UDEMY QUESTIONS #6

(PERFORMANCE BASED QUESTIONS) The company's corporate headquarters provided your branch office a portion of their Class C subnet to use at a new office location. You must allocate the minimum number of addresses using CIDR notation in order to accommodate each department's needs. You have finished providing the minimum number of addresses using CIDR notation to each of the departments listed. Calculate the number of leftover IP addresses. What is the correct CIDR notation to use to represent the available number of leftover IP addresses?

/26 Explanation For this question, you began with a /24 network (256 total IPs, with 254 usable IPs). The Sales department needs 55 usable IPs, so you should have used a /26 (62 usable IPs, 64 total IPs). The Finance department needs 32 usable IPs, so you should have used a /26 (62 usable IPs, 64 total IPs). The IT department needs 13 usable IPs, so you should have used a /28 (14 usable IPs, 16 total IPs). The HR department needs 25 usable IPs, so you should have used a /27 (30 usable IPs, 32 total IPs). The Marketing department needs 11 usable IPs, so you should have used a /28 (14 usable IPs, 16 total IPs). So, we have already used up many of the original /24 (256 total IPs). If we take 256 - 64 - 64 - 16 - 32 - 16, we find that we have 64 IPs left (or a /26). This gives us the answer for the unused portion of the IP space for this question.

Which of the following is used to connect Cat5e or above networks in an MDF or IDF?

110 BLOCK Explanation A 110 block is a type of punch block used to terminate runs of on-premises wiring in a structured cabling system. The designation 110 is also used to describe a type of insulation displacement contact (IDC) connector used to terminate twisted pair cables, which uses a punch-down tool similar to the older 66 block. 110 blocks provide more spacing between the terminals and are designed for Cat 5 networks to eliminate crosstalk between the cables.

You are troubleshooting a recently installed NIC on a workstation and decided to ping the NIC's loopback address. Which of the following IPv4 addresses should you ping?

127.0.0.1 Explanation The loopback address is 127.0.0.1 in IPv4, and it is reserved for troubleshooting and testing. The loopback address is used to receive a test signal to the NIC and its software/drivers in order to diagnose problems. Even if the network cable is unplugged, you should be able to successfully ping your loopback address.

Your company has just installed a brand new email server, but you determined that the server is unable to send emails to another server during the initial tests. You decided to check the firewall's ACL to see if the server's outgoing email is being blocked. Which of the following ports should you ensure is open and not blocked by the firewall? ​

25 Explanation OBJ-1.1: Port 25 is the designated port for the Simple Mail Transfer Protocol. SMTP is used for outbound email, including mail relay functionality.

Your company has just installed a brand new email server, but during the initial tests you determined that the server is unable to send emails to another server. You decided to check the firewall's ACL to see if the server's outgoing email is being blocked. Which of the following ports should you ensure is open and not blocked by the firewall?

25 Explanation Port 25 is the designated port for the Simple Mail Transfer Protocol. SMTP is used for outbound email, including mail relay functionality.

What ports do SMTP and SNMP utilize?

25, 161 Explanation SMTP (Simple Mail Transfer Protocol) uses port 25. SNMP (Simple Network Management Protocol) uses port 161. If this was a question on the real exam, you would see a list of ports on one side and a list of protocols on the other, and you would drag and drop each one to match them up.

A desktop computer is connected to the network and receives an APIPA address but is unable to reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet are able to reach the Internet. What is the MOST likely source of the problem?

802.1q is configured on the switch port Explanation APIPA addresses are self-configured and are used when the client is unable to get proper IP configuration from a DHCP server. One possible source of this problem is a misconfigured switch port that the computer is connected to. The 802.1q protocol is used to configure VLAN trunking and should be configured on the trunk port, not the on switch port.

A network administrator is noticing slow response times from the server to hosts on the network. After adding several new hosts, the administrator realizes that CSMA/CD results in network slowness due to congestion at the server NIC. What should the network administrator do?

Add additional nework cards to the server Explanation Adding dual NICs to the server can increase the bandwidth at the server and minimize congestion.

A firewall technician configures a firewall in order to allow HTTP traffic as follows: Source IP Zone Dest IP Zone Port ActionAny Untrust Any DMZ 80 Allow The organization should upgrade to what technology to prevent unauthorized traffic from traversing the firewall?

Application aware firewall Explanation Application aware firewall can analyze and verify protocols all the way up to layer 7 of the OSI reference model. It has the advantage to be aware of the details at the application layer. Since we desired to allow HTTP traffic, we must deal with the traffic at the application layer. This will prevent an attacker from sending SSH traffic over port 80, for example. By using an application aware firewall, only HTTP traffic will be allowed over port 80.

