view the speed and duplex settings of the interfaces in a Cisco switch, you can use one of the following commands: show running-config interface (displays concise summary information) show interface (displays extended information)

6.2 Which command would you use on a switch to enable management from a remote network?

switch(config)#ip default-gateway "IP_address"

5.9 While working on a Linux server, you are unable to connect to Windows Server 2016 system across the Internet. You are able to ping the default gateway on your own network, so you suspect that the problem lies outside of the local network. Which utility would you use to track the route a packet takes as it crosses the network?

traceroute is a Linux utility that allows you to track the route of a packet as it traverses the network. The traceroute utility is used on Linux systems, while tracert is used on Windows systems.

You are the network administrator of a branch office of your company. The branch office network is part of a WAN that covers most of the United States. The office has two Windows 2000 servers, two UNIX servers, one Windows NT server, 90 Windows 98 clients, 40 Windows 2000 Professional clients, and five Macintosh clients. Users have been complaining that they are unable to access resources over the WAN at the main headquarters. You suspect that one of the routers between your office and the main headquarters is not working properly. What TCP/IP utility can you use to see if a router is working properly?

tracert tracert shows you the series of routers that are used between the source and destination computers. If a router is not functioning, tracert can help you find which router is not working by showing you the last router it was able to contact successfully.

FC Connector

• Used only with single mode cabling. • Each wire has a separate connector. • Uses a threaded connector. • Designed to stay securely connected in environments where it may experience physical shock or intense vibration.

Smartjack

A smartjack is an intelligent loopback device installed at the demarcation point for a WAN service

SC connector

- Type of connector used in fiber optic cabling. - Snap-in with 2.5 mm ferrule. Set and Click

ST connector

- Type of connector used in fiber optic cabling. - Uses bayonet connector with 2.5 mm ceramic or polymer ferrule. Set and Twist

100Base-T (Fast Ethernet)

-There are positive (+) and negative (-) pins for each pair of wires. -Signals go in both directions over each pair of wires, so there are no dedicated transmit and receive pins. -The T568A and T568B wiring standards are still used.

5.1 A host on the network has an IP address of 129.11.99.78 using the default subnet mask. How would you identify the address and mask using CIDR notation?

129.11.99.78/16 -Use 129.11.99.78/16 for the address and the mask. With CIDR notation, follow the IP address with a slash (/) and the number of bits in the mask. The default subnet mask for this address is 255.255.0.0, which uses 16 bits in the mask.

10.2.12 Which technologies are used by the 802.11ac standard to increase network bandwidth? (Select two.)

160 MHz bonded channels Eight MIMO radio streams

port number for snmp?

161

10.2.11 You have been contacted by OsCorp to recommend a wireless Internet solution. The wireless strategy must support a frequency range of 5 GHz, and provide the highest possible transmission speeds. Which of the following wireless solutions would you recommend?

802.11n

BNC

A BNC (Bayonet Neill-Concelman) is a type of quick connect/disconnect adapter used on some types of cables, such as the RG-58 A/U cable used with the 10Base-2 Ethernet system.

CAN

A Campus Area Network (CAN) is a computer network made up of an interconnection of local area networks (LANs) within a limited geographical area, such as a university's campus.

Web Server

A computer connected to the Internet used to store Web page documents.

3.2 Which of the following hardware devices regenerates a signal out all connected ports without examining the frame or packet contents? (Select two.)

A hub and a repeater send received signals out all other ports. These devices do not examine the frame or the packet contents.

You want to measure the voltage, amps, and ohms of various devices.

A multimeter is a device that tests various electrical properties. For example, most multimeters can measure: AC and DC voltage Current (amps) Resistance (ohms) Capacitance Frequency

9.2.11 What is a soft phone?

A software application that runs on a computer or other device that accesses a VoIP server to make real-time phone calls. EXPLANATION A soft phone is a software application that is installed on a computing device such as a computer or a handheld device.

Speed Test Website

A speed test website is an online tool that is used to test the bandwidth of your internet connection. There are countless speed test websites available, all of which provide essentially the same information:

Star Topology

A star topology uses a hub or switch to connect all network connections to a single physical location.

Subnet

A subnet is a portion of a network with a common network address.

You manage the two-location network shown in the exhibit. Workstations and servers at each location connect to a patch panel using behind-the-wall wiring. The patch panel then connects network hosts to one of three 1000BASE-T switches. Routers are implemented at each location to connect the two networks together using a private WAN. The switch ports have auto-MDIX disabled. Drag the cable type on the left to the most appropriate network location on the right. Each cable type can be used more than once.

A. Drop cables Cat 6 straight-through UTP B. Patch cables Cat 6 straight-through UTP C. Uplink cables Cat 6 crossover UTP D. WAN cables Single-mode fiber optic

3.1 Which of the following is a valid MAC address?

AB.07.CF.62.16.BD MAC addresses are comprised of 12 hexadecimal digits (ranging from 0-9 and A-F)

13.7.6 IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)

AH ESP EXPLANATION IPsec is implemented through two separate protocols, IP Authentication Header and IPsec Encapsulating Security Payload. IPsec AH provides authentication and non-repudiation services to verify that the sender is genuine and the data has not been modified in transit. IPsec ESP provides data encryption services for the data within the packet.

11.1.4 Which of the following are characteristics of MPLS? (Select two.)

Adds labels to data units Supports variable-length data units EXPLANATION MPLS is a WAN data classification and data carrying mechanism. MPLS is a packet switching technology that supports variable-length data units. MPLS adds a label to packets between the existing Network and Data Link layer formats. Labels are added when the packet enters the MPLS network and removed when the packet exits the network. Information in the label is used to switch the packet through the MPLS network to the destination. MPLS labels can identify the route or even the network type to use. MPLS labels are often used to provide different classes of service for data streams. ATM uses labels, but uses fixed-length cells. ISDN is a local loop technology. Frame relay uses the committed information rate (CIR) to define levels of service. MPLS service levels are provided by information within the labels.

13.8.2 Which of the following best describes the ping of death exploit?

An ICMP packet larger than 65,536 bytes EXPLANATION A ping of death exploit uses an ICMP packet that is larger than 65,536 bytes. A teardrop attack uses partial IP packets with overlapping sequencing numbers. A smurf attack sends multiple spoofed ICMP packets to the victim. The ability to re-direct echo responses is a feature of ICMP that is often involved in malicious attacks.

When would you typically use an RJ11 connector?

An RJ11 connector is used for connecting analog telephones to the telephone jacks.

13.3.12 Which of the following measures are you most likely to implement to protect a system from a worm or Trojan horse?

Antivirus software Worms and Trojan horses are types of viruses. The best way to protect a system from them is to ensure that every system on the network has antivirus software with up-to-date virus definitions installed.

You are creating an Ethernet network for your company. The shipping department is located in a different building that is located 150 meters from the main wiring closet. You use a single Cat6e cable to connect the wiring closet to the shipping building. Which of the following conditions are you most likely to experience?

Attenuation

Attenuation

Attenuation is the loss of signal strength from one end of a cable to the other. This is also known as dB loss.

11.4.6 RADIUS is primarily used for what purpose?

Authenticating remote clients before access to the network is granted.

13.2.1 What is the primary countermeasure to social engineering?

Awareness

Which of the following routing protocols uses paths, rules, and policies instead of a metric for making routing decisions?

BGP is an advanced distance vector protocol (also called a path vector protocol) that uses paths, rules, and policies to make routing decisions instead of a metric.

3.1 Which of the following is a valid MAC address?

C0-34-FF-15-01-8E A MAC or hardware address is a unique identifier hard coded on every network adapter card. A valid MAC address has a total of 12 hexadecimal numbers. Hexadecimal numbers contain the numbers 0 to 9 and letters A to F. Valid values in a MAC address range anywhere from 00 to FF. Note that one of the answers would be valid MAC address except it uses a G value, which is beyond the range of a hexadecimal number.

4.1 Which of the following use the CSMA/CD access method?

CSMA/CD stands for carrier sense multiple access/collision detection. It defines the steps network devices take when two devices attempt to use a data channel simultaneously. Ethernet networks use CSMA/CD, including 1000BaseT.

11.1.14 What must you install between your network and a T1 line for your network to use the T1 line?

CSU/DSU EXPLANATION A CSU/DSU is required for a network to send signals on a T1 line.

RG59

Cable TV Cable Modems 75 Ohms resistance

4.2 What type of cabling is used with 100BaseTX Fast Ethernet networks?

Cat5 or higher

12.1.11 You are troubleshooting a workstation connection to the network. During your troubleshooting, you replace the drop cable connecting the computer to the network. Which type of document should you update?

Change documentation EXPLANATION In this scenario, update the change documentation for the device to reflect that a part was replaced. In this scenario, you have not altered the network connection or design--you simply replaced the drop cable. In the future, knowing that the drop cable was recently replaced might help you troubleshoot new or recurring problems with the device. The configuration document identifies specific configuration information for a device. It might include information about the connection to the network. A network diagram might include the location of the workstation on your site and its connection to the network. A wiring schematic might include information about how the device connects to the punch down blocks or patch panels. For each of these documents, simply changing the drop cable does not alter the information in each document, so no change is required.

12.3.5 A code of ethics accomplishes all but which of the following?

Clearly defines courses of action to take when a complex issue is encountered.

6.5 Computers A and B are on the same VLAN and are separated by two switches as shown in the exhibit. Computer A sends a frame to Computer B. Which of the following best describes the composition of the frame as it travels from A to B?

Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The second switch removes the VLAN ID before forwarding it to Computer B.

A network is made up of the following components:

Computers (often called nodes or hosts) Transmission media—a path for electrical signals between devices Network interfaces—devices that send and receive electrical signals Protocols—rules or standards that describe how hosts communicate and exchange data

Beside protecting a computer from under-voltages, a typical UPS also performs which two actions?

Conditions the power signal Protects from over-voltages EXPLANATION A typical UPS protects a computer from over-voltages as well as under-voltages. Also, because the quality of the electrical signal provided by a UPS battery is not as good as the AC power from the wall outlet, UPS devices often have built-in line conditioners.

You want to make sure that the correct ports on a firewall are open or closed. Which document should you check?

Configuration documentation

6.6.10 You have just connected four switches as shown in the Exhibit. Assuming the default switch configuration, how can you force switch C to become the root bridge?

Configure a priority number of 4096 for switch C. To force a specific switch to become the root bridge, configure a priority number lower than the default (32768). The switch with the lowest bridge ID becomes the root bridge. The bridge ID is composed of two parts: a bridge priority number and the MAC address assigned to the switch. When the default priority is used for all switches, the switch with the lowest MAC address becomes the root bridge.

