Network + v2 - B.2.7 Practice Test: CompTIA Network+ N10-009 (Ver. 3)
A network security engineer is performing network penetration testing. The engineer is using Nmap to make a map of all network devices and wants to identify all host addresses on the network more quickly by skipping OS fingerprinting until after a target machine is selected. Which of the following Nmap switches will BEST allow the engineer to perform host discovery only? answer -p -sn -sU -sT
Correct Answer: -sn Explanation Using Nmap with the -sn switch will suppress the port scan, which can reduce scanning time on large networks. TCP connect scanning is a more visible scan that establishes full connections with remote hosts. By default, Nmap scans 1,000 commonly used ports. The -p argument can be used to specify a port range. UDP ports can be scanned using the -sU argument. As these do not use ACKs, Nmap needs to wait for a response or timeout to determine the port state, so UDP scanning can take a long time. References 7.2.9 Lab: Scan for Web Services with Nmap 8.2.2 Nmap 8.2.3 Nmap Port Scanning
A company is planning to reorganize its network infrastructure to improve efficiency and reduce the complexity of its routing tables. They currently have eight /24 networks that are contiguous. The network administrator suggests using CIDR to summarize these networks into a single entry. What CIDR notation would achieve this? /24 /21 /22 /23
Correct Answer: /21 Explanation A /21 CIDR notation can summarize eight contiguous /24 networks into a single network. This is because a /21 network encompasses 2^11 = 2048 addresses, and since each /24 network represents 256 addresses, eight of them would total 2048 addresses. This summarization significantly simplifies the routing table by reducing eight entries to just one. A /22 network can summarize only four /24 networks, not eight. A /23 network can summarize only two /24 networks, making it insufficient for the given scenario. A /24 network represents a single network of 256 addresses and cannot be used to summarize multiple /24 networks.
You are configuring a Linux server and want to ensure that the server can resolve its own hostname to the loopback address without querying external DNS servers. Which file should you edit to achieve this? /etc/hosts /etc/network/interfaces /etc/resolv.conf /etc/nsswitch.conf
Correct Answer: /etc/hosts Explanation The /etc/hosts file on Linux systems is used for static name to IP address mappings. By editing this file to include the server's hostname with the loopback address (127.0.0.1), Bob can ensure that the server resolves its own hostname locally without needing to query external DNS servers. /etc/nsswitch.conf configures the priority of sources (like files, DNS) for various databases (like hosts, passwords), but it does not contain static mappings. /etc/resolv.conf is used to configure DNS clients with information about DNS servers but does not contain hostname to IP address mappings. /etc/network/interfaces is used for configuring network interfaces, not for hostname resolution. References 6.6.1 Client DNS Issues 6.6.2 Name Resolution Issues 6.6.3 nslookup
Which of the following Ethernet adapters would likely come at a considerable price premium over basic Gigabit models? 1 Gbps Ethernet adapter 10 Gbps Ethernet adapter 100 Mbps Ethernet adapter 56 Kbps modem adapter
Correct Answer: 10 Gbps Ethernet adapter Explanation Adapters that support higher speeds such as 10 GbE or 40 GbE come at a considerable price premium over basic Gigabit (1 Gbps) models due to their advanced technology and higher data throughput capabilities. A 100 Mbps Ethernet adapter is slower than a Gigabit model and would typically be less expensive. A 1 Gbps Ethernet adapter is considered a basic Gigabit model and would not have a price premium over itself. A 56 Kbps modem adapter is an outdated technology for dial-up internet access and is not comparable in function or price to Ethernet adapters. References 2.1.2 Ethernet Standards 2.1.3 Media Access Control and Collision Domains 2.1.4 100BASE-TX Fast Ethernet Standards 2.1.5 Gigabit Ethernet Standards 2.1.6 Fiber Ethernet Standards 2.1.8 Lab: Reconnect to an Ethernet Network 2.2.7 Lab: Connect to an Ethernet Network 3.1.2 Modular Transceivers 3.1.5 Ethernet Frame Format
A university is expanding its network to include a new building. The network address for this expansion is 10.0.0.0/16, and the university plans to create 14 subnets for various departments and functions within the building. What is the minimum subnet mask that can be used to accommodate at least 14 subnets? 255.255.252.0 255.255.248.0 255.255.240.0 255.255.254.0
Correct Answer: 255.255.240.0 Explanation To accommodate at least 14 subnets, you need to determine the minimum number of bits required. Borrowing 4 bits (2^4=16) from the host part of the address in a /16 network creates 16 subnets, which meets the requirement. This changes the subnet mask to /20, which in dotted decimal format is 255.255.240.0. A subnet mask of 255.255.248.0 (/21) would create 32 subnets, more than necessary, potentially leading to inefficient use of the address space. A subnet mask of 255.255.252.0 (/22) would create 64 subnets, far exceeding the required number. A subnet mask of 255.255.254.0 (/23) would create 128 subnets, significantly more than needed and would not be an efficient use of the address space for the given requirement. References 4.3.4 IPv4 Address Scheme Design
During a wireless network upgrade, you notice that the antenna cables connecting to some of the APs are quite long, potentially leading to signal loss. Which type of cable would minimize antenna cable attenuation? Coaxial cable with standard connectors Standard Ethernet cable 400 cable LMR/HDF/CFD 200
Correct Answer: 400 cable Explanation The correct answer is 400 cable. The 400 cable has an attenuation of about 0.22 dB/m, which is lower than the 0.6 dB/m attenuation of LMR/HDF/CFD 200 cable. This makes it a better choice for minimizing signal loss over long distances. LMR/HDF/CFD 200 cable has higher attenuation compared to 400 cable, making it less efficient for minimizing signal loss. Standard ethernet cable is not used for connecting antennas to APs; it's used for data transmission in wired networks. Without specifying the type, coaxial cables can vary greatly in attenuation properties. Standard connectors also add to the loss, making this option less desirable without more specific information. References 2.6.1 Specification and Limitations 2.6.6 Attenuation and Interference Issues 12.4.2 Insufficient Wireless Coverage Issues
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, although you can browse the Internet, you're unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions? 443 21 69 23
Correct Answer: 443
A university is upgrading its network infrastructure to accommodate its campus layout. The campus consists of three academic buildings, two dormitory buildings, and one administrative building. Each building requires its own subnet. he university also plans to add a new library and a sports complex within the next two years, each requiring its own subnet. How many subnets are required to meet the current and future needs? 6 8 5 7
Correct Answer: 8 Explanation The correct answer is 8 because the university currently has six buildings (three academic, two dormitories, one administrative) that each require a subnet. Additionally, with the planned addition of a new library and a sports complex, two more subnets will be needed, bringing the total to 8 subnets. Providing 5 subnets does not account for all the current buildings and the planned future expansions. Providing 6 subnets, while it accounts for the current buildings, does not include the two additional subnets needed for the future library and sports complex. Providing 7 subnets is incorrect because it falls short by one subnet; it accounts for the current buildings but only includes one of the two planned expansions. References 4.3.4 IPv4 Address Scheme Design
During a network upgrade, a network administrator decides to replace a hub with an Ethernet bridge to improve network performance. Which of the following outcomes should the administrator expect after the replacement? A decrease in the network's data transfer speeds A reduction in the overall network security An increase in the number of collision domains An increase in the number of broadcast domains
Correct Answer: An increase in the number of collision domains Explanation The correct answer is an increase in the number of collision domains. Replacing a hub with an Ethernet bridge will segment the network into separate collision domains for each connected device or network segment, reducing collisions and potentially improving network performance. An Ethernet bridge does not increase the number of broadcast domains; it operates at the Data Link layer and affects collision domains. Broadcast domains are segmented by routers at the Network layer. Replacing a hub with a bridge is likely to improve network security because it reduces the ability of devices to sniff traffic not intended for them, unlike hubs which broadcast all traffic to all ports. Replacing a hub with a bridge is expected to improve or maintain network data transfer speeds by reducing collisions, not decrease them. References 3.2.2 Bridges
Your company is launching a temporary marketing campaign and wants to direct traffic from promo.company.com to a third-party server hosting the campaign content. The third-party server is identified by the hostname campaign.hostingprovider.com. What DNS record should you create for promo.company.com to achieve this redirection? An MX record directing promo.company.com to campaign.hostingprovider.com An A record pointing to the IP address of campaign.hostingprovider.com A CNAME record for promo.company.com aliasing campaign.hostingprovider.com An AAAA record for promo.company.com pointing to the IPv6 address of campaign.hostingprovider.com
Correct Answer: A CNAME record for promo.company.com aliasing Explanation A CNAME record is the correct choice for aliasing one domain to another. This allows promo.company.com to resolve to the same address as campaign.hostingprovider.com without needing to know the IP address. An A record pointing to the IP address of campaign.hostingprovider.com is incorrect because directly using an A record would require knowing and updating the IP address, which is less flexible than using a CNAME record. An MX record directing promo.company.com to campaign.hostingprovider.com is incorrect because MX records are used for mail exchange purposes, not for redirecting web traffic. An AAAA record for promo.company.com pointing to the IPv6 address of campaign.hostingprovider.com is incorrect because an AAAA record is for IPv6 addresses, and the scenario does not specify needing an IPv6 address nor does it focus on IP address resolution. References 6.5.5 Host Address and Canonical Name Records 6.5.14 Lab: Create CNAME Records
An enterprise network has been experiencing erratic performance issues that have been difficult to diagnose. Network administrators have noticed that certain routes within the network become intermittently unavailable, leading to packet loss and increased latency. This behavior is sporadic and does not correlate with any specific network changes or patterns of usage. Upon closer examination, it was observed that the issues coincide with rapid changes in the status of one of the network interfaces, which alternates between up and down states frequently. What is the most likely cause of the intermittent route availability and the associated network performance issues? A flapping interface Inadequate bandwidth Incorrect subnet masking Insufficient routing table memory
Correct Answer: A flapping interface Explanation The correct answer is a flapping interface. A flapping interface, which frequently changes its state from up to down and back again, can cause significant disruption in a network. Each time the interface status changes, routing protocols must adjust the network topology information and propagate these changes throughout the network. This can lead to temporary route unavailability, increased routing protocol traffic to manage the topology changes, and, consequently, packet loss and increased latency as the network attempts to converge on a new topology. The erratic performance issues described, including intermittent route availability, are characteristic of the problems caused by a flapping interface. While inadequate bandwidth can lead to network congestion and increased latency, it does not directly cause routes to become intermittently unavailable. Bandwidth limitations typically result in consistent performance degradation rather than the sporadic issues described in the scenario. Incorrect subnet masking can lead to routing and addressing issues, but these problems would be constant and not intermittent. Incorrect subnet masking would not cause the network performance issues to coincide with rapid changes in the status of a network interface. Insufficient memory for the routing table could lead to dropped routes and network instability. However, this would more likely result in consistent network issues rather than the intermittent problems that correlate with the rapid status changes of a network interface, as described in the scenario. References 5.2.1 Dynamic Routing Protocols
An IT manager notices an unusual pattern of network traffic late at night when the office is usually empty. Traffic analysis shows repeated attempts to connect to various ports on servers hosting the company's financial databases. The source of the traffic is traced back to a few IP addresses that don't belong to the company's network. The IT manager suspects that these attempts are part of a reconnaissance effort to identify vulnerabilities. What type of attack is MOST likely being attempted in this scenario, and what should be the IT manager's immediate response? A denial of service (DoS) attack; A spoofing attack; the IT manager should implement stronger authentication mechanisms. A phishing attack; the IT manager should train employees to recognize malicious emails and websites. A port scanning attack; the IT manager should implement or strengthen firewall rules to block unauthorized scans.
Correct Answer: A port scanning attack; the IT manager should implement or strengthen firewall rules to block unauthorized scans. Explanation The correct answer is a port scanning attack; the IT manager should implement or strengthen firewall rules to block unauthorized scans. The scenario describes repeated attempts to connect to various ports on servers, especially during off-hours, which is indicative of a port scanning attack. This type of attack is used to identify open ports and services that could be exploited. The IT manager's immediate response should be to implement or strengthen firewall rules to block unauthorized scans and monitor for further suspicious activity. A denial of service (DoS) attack aims to make a service unavailable by overwhelming it with traffic. The scenario describes attempts to connect to ports, not overwhelming traffic, making DoS an unlikely type of attack in this context. A phishing attack involves deceiving individuals into revealing sensitive information through emails or fake websites. The scenario does not mention deceptive communications, making phishing an unlikely type of attack. A spoofing attack involves disguising the attacker's identity or forging information. While the scenario mentions traffic from unknown IP addresses, the focus is on port scanning, not identity forgery or information manipulation. Strengthening authentication mechanisms would not directly address the issue of unauthorized port scans. References 6.1.2 Transmission Control Protocol 6.1.3 TCP Handshake and Teardown 6.1.7 Lab: Explore Three-Way Handshake in Wireshark
During a wireless survey, you notice that the signal strength is excellent near the access points but drops significantly in the corners of the office. What is the MOST likely solution to this problem? answerCorrect Answer: Add additional access points or use booster antennas in areas with weak signal. Remove all access points and start over. Increase the transmit power of all access points to maximum. Paint the walls with a special paint that enhances signal strength.
