Quiz Questions Part 2
What is the advantage of using a diversity antenna?
A diversity antenna system avoids multipath distortion.
What is a dual-homed firewall?
A dual-homed firewall is one that has two network interfaces: one interface connects to the Internet, and the other connects to the private network.
What is a physical barrier that acts as the first line of defense against an intruder?
A fence.
The IEEE 802.11n wireless standard has what frequency band and maximum bandwidth parameters?
2.4 GHz or 5 GHz and greater than 300 Mbps.
What is the maximum cable length of 10GBaseSW?
300 meters.
What is the distance limitation of 100GBASE-ER4?
40 km.
What are 3 steps to protect against war driving attacks?
1) Change the default SSID. 2) Disable SSID broadcast. 3) Configure the network to use authenticated access only.
Give 3 aspects of IPSec.
1) IPSec uses encapsulation security payload (ESP) and authentication header (AH) as security protocols for encapsulation. 2) IPSec can work in either in tunnel mode or transport mode. 3) The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions.
What are 2 options for using a network analyzer on more than one subnet in your network?
1) Install a network analyzer on each subnet. 2) Get a distributed network analyzer that consists of a dedicated workstation network analyzer installed on one subnet, and software probes installed on the other subnets.
Which 2 header improvements does IPv6 provide over IPv4?
1) The IP header options allow more efficient forwarding and less rigid length limits. 2) Some header fields have been dropped or made optional.
You need to implement a data center for your company. In this data center, you plan to implement inter-rack connections that are limited to 25 meters (82 feet). Which Ethernet standard should you implement?
1000Base-CX is designed for wiring closets. It has a transmission rate of 1,000 Mbps and a maximum segment length of 25 meters (82 feet).
Name 3 cable specifications that can be used with SONET.
10GBaseEW, 10GBaseLW, and 10GBaseSW. The W designation in the 10GBase specification includes SONET usage.
How many non-overlapping channels are there when using 802.11a?
8 non-overlapping channels.
Which WLAN transmission technologies are least affected by multipath distortion?
802.11a and 802.11g because they use OFDM.
What is the advantage of using 802.1x security over 802.11 WEP security?
802.1x security generates dynamic encryption keys.
A wireless LAN (WLAN) containing only one access point (AP) is known as what type of WLAN?
A Basic Service Set, or BSS, WLAN uses a single AP.
At what OSI layer does a Multistation Access Unit, or MAU, work?
A Multistation Access Unit (MAU) operates at the Physical layer (Layer 1). A MAU is a network connection concentrator used on Token Ring networks. An MAU is similar to a hub
What network appliances performs the most processor-intensive tasks and is critical in IPSec environments?
A VPN concentrator is designed to perform the processor-intensive processes required to terminate multiple VPN tunnels.
Which device operates at both the Data Link layer and the Network layer of the OSI model?
A brouter operates at both the Data Link layer and the Network layer of the OSI model. A brouter can act as a bridge or a router.
What type of network has helped reduce wiring, weight, and cost in industrial applications?
A controller area network, or CAN, is used in industrial applications, originally in automotive systems. It replaces bulky wiring systems, reducing weight and cost.
A firewall might use what configuration option to prevent users on the Internet from initiating sessions with devices inside a corporate network, while still allowing users on the Internet to initiate sessions with publicly available corporate servers?
A demilitarized zone (DMZ) is established in order to permit the outside Internet to access public information of the enterprise network. It enables external clients to access data on private systems, such as web servers, without compromising the security of the internal network.
Describe the beamwidth of a high-gain antenna.
A high-gain antenna has a small vertical beamwidth. The beamwidth parameter of the antenna defines the angle of the radio signal radiated. The angle of radiation of the signal is defined in degrees. The antenna properties include the gain, beamwidth, and transmission angle. Antennas with higher gain have less beamwidth than antennas with lower gain.
On which data can multi-layer switches make routing decisions?