6.2 What does the ip address dhcp command allow you to do?

Configure the switch to obtain an IP address from a DHCP server.

6.6.11 You have three switches configured as shown in the Exhibit. How can you guarantee that switch C becomes the root bridge?

Configure switch C with a lower priority value. To guarantee that switch C becomes the root bridge, configure switch C with a lower priority value. The election of the root bridge is determined by the switch with the lowest bridge ID. The bridge ID is made of two parts: The priority value assigned to the switch. The MAC address. The switch with the lowest priority value automatically becomes the root bridge. If two or more switches have the same priority value, then the switch with the lowest MAC address becomes the root bridge.

13.7.2 A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration? (Select two.)

Configure the browser to send HTTPS requests through the VPN connection. Configure the VPN connection to use IPsec. EXPLANATION It is generally considered acceptable to use a VPN connection to securely transfer data over an open Wi-Fi network. As long as strong tunneling ciphers and protocols are used, the VPN provides sufficient encryption to secure the connection, even though the wireless network itself is not encrypted. It is recommended that you use IPsec or SSL to secure the VPN, as these protocols are relatively secure. You should also configure the browser's HTTPS requests go through the VPN connection. To conserve VPN bandwidth and to improve latency, many VPN solutions automatically reroute web browsing traffic through the client's default network connection instead of through the VPN tunnel. This behavior would result in HTTP/HTTPS traffic being transmitted over the unsecure open wireless network instead of through the secure VPN tunnel.

Which of the following tasks is associated with the Session layer?

Connection establishment

Horizontal cross connect

Connects IDFs on the same floor. Cabling runs horizontally between the IDFs.

networks actually save organizations money by allowing them to:

Consolidate (centralize) data storage Share peripheral devices like printers Increase internal and external communications Increase productivity and collaboration

13.5.11 Which of the following applications typically use 802.1x authentication? (Select two.)

Controlling access through a wireless access point Controlling access through a switch 802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. 802.1x is used for port authentication on switches and authentication to wireless access points. 802.1x requires an authentication server for validating user credentials. This server is typically a RADIUS server.

What is the basic purpose of the OSI Physical layer?

Coordinates rules for transmitting bits.

A user reports that she can't connect to the Internet. After some investigation, you find that the wireless router has been misconfigured. You are responsible for managing and maintaining the wireless access point. What should you do next?

Create an action plan.

Which of the following is an example of privilege escalation?

Creeping privileges EXPLANATION Creeping privileges is what occurs when a user's job position changes, so the user is granted a new set of access privileges--but the user's previous access privileges are not removed. As a result, the user accumulates privileges over time that are not necessary for their current work tasks. This is a form of privilege escalation. Principle of least privilege and separation of duties are countermeasures against privilege escalation. Mandatory vacations are used to perform peer reviewing. Mandatory vacations require cross-trained personnel and help detect mistakes and fraud.

You are building network cables and attaching RJ45 connectors to each end. Which tool do you need for this task?

Crimping tool

Crosstalk

Crosstalk is interference that is caused by signals within twisted pairs of wires (for example, current flow on one twisted pair causing a current flow on an adjacent pair).

13.3.2 An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

DDoS A DDoS attack is when multiple PCs attack a victim simultaneously and generate excessive traffic that overloads communication channels or exploiting software flaws.

Network Services

DHCP DNS NTP LDAP LDAPS

13.3.7 Which type of denial of service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

DNS poisoning DNS poisoning occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses. In a DNS poisoning attack: Incorrect DNS data is introduced into a primary DNS server. The incorrect mapping is made available to client applications through the resolver. Traffic is directed to incorrect sites. ARP poisoning corrupts the ARP cache or sends incorrect ARP data that spoofs MAC addresses, causing devices to send frames to the wrong host or an unreachable host. Spam sent in such great amounts can consume bandwidth or fill a mailbox, leaving no room for legitimate traffic. The SYN flood exploits the TCP three-way handshake.

You have just connected a new computer to your network. The network uses static IP addressing. You find that the computer can communicate with hosts on the same subnet, but not with hosts on a different subnet. No other computers are having a problem. Which of the configuration values would you most likely need to change?

Default gateway

A user reports that she can't connect to a server on your network. You check the problem and find out that all users are having the same problem. What should you do next?

Determine what has changed.

DNS

Domain Name System

Two connected strands of fiber

Duplex

11.3.10 Which of the following cellular network types provide internet connectivity? (Choose four.)

Edge, HSPA+, LTE, and 4G all provide internet connectivity, and each has specific bandwidth limitations. EXPLANATION 2G (second generation) networks were the first to offer digital data service such as text messaging, but did not provide internet connectivity.

10.6.6 Which of the following features are supplied by WPA2 on a wireless network?

Encryption

6.3 You need to disable the FastEthernet 0/0 interface on a switch. Drag the command on the left to the appropriate configuration step on the right. It is possible that not all of the commands are required.

Enter global configuration mode. conf t Enter interface configuration mode. int fa0/0 Disable the interface. shutdown Verify that the interface is disabled. show ip interface brief

6.6.4 Which statements accurately describe the port states of both bridges and switches? (Select two.)

For both bridges and switches: In the learning state, ports do not forward frames, but still populate the MAC address table based on frames received. In the blocking state, ports receive BPDUs, but do not forward frames. In the listening state, all ports are blocked.

9.3.2 What type of virtualization completely simulates a real physical host?

Full virtualization EXPLANATION In full virtualization, the virtual machine completely simulates a real physical host. This allows most operating systems and applications to run within the virtual machine without being modified in any way. In partial virtualization, only some of the components of the virtual machine are virtualized. Be aware of the following: The operating system uses some virtual components and some real physical hardware components in the actual device where the hypervisor is running. The operating system or application must be modified to run in a partial virtualization environment. In paravirtualization, the hardware is not virtualized. Be aware of the following: All of the guest operating systems running on the hypervisor directly access various hardware resources in the physical device; components are not virtual. The guest operating systems run in isolated domains on the same physical hardware. The operating system or application must be modified before it can run in a paravirtualization environment.

13.7.9 Which of the following can route Layer 3 protocols across an IP network?

GRE Generic routing encapsulation (GRE) is a tunneling protocol that creates a tunnel between two routers. It does this by adding a GRE header and a new IP header to the original packet.

T568A

Green white Green Orange whit Blue Blue white Orange Brown white Brown

T568A

Green white Green Orange white Blue Blue white Orange Brown white Brown

10.1.3 Which of the following is true of a wireless network SSID?

Groups wireless devices together into the same logical network. EXPLANATION The SSID, also called the network name, groups wireless devices together into the same logical network. All devices on the same network (within the BSS and ESS) must have the same SSID. The SSID is a 32-bit value that is inserted into each frame. The SSID is case sensitive. The SSID is sometimes called the ESSID (extended service set ID) or the BSSID (basic service set ID). In practice, each term means the same thing; however, SSIDs, ESSIDs, and BSSIDs are technically different.

Web Services

HHTP HTTPS

Which protocol is used to securely browse a website?

HTTPS

GG45

Has eight connectors. Supports four pairs of wires. Backwards compatible with RJ45. Four additional conductors in the corners of the connector that duplicate and replace the four inner pins on the RJ45.

TERA

Has eight connectors. Supports four pairs of wires. Incompatible with RJ45 and GG45. Does not require special tools to install.

3.1 A host wants to send a message to another host that has the IP address 115.99.80.157. IP does not know the hardware address of the destination device. Which protocol can be used to discover the MAC address?

Hosts use the address resolution protocol (ARP) to discover the hardware address of a host.

5.7 Which protocol does an IP host use to inform a router that it wants to receive specific multicast frames?

IP hosts use the IGMP, or internet group management protocol, to inform multicast-enabled routers that they want to receive specific multicast frames.

13.7.7 Which of the following network layer protocols provides authentication and encryption services for IP-based network traffic?

IPsec

Match each network enumeration technique on the left with its corresponding description on the right.

Identifying phone numbers with modems War dialing Scanning for wireless access points Wardriving Identifying operating system type and version number Banner grabbing Identifying services that can pass through a firewall Firewalking EXPLANATION Network enumeration (also called network mapping) involves a thorough and systematic discovery of as much of the corporate network as possible. Enumeration methods include: Social engineering Wardriving (scanning for wireless access points within the organization) War dialing (trying to access phone lines that will answer a calling modem) Banner grabbing (capturing information transmitted by the remote host including the application type, application version, and even operating system type and version) Firewalking (using traceroute techniques to discover which services can pass through a firewall or a router) Probing the corporate network with scanning tools, often using the same tools used by hackers, such as SATAN and Nessus Monitoring the network (usually performed from a remote site) Soliciting host-specific banners to identify the function of a remote host

Under which of the following circumstances might you implement BGP on your company network and share routes with Internet routers?

If the network is connected to the Internet using multiple ISPs.

13.2.6 Which of the following is not a form of social engineering?

Impersonating a user by logging on with stolen credentials

5.1 You recently created a new network segment for the development department. Because the hosts are now on a different network segment, they can no longer contact the DHCP server. Both network segments are connected via a Cisco router. Which of the following would be the best action to take in order to fix the problem?

Implement an IP helper address on the router. -When an IP helper address is implemented on the Cisco router, DHCP broadcasts are forwarded to the specified IP address of the DHCP server. This allows hosts in a different network segment to contact the DHCP server.

Client-Server

In a client-server network, hosts have specific roles

Peer-to-Peer

In a peer-to-peer network, each host can provide network resources to other hosts or access resources located on other hosts.

Cross over cable

In a standard crossover cable, wires 1 and 3 and wires 2 and 6 are crossed. T568A to T568B

13.5.10 Which of the following authentication methods uses tickets to provide single sign-on?

Kerberos

11.2.5 What connection order would two TCP/IP routers use to open a session with PPP?

LCP, authentication, NCP EXPLANATION PPP uses the following process to open a session: Exchange LCPs to establish the link and negotiate communication parameters. Perform authentication (optional). Exchange NCPs to negotiate the Network layer protocols to use.

13.1.11 Which of the following controls is an example of a physical access control method?

Locks on doors EXPLANATION Locks on doors is an example of a physical access control method. Physical controls restrict or control physical access. Passwords, access control lists, and smart cards are all examples of technical controls. Even though a smart card is a physical object, the card by itself is part of a technical implementation. Requiring background checks for hiring is an example of a policy or an administrative control.

Which of the following functions are performed at the Physical layer of the OSI model?