Correct Answer: Add additional access points or use booster antennas in areas with weak signal. Explanation When signal strength is strong near access points but drops significantly in certain areas, such as corners, the most effective solution is often to add additional access points or use booster antennas to extend the coverage to those areas. This approach helps ensure that the network provides adequate coverage throughout the office. Removing all access points and starting over is an extreme measure that is unlikely to be necessary if the primary issue is simply weak signal in certain areas. Increasing the transmit power of all access points to maximum can cause interference and does not specifically target the areas with weak signal. While there are paints designed to influence wireless signals, painting walls is not a standard or particularly effective solution for addressing weak signal areas in an office environment. References 12.2.3 Wireless Surveys and Heat Maps
Your organization has recently expanded its operations and now requires a failover Internet connection for redundancy. The network team plans to connect to the Internet via two different ISPs. To manage this setup efficiently and ensure that your network can communicate with the rest of the Internet through either ISP, you are considering implementing a specific routing protocol on your edge routers. Which routing protocol should you implement on your edge routers to manage connectivity through multiple ISPs? EIGRP RIP BGP OSPF
Correct Answer: BGP Explanation BGP is the ideal choice for managing Internet connectivity through multiple ISPs because it is designed for routing between autonomous systems, such as those of different ISPs. BGP allows your network to exchange routing information with the ISPs, enabling efficient path selection and redundancy. OSPF is used for routing within a single autonomous system and is not suitable for routing between different ISPs. RIP, while a dynamic routing protocol, is not designed for the scale and complexity of routing between autonomous systems on the Internet. EIGRP, although capable of complex routing decisions within an autonomous system, is not used for routing between autonomous systems belonging to different organizations or ISPs. References 5.2.1 Dynamic Routing Protocols 5.2.5 Border Gateway Protocol
An online gaming enthusiast is looking for the best internet access type to support their hobby, which requires low latency and high upload speeds for live streaming. They live in a suburban area with access to various internet services. What would be the MOST appropriate choice? ADSL Satellite Internet Cable Internet SDSL
Correct Answer: Cable Internet Explanation Cable Internet with DOCSIS 3.0 is the most appropriate choice for an online gaming enthusiast who needs low latency and high upload speeds for live streaming. DOCSIS 3.0 technology allows for the use of multiplexed channels to achieve higher bandwidth, which can support both the low latency required for online gaming and the high upload speeds needed for live streaming. Cable Internet also tends to have lower latency compared to satellite internet, making it better suited for gaming. ADSL provides asymmetrical speeds with slower upload than download, which might not meet the needs of someone who requires high upload speeds for live streaming. SDSL offers symmetrical upload and download speeds, which could be suitable, but it generally does not offer the same high speeds or low latency as Cable Internet with DOCSIS 3.0. Satellite Internet suffers from high latency due to the signal having to travel to and from satellites in orbit, making it unsuitable for activities like online gaming that require quick response times. References 13.1.2 Internet Access Types
You are setting up a wireless local area network (WLAN) in your new office. You want to ensure that the network is efficient and minimizes data collisions as much as possible. You remember reading about a specific access method used in IEEE 802.11 standards that could help. Which access method should you implement to achieve your goal? Time Division Multiple Access (TDMA) Code Division Multiple Access (CDMA) Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) Frequency Division Multiple Access (FDMA)
Correct Answer: Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) Explanation The correct answer is Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is the access method used in IEEE 802.11 standards to manage data transmission and minimize collisions. It works by having the transmitting station check if the channel is clear before sending data and using acknowledgments (ACKs) to ensure data is received correctly. If an ACK is not received, the data is resent, thereby reducing the chances of data collisions in a busy network environment. TDMA divides the communication channel into distinct time slots assigned to each user, which is not the method used in IEEE 802.11 standards for minimizing collisions. FDMA divides the frequency band into individual channels assigned to each user, which is different from the collision avoidance strategy used in IEEE 802.11. CDMA allows multiple signals to occupy the same channel simultaneously by using unique codes, which, while effective in certain contexts, is not the method employed by IEEE 802.11 standards for collision avoidance. References 12.1.1 IEEE 802.11 Wireless Standards 12.1.2 IEEE 802.11a and 5GHz Channel Bandwidth 12.1.4 IEEE 802.11n, MIMO, and Channel Bonding 12.1.6 Multiuser MIMO and Band Steering
You are setting up a wireless network in your small office using an older router that supports IEEE 802.11b. You notice that the Wi-Fi signal is interfering with other wireless devices in the office. To minimize interference, you decide to configure the router to use one of the recommended non-overlapping channels. Which channel should you choose? answer Channel 13 Channel 9 Correct Answer: Channel 6 Channel 3
Correct Answer: Channel 6 Explanation To minimize interference in the 2.4 GHz band, it is recommended to use one of the non-overlapping channels: 1, 6, or 11. Channel 6 is the correct choice among the options provided, as it is one of the three non-overlapping channels that can help reduce co-channel interference with other devices. Channel 3 overlaps with channels 1 through 5, leading to potential interference. Channel 9 overlaps with channels 7 through 11, which can cause interference with other devices operating on those channels. Channel 13 is incorrect for two reasons: first, it is not one of the recommended non-overlapping channels (1, 6, 11), and second, in some regions like the Americas, Channel 13 is not available for use. References 12.1.3 IEEE 8021b/g and 2.4GHz Channel Bandwidth
You are a network administrator tasked with setting up a new router for your company's branch office. You need to configure the router before it can be connected to the company's network. You have a laptop with terminal emulator software installed. Which of the following methods should you use to initially configure the router? Connect your laptop to the router's console port using a console cable and configure it through the terminal emulator. Use an SSH connection over the Internet to remotely access the router's command line interface. Send configuration commands to the router via email and wait for it to automatically configure itself. Connect your laptop to the router's wireless network and configure it using a web interface.
Correct Answer: Connect your laptop to the router's console port using a console cable and configure it through the terminal emulator. Explanation The current answer is to connect your laptop to the router's console port using a console cable and configure it through the terminal emulator. For initial configuration of network devices like routers, a direct connection to the device's console port using a console cable is the standard method. This allows network administrators to access the command line interface (CLI) directly through terminal emulator software on their laptop, enabling them to configure the device even if it has no network connectivity or initial configuration. This method is secure and reliable for initial setups. Connecting your laptop to the router's wireless network and configuring it using a web interface is incorrect because the router likely does not have wireless capabilities enabled or configured out of the box. Initial configuration often requires direct physical access. Using an SSH connection over the Internet to remotely access the router's command line interface is incorrect as SSH connections require network access and initial configuration, which the new router does not have until it is set up. Send configuration commands to the router via email and waiting for it to automatically configure itself is incorrect because routers do not automatically configure themselves based on received emails. Configuration requires direct interaction, typically through a CLI accessed via a console port for initial setup. References 13.3.5 Console Connections and Out-of-Bound Management
You are a network administrator troubleshooting connectivity issues in a local area network (LAN) that uses Ethernet. One of the computers on the network is unable to access the Internet. You suspect the issue might be related to ARP. Which of the following steps would be MOST appropriate to diagnose the problem? Immediately replace the Ethernet cables of the affected computer, assuming physical damage is causing the connectivity issue. Check the ARP cache on the affected computer to see if it has the correct MAC address for the default gateway. Increase the firewall security settings on the affected computer to prevent ARP spoofing attacks. Configure the affected computer to use a static IP address instead of DHCP to bypass the ARP process.
Correct Answer: Check the ARP cache on the affected computer to see if it has the correct MAC address for the default gateway. Explanation Checking the ARP cache on the affected computer is a direct method to diagnose potential ARP-related issues. The ARP cache stores recent IP-to-MAC address mappings. If the MAC address for the default gateway is incorrect or missing, it could prevent the computer from accessing the Internet. This step helps in identifying whether the ARP process is functioning correctly or if there's an issue with the ARP entries. While physical damage to Ethernet cables can cause connectivity issues, it is not directly related to ARP or its functionality. This step might be considered if there were signs of physical damage or if other troubleshooting steps did not resolve the issue. However, it does not directly diagnose an ARP-related problem. Configuring the affected computer to use a static IP address might bypass the need for some DHCP operations, but it does not bypass the ARP process. ARP is still required to resolve the MAC address of the default gateway or other hosts in the subnet, regardless of whether an IP address is obtained via DHCP or configured statically. Increasing the firewall security settings might help prevent ARP spoofing attacks, but it does not address the immediate connectivity issue or diagnose an ARP-related problem. ARP spoofing is a specific security threat where an attacker sends falsified ARP messages over a network. While it's important to secure networks against such attacks, this step does not help in diagnosing why a computer is unable to access the internet in this scenario. References 5.1.7 Routing Table Tools 5.1.10 Lab: Cisco Troubleshooting Tools
You are planning the wireless network for a new office building. The building has several large metal structures and thick walls that could potentially interfere with wireless signals. What should be your first step in ensuring optimal wireless coverage? Purchase the most powerful access points available. Ask employees where they would prefer access points to be located. Conduct a visual inspection and review the building's blueprints. Install access points randomly throughout the building.
Correct Answer: Conduct a visual inspection and review the building's blueprints. Explanation Before deciding on the placement of access points, it's crucial to understand the building's layout and identify potential sources of interference, such as large metal structures and thick walls. A visual inspection, complemented by a review of the building's blueprints, helps in identifying these challenges and planning the network layout accordingly. While powerful access points can be beneficial, simply purchasing the most powerful ones available does not guarantee optimal coverage, especially in a building with structural elements that can interfere with wireless signals. Installing access points randomly throughout the building is unlikely to result in optimal coverage and could lead to significant issues such as dead zones and signal interference. While employee preferences can be considered for comfort, the technical aspects of wireless signal coverage and interference must be the primary considerations in access point placement. References 12.2.3 Wireless Surveys and Heat Maps
You are managing a cloud environment that hosts several applications. You notice that one of the applications is experiencing slow response times due to high traffic. You decide to isolate this application's resources by moving them to their own VPC. What must you ensure to maintain connectivity between this isolated application and the rest of the environment? Increase the size of the CIDR block for the new VPC. Allocate additional physical servers to the new VPC. Merge the new VPC with one of the existing VPCs. Configure a VPN connection between the new VPC and the existing environment.
Correct Answer: Configure a VPN connection between the new VPC and the existing environment. Explanation By configuring a VPN (Virtual Private Network) connection between the new VPC and the existing environment, you can ensure secure and private connectivity between the isolated application and other resources. This approach maintains the isolation of the application's resources while allowing necessary communication across the cloud environment, addressing the performance issues without compromising security or connectivity. Increasing the size of the CIDR block for the new VPC does not address the need for connectivity between the isolated application and the rest of the environment. It merely expands the address space available within the VPC. Merging the new VPC with an existing one would negate the purpose of isolating the application's resources, potentially reintroducing the performance issues you are trying to solve. Allocating additional physical servers to the new VPC might improve the application's capacity but does not address the connectivity issue between the isolated application and other resources in the environment. References 14.3.2 Virtual Private Clouds 14.3.3 Cloud Gateways 14.3.4 Cloud Connectivity Options
You manage the IT infrastructure for a small office and have recently configured a SOHO router to enhance network security. You are aware that the office uses the Server Message Block (SMB) protocol extensively for file sharing within the local network. However, you want to ensure that these shared files are not accessible from the Internet for security reasons. Which of the following actions should you take on the SOHO router's firewall to achieve this goal? Configure the firewall to block the SMB port on the WAN interface but allow it on the LAN and WLAN interfaces. Configure the firewall to allow all SMB traffic on the WAN interface to ensure remote employees can access files. Set the firewall to redirect all SMB traffic to a public cloud storage service for easier access. Disable the firewall entirely to simplify network management and ensure seamless file sharing.
Correct Answer: Configure the firewall to block the SMB port on the WAN interface but allow it on the LAN and WLAN interfaces. Explanation The correct answer is to configure the firewall to block the SMB port on the WAN interface but allow it on the LAN and WLAN interfaces. Configuring the firewall to block the SMB port on the WAN interface while allowing it on the LAN and WLAN interfaces ensures that file sharing is available within the office network but not accessible from the Internet. This setup maintains the functionality of SMB for internal use while protecting against external threats. Allowing all SMB traffic on the WAN interface would expose the office's internal file shares to the Internet, creating a significant security risk. Unauthorized users could potentially access sensitive files. Disabling the firewall would remove a critical layer of network security, leaving the network vulnerable to various types of cyber attacks, including unauthorized access to SMB shares. Redirecting all SMB traffic to a public cloud storage service does not address the security concern of protecting internal file shares from internet access. Additionally, this approach could introduce new security and privacy concerns depending on the cloud service's security measures. References 1.3.1 SOHO Routers 1.3.2 Physical Layer Functions 1.3.3 Data Link Layer Functions 1.3.4 Network Layer Functions 1.3.5 Transport and Application Layer and Security Functions 1.3.6 The Internet
ou are a network administrator and have noticed a minor but persistent issue with network performance during peak hours. You believe a configuration change to the network routers could resolve the issue. According to the change management process, what should be your next step? Ignore the issue since it is minor and does not significantly impact overall performance. Make the configuration change during off-peak hours to minimize disruption. Discuss the change informally with your colleagues to get their opinion. Create a service request ticket authorizing the change and outlining the proposed solution.
Correct Answer: Create a service request ticket authorizing the change and outlining the proposed solution. Explanation Your next step should be to create a service request ticket authorizing the change and outlining the proposed solution. According to a documented change management process, any configuration change, even if minor, should be authorized through a service request ticket. This ticket will document the need for the change, the proposed solution, and any potential impacts, ensuring that the change is tracked and approved before implementation. Making the configuration change without authorization through a service request ticket bypasses the change management process and does not ensure proper documentation and approval. While discussing the change with colleagues can be helpful, it does not replace the need for a formal service request ticket to authorize and document the change. Ignoring the issue, even if minor, can lead to larger problems over time. The change management process is designed to address such issues in a controlled and documented manner. References 8.1.4 Change Management
A company is experiencing connectivity issues in their warehouse, where client devices fail to maintain a stable connection to the wireless network. The APs are set to the highest possible transmit power. What adjustment should be made to improve connectivity? Replace all client devices with ones that support a higher data rate. Decrease the transmit power of the APs. Install additional APs throughout the warehouse. Increase the transmit power of client devices.
Correct Answer: Decrease the transmit power of the APs. Explanation The correct answer is to decrease the transmit power of the APs. Decreasing the transmit power of the APs can help balance the connection by ensuring that the signal strength is more in line with the capabilities of the client devices. This can reduce packet errors and improve stability. Client devices typically have fixed transmit power and cannot be adjusted. Replacing all client devices with ones that support a higher data rate does not address the issue of the APs overpowering the client devices, which can lead to one-way connectivity issues. While installing additional APs throughout the warehouse might improve coverage, it does not address the issue of excessive transmit power causing connectivity problems. References 12.4.2 Insufficient Wireless Coverage Issues
An IT security specialist is conducting an audit of their company's network devices. The specialist discovers that several unused services, including Telnet and FTP, are enabled on some devices. What should the IT security specialist do to enhance the security of these devices? Disable the unused services to reduce the attack surface. Enable additional services to obscure the unused ones. Replace Telnet and FTP with more services of the same security level. Leave the services enabled for potential future use.
