Questions 610-711
Which of the following is the best VPN to use for only encrypting and routing data for a specific destination? A. Split-tunnel B. Site-to-site C. Client D. Layer 2
A. Split-tunnel
A customer needs to distribute Ethernet to multiple computers in an office. The customer would like to use non-proprietary standards. Which of the following blocks does the technician need to install? A. 110 B. 66 C. Bix D. Krone
A. 110 The 110 block is a non-proprietary wiring block commonly used for terminating and connecting Ethernet cables. It provides a standardized and widely accepted interface for distributing Ethernet connections in office environments. The 110 block is part of the ANSI/TIA/EIA-568 wiring standards, which are non-proprietary and widely adopted in the industry for structured cabling systems.
A company's VoIP phone connection is cutting in and out. Which of the following should be configured to resolve this issue? A. 802.1Q tagging B. Jumbo frames C. Native VLAN D. Link aggregation
A. 802.1Q tagging
A customer lost the connection to the telephone system. The administration console is configured with multiple network interfaces and is connected to multiple switches. The network administrator troubleshoots and verifies the following:• The support team is able to connect remotely to the administration console.• Rebooting the switch shows solid link and activity lights even on unused ports.• Rebooting the telephone system does not bring the system back online.• The console is able to connect directly to individual modules successfully.Which of the following is the most likely reason the customer lost the connection? A. A switch failed. B. The console software needs to be reinstalled. C. The cables to the modules need to be replaced. D. A module failed.
A. A switch failed.
An IT administrator is creating an alias to the primary customer's domain. Which of the following DNS record types does this represent? A. CNAME B. MX C. A D. PTR
A. CNAME
A network administrator wants to implement an authentication process for temporary access to an organization's network. Which of the following technologies would facilitate this process? A. Captive portal B. Enterprise authentication C. Ad hoc network D. WPA3
A. Captive portal A captive portal is a technology that facilitates an authentication process for temporary access to a network. It typically involves a web page that users must interact with before gaining access to the network. Users may need to enter credentials or agree to terms of service through the captive portal before being granted temporary access.
A firewall administrator observes log entries of traffic being allowed to a web server on port 80 and port 443. The policy for this server is to only allow traffic on port 443. The firewall administrator needs to investigate how this change occurred to prevent a reoccurrence. Which of the following should the firewall administrator do next? A. Consult the firewall audit logs. B. Change the policy to allow port 80. C. Remove the server object from the firewall policy. D. Check the network baseline.
A. Consult the firewall audit logs. Consulting the firewall audit logs would be the most appropriate next step for the firewall administrator. These logs typically record all changes to firewall rules and policies, including who made the changes and when they were made. By reviewing the audit logs, the administrator can determine how the change allowing traffic on port 80 occurred and take steps to prevent a reoccurrence, such as tightening access controls or implementing stricter change management procedures.
A network technician crimped a length of UTP with TIA\EIA-568A on one end and TIA\EIA-568B on the other. Which of the following cable types did the technician create? A. Crossover cable B. Patch cable C. Twinaxial cable D. Rollover cable
A. Crossover cable Crossover cable - 568A to 568B Straight through is - (568A to 568A) or (568B to 568B) A rollover cable is a complete reversal of pins - ex. (pins 12345678 to pins 87654321
Which of the following is the next step to take after successfully testing a root cause theory? A. Determine resolution steps. B. Duplicate the problem in a lab. C. Present the theory for approval. D. Implement the solution to the problem. Reveal Solution Discussion 7
A. Determine resolution steps. CompTIA Net+ troubleshooting steps: 1. Identify the problem. 2. Follow a theory of probable cause 3. Test the theory to determine the cause "Theory has been tested" 4. Establish a plan of action "Determine resolution steps" 5. Implement the solution 6. Test system functionality and implement preventive measures
Which of the following IP transmission types encrypts all of the transmitted data? A. ESP B. AH C. GRE D. UDP E. TCP
A. ESP Encapsulating Security Payload (ESP) is a part of the IPsec suite that provides confidentiality, integrity, and authenticity to the data packets it transmits. ESP encrypts the payload of the IP packet to ensure that the transmitted data is confidential and protected from unauthorized access, making it the correct choice for encrypting all of the transmitted data
Which of the following are environmental factors that should be considered when installing equipment in a building? (Choose two.) A. Fire suppression system B. UPS location C. Humidity control D. Power load E. Floor construction type F. Proximity to nearest MDF
A. Fire suppression system C. Humidity control
After running a Cat 8 cable using passthrough plugs, an electrician notices that connected cables are experiencing a lot of cross talk. Which of the following troubleshooting steps should the electrician take first? A. Inspect the connectors for any wires that are touching or exposed. B. Restore default settings on the connected devices. C. Terminate the connections again. D. Check for radio frequency interference in the area.
