Network+ certmaster

Data Link Layer

2nd layer of the OSI model. The data link layer is responsible for transferring data between nodes on the same logical segment.

subscriber connector (SC)

A fiber-optic cable connector that snaps and locks into place.

3-Way Handshake (TCP)

Step 1: The client node sends a SYN (Synchronize Sequence Number) data packet over an IP network to a server on the same or an external network. Step 2: When the server receives the SYN packet from the client node, it responds and returns a confirmation receipt - the ACK (Acknowledgement Sequence Number) packet or SYN/ACK packet. This packet includes two sequence numbers. Step 3: The client node receives the SYN/ACK from the server and responds with an ACK packet. Once again, each side must acknowledge the sequence number received by incrementing it by one.

A network administrator is setting up a 192.168.1.0/24 network using variable length subnet masking (VLSM) to support the sales and marketing department. The sales department has 120 computers and the marketing department has 50 computers. Which of the following Internet Protocol (IP) address configurations will provide adequate support for the marketing department? (Select all that apply.) a) 192.168.1.128/26 b) 255.255.255.224 c) 192.168.1.0/25 d) 255.255.255.192

a) 192.168.1.128/26 d) 255.255.255.192 -The 192.168.1.128/26 network provides 62 assignable IP addresses in the range of 192.168.1.129 - 192.168.1.190. This is enough addresses to support the 50 computers of the marketing department. #NOTE: don't forget and out of 64 IP addresses, 1 is for network ID and 1 is for broadcast IP. So, 62 are assignable.

What considerations should a company make when selecting and training employees with authentication factors with biometric recognition? (Select all that apply.) a) Users find that biometric recognition invades privacy. b) Biometric recognition technology can be discriminatory. c) Setup and maintenance costs for biometric recognition are high. d) Biometric recognition is not susceptible to spoofing methods

a) Users find that biometric recognition invades privacy. b) Biometric recognition technology can be discriminatory. c) Setup and maintenance costs for biometric recognition are high.

A wireless access point is available on the floor for wireless users in the area. User 1 wants to send a file to user 2 using their laptop's wireless adapters. Which of the following is the most secure way of sending files to one another using their current wireless adapters? a) Using an ad hoc connection b) Using a wireless mesh network c) Using an infrastructure connection d) Using a bus network connection

a) Using an ad hoc connection -In an ad hoc topology, the wireless adapter allows connections to and from other devices. This makes it possible for two laptops to connect directly with each other wirelessly. This is also referred to as an Independent Basic Service Set (IBSS).

Identify which type of attack a rogue access point (AP) CANNOT be coupled with when an attacker sends spoofed frames to disconnect a client from the AP. (Select all that apply.) a) VLAN hopping b) On-path c) De-authentication d) Brute force

a) VLAN hopping b) On-path d) Brute force -Brute force is password attack. -An on-path attack is a form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently. -A rogue AP can be combined with de-authentication attack. This sends a stream of spoofed death frame to cause a client to de-authenticate from an AP.

An IT technician needs to set up multiple outdoor antennas at a large farm to boost radio communication for its farmers. Which of the following antennas should the technician install that would require the least amount of maintenance throughout its lifecycle? a) Yagi antenna b) Parabolic grid antenna c) Torus antenna d) Static dish antenna

a) Yagi antenna -A Yagi (a bar with fins) antenna is a valuable unidirectional signal for point-to-point wireless bridge connections. This is common for outdoor use and can boost radio signals across long distances.

A company implements a new Voice over Internet Protocol (VoIP) phone system with networked VoIP endpoints at some office desks as a pilot program. The other employees will still be working with analog phone services. How would a network administrator connect this new VoIP system with the existing analog phone system? a) Cable modem b) Voice gateway c) Legacy PBX d) VoIP PBX

b) Voice gateway -A voice gateway is a means of translating between a VoIP system and legacy voice equipment and networks. This gateway can include an integrated VoIP PBX feature as well. -A VoIP PBX by itself provides digital switching of the VoIP system that includes its VoIP endpoints. The VoIP PBX must connect to a voice or VoIP gateway to connect back to the external voice provider, especially an analog service. -A legacy Private Branch Exchange (PBX) system is based on the traditional telephone network and provides switch services for analog voice.

Which security concept is based on the idea that perimeter security is unlikely to be completely robust? a) Separation of duties b) Zero trust c) Role-based access d) Least privilege

b) Zero trust -Zero trust is based on the idea that perimeter security is unlikely to be completely robust. It uses continuous authentication and conditional access to mitigate privilege escalation and account compromise.

A server technician is shopping for new storage for data on the business network. The storage requirement has risen over the last year, and the servers currently have limited space. What is an option for the technician to purchase to increase the available storage on the local network? a) SDWAN b) Client-server c) SAN d) VLAN

c) SAN -A storage area network (SAN) provisions access to storage devices at the block level. A SAN is isolated from the main network. It is only accessed by servers, not by client PCs and laptops.

Explain how the Simple Authentication and Security Layer (SASL) provides binding in Lightweight Directory Access Protocol Secure (LDAPS). a) The client supplies the Domain Name (DN) and password. b) The directory grants anonymous access. c) The client and server negotiate the use of a supported security mechanism. d) The server authenticates to the client and configures a secure channel for communications.

c) The client and server negotiate the use of a supported security mechanism. -Authentication, referred to as binding to the server, can be implemented in several ways to Lightweight Directory Access Protocol Secure (LDAPS). The Simple Authentication and Security Layer (SASL) completes binding by the client and server negotiating the use of a supported security mechanism. NOTE: if no authentication is used, anonymous access is granted to the directory. Also, need to understand that secure SSL/TLS can be used for this authentication process.

Which of the following is also referred to as a router implementation? a) Transport mode b) Full tunnel c) Tunnel mode d) Transport layer security (TLS)

c) Tunnel mode -Tunnel mode is used for communication between VPN gateways across an unsecure network. With ESP, the whole IP packet is encrypted and encapsulated as a datagram with a new IP header. AH has no real use in tunnel mode.

An organization considers moving some internal services to the cloud. Which of the following descriptions relates to a hybrid cloud infrastructure? a) Multi-tenant use b) Third-party secure c) Utilization benefits d) Shared costs

c) Utilization benefits -A hybrid cloud solution uses a mix of multiple cloud delivery models. One approach is to only utilize cloud services when it forecasts that private services will experience an increase in activity.

What will cause a switch to act like a hub and transmit a frame out of all ports, except the source port? a) When capturing and analyzing network traffic occurs b) When the bridges in a network organize themselves into a hierarchy c) When frames begin to circulate the network perpetually d) When the MAC address table cannot find the MAC address

d) When the MAC address table cannot find the MAC address -If the system cannot find a MAC address in the MAC address table, then the switch acts like a hub and transmits the frame out of all of the ports, except for the source port.

A manager wants to upgrade the wireless g network that provides Internet access to other mobile devices. If the manager wants to spend the least amount of money but increase wireless network speeds to the next level, which wireless technology should the next wireless router support? a) 5G network b) Wireless ac c) Wi-Fi 6 d) Wi-Fi 4

d) Wi-Fi 4 -Wi-Fi 4 (802.11n) provides 72 Mbps per stream rates. This is the next available version of the 802.11 standards after wireless g that can increase that manager's network bandwidth without being too expensive. NOTE: The 5G network is a cellular technology that produces real-world speeds between 50 Mbps to 300 Mbps.

A wireless laptop at an organization is not able to access any internal network resources, but can browse the Internet. An IT support specialist finds the cause of the problem after examining the laptop. Based on the functionality, what does the specialist most likely conclude the cause to be? a) Wrong passphrase b) Security type mismatch c) Incorrect antenna type d) Wrong service set identifier (SSID)

d) Wrong service set identifier (SSID) -A Service Set Identifier (SSID) identifies a network. Connecting to an incorrect network is common when a location has multiple networks with varying access to resources (such as found with a guest network versus a private network). -A variety of security types can be used in a wireless network. A mismatch will cause a connection to fail. In this case the connection does not fail but internal resources cannot be accessed.

Which command in MS Windows displays a table consisting of IP addresses and their resolved physical addresses? a) netstat -n b) nslookup c) arp -e d) arp -a

d) arp -a -To display the ARP table in this system, enter "arp -a." This command will also show the ARP table in the Windows command prompt. ARP Command is a TCP/IP utility used for viewing and modifying the local Address Resolution Protocol (ARP) cache. ARP cache contains recently resolved MAC addresses of IP hosts on the network. #arp -e is not a valid command & will not display any results....LOL!!!

Question the users vs. Question the obvious

1) Question the users : Identify the problem (Step 1) 2) Question the obvious : Establish the theory of probable cause (Step 2)

Ultra Physical Contact (UPC) Connector

Fiber-optic connector that makes physical contact between to two fiber-optic cables. The fibers within a UPC are polished extensively for a superior finish and better junction integrity. -The UPC fiber connector defines that the cable and connector are polished to the highest standard (a higher standard than with PC).

Angled Physical Contact (APC)

Fiber-optic connector that makes physical contact between two fiber-optic cables. It specifies an 8-degree angle to the curved end, lowering signal loss. APC connectors have less connection degradation from multiple insertions compared to other connectors. -These connectors are usually deployed when the fiber is being used to carry analog signaling, as in cable access TV (CATV) networks.

In the situation where default gateway is configured incorrectly, what happens to the PC?

If the PC is configured with an incorrect default gateway, the PC will attempt to forward to what is configured and arp for the address that is configured.

Session layer

The fifth layer in the OSI model. This layer establishes and maintains communication between two nodes on the network. It can be considered the "traffic cop" for network communications. -The session layer represents functions that administer the process of establishing a dialog, managing data transfer, and then ending (or tearing down) the session. -Most application protocols require the exchange of multiple messages between the client and server. This exchange of such a sequence of messages is called a session, thus, the Session layer. Sessions can work in three modes: simplex, half-duplex, or duplex.

Network layer

The network layer is responsible for moving data around a network of networks, known as an internetwork or the Internet. 3rd layer of the OSI model.

The company issued a used company phone to a new employee. The phone is an older model that will not accept a subscriber identity module (SIM) card. This phone most likely supports which type of cellular technology? (Select all that apply.) a) 3G b) LTE c) GSM d) CDMA

a) 3G d) CDMA -3G is based on CDMA2000/Evolution-Data Optimized (EV-DO)

Which cellular technology provides an estimated real-world download of up to 300 Megabits per second (Mbps)? a) 5G b) 3G c) 4G d) 2G

a) 5G -5G real-world speeds range from about 50 Mbps to 300 Mbps currently. 5G uses different spectrum bands from low (sub-6 GHz) to medium/high (20-60 GHz). -4G or LTE (Long Term Evolution) speed ==> 150 Mbps. Real world speed is 20 Mbps. -3G speed ==> 3.1 Mbps downlink and 1.8 Mbps uplink (CDMA2000/EV-DO) -2G speed ==> 14.4 kbps (GSM-based phones can only use SIM card if they're unlocked!!!!!!!!)GSM uses TDMA.

All telnet operations are sent as: a) 8 bits b) 16 bits c) 32 bits d) 4 bits

a) 8 bits -Telnet provides a bi-directional, 8-bit byte-oriented communications facility through which operations are sent as 8-bit bytes for the server to interpret. Telnet commonly provides remote access to a variety of communications systems. Telnet is often used for remote maintenance of network communications devices.

A manager wants to deploy a wireless network in the Internet cafe; that will support wireless gamers. The access point must support the fastest data rates and be able to provide the most bandwidth possible for all connected users. Which wireless feature and mode would be most appropriate for this access points (APs) used in this cafe? (Select all that apply.) a) 802.11ac b) 802.11n c) MIMO d) MU-MIMO

a) 802.11ac d) MU-MIMO -802.11ac is the only wireless standard that supports MU-MIMO. It also works in the 5.0 Ghz frequency band and supports higher data rates than 802.11n. -The 802.11n standard supports MIMO, but not MU-MIMO.

An officer floor is requesting a new wireless network. Users are requesting faster data rates. Network administrators want to use wireless technology with the most individual channels to choose from and to worry less about wireless interference from other wireless technologies. Which of the following will the office most likely use? (Select all that apply.) a) 802.11n b) 5.0 Ghz c) 802.11g d) 2.4 Ghz

a) 802.11n b) 5.0 Ghz -The 802.11n wireless standard provides more bandwidth than previous standards. Its data rates are 288.8 Mbps for a single channel and 600 Mbps for bonded channels. -The 5 Ghz frequency band supports more individual channels than the 2.4 Ghz band. It also suffers less from congestion and interference, meaning it supports higher data rates.

What authentication methods should be implemented in order to ensure only an authorized collection of users are connecting securely to a network? (Select all that apply.) a) A Pre-shared key (PSK) b) A public open access point (AP) c) Group authentication d) Media Access Control (MAC) filtering.

a) A Pre-shared key (PSK) c) Group authentication d) Media Access Control (MAC) filtering.

What is the difference between an exploit and a vulnerability? a) A vulnerability is a security weakness; an exploit is a means of utilizing a vulnerability. b) A vulnerability is the potential for someone to breach security; an exploit is an external attacker. c) A vulnerability is the potential for someone to breach security; an exploit is the likelihood of a threat exercising a vulnerability. d) A vulnerability is a security weakness; an exploit is the internal threat of the company.

a) A vulnerability is a security weakness; an exploit is a means of utilizing a vulnerability. -A vulnerability is a weakness triggered or exploited to cause a security breach; an exploit is a means of using a vulnerability to gain control or damage a system. #Understanding threat & risk: The potential to exercise a vulnerability to breach security, is known as threat. The likelihood and impact of a threat actor exercising a vulnerability is known as risk. NOTE: an external attacker doesn't have permissions to systems to exploit. It's the internal attack when it comes to exploitation of systems!!!!!

A network technician is setting up a new office space by plugging in computers, printers, and telephones to workgroup switches via structured cabling and ports on the wall. What tier of the network hierarchy is the network technician plugging these devices? a) Access/edge b) Management plane c) Backbone d) Control layer

a) Access/edge -The access/edge layer allows end-user devices to connect to the network using cabling and wall ports for wired access and access points for wireless access. -User/end devices do not plug directly into the backbone, control layer and management plane.

Which of the following best describes an attack used for pharming, denial of service (DoS), traffic interception, and corrupting clients' caches? (Select all that apply.) a) Address Resolution Protocol (ARP) b) Domain Name System (DNS) c) War driving d) Ransomware

a) Address Resolution Protocol (ARP) b) Domain Name System (DNS) -DNS poisoning compromises name resolution. It can redirect users to fraudulent sites (pharming), involve DoS attacks by directing traffic to an invalid IP, intercept and modify traffic, or pollute the client's name cache. -ARP poisoning is where an attacker redirects an IP address to the MAC address of a computer that is not the intended recipient, and can be used to perform DoS, spoofing, and man-in-the-middle (MitM) attacks. -War driving is a practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them (if they are open/unsecured) or trying to break into them (using WEP and WPA cracking tools). Previous Next

Following a security breach at a company from unauthorized personnel, physical site security policies need to be reviewed to mitigate repeated similar threats from occurring. Which of the following options can be implemented as a preventive measure to control users’ physical access to specific authorized access zones? (Select all that apply.) a) An ID badge b) A lock mechanism c) A surveillance camera d) A closed circuit television

a) An ID badge b) A lock mechanism -Need to focus on the prevention part here, that's why surveillance camera is not the right answer. Surveillance is security designed to improve the resilience of perimeter gateways.

A network engineer reset a switch back to factory settings and is trying to set up the device again. However, the engineer does not remember what settings need configuring. What kind of configuration did the engineer NOT reset? a) Baseline b) Assessment c) Change management d) Audit

a) Baseline -A baseline is a snapshot of a known good configuration and how a device operates at that known good configuration.

Mobile users in an organization complain about limited functionality in a company's headquarters. The IT staff decide to extend mobile access capabilities by widening the current wireless network. When evaluating the expansion configuration, a wireless access point media access control (MAC) address relates to which option? a) Basic Service Set Identifier (BSSID) b) Base station c) Extended Service Set (ESS) d) Basic Service Set (BSS)

a) Basic Service Set Identifier (BSSID) -The MAC address of a WAP is used as the BSSID. -Ad hoc is considered as IBSS (Independent basic service set)

Which of the following topologies is a network of two or more nodes that shares access to the network, but only one node can be active at any one time? a) Bus b) Star c) Ring d) Mesh

a) Bus -In a bus topology with more than two nodes, they all share access and bandwidth of the media. Only one node can be active at any one time. So, the nodes must contend to put signals on the media.

What describes the calculation of a checksum based on the contents of a frame used to detect errors? a) CRC b) SNMP c) MOU d) CPU

a) CRC -Cyclic redundancy checks (CRC) are a calculation of a checksum based on the contents of a frame used to detect errors. -A memorandum of understanding (MOU) is a preliminary or exploratory agreement to express an intent to work together.

A user submitted a ticket and reported that while they were on a business trip at the airport, they could not connect to the wireless. After researching the issue, the support technician realized the user never signed into the free wireless system that the airport provided. What kind of wireless system was set up at the airport? a) Captive portal b) Spectrum c) Service Set Identifier (SSID) d) Virtual private network (VPN)

a) Captive portal -A captive portal is a type of wireless setup with a web page or website to which a client is redirected before being granted full network access.

A network administrator sets up a brand new wireless access point in the office. The access point will connect office wireless devices, but it will also offer access to guest users. Recommend wireless access features that can support and secure a guest network that should only be accessible to customers in the immediate lobby area of the office floor. (Select all that apply.) a) Captive portal b) Port Security c) Power levels d) Network isolation.

a) Captive portal c) Power levels d) Network isolation. -The wireless antenna power levels can be tuned to reduce the wireless coverage so that the wireless reception is only retrievable from the lobby rather than from the parking lot or other external areas. -A captive portal is a web page that a user must authenticate to or access to accept a use policy or other requirements before gaining access to a network such as a guest network.

An administrator is using existing cabling to supply power to PoE switches. When an administrator plugs a device into the switch port, the PoE switch will determine the device's power consumption and set the supply voltage level appropriately. What is the lowest standard of cabling that the PoE switches can operate on with the most efficiency? (Select all that apply.) a) Cat 3 cable or better b) Unshielded cabling c) Shielded cabling d) Cat 5e cable or better.

a) Cat 3 cable or better c) Shielded cabling -PoE requires Cat 3 cable or better while PoE+ must use Cat 5e cable or better. Drawing power down the cable generates more heat that can adversely affect data rates. -PoE should use shielded cabling as it is capable of dispersing heat more efficiently than unshielded cabling.