A disgruntled employee executes a man-in-the-middle attack on the company network. Layer 2 traffic destined for the gateway is redirected to the employee's computer. This type of attack is an example of:

Arp cache poisoning Explanation ARP poisoning reroutes data and allows an attacker to intercept packets of data intended for another recipient. ARP attacks can be sent from any host on the local area network and the goal is to associate the host so that any traffic meant for something else will instead go directly to the attacker's PC.

When a switch has multiple paths to reach the root bridge, what state is the port with the LEAST desirable path placed by the spanning tree protocol?

Blockng Explanation Blocking is the state in the spanning tree protocol that prevents looping in the network.

Michael is a system administrator who is troubleshooting an issue with remotely accessing a new server on the local area network. He is using an LMHOST file, which contains the hostname and IP address of the new server. The server that he cannot remotely access to is located on the same LAN as another server that he can successfully remote to. What output from the command line would BEST resolve the issue?

C:/windows/system32> nbstat -R Successful purge and reload of the NBT remote cache table Explanation Since he is using a local LMHOST file, it is bypassing the DNS of the machine, and flushing the DNS will not solve the problem. In this case, purging the contents of the NetBIOS name cache and then reloads the #PRE-tagged entries from the Lmhosts file.

Dion Training has just installed a new web server and created an A record for DionTraining.com. When users try entering www.DionTraining.com, though, they get an error. You tell their network administrator that the problem is because he forgot to add the appropriate DNS record to create an alias for www to the root of the domain. Which type of DNS record should be added to fix this issue? ​

CNAME Explanation CNAME records can be used to alias one name to another. CNAME stands for Canonical Name. A common example is when you have both diontraining.com and www.diontraining.com pointing to the same application and hosted by the same server.

A technician receives a report that a user's workstation is experiencing no network connectivity. The technician investigates and notices the patch cable running from the back of the user's VoIP phone is routed directly under the rolling chair and has been repeatedly smashed. What is the likely cause of the problem?

CROSS-TALK OBJ-5.3: Cross-talk and EMI occur when signals experience interference. Since the cable has been repeatedly run over, its shielding could be damaged since the cable is no longer made up of the same consistency, and cross-talk could occur between the pairs.

A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. What is the cause of the problem?

Cable short Explanation Since the VoIP phone works in one cubicle but not another one that is very close, it is likely the new cubicle has a short in the cable running to the network jack or from the jack to the VoIP phone. The network technician should test the new cubicle's network jack to ensure there isn't an issue with the wiring.

Which of the following BEST describes the process of documenting everyone who has physical access or possession of evidence?

Chain of custody Explanation Chain of custody refers to documentation that identifies all changes in the control, handling, possession, ownership, or custody of a piece of evidence.

(PERFORMANCE BASED QUESTION) After some recent changes to the network, several users are complaining that they are unable to access the servers. You have been provided with the Internet Protocol Version 4 (IPv4) Properties for PC1, PC2, PC3, and PC4.

Change PC3's subnet mask to 255.255.255.0 Explanation PC3's IP is 192.168.3.129, but its subnet mask is 255.255.255.128. This means that the 192.168.3.0/24 network is split into two (192.168.3.0/25 and 192.168.3.128/25). The current configuration means that PC3 is not on the same subnet as its default gateway, and is causing the connectivity issue. If you change the subnet mask to 255.255.255.0, both PC3 and its default gateway will be on the same subnet and connectivity will be restored. (If you get a question like this on exam day, you will only get the network diagram at first. As you click on each PC, its settings will be shown as a popup and you will be able to change the settings using your mouse and keyboard.)

Last night, your company's system administrators conducted a server upgrade. This morning, several users are having issues accessing the company's share drive on the network. You have been asked to troubleshoot the problem. What document should you look at first to create a probable theory for the cause of the issue?

Change management documentation Explanation Since everything worked before the server upgrade and doesn't now, it would be a good idea to first look at the change management documentation that authorized the change/upgrade. This should include the specific details of what was changed and what things may have been affected by the change. This is the best place to start when determining what changed since yesterday.

The service desk has received a large number of calls this morning complaining about how slow the network is responding when trying to connect to the internet. You are currently at one of the user's workstations and conducted a ping to Google.com, but the results showed that the response time was too slow and their was too much latency in the route between the workstation and Google.com. You then attempted to ping some of the network printers and other local servers on the network. The results showed acceptable response times. What should you try to do NEXT?

Check the change control system to determine if any networking equipment was recently replaced Explanation Since the ping command showed acceptable results when testing internally, you can assume the user's cable and workstation are not the issue. Also, the scenario never mentioned an email server, so rebooting that would not solve anything. Instead, you should try to identify what has changed since yesterday. By checking what has changed through the change control system, you can identify possible issues. Generally, if everything was fine yesterday, and it doesn't work right today, you should ask yourself, "what changed?"