A. Inspect the connectors for any wires that are touching or exposed.
Which of the following should a junior security administrator recommend implementing to mitigate malicious network activity? A. Intrusion prevention system B. Load balancer C. Access logging D. Endpoint encryption
A. Intrusion prevention system
Which of the following is a characteristic of the application layer? A. It relies upon other layers for packet delivery. B. It checks independently for packet loss. C. It encrypts data in transit. D. It performs address translation.
A. It relies upon other layers for packet delivery. the presentation layer is responsible for translating, encrypting, and decrypting data not the application layer
Which of the following fiber connector types is the most likely to be used on a network interface card? A. LC B. SC C. ST D. MPO
A. LC LC - widely used due to its small size and ease of use SC - used in Gigabit Ethernet networks, datacom, and telecom applications ST - used in multimode datacom (but was replaced by SC and LC) MPO - used in high-speed data center applications
A client wants to increase overall security after a recent breach. Which of the following would be best to implement? (Choose two.) A. Least privilege network access B. Dynamic inventories C. Central policy management D. Zero-touch provisioning E. Configuration drift prevention F. Subnet range limits
A. Least privilege network access C. Central policy management
Which of the following best describe the functions of Layer 2 of the OSI model? (Choose two.) A. Local addressing B. Error preventing C. Logical addressing D. Error detecting E. Port addressing F. Error correcting
A. Local addressing Yet another question with unclear or non-standard choices. Right away, we can rule out C and E. Layer 3 deals with logical addressing. Layer 4 deals with "port addressing" (very poor wording). Option B seems very unlikely, but maybe CSMA/CA would classify as an error preventing method (collision avoidance). That feels like a stretch, though. Not to mention most Net+ materials won't mention "error preventing" methods. Finally, in the context of Ethernet networks, Layer 2 does not do any error correcting, so F is probably out. So with B, C, E, and F ruled out, we have A and D. Everyone should know that Layer 2 deals with error detection, so D is a given. The last bit of garbage wording is "local addressing." The standard terms are physical address, hardware address, or MAC address. Assuming that local addressing refers to MAC addresses, the overall answer is A and D.
Which of the following network topologies contains a direct connection between every node in the network? A. Mesh B. Hub-and-spoke C. Star D. Point-to-point
A. Mesh In a mesh network topology, every node (device or computer) is directly connected to every other node in the network. This direct connection between nodes provides redundancy and multiple communication paths, which can enhance reliability and fault tolerance. Mesh networks can be either full mesh, where every node connects to every other node, or partial mesh, where only certain nodes have direct connections to each other.
A network engineer is upgrading an existing edge gateway. The company currently uses a router and needs to be able to filter on all OSI layers. Which of the following should the engineer use to upgrade the gateway? A. NGFW B. Proxy C. Layer 3 switch D. Load balancer
A. NGFW (Next-Generation Firewall) Explanation: NGFW (Next-Generation Firewall): NGFWs are advanced security devices that go beyond traditional firewalls. They provide filtering and inspection capabilities at multiple OSI layers, including application-layer filtering, intrusion prevention, and advanced threat protection. NGFWs are designed to offer more sophisticated and comprehensive security features compared to traditional routers.
Which of the following antenna types would most likely be used in a network repeater that is housed in a central point in a home office? A. Omnidirectional B. Parabolic C. High-gain D. Patch Reveal Solution
A. Omnidirectional
A network technician discovered multiple failed logins on a production server. Upon investigation, the technician determined that a client plugged a personal laptop in to the corporate LAN, which allowed malware on the laptop to probe the network. Which of the following would have prevented this unauthorized device? A. Port security B. Bring your own device policy C. Patch management D. Changing default passwords
A. Port security
Which of the following layers of the OSI model is responsible for end-to-end encryption? A. Presentation B. Application C. Session D. Transport
A. Presentation. The Presentation layer of the OSI model is primarily responsible for formatting, encrypting, and compressing data in a way that the Application layer can understand. Encryption, as a part of data formatting, is often implemented in this layer to ensure end-to-end secure communication between applications.