A wireless engineer implements a new Wi-Fi network organization. The engineer carefully planned the deployment of access points (APs) to maintain a configuration spacing of 25 MHz. Consider the given wireless network symptoms and determine which relates to the configured value. (Select all that apply.) a) Channel overlap b) Interference c) Absorption d) Frequency mismatch

a) Channel overlap b) Interference -At least 25 MHz spacing should be allowed to avoid channel overlap. -Interference could be caused by number of factors including neighboring equipment that may use the same frequency of radio waves. -Absorption refers to the degree to which walls and windows will reduce signal strength. -NOTE: The most likely cause of a frequency mismatch is where the AP is configured for 5 GHz operation, but a station does not have a 5 GHz radio.

Employees in a certain office area are complaining that it is difficult to browse the web while on wireless. The network engineer reconfigured the access point to a lesser-used frequency to limit the surrounding businesses' wireless issues. What is the most likely issue that the network engineer resolved? a) Channel utilization b) Frequency mismatch c) Distance d) Incorrect passphrase

a) Channel utilization -When multiple APs use the same channel, opportunities to transmit are reduced. Channel utilization can be measured from the AP or using a Wi-Fi analyzer. As a design goal, a channel should exhibit no more than 50% utilization.

Employees at a gas station observe a potential hacker trying to install a malicious device in a credit card reader. Which of the following is a layer of security that could have been implemented to detect and alert this type of criminal activity? (Select all that apply.) a) Circuit alarm b) Duress alarm c) Motion detection d) Tamper detection

a) Circuit alarm b) Duress alarm d) Tamper detection #Tamper detection is a layer of security is found in computers, alarm systems, surveillance systems, and even security fences. Tampering is detected when a circuit is broken or when a switch is tripped on a device. #A circuit-based alarm sounds when the circuit is opened or closed, depending on the type of alarm and can be used for tamper detection. #A duress alarm is triggered manually by staff if they come under threat. Some electronic entry locks can also be programmed with a duress code.

TFTP is a simple protocol for transferring files from one device to another, such as a Cisco IOS or configuration file. Which device can be configured as a TFTP server? a) Cisco router b) CSU/DSU c) Cisco content engine d) Modem

a) Cisco router -The ability to use a router as a TFTP server can be quite useful. The Cisco router is the best device to use to be configured as a TFTP server. -A CSU/DSU (Channel Service Unit/Data Service Unit) is a hardware device about the size of a modem that converts digital data frames from the communications technology used on a LAN into frames appropriate to a WAN and vice versa.

What solution uses a protocol called WebSockets that enables bidirectional messages to be sent between the server and client without requiring the overhead of separate HTTP requests? a) Clientless VPN b) Full Tunnel c) Split Tunnel d) Virtual Network Computing (VNC)

a) Clientless VPN -Clientless VPN requires a client appl that implements the protocols and authentication methods by the remote desktop/VPN gateway. -Virtual Network Computing (VNC) allows a site to operate a remote desktop gateway that facilitates access to virtual desktops or individual apps running on the network servers.

Which delivery method and protocol may send data out of order and over different paths? (Select all that apply.) a) Connectionless b) Connection-oriented c) TCP d) UDP

a) Connectionless d) UDP

A network administrator is looking at an ARP table on a switch for connected devices. Which Open Systems Interconnection (OSI) layer are they looking at? a) Data link b) Physical c) Network d) Session

a) Data link -The Data Link layer (layer 2) transfers data between nodes on the same logical segment. This is where ARP tables are located.

Attenuation is the loss of signal strength. Specifically, it is the ratio between the signal strength from where the signal starts to where it ends. How is the loss of signal strength expressed? a) Decibels b) Interference c) Throughput d) Noise

a) Decibels -Decibels (dB) express attenuation or the loss of signal strength. dB expresses the ratio between two measurements: signal strength at origin and signal strength at the destination. -Noise is anything transmitted within or close to the channel that is not the intended signal, causing errors in data and forcing retransmissions. This is known as the signal-to-noise ratio (SNR).

What is the Internet Protocol (IP) address of a router on the same IP network as the host? a) Default gateway b) Subnet mask c) Loopback address d) Virtual IP

a) Default gateway

A set of workstations have been installed in an office floor. The network administrators are preparing to join these servers to the domain after they receive an Internet Protocol (IP) address from the Dynamic Host Configuration Protocol (DHCP) server. What are the minimum DHCP scope options required to simplify these computers joining the domain? (Select all that apply.) a) Default gateway b) Lease time c) NTP IP address(es) d) DNS IP address(es)

a) Default gateway c) NTP IP address(es) d) DNS IP address(es) -The default gateway, or option 003, is required so the workstations can route to the rest of the internal LAN. The workstations will need to find a domain controller outside of its broadcast domain. -DNS IP addresses, or option 006, is required so the domain name can be resolved properly to join the workstations to the domain. -NTP Server setting is option 042. Providing the IP addresses for the NTP server will ensure the workstations have the correct time. It will ensure proper joining to the domain. #Must exclude lease time. NOTE: Question itself mentions an attempt to join the "DOMAIN". So, DNS has to be involved.

A network engineer is tasked with reviewing the current routing tables for the IP networks and host location, which of the following entries are part of the routing table? (Select all that apply.) a) Destination b) Protocol c) Asymmetrical routing d) Interface

a) Destination b) Protocol d) Interface

An employee submitted a ticket stating that the wireless signal is only 10 strength at their desk, making it hard for the employee to browse the shared drive and internet. What would a network engineer completing a site survey be able to determine is the cause? a) Distance b) Frequency mismatch c) Incorrect passphrase d) Interference

a) Distance -Wireless access points can only broadcast radio signals a certain distance. The further away from the wireless access point, the less signal strength, leading to poor connections.

When considering a troubleshooting methodology, which of the following topics concern finding a problem? (Select all that apply.) a) Duplicate the problem, if possible b) Question the obvious c) Identify symptoms d) Gather information

a) Duplicate the problem, if possible c) Identify symptoms d) Gather information -Except for the "Question the Obvious", rest of them are the step 1 or "Identify the problem" section. -It is important to take enough time to determine what caused the problem so that a recurrence can be avoided. Gathering information is an important 1st step in identifying the problem. -When troubleshooting an issue, it is important to identify symptoms. Doing so goes hand-in-hand with gathering information to identify the problem. -If possible, duplicating the problem is helpful when gathering information about the issue. This includes trying to take the same steps as the user.

An attacker used a malicious host with a spoofed physical address to perform cache poisoning and perpetuate an on-path attack. Which of the following can prevent these types of attacks? (Select all that apply.) a) Dynamic Host Configuration Protocol (DHCP) snooping b) Media Access Control (MAC) filtering c) Port-based Network Access Control (PNAC) d) Address Resolution Protocol (ARP) inspection

a) Dynamic Host Configuration Protocol (DHCP) snooping d) Address Resolution Protocol (ARP) inspection -ARP inspection maintains a trusted database of IP:ARP mappings. -DHCP snooping is a type of switch port security setting that inspects DHCP traffic arriving on access ports to ensure that a host is not trying to spoof its MAC address.

A network engineer configures network connectivity. Identify how switches will work if the engineer configures the spanning tree protocol (STP). (Select all that apply.) a) Each switch determines the shortest path to the root. b) Hosts can configure IPv6 addresses c) Hosts are allowed to discover other nodes. d) Switches are organized into a hierarchy.

a) Each switch determines the shortest path to the root. d) Switches are organized into a hierarchy. -Each switch determines the shortest path to the root bridge by exchanging information with other switches. This STP information gets packaged as bridge protocol data unit (BPDU) multicast frames. -Switches are organized into hierarchy, with the switch at the top of the hierarchy being the root. The switch with the lowest ID, comprising a priority value and the MAC address, will be selected as the root.

A real estate agent is uploading photos of the latest listing onto the corporate website. Once the agent uploads the photos, they pass through multiple servers undergoing quality checks and sorting to ensure that they appear in the most relevant searches. What term best describes the passing of data from server to server? a) East-West b) North-South c) Top-of-rack switching d) Branch office vs. on-premises data center vs. colocation

a) East-West -East-West is a term to describe traffic that travels or flows between server to server in a data center.

While determining the amount of power that an access point is transmitting, a network engineer calculates the sum of the transmit power, antenna cable/connection loss, and the antenna gain. What is the engineer attempting to calculate? a) Effective isotropic radiated power (EIRP) b) Received signal strength indicator (RSSI) c) Channel utilization d) Captive port

a) Effective isotropic radiated power (EIRP) -The power at which an access point transmits is configurable. EIRP is calculated as the sum of transmit power, antenna cable/connector loss, and antenna gain.

A sysadmin is researching a connectivity issue. The sysadmin sees the physical link listed as up, but the line protocol listed as down. What may be causing the issue that the sysadmin should investigate? a) Encapsulation errors b) Link states c) Bandwidth d) Jitter

a) Encapsulation errors. -Encapsulation is the frame format expected on the interface. Encapsulation errors will prevent transmission and reception. If the sysadmin checks the interface status, the physical link will list it as up, but the line protocol will list it as down.

A system that contains custom applications routinely crashes. IT decides to upgrade the operating system after speaking with application support personnel. In which of the following ways should IT troubleshoot the matter? a) Establish a plan of action to resolve the problem and identify potential effects. b) Identify the problem. c) Determine if anything has changed. d) Verify full system functionality and, if applicable, implement preventive measures.

a) Establish a plan of action to resolve the problem and identify potential effects. -Establishing a plan of action such as a maintenance window or scheduled down time to fix an issue is best practice. Researching impacts of any fixes should also be considered.

A host with a Media Access Control (MAC) of 00:72:8b:31:8b:cb uses a global scope addressing scheme. One identifier for this host is 0272:8bff:fe31:8bcb. Consider Internet Protocol version 6 (IPv6) addressing schemes to determine what this identifier represents. a) Extended Unique Identifier (EUI) 64 b) Subnet address c) Global scope d) Network ID

a) Extended Unique Identifier (EUI) 64

What is a cost-effective way to connect a Storage Area Network (SAN)? a) Fibre Channel over Ethernet (FCoE) b) Infrastructure layer c) Software-defined network d) Fibre Channel

a) Fibre Channel over Ethernet (FCoE) -FCoE is the standard that allows for mixed use of ethernet networks with both ordinary data and storage network traffic. FCoE delivers Fibre Channel packets over ethernet cabling and switches.

An organization recently renovated its office. The IT department has tasked an entry-level technician with moving equipment to the proper cubicles and setting the equipment up for each employee. However, there are no labels at each cubicle. What kind of document would help the technician place each computer at the correct cubicle? a) Floor plan b) Wiring diagram c) Site survey d) Rack diagram

a) Floor plan -A floor plan is a detailed diagram of wiring and port locations. For example, the IT department might use floor plans to document wall port locations and cable runs in an office.

A server administrator configures a network's internal DNS to set the records for all servers. Users mention that one server, in particular, is not reachable by name. What does the administrator investigate? a) Forward lookups b) Recursive lookups c) DNS caching d) Time to live settings

a) Forward Lookups -Forward lookups use a forward lookup zone to return an IP address associated with a host name. In this case, an entry for the particular host was likely missed or contains a typo. -A recursive lookup means that if the queried server is not authoritative, it does take on the task of querying other name servers until it finds the requested record or times out.

A network engineer is troubleshooting interconnectivity between IPv4 hosts and IPv6 hosts. The engineer has found there is a need for a layer three tunneling protocol that can encapsulate different types of IPv6 and IPv4 packets. What type of encapsulation should the engineer enable on the network? a) GRE b) LDAP c) SQL Server d) ICMP

a) GRE -Generic Routing Encapsulation (GRE) Tunneling protocol allows the transmission of encapsulated frames or packets from different types of network protocol over an IP network. -On the other hand, LDAP is not a directory standard but a protocol used to query and update X.500-like directories that operates in port 389.

Management at an online retailer meet to discuss delivery options for an online shopping experience. IT proposes using a method where transactions take place in a cloud environment, but using a back-end locally. Which delivery model does IT suggest as a solution? a) Hybrid b) Private c) Public d) Community

a) Hybrid -A hybrid cloud solution uses a mix of multiple cloud delivery models. One approach is to only utilize cloud services when forecasted that private services will experience an increase in activity.

A server administrator is adding a new Network Interface Card (NIC) to a virtual machine. What should the administrator modify to add the new NIC to the virtual machine? a) Hypervisor b) WAN c) SD-WAN d) Demarcation point

a) Hypervisor -In a virtualization host, the hypervisor—or virtual machine monitor (VMM)—manages the virtual environment and facilitates interaction with the computer hardware and network.

A technician tries the suggested troubleshooting steps to remedy a computer issue. The steps do not fix the problem. Additional suggestions are at a support website that discuss a different cause and potential fix for the problem. What troubleshooting path should the technician follow? a) If the theory is not confirmed, reestablish a new theory or escalate. b) Document findings, actions, and outcomes. c) Duplicate the problem, if possible. d) Establish a plan of action to resolve the problem and identify potential effects.

a) If the theory is not confirmed, reestablish a new theory or escalate. -Often problems may have several different possible causes. When a theory is not confirmed, the next in line can be considered. Escalation means referring the problem to a more knowledgeable entity such as senior technician, manager, or 3rd party.

A company's main file server crashed, requiring the sysadmin to restore data. However, the information technology department received complaints that no one sent any communication informing employees of the issue. What kind of plan would have helped to prevent these complaints? a) Incident b) Acceptable use c) Data loss d) Change management

a) Incident -An incident response plan sets out the procedures, tools, methods of communication, and guidelines for dealing with security incidents. An incident occurs when there is a security breach or an attempted breach. -Data loss prevention (DLP) is a software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

A user installs a financial software package that requires cloud access. For some reason, the application fails to connect to the cloud server. What caused this issue? a) Incorrect host-based firewall settings b) Unresponsive service c) Incorrect time d) Duplicate IP (Internet Protocol) address

a) Incorrect host-based firewall settings -A host-based firewall is implemented as a software application running on a host. Often rules need to be manually added to a firewall allow for applications to communicate properly.

An administrator is using a wire map tester to identify different types of issues with cabling. What kinds of issues can the wire map tester detect? (Select all that apply.) a) Incorrect pin-out b) Short c) Bad port d) Continuity

a) Incorrect pin-out d) Continuity -Incorrect pin-out means when the installer incorrectly wired the conductors into the terminals at one or both ends of the cable. -Continuity means open-end in the cable due to cable damage or because the installer did not properly wire the connector.

A fiber optic cable is experiencing significant signal loss. Which of the following items should the engineer investigate to determine the cause? (Select all that apply.) a) Incorrect transceivers b) Dirty optical cables c) Mismatched coupled cables d) Electromagnetic interference

a) Incorrect transceivers b) Dirty optical cables c) Mismatched coupled cables -In fiber optic cables, dirt, dust, or grease in the transmission path will greatly reduce signal strength or block transmission completely. -Manufacturers make the transceivers used in each optical interface, whether SFP, GBIC, or another type of media converter, for a specific type of optical fiber. Using incorrect transceivers can cause signal loss. -Any mismatch between fiber optic cables coupled together will result in data loss. This can occur if the coupling does not properly align the cables, if they are different sizes, or if they are damaged. NOTE: Fiber optic cables are not susceptible to electromagnetic interference which is noise that occurs when a magnetic filed around one electrical circuit or device interferes with the signal on an adjacent circuit.

A network administrator wants to prevent unauthorized devices from connecting and gaining access to the network. Conclude which options are effective ways to ensure this type of security on the switch. (Select all that apply.) a) Isolating the ports to a black hole VLAN b) Unlocking hardware cabinets c) Disabling the switch port using management software d) Configuring MAC filtering on a switch.

a) Isolating the ports to a black hole VLAN c) Disabling the switch port using management software d) Configuring MAC filtering on a switch. -To ensure the security of physical switch port access and help prevent the attachment of unauthorized client devices, a switch port can isolated to a black hole VLAN.

A tech configures a medium-sized business to utilize an ad hoc approach when connecting wireless devices. These devices allow connections to and from each other. Review the following properties and determine which applies to an ad hoc topology. a) It uses an independent basic service set (IBSS). b) It uses a basic service set (BSS). c) It is grouped into an extended service set (ESS). d) It is able to roam in an extended service area (ESA).

a) It uses an independent basic service set (IBSS). -In an ad hoc topology, the wireless adapter allows connections to and from other devices. In 802.11 documentation, this is called an independent basic service set (IBSS). ad hoc topology is the most secure topology for transferring data and files from one device to another.

An engineer notices a large number of frames traversing a network. While frames are not getting dropped, the traffic from the frames is taxing switches in a network closet. What will the engineer implement to rectify this situation? a) Jumbo frames b) Port aggregation c) Flow control d) Link aggregation protocol

a) Jumbo frames -A jumbo frame supports a data payload of up to around 9,000 bytes (rather than 1500). This reduces the number of frames that need transmitting, which reduces the number of processing that switches and routers do.

A server has stopped communicating on the network, and the administrator suspects the network interface card (NIC) or the switch port may be bad. What tools can the administrator use to verify? (Select all that apply.) a) LED status indicators b) Optical spectrum analyzer c) TAP d) Loopback adapter

a) LED status indicators d) Loopback adapter -A network loopback adapter (or loopback plug) is a specially wired RJ-45 plug with a 6" stub of cable that sends the packet back to itself to test for bad ports and network cards. -LED status indicators are link lights located on the NIC at one end and the switch/router port at the other and indicate the device's status.

A network contractor is reviewing the algorithms used for path selection. What algorithm allows a router to store the complete network topology and assess the least-cost paths from this topology database? a) Link state b) Static route c) Hybrid routing protocol d) Distance vector

a) Link state -A link state algorithm allows a router to store the complete network topology and assess the least-cost paths from the topology database. -For e.g: OSPF

A company uses multiple internet providers to maintain a reliable network. The wide area network (WAN) interfaces on a firewall handle the traffic bandwidth with policies. Considering the approach to Internet access, what does this company utilize? a) Load balancer b) Content filter c) VPN headend d) Proxy server

a) Load balancer -A load balancer can switch traffic to alternative nodes, reduce bottlenecks, and allow for failover services. In this case, the network engineer redirects specific traffic to take advantage of available bandwidth. -The network engineer would use a proxy server as an intermediary for network access, such as Internet access. A proxy can control what a system can or cannot connect to.

Ethernet is known to use which type of contention-based system? a) MAC b) CSMA/CD c) BASE d) 802.3

a) MAC -MAC refers to the methods a network technology uses. Ethernet uses a contention-based MAC system. Each network node connected to the same media is in the same collision domain. -Contention is a media access method that is used to share a broadcast medium. In contention, any computer in the network can transmit data at any time. This system breaks down when two computers attempt to transmit at the same time (also called collision.)