You have just moved into a new condo in a large building. Your wireless network is acting strangely so you are worried that it may be due to interference from the numerous other wireless networks in the building since each apartment has its own wireless access point. You want to determine what wireless signals are within the walls of your apartment and their relative strength. What technique should you utilize to determine whether the nearby wireless networks are causing interference with your own Wifi network?

Conduct a site survey within your apartment Explanation If you suspect interference within your apartment or other personal spaces, you should conduct a site survey to identify what wireless signals are emanating into your apartment and how strong their signals are. This will allow you to choose the least used frequency/channel to increase your own signal strength and reduce the interference to your own wireless network.

A client reports that half of the marketing department is unable to access network resources. The technician determines that the switch has failed and needs replacement. What would be the MOST helpful in regaining connectivity? ​

Configuration backup Explanation If you have a configuration backup of the switch, a new piece of hardware (new switch) can be installed quickly and the configuration can be restored to the new switch.

A network technician is selecting the best way to protect a branch office from as many different threats from the Internet as possible using a single device. Which of the following should meet these requirements?

Configure a firewall with UTM Explanation Since this is a branch office and you want to protect yourself from as many threats as possible, using a Unified Threat Management firewall would be best. It will protect you from the most things using a single device. A network-based firewall protects everything on the other side of the Internet (your network). Host-based firewalls are great too but the network-based firewall is configured once to protect all devices.

A network technician is diligent about maintaining all system servers at the most current service pack level available. After performing upgrades, users experience issues with server-based applications. Which of the following should be used to prevent issues in the future?

Configure a test lab for updates Explanation To prevent the service pack issues, make sure to validate them in a test/lab environment first before going ahead and applying a new Service Pack in your production environment. While using an automated patching server is a good idea, no patches should be deployed prior to being tested in a lab first.

A common technique used by malicious individuals to perform a man-in-the-middle attack on a wireless network is:

Crating an evil twin Explanation Evil Twin access points are the most common way to perform a man-in-the-middle attack on a wireless network.

A technician receives a report that a user's workstation is experiencing no network connectivity. The technician investigates and notices the patch cable running from the back of the user's VoIP phone is routed directly under the rolling chair and has been repeatedly smashed. What is the likely cause of the problem?

Cross talk Explanation Cross-talk and EMI occur when signals experience interference. Since the cable has been repeatedly run over, its shielding could be damaged since the cable is no longer made up of the same consistency and cross-talk could occur between the pairs.

You have been asked to connect a laptop directly to a router to gain access to the internet. Unfortunately, this router is old and doesn't support MDIX on its ports. What type of cable should you use to connect the computer to the router?

Crossover

You have been asked to connect a laptop directly to a router in order to gain access to the internet. Unfortunately, this router is old and doesn't support MDIX on its ports. What type of cable should you use to connect the computer to the router? ​

Crossover Explanation Since you are connecting two DTE (Data Terminating Equipment) devices and the router doesn't support MDIX, you will need a crossover cable to allow the computer and router to communicate. If you instead connected a switch (Data Communication Equipment) in between these two devices, then you could use a patch or straight-through cable instead.

PERFORMANCE BASED QUESTION What type of cable would you use to connect a computer to a computer?

Crossover Explanation When you connect two computers together directly without a hub or switch between them, you must use a crossover cable to switch the transmit and receive pins. If this was a real question on the exam, you would have the words provided in a list, and you would drag them below the appropriate drawing.

Johnny is trying to download a file from a remote FTP server, but keeps receiving an error that a connection cannot be opened. Which of the following should you do FIRST to resolve the problem?

Ensure that port 20 is open Explanation Executing an FTP port connection through a client is a two-stage process requiring the use of two different ports. Once the user enters the name of the server and the login credentials in the authorization fields of the FTP client, the FTP connection is attempted over port 20. For FTP to function properly, you should have both ports 20 and 21 open.

Which attack utilizes a wireless access point which has been made to look as if it belongs to the network in order to eavesdrop on the wireless traffic?

Evil twin Explanation An Evil Twin is meant to mimic a legitimate hotspot provided by a nearby business, such as a coffee shop that provides free Wi-Fi access to its patrons.

What network device uses ACLs to prevent unauthorized access into company systems?

Firewall Explanation A firewall is a network security device which is designed to prevent systems or traffic from unauthorized access. An ACL is a list that shows which traffic or devices should be allowed into or denied from accessing the network.

Which protocol is used to encapsulate other network layer protocols such as multicast and IPX over WAN connections? ​

GRE Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks.