A multi-layer switch, which operates at Layers 2, 3, and 4 of the OSI model, can make routing decisions based on MAC address, IP address, Protocol, or Port number.
What is a native VLAN?
A native VLAN is the VLAN on an IEEE 802.1Q trunk that does not have any tag bytes added.
In DHCP, what is Option?
A parameter that can be used to assign router, DNS server, and other information to DHCP clients.
What is the difference between a passive hub and an active hub?
A passive hub sends received signals out through all of its ports except the one through which the signal was received. It does not amplify or regenerate the signal. An active hub also sends data out all of its ports except the one through which the signal was received, but amplifies or regenerates the signal as it sends it out the ports. Therefore, it does require electricity to operate.
What is the purpose of a pointer (PTR) DNS record?
A pointer, or PTR, record maps an IP address to a hostname.
What is another term for a demilitarized zone, or DMZ?
A screened subnet.
Which type of network interface device (NID) includes circuitry to perform such functions as converting between framing formats on a digital circuit?
A smart jack is a type of network interface device that adds circuitry. This circuitry adds such features as converting between framing formats on a digital circuit, for example, a T1, supporting remote diagnostics, and regenerating a digital signal.
What happens during a ping of death attack?
A system or network is flooded with ICMP packets larger than 65,536 bytes.
If you are working on an isolated test network (that is, a test bed), what piece of equipment can you use to simulate a heavy network load?
A throughput tester is a network appliance, which typically has multiple network interfaces and can generate high volumes of pseudo-random data.
You need to verify a network's transmission speed. Which tool should you use?
A throughput tester is best used to verify a network's transmission speed.
What should you implement to isolate two of the devices that are located on a storage area network, or SAN, fabric containing eight devices?
A vSAN, or Virtual SAN, is a collection of ports from a set of connected Fiber Channel switches that form a virtual fabric. You can partition ports within a single switch into multiple VSANs, despite sharing hardware resources.
You need to configure IPSec to digitally sign and encapsulate each packet within another packet. What should you configure?
AH protocol in tunnel mode. IPSec can be used in tunnel mode with the Authentication Header (AH) protocol to digitally sign and encapsulate each packet sent from the network within another packet.
What are the IPv6 addresses for APIPA, Private, and Loopback?
APIPA: fe80::/10, Private: fc00::/7, Loopback: ::1/128.
Your company implements a honeypot as intrusion prevention. Management is concerned that this honeypot would be considered entrapment and has asked you to ensure that entrapment does not occur. Which situation should you prevent?
Allowing downloads on a honeypot is a possible example of entrapment if it is used to make formal trespassing charges. Entrapment occurs when a hacker is tricked into performing an illegal activity. Entrapment is illegal.
Which type of firewall most detrimentally affects network performance?
An application-level proxy firewall most detrimentally affects network performance because it requires more processing per packet.
Name 2 wireless channel ranges that are reserved for government weather radar systems.
Channels 52-64 (80 MHz: 5.250-5.330 GHz) and Channels 100-144 (240 MHz: 5.49-5.730 GHz)
Which technologies implement packet tagging in a LAN?
Class of Service (CoS) implements packet tagging in a local area network (LAN). It tags the different types of traffic, such as video streaming or VoIP. The tag is a value between 0 and 8, with 0 being the highest priority.
Which open standard creates a redundancy group to share an IP address?
Common Address Redundancy Protocol, or CARP, is an open standard that creates a redundancy group to share an IP address.
Which two guidelines are the best to implement for passwords according to CompTIA?
Configure passwords to change periodically and Create passwords that contain at least one symbol.
Which phase of an incident response plan focuses on the protection of resources and determining operational status?
Contain.
While reviewing recent performance reports from your network devices, you notice that there are a high number of corrupt packets reaching a router. What is most likely happening to them?
Corrupt packets are being dropped. Packet drops occur for a variety of reasons, including packet corruption, speed mismatch, and duplex mismatch.