Moving data across network cables

5.7 Which address type is used for a video conference call consisting of multiple participants?

Multicast Unified communication (UC) systems typically use unicast network transmissions. An example of a unicast transmission is a one-on-one VoIP phone call. UC systems also support multicast transmissions. Examples of a multicast transmission are conference phone calls or video conference calls consisting of multiple users.

You want to measure the voltage, amps, and ohms of various devices. Which tool should you use?

Multimeter

13.7.11 Which of the following networking devices or services prevents the use of IPsec in most cases?

NAT IPsec cannot typically be used when static IP addresses are not used by both communication partners. NAT proxy performs network address translation on all communications. For this reason, the IP address seen for a system outside of the proxied network is not the real IP address of that system. This prevents the use of IPsec.

10.6.3 What is the least secure place to locate an access point with an omni-directional antenna when creating a wireless cell?

Near a window

5.9 Which command displays network activity statistics for TCP, UDP, and IP?

Netstat -s displays network activity statistics for TCP, UDP, and IP.

Management

Network, Subnet, Internetwork

Creating fake resources such as honeypots, honeynets, and tarpits fulfills which of the following main intrusion detection and prevention goals? (Select two.)

Offers attackers a target that occupies their time and attention while distracting them from valid resources. Reveals information about an attacker's methods and gathers evidence for identification or prosecution purposes. EXPLANATION By using honeypots, honeynets, and tarpits you can fulfill the following intrusion detection and protection goals: Attackers are offered targets that will occupy their time and attention, distracting them from valid resources. You can observe attackers and gather information about their attack methods or gather evidence for identification or prosecution purposes.

PoE

Power over Ethernet (PoE) is a technology that allows a single cable to provide both data and electric power to devices such as wireless access points, IP cameras, and VoIP phones.

You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?

On a RADIUS server EXPLANATION 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. Authentication requests received by the wireless access point are passed to a RADIUS server that validates the logon credentials (such as the username and password). If you are using preshared keys for authentication, configure the same key on the wireless access point and each wireless device. A CA is required to issue a certificate to the RADIUS server. The certificate proves the identity of the RADIUS server or can be used to issue certificates to individual clients.

10.2.6 Which IEEE standard describes wireless communication?

One IEEE standard for wireless is 802.11b.

13.2.7 What is the primary difference between impersonation and masquerading?

One is more active, and the other is more passive.

Your manager has asked you to implement a wired network infrastructure that will accommodate failed connections. You don't have a large budget, so you decide to provide redundancy for only a handful of critical devices. Which of the following network topologies should you implement?

Partial mesh

OSI Mnemonic

Please Do Not Throw Away Sauage Pizza All People Seem To Need Data Processing

You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device. Which tool should you use?

Protocol analyzer EXPLANATION Use a protocol analyzer (also called a packet sniffer) to examine network traffic. You can capture or filter packets from a specific device or use a specific protocol. Use a time domain reflector (TDR) to measure the length of a cable or identify the location of a fault in the cable. A toner probe is two devices used together to trace the end of a wire from a known endpoint into the termination point in the wiring closet. A cable certifier is a multi-function tool that verifies or validates that a cable or an installation meets the requirements for a specific architecture implementation. A multimeter is a device that tests various electrical properties, such as voltage, amps, and ohms.

11.4.4 Which of the following are differences between RADIUS and TACACS+?

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.

Polish Ratings

Rated by Optical Return Loss PC=Physical Contact-single mode SPC=Super Physical Contact UPC=Ultra Physical Contact APC=Angled Physical Contact always green

You have a small home network connected to the internet using an RG-6 cable. You need to move the router connecting the network to the internet, but can't find any RG-6 cable. Which cable types could you use instead?

RG-59

Which of the following cables offers the best protection against EMI?

RG-6

Which of the following protocols has a limit of 15 hops between any two networks?

RIP networks are limited in size to a maximum of 15 hops between any two networks. A network with a hop count of 16 indicates an unreachable network.

In addition to performing regular backups, what must you do to protect your system from data loss?

Regularly test restoration procedures. EXPLANATION The only way to ensure that you have protection against data loss is to regularly test your restoration procedures. This activity reveals whether or not your backup process functions properly and your restoration and recovery procedures are accurate. It's a good idea to store backup media in a fireproof vault, but it is a better idea to store it off site. Restoration privileges should be restricted to trusted staff to prevent confidentiality violations (but this does not address the issue of data loss protection). Write-protecting backup media provides little real security for the stored data because anyone can flip the switch on the media to remove the protection.

Which of the following functions are performed by the OSI Transport layer? (Select three.)

Reliable message delivery End-to-end flow control Data segmentation and reassembly

You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution? (Select two.)

Remediation servers 802.1x authentication EXPLANATION Network access control (NAC) controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirements. NAC can be used with 802.1x port authentication on a switch to allow or deny access to the network through the switch port. A client that is determined by the NAC agent to be healthy is given access to the network. An unhealthy client who has not met all the checklist requirements is either denied access or given restricted access to a remediation network, where remediation servers can help the client to become compliant. For example, remediation servers might include anti-virus software and definition files that can be installed. If and when the unhealthy client's status changes to healthy, the client is given access to the network. A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the internet). DMZs are created with routers and firewall rules to allow or block traffic. DMZs use information in the packet to allow or deny packets. An extranet is a privately-controlled network that is distinct from but located between the internet and a private LAN. An extranet is often used to grant resource access to business partners, suppliers, and even customers outside of the organization. A honeypot is a device or virtual machine that entices intruders by displaying a vulnerable trait or flaw or by appearing to contain valuable data.

12.2.6 Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called?

Residual risk EXPLANATION Residual risk is the portion of risk that remains after a countermeasure is implemented. There will almost always be some residual risk. Exposure is the vulnerability of losses from a threat agent. Risk is the likelihood of a vulnerability being exploited. A loss is the real damages to an asset that reduces its confidentiality, integrity, or availability.

8.1.5 Based on the diagram, which type of proxy server is handling the client's request?

Reverse proxy server A reverse proxy server handles requests from the internet to an internal network. Instead of requests for a server going directly to the server, they first go to the reverse proxy server. A forward proxy server handles requests from an internal network out to the internet. An open proxy server is accessible to any user on the internet and is used to forward requests to and from anywhere on the internet. A circuit-level proxy server is typically used as a stateful firewall to allow or deny sessions.

In which of the following topologies does each device on the network act as a repeater, sending the signal to the next device?

Ring

11.3.8 Which of the following internet services provides equal upload and download bandwidth?

SDSL EXPLANATION Symmetrical DSL (SDSL) provides equal download and upload speeds. Depending on the region, speeds are between 1.544-2.048 Mbps. Newer SHDSL provides between 4.6-5.696 Mbps. The entire line is used for data; simultaneous voice and data is not supported. Splitters are not required because voice traffic does not exist on the line. Asymmetrical DSL (ADSL) and Very High DSL (VDSL or VHDSL) provide different download and upload speeds.

Server Message Block

SMB

What protocol sends email to a mail server?

SMTP

10.3.2 You are configuring a wireless network with two wireless access points. Both access points connect to the same wired network. You want wireless users to be able to connect to either access point and have the ability to roam between the two access points. How should you configure the access points?

Same SSID, different channel When you configure multiple access points as part of the same extended service set (ESS), configure both access points with the same service set identifier (SSID). The SSID is like a network name and groups wireless devices together into the same logical network. All devices, including wireless clients, use the same SSID. Wireless access points that are in the same area should use different channels. If the channels are the same or overlap, devices connected to one access point might interfere with devices connected to the other access point in locations where the signal overlaps.

3.2 An eight-port switch receives a frame on port number 1. The frame is addressed to an unknown device. What will the switch do?

Send the frame out ports two through eight.

9.2.7 Which of the following protocols is an open source protocol used by most manufacturers of VoIP systems?

Session initiation protocol (SIP) EXPLANATION The session initiation protocol (SIP) is one of the protocols used during the call control process of multimedia communications, such as a VoIP call. SIP is used to set up, maintain, and tear down multimedia communications. SIP rides on top of the TCP, UDP, and SCTP transport layer protocols.

Application Layers

Session, Presentation, and Application

8.1.10 You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply.)

Source address of a packet Destination address of a packet Port number Firewalls allow you to filter by IP address and port number.

Single strand of fiber

Simplex

6.6.14 Which of the following features dynamically places switch ports in blocking or forwarding states?

Spanning tree

13.3.6 Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing Spoofing changes or falsifies information in order to mislead or re-direct traffic.

You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow acces

Static NAT

13.7.3 A VPN is used primarily for which purpose?

Support secured communications over an untrusted network.

Which of the following is the least effective power loss protection for computer systems?

Surge protector A surge protector provides no power loss protection. A UPS, a secondary power source, and a backup power generator all provide reasonable protection from power loss.

11.4.5 Which of the following protocols can be used to centralize remote access authentication?

TACACS

Which of the following protocols includes extensive error checking to ensure that a transmission is sent and received without mistakes?

TCP

Transport Protocols

TCP UDP

Data Link Layer (2)

The Data Link layer defines the rules and procedures for hosts as they access the Physical layer. Logical Link Control (LLC) / Media Access Control (MMC) CRC Switch Frames

Which of the following connectors is used with fiber optic cables and requires that you use a twisting motion to connect it?

The ST connector is used with fiber optic cable and uses a twist-type connector. To remember the difference between ST and SC connectors, use the mnemonics Set-and-Twist and Set-and-Click.

Session Layer (5)

The Session layer manages the sessions in which data are transferred. Session ID Connection Establishment

3.2 Your company purchases a new bridge that filters packets based on the MAC address of the destination computer. On which layer of the OSI model is this device functioning?

The bridge is operating at the Data Link layer.

Which of the following is true about single-mode fiber optic network cabling?

The central core is smaller than standard multi-mode fiber optic cabling core.

10.7.8 A user on your network has been moved to another office down the hall. After the move, she calls you complaining that she has only occasional network access through her wireless connection. Which of the following is most likely the cause of the problem?

The client system has moved too far away from the access point. EXPLANATION In this case, the wireless client system has had no problems accessing the wireless access point until she moves to the new office. In some cases, moving a system will cause signal loss either from the increased distance away from the WAP or from unexpected interference by such things as concrete walls or steel doors. There are several ways to correct the problem, including reducing the physical distance to the client, using a wireless amplifier, upgrading the antennae on the wireless devices, or adding another WAP to the infrastructure. Because the client could previously access the WAP and still has occasional access, it is likely that the move was the cause of the problem and not any configuration setting on the client system.