During a business trip, Bobby connects to the wireless network at the hotel to send emails to some of his clients. The next day, Bobby notices that additional emails have been sent out from his account without consent. Which of the following protocols was MOST likely used to compromise the Bobby's email password utilizing a network sniffer?

HTTP Explanation HTTP is an unsecured protocol and information is passed without encryption. If the user signed into their webmail over HTTP instead of HTTPS, a network sniffer could compromise the username and password. Additionally, if the user was using an email client, then the SMTP connection could have been

Which network device operates at Layer 1?

HUB Explanation A hub is a layer 1 device and operates at the physical layer. Cables, hubs, repeaters, and wireless access points are all examples of layer 1, or physical layer, devices.

Dion Training Solutions is launching their brand new website. The website needs to be continually accessible to our students and reachable 24x7. Which networking concept would BEST ensure that the website remains up at all times?

High availability Explanation High availability is a concept that uses redundant technologies and processes to ensure that a system is up and accessible to the end users at all times. Snapshots, warm sites, and cold sites may be useful for recovering from a disaster-type event, but they will not ensure high availability.

A client is concerned about a hacker compromising a network to gain access to confidential research data. What could be implemented to redirect any attackers on the network?

Honeypot OBJ-4.6: A honeypot is a computer security mechanism set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data that appears to be a legitimate part of the site but is actually isolated and monitored and seems to contain information or a resource of value to attackers, who are then blocked.

A client is concerned about a hacker compromising a network in order to gain access to confidential research data. What could be implemented to redirect any attackers on the network?

Honeypot Explanation A honeypot is a computer security mechanism set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data that appears to be a legitimate part of the site, but is actually isolated and monitored, and seems to contain information or a resource of value to attackers, who are then blocked.

A network technician just finished configuring a new interface on a router, but the client workstations are not receiving the addressing information from the new interface. Which of the following should be added or changed to allow the workstations to connect to the new interface?

IP helper Explanation DHCP IP Helper addresses enable a single DHCP server to provide DHCP IP addresses to every PC on the network, regardless of whether they are on the same broadcast domain as the DHCP server or not. DHCP IP Helper addresses are IP addresses configured on a routed interface such as a VLAN Interface or a routers Ethernet interface that allows that specific device to act as a "middle man" which forwards BOOTP (Broadcast) DHCP request it receives on an interface to the DHCP server specified by the IP Helper address via unicast. By adding an IP Helper address to the new interface on the router, it will allow the DHCP broadcast requests to be forwarded to the workstations.

A network technician just finished configuring a new interface on a router, but the client workstations do not receive the addressing information from the new interface. Which of the following should be added or changed to allow the workstations to connect to the new interface?

IP helper Explanation OBJ-1.8: DHCP IP Helper addresses enable a single DHCP server to provide DHCP IP addresses to every PC on the network, regardless of whether they are on the same broadcast domain as the DHCP server or not. DHCP IP Helper addresses are IP addresses configured on a routed interface such as a VLAN Interface or a routers Ethernet interface that allows that specific device to act as a "middle man" which forwards BOOTP (Broadcast) DHCP request it receives on an interface to the DHCP server specified by the IP Helper address via unicast. Adding an IP Helper address to the new interface on the router will allow the DHCP broadcast requests to be forwarded to the workstations.

An administrator is told they need to set up a space in the breakroom where employees can relax. So, the administrator sets up several televisions with interconnected video game systems in the breakroom. What type of network did the administrator setup?

LAN Explanation Since this gaming network is within one room, it is considered a LAN. All the other answers require a larger geographical area.

The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following devices would BEST handle the rerouting caused by the disruption of service?

Layer 3 switch Explanation A layer 3 switch is the best option because in addition to its capability of broadcast traffic reduction, it provides fault isolation and simplified security management. This is achieved through the use of IP address information to make routing decisions when managing traffic between LANs.

You want to install a perimeter device on the network that will help ensure FTP commands are not being sent out over port 25. Which of the following devices would allow for deep packet inspection to catch this type of activity?

Layer 7 firewall Explanation Layer 7 firewalls are application-filtering firewalls. FTP traffic does not usually travel over port 25, and should travel over port 21. By using a Layer 7 firewall, the device can perform a deep packet inspection (DPI) to identify which application or protocol is actually being used to send traffic over a given port.

After an employee connected one of the switch ports on a SOHO router to the wall jack in the office, other employees in the building started losing network connectivity. Which of the following could be implemented on the company's switch to prevent this type of loss of connection?

Loop prevention Explanation It appears the connection of the SOHO router to the company network has caused a loop in the network, causing the loss of connectivity to other users. If the company network implements a loop prevention mechanism, such as Spanning Tree Protocol (STP), this will prevent a loop from occurring.