A tech configures a network to use an E-lines service. Compare and evaluate the choices to determine which network type the tech configures. a) MAN b) PAN c) CAN d) WAN

a) MAN -A metropolitan area network (MAN) is a network that covers an area equivalent to a municipality. A MAN uses a service category such as an E-line, which establishes a point-to-point link or an E-LAN, which establishes a mesh topology.

A network administrator is creating a plan for connecting multiple branch locations to the main database located in the headquarters. Which protocols can the administrator use to accomplish this link? (Select all that apply.) a) MPLS b) vNIC c) mGRE d) NFV

a) MPLS c) mGRE -Multipoint Generic Routing Encapsulation (mGRE) is a version of the Generic Routing Encapsulation (GRE) protocol that supports point-to-multipoint links, such as the hub and spoke dynamic multipoint VPN. -MPLS or Multiprotocol Label Switching (MPLS) can operate as an overlay network to configure point-to-point or point-to-multipoint links between nodes.

A Key Performance Indicator (KPI) is a network performance metric used to determine asset reliability. Which of the following is NOT an example of a KPI? a) Mean Time to Failure (MTTF) b) Mean Time Between Failures (MTBF) c) Maximum Tolerable Downtime (MTD) d) Mean Time to Repair (MTTR)

a) Mean Time to Failure (MTTF) b) Mean Time Between Failures (MTBF) d) Mean Time to Repair (MTTR)

What might cause zone transfers of domain name system (DNS) record updates to fail between multiple DNS servers? a) Misconfigured stratum b) Incorrect DNS records c) Missing root server d) Incorrect scope

a) Misconfigured stratum #Stratum 1 NTP servers directly connect to an accurate clock source. If an inaccurate Network Time Protocol (NTP) server is specified on a server, it may result in time synchronization and further communication problems. #NTP contains stratum, clients. Stratum 0 is for reference. Stratum 4 synchronizes stratum 3 and stratum 3 synchronizes stratum 2. Maximum stratum levels NTP can handle is 15.

Which protocol uses Network Level Authentication (NLA) which requires the client to authenticate before a full remote session starts? a) Remote Desktop Protocol (RDP) b) Secure Shell (SSH) c) Virtual Network Computing (VNC) e) Telnet

a) Remote Desktop Protocol (RDP) -Key word here is "FULL". RDP provides access to the graphical interface of the client or server, which allows the user to have full control over the RDP software.

What kind of tool can a network administrator run to measure the network statistics of a building's network equipment? a) NetFlow b) Traffic c) Audit d) Baseline

a) NetFlow -A packet analyzer, such as NetFlow, can measure network traffic statistics, but trying to record each frame imposes a heavy processing overhead on the network tap or mirror port. -A baseline is a snapshot of a known good configuration and how a device operates at that known good configuration. -An audit log records the use of authentication and authorization privileges. It will generally record success/fail type of events. An audit log is also known as an access log or security log.

A technician determines that a faulty network connection caused a system error. Which logical approach allows for methodical steps to diagnosing the cause? a) OSI (Open Systems Interconnection) reference model guidance b) Identifying the problem c) Escalating as necessary d) Gathering information

a) OSI (Open Systems Interconnection) reference model guidance

Which solution does a network closet use to clean a power signal? a) PDU b) UPS c) Battery backup d) Generator

a) PDU -A power distribution unit (PDU) has circuitry to "clean" a power signal and protect against spikes, surges, and brownouts. -A backup power generator can provide power to a whole building, often for several days. -A battery backup can provision at the component level, such as for disk drive and RAID array cache. The battery protects any read or write operations cached at the time of power loss.

An attacker exploited basic human trust by manipulating victims into performing actions they otherwise would not perform. Then, the attacker was able to disguise the victim's computer resources as something else. Which of the following attacks execute these malicious techniques? (Select all that apply.) a) Phishing b) Social Engineering c) Pharming d) Spoofing

a) Phishing b) Social Engineering d) Spoofing -Phishing is a combination of social engineering and spoofing (disguising one computer resource as another). -Spoofing uses social engineering. This is an attack technique where the attacker disguises their identity. -Pharming is a means of redirecting users from a legitimate website to a malicious one. Pharming does not use social engineering techniques to trick the user, but corrupts the way the computer performs Internet name resolution.

Which of the following is spoofing associated with? (Select all that apply.) a) Phishing b) Brute force c) Biometrics d) De-authentication

a) Phishing c) Biometrics d) De-authentication -De-authentication sendsspoofed death frames to de-authenticate a client from an AP, which allows an attacker to interpose a rogue AP or perform a DoS attack. -Biometrics is vulnerable to spoofing methods.

An organization has asked a network administrator to research and submit a purchase order for new network access points. The network administrator is attempting to choose between using wired and wireless access points. Which layer of the OSI model is the administrator making a decision? a) Physical layer b) Network layer c) Data link layer d) Session layer

a) Physical layer

An engineer troubleshoots a network connectivity issue that the server team reported. The engineer notices that the trunk port is down between two routers. After checking the fiber link on the router, the engineer moves the cable and notices that the link light comes on. The issue is MOST likely a part of what layer of the OSI model? a) Physical layer b) Network layer c) Session layer d) Data link layer

a) Physical layer -The physical layer of the OSI model is responsible for the transmission and receipt of the signals that represent bits of data from one node to another node.

A network engineer identifies that a broadcast storm is causing a loss of network bandwidth. What causes broadcast and unknown unicast frames to circulate the network perpetually, as each switch repeatedly floods each frame? a) Switching loops b) Missing route c) DNS issues d) Routing loop

a) Switching loops -Switching loops cause broadcast and unknown unicast frames to circulate the network perpetually, as each switch repeatedly floods each frame. -A routing loop occurs when two routers use one another as the path to a network. Packets are caught in a routing loop circle around until the TTL expires.

The security network administrator of a company wants to ensure only authorized hosts are connecting to the network. Which options would an administrator utilize on routers and switches to provide port-based authentication for network access to devices? (Select all that apply.) a) Port-based Network Access Control (PNAC) b) Address Resolution Protocol (ARP) c) Media Access Control (MAC) limiting and filtering. d) Institute of Electrical and Electronics Engineers (IEEE) 802.1X.

a) Port-based Network Access Control (PNAC) d) Institute of Electrical and Electronics Engineers (IEEE) 802.1X. -The IEEE 802.1X standard defines a PNAC mechanism, which means that the switch (or router) performs some sort of authentication of the attached device before activating the port. -PNAC means that the switch (or router) performs a type of authentication of the attached device before activating the port.

A new network administrator is going through the company's network and surveying current network configurations. After examining a few hosts, the general Internet Protocol (IP) scheme starts with the first octet at 10 and all are using a default mask of 255.0.0.0. Which of the following would be true for this network? (Select all that apply.) a) Private IP addressing b) Public IP addressing c) Class A network d) /24

a) Private IP addressing c) Class A network. -A Class A network can be identified by the first octet being in the range of 1-126. It supports large numbers of hosts over 16 million. -Private IP addresses are used for internal networks. They can be drawn from one of the pools of addresses defined in RFC 1918, or better known as Class A, B, and C private address ranges.

A cable installer configures the insulation-displacement connection (IDC) terminals on a patch panel; what tool will the installer need for the cabling? a) Punchdown tool b) Snips c) Cable stripper d) Cable crimper

a) Punchdown tool -A punchdown tool has replaceable blades and fixes conductors into an IDC. Different IDC formats require different blades on the punchdown tool. -Insulation-displacement connection is also known as insulation-piercing contact (IPC). #IDC or IPC is an electrical connector designed to be connected to the conductor(s) of an insulated cable by a connection process which forces a selectively sharpened blade or blades through the insulation, bypassing the need to strip the conductors of insulation before connecting.

Which types of packet encryption use a pre-shared key (PSK) passphrase that generates a 256-bit master key (MK), and from the resulting MK, creates a 128-bit temporal key (TK)? (Select all that apply.) a) RC4/TKIP b) Cyclic Redundancy Check (CRC) c) EUI-64 d) AES/CCMP

a) RC4/TKIP d) AES/CCMP -The PSK passphrase generates a 256-bit master key (MK), which is used to generate the 128-bit temporal key (TK) for both RC4/TKIP and AES/CCMP packet encryption. -EUI-64 or extended unique identifier is IEEE's preferred term for a MAC address. EUI-64 is a 64-bit hardware interface ID. -The error checking field contains a 32-bit (4-byte) checksum called CRC & is calculated based on the contents of the frame.

An end-user's computer crashed. Upon rebooting the machine the user noticed popups while trying to access files. The popups read that the files were encrypted, and access to the data would not be granted without the private encryption key that is held by the attacker. Unfortunately, the victim did not backup any of the data to recover it. Analyze the scenario and determine what types of attacks the end-user may have fallen victim to. (Select all that apply.) a) Ransomware b) Phishing c) Pharming d) Crypto-malware

a) Ransomware d) Crypto-malware -Crypto-malware is ransomware that encrypts data files, and the user is unable to access files without obtaining the private encryption key. This attack is difficult to mitigate unless the user has backups of the encrypted files.

An organization has asked a junior network technician to retrieve some swappable ports that host a single LC connection per port. Since there are numerous inserts for network devices, which should the technician retrieve? a) SFP b) RJ-45 c) F-type connector d) QSFP

a) SFP -Also designed for Gigabit Ethernet, the small form-factor pluggable (SFP) uses local connectors (LCs). Gigabit Interface Converter (GBIC) was very bulky and largely replaced by SFP, also known as mini-GBIC.

A sysadmin is looking to monitor the network devices by pulling data off of them remotely. What kind of network equipment functionality can the sysadmin use to accomplish this? a) SNMP trap b) Giant c) Baseline d) Runt

a) SNMP trap -A Simple Network Management Protocol Trap is an agent that informs the SNMP monitor of a notable event (port failure, for instance). The sysadmin can set a threshold for triggering traps for each value.

Users mention that a video conferencing service is not working properly. The service ties to the company domain name for business purposes. Which domain name system (DNS) record does the tech identify as incorrect? a) SRV b) CNAME c) AAAA d) TXT

a) SRV -A Service (SRV) record is a DNS record used to identify a record that is providing a network service or protocol. Properties of this record type include port and protocol.

A computer has difficulty connecting to a wireless access point. What common wireless properties does a user need knowledge of to properly access a Wi-Fi network? (Choose all that apply.) a) SSID b) Passphrase c) Security type d) Frequency

a) SSID b) Passphrase

A network has been asked to provide a synopsis of the potential risks associated with implementing a BYOD program at Company A. What are the possible risks associated with this program? (Select all that apply.) a) Security b) Licensed feature issues c) Compatibility/support d) Device configuration review

a) Security c) Compatibility/support

A security analyst is using a method to aggregate logs from multiple sources. This tool can provide a long-term retention function and be used to demonstrate regulatory compliance. What is this method called? a) Security Information and Event Management (SIEM) b) Privileged Access Management (PAM) c) Common Vulnerabilities and Exposures (CVE) d) Business Impact Analysis (BIA)

a) Security Information and Event Management (SIEM) #Security information and event management (SIEM) is a security control designed to integrate vulnerability and threat assessment efforts through the automated collection, aggregation, and analysis of log data. #Privileged access management (PAM) refers to policies, procedures, and technical controls to prevent the malicious abuse of privileged accounts by internal threat actors and to mitigate risk from weak configurations over privileges.

What kind of contract helps shield both the customer and vendor from legal risk and enforces a standard for what the customer should expect from a vendor? a) Service level b) Acceptable use c) Security d) Memorandum of understanding

a) Service level -A service level agreement (SLA) is a contractual agreement setting out the detailed terms provided under an ongoing service. NOTE: if it's a report completed by managed service providers , then it's an audit.

Users mention that in a certain part of a company building, the wireless signal is weak. Which areas should IT support investigate to help remedy the problem? (Select all that apply.) a) Signal-to-noise ratio b) Power level c) Frequency mismatch d) Channel Overlap.

a) Signal-to-noise ratio b) Power level d) Channel Overlap. -Some devices allow for power level adjustments to help to cover longer distances. -Channel overlap can cause signal issues. At least 25 MHz spacing should be allowed to avoid channel overlap. In practice, therefore, no more than three nearby 802.11b/g APs can have non-overlapping channels. -The comparative strength of the data signal to the background noise is called the Signal-to-Noise Ratio (SNR). This figure should be at least 25 dB or higher.

A sysadmin is trying to understand what is causing the company's virtual private network connections to fail. What kind of log would help the sysadmin track down the issue? a) Syslog b) Audit c) Trap d) Security

a) Syslog

Users on a network are complaining about entering credentials each time they want to access multiple log-in portals. What can the network administrator implement to prevent the need for users to re-authenticate to access different resources? (Select all that apply.) a) Single Sign-On (SSO) b) Single-factor authentication c) Kerberos d) Multi-factor authentication.

a) Single Sign-On (SSO) c) Kerberos. -Kerberos provides SSO. The system trusts a user once he or she confirms authentication and does not need re-authentication to access different resources. -Single Sign-On (SSO) means that a user only has to authenticate to a system once to gain access to all its resources (that is, all the resources to which the user has been granted rights.)

A help desk technician is assisting the sysadmin in determining the best location for wireless access points. What kind of report should the technician generate? a) Site survey b) Remote access c) Rack diagram d) Wire diagram

a) Site survey -A site survey is a critical planning tool to ensure that the Wireless Local Area Network (WLAN) delivers acceptable data rates to the supported number of devices in all the physical locations expected. -A wiring diagram (or pin-out) shows detailed information about the termination of twisted pairs in an RJ-45 or RJ-48C jack or Insulation Displacement Connector (IDC). -Rack diagram records the position of each appliance in the rack.

An attacker implemented a malicious access point (AP) with the same name as a legitimate one. The result was a Denial of Service (DoS) and a Wiphishing attack on a corporate WiFi. Which of the following did the attacker most likely execute in this scenario? (Select all that apply.) a) Spoofing b) Logic bomb c) War driving d) Evil Twin

a) Spoofing d) Evil Twin -A rogue AP masquerading as a legitimate one is called an evil twin, and is sometimes known as Wiphishing. An evil twin might have a similar or same name (SSID) to the legitimate one, and the attacker might use some DoS technique to overcome the legitimate AP.

While experiencing a Denial of Service Attack (DoS) on the corporate WiFi, a network engineer noticed two Service Set Identifiers (SSIDs) with the same name on the company’s wireless infrastructure. Which of the following is most likely associated with this type of attack? (Select all that apply.) a) Spoofing b) War driving c) Invalid DHCP Scope d) Rogue access point.

a) Spoofing d) Rogue access point -Rogue AP is an unauthorized device or service, such as a wireless AP DHCP server or DNS, on a corporate or private network that allows unauthorized individuals to connect to the network. -Spoofing is defined as disguising one computer resource as another. (two SSIDs with the same name is a hint of spoofing)

An engineer begins the installation of a network for a new business. Ethernet cables run from desktop locations to a centralized patch panel in a data closet where a hub is placed until a new switch arrives. Evaluate the engineer's configuration, and conclude which types of physical and logical topologies the engineer implements. (Select all that apply.) a) Star b) Ring c) LAN d) Bus

a) Star d) Bus -A star topology is a physical network design in which each node is connected to a central point. A star network is also referred to as a hub and spoke network.

A systems administrator troubleshoots a problematic network. In doing so, a packet sniffer captures all suspected garbage traffic from numerous source ports to a single destination port on a Cisco switch. What configuration does the systems administrator use to achieve this? (Select all that apply.) a) Switched port analyzer b) Port security c) Port tagging d) Port mirroring

a) Switched port analyzer d) Port mirroring. -By default, sniffing of unicast traffic by hosts attached to the same switch is prevented. Port mirroring copies all packets sent to one or more source ports to a mirror (or destination) port. -There are circumstances in which capturing and analyzing the network traffic is a legitimate activity. This capability can be configured on a Cisco switch and referred to as a switched port analyzer (SPAN).

HVAC sensors are Internet of Things (IoT) devices that provide monitoring of what type of data? (Select all that apply.) a) Temperature b) Ventilation c) Power d) Humidity

a) Temperature b) Ventilation d) Humidity -Heating, Ventilation, Air Conditioning (HVAC) sensors are Internet of Things (IoT) devices that monitor environmental controls. For example, one environmental control involves temperature to determine how hot or cold an office, rack enclosure, or building is.

A company updates an Internet use policy for employees to follow. In addition, a server engineer deploys a forward web proxy server onto the network to safeguard and enhance Internet web browsing. What functional features is this particular proxy server setup providing for employees? (Select all that apply.) a) Traffic filtering b) Load balancing c) Caching engine d) Access Control List (ACL)

a) Traffic Filtering c) Caching engine. -A forwarding proxy server provides for protocol-specific outbound traffic. Most web proxy servers provide caching engines for frequently visited websites. -A multipurpose proxy is one configured with filters for multiple protocol types, such as, HTTP, SMTP and FTP.

A router downloads configuration files over User Datagram Protocol (UDP) port 69. The router does not have access to browse the directory or to delete files. Analyze File Transfer Protocols (FTPs) and determine what protocol the router is using. a) Trivial File Transfer Protocol (TFTP) b) File Transfer Protocol over Secure Sockets Layer (SSL) c) Secure File Transfer Protocol (SFTP) d) Active File Transfer Protocol (FTP)

a) Trivial File Transfer Protocol (TFTP)

A network administrator is setting up a new office room on a different floor of the building to support video conferencing sessions. The video systems will be utilizing a wireless network. Although the work budget is very small, the network must support two 2,167 Mbps streams over an 80 MHz 5 GHz band channel. What is the minimum wireless 802.11 standard access point (AP) a network administrator can purchase to stay close to budget while meeting the network requirements? a) Wi-Fi 5 b) Wi-Fi 4 c) Wi-Fi 6 d) Wireless g

a) Wi-Fi 5 -Wi-Fi 5 (802.11ac) is designed to provide network throughput similar to Gigabit Ethernet. An AC5300 can support 1000 Mbps over a 40 MHz 2.4 GHz band channel and two 2,167 Mbps streams over 80 MHz 5 GHz band channels. NOTE: If it says 5 GHz band channel, then should understand only 802.11 ac has this standard only. 802.11n has both.