Which of the following is the most cost-effective way for a network administrator to establish a persistent, secure connection between two facilities? A. Site-to-site VPN B. SSH tunnel C. API gateway D. Dedicated line
A. Site-to-site VPN
Which of the following architectures would allow the network-forwarding elements to adapt to new business requirements with the least amount of operating effort? A. Software-defined network B. Spine and leaf C. Three-tier D. Backbone
A. Software-defined network A Software-Defined Network (SDN) allows for network-forwarding elements to adapt to new business requirements with the least amount of operating effort. SDN separates the network control plane from the data plane, allowing for centralized control and programmability of the network. This enables network administrators to dynamically configure and manage network resources based on changing business needs through software control, reducing manual configuration efforts.
A network administrator wants to install new VoIP switches in small network closet but is concerned about the current heat level of the room. Which of the following should the administrator take into consideration before installing the new equipment? A. The power load of the switches B. The humidity in the room C. The fire suppression system D. The direction of airflow within the switches
A. The power load of the switches Power load would be the answer here. The higher the power load the more heat the switch generates. The more heat the switch generates, the hotter it will make the already hot room. Vent's and the direction of airflow can only do so much especially when the questions says the closet is already hot.
A network manager wants to set up a remote access system for the engineering staff. Access to this system will be over a public IP and secured with an ACL. Which of the following best describes this system? A. VPN B. Secure Shell C. Jump server D. API
A. VPN
A network administrator corrected a rule on a misconfigured firewall. Which of the following should the administrator do NEXT when applying the network troubleshooting methodology? A. Verify full system functionality. B. Document actions and lessons learned. C. Establish a theory of probable cause. D. Identify potential effects.
A. Verify full system functionality.
A network contains 25 access points. Which of the following devices would be best to change configurations on all the devices remotely? A. WLAN controller B. Load balancer C. Bridge D. Layer 3 switch
A. WLAN controller
A technician needs to find the MAC address of a connecting router. Which of the following commands should the technician use? A. arp B. traceroute C. nslookup D. ping Reveal Solution
A. arp
Which of the following security concepts is related to ensuring that encrypted data is not edited while in transit? A. Zero trust B. Integrity C. Availability D. Confidentiality
B. Integrity
A local service provider connected 20 schools in a large city with a fiber-optic switched network. Which of the following network types did the provider set up? A. LAN B. MAN C. CAN D. WAN
B. MAN
An organization has a factory automation solution that requires accurate timing between devices. Which of the following should the network administrator implement? A. PTP B. NTP C. NTS D. DoT
B. NTP
Which of the following security methods uses physical characteristics of a person to authorize access to a location? A. Access control vestibule B. Palm scanner C. PIN pad D. Digital card reader E. Photo ID
B. Palm scanner
Which of the following should be configured on a separate network segment without access to the primary company network when security is a concern? A. Email server B. IoT devices C. Wireless LAN controller D. Voice gateway
B. IoT devices Internet of Things (IoT) devices often have security vulnerabilities and may be targeted by attackers. Placing them on a separate network segment, isolated from the primary company network, can help contain potential security breaches and limit the impact of any compromises.
A technician is troubleshooting a computer issue for a user who works in a new annex of an office building. The user is reporting slow speeds and intermittent connectivity. The computer is connected via a Cat 6 cable to a distribution switch that is 492ft (150m) away. Which of the following should the technician implement to correct the issue? A. Increase the bandwidth allocation to the computer. B. Install an access switch in the annex and run fiber to the distribution switch. C. Run a Cat 7 cable from the computer to the distribution switch. D. Enable the computer to support jumbo frames.
B. Install an access switch in the annex and run fiber to the distribution switch. The issue stems from the Cat 6 cable running a distance of 492ft (150m), which exceeds the maximum recommended length of 100 meters (approximately 328 feet) for Ethernet over copper cabling. This can cause slow speeds and intermittent connectivity due to signal degradation over the extended distance.