When troubleshooting a T1 connection, the service provider's technical support representative instructs a network technician to place a special device into the CSU/DSU. Using this device, the provider is able to verify that communications are reaching the CSU/DSU. What was used by the network technician?

Loopback plug Explanation A loopback plug, also known as a loopback adaptor or a loopback cable, is a device used to test ports (such as serial, parallel, USB, and network ports) to identify network and network interface card (NIC) issues. Loopback plug equipment facilitates the testing of simple networking issues and is available at very low costs.

A software company is meeting with a car manufacturer to finalize discussions. In the signed document, the software company will provide the latest versions of its mapping application suite for the car manufacturer's next generation of cars. In return, the car manufacturer will provide three specific vehicle analytics to the software company to enhance the software company's mapping application suite. The software company can offer its enhanced mapping application to other car manufacturer but must pay the car manufacturer a royalty. Which of the following BEST describes the document used in this scenario?

MOU Explanation MOU is a memorandum of understanding. This is the most accurate description based on the choices given.

You have been asked to troubleshoot a router which uses label-switching and label-edge routers to forward traffic. Which of the following types of protocols should you be familiar with in order to troubleshoot this device?

MPLS Explanation Multi-protocol label switching (MPLS) is a mechanism used within computer network infrastructures to speed up the time it takes a data packet to flow from one node to another. The label-based switching mechanism enables the network packets to flow on any protocol.

A user is receiving certificate errors in other languages in their web browser when trying to access the company's main intranet site. Which of the following is the MOST likely cause of the issue?

Man-in- the middle Explanation A man-in-the-middle attack is a general term for when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is occurring.

Which of the following communication technologies are used by video conferencing systems to synchronize video streams and reduce bandwidth sent from a central location to subscribed devices?

Multicast

Which of the following communication technologies are used by video conferencing systems to synchronize video streams and reduce bandwidth being sent by a central location to subscribed devices?

Multicast Explanation Multicasting is a technique used for a one-to-many communication over an IP network. In this example, the central location sends a signal to subscribed devices. It reduces bandwidth as the source only has to send the signal once, which is then received by multiple hosts simultaneously. Multicast is supported by both IPv4 and IPv6.

Which storage network technology utilizes file-level storage to function properly?

NAS Explanation A NAS uses file-level storage, while the others all use block-level storage. Block-level storage is a type of storage commonly deployed by larger businesses and enterprises in storage area networks (SANs) and similar large-scale storage systems. Each block in a block-level storage system can be controlled as an individual hard drive, and the blocks are managed by a server operating system. Block-level storage protocols like iSCSI, Fibre Channel and FCoE (Fibre Channel over Ethernet) are utilized to make the storage blocks visible and accessible by the server-based operating system.

You work for a small company that wants to add a share drive to their network. They are looking for a simple solution that will easily integrate into the existing network, will be easy to configure, and can share files with all the network clients over TCP/IP. Which of the following is the BEST recommended storage solution for this network?

NAS Explanation A network-attached storage (NAS) device is a self-contained computer that connects to a home or business network and can share files over TCP/IP. It is a rapidly growing choice for data storage and can provide data access to numerous users on a network. A NAS consists of hard disk for storage of files and usually utilizes a RAID system for redundancy and/or performance.

While monitoring the network, you notice that the network traffic to one of the servers is extremely high. Which of the following should you utilize to verify if this is a concern?

Network baseline Explanation High network traffic can be a sign of a possible attack conducted either by an insider or someone out of the network to steal relevant information. By reviewing the network baseline, you can determine if the traffic is actually high and if any configurations of the network are out of baseline causing the issue. By knowing what "normal" looks like, you can then more easily identify the abnormal.

It has been determined by network operations that there is a severe bottleneck on the company's mesh topology network. The field technician has chosen to use log management and found that one router is making routing decisions slower than the others on the network. What is this an example of? ​

Network device CPU issues Explanation Routing decisions must be processed by the router, which relies on the networking device's CPU.

Which of the following concepts is the MOST important for a company's long-term health in the event of a disaster?

Offsite backups Explanation In case of a disaster, you must protect your data. Some of the most common strategies for data protection include backups made to tape and sent off site at regular intervals. All of the other options are good, too, but the MOST important is a good backup copy of your company's data.

Which of the following is a DNS record type?

PTR Explanation There are several types of DNS records, including A, AAAA, CNAME, PTR, SVR, and TXT. PTR records are used for the Reverse DNS (Domain Name System) lookup. Using the IP address you can get the associated domain/hostname. An A record should exist for every PTR record.

A network administrator is following the best practices to implement firewalls, patch management, and policies on his network. Which of the following should be performed to verify that the security controls are in place?