A system administrator for ABC Company receives a request for a new account. A new employee is onboarding and will receive a Voice over Internet Protocol (VoIP) phone. The employee's name is Sam Smith and the phone number will be 1234567890. The company's domain is @abccompany.com. Develop a Session Initiation Protocol (SIP) Uniform Resource Indicator (URI). (Select all that apply.) a) sip:sam.smith@1234567890 b) sip:sam.smith.abccompany.com c) sip:[email protected] d) sip:123456789.abccompany.com

a) sip:sam.smith@1234567890 c)sip:[email protected] -Session initiation Protocol (SIP) endpoints are the end-user devices, also known as user agents. In this scenario, the VoIP is the SIP endpoint. One example of an SIP for this VoIP is sip:[email protected]. This is a unique URI that includes the user's name and the company domain. NOTE: both domain address and the phone number needs to have @. Also, sip:sam (colon) exists on both SIP URI.

A host with a Media Access Control (MAC) of 00:72:8b:31:8b:cb uses a global scope addressing scheme. Compose the MAC-derived address for the Extended Unique Identifier (EUI) 64. a) 0272:8bff:ee31:8bcb b) 0272:8bff:fe31:8bcb c) 0072:8bff:ee31:8bcb d) 0072:8bff:fe31:8bcb

b) 0272:8bff:fe31:8bcb -Globally scoped unicast addresses are routable over the Internet and are the equivalent of public Internet Protocol version 4 (IPv4) addresses. A MAC address is 48 bits and an Extended Unique Identifier (EUI)-64 creates a 64-bit interface (16 bits set of 4) The digits fffe are added in the middle of the address and the Universally Administered (U)/Locally Administered (L) bit is flipped. The proper EUI-64 in this scenario is 0272:8bff:fe31:8bcb.

A network installer is building a long-distance link. The nodes are approximately 10 km apart. What type of fiber link should the installer build for this link? a) 100BASE-FX b) 1000BASE-LX c) 10GBASE-SR d) 100BASE-SX

b) 1000BASE-LX -The 1000BASE-LX is a Gigabit Ethernet standard and supports 1 Gbps and a distance of 10 km using single mode fiber.

A server administrator has asked a junior network engineer to build a link between the server and the new SAN that the administrator just installed. The speed requirements for the link are more than 20Gbps, and the distance is about 20 feet. What medium should the network engineer use to build the required link? a) 1000BASE-T b) 40BASE-T c) 10GBASE-T d) 10BASE-T

b) 40GBASE-T -A 40GBASE-T refers to Gigabit Ethernet working over Cat 8 shielded cable with speeds up to 40 Gbps and a distance of 30 meters.

A network administrator wants to ensure passwords are strong and secure within a corporate environment. To effectively enforce password complexity rules, which of the following practices should the admin NOT recommend? (Select all that apply.) a) Passwords on encrypted channels b) A backdoor password reset mechanism c) Any password that is a dictionary term d) Any default password.

b) A backdoor password reset mechanism c) Any password that is a dictionary term d) Any default password. -Vendors sometimes deliberately install backdoors on devices such as routers and switches (often as a password reset mechanism). This kind of backdoor could allow an attacker a way through which to attack the network. -Password database dumps give attackers a useful dictionary to work with when trying to crack credentials. Any password that could be matched to a dictionary term is completely unsecure and must not be used.

A wireless access point (WAP) resides in the middle of an office area. A network administrator wants to gather information about data packets coming through the WAP for subsequent examination. Which of the following will provide the minimum level of support for completion of this task? a) A Wi-Fi analyzer b) A packet sniffer c) A port scanner d) A protocol analyzer

b) A packet sniffer -A packet sniffer is the minimum the network admin needs to gather information for examination later. A packet sniffer such as winpcap for Windows is able to read packets on a port and save the information to a file on disk. -A packet sniffer will interrogate the frames received by a network adapter using a special driver; Windows uses winpcap. It can save the captured frame into a file such as a .pcap file. -A protocol analyzer is a tool (hardware or software) used to capture and analyze signals and data traffic over a communication channel.

An engineer configures a voice over IP (VoIP) implementation on an existing data network. What approach does the engineer use while avoiding the use of trunk ports? (Select all that apply.) a) Circuit-based transmission b) Auxiliary VLAN c) Untagged frames d) Multiple broadcast domains.

b) Auxiliary VLAN d) Multiple broadcast domains -Auxiliary means supplementing or supporting. So, in this case, voice or auxiliary VLAN is used to distinguish a PC/data & VoIP without having to configure a trunk. Most switches now support the concept of a voice or auxiliary VLAN. -A VLAN creates its own broadcast domain. Therefore, the engineer uses multiple broadcast domains when integrating a data and voice network with VLANs.

Which networking protocol provides routing capabilities on the Internet, primarily between Internet Service Providers (ISPs)? a) Open Shortest Path First (OSPF) b) Border Gateway Protocol (BGP) c) Enhanced Interior Gateway Routing Protocol (EIGRP) d) Routing Information Protocol (RIP)

b) Border Gateway Protocol (BGP) -The Border Gateway Protocol (BGP) is designed between routing domains and used as the routing protocol on the Internet, primarily between Internet Service Providers (ISPs).

An engineer for a large firm documents the internal computer network. A diagram the engineer creates shows a top-down view of the Ethernet infrastructure in a hub and spoke layout. While considering the physical and logical topologies of the network, determine which choices qualify. (Select all that apply.) a) LAN b) Bus c) Ring d) Star

b) Bus d) Star -A star topology is a physical network design in which each node is connected to a central point. A star network is also referred to as a hub and spoke network.

A company has 725 hosts on the network that utilize public Internet Protocol (IP) addresses. The company has three contiguous class C addresses for the hosts. The company implemented Classless Inter-Domain Routing (CIDR) to assist with the maintenance of the three networks. What will CIDR provide to the network? a) CIDR will allow a network designer to allocate ranges of IP addresses to subnets that match the predicted need for numbers of subnets and hosts. b) CIDR will use bits normally assigned to the network ID to mask the complexity of the subnet and host address scheme. c) CIDR will provide groups of address ranges reserved for special use and are not publicly routable. d) CIDR will provide translation between the private and public addresses.

b) CIDR will use bits normally assigned to the network ID to mask the complexity of the subnet and host address scheme. -The company is using Classless Inter-Domain Routing (CIDR). CIDR uses bits normally assigned to the network ID to mask the complexity of the subnet and host addressing scheme within the network. CIDR collapses the three routing entries into one single entry.

A cable installer is using a special tool to affix an RJ-45 connector to an Ethernet cable. What tool has this purpose? a) Punchdown tool b) Cable crimper c) Snips d) Fusion splicer

b) Cable crimper -A cable crimper creates a patch cord and fixes a plug to a cable. The tools are specific to the connector and cable type, though some may have modular dies to support a range of RJ-type plugs.

A network engineer is investigating an issue in which redirects are not working when attempting to authenticate to the hotspot provider's network. Further exploration identifies that the redirect was transferring to an HTTP link and not an HTTPS link. What is the name of this issue? a) Disassociation b) Captive portal c) Encryption protocol mismatch d) Channel utilization

b) Captive portal -Most captive portal issues arise because the redirect does not work. The captive portal should use HTTPS. Most modern browsers will block redirection to sites that do not use TLS. - An encryption protocol mismatch will cause the connection to fail, even if the correct credentials are supplied. Same with disassociation or de-authentication.

A network engineer is troubleshooting an ethernet connection between two buildings. The engineer noticed that the network devices got upgraded, but the wiring did not. The engineer needs a connection that can handle 10Gbps at 500 MHz for a distance of 300 feet using RJ-45 connectors. What type of ethernet should the engineer replace the Cat 5 with to meet the connection standard? a) Cat 6 b) Cat 6a c) Cat 8 d) Cat 7

b) Cat 6a -Cat 6A is an improved specification cable that can support 10 Gbps over 100 m. RJ-45 connectors terminate the Cat 6A cable. If the connectors didn't exist, it's not possible to achieve the distance of 300m.

Name the method of fault tolerance used when a group of servers, consisting of redundant nodes, prevents disruption of network services. a) Link aggregation b) Clustering c) NIC teaming d) Load balancing

b) Clustering -A cluster is a group of servers, each of which is referred to as a node, that provides redundancy and fault tolerance for critical applications. -Link aggregation signifies combining two or more separate cabled links into a single logical channel. When done from the host end, this is called NIC teaming. -A load balancer can switch client traffic to alternative processing nodes, reducing bottlenecks and allowing for failover services in the event of a host or network route going down.

An administrator is configuring a router from their laptop through a pale blue cable. What kind of cable is this? a) Unshielded twisted pair cable b) Console cable c) Crossover cable d) Straight through cable

b) Console cable -A console, or rollover cable, is traditionally colored pale blue and connects a computer or laptop to the command line terminal of a switch or router.

Which device transfers data over voice-grade telephone lines? a) Edge router b) DSL modem c) Hub d) Cable modem

b) DSL modem -Digital subscriber line (DSL) is a technology for transferring data over voice-grade telephone lines. The DSL modem connects to the supporting ISP.

In the OSI model, physical addressing takes place at which layer? a) Physical layer b) Data link layer c) Application layer d) Session layer

b) Data Link Layer -The data link layer is responsible for the node-to-node delivery of the message. When a packet arrives in a network, it is the responsibility of DLL to transmit it to the host using its MAC address. Physical address is MAC address that identifies a device to other devices on the same local network. IP address identifies the device globally. And a network packet needs both addresses to get to it's destination.

The recent vulnerability assessment has left a company's IT team concerned about business continuity during a catastrophic event that could involve a data breach or even denial of service (DoS) attacks. At this point, what items would the team most strongly consider when doing a business impact analysis (BIA)? (Select all that apply.) a) Vendor products b) Data availability c) Business process d) CVEs

b) Data availability c) Business process #Assessing the process will focus on how to manage or recover from a range of threat scenarios that may include a DoS attack or data breach. Determining the appropriate processes provides options for business continuity. #Focusing on data availability ensures solutions or processes are in place to backup and recover data. Availability is one of the three CIA triad of Confidentiality, Integrity, and Availability. NOTE: This applies to the penetration testing as well.

A user goes to the website www.shopping.com. A bastion host reviews the request to enter the site to verify the safety of the request. What has the company established to enable clients access to data on the private system without compromising the security of the internal network? a) Port Address Translation (PAT) b) Demilitarized Zone (DMZ) c) Port forwarding d) Network Address Translation (NAT)

b) Demilitarized Zone (DMZ) -The company is using a Demilitarized Zone (DMZ), also referred to as a perimeter network. The idea of a DMZ is that traffic cannot pass through it directly. If communication is required between hosts on either side of a DMZ, a bastion host will take the request and check it.

A network administrator implemented video surveillance mechanisms to provide a layer of defense in the event prevention-based controls fail to work. If this security mechanism is effective, it ensures which of the following options? (Select all that apply.) a) Shorter response times and fewer guards needed b) Detecting attempts to penetrate a barricade c) Improving resilience of perimeter gateways d) Recording of movement and access

b) Detecting attempts to penetrate a barricade c) Improving resilience of perimeter gateways d) Recording of movement and access

An attacker compromised multiple machines and installed backdoors on them. Then, the attacker triggered the compromised victim machines to all launch at the same time. What type of attack does this situation describe? (Select all that apply.) a) Logic bomb b) Distributed Denial of Service (DDoS) c) Amplification Attack d) Distributed Reflection Denial of Service (DRDoS)

b) Distributed Denial of Service (DDoS) c) Amplification Attack d) Distributed Reflection Denial of Service (DRDoS)

A sysadmin has completed two contracts with two different internet vendors for the corporate office. The justification by the sysadmin is that they need to have two different connections from different providers to prevent an issue with one of them affecting the office. What networking concept did the sysadmin use to justify the added expense? a) Load balancing b) Diverse paths c) Virtual router redundancy d) First hop redundancy

b) Diverse paths -Diverse paths refer to provisioning links over separate cable conduits that are physically distant from one another. -First hop redundancy refers to provisioning failover routers to serve as the default gateway for a subnet.

An administrator manually configured a server's network interface card (NIC) settings to run at 100Mbps and connected the server to the switch. However, communications between the server and other hosts on the network were extremely slow. When the administrator checked the light on the server's switch port, it was blinking amber. What kind of issue does this indicate? a) Shielded cable issue b) Duplexing issue c) Short issue d) Transceiver issue

b) Duplexing issue -Setting both a NIC and switch port to auto-negotiate will solve a duplex mismatch which will slow the link down by causing high packet loss and late collisions. -A short happens when two conductors join, usually because the insulating wire is damaged or poorly wired connectors.

Two systems receive split communications from ARP (Address Resolution Protocol) queries. What would cause this configuration issue to occur? a) Incorrect gateway b) Duplicate MAC address c) Duplicate IP address d) Expired IP address

b) Duplicate MAC address -A duplicate MAC address causes both hosts to contend with each other when responding to ARP queries. Then, communications could be split between them or reach only one of the hosts.

A network operations engineer is investigating alerts that the data center keeps switching to battery backup. What environmental factor should the engineer investigate? a) Flooding b) Electrical c) Temperature d) Humidity

b) Electrical -Computer systems need a stable power supply, free from outages (blackouts), voltage dips (brownouts), and voltage spikes and surges. -Low humidity increases the risks of static charges building up and damaging components. -High temperatures make it difficult for device and rack cooling systems to dissipate heat effectively. This increases the risk of overheating components within device chassis and consequent faults.

Smart power distribution units (PDUs) are mounted and networked in each rack enclosure in a small data center. Management would like to keep track of the power data and feed it to an analytical application. However, the data must be encrypted in transit. How can the network team secure the power data in transit? (Select all that apply.) a) Set up an RA guard. b) Enable and configure only SNMPv3. c) Enable dynamic ARP inspection. d) Configure a private VLAN.

b) Enable and configure only SNMPv3. d) Configure a private VLAN. -SNMPv3 supports encryption of data logs as they travel over the network to a target system like an analytics server. -A private VLAN (PVLAN) applies an additional layer of segmentation by restricting the ability of hosts within a VLAN to communicate directly with one another. PVLAN adds an extra layer of security over the network.

An engineer has installed a new router but is not connected to the core network yet. What type of connector should the engineer install to get the requested throughput of 30Gbps or more? a) Coarse wavelength division multiplexing (CWDM) b) Enhanced quad small form-factor pluggable (QSFP+) c) Enhanced form-factor pluggable (SFP+) d) Dense wavelength division multiplexing (DWDM)

b) Enhanced quad small form-factor pluggable (QSFP+) -QSFP+ supports 40 GbE by provisioning 4 x 10 Gbps links.

What kind of system should large data centers have to prevent catastrophic loss of server equipment? a) Firewall b) Fire suppression c) Power distribution unit d) Hot site

b) Fire suppression -Fire suppression systems work based on the fire triangle. The fire triangle works on the principle that fire requires heat, oxygen, and fuel to ignite and burn. Removing any one of those elements provides fire suppression (and prevention).

A customer at a retail store noticed that ads are pushed to their mobile device if they are within physical proximity to the store. Which technology uses these types of location services to configure policies specific to a user or device's physical location? a) Open WiFi b) Geofencing c) Pre-shared key d) MAC filtering

b) Geofencing

Ethernet's collision detection mechanism results in any network communications to happen in which way? a) Non-shared b) Half-duplex c) Collision free d) Full-duplex

b) Half-duplex -The collision detection mechanism means that only half-duplex transmission is possible. This means that a node can transmit or receive, but it cannot do both at the same time. -Full-duplex communication is not possible with collision detection.

What kind of disaster recovery site allows for immediate restoration of services by having a duplication of equipment in a separate location not contracted out to an online vendor? a) Cold b) Hot c) Warm d) Cloud

b) Hot -A hot site can failover almost immediately. It generally means that the site is already within the organization's ownership and is ready to deploy. -A cold site may be an empty building with a lease agreement in place to install whatever equipment the company requires when necessary. -A warm site could be similar, but with the requirement that the latest data set will need to be loaded.

Which protocol allows for a protected dialog between the client and server by assigning the web server a digital certificate issued by a Certificate Authority? a) Hypertext Transfer Protocol (HTTP) b) Hypertext Transfer Protocol Secure (HTTPS) c) Network Time Protocol (NTP) d) Secure Sockets Layer/Transport Layer Security (SSL/TLS)

b) Hypertext Transfer Protocol Secure (HTTPS) -HTTPS is a subset of HTTP that allows for a secure dialog between the client and server using SSL/TLS. To implement HTTPS, the web server is assigned a digital certificate by a trusted certificate authority (CA). -SSL/TLS works as a layer between the Application and Transport layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) stack. It is normally used to encrypt TCP connections.

A user took a laptop on vacation and made changes to the configuration in order to use the device at the hotel. The user can reach the Internet, but cannot access any internal network resources. Which of the following is the most likely reason? a) Incorrect SSID b) Incorrect DNS c) Incorrect subnet mask d) Duplicate IP address

b) Incorrect DNS -DNS servers translate domain names into IP addresses, making it possible for DNS clients to reach the origin server. It is the phonebook of the internet, connecting web browsers with websites. Having an incorrect DNS would case issues connecting to internal resources as described. -Subnet mask separates IP addresses into network and host addresses.

An IT engineer installs outdoor weatherproof wireless antennas on the sides of two buildings. The intention of the installation is to create a bridge between the two without having to connect physical media. The engineer uses omnidirectional antennas. Considering the implementation, which of the following describes the outcome of the connection? a) Incorrect antenna placement b) Incorrect antenna type c) Distance limitation d) Interference

b) Incorrect antenna type -A unidirectional (not omnidirectional) antenna is suitable for direct point-to-point connections.

A company has an Active Directory domain called specks.com. The company has an on-demand subscription for cloud services and wants to ensure their internal applications are accessible to their remote employees via their Fully Qualified Domain Names (FQDNs) in the cloud. The company will control all these services and applications. Which of the following will the company most likely be using throughout their organization? (Select all that apply.) a) External DNS server b) Internal DNS server c) Third-party DNS server d) Cloud-hosted DNS server.

b) Internal DNS server d) Cloud-hosted DNS server. -The company is using an internal DNS server because it controls all of its services and applications. The DNS server will provide name resolution using FQDNs. -The company wants to extend its internal DNS services to the cloud and a cloud-hosted option is most appropriate option. The company can deploy a virtual DNS server that is accessible by its cloud users. NOTE: when the internal server and cloud-hosted server is involved, it's always good idea to choose those options.

A sysadmin improved the bandwidth for the office, improving the quality of phone calls. What did the sysadmin improve? a) Severity levels b) Jitter c) Logging levels d) Speed/Duplex Settings

b) Jitter -Defined as being a variation in the delay, jitter manifests itself as an inconsistent rate of packet delivery. Jitter is apparent in phone or voice over internet protocol calls, manifesting as garbled audio.