Correct Answer: Disable the unused services to reduce the attack surface. Explanation The correct answer is to disable the unused services to reduce the attack surface. Disabling unneeded network services is a key step in device hardening. By turning off services that are not in use, you can reduce the attack surface of the devices, making them less vulnerable to exploitation. Enabling additional services would increase the attack surface, not secure it. Leaving services enabled, especially insecure ones like Telnet and FTP, poses a significant security risk. Replacing Telnet and FTP with more services of the same security level does not address the underlying security vulnerabilities. References 10.3.1 Defense in Depth 10.3.2 Device and Service Hardening 10.3.3 Lab: View Linux Services 10.3.5 Lab: Scan for Unsecure Protocols 10.3.6 Lab: Enable and Disable Linux Services 10.3.7 Lab: Disable Network Service
An organization has implemented a new content filtering system to enhance its network security. The IT department has noticed an increase in phishing attempts and wants to ensure that employees do not accidentally access malicious websites. They decide to configure the content filtering system to address this issue. Which of the following configurations would be MOST effective in preventing access to websites known for phishing attacks? Implementing time-of-day restrictions for internet access Blocking all social networking sites Enabling simple domain filtering to block known malicious URLs Allowing all traffic and relying on antivirus software for protection
Correct Answer: Enabling simple domain filtering to block known malicious URLs Explanation The correct answer would be to enable simple domain filtering to block known malicious URLs. Simple domain filtering is effective in blocking access to specific URLs known to host malicious content, such as phishing sites. By maintaining and updating a list of known malicious URLs, the content filtering system can prevent users from accessing these dangerous sites, thereby reducing the risk of phishing attacks. Implementing time-of-day restrictions for internet access does not directly address the issue of phishing attempts, as these can occur at any time. Allowing all traffic and relying solely on antivirus software for protection is not a proactive approach to preventing access to phishing sites. Content filtering adds an additional layer of security by blocking access to known malicious sites before they can cause harm. Blocking all social networking sites may reduce exposure to some phishing attempts but does not specifically target phishing sites. Phishing attempts can occur on a wide range of websites, not just social networking platforms. References 10.5.1 Security Rules and ACL Configuration 10.5.7 Lab: Configure a Security Appliance 10.5.8 Lab: Configure a Perimeter Firewall 10.5.9 Lab: Restrict Telnet and SSH Access 10.5.10 Lab: Permit Traffic 10.5.12 Applied Live Lab: Troubleshoot Service and Security Issues
Your company has recently expanded, and you've been tasked with designing the network infrastructure for the new office space. The office will host 50 workstations, each requiring a wired connection to the network for reliability and speed. You've run Ethernet cables from each workstation to the central networking room. To ensure a scalable and manageable network, you decide to use a device that allows for easy reconfiguration of network connections as the company grows and changes. Considering the need for scalability and ease of management, which device is MOST critical in your network design for terminating the Ethernet cables from the workstations? Network Firewall Patch Panel Modem Network Router
Correct Answer: Patch Panel Explanation A patch panel is essential in this scenario for terminating the Ethernet cables from the workstations. It provides a centralized location for all network connections, making it easier to manage and reconfigure the network as needed. The use of a patch panel supports scalability by simplifying the process of adding, moving, or changing connections without the need for reterminating cables, thus ensuring the network can adapt to the company's growth and changes efficiently. A network router is used for connecting multiple networks and directing network traffic. While important for network functionality, it does not serve the purpose of terminating workstation cables or simplifying network reconfiguration as described in the scenario. A network firewall is used for security purposes, protecting the network from unauthorized access and threats. It is not used for cable termination or network configuration management. A modem is used to connect to the Internet by converting between digital and analog signals. It does not serve as a central point for terminating Ethernet cables from workstations or managing network configurations. References 2.3.3 Patch Panels 2.3.8 Lab: Connect Patch Panel Cables 1 2.3.9 Lab: Connect Patch Panel Cables 2
You are tasked with designing a structured cabling system for a new office building. The building has three floors, and each floor will have its own intermediate distribution frame (IDF) to connect the work areas on that floor to the network. You need to ensure that the cabling system adheres to standard requirements for horizontal cabling. Which of the following practices should you follow to ensure compliance with standard requirements for horizontal cabling? answer Connect each work area directly to the main distribution frame (MDF), bypassing the IDFs. Install solar panels on the roof to power the IDFs and reduce the need for horizontal cabling. Correct Answer: Ensure that the horizontal cabling from each work area to its respective IDF does not exceed 90 m (295 feet) in length when using copper cabling. Use wireless access points as the primary means of connecting each floor's work areas to the IDF.
Correct Answer: Ensure that the horizontal cabling from each work area to its respective IDF does not exceed 90 m (295 feet) in length when using copper cabling. Explanation Ensure that the horizontal cabling from each work area to its respective IDF does not exceed 90 m (295 feet) in length when using copper cabling is the correct answer. This practice is in line with the standard requirements for horizontal cabling in a structured cabling scheme. The 90 m (295 feet) limit for copper cabling ensures that signal quality and network performance are maintained across the infrastructure. While wireless access points are used in networking, they do not replace the need for physical horizontal cabling in a structured cabling system. Horizontal cabling is essential for connecting work areas to the network infrastructure. Connecting each work area directly to the MDF bypasses the purpose of having IDFs on each floor, which is to manage and distribute network connections locally on each floor efficiently. While solar panels can provide an alternative power source, they do not impact the design or requirements of horizontal cabling within a structured cabling scheme. The focus should be on adhering to cabling standards and distances. References 2.3.1 Structured Cabling System 2.3.4 Structured Cable Installation 2.3.6 Lab: Explore Multiple Locations in a Lab 2.3.8 Lab: Connect Patch Panel Cables 1 2.3.9 Lab: Connect Patch Panel Cables 2 2.4.4 Fiber Optic Cable Installation 2.4.7 Wavelength Division Multiplexing
A system administrator is reviewing an alert for the firewall. There was an alert that a piece of malware was downloaded to a computer on the network. The system administrator followed through by checking to make sure that the malware was downloaded. Which of the following steps should the sysadmin do next to help mitigate this in the future? Determine if anything has changed. Confirm the theory. Implement preventative measures. Establish a plan of action.
Correct Answer: Establish a plan of action. Explanation After checking that the malware was downloaded, the next step the administrator would take is to establish a plan of action to resolve the problem. The administrator has already confirmed the theory by checking to make sure that the malware was downloaded. The administrator would have already determined if anything had changed in the very first troubleshooting step, identify the problem. Implementing preventative measures is not a basic network troubleshooting step and is not a step the administrator would perform as part of troubleshooting the issue. References 1.4.1 Network Troubleshooting Methodology 1.4.6 Establish a Plan of Action 1.4.10 Lab: Troubleshooting Methodology
An IT security specialist receives reports from several employees that their devices are spontaneously disconnecting from the company's wireless network and struggling to reconnect. Suspecting a potential attack, the security specialist analyzes the situation and notices an unknown access point with a similar SSID to the company's network. What type of attack is most likely occurring? SQL injection attack Ransomware attack Phishing attack Evil twin attack
Correct Answer: Evil twin attack Explanation The symptoms described devices spontaneously disconnecting and struggling to reconnect, along with the presence of an unknown access point with a similar SSID suggest an evil twin attack combined with a deauthentication attack. In this scenario, the attacker has set up a rogue access point (the evil twin) that mimics the company's legitimate network. The deauthentication attack forcibly disconnects devices from the legitimate access point, and in their attempt to reconnect, devices may inadvertently connect to the evil twin, exposing them to potential data interception or other malicious activities. A phishing attack involves tricking individuals into revealing personal information or credentials through deceptive emails or websites, not disrupting wireless connections. A ransomware attack involves encrypting the victim's data and demanding payment for the decryption key. It does not involve interfering with wireless connections or setting up rogue access points. An SQL injection attack targets vulnerabilities in web applications that use SQL databases. It involves injecting malicious SQL code to manipulate the database, which is unrelated to wireless network disruptions or rogue access points. References 12.3.6 Wireless Network Attacks
You are setting up a Wi-Fi network for your new coffee shop. You want to ensure that customers can seamlessly connect to the Internet from anywhere in the shop. You have installed three access points throughout the space. You decide to configure all access points with the same SSID and security settings. What type of Wi-Fi network setup are you implementing in your coffee shop? Mesh Network Extended Service Set (ESS) Basic Service Set (BSS) Ad-hoc Network
Correct Answer: Extended Service Set (ESS) Explanation The correct answer is Extended Service Set (ESS). By configuring all access points with the same SSID and security settings, you are implementing an Extended Service Set (ESS). This setup allows customers to move throughout the coffee shop and maintain a seamless connection to the Wi-Fi network, as their devices automatically switch to the access point with the strongest signal without needing to reconnect to a different SSID. An Ad-hoc Network is a peer-to-peer network setup without an access point, which doesn't match your setup of using multiple access points. A Basic Service Set (BSS) involves a single access point, not the multiple access points you have installed. A Mesh Network involves multiple nodes that directly communicate with each other to spread a network over a large area. While your setup involves multiple access points, they are configured as an ESS rather than a mesh network, which would not necessarily require the same SSID across all nodes. References 12.2.1 Infrastructure Network Type
Which of the following is the BEST approach when a configuration has drifted from its baseline? answer Ignore the drift as it is usually insignificant. Always revert to the golden configuration. Correct Answer: Perform testing to determine whether to revert. Update the baseline template without testing.
Correct Answer: Perform testing to determine whether to revert. Explanation When a configuration drifts from its baseline, it's important to perform testing to determine the best course of action, whether reverting to the golden (baseline) configuration or updating the baseline to reflect the new state. This ensures the network operates efficiently and securely. Ignoring the drift can lead to security vulnerabilities and inefficiencies. Always reverting to the golden configuration may not be appropriate if the new state offers improvements. Updating the baseline without testing can lead to undocumented changes becoming standard without verification of their impact. References 8.1.1 Configuration Management
A large multinational corporation is expanding its operations and plans to connect its geographically dispersed offices across different countries. The corporation's IT department has been tasked with designing a network that ensures secure and efficient communication between the offices. Each office operates its own local network under separate administrative control, but they all need to exchange routing information to route traffic between these networks effectively. Given the need to manage routing between these distinct administrative domains, which type of routing protocol should the IT department implement? answerIncorrect answer: Link-State Protocol Interior Gateway Protocol (IGP) Correct Answer: Exterior Gateway Protocol (EGP) Distance Vector Protocol
Correct Answer: Exterior Gateway Protocol (EGP) Explanation The correct answer is the Exterior Gateway Protocol (EGP). An Exterior Gateway Protocol (EGP) is specifically designed for routing between different autonomous systems (AS), which are networks under separate administrative control. In this scenario, each office operates its own network autonomously, making them distinct autonomous systems. EGP allows these different AS to exchange routing information, ensuring that data can be routed efficiently between the corporation's offices regardless of their geographical location. BGP (Border Gateway Protocol) is the most widely used EGP and would be the appropriate choice for this scenario, facilitating secure and efficient interconnectivity between the corporation's dispersed offices. Interior Gateway Protocols (IGPs) are used for routing within a single autonomous system and are not designed for routing between different AS. Distance Vector Protocols are a type of routing protocol that can be used within an autonomous system to determine the best path to a destination by sharing routing information with directly connected neighbors. However, they are not specifically designed for routing between autonomous systems, making them unsuitable for the corporation's needs in this scenario. Link-State Protocols are another type of routing protocol used within an autonomous system to create a complete map of the network topology, allowing for efficient path selection. Like Distance Vector Protocols, they are not intended for routing between different autonomous systems and therefore do not address the requirement for managing routing between the corporation's offices in different countries. References 5.2.1 Dynamic Routing Protocols 5.2.5 Border Gateway Protocol
A new apartment complex is being built in an urban area, and the developer wants to ensure that the building has the fastest internet access possible to attract tech-savvy tenants. The developer is considering whether to install a Fiber to the Premises (FTTP) connection with an Optical Network Terminal (ONT) in each apartment or to opt for a Fiber to the Curb (FTTC) solution with VDSL to each unit. The distance from the point of presence to the building is minimal. Which solution should the developer choose to ensure the fastest internet access for tenants? FTTP with an ONT in each apartment FTTC with VDSL to each unit FTTC with ADSL to each unit FTTP with a shared ONT for the building
Correct Answer: FTTP with an ONT in each apartment Explanation For the developer aiming to provide the fastest internet access possible in a new apartment complex, FTTP with an ONT in each apartment is the best choice. This setup ensures that each apartment has a direct fiber connection, offering the highest speeds and best reliability. The minimal distance from the point of presence further supports the feasibility of this option, making it ideal for attracting tech-savvy tenants. FTTC with VDSL to each unit would provide high speeds but not as high as a direct fiber connection to each apartment. While VDSL is fast, it cannot match the speeds and reliability of a direct FTTP connection. FTTC with ADSL to each unit would offer the slowest speeds among the options, making it unsuitable for a developer looking to attract tenants with the promise of the fastest internet access. FTTP with a shared ONT for the building could create bottlenecks, as all internet traffic from the building would have to pass through a single ONT. This setup could potentially reduce the speed and quality of service for tenants, especially during peak usage times. References 13.1.3 Fiber to the Curb and Fiber to the Premises
A small retail store is looking to upgrade its security system. The store has a single entry point and a main sales floor that includes several high-value items on display. The store owner wants to ensure that the entry point is constantly monitored and that there is the capability to focus on any suspicious activity on the sales floor. What camera setup would BEST fulfill the store owner's requirements? Fixed cameras with narrow focal lengths at the entry point and PTZ cameras on the sales floor Fixed cameras with narrow focal lengths both at the entry point and on the sales floor A PTZ camera at the entry point and fixed cameras with wide focal lengths on the sales floor PTZ cameras both at the entry point and on the sales floor
Correct Answer: Fixed cameras with narrow focal lengths at the entry point and PTZ cameras on the sales floor Explanation The correct answer is to use fixed cameras with narrow focal lengths at the entry point and PTZ cameras on the sales floor. A fixed camera with a narrow focal length at the entry point would adequately capture the image of every person entering the store, providing a constant and clear view of this critical area. PTZ cameras on the sales floor would allow the store owner or security personnel to monitor the entire sales floor and focus on any areas of interest or suspicious activity, offering the flexibility needed to ensure the security of high-value items. A PTZ camera at the entry point may not be necessary for a single, fixed entry point, and fixed cameras with wide focal lengths might not provide the level of detail needed to monitor specific items on the sales floor effectively. PTZ cameras at both the entry point and on the sales floor could provide flexibility but might not be the most cost-effective or necessary solution for the entry point, where a fixed view is sufficient. Fixed cameras with narrow focal lengths at both the entry point and on the sales floor would not provide the flexibility needed to monitor different areas of the sales floor and focus on specific activities or items. References 11.3.2 Cameras 11.3.4 Lab: Implement Physical Security
You work as a field engineer and frequently need to access sensitive project data stored on your company's network while visiting client sites. For security reasons, your company requires that all internet traffic, including browsing and email, be monitored and filtered through the corporate network's security appliances. Which VPN configuration would best suit your needs? Split tunnel Peer-to-peer VPN Full tunnel Site-to-site VPN
Correct Answer: Full tunnel Explanation A full tunnel VPN configuration is the most suitable for your needs. In a full tunnel setup, all of your internet traffic, including access to sensitive project data and general internet browsing, is routed through the company's network. This allows the company to monitor and filter all internet traffic as per their security requirements, ensuring that your activities are secure and compliant with company policies, even when you are working from client sites. A split tunnel VPN configuration would allow you to access the Internet directly for personal browsing, bypassing the company's security appliances. This would not meet the company's requirement to monitor and filter all internet traffic. Peer-to-peer VPN is designed for direct connections between devices, not for secure remote access to a corporate network or for routing all internet traffic through the corporate network. Site-to-site VPN is used to connect two or more local networks over the Internet, which is not applicable to your need for secure remote access as an individual user. References 13.2.2 Tunneling Protocols 13.2.8 Lab: Configure a Remote Access VPN 13.2.9 Lab: Configure an iPad VPN Connection 13.2.10 Lab: Configure a RADIUS Solution
You are viewing the following output in a terminal window: Which of the following utilities did you use to produce this output? ping dig nslookup nbtstat
Correct Answer: dig
Your company, GlobalTech, has recently partnered with CloudServices, a leading cloud storage provider. To streamline access for your employees, GlobalTech wants to enable them to use their existing company credentials to access CloudServices without needing to create new accounts. GlobalTech plans to implement a federated identity solution. Which of the following steps should GlobalTech take to achieve this? GlobalTech should become a SAML Identity Provider (IdP) and require CloudServices to accept authentication tokens from GlobalTech. GlobalTech should disable all internal authentication systems and rely solely on CloudServices for employee authentication. GlobalTech should request CloudServices to share their user database for direct integration with GlobalTech's internal systems. GlobalTech should act as a SAML Relying Party (RP) and require CloudServices to authenticate GlobalTech's employees.