Penetration testing Explanation Penetration testing (also called pen testing) is the practice of testing a computer system, network, or web application in order to find vulnerabilities that an attacker could exploit. It can be used to ensure all security controls are properly configured and in place.

A network technician needs to set up two public-facing web servers and wants to ensure that if they are compromised, the intruder cannot access the company's intranet. Which of the following methods should the technician use? ​

Place them in the demilitarized zone Explanation A demilitarized zone (DMZ) is a sub-network inside a network and acts as a semi-trusted zone. It is used for servers that need to be public-facing, such as web, mail, FTP, and VoIP servers. The DMZ is treated as an untrusted zone by both the internet (public) and the intranet (private) zones.

During a recent penetration test, it was discovered that your company's wireless network can be reached from the parking lot. The Chief Security Officer has submitted a change request to your network engineering team to solve this issue because he wants to ensure that the wireless network is only accessible from within the building. Based on these requirements, which of the following settings should be changed to ensure the wireless signal doesn't extend beyond the interior of your building while maintaining a high level of availability to your users?

Power level Explanation The power level should be reduced for the radio transmitted in the wireless access points. With a reduced power level, the signal will not travel as far and this can ensure the signal remains within the interior of the building only. The other options, if changed, would affect the availability of the network to the currently configured users and their devices.

Andy is a network technician who is preparing to configure a company's network. He has installed a firewall to allow for an internal DMZ and an external network. No hosts on the internal network should be directly accessible by their IP address from the Internet, but they should be able to reach remote networks if they have been assigned an IP address within the network. Which of the following IP addressing solutions would work for this particular network configuration?

Private Explanation A private IP address is an IP address that's reserved for internal use behind a router or other Network Address Translation (NAT) devices, apart from the public. Private IP addresses provide an entirely separate set of addresses that still allow access on a network but without taking up a public IP address space.

What is the BEST way to secure the most vulnerable attack vector for a network?

Provide end user awareness training for office staff Explanation Users are our most vulnerable attack vector, proper training can help reduce the risk.

A technician wants to implement a network for testing remote devices before allowing them to connect to the corporate network. What could the technician implement to meet this requirement?

Quarantine Explanation Quarantine is where devices that do not meet the standards for the regular network can be placed. In this area, they can be checked before connecting to the main network.

A company is setting up a brand new server room and would like to keep the cabling infrastructure out of sight but still accessible to the network administrators. Infrastructure cost is not an issue. Which of the following should be installed to meet the requirements?

Raised floor Explanation Raised floors allow the cabling to be placed under the floor, but still accessible to the network administrators.

Your company just moved into a beautiful new building. The building has been built with large glass windows that cover most of the walls and ceiling to provide natural light to be visible throughout the offices. You have noticed that your cell phone gets really poor cellular connectivity when inside the building. What is the MOST likely cause of the poor cellular service within the building?

Reflection Explanation A cellular signal is comprised of radio waves. Just like light, radio waves can bounce off of certain surfaces and materials. Metal and glass are considered highly reflective materials which can cause poor cellular service and connectivity within office buildings that use intricately designed glass walls and ceilings. If a large amount of reflection occurs, signals can be weakened and also cause interference at the receiver's device.

A technician is troubleshooting a desktop connectivity issue. The technician believes a static ARP may be causing the problem. What should the technician do NEXT according to the network troubleshooting methodology?

Remove the ARP entry on the user's desktop Explanation Based on the troubleshooting methodology, once you have come up with a probable cause (the static ARP entry), you should try to test your hypothesis. Since this issue has already cause the workstation to not be able to communicate, the best way to test your theory would be to remove the static ARP entry and see if the issue is resolved. If this doesn't fix the issue, you would need to then come up with a new hypothesis, and test it as well.

You are trying to select the BEST network topology for a new network based on the following requirements. The design must include redundancy using a minimum of two cables to create the network. The network should not be prone to congestion, therefore each device must wait for its turn to communicate on the network by passing around a token. Which of the following topologies would BEST meet the client's requirements?

Ring Explanation A ring topology is a local area network (LAN) in which the nodes (workstations or other devices) are connected in a closed loop configuration. Ring topologies aren't used heavily in local area networks anymore, but they are still commonly found in wide area network connections as a FDDI ring. A FDDI ring is a Fiber Distributed Data Interface ring, which allows for a network that can communicate up to 120 miles in range, uses a ring-based token network as its basis, and uses two counter-rotating token ring topologies to comprise the single network. This provides redundancy for the network because if one cable is broken or fails, the other can maintain the network operations. The token is used to control which device can communicate on the network, preventing any congestion or collisions.