5.3 After installing a new DHCP server on the network, you need to verify that network devices are receiving IP addressing via DHCP. You reboot a Windows 10 client system and using the ipconfig /all command, receive the following information: Ethernet adapter Local Area Connection 1:Description . . . . . . . . . . . : Intel(R) Ethernet ConnectionPhysical Address. . . . . . . . . : 02-00-4C-4F-3F-50DHCP Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesAutoconfiguration IPv4 Address. . : 169.254.25.129Subnet Mask . . . . . . . . . . . : 255.255.0.0Default Gateway . . . . . . . . . :DNS Servers . . . . . . . . . . . : Which of the following statements are true? (Select two).

The client system is configured to use DHCP. The client system is unable to reach the DHCP server. -A system configured as a DHCP client will attempt to locate a DHCP server during the boot process. If the client system is unable to locate the DHCP server and obtain IP information, an APIPA assigned address will be used. The client also configures itself with a class B subnet mask of 255.255.0.0.

Demarc

The demarc (short for demarcation point) is the line that marks the boundary between the telecommunications (telco) equipment and your private network or telephone system.

6.6.9 You have just connected four switches as shown in the Exhibit. Assuming the default switch configuration, which switch will become the root bridge?

The switch with the lowest bridge ID becomes the root bridge. The bridge ID is composed of two parts, a bridge priority number and the MAC address assigned to the switch. The default priority number for all switches is 32,768. This means that for unconfigured switches, the switch with the lowest MAC address becomes the root bridge. In this example, bridge B has the lowest MAC address.

Which of the following are characteristics of an LC fiber optic connector? (Choose two.)

They are half the size of standard connectors. They use a housing and latch system similar to an RJ45 UTP connector.

TLS

Transport Layer Security

6.5 When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?

Trunk ports.

6.5 You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature allows the switches to pass VLAN traffic between the switches?

Trunking

Pinout

When connecting two devices using twisted pair cabling, the pinout determines which wire goes to which pin of the connector.

You want to implement a fault tolerant topology as you connect routers on your wide area network. Which of the following topologies meets your needs? a) Star b) Mesh c) Bus d) Ring

b) Mesh

What is the basic purpose of the OSI Physical layer? a) Defines basic physical structures, such as disks. b) Coordinates rules for managing network servers. c) Coordinates rules for routing packets. d) Coordinates rules for transmitting bits.

d) Coordinates rules for transmitting bits.

5.9 Which TCP/IP utility gives you the following output?

netstat -a shows you the status of all connections and listening ports.

5.9 Which TCP/IP utility gives you the following output?

netstat -r shows you the computer's route table.

Host Role

peer-to-peer, client/server

Which of the following utilities would you use to view the routing table?

route Use the route print or netstat -r commands to display the contents of the routing table.

Examine the following output: 4 22 ms 21 ms 22 ms sttlwa01gr02.bb.ispxy.com [154.11.10.62]5 39 ms 39 ms 65 ms plalca01gr00.bb.ispxy.com [154.11.12.11]6 39 ms 39 ms 39 ms Rwest.plalca01gr00.bb.ispxy.com [154.11.3.14]7 40 ms 39 ms 46 ms svl-core-03.inet.ispxy.net [205.171.205.29]8 75 ms 117 ms 63 ms dia-core-01.inet.ispxy.net [205.171.142.1] Which of these commands produced this output?

tracert

Which TCP/IP utility gives you the following output?

tracert The exhibit shows a few lines from the tracert command, which shows you each host a packet must pass through to reach its destination.

DNS Server

translates the domain name into its associated IP address

You've just installed a new 16U wall-mounted rack in your data center. You need to install the following equipment in this rack: A 4U redundant power supply A 4U server A 4U switch A 2U router Which of the following equipment will also fit in this rack along with the above equipment?

2U UPS EXPLANATION The height of a rack is measured in rack units (Us). A rack unit (1U) is 1.75 inches tall and represents one slot in the rack. When purchasing rack-mounted network devices, you'll notice that their height is specified in rack units. For example, a 2U server is 3.5" tall and fills 2 slots in a server rack. In this scenario, the 16U rack already has 14U of equipment installed. Therefore, only a device 2U (or less) can be installed.

Which Class of Service (COS) priority value should be assigned to a video conference call?

4

What actions can a typical passive intrusion detection system (IDS) take when it detects an attack? (Select two.)

An alert is generated and delivered via email, the console, or an SNMP trap. The IDS logs all pertinent data about the intrusion. EXPLANATION The main functions of a passive IDS are to log suspicious activity and generate alerts if the attack is deemed severe. Additional functionality can be achieved by using a more advanced type of IDS called an active IDS. An active IDS can automate responses that may include dynamic policy adjustment and reconfiguration of supporting network devices to block the offending traffic.

Which of the following components do switches use to optimize network performance by performing switching operations in hardware rather than using the CPU and software?

An application-specific integrated circuit EXPLANATION Switches use specialized hardware called an application-specific integrated circuit (ASIC), which performs switching functions in hardware rather than using the CPU and software. ASIC allows switches to perform the switching function at wire speed. Caching engines are used to store frequently accessed content for faster access; content is retrieved from the local network instead of the internet. Ethernet bonding is used to create two or more physical connections to the same network by bonding NICs or switch ports together; Ethernet bonding provides increased performance and some fault tolerance. A traffic shaper (also called a bandwidth shaper) is a device that is capable of modifying the flow of data through a network in response to network traffic conditions.

Consider the network diagram shown below. Click on the item in the diagram that does not follow a standardized labeling scheme.

By reviewing this diagram, you can see that the following labeling convention is used: Workstations = WSxx Notebooks = NBxx Servers = FSxx Switches = SWxx Routers = RTRxx The workstation labeled PC2 does not conform to this labeling standard.

Which of the following statements about DSCP are true? (Select two.)

Classification occurs at Layer 3. The DiffServ field is used to add precedence values. EXPLANATION The Differentiated Services Code Point (DSCP) classification system has the following characteristics: Classification occurs at Layer 3. Precedence values are inserted in the DiffServ field of an IP packet. Up to 64 different classifications are possible, but most networks use only the following classes: Default - best effort Expedited Forwarding (EF) - low loss, low latency Assured Forwarding (AF) - assured delivery under prescribed conditions Class Selector - maintains backward compatibility with IP Precedence field

Users report that the network is down. As a help desk technician, you investigate and determine that a specific router is configured so that a routing loop exists. What should you do next?

Determine if escalation is needed.

Which of the following functions can a port scanner provide?

Determining which ports are open on a network.

Match the class of service (COS) priority on the left with its corresponding value on the right.

EXPLANATION Class of service (COS) marks individual frames with a priority value between 0 and 7: 0 - Background 1 - Best effort 2 - Excellent effort 3 - Critical applications 4 - Video (< 100ms latency) 5 - Voice (< 10ms latency) 6 - Internetwork control 7 - Network control

Which of the following are improvements to SNMP that are included within SNMP version 3? (Select two.)

Encryption of SNMP messages Authentication for agents and managers EXPLANATION SNMP v3 adds the following improvements for security: Authentication for agents and managers Encryption of SNMP information Message integrity to ensure that data is not altered in transit

Which of the following are reasons to use a protocol analyzer? (Select two.)

Find devices that might be using legacy protocols, such as IPX/SPX or NetBIOS. Identify users that are connecting to unauthorized websites. EXPLANATION A protocol analyzer is a device that copies frames and allows you to view frame contents. Use a protocol analyzer to: Find devices that might be using restricted protocols (such as ICMP) or legacy protocols (such as IPX/SPX or NetBIOS). Identify frames that might cause errors. Examine the data contained within a packet (for example, to identify users that are connecting to unauthorized websites). Troubleshoot communication problems or investigate the source of heavy network traffic. Use a throughput tester to measure the amount of data that can be transmitted on a network, which can help you identify when a network is slow. A load tester can be used to simulate a large number of client connections to a website.

A user is unable to connect to the network. You investigate the problem and determine that the network adapter is defective. You replace the network adapter and verify that it works. What should you do next?

Identify the results and effects of the solution.

Which of the following activities are considered passive in regards to the function of an intrusion detection system? (Select two.)

Listening to network traffic Monitoring the audit trails on a server EXPLANATION Passive IDS is a form of IDS that takes no noticeable action on the network. Passive IDS systems are undetectable to intruders. Passive IDS systems can monitor audit trails or listen to network traffic in real time. Active IDS functions are those that interact with the network and generate detectable events. Such events can include disconnecting ports or transmitting FIN or RES packets to attackers.

Which of the following devices accepts incoming client requests and distributes those requests to specific servers?

Load balancer

You have a website that customers use to view product information and place orders. You would like to identify the maximum number of simultaneous sessions that this server can maintain before performance is negatively impacted. Which tool should you use?

Load tester EXPLANATION A load tester simulates a load on a server or service. For example, the load tester might simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email. Use a load tester to make sure that a system has sufficient capacity for expected loads, and even to estimate a failure point where the load is more than the system can handle. A throughput tester measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from disk in a specific period of time). A packet sniffer is special software that captures (records) frames that are transmitted on the network. A baseline is a snapshot of past performance statistics of the network or devices. A system log identifies events or actions performed on a device.

You are in the process of implementing a network access protection (NAP) infrastructure to increase your network's security. You are currently configuring the remediation network that non-compliant clients will connect to in order to become compliant. The remediation network needs to be isolated from the secure network. Which technology should you implement to accomplish this task?

Network segmentation EXPLANATION Implementing network segmentation would isolate the remediation server from the rest of the network while still allowing the remediation server to contact the NAP infrastructure. Virtual private networking (VPN) is used to create a secure connection between two hosts or two sites over an unsecured network. Encrypting data transmissions using PKI would only protect transmitted data, not isolate the remediation network. Port security is used to identify allowed and denied devices that connect to a switch port and would not isolate the remediation network.

Your 24U rack currently houses two 4U server systems. To prevent overheating, you've installed a rack-mounted environment monitoring device within the rack. Currently, the device shows that the temperature within the rack is 70 degrees Fahrenheit (21 degrees Celsius). What should you do?

Nothing. The temperature within the rack is within acceptable limits.

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation, not other devices. Which feature should you configure?

Promiscuous mode EXPLANATION By default, a NIC only accepts frames addressed to itself. To enable the packet sniffer to capture frames sent to other devices, configure the NIC in promiscuous mode (sometimes called p-mode). In p-mode, the NIC processes every frame it sees. When devices are connected to a switch, the switch will only forward frames to the destination port. To see frames addressed to any device on any port, use port mirroring. In this scenario, the workstation and the router are connected with a hub, so the hub already sends all packets for all devices to all ports. Bonding logically groups two or more network adapters to be used at the same time for a single logical network connection. Spanning tree runs on a switch and ensures that there is only one active path between switches, allowing redundant paths.