A technician finishes running fiber optic cable across a large building to expand the internal network. The fiber connects to equipment in a rack with extremely limited space for a connector. Considering the situation and the types of available fiber connectors, which one will accomplish connectivity? a) UPC b) LC c) SC d) APC

b) LC -A local connector (LC) is a small form factor version of the SC push-pull fiber optic connector. It is available in simplex and duplex versions. SFP+ use the LC form factor but run at speeds of 10Gb.

A sysadmin is investigating an issue between two geographically distant offices. Users at these locations report that accessing the shared drive at the corporate office is taking too long, even though all three locations have gigabit-speed internet. What indicator could help direct the sysadmin to the issue? a) Processor b) Latency c) Memory d) Jitter

b) Latency -Latency refers to the time it takes for a packet to leave a computer, traverse the network, complete it's request and return to the original device, measured as Round Trip Time or RTT. -Remember that "load balancer" is used to reduce network latency.

A systems administrator looks to restrict access to a small LAN. How can the administrator achieve this goal when configuring a switch? a) MAC validation b) Link aggregation c) VLAN tagging d) Port mirroring

b) Link aggregation -Port aggregation combines two or more separate links into a single channel. The Link Aggregation Control Protocol (LACP) can recover from a failed link between a switch port and end system. -A tagged port refers to a virtual LAN (VLAN) configuration and will normally be the port operating as a trunk. That is, it is capable of transporting traffic addressed to multiple VLANs. -A port security configuration validates the MAC address of end systems that connect to a switch port.

A manager has reported a network outage at a remote branch office. After gathering some information and asking the manager and local IT personnel about the issue, a theory of probable cause cannot be established. Consider and determine what else the network support personnel can do to eventually resolve the issue? (Select all that apply.) a) Verify full system functionality. b) Look at system logs c) Separate multiple issues d) Verify LED status indicators.

b) Look at system logs d) Verify LED status indicators. -Looking at system logs on the switch or the affected servers will show symptoms of the outage. For e.g: If servers cannot communicate with FQDN (Fully Qualified Domain Name) but are able to ping IP addresses, then the issue may be DNS (Domain Name System) related. -Verify LED status indicators on the network ports will help determine if anything has changed physically. If there is no link light, the port or the cable may be damaged. NOTE: Verification is key here, except when it comes to the verification of the full system functionality. Full system functionality verification come after a solution has been implemented.

Which DNS record type is responsible for identifying a primary authoritative name server? a) NS b) SOA c) Root d) MX

b) SOA -The Start of Authority (SOA) record identifies a primary authoritative name server that maintains complete resource records for a zone.

A network administrator configured a switch to only permit a select number of physical addresses to connect, and then to drop any additional traffic with different network adapter IDs trying to connect. Analyze and select which of the following options will enforce this type of switch port protection feature and act as a guard against flooding attacks. a) Address Resolution Protocol (ARP) inspection b) Media Access Control (MAC) limiting c) Network Access Control (NAC) d) Media Access Control (MAC) filtering

b) Media Access Control (MAC) limiting -MAC limiting restricts the number of addresses. If port security has a maximum of two MAC addresses, the switch records the first two MACs to connect to that port, then drops any other traffic. -MAC filtering means defining which MAC addresses are permitted to connect to a switch port. This can be done by creating a list of valid MAC addresses.

A network architect has positioned multiple routers in different floor levels of a 10-story office building that will support the internal network of a large software company. Each routing device has redundant paths and connections. Which routing protocol would benefit the organization's hierarchical structure? a) RIP b) OSPF c) BGP d) EIGRP

b) OSPF -As the name implies open shortest path first (OSPF) is a link state type of routing protocol ideal for hierarchical systems and networks. OSPF is suitable for organizations with multiple redundant paths between networks.

An IT engineer notices that wireless network performance is at an all-time low. After reviewing the wireless console settings, the engineer makes changes to eliminate device saturation. Which problem does the engineer address? a) Jitter b) Overcapacity c) Channel overlap d) Interference

b) Overcapacity -"Saturation" is the keyword here. Overcapacity or device saturation occurs when too many client devices connect to the same AP. The maximum no. of clients that an AP can support varies, depending on the Wi-Fi standard used and the type of network traffic generated. -Jitter is similar to latency, however, rather than steady delays, jitter is a variable delay in the Round Trip Time (RTT) of packets.

A new physical web server receives power from and connects to the network in the communications closet. To ensure the server is ready to communicate with users in the various offices of the building, a network administrator verifies network service installation and that the server can communicate with a Layer 3 switch in the same closet. How may the network administrator carry out these tests? (Select all that apply.) a) Pink the virtual IP b) Ping the loopback c) Ping the Default Gateway d) Pink the subnet mask

b) Ping the loopback c) Ping the Default Gateway -The loopback address is a reserved address, typically an IPv4 address of 127.0.0.1. It is often used to check that TCP/IP is correctly installed on the local host. -The default gateway is the router. A layer 3 switch can operate on the network layer to route traffic. Pinging the gateway will verify that a path exists to eventually route to other offices.

A network engineer is determining where an antenna should be installed on the businesses' property. What is the engineer considering when they refer to the orientation of the wave propagating from the antenna? a) Effective isotropic radiated power (EIRP) b) Polarization c) Received signal strength indicator (RSSI) d) Channel overlap

b) Polarization -Polarization refers to the orientation of the wave propagating from the antenna to maximize signal strength; the transmission and reception antennas should normally use the same polarization.

A systems administrator establishes a failover solution while configuring network systems. What technology does the systems administrator use to accomplish this? a) Port tagging b) Port aggregation c) Port mirroring d) Port security

b) Port aggregation -Failover is the ability to seamlessly and automatically switch to a reliable backup system. Either redundancy or moving into a standby operational mode when a primary system component fails should achieve failover and reduce or eliminate negative user impact. The Link Aggregation Control Protocol (LACP) can auto-negotiate the bonded link between the switch ports and end systems.

A technician tries to duplicate a reported problem on a user's computer. Which of the following troubleshooting steps is the technician's focus? a) Developing a theory b) Problem identification c) Considering related issues d) Divide and conquering

b) Problem identification -It is important to take enough time to determine what has caused a problem. Identifying the problem includes a variety of steps that help to understand what is and is not working. This includes interviewing users and identifying symptoms for a diagnosis.

Which of the following terms relates to the bending of radio waves? a) Attenuation b) Refraction c) Reflection d) Absorption

b) Refraction -Glass or water can cause radio waves to bend and take a different path to a receiver and cause the data rate to drop. This is known as refraction.

What is a basic document that helps employees complete the same task with the same steps to ensure quality and success? a) MOU b) SOP c) AUP d) SLA

b) SOP -Standard Operating Procedure (SOP) sets out the principal goals and considerations, such as budget, security, or customer contact standards, for performing a task. It also identifies lines of responsibility and authorization for performing it. -An acceptable use policy (AUP) sets out the permitted uses of a product or service. It might also state explicitly prohibited uses. Organizations might use such a policy in different contexts.

A user is not able to browse the Internet, but can browse local shares without any issue. An IT engineer discovers that the default gateway is missing in the computer's dynamic network configuration. The engineer configures which of the following? a) IP helper b) Scope options c) IP exclusions d) IPAM

b) Scope options -Scope options define options that are given to clients that use the dynamic host configuration protocol (DHCP). A default gateway is such an option. -The core function of the IP address management (IPAM) is to scan DHCP and DNS servers and log IP address usage to a database. -An IP helper is a feature in devices to allow the broadcast of certain types of traffic including DHCP.

What do emergency, critical, and informational lines in a syslog refer to? (Select all that apply.) a) Link states b) Severity Levels c) Logging Levels d) Encapsulation errors.

b) Severity Levels c) Logging Levels -Logging levels refer to the threshold for storing or forwarding an event message based on its severity index or value. -Severity levels is another phrase for logging levels and refers to the categorization and logging of events based on a predetermined value.

What command visualizes the general NetFlow data on the command line? a) Show iperf b) Show ip cache flow c) Show ip flow export d) Show mls netflow ip

b) Show ip cache flow -The show ip cache flow command displays the NetFlow accounting statistics. This would show a visualization of general NetFlow data. -To obtain more administrative privileges and display the statistics for NetFlow accounting data export, including the main cache, use the command: show ip flow-export (in user EXEC or privileged EXEC mode) This command shows more advanced accounting statistics than the show ip cache flow command. -Iperf is a network performance utility that can generate TCP and UDP traffic to test bandwidth, latency and packet loss. -The show mls NetFlow ip displays NetFlow IP entries.

Which of the following VPN involves more than two sites connecting the remote spokes to a headquarters hub by using static tunnels configured between the hub and each spoke? a) Full Tunnel b) Site-to-site VPN c) Virtual Network Computing (VNC) d) Clientless VPN

b) Site-to-site VPN -Site-to-site VPN connects two or more private networks automatically. The gateways exchange security information using whichever protocol the VPN is based on.

Which of the following security options would require the use of a smart badge to gain access to a rack enclosure full of rack-mounted servers and storage appliances? a) CCTV b) Smart locks c) Locking cabinets d) IDS

b) Smart locks -A smart locker is a cabinet that supports unlocking via a smart card/badge or biometric. Lockers may also have built-in monitoring and surveillance to alert an administrator when a person adds or removes an item. -(IDS) is a system that can deploy as a hardware appliance or software application. An IDS performs real-time analysis of either network traffic or system and application logs.

Which type of authentication factor should be applied if a network administrator wants to implement a method incorporating gestures as either an intrusion detection or continuous authentication mechanism, despite its susceptibility to error? a) Something you have b) Something you do c) Something you are d) Something you know

b) Something you do. #Something you do refers to behavioral biometric recognition, such as one's gestures, but is subject to high error rates. Something you do authentication is likely to be deployed as an intrusion detection or continuous authentication mechanism. NOTE: behavioral biometric recognition is susceptible to errors.

A physical server has been plugged in, powered on, and networked into the communication closet. Using a KVM (key, video, mouse) device, the network technician notices there is no network connectivity. Examining the back of the server, the LED status indicators for the port are off. After identifying the issue, which course of action should take place next? a) Step 1. Establish a plan Step 2. Implement a solution Step 3. Verify network connectivity b) Step 1. Test the theory Step 2. Implement a solution Step 3. Document the outcome c) Step 1. Verify system functionality Step 2. Implement a solution Step 3. Document the outcome d) Step 1. Document findings Step 2. Establish a plan Step 3. Implement a solution

b) Step 1. Test the theory Step 2. Implement a solution Step 3.

A small office is utilizing a total of 25 Internet Protocol (IP) addresses to support various workstations and printers. One of the workstations has an IP address of 192.168.10.50. Which of the following are true about this network's subnet? (Select all that apply.) a) Broadcast address of 192.168.10.31 b) Subnet mask of 255.255.255.224 c) CIDR notation of /27 d) CIDR notation of /28

b) Subnet mask of 255.255.255.224 c) CIDR notation of /27 -IP address 192.169.10.50 is part of the second subnet of the 192.168.10.0 network that is notated as 192.168.10.32/27. It's subnet mask is 255.255.255.224. -The Classless Inter-Domain Routing (CIDR) notation of /27 breaks down the 192.169.10.0 network into multiple sets of 30 usable IP addresses. This will supply enough IP addresses for the office.

An engineer creates several Ethernet cables and chooses to use the widely deployed pinout standard when terminating the cable ends. Considering the standard choices, which of the following does the engineer choose to implement? a) RJ-11 b) TIA/EIA 568b c) RJ-45 d) TIA/EIA 568a

b) TIA/EIA 568b -There are two defined methods for terminating Ethernet connectors: T568A and T568B. While T568A is mandated, T568B is the more widely deployed of the two.

A company invited an IT Consulting company to recommend network changes in an office building that will feature multiple teleconferencing rooms and open space for public Internet access. This is a shared office space for new small businesses. What benefits of the Quality of Service (QoS) protocol could the IT consulting company share to improve the building's network performance, especially for video conferences? (Select all that apply.) a) The management plane creates static routes. b) The control plane decides how to prioritize traffic. c) The service is basically a traffic shaper. d) The data plane handles the switching of traffic.

b) The control plane decides how to prioritize traffic. c) The service is basically a traffic shaper. d) The data plane handles the switching of traffic. #In terms of QoS, network functions divide into three planes. -The control plane makes decisions about how to prioritize traffic and where it should switch them. -The data plane handles the actual switching of traffic. This basically forwards packets through the router to their destination. -Protocols, appliances, and software that can apply these three functions are known as traffic shapers or bandwidth shapers.

An engineer troubleshoots a recent network configuration. Two switches that connect via a crossover cable can not communicate. Which statements help the engineer describe the current configuration? (Select all that apply.) a) Transmit occurs on pins 1 and 2 of the switch b) The crossover cable uses T568A on one end and T568B on the other end. c) The crossover cable uses T568A on both ends. d) Transmit occurs on pins 3 and 6 of the switch.

b) The crossover cable uses T568A on one end and T568B on the other end. d) Transmit occurs on pins 3 and 6 of the switch. -As an intermediate system, a switch port uses MDI-X and receives on pins 1 and 2 and transmits on pins 3 and 6. The cable between the host interface port and switch interface port should be straight through (either T568A on both ends or T568B on both ends) and not a crossover cable.

A Jr. systems administrator at an organization has just learned to use a multiple input multiple output (MIMO) configuration with a 802.11n wireless network. The administrator now plans on increasing bandwith by adding the maximum number of antennas possible in a 4x4:2 configuration. After evaluating the administrator's approach, which option defines the planned implementation? a) The number of recieve antennas x the number of transmit antennas : the number of channels bonded b) The number of transmit antennas x the number of receive antennas : the number of simultaneous transmit and receive streams c) The number of receive antennas x the number of transmit antennas : the number of simultaneous transmit and receive streams d) The number of transmit antennas x the number of receive antennas : the number of channels bonded

b) The number of transmit antennas x the number of receive antennas : the number of simultaneous transmit and receive streams #Multiple Input Multiple Output (MIMO) is the use of multiple antennas to boost bandwidth and is identified by AxB:C notation. A is the number of transmit antennas, B is the number of receive antennas, and C is the number of simultaneous transmit and receive streams.

A network administrator is working with the in-addr.arpa domain of the company's Domain Name System (DNS) server. The admin creates a pointer (PTR) record for a server's Internet Protocol (IP) address 10.60.100.21. Which of the following Enterprise network components is the administrator working with? a) The MAC reservations b) The reverse lookup zone c) The IP exclusions d) The IP helper

b) The reverse lookup zone -The reverse lookup zone is found in a special domain called in-addr.arpa of a Domain Name System (DNS) server. It contains PTR records to resolve IP addresses to name records (e.g. A record).

An administrator has just finished installing a new switch and connected two servers with IPs of 192.168.105.20 and .30. The servers can communicate with each other but are unable to reach the Internet. What information does the admin see in the switch configuration? a) The admin used a crossover cable to connect the switch to the gateway b) The server is missing default-gateway information c) A routing loop has occurred d) The subnet mask is incorrect

b) The server is missing default-gateway information -The default gateway is the path used to pass information when the device does not know where the destination is. It is a router that connects the host to remote network segments.

An administrator expected a newly installed network cable to operate at 1Gbps. However, when the administrator tested the cable, the speed was never actually that fast. What is the actual performance of the data traveling across the media called? a) Power over ethernet b) Throughput c) Attenuation d) Speed

b) Throughput -Throughput is an average data transfer rate achieved over a period of time, excluding errors incurred at the physical and data link layers and measured at the network or transport layer.

Which port will a Domain Name Server (DNS) use for record transfers over 512 bytes? a) User Datagram Protocol (UDP) port 53 b) Transmission Control Protocol (TCP) port 53 c) Transmission Control Protocol (TCP) port 23 d) User Datagram Protocol (UDP) 69

b) Transmission Control Protocol (TCP) port 53 -DNS server that needs to allow large record transfers over 512 bytes will be configured to allow connections over TCP port 53. -DNS server is usually configured to listen for queries on UDP port 53.

A network manager is designing a network for a new company. The company will have over 300 hosts and will interconnect multiple switches to build the network fabric. What will the network manager use to connect the switches? a) Virtual Local Area Network (VLAN) tag b) Trunks c) Access port d) Tagged port

b) Trunks -A trunk interconnects between switches on large networks. A sysadmin will configure each switch as a trunk port for this purpose.

The 802.11n wireless network is experiencing a significant amount of latency. The IPERF utility determines that the wireless network is experiencing a significant number of packets arriving out of order, arriving late, and being completely lost. What should be done? a) Move the WAP's antenna to a lower physical location. b) Try using a different channel on the WAP to reduce interference from other 2.4 GHz devices. c) Verify that wireless devices are not using mismatched SSIDs. d) Verify that all devices on the wireless network are using the correct encryption mechanism.

b) Try using a different channel on the WAP to reduce interference from other 2.4 GHz devices. -A variety of factors can cause latency. In this scenario, interference is the most likely culprit. Checking for interference emitters is a good place to start. Also, check if the WAP is set to use the same channel as another WAP or a 2.4 GHz cordless phone system. -NOTE: Moving the WAP to a lower physical location would most likely decrease the signal quality and increase latency.

A wireless access point is available on the floor for wireless users in the area. User 1 wants to send a file to user 2 using their laptop's wireless adapters. Which of the following is the most secure way of sending files to one another using their current wireless adapters? a) Using an infrastructure connection b) Using an ad hoc connection c) Using a wireless mesh network d) Using a bus network connection

b) Using an ad hoc connection -ad hoc means when necessary or needed.

A network administrator must install a new building floor with wireless access points (APs) to provide a wireless network to employees' mobile devices. The AP security settings will be hardened and use an Extensible Authentication Protocol (EAP) to allow users to authenticate with their user accounts to access the network securely. What is the minimum wireless protection required to install these APs properly? a) WPA2-Enterprise b) WPA-Personal c) WPA-Enterprise d) WPA2-Personal

b) WPA-Personal -WPA2-Enterprise allows clients to pass on employees' user credentials to gain access to the AP. WPA2, in general, uses Wi-Fi encryption with Advanced Encryption Standard (AES) and Cipher Block Chaining Message Authentication Code Protocol (CCMP).

A security researcher discovered a software vulnerability and notified the vendor to give them time to patch the vulnerability. What type of vulnerability is this? a) Vulnerability assessment b) Zero-day c) Zero trust d) Legacy systems

b) Zero-day -Zero-day is a vulnerability that is exploited before the developer knows about it or can release a patch. These can be extremely destructive since it can take the vendor a lot of time to develop a patch and leave the systems vulnerable.