Today, your company's network started to experience network connectivity issues for various workstations around the company. As you begin troubleshooting, you identify that all the workstations receive their connectivity from a single switch on the 3rd floor of the office building. You start searching the 3rd floor for the cause of this issue and find a small wired router plugged into a network jack in the sales manager's office. From this small wired router, he has connected his workstation and a small Smart TV to watch Netflix while working. You question the sales manager about when he brought in the new router. He states that he just hooked it up this morning. What type of issue did the sales manager accidentally introduced into the network by installing the router?

Rogue DHCP server OBJ-5.5: Routers usually contain their own DHCP servers. When the sales manager installed the wired router, he inadvertently introduced a secondary DHCP server into the network. This could cause the same IP addresses to be assigned to two different workstations, resulting in connectivity issues for those workstations. Had the sales manager installed a simple hub or switch, this would not have caused any issues. Because this is a wired router, it cannot be an evil twin since evil twins are wireless access points. We have no indications of a VLAN mismatch since this would only affect the workstations connected to this router. Similarly, we have no indications of a network loop, so this network might already be implementing good practices by utilizing an STP to prevent them.

Today, your company's network started to experience network connectivity issues for various workstations around the company. As you begin troubleshooting, you identify that all the workstations receive their connectivity from a single switch on the 3rd floor of the office building. You start searching the 3rd floor for the cause of this issue and find a small wired router plugged into a network jack in the office of the Sales manager. From this small wired router, he has connected his workstation and a small Smart TV so he can watch Netflix while working. You ask the sales manager when he brought in the new router and he says he just hooked it up this morning. What type of issue did the sales manager accidentally introduced into the network by installing the router?

Rogue DHCP server Explanation Routers usually contain their own DHCP servers. When the sales manager installed the wired router, he inadvertently introduced a secondary DHCP server into the network. This could cause the same IP addresses to be assigned to two different workstations, resulting in connectivity issues for those workstations. Had the sales manager installed a simple hub or switch, this would not have caused any issues. Because this is a wired router, it cannot be an evil twin since evil twins are wireless access points. Also, we have no indication of a VLAN mismatch, since this would only affect the workstations connected to this router. Similarly, we have no indication of a network loop, so this network might already be implementing good practices by utilizing a STP to prevent them.

A small office has an Internet connection that drops out at least two times per week. It often takes until the next day for the service provider to come out and fix the issue. What should you create with the service provider to reduce this downtime in the future?

SLA Explanation A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end user that defines the level of service expected from the service provider. SLAs are output-based that their purpose is specifically to define what the customer will receive. If the customer requires faster response times, it should be in the SLA.

A network administrator has determined that the ingress and egress traffic of a router's interface are not correctly reported to the monitoring server. Which of the following can be used to determine if the router interface uses 64b vs. 32b counters?

SNMP WALK OBJ-3.3: SNMP Walk can be used to determine if the counter is using 32 bits or 64 bits by querying the OID of the endpoint (router interface). This is a complex topic beyond the scope of the Network+ exam (how to use the SNMP Walk tool) and usually serves as a type of in-depth question that CompTIA might ask to determine if a candidate has actual real-world experience in networking or just studied from a textbook. Some instructors like to claim that CompTIA uses these types of questions to determine if someone is cheating because only people who studied from a "brain dump" are likely to get this question correct! This type of question reminds you that it is ok not to know all the answers on test day. Just take your best guess, and then move on!

A network administrator has determined that the ingress and egress traffic of a router's interface are not being correctly reported to the monitoring server. Which of the following can be used to determine if the router interface uses 64b vs 32b counters?

SNMP walk ​ Port Scanner Explanation SNMPWalk can be used to determine if the counter is using 32 bits or 64 bits by querying the OID of the endpoint (router interface). This is a complex topic that is actually beyond the scope of the Network+ exam (how to use SNMPWalk), and usually serves as a type of in-depth question that CompTIA might ask to determine if a candidate has actual real-world experience in networking or just studied from a textbook. Some instructors like to claim that CompTIA uses these types of questions to determine if someone is cheating, because only people who studied from a "brain dump" are likely to get this question correct! The reason you are seeing this type of question is to remind you that it is ok if you don't know all the answers on test day. Just take your best guess, and then move on!

PERFORMANCE BASED QUESTION Which of the following is the correct order of the following Fiber Connectors shown?

ST, SC, LC (single), LC (duplex), FC Explanation The correct order of the Fiber connections shown is ST, SC, LC (single), LC (duplex), and FC. If this was a real question on the exam, you would have the words provided in a list, and you would drag them below the appropriate fiber connector's drawing.

Dion Training Solutions wants to migrate their email server from an on-premise solution to a vendor-hosted web-based solution like G Suite or Gmail. Which of the following types of cloud models best describes this proposed solution?