Users are moving back into an office that had been vacant for a while. Ten workstations are hooked up in the office, but one workstation cannot obtain a link with the switch. A network engineer checks the documentation and cable labeling, and everything is hooked up as expected. The engineer moves the connection to a different switchport. but a link still cannot be obtained. When the engineer puts a tone generator on the infrastructure cable, no tone is heard at the far end. Which of the following issues is the engineer MOST likely trying to find? A. A bad switchport B. A break in the cable C. A cable short D. Cable interference
B. A break in the cable
A network administrator needs to set up a file server to allow user access. The organization uses DHCP to assign IP addresses. Which of the following is the best solution for the administrator to set up? A. A separate scope for the file server using a /32 subnet B. A reservation for the server based on the MAC address C. A static IP address within the DHCP IP range D. A SLAAC for the server
B. A reservation for the server based on the MAC address
Which of the following can be used to identify users after an action has occurred? A. Access control vestibule B. Cameras C. Asset tag D. Motion detectors
B. Cameras
Which of the following kinds of targeted attacks uses multiple computers or bots to request the same resource repeatedly? A. On-path B. DDoS C. ARP spoofing D. MAC flooding
B. DDoS
Users are reporting performance issues when attempting to access the main fileshare server. Which of the following steps should a network administrator perform NEXT based on the network troubleshooting methodology? A. Implement a fix to resolve the connectivity issues. B. Determine if anything has changed. C. Establish a theory of probable cause. D. Document all findings, actions, and lessons learned. Reveal Solution Discussion 6
B. Determine if anything has changed.
A security team would like to use a system in an isolated network to record the actions of potential attackers. Which of the following solutions is the security team implementing? A. Perimeter network B. Honeypot C. Zero trust infrastructure D. Network segmentation Reveal Solution
B. Honeypot
An older web server on a screened subnet is serving unencrypted web traffic. The server is not capable of serving HTTPS traffic directly, but the firewall is capable of doing so. Which of the following should be done to encrypt all traffic coming into the web server from outside the network? (Choose two.) A. A certificate should be installed on the server. B. Incoming port 80 traffic at the firewall should be forwarded to port 443 on the server. C. Incoming port 80 traffic at the firewall should be forwarded to port 80 on the server. D. Incoming port 443 traffic at the firewall should be forwarded to port 80 on the server. E. A certificate should be installed on the firewall. F. A proxy server should be installed on the screened subnet.
B. Incoming port 80 traffic at the firewall should be forwarded to port 443 on the server. E. A certificate should be installed on the firewall.
A network manager wants to view network traffic for devices connected to a switch. A network engineer connects an appliance to a free port on the switch and needs to configure the switch port connected to the appliance. Which of the following is the best option for the engineer to enable? A. Trunking B. Port mirroring C. Full duplex D. SNMP
B. Port mirroring Port mirroring is the best option for the engineer to enable in this scenario. It allows the engineer to capture and analyze network traffic for devices connected to a switch by sending a copy of the traffic from selected switch ports (or VLANs) to the port where the network monitoring appliance is connected. This way, the network manager can view the network traffic without interfering with the normal operation of the switch.
Which of the following cloud deployment models involves servers that are hosted at a company's property and are only used by that company? A. Public B. Private C. Hybrid D. Community
B. Private
A network engineer performed a migration to a new mail server. The engineer changed the MX record, verified the change was accurate, and confirmed the new mail server was reachable via the IP address in the A record. However, users are not receiving email. Which of the following should the engineer have done to prevent the issue from occurring? A. Change the email client configuration to match the MX record. B. Reduce the TTL record prior to the MX record change. C. Perform a DNS zone transfer prior to the MX record change. D. Update the NS record to reflect the IP address change.
B. Reduce the TTL record prior to the MX record change. The Time-to-Live (TTL) value in DNS records determines how long the information is cached by DNS resolvers. When making changes to critical DNS records like the MX (Mail Exchange) record, it's a good practice to reduce the TTL in advance. This way, when you make the actual change, the updated information propagates more quickly through the DNS infrastructure, minimizing downtime and potential issues.
Which of the following can be used to aggregate logs from different devices and would make analysis less difficult? A. Syslog B. SIEM C. Event logs D. NetFlow
B. SIEM Security Information and Event Management (SIEM) systems are designed to aggregate, analyze, and report on log data from various sources across the network, including security devices, network infrastructure, systems, and applications. SIEM solutions centralize the collection of log data, making analysis less difficult by providing tools and features to correlate events, detect anomalies, and generate alerts on potential security incidents or operational issues. This makes SIEM an effective choice for managing logs from different devices in a unified manner.