Which of the following protocols or services would you associate with Window's Remote Desktop Services network traffic?

RDP EXPLANATION The Remote Desktop Protocol (RDP) is used by Window's Remote Desktop Services applications, including Remote Desktop Connection. WTSP is not a recognized protocol used on networks. The network news transport protocol (NNTP) is used to access newsgroups and download messages. It is not associated with Windows Terminal Services. Wi-Fi Protected Access (WPA) is a security mechanism designed to provide protection on wireless networks. It is not associated with Windows Terminal Services.

You are in the middle of a big project at work. All of your work files are on a server at the office. You want to be able to access the server desktop, open and edit files, save the files on the server, and print files to a printer connected to a computer at home. Which protocol should you use?

RDP EXPLANATION To access the desktop of a remote computer or server, use a remote desktop protocol. RDP is Microsoft's remote desktop protocol, but other protocols include VNC and ICA. With the remote desktop solution, you can access the device's desktop and work with applications and files on that device. Device redirection allows you to redirect sound, drives, or printing at the remote computer to your local computer. Telnet and SSH are command-line utilities used for remote management. FTP and TFTP are used for file transfer. While you might use either protocol to transfer files, they do not give you access to the remote computer's desktop.

You have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do?

Run the packet sniffer application on Host B.

Because of an unexplained slowdown on your network, you decide to install monitoring software on several key network hosts to locate the problem. You will then collect and analyze the data from a central network host. Which protocol will the software use to detect the problem?

SNMP EXPLANATION SNMP (Simple Network Management Protocol) is used to track network statistics. SNMP operates over UDP and IP. However, by themselves, those protocols do not provide network monitoring support.

Which protocol uses traps to send notifications from network devices?

SNMP EXPLANATION The Simple Network Management Protocol (SNMP) lets network hosts exchange configuration and status information. This information can be gathered by management software and used to monitor and manage the network. A trap is an event configured on an agent. When the event occurs, the agent logs details regarding the event. SMTP and IMAP4 are used for sending email. ICMP is an echo/response protocol that is used for exchanging simple requests between devices, but ICMP does not use traps. IGMP is used to send packets to hosts that are a member of a group.

Which of the following mobile device security consideration disables the ability to use the device after a short period of inactivity?

Screen lock

You are considering using Wi-Fi triangulation to track the location of wireless devices within your organization. However, you have read on the internet that this type of tracking can produce inaccurate results. What is the most important consideration for getting reliable results when implementing this type of system?

Signal strength

When troubleshooting network issues, it's important to carry out tasks in a specific order. Drag the trouble shooting task on the left to the correct step on the right.

Step 1 Identify the problem. Step 2 Establish a theory of probable cause. Step 3 Test the theory to determine the cause. Step 4 Establish a plan of action. Step 5 Implement the solution or escalate. Step 6 Verify full system functionality. Step 7 Document findings, actions, and outcomes.

Your organization's security policy specifies that, regardless of ownership, any mobile device that connects to your internal network must have remote wipe enabled. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. Which of the following should you implement to ensure organizational data can be remote wiped while preserving personal data?

Storage segmentation EXPLANATION Storage segmentation for mobile devices lets you segment the personal data from the organization's data. Storage segmentation also allows: Encryption to be applied only to sensitive organizational data on the device. Only organizational data to be removed during a remote wipe, preserving personal data. Asset tracking and inventory control only track devices owned by the organization. Lockout or screen lock only protect the device access and do not have remote wipe capability. Reporting systems provide a way to disable the device, but not remote wipe only organization data.

You have been struggling to keep the temperature in your server room under control. To address this issue, you have decided to reconfigure the room to create hot and cold aisles. Which of the following are true concerning this configuration? (Select two.)

The rear of your servers should face the hot aisle. The front of your servers should face the cold aisle. EXPLANATION The use of hot and cold aisles within the server room is an effective method for reducing the temperature. The front of your servers should face the cold aisle. This allows them to draw in cooler air to reduce the temperature of system components. The rear of your servers should face the hot aisle. This ensures the hot air is directed away from other server systems. The hot aisle should face the air conditioner's return duct. This allows the heated air to be cooled by the AC system. The cold aisle should face the air conditioner's output ducts. This ensures cool air is drawn into servers to cool their components.

You have a WAN link that connects two sites. The WAN link is supposed to provide 1.5 Mbps of bandwidth. You want to perform a test to see the actual bandwidth of the link. Which tool should you use?

Throughput tester

An active IDS system often performs which of the following actions? (Select two.)

Update filters to block suspect traffic. Perform reverse lookups to identify an intruder. EXPLANATION An active IDS performs behaviors that can be seen by anyone watching the network. Usually, these actions are necessary to block malicious activities or discover the identity of an intruder. Updating filters and performing reverse lookups are common behaviors for an active IDS. No form of IDS requires users to perform a second logon based on questionable activities. There are some authentication systems, such as CHAP, that periodically re-authenticate, but this is done at random time intervals, and the action is not visible to the user. A solution that serves to trap and delay the intruder until the authorities arrive describes a man trap (a physical security mechanism). However, this definition could be stretched to include honey pots and padded cells (logical or technical security mechanisms often used in conjunction with an IDS).

You manage a server at work that has just been configured with a new application. Consequently, the server has crashed several times during the last week. You think you have resolved the problem, but you would like to be able to manage the server remotely just in case more issues occur. Which of the following protocols would you use for remote management? (Select two.)

VNC ICA EXPLANATION Use a remote desktop protocol to remotely manage devices. The remote desktop protocol allows you to interact with the computer's desktop without being present at the console. There are multiple protocols that you can use for remote desktop connections. Virtual Network Computing (VNC) was originally developed for UNIX. Applications using VNC include RealVNC, TightVNC, UltraVNC, and Vine Server. Independent Computing Architecture (ICA) is the protocol used by Citrix products (WinFrame and MetaFrame/XenApp). The Remote Desktop Protocol (RDP) is the protocol developed by Microsoft and used in Microsoft's Terminal Services, Remote Desktop, and Remote Assistance solutions. Aqua Connect has licensed RDP and created a version for Mac OS X as a server. PPP and PPPoE are protocols that are used to control remote access. Both allow the authentication, authorization, and accounting of remote access connections. PPTP and L2TP are VPN protocols that provide a secure connection to a destination host or network through the internet .

Consider the following log message generated on a router: *Aug 8 11:18:12.081: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down What facility generated this message?

%LINEPROTO EXPLANATION The default log message format is as follows: *Aug 8 11:18:12.081: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down The components that comprise the log message include the following: Component Description Timestamp Indicates when the message was generated. In this example: *Aug 8 11:18:12.081: Facility Identifies the facility that created the message. In this example: %LINEPROTO Severity Level Indicates the severity level of the message. In this example: -5- Mnemonic Provides a mnemonic to help the administrator quickly identify the nature of the message. In this example: UPDOWN: Message Text Provides a description of the event. In this example: Line protocol on Interface FastEthernet0/0, changed state to down

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60%, and the temperature is 80 degrees. What should you do to help reduce problems?

Add a separate A/C unit in the server room. EXPLANATION Keep the server room temperature between 70 and 74 degrees to prevent components from overheating. In many cases, the server room is the hottest location in your building because of the heat generated by the computer components. In most cases, you need a separate A/C unit in the server room so that you can maintain its temperature without adversely affecting the rest of the building. Keep humidity between 40 and 60 percent to prevent electrostatic discharge (ESD). Line conditioners (also known as power conditioners) are used to improve the quality of the power by performing one or more of the following: Removing noise caused by EMI and RFI. Providing small amounts of additional power to defend against power dips or sags. Preventing damage from spikes and surges.

You are concerned about protecting your network from network-based attacks from the internet. Specifically, you are concerned about zero day attacks (attacks that have not yet been identified or that do not have prescribed protections). Which type of device should you use

Anomaly-based IDS EXPLANATION An anomaly-based intrusion detection system (IDS) can recognize and respond to some unknown attacks. Signature recognition, also referred to as pattern matching or dictionary recognition, looks for patterns in network traffic and compares them to known attack patterns called signatures. Signature-based recognition cannot detect unknown attacks; they can only detect attacks identified by published signature files.

What does a tarpit specifically do to detect and prevent intrusion into your network?

Answers connection requests in such a way that the attacking computer is stuck for a period of time. EXPLANATION A tarpit (also called a sticky honeypot) is a honeypot that answers connection requests in such a way that the attacking computer is stuck for a period of time.

You have installed a new application on a network device. During testing, it appears as if the software is causing other services running on the device to stop responding. Which tool should you consult to identify the problem?

Application log EXPLANATION Logs contain a record of events that have happened on a system. Logging capabilities are built into operating systems, services, and applications. Log entries are generated in response to configuration changes, changes in system state, or network condition variations.

Your organization uses a time-keeping application that only runs on Windows 2000 and does not run on newer OS versions. Because of this, there are several Windows 2000 workstations on your network. Last week you noticed unusual activity on your network coming from the Windows 2000 workstations. After further examination, you discover that the Windows 2000 workstations were the victim of a malicious attack and were being used to infiltrate the network. You find out that the attackers were able to gain access to the workstations because of the legacy operating system being used. The organization still needs to use the Windows 2000 workstations, which need to be connected to the internet, but you want to make sure the network is protected from future events. Which solution should you implement to protect the network while also allowing operations to continue as normal?

Configure VLAN membership so that the Windows 2000 workstations are on their own VLAN. EXPLANATION The best solution is to place the Windows 2000 workstations in their own VLAN. If you use VLAN network segmentation, the workstations will still have access to the internet, but network access can be heavily restricted. This greatly reduces the damage a workstation can cause if it were to become compromised again. Legacy operating systems, such as Windows 2000, are easy targets for attackers. This is because legacy operating systems use outdated protocols and have known exploits. Installing an anti-virus or host-based firewall would do very little to protect the entire network. In addition, legacy operating system are no longer supported with updates or patches, so enabling automatic updates would offer no benefit. Creating a dedicated network for the workstations would affect normal operations and also increase network management load.

Which of the following enterprise wireless configuration strategies best keeps public wireless access separate from private wireless access?

Configure a guest access WLAN that uses open authentication and isolates guest WLAN traffic from other clients on the same access point. EXPLANATION Configuring a guest access WLAN that uses open authentication and isolates guest WLAN traffic from other clients on the same access point is the best solution. Using MAC address filtering would be very difficult to manage, especially if dozens of devices need to be connected. In addition, MAC filtering can be easily bypassed using MAC spoofing techniques. Deploying independent APs would require manual configuration and management of each device. Devices could also have issues when roaming between APs. Using two different shared keys only provides separate authentication and does not properly separate the two networks.