A system sends a message to all link-local nodes via a multicast address. Compare private address types and conclude which address the system will use. a) 192.152.160.120 b) ff02:1 c) 00:5a:3b:08:5c:02 d) ff:ff:ff:ff:ff:ff

b) ff02:1 -A multicast address identifies multiple network interfaces. Unlike Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6) must support multicast. The first 8 bits indicate the address is within the multicast scope (1111 1111 or ff). The address ff02::1 has a target of all link-local nodes. #Fe80 is for link local addresses.

A Windows server is being configured to go live again on a LAN (Local Area Network) that has a DHCP (Dynamic Host Configuration Protocol) server with a new pool of addresses. The change must be verified upon completion. Which of the following commands would be most appropriate to apply to this scenario? (Select all that apply.) a) ipconfig /flushdns b) ipconfig /release c) ipconfig /renew d) ipconfig /all

b) ipconfig /release c) ipconfig /renew d) ipconfig /all -Pay attention to the section where it says "the change must be verified upon completion". Which is done by using ipconfig /all. -ipconfig /release -ipconfig /renew -ipconfig /all NOTE: ipconfig /flushdns is for clearing the DNS resolver cache. Again, if verification is required, use ipconfig /all.

A systems admin is unable to ping remote hosts from a Debian server. Remote hosts can ping the server. The admin troubleshoots the issue by examining the OUTPUT chain. Determine which tool meets the admin's needs to troubleshoot the issue. a) ifconfig b) iptables c) route d) ipconfig

b) iptables -The iptables command line utility is used to edit the rules enforced by the Linux kernel firewall. It can change INPUT, OUTPUT and FORWARD chains that are firewall rulesets.

An engineer is building a backbone network in a new facility. The cabling going from one side of the building to the other is about 500 feet and will support a 5Gbps link between two routers. Which type of cabling should the engineer use? a) Coaxial/RG-6 b) 1000BASE-SX c) 10GBASE-SR d) 10GBASE-LR

c) 10GBASE-SR -A 10GBASE-SR is a fiber Ethernet standard best suited to implementing backbone cabling that does not exceed 200 m (656 feet) and can achieve at least 4 Gbps throughput.

A gamer is using a wireless AC router connected to a fiber optic network from the local Internet Service Provider (ISP). The gamer must ensure the ISP is providing close to advertised network speeds. Which is the most appropriate tool to gauge the available bandwidth? a) A port scanner b) A packet sniffer c) A speed testing website d) A Wi-Fi analyzer

c) A speed testing website -A bandwidth or broadband speed tester website measures the time taken to download and upload a randomized stream of data to a web host. This is a common speed test with Internet Service Providers (ISPs).

An organization looks to implement a solution where remote workers can access both cloud-based resources and on-premise data. Some users will use company-issued laptops, while others will use personally owned desktop computers. Which solution does the IT department deploy? a) A multitenancy environment b) A hybrid cloud c) A virtual private network d) A desktop as a service environment

c) A virtual private network -Remote workers need VPN. -Since VPN creates a secure channel to share data, VPN could satisfy this company's need to access cloud apps and on-premise data.

A wireless AP (access point) is placed on a table on the corner of an office floor with many furniture items and cubicles. Which of the following is most likely causing a weak or loss of signal in some areas of the office? (Select all that apply.) a) Signal reflection from a mirror b) Interference from a microwave c) AP is in the wrong location d) Furniture is absorbing the signal.

c) AP is in the wrong location d) Furniture is absorbing the signal. -Cubicles are used in an office situation, so even though it mentions furniture, we should understand these don't contain mirrors. -Signal absorption that occurs through walls, windows, furniture, and even people will reduce signal strength. Concrete is the most effective absorber of radio signals. -The best location for an AP is at the center of the office floor and on the ceiling to minimize the signal absorption from furniture and cubicle walls.

Which of the following security methods is used to prevent unauthorized users from tailgating behind authorized users into secure buildings? a) Locking racks b) Biometric c) Access control vestibule d) Badge reader

c) Access control vestibule -Access control vestibule is where one gateway leads to an enclosed space protected by another barrier. -Locking racks are installed equipment within secure cabinets or enclosures that provide mitigation against insider attack and attacks that have broken through the perimeter security mechanism.

A sysadmin noticed that there were changes to the hardware firewall not properly documented. The sysadmin does not know who made the change. What type of log should the sysadmin investigate that may shed light on who made the change in the firewall? a) Traffic b) Baseline c) Audit d) Trap

c) Audit -An audit log records the use of authentication and authorization privileges. It will generally record success/fail type of events. An audit log is also known as an access log or security log. NOTE: For Firewall report, audit is used not syslog or baseline. For network equipment check, use baseline.

A newly deployed stack with servers, network switches, a KVM (Key, Video, Mouse), storage unit, and uninterruptible power supplies has just been fully cabled. After powering on the stack, there seems to be a network connectivity issue between the switch and servers. What is the best approach when trying to resolve this type of network issue? a) Plan of action b) Top-to-bottom c) Bottom-to-top d) Divide and conquer

c) Bottom-to-top -A bottom-to-top approach of the OSI (Open System Interconnection) model is a methodical validation of network components starting from the bottom or layer 1 (Physical) and going up. This is most appropriate because cables have just been connected. -For "divide and conquer" approach, it starts with the layer most likely to be causing the problem, then work either down or up depending on the test results. NOTE: bottom-to-top, top-to-bottom, divide and conquer are all "step 2" (establish a theory of probable cause) of the 7 steps of the troubleshooting process.

The same hub has Host A1 and Host B1 connected. Host A1 sends a request to communicate with Host C2. Host B1 is communicating with Host C3. There is a delay in communications between Hosts A1 and C2 until the media is clear. Which Ethernet Protocol is providing this function? a) Virtual Local Area Network (VLAN) b) Carrier Sense Multiple Access/Collision Detection (CSMA/CD) c) Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) d) Broadcast domain

c) Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) -CSMA/CA protocol uses schemes, such as "request to send", to gain access to the media. Nodes listen to the media before transmitting and transmit when the media is clear. A node wanting to transmit but detecting activity, must wait and try later. -CSMA/CD protocol defines methods for detecting a collision. When a signal present on the interface transmits and receives lines simultaneously, the node broadcasts a jam signal.

An engineer has a task to survey an old building and determine the current network infrastructure. Building owners state that some cabling is from a recent install. The engineer achieves a speed of 10 Gbps while testing the cable up to 100 meters and also determines the cable to be well shielded. Based on the engineer's findings, the cabling meets what specification? a) Cat 5e b) Cat 6 c) Cat 7 d) Cat 3

c) Cat 7

To increase wireless bandwidth in a large building, an engineer researches solutions. Which of the following implementations refers to using 40 MHz as a solution? a) Omnidirectional antenna b) Unidirectional antenna c) Channel bonding d) MU-MIMO

c) Channel bonding -802.11n can obtain more bandwidth with the option to use two adjacent 20 MHz channels as a single 40 MHz channel, referred to as channel bonding, which is a practical option only in the 5 GHz band.

The help desk support team of a company is being inundated with tickets regarding user requests for a solution to better manage the need to enter multiple passwords in different web portals. Analyze and explain the disadvantage of the network administrator implementing single sign-on (SSO) as a solution. a) A user who authenticates with Windows also authenticates with Exchange. b) Each user does not manage their accounts. c) Compromising the account compromises multiple services. d) Users authenticate once to gain access to all resources.

c) Compromising the account compromises multiple services.

A new network administrator in the lab is not able to get a server from one subnet talking to another server in a different subnet. Unsure about the multiple routes configured on the layer 3 switches, the administrator decides to do rapid troubleshooting to at least get the two servers communicating with each other. What should the network administrator configure to fix the network issues? a) Configure the exterior gateway protocol b) Configure a default route c) Configure a static route d) Configure the interior gateway protocol

c) Configure a static route -A static route is manually added to the routing table and only changes if edited by the administrator. This is ideal for temporary solutions to rapidly set up a route for network testing or quick troubleshooting.

New workstations are set up in the office. They currently do not have an Internet Protocol (IP) address set and are connected to the network. These workstations will need to work with applications that are time sensitive. What must the system administrator configure for these applications to function correctly? a) Create a CNAME record. b) Enable DHCP on the NIC. c) Configure the correct NTP settings. d) Point to the correct DNS server.

c) Configure the correct NTP settings. -When it mentions time, NTP is involved. -NTP enables the synchronization of these time-independent applications. Workstations that connect to these applications must know the correct time by pointing to the correct NTP IP address to synchronize time. -CNAME or canonical name record is used to represent an alias for a host. For e.g: the true name of a web server could be masked as the alias WEB. NOTE: The question talks about applications that are "time sensitive". So, since it's related to time, think about NTP.

A network administrator uses a program that can use an access control list (ACL) to allow or deny control traffic from certain sources and apply rate-limiting if a source threatens to overwhelm the route processor. What is this called? a) MAC Filtering b) Extensible Authentication Protocol c) Control Plane Policing d) DHCP Snooping

c) Control Plane Policing -Control plane policing is a policy that is designed to mitigate the risk from route processor vulnerabilities.

A new office building was constructed right outside a United States military. The building has a few wireless access points (APs) that must adhere to some federal regulations because of the building's locations. What regulation would the building management have to adhere to regarding these APs? a) 2.4 Ghz AP must use channel 14. b) Use maximum EIRP settings. c) Decrease the power output. d) Use maximum frequency power.

c) Decrease the power output. -Decreasing the power output decreases the AP frequency range. This can prevent the food market Wi-Fi frequency from going over to the military base where wireless signals are commonly restricted. -In America, regulations permit channels 1-11 only, while in Europe, regulations permit channels 1-13, and in Japan, regulations allow all 14 channels.

A network contractor is reviewing the algorithms used for path selection. The algorithms categorize according to the topology and metrics used to build and update a routing information base. It also prioritizes optimal or least-cost paths. What algorithm uses the number of hops to determine the destination as a metric? a) Routing information protocol b) Hybrid routing protocol c) Distance vector d) Static route

c) Distance vector -Distance vector protocols use the number of hops to the destination as the metric. The route with the fewest hops is the least-cost path, and the network will select it for use.

Two Windows hosts connected to a switch are contending to respond to ARP (Address Resolution Protocol) queries. Only one of the hosts is receiving network traffic. Determine the most likely cause of this issue. a) Incorrect gateway b) Expired IP address c) Duplicate MAC address d) Duplicate IP address

c) Duplicate MAC address -the duplicate MAC address will cause both hosts to contend with each other when responding to (ARP) queries. As a result, communications could be split between them or reach only one of the hosts.

Which protocol would a switch authenticating via 802.1x mechanisms use? a) NAC b) EAPoW c) EAPoL d) EAP-TLS

c) EAPoL -Under 802.1X, the device requesting access is the supplicant. The switch, referred to as the authenticator, enables the Extensible Authentication Protocol over LAN (EAPoL) protocol only and waits for the device to supply authentication data. -802.1X defines the use of EAP over Wireless (EAPoW) to allow an access point to forward authentication data without allowing any other type of network access. -The IEEE 802.1X Port-based Network Access Control (NAC) protocol provides the means of using an EAP method when a device connects to an Ethernet switch port, wireless access point, or VPN gateway.

A typical private network may have a router separating the internal network from the public network (Internet). The router may have a single IP interface to the public network but multiple interfaces connected to multiple internal subnets. How would a network administrator describe these different internal subnets? a) Each subnet has a single trunk uplink. b) Each subnet is a collision domain. c) Each subnet is a broadcast domain. d) Each subnet has a DSL modem.

c) Each subnet is a broadcast domain. -Each subnet is a separate broadcast domain which allows all nodes in that subnet to communicate with each other but must go through the router to communicate with another subnet or broadcast domain.

A network uses a dynamic routing protocol that requires the administrator to provide weighted elements such as reliability, bandwidth and load. Which routing protocol is in use? a) Routing Information Protocol (RIP) b) Open Shortest Path First (OSPF) c) Enhanced Interior Gateway Routing Protocol (EIGRP) d) Border Gateway Protocol (BGP)

c) Enhanced Interior Gateway Routing Protocol (EIGRP) -EIGRP is a distance vector-based routing protocol and uses a metric composed of several administrator weighted elements.

Which authentication method allows users to authenticate to the wireless network against a RADIUS server using their regular network credential? a) Control Plane Policing b) Wireless Client Isolation c) Extensible Authentication Protocol d) MAC Filtering

c) Extensible Authentication Protocol (EAP) -Used by WPA2-Enterprise.

A technician is evaluating the organization's autonomous system to determine if it can use paths through another organization's network. What is the technician trying to determine? a) Static route b) Administrative distance c) Exterior gateway protocol d) Routing information protocol

c) Exterior gateway protocol -An Exterior Gateway Protocol (EGP) is one that can advertise routes between autonomous systems. An EGP includes a field to communicate the network's autonomous system ID and allows network owners to determine whether they can use paths through another organization's network.

What piece of network equipment is typically defined as "next-generation" and allows network engineers to allow or deny traffic to specific locations within the network? a) Router b) Network interface card c) Firewall d) Switch

c) Firewall

An engineer needs to update a DNS infrastructure with new host names. Which configuration does an engineer modify with host records that map to IP addresses? a) Recursive lookups b) DNS caching c) Forward lookups d) Time to live settings

c) Forward lookups -Forward lookups use a forward lookup zone to return an IP address associated with a host name. In this case, an entry for the particular host was likely missed or contains a typo. -Time to live (TTL) settings refer to the configuration of caching host names. When the TTL expires, the cache entry is invalid.

Network switches at a small manufacturing firm use the neighbor discovery (ND) protocol. Which features will the network benefit from as a result? (Select all that apply.) a) Each switch determines the shortest path to the root. b) Switches are organized into a hierarchy. c) Hosts are allowed to discover other nodes. d) Hosts can configure IPv6 addresses automatically.

c) Hosts are allowed to discover other nodes. d) Hosts can configure IPv6 addresses automatically. -ND protocol features address auto-configuration that enables a host to configure IPv6 addresses for its interfaces automatically and detect whether an address is already in use on the local network. -The ND protocol features local address resolution, which allows a host to discover other nodes and routers on the local network.

The admin can ping the router at 192.168.105.1 from the switch. Which of the following is the most likely cause of the problem? (Select all that apply.) a) Determine the next steps to resolve the problem b) Confirm the theory c) Implement preventive measures. d) Verify full system functionality.

c) Implement preventive measures. d) Verify full system functionality. -Verifying full system functionality is useful to identify the results and effects of a solution. Having a user try to recreate the issue after a fix is a good test. -Implementing preventive measures helps to protect a system from future issues. For e.g: antivirus software can be installed and updated to prevent a virus infection or user rights can be modified to protect system resources, files and applications from being deleted or tampered with.

A cloud implementation for a growing business requires additional processing power. How will an engineer provide additional resources in real-time? a) Implementing scalability b) Implementing a private direct-connect to the CSP c) Implementing elasticity d) Implementing orchestration

c) Implementing elasticity -Elasticity refers to a system's ability to handle changes on-demand in real-time. A system with high elasticity will not experience loss of service or performance if demand increases.

A network engineer was tasked with resolving why certain printers were inaccessible by users next to those printers. The engineer realized the printer's network port on the switch was not configured to the proper network. The engineer set the network configuration tag to 30 for those ports, resolving the issue. What was most likely the cause of the issue? a) IP exclusions b) DNS issue c) Incorrect VLAN d) Untrusted SSL certificate

c) Incorrect VLAN -When setting up a virtual local area network (VLAN), all things that need to communicate must be assigned the correct VLAN or access within all network equipment.

A company technical support representative troubleshoots a wireless network. Users state that the wireless signal barely spans across a large auditorium. According to the owner's manual, the signal should go beyond the current space. Which of the following wireless properties is likely causing the signal problem? a) Interference b) Incorrect antenna type c) Incorrect antenna placement d) Frequency mismatch

c) Incorrect antenna placement -Incorrect antenna placement can cause signal issues. Some antennas are meant to be ceiling mounted while others are designed for wall placement. This is because some antenna signals function in certain directions. -Keyword to distinguish if it's antenna type or antenna placement is by understanding that it is talking abt "beyond the current space". Just by placing the antenna at the correct space, this problem could be solved, saving u time & money that's required to replace a new antenna.

Windows workstations at a small company are not able to log on to a Windows server. Which of the following is the likely cause? a) A untrusted SSL (Secure Sockets Layer) certificate b) Incorrect ACL (Access Control List) settings c) Incorrect system time d) Blocked UDP ports

c) Incorrect system time -A server or host needs to be configured with the correct time. Authentication, and other security mechanisms will often fail if the time is not synchronized on both communicating devices. -An Access Control List (ACL) is used to determine authorization to resources. Incorrect ACL settings could restrict a user or system from functioning properly or they could allow unintended access.

All client machines configured for DHCP are up and running without issue. However, the clients not configured for IPv4 are not getting IP addresses. What should the server administrator configure so the IPv6 clients can receive automatic address configuration as well? a) Dual stack b) RFC1918 c) SLAAC d) Router advertisement

c) SLAAC -IPv4 depends heavily on the DHCP for address autoconfiguration. IPv6 uses a more flexible system of address autoconfiguration called the stateless address autoconfiguration (SLAAC).

A Windows Active Directory (AD) domain uses companyname.com. An external web server uses www.companyname.com. Users on the corporate network cannot reach the web server when using a www prefix. An IT engineer modifies which of the following to remedy the issue? a) DNS forwarder b) External DNS zone c) Internal DNS zone d) Third-party DNS

c) Internal DNS zone -Internal DNS zones refer to the domains used on a private network. As the site uses the same domain name as AD, an A record for www needs to be created internally to point to the public web server address.

A business with three different locations needs to share data between storage area networks at each site. This business has a strict budget they need to maintain while achieving this function. Which of the following options can link storage area networks without the need for expensive fiber-specific switches and adapters? a) Software-defined network b) Fibre Channel c) Internet Small Computer Systems Interface (iSCSI) d) East-West

c) Internet Small Computer Systems Interface (iSCSI) -The iSCSI can link Storage Area Networks (SANs) but is also seen as an alternative to Fibre Channel itself since it works over ordinary Ethernet network adapters and switches.

A network administrator sets up a policy that secures the authentication mechanism that a host must be able to match at least one matching security method for a connection to be established. What is this called? a) Transport layer security (TLS) b) Authentication header (AH) c) Internet protocol security (IPSec) d) Encapsulating security payload (ESP)

c) Internet protocol security (IPSec) -IPSec can be used to secure IPv4 and/or IPv6 communications on local networks and as a remote access protocol. Each host that is required to use IPSec must be assigned a policy. -Encapsulating security payload (ESP) provides confidentiality and/or authentication and integrity. It can be used to encrypt the packet rather than simply calculating a hash. Only ESP provides confidentiality for the packet contents. Excludes the IP header when calculating ICV

An administrator suspects there is too much jitter on a network's backbone. What method can the administrator use to identify which device is experiencing issues? a) Light meter b) Spectrum analyzer c) LED status indicators d) Optical time-domain reflectometer (OTDR)

c) LED status indicators -LED status indicators on a network interface card (NIC) or a switch/router port indicate the status and problems with a link.