Correct Answer: GlobalTech should become a SAML Identity Provider (IdP) and require CloudServices to accept authentication tokens from GlobalTech. Explanation The correct answer is that GlobalTech should become a SAML Identity Provider (IdP) and require CloudServices to accept authentication tokens from GlobalTech. By becoming a SAML Identity Provider (IdP), GlobalTech can issue authentication tokens for its employees. CloudServices, acting as a SAML Relying Party (RP), would accept these tokens, allowing GlobalTech's employees to access CloudServices using their existing company credentials. This setup enables federated identity management, streamlining access without the need for multiple sets of credentials. Sharing user databases for direct integration poses significant security risks and does not align with the principles of federated identity management, which aims to streamline access without sharing sensitive information directly. In this scenario, GlobalTech needs to be the IdP, not the RP, because it is managing the identities of its employees, not CloudServices. Disabling all internal authentication systems is not practical or secure. Federated identity management allows for the integration of different authentication systems without replacing them entirely. References 10.1.7 Federated Identity and SAML
A network engineer is tasked with securing the transmission of data between the company's main office and its remote branch. The engineer needs to ensure that the data cannot be intercepted or tampered with during transmission. Which of the following solutions should the network engineer implement to achieve this goal? Implement TLS encryption for the data being transmitted. Encrypt the data using a symmetric key algorithm and send the key along with the data. Apply database encryption to the data before sending it over the network. Use cryptographic hash algorithms to hash all data before transmission.
Correct Answer: Implement TLS encryption for the data being transmitted. Explanation The correct answer is to implement TLS encryption for the data being transmitted. TLS (Transport Layer Security) encryption is specifically designed to secure data in transit, making it the optimal choice for protecting data transmitted over a network. It ensures that the data cannot be intercepted or tampered with during transmission by encrypting the data before it is sent and decrypting it upon receipt. While cryptographic hash algorithms can verify the integrity of data, they do not encrypt data or protect it from interception during transmission. Database encryption is intended to protect data at rest stored within a database, not data in transit. Sending the encryption key along with the data over the same channel compromises the security of the transmission. If an attacker intercepts the data, they also obtain the key, rendering the encryption ineffective. References 9.1.4 Encryption
You are tasked with designing a new data center for your company. The data center needs to be highly efficient in terms of space utilization and cooling. You have decided to use rack systems for housing the servers and networking equipment. Given the need for efficient cooling and space utilization, how should you arrange the racks? answer Stack racks on top of each other to maximize vertical space. Correct Answer: Implement a hot aisle/cold aisle layout to maximize cooling efficiency. Place all racks against the outer walls to simplify cable management. Arrange the racks in a circular pattern to maximize space.
Correct Answer: Implement a hot aisle/cold aisle layout to maximize cooling efficiency. Explanation Implementing a hot aisle/cold aisle layout is a best practice in data center design for maximizing cooling efficiency and is the correct answer. This arrangement ensures that the hot air expelled from the back of one row of racks is not drawn into the intake of another, thereby improving cooling efficiency and reducing the risk of overheating. Arranging racks in a circular pattern does not address cooling efficiency and can complicate cable management and access. Placing all racks against the outer walls simplifies cable management but does not efficiently address cooling needs, as it does not prevent the mixing of hot and cold air. Stacking racks on top of each other is not practical or safe and does not address the need for efficient cooling. References 2.5.1 Rack Systems 2.5.2 Humidity and Temperature
A medium-sized enterprise wants to include a guest Wi-Fi network that allows visitors internet access without exposing the company's internal resources. The IT team is considering implementing a screened subnet. Which of the following approaches would be the best way for this scenario? Implement a screened subnet with two firewalls, placing the guest Wi-Fi network and the internal network on the same side of the internal firewall. Implement a screened subnet with two firewalls, placing the guest Wi-Fi network in the perimeter network and the internal network behind the second firewall. Avoid using a screened subnet and instead connect the guest Wi-Fi network directly to the Internet without any firewall protection. Implement a screened subnet using a single firewall with three network interfaces: one for the internal network, one for the guest Wi-Fi network, and one for the internet connection.
Correct Answer: Implement a screened subnet with two firewalls, placing the guest Wi-Fi network in the perimeter network and the internal network behind the second firewall. Explanation The correct answer is to implement a screened subnet with two firewalls, placing the guest Wi-Fi network in the perimeter network and the internal network behind the second firewall. This configuration effectively uses the screened subnet model to enhance security. By placing the guest Wi-Fi network in the perimeter network (DMZ) and the internal network behind the second (internal) firewall, it ensures that guests have internet access without posing a risk to the company's internal resources. This setup provides a clear separation between the guest network and the internal network, with controlled access enforced by the firewalls. While a single firewall with a triple homed configuration does provide separation, it does not offer the same level of security and control as having two firewalls. The guest network would be better isolated in a dedicated perimeter network with an additional layer of security for the internal network. Placing the guest Wi-Fi network and the internal network on the same side of the internal firewall exposes the internal network to unnecessary risk. Guests should not have such direct network proximity to internal resources. Connecting the guest Wi-Fi network directly to the internet without any firewall protection would not provide any security measures to control or monitor the traffic, potentially exposing the network to various threats. References 11.1.1 Network Security Zones 11.1.2 Configuring a Screened Subnet 11.1.4 Screened Subnets 11.1.5 Lab: Configure a Screened Subnet (DMZ) 11.1.6 Lab: Configure Screened Subnets
During a network expansion, a company decides to implement EIGRP across its entire network, which spans multiple locations with varying link speeds and delays. The network team is tasked with ensuring that the routing protocol can efficiently handle the diverse network infrastructure while maintaining fast convergence times and minimizing unnecessary traffic. What feature of EIGRP should the network team leverage to meet these requirements? Implement a topology table to prevent routing loops and support rapid convergence. Set a high number of maximum hops across the network. Configure EIGRP to use multicast addressing for routing updates. Utilize static routing alongside EIGRP for all inter-location links.
Correct Answer: Implement a topology table to prevent routing loops and support rapid convergence. Explanation The correct answer is to implement a topology table to prevent routing loops and support rapid convergence. The use of a topology table is a key feature of EIGRP that allows it to prevent routing loops while supporting rapid convergence by maintaining a comprehensive view of the network beyond just the active routes. This helps in efficiently managing the diverse network infrastructure. Utilizing static routing alongside EIGRP for all inter-location links would not leverage EIGRP's dynamic routing capabilities and could lead to increased administrative overhead. Configuring EIGRP to use multicast addressing for routing updates is already a default behavior of EIGRP to efficiently distribute updates and does not need to be specifically leveraged. Setting a high number of maximum hops across the network does not directly address the requirements of handling diverse network infrastructure efficiently and maintaining fast convergence times. The maximum hops is a limit, not a configuration to leverage for performance. References 5.2.3 Enhanced Interior Gateway Routing Protocol
A company is experiencing network issues where client devices frequently lose connectivity and must obtain new IP addresses more often than desired. The network administrator discovers that the DHCP lease time is set very low, causing IP addresses to be released and renewed too frequently. The administrator decides to adjust the DHCP configuration to alleviate this issue. To reduce the frequency of IP address renewals and improve network stability, which DHCP setting should the administrator adjust? Decrease the T1 timer Decrease the T2 timer Increase the lease time Increase the number of DHCP options
Correct Answer: Increase the lease time Explanation Increasing the lease time is correct because increasing the lease time will allow client devices to retain their IP addresses for a longer period, reducing the frequency of renewals and improving network stability. Decreasing the T1 timer would cause the client to attempt to renew its lease even earlier, potentially exacerbating the issue of frequent renewals. Decreasing the T2 timer would lead to earlier attempts to rebind to any available DHCP server if the original server does not respond, which does not address the issue of frequent lease renewals. Adding more DHCP options does not directly affect the frequency of IP address renewals. The number of DHCP options configured is unrelated to lease time settings. References 6.2.1 DHCP Process 6.2.2 DHCP Server Configuration 6.2.3 DHCP Options 6.2.5 Lab: Configure a DHCP Server 6.2.10 Lab: Configure Client Addressing for DHCP 6.3.2 IPv6 Interface Autoconfiguration and Testing
You are the IT security manager for a mid-sized corporation. One morning, several employees report that when they try to access the company's internal portal, they are redirected to an external website that looks similar but asks for their credentials in a suspicious manner. Upon investigation, you suspect a DNS spoofing attack. What would be the MOST immediate and effective actions to take? (Select two.) Update antivirus software on all employee computers. Instruct all employees to restart their computers. Inspect DNS traffic for anomalies. Increase the security settings on the corporate firewall. Scan the network for rogue DHCP servers.
Correct Answer: Inspect DNS traffic for anomalies. Correct Answer: Scan the network for rogue DHCP servers. Explanation The correct answers are to scan the network for rogue DHCP servers and inspect DNS traffic for anomalies. In the case of a DNS spoofing attack within a corporate network, the attacker might be using ARP poisoning to respond to DNS queries with spoofed replies or could have configured clients with the address of a DNS resolver they control via a rogue DHCP server. Scanning the network for rogue DHCP servers and inspecting DNS traffic for anomalies would help identify the source of the spoofed DNS responses, making it the most immediate and effective action to mitigate the attack. Restarting computers would not address the root cause of the DNS spoofing attack and would not prevent the redirection from happening again. While keeping antivirus software updated is a good security practice, it may not directly address or mitigate a DNS spoofing attack, as the issue lies within the network's DNS traffic or a rogue DHCP server. While enhancing firewall security is generally beneficial, it might not directly prevent DNS spoofing attacks within the network, especially if the attack originates from a compromised or rogue device internally. References 9.4.4 DNS Attacks 9.4.9 Lab: Analyze DNS Spoofing
You are a network administrator for a medium-sized company. One morning, you receive reports of significantly slowed network performance and intermittent network outages. You notice that the network utilization is at near maximum capacity, and the CPU utilization on several switches has spiked to over 80%. You suspect a broadcast storm caused by a network loop might be the issue. Before taking any action, you decide to investigate further. Which of the following steps should you take first to address the problem? Immediately replace all switches with higher performance models to manage the load better. Increase the bandwidth of the affected network segments to handle the increased traffic. Shut down the entire network to prevent any potential damage to network devices. Inspect the network topology and look for recent changes or additions that might have introduced a loop.