Which RADIUS implementation was created to deal with Voice over IP, or VoIP, and wireless services?
Diameter was created to deal with Voice over IP (VoIP) and wireless services. It was created to address new technologies that RADIUS was not designed to handle.
You want to encrypt TCP/IP communications on the LAN. The protocol that you use for encryption should be able to encrypt entire data packets, and the protocol should be able to operate in both tunnel mode and transport mode. Which protocol should you use to encrypt data on the network?
IPSec can encrypt data packets transported on a TCP/IP network by using either tunnel mode or transport mode. In transport mode, IPSec encrypts only the part of an IP data packet used by the Transport layer. In tunnel mode, IPSec encrypts entire IP packets.
What is the maximum data transfer rate of the B channels of a BRI ISDN line?
Each B channel in a Basic Rate Interface, or BRI, Integrated Services Digital Network, ISDN, connection can provide a maximum data transfer rate of 64 Kbps. A BRI ISDN line provides a total of two bearer or B, channels, which can be combined by the bonding protocol to provide a total maximum data transfer rate of 128 Kbps.
What are the three levels of security associated with events appearing in Microsoft Windows application logs?
Error, Information, and Warning.
What does a VoIP-PSTN gateway do?
Establish the routing of VoIP calls to an existing PSTN network. Such gateways connect to the PSTN network through T1/E1/J1, ISDN, or FXO interfaces.
You need to deploy 802.1x authentication that supports client-side digital certificates for authentication with access points. Which technology should you deploy?
Extensible Authentication Protocol with Transport Layer Security, or EAP-TLS, authentication supports client-side digital certificates for authentication with access points.
What is Frame Tagging?
Frame Tagging adds a small header to the frame as it is passed between devices in order to maintain the original VLAN broadcast domain. In normal Ethernet, there is no tagging. Tagging is implemented only when trunking VLANs between devices.
What does frame-tagging do?
Frame tagging in a port-based switching network will ensure that a single VLAN can be distributed across multiple switches.
Name 2 Layer 3 redundancy mechanisms.
HSRP and CARP.
What 3 things does a firewall software solution typically provide?
HTTP proxy services, Packet filtering, and IP proxy services.
Which metric is used by the Routing Information Protocol (RIP) Version 2 protocol to determine the network path?
Hop count.
What WAN topology enables you to minimize WAN expenses by not directly connecting any two remote locations?
Hub and Spoke.
An administrator would like to integrate DNS and DHCP so that each is aware of changes in the other. Which of the following would be the best method for him to do this?
IP Address Management, or IPAM, allows integration of DNS and DHCP so that each is aware of the changes in the other
As part of monitoring network traffic, you need to determine the payload that is produced by using IPSec in tunnel mode with the AH protocol. Which of the following best describes this payload?
IPSec in tunnel mode with the Authentication Header, or AH, protocol produces an encapsulated packet that is digitally signed. AH digitally signs a packet for authentication purposes.
If your IPv6 host uses IPv6 Stateless Address Autoconfiguration, how does it install a default IPv6 route?
IPv6 hosts use router advertisement to install a default IPv6 route when the hosts use IPv6 Stateless Address Autoconfiguration. When a device that uses both IPv4 and IPv6 joins a network, it sends a router solicitation, or RS, message using ICMP to contact the local IPv6-capable router on the network.
Can VoIP phones talk to analog phones?
If one end of a call terminates on an analog endpoint, occasional audio problems are inevitable. Non-VoIP equipment cannot provide routine compression, echo cancellation, and sound quality enhancements.
In PKI, what is the entity that signs a certificate?
In Public Key Infrastructure (PKI), an issuer is the entity that signs a certificate.
Which attack method is generally considered to be the most dangerous?
In a physical penetration attack, a targeted hacker enters the premises of an organization and gains access to computer systems or plugs a laptop computer into an organization's internal network. It is typically considered the most dangerous attack.