A network engineer needs to enable device monitoring using authentication and encryption. Which of the following protocols offers this option? A. ESP B. SNMPv3 C. NetFlow D. SSLv3
B. SNMPv3 SNMPv3 (Simple Network Management Protocol version 3) offers the option to enable device monitoring with authentication and encryption, making it suitable for secure network management tasks. SNMPv3 enhances the security features of its predecessors by providing secure access to devices through a combination of authentication and encryption, ensuring that only authorized users can monitor and manage network devices and that the data exchanged is protected from eavesdropping.
A network administrator requires redundant routers on the network, but only one default gateway is configurable on a workstation. Which of the following will allow for redundant routers with a single IP address? A. EIGRP B. VRRP C. MPLS D. STP
B. VRRP
Which of the following technologies would MOST likely be used to prevent the loss of connection between a virtual server and network storage devices? A. Multipathing B. VRRP C. Port aggregation D. NIC teaming
B. VRRP
A company, which is located in a coastal town, retrofitted an office building for a new data center. The underground fiber optics were brought in and connected to the switches in the basement network MDF. A server data center was built on the fifth floor with the two rooms vertically connected by fiber optics. Which of the following types of environmental sensors is most needed? A. Temperature sensor in the network MOF B. Water sensor in the network MDF C. Temperature sensor in the data center D. Water sensor in the data center
B. Water sensor in the network MDF
A systems administrator is looking for operating system information, running services, and network ports that are available on a server. Which of the following software tools should the administrator use to accomplish this task? A. nslookup B. nmap C. traceroute D. netstat
B. nmap
A user notifies a network administrator about losing access to a remote file server. The network administrator is able to ping the server and verifies the current firewall rules do not block access to the network fileshare. Which of the following tools would help identify which ports are open on the remote file server? A. dig B. nmap C. tracert D. nslookup
B. nmap
A company is designing a new complex. The primary and alternate data centers will be in separate buildings 6.2mi (10km) apart and will be connected via fiber. Which of the following types of SFP is the best choice? A. 10GBASE-SR B. 10000BASE-LX C. 10GBASE-LR D. 1000BASE-SX
C. 10GBASE-LR Remeber LR as LONG RANGE.
Which of the following ports is a secure protocol? A. 20 B. 23 C. 443 D. 445
C. 443
Which of the following uses an automated script to make configuration changes when interacting with a web application? A. SSH B. FTP C. API D. GUI
C. API
A network engineer turned on logging to assist with troubleshooting a suspected configuration issue. Which of the following would provide the network engineer with the most informative log information? A. FATAL B. ERROR C. DEBUG D. WARN Reveal Solution
C. DEBUG In logging levels, DEBUG provides the most detailed and informative information for troubleshooting. Different logging levels serve various purposes: - FATAL: Indicates a very severe error that will lead to a program's termination. - ERROR: Indicates a less severe error, but still a problem that requires attention. - WARN (Warning): Indicates a potential issue that does not necessarily cause an error but should be noted. - DEBUG: Provides detailed information about the program's operation for debugging purposes. DEBUG logs are typically used during troubleshooting to gain insights into the system's behavior.
Which of the following OSI model layers are responsible for handling packets from the sources to the destination and checking for errors? (Choose two.) A. Physical B. Session C. Data link D. Network E. Presentation F. Application
C. Data link D. Network
A network administrator is configuring a new switch and wants to ensure that only assigned devices can connect to the switch. Which of the following should the administrator do? A. Configure ACLs. B. Implement a captive portal. C. Enable port security. D. Disable unnecessary services.
C. Enable port security.
A network technician is configuring a wireless network that consists of multiple APs for better coverage and allows roaming between the APs. Which of the following types of SSIDs should the technician configure? A. Basic Service Set B. Independent Basic Service Set C. Extended Service Set D. Distribution System Service
C. Extended Service Set An Extended Service Set (ESS) is a set of interconnected Basic Service Sets (BSS) in a wireless LAN. In a scenario where multiple Access Points (APs) are used to provide better coverage and allow roaming between them, an Extended Service Set is the appropriate configuration. An ESS allows wireless clients to roam seamlessly between different APs within the same wireless network.