Correct Answer: Inspect the network topology and look for recent changes or additions that might have introduced a loop. Explanation Inspecting the network topology for recent changes or additions is a logical first step in identifying the cause of a broadcast storm. This approach allows you to pinpoint any new devices, cables, or configurations that might have inadvertently created a network loop, leading to the observed symptoms. Identifying and rectifying such changes can resolve the issue without unnecessary disruption or expense. While increasing bandwidth might seem like a solution to high network utilization, it does not address the root cause of the problem, which is likely a network loop causing a broadcast storm. Without resolving the underlying issue, the problem will persist regardless of bandwidth. Replacing switches with higher performance models is a costly and time-consuming process that, like increasing bandwidth, does not address the root cause of the broadcast storm. It's essential to identify and correct the network loop issue rather than attempting to mitigate its symptoms with more powerful hardware. While shutting down the network would indeed stop the broadcast storm, it is an extreme measure that would disrupt all network operations, potentially causing significant business impact. This step should only be considered as a last resort if the network loop cannot be identified and resolved in a timely manner, and there's an imminent risk of hardware damage. References 3.4.5 MAC Address Table 3.4.6 Network Loop and Broadcast Storm Issues 3.4.9 Lab: Switching Loop
You are setting up a new office network and have decided to implement structured cabling to ensure a tidy and efficient network infrastructure. After running Ethernet cables from each workstation to your central networking room, you're now at the stage where you need to terminate these cables to make them easily connectable to your network switch. You remember that using a specific device can simplify future network modifications, such as moving a workstation to a different location or adding new devices to the network. Which device should you use to terminate the Ethernet cables from the workstations for easy connectivity and future modifications? Into a power distribution unit Into the network switch Into a patch panel Into a wireless access point
Correct Answer: Into a patch panel Explanation The correct answer is into a patch panel. Using a patch panel to terminate the Ethernet cables from the workstations is the most efficient and organized method. A patch panel allows for easy cable management and simplifies future moves, adds, and changes (MACs) by allowing reconfiguration of connections without the need to reterminate cables. This setup keeps the central networking room organized and makes it easier to manage the network infrastructure. Terminating the cables directly into the network switch is not advisable for a large setup or when future modifications are anticipated. It can lead to a disorganized cable management system and make it difficult to manage changes without disrupting the existing setup. A power distribution unit (PDU) is used for distributing electrical power and has nothing to do with network cable termination. Using a PDU for this purpose is not applicable. A wireless access point (WAP) is used to provide wireless network connectivity and is not used for terminating wired Ethernet cables. Terminating cables into a WAP does not apply to this scenario and would not achieve the desired connectivity for wired workstations. References 2.3.3 Patch Panels 2.3.8 Lab: Connect Patch Panel Cables 1 2.3.9 Lab: Connect Patch Panel Cables 2
You are the IT security manager at a medium-sized enterprise. Recently, the company decided to implement smart building technology to improve energy efficiency and security. This technology includes smart thermostats, lighting, and access control systems. You are tasked with ensuring the security of these IoT devices. Which of the following actions should you prioritize to secure the smart building technology? Encourage employees to manage the devices to increase engagement and awareness. Connect all smart devices directly to the corporate data network for easier management. Use default configurations for all devices to ensure uniformity and ease of use. Isolate the smart building technology network segments from the corporate data network.
Correct Answer: Isolate the smart building technology network segments from the corporate data network. Explanation The correct answer is to isolate the smart building technology network segments from the corporate data network. Isolating the network segments for smart building technology from the corporate data network is crucial for security. This action limits the potential for unauthorized access to the corporate network through smart devices and vice versa, reducing the risk of data breaches and other security incidents. Connecting all smart devices directly to the corporate data network increases the risk of unauthorized access to sensitive corporate resources. Using default configurations is a poor practice because these are often well-known and may contain vulnerabilities, making devices easy targets for attackers. While employee engagement is important, allowing employees to manage critical security devices can lead to inconsistent configurations and potential security lapses. References 11.2.1 IoT Devices 11.2.3 IoT Networks 11.2.4 IoT Network Security 11.2.5 Lab: Scan for IoT Devices
While evaluating load balancers, a network engineer needs to acquire a switch that can handle complex logic. Which switch would the engineer use for this requirement? Layer 7 Switch Bridge Layer 4 Switch Layer 2 Switch
Correct Answer: Layer 7 Switch Explanation Layer 7 switch: As web applications have become more complex, modern load balancers need to make forwarding decisions based on application-level data. This requires more complex logic, but the processing power of modern appliances is sufficient. Layer 4 switch: Basic load balancers make forwarding decisions on IP address and TCP/UDP header values, working at the transport layer of the OSI model. An Ethernet bridge works at the data link layer (layer 2) to establish separate physical network segments while keeping all nodes in the same logical network. An Ethernet layer 2 switch performs the same sort of function as a bridge, but in a more granular way and for many more ports than are supported by bridges. References 7.4.5 Load Balancers 7.4.8 Lab: Configure NIC Teaming
A network administrator has just configured a new VLAN (VLAN20) for a department's devices. After configuration, users report that they cannot access the Internet or any internal resources. The administrator verifies that the devices have IP addresses within the correct subnet for VLAN20. What should the administrator check next to troubleshoot this issue? Increase the subnet size for VLAN20. Reboot all devices in the department. Make sure switch port configurations are assigned to VLAN20 Verify if the DHCP server is operational.
Correct Answer: Make sure switch port configurations are assigned to VLAN20 Explanation If devices have correct IP addresses but cannot access resources, the issue might be with the switch port configurations not being correctly assigned to VLAN20. This would prevent devices from communicating on the correct VLAN. If devices have IP addresses, the DHCP server is operational for that VLAN. Rebooting devices does not address the underlying network configuration issue. Increasing the subnet size does not resolve connectivity issues related to VLAN assignments. References 5.7.3 VLAN Assignment Issues
You are a project manager at GlobalEnterprises, a company with strict data security policies. You notice that some team members have access to sensitive project files that are not relevant to their current tasks. Concerned about potential data breaches, you want to revise the access control strategy to a more secure model that prevents such issues. Which access control model should you advocate for to ensure that access to sensitive project files is strictly controlled? Role-Based Access Control (RBAC) Attribute-Based Access Control (ABAC) Discretionary Access Control (DAC) Mandatory Access Control (MAC)
Correct Answer: Mandatory Access Control (MAC) Explanation The correct answer is Mandatory Access Control (MAC). MAC is the most appropriate model for GlobalEnterprises' need to strictly control access to sensitive project files. MAC is characterized by its use of fixed security labels assigned to both users and data resources. Access decisions are made based on these labels and enforced by the system, not by individual users or resource owners. This model ensures that only authorized users with the appropriate security clearance can access sensitive information, reducing the risk of unauthorized access or data breaches. Discretionary Access Control (DAC) allows resource owners to manage access permissions, which could lead to inconsistencies and potential security risks if not properly managed. Role-Based Access Control (RBAC) focuses on assigning permissions based on job functions, which might not be sufficient for strict control over sensitive data access, as it does not consider the sensitivity of the data itself. Attribute-Based Access Control (ABAC) offers fine-grained access control and could be effective, but it may not inherently enforce the strict security policies regarding sensitive data as effectively as MAC, which is designed for environments requiring stringent security measures. References 10.1.1 Access Control 10.1.2 Authentication Methods 10.2.2 Privileged Access Management 10.2.5 Lab: Manage Account Policies 10.2.6 Live Lab: Configure Management Privileges
An event planning company frequently works at different outdoor venues and needs a flexible network setup to connect various devices (e.g., laptops, payment terminals) over a wide area. The devices need to communicate with each other even if they are not within direct line of sight. Which network topology should they consider? Mesh network topology using devices that support the 802.11s standard. Wi-Fi Direct setup for each device to connect with others directly. Ad hoc network with all devices configured in IBSS mode. Point-to-point network using directional antennas for each device.
Correct Answer: Mesh network topology using devices that support the 802.11s standard. Explanation A mesh network topology is ideal for this scenario because it allows devices to discover each other and form a network where data can be relayed through intermediate devices. This setup is scalable and does not require devices to be within direct line of sight, making it perfect for outdoor venues with varying layouts. An ad hoc network requires all devices to be within direct range of each other, which may not be feasible in different outdoor venues. Wi-Fi Direct is primarily designed for direct device-to-device connections and may not support the flexible and scalable network setup required for outdoor events. A point-to-point network focuses on connecting two specific points and would not be suitable for connecting multiple devices over a wide area. References 12.2.7 Other Wireless Network Types
A technician is troubleshooting a fiber optic link that has been experiencing intermittent signal strength issues. The technician suspects that environmental factors might be contributing to the problem. What environmental factor is most likely to cause intermittent signal strength issues in a fiber optic link? Humidity levels around the fiber optic cables Physical stress or bending of the fiber optic cables Ambient lighting conditions in the room The presence of dust in the air
Correct Answer: Physical stress or bending of the fiber optic cables Explanation Physical stress or bending of the fiber optic cables is the correct answer. Physical stress or excessive bending of fiber optic cables can cause intermittent signal strength issues. Bending the cables beyond their minimum bend radius can lead to temporary or permanent damage to the fibers, affecting signal transmission. Ambient lighting conditions do not affect the signal strength within fiber optic cables. While extreme humidity levels can affect equipment, they are less likely to cause intermittent signal strength issues in the fiber itself. Dust can affect connectors if it settles on them, but it is less likely to cause intermittent issues compared to physical stress or bending of the cables. References 3.1.4 Transceiver Signal Strength Issues
A network administrator is working on enhancing the privacy of devices on the company network. The administrator decides to implement a feature that uses pseudorandom numbers for the interface ID part of the IPv6 address. What feature is the network administrator implementing? Hierarchical addressing Privacy extensions EUI-64 addressing MAC-derived addressing
Correct Answer: Privacy extensions Explanation The correct answer is privacy extensions. By using pseudorandom numbers for the interface ID, the network administrator is implementing privacy extensions for IPv6 addresses. This approach is used to enhance privacy and security by making it difficult to track devices based on their IPv6 addresses. MAC-derived addressing uses the device's MAC address to form the interface ID, which is different from using pseudorandom numbers. EUI-64 addressing also involves the MAC address and includes inserting "fffe" in the middle, not pseudorandom numbers. Hierarchical addressing refers to the allocation of IPv6 addresses in a structured manner and is not related to the use of pseudorandom numbers for privacy. References 4.1.4 Unicast and Broadcast Addressing 4.5.4 IPv6 Unicast Addressing
You are setting up a new data center for your company, which requires high-speed data transmission and the flexibility to connect devices using both fiber optic and copper cables. To achieve this, you decide to use modular transceivers in your network equipment. One of your primary goals is to ensure that the network can handle 40 Gigabit Ethernet (40 GbE) over fiber optic cables for connections between core switches and aggregation switches. Additionally, you want the capability to use copper cables for shorter, less critical connections without changing the physical hardware. Given these requirements, which type of modular transceiver would you primarily need to use for the fiber optic connections between the core and aggregation switches? answer WDM transceivers DAC ports Correct Answer: QSFP+ transceivers SFP transceivers
Correct Answer: QSFP+ transceivers Explanation QSFP+ transceivers is the correct answer. QSFP+ (Quad Small Form-Factor Pluggable Plus) transceivers are designed to support 40 Gigabit Ethernet (40 GbE) by provisioning 4 x 10 Gbps links, making them ideal for high-speed data transmission over fiber optic cables. This capability aligns perfectly with the requirement for connecting core switches and aggregation switches in a data center environment where high bandwidth and performance are critical. QSFP+ transceivers provide the necessary speed and flexibility for such applications. While SFP (Small Form Factor Pluggable) transceivers are versatile and widely used in network equipment for both fiber optic and copper connections, they primarily support Gigabit Ethernet data rates and not the 40 GbE required for the scenario. SFP transceivers would not meet the high-speed requirements for the connections between core and aggregation switches in this data center setup. WDM (Wavelength Division Multiplexing) transceivers are specialized for transmitting multiple signals over a single fiber optic cable by using different wavelengths. Although they are useful for maximizing the capacity of fiber optic infrastructure, the scenario specifically requires support for 40 GbE data rates, which is a feature more directly associated with QSFP+ transceivers. WDM technology is more about increasing fiber capacity rather than directly providing the necessary data rate. Direct Attach Copper (DAC) ports refer to connections made using DAC cables, which are copper cables with fixed transceiver modules at each end, used for short-distance, high-speed connections. References 3.1.2 Modular Transceivers
You have recently moved to a rural area and the only available internet service is through a Digital Subscriber Line (DSL). You've purchased a SOHO router to set up your home office network. To connect your SOHO router to the DSL internet service provided by your ISP, which port on the SOHO router should you use? USB port RJ-11 port RJ-45 WAN port Coaxial F-connector port
Correct Answer: RJ-11 port Explanation For a Digital Subscriber Line (DSL) internet service, the appropriate port to use on a SOHO router is the RJ-11 port. This port is designed for telephone line connections, which are used by DSL services to provide internet connectivity. The RJ-11 port allows the router to connect directly to the ISP's network via a telephone line. While the RJ-45 WAN port is commonly used for connecting to an ISP's network, it is typically used for Ethernet-based services, such as fiber optic or cable internet, rather than DSL services. DSL connections require an RJ-11 port for the telephone line. USB ports on a SOHO router are generally used for connecting peripheral devices such as printers or for network storage purposes. They are not suitable for connecting the router to the ISP's network for DSL internet access. The coaxial F-connector port is used for connecting to a cable internet service, not a DSL service. DSL services use telephone lines for connectivity, which require an RJ-11 port, not a coaxial cable connection. References 1.3.1 SOHO Routers 1.3.2 Physical Layer Functions 1.3.3 Data Link Layer Functions 1.3.4 Network Layer Functions 1.3.5 Transport and Application Layer and Security Functions 1.3.6 The Internet 1.3.9 Lab: Create a Home Wireless Network
A network administrator at TechSolutions is tasked with implementing a new access control system to improve security and operational efficiency. The company wants to ensure that employees only have access to the resources necessary for their specific job functions. After evaluating the company's needs, the network administrator decides to implement an access control model. Which access control model should the network administrator implement to meet the company's requirements? Mandatory Access Control (MAC) Discretionary Access Control (DAC) Attribute-Based Access Control (ABAC) Correct Answer: Role-Based Access Control (RBAC)
Correct Answer: Role-Based Access Control (RBAC) Explanation The correct answer is Role-Based Access Control (RBAC). Role-Based Access Control (RBAC) is the most suitable model for TechSolutions' requirements because it allows permissions to be organized into roles that correspond to job functions within the company. This ensures that employees have access only to the resources necessary for their roles, enhancing security and operational efficiency. RBAC simplifies the management of permissions and is scalable, making it ideal for organizations looking to streamline access based on job functions. Discretionary Access Control (DAC) allows resource owners to grant access permissions, which might not align with the company's goal of restricting access based on job functions. Mandatory Access Control (MAC) is more rigid and uses classifications and security labels, which might be overkill for TechSolutions' needs and less flexible in managing access based on job functions. Attribute-Based Access Control (ABAC) can provide fine-grained access control based on attributes and policies, but it might be more complex to implement and manage compared to RBAC for the purpose of aligning access with job functions. References 10.2.1 Authorization and Role-Based Access Control 10.2.5 Lab: Manage Account Policies 10.2.6 Live Lab: Configure Management Privileges
Your organization is planning to deploy Microsoft Active Directory for centralized domain management. To ensure that client computers and other domain members can locate the domain controllers efficiently, you need to configure the DNS appropriately. Which type of DNS record is essential for clients to locate domain controllers within Active Directory? MX Record SRV Record TXT Record A Record
Correct Answer: SRV Record Explanation SRV Record is the correct answer. An SRV (Service) Record is specifically designed to facilitate service discovery within networks, including locating services offered by Active Directory. SRV records contain the service name, port number, and target hostname, allowing clients to automatically discover and connect to domain controllers. This is crucial for operations such as logging in, accessing resources, and directory searches within an Active Directory environment. An MX Record is used to identify the mail servers for a domain and is involved in routing email messages. It does not play a role in the discovery of domain controllers or other Active Directory services. While an A Record is necessary for mapping domain names to their corresponding IP addresses, it does not provide the service discovery functionality required for locating Active Directory domain controllers. A TXT Record is used for storing free-form text information in DNS, such as SPF and DKIM records for email security. It does not facilitate the discovery of services like domain controllers within Active Directory. References 6.5.3 Name Resolution Using DNS 6.5.4 Resource Record Types 6.5.6 Mail Exchange, Service, and Text Records 6.5.8 DNS Server Configuration 6.5.9 Internal vs External DNS
You discover that a third-party application critical to your business operations will soon enter its End of Life (EOL) phase, with limited support and updates thereafter. What is the best long-term strategy to manage this situation? Start developing an in-house replacement for the application. Continue using the application indefinitely, as it meets current needs. Isolate the application from the rest of the IT environment to prevent security risks. Seek alternative applications that are actively supported and offer similar functionality.