Office desktop computers and Voice over Internet Protocol (VoIP) phones will most likely connect to this network device to communicate with other systems over the Local Area Network (LAN). a) Access point b) Wireless LAN controller c) Layer 3 switch d) SCADA system

c) Layer 3 switch -Layer 3 switch or multilayer switch is a standard switch optimized for routing between VLANs. This will allow office computers and VoIP phones to connect directly for network connection and even power if the switch supports Power over Ethernet (PoE). NOTE: always remember switch when it says VLANs (Cisco switch!!!)

While working on a router, a network technician identifies that the number of available ports has been restricted. What type of issue is presented to the network technician? a) Broadcast storm b) Device configuration review c) Licensed feature issue d) BYOD challenges

c) Licensed feature issue -Licensing for servers and network appliances can be complex, and it is easy to make configuration errors. On a switch or router, license failures could restrict the number of ports available, the number of routes allowed in the routing table, or the availability of routing protocols. -A broadcast storm will cause network utilization to go to a near-maximum capacity and the CPU utilization of the switches to jump to 80 percent or more.

What is the primary authentication method used when only the target device verifies administrator credentials on the system? a) Lightweight Directory Access Protocol (LDAP) b) Remote Authentication Dial-in User Service (RADIUS) c) Local authentication d) Terminal Access Controller Access Control System Plus (TACACS+)

c) Local authentication

Which of the following would a technician find in a network map? a) Firewall rules b) QoS standards c) MDF/IDFs d) System logs

c) MDF/IDFs -MDF stands for Main Distribution Frame and IDF stands for Independent Distribution Frame.

A network engineer troubleshoots an issue where clients are not receiving IP addresses from a new, properly configured DHCP server on another subnet. Statically addressed clients can get onto the same network with no issues. Which of the following is causing the issue? a) Improper routing protocols b) Incorrect VLAN tagging c) Missing helper addresses d) Wrong default gateway

c) Missing helper addresses #DHCP IP Helper addresses are configured on a routed interface that allows that specific device to act as a "middle man," which forwards Broadcast DHCP to the DHCP server. -VLAN tagging is a method through which more than one VLAN is handled on a port. IT is used to tell which packet belongs to which VLAN.

A network administrator is reviewing some packets flagged by the Intrusion Detection System (IDS). The administrator notices that the packets are ping packets, but the size of the packets is much larger than expected. What is the MOST likely cause of the oversized packets? a) TCP flags b) Corrupted MTU c) Modified payload d) False positive

c) Modified payload.

An IT engineer chooses to use a fiber cable implementation that uses light emitting diode (LED) technology rather than one that uses lasers. Considering the optic technology in use, what does the engineer implement? a) Duplex b) Single-mode c) Multimode d) Bidirectional

c) Multimode -Multimode fiber is inexpensive to deploy compared to single-mode fiber. As such, it does not support long distances as single-mode. Multimode uses light emitting diode (LED) technology.

A technician creates a hosts file on a computer as a short term fix for systems connectivity. What is the purpose of using this file? a) Incorrect subnet mask b) Incorrect host-based firewall settings c) Names not resolving d) Unresponsive service

c) Names not resolving -If a system experiences a Domain Name System (DNS) problem, symptoms will include the inability to connect to hosts by name. A hosts file can test and be used as a short-term fix for name resolution.

A security consulting firm has been granted access to an organization's network to assess the network's security posture for about two weeks. The security firm has recently suggested using active or intrusive measures that can confirm any of the network's assessed weaknesses. What type of action is the security firm asking the organization to authorize? a) Vulnerability assessment b) Posture assessment c) Penetration testing d) Threat assessment

c) Penetration testing -A penetration test (often shortened to pen test) uses authorized hacking techniques to discover exploitable weaknesses in the target's security systems. This is an active approach to assessing vulnerabilities.

In terms of radio wave signals, which term describes the bouncing of signals? a) Absorption b) Attenuation c) Reflection d) Refraction

c) Reflection -Mirrors or shiny surfaces cause signals to reflect, meaning that a variable delay is introduced. Reflection causes packets to be lost and consequently the data rate to drop. -Refraction just means glass or water can cause radio waves to bend!!!!!!!!!!!!

A virtual private network exists between two sites. The main site delivers Internet protocol (IP) addresses to the remote site. A configuration change places the remote site on a different subnet. An IT engineer reconfigures which of the following? a) Lease b) Reservation c) Relay d) Pool

c) Relay -A DHCP relay agent can be configured to provide forwarding of DHCP traffic between different subnets.

A network administrator needs to provide remote workers access to internal messaging servers but cannot do internal service at the perimeter network. What can the network administrator deploy to listen for client requests from the Internet and create the appropriate request to the internal messaging server? a) Intrusion prevention system b) Voice gateway c) Reverse proxy d) Forward web proxy

c) Reverse Proxy -A reverse proxy server provides for protocol-specific inbound traffic. This type of proxy can listen for client requests from the Internet and create the appropriate request to the internal server. -A forwarding proxy server provides for protocol-specific outbound traffic. A web proxy must be able to parse and modify HTTP and HTTPS commands. -A voice gateway is a means of translating between a VoIP system and legacy voice equipment and networks, such as Plain Old Telephone Service (POTS) lines and handsets.

In which of the following would an IT engineer configure a PTR? a) DNS Hierarchy b) Forward lookup zone c) Reverse lookup zone d) DNS Forwarder

c) Reverse lookup zone -A PTR record is found in reverse lookup zones and is used to resolve an IP address to an associated host name.

A managed service provider onboarded a new client that operates out of their house and has no need for servers. The client does not want network equipment to granularly define what they can access and would rather have a simple box to connect to the internet. What kind of box should the provider install for the client? a) Network interface card b) Switch c) Router d) Firewall

c) Router -It might be called a simple box...LOL.. but a router is an intermediate system working at the network layer capable of forwarding packets around logical networks of different layer 1 and layer 2 types. -A network interface card (NIC) joins an end system host to network media (cabling or wireless) and enables it to communicate over the network by assembling and disassembling frames.

A sysadmin is running into the issue that traffic is getting dropped by the network equipment. After researching the issue, the sysadmin found that the individual packets were too small. What should the sysadmin configure to remove? a) Baseline b) Giants c) Runts d) Bandwidth

c) Runts -A runt is a frame that is smaller than the minimum size (64 bytes for Ethernet). A collision usually causes a runt frame. -A giant is a frame that is larger than the maximum permissible size (1518 bytes for Ethernet II). If it is too large, it may get dropped by networking equipment.

The DHCP server is offline and the server team is working on re-building corrupted scope information. The team notices that some clients have not had any issues since the DHCP server went down. After investigating the operational client machines, the team notices that they are all running IPV6. How do IPv6 hosts gain addressing without manual configuration? a) Router advertisement b) RFC1918 c) SLAAC d) Dual stack

c) SLAAC -IPv4 depends heavily on the Dynamic Host Configuration Protocol (DHCP) for address autoconfiguration. IPv6 uses a more flexible system of address autoconfiguration called stateless address autoconfiguration (SLAAC).

IT implements Google Suite for Business at a large firm. This implementation negates the need to install any local applications. Considering the implementation, which type of cloud service does IT deploy? a) IaaS b) Hybrid c) SaaS d) PaaS

c) SaaS

An organization moving to a cloud infrastructure joins one of its partners' platforms. Evaluate the given statements and conclude which best fits the organization's approach. a) Multi-tenant use b) Private link c) Shared costs d) Utilization benefits

c) Shared costs -A community cloud solution is where several organizations share the costs of either a hosted private or fully private cloud. NOTE: joining a platform is community cloud solution. (You join a community!!!!)

A network technician installed a Wi-Fi analyzer app on a personal smart phone to analyze the recently installed wireless access point (AP). Evaluate and select useful information available for a site survey. a) Channel bandwidth b) AP list c) Signal Strength d) Channel graph

c) Signal Strength -Depending on the position of the smart phone, the Wi-Fi analyzer can display how strong the signal is from the location of the access point (AP). This can be used to troubleshoot signal loss in certain areas. -An AP list will show all available wireless access points that the smart phone is able to hear. The Service Set Identifier (SSID) of the AP will be listed.

A network administrator wants to deploy an intrusion detection system. Which of the following authentication factors incorporates biometric recognition that uses a template which is created by analyzing behavior? a) Something you are b) Something you know c) Something you do d) Something you have

c) Something you do -Something you do refers to behavioral biometric recognition. A template is created by analyzing a behavior, and is more likely to be deployed as an intrusion detection or continuous authentication mechanism. -Important to understand that Something you are means employing a biometric recognition system.

A sysadmin was monitoring the logs of the network equipment in the corporate office and noticed there were a lot of packet collisions. After digging around the individual network boxes, the sysadmin found that there was a misconfigured switch. What setting most likely contributed to packet collisions? a) Bandwidth b) Memory c) Speed/Duplex d) Packet count

c) Speed/Duplex -Half duplex refers to only being able to transfer or receive one at a time. Full duplex refers to being able to transfer and receive at the same time. Having multiple devices configured differently can cause collisions.

Client systems receive IP address configurations via a DHCP server. When negotiating the address information assignment, what relates to available leases? (Select all that apply.) a) ARP b) DORA c) T2 d) T1

c) T2 d) T1 -A client can renew its lease from a DHCP server when at least half the lease's period has elapse (T1 timer) so that it keeps the same IP addressing information. -A client can attempt to rebind the same lease configuration with any available DHCP server. By default, this happens after 87.5% of the lease duration is up (T2 timer).

An engineer configures a DomainKeys Identified Mail (DKIM) record to list the names allowed to receive email from a given source. Considering domain name system (DNS) record types, which does the engineer configure? a) CNAME record b) "A" record c) TXT record d) SRV record

c) TXT record -A TXT record is used to store any free-form text that may be needed to support other network services. DomainKeys Identified mail (DKIM) records are TXT records that are used to decide whether email is allowed from a given source to prevent spam and mail spoofing.

A Linux server is unable to ping remote hosts, but other hosts can ping the server. Using the iptables command-line utility, what should a network technician examine to ensure the ping command can work for the Linux server? a) The FORWARD chain b) The INPUT chain c) The OUTPUT chain d) The PREROUTING chain

c) The OUTPUT chain -The OUTPUT chain is a firewall ruleset for outgoing connections. Verify that this chain does not prevent the outgoing connection using ping or the remote host's IP (Internet Protocol) address or name. Remote hosts need the connection going from the internal network. -INPUT chain is a firewall ruleset for incoming connections. Other hosts are able to ping the LINUX server, so this chain does not have any issues. -The FORWARD chain is a firewall ruleset for connections that are passing through the server. -PREROUTING chain is processed before INPUT, OUTPUT or FORWARD chains.

A restaurant chain's corporate offices connect via a hierarchical star network topology. What term does CompTia use to describe the links that aggregate and distribute traffic from multiple different areas of the network? a) Control layer b) Infrastructure layer c) Access/edge d) Backbone

d) Backbone -The term backbone describes the links that aggregate and distribute traffic from multiple different areas in the network.

A network administrator is maintaining the lab network, including several routers using Open Shortest Path First (OSPF). The administrator adds a specific route to a new router. This new route will get which default value for administrative distance? a) 20 b) 110 c) 90 d) 1

d) 1 -A static route (which is not OSPF, OSPF default AD value is 110) has a default administrative distance (AD) value of 1. The value expresses the relative trustworthiness of the protocol supplying the route. -BGP has default AD value of 20, EIGRP ==> 90, OSPF ==> 110.

A network technician is installing a new ethernet receptacle using a punch tool. Which blade type can the technician utilize to terminate the wires onto the punch block? a) 66 b) RJ-11 c) RJ-45 d) 110

d) 110 -Technicians mostly use 110 format punch blocks for LAN technology and RJ-45 connections. They have a set blade on one end of the punch tool.

Select the Internet Protocol (IP) address that is in the Class B private address range. a) 10.160.025.001 b) 127.050.137.081 c) 169.254.140.102 d) 172.20.105.003

d) 172.20.105.003

A network administrator is testing a remote server's network configuration and decides to ping the Internet Protocol (IP) address of a familiar office Windows workstation. No replies were received, but the admin confirms DHCP settings are enabled on the workstation and can successfully browse the Internet. Analyze the scenario to determine why the client workstation did not respond to a ping request. a) The same IP address of another client is being used. b) The Ethernet port is bad. c) The IP address has expired. d) An IP address from another subnet is being used.

d) An IP address from another subnet is being used. -The client workstation has a valid Internet Protocol (IP) address from a different subnet range. This is possible with a rogue Dynamic Host Configuration Protocol (DHCP) server on the same local area network (LAN).

A network administrator is setting up new address pools on a Dynamic Host Configuration Protocol (DHCP) server and is having difficulty remembering available Internet Protocol (IP) addresses. Which of the following would make the management of allocated IP addresses on the network easier? a) External DNS server b) An NTP server c) Scope options d) An IPAM service

d) An IPAM service -IPAM or IP address management is designed to scan DHCP and DNS servers and log IP address usage to a database. It can be used to manage and reconfigure DHCP and DNS servers remotely.

A company named Specks has solicited the use of cloud services and has chosen a Platform as a Service (PaaS) product from Oracle with an Oracle Database. The company will use this platform to build custom applications on thin clients inbased in the cloud. Which of the following is true? a) Servers are configurable by Specks. b) Server security is handled by the Specks. c) All Oracle software suites are included. d) Application security is handled by Specks.

d) Application security is handled by Specks. -PaaS would provide servers and storage network infrastructure but also a multi-tier web application/database platform on top. The company would install custom software on the platform (e.g. Oracle Database) and be responsible for the security of the application.

A user calls to report that email is not working and that there is a printer jam. Which troubleshooting approach is best? a) Establish a theory of probable cause. b) Divide and conquer. c) Implement the solution or escalate as necessary. d) Approach multiple problems individually.

d) Approach multiple problems individually. -Discovering symptoms of more than one problem is common. When problems do not seem to be related, it is best to treat each issue as a separate case. NOTE: Approach multiple problems individually is the 1st step (identify the problem), of the 7 steps of the troubleshooting.

A network installer is installing new phone lines into the network room. The installer has many blades for the punch down panels in the building and needs a blade that is customizable on one end. Which blade should the installer use that has a customizable blade on one end of the punch tool? a) Krone b) 110 c) 66 d) Bix

d) Bix -BIX panels are rare but still used. The blades for these panels are adjustable on one end of the punch tool. They are similar to a 110 punch tool but are adjustable.

Computers connected to a network in a new building are experiencing slow network speeds. An administrator is troubleshooting the issue and sees that the new building uses the plenum space for the ethernet cable runs. How could this cause slow network speeds? a) By reversing the transmit and receive b) By causing a short c) By causing an open d) By causing interference

d) By causing interference -nstallers normally route the cable through conduits or wall spaces, avoiding excessive bends and proximity to electrical power cables and fittings, such as fluorescent lights, as these could cause interference. -Reversing the transmit and receive (TX/RX reverse) happens when an installer connects the conductors from one pair to pins belonging to a different pair.

A college is upgrading their high-speed network infrastructure to support direct-connect Internet in all student buildings and dormitories. The network will connect to high-performing school servers that will provide computer lab environments for classes. What type of network is the school continuing to maintain? a) WLAN b) PAN c) WAN d) CAN

d) CAN -The term campus area network (CAN) is sometimes used for a LAN that spans multiple nearby buildings. This high-speed network can connect directly with all students in all the buildings and dormitories.

A network manager for ABC company in Seattle, WA adds host Advert20 to Active Directory. Advert20 is a client in the Advertising department. Compile this information to design the distinguished name of the client. a) OU=Advertising, CN=Advert20, O=ABC, L=Seattle, ST=WA, DC=com, DC=ABC b) CN=Advert20, OU=Advertising, O=ABC, L=Seattle, ST=WA, DC=com, DC=ABC c) DC=com, DC=ABC, ST=WA, L=Seattle, O=ABC, OU=Advertising, CN=Advert20 d) CN=Advert20, OU=Advertising, O=ABC, L=Seattle, ST=WA, DC=ABC, DC=com

d) CN=Advert20, OU=Advertising, O=ABC, L=Seattle, ST=WA, DC=ABC, DC=com -A distinguished name is a unique identifier for any given resource within a X.500 directory. The most specific attribute is listed first, and successive attributes become progressively broader. In this scenario the client name is Advert30 and is the most specific attribute followed by the Organization (OU), Organization (O), Locality (L), State (ST), Domain Component (DC).

After plugging a cable into a computer, a user reports there is no network access. Which of the following tools would the technician most likely check to verify that the cable was crimped correctly? a) Punch down tool b) Toner probe c) Loopback plug d) Cable certifier

d) Cable certifier -A cable certifier is used to verify that a cable meets it's specifications, such as the bandwidth and frequency. For e.g: it can verify a CAT 5e cable meets specifications and supports speeds of 1000Mbps, and can verify a CAT 6 cable supports speeds of 10 Gbps. NOTE: CAT 6 cable supports speeds of up to 10 Gbps but distance of up to 55 meters only. CAT 6a cable supports speed of up to 10 Gbps and distance of up to 100 meters. -A loopback plug is a connector used for diagnosing transmission problems on parallel and serial ports. It plugs into a port on the back of the computer.

A network is running slow. To determine why the administrator wants detailed properties for the cable run, including how much attenuation, crosstalk, noise, and resistance are on it. What tool should the administrator use to get all of this information? a) Spectrum analyzer b) OTDR c) Multimeter d) Cable tester

d) Cable tester -The administrator should use a cable tester that reports detailed information on the cable's physical and electrical properties, including crosstalk, attenuation, noise, and resistance.

The network monitoring software alerts to issues where packets are circulating between two routers before they get discarded. How would a network administrator confirm this routing issue on the network? a) Check the routing table for next hop. b) Check the ISP to ISP route. c) Check the link state of the routers. d) Check if the TTL goes to 0.

d) Check if the TTL goes to 0. -The TTL IP header field reduces by one every time a router (referred to as a hop) forwards a packet. When pinging a destination, the routing loop will eventually reduce the TTL value to 0. -The IP header field has the pin sticking out, this is the TTL.