Describe the IPSec Host-to-Gateway configuration when using a VPN.
It requires the use of IPSec for all remote clients. The remote clients use IPSec to connect to the VPN gateway. Any communication between the VPN gateway and the internet hosts on behalf of the remote clients does not use IPSec. Only the traffic over the Internet uses IPSec.
Management has requested that you document the minimum level of security for all network devices. What will this provide?
It will provide a baseline that defines the minimum level of security and performance of a system in an organization.
Which technology allows using label switching for routing frames?
Multiprotocol Label Switching, or MPLS, is a WAN technology that allows using label switching for routing frames. It uses label-switching routers and label-edge routers to forward traffic.
Which component of a computer use policy should state that the data stored on a company computer is not guaranteed to remain confidential?
No expectation of privacy.
What port does DHCP use?
UDP Port 67 and sometimes Port 68.
What is a very common protocol found on dedicated leased lines?
PPP, or Point to Point Protocol.
In TIA/EIA 568A and 568B which wiring pins contain the same colors across both specifications?
Pin 4 - Blue, Pin 5 - Blue/White, Pin 7 - Brown/White, Pin 8 - Brown
Identify the quality of service (QoS) mechanism that can set a bandwidth limit on traffic and drop packets attempting to exceed that bandwidth limit.
Policing and traffic shaping are both traffic conditioners, each of which can set a bandwidth limit on traffic. However, policing has the ability to drop excess packets, while traffic shaping delays excess traffic.
What port does SNMP use?
Port 161.
Which feature provides varying levels of network bandwidth based on the traffic type?
Quality of Service, or QoS.
Your company wants to allow remote users to access their Windows network remotely via a dial-up connection. What should you implement?
Remote Access Service (RAS) is a service provided by Windows that allows remote access to the network via a dial-up connection.
Which 3 devices can often be categorized as an encryption device, that is, a device capable of participating in an encrypted session.?
Router, Firewall, and VPN Concentrator.
What type of adapter would need to be plugged into a switch to support 10 Gbps speeds?
SFP+.
What is the order of precedence in DHCP options?
Scope options always override server options if there is a conflict. Class options always override scope and server options. To use class options, DHCP clients must be configured with a specific DHCP Class ID. Reserved client options always override client, scope, and server options.
You have been asked to implement Voice over Internet Protocol (VoIP) on your company's network. Which protocol should you use?
Session Initiation Protocol, or SIP, is the protocol used on a VoIP network. It is an Application layer protocol.
Which suppression methods are recommended for a fire in a facility that involves paper, laminates, and wooden furniture?
Soda Acid and water.
What variation of network address translation (NAT) allows you to statically configure the inside global address assigned to a specific device inside your network?
Static NAT, or SNAT, statically configures an inside global address assigned to a specific device inside your network.
What requires two types of authentication, but no more, from a user seeking admission to a network?
TFA, or Two-Factor Authentication.
You want to use the Ethernet standard that supports a data transmission rate of 1 Gbps over copper cable. Which Ethernet standard should you use on the network?
The 1000BaseCX Ethernet standard supports a data transmission rate of 1 gigabit per second over 150-ohm balanced copper cable. It supports a maximum cable segment length of only 25 meters. 1000BaseSX and 1000BaseLX use fiber cables.
You need to implement a 10GBase network that offers the longest cable run because of the distances you must cover for your company's network. Which 10GBase specification should you select?
The 10GBaseER designation allows a maximum cable run of up to 40 kilometers (25 miles) using single-mode fiber optic cable. 10GBaseLR is 25 kilometers (16 miles). 10GBaseSR is 25 meters (85 feet), 82 meters (270 feet), or 300 meters (980 feet), depending on which multi-mode cable is used. 10GBaseLX4 is 240 meters (790 feet) or 300 meters (980 feet) using either single-mode or multi-mode fiber optic cable.
A corporate e-mail service would be classified as belonging to what Layer of the OSI Model?
The Application layer.