Correct Answer: Seek alternative applications that are actively supported and offer similar functionality. Explanation The correct answer is to seek alternative applications that are actively supported and offer similar functionality. Finding an actively supported alternative ensures that your business operations can continue without interruption and with reduced security risks compared to using an EOL application. Continuing to use an EOL application poses increasing security and operational risks over time. While developing an in-house solution may be viable, it can be time-consuming and costly, and alternatives may already exist that meet the business's needs. Isolating the application may mitigate some risks but does not address the long-term issue of using unsupported software and may hinder operational efficiency. References 8.1.6 Lifecycle Management
A network administrator is setting up a new network for their company. The administrator understands the importance of accurate timekeeping for security and logging purposes and decides to configure an NTP server for the network. The network administrator wants to ensure the highest level of accuracy for the network's time synchronization. Which type of NTP server should the network administrator plan to connect to directly for the most accurate time? Stratum 4 Stratum 3 Stratum 2 Stratum 1
Correct Answer: Stratum 1 Explanation The correct answer is Stratum 1. Stratum 1 servers are directly connected to an accurate clock source, such as an atomic clock, making them the most accurate time sources available for NTP synchronization. Stratum 2 servers synchronize their time with a stratum 1 server, making them one step removed from the most accurate time source. Stratum 3 servers are two steps removed from the most accurate time source, making them less accurate than stratum 1 and 2 servers. Stratum 4 servers are even further removed from the most accurate time source, making them the least desirable option for the network administrator's needs. References 7.1.1 Transport Layer Security 7.1.2 Network Time Protocol 7.1.3 Precision Time Protocol 7.1.4 Lab: Configure NTP on Linux 7.1.5 Applied Live Lab: Troubleshoot Time Synchronization Issues
A network administrator is tasked with improving the efficiency of a corporate network that consists of two segments: Segment A, which is heavily utilized by data-intensive applications, and Segment B, which is used primarily for light office work. When Segment A is under heavy load, it significantly impacts the performance of Segment B. To address this, the administrator is considering installing an Ethernet bridge between the two segments. Which of the following outcomes should the network administrator expect after installing an Ethernet bridge between Segment A and Segment B? The Ethernet bridge will enable Segment A to use IP addresses from Segment B. The Ethernet bridge will prevent traffic from Segment A from impacting the performance of Segment B. The Ethernet bridge will increase the bandwidth available to Segment B. The Ethernet bridge will combine Segment A and Segment B into a single collision domain.
Correct Answer: The Ethernet bridge will prevent traffic from Segment A from impacting the performance of Segment B. Explanation The correct answer is that the Ethernet bridge will prevent traffic from Segment A from impacting the performance of Segment B. By installing an Ethernet bridge, the administrator effectively isolates the two segments into separate collision domains. This means that heavy traffic or collisions in Segment A will not impact the performance of Segment B, as the bridge will only forward relevant traffic between the two segments. The Ethernet bridge does not increase the bandwidth available to any segment. It manages traffic between segments but does not add additional bandwidth. The Ethernet bridge does the opposite of combining segments into a single collision domain; it segments the network into separate collision domains, reducing the likelihood of collisions affecting the entire network. An Ethernet bridge operates at the Data Link layer (layer 2) and deals with MAC addresses, not IP addresses. It does not enable segments to use IP addresses from each other; IP address management is a function of layer 3 devices like routers. References 3.2.2 Bridges
You are monitoring network traffic and notice that ARP requests for a specific IP address are receiving responses from two different MAC addresses. What is the MOST likely cause of this issue, and how should you proceed to troubleshoot it? answer This is a normal occurrence in networks with multiple access points; no action is needed. The network switch is malfunctioning; replace the switch immediately. Incorrect answer: There may be a duplicate MAC address issue; use a protocol analyzer to examine ARP traffic more closely. Correct Answer: The IP address is configured on a virtual machine and its host; reassign the IP address to only one device.
Correct Answer: The IP address is configured on a virtual machine and its host; reassign the IP address to only one device. Explanation When two devices are configured with the same IP address (such as a virtual machine and its host), both will respond to ARP requests, leading to multiple MAC addresses being associated with a single IP address. Reassigning the IP address resolves the conflict. While networks with multiple access points may have complex ARP behaviors, receiving ARP responses from two different MAC addresses for a single IP address is indicative of an issue, not a normal occurrence. Action is needed to resolve the conflict. While a malfunctioning switch could cause other network issues, receiving ARP responses from two different MAC addresses for the same IP address suggests a problem at the device level, not with the switch. While IP address conflicts can occur with virtual machines and their hosts, the scenario describes a MAC address conflict, which requires a different approach to troubleshooting. Duplicate MAC addresses cause different types of network problems and are not typically identified through ARP responses. References 8.5.3 Protocol Analyzers 8.5.4 Using Wireshark to Troubleshoot Network Issues 8.5.5 Lab: Troubleshoot with Wireshark 9.3.7 Lab: Poison ARP and Analyze with Wireshark
A network admin discovers that an OSPF network with multiple areas is experiencing frequent re-convergence, leading to temporary routing instabilities. The network is designed with a backbone area (Area 0) and several other areas connected to it. The administrator suspects that the issue might be related to the OSPF configuration. What aspect of the OSPF configuration should the administrator investigate first? The administrator should verify the OSPF area configurations to ensure that all non-backbone areas are properly connected to Area 0. The administrator should examine the OSPF timers, particularly the hello and dead intervals, to ensure they are optimized for the network's size and topology. The administrator should check if all routers are correctly configured with the same OSPF process ID. The administrator should investigate whether OSPF authentication is enabled and configured correctly on all routers.
Correct Answer: The administrator should verify the OSPF area configurations to ensure that all non-backbone areas are properly connected to Area 0. Explanation The correct answer is that the administrator should verify the OSPF area configurations to ensure that all non-backbone areas are properly connected to Area 0. Proper connection of all non-backbone areas to Area 0 is crucial for stable OSPF operation. Misconfiguration in how areas are connected to the backbone can lead to routing loops or frequent topology changes, causing frequent re-convergence and temporary routing instabilities. While an OSPF process ID is important for router configuration, it is not typically related to issues of frequent re-convergence across multiple areas. OSPF authentication issues would more likely prevent OSPF neighbors from forming in the first place rather than causing frequent re-convergence. While OSPF timers can affect convergence times, the scenario describes frequent re-convergence rather than slow convergence, suggesting a structural issue with the OSPF area configuration rather than timer settings. References 5.2.4 Open Shortest Path First
During a network performance analysis, you notice that a particular client-server session is terminated abruptly. You observe that after a period of normal data exchange, the client suddenly sends a RST packet to the server. Which of the following could be a reason for the client to send a RST packet? The client is attempting to restart the three-way handshake process. The client wants to initiate the TCP connection teardown process in an orderly manner. The client has detected an error condition and wants to abruptly terminate the connection. The client is confirming the successful receipt of a FIN packet from the server.
Correct Answer: The client has detected an error condition and wants to abruptly terminate the connection. Explanation A RST (reset) packet is used to abruptly terminate a connection, often due to an error condition or a security policy violation. The RST packet indicates that the client wishes to immediately close the connection without going through the normal TCP connection teardown process. The orderly TCP connection teardown process involves the exchange of FIN and ACK packets, not a RST packet. Confirming the successful receipt of a FIN packet from the server is done with an ACK packet, not a RST packet. The RST packet does not play a role in the normal connection teardown process. The three-way handshake process is initiated with a SYN packet, not a RST packet. Sending a RST packet does not restart the handshake process but instead abruptly terminates the connection. References 8.2.5 Performance Monitoring 8.6.4 Traffic Testing Tools
Your company has recently expanded its network by adding several new switches. After the expansion, you've noticed intermittent network outages and slow performance. Upon investigation, you discover that the root bridge of your Spanning Tree Protocol (STP) configuration is a switch located on the edge of the network, which is connected via a low-bandwidth link. What is the MOST likely cause of the network issues, and what action should you take to resolve them? The STP configuration is using the original 802.1D standard, leading to slow convergence. You should switch to Rapid STP (RSTP) for faster convergence. The new switches have not been properly configured for STP, causing loops. You should ensure all switches are correctly configured for STP. The root bridge is located on a low-bandwidth link, causing a bottleneck. You should decrease the priority value of a core switch to elect it as the new root bridge.
Correct Answer: The root bridge is located on a low-bandwidth link, causing a bottleneck. You should decrease the priority value of a core switch to elect it as the new root bridge. Explanation The most likely cause is that the root bridge is located on a low-bandwidth link, causing a bottleneck. You should decrease the priority value of a core switch to elect it as the new root bridge. Having the root bridge on a low-bandwidth link can create a bottleneck, as all spanning tree paths will be calculated with respect to the root bridge's location. This can lead to suboptimal path selection and slow network performance. Decreasing the priority value of a core switch (preferably one connected to the high-bandwidth backbone) will help in electing it as the new root bridge, optimizing the network's performance. While it's true that the root bridge's priority value affects its election, simply decreasing the priority value of the current root bridge does not address the issue of its suboptimal location. Switching to RSTP can improve convergence times but does not address the root cause of the problem, which is the root bridge's poor location in the network topology. While ensuring all switches are correctly configured for STP is important, the scenario specifically identifies the root bridge's location as the issue, not a lack of STP configuration. References 3.3.3 Spanning Tree Protocol 3.3.4 Spanning Tree Protocol Configuration
A network administrator is troubleshooting an OSPF issue where two routers in different areas are unable to exchange routing information. The network consists of multiple areas, including a correctly configured backbone area (Area 0). What could be the reason for this communication issue? One of the routers is not configured to send hello packets. OSPF is not designed to support communication between routers in different areas. The routers are configured in different OSPF areas but are not connected through Area 0. The routers are using different OSPF versions, which is preventing them from communicating.