A network administrator received reports that a 40Gb connection is saturated. The only server the administrator can use for data collection in that location has a 10GB connection to the network. Which of the following is the best method to use on the server to determine the source of the saturation? A. Port mirroring B. Log aggregation C. Flow data D. Packet capture Reveal Solution
C. Flow data Mirroring a 40GB port on a server with a 10GB connection will cause excess packets received by the server to be dropped. Using NetFlow seems to make more sense. NetFlow is low overhead, port mirroring is resource intensive in high traffic environments.
Which of the following is most likely to be implemented to actively mitigate intrusions on a host device? A. HIDS B. NIDS C. HIPS D. NIPS
C. HIPS HIPS stands for Host-based Intrusion Prevention System. It is a security measure that operates on individual host devices to actively monitor and prevent intrusions at the host level. HIPS monitors the activities and behaviors of applications and processes on a host, looking for any signs of malicious behavior. If it detects suspicious activity, it can take preventive actions to stop or contain the potential intrusion. HIDS (Host-based Intrusion Detection System) is more focused on detection and alerting of potential threats rather than actively preventing them
Which of the following is used when a workstation sends a DHCP broadcast to a server on another LAN? A. Reservation B. Dynamic assignment C. Helper address D. DHCP offer
C. Helper address
A user took a laptop on a trip and made changes to the network parameters while at the airport. The user can access all internet websites but not corporate intranet websites. Which of the following is the most likely cause of the issue? A. Duplicate IP address B. Duplicate SSID C. Incorrect DNS D. Incorrect subnet mask
C. Incorrect DNS
Which of the following is an advantage of using the cloud as a redundant data center? A. The process of changing cloud providers is easy. B. Better security for company data is provided. C. The initial capital expenses are lower. D. The need for backups is eliminated.
C. The initial capital expenses are lower.
Which of the following would be best suited for use at the access layer in a three-tier architecture system? A. Router B. Multilayer switch C. Layer 2 switch D. Access point
C. Layer 2 switch The best answer suited for use at the access layer in a three-tier architecture system is C. Layer 2 switch. In a three-tier system, the tiers are typically the core, distribution, and access layers. The access layer connects directly to end user devices to provide network access. An ideal access layer device is a Layer 2 switch. A router (A) operates at Layer 3 and is more commonly found at the core or distribution layers. A multilayer switch (B) also operates at Layers 2/3 and is overkill for basic access layer functions. An access point (D) could provide wireless access connectivity, but a Layer 2 switch is most appropriate for wired access connections.
Which of the following does OSPF use to communicate routing updates? A. Unicast B. Anycast C. Multicast D. Broadcast
C. Multicast OSPF (Open Shortest Path First) uses multicast to communicate routing updates. Specifically, OSPF routers use multicast addresses to send OSPF routing information updates to other routers in the OSPF area. The OSPF routers form adjacencies and exchange routing information using OSPF multicast addresses. This multicast communication helps in efficiently distributing routing information in OSPF networks.
A network administrator needs to implement routing capabilities in a hypervisor. Which of the following should the administrator most likely implement? A. VPC B. Firewall C. NFV D. laaS
C. NFV To implement routing capabilities in a hypervisor, the administrator should most likely implement NFV (Network Functions Virtualization). NFV involves virtualizing network functions, such as routing, within a software environment rather than relying on dedicated hardware appliances. This allows for more flexibility, scalability, and efficient use of resources in a virtualized environment.
A network administrator needs to monitor traffic on a specific port on a switch. Which of the following should the administrator configure to accomplish the task? A. Port security B. Port tagging C. Port mirroring D. Media access control
C. Port mirroring
Which of the following would most likely be considered for an IDF installation in a secure facility? A. Full-size body scanners B. Iris scanner C. RFID badge readers D. Smart deadbolt
C. RFID badge readers An Intermediate Distribution Frame (IDF) in a secure facility typically houses networking equipment and connections. In this context, security measures are likely to involve access control to the networking infrastructure. RFID (Radio-Frequency Identification) badge readers are commonly used for secure access control in facilities. These readers can authenticate individuals based on RFID badges or cards, providing a secure means of access to network equipment. While options A (Full-size body scanners) and B (Iris scanner) are more associated with physical security measures for access to the facility, option D (Smart deadbolt) is related to securing physical doors and may not be directly tied to securing the network infrastructure in the IDF.