Describe an IPv6 network with a /56 global routing prefix.
The IPv6 network with a /56 global routing prefix should impose little or no cost to obtain. It also provides 256 subnets, each with millions of nodes, and supports IPsec end-to-end.
You need to examine the appropriate OSI layer for the reliable delivery of segments without error. Which OSI layer is responsible for this?
The Transport Layer.
What is shown in a wiring schematic?
The flow of network communication and symbols to indicate equipment function. They use horizontal and vertical lines to show how the system flow functions, not the physical layout of the devices in the network.
Computer A needs the IP address of Computer B, but Computer A only knows Computer B's FQDN. What would most likely to contain this information?
The forward lookup zone is most likely to contain the IP address of Computer B. When comparing forward vs reverse zones, the forward lookup zone provides the association between devices on a domain and their corresponding IP address.
You have changed the IP address scheme for two of your company's networks. In addition, the names of two servers have changed. Which change management documentation should you revise?
The physical network diagram includes cable lengths and types, server names, IP addresses, server roles, network equipment locations, and number of network users.
Give an example of a protocol that is not capable of stopping man in the middle attacks.
The remote shell (RSH) protocol is used to log on to remote computers and can be easily exploited by a man-in-the middle (MITM) attack because it neither provides encryption nor authentication of data.
Which DNS record type includes SPF and DKIM records?
The text, or TXT, records contain human-readable text, and are designed to help with fraudulent phishing emails. The Sender Policy Framework, or SPF, record within the TXT record helps filter out emails that are spoofed to appear as if they are coming from your domain. . Domain Keys Identified Mail, or DKIM, validates that an email sent from a domain was authorized by the owner of the domain.
What is likely the cause of a Time Domain Reflectometer returning a signal too quickly?
There is likely a break in the cable that is being tested.
Of LTE, TDMA, CDMA, EDGE, and GSM, which technology is considered obsolete?
Time Division Multiple Access, TDMA, is obsolete. It is a multiplexing technique used to combine multiple signals in a single wireless cellular channel. It is a 2G cellular technology that was largely decommissioned in 2007-2009.
A company procedure calls for using the IPv4 and IPv6 loopback addresses as part of the troubleshooting process. Which of the following explanations best represents the purpose of this tool?
To provide an IP address for testing the local IP stack without a physical network connection
What 2 options are relevant to network segmentation when using switches?
VLAN's and Tagging and Untagging ports.
You need to implement a wireless network to provide users in an outdoor sitting area with Internet connections. Which signal-absorbing obstructions should be noted when performing a WLAN site survey?
Water pools, trees, and construction materials, such as steel and wood, can absorb the radio frequency signal.
Is WPA2 backwards compatible?
Wi-Fi Protected Access 2 (WPA2) completely implements the 802.11i standard. Therefore, it does not support the use of older wireless cards.
You are implementing an 802.11g wireless network in your office. What is the maximum number of wireless access points that you can implement within 30 meters of each other?
You can implement a maximum of three 802.11g wireless access points within 30 meters of each other. The 802.11g wireless access points only have three non-overlapping channels (1, 6, and 11 in the United States; 1, 6, and 13 in Europe.) Therefore, to prevent interference, you need to configure the three wireless access points with different channels.
You need to connect the VoIP network to your company's PBX. What should you implement?
You should implement a unified communication (UC) gateway to connect the VoIP network to your company's PBX.
You need to configure 2 Web servers so that they share the Web request load equally. What should you do?
You should implement an active/active cluster. This will ensure that the two Web servers share the Web request load equally. An active/active cluster is also known as a load-balancing cluster.
If you have multiple WAP's in an area that will cause their signals to overlap, what should you do to ensure that they use different channels?
You should start each wireless access point at a separate time. This will allow each access point to select a channel. Then, when the next access point is booted, it will detect the other access points' channels and use another channel besides the ones detected.
What is the best possible value for administrative distance?
Zero.