You manage the website for your company. The website uses a cluster of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage and a single connection to your ISP. You want to provide redundancy so that a failure in a single component does not cause the website to become unavailable. What should you add to your configuration to accomplish this?

Connect one server to the internet through a different ISP . EXPLANATION In this scenario, the ISP is the single point of failure. If the ISP connection goes down, then the website is unavailable. Connecting one server to a different ISP or both servers to two ISPs provides redundancy for the connection. Adding multiple network connections to the shared storage or the same ISP is unnecessary because if the single network connection on one server fails, the other server will still be available. Reconfiguring the storage as a RAID 1+0 allows multiple disk failures, but RAID 1 can sustain a failure in a single disk.

You have a website that uses multiple servers for different types of transactions. For example, one server is responsible for static web content, while another is responsible for secure transactions. You would like to implement a device to speed up access to your web content. The device should be able to distribute requests between the various web servers using specialized hardware, and not just a software configuration. In addition, SSL sessions should use the hardware components in the device to create the SSL sessions. Which type of device should you choose?

Content switch EXPLANATION Use a content switch to perform these functions. Switches use specialized hardware modules to perform common tasks. For example, you can have a switch with a special hardware module that is used for SSL connections. Using the hardware module in a specialized switch is faster than using the CPU or software in another device. A bandwidth shaper (also called a traffic shaper) is a device that is capable of modifying the flow of data through a network in response to network traffic conditions. A proxy server is a server that sits between a client and a destination device and can be configured to filter requests based on URL. However, a proxy server uses software, not hardware to perform these tasks. A circuit-level gateway uses the session information to make filtering decisions for allowed or denied traffic.

A new assistant network administrator was recently hired by your organization to relieve some of your workload. You assigned the assistant network administrator to replace a defective patch cable that connected port 1 on your patch panel to one of your network switches. You noticed that it took him an unusually long time to complete this task. Once done, users almost immediately began to report that the network had gone down. Upon entering the server room, you see that the assistant administrator has configured your network rack as shown in the Exhibit. What should you do? (Choose two. Each response is a complete solution.)

Enable STP on each switch. Remove the patch cable connecting the first switch to the third switch. EXPLANATION The assistant administrator in the scenario appears to have connected the switches together in a way that creates a bridge loop (sometimes called a switching loop). Notice the following: Switch1 is connected to Switch2 and Switch3 Switch2 is connected to Switch1 and Switch3 Switch3 is connected to Switch1 and Switch2 A bridge loop occurs when there are multiple Layer 2 paths between two network hosts. This usually results in a broadcast storm as the switches repeatedly rebroadcast all broadcast messages, flooding the network. To fix this issue, you can do one of the following: Remove the patch cable connecting the first switch to the third switch. This will break the switching loop and stop the broadcast storm. Enable STP on each switch. STP ensures there is only one active path between switches. Switch ports that are part of that path are placed in a forwarding state. Switch ports that are part of redundant but unused paths are placed in a blocking (non-forwarding) state. When an active path goes down, the STP automatically recovers and activates the backup ports necessary to provide continued connectivity. Consolidating all patch cable from the patch panel to a single switch will not break the bridge loop, nor would enabling port security on each switch port. It is not necessary to replace the patch cables connecting the switches together with cross-over cables, as most switches have Auto-MDIX enabled by default.

Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take? (Select two. Each response is a separate solution.)

Enable device encryption. Implement storage segmentation. EXPLANATION When deploying new mobile devices, there are many things you should do to increase their overall security, including the following: Enable device encryption. Data encryption ensures data confidentiality on the device. Segment personal data from organizational data on mobile devices. This storage strategy allows encryption to be applied only to sensitive organizational data on the device. It also allows only organizational data to be removed during a remote wipe, preserving personal data.

Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is part of a complete solution.)

Enroll the devices in a mobile device management system. Configure and apply security policy settings in a mobile device management system. EXPLANATION You can implement a mobile device management (MDM) solution that pushes security policies directly to each tablet device over a network connection. This option enables policies to be remotely enforced and updated without any action by the end user. The tablet devices must be enrolled in the MDM system before the policy settings can be applied.

Many of the end users in your organization are bringing their own personal mobile devices to work and are storing sensitive data on them. To prevent the data from being compromised, you create a cloud-based Microsoft Intune account and configure mobile device security policies. You now need to apply those security policies to the end users' mobile devices. What should you do? (Select two. Each response is a part of the complete solution.

Enroll the devices with the Intune service. Download and install the Intune client software on the mobile device. EXPLANATION To manage mobile devices with Windows Intune, you must complete the following: Create a user account for each user who has a managed mobile device. Enroll the devices with the Intune service. The enrollment process will copy down and install the Intune management agent to the device. It is not necessary to reinstall the mobile operation system on each device. Most mobile devices, with the exception of Windows-based notebooks, cannot be joined to a Windows domain; therefore, Group Policy cannot be used to apply security settings.

A web server on your network hosts the public website for your company. You want to make sure that a failure of the NIC in the server does not prevent the website from being accessible on the internet. Which solution should you implement?

Ethernet bonding EXPLANATION Ethernet bonding (also called NIC teaming) logically groups two or more physical connections to the same network. If one NIC fails, the second NIC with a connection to the same network can still be used. Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. A traffic shaper (also called a bandwidth shaper) is a device that is capable of modifying the flow of data through a network in response to network traffic conditions. Quality of Service (QoS) refers to a set of mechanisms that try to guarantee timely delivery or minimal delay of important or time-sensitive communications. QoS is particularly important when implementing Voice over IP (VoIP), Video over IP, or online gaming, where delay or data loss make the overall experience unacceptable.

You manage a firewall that connects your private network to the internet. You would like to see a record of every packet that has been rejected by the firewall in the past month. Which tool should you use?

Event log EXPLANATION Use the event logs to see a record of past events. Logging capabilities are built into operating systems, services, and applications. Log entries are generated in response to configuration changes or actions taken by the system. Depending on the device, there might be multiple logs with different names, so the exact log you consult might vary depending on the device. A packet sniffer is special software that captures (records) frames that are transmitted on the network. A packet sniffer would tell you the frames and packets sent to the device, but would not identify the actions the firewall took in response to those packets. A load tester simulates a load on a server or service. A throughput tester measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from disk in a specific period of time).

You have heard about a Trojan horse program where the compromised system sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log should you monitor?

Firewall EXPLANATION A firewall log identifies traffic that has been allowed or denied through a firewall. You can identify traffic types used by computers on your network by looking at the outgoing ports. For example, you can identify servers that are running a specific service, or you can see computers that are communicating using ports that might indicate malicious software. A system log records operating system, system, and hardware events. A security log records information related to logons, such as incorrect passwords being used, and the use of user rights. An application log records actions performed by an application. For each of these logs, the Trojan horse program will likely be written in a way that little or no logging will be recorded by the program, so examining these logs will not give you much information about the program on a system.

As a security precaution, you have implemented IPsec between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?

Host-based IDS EXPLANATION A host-based IDS is installed on a single host and monitors all traffic coming in to the host. A host-based IDS can analyze encrypted traffic because the host operating system decrypts that traffic as it is received. A network-based IDS is a dedicated device installed on the network. It analyzes all traffic on the network. It cannot analyze encrypted traffic because the packet contents are encrypted so that only the recipient can read the packet contents. A protocol analyzer examines packets on the network but cannot look at the contents of encrypted packets. A port scanner probes a device to identify open protocol ports. A VPN concentrator is a device that is used to establish remote access VPN connections.

Drag the broadcast domain property on the left to the appropriate network device(s) on the right. Each property can be used more than once.

Hub Single broadcast domain Unmanaged switch Single broadcast domain 802.11n wireless access point Single broadcast domain Router Multiple broadcast domains Bridge Single broadcast domain Repeater Single broadcast domain Layer 3 switch Multiple broadcast domains EXPLANATION A broadcast domain is a logical division of a network. All network hosts within the same broadcast domain can reach each other using broadcasts at the Data Link layer. All network hosts connected to the following Layer 2 network devices are members of the same broadcast domain: Hubs Unmanaged switches (because they do not support VLANs) 802.11 wireless access points Bridges Repeaters Layer 3 devices are used to define boundaries between broadcast domains, such as a router or a layer 3 switch. A managed switch with VLANs implemented also creates separate broadcast domain for each VLAN.

What security mechanism can be used to detect attacks originating on the internet or from within an internal trusted subnet?

IDS An IDS is a security mechanism that can detect attacks originating on the internet or from within an internal trusted subnet.

You are concerned about attacks directed at your network firewall. You want to be able to identify attacks and be notified of attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack. Which tool should you use?

IPS EXPLANATION Use an intrusion prevention system (IPS) to both detect and respond to attacks. An intrusion detection system (IDS) can detect attacks and send notifications but cannot respond to attacks. Use a port scanner to check for open ports on a system or a firewall. Use a packet sniffer to examine packets on the network.

Which of the following are security devices that perform stateful inspection of packet data, looking for patterns that indicate malicious code? (Select two.)

IPS IDS EXPLANATION An intrusion detection system (IDS) and an intrusion prevention system (IPS) are devices that scan packet contents looking for patterns that match known malicious attacks. Signature files identify the patterns of all known attacks. When a packet matches the pattern indicated in the signature file, the packet can be dropped or an alert can be sent. Firewalls use an access control list (ACL) to filter packets based on the packet header (not data) information. Firewalls can filter packets based on port, protocol, or IP address. A virtual private network (VPN) is an encrypted communication channel established between two entities to exchange data over an unsecured network.

A router periodically goes offline. Once it goes offline, you find that a simple reboot puts the router back online. After doing some research, you find that the most likely cause of the problem is a bug in the router software. A new patch is available from the manufacturer that is supposed to eliminate the problem. What should you do next?

Identify possible effects of the solution.

A user reports that he can't connect to a specific website. You go to the user's computer and reproduce the problem. What should you do next?

Identify the affected areas of the network.

The owner of a hotel has contracted you to implement a wireless network to provide internet access for patrons. The owner has asked that you implement security controls so that only paying patrons are allowed to use the wireless network. She wants them to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, they should then be allowed full access to the internet. If a patron does not provide the correct code, they should not be allowed to access the internet. Under no circumstances should patrons be able to access the internal hotel network where sensitive data is stored. What should you do?