Correct Answer: The routers are configured in different OSPF areas but are not connected through Area 0. Explanation The correct answer is that the routers are configured in different OSPF areas but are not connected through Area 0. In OSPF, all areas must be connected to the backbone area (Area 0) to ensure proper inter-area routing. If routers in different areas are not connected through Area 0, they will be unable to exchange routing information, leading to communication issues. OSPF is specifically designed to support communication between routers in different areas, provided the areas are correctly connected through the backbone area. OSPF versions are generally backward compatible, and differences in OSPF versions are unlikely to be the sole reason for a lack of communication between routers. While hello packets are essential for establishing neighbor relationships in OSPF, the scenario describes an issue with inter-area routing, not neighbor establishment. References 5.2.4 Open Shortest Path First
Your company is expanding its operations to a new building that requires a complete setup of its network infrastructure. You are in charge of planning the entrance facilities for the structured cabling system. The goal is to ensure that the new setup allows for seamless integration with external telecommunications services and supports efficient inter-building communications. What is the primary purpose of designing the entrance facilities in the new building's structured cabling system? To act as the exclusive storage area for the building's networking hardware and documentation To create a recreational area for employees to relax and access the Wi-Fi network To establish a point where the company's network can connect with external telecommunications services and support inter-building communications To serve as the main hub for all wireless networking equipment in the building
Correct Answer: To establish a point where the company's network can connect with external telecommunications services and support inter-building communications Explanation To establish a point where the company's network can connect with external telecommunications services and support inter-building communications is the correct answer. Entrance facilities are designed to mark the juncture where the building's internal cabling system connects with external telecommunications services. This setup facilitates not only the integration with external networks but also supports efficient communications between buildings, aligning with the scenario's goals. While recreational areas are important for employee well-being, they are not the purpose of entrance facilities in a structured cabling system. Entrance facilities focus on network connectivity rather than providing leisure spaces. Entrance facilities' primary role is not to house wireless networking equipment but to facilitate the physical connection between the building's internal network and external telecommunications services. Although storing networking hardware and documentation is important, it is not the primary purpose of entrance facilities. Their main function is to ensure proper connectivity between internal and external networks. References 2.3.1 Structured Cabling System 2.3.4 Structured Cable Installation 2.3.6 Lab: Explore Multiple Locations in a Lab 2.3.8 Lab: Connect Patch Panel Cables 1 2.3.9 Lab: Connect Patch Panel Cables 2 2.4.4 Fiber Optic Cable Installation 2.4.7 Wavelength Division Multiplexing
The IT department of a large organization is considering the implementation of NVMe over Fabrics (NVMe-oF) in their Fibre Channel SAN to enhance the performance of their solid-state storage devices. What is the primary benefit of implementing NVMe-oF in this scenario? To enable wireless connectivity between servers and storage devices To improve the performance of solid-state storage devices in the network To decrease the number of required storage devices To extend the physical distance between servers and storage devices
Correct Answer: To improve the performance of solid-state storage devices in the network Explanation NVMe over Fabrics (NVMe-oF) is designed to extend the NVMe protocol over a network fabric, such as Fibre Channel. This allows for the high-speed, efficient access capabilities of NVMe to be utilized across the SAN, significantly improving the performance of solid-state storage devices connected to the network. NVMe-oF is particularly beneficial for environments that require fast data access and low latency. Extending the physical distance between servers and storage devices is not the primary benefit of NVMe-oF. While network infrastructure can impact distance, NVMe-oF focuses on performance enhancement. Decreasing the number of required storage devices is not a direct benefit of implementing NVMe-oF. The protocol aims to improve performance, not reduce the quantity of storage hardware. Enabling wireless connectivity is not related to NVMe-oF, which is used in wired SAN environments to improve the performance of storage access over network fabrics. References 3.1.2 Modular Transceivers 14.1.4 Fibre Channel
An IT security analyst notices unusual network activity on their company's network. After investigating, the analyst discovers a piece of software that was installed without user consent, operates secretly, and was concealed within an installer package for what appeared to be legitimate software. Which type of malware has the IT security analyst MOST likely discovered? Trojan Worm Virus Potentially unwanted program (PUP)
Correct Answer: Trojan Explanation The correct answer is Trojan. A Trojan is malware that is concealed within an installer package for software that appears to be legitimate. It operates secretly and does not seek any type of consent for installation, matching the description of the malware discovered by the security analyst. Viruses are malware that spread by infecting files without any authorization from the user and are concealed within the executable code of another process. This does not match the description provided. Worms infect processes running in system memory and spread without any authorization from the user. They do not typically disguise themselves within installer packages for legitimate software. Potentially unwanted program (PUP) is incorrect because PUPs are installed alongside a package selected by the user or bundled with a new computer system. Unlike a Trojan, the presence of a PUP is not automatically regarded as malicious and may have been installed with confusing consent, which does not fit the scenario described. References 9.2.2 Attack Types 9.2.4 Malware Attacks
ou are overseeing the installation of a new fiber optic network in an office building. The network design includes a central switch connected to various endpoints throughout the building using fiber optic cables. To ensure a successful installation, you need to select the appropriate type of fiber optic patch cords for connecting the endpoints to the switch. The network requires high data transmission quality with minimal back reflection. Which type of fiber optic patch cord finishing should you choose? Angled Physical Contact (APC) finishing Basic Contact (BC) finishing Physical Contact (PC) finishing UltraPhysical Contact (UPC) finishing
Correct Answer: UltraPhysical Contact (UPC) finishing Explanation UltraPhysical Contact (UPC) finishing is the best choice for this scenario because it offers a high-quality polish that significantly reduces back reflection compared to Physical Contact (PC) finishing. This reduction in back reflection is crucial for maintaining high data transmission quality across the network. UPC finishing ensures that the light signals are transmitted with greater clarity and strength, making it suitable for applications that demand high performance and reliability. While Physical Contact (PC) finishing is a common choice for many fiber optic applications, it does not reduce back reflection as effectively as UltraPhysical Contact (UPC) finishing. In a scenario that requires high data transmission quality with minimal back reflection, UPC finishing would be a better choice than PC finishing. Angled Physical Contact (APC) finishing provides the lowest back reflection levels due to its angled polish. However, it is typically used in applications that are highly sensitive to back reflection, such as long-distance and high-bandwidth transmissions. While APC finishing could technically work in this scenario, UPC finishing is more than adequate for an office building network and is generally more cost-effective for such applications. Basic Contact (BC) finishing is not a recognized finishing type for fiber optic connectors mentioned in standard fiber optic practices. This option was included as an incorrect choice to highlight the importance of selecting a recognized and appropriate finishing type, such as UPC, for ensuring high data transmission quality with minimal back reflection. References 2.3.1 Structured Cabling System 2.3.4 Structured Cable Installation 2.3.6 Lab: Explore Multiple Locations in a Lab
You are tasked with decommissioning a fleet of laptops that were used by your company's remote workforce. The laptops contain a mix of HDDs and SSDs. To ensure data security, you decide to use a method that is effective across both types of drives. Which method should you choose? Use a strong magnet to degauss all drives. Manually delete all files and then perform a disk cleanup. Perform a factory reset on each laptop. Utilize the Instant Secure Erase (ISE) feature on all drives.
Correct Answer: Utilize the Instant Secure Erase (ISE) feature on all drives. Explanation The correct answer is to utilize the Instant Secure Erase (ISE) feature on all drives. The Instant Secure Erase (ISE) feature, available on self-encrypting drives (SEDs), is effective for both HDDs and SSDs. It works by erasing the media encryption key, rendering the data unrecoverable. This method ensures data security across different types of drives. Degaussing with a strong magnet is effective for HDDs but not for SSDs. A factory reset may not securely erase all data, especially on SSDs due to wear-leveling. Manually deleting files and performing a disk cleanup does not securely erase the data; it only marks the space as available. References 8.1.7 Decommissioning
Your company is migrating its on-premises data center to a cloud environment. The migration plan includes deploying several web applications that will be accessible publicly. You are tasked with designing a security solution that protects these applications from web-based attacks while ensuring high availability and minimal latency. Which type of firewall should you implement to secure the web applications? Host-based firewall Stateful packet filtering firewall Network layer firewall Web application firewall (WAF)
Correct Answer: Web application firewall (WAF) Explanation The correct answer is Web application firewall (WAF). A Web Application Firewall (WAF) is specifically designed to protect web applications by monitoring and filtering HTTP/S traffic between the web application and the Internet. It is capable of identifying and blocking web-based attacks such as SQL injection, cross-site scripting (XSS), and other vulnerabilities that are common to web applications. This makes it the most suitable option for securing web applications in a cloud environment, where high availability and minimal latency are crucial. While stateful packet filtering firewalls can track and control the state of active connections, they are not specifically designed to protect web applications from the myriad of web-based attacks. Network layer firewalls perform basic packet filtering based on IP addresses and ports, which is not sufficient for the deep inspection required to protect web applications from sophisticated attacks. Host-based firewalls are deployed on individual servers and can provide a layer of security, but they are not specialized in web application security like a WAF. References 1.3.5 Transport and Application Layer and Security Functions 5.4.1 Firewall Uses and Types 5.4.2 Firewall Selection and Placement 10.5.1 Security Rules and ACL Configuration
A multinational corporation has its main office in New York and branch offices in London, Tokyo, and Sydney. The corporation needs a network that can connect all these offices together, allowing for seamless communication and data transfer. Which type of network would be MOST suitable for this setup? Wide Area Network (WAN) Small and Medium-sized Enterprise (SME) network Small Office/Home Office (SOHO) network Local Area Network (LAN)
Correct Answer: Wide Area Network (WAN) Explanation Wide Area Network (WAN) is the correct answer. A WAN is a network of networks, connected by long-distance links. A typical enterprise WAN would connect a main office site with multiple branch office sites, possibly in different countries. This is the most suitable type of network for a multinational corporation with offices in different countries. A Local Area Network (LAN) is confined to a single geographical location and all nodes and segments are directly connected with cables or short-range wireless technologies. It would not be suitable for connecting offices in different countries. A Small Office/Home Office (SOHO) network is designed for a small number of users in a single location, often using a single Internet router/switch/access point to provide connectivity. It would not be suitable for connecting multiple offices in different countries. A Small and Medium-sized Enterprise (SME) is designed to support dozens of users in a single location, using structured cabling and multiple switches and routers to provide connectivity. It would not be suitable for connecting multiple offices in different countries. References 1.1.2 Network Types 1.1.3 Network Topology 1.1.4 Star Topology 1.1.7 Lab: Create Network Topologies
The marketing office reported issues regarding slow network connectivity to the Internet and inability to access the company's SharePoint site. All marketing users on the 7th floor offices are getting an "HTTP 404" warning. What is the BEST way the network administrator can approach this incident to identify the problem? Begin at Layer 3 of the OSI model and go down. Question all users on the 7th floor. Work on the slow Internet connection first. Make a plan of action to resolve the issue.
Correct Answer: Work on the slow Internet connection first. Explanation The network admin must approach multiple problems individually and start by working on the slow Internet connection first. Although issues with the slow Internet and the "HTTP 404" error may seem the same, both may be caused by different factors. Questioning users will help with identifying the problem. However, questioning all users on the 7th floor is not an efficient use of time. A divide-and-conquer approach to an issue occurs when establishing a theory of the probable cause. Start with the layer of the OSI (open systems interconnection) model where the problem most likely resides, then go down or up the layers. This may be time-consuming. A plan of action would only occur after the cause of the issue has been confirmed through test(s). References 1.4.3 Identify Problem Symptoms
You are configuring SNMP on a network of routers and switches for a small business. You decide to use SNMP v3 because of its enhanced security features. Which of the following configurations would provide the highest level of security for SNMP communication in this scenario? answer Using community strings Correct Answer: authPriv noAuthNoPriv authNoPriv
Correct Answer: authPriv Explanation The correct answer is authPriv. authPriv mode in SNMP v3 provides both authentication and encryption, offering the highest level of security by ensuring that SNMP messages are both authenticated and encrypted, protecting against unauthorized access and eavesdropping. noAuthNoPriv offers neither authentication nor encryption, making it the least secure option and unsuitable for environments where security is a concern. authNoPriv provides authentication but no encryption, making it more secure than noAuthNoPriv but less secure than authPriv since the messages are not encrypted. Using community strings is a method associated with SNMP v1 and v2c, which are less secure than SNMP v3 because they do not support strong authentication or encryption. References 8.2.1 Network Discovery 8.3.1 SNMP Agents and Monitors 8.3.2 SNMP Security 8.3.3 Configuring an SNMP System on a Router 8.3.4 Monitoring a Switch with SNMP 8.3.5 Configuring SNMP Trap 8.3.6 Applied Live Lab: Configure SNMP 8.6.9 Live Lab: Configure Flow Collection and Analysis
You need to find both the A (address) and MX (mail exchange) records for example.com using a specific DNS server (ns1.isp.example). Which dig command would you use to accomplish this in a single query? dig @ns1.isp.example example.com all dig @ns1.isp.example example.com A; dig @ns1.isp.example example.com MX dig @ns1.isp.example example.comv dig @ns1.isp.example example.com A MX
Correct Answer: dig @ns1.isp.example example.com all Explanation The dig @ns1.isp.example example.com all command queries the specified DNS server (ns1.isp.example) for all records associated with example.com, which includes both A and MX records among others. It's the most efficient way to retrieve both types of records in a single query. The syntax provided for the dig @ns1.isp.example example.com A MX command is incorrect; dig does not support querying multiple record types (A and MX) in a single command like this. While the dig @ns1.isp.example example.com A; dig @ns1.isp.example example.com MX command would eventually provide the required information, it involves executing two separate commands instead of a single query, making it less efficient. The dig @ns1.isp.example example.comv command queries for all records but does not explicitly focus on A and MX records, making the dig @ns1.isp.example example.com all command a better match for the specific requirement. References 6.6.4 dig
A network engineer is tasked with configuring a new network segment for the marketing department. The department requires its own VLAN (VLAN50) to segregate its traffic from the rest of the company. The network consists of a Layer 3 switch and multiple Layer 2 switches. The engineer decides to use an SVI for VLAN routing. Which of the following commands should the engineer use to configure the SVI for VLAN50 on the Layer 3 switch? switchport mode access vlan 50 interface VLAN50 ip address 192.168.50.1 255.255.255.0 interface G0/1.50 encapsulation dot1Q 50 vlan 50
Correct Answer: interface VLAN50 ip address 192.168.50.1 255.255.255.0 Explanation To configure an SVI for VLAN50, the command interface VLAN50 ip address 192.168.50.1 255.255.255.0 is used. This command creates the SVI and assigns it an IP address, allowing it to act as the default gateway for devices in VLAN50. The interface G0/1.50 encapsulation dot1Q 50 command is used for configuring a subinterface on a router, not an SVI on a Layer 3 switch. The vlan 50 command is used to create VLAN50 on a switch but does not configure an SVI. The switchport mode access vlan 50 command is used to assign a switch port to VLAN50, not to configure an SVI. References 5.6.1 Virtual LANs and Subnets 5.6.7 VLAN Routing 5.6.8 Lab: Configure Switch IP and VLAN - GUI