What provides additional options, rather than only leases, for host Internet Protocol (IP) addresses? a) EUI64 b) ESP c) APIPA d) DHCPv6

d) DHCPv6 -IPv6 can locate routers and generate a host address with a suitable network prefix. In this context, the role of a DHCP server in IPv6 is different. DHCPv6 is used to provide additional option settings, rather than leases for host IP addresses.

Which of the following systems provide an active response to network threats that match signature patterns? a) IDS b) SCADA c) VPN headend d) IPS

d) IPS -An intrusion prevention system (IPS) can deploy as hardware or software to provide an active response after analyzing possible network threats that match signature patterns. -IDS is like IPS but provides passive response to detected network threats using alerts such as emails or notifications.

A computer system sporadically connects to network services. Which of the following caused this issue? a) Incorrect gateway b) Expired IP (Internet Protocol) address c) Rogue DHCP (Dynamic Host Configuration Protocol) server d) Duplicate IP (Internet Protocol) addresses

d) Duplicate IP (Internet Protocol) addresses -If Windows detects a duplicate Internet protocol (IP) address, it will display a warning and disable the IP. Hosts with the same IP will contend to respond to ARP queries, and communications could be split between them. -A rogue (DHCP) server is one that is distributing addresses to hosts and is not authorized to be on a network. -A system with an expired IP address may have lost connection with a DHCP server and will need to have its IP address information updated and/or lease times should be reduced.

A network administrator is using a method that enables remote site routers to connect to the hub router using an IPSec tunnel, GRE tunneling, IPSec encryption, and next-hop router protocol (NHRP) to deploy provisioning to the VPNs. What is this called? a) Site-to-site VPN b) Generic routing encapsulation (GRE) c) Clientless VPN d) Dynamic multipoint VPN (DMVPN)

d) Dynamic multipoint VPN (DMVPN) -Dynamic multipoint VPN (DMVPN) allows VPNs to be set up dynamically according to traffic requirements and demand. Each site can communicate with all other spokes directly no matter where they are located.

How can a network administrator prevent a rogue device or server from sending unknown IP addresses to clients requesting one? a) Enable secure SNMP b) Enable dynamic ARP inspection c) Enable a RA guard d) Enable DHCP snooping

d) Enable DHCP snooping -DHCP snooping causes the switch to inspect DHCP traffic arriving on access ports to ensure that a host is not trying to spoof its MAC address. It can also be used to prevent rogue DHCP servers from operating on the network.

A network administrator needs to build a network that can account for network reliability with a default routing element such as "delay" to carry time-sensitive data such as voice or video. The network needs to also apply the cost to route traffic at the lowest bandwidth link available. Which routing protocol would be appropriate for this network? a) Routing Information Protocol (RIP) b) Open Shortest Path First (OSPF) c) Border Gateway Protocol (BGP) d) Enhanced Interior Gateway Routing Protocol (EIGRP)

d) Enhanced Interior Gateway Routing Protocol (EIGRP) -The EIGRP is a distance vector-based routing protocol and uses a metric composed of several administrator weighted elements such as "bandwidth" and "delay".

A medium organization would like to deploy a secondary security measure that can attract attackers if they are able to bypass the screened subnet firewalls. What security measure would provide this additional layer of security near the network boundary? a) Network access control b) Network segmentation enforcement c) Demilitarized zone d) Honeypot

d) Honeypot -A honeypot is a computer system set up to attract attackers, with the intention of analyzing attack strategies and tools, to provide early warning of attack attempts, or possibly as a decoy to divert attention from actual computer systems.

Which of the following devices operates similarly to a multiport repeater? a) Edge router b) Cable modem c) Bridge d) Hub

d) Hub -A hub acts similar to a multiport repeater so that every port receives transmissions sent from any other port. #As a repeater, the hub works only at the Physical layer.

A network administrator is monitoring network traffic and notices a severe spike on port 993. Which protocol is causing the spike in network traffic? a) IMAP b) SMTP c) POP3 over SSL d) IMAP over SSL

d) IMAP over SSL -POP3 over SSL port number is 995. -POP3 port number is 110 and IMAP port number is 143. -SMTP port number is 25.

An engineer configures a wireless distribution system (WDS) in bridged mode. As a result, which of the statements are true regarding access point functionality? a) In bridged mode, access point functionality does not centralize wireless management. b) Access point functionality only assigns distribution systems to a single access point. c) Access point functionality works in repeater mode only. d) In bridged mode, access point functionality does not support wireless clients.

d) In bridged mode, access point functionality does not support wireless clients. -WDS can bridge two separate cabled segments. When WDS is in bridge mode, the AP will not support wireless clients.

A systems administrator deploys a proxy server for an organization. The administrator chooses to use a transparent approach to the configuration. Considering how the systems administrator deploys the proxy server, what does this configuration type utilize? a) Mapping of IP to MAC addresses b) Content filtering c) Client port configuration d) Inline network appliance

d) Inline network appliance -A transparent proxy intercepts client traffic without the client being configured. A transparent proxy must be implemented on a switch or router or other inline network appliance. #An inline network device is one that receives packets and forwards them to their intended destination. Common inline network devices include routers, switches, firewalls, and intrusion detection and intrusion prevention systems, web application firewalls, antimalware and network taps. Typically residing on layer 2 or layer 3 of the network topology, inline network devices are considered critical to the function of an enterprise network. Any failure of an inline network device typically results in dropped packets, which can cause errors in the computing programs and processes that rely on the successful transmission of those packets.

A technician finishes running fiber optic cable across a large building to expand the internal network. The fiber connects to equipment in a rack with extremely limited space for a connector. Considering the situation and the types of available fiber connectors, which one will accomplish connectivity? a) APC b) SC c) UPC d) LC

d) LC -A local connector (LC) is a small form factor version of the SC push-pull fiber optic connector. It is available in simplex and duplex versions. SFP+ use the LC form factor but run at speeds of 10Gb.

An organization has asked a network engineer to suggest a type of connection the new office space will require. The chief executive officer (CEO) tells the engineer the organization wants a dedicated T1 line not slowed down by other businesses or Internet Service Provider (ISP) customers. What type of connection has the CEO described to the engineer? a) Satellite b) Demarcation point c) Digital subscriber line (DSL) d) Leased line

d) Leased line -For leased line data services, the foundation level of the T-carrier is the DS1 or T1 digital signal circuit. This service comprises 24 channels multiplexed into a single 1.544 Mbps full duplex digital connection used for voice and data. The engineer can multiplex the T1 lines themselves to provide even more bandwidth.

What kind of diagram shows the architecture of a network without involving a precise layout based on a floor plan? a) Physical b) Site survey c) Baseline d) Logical

d) Logical

An administrator measures the resistance between the two ends of a cable and verifies that the cable has a break. What tool allows the administrator to test the cable in this manner? a) TAP (test access point) b) Tone generator c) Loopback adapter d) Multimeter

d) Multimeter -The purpose of a multimeter is for testing electrical circuits, but it can test for the continuity of any copper wire by measuring the resistance across the cable. -A test access point (TAP) reads the signals from the network stack and will either output two streams to monitor a full-duplex link or rebuild the streams into a single channel. -TAP) monitors the frames on a network, and in the case of an active TAP, it can also perform signal regeneration.

A network administrator is researching network virtualization and is trying to find a standard architecture for appliances to be developed against. Which of these should the administrator look at for a standard? a) MPLS b) Hypervisor c) vswitch d) NFV

d) NFV -Virtual appliances might be developed against a standard architecture, such as ETSI's Network Function Virtualization (NFV). NFV divides provisioning into three domains.

A network administrator uses a method that connects the port used for management access to a physically separate network infrastructure. What is this method? a) Management port b) Console port c) AUX port d) Out of band management

d) Out of band management -Out of bound management allows access to the network when the network is down. Out of bound can be used remotely to reboot devices.

A company uses several Windows Servers for Active Directory, SQL Server, RADIUS, DHCP, and DNS. Management pushes to move to the cloud. IT suggests moving services in a staggered fashion as to not cause disruption. IT moves SQL server instances to the cloud as a start. IT migrates this specific function to which of the following service types? a) SaaS b) IaaS c) Hybrid d) PaaS

d) PaaS -Platform as a Service (PaaS) is a computing method that uses the cloud to provide any platform-type services. A SQL database is an example of PaaS.

A network engineer is investigating a complaint where clients are claiming they are having difficulties connecting to the WLAN. Which of the following should be confirmed for accuracy when attempting to connect to the WLAN? a) Effective isotropic radiated power (EIRP) b) Encryption protocol mismatch c) Received signal strength indicator (RSSI) d) Passphrase

d) Passphrase -If SSID broadcast is suppressed, a station can still connect to a WLAN by entering the network name manually. If a passphrase is used, make sure it is entered correctly. -RSSI is the strength of the signal from the transmitter at the client end.

Which of the following methods is used to encapsulate IP packets for transmission over serial digital lines? a) Internet protocol security (IPSec) b) Generic routing encapsulation (GRE) c) Transport layer security (TLS) d) Point-to-point protocol (PPP)

d) Point-to-point protocol (PPP) -Point-to-point protocol (PPP) is an encapsulation protocol that works at the Data Link layer (layer 2). PPP has no security mechanisms, so must be used with other protocols to provision a secure tunnel.

Identify the function that copies packets sent to one or more source ports to a destination port. a) Bridge Protocol Data Unit (BPDU) b) Spanning tree c) Switching loops d) Port mirroring

d) Port mirroring -Port mirroring copies all of the packets sent to one or more source ports to a mirror (or destination) port. On a Cisco switch, this refers to a Switched Port Analyzer (SPAN). -A spanning tree is a means for bridges to organize themselves into a hierarchy. The bridge at the top of the hierarchy is the root bridge. -STP information is packaged as a Bridge Protocol Data Unit (BPDU)

What is a device designed to filter and transfer data packets between dissimilar types of computer networks called? a) Hub b) Switch c) Load balancer d) Router

d) Router -A router connects two or more packet-switched networks. It serves two primary functions: managing network traffic by forwarding data packets to their intended IP addresses and allowing multiple devices to use the same Internet connection.

Which of the following works directly with programmable logical controllers (PLCs) in an industrial complex? a) Smart speakers b) Smart refrigerators c) Wireless printers d) SCADA

d) SCADA -"Industrial complex" is the hint. -Supervisory Control And Data Acquisition (SCADA) is a category of software applications for controlling industrial processes, which is the gathering of data in real time from remote locations in order to control equipment and conditions. -(SCADA) system runs as software on ordinary computers to gather data and manage plant devices and equipment with embedded PLCs, referred to as field devices.

A Voice over Internet Protocol (VoIP) application does not work properly with company email address accounts. A tech concludes that a domain name system (DNS) record is incorrect. Which record type does the tech modify to restore services? a) TXT b) CNAME c) AAAA d) SRV

d) SRV -Keyword here is that a DNS record is required to "restore services".

A network administrator configures all printers in an organization to be issued specific IP addresses from a DHCP server. What does the administrator configure to accomplish this? (Select all that apply.) a) Dynamic assignment b) Scope c) Static assignment d) Scope options

d) Scope options -DHCP servers use scope options to issue configuration options, such as DNS server settings and more. -A scope, on the other hand, defines a range or ranges of addresses that DHCP server can issue to client systems.

The wireless access points (APs) on a large building floor have different names depending on the room. Employees and customers are confused and are constantly calling IT support to get the best wireless signal to work with as they constantly must change the AP connection. How can a network administrator improve wireless signals across the entire floor and provide a simple way to use the wireless network? a) Use Wi-Fi 6 APs. b) Create ad hoc connections. c) Set limit on power output. d) Set up an extended service set (ESS).

d) Set up an extended service set (ESS). -A wireless AP makes up an infrastructure basic service set (BSS). Multiple BSS may group together to form an extended service set (ESS) to boost wireless signals and a single AP name for the connection.

A network designer is explaining the options a business owner has to manage his business' network infrastructure. One option the business owner can choose will allow devices to provision and decommission quickly and to configure the devices via code in scripts. What is the term for the option described? a) Management plane b) Distribution/aggregation layer c) Backbone d) Software-defined network

d) Software-defined network -A software-defined network makes all parts of the network infrastructure accessible to automation and orchestration technologies.

A Wi-Fi router is unable to reach all users on the office floor due to radio interference. Which of the following tools have the capability to pinpoint the origin of the interference? a) Tone generator b) Protocol analyzer c) Power meter d) Spectrum analyzer

d) Spectrum analyzer -Received signal strength indication (RSSI) signal strength can help identify WiFi signal issues. A spectrum analyzer, usually a handheld device, is used to analyze radio or electrical interferences. The exact location can be pinpointed using this device. -A power meter or light meter is used to test a fiber optic cable to determine if there is a break in the cable. -A protocol analyzer is a software tool like Wireshark. Working in conjunction with a packet sniffer, it can decode a captured frame to reveal its contents in a readable format.

A sysadmin has set a network switch to auto-negotiate. What does this setting impact? a) Mirroring b) Connectivity c) Aggregation d) Speed

d) Speed -Switches support a range of Ethernet standards so older and newer network adapters can all connect to the same network. In most cases, a sysadmin sets a port on the switch to autonegotiate speed (10/100/1000 Mbps.)

An engineer configures a sender policy framework (SPF) record to list the server names allowed to send email for a company. Considering domain name system (DNS) record types, which does the engineer configure? a) "A" record b) CNAME record c) SRV record d) TXT record.

d) TXT record. -A TXT record is used to store any free-form text that may be needed to support other network services. An SPF record is a TXT record that is used to list the IP addresses or names of servers that are permitted to send email.

Name the model typically used in spine and leaf topologies to connect distribution switches to server nodes and provide higher bandwidth than the typical workgroup switch. a) Core b) Software-defined network c) Fibre Channel d) Top-of-rack switching

d) Top-of-rack switching -Top-of-rack switching refers to the practice of using switches specifically made to provide high-bandwidth links between distribution switches and server nodes.

What is the correct formula for the mean time between failure? a) Sum of scheduled service intervals plus unplanned outages over the period b) Total number of hours of unplanned maintenance divided by the number of failure incidents c) Total operational time divided by the number of devices d) Total operational time divided by the number of failures

d) Total operational time divided by the number of failures MTBF = total operational time/no. of failures. #MTBF represents the expected lifetime of a product. MTTR = total no. of hrs of unplanned maintenance/ no. of failure accidents #Mean Time to Repair (MTTR) is a measure of the time taken to correct a fault so that the system restores to full operation. Maximum Tolerated Downtime (MTD) = scheduled service intervals + unplanned outages over the period.

A sysadmin is investigating an issue on a switch after receiving reports that connecting to any network resource, local or on the web, is much slower than normal. What kind of log should the sysadmin investigate to determine what may be causing the issue? a) Security b) Audit c) Baseline d) Traffic

d) Traffic -Performance and traffic logs record statistics for compute, storage, and network resources over a defined period. This log would help to determine performance issues on a given network.

An administrator connected both a router and a gateway that had dissimilar media types. What kind of issue does this solution remedy? a) Short issue b) Shielded cable issue c) Duplexing issue d) Transceiver issue

d) Transceiver issue -A transceiver converts from one media type to another, uses an appropriate Ethernet standard and wavelength, and must match in pairs.

A technician is building a new network link between a switch and a router. The switch only has ethernet ports, while the router only has fiber ports. What could the technician utilize to connect these two devices? a) Patch panel/patch bay b) Fiber distribution panel c) SFP+ d) Transceiver/media converter

d) Transceiver/media converter -Enterprise switches and routers are available with modular, hot-swappable transceivers/media converters for different types of fiber optic patch cord connections. These allow connections between ethernet and fiber networks. -Permanent cables run through conduit to wall ports at the client access end and a fiber distribution panel at the switch end. Fiber patch cables complete the link from the wall port to the NIC and from the patch panel to the switch port.

A Simple Network Management Protocol (SNMP) agent informs the monitor of a port failure. Analyze the functions of an SNMP agent to determine what command the monitor uses for this notification. a) Set b) Get c) Walk d) Trap

d) Trap -The trap command is used when the agent informs the monitor of a notable event, such as a port failure. The threshold for triggering traps can be set for each value.

An engineer is installing a new connection between two database stacks. The engineer is using copper cable and needs a connection speed of 40GbE with a distance of about 12 feet. Which medium should the engineer utilize for this link? a) Coaxial b) 10BASE-T c) 10GBASE-LR d) Twinaxial

d) Twinaxial -Twinax is for data center 10 GbE (unofficially referred to as 10GBASE-CR) and 40 GbE (40GBASE-CR4) interconnections of up to about 5 meters for passive cable types and 10 meters for active cable types. -Ethernet over Fiber uses the IEEE 802.3 10GBASE-LR and 10GBASE-ER specifications.

What allows a network designer to allocate ranges of Internet Protocol (IP) addresses to subnets that match the predicted need for the number of subnets and hosts per subnet? a) Classless Inter-Domain Routing (CIDR) b) Public addressing c) Private addressing d) Variable Length Subnet Masks (VLSMs)

d) Variable Length Subnet Masks (VLSMs) -Variable Length Subnet Masks (VLSMs) allows a network designer to allocate ranges of Internet Protocol (IP) addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet.

Which of the following is an example of a modern network bridging device? a) VOIP endpoint b) Active hub c) Wireless range extender d) WAP

d) WAP -Wireless Access Points (WAP) allows wireless capable devices and wired networks to connect through a wireless standard. A WAP is a separate network device with a built-in antenna, transmitter, and adapter. -A WiFi extender is used to extend the coverage area of a WiFi network. It works by receiving the existing WiFi signal, amplifying it, and then transmitting the boosted signal. #WLAN controller enables centralized management of WAPs. #NOTE: When comptia talks about a network device used for improving wireless signal strength within homes and small offices, then they're just talking about wireless range extender.

Users in an organization report that email is not working properly. An IT engineer uses a command with the set type argument to check for valid email servers and discovers that inbound delivery is a problem. Considering the following utilities, which of the following does the engineer use to troubleshoot the problem? a) Nmap b) ipconfig c) netstat d) nslookup

d) nslookup -The nslookup command is a Windows utility that is used to troubleshoot domain name system (DNS) records. The command returns host (A) records by default and the set type argument is used to specify a record type. A mail exchanger (MX) record specifies an email server. An incorrect or missing MX record will cause mail delivery problems.

A network technician is troubleshooting network issues between a workstation and a virtual server running a beta application. Network performance is lacking and there seems to be issues in between the source and destination. Which command will provide the technician with the best information regarding other nodes between the workstation and the remote host? a) dig b) route c) arp d) pathping

d) pathping -The pathping command performs a trace route, then it pings each hop router a given number of times for a given period to determine the Round Trip Time (RTT) and measure link latency more accurately. The output also shows packet loss at each hop.