Implement a guest network. EXPLANATION A guest network that is isolated from the hotel's network would be the best choice in this scenario. The guest network could be configured to require wireless network users to abide by certain conditions before they are allowed access to the wireless network using a captive portal. For example, it could require them to: Agree to an acceptable use policy. Provide a PIN or password. Pay for access to the wireless network. View information or advertisements about the organization providing the wireless network (such as an airport or hotel). When a wireless device initially connects to the wireless network, all traffic to or from that device is blocked until the user opens a browser and accesses the captive portal web page. After providing the appropriate code, traffic is unblocked and the host can access the guest network. MAC address filtering and 802.1x authentication would work from a technical standpoint, but would be completely unmanageable in a hotel scenario where guests constantly come and go every day. Using a pre-shared key would require a degree of technical expertise on the part of the hotel guests. It could also become problematic if the key were to be leaked, allowing non-guests to use the wireless network.

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?

Implement version 3 of SNMP. EXPLANATION Simple Network Management Protocol (SNMP) is a protocol designed for managing complex networks. SNMP lets network hosts exchange configuration and status information. The original version of SNMP has several vulnerabilities. For added security, implement version 3 of SNMP. SSH allows secure interactive control of remote systems, but does not provide the same features as SNMP. RADIUS is used to control remote access authentication, authorization, and accounting from a centralized server.

What is the purpose of using Ethernet bonding? (Select two.)

Increases network performance. Provides a failover solution for network adapters. EXPLANATION In a true fault tolerant strategy, all system components must be considered. Ethernet bonding (also called adapter teaming) is a fault tolerant strategy that uses multiple network adapters configured in a failover solution. In the event of a NIC failure, other adapters will automatically provide link redundancy. Multiple adapters can also increase performance by distributing the network load between adapters.

You have decided to perform a double-blind penetration test. Which of the following actions should you perform first?

Inform senior management. EXPLANATION Before starting a penetration test (also called a pen test) it is important to define the rules of engagement (ROE), or the boundaries of the test. Important actions to take include: Obtain a written and signed authorization from the highest possible senior management. Delegate personnel who are experts in the areas being tested. Gain approval from the internet provider to perform the penetration test. Make sure that all tools or programs used in the testing are legal and ethical. Establish the scope and timeline. Identify systems that will not be included in the test. Performing reconnaissance, social engineering, or system scanning are all actions performed during a penetration test. However, no actions should be taken before approval to conduct the test is obtained.

You have been hired by a startup company to install a new data center. The company is small, so they have elected to use an unused employee break room as the data center. You are concerned about the physical security of the servers that will be installed in the data center. What should you do? (Select two.)

Install a biometric lock on the data center door. Install racks with locking doors. EXPLANATION To physically protect the servers within the new data center, you should: Install rack enclosures with locking doors. Install a biometric lock on the data center door. By doing this, you implement a defense in depth strategy. Even if an intruder were to defeat the biometric lock on the data center door, they would still have to defeat the lock on the rack enclosure. Two-post racks typically do not provide security features such as locks or alarms. Installing a humidifier in the data center would have no impact on the physical security of the systems within it.

Your company leases a very fast internet connection and pays for it based on usage. You have been asked by the company president to reduce internet line lease costs. You want to reduce the amount of web pages that are downloaded over the leased connection without decreasing performance. What is the best way to do this?

Install a proxy server.

You have purchased a solar backup power device to provide temporary electrical power to critical systems in your data center should the power provided by the electrical utility company go out. The solar panel array captures sunlight, converts it into direct current (DC), and stores it in large batteries. The power supplies in the servers, switches, and routers in your data center require alternating current (AC) to operate. Which electrical device should you implement to convert the DC power stored in the batteries into AC power that can be used in the data center?

Inverter

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure?

Mirroring EXPLANATION A switch will only forward packets to the switch port that holds a destination device. This means that when your packet sniffer is connected to a switch port, it will not see traffic sent to other switch ports. To configure the switch to send all frames to the packet sniffing device, configure port mirroring on the switch. Port mirroring makes it so all frames sent to all other switch ports will be forwarded on the mirrored port. Promiscuous mode configures a network adapter to process every frame it sees, not just the frames addressed to that network adapter. In this scenario, you know that the packet sniffer is running in promiscuous mode because it can already see frames sent to other devices. Bonding logically groups two or more network adapters to be used at the same time for a single logical network connection. Spanning tree runs on a switch and ensures that there is only one active path between switches, allowing redundant paths.

Most mobile device management (MDM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate.

Most accurate GPS More accurate Wi-Fi triangulation Less accurate Cell phone tower triangulation Least accurate IP address resolution EXPLANATION Most mobile device management (MDM) solutions can leverage the following technologies on enrolled mobile devices to track their physical location: The Global Position System (GPS) can track the location of GPS-enabled devices to within a meter. Wi-Fi triangulation can track the location of devices in heavily-populated urban areas to within a few meters, depending on the number of networks in range and the accuracy of their signal strength data. Cell phone tower triangulation can track the location of devices to within a kilometer, depending on the signal strength and number of cell towers within range. IP address resolution is much less accurate than the other options, tracking the location of devices to within roughly 20 kilometers.

Which type of switch optimizes network performance by using ASIC to perform switching at wire speed?

Multilayer switch EXPLANATION A multilayer switch uses specialized hardware called an application-specific integrated circuit (ASIC) to perform switching functions in hardware rather than using the CPU and software. ASIC allows switches to perform the switching function at wire speed. Layer 2 switches use the CPU and software to forward frames. Unmanaged switches are also called Layer 2 switches. A Layer 1 switch is another name for a hub, which does not perform any traffic inspection; received packets are sent out on all ports.

You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for virtualization. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a straight-through UTP cable that will run across the floor of the data center. To protect equipment from power failures, you also plan to install a UPS in the rack along with redundant power supplies for the server. Will this configuration work?

No. You should not run a cable across the floor of the data center. EXPLANATION In this scenario, running a cable across the floor of the data center represents a tripping hazard. It also represents a point of failure, as the cable will be walked on constantly, resulting in it being kicked out of one or both jacks. It will also likely fail prematurely due to the excessive wear. A better option would be to run the through the ceiling plenum. Blade servers work well for virtualization as long as they meet the system requirements for the hypervisor software. In the early days of networking, cross-over cables were required to uplink two hubs or switches together. However, most modern switches implement Auto MDI-X, which detects whether cross-over is required and automatically configures the interface for you, making a crossover cable unnecessary. Rack-mounted power supplies and UPS devices are commonly used in data centers.

You want to know what protocols are being used on your network. You'd like to monitor network traffic and sort traffic based on protocol. Which tool should you use?

Packet sniffer EXPLANATION A packet sniffer is special software that captures (records) frames that are transmitted on the network. Use a packet sniffer to: Identify the types of traffic on a network. View the exchange of packets between communicating devices. For example, you can capture frames related to DNS and view the exact exchange of packets for a specific name resolution request. Analyze packets sent to and from a specific device. View packet contents. Use a port scanner to identify protocol ports that are opened in a firewall or active on a device. A port scanner checks individual systems, while a packet sniffer watches traffic on the network. A throughput tester measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from disk in a specific period of time). An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A passive IDS monitors, logs, and detects security breaches, but takes no action to stop or prevent the attack. An active IDS (also called an intrusion protection system or IPS) performs the functions of an IDS, but can also react when security breaches occur.

You are concerned about attacks directed at the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?

Packet sniffer EXPLANATION A packet sniffer is special software that captures (records) frames that are transmitted on the network. Use a packet sniffer to: View packet contents. Identify the types of traffic on a network. View the exchange of packets between communicating devices. For example, you can capture frames related to DNS and view the exact exchange of packets for a specific name resolution request. Analyze packets sent to and from a specific device. A load tester simulates a load on a server or service. A throughput tester measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from a disk in a specific period of time). System and event logs record what has happened on a device, but do not record individual frames or packets.

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Penetration testing EXPLANATION Penetration testing is the practice of proactively testing systems and policies for vulnerabilities. This approach seeks to identify vulnerabilities internally before a malicious individual can take advantage of them. Common techniques are identical to those used by hackers and include network/target enumeration and port scanning.

You suspect that your web server has been the target of a denial-of-service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine?

Performance EXPLANATION A performance log records information about the use of system resources. For example, the performance log records processor, memory, disk, and network utilization. In addition, the performance log can record information related to the performance of a specific service, such as the number of connections to a web server. You might also find this information in an application log for the service. A security log records information related to logons, such as incorrect passwords being used, and the use of user rights. A system log records operating system, system, and hardware events. A firewall log identifies traffic that has been allowed or denied through a firewall.

Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful for maintaining a secure environment?

Periodic reviews must be conducted to detect malicious activity or policy violations. EXPLANATION Audit logs are useless unless they are periodically reviewed. The frequency will vary based on the criticality of the system being monitored, but the logs must be reviewed on a scheduled basis by a knowledgeable member of the IT/Infosec team.

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?

Port scanner EXPLANATION Use a port scanner to check for open ports on a system or a firewall. Compare the list of opened ports with the list of ports allowed by your network design and security policy. Typically, a port is opened when a service starts or is configured on a device. Open ports for unused services expose the server to attacks directed towards that port. Use a packet sniffer to examine packets on the network. With a packet sniffer, you can identify packets directed towards specific ports, but you won't be able to tell if those ports are open. Examine system logs to look for events that have happened on a system, which might include a service starting, but would not likely reflect open ports. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A passive IDS monitors, logs, and detects security breaches, but takes no action to stop or prevent the attack. An active IDS (also called an intrusion protection system or IPS) performs the functions of an IDS, but can also react when security breaches occur.

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting the availability of the network. Which of the following should you implement?

Positive pressure system EXPLANATION Use positive pressure systems. Positive pressure systems protect the air quality in the facility by causing air to be forced out through doors, windows, and other openings. Negative pressure systems draw air in, potentially bringing in airborne particles such as dust, smoke from a fire, or contamination from a chemical leak. Positive pressure systems are more energy effective. Line conditioners (also known as power conditioners) are used to improve the quality of the power by performing one or more of the following: Removing noise caused by EMI and RFI. Providing small amounts of additional power to protect equipment from power dips or sags. Protecting equipment from spikes and surges. Most UPS systems include line conditioners.

A smart phone was lost at the airport. There is no way to recover the device. Which if the following will ensure data confidentiality on the device?

Remote wipe

Which of the following activities are typically associated with a penetration test? (Select two.)