Which of the following services provides the network information for the address when IPv6 is used for SLAAC addressing? A. EUI-64 B. IPv6 unicast routing C. Router advertisement D. DHCPv6
C. Router advertisement
Following the implementation of a BYOD policy, some users in a high-density environment report slowness over the wireless connection. Some wireless controller reports indicate high latency and airttime contention. Which of the following is the most probable root cause? A. The AP is configured with 2.4GHz frequency, which the new personal devices do not support. B. The AP is configured with 2.4GHz frequency without band-steering capabilities. C. The AP is configured with 5Ghz frequency with band-steering capabilities. D. The AP is configured with 5Ghz frequency, which the new personal devices do not support Reveal Solution
C. The AP is configured with 5Ghz frequency with band-steering capabilities. In high-density environments, using the 2.4GHz frequency without band-steering capabilities can lead to increased interference and contention, as many devices may be trying to use the same frequency. Band-steering helps distribute devices between 2.4GHz and 5GHz frequencies, optimizing the use of available spectrum and reducing contention.
A company wants to implement a disaster recovery site for non-critical applications, which can tolerate a short period of downtime. Which of the following types of sites should the company implement to achieve this goal? A. Hot B. Cold C. Warm D. Passive
C. Warm
Which of the following standards would apply to a 10GB network link that is 1.86mi (3km)? A. 10GBASE-TX B. 10GBASE-T C. 10GBASE-SR D. 10GBASE-LR
D. 10GBASE-LR 10GBASE-LR is a standard for 10 Gigabit Ethernet over single-mode fiber that can support distances up to 10 kilometers, making it suitable for a network link that is 1.86 miles (approximately 3 kilometers) long. This standard is designed for long-range communication, which is required in the scenario provided.
An administrator is adjusting the routing policy to ensure the headquarters location can connect to a new out-of-state branch office via BGP. Which of the following types of networks is being described? A. PAN B. MAN C. LAN D. WAN
D. WAN
Which of the following ports is used for secure email? A. 25 B. 110 C. 143 D. 587
D. 587 Port 587 is commonly used for secure email transmission. It is the default port for the submission of email messages to be sent out by email clients securely using the STARTTLS encryption protocol. This port is often associated with the submission of outgoing email by mail clients to a mail server. The other port numbers mentioned: - A. Port 25: This is the default port for unencrypted SMTP (Simple Mail Transfer Protocol) traffic. It is commonly used for email communication but without encryption. - B. Port 110: This is the default port for unencrypted POP3 (Post Office Protocol version 3) traffic, which is used for retrieving emails from a mail server. - C. Port 143: This is the default port for unencrypted IMAP (Internet Message Access Protocol) traffic, which is used for accessing and managing email messages on a mail server
An IT administrator needs to connect older smart-plug devices to the network. The administrator wants to prevent future issues from occurring by using an 802.11 standard that only operates on the 2.4GHz frequency. Which of the following standards should the administrator choose? A. 802.11a B. 802.11ac C. 802.11ax D. 802.11b
D. 802.11b
A customer hired a network consultant to provide advice on the installation of new wireless access. The customer has several devices that operate in either the 5.0GHz range or the 2.4GHz range, and the best performance must be available. Which of the following standards should the technician suggest? A. 802.11a B. 802.11b C. 802.11g D. 802.11n
D. 802.11n
A technician needs to set up a wireless connection that utilizes MIMO on non-overlapping channels. Which of the following would be the best choice? A. 802.11a B. 802.11b C. 802.11g D. 802.11n
D. 802.11n
Which of the following routing protocols uses an autonomous system number? A. IS-IS B. EIGRP C. OSPF D. BGP
D. BGP
A network security technician is designing a solution for a secure remote access scheme with the following requirements:• The solution must allow for users at multiple locations to access corporate resources.• The on-premises equipment will not handle non-corporate, resource-bound traffic.Which of the following should the network security technician consider when designing the solution? (Choose two.) A. Clientless VPN B. Personal VPN C. Full-tunnel VPN D. Client-to-site VPN E. Site-to-site VPN F. Split-tunnel VPN
D. Client-to-site VPN F. Split-tunnel VPN D. Client-to-site VPN: This type of Virtual Private Network (VPN) allows individual users to connect to the corporate network from a remote location. It is suitable when users at multiple locations need to access corporate resources. F. Split-tunnel VPN: In this VPN configuration, only traffic to the corporate network is sent via the VPN. All other traffic (i.e., non-corporate, resource-bound traffic) goes directly to the internet without passing through the VPN. This meets the requirement that the on-premises equipment will not handle non-corporate, resource-bound traffic
A technician is expanding a wireless network and adding new access points. The company requires that each access point broadcast the same SSID. Which of the following should the technician implement for this requirement? A. MIMO B. Roaming C. Channel bonding D. Extended service set
D. Extended service set In a scenario where multiple access points need to broadcast the same SSID to provide seamless wireless connectivity across an area, the technician should implement an Extended Service Set (ESS). An ESS is a group of interconnected BSSs (Basic Service Sets), where each BSS is represented by an access point.