Saas Explanation Software as a Service (SaaS) uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the client's side. Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins. The G Suite and Gmail solutions for business are a good example of a SaaS solution.

You are working as a forensic investigator for the police. The police have a search warrant to capture a suspect's workstation as evidence for an ongoing criminal investigation. As you enter the room with the policeman, he arrests the suspect and handcuffs him. What should you do FIRST? ​

Secure the area Explanation As a forensic investigator, you should always 'secure the area' before you take any other actions. This includes ensuring that no other people are in the area to disrupt your forensic collection (such as the suspect or their accomplices), ensuring the workstation isn't unplugged from the network or the power, and other actions to prevent the evidence from being tampered with.

You are performing a high-availability test of a system. As part of the test, you create an interruption on the fiber connection to the network, but the network traffic was not re-routed automatically. Which type of routing is the system utilizing?

Static Explanation Static routes must be configured and re-routed manually during an issue. Dynamic and Hybrid would reroute automatically during a network interruption.

There are two switches connected using both a Cat 6 cable and a Cat 5e cable. Which type of problem might occur with this setup?

Switching loop

There are two switches connected using both a CAT6 cable and a CAT5e cable. Which type of problem might occur with this setup?

Switching loop Explanation A switching loop is when there is more than one Layer 2 path between two endpoints. This can be prevented by using the STP (Spanning Tree Protocol).

Company policies require that all network infrastructure devices send system level information to a centralized server. Which of the following should be implemented to ensure the network administrator can review device error information from one central location?

Syslog server Explanation Syslog is a protocol designed to send log entries generated by a device or process called a facility across an IP network to a message collector, called a syslog server. A syslog message consists of an error code and the severity of the error. A syslog server would enable the network administrator to view device error information from a central location.

You typed IPCONFIG at the command prompt and find out your IP is 192.168.1.24. You then go to Google.com and search for "what is my IP", and it returns a value of 35.25.52.11. How do you explain the different values for the IP addresses? ​

This occurs because your network uses a private IP address internal but a public IP address over the internet Explanation Your computer network is using a private IP address for machines within the network and assigns a public IP address for traffic being routed over the network. Most small office home office (SOHO) networks utilize a single public IP for all of their devices and use a technique known as NAT to associate the public IP with each internal client's private IP when needed.

Which type of antenna broadcasts an RF signal in a specific direction with a narrow path?

Unidirectional Explanation Unidirectional is one direction. It focuses the broadcasting from the antenna in a single direction instead of all directions, focusing the transmission and making the signal stronger. A specific type of unidirectional antenna is known as a Yagi antenna, and this may be a term you may also see used on the Network+ certification exam.

Which of the following is the BEST way to prevent different types of security threats from occurring within your network on a regular basis?

User trainng and awareness Explanation Users are the biggest vulnerability on your network. Therefore, increasing user training can decrease the number of security threats that are realized on your networks. According to industry best practices, you should conduct end user security awareness training at least annually (if not more frequently).

Users are reporting extreme slowness across the network every Friday. What should the network technician review first to narrow down the root cause of the problem?

Utilization Explanation Reviewing the network utilization can help the technician identify why the slowness is being experienced every Friday, such as users placing additional load on the network by streaming videos or something similar.

A technician has been troubleshooting a network problem, has determined the most likely cause of the issue, and implemented a solution. What is the NEXT step to be taken?

Verify system functionality Explanation Verifying system functionality occurs directly after the implementation of a solution. It is to ensure that your plan of action and your theory did in fact fix the problem. Documenting findings is the final step taken AFTER verifying the system.

Various hypervisor guests are configured to use different VLANs in the same virtualization environment through what device? ​

Virtual Switch Explanation Virtual switches can act like real switches, but are configured in the Hyper-V environment.

A client reports that half of the marketing department is unable to access network resources. The technician determines that the switch has failed and needs replacement. What would be the MOST helpful in regaining connectivity?

configuration backup OBJ-5.5: If you have a configuration backup of the switch, a new piece of hardware (new switch) can be installed quickly and the configuration can be restored to the new switch.

After upgrading a fiber link from 1Gbps, a network technician ran a speed test of the link. The test shows the link is not operating at full speed and connectivity is intermittent. The two buildings are 1.476ft (450m) apart and are connected using CM4 fiber and 10G SR SFPs. The fiber runs through the electrical and boiler rooms of each building. Which of the following is the MOST likely the cause of the connectivity issues?

the wrong SFPs are being used Explanation The process of elimination allows us to drop out interference from the electrical room and heat from the boiler room as the heat definitely doesn't cause connectivity issues. There's not much information on the CM1 fiber, however, SFPs will work but will not work in a GBIC port intended for SFP+.