Running a port scanner Attempting social engineering EXPLANATION Penetration testing is when an organization attempts to circumvent security controls to identify vulnerabilities in their information systems. It simulates an actual attack on the network and is conducted from outside the organization's security perimeter. Penetration testing helps assure the effectiveness of an organization's security policy, security mechanism implementations, and deployed countermeasures. Penetration testing typically uses tools and methods that are available to attackers. Penetration testing might start with attempts at social engineering or other reconnaissance activities followed by more active scans of systems and then actual attempts to access secure systems. A vulnerability scanner checks a system for weaknesses. Vulnerability scanners typically require administrative access to a system and are performed internally to check for weaknesses, but not to test system security. Penetration testers are not typically able to run a vulnerability scanner unless they have been able to gain unauthorized access to a system. A performance baseline is created by an administrator to identify normal network and system performance. Auditing might include interviewing employees to make sure that security policies are being followed.

Consider the following output generated by the show interface fa0/0 command generated on a router: FastEthernet0/0 is up, line protocol is up [...] Auto-duplex, 100Mb/s, 100BaseTX/FX [...] Input queue: 0/75/1771/0 (size/max/drops/flushes); Total output drops: 0 [...] 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15387 packets input, 1736263 bytes, 0 no buffer Received 15241 broadcasts, 0 runts, 0 giants 0 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 watchdog, 0 multicast 0 input packets with dribble condition detected 607 packets output, 6141 bytes, 0 underruns 4 output errors, 10 collisions, 3 interface resets, 0 restarts 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Which of the following statements are true about the fa0/0 interface? (Select three.)

Several collisions have occurred. One cyclic redundancy check error has occurred. The interface is dropping incoming packets. EXPLANATION The show interface command can help you identify problems that have occurred on an interface. Consider the following output generated by the show interface fa0/0 command generated on a router: FastEthernet0/0 is up, line protocol is up [...] Auto-duplex, 100Mb/s, 100BaseTX/FX [...] Input queue: 0/75/1771/0 (size/max/drops/flushes); Total output drops: 0 [...] 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15387 packets input, 1736263 bytes, 0 no buffer Received 15241 broadcasts, 0 runts, 0 giants 0 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 watchdog, 0 multicast 0 input packets with dribble condition detected 607 packets output, 6141 bytes, 0 underruns 4 output errors, 10 collisions, 3 interface resets, 0 restarts 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Based on the output, the following information can be identified: 1771 packets have been dropped. Auto-duplex mode is selected. One CRC error has occurred. Three interface resets have occurred. Zero input errors have occurred, but there have been four output errors. 10 collisions have occurred.

Which of the following is the most common detection method used by an IDS?

Signature EXPLANATION Signature recognition, also referred to as pattern matching, dictionary recognition, or misuse detection (MD-IDS), looks for patterns in network traffic and compares them to known attack patterns called signatures. Signature recognition is the most common IDS recognition type. Anomaly recognition, also referred to as behavior, heuristic, or statistical recognition, monitors traffic to define a standard activity pattern as normal. Clipping levels or thresholds are defined that identify deviations from the norm. When the threshold is reached, an alert is generated or an action is taken.

Which of the following is a standard for sending log messages to a central logging server?

Syslog EXPLANATION Syslog is a protocol that defines how log messages are sent from one device to a logging server on an IP network. The sending device sends a small text message to the syslog receiver (the logging server). The Open Vulnerability and Assessment Language (OVAL) is an international standard for testing, analyzing, and reporting the security vulnerabilities of a system. LC4 (previously called LOphtcrack) is a password cracking tool. Nmap is a network mapping tool that performs ping and port scans.

Match each troubleshooting command on the left with its function on the right. Each utility may be used once, more than once, or not at all.

Tests connectivity between two network hosts by sending IPv4 ICMP Echo Request packets without modifying the TTL parameter. ping Computes lost/sent packet statistics for each hop in the route between two hosts. pathping Used on Linux systems to identify the route between two IPv6 hosts. traceroute6 Used on Windows systems to identify the route between two IPv4 hosts. tracert Tests connectivity between two network hosts by sending IPv6 ICMP Echo Request packets without modifying the TTL parameter. ping -6 EXPLANATION Several commonly used network troubleshooting commands include the following: The pathping command combines the tracert and ping utilities to identify problems at a router or a network link. Unlike tracert or traceroute, pathping can track lost/sent packet statistics for each hop in the route between two hosts. The pathping command is only available on Windows. The ping command sends an IPv4 ICMP echo request/reply packet to a remote host. A response from the remote host indicates that both hosts are correctly configured and a connection exists between them. The ping command is available on Windows and Linux. The ping -6 command sends an IPv6 ICMP echo request/reply packet to a remote host. A response from the remote host indicates that both hosts are correctly configured and a connection exists between them. The ping -6 command is only available on Windows. On Linux, you would use ping6 instead. The tracert command uses ICMP packets to test the path between two IPv4 networks. Responses from each hop on the route are measured three times to provide an accurate representation of how long the packet takes to reach, and be returned by, the destination device. The tracert command is only available on Windows. On Linux, you would use traceroute instead. The traceroute6 command is used on Linux systems to identify the route between two IPv6 hosts.

Which of the following are not reasons to remote wipe a mobile device?

The device is inactive for a period of time. EXPLANATION Device inactivity is not a reason to remotely wipe a mobile device.

You have just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis?

Update the signature files. EXPLANATION Signature recognition, also referred to as pattern matching, dictionary recognition, or misuse detection (MD-IDS), looks for patterns in network traffic and compares them to known attack patterns called signatures. Signature-based recognition cannot detect unknown attacks; they can only detect attacks identified by published signature files. For this reason, it is important to update signature files on a regular basis. Anomaly recognition, also referred to as behavior, heuristic, or statistical recognition, monitors traffic to define a standard activity pattern as normal. Clipping levels or thresholds are defined that identify deviations from the norm. When the threshold is reached, an alert is generated or an action is taken.

You just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card for access. You backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with the username admin and the password admin. You used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? (Select two.)

Use an SSH client to access the router configuration. Change the default administrative user name and password. In this scenario, two key security issues need to be addressed: You should use an SSH client to access the router configuration. Telnet transfers data over the network connection in clear text, exposing sensitive data to sniffing. You should change the default administrative username and password. Default usernames and passwords are readily available from websites on the internet. Encrypted type 7 passwords on a Cisco device are less secure than those protected with MD5. Using HTTP and TFTP to manage the router configuration could expose sensitive information to sniffers, as they transmit data in clear text.

You are the network administrator for a growing business. When you were hired, the organization was small, and only a single switch and router were required to support your users. During this time, you monitored log messages from your router and switch directly from each device's console. The organization has grown considerably in recent months. Now you manage eight individual switches and three routers. It's becoming more and more difficult to monitor these devices and stay on top of issues in a timely manner. What should you do?

Use syslog to implement centralized logging. EXPLANATION In this scenario, a cost-effective option would be to implement centralized logging using syslog. By default, routers and switches send all log messages for all severity levels directly to the console. If a network contains a small number of devices, this default configuration is usually manageable. However, on a growing network, it quickly becomes impractical to visit each device to view log messages. Instead, you can configure your network devices to redirect logging to a syslog server somewhere in the network. By doing this, all log messages from all devices can be consolidated and viewed from a single location. Reducing the number of switches on a growing network is generally not advisable. Using a remote access utility can help alleviate the issue to an extent. However, you still have to manually connect to and monitor each individual system. If the network continues to grow, this option will quickly become unviable. It's not necessary to hire additional administrators in this scenario.

Match each bring your own device (BYOD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all.

Users take pictures of proprietary processes and procedures. Specify where and when mobile devices can be possessed in your acceptable use policy. Devices with a data plan can email stolen data. Specify where and when mobile devices can be possessed in your acceptable use policy. Devices have no PIN or password configured. Enroll devices in a mobile device management system. Anti-malware software is not installed. Implement a network access control (NAC) solution. A device containing sensitive data may be lost. Enroll devices in a mobile device management system.

What is the main difference between vulnerability scanning and penetration testing?

Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. EXPLANATION Penetration testing simulates an actual attack on the network and is conducted from outside the organization's security perimeter. Vulnerability scanning is typically performed internally by users with administrative access to the system. The goal of both vulnerability scanning and penetration testing is to identify the effectiveness of security measures and identify weaknesses that can be fixed. While some penetration testing is performed with no knowledge of the network, penetration testing could be performed by testers with detailed information about the systems. Both vulnerability scanning and penetration testing can use similar tools, although illegal tools should be avoided in both activities.

You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for file storage and a database server. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a cross-over UTP plenum cable that will run through the suspended tile ceiling of the data center. To provide power for the new devices, you had an electrician install several new 20-amp wall outlets near the new rack. Each device in the rack will be plugged directly into one of these new wall outlets. What is wrong with this configuration? (Select two.)

You should implement redundant power supplies for the network devices. You should implement a UPS between the wall outlet and the network devices. EXPLANATION In this scenario, all devices in the new rack will go down if the power from the wall outlet fails for some reason (such as a power outage). To prevent this from happening, a UPS should be implemented between the wall outlets and the network devices. In addition, the power supplies used by computing equipment have finite life spans and fail frequently. Because these are mission-critical devices, you should consider implementing redundant power supplies. Plenum network cabling is specifically designed to run through a suspended tile ceiling. The space between the suspended tile and the physical ceiling is called a ceiling plenum. In the early days of networking, cross-over cables were required to uplink two hubs or switches together. Most modern switches implement Auto MDI-X, which detects whether cross-over is required and automatically configures the interface, allowing you to use either a cross-over or straight-through cable. Using a 20-amp circuit for networking equipment is considered a data center best practice. Connecting too many devices to a standard 15-amp wall circuit can overload it and trip its breaker.

Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack?

Zero knowledge team EXPLANATION A zero knowledge team is the penetration testing team that most closely simulates a real-world hacker attack, as they must perform all of the initial blind reconnaissance. A full knowledge team is least like a real-world hacker, as they already know everything about the environment. A partial knowledge team is closer to a real-world hacker than a full knowledge team, but not as close as a zero knowledge team. There is no standard name of a penetration testing team known as a split knowledge team. Split knowledge refers to a separation of duties concept.

Each of the following are tools used to check the health of a network. Which of these is typically used for managing and sending messages from one computer system to another?

syslog EXPLANATION The syslog standard is used for managing and sending log messages from one computer system to another. It can analyze messages and notify administrators of problems or performance. A packet sniffer is special software that captures (records) frames that are transmitted on the network. A protocol analyzer is a special type of packet sniffer that captures transmitted frames. A load tester simulates a load on a server or service.


Related study sets

Property/Casualty CH.6 EXAM QUESTIONS

View Set

Africa's Climate & Vegetation Reading Notes (Ch. 18.2)

View Set

Starting Out with Python, 2e Chapter 13 (Ch.12)

View Set

Orion Series 65 Quick Quiz 14, 15, 16, & 17

View Set