Which of the following is the most secure way to provide site-to-site connectivity? A. VXLAN B. IKE C. GRE D. IPSec
D. IPSec IPSec (Internet Protocol Security) is considered the most secure way to provide site-to-site connectivity. IPSec is a suite of protocols that provides secure communication over IP networks. It is commonly used to establish Virtual Private Network (VPN) connections, ensuring confidentiality, integrity, and authenticity of the data being transmitted between sites.
A technician is troubleshooting intermittent connectivity between devices and viewing the following syslog entries from a switch: 21 Feb 2022 16:02:0231 NOTIFICATION %LINK-I-DOWN: G1/10 21 Feb 2022 16:02:0262 NOTIFICATION %LINK-I-UP: G1/10 21 Feb 2022 16:03:5321 NOTIFICATION %LINK-I-DOWN: G1/10 21 Feb 2022 16:03:7873 NOTIFICATION %LINK-I-UP: G1/10 Which of the following are these entries indicative of? A. DDoS attack B. Jitter C. Latency D. Link flapping
D. Link flapping The syslog entries from the switch indicate that the link on port G1/10 is repeatedly going down and then coming back up in a short amount of time. This behavior is known as link flapping. Link flapping can be caused by various issues, such as faulty cables, bad ports, or misconfigured network equipment, leading to intermittent connectivity between devices.
Following a fire in a data center, an executive is concerned about the amount of data that must be reentered. Which of the following describes the executive's concern? A. RTO B. MTBF C. MMTR D. RPO
D. RPO The executive's concern about the amount of data that must be reentered aligns with the concept of Recovery Point Objective (RPO). RPO defines the acceptable amount of data loss in the event of a disaster or disruption. It represents the point in time to which data must be restored after an outage. In this context, the executive is concerned about how much data might be lost and, consequently, how much needs to be reentered after the fire in the data center.
A network administrator is implementing process changes based on recommendations following a recent penetration test. The testers used a method to gain access to the network that involved exploiting a publicly available and fixed remote code execution vulnerability in the VPN appliance. Which of the following should the administrator do to BEST prevent this from happening again? A. Change default passwords on internet-facing hardware. B. Implement robust ACLs with explicit deny-all entries. C. Create private VLANs for management plane traffic. D. Routinely upgrade all network equipment firmware.
D. Routinely upgrade all network equipment firmware. The key word here is APPLIANCE which means hardware.
A network deployment engineer is deploying a new single-channel 10G optical connection. Which of the following optics should the engineer MOST likely use to satisfy this requirement? A. QSFP B. QSFP+ C. SFP D. SFP+
D. SFP+ SFP = 1Gbps SFP+ = 10 Gbps QSFP = 4xSFP = 4 Gbps QSFP+ = 4xSFP+ = 40 Gbps,
A network administrator is working to configure a new device to provide Layer 2 connectivity to various endpoints including several WAPs. Which of the following devices will the administrator MOST likely configure? A. WLAN controller B. Cable modem C. Load balancer D. Switch E. Hub
D. Switch
Which of the following passwords would provide the best defense against a brute-force attack? A. ThisIsMyPasswordForWork B. Qwerty!@#$ C. Password!1 D. T5!8j5
D. T5!8j5 Qwerty!@#$ is defineltly a dictotionary work with !@#$ translating to 1234 making it easy for an attack
A network administrator is designing a new network for a company that has frequent power spikes. The company wants to ensure that employees can keep working and the server will remain operational. Which of the following is the best solution for the administrator to recommend? A. Generator B. Cold site C. Redundant power supplies D. Uninterruptible power supply
D. Uninterruptible power supply
A network administrator wants to know which systems on the network are at risk of a known vulnerability. Which of the following should the administrator reference? A. SLA B. Patch management policy C. NDA D. Site survey report E. CVE
E. CVE