During a routine security audit, you discover that an unauthorized device is communicating with your network. You decide to manually add a static ARP entry on your Linux server to redirect the traffic from the unauthorized device's IP address to a secure location for further analysis. Which command would you use to add a static ARP entry for the IP address 192.168.1.100 with the MAC address 00:1A:2B:3C:4D:5E? ip neigh add 192.168.1.100 lladdr 00:1A:2B:3C:4D:5E nud permanent dev eth0 arp -s 192.168.1.100 00:1A:2B:3C:4D:5E arp -d 192.168.1.100 arp -a 192.168.1.100 00:1A:2B:3C:4D:5E
Correct Answer: ip neigh add 192.168.1.100 lladdr 00:1A:2B:3C:4D:5E nud permanent dev eth0 Explanation The ip neigh add 192.168.1.100 lladdr 00:1A:2B:3C:4D:5E nud permanent dev eth0 command is correct. On Linux, the ip neigh command is used to manage the ARP cache, and the correct syntax to add a static ARP entry is ip neigh add followed by the IP address, lladdr for the MAC address, nud permanent to indicate a non-temporary entry, and specifying the network device (e.g., dev eth0). While the arp -s command is used on Windows to add a static ARP entry, the scenario specifies a Linux server, where the ip neigh command should be used instead. The arp -a command is used to view the ARP cache, not to add or modify entries. The arp -d command is used to delete an ARP entry. This action would not help in redirecting the traffic from the unauthorized device as intended in the scenario. References 4.4.5 Lab: IPv4 Troubleshooting Tools 4.4.7 Lab: Use IPv4 Test Tools 6.4.8 Lab: Explore DHCP Troubleshooting 9.4.10 Applied Live Lab: Analyze Network Attacks
Which TCP/IP utility gives you the following output? arp -a netstat -a ipconfig ping
Correct Answer: ipconfig Explanation The ipconfig command shows a computer's TCP/IP configuration information. netstat -a shows you the status of all connections and listening ports. The ping command shows you the results of four echo request/reply contacts with a destination host. The arp -a switch shows you current ARP cache tables. References 4.4.1 ipconfig 4.4.2 ifconfig and ip 4.4.5 Lab: IPv4 Troubleshooting Tools 4.4.6 Lab: IPv4 Troubleshooting tools for Linux 4.4.7 Lab: Use IPv4 Test Tools 6.4.6 Lab: Troubleshoot Address Pool Exhaustion 6.4.9 Lab: Troubleshoot IP Configuration 1 6.4.10 Lab: Troubleshoot IP Configuration 2 6.4.11 Lab: Troubleshoot IP Configuration 3 6.6.1 Client DNS Issues 6.6.2 Name Resolution Issues 9.4.10 Applied Live Lab: Analyze Network Attacks
You have been called in to troubleshoot a connectivity problem on a newly installed Windows Server system. The system is operating satisfactorily and is able to communicate with other systems on the local network. However it is unable to access any systems on other segments of the corporate network. You suspect that the default gateway parameter for the system has not been configured or may be configured incorrectly. Which of the following utilities are you MOST likely to use to view the system's default gateway information? netstat ifconfig ipconfig ping
Correct Answer: ipconfig Explanation Use the ipconfig utility to view the TCP/IP configuration of a Windows Server 2003 system. The information displayed by ipconfig includes default gateway information. Use the ifconfig command to view the TCP/IP configuration on a Linux, Unix, or Macintosh system. Use the netstat command to view TCP connection statistics. Use the ping command to check the connectivity between a source and destination computer. References 4.4.1 ipconfig 4.4.2 ifconfig and ip 4.4.5 Lab: IPv4 Troubleshooting Tools 4.4.6 Lab: IPv4 Troubleshooting tools for Linux 4.4.7 Lab: Use IPv4 Test Tools 6.4.6 Lab: Troubleshoot Address Pool Exhaustion 6.4.9 Lab: Troubleshoot IP Configuration 1 6.4.10 Lab: Troubleshoot IP Configuration 2 6.4.11 Lab: Troubleshoot IP Configuration 3 6.6.1 Client DNS Issues 6.6.2 Name Resolution Issues 9.4.10 Applied Live Lab: Analyze Network Attacks
Given the FQDN mail.sales.eastco.example.net, which part of the FQDN is most likely to be managed by an organization appointed by a government? sales net mail Incorrect answer: eastco
Correct Answer: net Explanation The "net" part of the FQDN is the top-level domain (TLD), which can be either a generic TLD (gTLD) or a country code TLD (ccTLD). While "net" is a gTLD and not typically managed by a government-appointed organization, the question hints at understanding the management of TLDs. Country code TLDs (like .uk, .ca, .de) are the ones generally managed by government-appointed organizations. However, among the options provided, "net" is the TLD and closest to what the question describes. "mail" is incorrect because it represents a specific host or service, not a TLD. "sales" and "eastco" are incorrect as they represent subdomains within the "example.net" domain, indicating organizational divisions or geographic locations, not TLDs managed by government-appointed organizations. References 6.5.1 Host Names and Domain Names 6.5.2 DNS Hierarchy 6.5.3 Name Resolution Using DNS 6.5.4 Resource Record Types 6.5.5 Host Address and Canonical Name Records 6.5.6 Mail Exchange, Service, and Text Records 6.5.7 Pointer Records 6.5.8 DNS Server Configuration 6.5.9 Internal vs External DNS 6.5.10 DNS Security 6.5.11 Lab: Configure DNS Addresses
A security analyst is investigating a series of unusual network activities that suggest a potential breach in their organization's network. The analyst suspects that the traffic is being routed through an unknown intermediary device within the network. To map the path that the network traffic is taking to reach its destination, which Nmap command option should the security analyst use? nmap --traceroute 10.10.1.0/24 nmap -sn 10.10.1.0/24 nmap -A 10.10.1.0/24 nmap -p 80,443 10.10.1.0/24
Correct Answer: nmap --traceroute 10.10.1.0/24 Explanation The correct answer is the nmap --traceroute 10.10.1.0/24 command. The --traceroute option in Nmap is specifically designed to trace the path packets take from the scanner to the target host. This would allow the security analyst to identify any unexpected devices or routes that the network traffic is passing through, which is crucial for investigating the potential breach. The -sn option is used for host discovery without port scanning. While it can identify active hosts, it does not provide the path that packets take to reach these hosts, which is what the security analyst needs to investigate. The -A option enables OS detection, version detection, script scanning, and traceroute. Although it includes traceroute, it also performs additional scans that may not be necessary for the security analyst's immediate need to map packet paths. The -p 80,443 option specifies that only ports 80 and 443 should be scanned. This command is useful for identifying web services but does not provide information on the path packets take, which is essential for the security analyst's investigation. References 7.2.9 Lab: Scan for Web Services with Nmap 8.2.2 Nmap 8.2.3 Nmap Port Scanning
You are a network administrator troubleshooting a name resolution issue within your company's internal network. You suspect that the DNS server might not be resolving internal hostnames correctly. Which nslookup command should you use to query the DNS server for the hostname internal-server.company.local? nslookup -type=mx internal-server.company.local nslookup -debug internal-server.company.local nslookup internal-server.company.local nslookup -type=a internal-server.company.local
Correct Answer: nslookup internal-server.company.local Explanation The nslookup internal-server.company.local command is the correct choice because it directly queries the DNS server for the IP address associated with the hostname internal-server.company.local without specifying any particular type of DNS record, which is suitable for a general name resolution test. The -type=mx option is used to query for mail exchange records, which is not relevant when troubleshooting general hostname resolution issues. The -type=a option specifies an A record query, which is for IPv4 addresses. While this could technically work for resolving a hostname to an IP address, specifying the type is unnecessary for a basic query, as nslookup defaults to querying A and AAAA records if no type is specified. The -debug option provides additional details about the query process and response, which might be useful for in-depth troubleshooting but is not necessary for a basic check of whether a hostname can be resolved. References 6.5.16 Configuring DNS Caching on Linux 6.6.2 Name Resolution Issues 6.6.3 nslookup 6.6.5 Lab: Explore nslookup 6.6.6 Lab: Use nslookup 6.6.7 Applied Live Lab: Report DNS Configuration 9.4.10 Applied Live Lab: Analyze Network Attacks 10.3.5 Lab: Scan for Unsecure Protocols
During a network upgrade, a network administrator needs to verify that all interfaces on a switch are operational and that no interfaces have been inadvertently shut down or disabled. The administrator also wants to ensure that there are no speed or duplex mismatches that could affect network performance. Which command should the administrator use to efficiently review the operational status, speed, and duplex settings of all interfaces on the switch? show interfaces status show ip interface brief show running-config show interfaces
Correct Answer: show interfaces status Explanation The show interfaces status command provides a concise table that includes the status, speed, and duplex settings of all interfaces on the switch, making it an efficient tool for quickly reviewing the operational status and configuration of all ports to ensure they are correctly set up and functioning. The show interfaces command provides detailed information about each interface, including statistics and error information, which can be too verbose when simply verifying operational status, speed, and duplex settings across all interfaces. The show running-config command displays the current configuration of the switch, including interface configurations. While it shows how interfaces are configured, it does not provide real-time operational status. The show ip interface brief command provides a brief overview of interface statuses and IP addresses but lacks detailed information about speed and duplex settings. References 3.4.3 Switch Show Commands 3.4.8 Lab: Troubleshoot Disabled Ports
A security analyst notices an increase in DNS spoofing attacks targeting their company. The analyst wants to implement a solution that validates the DNS responses to ensure they are coming from the legitimate source. What should the security analyst implement? Secure Sockets Layer (SSL) DNS over Transport Layer Security (DoT) DNS Security Extensions (DNSSEC) Web of Trust (WoT)
Explanation The correct answer is to implement DNS Security Extensions (DNSSEC). DNSSEC provides a way to validate DNS responses by ensuring they are digitally signed by the authoritative DNS server. This helps in mitigating DNS spoofing attacks by verifying the authenticity of the responses. While DoT secures DNS queries, its primary purpose is not to validate the source of DNS responses. SSL is used for securing connections between web servers and browsers, not specifically for DNS response validation. Web of Trust (WoT) is a concept used for establishing trust networks, not for validating DNS responses. References 6.5.10 DNS Security
You are a network engineer who has been tasked with diagnosing an intermittent network issue that occurs between a client machine (IP address 172.16.30.4) and a server (IP address 10.5.5.10). You suspect that there might be an issue with the TCP handshake or other TCP flags not being properly set during communication. You decide to use tcpdump to capture and analyze the TCP traffic between these two hosts in more detail. Which tcpdump command should you use to increase the verbosity of the output for detailed analysis of the TCP handshake and flags? tcpdump -vvv -i eth0 "host 172.16.30.4 or host 10.5.5.10" tcpdump -i eth0 "port 22" tcpdump -v -i eth0 "host 172.16.30.4 and host 10.5.5.10" tcpdump -w detailed.pcap "host 172.16.30.4 and host 10.5.5.10"
Correct Answer: tcpdump -v -i eth0 "host 172.16.30.4 and host 10.5.5.10" Explanation The correct command to use is tcpdump -v -i eth0 "host 172.16.30.4 and host 10.5.5.10". The -v option increases the verbosity of the tcpdump output, providing more detailed information about each packet, including the TCP handshake and flags. This command captures traffic between the specified client and server, making it easier to analyze the TCP communication details. The use of -v is crucial for diagnosing issues that require insight into the protocol-level interactions. While the tcpdump -w detailed.pcap "host 172.16.30.4 and host 10.5.5.10" command writes the captured packets to a file for later analysis, it does not increase the verbosity of the output. Without the -v option, you might not get the detailed information about the TCP handshake and flags you need. The tcpdump -i eth0 "port 22" command captures all traffic on port 22 (SSH), which may not be relevant to the issue between the client and server unless they are specifically using SSH. It also does not use the -v option for increased detail. The tcpdump -vvv -i eth0 "host 172.16.30.4 or host 10.5.5.10" command uses -vvv for even higher verbosity, which might provide too much information, overwhelming you with details not relevant to the TCP handshake or flags. Additionally, using or instead of and captures traffic involving either host with any other host, not just the traffic between the specified client and server, potentially including irrelevant data. References 8.5.2 tcpdump
A network engineer has been tasked with diagnosing a connectivity issue affecting only IPv6 traffic between their company's network and a new branch office. Initial reports indicate that IPv4 traffic is unaffected, suggesting the problem is specific to the IPv6 network path. The network engineer decides to use the traceroute command to identify where the connectivity issue might be occurring along the IPv6 route. Given the specific focus on diagnosing an IPv6 connectivity issue, which traceroute command option should the network engineer use to ensure the analysis targets the IPv6 network path? traceroute -T traceroute -6 traceroute -d traceroute -I
Correct Answer: traceroute -6 Explanation The traceroute -6 command option is specifically designed for tracing the route that IPv6 packets take to a destination. By using this option, the network engineer ensures that the traceroute analysis is conducted over the IPv6 network, which is crucial for diagnosing the reported connectivity issue affecting only IPv6 traffic. This option will provide insight into the IPv6 path and help identify any nodes or segments where the connectivity problem might be occurring. The traceroute -d command is incorrect because the -d option disables DNS name resolution, which does not specifically target IPv6 traffic or address the need to diagnose an IPv6 connectivity issue. The traceroute -T command is incorrect because the -T option uses TCP SYN packets for probes, which does not inherently specify the use of IPv6 for the traceroute analysis. This option would not ensure that the analysis focuses on the IPv6 network path. The traceroute -I command is incorrect because, although it specifies the use of ICMP Echo Request probes instead of the default UDP probes, it does not specifically target IPv6 traffic. The -I option does not address the need to focus the analysis on the IPv6 network path. References 5.1.8 tracert and traceroute 5.1.10 Lab: Cisco Troubleshooting Tools 6.4.8 Lab: Explore DHCP Troubleshooting 6.4.10 Lab: Troubleshoot IP Configuration 2 6.4.11 Lab: Troubleshoot IP Configuration 3 9.4.10 Applied Live Lab: Analyze Network Attacks 13.3.9 Lab: Use PowerShell Remote
A company's medium-sized data center is adding a 30th rack - enclosure, starting with redundant uninterruptible power supplies (UPSs), redundant power distribution units (PDUs), and redundant layer 2 switches. The switches have been in production for a few years with up-to-date security settings, and the company will repurpose them with this new rack enclosure. As one of those administrators, your task is to network these devices with a defense-in-depth strategy to secure them against tampering and abuse. The switches will allow new devices in the rack to securely receive a Dynamic Host Configuration Protocol (DHCP) Internet Protocol (IP) address for the initial setup. Switch ports should all be available for initial setup and secured after mounting. Vou must examine each device tn determine which settines?
The layer 2 switches have been in production for a few years and have some up-to-date security settings. Since the security settings are up-to-date, it does not require changing default passwords. Configuring port security and disabling unneeded switch ports are unnecessary for the initial setup since all ports should be open to allow easier setup for new devices. Since the company is repurposing these switches, a network administrator may need to configure the VLANs for the specific rack enclosure. Enabling the Dynamic Host Configuration Protocol (DHCP) snooping would be appropriate since new devices will use DHCP services in this rack. Configuring DHCP snooping causes the switch to inspect DHCP traffic arriving on access ports to ensure that a host is not trying to spoof its MAC address. Since Uninterruptible Power Supplies (UPSs) are unmanaged, there is no need to configure network security settings. This would be the case for UPSs with or without network cards, which are NOT connected to the network in any way. Simple Network Management Protocol version 3 (SNMPV3) is the most secure protocol. Unlike its predecessors, SNMPV3 supports encryption protocols. No special device configurations are required to quickly connect new devices to the network. The network administrator should mount the device, and it will obtain a DHCP IP address when connected to the network.
You are a junior network engineer with a medium-sized construction firm. They have multiple subnets to segregate traffic and only allow access between specific subnets. All subnets should be able to access the internet. You are troubleshooting communications issues in your company's network. Devices on the network can communicate within their subnets, but they encounter obstacles when trying to communicate with other subnets and the internet. To help resolve the issue, you want to determine which devices are likely causing the problems and, thus, require inspection first. Considerations: Subnet B should be able to access Subnet A, and it cannot, but can access the internet. Subnet C should be able to able to access the internet, but none are able to. Subnet C has a few hosts with no network connectivity at all.
You should check the Firewall, Wireless Access Point, and Devices in Subnet B and C to ensure correct configuration. く Less 스 Since Subnet B should be able to access Subnet A but cannot, the most likely culprit is an incorrect subnet mask on Subnet B devices. Subnet C should be able to access the internet, but none are able to. The Wireless Access Point may have a misconfiguration or the devices on Subnet C have a misconfiguration. Since some devices on Subnet C have no connectivity at all to the network, those devices on Subnet C should be checked for possible incorrect password or Service Set Identifier (SSID). For more information on this topic, review: 5.3 Given a scenario, troubleshoot common issues with network services
