4/18/22, 4:08 PM N10-007 Exam Simulation QBank Quiz April 18, 2022 Question #1 of 200 Test ID: 205855659 Question ID: 1289200 Which attack involves the use of multiple computers with the purpose of denying legitimate access to a critical server? A) land attack B) distributed denial-of-service (DDoS) attack C) denial-of-service (DoS) attack D) Ping of Death attack Explanation Distributed denial-of-service (DDoS) attacks are an extension of the denial-of-service (DoS) attack. In DDoS, the attacker uses multiple computers to target a critical server and deny access to the legitimate users. The primary components of a DDoS attack are the client, the masters or handlers, the slaves, and the target system. The initial phase of the DDoS attack involves using numerous computers referred to as slaves and planting backdoors in the slaves that are controlled by master controllers. Handlers are the systems that instruct the slaves to launch an attack against a target host. Slaves are typically systems that have been compromised through backdoors, such as Trojans, and are not aware of their participation in the attack. Masters or handlers are systems on which the attacker has been able to gain administrative access. The primary problem with DDoS is that it addresses the issues related to the availability of critical resources instead of confidentiality and integrity issues. Therefore, it is difficult to detect DDoS attacks by using security technologies such as SSL and PKI. To detect the use of zombies in a DDoS attack, you should examine the firewall logs. Both zombies and botnets can be used in a DDoS attack. Launching a traditional DoS attack might not disrupt a critical server operation. Launching a DDoS attack can bring down the critical server because the server is being overwhelmed by processing multiple requests until it ceases to be functional. Trinoo and tribal flow network (TFN) are examples of DDoS tools. A land attack involves sending a spoofed TCP SYN packet with the target host's IP address and an open port as both the source and the destination to the target host on an open port. The land attack causes the system to either freeze or crash because the computer continuously replies to itself. A Ping of Death is another type of DoS attack that involves flooding target computers with oversized packets, exceeding the acceptable size during the process of reassembly, and causing the target computer to either freeze or crash. Other denial-ofservice attacks, referred to as smurf and fraggle, deny access to legitimate users by causing a system to either freeze or crash. A denial-of-service (DoS) attack is an attack on a computer system or network that causes loss of service to users. The DoS attack floods the target system with unwanted requests. It causes the loss of network connectivity and services by consuming the bandwidth of the target network or overloading the computational resources of the target system. The primary difference between DoS and DDoS is that in DoS, a particular port or service is targeted by a single system and in DDoS, the same process is accomplished by multiple computers. There are other types of denial-of-service attacks such as buffer overflows, where a process attempts to store more data in a buffer than amount of memory allocated for it, causing the system to freeze or crash. For the Network+ exam, you need to understand the following about DoS attacks: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 1/212 4/18/22, 4:08 PM N10-007 Exam Simulation Distributed DoS - carried out using multiple computers that are referred to as botnets. This attack will cause a traffic spike and is a coordinated attack so that all the botnets participate in the attack. Reflective/amplified - uses potentially legitimate third-party component to send the attack traffic to a victim, hiding the attackers' identity. The attackers send packets to the reflector servers with a source IP address set to their victim's IP, indirectly overwhelming the victim with the response packets. Domain Name System (DNS) and Network Time Protocol (NTP) servers are particularly susceptible to this attack. Smurfing - a DDoS attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address. The target of the attack is flooded with packets, causing performance to decline. Friendly/unintentional DoS - a DoS attack that is carried out by devices that have legitimate access to the attacked server. This can occur as part of a DDoS where the legitimate device is a botnet. It could also occur when a user inadvertently causes a DoS attack due to initializing multiple requests that hang up the server. Physical attack - an attack where an attacker attacks a device in such a way as to permanently put it out of commission. Also referred to as permanent DoS, this attack may involve affecting the firmware or infecting the device with malware. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #2 of 200 Question ID: 1123529 You are implementing several switches on your network. The network contains client computers that run both Internet Protocol (IP) and Internetwork Packet Exchange (IPX). To increase network efficiency, you need to configure the switches so that the two different types of traffic are isolated. Which type of virtual local area network (VLAN) should you implement? A) protocol-based VLAN B) subnet-based VLAN C) frame-tagging VLAN D) port-based VLAN Explanation You should implement a protocol-based VLAN. This will allow you to isolate the IP and IPX traffic. With protocol-based VLANs, each VLAN is configured to support a single protocol. A port-based VLAN is not used to isolate IP and IPX traffic. With this type of VLAN, each port on the switch is assigned to a VLAN. Devices attached to that port automatically becomes members of that VLAN. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 2/212 4/18/22, 4:08 PM N10-007 Exam Simulation A subnet-based VLAN is not used to isolate IP and IPX traffic. With this type of VLAN, each subnet on your network is assigned to a VLAN. Devices are part of a subnet based on the subnet to which the device's IP address belongs. A frame-tagging VLAN is not used to isolate IP and IPX traffic. A frame-tagging VLAN is a type of port-based VLAN that uses frame tagging to allow VLANs to be spread across multiple switches. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Overview of VLANs (Virtual LANs), https://www.alliedtelesis.com/sites/default/files/overview_vlans.pdf CompTIA Network+ N10-007 Cert Guide, Chapter 4 Ethernet Technology, Ethernet Switch Features Question #3 of 200 Question ID: 1123354 You are working to convert a 10BaseT network to a 1000BaseT network. This conversion includes replacing all cabling, network devices, and network interface cards (NICs). Next year, you also have a planned building renovation where departments will be relocated to different areas within the building. However, that renovation should involve minimal network hardware changes. When you start the conversion, you have a hard time determining where each wall plate terminates at the patch panels. You decide to follow better design procedures to make future upgrades or troubleshooting easier and also to ensure that next year's move goes more smoothly. However, your solutions should minimally impact the current network structure. Which best practices should you implement during the conversion? (Choose two.) A) Implement patch panel labeling. B) Create a logical network diagram. C) Implement an SLA. D) Create a physical network diagram. E) Implement port labeling. F) Implement device naming conventions. Explanation You should implement port labeling and patch panel labeling. This will ensure that you are able to locate individual cables at both ends of their connection. For example, the wall port where the computer is connected to the network might be labeled as Port24. Where the cable then plugs into the patch panel or other network device, you should also label that port with the same number. This will ensure that you can easily locate both ends of the connection. It is not necessary to create a logical or physical network diagram. Although diagrams can help with troubleshooting, these are not the best options in this scenario because your company plans to do a renovation next year. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 3/212 4/18/22, 4:08 PM N10-007 Exam Simulation You should not implement device naming conventions because you want your solutions to minimally impact the current network structure. While device naming conventions should be adopted, it would require quite a bit of administrative effort to change the names of the current devices. Clients could also experience connection problems because of the new naming convention. You should not implement a service level agreement (SLA). An SLA provides details on the levels of service that will be provided to an organization or department. For the Network+ exam, you need to understand the following labeling needs: port labeling, system labeling, circuit labeling, naming conventions, and patch panel labeling. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: TIA labeling standard marked for changes, http://www.cablinginstall.com/articles/print/volume-16/issue-3/features/installation/tialabeling-standard-marked-for-changes.html What's Your Port/Patch Panel Labeling Method?, http://community.spiceworks.com/topic/471563-what-s-your-port-patch-panellabeling-method Question #4 of 200 Question ID: 1289221 Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered. What should you do last as part of the incident response? A) investigation B) analysis C) triage D) post-mortem review Explanation A post-mortem review should be completed last as part of the incident response. The post-mortem review should be performed within the first week of completing the investigation of the intrusion. Triage is part of the first step in an incident response. During this step, the incident response team examines the incident to see what was affected and sets priorities. Investigation takes place after the triage. It involved the collection of relevant data. After the investigation stage, the incident response team is responsible for the containment stage. After the incident is contained, the next stage is analysis, where the root cause of the incident is discovered. The troubleshooting order according to the CompTIA Network+ blueprint is as follows: 1. Identify the problem. Gather information. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 4/212 4/18/22, 4:08 PM N10-007 Exam Simulation Duplicate the problem, if possible. Question users. Identify symptoms. Determine if anything has changed. Approach multiple problems individually. 1. Establish a theory of probable cause. Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model Divide and conquer 1. Test the theory to determine cause. Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, re-establish new theory or escalate. 1. Establish a plan of action to resolve the problem and identify potential effects, 2. Implement the solution or escalate as necessary, 3. Verify full system functionality and if applicable implement preventive measures. 4. Document findings, actions, and outcomes. Objective: Network Troubleshooting and Tools Sub-Objective: Explain the network troubleshooting methodology. References: CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1) Question #5 of 200 Question ID: 1123458 Which two guidelines are the best to implement for passwords according to CompTIA guidelines? (Choose two.) A) Ensure that passwords are only constructed of only alphanumeric characters. B) Configure passwords to change periodically. C) Ensure that passwords change rarely or never change. D) Ensure that passwords are at least 15 characters in length. E) Create passwords that contain at least one symbol. Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 5/212 4/18/22, 4:08 PM N10-007 Exam Simulation Of the choices presented, you should configure passwords to change periodically and create passwords that contain at least one symbol in order to create the strongest passwords. Depending on the security level required, passwords might change once every three months, once per month or once per week. In some very high security situations, such as military and intelligence agencies, passwords are commonly configured to change as often as twice per day. Configuring passwords to change periodically can significantly increase the strength of password security on a network. Passwords should also include alphanumeric characters and at least one symbol, such as the dollar sign ($) character. Passwords should usually be between eight and ten characters in length. A minimum password length of greater than ten characters will force users to create passwords that are too long to be easily remembered. If a user's password is too long, then the user might record the password and place it where it can be easily found, which can cause a security risk. Passwords are often victims of brute force or dictionary attacks where attackers attempt to guess passwords. Using complex passwords help prevent these attacks. Organizations should also implement account lockout policies to lock accounts after a certain number of invalid login attempts. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: Password Selection and Security Guidelines, http://www.thebitmill.com/articles/password_tips.html Question #6 of 200 Question ID: 1123602 A user named Luther reports that he cannot log on to the network from his workstation. You attempt to use your administrator credentials to log on to the network from Luther's computer, but you cannot. Both you and Luther can log on to the network from your workstation. Your workstation and Luther's workstation are connected to the same hub. What is most likely causing the connectivity problem on Luther's workstation? A) Luther is typing an incorrect user name when he attempts to log on to the network from his workstation. B) Luther is typing an incorrect password when he attempts to log on to the network from his workstation. C) The NIC in Luther's workstation is defective. D) The hub that connects Luther's workstation to the network is defective. Explanation In this scenario, neither you nor Luther can log on to the network from his computer. However, both of you can log on to the network from your computer. Thus, you can assume that the network interface card (NIC) in Luther's computer is defective. If https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 6/212 4/18/22, 4:08 PM N10-007 Exam Simulation Luther were unable to log on to the network from his computer, but you were able to log on to the network from his computer, then you could assume that Luther was supplying either an incorrect user name or password or both. One of the most common logon problems can be attributed to the caps lock feature. When the caps lock feature is enabled, then all alphabetical characters typed without the shift key being pressed appear in upper case. Most network operating systems require case-sensitive passwords. Therefore, the password system and the password SYSTEM are considered different passwords by the operating system. Both your computer and Luther's computer are connected to the same hub. If the hub were defective, then neither you nor Luther would be able to log on to the network from either computer. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #7 of 200 Question ID: 1123365 You want to install a device between your company's private network and the Internet that will prevent users on the Internet from transferring HTTP messages into the company's network. Which device should you install? A) a firewall B) a bridge C) a hub D) a router Explanation You should install a firewall between the Internet and your company's private network. A firewall can provide packet-filtering services for a network. Data packets can be allowed or denied entry to or from a network based on several criteria, including the Transmission Control Protocol (TCP) port number and the IP address of the sending host. In this scenario, you can configure the firewall to deny access to packets from the Internet that are sent through TCP port 80, which is the well-known TCP port for Hypertext Transfer Protocol (HTTP) messages. A bridge is a device that can divide a network into two segments. A network divided by a bridge appears to be a single network to devices and applications that operate at a higher level than the bridge. You normally use a bridge to divide a network to optimize network traffic. A hub, which is often referred to as a repeater or a repeating hub, acts as a concentration point for network https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 7/212 4/18/22, 4:08 PM N10-007 Exam Simulation connections on networks that use the star physical topology. A router connects two or more subnets and enables computers on a subnet to send data to remote subnets; although some routers provide packet-filtering capabilities, packet filtering is not a guaranteed capability with a router. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Introduction to Firewalls, http://netsecurity.about.com/od/hackertools/a/aa072004.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #8 of 200 Question ID: 1289208 The owner of your favorite pastry shop has just installed free Wi-Fi access for customers. The owner accomplished this task with limited technical skills and without any assistance. After a couple of days in operation, the owner calls to complain that he cannot get into the Wi-Fi router to make an adjustment. First, you have him use the hard reset function built into the router. What action would you recommend that the owner take next? A) Generate new keys. B) Change the default credentials. C) Patch and update the router. D) Upgrade the firmware. Explanation Changing default credentials is important for router and switch security, particularly with SOHO routers. Default credentials are published by the router manufacturers, and an easy search using the router model number will provide you (and an attacker) with the information needed to reconfigure the router. Changing the default credentials is an essential step in securing your network. While the other options can harden the router, the first and most crucial step is to change the default credentials because they are widely known and can be used by attackers. Upgrading firmware is one way to ensure that the network component is performing properly or to the current standard. Firmware differs from a driver. A driver allows the hardware communicate with an operating system, such as Windows 10, Linux, or OSX. Firmware is the software that allows the hardware device to operate. A simplified example of one aspect of firmware would be the line of instruction on the NIC that causes the green light to blink when network traffic is present. Patching and updates to the network hardware will ensure that the firmware is up to date and that any remedies to known security issues will be corrected. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 8/212 4/18/22, 4:08 PM N10-007 Exam Simulation You should be concerned with generating new keys, but this is not the primary concern here. If a breach occurred, the attacker managed to obtain the keys. Generating new keys will keep the attacker from using the stolen keys again. Objective: Network Security Sub-Objective: Given a scenario, implement network device hardening. References: The One Router Setting Everyone Should Change (But No One Does), https://www.tomsguide.com/us/change-router-defaultpasswords,news-26975.html Question #9 of 200 Question ID: 1123220 You administer your company's 100BaseTX Ethernet network. TCP/IP is the networking protocol used on the network. You want the routers on the network to send you notices when they have exceeded specified performance thresholds. Which protocol should you use to enable the routers to send the notices? A) SMTP B) SNMP C) Telnet D) ARP Explanation You should use Simple Network Management Protocol (SNMP) to enable the routers to notify you when they exceed specified performance thresholds. SNMP is a protocol in the TCP/IP protocol suite that enables the collection of data about various devices connected to a TCP/IP network, including bridges, hubs, and routers. Each SNMP-compatible device has a Management Information Base (MIB) database that defines the type of information that can be collected about the device. You can also configure SNMP traps to analyze network performance and network problems. A trap is a message that an SNMP-compatible device sends when the device has exceeded a performance threshold. You can configure SNMP to send traps to the network management software you are using, to your e-mail address, or to another destination. SNMP works at the Application layer of the OSI model. SNMP monitors are the pieces of software that actually monitor managed devices. This software must be applied at the device level. Address Resolution Protocol (ARP) is used on a TCP/IP network to resolve IP addresses to media access control (MAC) addresses. TCP/IP uses IP addresses to identify hosts, whereas Ethernet uses MAC addresses to identify network nodes. For Ethernet and TCP/IP to interoperate, a host's IP address must be resolved to a MAC address. You cannot use ARP to notify you when network devices have exceeded performance thresholds. ARP works at the Network layer of the OSI model. Simple Mail Transfer Protocol (SMTP) is used to transfer e-mail messages from e-mail clients to e-mail servers. SMTP is also used to transfer e-mail messages between e-mail servers. SMTP will not send traps when network devices have exceeded performance https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 9/212 4/18/22, 4:08 PM N10-007 Exam Simulation thresholds. SMTP works at the Application layer of the OSI model. Telnet is a terminal emulation protocol. You can use Telnet to establish a remote session with a server and to issue commands on a server. Telnet client software provides you with a text-based interface and a command line from which you can issue commands on a server that supports the Telnet protocol. Telnet will not send notices when network devices have exceeded established performance thresholds. Telnet works at the Application layer of the OSI model. Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: SNMP, http://www.tech-faq.com/snmp.html Question #10 of 200 Question ID: 1289206 A user reports that a legacy system is no longer responding. After researching, a technician reports that the system has been flooded with ICMP packets larger than 65,535 bytes. This is most likely the result of which type of attack? A) ARP issues B) malware C) ping of death D) backdoor access Explanation This is most likely the result of a ping of death attack. In a ping of death attack, a system or network is flooded with ICMP packets larger than 65,536 bytes. You can prevent this type of attack by not allowing ICMP messages from outside your network. This scenario is not the result of a malware attack. Malware, or malicious software, is generally obtained through email, instant messaging, the Internet, or file sharing. In most cases, malware affects the performance of the infected computer. It also may steal information. You can install anti-malware software to prevent these attacks. User education is also important. This scenario is not the result of backdoor access, also referred to as improper access. Backdoor access is usually obtained through using a backdoor utility or by using some built-in developer hook in an application that allows developers to circumvent normal authentication. It is often very hard to detect backdoor access. Companies should track the open-source projects that enter their network from external untrusted sources, such as open-source code repositories, and should rapidly respond to any backdoors discovered. This scenario is not the result of ARP issues. This is often accomplished by poisoning the ARP cache of computers. ARP poisoning can also be referred to as man-in-the-middle (MITM) attacks. You can use dynamic ARP inspection at routers to help mitigate this issue. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 10/212 4/18/22, 4:08 PM N10-007 Exam Simulation For the Network+ exam, you must also understand the following common security issues: Misconfigured firewall - allows vulnerabilities to be exposed, giving attackers the opportunity to exploit the firewall itself or the internal and DMZ devices the firewall was intended to protect. You should never allow all traffic into your internal network from the outside untrusted network. In addition, disable or remove any default accounts. If possible, configure the firewall to send alerts any time a configuration change has occurred. This would ensure that you would know that a configuration change has occurred and allow you to verify if the change was valid or carried out by an attacker. Misconfigured ACLs/applications - allows vulnerabilities to be exposed, giving attackers the opportunity to exploit applications or entities protected by the access control list (ACL). Disable or remove any default accounts in applications. Make sure that ACLs are not configured to allow all. ACLs should default to deny for all accounts not given access. Denial of service (DoS) - occurs when a server is flooded with traffic with the intent to shut down the server. In most cases, upgrading your devices and applications with the latest service packs or updates will prevent these attacks. Open/closed ports - allows or denies network access to specific types of traffic based on the port used. You should disable all ports that you are not using. Remember any open ports are avenues of attack. ICMP related issues - includes ping of death and unreachable default gateway. Most companies simply deny any ICMP from external networks. Unpatched firmware/OSs - allows vulnerabilities to be exposed, giving attackers the opportunity to exploit the unpatched device or computer. Make sure that all patches, security updates, hotfixes, and service packs are deployed in a timely manner to all affected systems. Malicious users - includes both trusted and untrusted users. Often malicious users will use packet sniffing utilities to obtain information about the network to enable attackers to carry out attack. Auditing can help mitigate this issue. Authentication issues - includes TACACS/RADIUS misconfigurations and default passwords/settings. Terminal Access Controller Access-Control System (TACACS) is a TCP-based protocol used to communicate with an authentication, authorization, and accounting (AAA) server. Remote Authentication Dial-In User Service (RADIUS) is a UDP-based protocol used to communicate with a AAA server. Because TACACS and RADIUS only handle the authentication of remote users, the TACACS/RADIUS server isn't configured correctly only if valid users are not authenticated or if invalid users are authenticated. When it comes to default passwords, you should disable all default passwords on any authentication servers. Default settings should also be changed. Changing default passwords and settings will help to ensure that attackers cannot use these defaults to breach the network. Banner grabbing/OUI - A banner is the text that is embedded with a message that is received from a host. Usually this text includes signatures of applications that issue the message. Banner grabbing is a fingerprinting technique that relies on morphed or empty TCP packets that are sent over to a target machine. Telnet, Netcat, Nmap and other tools can be used to carry out banner grabbing. First you need to thoroughly analyze what information is leaked. Set up your services properly. Default settings are always insecure. Turn off all the features and services that are unnecessary. Domain/local group configurations - Groups are often used as part of any security configuration. Users are placed into group, and groups are given access to resources. You should periodically audit groups and ensure that their permissions are appropriately configured. Jamming - Jamming compromises the wireless environment. It works by denying service to authorized users as legitimate traffic is jammed by the overwhelming frequencies of illegitimate traffic. Objective: Network Security Sub-Objective: Summarize common networking attacks. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 11/212 4/18/22, 4:08 PM N10-007 Exam Simulation References: Ping of Death, http://compnetworking.about.com/od/networksecurityprivacy/l/bldef_pingdeath.htm Question #11 of 200 Question ID: 1289158 Which of the following types of backups would back up data that has NOT been changed since the last backup? A) Incremental backup B) Differential backup C) System snapshot D) Full backup Explanation Full backups backup all of the files on a system, regardless of whether the data has been changed or not. While full backups provide the protection in case of a failure, they take the most time and require the most storage resources to accomplish. A full backup resets the archive bit, which is the indicator in file attributes that tells the OS whether or not the file needs to be backed up. When a file is created or modified, the archive bit is “set” or turned on. Differential backups look at the archive bit and back up all data whose archive bit is set. Differential backups do not reset the archive bit. If, for example, a full back up is performed on Sunday, a differential backup performed on Monday night will back up all of Monday’s new files and modifications, without resetting the archive bit. A differential backup performed on Tuesday night will back up all of Monday’s new/modified files as well as all of Tuesday’s new/modified files. Wednesday night’s backup will process changes from Monday, Tuesday and Wednesday. To restore data, the administrator would restore the full backup and the most recent differential backup. Incremental backups look at the archive bit and back up all data whose archive bit is set. Unlike differential backups, however, incremental backups reset the archive bit. If, for example, a full back up is performed on Sunday, an incremental backup performed on Monday night will back up all of Monday’s new files and modifications, while resetting the archive bit. An incremental backup performed on Tuesday night will only backup all of Tuesday’s new/modified files and reset the archive bit. Wednesday night’s backup will process Wednesday’s changes and reset the archive bit. To restore data, the administrator would restore the full backup and each of the incremental backups. Snapshots create a system image at a given point in time. While they can be considered a form of backup, snapshots are not concerned with archive bits and capture the entire system state. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 12/212 4/18/22, 4:08 PM N10-007 Exam Simulation Tips & Tricks for Better Business Backup and Recovery for World Backup Day, https://www.acronis.com/en-us/blog/posts/tipstricks-better-business-backup-and-recovery-world-backup-day CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability Question #12 of 200 Question ID: 1289289 You are the network admin at a small college. For most of the day, your school's wireless network performs as it should. Between classes, however, performance is abysmally slow. What is the most likely cause? A) Channel overlap B) Signal-to-noise ratio C) Refraction D) Overcapacity Explanation You should look at overcapacity. Overcapacity is an issue in wireless performance. The proliferation of wireless devices will put an enormous drain on a wireless network originally designed for a few devices. In today’s environment, the network may need to provide service to tablet computers, smartphones, personal performance monitors, and smart watches, in addition to the few laptops the network was originally designed to support. From the symptoms being described, more students are connecting their devices between classes, causing the performance of the network to degrade. Refraction “bends” the signal as it passes through, or the signal curves as it tries to go around the object. Think of a stick where part of the stick is in the water and part of the stick is out of the water. The stick appears ‘‘bent” because the water causes refraction of the image. If refraction were the issue, the problem would be throughout the day, not just at certain times. Channel overlap can cause performance issues. Even though 11 channels are available in the US, there is a high degree of overlap. When using multiple wireless access points in 2.4 GHz mode, set the channels at 1, 6, and 11 to provide the best coverage. If this were the issue, the problem would be throughout the day, not just at certain times. The signal-to-noise ratio (SNR) is the relationship between the strength of the wireless signal compared to the amount of background interference (noise). SNR is measured in decibels (dB). Devices such as microwaves, cordless phones, wireless cameras, and fluorescent lights are all contributors. When using a Wi-Fi analyzer, any SNR below 25dB is considered poor, while a reading above 41db is considered excellent. If this were the issue, the problem would be throughout the day, not just at certain times. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 13/212 4/18/22, 4:08 PM N10-007 Exam Simulation 4 More Incredibly Common Reasons Your Wifi Performance is Awful, https://www.securedgenetworks.com/blog/4-more-incrediblycommon-reasons-your-wifi-performance-is-awful Question #13 of 200 Question ID: 1123300 You decide to install an 802.11a wireless network in your company's main building. Which frequency band is used in this network? A) 5 GHz B) 2.9 GHz C) 900 MHz D) 2.4 GHz Explanation The 802.11a wireless local area networks (WLANs) use the 5-GHz frequency band. 802.11a WLANs use the 5-GHz frequency band with Orthogonal Frequency Division Multiplexing (OFDM). OFDM supports a maximum data rate of 54 Mbps. 802.11b WLANs use the 2.4-GHz frequency band for transmission with Direct Sequence Spread Spectrum (DSSS). DSSS supports a maximum data rate of 11 Mbps. 802.11a WLAN equipment does not use the 900-MHz or 2.9-GHz frequency bands for transmission. The maximum data rate is often referred to as maximum bandwidth. Channel bandwidth is the amount of bandwidth within a single channel used by the frequency. Objective: Networking Concepts Sub-Objective: Given a scenario, implement the appropriate wireless technologies and configurations. References: Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=2 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #14 of 200 Question ID: 1289066 You administer a 100BaseTX Ethernet network that is configured to use the TCP/IP network communications protocol. You have installed a firewall between the network and the Internet. Currently ports 80, 20, and 21 are open on the firewall. You want to allow only SMTP and POP3 communications between the network and the Internet. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 14/212 4/18/22, 4:08 PM N10-007 Exam Simulation Which configurations should you make on the firewall? A) Close port 80 only. B) Close ports 20, 21, and 80, and open ports 25 and 110. C) Close ports 20 and 21, and open port 25. D) Close ports 21 and 80, and open port 110. Explanation Currently, ports 80, 20, and 21 are open in the firewall. Port 80 is the port that is used to transfer Hypertext Transfer Protocol (HTTP) messages. HTTP is the protocol that is used to transport Web pages on the Internet. Ports 20 and 21 are used by File Transfer Protocol (FTP), a protocol that can transfer data files on the Internet. An FTP server listens for requests on port 21 and establishes connections with FTP clients on port 20. In this scenario, you should close ports 20, 21, and 80 to prevent HTTP and FTP traffic. Simple Mail Transfer Protocol (SMTP) is used to transfer e-mail messages between e-mail servers on the Internet. SMTP uses port 25. Post Office Protocol 3 (POP3) is used by e-mail clients to retrieve messages from e-mail servers. POP3 uses port 110. In this scenario, you should open ports 25 and 110. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 15/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications Computer Network Glossary - Port Number: Ports 50-99, http://compnetworking.about.com/od/tcpip/l/blports_gl50.htm Computer Network Glossary - Port Number: Ports 10-49, http://compnetworking.about.com/od/tcpip/l/blports_gl10.htm Computer Network Glossary - Port Number: Ports 100-149, http://compnetworking.about.com/od/tcpip/l/blports_gl100.htm Question #15 of 200 Question ID: 1289225 You installed a network in a company executive's home office to allow her to securely access the corporate network and work from home. It has worked properly for three months, but now she says that it is broken. What should you do first to troubleshoot this problem? A) Identify the problem. B) Establish a plan of action. C) Test the theory to determine cause. D) Establish a theory of probable cause. Explanation According to the general troubleshooting strategy, the first thing you should do when troubleshooting a problem is to identify the problem. This includes gathering information, duplicating the problem, questioning users, identifying symptoms, determining if anything has changed, and approaching multiple problems individually. The user's statement that the network is "broken" does not clarify whether there is an issue with hardware or software, with user error, or with an external vendor such as the network service provider. If a user complains that he is unable to access a server or printer resource on the network, you should first ask if the user is able to access any network resources. This will perhaps help to narrow your search from the entire network to a single device. The troubleshooting order according to the CompTIA Network+ blueprint is as follows: 1. Identify the problem. Gather information. Duplicate the problem, if possible. Question users. Identify symptoms. Determine if anything has changed. Approach multiple problems individually. 1. Establish a theory of probable cause. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 16/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model Divide and conquer 1. Test the theory to determine cause. Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, re-establish new theory or escalate. 1. Establish a plan of action to resolve the problem and identify potential effects, 2. Implement the solution or escalate as necessary, 3. Verify full system functionality and if applicable implement preventive measures. 4. Document findings, actions, and outcomes. Objective: Network Troubleshooting and Tools Sub-Objective: Explain the network troubleshooting methodology. References: CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1) Question #16 of 200 Question ID: 1289150 You are the network administrator for a healthcare organization. Recently several federal and state government laws have been enacted which will affect network operations. Which change management documentation should record this information? A) regulations B) policies C) baselines D) procedures Explanation Regulations are governmental guidelines that are written by federal or state agencies based on the laws passed by federal or state government. Regulations are established by entities outside the network owner. Baselines are primarily used to identify performance issues. They are actually performance statistics used for comparative purposes. By establishing a performance baseline, you can ensure that performance issues are identified much easier in the future. Policies set forth the network rules, including the who, what, and when of the rules. Policies tell what the rules are, who is covered by the rule, and when the rule applies. Procedures set forth the steps that must be taken to enforce the policies, including updating https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 17/212 4/18/22, 4:08 PM N10-007 Exam Simulation the network drivers. Procedures tell how to achieve the desired results. Standards are reference models to make sure products of different vendors can work together in a network. Change management documentation is very important. When anything on your network changes, you need to properly document this change. This change includes wiring changes, hardware changes, software changes, and so on. If change documentation is overlooked, network technicians and administrators may make the wrong assumptions about the network. Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. References: Regulation, http://en.wikipedia.org/wiki/Regulation Question #17 of 200 Question ID: 1123347 Your company has decided to implement either a 1000Base-LX or 1000-Base-SX network. Which type of cable should you use? A) fiber optic B) UTP C) STP D) coaxial Explanation The 1000Base-SX and 1000Base-LX standards use fiber optic cable. They are Gigabit Ethernet technologies. 1000Base-SX uses multi-mode fiber optic cable. 1000Base-LX uses single-mode or multi-mode fiber optic cable. 1000Base-SX and 1000Base-LX do not use unshielded twisted pair (UTP), shielded twisted pair (STP), or coaxial cable. 1000Base-CX uses shielded twisted pair (STP) cable for short-haul cable runs. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: Gigabit Ethernet, http://en.wikipedia.org/wiki/Gigabit_Ethernet https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 18/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #18 of 200 Question ID: 1123433 Which action would you perform to look for candidates for exploitation across an information system? A) Vulnerability scanning B) Log reviewing C) Port scanning D) Patch management Explanation Vulnerability scanning looks for areas that are candidates for exploitation (weak spots) in networks, operating systems, applications, and equipment. Vulnerability scans can also identify the effectiveness of in-place systems designed to prevent those exploits. Log reviewing is the process of studying the event logs and looking for patterns or key triggers (such as a failed logon) that would indicate a potential problem. As an example, in the Windows OS you could look for event codes 525-537 or 539, which are indicative of a failed login attempt. Patches are updates to operating systems and applications. Patch management is the process of applying those updates, auditing for installation, and verifying that the most current patch has been applied. While some patches address performance features, they are more often associated with correcting security issues. Port scanning examines ports (0-65535) to determine if they are available for traffic (open) or blocked (closed). A company may want to enable port 80 for HTTP traffic, but disable ports 20/21 to block FTP traffic. While open ports may be candidates for exploitation, port scanning does not provide the level of information that vulnerability scanning does. Objective: Network Operations Sub-Objective: Explain common scanning, monitoring and patching processes and summarize their expected outputs. References: Vulnerability Scanning vs. Penetration Testing, https://www.secureworks.com/blog/vulnerability-scanning-vs-penetration-testing CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks Question #19 of 200 Question ID: 1289216 What is another term for a demilitarized zone (DMZ)? A) dual-homed firewall B) screened subnet C) virtual private network (VPN) https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 19/212 4/18/22, 4:08 PM N10-007 Exam Simulation D) screened host Explanation A screened subnet is another term for a demilitarized zone (DMZ). Two firewalls are used in this configuration: one firewall resides between the public network and DMZ, and the other resides between the DMZ and private network. A DMZ is a separate network segment that contains Internet-accessible servers, which is separated from the Internet and the rest of the private network by a firewall. A system administrator would deploy a Web server on a DMZ if the Web server needed to be separated from other networked servers. The general standpoint behind a DMZ is that all the systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. An e-mail server and FTP server could also be located on a DMZ. If you locate the e-mail server on the private network, you could place an e-mail proxy on the DMZ. An extranet is similar to a DMZ, but is only accessible to partners or clients. Firewall architectures include bastion hosts, dual-homed firewalls, screened hosts, and screened subnets. A screened host is a firewall that resides between the router that connects a network to the Internet and the private network. The router acts as a screening device, and the firewall is the screen host. A dual-homed firewall is one that has two network interfaces: one interface connects to the Internet, and the other connects to the private network. A virtual private network (VPN) is not a physical network. As its name implies, it is a virtual network that allows users connecting over the Internet to access private network resources while providing the maximum level of security. An encrypted VPN connection should be used to ensure the privacy and integrity of data that is transmitted between entities over a public network, whether those entities are clients, servers, firewalls, or other network hardware. A VPN can use a tunneling protocol, such as IPSec. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Demilitarized Zone in Computer Networking, http://compnetworking.about.com/cs/networksecurity/g/bldef_dmz.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #20 of 200 Question ID: 1289287 You are about to install several wireless access points in different areas of the building. You want maximum coverage, so you opt for the longer-range 2.4 Ghz frequency. Which item below should most likely also be of concern? A) Interference B) Channel overlap C) Power levels D) Security type mismatch https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 20/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation You should be concerned with channel overlap. Channel overlap can cause performance issues. Even though 11 channels are available in the US, there is a high degree of overlap. When using multiple wireless access points in 2.4 GHz mode, you should set the wireless channels at 1, 6, and 11 to provide the best coverage. Power levels can affect wireless network performance. In Windows 10, for example, you can change the wireless power settings by going to Control Panel\Hardware and Sound\Power Options\Edit Plan Settings, selecting “Change Advanced Power Settings”, and modifying the Wireless Adapter Settings to suit your preferences. Most wireless access points allow you to adjust the signal strength. Power levels should only be a concern if you need to adjust the signal strength to prevent the signal from extending outside a certain boundary. Interference in wireless communications can originate from several sources. If there are too many devices operating in the 2.4 Ghz spectrum without proper channel separation, there could be interference. Common household items such as microwaves, cordless phones, and baby monitors can also be sources of interference. Because you are deploying multiple wireless access points in the same frequency, you are more likely to experience channel overlap than interference. This should be a secondary concern. It is important to verify that you do not have a security type mismatch. To connect to a wireless network, the client device must be set to use the same security type as the access point. Access point security types include open and WEP (both to be avoided if at all possible), WPA/TKIP, WPA/AES, and WPA2/AES. While you need to ensure that the wireless access points and the devices using them implement the same security type, you are more likely to have channel issues in the scenario. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: Channel Planning Best Practices, https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Channel_Planning_Best_Practices Question #21 of 200 Question ID: 1123490 You want to ensure that the sender of the message or network transmission is authenticated, and not an imposter or a phishing attempt. Which method will provide the highest level of origin authentication? A) CCMP-AES B) WPA C) TKIP-RC4 D) Preshared key Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 21/212 4/18/22, 4:08 PM N10-007 Exam Simulation Counter Mode with Cypher Block Chaining (CBC) Media Access Control Protocol - Advanced Encryption Standard (CCMP-AES) provides greater security over wireless networks through CBC MAC, ensuring that incoming packets are indeed coming from the stated source. It also provides fast encryption using AES, which encrypts blocks of data instead of individual bits. In a wireless network, a preshared key (PSK) is an encryption method used with WPA Personal or WPA2 personal. PSK is appropriate for small office-home office (SOHO) networks. A user will request access to the wireless network, supply a passphrase, which is then used with the Service Set Identifier (SSID) to generate a unique encryption key. PSK is not as secure as CCMP-AES. Temporal Key Integrity Protocol-Rivest Cipher 4 (TKIP-RC4) is an encryption method that was designed to provide security enhancements to wireless networks using Wired Equivalent Protocol (WEP). WEP was an extremely weak encryption standard. TKIP added a key distribution method whereby each transmission had its own encryption key, an authentication method to verify message integrity, and an encryption method called RC4. However, TKIP-RC4 is not as secure as CCMP-AES. Wi-Fi Protected Access (WPA) was an interim security improvement over WEP. WPA was later replaced by Wi-Fi Protected Access version 2 (WPA2). WPA-2 uses AES to encrypt wireless communications. Using complex authentication will prevent unauthorized entities from guessing credentials easily. Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: AES-CCMP, https://docs.microsoft.com/en-us/windows-hardware/drivers/network/aes-ccmp Question #22 of 200 Question ID: 1123313 Computer A needs the IP address of Computer B, but Computer A only knows Computer B's FQDN. Which of the following is MOST likely to contain this information? A) Forward zone B) Internal DNS C) External DNS D) Reverse zone Explanation The forward lookup zone is most likely to contain the IP address of Computer B. When comparing forward vs reverse zones, the forward lookup zone provides the association between devices on a domain and their corresponding IP address. As an example, it would contain a record that says mypc.mydomain.com has IP address 192.168.5.1. If another machine on the network needed the IP address for mypc.mydomain.com, it would query the forward lookup zone on the DNS server, find the record for mypc.mydomain.com, and retrieve the IP address. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 22/212 4/18/22, 4:08 PM N10-007 Exam Simulation Reverse lookup zones do just the opposite, listing the records by IP address and then providing the FQDN. When comparing internal vs external DNS, the internal DNS would reside within the enterprise's networks and provide "local" name resolution. An external DNS server would be one that not only provides resolution for your domain, but others as well. While the query may go to the DNS server, the information is actually contains in the lookup zones located on the servers. Another type of DNS server is a third party/cloud-hosted DNS. Third-party DNS uses servers provided by Google Public DNS, OpenDNS, or UltraDNS. Cloud-hosted DNS is based on platforms like Amazon AWS's Route 53 and Microsoft Azure DNS. When discussing DNS hierarchy, at the top you have the root domain. When a DNS query comes in (such as a query for mail.mydomain.com), the root will direct the query to the DNS server responsible for the URL's top-level domain, such as the .com DNS server (or the .gov DNS server, the .mil DNS server and so forth). The .com DNS server then directs the query to the domain name server for mydomain.com. When the name server for mydomain.com finds the listings, it locates the subdomain mail.mydomain.com, and retrieves the IP address for the computer responsible for mail.mydomain.com. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: Overview of DNS zones and records, https://docs.microsoft.com/en-us/azure/dns/dns-zones-records Question #23 of 200 Question ID: 1289265 The network you administer is organized according to the following image: ElliotA, KateB, and PayR are workstations. FileSrv is a file server, and WebSrv is a Web server. FRW1 and FRW2 are firewalls. WebSrv is on a demilitarized zone (DMZ) that is maintained between the two firewalls. Router1 connects the network to the Internet. Remote users on the Internet connect to WebSrv, and some remote users on the Internet are allowed to gain access to files on FileSrv. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 23/212 4/18/22, 4:08 PM N10-007 Exam Simulation Users report a network connectivity problem, so you test network connectivity. ElliotA can connect to KateB and FileSrv. KateB can connect to WebSrv. WebSrv can connect to PayR and FileSrv. FileSrv cannot connect to Router1, but FileSrv can connect to FRW1 and FRW2. Internet users can connect to Router1, but they cannot connect to WebSrv. What is most likely causing the connectivity problem on the network? A) FRW1 is configured with an invalid IP address. B) Router1's connection to the Internet is down. C) The cable that connects Router1 to FRW2 is not properly connected to FRW2. D) The port on Hub1 that connects FileSrv to the hub is not able to send or receive data. E) Router1 is overloaded with network traffic. Explanation The most likely cause of the network connectivity problem in this scenario is that the cable that connects Router1 to FRW2 is not properly connected to FRW2. If the cable is not properly connected, then users on the Internet will be able to contact Router1, but they will not be able to gain access to resources on WebSrv. Also, computers on the network will be able contact one another and the firewalls, but they will not be able to contact Router1 or connect to the Internet. Potential issues with the cable are a bad connector, bad internal wiring, a split (a physical cut in the cable), or a termination problem. Bad connector - If you suspect that a connector is bad on a short cable, it may be easier to replace the entire cable than one connector. However, for long cable runs that extend over a long distance, you should replace the connector so that the cable will not have to be re-routed. Bad wiring - If you suspect that the cable itself is damaged or nonfunctional, you should always replace the cable. Split cables - This is similar to bad wiring but is much easier to diagnose because the cable is actually cut. An open circuit can be the direct result of this issue. Incorrect termination - This occurs when the cabling connectors are configured with the wrong individual pin in the connector sockets, or when a twisted pair cable is wired as a split pair. Straight-through - With this type of cable, each pin should connect to the same pin on the opposite side. This cabling is used when connecting unlike devices, such as connecting a router to a hub, a computer to a switch, or a LAN port to a switch, hub, or computer. Crossover - With this type of cable, some of the internal wires should cross over each other by switching the orange-white and green-white wires, and then the orange and green wires. This cabling is used when connecting like devices, such as connecting a computer to a router, a computer to a computer, or a router to a router. TX/RX reversal is another kind of cabling error. A straight-through cable has the same transmit (Tx) or receive (Rx) leads at each end, while they are reversed at one end in a crossover cable. A straight-through cable connects dissimilar devices, while a crossover cable connects like devices. If you use a crossover cable in the wrong location on the network, the device will be unable to connect to the network. You should replace the cable with the correct type. Some switches support medium dependent interface crossover (MDIX). This allows a switch port to match its leads to the cable you have used. However, if a network device does not support MDIX, you must use an appropriate cable (that is, a crossover cable) to allow its Tx leads to connect to the Rx leads on a connected device. If loss of connection occurs, you are using the wrong cable or have the switch leads configured incorrectly. A split pair is a wiring error where two wires of a twisted pair are instead connected using two wires from different pairs. It most commonly occurs when a punch-down block is wired incorrectly or when RJ-45 connectors are crimped onto the wrong wires. In https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 24/212 4/18/22, 4:08 PM N10-007 Exam Simulation both of these situations, you will need to rewrite the block or connector. Open circuits or short circuits could also cause loss of connection. An open circuit is usually the result of a broken cable or improper termination. This causes an incomplete connection and complete failure of the electric current. A short circuit occurs when there is unwanted contact with the cabling. This results in the current following an unwanted path, which could cause overheating or burning. If the network connectivity problem were caused by an invalid IP address on FRW1, then users on the Internet would be able to gain access to WebSrv, but FileSrv would not be able to connect to FRW1, FRW2, WebSrv, or the Internet. If the port on Hub1 that connects FileSrv were not able to send or receive data, then Internet users would be able to gain access to WebSrv, but KateB would not be able to contact WebSrv, and ElliotA would not be able to contact FileSrv. If Router1 were not connected to the Internet, then Internet users would not be able to connect to Router1 and users on the network would not be able to connect to the Internet. If Router1 were overloaded with network traffic, then Router1 would probably be slower than usual. However, users on the Internet would be able to connect to WebSrv and computers on the network would be able to connect to WebSrv and the Internet. Other common issues with cabling include a bad SFP/GBIC module, cable placement issues, attenuation, distance limitations, EMI and RMI, and cross-talk. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #24 of 200 Question ID: 1289159 Which option is a critical metric in preventive maintenance that would allow you to schedule the replacement of a component at a convenient time, as opposed to waiting for the component to fail at an inopportune time? A) MTTR B) MTBF C) Load balancer D) SLA requirements Explanation Mean Time Between Failures (MTBF) is the average, or mean, time between failures on a device or system. It is an expression of reliability. Generally speaking, it the average length of time that something will work before it is likely to fail. Good preventive maintenance policies would replace a device, such as a power supply, as the time in service approaches MTBF. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 25/212 4/18/22, 4:08 PM N10-007 Exam Simulation Mean Time To Recover (MTTR) is the average, or mean, time that it takes to recover, or restore, a system. In terms of a backup, for example, the term would refer to the time needed to restore a system from a full, full + incremental, or full + differential backup. The term can also be applied to full system failure, or hardware component failure such as a hard drive, RAM or power supply. Service level agreement (SLA) requirements determine what the vendor who provides technology services is obligated to provide to the customer. Items that are outlined in the SLA can include response time, repair time, network reliability expectations, escalation protocols, dispute resolution and more. Often the terms MTBF and MTTR may be included in an SLA. A load balancer can be used to divert incoming web traffic, based on content, to specific servers. This will reduce the workload on the primary server. The destination server is determined by data in transport layer or application layer protocols. Distribution can be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest response time. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: Mean Time Between Failures and Mean Time To Repair, https://www.opservices.com/mttr-and-mtbf/ CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability Question #25 of 200 Question ID: 1289117 Match the description on the left with the DNS resource record on the right. {UCMS id=4880775042301952 type=Activity} Explanation The DNS resource record types are as follows: A - Maps a host name to an IPv4 address AAAA - Maps a host name to an IPv6 address CNAME - Maps an additional host name to an existing host record MX - Maps a mail server name to a domain PTR - Maps an IP address to a host name Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 26/212 4/18/22, 4:08 PM N10-007 Exam Simulation List of DNS Record Types, http://en.wikipedia.org/wiki/List_of_DNS_record_types CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices Question #26 of 200 Question ID: 1123416 After a data breach occurs at a client's site, you determine that some of the switches, routers, and servers in the network were updated with the most current security patches, and some have never been updated. When you examine the network diagram, you notice that many of the same types of devices do not look the same in the diagram. What type of documentation should you provide to the client to ensure all devices are consistently identified by their type? A) Change management documentation B) Diagram symbols C) Network configuration and performance baselines D) Inventory management Explanation Diagram symbols should be standardized throughout the network documentation. For example, routers should all be depicted in the documentation with the same shape. The same would be true for other devices, such as switches, bridges, and patch panels: each type of equipment should use a symbol, icon, or shape that is unique to that type of equipment. The most commonly used symbols were developed by Cisco, but Amazon Web Services uses its own set of symbols, and different software packages may have their own symbols. Change management documentation primarily refers to software patches, updates, and rollbacks. It is important to document when these events occur, and what the results were. Change management also refers to the documentation, justification and approval process for major configuration changes, such as the addition of a switch or a storage area network. Change management documentation is not part of any network diagram. Network configuration and performance baselines are parts of the network documentation that assist with troubleshooting. In particular, performance baselines show how the network performs under typical loads, in terms of bandwidth used, packets dropped, throughput, or other metrics, for a given period of time. Later, when network issues occur, such as a perceived drop in network speed, the administrator can compare current conditions to the previously recorded baseline. These baselines are not part of any network diagram. Inventory management deals with the identification, tagging, allocation, and placement of the major physical pieces of equipment with which the network is built. Routers, switches, hubs, wireless access points, and high-end NICS are among the items that are often tracked in an inventory management system. Most inventory management information is not included in diagrams. Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 27/212 4/18/22, 4:08 PM N10-007 Exam Simulation References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation Question #27 of 200 Question ID: 1289244 You have decided to implement a network protocol analyzer on your company's network. Which job is NOT performed by this tool? A) provide network activity statistics B) identify source and destination of communication C) identify the types of traffic on the network D) detect active viruses or malware on the network Explanation A network protocol analyzer does not detect active viruses or malware on the network. Most network protocol analyzers provide the following functions: Provide network activity statistics. Identify source and destination of communication. Identify the types of traffic on the network. Detect unusual level of traffic. Detect specific pattern characteristics. A network protocol analyzer can determine if passwords are being transmitted over the network in clear text. It can also be used to read the contents of any File Transfer Protocol (FTP) packet, including an FTP GET request. WireShark is a commercial network protocol analyzer. For the Network+ exam, you also need to understand the following troubleshooting tools: Speed test sites - These sites are used to determine the speed of your Internet connection. They are a great method to help you see if you are getting the speed promised by your Internet service provider (ISP). For a list of possible sites to use, please see http://pcsupport.about.com/od/toolsofthetrade/tp/internet-speed-test.htm, Looking glass sites - These sites view routing information from a server's perspective using Border Gateway Protocol (BGP) routes. For a list of possible looking glass servers, please see http://www.bgp4.as/looking-glasses. Wi-Fi analyzer - These tools are used to analyze the signal strength of your wireless access points. For a list of possible FREE Wi-Fi analyzers for laptops or mobile devices, please see http://open-tube.com/free-wifi-analyzers-for-laptops-mobile-devices/ Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Network analyzer, http://searchnetworking.techtarget.com/sDefinition/0,sid7_gci1196637,00.html https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 28/212 4/18/22, 4:08 PM N10-007 Exam Simulation CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #28 of 200 Question ID: 1289080 You need to copy the traffic from a single port to a different port, but prevent bidirectional traffic on the port. Which switch feature should you use? A) port mirroring B) PoE C) trunking D) spanning tree Explanation Port mirroring copies the traffic from a single port to a different or mirror port, but prevents bidirectional traffic on the port. It allows you to view all of the traffic for a single VLAN, no matter the switch where the traffic originates. Local port mirroring only uses ports from the same switch. Remote port mirroring uses ports from multiple switches. Power over Ethernet (PoE) allows the electrical current to be carried by the data cable to the device. PoE allows you to place network devices where electrical current is not normally available. PoE+ is an enhanced version of PoE that provides more power and better reliability. PoE+ is most commonly deployed in enterprise networks, while PoE is usually sufficient for small business or home networks. PoE is defined by the IEEE 802.3af and 802.3at standards. A spanning tree prevents loops when more than one path can be used. Spanning Tree Protocol (STP) uses the Spanning Tree Algorithm (STA) to help a switch or bridge by allowing only one active path at a time. A switching loop or bridge loop occurs when there is more than one path between two endpoints. The loop causes broadcast storms because broadcasts and multicasts are forwarded by switches out every port. The switch will repeatedly rebroadcast the messages, thereby flooding the network. If a frame is sent into a looped topology, it can loop forever. You should allow physical loop, but create a loop-free logical topology using the shortest path bridging (SPB) protocol or the older spanning tree protocols (STP) on the network switches. Trunking (802.1q) allows different switches to support the same virtual LAN (VLAN) using frame-tagging. For example, when two ports on Switch A are connected to one port on Switch B, trunking has been implemented. Frame tags will be used to route the communication appropriately. If you need to add a switch to a room through which laptops can connect for full network access, you should configure a trunk on a switch port for both switches, the new switch in the room and the switch to which the new switch connects. By default, unknown unicast and multicast traffic is flooded to all Layer 2 ports in a VLAN. This unknown traffic flooding can be prevented by blocking unicast or multicast traffic on the switch ports. However, keep in mind that there may be times when you need to use unicast or multicast traffic. You can also configure forwarding and blocking on a switch port. If you configure forwarding, certain types of traffic based on the rules you configure will be forwarded to a certain port. If you configure blocking, certain types of traffic can be blocked from a switch port. A VLAN with a gateway offers no security without the addition of an access control list (ACL). Always make sure to configure the appropriate ACL for your VLANs and switches. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 29/212 4/18/22, 4:08 PM N10-007 Exam Simulation For the Network+ exam, you also need to understand Link Aggregation Control Protocol (LACP), also referred to as 802.3ad. LACP supports automatic link configuration and prevents an individual link from becoming a single point of failure. With this protocol, traffic is forwarded to a different link if a link fails. LACP allows network administrators to configure two or more links to pass traffic as if they were one physical link. You can manually or automatically assign the IP address for the switch. Automatic configuration uses a DHCP server to obtain the IP address and all other information that you have configured the DHCP server to assign. The DHCP server does not have to be on the same subnetwork as the switch. If you manually configure the IP address, you need to ensure that all settings are correct. Switches should be given their own IP address and default gateway to use so that they can be remotely managed. For IP address assignment for devices attached to the switch, some switches can also be configured to act as a DHCP server and assign IP addresses to attached devices. However, you must ensure that the DHCP ranges configured on the switch do not overlap the ranges configured on other DHCP servers. Otherwise, you may have a single IP address assigned to multiple hosts on the network, thereby affecting communication. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features Port Mirroring, http://en.wikipedia.org/wiki/Port_mirroring Question #29 of 200 Question ID: 1289132 You have been asked to create several TIA/EIA 568A wiring cables for your network. Which color wire should be placed in Pin 1? A) Orange B) Green/White C) Green D) Orange/White Explanation Pin 1 in the 568A cable specification should contain the Green/White wire. The 568A specification is shown below: Pin 1 - Green/White Pin 2 - Green Pin 3 - Orange/White Pin 4 - Blue Pin 5 - Blue/White Pin 6 - Orange https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 30/212 4/18/22, 4:08 PM N10-007 Exam Simulation Pin 7 - Brown/White Pin 8 - Brown The 568B specification is shown below: Pin 1 - Orange/White Pin 2 - Orange Pin 3 - Green/White Pin 4 - Blue Pin 5 - Blue/White Pin 6 - Green Pin 7 - Brown/White Pin 8 - Brown Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: How to Wire Your Own Ethernet Cables & Connectors, http://www.ehow.com/how_6908936_wire-own-ethernet-cablesconnectors.html Category 5 Cable Wiring Standards, http://www.cisco.com/en/US/products/hw/optical/ps2006/products_tech_note09186a008043af97.shtml#topic1 Question #30 of 200 Question ID: 1289090 You have recently added a new Windows 8 computer to your IPv6 network. Because your network is small, you currently use static IP addressing. You record the IPv6 address of the new Windows 8 computer. What is the shortest possible notation of it IPv6 address as shown below? 2001:0DB8:0000:0001:0000:0000:0000:F00D A) 2001:0DB8:0:1::F00D B) 2001:DB8:0:1:0:0:0:F00D C) 2001:DB8::1::F00D D) 2001:DB8:0:1::F00D Explanation The shortest possible notation of the IPv6 address 2001:0DB8:0000:0001:0000:0000:0000:F00D is 2001:DB8:0:1::F00D. The address is shortened according to the following rules: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 31/212 4/18/22, 4:08 PM N10-007 Exam Simulation Remove leading zeros. Remove the consecutive fields of zeros with double colon (::). The double colon (::) can be used only once. The option 2001:DB8::1::F00D is incorrect because the double colon (::) can be used only once in the process of shortening an IPv6 address. The option 2001:DB8:0:1:0:0:0:F00D is incorrect because 2001:DB8:0:1:0:0:0:F00D can be further shortened to 2001:DB8:0:1::F00D. This is referred to as address compression. The option 2001:0DB8:0:1::F00D is incorrect because 2001:0DB8:0:1::F00D can be further shortened to 2001:DB8:0:1::F00D. IPv6 addresses are 16 bytes, or 128 bits in length. The following are valid IPv6 addresses: ::10.2.4.1 is an example of an IPv4-compatible IPv6 address, where the first 12 bytes (96 bits) of the address are set to 0. :: is the IPv6 "unspecified address." It is a unicast address not assigned to any interface, and is used by DHCP-dependent host prior to allocating a real IPv6 address. 2001:0:42:3:ff::1 is a valid IP address, with the :: representing two segments (4 bytes) of compressed zeros. 2001:42:4:0:0:1:34:0 is a valid IP address, with only the leading zeros of each segment truncated. IPv6 globally routable unicast addresses start with the first 4 characters in the range of 2000 to 3999. An IPv6 link-local address is also used on each IPv6 interface. Link-local addresses begin with FE80. Multicast addresses begin with FF as the first two hex characters. IPv6 can use auto-configuration to discover the current network and select a host ID that is unique on that network. IPv6 can also use a special version of DHCP for IPv6. The protocol that is used to discover the network address and learn the Layer 2 address of neighbors on the same network is Neighbor Discovery Protocol (NDP). IPv6 addresses use the Extended Unique Identifier (EUI-64) format. This format causes a router to automatically populate the loworder 64 bits of an IPv6 address based on an interface's MAC address. Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: IPv6: Learn it, Love it, http://searchnetworking.techtarget.com/news/article/0,289142,sid7_gci870277,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IP Version 6 Question #31 of 200 Question ID: 1289140 You have decided to implement a firewall between your company's network and the Internet. What does a firewall software solution typically provide? (Choose three.) https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 32/212 4/18/22, 4:08 PM N10-007 Exam Simulation A) IP proxy services B) packet filtering C) L1 cache D) HTTP proxy services E) L2 cache Explanation Of the listed services, a firewall software solution typically provides packet filtering, Hypertext Transfer Protocol (HTTP) proxy services, and Internet Protocol (IP) proxy services. These three services can also be obtained as separate products. With packet filtering, data packets can either be allowed or denied entry into a network based on certain specified factors, such as the TCP port number or the IP address of the sending host. HTTP proxy services typically include Web page caching, which enables Web pages to be stored on an HTTP proxy server and retrieved from the proxy server rather than from the Internet; thus, HTTP proxy services can improve Web browsing performance. IP proxy services typically include the ability to present a single IP address to the Internet on behalf of all hosts on a private network. IP proxy services enable private IP addresses to be used on the private network, and IP proxy services protect the internal network-addressing scheme from malicious users on the Internet. Firewall software solutions do not involve Level 1 (L1) or Level 2 (L2) cache. L1 cache is cache memory that resides on a central processing unit (CPU). L2 cache is cache memory that resides on a system board near the CPU. Cache memory is a small amount of memory that is very fast and interfaces with the slower RAM on a system board to help increase the rate at which data flows between RAM and the CPU. For the Network+ exam, you must understand the following firewall types: Host-based - This firewall is installed on a specific host and only protects the host on which it is installed. This is the best solution if you need to protect laptops or desktop computers from external threats. Network-based - This firewall is installed on the network and protects all devices that are on the network that it controls. Application aware/context aware - This firewall is designed to manage application and Web 2.0 traffic. This type allows finetuning the rules rather than just configuring allow or deny rules. Small office/home office firewall - This firewall is easier to configure than most enterprise firewalls and often only involves a software component that you install on a network host. Unified Threat Management (UTM) - This device bundles multiple security functions into a single physical or logical device. Features included could be IPS, IDS, anti-virus, anti-malware, anti-spam, NAT, and other functions. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Introduction to Firewalls, http://netsecurity.about.com/od/hackertools/a/aa072004.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 33/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #32 of 200 Question ID: 1289135 Your company is deploying a VoIP system on its premises at three locations. The internal VoIP system must communicate with the existing PSTN network. Which device will be necessary to permit network-based calls to access the PSTN, and for PSTN-based calls to access the network? A) VoIP-PSTN gateway B) IP-ISDN adapter C) PBX system D) Internet modem E) IP-PBX adapter gateway Explanation The company must deploy one or more VoIP-PSTN gateways. These devices establish the routing of calls to the existing PSTN network. Such gateways connect to the PSTN network through T1/E1/J1, ISDN, or FXO interfaces. IP-PBX adapters permit VoIP devices to interact with PBX-based devices for calling. They do not support communications with the existing PSTN network. IP-ISDN adapters permit VoIP devices to interact with ISDN-based PBX systems. Like IP-PBX adapters, IP-ISDN adapters do not support communications with the existing PSTN network. An Internet modem permits local Wi-Fi or Ethernet devices to communicate with devices on other IP networks across a WAN or broadband link. Internet modems do not support communications with the existing PSTN network. A PBX or private branch exchange system provides support for private, in-house telephony. Such systems can (and usually do) connect to the existing PSTN, but they do not in and of themselves support communications with a PSTN. PBX systems are closely linked with the PSDN network, but existing PBX systems can also be migrated to VoIP using suitable adapters. A VoIP adapter used in combination with a PBX system constitutes an IP-PBX adapter that may be used to interface a PBX with an IP network and its VoIP devices. IP-ISDN fills the same role for ISDN-based PBX systems, where and IP-ISDN adapter may be used to interface an ISDN-PBX with an IP network and its VoIP devices. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Typical VoIP Deployment Example http://what-when-how.com/voip/typical-voip-deployment-example/ Question #33 of 200 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 Question ID: 1123615 34/212 4/18/22, 4:08 PM N10-007 Exam Simulation You are the network administrator for a corporate network that includes a DNS server, a DHCP server, a file/print server, and a wireless subnet. Computers on the wireless subnet are having trouble connecting to internal resources and to the Internet. Upon troubleshooting the problem, you discover that some of the wireless computers can only access resources on other wireless computers. However, some of the wireless computers can access internal resources and the Internet. What is causing some of the wireless computers to be able to access other wireless computers only? A) The computers are configured with static IP addresses. B) The computers are configured to operate in infrastructure mode. C) The computers are configured to operate in ad hoc mode. D) The computers are configured with the wrong subnet mask. Explanation Ad hoc mode allows wireless computers to be configured much more quickly than infrastructure mode. Ad hoc mode wireless computers all participate in the same network. This means that the ad hoc wireless computers can access each other, but cannot access network resources on a LAN, WAN, or Internet. Ad hoc mode is cheaper to implement than infrastructure mode. In addition, it is easy to set up and configure and can provide better performance than infrastructure mode. However, it is difficult to manage an ad hoc mode wireless network. Infrastructure mode allows wireless computers to connect to a LAN, WAN, or the Internet. This means that infrastructure mode wireless computers can access all computers on the LAN, WAN, and Internet. Infrastructure mode is much more expensive than ad hoc mode to implement because you must configure wireless access points. While infrastructure mode is harder to set up and configure, management is much easier than with ad hoc mode. The problem is not with static IP addresses or the subnet mask. The ad hoc mode wireless computers are configured with dynamic IP address information, but have not received that information from the corporate DHCP server. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: Understanding Ad Hoc Mode, http://www.wi-fiplanet.com/tutorials/article.php/1451421 Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=4 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Introducing Wireless LANs Question #34 of 200 Question ID: 1123497 Which attack involves impersonating the identity of another host to gain access to privileged resources that are typically restricted? https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 35/212 4/18/22, 4:08 PM N10-007 Exam Simulation A) teardrop B) SYN flood C) spoofing D) spamming Explanation In a spoofing attack, which is also referred to as a masquerading attack, a person or program is able to masquerade successfully as another person or program. Spoofing refers to modifying the source IP address field in an IP datagram to imitate the IP address of a packet originating from an authorized source. This results in the target computer communicating with the attacker's computer and providing access to restricted resources. Basically, the Internet traffic is misdirected because the DNS server is resolving the domain name to an incorrect IP address. A man-in-the-middle attack is an example of a spoofing as well as a session hijacking attack. Other types of spoofing attacks, apart from IP spoofing, are e-mail spoofing and Web spoofing. Spoofing attacks have to do with the misdirection of domain name resolution and Internet traffic. In a teardrop attack, the attacker uses a series of IP fragmented packets, causing the system to either freeze or crash while the packets are being reassembled by the victim host. A teardrop attack is primarily based on the fragmentation implementation of IP. To reassemble the fragments in the original packet at the destination, the host checks the incoming packets to ensure that they belong to the same original packet. The packets are malformed. Therefore, the process of reassembling the packets causes the system to either freeze or crash. In a SYN flood attack, the attacker floods the target with spoofed IP packets and causes it to either freeze or crash. The Transmission Control Protocol (TCP) uses the synchronize (SYN) and acknowledgment (ACK) packets to establish communication between two host computers. The exchange of the SYN, SYN-ACK, and ACK packets between two host computers is referred to as handshaking. The attackers flood the target computers with a series of SYN packets to which the target host computer replies. The target host computer then allocates resources to establish a connection. Because the IP address is spoofed, the target host computer never receives a valid response in the form of ACK packets from the attacking computer. When the target computer receives many such SYN packets, it runs out of resources to establish a connection with the legitimate users and becomes unreachable for processing of valid requests. A spamming attack involves flooding an e-mail server or specific e-mail addresses repeatedly with identical unwanted e-mails. Spamming is the process of using an electronic communications medium, such as e-mail, to send unsolicited messages to users in bulk. Packet filtering routers typically do not prove helpful in such attacks because the packet filtering routers do not examine the data portion of the packet. E-mail filter programs are now being embedded either in the e-mail client or in the server. E-mail filters can be configured to prevent spamming to a great extent. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: IP Spoofing: An Introduction, http://www.symantec.com/connect/articles/ip-spoofing-introduction https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 36/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #35 of 200 Question ID: 1289271 You need to create a cable that will allow you to get a link light on your network interface card (NIC) when the NIC is not plugged into a hub or switch. Which type of cable should you use? A) loopback cable B) straight-through cable C) crossover cable D) rollover cable Explanation You should use a loopback cable. A loopback cable is used to test the network function of the NIC by allowing it to send and receive network communication with itself. A crossover cable connects two legacy or non-MDIX compliant devices, such as two computers, two hubs, or two switches. A patch cable and a straight-through cable are the same thing. This is the standard cable used to connect networking devices. You should not use a rollover cable. A rollover cable connects the console port on any Cisco device. The pin configuration for a rollover cable is easy to remember because of the cable name. The cable pin configuration is "rolled over" so that pin 1 on end 1 is pin 8 on the other, pin 2 on end 1 is pin 7 on the other, and so on until a complete reversal is made. The wires are in reverse order on opposite ends. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Loopback cable, http://www.ortizonline.com/publications/april2004/loopback.htm CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #36 of 200 Question ID: 1289171 You administer a LAN. You want to encrypt TCP/IP communications on the LAN. The protocol that you use for encryption should be able to encrypt entire data packets, and the protocol should be able to operate in both tunnel mode and transport mode. Which protocol should you use to encrypt data on the network? A) L2TP B) IPX C) Kerberos https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 37/212 4/18/22, 4:08 PM N10-007 Exam Simulation D) IPSec Explanation You should use Internet Protocol Security (IPSec) to encrypt the data packets on the network that you administer. IPSec can encrypt data packets transported on a TCP/IP network by using either tunnel mode or transport mode. In transport mode, IPSec encrypts only the part of an IP data packet used by the Transport layer. In tunnel mode, IPSec encrypts entire IP packets. IPSec uses several technologies to encrypt data, including the following: Diffie-Hellman key exchange, Data Encryption Standard (DES), bulk encryption, and digital certificates. Internetwork Packet Exchange (IPX) is a routing and addressing protocol that is native to Novell NetWare operating systems before NetWare 5. Layer 2 Tunneling Protocol (L2TP) is a virtual private network (VPN) protocol that is used to establish a secure tunnel between two LANs through a published network such as the Internet. The L2TP VPN protocol can carry several network communications protocols on a tunnel, including TCP/IP and IPX/SPX. The L2TP protocol can create a tunnel through several different kinds of networks, including TCP/IP, Frame Relay, and X.25.Kerberos is an authentication protocol that is used to determine whether users should be allowed to gain access to a network or network resources. Windows 2000 operating systems and above support Kerberos and the NT LAN Manager (NTLM) authentication protocols; NTLM is also known as Windows NT Challenge/Response. On a Windows 2000 or above network, Kerberos is used for authentication between Windows computers. The NTLM authentication protocol is used for authentication between a down-level computer, such as a Windows 9x or Windows NT computer, and more current versions of the Windows operating system. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks Question #37 of 200 Question ID: 1123273 Management has asked you to investigate upgrading your company's network from IPv4 to IPv6. What are valid reasons you should give for performing this upgrade? (Choose two.) A) IPv4 is too slow for Internet traffic. B) IPv4 addresses are being depleted at an increasing rate. C) Routing traffic is increasingly difficult due to the rapid growth of the Internet. D) IPv6 provides approximately 10 times more host addresses than IPv4. Explanation The IPv4 addressing system is running out of IP addresses. The current system uses a 32-bit address and, therefore, provides for 4,294,967,296 addresses. However, these addresses are being depleted at a rapid rate. Many methods, such as proxies and https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 38/212 4/18/22, 4:08 PM N10-007 Exam Simulation Network Address Translation (NAT), reduce the rate of depletion, but a new system must be put into place. Routing tables are also increasingly hard to maintain because they must contain an ever-increasing amount of information. IPv6 uses a 128-bit hexadecimal system and will provide for 3,400,000,000,000,000,000,000,000,000,000,000,000,000 addresses. Speed is not a factor in this decision. If you are designing a network based on IPv4 addressing, a good practice is to consider how readily an IPv6 addressing scheme could be overlaid on that network in the future. Using Teredo tunneling, an IPv6 host could provide IPv6 connectivity even when the host is directly connected to an IPv4-only network. Miredo is a client that can implement the Teredo protocol and is included in many versions of Linux. IPv6/IPv4 tunneling is often referred to as 6to4 or 4to6 tunneling, depending on which protocol is being tunneled (IPv4 or IPv6). Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: IPv4 or IPv6 - Myths and Realities, http://www.ciscopress.com/articles/article.asp?p=1215643 Cisco Press article: Internet Addressing and Routing First Step, http://www.ciscopress.com/articles/article.asp? p=348253&seqNum=7 CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IP Version 6 Question #38 of 200 Question ID: 1123240 Which of the following indicates the largest number of bytes allowed in a frame? A) PDU B) CSMA/CA C) CSMA/CD D) MTU Explanation Maximum transmission units (MTUs) indicate the largest number of bytes allowed in a frame. If the MTU size is reduced, network performance is affected. Also, if the MTU is too large, a packet may be rejected by the device receiving the packet. Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is a feature of Ethernet switches that slows down the traffic on wired networks when bottlenecks occur. It uses rules to determine how network devices should respond when two devices attempt to use a data channel simultaneously and a collision occurs. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 39/212 4/18/22, 4:08 PM N10-007 Exam Simulation Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) is a feature that creates a collision-free communication channel between the transmitting device and the receiver. A protocol data unit (PDU) is the term for a package of data (encapsulated data) as it travels through the OSI layers. Depending on the layer, the PDU will have a different name, such as "frame" and "packet." The name of the PDU indicates the layer and the type of information in the encapsulation. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: MTU Size Issues, https://www.networkworld.com/article/2224654/cisco-subnet/mtu-size-issues.html Question #39 of 200 Question ID: 1289133 You are designing a SOHO network for your company. You want to use the Ethernet standard that supports a data transmission rate of 1 Gbps over copper cable. Which Ethernet standard should you use on the network? A) 1000BaseSX B) 1000BaseCX C) 10BaseT D) 100BaseFX Explanation The 1000BaseCX Ethernet standard supports a data transmission rate of 1 gigabit per second (Gbps) over 150-ohm balanced copper cable. The 1000BaseCX Ethernet standard supports a maximum cable segment length of only 25 meters (m). The 1000BaseCX Ethernet standard was designed to support connections between network nodes that are in close proximity, such as nodes in a network's wiring closet. The 1000BaseCX standard specifies 8-pin High Speed Serial Data Connectors (HSSDCs) or 9pin D-subminiature connectors. HSSDC connectors are preferred over the 9-pin D-subminiature connectors because they provide a better electrical connection than the D connectors. Note that 1000BaseCX Ethernet equipment may be difficult to obtain, because it never became popular. The 10BaseT Ethernet standard supports a data transmission rate of 10 megabits per second (Mbps) over unshielded twisted-pair (UTP) copper cable that meets or exceeds Category 3 (CAT3) standards. The 100BaseFX Fast Ethernet standard supports a data transmission rate of 100 Mbps over fiber-optic cable, and the 1000BaseSX Gigabit Ethernet standard supports a data transmission rate of 1 Gbps over fiber-optic cable. The 1000BaseLX Ethernet standard supports a data transmission rate of 1Gbps over fiberoptic cable. SX uses single-mode fiber cabling, while LX uses multi-mode fiber cabling. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 40/212 4/18/22, 4:08 PM N10-007 Exam Simulation Some newer equipment will only work on specific types of networks. Ensure that any new equipment that you purchase is compatible with the network that you have implemented, particularly if you are implementing an older standard such as 10BaseT. Another Ethernet standard that you need to understand for the Network+ exam is IEEE 1905.1-2013, the IEEE standard for a convergent digital home network. For testing purposes, you need to understand the following portions covered by this standard: Ethernet over HDMI - This standard allows you to use a High Definition Multimedia Interface (HDMI) connection for Ethernet communication. It supports 4.92Gbps or higher transmission depending on which HDMI version you use. Most implementations have a maximum cable length of 15 feet. Ethernet over power line - Power-line networking uses the electrical wiring in your house to create a network. The speeds of this connection are rather slow at 50 Kbps to 14 Mbps, depending on which specification you implement. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: 1000Base-X, https://www.techopedia.com/definition/26890/1000base-x Question #40 of 200 Question ID: 1123229 You are responsible for ensuring that unnecessary protocols are not running on your network. You need to determine which protocols operate at the Transport layer of the OSI model. Which of the following protocols should you list? (Choose two.) A) HTTP B) IP C) IPX D) TCP E) UDP Explanation Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) both operate at the Transport layer of the Open Systems Interconnection (OSI) model. Because the Transport layer is the fourth layer in the OSI model, it is sometimes referred to as Layer 4. Protocols that operate at the Transport layer provide transport services to higher-layer protocols, such as Hypertext Transfer Protocol (HTTP) and Trivial File Transfer Protocol (TFTP). TCP reliably delivers a stream of bytes in order from a program on one computer to another program on another computer. TCP is the protocol that major Internet applications rely on, such as the World Wide Web, email, remote administration and file transfer. TCP is a connection-oriented protocol. UDP, on the other hand, is a connectionless protocol. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 41/212 4/18/22, 4:08 PM N10-007 Exam Simulation HTTP is an Application layer (Layer 7) protocol that uses the connection-oriented services of TCP, and TFTP is an Application layer protocol that uses the connectionless services of UDP. HTTP is the primary service used on the World Wide Web. HTTPS is a secure version of the HTTP protocol. Internet Protocol (IP) is a connectionless protocol in the TCP/IP protocol suite. Internetwork Packet Exchange (IPX) is a connectionless protocol in the IPX/SPX protocol suite. IP and IPX operate at the Network layer of the OSI model (Layer 3) and provide routing and addressing services for nodes on a network. Internet Control Message Protocol (ICMP) is an error-reporting protocol that also operates at the Network layer. Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models, Layer 1: The Physical Layer TCP/IP and OSI Network Models, http://www.speedguide.net/read_articles.php?id=120 Question #41 of 200 Question ID: 1289058 Which TCP port is the well-known port assigned to SSL? A) 119 B) 443 C) 20 D) 80 Explanation Transmission Control Protocol (TCP) port 443 is the well-known port assigned to Secure Sockets Layer (SSL). SSL uses public key cryptography at the Session layer of the Open Systems Interconnection (OSI) model to secure transactions, such as financial transactions, on the Internet. The Session layer is responsible for establishing and maintaining a connection between two computers on a network, which is referred to as a session. SSL can select from several public key cryptography technologies, including Digital Encryption Standard (DES), triple-DES, and Rivest-Shamir-Adelman (RSA). Port 443 sessions often use transport-layer encryption. In public key cryptography, a computer such as a server has a private key that is kept secret and a public key that is shared with the public. When a Web client contacts a Web server for an SSL session, the Web server sends the Web client its certificate, which contains the server's public key. The Web browser can contact a certificate authority to determine whether the certificate and the public key are authentic. After the Web client authenticates the server's certificate, the client encrypts a message and sends it back to the server. The server then authenticates the client by decrypting the message. After the authentication process is complete, the client and the server https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 42/212 4/18/22, 4:08 PM N10-007 Exam Simulation negotiate an encryption algorithm, such as RSA or DES, to be used during the session. After the encryption algorithm is negotiated, messages on the session can be encrypted. TCP port 20 is assigned to File Transfer Protocol (FTP). FTP can be used to transfer files between FTP clients and FTP servers on a TCP/IP network such as the Internet. TCP port 80 is assigned to Hypertext Transfer Protocol (HTTP). HTTP is used to transfer Web pages from Web servers to Web browsers on a TCP/IP network. Port 80 Web sessions often use application-level encryption. TCP port 119 is assigned to the Network News Transfer Protocol (NNTP). NNTP is used to transfer network news messages on TCP/IP networks. Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 43/212 4/18/22, 4:08 PM N10-007 Exam Simulation Port 443, http://www.grc.com/port_443.htm Question #42 of 200 Question ID: 1289257 A user reports that she cannot print from her computer. You also notice that they are unable to reach a supplier's web site. The operating system is Windows 8.1. Which command should you start with to help with your diagnosis? A) route B) ping C) dig D) nmap Explanation The ping command allows you to test the connection between a local computer and a node on the network. If you are trying to determine why a user cannot print, you can issue the ping command with either the printer’s network name (ping colorprinter) or the IP address of the printer (ping 192.168.1.38). If you could ping by IP address, but not by network name, that would indicate a problem with DNS translation. The nmap Linux command is used to explore the network. It also acts as a security scanner. As an example, you can use nmap 192.168.1.0/24 to scan a subnet. The route command can be used to add additional routes (path) in your network. As an example, if you decided that traffic from some computers needed to go to another node in the network, you would use a route add command. The dig command is used in Linux to find DNS information. It is primarily used in troubleshooting DNS problems. Entering dig and a domain name would return the A record for that domain. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Ping command, https://www.lifewire.com/ping-command-2618099 CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #43 of 200 Question ID: 1289161 You have recently discovered that your company is not maintaining system logs as per the adopted company procedures. You need to decide if the company procedures should be modified, or if the system logs should be maintained as per the procedures. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 44/212 4/18/22, 4:08 PM N10-007 Exam Simulation Which statement is an accurate reason for following the company procedures? A) Logging provides audit trails, but increases the risk for security violations. B) Logging provides access control by authenticating user credentials. C) Logging helps an administrator to detect security breaches and vulnerable points in a network. D) Logging prevents security violations, but only deals with passive monitoring. Explanation Logging helps the administrator to detect vulnerable points in a network, specify changes that can enhance the system's security, log suspicious activity from a specific user or a system, and identify a security breach. Logging does NOT increase the risk for security violations. Logging is not only a passive monitoring system, but also an active process of assimilating information about various aspects of the network, such as infrastructure performance and security. Logging as a part of the access control system provides accountability services, but does not provide authentication and authorization services to legitimate users. Logging is the process of collecting information that is used for monitoring and auditing purposes. Logging establishes user accountability by providing audit trails and system logs related to system resource usage and activities. In the event of an intrusion, logging proves helpful in detecting the potential source of an attack. Therefore, logs must be secured properly. Logs should be periodically archived and reviewed for any suspicious activity. The period of log retention depends on the security requirements of the organization. Logs can also be used for security evaluation of a company during the course of information security audits. An infrastructure can be monitored by performing activities, such as log analysis and intrusion detection by using the IDS. An organization can also periodically deploy countermeasure testing to ensure that the infrastructure devices comply with the security policy and meet the security needs of the organization. Countermeasure testing is not a monitoring technique, but it ensures that an organization meets its security objectives. Objective: Network Operations Sub-Objective: Explain common scanning, monitoring and patching processes and summarize their expected outputs. References: Guide to Computer Security Log Management, http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf Question #44 of 200 Question ID: 1289165 You are a network administrator for a Windows Server 2012 domain. Recently, you have noticed network performance issues when Microsoft operating systems and applications release new service packs or updates. All server and client computers are https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 45/212 4/18/22, 4:08 PM N10-007 Exam Simulation configured to automatically download and install any updates. You need to deploy a solution that will reduce the network performance issues when these updates are released. What should you do? A) Change the configuration of all computers to check for updates but wait for the user to download and install them. B) Change the configuration of all computers to never check for updates. C) Change the configuration of all computers to download updates but wait for the user to install. D) Deploy a centralized Windows Software Update Services server that will download and deploy the updates, and deploy a group policy that ensures that all servers and clients obtain their updates from the centralized server. Explanation You should deploy a centralized Windows Software Update Services (WSUS) server that will download and deploy the updates and deploy a group policy that ensures that all servers and clients obtain their updates from the centralized server. The WSUS server will download all the updates needed for clients and servers. This means that an update will only need to be downloaded once from the Internet. By using a group policy, you can configure the server and client computers to obtain the updates from the centralized server. This will allow you to configure the day and time that servers and clients will check for updates. Therefore, you can deploy the updates during off-peak times and minimize network performance issues due to updates. Changing the configuration of the computers to never check for updates will cause security and performance issues for your computers. You need to deploy any updates from operating system and application vendors. Changing the configuration of all computers to download updates but wait for the user to install will not reduce network performance issues because all the computers will still be downloading the updates from the Internet. All of the clients and servers downloading their updates separately is probably what is causing the network performance issues. In addition, it is never good to leave update installation in the hands of users. Changing the configuration of all computers to check for updates but wait for the user to download and install them will not reduce network performance issues when released. In this solution, all the computers would still be separately downloading the updates. Also, this solution relies on the users to approve the download and installation of the updates. For the Network+ exam, you need to understand the following issues as they relate to applying patches and updates: OS updates - Operating system (OS) updates come in many forms. Service packs are usually fully tested by the vendor and contain all updates and hotfixes since the last service pack. Hotfixes are released to fix an urgent issue and are not tested as stringently as service packs. Other updates can be released periodically to fix minor issues and are usually tested a bit more than hotfixes, but not as much as service packs. However, you should still test any OS updates in a lab environment BEFORE you deploy them in the live server and client computers. Firmware updates - Firmware updates involve updates to the firmware running on ROM chips in devices, including routers, switches, mobile phones, and computers. Driver updates - Driver updates are released by device or component vendors, including video cards and network cards. Make sure to install the driver that is appropriate for your OS version. Feature changes/updates - Feature changes or updates are released by OS and application vendors to provide users with additional functionality. Only deploy those features that your users need, because the features will require storage space. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 46/212 4/18/22, 4:08 PM N10-007 Exam Simulation Major vs minor updates - While both major and minor updates should be deployed, you should read the documentation that comes with the update to see if your organization considers it to be major or minor. What the vendor may consider major, the vendor may only consider minor. Deploy any major updates as quickly as possible. Vulnerability patches - A vulnerability patch is usually a security patch. These patches are usually very important to prevent security breaches or exploitation of the vulnerability. Upgrading vs downgrading - Upgrading is the process is installing the next version of an OS or application. Downgrading is the process of reverting to a previous version of an OS or application. If available with your operating system, you should implement some sort of system restore program to create a savepoint before you install a new OS or application version. This will allow you to easily revert back to the previous version using the savepoint you created. Configuration backup - A full backup is suggested before you install any patches, hotfixes, service packs, new OS versions, or any other update. However, many OSs now offer a system restore program that will create savepoints. This process is usually much faster than a full backup. Also, restoring a savepoint is much quicker when compared to the restore time of a backup. Objective: Network Operations Sub-Objective: Explain common scanning, monitoring and patching processes and summarize their expected outputs. References: Windows Server Update Services, https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx Question #45 of 200 Question ID: 1289305 Users are unable to log in to the network. When you examine the authentication server, you see that CPU usage is almost 100%. What is most likely the issue? A) Unresponsive service B) Expired IP addresses C) Names not resolving D) Incorrect gateway Explanation Most likely, you have an unresponsive service that is tying up resources. In Services on a Windows computer, find the unresponsive service and note the name of the service. In an elevated command prompt, enter "sc queryex servicename" and get the process ID (PID). Then, kill the process using "taskkill /f /pid" followed by the PID in question. If the PID were 1687, for example, the command would be taskkill /f /pid 1687. Expired IP addresses occur when a client computer has been offline for a period of time, is brought back on line, and uses an IP address whose lease has expired. To resolve the problem on a Windows computer, issue an “ipconfig /release” command, followed by “ipconfig /renew”. This will unbind the IP address from the client machine, and the DHCP server will issue a new IP address. Expired IP addresses would cause connectivity issues but not resource usage issues. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 47/212 4/18/22, 4:08 PM N10-007 Exam Simulation Names not resolving occurs when you enter a URL that you know to be valid, and the Domain Name System (DNS) server is not providing the corresponding IP address for that server. IP addresses, not the URLs we enter into the browser, are used to locate machines throughout a LAN or over the Internet. DNS provides the translation from URL to IP address, known as name resolution. Names not resolving would cause connectivity issues but not resource usage issues. If you get a “Destination Host Unreachable” message, the most likely culprit is an incorrect gateway. Make sure the local machine and the default gateway are on the same subnet. If the gateway IP address is actually the IP address of the LAN side of the router, you will see a “Request timed out” message. This would result in connectivity issues but not resource usage issues. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: How To Kill A Windows Service Which Is Stuck At Stopping, https://support.4it.com.au/article/how-to-kill-a-windows-service-whichis-stuck-at-stopping/ Question #46 of 200 Question ID: 1289105 You need to implement a wireless network for a client. You have two 802.11a, two 802.11b, and two 802.11g wireless access points. You need to implement three wireless networks that can communicate with each other. Which wireless access points should you use? A) the 802.11a and 802.11g wireless access points B) You can use all of them together. C) the 802.11a and 802.11b wireless access points D) the 802.11b and 802.11g wireless access points Explanation You should use the 802.11b and 802.11g wireless access points. These two standards operate at the 2.4 GHz frequency and can be used interchangeably. If you deploy all of these access points, you will need to ensure that each of them uses a different channel to prevent interference between them. You cannot use 802.11a wireless access points with 802.11b or 802.11g wireless access points. 802.11a wireless access points operate at the 5 GHz frequency. Therefore, a solution that includes 802.11a will only provide two wireless access points. The maximum data rate is often referred to as maximum bandwidth. Channel bandwidth is the amount of bandwidth within a single channel used by the frequency. 802.11a has a maximum bandwidth of 54 Mbps, with each channel being between 20-80 MHz. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 48/212 4/18/22, 4:08 PM N10-007 Exam Simulation 802.11b has a maximum bandwidth of 11 Mbps, with each channel being 22 MHz. 802.11g has a maximum bandwidth of 54 Mbps, with each channel being 20 MHz. 802.11n has a maximum bandwidth of 600 Mbps, with each channel being 20-40 MHz. 802.11ac has a maximum bandwidth of 900 Mbps, with each channel being between 20-80 MHz. 802.11a has a maximum bandwidth of 54 Mbps, with each channel being between 20-80 MHz. 802.11b has a maximum bandwidth of 11 Mbps, with each channel being 22 MHz. 802.11g has a maximum bandwidth of 54 Mbps, with each channel being 20 MHz. 802.11n has a maximum bandwidth of 600 Mbps, with each channel being 20-40 MHz. 802.11ac has a maximum bandwidth of 900 Mbps, with each channel being between 20-80 MHz. Objective: Networking Concepts Sub-Objective: Given a scenario, implement the appropriate wireless technologies and configurations. References: Comparison of IEEE 802.11a, IEEE 802.11b and IEEE 802.11g, http://www.codeproject.com/Articles/13253/Comparison-of-IEEEa-IEEE-b-and-IEEE CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #47 of 200 Question ID: 1123491 You have a strong wireless password policy, but users (including management) are complaining about it. Consequently, enforcement is difficult. You need a protocol solution that does not require digital certificates. Which of these choices would help you secure your network? A) Geofencing B) EAP-TLS C) EAP-FAST D) PEAP Explanation Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) was developed by Cisco to assist with enforcing strong password policies, and it does not require digital certificates. EAP-FAST is a faster version of Protected EAP (PEAP). EAP-FAST uses protected access credentials (PACs) stored on the supplicant device, somewhat like cookies. With the credentials already stored on the supplicant, authentication can occur more rapidly. Extensible Authentication Protocol (EAP) made the use of certificates, biometrics, and smart cards possible. PEAP first creates a tunnel between the supplicant (client) and the server, and then proceeds with the rest of the steps in the EAP process. PEAP requires certificates. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 49/212 4/18/22, 4:08 PM N10-007 Exam Simulation Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) uses public key infrastructure (PKI) certificates to authenticate the supplicant (client) and the server. Geofencing allows an administrator to geographically define the boundaries of wireless access. It is particularly useful if the organization does not want individuals outside the building to have wireless access. Global Positioning System (GPS) or Radio Frequency Identification (RFID) data from the client device is used to request access to the authentication server. If the client device is within the defined boundaries, it will be granted access. Geofencing does not really provide a way to secure your network; it just limits the network's boundaries. Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: EAP-FAST Authentication with Wireless LAN Controllers and External RADIUS Server Configuration Example, https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99791-eapfast-wlc-rad-config.html Question #48 of 200 Question ID: 1123270 Management has decided to implement a small private network for guests. The network will consist of Windows 7 computers that will only be able to access the other computers on the private network. You recommend that the small private network use APIPA addresses. Which is the following is a valid APIPA address? A) 169.254.2.120 B) 192.168.16.45 C) 10.1.1.131 D) 172.16.4.36 Explanation The 169.254.2.120 address is a valid Automatic Private IP Addressing (APIPA) address. By default, Windows XP and Windows 7 client computers are configured to use an APIPA address if the DHCP server does down. The addresses in the APIPA range are 169.254.0.0 through 169.254.255.255. These addresses are not routable and are therefore only usable on the local subnet. The other addresses are all part of the three private IP address ranges, as shown below: 10.0.0.0 through 10.255.255.255 172.16.0.0 through 172.31.255.255 192.168.0.0 through 192.168.255.255 To prevent the use of APIPA addresses, you should change the default settings on the Alternate Configuration tab of the Internet Protocol Version 4 Properties dialog box. On this tab, you can specifically configure a static IP address that the computer can use. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 50/212 4/18/22, 4:08 PM N10-007 Exam Simulation Private IP addresses can only be used on the private network. To connect to the Internet, computers that use private IP addresses with need some sort of Network Address Translation (NAT) service. Public IP addresses allow computers to communicate on the Internet without t using the single public address of the NAT server. A challenge with basic NAT, however, is that it provides a one-to-one mapping of inside local addresses to inside global addresses, meaning that a company would need as many publicly routable IP addresses as it had internal devices needing IP addresses. Many routers support Port Address Translation (PAT), which allows multiple inside local addresses to share a single inside global address (a single publicly routable IP address). Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, Assigning IPv4 Addresses Advanced IP Addressing, http://www.ciscopress.com/articles/article.asp?p=174107&seqNum=5 Question #49 of 200 Question ID: 1131304 Which one of these requires a user complete an action, such as digitally signing an AUP, prior to accessing the network? A) Port security B) MAC filter C) Captive portal D) Access control list Explanation Captive portals are web pages, typically used in public networks, where users must complete some action before they are granted access to the network. Captive portals are commonly seen in coffee shops, hotels, and airports, and the user often has to accept an acceptable use policy (AUP) before they can connect to the internet. None of the other options requires a user to take action before accessing the network. Port security allows a network administrator to only allow a specific MAC address (or group of MAC addresses) on a switch port. MAC filtering theoretically does the same thing as port filtering, but port filtering works on switches, whereas MAC filtering works on routers. MAC filtering is accomplished by granting (or denying) network access to a list of MAC addresses. The list of MAC addresses for which you are either granting or denying access to is stored in an access control list (ACL). ACLs compare the entity that is requesting access to a network resource against a list of valid entities. Access is granted or denied based on the access configured for that entity. Simply put, ACLs identify which users have access to a given object, such as a https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 51/212 4/18/22, 4:08 PM N10-007 Exam Simulation drive, a file, or a directory. Objective: Network Security Sub-Objective: Explain authentication and access controls. References: Captive portal, http://searchmobilecomputing.techtarget.com/definition/captive-portal CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Remote-Access Security Question #50 of 200 Question ID: 1289217 Your organization has several VLANs implemented on its network. The VLANs operate across several switches. What do all users on a VLAN have in common? A) TCP/IP subnet B) Broadcast domain C) Collision domain D) Cable segment Explanation VLANs place users from many locations into the same broadcast domain. A single VLAN can span multiple physical LAN segments, collision domains, and TCP/IP segments. VLANs can be based on work function, common applications or protocols, department, or other logical groupings. VLAN assignment is configured at the switch for each device that is connected to the switch. VLANs enable many users at many locations to be in the same broadcast domain. Remember, routers define broadcast domains, and because switches are Layer 2 devices, they do not segment broadcast domains; instead, they segment collision domains. VLANs span multiple collision domains, subnets, and cable segments, so users would not have these aspects of the network in common. IEEE 802.1Q is the networking standard that supports VLANs on an Ethernet network. Broadcast domains can be created using switches or routers. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: VLANs Defined, http://docwiki.cisco.com/wiki/LAN_Switching_and_VLANs#VLANs_Defined https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 52/212 4/18/22, 4:08 PM N10-007 Exam Simulation CompTIA Network+ N10-007 Cert Guide, Chapter 4 Ethernet Technology, Ethernet Switch Features Question #51 of 200 Question ID: 1123384 Which would be the best device to provide multiple security functions in a central location? A) Layer 7 firewall B) UTM appliance C) Multi-layer switch D) Load balancer Explanation A Unified Threat Management (UTM) appliance would be the best device to provide multiple security functions in a central location. UTM appliances incorporate multiple security and performance functions in one device. Some of those services can include load balancing, email security, URL filtration, and wireless security. A multi-layer switch, in addition to working at the Data Link layer (Layer 2), also performs many Layer 3 router functions. When ports on a multi-layer switch are configured as Layer 2 ports, traffic is routed based on the MAC address. When ports are configured as Layer 3 ports, traffic is routed based on IP addresses. Multi-layer switches have the ability to route packets between VLANs. A load balancer can be used to divert incoming web traffic to specific servers based on its content, reducing the workload on the primary server. The destination server is determined by data in Transport layer or Application layer protocols. Traffic distribution can be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest response time. A Layer 7 firewall or Next Generation Firewall (NGFW) combines traditional firewall functionality with an Application layer firewall. A traditional firewall that allows HTTP traffic on port 80 may also permit an SQL injection attack embedded in a properly formed HTTP request. An Application layer firewall would perform a more intensive examination of the traffic instead of just allowing the traffic on a given port. In this example, even though HTTP traffic on port 80 is allowed on a traditional firewall, the Application layer firewall would look for an SQL injection attack, and block the data. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: The Difference Between a Next Generation Firewall and a UTM Appliance, https://www.volico.com/the-difference-between-a-nextgeneration-firewall-and-a-utm-appliance https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 53/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #52 of 200 Question ID: 1289281 Your organization has several wireless access points located in the building. Access point usage is based on department membership. Many users report that they are able to see multiple access points. You research this issue and discover that their computers are not connecting to the appropriate access point due to an SSID mismatch. You must ensure that the computers connect to the correct access point if that access point is available. Computers should be able to connect to other access points only if their main access point is down. What should you do? A) Configure MAC filtering on the wireless access points. B) Configure the preferred wireless network on the user's computer. C) Reduce the signal strength on the wireless access points. D) Ensure that the wireless access points in close proximity use different channels. Explanation You should configure the preferred wireless network on the user's computer. After this is completed, the user's computer will automatically connect to the preferred wireless network if it is available. If a computer is connected to the wrong SSID, you need to change to the correct access point and then set that access point as the preferred network. You should not reduce the signal strength on the wireless access points. This could possible cause some users to be unable to connect to their access point. You should not configure MAC filtering on the wireless access points. Because the scenario specifically states that computers should be able to connect to other access points, you would have to ensure that the MAC address of all possible computers are configured on every access point. MAC filtering is a security mechanism that only allows connections that match the ACL. You should not ensure that the wireless access points in close proximity use different channels. This would have no effect on which access point the computers use. Each frequency has different channels that can be used. If the client attempts to connect to an access point using an incorrect channel, the connection will be unsuccessful. The channel used by the clients and the access point must be the same. Keep in mind that you should not user overlapping channels when implementing access points that use the same frequency. For each frequency, there is a certain number of non-overlapping channels that you should use. If you implement wireless networks, you may want to include a wireless analyzer as part of your toolkit. A wireless analyzer can identify problems such as signal loss, overlapping or mismatched channels, unacceptable signal to noise ratios, rogue APs, and power levels. For the Network+ exam, you also need to understand the following wireless issues: Untested updates - Any updates to wireless network devices should be thoroughly tested before deployment on the network. This includes any firmware updates. Open networks - Open networks are commonly deployed in public areas, such as libraries, coffee shops, and retail establishments, to provide a service to customers. However, you should use extreme caution when using open, unsecured networks as any communication can be intercepted and read. Companies should adopt a policy that clearly states whether personnel can connect to open networks using company-issued devices, including laptops, cell phones, and other mobile devices. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 54/212 4/18/22, 4:08 PM N10-007 Exam Simulation Wrong antenna type - Antenna types can affect the area that a wireless signal will cover. Unidirectional antennas only transmit in a single direction, while omnidirectional antennas transmit in a defined radius from the antenna placement. In both cases, you should ensure that the wireless access point is placed in an area where the antenna type will be most effective. Incompatibilities - Incompatibilities usually occur when you deploy a device, update, or application that is incompatible with the clients on your wireless network. It may be necessary to roll back the update, remove the application, or reconfigure the device. If you deploy devices, updates, or applications in a testing environment first, you should be able to discover these issues before live deployment. Multiple in, multiple out (MIMO) - MIMO is deployed in 802.11n wireless networks. It uses separate antennas for outgoing and incoming transmissions. MIMO increases reliability and throughput. Access point (AP) configurations Lightweight Access Point Protocol (LWAPP) - LWAPP is a protocol that allows a wireless LAN controller (WAC) to manage and control multiple wireless access points. Control And Provisioning of Wireless Access Points (CAPWAP) is a newer alternative to LWAPP. Thin vs thick - Thick access points handle a wide array of tasks in software, each a separate IP address wired directly into Ethernet switches, If WLAN controller is deployed, the access points no longer have to handle as many tasks because they can be handed off to the WLAN controller. When a WLAN controller is used, the APs are referred to as thin APs. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: Unified Wireless Network: Troubleshoot Client Issues, http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809d45a2.shtml#c1 Question #53 of 200 Question ID: 1123366 Management has asked you to ensure that any traffic through the external firewall is allowed as long as it is the result of a previous connection. Which type of firewall performs this assessment when it first encounters traffic? A) packet-filtering firewall B) circuit-level proxy firewall C) application-level proxy firewall D) stateful firewall Explanation When traffic is encountered, a stateful firewall first examines a packet to see if it is the result of a previous connection. Information about previous connections is maintained in the state table. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 55/212 4/18/22, 4:08 PM N10-007 Exam Simulation You can configure the IDS to perform stateful packet matching and monitor for suspicious network activity. This is referred to as stateful inspection. An IDS cannot perform authentication and encryption for a VPN and cannot block traffic based on the application or port used. None of the other firewalls first examines a packet to see if it is the result of a previous connection. With a stateful firewall, a packet is allowed if it is a response to a previous connection. If the state table holds no information about the packet, the packet is compared to the access control list (ACL). Depending on the ACL, the packet will be forwarded to the appropriate host or dropped completely. Stateful firewalls can be used to track connectionless protocols, such as the User Datagram Protocol (UDP), because they examine more than the packet header. Packet-filtering firewalls function at the Network layer of the OSI model. This type of firewall filters traffic based on rules defined by the administrator. Circuit-level firewalls function at the Session layer of the OSI model. Stateless firewalls watch network traffic and control packets based on source and destination addresses or other static values. They are not aware of traffic patterns. A stateless firewall uses simple rules that either allow or deny the traffic. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Stateful Inspection Firewall, http://www.unifiedthreatmanagement.com/stateful-inspection-firewall.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #54 of 200 Question ID: 1123319 You decide to implement a DHCP server on your network. What is the purpose of a DHCP scope? A) It is the range of IP addresses that a DHCP server can temporarily assign. B) It is an IP address that cannot be assigned. C) It is an IP address that is set aside for a certain device. D) It is the temporary assignment of an IP address. Explanation The DHCP scope is the range of IP addresses that a DHCP server can temporarily assign to its clients. DHCP scopes are also referred to as pools. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 56/212 4/18/22, 4:08 PM N10-007 Exam Simulation A DHCP lease is a temporary assignment of an IP address. A DHCP client's lease has an expiration date. Prior to the expiration date, the lease can be renewed. If the lease expires, the client will have to request another lease from the server. The amount of time that a lease can be used is set at the DHCP server. This time can be adjusted to suit your organization's needs. However, you should keep in mind that if you set this time too low, DHCP traffic will increase because the leases will expire more often. A DHCP reservation is an IP address that is set aside for a certain device. The lease is granted to the device's MAC address. If the device's MAC address changes, the DHCP reservation will no longer work. A DHCP exclusion is an IP address or group of addresses from within a scope that CANNOT be assigned. This is often used for addresses within the scope that must be statically assigned to devices, such as routers and servers, that need a static address to ensure that they can always be accessed using the same host name and IP address. A DHCP server dynamically assigns the IP address, subnet mask, and default gateway to client computers. IP addresses may be assigned statically rather than dynamically; however, assigning static IP addresses requires greater administrative effort. When IP addresses are statically assigned, it is crucial to maintain a manual record of which client was assigned which IP address. If the addressing scheme were to change, it might necessitate the manual reconfiguration of each computer. HOSTS files map host names to IP addresses. HOSTS files contain IP addresses and their associated domain names. These files are used when static IP addresses are used and when DHCP is NOT deployed. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices Question #55 of 200 Question ID: 1123557 You are the network administrator for your company's network. All servers run Windows Server 2008. All workstations run Windows 7. The network diagram is shown in the following exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 57/212 4/18/22, 4:08 PM N10-007 Exam Simulation Workstation A2 cannot connect to Server B. Workstation B2 can connect to Server B. Workstation A2 can connect to Server A. Which command should you run from Workstation A2 to test the connection from Workstation A2 to Server B? A) ping 137.17.0.1 B) tracert 137.17.0.2 C) ping 137.17.0.2 D) ipconfig 137.17.0.1 Explanation The IP address for Server B is 137.17.0.1; therefore, the ping 137.17.0.1 command will test the communication between Workstation A2 and Server B. The ping 137.17.0.2 command will not test the communication between Workstation A2 and Server B because 137.17.0.2 is Workstation B1's IP address. The tracert 137.17.0.2 command will trace the number of router hops between Workstation A2 and Workstation B1. Using the tracert command is more resource-intensive than using the ping command. The ipconfig 137.17.0.1 command has an invalid command-line argument. The ipconfig command cannot be used to test communications between computers. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 58/212 4/18/22, 4:08 PM N10-007 Exam Simulation References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #56 of 200 Question ID: 1123439 As part of monitoring network traffic, you need to determine the payload that is produced by using IPSec in tunnel mode with the AH protocol. Which of the following best describes this payload? A) an encapsulated packet that is digitally signed B) an unencapsulated packet that is encrypted C) an encapsulated packet that is encrypted D) an unencapsulated packet that is digitally signed Explanation Internet Protocol Security (IPSec) in tunnel mode with the Authentication Header (AH) protocol produces an encapsulated packet that is digitally signed. AH digitally signs a packet for authentication purposes. Tunnel mode encapsulates a packet within another packet. Encapsulating Security Protocol (ESP) encrypts IPSec packets. Transport mode sends IPSec packets between two computers without encapsulating packets. AH and ESP work in transport mode and tunnel mode. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks Question #57 of 200 Question ID: 1289268 While troubleshooting a network outage on a 10GBaseSW network, a technician finds a 500-meter fiber cable with a small service loop and suspects it might be the cause of the outage. Which of the following is MOST likely the issue? A) maximum cable length exceeded B) RF interference caused by impedance mismatch C) dirty connectors D) bend radius exceeded Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 59/212 4/18/22, 4:08 PM N10-007 Exam Simulation The most likely cause of the issues is the maximum cable length has been exceeded. On a 10GBaseSW network, the maximum cable length is 300 meters. A 10GBaseSW network uses multi-mode fiber cable. It is unlikely that the problem is a dirty connector. Because most connectors spend the majority of the time plugged in, they don't tend to get dirty. It is unlikely that RF interference caused by impedance mismatch has occurred. If this were the case, you would experience intermittent problems rather than a network outage. The bend radius exceeded could possibly be the problem if the maximum cable length wasn't exceeded. Remember fiber-optic cable has maximum distances, depending on the type of cable used and the type of network being implemented. For the Network+ exam, you also need to understand the following fiber cable issues: Attenuation/Db loss - Attenuation is the reduction in power of the light signal as it is transmitted. Attenuation is caused by passive media components, such as cables, cable splices, and connectors. SFP/GBIC cable mismatch - This occurs when you use the wrong cable type. Make sure to ensure that you are using singlemode or multi-mode fiber cable based on the specification needed for the network type you deploy. Bad SFP/GBIC cable or transceiver - If this occurs, you will need to replace the component that is bad. Wavelength mismatch - Multi-mode fiber is designed to operate at 850 and 1300 nanometers (nm), while single-mode fiber is optimized for 1310 and 1550 nm. If the wrong wavelength is implemented or a device is added to the network that operates at the wrong wavelength, signal loss will occur. Fiber type mismatch - If you use different types of fiber cable on the same network, you will experience Db loss. It can cause systems to malfunction or have high error rates. Connector mismatch - If you use the wrong connectors on your network, devices will be unable to communicate. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Principles of Ethernet, Distance and Speed Limitations Question #58 of 200 Question ID: 1289060 Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column on the right to match the protocol with the correct default port. {UCMS id=5689560602247168 type=Activity} Explanation The protocols given use these default ports: Port 20 - FTP Port 23 - Telnet Port 25 - SMTP https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 60/212 4/18/22, 4:08 PM N10-007 Exam Simulation Port 53 - DNS Port 80 - HTTP FTP also uses port 21, but it was not listed in this scenario. Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications List of TCP and UDP Port Numbers, http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Question #59 of 200 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 Question ID: 1123381 61/212 4/18/22, 4:08 PM N10-007 Exam Simulation You are documenting the network layout for your company. You have discovered a firewall that has two network interfaces. Which firewall architecture have you discovered? A) screened subnet B) screened host C) bastion host D) dual-homed firewall Explanation A dual-homed firewall has two network interfaces. One interface connects to the public network, usually the Internet. The other interface connects to the private network. The forwarding and routing function should be disabled on the firewall to ensure that network segregation occurs. A bastion host is a computer that resides on a network that is locked down to provide maximum security. These types of hosts reside on the front line in a company's network security systems. The security configuration for this entity is important because it is exposed to un-trusted entities. Any server that resides in a demilitarized zone (DMZ) should be configured as a bastion host. A bastion host has firewall software installed, but can also provide other services. A screened host is a firewall that resides between the router that connects a network to the Internet and the private network. The router acts as a screening device, and the firewall is the screen host. A screened subnet is another term for a demilitarized zone (DMZ). Two firewalls are used in this configuration: one firewall resides between the public network and DMZ, and the other resides between the DMZ and private network. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Firewall Topologies, http://www.firewall.cx/firewall_topologies.php CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #60 of 200 Question ID: 1289154 Your client is experiencing what appears to be a decrease in network throughput. However, the symptoms the client is reporting to you are not detailed enough for you to diagnose the issue and make a recommendation. What will best assist you in pinpointing the bottleneck the next time it occurs? A) Network configuration and performance baselines B) Standard operating procedures/work instructions https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 62/212 4/18/22, 4:08 PM N10-007 Exam Simulation C) Rack diagrams D) Wiring and port locations Explanation Network configuration and performance baselines are parts of the network documentation that assist with troubleshooting. In particular, performance baselines show how the network performs under typical loads, in terms of bandwidth used, packets dropped, throughput, or other metrics, for a given period of time. Later, when network issues occur, such as a perceived drop in network speed, the administrator can compare current conditions to the previously recorded baseline. Standard operating procedures/work instructions represent key documents used to manage the network. While the two documents are related, they each have a different purpose. Standard operating procedures (SOPs) indicate what is to be done, as well as the responsible party. The work instructions describe how to execute the task identified in the SOP, but would not identify an active issue with throughput. Rack diagrams depict the placement of network equipment, such as routers, switches, hubs, patch panels, and servers, in a standard 19” rack. Rack diagrams are particularly useful when planning server rooms and networking closets as the diagrams allow the engineer to determine the proper placement of equipment prior to the physical buildout. They also serve as a tool to help locate equipment for maintenance or repair, but not to identify an active issue with throughput. Wiring and port locations should be a critical component of the network documentation. This documentation facilitates troubleshooting connectivity by not only identifying the IP or MAC address where the problem is located, but also the physical location of the problem. Wiring and port locations will not help you research performance issues until after the network configuration and performance baselines examined and compared to current performance. Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation How to set a network performance baseline for network monitoring, https://searchnetworking.techtarget.com/How-to-set-a-networkperformance-baseline-for-network-monitoring Question #61 of 200 Question ID: 1123444 To improve security, you change your Web server named Web1 to the HTTPS protocol. Shortly after implementing the change, users report that they cannot access any Web sites hosted on Web1 by using their fully qualified domain names (FQDNs). However, they can access other Web sites that are hosted on other Web servers by using their FQDNs. What is causing this problem? A) HTTPS is not a supported protocol. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 63/212 4/18/22, 4:08 PM N10-007 Exam Simulation B) The DNS server is down. C) The new Web address starts with https instead of http. D) The local area network (LAN) is down. Explanation HTTPS is a supported protocol. When a Web server uses HTTPS technology, all the data transfer between clients and the server is encrypted using Secure Sockets Layer (SSL) technology. Web pages using this technology begin their Uniform Resource Locators (URLs) with https://. This technology is used frequently with e-commerce Web sites. In this scenario, users are probably attempting to access the Web sites by typing http:// instead of https://. Although users are unable to access any Web sites hosted on Web1 by using FQDNs, they are able to access other Web sites by using their FQDNs. Therefore, the Domain Name Service (DNS) server is operational, as is the network. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: What is HTTPS?, https://www.instantssl.com/ssl-certificate-products/https.html CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models Question #62 of 200 Question ID: 1289296 You administer a LAN for your company. The LAN is connected to the Internet through a T1 connection. The network you administer is displayed in the following exhibit: The link light on the hub for the cable that connects the hub to the router is not lit. The link lights on the hub for Workstation A and the Server computer are lit. Workstation A and Server can communicate with one another, but neither of these computers can https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 64/212 4/18/22, 4:08 PM N10-007 Exam Simulation communicate with the Workstation B computer. Workstation B can connect to the Internet through the modem, but Workstation B cannot communicate with either Workstation A or Server. Which device is most likely causing the communications problem? A) the hub B) the router C) Workstation A D) the modem Explanation Of the choices available, the router is most likely causing the communications problem in this scenario. The router links the company's LAN to the Internet. Server and Workstation A cannot communicate with Workstation B, and Workstation B cannot communicate with the computers on the company's LAN, so the router is most likely malfunctioning. Workstation A and Server can communicate with one another, so Workstation A and the hub appear to be functioning properly. Workstation B can connect to the Internet, so the modem appears to be functioning properly. End-to-end connectivity is a process whereby you troubleshoot connectivity issues from the host experiencing the connection problem all the way through the network. You should always start at the local host and proceed through the network, through routers and other devices, to the destination. Any connectivity problem could be at the host, the remote host, or anywhere in between. Following a logical process will ensure that the exact issue will be located. As you move out from the local host, you should keep in mind that other hosts will be experiencing the same problem. For example, if the problem is not with the local host and you discover that the problem is with the router, all hosts that use that router should be experiencing the same problem. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #63 of 200 Question ID: 1289146 Which of these is NOT associated with data conversion between the ISP and the customer premise equipment? A) ATM B) Demarcation point C) CSU/DSU D) Smart jack https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 65/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation Asynchronous Transfer Mode (ATM) is NOT associated with data conversion between the ISP and the customer premise equipment. It is a network transmission model used in voice, video, and data communications. ATM uses equally sized cells that are all 53 bytes long. The equal length of the data packets supports very high data rates. ATM is deployed in Optical Carrier (OC) backbone network segments. All of the other options are associated with data conversion between the ISP and the customer's on-premises equipment. A demarcation point is where the division is made between the service responsibilities of the ISP and the service responsibilities of the customer. It is often located at the CSU/DSU or smart jack. When a network problem occurs, the demarcation point will determine which party is responsible for fixing it, such as the customer or the ISP. A Channel Service Unit/Data Service Unit (CSU/DSU) is a device that connects a router to a digital circuit, such as a T1 line. The CSU/DSU converts the signal from a wide area network into frames for a local area network. A smart jack typically provides the conversion between a telecommunications T1 line and the customer’s network. Smart jacks can also provide an alarm if the communications link is broken, diagnostic services such as loopback, or even act as a repeater. Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: ATM In Computer Networks: History And Basic Concepts, https://fossbytes.com/atm-asynchronous-transfer-mode-history-basicconcepts/ Question #64 of 200 Question ID: 1289222 You are troubleshooting a workstation that is not communicating with the network. You try a different port within the wiring closet hub, and this seems to fix the problem. What should you do next? A) Connect to the network and try to transfer a file. B) Document the problem and the solution. C) Have other users reboot their workstations. D) Replace all the patch cables. Explanation When troubleshooting a problem, you should try the obvious or quick fixes first. Once you have implemented a solution or workaround, you will need to test the solution to be sure it resolved the problem. The troubleshooting order according to the CompTIA Network+ blueprint is as follows: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 66/212 4/18/22, 4:08 PM N10-007 Exam Simulation 1. Identify the problem. Gather information. Duplicate the problem, if possible. Question users. Identify symptoms. Determine if anything has changed. Approach multiple problems individually. 1. Establish a theory of probable cause. Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model Divide and conquer 1. Test the theory to determine cause. Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, re-establish new theory or escalate. 1. Establish a plan of action to resolve the problem and identify potential effects, 2. Implement the solution or escalate as necessary, 3. Verify full system functionality and if applicable implement preventive measures. 4. Document findings, actions, and outcomes. Objective: Network Troubleshooting and Tools Sub-Objective: Explain the network troubleshooting methodology. References: CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1) Question #65 of 200 Question ID: 1289177 Which suppression methods are recommended for a fire in a facility that involves paper, laminates, and wooden furniture? (Choose two.) A) Dry powder B) Soda acid C) Water D) Halon https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 67/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation Water or soda acid should be used to suppress a fire that has wood products, laminates, and paper as its elements. The suppression method should be based on the type of fire in the facility. The suppression substance should interfere with the elements of the fire. For example, soda acid removed the fuel, while water reduces the temperature. Water or soda acid are used to extinguish class A fires. Electrical wiring and distribution boxes are the most probable cause of fires in data centers. Class C fire suppression agents, such as halon or carbon dioxide, are used when the fire involves electrical equipment and wires. They can also be used to suppress Class B fires that include liquids, such as petroleum products and coolants. Never use water on a Class B fire. The production of halon gas was banned in 1987. Halon causes damage to the ozone layer and is harmful to humans. Halocarbon agents or inert gas agents can be replacements for halon in gas-discharge fire extinguishing systems. Carbon dioxide, which is used to extinguish class B and class C fires, eliminates oxygen. It is harmful to humans and should be used in unattended facilities. Dry powder is a suppression method for a fire that has magnesium, sodium, or potassium as its elements. Dry powder extinguishes class D fires and is the only suppression method for combustible metals. It is important to select the appropriate fire suppression system. Some systems will remove oxygen from a room. Therefore, they are harmful to humans. For the Network+ exam, you also need to understand the importance of heating, ventilation, and air conditioning (HVAC) systems. Because computer and network equipment generates a lot of heat, you need to ensure that you implement an HVAC solution that can keep rooms and equipment properly cooled. Equipment rooms and data centers need their own HVAC system that is separate from the rest of the building. You also need to understand emergency procedures. The building layout should be documented with all safety/emergency exits noted. A fire escape plan should be written, with appropriate personnel training occurring at least annually. Entrances/exits should be configured appropriately as fail open in the event of a fire. Fail close should only be used when a physical security breach has occurred. An emergency alert system should be implemented to ensure that personnel are appropriately alerted when an emergency occurs. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: Classes of fires: A, B, C, D, K, http://www.falckproductions.com/resources/fire-safety-and-firewatch/classes-of-fire-a-b-c-d-and-k/ Question #66 of 200 Question ID: 1289151 Management has requested that you document the minimum level of security for all network devices. Which of the following will this provide? A) standards B) procedures https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 68/212 4/18/22, 4:08 PM N10-007 Exam Simulation C) guidelines D) baselines Explanation A baseline defines the minimum level of security and performance of a system in an organization. A baseline is also used as a benchmark for future changes. Any change made to the system should match the defined minimum security baseline. A security baseline is defined through the adoption of standards in an organization. Guidelines are the actions that are suggested when standards are not applicable in a particular situation. Guidelines are applied where a particular standard cannot be enforced for security compliance. Guidelines can be defined for physical security, personnel, or technology in the form of security best practices. Standards are the mandated rules that govern the acceptable level of security for hardware and software. Standards also include the regulated behavior of employees. Standards are enforceable and are the activities and actions that must be followed. Standards can be defined internally in an organization or externally as regulations. Procedures are the detailed instructions used to accomplish a task or a goal. Procedures are considered at the lowest level of an information security program because they are closely related to configuration and installation problems. Procedures define how the security policy will be implemented in an organization through repeatable steps. For instance, a backup procedure specifies the steps that a data custodian should adhere to while taking a backup of critical data to ensure the integrity of business information. Personnel should be required to follow procedures to ensure that security policies are fully implemented. Procedural security ensures data integrity. Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. References: Mandatory security baselines, https://security.web.cern.ch/security/rules/en/baselines.shtml Question #67 of 200 Question ID: 1123608 A user is experiencing network connectivity issues after a faulty NIC was replaced. You want the user to have excellent throughput, so you configure the NIC for full-duplex (auto configuration off). The corresponding switch port is configured as auto-config, so you should be OK, but the throughput is lower than expected. What is the issue? A) Duplex/speed mismatch B) Bottlenecks C) TX/RX reverse D) Incorrect pin-out https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 69/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation When you manually set a device to full-duplex (auto-config off), the device will assume it should use half-duplex transmission. Duplex/speed mismatch is a misconfiguration of an NIC, switch port, or router port. Duplex refers to whether the traffic is talk only/listen only or bidirectional traffic, like a phone call. Speed relates to the data transfer rate, such as 100mbs or 1000mbs. If one port is configured at half duplex and the other port is configured at full duplex, the user will notice a severe drop in performance, because the network will operate at the slower half duplex speed. Incorrect pin-out can be an issue if the wires in the UTP/STP cable are not laid out in accordance to the 568A or 568B standards. Also, if the RJ-45 jack was not crimped properly or if one of the ends of the individual wires did not seat properly, you could have an improper pinout. Communication will fail entirely if this occurs. Bottlenecks occur where there is speed degradation in network traffic, like a traffic jam. The bottleneck can occur due to equipment failure, an increase in network traffic, or a misconfiguration. TX/RX reverse can occur when patch cables are created, and the transmit (Tx) and receive (Rx) pairs are criss-crossed or mismatched. Even though STP and UTP cables have four pairs of wires, 100BASE-TX only uses two pairs, with one pair used for data transmission (Tx) and the other pair used for data reception (Rx). If the pairs are not aligned properly on both RJ-45 jacks, you can get a TX/RX reverse. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Network Enemy #1: Duplex Mismatch, https://www.pathsolutions.com/network-enemy-1-duplex-mismatch/ Question #68 of 200 Question ID: 1289196 You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security to protect against wireless attack. However, you must provide support for older wireless clients. Which protocol should you choose? A) WPA B) WAP C) WEP D) WPA2 Explanation You should implement Wi-Fi Protected Access (WPA). WPA was created to fix core problems with WEP. WPA is designed to work with older wireless clients while implementing the 802.11i standard. Wireless Application Protocol (WAP) is the default protocol used by most wireless networks and devices. However, because WAP can access Web pages and scripts, there is great opportunity for malicious code to damage a system. WAP is considered the https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 70/212 4/18/22, 4:08 PM N10-007 Exam Simulation weakest wireless protocol. Wired Equivalent Privacy (WEP) is the security standard for wireless networks and devices that uses encryption to protect data. However, WEP does have weaknesses and is not as secure as WPA or WPA2. Wired Equivalent Privacy (WEP) should be avoided because even its highest level of encryption has been successfully broken. Wi-Fi Protected Access 2 (WPA2) completely implements the 802.11i standard. Therefore, it does not support the use of older wireless cards. Identification and WPA2 are considered the best combination for securing a wireless network. WPA2 is much stronger than WPA. In addition, you can implement WPA2 with Temporal Key Integrity Protocol (TKIP), also referred to as TKIPRC4, or Advanced Encryption Standard (AES), also referred to as CCMP-AES, to provide greater security. WPA2-AES is stronger than WPA2-TKIP. For the Network+ exam, you need to protect against the following wireless attacks or issues: Evil twin - occurs when a wireless access point that is not under your control is used to perform a hijacking attack. It is set up to look just like a valid network, including the same Set Service Identifier (SSID) and other settings. Rogue access point (AP) - occurs when a wireless attack that is not under your control is connected to your network. With these devices, they are not set up to look just like your network. This attack preys on users' failure to ensure that an access point is valid. You can perform a site survey to detect rogue APs. War driving - occurs when attackers seek out a Wi-Fi network with a mobile device or laptop while driving a vehicle. You can lower the signal strength to help protect against this attack. You should also turn off the broadcasting of the SSID and use WPA or WPA2 authentication. War chalking - occurs when attackers place Wi-Fi network information on the outside walls of buildings. Keep an eye out for this type of information by periodically inspecting the outside of your facilities. Bluejacking - the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Turning off Bluetooth when not in use is the best protection against this. Bluesnarfing - the unauthorized access of information from a wireless device through a Bluetooth connection. Once again, turning off Bluetooth when not in use is the best protection against this. WPA/WEP/WPS attacks - Any attacks against wireless protocols can usually be prevented by using a higher level of encryption or incorporating RADIUS authentication. Wired Equivalent Privacy (WEP) should be avoided. Wi-Fi Protected Setup (WPS) allow users to easily secure a wireless home network but is susceptible to brute force attacks. Wi-Fi Protected Access (WPA) is more secure than WEP and WPS. WPA2 provides better security than WPA. Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: HTG Explains: The Difference Between WEP, WPA, and WPA2 Wireless Encryption (and Why It Matters), http://www.howtogeek.com/167783/htg-explains-the-difference-between-wep-wpa-and-wpa2-wireless-encryption-and-why-itmatters/ WAP: Broken Promises or Wrong Expectations?, http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/wap.html Wireless Security, http://www.ciscopress.com/articles/article.asp?p=177383&seqNum=6 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 71/212 4/18/22, 4:08 PM N10-007 Exam Simulation CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Securing Wireless LANs Question #69 of 200 Question ID: 1289284 A user has just returned from a week-long conference. While attending the conference, the user connected their work laptop to both the hotel Wi-Fi and the conference Wi-Fi. Now the user cannot connect to the company's Wi-Fi. What is most likely the issue? A) Wrong SSID B) Latency C) Jitter D) Frequency mismatch Explanation The most likely issue is an incorrect Service Set Identifier (SSID). Most wireless devices remember the previous SSID, even if you move to a new network, so you should always check the SSID when troubleshooting. Also, it is very easy for a user to select the wrong SSID. They may not have the correct password or passphrase, and they may type in the SSID name incorrectly. Checking for the correct SSID is often the first step to wireless troubleshooting. On most devices, you can set the device to remember an SSID and its credentials. However, if the SSID or the credentials change, the device will be unable to automatically log in to the wireless network. Jitter is the variance in latency rates. In a wireless network, jitter is commonly the result of diffraction, reflection or absorption. Different network segments may have different factors that affect latency. When the rate of latency is inconsistent, it can cause service issues in latency-sensitive applications such as banking, e-commerce, and gaming. The symptom of jitter is fluctuating transmission speeds. Latency is the time it takes for network data to travel between the sender and the recipient. As wireless networks are slower than wired networks, latency is an inherent issue in wireless networks. You can test and compare the latency of your wired and wireless connections network by using the ping command. The time= notation in the result tells you the latency of that connection. Frequency mismatch occurs when one device is operating at 2.4GHz and another device is operating at 5GHz. Both (or all) devices must be on the same frequency to communicate. One solution to ensure coverage for all devices is to have one access point operating at 2.4 GHz and another operating at 5 GHz. You could differentiate the access points by including the frequency in the SSID, such as MyNetwork2.4 and MyNetwork5. If you must operate two wireless access points in close proximity on the same frequency, you can configure the wireless access points to use different channels. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 72/212 4/18/22, 4:08 PM N10-007 Exam Simulation Should You Change the Default Name (SSID) of a Wireless Router?, https://www.lifewire.com/changing-default-name-ssidwireless-router-816568 Question #70 of 200 Question ID: 1123426 You need to collect management information on the routers and switches used on your company's network. You decide to use SNMP. What is the name of the software component that runs on a managed device when you deploy this technology? A) MIB B) SNMP agent C) SNMP manager D) NMS Explanation The SNMP agent runs on a managed device, such as a router or switch. This agent collects management information. Network management systems based upon SNMP contain two primary elements: a manager and agents. The manager is the console through which a network administrator performs network management functions. Agents are the entities that interface to the actual devices being managed. You would use an SNMP agent to monitor remote traffic through an access point. SNMP can monitor almost any type of network device, such as hubs, servers, interface cards, repeaters, and bridges. Threshold alarms can be set for all the parameters that the agent can monitor. The management information is stored in the Management Information Base (MIB) on the agent or managed device. The information in the MIB is then forwarded to the SNMP manager, where the network management application resides. The SNMP manager is also referred to as the Network Management Server (NMS). Managed devices will run the Simple Network Management Protocol (SNMP) agent. Unmanaged devices are not configured to run this software. By using SNMP to manage devices, you can simplify administrative effort using a single management console located at the SNMP manager. Often SNMP data is used to perform device diagnostics. Objective: Network Operations Sub-Objective: Explain common scanning, monitoring and patching processes and summarize their expected outputs. References: SNMP Components, http://docs.oracle.com/cd/E11036_01/alsb30/operations/snmpcomponents.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Monitoring Resources and Reports Question #71 of 200 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 Question ID: 1289247 73/212 4/18/22, 4:08 PM N10-007 Exam Simulation Your company has recently replaced all the shielded twisted pair (STP) and unshielded twisted pair (UTP) cable with fiber optic cable. You need to purchase a device to determine the length of the cables used on your network. Which tool do you need? A) OTDR B) TDR C) butt set D) toner probe Explanation An optical time domain reflectometer (OTDR) can be used to determine the length of the cables used on a fiber optic network. A time domain reflectometer (TDR) determines the length of shielded twisted-pair (STP), unshielded twisted-pair (UTP), or coaxial cables. A butt set is used to test telephone lines. A toner probe is used to identify a single cable on the network. It is the best tool to use to locate a bad CAT5 cable. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: TDR vs. OTDR, http://www.zostrich.com/Monitoring_PDF/tdrvsotdr.pdf CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #72 of 200 Question ID: 1289307 A new file server is configured to allow personnel within the company to store files. Users are reporting that they cannot upload files to the file server. What might be the areas you should examine? (Choose two.) A) Blocked TCP/UDP ports B) Incorrect ACL settings C) Duplicate IP addresses D) Hardware failure Explanation The areas you should examine are blocked TCP/UDP ports and incorrect ACL settings. Blocked TCP/UDP ports are often necessary to protect the network from insecure protocols that are easily exploited by hackers. Ports that are often blocked include TCP port 23 (Telnet), TCP port 21 (FTP), TCP/UDP port 53 (DNS, as a post-attack exit port) and UDP port 161 (SNMP). https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 74/212 4/18/22, 4:08 PM N10-007 Exam Simulation For ACLs on routers and firewalls, incorrect ACL settings would allow or prevent transmission of network traffic (inbound or outbound). ACL settings on file servers can allow or deny access to the folders. Duplicate IP addresses can occur when a DHCP server “thinks” an IP address is available. For example, a client machine requests an IP address, and the DHCP server issues an address listed as available from the pool of addresses. A conflict may occur if a dormant machine comes back online, with an IP address that the DHCP server thought was expired and added back into the pool. Hardware failure could be the NIC, cable, port on a switch, the switch itself, a port on the router of the router itself, to name a few. You would first ping 127.0.0.1 to determine if the client machine is communicating with the NIC. Ping the default gateway, then the router, and then a tracert to a website to identify the faulty piece of equipment. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Securing risky network ports, https://www.csoonline.com/article/3191531/network-security/securing-risky-network-ports.html Access Control List Explained with Examples, https://www.computernetworkingnotes.com/ccna-study-guide/access-control-listexplained-with-examples.html Question #73 of 200 Question ID: 1289128 You are setting up a 10-Mbps SOHO network at a residence. What is the lowest category or level of UTP cable that you should use as transmission medium for a small LAN communicating in the 10-Mbps range? A) Category 4 B) Category 2 C) Category 1 D) Category 3 E) Category 5 Explanation Although you could use Category 3 or Category 5 cable for the LAN, Category 3 is the lowest category cable that you could use for the LAN. Category 1 and Category 2 cable have maximum transmission rates of only 4 Mbps, so they would not be suitable for a 10-Mbps network. UTP transmission rates are listed below: Category 1 - up to 4 Mbps https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 75/212 4/18/22, 4:08 PM N10-007 Exam Simulation Category 2 - up to 4 Mbps Category 3 - up to 10 Mbps Category 4 - up to 16 Mbps Category 5 - up to 100 Mbps Category 5e - up to 1000 Mbps Category 6 - up to 1000 Mbps or 1 Gbps Category 6a – up to 10 Gbps Category 7 – up to 10 Gbps Category 1 wiring consists of two pairs of twisted copper wire. It is rated for voice grade, not data communication. It is the oldest UTP wiring and is used for communication on the Public Switched Telephone Network (PSTN). Category 2 wiring consists of four pairs of twisted copper wire and is suitable for data communications of up to 4 Mbps. Category 3 wiring consists of four pairs of twisted copper wire with three twists per foot. It is suitable for 10-Mbps data communication, and has been used widely in 10-Mbps Ethernet networks. Category 4 wiring consists of four pairs of twisted copper wire, and is rated for 16 Mbps. It was designed with 16-Mbps Token Ring networks in mind. Category 5 wiring consists of four twisted pairs of copper wire terminated by RJ-45 connectors. Category 5 cabling can support frequencies of up to 100 MHz and speeds of up to 1,000 Mbps. It can be used for ATM, Token Ring, 1000Base-T, 100Base-T, and 10Base-T networking. Category 6 wiring consists of four twisted pairs of copper wire terminated by RJ-45 connectors. It can supports speed of up to 1 Gbps or 1,000 Mbps. Category 6a wiring supports speed of up to 10 Gbps or 10,000 Mbps. Category 7 wiring consists of four twisted pairs of copper wire terminated by RJ-45 connectors. It supports speed of up to 10 Gbps or 10,000 Mbps. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #74 of 200 Question ID: 1289136 Your network contains four segments. You need to connect two or more of the LAN segments together. Which network devices can you use? (Choose four.) A) Router B) Switch https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 76/212 4/18/22, 4:08 PM N10-007 Exam Simulation C) Wireless Access Point D) Bridge E) Repeater F) Hub Explanation Bridges, switches, and routers can be used to connect multiple LAN segments. For the Network+ exam, you need to understand the placement of these devices. Bridges, switches, and routers are implemented on the perimeters of segments or subnetworks and are used to connect those segments together. Bridges and switches operate at the Data Link layer, using the Media Access Control (MAC) address for sending packets to their destination. Routers operate at the Network layer by using IP addresses to route packets to their destination along the most efficient path. Backbone routers are the open shortest path first (OSPF) routers that are in Area zero. Area zero is considered the backbone of an OSPF network. Internal routers are located in a single area within a single OSPF autonomous system. Area border routers (ABRs) are located in more than one area within a single OSPF autonomous system. Autonomous system border routers (ASBRs) connect multiple OSPF autonomous systems. A load balancer can be used to balance the workload between routers if more than one router is connected to a subnetwork. Load balancers can also be used with other devices to perform the same function. A Wireless Access Point (WAP) is essentially a translational bridge. One side is commonly connected to the wired LAN and the other side communicates using IEEE 802.11b with a wireless connection. WAPs are not Physical layer devices like hubs or repeaters. They selectively transmit traffic based upon MAC addresses. A WAP can also function as a repeater. WAPs are placed in the center of an area to which you want to provide wireless access. Hubs act as a central connection point for network devices on one network segment. They work at the Physical layer. The primary reason for choosing a switch over a hub is bandwidth needs. Switches can greatly improve network performance because switches do not broadcast the packets they receive. Hubs broadcast the packets they receive to all available ports on the hub, thereby increasing network traffic. Hubs, like routers and switches, are placed on the perimeter of a single segment and only control the traffic on that segment. Both switches and hubs support the same protocols. Hubs are cheaper than switches, but can result in higher costs over time when you consider the potential for issues with lower bandwidth. Both switches and hubs support different types of nodes. Repeaters are used to extend the length of network beyond the cable's maximum segment distance. They take a received frame's signal and regenerate it to all other ports on the repeater. They also work at the Physical layer. A repeater regenerates the signal to all other ports on the device, thereby extending the length of the network beyond the maximum cable segment. Repeaters are placed on a network at the point where the cable segment will exceed the maximum segment distance. You may also need to understand network bridges, which operate at the OSI Data Link layer. They divide a network into segments, keeping the appearance of one segment to the upper-layer protocols. Using MAC addresses, bridges determine which traffic should pass through the bridge and which traffic should remain on the local segment. Keeping local traffic local can increase network performance. Bridges can be used to perform the following functions: Expand the length of a segment Provide for an increased number of computers on the network https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 77/212 4/18/22, 4:08 PM N10-007 Exam Simulation Reduce traffic bottlenecks resulting from an excessive number of attached computers Split an overloaded network into two separate networks, reducing the amount of traffic on each segment and making each network more efficient Link different types of physical media, such as twisted-pair and coaxial Ethernet Another device that you may need to understand is a Multistation Access Unit (MAU), which is also abbreviated as MSAU. This term is synonymous with a passive "hub" in a Token Ring network. A MAU is a multiport device that connects the computers in a physical star topology that functions as a logical ring. Gateways allow two computers with no protocols in common to communicate. An analog modem converts analog signals transmitted over telephone cabling into digital signals used by computers and computer networks. A concept that you need to understand is traffic shaping, also known as packet shaping. A packet shaper delays data packets to bring them into compliance with a desired traffic profile. Packet shaping optimizes or guarantees performance and improves latency. The most common type of packet shaping is application-based traffic shaping. An example of this is P2P bandwidth throttling. Many application protocols use encryption to circumvent application-based traffic shaping. Another type of packet shaping is route-based traffic shaping that is conducted based on previous-hop or next-hop information. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Router, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212924,00.html Router vs. Switch, http://compnetworking.about.com/od/homenetworkhardware/f/routervsswitch.htm Switch, http://searchtelecom.techtarget.com/sDefinition/0,,sid103_gci213079,00.html Bridge, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211705,00.html Wireless access points, http://compnetworking.about.com/cs/wireless/g/bldef_ap.htm CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Network Infrastructure Devices Question #75 of 200 Question ID: 1123289 Your company needs to deploy a wireless network to allow users to connect to the network using mobile devices. You are concerned that the radio signal will not cover the amount of area you need. Another technician instructs you to research the angle of radiation of the wireless access point's antenna. Which term is used to refer to this? A) beamwidth B) sensitivity C) bandwidth https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 78/212 4/18/22, 4:08 PM N10-007 Exam Simulation D) gain Explanation The term used to refer to the angle of radiation of an antenna is beamwidth. There are many differences between the types of antennas that you can use, including beamwidth, gain, transmission angle, and frequency. The beamwidth parameter of the antenna defines the angle of the radio signal radiated. The angle of radiation of the signal is defined in degrees. Antenna properties include the gain, beamwidth, and transmission angle. The gain is a measure of how much of the input power is concentrated in a particular direction. Antennas with higher gain have less beamwidth than antennas with lower gain. The high-gain antennas have a very narrow beamwidth. For example, typical 6-dBi patch antenna has a 65-degree beamwidth, but the 21-dBi parabolic dish antenna has a 12-degree radiation pattern. You also need to understand signal strength. In most wireless access points, you can adjust the signal strength. This feature is particularly useful if you want to prevent the signal from reaching outside a building. Then you would adjust (lower) the signal strength and possibly change the access point placement to prevent the signal from reaching there. The coverage of the signal depends on the type of access point you are deploying, the location where it is deployed, and the frequency used. Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. References: Cisco Aironet Antennas and Accessories, https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennasaccessories/product_data_sheet09186a008008883b.html Deploying License-Free Wireless Wide-Area Networks, http://www.ciscopress.com/articles/article.asp?p=31731&seqNum=4 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #76 of 200 Question ID: 1289228 You administer a network for your company. You determine that there is a network connectivity problem on one of the computers on the network. You re-create the problem and determine that the problem is located in the NIC. You establish a theory of probable cause. Which step should you take next to troubleshoot the problem? A) Provide feedback to the users of the computer. B) Implement a correction plan. C) Form a correction plan. D) Test the theory. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 79/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation The troubleshooting order according to the CompTIA Network+ blueprint is as follows: 1. Identify the problem. Gather information. Duplicate the problem, if possible. Question users. Identify symptoms. Determine if anything has changed. Approach multiple problems individually. 1. Establish a theory of probable cause. Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model Divide and conquer 1. Test the theory to determine cause. Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, re-establish new theory or escalate. 1. Establish a plan of action to resolve the problem and identify potential effects, 2. Implement the solution or escalate as necessary, 3. Verify full system functionality and if applicable implement preventive measures. 4. Document findings, actions, and outcomes. You have already identified the problem, re-created the problem, and established a theory of probably cause. You should now test the theory. In this scenario, the correction plan might involve running diagnostics on the network interface card (NIC) or simply replacing the NIC. If the test confirms you theory, you should then proceed through the other troubleshooting steps. Objective: Network Troubleshooting and Tools Sub-Objective: Explain the network troubleshooting methodology. References: CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1) Question #77 of 200 Question ID: 1289056 Which well-known port is used to forward e-mail on the Internet between e-mail servers? https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 80/212 4/18/22, 4:08 PM N10-007 Exam Simulation A) 23 B) 25 C) 110 D) 161 Explanation Ports allow more than one service or application to communicate at the same time between computers. Simple Mail Transfer Protocol (SMTP) uses port 25 to communicate e-mail transfers. Administrators can assign additional ports for communication on an intranet and through the Internet. There are a total of 65,536 ports each for TCP and UDP. Of these, only 1,024 ports are considered well known and, therefore reserved for a particular service. Port 23 is used by Telnet for remote administration. Port 110 is used by Post Office Protocol Version 3 (POP3) for e-mail. Port 161 is used by Simple Network Management Protocol (SNMP) for network diagnostics. Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 81/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications What is SMTP?, http://searchexchange.techtarget.com/sDefinition/0,,sid43_gci214219,00.html Computer Network Glossary - Port Number: Ports 10-49, http://compnetworking.about.com/od/tcpip/l/blports_gl10.htm Question #78 of 200 Question ID: 1123554 You install a second NIC in your Linux computer. Then, you log on to the computer as root. You want to configure the new NIC with the IP address 192.168.0.1 and the subnet mask 255.255.255.0.Which command should you issue at a command prompt to configure the NIC? A) ifconfig eth0 192.168.0.1 subnet 255.255.255.0 up B) ifconfig eth1 192.168.0.1 netmask 255.255.255.0 up C) ipconfig eth0 192.168.0.1 subnet 255.255.255.0 up D) ipconfig eth1 192.168.0.1 netmask 255.255.255.0 up Explanation On a Linux computer, you should use the ifconfig command to configure a network interface card (NIC). The first NIC in a Linux computer is typically named eth0, and the second NIC is named eth1. Therefore, you should log on to the Linux computer as root, which is also known as the superuser, and issue the command ifconfig eth1 192.168.0.1 netmask 255.255.255.0 to configure the second NIC. The 192.168.0.1 portion of the command configures the IP address for the NIC, the netmask 255.255.255.0 portion of the command configures the subnet mask for the NIC, and the up portion of the command activates the NIC. A similar procedure would be used on a UNIX computer. The command ifconfig eth0 192.168.0.1 subnet 255.255.255.0 up is not properly configured; the command uses the term subnet rather than the proper term netmask, and the command would attempt to configure eth0 rather than eth1. The ipconfig command can be used on Microsoft computers to view the TCP/IP protocol stack, but ipconfig cannot be used to configure a NIC. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Linux/Unix ifconfig tool, http://www.computerhope.com/unix/uifconfi.htm https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 82/212 4/18/22, 4:08 PM N10-007 Exam Simulation CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #79 of 200 Question ID: 1123285 Which of these has helped reduce wiring, weight, and cost in industrial applications? A) SAN B) MAN C) CAN D) PAN Explanation A controller area network (CAN) is used in industrial applications, originally in automotive systems. It replaces bulky wiring systems, reducing weight and cost. A CAN builds a network between controllers, allowing them to share information. A railway application, for example, might be a sensor that detects whether or not a door is closed, and locks the brakes until the sensor indicates the door is closed. A storage area network (SAN) creates a network among a pool of storage devices. It may be thought of as a RAID array that uses network connections as opposed to data cables. The SAN pool appears as a single drive letter to the client. A personal area network (PAN) is a network of devices that are in close proximity to a person, no more than a couple of meters away. Devices that can be part of PANs include wireless headphones, wearable technology, and printers. A metropolitan area network (MAN) connects several LANS together in an area roughly the size of a city. An example of a MAN might be a large hospital with several satellite offices in various neighborhoods around the city. CAN can also mean campus area network. This type of network encompasses a large campus that is usually located within a several block radius. This type of CAN connects several LANs into a single CAN. Then multiple CANs can be connected using a MAN or WAN. Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. References: Controller Area Network (CAN) Overview, http://www.ni.com/white-paper/2732/en/es Question #80 of 200 Question ID: 1123314 Which of the following can be manipulated to reduce network traffic? https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 83/212 4/18/22, 4:08 PM N10-007 Exam Simulation A) NTP B) lower TTL C) MAC reservations D) increased lease time Explanation Lease time can be manipulated to reduce network traffic. Lease time is the amount of time a device maintains the IP address assigned by the DHCP server. With Windows, the default lease time is 8 days. Lease times may be adjusted. As an example, if the network configuration seldom changes and you have a large number of IP addresses, you might consider increasing the lease time. The justification for doing so is that every lease must be renewed, and those renewals increase network traffic. Increasing the duration of the lease reduces the amount of network traffic required for lease renewal. MAC reservations allow you to permanently assign an IP address to the MAC address of a specific device. Web servers, mail servers, copiers, printers, wireless access points, and projectors are all examples of devices that can benefit from having a permanently assigned IP address. For each such device, a reservation (exclusion) would be made so that the IP address is removed from (reserved) the pool of available IP addresses. Once a reservation is made, that device always uses that same address. But configuring MA reservations will not affect network traffic as much as increasing the lease time. Time To Live (TTL) specifies the length of time that a DNS name server must cache the name. By default, the TTL is 60 minutes, but it may be modified in the DNS Management Console. Longer TTLs are best for more permanent records, such as MX records, DKIM/SPF records, and TXT records. A lower TTL would mean additional network traffic. Network Time Protocol (NTP) is used to synchronize the clocks of computers on the network. Synchronization of time is important in areas such as event logs, billing services, e-commerce, banking, and HIPAA Security Rules. Implementing NTP would actually increase network traffic. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: What is DHCP Lease Time & What Should I Set it To?, http://homenetworkadmin.com/dhcp-lease-time/ Question #81 of 200 Question ID: 1289149 You have been given a drawing that shows the flow of network communication with symbols to indicate equipment function. Which type of configuration management documentation have you been given? A) physical network diagram B) logical network diagram C) wiring schematic https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 84/212 4/18/22, 4:08 PM N10-007 Exam Simulation D) network baseline Explanation You have been given a wiring schematic. Schematics include the flow of network communication and symbols to indicate equipment function. They use horizontal and vertical lines to show how the system flow functions, not the physical layout of the devices in the network. A wiring diagram emphasizes network connections and uses horizontal and vertical lines to represent network wires. Components are represented by pictures instead of symbols. A logical network diagram represents how the data will logically be transported through the network. It does not usually show the actual interfaces and physical wires. It does include routing tables. A physical network diagram represents the physical location of the network devices and how they are connected. A network baseline is not really a type of diagram. It is actually performance statistics gathered for comparative purposes. By establishing a network performance baseline, you can ensure that performance issues can be identified much more easily in the future. The naming conventions used in schematics and diagrams should allow quick identification of different components and devices. Make sure to establish a standardized naming convention across your network. Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. References: Types of Electrical Diagrams or Schematics, http://www.tpub.com/content/doe/h1016v1/css/h1016v1_105.htm CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation Question #82 of 200 Question ID: 1289127 You will have a very small wiring closet for your routers. While the company will use fiber-optic cabling, you would like to use the smallest form connector to conserve space. The connector you plan to use should be roughly half the size of the other connectors. Which fiber-optic connector should you use? A) LC B) SC C) BNC D) ST Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 85/212 4/18/22, 4:08 PM N10-007 Exam Simulation A Lucent Connector (LC) fiber-optic connector is roughly half the size of other fiber-optic connectors. Its smaller form allows for more space in the wiring closet. An LC connector resembles the following exhibit: The SC connector is a square, plug-in connector used with fiber-optic cable. It is a popular choice in 100Base-FX implementations. SC stands for square connector. The SC connector uses a push to snap on and a push to snap off technology. It is larger than an LC connector. An SC connector resembles the following exhibit: There are two types of SC connectors: ultra physical contact (UPC) and angled physical contact (APC). APC connectors feature an 8-degree angle, while UPC connectors have no angle. UPC adapters are blue, while APC adapters are green. The ST connector is a round, bayonet type of connector used with fiber-optic cable, which uses a twist on-twist off technology. The ST stands for straight tip, which refers to the white tip at the end of the connector. It is larger than an LC connector. An ST connector resembles the following exhibit: A BNC connector is used to connect a 10Base2 (ThinNet) cable to a computer or network device. It is also used to terminate DS3 connections in a telecommunications facility. It is not used by fiber-optic cable. A BNC connector resembles the following exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 86/212 4/18/22, 4:08 PM N10-007 Exam Simulation Another connector that is used with fiber-optic cabling is the Mechanical Transfer Registered Jack (MTRJ) connector. It more closely resembles the RJ-45 connector used in UTP and STP cabling. An MTRJ connector resembles the following exhibit: RJ-45 connectors are used to connect unshielded twisted-pair (UTP) and shielded twisted-pair (STP) cable to hubs, network interface cards (NICs), and various other twisted-pair networking devices. RJ-45 connectors are shaped like RJ-11 connectors, only larger. They use an 8-pin connector that house eight (four pair) wires. Registered Jack (RJ) connectors use a small tab to lock the connector in place. An RJ-45 connector resembles the following exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 87/212 4/18/22, 4:08 PM N10-007 Exam Simulation An RJ-11 connector is typically used to connect two pairs of UTP wiring to a voice-grade telephone system. They are smaller than RJ-45 connectors. An RJ-11 connector resembles the following exhibit: An RJ-48C connector at first glance will look exactly like an RJ-45 connector. However, on close examination, a technician will notice that the wires are in a different order. It is mostly commonly used for T1 data lines for longer distances and when exposed to the environment. To protect the integrity of the signal, RJ48 wirings use STP cabling. A DB-9 connector, also referred to as an RS-232 connector, is a serial connector. A DB-9 connector resembles the following exhibit: Another serial connector is a DB-25 connector. A DB-25 cable resembles the following exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 88/212 4/18/22, 4:08 PM N10-007 Exam Simulation A UTP coupler is a small block for connecting two UTP cables to form a longer one. An RJ-45 UTP coupler is shown in the following exhibit: A BNC coupler works like a UTP coupler, only for BNC cables not UTP cables. A BNC couple is shown in the following exhibit: An F connector, also referred to as F-type connector, is a connector for coaxial cable. An F connector is shown in the following exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 89/212 4/18/22, 4:08 PM N10-007 Exam Simulation An FC connector is used in fiber-optic networks. It has a threaded body that is useful in environments where vibrations occur. An FC connector is shown in the following exhibit: A fiber coupler, like a UTP and BNC coupler, is used to attach two separate fiber optic cables. Fiber couplers match the particular type of fiber-optic connector that you use. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: LC Connector, http://encyclopedia2.thefreedictionary.com/LC+connector CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #83 of 200 Question ID: 1123249 Which metric is used by the Routing Information Protocol (RIP) Version 2 protocol to determine the network path? A) convergence B) delay C) bandwidth D) hop count https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 90/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation Both Versions 1 and 2 of RIP use hop count as the primary metric to determine the most desirable network path. A metric is a variable value assigned to routes and is a mechanism used by routers to choose the best path when there are multiple routes to the same destination. Each router traversed by a packet from the source to the destination constitutes one hop. The lower the hop count, the higher the preference given to that path. Using RIP, the hop count is limited to 15 hops. Any router beyond this number of hops is marked as unreachable. RIP does not use delay as its primary metric. Delay refers to the time an Internet Protocol (IP) packet takes to travel from source to destination. Some dynamic protocols, such as Interior Gateway Routing Protocol (IGRP), use delay in combination with other parameters to determine the best path to the destination. RIP does not use bandwidth as its primary metric. Bandwidth refers to the maximum attainable throughput on a link. This metric is used as a part of the metric calculation by some routing protocols, such as IGRP and Enhanced IGRP (EIGRP). RIP does not use convergence as its primary metric. Convergence ensures that the status of a set of routers has the same knowledge of the surrounding network topology. The goal of convergence is to ensure that data is transmitted at a steady state. Link-state protocols provide faster convergence than distance-vector protocols. EIGRP provides faster convergence than OSPF, but OSPF provides faster convergence than RIP. When convergence on a routed network occurs, all routers learn the route to all connected networks. RIP v1, RIP v2, and IGRP are considered distance vector protocols. Open Shortest Path First (OSPF) is a link-state protocol. EIGRP is a balanced hybrid routing protocol, also referred to as an advanced distance vector protocol. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 6: Routing IP Packets, Routing Protocol Examples TCP/IP Routing Information Protocol, http://www.tcpipguide.com/free/t_TCPIPRoutingInformationProtocolRIPRIP2andRIPng.htm Question #84 of 200 Question ID: 1123548 A user in the Engineering department is unable to log on to the network. The network has eight subnets and uses TCP/IP. There have been no other complaints from other departments. Which steps should help you isolate the cause of the problem? (Choose two.) A) Ping the server. B) Configure a WINS server. C) Establish whether other local-segment users are having the same problem. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 91/212 4/18/22, 4:08 PM N10-007 Exam Simulation D) Replace all the patch cables. Explanation When troubleshooting a problem, you should try the obvious or quick fixes first. This is especially true when you are attempting to correct a problem remotely with a non-technical and often impatient end user. A logical first place to start troubleshooting would be to determine if the condition is network-wide or workstation-specific. You should have other similar users attempt to perform the same actions. If they are able to do so, the problem is a local condition. Next, you should ping the server from the user's computer. A WINS server is only needed when you are using NetBIOS names for resolution. The patch cables should only be replaced if more than one computer is experiencing the problem and only after determining that the cables are the problem. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Chapter 12: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #85 of 200 Question ID: 1289237 You are the network administrator for your company. You are in the process of verifying the configuration of the network devices to ensure smooth network connectivity. You want information on the routes taken by packets from a Cisco router so that you are able to identify the network points where packets are being dropped. Which command should you use to accomplish this task in the most efficient manner? A) tracert B) traceroute C) extended ping D) ping Explanation You should use the traceroute command. The traceroute command finds the path a packet takes while being transmitted to a remote destination. It is also used to track down routing loops or errors in a network. The following code is a sample output of the traceroute command: Type escape sequence to abort. Tracing the route to 33.0.0.4 1 11.0.0.2 4 msec 4 msec 4 msec 2 24.0.0.3 20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec Jan 20 16:42:48.611: IP: s=12.0.0.1 (local), https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 92/212 4/18/22, 4:08 PM N10-007 Exam Simulation d=33.0.0.4 (Serial0), len 28,sendingJan 20 16:42:48.615: UDP src=39911, dst=33434Jan 20 16:42:48.635: IP: s=11.0.0.2 (Serial0), d=11.0.0.1 (Serial0), len 56,rcvd 3Jan 20 16:42:48.639: ICMP type=11, code=0 The tracert command is incorrect because this command is used by Windows operating systems, not the Cisco command-line interface. However, the purpose of the tracert command is similar to the Cisco traceroute utility, namely to test the connectivity or "reachability" of a network device or host. The tracert command uses Internet Control Message Protocol (ICMP). The extended ping Cisco command can be issued on a router to test connectivity between two remote routers. This option is incorrect because you are not testing connectivity in this scenario; you want to determine the route a packet takes through the internetwork. The ping command is also incorrect because you are not testing connectivity in this scenario; you want to determine the route a packet takes through the internetwork. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Cisco IOS Command Fundamentals Reference, Release 12.4: traceroute, http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_t1.html#wp1026406 Using the Extended ping and Extended traceroute Commands, http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f22.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #86 of 200 Question ID: 1289088 You are asked to acquire address space for a new network that must accommodate at least 12 subnets, each with at least 2,048 nodes. A total of 25,576 IP addresses are needed, but the available address space should leave some room for growth in each subnet, and for the number of subnets to double (or more). The network must also support IPsec to the endpoints for security reasons. Which of the following options provides the best fit while minimizing costs? A) Private IPv4 Class A network (10.0.0.0) B) IPv6 network with a /56 global routing prefix C) IPv6 network with a /64 global routing prefix D) Public IPv4 Class B network, purchased on the open market E) IPv6 network with a /48 global routing prefix Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 93/212 4/18/22, 4:08 PM N10-007 Exam Simulation The IPv6 network with a /56 global routing prefix should impose little or no cost to obtain. It also provides 256 subnets, each with millions of nodes, and supports IPsec end-to-end. Thus, it provides the best fit while minimizing costs because it meets the starting requirements with ample room for growth. In fact, in a situation where IPsec is needed end-to-end, only IPv6 makes sense. Private IP addresses do NOT support IPsec connections end-to-end. They require Network Address Translation (NAT) or some equivalent, and will not work with IPsec. Thus, a Private IPv4 Class A address is not suitable. If one could purchase a public IPv4 class B network address on the open market, it would cost at least $300,000, if not double that amount or more (see References). A single class B address can only be subdivided into 14 subnets, if each one needs 2,048 nodes. Thus for both reasons of cost and capacity, a public IPv4 Class B network address is not suitable. IPv6 network addresses are generally available for no cost or low cost, but one with a /64 global routing prefix provides exactly one subnet (a single network, in other words). Thus it does not meet the stated requirements. An IPv6 network with a /48 global routing prefix supports up to 65,000 subnets, each with millions of nodes. It is a popular choice for single subscriber sites, but offers many more subnets than are needed. Thus, it does NOT meet the stated requirements. Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: How to Buy (or Sell) IPv4 Addresses, http://www.gtri.com/how-to-buy-or-sell-ipv4-addresses/ “CIDR (Classless Inter-Domain Routing or supernetting)” http://searchnetworking.techtarget.com/definition/CIDR "Understanding IP Addressing and CIDR charts" https://www.ripe.net/about-us/press-centre/understanding-ip-addressing Question #87 of 200 Question ID: 1289231 You need to check for open circuits and short circuits on your network. Which tool should you use? A) cable tester B) toner probe C) butt set D) protocol analyzer Explanation A cable tester will check for open circuits and short circuits on your network. A cable tester typically includes an electric current source, a volt meter, and an interface for connecting to the cable. An open circuit occurs when a needed connection is missing. A short circuit occurs when an unidentified connection exists. A cable tester could be used if access to resources has slowed considerably. It also tests the proper grounding of cabling. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 94/212 4/18/22, 4:08 PM N10-007 Exam Simulation A butt set is used to test telephone lines. It would be useful if you need to determine where a telephone line is plugged into a punch block. A toner probe is used to identify a single cable on the network. It would be useful if you need to determine where a network cable is plugged into a punch block. It is the best tool to use to locate a bad CAT5 cable. A protocol analyzer is software that enables you to view information about the network communications protocols that are used on a network. For the Network+ exam, you must also be familiar with the following troubleshooting tools: Speed test sites - These sites are used to determine the speed of your Internet connection. They are a great method to help you see if you are getting the speed promised by your Internet service provider (ISP). For a list of possible sites to use, please see http://pcsupport.about.com/od/toolsofthetrade/tp/internet-speed-test.htm. Looking glass sites - These sites view routing information from a server's perspective using Border Gateway Protocol (BGP) routes. For a list of possible looking glass servers, please see http://www.bgp4.as/looking-glasses. Wi-Fi analyzer - These tools are used to analyze the signal strength of your wireless access points. For a list of possible FREE Wi-Fi analyzers for laptops or mobile devices, please see http://open-tube.com/free-wifi-analyzers-for-laptops-mobile-devices/ Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Cable tester, http://en.wikipedia.org/wiki/Cable_tester CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #88 of 200 Question ID: 1289207 A user notifies you regarding the features that are available with his computer's video card. He says that the video card's manufacturer has several new features for the video card that he is unable to locate or use. He needs access to these features. What should you do? A) Check for firmware updates. B) Check for driver updates. C) Upgrade the operating system. D) Check for operating system updates. Explanation You should check for driver updates. Periodically, vendors may release new features for their products. For video cards, these new features are part of the driver software. You should not check for operating system updates. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 95/212 4/18/22, 4:08 PM N10-007 Exam Simulation Operating system updates may include new operating system features, but the user is requesting new video card features. These are usually offered as part of a new device driver. You should not check for firmware updates. Firmware is used for routers, switches, mobile phones, and computers. They are not used for video cards. You should not upgrade the operating system. The new video card features are part of the device driver software, not the operating system. Objective: Network Security Sub-Objective: Given a scenario, implement network device hardening. References: HTG Explains: When Do You Need to Update Your Drivers?, http://www.howtogeek.com/98465/htg-explains-when-do-you-need-toupdate-your-drivers/ Question #89 of 200 Question ID: 1289283 A user is complaining about wireless connectivity. Their cubicle is on a concrete wall, and the wireless access point is mounted on the other side of the wall. What describes what is happening to the wireless signal that only has to travel a few inches? A) Absorption B) Frequency mismatch C) Refraction D) Attenuation Explanation Absorption occurs when an object does not reflect or refract a wireless signal, but rather absorbs a portion of it. Different materials have different absorption rates. For example, drywall has a relatively low absorption rate, while concrete has a relatively high absorption rate. Refraction “bends” the signal as it passes through, or the signal curves as it tries to go around the object. Think of a stick where part of the stick is in the water and part of the stick is out of the water. The stick appears ‘‘bent” because the water causes refraction of the image. This may result in communication issues. Frequency mismatch occurs when one device is operating at 2.4GHz and another device is operating at 5GHz, causing communication to drop. Both (or all) devices must be on the same frequency to communicate. One solution to ensure coverage for all devices is to have one access point operating at 2.4, and another operating at 5 is to differentiate the access points. This might be achieved by including the frequency in the SSID, such as MyNetwork2.4 and MyNetwork5. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 96/212 4/18/22, 4:08 PM N10-007 Exam Simulation Attenuation is the degradation of a signal, typically occurring over distance. Wireless networks are particularly susceptible to attenuation, due to their distance limitations. Typical effective indoor ranges for wireless signals are from 90-225 feet. Attenuation is not caused by concrete walls. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: Do You Know The RF Fundamentals?, https://blog.aerohive.com/do-you-know-the-rf-fundamentals/ 5 Phenomena That Impact Wi-Fi Signal, https://www.mirazon.com/5-phenomena-that-impact-wi-fi-signal/ Question #90 of 200 Question ID: 1123617 You are installing a second wireless access point in your office. When you place the second wireless access point, you notice it is experiencing interference intermittently. You want to prevent the interference. Which method would NOT prevent interference? A) Change the channel used on the new wireless access point. B) Decrease the signal strength of the new wireless access point. C) Increase the signal strength of the new wireless access point. D) Move the new wireless access point. Explanation You should NOT increase the signal strength of the new wireless access point. This would probably increase the interference. Decreasing the signal or power strength can ensure that the wireless LAN does not extend beyond a certain area. You could move the new wireless access point, change the channel used on the new wireless access point, or decrease the signal strength of the new wireless access point. One other method for preventing wireless interference is changing the wireless telephone used. The scenario only stated that intermittent interference was occurring. It did not state what was causing the interference. Another potential wireless issue is the wrong antenna type. Antenna types can affect the area that a wireless signal will cover. Unidirectional antennas only transmit in a single direction, while omnidirectional antennas transmit in a defined radius from the antenna placement. In both cases, you should ensure that the wireless access point is placed in an area where the antenna type will be most effective. Objective: Network Troubleshooting and Tools https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 97/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: HowTo: Prevent Wireless Interference, http://www.networkwebcams.com/ip-camera-learning-center/2008/05/09/howto-preventwireless-interference/ CompTIA Network+ N10-006 Cert Guide, Chapter 8: Wireless Technologies, Deploying Wireless LANs Question #91 of 200 Question ID: 1289236 You are troubleshooting a network connectivity problem on a Windows 7 computer. You issue the following command at a command prompt in command prompt window: nbtstat -r Which screen is displayed as a result of issuing this command? A) B) C) https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 98/212 4/18/22, 4:08 PM N10-007 Exam Simulation D) Explanation A table of NetBIOS names resolution and registration statistics will be displayed when you issue the nbtstat -r command. This screen displays NetBIOS connection statistics, such as the number of NetBIOS names resolved by broadcast and the number of NetBIOS names resolved by a NetBIOS name server. This screen also displays the NetBIOS names that have been resolved. The Active Connections screen is displayed when you issue the netstat -a or netstat -A command at a command prompt on a Windows computer. The Route Table screen is displayed when you issue the netstat -r or netstat -R command at a command prompt on a Windows computer. The NetBIOS Local Name Table screen is displayed when you issue the nbtstat -n or nbtstat -N command at a command prompt on a Windows computer. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Troubleshooting Tools and Strategies, http://technet.microsoft.com/en-us/library/cc961857.aspx Nbtstat switches and example output, http://www.hildrum.com/nbtstat.htm CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #92 of 200 Question ID: 1289174 You work for a medium-sized company. You would like to provide secure, remote access between the company's three Internetconnected sites and their Windows client, servers, and domain controllers. Which option would provide adequate security and cost the least overall? A) Purchase WAN links between each pair of sites, and run a commercial VPN over IPSec. B) Create a VPN, and run RDP over the VPN. C) Use a freeware VNC to run TeamViewer over the Internet. D) Use IPSec to secure RDP over the Internet with connection security rules and associations. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 99/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation You should use Internet Protocol Security (IPSec) to secure Remote Desktop Protocol (RDP) over the Internet with connection security rules and associations because it uses only Microsoft-supplied protocols and services. This is the only option that provides an additional layer of encryption and security beyond what is included in RDP or Windows Remote Desktop Connections. The connection security rules and associations work with IPSec to establish how to broker a legitimate RDP connection and to manage proofs of identity and authentication between communicating parties. Purchasing WAN links between each pair of sites and running a commercial virtual private network (VPN) over IPSec offers strong security. However, doing so would require purchasing dedicated WAN links when Internet costs are lower or already covered through the company’s existing Internet access. This solution also incurs additional costs for a commercial VPN in which to run remote access. Creating a VPN, and running RDP over the VPN eliminates the cost of WAN links, but incurs the costs for a commercial VPN. Thus, it is not as cheap as the RDP option. Using a freeware virtual network computing (VNC) to run TeamViewer over the Internet is not a cheaper option because TeamViewer would incur costs to run. In addition, a VNC is not needed as Windows computers include RDP. VNC is an option to use if other operating systems are included. RDP does not offer complete security by itself. It also fails to provide authentication to verify the identity of RD session hosts. At a minimum, TLS should be employed to strengthen RDP. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: Securing RDP with IPSec, https://blogs.technet.microsoft.com/askpfeplat/2017/07/24/securing-rdp-with-ipsec/ CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Remote Access Methods Question #93 of 200 Question ID: 1123318 What is the purpose of a pointer (PTR) DNS record? A) It maps an IP address to a hostname. B) It maps a hostname to an IPv6 address. C) It contains an alias for an existing A record. D) It contains information regarding a particular DNS zone's start of authority. E) It maps a hostname to an IPv4 address. F) It maps a domain name to an e-mail server. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 100/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation A pointer (PTR) record maps an IP address to a hostname. A host or address (A) record maps a hostname to an IPv4 address. An AAAA record maps a hostname to an IPv6 address. A mail exchange (MX) record maps a domain name to an e-mail server. A canonical name (CNAME) record contains an alias for an existing A record. A start of authority (SOA) record contains information regarding a particular DNS zone's start of authority. A Domain Name System (DNS) server is the authority for a DNS zone, which contains DNS records. DNS servers allow users to request access to devices using either the devices' hostname or IP address. A DNS server stores fully qualified domain name (FQDN) to IP address mappings. This server allows clients to use the easier-to-remember FQDNs to access remote devices. Dynamic DNS is an implementation of DNS that allows real-time updates to DNS records. With Dynamic DNS (DDNS), devices can automatically update their DNS records or allow a DHCP server to implement the updates on behalf of the DNS client. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices Question #94 of 200 Question ID: 1123387 Your company owns a single physical server. You need to ensure that Web services are hosted in a Linux environment while Active Directory services are hosted in a Windows environment. In addition, you need to ensure that these services are hosted on different broadcast domains. What should you do? A) Implement virtual servers and PBXs. B) Implement virtual servers and switches. C) Implement virtual desktops and servers. D) Implement virtual desktops and switches. Explanation You should implement virtual servers and switches. Implementing virtual servers would allow you to host a Linux environment for Web services and a Windows environment for Active Directory services on the same physical server. Implementing virtual switches will allow you to host the services on different broadcast domains. You should not implement virtual desktops. Virtual desktops allow you to implement a uniform user environment. You should not implement virtual PBXs. A virtual PBX allows you to outsource your telephony service to a service provider. This is an example of software as a service (SaaS). A virtual PBX is usually a Voice over IP (VoIP) solution. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 101/212 4/18/22, 4:08 PM N10-007 Exam Simulation When considering virtualization solutions, keep in mind that onsite services reside at your organization's corporate location or branch facility. Offsite services are provided by service providers usually in cases where the leasing organization does not have the means to implement its own data center. When a service provider provides these networking services, it is referred to as Network as a Service (NaaS). Objective: Infrastructure Sub-Objective: Explain the purposes of virtualization and network storage technologies. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3 Network Components, Virtual Network Devices Question #95 of 200 Question ID: 1123443 Your company periodically exchanges confidential information with a third party via a single server at each company. Management has recently become concerned that communications between the two servers have been intercepted and read. You have been asked to ensure that messages between the two authenticated computers are encrypted to prevent attackers from reading the messages. Which protocol should you use? A) TFTP B) DNS C) TLS D) UDP Explanation Transport Layer Security (TLS) encrypts the messages transmitted between two authenticated computers, preventing third parties from reading the messages. TLS is the protocol being used when Secure Sockets Layer (SSL) is implemented. TLS works at the Transport layer of the OSI model. Domain Name System (DNS) is a database that translates a computer's fully qualified domain name (FQDN) to its IP address. DNS works at the Application layer of the OSI model. A DNS database stores canonical records. Trivial File Transfer Protocol (TFTP) is a connectionless version of the File Transfer Protocol (FTP). TFTP transfers files between a client and a server. TFTP works at the Application layer of the OSI model. User Datagram Protocol (UDP) is part of the TCP/IP protocol suite. UDP provides connectionless communication. UDP works at Transport layer of the OSI model. It uses datagrams for communication. Objective: Network Operations https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 102/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, use remote access methods. References: What is Transport Layer Security?, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci557332,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks Question #96 of 200 Question ID: 1123221 You administer a TCP/IP network. You want to enable the hosts on your network to be automatically configured with IP configurations, such as IP address, subnet mask, and default gateway address. The IP configurations should be leased to the clients for a limited time. Which protocol should you use to accomplish this task? A) HTTP B) SMTP C) IPP D) DHCP E) BOOTP Explanation You should use Dynamic Host Configuration Protocol (DHCP) to automatically configure the hosts on your network with IP configurations. DHCP was designed to automatically configure frequently moved, fully boot-capable computers, such as laptop computers, with IP configurations. You can use DHCP to configure such IP settings as IP address, subnet mask, and default gateway address. Typically, DHCP information is leased to a client for a limited period. DHCP clients usually release DHCP information when they are shut down. When a DHCP client retrieves IP configurations from a DHCP server, the DHCP client is not necessarily configured with the same IP configurations as on previous occasions. BOOTstrap Protocol (BOOTP) is a host configuration protocol that was designed before DHCP. BOOTP was designed to configure diskless workstations with IP configurations. BOOTP does not lease IP configurations as DHCP does. Instead, a BOOTP server permanently assigns IP configurations to a BOOTP client. When a BOOTP client is started, the BOOTP server always assigns the same IP configurations to the BOOTP client. Hypertext Transfer Protocol (HTTP) is used to transfer Web pages on a TCP/IP network. Simple Mail Transfer Protocol (SMTP) is used to transfer e-mail messages on a TCP/IP network. Internet Printing Protocol (IPP) is used to enable network printing through a TCP/IP network such as the Internet. HTTP, SMTP and IPP are not used to automatically configure hosts on a TCP/IP network with IP settings. Objective: Networking Concepts https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 103/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Explain the purposes and uses of ports and protocols. References: TCP/IP Dynamic Host Configuration Protocol (DHCP), http://www.tcpipguide.com/free/t_TCPIPDynamicHostConfigurationProtocolDHCP.htm Question #97 of 200 Question ID: 1289168 Your company has decided to implement IPSec for all remote connections. Which three statements are true of Internet Protocol Security (IPSec)? (Choose three.) A) IPSec uses encapsulation security payload (ESP) and authentication header (AH) as security protocols for encapsulation. B) IPSec can work in either in tunnel mode or transport mode. C) The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions. D) The IPsec framework uses L2TP as the encryption protocol. E) IPSec ensures availability of information as a part of the CIA triad. Explanation Internet Protocol Security (IPSec) is an Internet Engineering Task Force (IETF) protocol and a security standard commonly implemented to create virtual private networks (VPNs). IPSec can operate in tunnel mode or transport mode. In transport mode, only the payload, that is, the message part of a packet is encrypted by encapsulating security payload (ESP). In IPSec tunnel mode, the entire packet including the packet header and the routing information is encrypted. IPSec tunnel mode provides a higher level of security. Either of the two modes can be used to secure gateway-to-gateway (site-to-site), host-to-gateway (host-to-site), or host-to-host communication. If used in gateway-to-host communication, the gateway must act as the host. IPSec allows packets to be securely exchanged over the Internet Protocol (IP) at the OSI Network layer rather than at the Application layer. While the IETF developed the standard, Cisco has contributed to its emergence. Cisco routers have support for IPSec built into the product. IPSec uses ESP and authentication header (AH) as security protocols. AH provides the authentication mechanism, and ESP provides encryption, confidentiality, and message integrity. IPSec sets up a secure channel that uses a strong encryption and authentication method between two network devices, such as routers, virtual private network (VPN) concentrators, and firewalls. IPSec can provide security between any two network devices running IPSec, but its chief implementation is in securing VPN communications. IPSec provides security by protecting against traffic analysis and replay attacks. IPSec is primarily implemented for data communication between applications that transfer data in plaintext. IPSec secures the network device against attacks through encryption and encapsulation. The IPSec does not use the L2TP protocol to encrypt messages. L2TP is used for secure communication in VPN networks and is a hybrid of Layer 2 Forwarding (L2F) and Point-to-Point Tunneling Protocol (PPTP). IPSec ensures integrity and confidentiality of IP transmissions but cannot ensure availability of the information. Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 104/212 4/18/22, 4:08 PM N10-007 Exam Simulation protocols inside virtual point-to-point links over an Internet Protocol internetwork. GRE is an alternative to using IPSec. Another VPN implementation is a Secure Sockets Layer (SSL) VPN. An SSL VPN is a VPN that can be used with a standard Web browser. In contrast to an IPsec VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: What is IPSec?, http://technet.microsoft.com/en-us/library/cc776369.aspx CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks Question #98 of 200 Question ID: 1123507 Which of the following attacks directs user traffic to a malicious web site without any outside communication from an attacker? A) Phishing B) ARP poisoning C) DNS poisoning D) Ransomware Explanation DNS poisoning, also known as DNS cache poisoning, can direct user traffic to a malicious web site. The attack is accomplished by inserting a bogus record in the DNS server cache, redirecting traffic from the "good" web site to the malicious web site. Phishing is the action of sending out an email that is designed to trick the user into giving up their personal information. That information is then exploited by criminal. Phishing emails appear to come from legitimate companies, and when the user clicks on a link in the email, the user is directed to a website that appears authentic. The user then fills in account information, which is captured by the criminal. However, this attacks requires outside communication from the attacker of some sort. Address Resolution Protocol (ARP) poisoning occurs when an attacker sends counterfeit messages on the network, resulting in the replacement of a legitimate user's MAC address with the attacker's MAC address. Once that happens, the attacker will begin receiving traffic destined for the legitimate user. Ransomware is an attack that holds a computer hostage until the user pays a fee. The attacks often begin as an urgent email, where the user is directed to click a link or open a document to resolve the issue. Once the user completes the action, malicious software is installed on the user's computer, often locking the user out of the system until a fee is paid. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 105/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Network Security Sub-Objective: Summarize common networking attacks. References: 3 Common DNS Attacks and How to Fight Them, https://www.calyptix.com/top-threats/3-common-dns-attacks-and-how-to-fightthem/ CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #99 of 200 Question ID: 1123555 You need to obtain the current protocol statistics and port connections for Windows and UNIX/Linux computers. Which tool should you use? A) netstat B) nbtstat C) ping D) tracert Explanation Netstat is a TCP/IP utility that you can use to determine the computer's inbound and outbound TCP/IP connections. It displays current connections and their listening ports. Ping is a Windows and UNIX/Linux command that is used to test a connection between two computers. Issuing nbtstat at a Windows command prompt will show NetBIOS information. Issuing tracert at a Windows command prompt will trace the route a packet takes from the source computer to the destination host. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Netstat, http://searchnetworking.techtarget.com/sDefinition/0,sid7_gci1270289,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 106/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #100 of 200 Question ID: 1123290 Your company has decided to implement a wireless network. The wireless network users must be able to connect to resources on your internal network, including file, print, and DHCP services. All wireless clients will run the Windows operating system. What should you implement? (Choose all that apply.) A) Infrastructure mode B) Ad hoc mode C) Static IP addresses D) A wireless access point E) APIPA Explanation Infrastructure mode allows wireless computers to connect to a LAN, WAN, or the Internet. This means that infrastructure mode wireless computers can access all computers on the LAN, WAN, and Internet. Infrastructure mode is much more expensive to implement than ad hoc mode because you must configure wireless access points. While infrastructure mode is harder to set up and configure, it is much easier to manage than ad hoc mode. Ad hoc mode allows wireless computers to be configured much more quickly than infrastructure mode. Ad hoc mode wireless computers all participate in the same network. This means that the ad hoc wireless computers can access each other, but cannot access network resources on a LAN, WAN, or Internet. Ad hoc mode is much cheaper than infrastructure mode to implement. In addition, it is easy to set up and configure and can provide better performance than infrastructure mode. However, it is difficult to manage an ad hoc mode wireless network. Static IP addresses should not be implemented because the corporate network contains a DHCP server. APIPA should not be used for the same reason. In addition, APIPA is utilized only if a DHCP server is not found. Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. References: A Guide to Ad-Hoc Mode in Networking, https://www.lifewire.com/ad-hoc-mode-in-wireless-networking-816560 Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=4 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #101 of 200 Question ID: 1123260 You want to enable port authentication on your network switches. On which setting is port authentication based? https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 107/212 4/18/22, 4:08 PM N10-007 Exam Simulation A) port number B) MAC address C) protocol D) IP address Explanation Port authentication on your network switches is based on the switch's MAC address. If the switch is not specifically configured with a MAC address, the MAC address communication is not allowed through the switch port. Port authentication on a switch is not based on the IP address, protocol, or port number. For the Network+ exam, you also need to understand managed versus unmanaged switches. Managed switches give you more control over your traffic and offer advanced features to control that traffic. An unmanaged switch simply allows Ethernet devices to communicate with one another. They are shipped with a fixed configuration and do not allow any changes to this configuration. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: Port-based Authentication, http://www.mcmcse.com/cisco/guides/port_based_authentication.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features Question #102 of 200 Question ID: 1123353 You are installing the wiring for a small office. You want to connect the fifty computers in the office to the switch. The Cat6 cables that you plan to use have RJ-45 connectors on both ends. Which component should you use? A) 110 block B) demarcation extension C) 66 block D) patch panel Explanation You should use a patch panel to connect the fifty computers in the office to the switch using Cat6 cables with RJ-45 connectors on both ends. Patch panels help with cable management. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 108/212 4/18/22, 4:08 PM N10-007 Exam Simulation You should not use a 66 block or 110 block because these devices require that the cable be directly terminated into the device. If the cables are terminated with a jack, such as an RJ-45 connector, a patch panel should be used. You should not use a demarcation extension. A demarcation extension, often called a demarc extension, is used to extend a leased line from its original demarcation point, often called a demarc. For example, suppose your network was located in a suite on the 48th floor of a building and that the Internet Service Provider (ISP) technician connected your leased T1 line demarcation to a central wiring closet located near the elevator shaft. If you needed to connect your suite to that demarcation point, a demarcation extension should be used. Another component is wiring distribution is a smart jack. A smart jack terminates a PRI/T1 at your location. The provider designates everything connected to the inside of the smart jack as the local loop. The local loop equipment typically is the customer's responsibility. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: Patch panel, http://en.wikipedia.org/wiki/Patch_panel Question #103 of 200 Question ID: 1289110 Your company decides to implement a WLAN for usage by visitors. Management has requested that you implement a WLAN that supports a maximum of 11 Mbps data rate. Which WLAN technology supports this data transmission rate? A) 802.11g B) 802.11e C) 802.11a D) 802.11b Explanation The 802.11b wireless local area network (WLAN) technology supports maximum data rates of 11 Mbps. 802.11b WLAN clients, access points, and bridges use the Direct Sequence Spread Spectrum (DSSS) for transmission through RF ports. DSSS radio transmission provides data rates between 1 Mbps and 11 Mbps. DSSS uses three types of modulation schemes for Radio Modulation: Binary Phase Shift Keying (BPSK) for transmitting data rates at 1 Mbps. Quadrature Phase Shift Keying (QPSK) for transmitting data rates at 2 Mbps. Complementary Code Keying (CCK) for transmitting data rates at 5.5 Mbps and 11 Mbps. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 109/212 4/18/22, 4:08 PM N10-007 Exam Simulation 802.11a WLANs work in the 5-GHz Industrial, Scientific and Medical (ISM) frequency band with Orthogonal Frequency Division Multiplexing (OFDM). OFDM supports a maximum data rate of 54 Mbps. 802.11g WLANs work in the 2.4-GHz frequency band and supports a maximum data rate of 54 Mbps. 802.11g is compatible with 802.11b. 802.11g hardware will work on an 802.11b network, and vice versa. 802.11e is a specification that was implemented to add quality of service (QoS) features to the 802.11 specification. 802.11n is a specification that was designed to replace 802.11a, 802.11b, and 802.11g. To achieve maximum throughput, 802.11n should be implemented in the 5-GHz ISM frequency, but can be operated at the 2.4-GH ISM frequency for backwards compatibility. This frequency is capable of up to 600 Mbps. 802.11provides faster throughput using multiple input, multiple output (MIMO) and channel bonding. But if you implement an 802.11n wireless card on an existing wireless network and achieve only 11 Mbps with full signal strength, the network is implementing 802.11b, making the network only capable of the lower speed. Objective: Networking Concepts Sub-Objective: Given a scenario, implement the appropriate wireless technologies and configurations. References: Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=2 Cisco Internetworking Technology Handbook: Introduction to QAM, http://www.cisco.com/en/US/docs/internetworking/technology/handbook/wireless.html#wp1020600 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #104 of 200 Question ID: 1289170 You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: The VPN gateway should require the use of Internet Protocol Security (IPSec). All remote users must use IPSec to connect to the VPN gateway. No internal hosts should use IPSec. Which IPSec mode should you use? A) host-to-gateway B) host-to-host C) gateway-to-gateway D) This configuration is not possible. Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 110/212 4/18/22, 4:08 PM N10-007 Exam Simulation You should deploy host-to-gateway IPSec mode. In this configuration, the VPN gateway requires the use of IPSec for all remote clients. The remote clients use IPSec to connect to the VPN gateway. Any communication between the VPN gateway and the internet hosts on behalf of the remote clients does not use IPSec. Only the traffic over the Internet uses IPSec. In host-to-host IPSec mode, each host must deploy IPSec. This mode would require that any internal hosts that communicate with the VPN clients would need to deploy IPSec. In gateway-to-gateway IPSec mode, the gateways at each end of the connection provide IPSec functionality. The individual hosts do not. For this reason, the VPN is transparent to the users. This deployment best works when a branch office or partner company needs access to your network. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: IPSec Overview Part Two: Modes and Transforms, http://www.ciscopress.com/articles/article.asp?p=25477 CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks Question #105 of 200 Question ID: 1289232 You install a network analyzer to capture your network's traffic as part of your company's security policy. Later, you examine the captured packets and discover that the only packets that were captured are from Subnet 1. You need to capture packets from all four subnets on your network. Two routers are used on your network. What could you do? (Choose two. Each answer is a complete solution.) A) Install the network analyzer on a router. B) Install the network analyzer on the firewall. C) Install the network analyzer on all four subnets. D) Install a port scanner. E) Install a distributed network analyzer. Explanation You could either install the network analyzer on all four subnets, or install a distributed network analyzer. Standard network analyzers only capture packets on the local subnet. To capture packets on a multi-subnet network, you could install the network analyzer on all four subnets. Alternatively, you could purchase a network analyzer that can capture all packets across the subnets. Typically, a distributed network analyzer consists of a dedicated workstation network analyzer installed on one subnets and software probes installed on the other subnets. You should not install a port scanner. A port scanner reports which ports and services are being used on your network. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 111/212 4/18/22, 4:08 PM N10-007 Exam Simulation You should not install the network analyzer on a router. This will only allow you to capture packets on the subnets connected to the router. The scenario indicates that there are two routers on your network. You would need to install the network analyzer on both routers. You should not install the network analyzer on the firewall. This will only allow you to capture packets on the subnets connected to the firewall. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Network Monitoring Tools, http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #106 of 200 Question ID: 1289123 You must propose a cabling scheme for your company's new location. Several departments are located on the same floor with a maximum distance of 61 meters (200 feet) between departments. You want a relatively easy, low-cost installation with simple connections. Which type of cabling would you propose? A) ThinNet B) ThickNet C) Fiber-optic D) Twisted-pair Explanation Twisted-pair cabling is the least expensive cabling media. Because unshielded twisted-pair (UTP) is commonly used in telephone systems, it is mass-produced, making it inexpensive and widely available. In addition, twisted-pair cabling is very easy to work with, meaning that very little training is required for its installation. As in telephone systems, twisted-pair cabling uses Registered Jack (RJ) connectors to connect cables to components. Computer networks use the larger RJ-45 connectors, which are very similar to the commonly known RJ-11 connectors used in telephone systems; this adds to the simplicity of installing twisted-pair. Twisted-pair has a maximum length of 100 meters (328 feet), which will work for the company in the scenario because the offices are located within 61 meters (200 feet) of each other. It is important to note that twisted-pair is the networking-cable type most susceptible to attenuation, which is why its maximum distance is 100 meters (328 feet). https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 112/212 4/18/22, 4:08 PM N10-007 Exam Simulation The following is a table of network media comparisons: Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: CCNA: Network Media Types > Twisted-Pair Cable, http://www.ciscopress.com/articles/article.asp?p=31276 CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #107 of 200 Question ID: 1123438 You need to configure IPSec to digitally sign and encapsulate each packet within another packet. Which of the following should you implement? https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 113/212 4/18/22, 4:08 PM N10-007 Exam Simulation A) AH protocol in tunnel mode B) ESP protocol in transport mode C) ESP protocol in tunnel mode D) AH protocol in transport mode Explanation Internet Protocol Security (IPSec) can be used in tunnel mode with the Authentication Header (AH) protocol to digitally sign and encapsulate each packet sent from the network within another packet. A tunnel is a network communications construct that transports encapsulated packets. AH does not really protect the packet information. Therefore, a simple packet sniffer can still read the packet contents. IPSec can be used in transport mode with AH to digitally sign and encrypt packets sent between two hosts. AH provides an authentication security mechanism. Transport mode does not encapsulate packets within other packets. Encapsulating Security Payload (ESP) can be used with IPSec to encrypt IPSec packets. ESP is not used to digitally sign packet headers. ESP works in tunnel mode and transport mode. ESP protects the packet information using encryption. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks Question #108 of 200 Question ID: 1123502 Which social engineering attack is typically considered the most dangerous? A) physical penetration B) Trojan horse C) dumpster diving D) social engineering Explanation Physical penetration is a social engineering attack that is typically considered the most dangerous attack that a targeted hacker can use. A targeted hacker chooses a specific organization or target to attack. In a physical penetration attack, a targeted hacker enters the premises of an organization and gains access to computer systems or plugs a laptop computer into an organization's internal network. A physical penetration attack is considered the most dangerous type of targeted hacker attack because computer network equipment is typically not well protected inside an organization's physical location. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 114/212 4/18/22, 4:08 PM N10-007 Exam Simulation In a dumpster diving attack, a hacker searches through an organization's trash for sensitive information, such as user names, passwords, and documents that were intended to be kept secret. A social engineering attack occurs when a hacker pretends to be a member of an organization in an attempt to gain sensitive information about an organization's network or operations. A hacker can perform social engineering by using methods such as instant messaging, the telephone, and face-to-face communications. Employees should be trained to require some form of identification before giving sensitive information about a company to a stranger. To protect your network against social engineering attacks, you should enforce the security policy, provide user education, and limit available information. A Trojan horse is a malicious program typically sent as an e-mail attachment that appears to the end user as a benign application. A Trojan horse can be programmed to send sensitive information to a hacker. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: Two methodologies for physical penetration testing using social engineering, http://doc.utwente.nl/69064/1/Pentesting_methodology.pdf Question #109 of 200 Question ID: 1289061 You are using DSL to connect to the Internet. You recently set up firewall software to protect your computer's resources from external users. After setting up the firewall software, you can no longer access Web sites by name. What is the problem? A) You have a DHCP server on the network. B) Your firewall software is blocking port 53. C) Your firewall software is blocking port 25. D) You do not have a static IP address. Explanation Port 53 is the port associated with the Domain Name Service (DNS). If this port is blocked by firewall software, you will not be able to access computers on the Internet by their fully qualified domain names (FQDNs), such as www.comptia.org or www.kaplanittraining.com. With DSL service, you do not have to have a static IP address. It is not required for accessing Web sites by name. If you have a DHCP server on the network, IP addresses on your network are automatically configured. This would not affect the ability to connect to Web sites on the Internet. Port 25 is associated with the SMTP protocol and would not cause this problem. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 115/212 4/18/22, 4:08 PM N10-007 Exam Simulation For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications Blocking port 53 TCP, http://taosecurity.blogspot.com/2007/09/blocking-port-53-tcp.html Network Ports Used by DNS, http://technet.microsoft.com/en-us/library/dd197515.aspx Question #110 of 200 Question ID: 1289266 The network you administer is a Fast Ethernet network. Wall outlets are connected to patch panels by 90-meter cables. Patch panels are connected to switches by 5-meter cables. The network uses Category 5 unshielded twisted-pair (CAT 5 UTP) cable. You use a 15-meter patch cable to connect a server named Shipping to a wall outlet. You connect the Shipping computer to the network, start the computer, and properly configure it. However, clients cannot connect to the Shipping server. Clients can connect https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 116/212 4/18/22, 4:08 PM N10-007 Exam Simulation to other servers on the network. What will most likely solve the connection problem? A) replacing the 15-meter patch cable with a 10-meter patch cable B) replacing the 15-meter patch cable with a 3-meter patch cable C) replacing the CAT 5 UTP with CAT 1 UTP D) replacing the CAT 5 UTP with CAT 3 UTP Explanation On a Fast Ethernet network that uses unshielded twisted-pair (UTP) cables, such as a 100BaseTX Ethernet network, the maximum length of the cable between a computer and a switch or hub is 100 meters. In this scenario, the total length of cable between the Shipping server and the switch is 110 meters. You can solve the connection problem in this scenario by replacing the 15-meter patch cable that connects the Shipping server to the wall outlet with a patch cable that is no more than 5 meters in length. Db loss in cabling (also called attenuation) occurs because the voltage decays slowly as the current travels the length of the cable. If you replace the 15-meter patch cable with a 10-meter patch cable, then the connectivity problem will still occur because the overall cable length between the server and the switch will still exceed 100 meters. The following diagram illustrates the recommended cabling lengths for twisted-pair Ethernet. The switch and patch panel are usually located within a telecommunications closet. A basic patch panel does not normally contribute any networking services; it simply serves as a junction box between the switch and the various nodes on the network. A patch panel provides a convenient interface from which you can arrange and rearrange connections between the switch and the nodes. Distance issues are caused when cable lengths exceed the maximum distance allowed by a particular media type. Ensure that your cable runs do not exceed the maximum distance allowed. Repeaters could also be used to prevent this problem. A 100BaseTX Ethernet network requires at least CAT 5 UTP cable. CAT 1 and CAT 3 UTP cannot support signaling on a 100BaseTX network. If you replaced all of the cable on the network with lower-grade cable, then none of the computers would be able to connect to the network. Physical connectivity problems include the following: Bad connectors Bad wiring Open circuits or short circuits Split cables Transmit (TX)/Receive (RX) ends reversed Cable placement https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 117/212 4/18/22, 4:08 PM N10-007 Exam Simulation EMI/Interference Cross-talk Db loss and attenuation Distance limitations Incorrect termination (mismatched standards) Split pairs Bad SFP/GBIC (cable or transceiver) Often network cable testers can identify any of the above problems. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #111 of 200 Question ID: 1123564 You are troubleshooting a network connectivity problem on a Windows 7 Enterprise computer, and you need to view the MAC address for the NIC installed in the computer. Which command should you use? A) the arp command B) the ipconfig /all command C) the ping command D) the tracert command Explanation Of the commands listed, you should use the ipconfig /all command to view the media access control (MAC) address of the network interface card (NIC) installed in the Windows 7 Enterprise computer. The MAC address for the Ethernet adapter appears on the line entitled Physical Address. TCP/IP uses Address Resolution Protocol (ARP) to resolve IP addresses to MAC addresses so that TCP/IP and Ethernet, or another Physical layer protocol, can interoperate. The arp command will not display the MAC address for the NIC in your Windows XP computer. If you issue the arp -a command, then you can view the ARP cache for the computer, which displays the IP address and its corresponding MAC address for all entries in the cache. The tracert command and the ping command, when issued without switches, will display directions for using these commands. You can use the tracert command with various switches and variables to determine the route a packet takes through a TCP/IP network, and you can use the ping command with various switches and variables to test connectivity between hosts. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 118/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #112 of 200 Question ID: 1289180 Which four of the following statements explains why training employees about proper licensing and use of an organization's software and hardware is important? (Choose four.) A) To practice good organizational ethics and governance B) To prevent unauthorized or improper consumption of licenses C) To make effective use of automated license management D) To promote minimal consumption of licenses E) To comply with license restrictions or limitations F) To avoid liability from violating license rules or restrictions Explanation Training employees about proper licensing and use of an organization’s software and hardware includes the following: To prevent unauthorized or improper consumption of licenses To avoid liability from violating license rules or restrictions To comply with license restrictions or limitations To practice good organizational ethics and governance While promoting minimal consumption of licenses can be good for the bottom line, it has nothing to do with honoring or disregarding licensing restrictions. Minimal licensing consumption is usually an IT department issue, not an issue for other employees. Making effective use of automated license management can check to ensure that licensing restrictions are observed and complied with, but has nothing to do with honoring or disregarding them. Automated licensing is usually an IT department issue. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 119/212 4/18/22, 4:08 PM N10-007 Exam Simulation Making Sense of Software Licensing https://www.techsoup.org/support/articles-and-how-tos/making-sense-of-software-licensing TLDRLegal-Software Licenses Explained in Plain English https://tldrlegal.com/ A simple guide to understanding software licensing (Microsoft, PDF) http://download.microsoft.com/documents/australia/licensing/licenseguide.pdf CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Best Practices Question #113 of 200 Question ID: 1123470 Which of these controls could be used to trigger an alarm in the event of unauthorized entry into a room or building? A) Tamper detection B) Motion detection C) Smart cards D) Asset tracking tags Explanation Motion detection sensors could be used to trigger an alarm in the event of unauthorized entry into a room or building. Motion detection is the process of installing security devices that would detect movement and set off an alarm, create an alert, or even trigger video recording. For example, if a business is closed over the weekend, the business can set up a motion detection system to detect unauthorized activity in the premises during the closed period. Tamper detection involves implementing a method to determine if something has been altered without authorization. The method could be something as simple as a seal over a door. If the seal is broken, the door has been opened. Tamper detection can also be used in surveillance cameras. If a camera is struck (changing its field of view) or no longer transmitting, an alert can be sent to the monitoring console indicating that the camera has been tampered with. Tamper detection is commonly used on computer cases so that technicians can detect if the case has been opened. Most tamper detection is manual and does not provide any mechanism where an alarm is triggered. Smart cards provide authentication using something you have in your possession. Items that fit within the "something you have" authentication factor category include key fobs and USB dongles. While smart cards provide authentication, they do not trigger alarms when unauthorized entry into a facility is detected. Asset tracking tags are used to assign a number to particular piece of equipment (an asset) and monitor where the asset is. Asset tags can be labels with barcodes or QR codes, or be equipped with radio frequency identification (RFID) chips that provide electronic tracking. Asset tags can be used with geofencing to prevent devices from leaving a certain area, or with geolocation to ensure that the asset can be located within a certain area. However, an asset tracking tag would not detect motion within a facility. Motion detection, video surveillance, asset tracking tags, and tamper detection are all considered to be physical security detection devices. They detect when a security event has occurred. Objective: Network Security https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 120/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Summarize the purposes of physical security devices. References: How Does an Alarm Motion Sensor Work?, https://www.cpss.net/about/blog/2013/11/how-does-an-alarm-motion-sensor-work/ CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks Question #114 of 200 Question ID: 1289139 You are explaining the function of a multi-layer switch to several junior administrators. On which data can multi-layer switches make routing decisions? (Choose all that apply.) A) IP address B) MAC address C) protocol D) port number Explanation A multi-layer switch, which operates at Layers 2, 3, and 4 of the OSI model, can make routing decisions based on the following criteria: MAC address - a Data Link layer (Layer 2) function IP address - a Network layer (Layer 3) function Protocol - a Network layer (Layer 3) function Port number - a Transport layer (Layer 4) function A multi-layer switch has 24 collision domains. You can also purchase switches that offer services at only one layer of the OSI model. Layer 2 switches only route based on the MAC address. Layer 3 switches route based on the IP address or protocol. Layer 4 switches only route based on the port number. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: LAN Switching and Switch Types, http://www.tech-faq.com/lan-switching-and-switch-types.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Network Infrastructure Devices https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 121/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #115 of 200 Question ID: 1123245 Your company uses a single global IP address that maps to the company's local IP addresses. When requests are sent from the internal network to destinations outside the company, those requests are mapped from the IP address of the local host that made the request to the global IP address. Which term describes this process? A) Network Address Translation (NAT) B) Network Access Server (NAS) C) Network File System (NFS) D) Network Access Point (NAP) Explanation NAT is a service that translates one or more global IP addresses to local IP addresses. This mapping is done through the NAT router. For example, if a request is sent from the internal network to a destination outside the company, that request will be mapped to the global IP address and then sent outside the company's network. To the outside world, only the global IP address is known. NAT increases the security of a network because it hides the IP addresses of internal hosts from the Internet or other public network. NFS is an application that allows a network client to access and manipulate a file on another network client remotely. NAP is one of the main connection points of the Internet's backbone. NAS is a server used by an Internet Service Provider (ISP) to connect its clients to the Internet. For the Network+ exam, you also need to understand Destination NAT (DNAT) and Static NAT (SNAT). DNAT transparently changes the destination IP address of an end route packet and performs the inverse function for any replies. SNAT is a counterpoint to DNAT. Port forwarding or port mapping, an application of NAT, redirects a request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. Port forwarding allows remote computers to connect to a specific computer or service within a private network. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 6: Routing IP Packets, Address Translation Network Address Translation, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214107,00.html https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 122/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #116 of 200 Question ID: 1289081 You have been hired as a network administrator for a large corporation. This network includes a large number of switches that must be identically configured. In the past, this information has been configured manually. You want to automatically propagate the VLAN information to all switches on the LAN. What should you use? (Choose two.) A) STP B) VTP C) 802.1q D) link aggregation Explanation To automatically propagate VLAN information to all switches on the LAN, you should use VLAN Trunking Protocol (VTP), which is also referred to as 802.1q. VTP configuration will prevent the VLAN information from having to be manually configured on all of the switches. VTP allows two switches to share VLAN information. One of the VLANs is called a native VLAN, also referred to a default VLAN. Frames belonging to the native VLAN are sent unaltered over the trunk with no tags. However, to distinguish other VLANs from one another, the remaining VLANs are tagged. The native VLAN will default to VLAN 1. To separate out any of your user traffic from your network management traffic, you may want to change the native VLAN number to be some other value. Changing your native VLAN is a common mitigation technique. The VTP information is carried over a trunk connection that is implemented based on the 802.1q standard. This allows traffic for multiple VLANs to travel over a single connection. Link aggregation combines multiple physical connections into a single logical connection, thereby alleviating congestion on the physical connections. Spanning Tree Protocol (STP) is used to prevent loops by blocking data from flowing over one or more switch ports. There are two types of STP: spanning tree (802.1d) and rapid spanning tree (802.1w). 802.1d is an older standard that was designed when a minute or more of lost connectivity was considered acceptable downtime. In Layer 3 switching, switching now competes with routed solutions where protocols such as Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) provide an alternate path in less time. A layer 3 switch is the best option when you need to re-route multicast and unicast communication caused by a disruption of service when a network is failing redundancy at the main distribution frame (MDF). The 802.1w protocol was developed to improve performance. 802.1w bridges are fully distributed while 802.1d switches agree on a root port. This root port acts differently than the other switches and is responsible for the network's connectivity. 802.1w defines roles for the ports and a new bridge protocol data unit (BPDU) format, which introduces the proposal/agreement mechanism. BPDU's handling and convergence is different in each protocol. 802.1w introduces these new features: Rapid Transition To Forwarding State - includes new Edge Ports and Link Types variables. Uplink Fast - distinguishes between port roles and uses alternate ports. By default, unknown unicast and multicast traffic is flooded to all Layer 2 ports in a VLAN. This unknown traffic flooding can be prevented by blocking unicast or multicast traffic on the switch ports. However, keep in mind that there may be cases in which you need to use unicast or multicast traffic. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 123/212 4/18/22, 4:08 PM N10-007 Exam Simulation You can also configure forwarding and blocking on a switch port. If you configure forwarding, certain types of traffic based on the rules you configure will be forwarded to a certain port. If you configure blocking, certain types of traffic can be blocked from a switch port. For the Network+ exam, you also need to understand Link Aggregation Control Protocol (LACP), also referred to as 802.3ad. LACP supports automatic link configuration and prevents an individual link from becoming a single point of failure. With this protocol, traffic is forwarded to a different link if a link fails. You can manually or automatically assign the IP address for the switch. Automatic configuration uses a DHCP server to obtain the IP address and all other information that you have configured the DHCP server to assign. The DHCP server does not have to be on the same subnetwork as the switch. If you manually configure the IP address, you need to ensure that all settings are correct. Switches should be given their own IP address and default gateway to use so that they can be remotely managed. For IP address assignment for devices attached to the switch, some switches can also be configured to act as a DHCP server and assign IP addresses to attached devices. However, you must ensure that the DHCP ranges that are configured on the switch do not overlap the ranges on other DHCP servers. Otherwise, you may have a single IP address assigned to multiple hosts on the network, thereby affecting communication. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features Question #117 of 200 Question ID: 1289199 To segregate employee traffic and guest traffic on your wireless network, you have decided to implement a plan whereby guest traffic is quarantined in a separate part of the network. All employees have company-issued devices. What can you implement to ensure that only employees have access to the non-quarantined areas of the wireless network? A) MAC filtering B) Shared or open authentication C) TKIP-RC4 D) WPA Explanation Media Access Control (MAC) filtering allows the administrator to restrict device access to the network based on the MAC address associated with the Network Interface Card (NIC) on that device. The administrator can set up a permission list (filter) on the router where only devices with specific MAC addresses are allowed on the network. A MAC address is uniquely associated with a NIC, https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 124/212 4/18/22, 4:08 PM N10-007 Exam Simulation and is analogous to a Vehicle Identification Number (VIN) on an automobile. In essence, the MAC address is the serial number of the NIC. Shared authentication and open authentication were the two insecure methods of authentication utilized under Wired Equivalent Privacy (WEP). Neither of these allows you to limit access to certain areas of the network. Authentication for wireless can be configured to OSA or open system authentication (no authentication), shared key authentication (SKA), pre-shared key (PSK), or 802.1x/EAP. An open wireless network does not require any form of authentication. Wireless OSA does not use an encryption key. Under SKA, all of the clients used the same key, making the key very vulnerable to being cracked. Temporal Key Integrity Protocol-Rivest Cipher 4 (TKIP-RC4) is an encryption method that was designed to provide security enhancements to wireless networks using WEP. WEP was an extremely weak encryption standard. TKIP added a key distribution method whereby each transmission had its own encryption key, an authentication method to verify message integrity, and an encryption method called RC4 (Rivest Cipher 4). WEP is based on RC4, but was poorly designed and used a too-short IV of only 24 bits instead of the standard 64 bits used by RC4. Wi-Fi Protected Access (WPA) was an interim security improvement over WEP. WPA was later replaced by Wi-Fi Protected Access version 2 (WPA2), which is the most secure option for encrypting wireless. Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: https://www.linksys.com/us/support-article?articleNum=140065 Question #118 of 200 Question ID: 1289211 You have expanded the number of nodes on your network and have added a second 24-port switch. The new switch is in place and has sufficient port capacity for another six nodes in the future. What should you do to increase the security of the switch? A) Disable unused ports B) Use secure protocols C) Install patches and updates D) Upgrade firmware Explanation Disabling unused ports is an excellent way to secure a switch. You should only enable designated active ports needed for network connections. As an example, if you have a 24-port switch, but only 18 of those are needed for connected hosts, you should set the status of the other six ports to “disabled.” https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 125/212 4/18/22, 4:08 PM N10-007 Exam Simulation Upgrading firmware is one way to ensure that the network component is performing properly, or to the current standard. Firmware differs from a driver. A driver allows the hardware communicate with an operating system, such as Windows 10, Linux, or OSX. Firmware is the software that allows the hardware device to operate. A simplified example of one aspect of firmware would be the line of instruction on the NIC that causes the green light to blink when network traffic is present. Using secure protocols is paramount to network security. In SOHO networks, routers (as an example) are shipped with insecure protocols, such as WEP, enabled. While WEP is the easiest for consumer or novice to use while getting the network up and running, it is inherently insecure and should be disabled in favor of a more secure protocol such as WPA2. Installing patches and updates to the network hardware will ensure that the firmware is up to date and that any remedies to known security issues will be corrected. Objective: Network Security Sub-Objective: Given a scenario, implement network device hardening. References: Cisco Networking Academy's Introduction to Basic Switching Concepts and Configuration, http://www.ciscopress.com/articles/article.asp?p=2181836&seqNum=7 Question #119 of 200 Question ID: 1289253 As a new network technician, you have been given a flash drive that contains several commands that you will use on a regular basis. You need to match the command to their purpose. Move the correct items from the left column to the column on the right to match the commands to their purpose. {UCMS id=5175882110992384 type=Activity} Explanation The following commands have the following purposes ping - tests connectivity to a remote host ipconfig - displays network configuration settings for the local computer nslookup - verifies entries on a DNS server nbtstat - diagnoses problems with NetBIOS name resolution You should understand the purpose of these common troubleshooting tools. You should also familiarize yourself with the proper command syntax for these commands. Objective: Network Troubleshooting and Tools https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 126/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, use the appropriate tool. References: Using the ping command, http://technet.microsoft.com/en-us/library/cc737478(v=ws.10).aspx Ipconfig, https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig Nbtstat, http://technet.microsoft.com/en-us/library/cc940106.aspx Using nslookup.exe, http://support.microsoft.com/kb/200525 Question #120 of 200 Question ID: 1289291 The network administrator has changed the IP address of several servers on the network. Now a user named Jim is unable to connect to file shares on those servers using the computer name. You need to run the appropriate command(s) on Jim's computer to resolve the problem. Select the appropriate command(s) from the left and place them in the appropriate order on the left. Only select commands that are necessary for the scenario. The scenario may include one or more commands. Order is important. {UCMS id=6227585786707968 type=Activity} Explanation All you need to do is flush the contents of the client computer's DNS cache. You do this by running the following command: ipconfig /flushdns The ipconfig /all command will display all the TCP/IP settings for the computers. The ipconfig /registerdns command registers the computer's DNS host name with the DNS server. The ipconfig /displaydns command displays the contents of the computer's DNS cache. The ipconfig /renew command will renew the client's DHCP lease. The ipconfig /release command will release the client's DHCP lease. The ipconfig /showclassid command will display the DHCP class ID assigned to the client computer. The ipconfig /setclassid command will configure the DHCP class ID for the client computer. You should only select commands needed for the scenario. In some cases, only a single command may be necessary. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 127/212 4/18/22, 4:08 PM N10-007 Exam Simulation References: Ipconfig, https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig Question #121 of 200 Question ID: 1289239 You are investigating possible unauthorized access to a Windows Server 2008 computer. The first step in your company's investigation policy states that the current network connections must be documented. Which command should you use? A) ipconfig B) netstat C) tracert D) ping Explanation You should use the netstat command. This tool displays incoming and outgoing connections, routing tables, and network interface statistics. An example of the output of the netstat command is as follows: The command parameters that can be used with the netstat command are as follows: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 128/212 4/18/22, 4:08 PM N10-007 Exam Simulation The ping tool is used to test the availability of a computer over a network. You can ping computers based on their DNS host name or IP address. The ipconfig tool displays a computer's IP address, subnet mask, and default gateway. It can also be used to release and renew a Dynamic Configuration Host Protocol (DHCP) IP address lease. The UNIX equivalent tool is ifconfig. The tracert tool is used to determine the route a packet takes across a Windows IP network. UNIX computers have a similar tool called traceroute. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Netstat, http://www.netstat.net/ CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #122 of 200 Question ID: 1289145 Which of the following uses cells that are equally sized at 53 bytes each? A) ATM B) DMVPN C) SIP trunk D) PPPoE https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 129/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation Asynchronous Transfer Mode (ATM) is a network transmission model used in voice, video, and data communications that uses equally sized cells that are all 53 bytes long. The equal length of the data packets supports very high data rates. ATM is deployed in Optical Carrier (OC) backbone network segments. Point-to-Point Protocol over Ethernet (PPPoE) encapsulates Point-to-Point Protocol (PPP) frames over Ethernet. It is typically used in DSL to allow subscribers on Ethernet networks to connect over DSL modems. Dynamic Multiport Virtual Private Network (DMVPN) allows an organization to exchange data over a secure network of VPNs, without having to route the data through the organization’s primary VPN router. In essence, a DMVPN creates a mesh VPN topology. Session Initialization Protocol (SIP) trunking is used in Voice over IP telephony. The SIP trunk connects the incoming gateway with the customer’s Private Branch Exchange (PBX). Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: ATM In Computer Networks: History And Basic Concepts, https://fossbytes.com/atm-asynchronous-transfer-mode-history-basicconcepts/ Question #123 of 200 Question ID: 1289267 You have been hired as a network consultant by a company. You discover that the network's signal strength greatly weakens as traffic travels over the network medium due to absorption and scattering. What is the term for this tendency? A) Harmonic distortion B) Attenuation C) EMI D) Intermodulation distortion E) Refraction Explanation In networking, attenuation is the term for a loss of signal strength as data travels over the network medium (cable). The attenuation rate is often the deciding factor when selecting the medium to use for a particular length of network cable. Attenuation is also referred to a decibel (Db) loss. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 130/212 4/18/22, 4:08 PM N10-007 Exam Simulation For example, unshielded twisted-pair (UTP) cable has the greatest susceptibility to attenuation. This is why the maximum recommended segment length for UTP is limited to 100 meters (328 feet). ThinNet cable, on the other hand, has less susceptibility to attenuation; the signal can travel a distance of 185 meters (607 feet) before being adversely affected by attenuation. The opposite of attenuation is amplification. If you want to create a network that extends beyond the normally acceptable length of a particular cable type, you would need to install a signal amplifier. In networking terms, this amplifier is called a "repeater." All networks have a distance limitation based on the type of cable or wireless frequency that is used. If you attempt to go over this limitation is a single cable run without using a repeater, signal attenuation will occur. Use repeaters to increase the distance for wired networks. For wireless networks, you should move the connecting device closer to the wireless access point. Electromagnetic interference (EMI) occurs when objects, such as fluorescent lighting, interfere with transmission over copper cabling. Radio frequency interference (RFI) occurs when objects, such as cordless phones, interfere with transmission over wireless radio frequencies. Crosstalk is a specialized type of EMI caused by parallel runs of twisted-pair cables. The only solution to this problem is to change the path of the cables. Near end - Near-end crosstalk (NEXT) measures the ability of the cable to resist crosstalk. Most commercial cabling will give you the minimum NEXT values that are guaranteed. Far end - Far-end crosstalk (FEXT) measures interference between two pairs of a cable measured at the other end of the cable with respect to the interfering transmitter. EMI affects cable placement. You should arrange cables to minimize interference. Ideally, Ethernet cables should not be placed close to high voltage cables, generators, motors, or radio transmitters. Refraction is the bending of waves as they pass from one medium to another, due to a change in their speed. Harmonic distortion is the distortion of a wave by unwanted multiples of an original frequency, causing interruptions to the way the wave form behaves in electrical circuits, or sounds. Intermodulation distortion occurs when two different frequencies are simultaneously passed through an amplifier Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Attenuation, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci211613,00.html Question #124 of 200 Question ID: 1289280 A contractor is unable to connect to your wireless network using his 802.11g wireless adapter. What is the most likely problem? A) You have an 802.11a network. B) You are using an incorrect channel on your network. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 131/212 4/18/22, 4:08 PM N10-007 Exam Simulation C) You have an 802.11n network. D) You have an 802.11b network. Explanation It is most likely that you have an 802.11a network because 802.11g devices are incompatible with 802.11a networks. The frequency used by the different wireless networks is important. Some of them use the same frequency and can, therefore, be considered compatible. However, keep in mind any other devices, such as cordless phones, that can use the same radio frequency as they can cause interference.802.11g devices are compatible with 802.11b networks.802.11n networks allow the usage of 802.11a, 802.11b, or 802.11g devices. If you were using an incorrect channel on your network, other devices would have problems connecting to the network. For the Network+ exam, you need to understand the following wireless standard considerations: Throughput - Each wireless network type has a different maximum throughput. Keep in mind that this throughput is shared by all the devices connected to the wireless access point. Frequency - Each wireless network uses a certain frequency. Some network types may use the same frequency. Document the frequencies used when you implement any wireless network so that you can ensure that future wireless networks do not interfere with existing ones. Distance - All wireless access points will have a limited distance for their signal. You can increase and decrease the signal strength as needed, but the maximum distance will always remain. In most cases, companies decrease the signal strength to limit the area covered by the wireless network. Channels - Each wireless network can operate over several channels that can be used by that frequency. Research the frequency in use to determine the non-overlapping channels. While there may be 10 channels available, usually only three or four of the available channels are considered non-overlapping. Wireless access points that use the same frequency should be configured to use different non-overlapping channels. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Introducing Wireless LANs Question #125 of 200 Question ID: 1123262 Host A wants to communicate with Host B as shown in the following network exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 132/212 4/18/22, 4:08 PM N10-007 Exam Simulation Which three statements are true? (Choose three. Each answer is part of the solution.) A) Host A will send an ARP request for the router's MAC address. B) The switch will forward the frame to Host B. C) The switch will forward the frame to the router. D) Host A will send a frame with the destination MAC address of the router. E) Host A will send a frame with the destination MAC address of Host B. F) Host A will send an ARP request for Host B's MAC address. Explanation Host A will send out an ARP request for the MAC address of Host B. Host A will then send a data frame to the switch with a destination MAC address of Host B. Finally, the switch will forward the frame to Host B. Host A and Host B are connected to the same subnet, 192.168.1.32 /27, and are thus within the same VLAN. For this reason, traffic between the two hosts does not need to be sent to their default gateway to be routed. Hosts are able to ARP and build unicast frames for hosts on the same subnet. The switch will receive the frame and forward it to the appropriate host based on a MAC address table lookup. The router is not involved in this scenario. Host A will not send an ARP request for the router's MAC address because routing is not required between hosts on the same subnet. Host A will not send a frame with the destination MAC address of the router because routing is not required between hosts on the same subnet. The switch will not forward the frame to the router because routing is not required between hosts on the same subnet. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 133/212 4/18/22, 4:08 PM N10-007 Exam Simulation References: Routing Basics, http://docwiki.cisco.com/wiki/Routing_Basics Question #126 of 200 Question ID: 1123589 While reviewing recent performance reports from your network devices, you notice that there are a high number of corrupt packets reaching a router named Router34. What is most likely happening to them? A) The packets are causing the duplexing method to change. B) The packets are being forwarded to the next router upstream. C) The packets are being dropped. D) The packets are causing the interface to reset. Explanation Corrupt packets are being dropped. Packet drops occur for a variety of reasons, including packet corruption, speed mismatch, and duplex mismatch. Corrupt packets are not forwarded by network devices. An interface only resets when a power outage occurs or when an administrator initiates a reset. Packets cannot change the duplexing method. However, a packet that uses a different duplexing than is the network supports is usually dropped. As a network technician, you should perform interface monitoring. This includes being able to read errors and determine their cause, understand network utilization reports, determine discards and packet drops and their cause, perform interface resets, and ensure speed and duplex settings are appropriately configured. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Troubleshooting packet drops, https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10191.html Question #127 of 200 Question ID: 1289076 You are the network administrator for an organization whose network uses the Open Shortest Path First (OSPF) routing protocol. Which metric does this protocol use for optimal path calculation? A) Delay B) MTU C) Cost https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 134/212 4/18/22, 4:08 PM N10-007 Exam Simulation D) Hop count Explanation OSPF is a link-state routing protocol which uses cost as a metric for optimal path calculation. It is an open standard protocol based on Dijkstra's Shortest Path First (SPF) algorithm. Routing metrics are used by routing protocols to determine the lowest cost path to a network number, which is considered the optimal or "fastest" path. Cisco's implementation of OSPF calculates the cost (metric) of a link as inversely proportional to the bandwidth of that interface. Therefore, a higher bandwidth indicates a lower cost and a more favorable metric. The following are characteristics of OSPF: Uses Internet Protocol (IP) protocol 89. Has a default administrative distance of 110. Is an industry standard protocol (non-Cisco proprietary). Supports Non-Broadcast Multi-Access (NBMA) networks such as frame relay, X.25, and Asynchronous Transfer Mode (ATM). The default hello interval for NBMA networks is 30 seconds. Supports point-to-point and point-to-multipoint connections. Supports authentication. Uses 224.0.0.6 as multicast address for ALL D Routers. Uses 224.0.0.5 as multicast address for ALL SPF Routers. Uses link-state updates and SPF calculation that provides fast convergence. Recommended for large networks due to good scalability. Uses cost as the default metric. Maximum Transmission Unit (MTU), bandwidth, delay (latency), load, and reliability form a composite metric used by Interior Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP). IGRP is a distance vector routing protocol developed by Cisco Systems. Enhanced IGRP (EIGRP) is a Cisco-proprietary, hybrid routing protocol that combines features of both distance-vector and link-state protocols. Hop count is a metric used by Routing Information Protocol (RIP). The fewer hops between the routers, the better the path. For the Network+ exam, you also need to understand the following routing concepts and protocols: Loopback interface - allows you to test to ensure that the local network interface is working properly. The IPv4 address for the locate loopback is 127.0.0.1, and the IPv6 address for the loopback is ::1. By pinging this address, you can determine whether the local network interface is working. Routing loop - a network problem that happens when a data packet continually loops through the same routers over and over. This is a problem associated with Distance Vector Protocols, such as RIP and RIPv2. Methods for dealing with loops include: maximum hop count, split horizon, route poisoning, and hold-down timers. Routing table - a data table that lists the routes to particular network destinations. They can be stored on a router or computer. The routes that are included can be manually configured by using the appropriate routing command or can be automatically configured by the router. Default route - the route that takes effect when no other route can be determined for a given destination. All packets for destinations not established in the routing table are sent via the default route. In most cases, the default route is to the router closest to the computer. Interior Gateway Routing protocols versus Exterior Gateway Routing Protocols - protocols that route between autonomous systems or routing domains are referred to as Exterior Gateway Routing Protocols. Interior Gateway Routing Protocols https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 135/212 4/18/22, 4:08 PM N10-007 Exam Simulation discover paths between networks within the same organizational boundary, and EGPs discover paths between autonomous systems. Autonomous System (AS) Numbers - numbers assigned to network operators by the Internet Assigned Numbers Authority (IANA) and the Regional Internet Registries (RIRs). Route redistribution - when you take a route from one routing protocol and distribute it to another protocol. By default, routers only advertise and share routes with other routers running the same protocol. If you have an OSPF router and an EIGRP router and you want them to know each other's routes, you would implement route redistribution so the two different protocols can share and advertise routes to each other. High availability - can be ensured by implementing the following: Virtual Router Redundancy Protocol (VRRP) - a protocol that manages virtual routers. VRRP sets up VRRP clusters. Virtual IP - an address assigned to virtual routers. Hot Standby Router Protocol (HSRP) - a Cisco proprietary first-hop redundancy protocol (FHRP) designed to allow for transparent fail-over of the first-hop IP router. Route aggregation - minimizes the number of routing tables required in an IP network organizing network layer IP addresses in a hierarchical way so that addresses are topologically significant. Shortest Path Bridging (SPB) - a routing protocol that identifies loop-free shortest paths to help with traffic engineering. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 6: Routing IP Packets, Routing Protocol Examples Dynamic Routing Protocols, http://www.ciscopress.com/articles/article.asp?p=24090 Open Shortest Path First (OSPF), http://www.tcpipguide.com/free/t_OpenShortestPathFirstOSPF.htm Question #128 of 200 Question ID: 1123556 You are the network administrator for your company's network. All servers run Windows Server 2008. All workstations run Windows 7. The network diagram is shown in the following exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 136/212 4/18/22, 4:08 PM N10-007 Exam Simulation Workstation A2 is experiencing delays accessing Server B. Which utility should you run from Workstation A2 to determine the source of the slowdown? A) tracert B) netstat C) ping D) ipconfig Explanation The tracert utility will provide a listing of all routers through which data from Workstation A2 must pass on its way to Server B. If there are any problems along the way, they will show up in the output from the tracert command. The ping utility is used to determine whether a specific IP address is accessible. It works by sending a packet to the specified address and waiting for a reply. The ping utility is used primarily to troubleshoot Internet connections. It would not be useful in determining the source of the slowdown in this scenario. However, it can be used to troubleshoot connectivity to specific devices. Netstat is a TCP/IP utility that you can use to determine the computer's inbound and outbound TCP/IP connections. It displays current connections and their listening ports. It cannot be used to troubleshoot this problem. The ipconfig utility is used to display currently assigned TCP/IP network settings, such as IP address, subnet mask, and default gateway, on Windows computers. It can be run from a command prompt. When issued with the /all switch, ipconfig displays detailed information. It cannot be used to troubleshoot this problem. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 137/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #129 of 200 Question ID: 1149625 Which of the following attacks tricks the user in to giving up personal information? A) Phishing B) Brute force C) Deauthentication D) Ransomware Explanation Phishing is the action of sending out an email that is designed to trick the user into giving up personal information. That information is then exploited by criminal. Phishing emails appear to come from legitimate companies, and when the user clicks on a link in the email, the user is directed to a website that appears authentic. The user then fills in account information, which is captured by the criminal. All of the other attacks can take place without the user's knowledge, and therefore do not rely on tricking the user into taking an action that reveals personal information. Deauthentication attacks disassociate a user with a wireless access point, forcing them to retransmit their login credentials. A brute force attack attempts to guess the user's password. This attack differs from a dictionary attack by using additional (random) character combinations, often numbering in the millions. This attack takes significantly more time than a dictionary attack. Ransomware holds a computer hostage until the user pays a fee. The attacks often begin as an urgent email, where the user is directed to click a link or open a document to resolve the issue. Once the user completes the action, malicious software is installed on the user's computer, often locking the user out of the system until a fee is paid. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 138/212 4/18/22, 4:08 PM N10-007 Exam Simulation What Is Phishing?, http://www.phishing.org/what-is-phishing CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #130 of 200 Question ID: 1289157 Which option represents the amount of time that a system is expected to be operational over the course of a year? A) High availability B) Port aggregation C) Load balancing D) NIC teaming Explanation High availability refers to the amount of time that the system is expected to be operational over the course of a year. It is often expressed in nines, as in “5 nines,” which would mean the system is up 99.999% of the time. This translates to about 5 minutes and 15 seconds downtime per year, which may be too much downtime for some organizations. Load balancing is the process of diverting network traffic from a server with a heavy workload to a server with a lighter workload. A load balancer can be used to divert incoming web traffic, based on content, volume or other criteria, to specific servers. This will reduce the workload on the primary server. The destination server is determined by data in transport layer or application layer protocols. Distribution can be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest response time. NIC teaming is binding two or more network interface cards (NICs) so they appear as one. If one of the cards fails, the others still carry the traffic. Aggregation is also used for load balancing, and providing increased bandwidth. Port aggregation is binding two or more network ports so they appear as one. If one of the aggregated ports fails, the others still carry the traffic. Aggregation is also used for load balancing, and providing increased bandwidth. While NIC teaming can be thought of as a RAID for NICs, port aggregation can be thought of as a RAID for switch ports. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: High availability, http://searchdatacenter.techtarget.com/definition/high-availability CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability Question #131 of 200 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 139/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question ID: 1123423 Which of the following options would be the fastest to activate in the event of a disaster at the primary site? A) Port aggregation B) Cold site C) Hot site D) Warm site Explanation Hot sites would be the fastest to activate in the event of a disaster at the primary site. They have all the personnel, equipment, and software installed and running in an off-site location. Hot sites are typically mirrors of the original site. When a disaster occurs, operations are transferred to the hot site. Cold sites are a disaster recovery concept where you have a remote location procured. In the event of a disaster, then the equipment is installed and configured to get the enterprise back to a functional state. They are the slowest to activate because all the resources and personnel have to be installed and activated. Warm sites have all the equipment set up in an off-site location. When a disaster occurs, personnel are brought in, and the warm site is updated with the most current information from backups. They are better than cold sites, and not as expensive to operate as hot sites. Port aggregation is binding two or more network ports so they appear as one. If one of the aggregated ports fails, the others still carry the traffic. Aggregation is also used for load balancing, and providing increased bandwidth. Port aggregation is not a disaster recovery solution. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: Disaster recovery site options, http://searchdisasterrecovery.techtarget.com/tip/Disaster-recovery-site-options CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability Question #132 of 200 Question ID: 1289112 Your company needs to be able to provide employees access to a suite of applications. However, you do not want the employees to install a local copy of the applications. Which method should you use to deploy the suite of applications? A) IaaS B) virtualization https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 140/212 4/18/22, 4:08 PM N10-007 Exam Simulation C) SaaS D) PaaS Explanation You should use Software as a Service (SaaS) to deploy the suite of applications. This will ensure on-demand, online access to the suite without the need for local installation. Another example of this type of cloud computing deployment is when a company needs to give employees access to a database but cannot invest in any more servers. WebMail is an example of this cloud computing type. Virtualization hosts one or more operating systems (OSs) within the memory of a single physical host computer. This mechanism allows virtually any OS to operate on any hardware and allows multiple OSs to work simultaneously on the same hardware. Virtualization would not be the best choice here because it would limit the number of users who could access the application suite. In addition, the performance of the virtual machine would decline as more users simultaneously access the application suite. Platform as a Service (PaaS) is not the best choice here. PaaS is a platform that provides not only a deployment platform but also a value added solution stack and an application development platform. It provides customers with an operating system that is easy to configure. It is on-demand computing for customers. Infrastructure as a Service (IaaS) is not the best choice in this situation. IaaS is a platform that provides computer and server infrastructure typically provided as a virtualization environment. The platform would provide the ability for consumers to scale their infrastructure up or down by domain and pay for the resources consumed. This cloud computing model provides the greatest flexibility but requires a greater setup and maintenance overhead than the other cloud computing models. A part of the Network+ exam, CompTIA cover three main cloud models: SaaS, PaaS, and IaaS. The security control that is lost when using cloud computing is physical control of the data. The main difference between virtualization and cloud computing is location and ownership of the physical components. When virtualization is used, a computer uses its own devices to set up a virtual machine. When cloud computing is used, a company pays for access to another company's devices. Other cloud technologies that you need to be familiar with include: Private cloud - a cloud infrastructure operated solely for a single organization that can be managed internally or by a third party and host internally or externally. Public cloud - when the cloud is rendered over a network that is open for public use. Community cloud - shares infrastructure between several organizations from a specific community that can be managed internally or by a third party and hosted internally or externally. Hybrid cloud - two or more clouds (private, public, or community) that retain unique names but are bound together, offering the benefits of multiple deployment models. You also need to understand the following virtualization technologies: virtual switches, virtual routers, virtual firewall, virtual versus physical NICs, and software defined networking. Virtual devices perform the same functions as their physical counterparts. However, keep in mind that virtual devices share the resources of the physical device on which they are deployed. Therefore, with each new virtual device deployed, the performance of all the virtual devices deployed on that physical device degrades. While virtual NICs can make it appear that a machine has multiple NICs, each virtual device will still share only a single physical NIC, possibly causing performance issues. If you have a single physical computer configured with multiple virtual machines, you may want to install separate physical NICs for each virtual machine for increased throughput and load balancing. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 141/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Networking Concepts Sub-Objective: Summarize cloud concepts and their purposes. References: Could Computing Basic, http://cloudcomputingtechnologybasics.blogspot.com/2011/05/cloud-computing-comparing-saas-paasand.html CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Virtual Network Devices Question #133 of 200 Question ID: 1289072 You are the network administrator for your company. As part of your job, you must understand how data is transmitted through the different OSI layers. Move the OSI layers from the left column to the right column, and place them in the correct order, starting with Layer 1 at the top. {UCMS id=5110048852279296 type=Activity} Explanation The correct order for the layers in the OSI model is as follows: Layer 1 - Physical Layer 2 - Data Link Layer 3 - Network Layer 4 - Transport Layer 5 - Session Layer 6 - Presentation Layer 7 - Application Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: OSI Model, http://en.wikipedia.org/wiki/OSI_model CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model Question #134 of 200 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 Question ID: 1289101 142/212 4/18/22, 4:08 PM N10-007 Exam Simulation Which wireless communications mode enables wireless devices to communicate directly with each other? A) infrastructure B) transport C) ad hoc D) tunnel Explanation Ad hoc is a wireless communications mode that enables wireless devices to communicate directly with each other. The wireless networking technology is sometimes referred to as Wi-Fi. In infrastructure mode, wireless devices must communicate through wireless access points. Transport and tunnel modes are provided by Internet Protocol Security (IPSec) to securely transmit Internet Protocol (IP) packets. Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. References: Ad-hoc mode, http://compnetworking.about.com/cs/wirelessfaqs/f/adhocwireless.htm Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=4 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #135 of 200 Question ID: 1289194 You have been hired as a network security consultant. The company that hires you has had multiple incidents where their wireless network has been breached by hackers. You find out that they have a RADIUS authentication server that they use for the corporate VPN. You decide to recommend using RADIUS authentication for the wireless network. Which WPA version should you suggest? A) WPA B) WPA-PSK C) WPA2 D) WPA-Enterprise Explanation WPA-Enterprise requires the use of a RADIUS authentication server. WPA-Enterprise is intended for large networks. It is also referred to a WPA-802.1x.None of the other options is correct. WPA2 is more secure than WPA. WPA-Pre-shared Key (WPA-PSK), https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 143/212 4/18/22, 4:08 PM N10-007 Exam Simulation also known as WPA-Personal, is for use in small home or office networks. For the Network+ exam, you need to protect against the following wireless attacks or issues: Evil twin - occurs when a wireless access point that is not under your control is used to perform a hijacking attack. It is set up to look just like a valid network, including the same Set Service Identifier (SSID) and other settings. Rogue access point (AP) - occurs when a wireless attack that is not under your control is connected to your network. With these devices, they are not set up to look just like your network. This attack preys on users' failure to ensure that an access point is valid. You can perform a site survey to detect rogue APs. War driving - occurs when attackers seek out a Wi-Fi network with a mobile device or laptop while driving a vehicle. You can lower the signal strength to help protect against this attack. You should also turn off the broadcasting of the SSID and use WPA or WPA2 authentication. War chalking - occurs when attackers place Wi-Fi network information on the outside walls of buildings. Keep an eye out for this type of information by periodically inspecting the outside of your facilities. Bluejacking - the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Turning off Bluetooth when not in use is the best protection against this. Bluesnarfing - the unauthorized access of information from a wireless device through a Bluetooth connection. Once again, turning off Bluetooth when not in use is the best protection against this. WPA/WEP/WPS attacks - Any attacks against wireless protocols can usually be prevented by using a higher level of encryption or incorporating RADIUS authentication. Wired Equivalent Privacy (WEP) should be avoided because even its highest level of encryption has been successfully broken. Wi-Fi Protected Setup (WPS) allow users to easily secure a wireless home network but is susceptible to brute force attacks. Wi-Fi Protected Access (WPA) is more secure than WEP and WPS. WPA2 provides better security than WPA. Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: Wi-Fi Protected Access, http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Securing Wireless LANs Question #136 of 200 Question ID: 1289179 What is the aim of security awareness training? A) All employees excluding top management should understand the legal implications of loss of information. B) All employees in the IT department should be able to handle security incidents. C) All employees must understand their security responsibilities. D) All employees in the IT department should be able to handle social engineering attacks. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 144/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation The primary aim of security awareness training is to ensure that all employees understand their security responsibilities, the ethical conduct expected from them, and the acceptable use of an effective security program. It is important to understand the corporate culture and its effect on the security of the organization. User responsibilities for protection of information assets are defined in the organization's information security policies, procedures, standards, and best practices developed for information protection. Security awareness training may be customized for different groups of employees, such as senior management, technical staff, and users. Each group has different responsibilities and they need to understand security from a perspective pertaining to their domain. For example, the security awareness training for the management group should focus on a clear understanding of the potential risks, exposure, and legal obligations resulting from loss of information. Technical staff should be well versed regarding the procedures, standards, and guidelines to be followed. User training should include examples of acceptable and unacceptable activities and the implication of noncompliance. User training might be focused on threats, such as social engineering, which can lead to the divulgence of confidential information that may hamper business operations by compromising the confidentiality and the integrity of information assets. Staff members should particularly be made aware of such attacks to avoid unauthorized access attempts. End user awareness and training is the responsibility of management and should include training, policies, and procedures to ensure that organizational security is understood by all personnel. Before developing security awareness training, it is important that the corporate environment is fully understood. Let's look at an example. Suppose an organization notices that a large amount of malware and virus infections have occurred at one satellite office while there are hardly any at another almost identical office. If both sites are running the same company image and receive the same company group policies, then it is most likely that the office with the most incidents should have their end-user awareness training examined. End-user awareness training must be provided to all employees at all levels to provide the protection for the company. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks, User Training Question #137 of 200 Question ID: 1123345 You are looking at implementing several different 10GBase networks. You need to implement the one that offers the longest cable run because of the distances you must cover for your company's network. Which 10GBase specification should you select? A) 10GBaseLX4 B) 10GBaseLR C) 10GBaseER https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 145/212 4/18/22, 4:08 PM N10-007 Exam Simulation D) 10GBaseSR Explanation The 10GBaseER designation allows a maximum cable run of up to 40 kilometers (25 miles ).using single-mode fiber optic cable. The 10GBaseLR designation allows a maximum cable run of up to 25 kilometers (16 miles) using single-mode fiber optic cable. The 10GBaseSR designation allows a maximum cable run of up to 25 meters (85 feet), 82 meters (270 feet), or 300 meters (980 feet), depending on which multi-mode cable is used. The 10GBaseLX4 designation allows a maximum cable run of either 240 meters (790 feet) or 300 meters (980 feet) using either single-mode or multi-mode fiber optic cable.. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: 10GBase, http://www.ethermanage.com/ethernet/10gig.html Question #138 of 200 Question ID: 1289276 Management has decided to implement a diversity antenna system at its main headquarters. What is the advantage of using this system? A) A diversity antenna system avoids multipath distortion. B) A diversity antenna system increases the coverage area. C) A diversity antenna system increases the transmission power. D) A diversity antenna system adds more bandwidth. Explanation To avoid multipath distortion, you should use the diversity antenna system on 802.11b Wireless Local Area Network (WLAN) access points and bridges. Multipath distortion is caused by the reflection of radio frequency (RF) signal on surfaces while traveling between the transmitter and the receiver. The reflected signals reach the receiver with delay. This delayed signal adds distortion to the non-reflected signal that is received by the antenna. Multipath distortion can be avoided either by using an antenna diversity system or by changing the location of the antenna. To provide antenna diversity, each access point has two antenna connectors. With the antenna diversity system, the signal is received through both antennas and the best antenna is selected by comparing the distortion ratio. The antenna that receives the lowest distortion signal is selected as the best antenna. This antenna is used to receive the signal continuously until there is a failure in the received packet. If the received packet fails, the access point starts the process to select the best antenna again. Diversity antennas do not add more bandwidth, increase the coverage area, or increase the transmission power. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 146/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: Cisco > Multipath and Diversity > Diversity, https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/27147multipath.html#diversity Deploying License-Free Wireless Wide-Area Networks, http://www.ciscopress.com/articles/article.asp?p=31731&seqNum=4 Question #139 of 200 Question ID: 1289185 In the context of physical security, which statement related to security guard personnel is most appropriate? A) Security guard personnel are a cost effective countermeasure to reduce physical security risk. B) Security guard personnel are one of the administrative controls in a layered security architecture. C) Security guard personnel are the most expensive countermeasure for reducing the physical security risk. D) Security guard personnel act as the last line of defense in securing the facility infrastructure. Explanation Security guard personnel are the most expensive countermeasure used to reduce physical security risks. The cost of hiring, training, and maintaining them can easily outweigh the benefits. Security guard personnel, in combination with other physical security controls and technical controls such as fences, gates, lighting, dogs, CCTVs, alarms, and intrusion detection systems, act as the first line of defense in maintaining the security of a facility infrastructure . Security guards are the best protection against piggybacking. Mantraps also provide protection against piggybacking. The last line of defense is the remaining workforce of the company, excluding the security guards, in a layered security architecture. Personnel are an example of physical security controls and not administrative controls. Objective: Network Security Sub-Objective: Summarize the purposes of physical security devices. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 147/212 4/18/22, 4:08 PM N10-007 Exam Simulation Security Guards, http://homesecurity.about.com/od/homesecurity/a/Security-Guards.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #140 of 200 Question ID: 1289134 You work for a company that deploys wireless networks for your customers. You have been asked to deploy wireless range extenders for several companies. For which of the following situations does deploying a wireless range extender make sense? A) To add wireless coverage for an office expansion to 10th floor, where up to 40 users might need wireless access at the same time B) For the back porch of a coffee shop where as many as 30 users might need wireless network access at the same time C) For a sprawling small office/home office layout with no more than 10 devices active at any given time, but with two dead spots in need of improved wireless network access D) For a new branch office opening 7 km away from the main office, where 5-10 users will need wireless network access at the same time E) For a deli dining area in a grocery store, where up to 35 patrons may need wireless access at the same time Explanation The only situation in which deploying a wireless range extender would make sense is for a sprawling small office/home office layout (SOHO) with no more than 10 devices active at any given time, but with two dead spots in need of improved wireless network access. A wireless range extender provides wireless coverage for a larger area than a single wireless access point can handle on its own. Strategically placed range extenders can also deliver wireless coverage in areas where low-signal or no-signal conditions may prevail when only a single WAP is used. In fact, wireless extenders will provide something less than the square of the area that a single WAP covers, because they must stay close enough to the WAP to receive a strong enough signal for them to meaningfully extend that signal further afield. As the name indicates, a wireless range extender simply extends an existing wireless network, usually provided by a wireless access point that also includes multiple switched ports and built-in router capabilities (along with USB ports, DHCP, address and content filtering, and more). Low cost range extenders offer none of these additional functions; more expensive models may include some of these. In general, a range extender should not be expected to handle more than 20 or 25 simultaneously connected devices, whereas wireless access points can typically handle up to 60 devices each. Thus, wireless range extenders apply only to small-scale, low-usage scenarios like the small office/home office situation described. The coffee ship option is incorrect because it requires support for 30 simultaneous users/devices. It would be best served with a wireless access point. The office expansion to the 10th floor option is incorrect because it requires support for 40 simultaneous users/devices. Again, it would be best served with a wireless access point. The branch office option is incorrect because the distance between the two offices (7 km) is much further than the range of the wireless access point can handle. The branch office will need its own Internet link, as well as one or more wireless access points to https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 148/212 4/18/22, 4:08 PM N10-007 Exam Simulation service those wireless users. The deli option is incorrect because the number of simultaneous users in the deli exceeds the recommended maximum for a wireless range extender. It would be best served with another wireless access point. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: What is an Access Point and How is it Different from a Range Extender?, https://www.linksys.com/us/r/resource-center/what-is-awifi-access-point/ Wi-Fi Range Extender Best Setup Guide, https://routerguide.net/wifi-range-extender-best-setup-guide/ Question #141 of 200 Question ID: 1123372 Which system or device detects network intrusion attempts and controls access to the network for the intruders? A) IPS B) IDS C) firewall D) VPN Explanation An intrusion prevention system (IPS) detects network intrusion attempts and controls access to the network for the intruders. An IPS is an improvement over an intrusion detection system (IDS) because an IPS actually prevents intrusion. A firewall is a device that is configured to allow or prevent certain communication based on preconfigured filters. A firewall can protect a computer or network from unwanted intrusion using these filters. However, any communication not specifically defined in the filters is either allowed or denied. Firewalls are not used to detect and prevent network intrusion. Firewalls are used to keep a private network secure from intruders trying to access it from the public network. Firewalls control the flow of traffic into a network by filtering packets based on their type or their destination addresses. Only legitimate packets pass through the firewall. For example, a firewall can be configured to deny access based on TCP port number or the IP address of the sender. A firewall can be hardware-based, software-based, or a combination of both. Scanning services are used to verify updates on a firewall. A firewall provides packet filtering. A firewall can admit packets to a network or deny a packet admission to a network based on several criteria, including the domain name and the IP address of the host that sent the data packets to the network. The packet-filtering functionality of a firewall and the HTTP proxy server functionality of an HTTP proxy server, as well as other functionality, is often bundled into a single product that is referred to as either a firewall or a proxy server. In its simplest form, however, a firewall only provides packet-filtering services. Packet filtering is also referred to as content filtering. A packet or content filter can be configured based on IP address, MAC address, port number, protocol used, and other factors. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 149/212 4/18/22, 4:08 PM N10-007 Exam Simulation An IDS only detects the intrusion and logs the intrusion or notifies the appropriate personnel. A virtual private network (VPN) is a private network that users can connect to over a public network. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: What are the Different Types of Intrusion Prevention?, http://www.wisegeek.com/what-are-the-different-types-of-intrusionprevention.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Intrusion Detection and Prevention Question #142 of 200 Question ID: 1289131 You have been hired as a network administrator. The company wants to implement a 10 Gigabit Ethernet designation for use with a SONET network. Which of the following should you implement? A) 10GBaseSR B) 10GBaseLR C) 10GBaseSW D) 10GBaseLX4 Explanation The 10GBaseSW designation is for use with Synchronous Optical Networking (SONET) networks. Other SONET network designations include 10GBaseEW, 10GBaseLW, and 10GBaseZW. The W designation in the 10GBase specification includes SONET usage. The 10GBase W specifications for a SONET network include the following: 10GBaseEW - This specification uses 1550 nanometer (nm) lasers over single-mode fiber optic cable up to 40 kilometers (25 miles) maximum cable run. 10GBaseLW - This specification uses 1310 nm lasers over single-mode fiber optic cable up to 25 kilometers (16 miles) maximum cable run. 10GBaseSW - This specification uses 850 nm lasers over multi-mode fiber optic cable. The maximum cable run can be 25 meters (85 feet), 82 meters (270 feet), or 300 meters (980 feet), depending on which multi-mode cable is used. The 10GBaseSR and 10GBaseLR designations are not for use with SONET networks. The 10GBase R specifications, which include 10GBaseER, 10GBaseLR, and 10GBaseSR, are not used in SONET networks. These specifications have the same laser type, cable type, and maximum cable run stipulations as their 10GBase W designation counterparts. The 10GBaseLX4 designation is not for use with SONET networks. This specification is used when you need to support both single-mode and multi-mode fiber optic cable. It uses four lasers in the 1300 nm range over single-mode or multi-mode fiber-optic https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 150/212 4/18/22, 4:08 PM N10-007 Exam Simulation cable. When this specification is deployed using single-mode fiber optic cable, it can support a maximum cable run of 10 kilometers (6.2 miles). When deployed using multi-mode cable, this specification can support a maximum cable run of either 240 meters (790 feet) or 300 meters (980 feet). For the Network+ exam, you also need to understand Data Over Cable Service Interface Specification (DOCSIS). This standard supports up to 42.88 Mbps downstream and 27 Mbps upstream, depending on which version is implemented. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: 10GBase, http://www.ethermanage.com/ethernet/10gig.html Question #143 of 200 Question ID: 1123454 You are the network administrator for a manufacturing company. Technicians that work on computers used on the manufacturing floor may come into contact with dangerous chemicals. You need to understand which chemicals they will come into contact with and their associated safety issues. What should you consult? A) ESD B) ACL C) HVAC D) MSDS Explanation You should consult the material safety data sheet (MSDS) to understand which chemicals technicians will come into contact with and any safety issues regarding those chemicals. If personnel come into contact with any chemicals, including thermal compound, you should consult the MSDS. An access control list (ACL) determines who has access to resources. Electrostatic discharge (ESD) can damage electronic and computer components. Heating, ventilation, and air conditioning (HVAC) systems control the temperature and humidity. For the Network+ exam, you need to understand installation safety. Lifting equipment requires that you use proper lifting techniques, including lifting with your legs. You should ensure that procedures for rack installation are followed to ensure proper ventilation. Device placement is important to ensure that proper ventilation occurs and that no electrical or radio interference is present. Finally, you should be sure that you use the appropriate tools in a safe manner. Never use tools on a device that is still plugged in. Objective: Network Operations https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 151/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Identify policies and best practices. References: What is Material Safety Data Sheet?, http://www.wisegeek.com/what-is-a-material-safety-data-sheet-msds.htm Question #144 of 200 Question ID: 1289197 You support multiple wireless networks. You need to ensure that the protocols used offer the appropriate level of security. Match the descriptions on the left with the Wireless Encryption Protocols on the right. {UCMS id=5763076483710976 type=Activity} Explanation The Wireless Encryption Protocols should be matched with the descriptions in the following way: WEP - Uses a 40-bit or 104-bit key WPA/WPA2 Personal - Uses a 256-bit pre-shared key (PSK) WPA/WPA2 Enterprise - Requires a RADIUS server Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: Wi-Fi Protected Access, http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access Wired Equivalent Privacy, http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Securing Wireless LANs Question #145 of 200 Question ID: 1289078 Which feature provides varying levels of network bandwidth based on the traffic type? A) fault tolerance B) traffic shaping C) load balancing D) QoS Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 152/212 4/18/22, 4:08 PM N10-007 Exam Simulation Quality of Service (QoS) provides varying levels of network bandwidth based on the traffic type. Each traffic type has its own queue. Each traffic type queue is given its own priority. Traffic types with a higher priority are preferred over lower priority traffic types. Traffic shaping is a specialized type of QoS where traffic from each host is monitored. When traffic from the host is too high, packets are then queued. Traffic shaping can also define how much bandwidth can be used by different protocols on the network. Load balancing divides requests among several servers or resources. This ensures that no single server or resource is overloaded. Fault tolerance is the ability to respond to a single point of failure on a network. Fault tolerance on servers involves hardware RAID, UPS systems, power conditioning, backups, and clustering. QoS is used in a variety of networks, including VoIP, to ensure performance standards. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, QoS Technologies What is QoS?, http://www.tech-faq.com/qos.shtml Question #146 of 200 Question ID: 1123532 Which mitigation technique provides less restricted access to a system? A) File integrity monitoring B) Privileged user account C) DMZ D) Role separation Explanation A privileged user account is an account that has less restrictive access to a system. Examples of privileged user accounts include domain administrators, local administrators, and application accounts. Users with privileged accounts can include systems admins, management personnel, network administrators, and database administrators, among others. File integrity monitoring helps to identify unauthorized changes to files. The monitoring process looks at such events as if or when a file was changed, who made the change, the nature of the change, and what can be done to restore the file to the pre-change state. File integrity monitoring does not provide access to systems, only to files. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 153/212 4/18/22, 4:08 PM N10-007 Exam Simulation Role separation involves dividing server duties amongst two or more servers to reduce an attack profile. For example, if a server running the Active Directory, DNS, and DHCP roles went down, all those services would be unavailable. If, on the other hand, Server A hosted Active Directory, Server B hosted DNS, and Server C hosted DHCP, an attack that brought Server B down would not affect the other services. Role separation does not affect the levels of access granted to a system. A demilitarized zone (DMZ) provides mitigation by placing two firewalls in the network. Critical servers such as email servers and web servers are placed between the two firewalls. A DMZ imposes more restrictions to access, not fewer restrictions. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: The threat of privileged user access - monitoring and controlling privilege users, https://www.scmagazineuk.com/the-threat-ofprivileged-user-access--monitoring-and-controlling-privilege-users/article/568624/ Question #147 of 200 Question ID: 1123309 Your company has a main office and three branch offices throughout the United States. Management has decided to deploy a cloud solution that will allow all offices to connect to the same single-routed network and thereby connect directly to the cloud. Which of the following is the BEST solution? A) P2P B) Client-to-site VPN C) MPLS VPN D) Site-to-site VPN Explanation The best solution is to deploy a Multiprotocol Label Switching Layer 3 (MPLS L3) virtual private network (VPN). This will allow all offices to connect to the same single-routed network and connect directly to the cloud. None of the other options allows all offices to connect to the same single-routed network and thereby connect directly to the cloud. A point-to-point (P2P) allows each office to establish its own connection with the cloud. A client-to-site VPN allows each client to establish its own VPN connection with the cloud, but it requires a separate connection. A site-to-site VPN allows each site or office to establish its own VPN connection with the cloud, but each solution uses a different network. The connection methods used to connect to the cloud include P2P, client-to-site VPN, site-to-site VPN, and MPLS L3 VPN. Objective: Networking Concepts https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 154/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Summarize cloud concepts and their purposes. References: Connecting to the cloud - Your options explained, http://blog.iomart.com/connecting-to-the-cloud-options-explained Question #148 of 200 Question ID: 1289143 Which connection type allows for connections of up to 44.736 Mbps? A) E3 B) T3 C) E1 D) T1 Explanation A T3 connection allows for connections of up to 44.736 Mbps. The T-Carrier system offers several different levels of connections. Each level has a different number of channels, which are separate paths through which signals flow. Having more channels increases the bandwidth. However, T1 and T3 are the two most commonly used T-lines. The equivalent of the North American T-carrier system is the European E-carrier system. For testing purposes, you should understand the standards for the following carrier lines: T1 - 1.544 Mbps, 650 feet maximum cable length, UTP/STP/coaxial cable T3 - 44.736 Mbps, 450 feet maximum cable length, coaxial cable E1 - 2.048 Mbps, 650 feet maximum cable length, UTP/STP/coaxial cable E3 - 34.368 Mbps, 450 feet maximum cable length, coaxial cable All of these carrier lines are circuit-switched networks. Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: What are T1 and T3 lines?, http://compnetworking.about.com/od/networkcables/f/t1_t3_lines.htm E-carrier, http://en.wikipedia.org/wiki/E-carrier CompTIA Network+ N10-007 Cert Guide, Chapter 7: Wide Area Networks (WANs), WAN Technologies https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 155/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #149 of 200 Question ID: 1123550 You need to verify a network's transmission speed. Which tool should you use? A) loopback plug B) connectivity software C) bit-error rate tester D) throughput tester Explanation A throughput tester is best used to verify a network's transmission speed. Connectivity software is any type of software that allows you to remotely connect to a network. Microsoft's proprietary Remote Desktop Protocol (RDP) and Remote Desktop Connection (RDC) are both types of connectivity software. Bit-error rate tester is a tool that contains a pattern generator and error detector to determine the bit-error rate. A loopback plug is a device that is plugged into a network port to determine if the port is functional. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #150 of 200 Question ID: 1123256 You have decided to implement 802.1q. What does this standard do? A) It forwards traffic based on priorities. B) It implements MAC filtering. C) It implements VLAN trunking. D) It implements STP. Explanation If you implement 802.1q, you are implementing VLAN trunking. It allows traffic from all VLAN to cross a single cable between two switches. If 802.1q were not implemented, each separate VLAN would require its own port connection. Trunking (802.1q) allows different switches to support the same virtual LAN (VLAN) using frame-tagging. For example, when two ports on Switch A are connected to one port on Switch B, trunking has been implemented. Frame tags will be used to route the https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 156/212 4/18/22, 4:08 PM N10-007 Exam Simulation communication appropriately. If you need to add a switch to a room through which laptops can connect for full network access, you should configure a trunk on a switch port for both switches, including the new switch in the room and the switch to which the new switch connects. The 802.1d standard implements Spanning Tree Protocol (STP), which prevents looping. MAC filtering allows traffic to be permitted or denied based on the device's MAC address. MAC filtering is just one type of traffic filtering that you can configure on devices. You can also configure traffic filtering based on other criteria, such as device name or port used. Quality of Service (QoS) forwards traffic based on pre-configured priorities. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features IEEE 802.1q, http://en.wikipedia.org/wiki/IEEE_802.1Q Question #151 of 200 Question ID: 1123241 Which of the following options are relevant to network segmentation when using switches? (Choose all that apply.) A) ARP tables B) MAC address tables C) Tagging and untagging ports D) VLANs Explanation Virtual local area networks (VLANs) allow you to segment a network and isolate traffic to different segments. Each segment (such as Sales, Administration, Manufacturing, or Accounting) can become its own VLAN. VLANs are created by tagging and untagging ports on a switch. A trunk port, which serves as the connection between switches, tags the VLAN traffic. An access port, which is the connection to an end device, does not tag. Port tagging and VLANs are not used in unsegmented networks. MAC address tables contain the MAC address of any device on the network and the corresponding port on the switch to which it is attached. In instances where a VLAN is implemented, the MAC address table will also have the associated VLAN for that port. However, MAC address tables alone do not provide the network segmentation. ARP tables show the relationship of IP addresses to MAC addresses and are located on most devices. While they help the devices may routing decisions, they do not provide network segmentation. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 157/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: Fundamentals of 802.1Q VLAN Tagging, https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Fundamentals_of_802.1Q_VLAN_Tagging Question #152 of 200 Question ID: 1123378 A consultant recommends that your company implements an appliance firewall. To which type of firewall is this referring? A) application B) software C) hardware D) embedded Explanation A hardware firewall is also referred to as an appliance firewall. Appliance firewalls are often designed as stand-alone black box solutions that can be plugged in to a network and operated with minimal configuration and maintenance. An application firewall is typically integrated into another type of firewall to filter traffic that is traveling at the Application layer of the Open Systems Interconnection (OSI) model. An embedded firewall is typically implemented as a component of a hardware device, such as a switch or a router. A software firewall is a program that runs within an operating system, such as Linux, Unix, or Windows 2000. If you set up a subnet with computers that use peer-to-peer communication, a software firewall is probably the best firewall solution. Firewalls can be used to create demilitarized zones (DMZs). A DMZ is a network segment placed between an internal network and a public network, such as the Internet. Typically, either one or two firewalls are used to create a DMZ. A DMZ with a firewall on each end is typically more secure than a single-firewall DMZ. However, a DMZ implemented with one firewall connected to a public network, a private network and a DMZ segment is cheaper to implement than a DMZ implemented with two firewalls. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Chapter 6: Firewalls, http://service.real.com/help/library/guides/helixuniversalproxy/htmfiles/firewall.htm https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 158/212 4/18/22, 4:08 PM N10-007 Exam Simulation Introduction to firewalls: Types of firewalls, http://searchnetworking.techtarget.com/generic/0,295582,sid7_gci1282044,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #153 of 200 Question ID: 1289304 You originally configured a redundant server with a static IP address, and it has been offline for some time. When you power the server up to performs some tests, what might be an unexpected consequence? A) Incorrect host-based firewall settings B) Blocked TCP/UDP ports C) Duplicate IP addresses D) Names not resolving Explanation The consequence may be duplicate IP addresses. Duplicate IP addresses can occur when a DHCP server “thinks” an IP address is available. For example, a client machine requests an IP address, and the DHCP server issues an address listed as available from the pool of addresses. A conflict may occur if a dormant machine comes back online with an IP address that the DHCP server thought was expired and added back into the pool. Names not resolving occurs when you enter a URL that you know to be valid, and the Domain Name System (DNS) does not provide the corresponding IP address for that server. IP addresses, not the URLs we enter into the browser, are used to locate machines throughout a LAN or over the Internet. DNS provides the translation of URLs to IP addresses and vice versa, known as name resolution. This would not be an issue because the server should still be able to communicate with the DNS server. Incorrect host-based firewall settings present security risks. Host-based firewalls are often configured by untrained users, and only protect a single machine. Once that host-based firewall has been breached, the device on which the host-based firewall is installed is at risk. The configuration of the firewall should be fine as it is a host-based firewall, meaning it is installed on the server. Blocked TCP/UDP ports are often necessary to protect the network from insecure protocols that are easily exploited by hackers. Ports that are often blocked include TCP port 23 (Telnet), TCP port 21 (FTP), TCP/UDP port 53 (DNS, as a post-attack exit port), and UDP port 161 (SNMP). Blocked TCP/UDP ports were likely configured based on security policies and should not be changed unless you are authorized to do so. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Detect and Avoid IP Address Conflicts, https://technet.microsoft.com/en-us/library/ff606371.aspx https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 159/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #154 of 200 Question ID: 1123634 You are nearing the completion of a project that involves implementing a new network infrastructure and upgrading the operating systems running on your network servers. Currently, static IP addresses and HOSTS files are used. The upgrade has included implementing DNS, implementing DHCP, and moving servers and other resources to a new location with new IP addresses. However, now you cannot access the resources that were moved using their host names from any of the client workstations. You can access them by their IP addresses. What should you do first? A) Configure DHCP to supply a different range of IP addresses to the workstations. B) Delete the HOSTS file on each workstation. C) Enable NetBIOS over TCP/IP. D) Import the workstations' names and address mappings to DNS. Explanation Workstations read entries in their HOSTS files before making requests to DNS. In this scenario, this behavior would cause the workstation to use the incorrect IP address when attempting to access a server by its host name. For example, suppose an FTP server with an original IP address of 172.35.2.100 and the host name ftp.domain.com was moved and its address changed to 172.25.2.300. When a user typed in the URL for the server in a browser, the client would search its HOSTS file and find an entry for ftp.domain.com at IP address 172.35.2.100. It would then attempt to contact the server using IP address 172.35.2.100, which is the wrong IP address. However, if you delete the HOSTS file, or remove the entry for the server, the workstation will search DNS to resolve the server's host name when it does not find an entry for the server the local HOSTS file. Enabling NetBIOS over TCP/IP would not allow you to access hosts using their host names. NetBIOS allows you to browse for resources using Windows machine names. Importing the workstations' names and address mappings to DNS is not necessary for clients to connect to the servers. However, if the wrong DNS information in configured, devices will be unable to properly resolve a DNS name. The device or host will need to be reconfigured with the correct DNS information. Configuring DHCP to supply a different range of IP addresses to the workstations is also not necessary. DHCP seems to be configured properly given that the clients have connectivity and can access resources using IP addresses. If the DHCP server in configured incorrectly, hosts will be obtaining incorrect IP information from this server. This could include incorrect IP address, subnet mask, default gateway, and even DNS server information. While a DHCP server makes it much easier to configure client's with their IP configuration information, a misconfigured component within the DHCP lease can cause communication problems from all DHCP clients. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: LMHOSTS or HOSTS file: What is the difference?, http://www.tek-tips.com/faqs.cfm?fid=807 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 160/212 4/18/22, 4:08 PM N10-007 Exam Simulation CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #155 of 200 Question ID: 1123310 Which of the following is a security implication if your company uses a public cloud deployment? A) Surges in demand require that company resources will need to be adjusted accordingly. B) The local ISP and power grid can impact the availability of resources stored on the cloud. C) Other tenants can gain physical access to the resources that store your company's data. D) Security issues are the sole responsibility of the company's personnel. Explanation When using a public cloud deployment, other tenants can gain physical access to the resources that store your company's data. All of the other statements are security implications of implementing a private cloud, not a public cloud. For the Network+ exam, you need to understand the different security methods and considerations for each cloud deployment. In most cases, a private cloud will have the opposite security implications and considerations from public cloud. For example, with a private cloud, you retain complete physical control of the data. But with public cloud, the physical control of the data rests with the cloud provider. The relationship between the local and cloud resources is also important. Personnel will need to understand the transfer of data between local and cloud resources and how the availability of local resources can affect the cloud deployment. Objective: Networking Concepts Sub-Objective: Summarize cloud concepts and their purposes. References: Security implications of public vs. private clouds, https://www.zdnet.com/article/security-implications-of-public-vs-private-clouds/ Question #156 of 200 Question ID: 1123400 What should a business with a main office downtown use to communicate with various offices in nearby suburban locations? A) Cable broadband B) MAN C) CSU/DSU D) DSL https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 161/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation A Metropolitan Ethernet, or Metropolitan Area Network (MAN), or Metro Ethernet, is a network encompassing a localized geographic area, such as a city and its suburbs. Government entities, businesses, and hospitals (for example) can use a Metropolitan Ethernet to interconnect a main office with satellite offices in the suburbs. A Channel Service Unit/Data Service Unit (CSU/DSU) is a device that connects a router to a digital circuit, such as a T1 line. The CSU/DSU converts the signal from a wide area network into frames for a local area network. CSU/DSUs are network components, but do not create a network. Cable broadband provides last-mile Internet service from the ISP to the subscriber. Because it is "broadband" as opposed to "baseband", the coaxial cable used can carry internet data, TV signals and telephone service. Digital Subscriber Line (DSL) provides broadband service over existing telephone lines. There are several varieties of DSL, collectively called xDSL, where the x indicates different types of service. DSL is distance-sensitive, and subscribers must live within 15000 feet of the ISP point-of-presence. Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: What is Metro Ethernet?, https://www.juniper.net/us/en/products-services/what-is/metro-ethernet/ Question #157 of 200 Question ID: 1123612 An employee shows you a Web site that publishes the SSIDs and passwords for private wireless networks in your area. The information on your company's wireless network is included. Of which type of attack is this an example? A) war chalking B) WPA cracking C) evil twin D) WEP cracking Explanation This scenario is an example of war chalking. War chalking originally occurred when hackers wrote SSID and security information on the side of buildings. This attack has steadily evolved to the point where hackers are now publishing this information on Web sites. WEP cracking is the process of cracking WEP security. WPA cracking is the process of cracking WPA security. War driving is also a wireless attack. However, with war driving, attackers drive around and attempt to discover wireless networks that are transmitting. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 162/212 4/18/22, 4:08 PM N10-007 Exam Simulation An evil twin attack occurs when a wireless access point that is not under your control is used to perform a hijacking attack. An evil twin is a type of rogue access points. You should periodically perform a site survey to discover rogue access points. Rogue access points can be connected to either the wired or wireless network. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: Warchalking, http://searchmobilecomputing.techtarget.com/definition/warchalking Question #158 of 200 Question ID: 1123563 Your company's security policy states that passwords should never be transmitted in plain text. You need to determine if this policy is being followed. Which tool should you use? A) protocol analyzer B) password cracker C) network mapper D) vulnerability scanner Explanation You should use a protocol analyzer to determine if passwords are being transmitted in plain text. Protocol analyzers capture packets as they are transmitted on the network. If a password is transmitted in plain text, you will be able to see the password in the packet. Protocol analyzers are also called network analyzers or packet sniffers. Protocol or network analyzers (or sniffers) can be used to troubleshoot many problems. You can use sniffers to identify the MAC address causing a broadcast storm, to identify the protocols is used on the network, or to observe connection setup, request, and response headers to a Web server. A password cracker is used to test the strength of your passwords. It attempts to obtain a password by using dictionary or brute force attacks. A vulnerability scanner tests your network for known vulnerabilities and suggests ways to prevent the vulnerabilities. A network mapper obtains a visual map of the topology of your network, including all devices on the network. A network mapper will create a visual representation of the network map. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 163/212 4/18/22, 4:08 PM N10-007 Exam Simulation References: Network analyzer, http://searchnetworking.techtarget.com/sDefinition/0,sid7_gci1196637,00.html On the Job with a Network Manager, http://www.ciscopress.com/articles/article.asp?p=680834&seqNum=2 CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #159 of 200 Question ID: 1289094 Your company’s enterprise includes multiple subnets, each of them using a different addressing class. Match the IP addresses on the left with the IP Address Class/Type on the right. {UCMS id=5631435736088576 type=Activity} Explanation The IP addresses should be matched with the IP address classes in the following manner: Class A Public - 77.24.16.74 Class A Private - 10.6.55.44 Class B Public - 143.91.63.19 Class B Private - 172.20.5.5 Class C Public - 204.29.83.91 Class C Private - 192.168.103.213 APIPA - 169.254.43.31 Class A addresses are in the 0.0.0.0 through 126.255.255.255 range. Class B addresses are in the 128.0.0.0 through 191.255.255.255 range. Class C addresses are in the 192.0.0.0 through 223.255.255.255 range. There are three reserved private IP address ranges: Class A - 10.0.0.0 through 10.255.255.255 Class B - 172.16.0.0 through 172.31.255.255 Class C - 192.168.0.0 through 192.168.255.255 Automatic Private IP Addressing (APIPA) addresses are in the 169.254.0.0 through 169.254.255.255 range Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: IP4 Address Classes, http://compnetworking.about.com/od/workingwithipaddresses/l/aa042400b.htm https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 164/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #160 of 200 Question ID: 1289224 A user is complaining that she cannot log on to the network server. What should you do first to resolve the problem? A) Ensure that network server-access limits have not been exceeded. B) Reboot the network server. C) Ask the user reporting the problem to reboot her workstation. D) Establish whether other users are experiencing the same problem. Explanation A logical first place to start troubleshooting would be to determine if the condition is network-wide or workstation-specific, for example by having other similar users attempt to perform the same actions. If other users are unable to duplicate the problem, the problem points to a workstation condition. Rebooting the server or the user's workstation are not good first steps in attempting to resolve the problem. If the server's access limits had been exceeded, then no other users would be able to log on. The troubleshooting order according to the CompTIA Network+ blueprint is as follows: 1. Identify the problem. Gather information. Duplicate the problem, if possible. Question users. Identify symptoms. Determine if anything has changed. Approach multiple problems individually. 1. Establish a theory of probable cause. Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model Divide and conquer 1. Test the theory to determine cause. Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, re-establish new theory or escalate. 1. Establish a plan of action to resolve the problem and identify potential effects, 2. Implement the solution or escalate as necessary, 3. Verify full system functionality and if applicable implement preventive measures. 4. Document findings, actions, and outcomes. Objective: Network Troubleshooting and Tools https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 165/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Explain the network troubleshooting methodology. References: CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1) Question #161 of 200 Question ID: 1289288 You are moving several wireless access points to an outdoor location for a special event. What should be the primary concern to ensure a positive experience for attendees? A) Incorrect antenna placement B) Signal-to-noise ratio C) Power levels D) Overcapacity Explanation The primary concern should be the power levels. You may need to boost the power levels. By nature, wireless access points have greater coverage areas outdoors. Boosting the power level will provide a better experience for the event attendees. Power levels can affect wireless network performance. Overcapacity is an issue in wireless performance but usually is not the primary concern. The proliferation of wireless devices will put an enormous drain on a wireless network originally designed for a few devices. In today’s environment, the network may need to provide service to tablet computers, smartphones, personal performance monitors, and smart watches in addition to the few laptops the network was originally designed to support. Always determine the number of expected devices to ensure that you provide adequate connections. The signal-to-noise ratio (SNR) is the relationship between the strength of the wireless signal compared to the amount of background interference (noise). SNR is measured in decibels (dB). Devices such as microwaves, cordless phones, wireless cameras, and fluorescent lights are all contributors. When using a Wi-Fi analyzer, any SNR below 25dB is considered poor, while a reading above 41db is considered excellent. In outside spaces, SNR is not usually an issue. Incorrect antenna placement can cause issues with Wi-Fi performance. Placing a wireless access point near metal ductwork, larger metallic lamps, on top of a ceiling panel, or next to a thick wall can cause performance issues. Also, check the manufacturer’s placement recommendation – some wireless access points are designed for wall mounting, while others are designed for ceiling mounts. Antenna placement is not an issue in outdoor spaces as it is indoors. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 166/212 4/18/22, 4:08 PM N10-007 Exam Simulation How to Fix Wi-Fi Range Issues in Windows 10, https://windowsreport.com/wi-fi-range-windows-10/ Question #162 of 200 Question ID: 1289068 You notice that several ping requests have been issued on your network in the past couple of hours. Which protocol responds to these requests? A) ICMP B) RARP C) ARP D) TCP Explanation When you ping a host, Internet Control Message Protocol (ICMP) will respond to the request. ICMP works at the Network layer (Layer 3) of the OSI model If the ping is successful, the information returned will have this format: Reply from 207.157.10.6: bytes=32 time<10ms TTL=128 Reply from 207.157.10.6: bytes=32 time<10ms TTL=128 Reply from 207.157.10.6: bytes=32 time<10ms TTL=128 Reply from 207.157.10.6: bytes=32 time<10ms TTL=128 "Reply" means that the host is reachable, and is responding to requests. If the ping is unsuccessful, the information returned will have this format: Pinging 192.168.1.5 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1.5: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milliseconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Address Resolution Protocol (ARP) is responsible for mapping the hardware address of the hosts on broadcast networks with the TCP/IP address of each host. The ARP utility allows you to view the ARP cache, which maps each IP address to a physical address. ARP works at the Network layer of the OSI model. Transmission Control Protocol (TCP) is a connection-oriented protocol operating at the Transport layer of the OSI model. TCP works at the Transport layer of the OSI model. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 167/212 4/18/22, 4:08 PM N10-007 Exam Simulation Reverse Address Resolution Protocol (RARP) allows a host on a local area network to request its IP address from a gateway server's Address Resolution Protocol (ARP) table or cache. RARP works at the Network layer of the OSI model. For the Network+ exam, you must understand the basics of the following network theories and concepts: Bit rates vs baud rate - Bit rate is the amount of bits being transferred within a unit time, where baud rate is the amount of symbols being transferred. A symbol may contain one or more bits. Sampling size - Sampling size is the amount of data that will be analyzed. If your sample size is too small, you will not get an accurate estimation and may make wrong decisions based on insufficient data. If your sample size is too large, the amount of time to obtain the data and its effect on network performance may be detrimental. Wavelength - Wavelength is the distance between points in the contiguous cycles of a waveform signal broadcasted in space or along a wire Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: CompTIA Network+ N10-007 Cert Guide, Chapter 10: Command-Line Tools, Windows Commands, ping Ping, http://compnetworking.about.com/od/softwareapplicationstools/l/bldef_ping.htm Cisco Guide to Troubleshooting TCP/IP: ping, http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1907.html#wp1020819 Question #163 of 200 Question ID: 1123561 Your network is experiencing a problem that a technician suspects is concerning a Cisco router. The technician provides you the following command results: 1 14.0.0.2 4 msec 4 msec 4 msec 2 63.0.0.3 20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec Which Cisco command produced the results you were given? A) extended ping B) traceroute C) ping D) tracert Explanation The output displayed is a part of the output from executing the traceroute command on a Cisco router. The traceroute command finds the path a packet takes while being transmitted to a remote destination. It is also used to track down routing loops or errors in https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 168/212 4/18/22, 4:08 PM N10-007 Exam Simulation a network. Each of the following numbered sections represents a router being traversed and the time the packet took to go through the router: 1 14.0.0.2 4 msec 4 msec 4 msec 2 63.0.0.3 20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec The output would not be displayed by the ping command. This command is used to test connectivity to a remote IP address. The output from the ping command is as follows: router1# ping 10.201.1.11Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.201.1.11, timeout is 2 seconds:.....Success rate is 0 percent (0/5)The ping in this output was unsuccessful, as indicated by the message Success rate is 0 percent. The output would not be displayed by the tracert command. The tracert command is used by Windows operating systems, not the Cisco command-line interface. However, the purpose of the tracert command is similar to the Cisco traceroute utility, which is to test the connectivity or "reachability" of a network device or host. The tracert command uses Internet Control Message Protocol (ICMP). The output would not be displayed by the extended version of the ping command. This command can be issued on the router to test connectivity between two remote routers. A remote execution means that you are not executing the command from either of the two routers you are interested in testing, but from a third router. To execute an extended ping, enter the ping command from the privileged EXEC command line without specifying the target IP address. The command takes the router into configuration mode, where you can define various parameters, including the destination and target IP addresses, for example: Protocol [ip]:Target IP address: 10.10.10.1Repeat count [5]:Datagram size [100]:Timeout in seconds [2]:Extended commands [n]: ySource address or interface: 12.1.10.2 Type of service [0]:Set DF bit in IP header? [no]:Validate reply data? [no]:Data pattern [0xABCD]:Loose, Strict, Record, Timestamp, Verbose[none]:Sweep range of sizes [n]:Type escape sequence to abort. Each line is a menu question allowing you to either accept the default setting (in parenthesis) of the ping, or to apply a different setting. The real value of this command is that you can test connectivity between two remote routers without being physically present at those routers, as would be required with the standard version of the ping command. For the Network+ exam, you also need to understand the pathping command. The parameters that can be used with this command are as follows: This command produces results that are similar to the ping and tracert commands. Objective: Network Troubleshooting and Tools https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 169/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, use the appropriate tool. References: Cisco IOS Command Fundamentals Reference, Release 12.4: ping, http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_m1.html#wp1013837 Using the Extended ping and Extended traceroute Commands, http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f22.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #164 of 200 Question ID: 1123299 Your company is researching different wireless antennas. Antennas that you research are high-gain antennas. Which statement describes a property of high-gain antennas? A) High-gain antennas are best suited for point-to-multipoint bridging. B) High-gain antennas avoid multipath distortion. C) High-gain antennas provide a wide coverage area. D) High-gain antennas provide a small vertical beamwidth. Explanation A high-gain antenna has a small vertical beamwidth. The beamwidth parameter of the antenna defines the angle of the radio signal radiated. The angle of radiation of the signal is defined in degrees. The antenna properties include the gain, beamwidth, and transmission angle. Antennas with higher gain have less beamwidth than antennas with lower gain. The high-gain antennas have very narrow beamwidth. For example, typical 6-dBi patch antenna has a 65-degree beamwidth, but the 21-dBi parabolic dish antenna has a 12degree radiation pattern. Objective: Networking Concepts Sub-Objective: Given a scenario, implement the appropriate wireless technologies and configurations. References: Cisco Aironet Antennas and Accessories Reference Guide, https://www.cisco.com/c/en/us/products/collateral/wireless/aironetantennas-accessories/product_data_sheet09186a008008883b.html Deploying License-Free Wireless Wide-Area Networks, http://www.ciscopress.com/articles/article.asp?p=31731&seqNum=4 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 170/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #165 of 200 Question ID: 1289178 Management has decided to renovate a portion of the office. You have been asked to relocate several computers and other network devices in the renovation area to another part of the building. After relocating the computers and devices, you document the new location. What is the term used to describe the actions you took? A) NAC B) asset management C) SLA D) baseline Explanation Asset management involves documenting information regarding the company assets, including location, user, IP address, and other information. Asset management is part of the network documentation that must be maintained. A service level agreement (SLA) is an agreement from a service provider that details the level of service that will be maintained. Network access control (NAC) is a method whereby an organization implements rules for security for devices that connect to the network. The rules include all requirements for any device to connect to the network. If a device is compliant, it is given access to the network. If it is not, it will be quarantined from the rest of the network. A baseline is a performance measurement against which all future measurements are compared. Without a baseline, you have no way of knowing if performance is improving or degrading. For the Network+ exam, you also need to understand the following documentation: IP address utilization - You should always track your IP usage, particularly if you implement a network with multiple subnets. Two devices on the same network cannot use the same IP address, even if you implement private IP addresses. Carefully document your IP address usage to ensure communication. Implementing a DHCP server on your network is the best way to do this. At any time, you will be able to view IP address utilization from the DHCP server. Vendor documentation - Retain all vendor documentation for all devices, including computers. When it comes to configuration management, vendor documentation can aid you in ensuring that you purchase hardware that is compatible with the device or computer. In many cases, vendor documentation can be found online. But this isn't always the case, especially with older, legacy hardware. For the Network+ exam, you also need to understand the on-boarding and off-boarding of mobile devices. Mobile devices are increasingly being used on corporate networks. Companies must consider the impact of these devices and create the appropriate policies for their use. Formal on-boarding procedures should be developed and should include minimum security requirements for the devices. Companies should implement some sort of mobile device management (MDM), which would allow you to manage mobile devices from a central management console. MDM would allow you to on-board and off-board mobile devices quickly and easily. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 171/212 4/18/22, 4:08 PM N10-007 Exam Simulation CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation Question #166 of 200 Question ID: 1289293 You are the network administrator for your company. One of your trainees configured the company's network. However, the network is not working. You ran the ipconfig command on Host A and found that the subnet mask on Host A is not properly configured. The network is shown in the following image: Which subnet mask should you configure on Host A to solve the problem? A) 255.255.254.0 B) 255.255.192.0 C) 255.255.0.0 D) 255.255.240.0 Explanation According to the diagram in this scenario, the IP address configured on Host A is 172.32.2.3 and the broadcast address is 172.32.3.255. If the broadcast address for this network is 172.32.3.255, then the network ID of the next subnet in the series of subnets created by the mask is 172.32.4.0. Because the gateway address (which must be in the same subnet as the hosts) is 172.32.2.1, it indicates that the subnet that contains the three addresses (IP address, gateway and broadcast address) has a network ID of 172.32.2.0. The mask must be 255.255.254.0. It would yield the following subnet IDs: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 172/212 4/18/22, 4:08 PM N10-007 Exam Simulation 172.32.0.0 172.32.2.0 172.32.4.0 172.32.6.0 …and so on. The mask could not be 255.255.0.0. This is a standard class B mask, and when used the broadcast address would be 172.32.255.255, not 172.32.3.255. The mask could not be 255.255.240.0. This would create an interval of 16 between subnets in the third octet, which would yield the following subnet IDs: 172.32.0.0 172.32.16.0 172.32.32.0 …and so on. If this were the case, the broadcast address for these addresses' subnet would be 172.32.15.255, not 172.32.3.255. The mask could not be 255.255.192.0. This would create an interval between subnets of 64 in the third octet, which would yield the following subnet IDs: 172.32.0.0 172.32.64.0 172.32.128.0 …and so on. If this were the case, the broadcast address for the subnet hosting these addresses would be 172.32.63.255, not 172.32.3.255. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Understanding IP Addresses, http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ustand_ip_add CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #167 of 200 Question ID: 1289084 While designing an IPv6 addressing scheme for your network, you decide to use EUI for the host portion of each node’s address. You need to derive a 64-bit EUI address for the hosts on your network as part of the overall IPv6 address for each node. What should you do? https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 173/212 4/18/22, 4:08 PM N10-007 Exam Simulation A) Use the host’s MAC address, and repeat the first two bytes of that address at the end. B) Use the host’s MAC address with FFFE inserted in the middle. C) Use the host’s MAC address preceded by 16 zero bits at the beginning. D) Use the host’s MAC address with all 1s (FFFF) inserted in the middle. E) Use the host’s MAC address with FFFE inserted in the middle, and invert the seventh most significant bit in the MAC address. Explanation To derive a 64-bit Extended Unique Identifier (EUI) address, also referred to as EUI64, you need to use the host's MAC address with FFFE inserted in the middle and the seventh most significant bit inverted in the MAC address. EUI-64 is defined in RFC2373. It allows a host to assign itself a unique 64-bit IPv6 interface identifier. This uniquely identifies individual IPv6 hosts on a network and eliminates the need for manual address configuration or use of DHCP. The EUI-64 method is comprised of the final half an IPv6 network address. The full address is 128 bits, split into a 64-bit network address, and a 64-bit host address. Because a MAC address is 48 bits long, it must first be transformed into a 64-bit string for IPv6 use. The proper formula for creating an EUI-64 host address involves splitting the MAC address in half, inserting the hexadecimal value FFFE in the middle, and inverting the 7th most significant bit of the MAC address. The rationale for this bit inversion is fully explained in section 2.5.1 of RFC 2373. If you began with a network address of 2012:ABCD::/64 and a MAC address 1111:2222:3333, you would split the MAC address into 1111:22 and 22:3333 and put FFFE in the middle, which makes the initial value 1111:22FF:FE22:3333. Next, you must invert the seventh most significant bit in the MAC address. The seventh bit occurs in the left-most two numbers of the MAC address 0x11. In binary, this translates to 00010001 (the seventh bit is bolded for easy visual identification). Inverting that bit produces the value 00010011, which equals 0x13. Thus, the combined string 1111:22FF:FE22:3333 would be changed to 1311:22FF:FE22:3333 to produce the EUI-64 host ID. Finally, you would precede that value with the network ID, producing 2012:ABCD::1311:22FF:FE22:3333. This is the complete network address for this example node. EUI-64 is also known as IPv6 autoconfiguration. Given a known network address and a MAC address, it permits a node to generate its own unique IPv6 address without using DHCPv6. Like its IPv4 counterpart DHCP, DHCPv6 provides network nodes that request IP addresses with such addresses, identifies, groups. It also manages IPv6 addresses within specific ranges under its control, including granting, renewing, and revoking address leases and managing IPv6 configuration data for DNS/DNSv6 and other network services. When you are using EUI-64 for automatic address generation, all subnets must be /64 (the least significant half of the total IPv6 address). EUI-64 works equally well to create the host portion for link local (reachable within a local segment) or global unicast (reached on the Internet) IPv6 network addresses. Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 174/212 4/18/22, 4:08 PM N10-007 Exam Simulation RFC 2373, http://tools.ietf.org/html/rfc2373#section-2.5.1 Cisco Learning Network Modified EUI-64, https://learningnetwork.cisco.com/thread/61508 Question #168 of 200 Question ID: 1123379 You have been asked to research the different firewall types and make recommendations on which type(s) to implement on your company's network. You need to document how the firewalls affect network performance. Which type of firewall most detrimentally affects network performance? A) circuit-level proxy firewall B) packet-filtering firewall C) application-level proxy firewall D) stateful firewall Explanation An application-level proxy firewall most detrimentally affects network performance because it requires more processing per packet. The packet-filtering firewall provides high performance. Stateful and circuit-level proxy firewalls, while slower than packet-filtering firewalls, offer better performance than application-level firewalls. Kernel proxy firewalls offer better performance than application-level firewalls. An application-level firewall, or Layer 7 firewall, creates a virtual circuit between the firewall clients. Each protocol has its own dedicated portion of the firewall that is concerned only with how to properly filter that protocol's data. Unlike a circuit-level firewall, an application-level firewall does not examine the IP address and port of the data packet. Often, these types of firewalls are implemented as a proxy server. A proxy-based firewall provides greater network isolation than a stateful firewall. A stateful firewall provides greater throughput and performance than a proxy-based firewall. In addition, a stateful firewall provides some dynamic rule configuration with the use of the state table. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Firewall Q&A, http://www.vicomsoft.com/knowledge/reference/firewalls1.html Types of firewalls, http://searchnetworking.techtarget.com/generic/0,295582,sid7_gci1282044,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 175/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #169 of 200 Question ID: 1289204 What is typically used to conceal the nature of a social engineering attack? A) users' good intentions B) believable language C) excess bandwidth D) encryption Explanation Believable language is typically used to conceal the nature of a social engineering attack. An example of a social engineering attack is an e-mail hoax that is written in such a way that it causes non-technical users to panic because they think their computers have been compromised by a virus. E-mail hoaxes typically use company names and technical language that are designed to dupe non-technical users into believing the hoax. Phishing is a special type of social engineering attack that relies on deception and misinformation. A social engineering attack involves acquiring information by means of an e-mail, phone call, or some other method. Social engineering attacks are successful largely as a result of users' good intentions. Users want to warn others, so they forward the e-mail message that contains the fraudulent virus warnings to others. A social engineering attack can create heavy bandwidth loads on networks while users are replicating the message. Some social engineering attacks identify key system files as viruses and direct users to delete these files. Virus warnings contained in unsolicited e-mail messages should be verified with virus authorities, such as McAfee or Symantec, before those warnings are heeded. Encryption is not typically used to conceal the nature of a social engineering attack. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: Social engineering: Exploiting the weakest links, http://www.ifap.ru/library/book349.pdf Question #170 of 200 Question ID: 1289295 The network you administer has two LANs connected by DSL routers through the Internet, as depicted in the following exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 176/212 4/18/22, 4:08 PM N10-007 Exam Simulation Client4 cannot connect to Client5. Client3 cannot connect to Client4, but Client3 can connect to Client2. Client2 can connect to Server1, and Client1 can connect to Server2.Which device is most likely causing the connectivity problem on the network? A) Client3 B) DSLRouter A C) DSLRouter B D) Hub B E) Hub A Explanation Hub B is most likely causing the connectivity problem. Client4 cannot connect to Client5, which indicates that Hub B might be defective. Client3 cannot connect to Client4, which indicates that there is a connectivity problem somewhere between Client3 and Client4 on the network. Client3 can connect to Client2 and Client2 can connect to Server1, which indicates that Hub A is functioning properly. Client1 can connect to Server2, which indicates that the devices between Client1 and Server2 are functioning properly. These devices include the following: Hub A, Server1, DSL Router A, DSL Router B, and Server2. End-to-end connectivity is a process whereby you troubleshoot connectivity issues from the host experiencing the connection problem all the way through the network. You should always start at the local host and proceed through the network, through routers and other devices, to the destination. Any connectivity problem could be at the host, the remote host, or anywhere in between. Following a logical process will ensure that the exact issue will be located. As you move out from the local host, you should keep in mind that other hosts will be experiencing the same problem. For example, if the problem is not with the local host and you discover that the problem is with the router, all hosts that use that router should be experiencing the same problem. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 177/212 4/18/22, 4:08 PM N10-007 Exam Simulation Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #171 of 200 Question ID: 1289067 You need to provide terminal emulation and remote login capability for one of the servers on your network. Which Process/Application layer protocol should you use? A) SMTP B) TFTP C) Tracert D) Telnet E) FTP Explanation Telnet is a user command and an underlying TCP/IP protocol for accessing remote hosts. The HTTP and FTP protocols allow you to request specific files from remote hosts without having to log on as a user of that host computer. The Telnet protocol, however, allows you to log on as a regular user with the associated privileges that you have been granted to the specific application and data on that host. In other words, you appear to be locally attached to the remote system. The Telnet command syntax is as follows: telnet abcdef.com [port #] This results in a logon screen with user ID and password prompts. Telnet is most likely to be used by program developers and anyone who has a need to use specific applications or data located on a particular host computer. A subset of the Telnet protocol is also used in other application protocols, such as FTP and SMTP. File Transfer Protocol (FTP) is a useful and powerful tool for the general user. FTP allows a user to upload and download files between local and remote hosts. Anonymous FTP access is commonly available at many sites to allow users access to public files without establishing an account. Users will often be required to enter their e-mail address as a password. Trivial File Transfer Protocol (TFTP) is a simple protocol used to transfer files. It is used to move files between machines on different networks implementing UDP. It lacks most of the features of FTP and only provides the services of reading and writing files and sending mail to and from a remote server. Simple Mail Transport Protocol (SMTP) is an application protocol, so it operates at the top layer of the OSI model (Layer 7). SMTP is the default protocol for sending e-mail in Microsoft operating systems. POP3 and IMAP are the most popular protocols for receiving e-mail protocols. SMTP provides client and server functions and works with the Internet and UNIX. It is used to send and receive messages. Traceroute or Tracert identifies the route that packets take between your computer and a host. Traceroute is a utility that records the route across the Internet that the packets take to reach the specified host. It also calculates and displays the amount of time each hop took. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 178/212 4/18/22, 4:08 PM N10-007 Exam Simulation You should keep in mind that TCP connections provide large data size manageability using segmentation and error recovery for all application-layer protocols. The following protocols are considered unsecure: TELNET HTTP SLIP FTP TFTP SNMPv1 and SNMPv2 If you use any of these protocols, you should use a version that includes SSL or some other cryptography. For example, secure shell (SSH) is a secure alternative to Telnet. For the Network+ exam, you must understand the following vulnerabilities: Unnecessary running services - Disable all unnecessary services on every device. Hackers will search for all used services and attempt to employ known vulnerabilities for those services. Open ports - Close all ports that are not used. Hackers can also use these open ports to break into your network. Unpatched/legacy systems - Older systems provide an easy target to hackers, especially those with unsupported operating systems or applications. For example, Windows XP is no longer supported by Microsoft. Service packs and updates are no longer issued for this operating system. You should get rid of legacy systems that run software that is no longer supported by the vendor or else you should find a way to isolate them from the rest of the network. Unencrypted channels - Unencrypted channels are paths along which data can be intercepted. While it would adversely affect the performance of the network to encrypt every single channel, you should encrypt every single channel through which confidential or private data is sent. Clear text credentials - Some protocols send credentials over the network in clear text. This allows an attacker to intercept the communications to obtain the credential information. You should eliminate the use of any protocols that use clear text credentials by replacing them with more secure protocols. TEMPEST/RF emanation - Tempest studied the susceptibility of some devices to emit electromagnetic radiation (EMR) in a manner that can be used to reconstruct intelligible data. Radio frequency information can be captured in a similar manner. You should use shielding to protect against these vulnerabilities. Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications What is Telnet?, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213116,00.html https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 179/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #172 of 200 Question ID: 1289098 You have been hired as a contractor to implement a small office home office (SOHO) network for a small business. While gathering the requirements and constraints regarding the network, you decide to implement two subnets on the network. What are valid reasons for implementing subnets on an IP network? (Choose two.) A) to increase network security B) to reduce congestion by increasing network media bandwidth C) to configure a greater number of hosts D) to use more than one server on each segment of an IP LAN E) to reduce congestion by decreasing network traffic Explanation The subnet mask enables TCP/IP to find the destination host's location on either the local network or a remote location. Subnets are used for the following reasons: to expand the network to reduce congestion to reduce CPU use to isolate network problems to improve security to allow combinations of media, because each subnet can support a different medium Keep in mind that the first step in designing any network, including a SOHO network, is to gather the requirements and constraints of the network. These requirements and constraints will then guide you in how to design the network and in what hardware and software must be purchased. Make sure to fully document all requirements, as these are vital to proper design. In addition, you should document the size of the area to be networked, including possible cable lengths. This will ensure that you will select the appropriate network medium. The documentation will affect the device requirements and may limit the device types that you can implement. Compatibility requirements with existing hardware, software, and business needs should be documented to ensure interoperability. Equipment limitations should also be noted as these may affect purchase decisions. Finally, you should document any environment limitations. This includes heating/air-conditioning, humidity, and power considerations. Computer and network hardware can generate a lot of heat, resulting in problems for current HVAC systems. Also, this hardware may require more power than the electricity system is capable of providing. SOHO networks do not generally use any specialized hardware that is not implemented in LANs or WANs. It is important that you understand all hardware limitations, including maximum cable lengths and other limiting factors. When implementing SOHO networks, you need to have a clear understanding of the following concepts: List of requirements - This list will guide you to select the appropriate network media, devices, and services. The best way to ensure that this list is comprehensive is to interview different personnel for their opinions. Also, you need to assess the facility that will contain the network. The facility itself may cause certain requirements or restrictions to be in place. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 180/212 4/18/22, 4:08 PM N10-007 Exam Simulation Device types/requirements - Once you document the network requirements, these requirements will help you to determine which devices you need on your network. If you need to divide your network into areas of traffic isolation, you may want to implement a switch. Otherwise, you may simply need a router. Keep in mind that you should document availability and speed needs so that you can ensure that the network you implement can support them. Environment limitations - Record any environment limitations. Is the location dusty? Is it dry or humid? What about the HVAC considerations? Also, you should check for electrical outlets and any electromagnetic or radio interference that exists. When determining where to install a server, you should first consider environmental limitations because servers will have definite cooling needs. Equipment limitations - Does any of the current or planned equipment have connection limitations, performance limitations, or any other limiting factor? For example, routers only support a certain number of connections. It may be better to purchase a router with more connections just to ensure that the network is capable of growth, even if this means increasing the budget. Compatibility requirements - You must ensure that any devices, equipment, or media are compatible with the network and its hosts. You should analyze all of the computers and devices currently in use, no matter how insignificant they are. Wired/wireless considerations - You need to determine if you want to use a wired network, a wireless network, or both. Perform a site survey to determine if there are other wireless networks in the area, which will affect your choice of wireless frequency and channel. You should also document any objects that will cause electromagnetic and radio frequency interference. Security considerations - Document any security issues that you expect. Of course, this includes virus and malware issues, but it goes so much further than that. Will you allow guest access to the network? Will you allow personnel to use personal mobile devices or flash drives? Can closets that will contain network devices be locked? Is there a secure room to contain the servers? Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: Cisco Support: IP Addressing and Subnetting for New Users, http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml Question #173 of 200 Question ID: 1123320 You need to ensure that the Web server always receives the same IP address from the DHCP server. What should you do? A) Create a DHCP reservation. B) Create a DHCP exclusion. C) Create a scope option. D) Create a DHCP scope. Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 181/212 4/18/22, 4:08 PM N10-007 Exam Simulation To ensure that a Web server always receives the same IP address from the DHCP server, you should create a DHCP reservation. A DHCP reservation is created at the DHCP server and is based on the MAC address of the leasing device. When the device connects to the network, it sends a DHCPRequest message that contains its MAC address. The DHCP server will then assign the IP address that is stipulated in the DHCP reservation. If the MAC address in the device changes for any reason, the DHCP reservation must be re-created. DHCP reservations are also referred to as MAC reservations. You should not create a DHCP scope. A DHCP scope is a range of IP addresses that a DHCP server can lease. You should not create a DHCP exclusion. A DHCP exclusion is an IP address that is in the configured DHCP scope that should not be assigned. Often IP addresses are excluded from a DHCP scope because the address is configured statically at a device. DHCP exclusions are also referred to as IP exclusions. You should not create a scope option. Scope options are configured for a scope to ensure that all devices that are part of the scope will receive certain settings. This is particularly useful for assigning the DNS server, router, and domain name information. By using scope settings, all devices that utilize DHCP will obtain these settings during the DHCP login process. Computers on your network can use static or dynamic IP address. If static addressing is used, all devices on the network will need to be manually configured with all IP address information, including IP address, default gateway, and subnet mask. This can require a large amount of administrative effort. In addition, it is often considered an inefficient use of an organization's allotted IP addresses because the IP addresses can only be used by the device on which they are statically configured. If that device in nonoperational, the IP address is not available for any other device to use. Dynamic addressing, on the other hand, allows a DHCP server to dynamically assign IP addresses when device's request them. The DHCP leases the IP address to the DHCP client. When the client device is turned off, it releases the IP address back to the DHCP server, thereby allowing another client device to lease that same address. The DHCP server can also assign other settings using server or scope options. Server options apply to all DHCP clients, regardless of which scope the clients are in. Scope options apply to all DHCP clients within a single scope. In some cases, your organization may need to deploy a DHCP relay agent. The DHCP relay agent permits DHCP clients and servers to be placed on separate networks. DHCP messages are IP broadcast to all computers on the subnetwork. But if your organization has multiple subnets, things get a bit complex because DHCP broadcast messages do not cross router boundaries. You can either deploy a DHCP server on each subnet (very expensive) or deploy DHCP relay agents on the subnets that do not have a DHCP server. DHCP IP helper addresses are IP addresses configured on a routed interface that allow the router to act as a DHCP relay agent. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices Question #174 of 200 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 Question ID: 1123422 182/212 4/18/22, 4:08 PM N10-007 Exam Simulation Which of the following would be the best recovery solution in the event that a network segment is unavailable? A) Redundant circuits B) Battery backup/UPS C) Power generators D) Dual power supplies Explanation Redundant circuits would be the best recovery solution in the event that a network segment becomes unavailable. The redundant circuit can provide a backup route if a NIC, cable, router, or switch fails. You can create a redundant circuit buy installing an additional NIC in a computer and connecting the second NIC to a different port on another switch. Battery backups or uninterruptable power supplies (UPSs) provide temporary power to a limited number of systems. UPSs are designed to provide enough power to allow an orderly shutdown of a system in the event of a power failure. Power generators activate when there is a loss of power. Power generators are usually gasoline or diesel engines, and will run as long as they have fuel and do not break down. They provide power for much longer periods of time than a battery backup or UPS. Dual power supplies provide redundancy in the event of a failure of one of the power supply units internally within a computer. The failure of the power supply on a mission-critical server can be catastrophic. Equipping such a server with a dual power supply will provide redundancy and increase uptime. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: Build Redundancy into Your LAN/WAN, http://www.itprotoday.com/management-mobility/build-redundancy-your-lanwan CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability Question #175 of 200 Question ID: 1123398 Which technology allows using label switching for routing frames? A) packet-switching B) circuit-switching C) MPLS D) point-to-multipoint Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 183/212 4/18/22, 4:08 PM N10-007 Exam Simulation Multiprotocol Label Switching (MPLS) is a WAN technology that allows using label switching for routing frames. It uses labelswitching routers and label-edge routers to forward traffic. In circuit-switching networks, the path over which communication occurs is decided upon before the data transmission starts. For the entire communication session between the two communicating bodies, the route is dedicated and exclusive, and released only when the session terminates. In packet-switching networks, the packets are sent towards the destination irrespective of each other. Each packet has to find its own route to the destination and finds its way using the information it carries, such as the source and destination IP addresses. A point-to-multipoint connection refers to communication between one station and many other stations. A point-to-multipoint connection can be a broadcast or non-broadcast communication. A point-to-point connection refers to a communications connection between two nodes or endpoints. Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: Multiprotocol label switching, http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching Question #176 of 200 Question ID: 1289212 What is a correct description of a honeypot system? A) a computer used to entice an attacker B) a test methodology used to reveal vulnerabilities C) a type of attack in which the target system is flooded with unauthorized service requests D) a tool used to detect alterations in system files Explanation A honeypot system is installed to entice potential attackers. A honeypot system is generally installed together with popular services and enabled ports behind a firewall in a demilitarized zone (DMZ). This system should be isolated to prevent it from hampering the operations of a protected network. The implementation of this system underlines the difference between the concepts of entrapment and enticement. Entrapment refers to inducing an intruder to commit an unintended crime. Enticement refers to the process of rendering a computer vulnerable to attacks by making popular ports and services available on the computer. A file integrity checker is a tool used to determine whether attackers have altered any files. Commonly they will alter either a computer's event and application logs or the critical system files. A file integrity checker allows quick analysis of a file to see if it has changed in any way. When security is compromised, an attacker often alters certain key files to provide continued access and prevent detection. First, you apply a message digest hash to key files at initial system creation. Later, you can check the files periodically to ensure that the file has not been altered. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 184/212 4/18/22, 4:08 PM N10-007 Exam Simulation Penetration testing is used to assess a system's capability to resist an attack and to reveal any system or network vulnerability. Penetration testing, which is also called ethical hacking, is the vulnerability assessment procedure performed by security professionals after receiving the management's approval. Penetration testing is the process in which security experts use security tools to identify system vulnerabilities. Ethical hackers use tools that have the potential to assess security flaws without exploiting the vulnerabilities in an organization's network infrastructure. The primary objective of penetration testing or ethical hacking is to assess the capability of the system to resist attacks and to reveal system and network vulnerabilities. Examples of penetration testing include war dialing, sniffing, and scanning. In a denial-of-service (DoS) attack, the target computer is flooded with unauthorized service requests. In this type of attack, an attacker floods target computers with multiple service requests until they run out of resources and cause the computer to either freeze or crash. A honeynet is an entire system or network of honeypots that are set up to entice attackers. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Honeypot (computing), https://en.wikipedia.org/wiki/Honeypot_(computing) CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks Question #177 of 200 Question ID: 1123420 Which term is used to describe the ability to respond to a single point of failure on a network? A) Loopback B) RAID C) Fault tolerance D) Clustering Explanation The ability to respond to a single point of failure on a network is called fault tolerance. Fault tolerance on servers involves hardware RAID, UPS systems, power conditioning, backups, and clustering. Fault tolerance refers to making sure that devices are safe from any kind of problem that might occur with them. It carries with it the ideas of redundancy, backups, clustering, power conditioning, RAID, and UPS systems that can keep computers up and running. Clustering and RAID are associated with fault tolerance on servers, rather than fault tolerance on a network. Loopback is a test in which data is sent from a source to a destination and then back to its source to determine if the path is working properly and data is accurate. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 185/212 4/18/22, 4:08 PM N10-007 Exam Simulation Network fault tolerance amounts to redundancy in both the network gear and the backbone links that connect wiring closets together. The key component for routers, switches, and hubs are redundant parts. Your goal with network gear is to look for single points of failure (SPOFs), and provide redundancy to make sure the network remains up and functional. To ensure a company's long term health in the event of a disaster, redundancy and offsite backups are two of the best tools to implement. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: What is fault tolerance, http://www.webopedia.com/TERM/F/fault_tolerance.html CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability Question #178 of 200 Question ID: 1289089 Currently, your company uses IPv4 across its enterprise. Your company is considering using IPv6 instead of IPv4. Which improvements does IPv6 provide over IPv4? (Choose two.) A) Some header fields have been dropped or made optional. B) Header fields have been made mandatory to reduce processing requirements. C) A new type of address is used to deliver a packet to a specific address node. D) The IP header options allow more efficient forwarding and less rigid length limits. E) The IP address size is increased from 64 bits to 128 bits with simpler auto-configuration of addresses. F) The IP address size increased from 128 bits to 156 bits with simpler auto-configuration of addresses. Explanation IPv6 (version 6), or IPng (next generation), offers the following improvements over IPv4: The IP address size increases from 32 bits to 128 bits. Some of the header fields have been dropped. Version 6 has less rigid length limits and the ability to introduce new options. Packets will indicate particular traffic type. Support will be provided for data integrity and confidentiality. The IPv6 header is 40 fixed bytes and has eight fields of information. Objective: Networking Concepts https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 186/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: IPv4 or IPv6 - Myths and Realities, http://www.ciscopress.com/articles/article.asp?p=1215643 Cisco Press article: Internet Addressing and Routing First Step, http://www.ciscopress.com/articles/article.asp? p=348253&seqNum=7 CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IP Version 6 Question #179 of 200 Question ID: 1289214 Which protocol is NOT capable of preventing a man-in-the-middle attack? A) IPSec B) rsh C) SSH D) HTTPS Explanation The remote shell (rsh) protocol is used to log on to remote computers and can be easily exploited by a man-in-the middle (MITM) attack because it neither provides encryption nor authentication of data. In a MITM attack, an intruder captures the traffic of an established connection to intercept the messages being exchanged between the sender and the receiver. The rsh protocol does not provide security because the traffic flows in clear text and not ciphertext. You can defend against a MITM attack by using strong encryption. Secure shell (SSH) provides security by authenticating before the exchange of secret keys. SSH is also known as encrypted telnet because it provides encryption of traffic exchanged between the sender and the receiver. Because encryption is used, SSH can prevent MITM attacks better than rsh can. HTTP Secure (HTTPS) is based on the secure socket layer (SSL) protocol. SSL is a two-layered protocol that contains the SSL Record Protocol and the SSL Handshake Protocol. SSL handshake provides an authentication mechanism before the exchange of credentials and prevents attacks, such as man-in-the-middle attacks, and uses certificates to validate the identities of both parties. HTTPS is used for online transactions. Internet Protocol Security (IPSec) is a security framework established to secure communication over insecure networks, such as the Internet. IPSec deploys an Internet key exchange (IKE) for key exchange and management. IKE manages the first phase of the key negotiation agreement and the secure exchange of keys as a part of the IPSec framework. IPSec prevents man-in-themiddle attacks through encryption and authentication. Objective: Network Security https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 187/212 4/18/22, 4:08 PM N10-007 Exam Simulation Sub-Objective: Explain common mitigation techniques and their purposes. References: What is a Man-in-the-Middle Attack and How Can You Prevent It?, https://www.globalsign.com/en/blog/what-is-a-man-in-themiddle-attack/ Question #180 of 200 Question ID: 1123411 You have changed the IP address scheme for two of your company's networks. In addition, the names of two servers have changed. Which change management documentation should you revise? A) network baseline B) logical network diagram C) wiring schematic D) physical network diagram Explanation You should only revise the physical network diagram. The physical network diagram includes cable lengths and types, server names, IP addresses, server roles, network equipment locations, and number of network users. An example of a physical network diagram is shown in the following exhibit: You should not revise the logical network diagram. The logical network diagram includes server roles, domain architecture, protocols used, and trust relationships. Server names and IP addresses are not included in the logical network diagram. An example of a logical network diagram is shown in the following exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 188/212 4/18/22, 4:08 PM N10-007 Exam Simulation You should not revise the network baseline. A network baseline includes performance statistics for your network. Changing the IP address scheme and server names will not affect the network baselines. A network baseline is not an exhibit, but a listing of performance statistics. You should not revise the wiring schematic. The wiring schematic emphasizes the flow of the network. It includes equipment symbols and lines that indicate the flow. Changing the IP address scheme and server names will not affect the wiring schematic. An example of a wiring schematic is shown in the following exhibit: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 189/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. References: What is a logical network diagram?, http://www.wisegeek.com/what-is-a-logical-network-diagram.htm What is a network diagram?, http://www.wisegeek.com/what-is-a-network-diagram.htm CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation Question #181 of 200 Question ID: 1123252 You are configuring a new small office home office (SOHO) at a small insurance office. After documenting the network requirements, you decide to use Network Address Translation (NAT) so that only one public address will be needed. You want to use the IANA-designated private IP address range that provides host IP addresses with a maximum of 16 bits. What is a valid host IP address in this range? A) 172.30.250.10 B) 11.0.1.0 C) 192.168.0.1 D) 10.251.250.100 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 190/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation Of the IP addresses listed, 192.168.0.1 is a valid host address within the range of IANA-designated private IP addresses that provide a maximum of 16 bits per host address. The IP address 11.0.1.0 is a public, or external, IP address. The Internet Engineering Task Force (IETF) is a working group that creates standards for the Internet. The IETF is divided into a number of smaller committees, including the Internet Assigned Numbers Association (IANA), which decides how the IP address space is used. The IANA has reserved three address spaces for private or internal IP addressing. Internal IP addresses are never assigned by the IANA for use on the public Internet. The private IP address ranges are as follows: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Note that the number after the slash (/) character is referred to as the network address prefix, which indicates the number of bits in the network address. Private IP addresses in the range 192.168.0.0/16 can be used as a Class B address space with a 16-bit network address and a 16-bit host address, or they can be subnetted into Class C addresses. Valid host IP addresses in this address space range from 192.168.0.1 through 192.168.255.254. The first 16 bits in the address correspond to the network address and the last 16 bits in the address correspond to the host address. The internal IP address range 10.0.0.0/8 provides IP addresses with an 8-bit network address and a 24-bit host address. The first 8 bits of a 10.0.0.0/8 internal IP address correspond to the network address, and the last 24 bits correspond to the host address. Valid host IP addresses in this address space range from 10.0.0.1 through 10.255.255.254. The address 10.251.250.100 is a valid host IP address in this range. The 172.16.0.0/12 private IP address range provides a 12-bit network address and a 20-bit host address. IP addresses in the range of 172.16.0.1 through 172.31.255.254 are valid host IP addresses for this address space; the first 12 bits correspond to the network address, and the last 20 bits correspond to the host address. The IP address 172.30.250.10 is a valid host IP address in the range 172.16.0.0/12. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IPv4 Addressing What is a Private IP Address?, http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm Question #182 of 200 Question ID: 1123475 Which technology provides centralized remote user authentication, authorization, and accounting? A) VPN B) Single sign-on C) RADIUS https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 191/212 4/18/22, 4:08 PM N10-007 Exam Simulation D) DMZ Explanation Remote Authentication Dial-In User Service (RADIUS) provides centralized remote user authentication, authorization, and accounting. A virtual private network (VPN) is a technology that allows users to access private network resources over a public network, such as the Internet. Tunneling techniques are used to protect the internal resources. A demilitarized zone (DMZ) is an isolated subnet on a corporate network that contains resources that are commonly accessed by public users, such as Internet users. The DMZ is created to isolate those resources to ensure that other resources that should remain private are not compromised. A DMZ is usually implemented with the use of firewalls. Single sign-on is a feature whereby a user logs in once to access all network resources. RADIUS is defined by RFC 2138 and 2139. A RADIUS server acts as either the authentication server or a proxy client that forwards client requests to other authentication servers. The initial network access server, which is usually a VPN server or dial-up server, acts as a RADIUS client by forwarding the VPN or dial-up client's request to the RADIUS server. RADIUS is the protocol that carries the information between the VPN or dial-up client, the RADIUS client, and the RADIUS server. The centralized authentication, authorization, and accounting features of RADIUS allow central administration of all aspects of remote login. The accounting features allow administrators to track usage and network statistics by maintaining a central database. Objective: Network Security Sub-Objective: Explain authentication and access controls. References: An Analysis of the RADIUS Authentication Protocol, http://www.untruth.org/~josh/security/radius/radius-auth.html CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Remote-Access Security Question #183 of 200 Question ID: 1289162 You have been hired as a consultant for the medium-sized business. As part of your duties, you need to make recommendations on changes to the network. You decide that you want to install agents on the network devices to monitor network traffic and record the behavior of network components. You will then use the statistical data that is gathered to make your recommendations. Which standard should you deploy? A) SMTP B) SNMP C) Token Ring D) X.25 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 192/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation Simple Network Management Protocol (SNMP) is a protocol that governs network management. The protocol reports on whether a device is functioning properly. Network management systems based upon SNMP contain two primary elements: a manager and agents. The manager is the console through which a network administrator performs network management functions. Agents are the entities that interface to the actual devices being managed. You would use an SNMP agent to monitor remote traffic through an access point. SNMP can monitor almost any type of network device, such as hubs, servers, interface cards, repeaters, and bridges. Threshold alarms can be set for all the parameters that the agent can monitor. X.25 is a WAN protocol that is used to create a continuous link between two offices. It employs switches, routes, and circuits to produce the best route to transfer data at any given time. Simple Mail Transport Protocol (SMTP) is an application protocol, so it operates at the top layer of the OSI model. SMTP is the default protocol for sending e-mail in Microsoft operating systems. POP3 and IMAP are the most popular protocols for receiving email protocols. SMTP provides client and server functions and works with the Internet and UNIX. It is used to send and receive messages. Token Ring networks follow the standards set forth in the IEEE 802.5 specification. SNMP has three versions: version 1, 2, and 3. SNMPv1 is widely used and is the de facto network-management protocol. SNMP is a simple request/response protocol. The network-management system issues a request, and managed devices return responses. This behavior is implemented by using one of four protocol operations: Get, GetNext, Set, and Trap. SNMPv1 used only one form of security, community names. Community names are similar to passwords. The main problems in version 1 are 1) the authentication of the message source, 2) protecting the messages from disclosure, and 3) placing access controls on the Management Interface Base database. SNMP v2 adds and enhances some protocol operations. SNMPv2 defines two new protocol operations: GetBulk and Inform. SNMP v2 also offered improved security. With SNMP v2, everything in the packet except for the destination address is encryptedSNMP v3 provides additional security and administrative capabilities. SNMPv3 provides three levels of security. The highest level is with authentication and privacy, the middle level is with authentication and no privacy, and the bottom level is without authentication or privacy. SNMP v3 is the best tool to use if you need to examine interface settings throughout various network devices in a secure manner. Objective: Network Operations Sub-Objective: Explain common scanning, monitoring and patching processes and summarize their expected outputs. References: What is SNMP?, http://www.tech-faq.com/snmp.shtml Comparison of SNMP v1, v2, and v3, http://www.linuxsecurity.com/content/view/122997/169/ CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Monitoring Resources and Reports https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 193/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #184 of 200 Question ID: 1289074 If your IPv6 host uses IPv6 Stateless Address Autoconfiguration, how does it install a default IPv6 route? A) Tunneling B) Router advertisement C) Dual stack D) Broadcasting Explanation IPv6 hosts use router advertisement to install a default IPv6 route when the hosts use IPv6 Stateless Address Autoconfiguration. When a device that uses both IPv4 and IPv6 joins a network, it sends a router solicitation (RS) message using ICMP to contact the local IPv6-capable router on the network. The local router is tuned into the all-router’s multicast group address, which is ff02::2, and will receive the RS message. The router immediately answers with a routing advertisement (RA) message using ICMP to the all nodes on the network. This uses the all nodes multicast group address, which is ff02::1. The router also sends the RA messages periodically (to keep the nodes informed of any changes to the addressing information for the LAN. Dual stack configurations are networks that run IPv4 and IPv6 simultaneously. When IPv6 is available, it becomes the primary protocol. Dual stack configuration is not a method of installing an IPv6 route. Tunneling allows you to transmit IPv6 traffic on an IPv4 network. The IPv6 traffic is encapsulated within an IPv4 packet. It is not an IPv6 addressing protocol. Broadcasting has been eliminated in IPv6 in favor of multicast. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: IPv6 Router Lifetime in Router Advertisements, https://support.symantec.com/en_US/article.TECH244214.html Question #185 of 200 Question ID: 1289198 You need to deploy 802.1x authentication that supports client-side digital certificates for authentication with access points. Which technology should you deploy? A) EAP-TLS B) WEP C) EAP-PEAP D) Cisco LEAP https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 194/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation Extensible Authentication Protocol with Transport Layer Security (EAP-TLS) authentication supports client-side digital certificates for authentication with access points. You can configure Cisco Aironet wireless clients with digital certificates for authentication with EAP-TLS authentication. The Cisco EAP-TLS authentication type can be configured on wireless clients that run Windows. If the wireless clients are working with other operating systems, a third-party software package must be installed to support EAP-TLS authentication. The EAP-TLS authentication type operates with a dynamic session-based WEP key. The dynamic session-based WEP key encrypts data with the key that is generated from the RADIUS authentication server or the client adapter. EAP-TLS uses Public Key Infrastructure (PKI) for encryption of data over the RF channel. You integrate the EAP-TLS authentication type with the use of Lightweight Directory Access Protocol (LDAP) for server-based authentication. WEP authentication does not work with client-side digital certificates. In WEP authentication, the client must be authenticated using the WEP key. EAP-PEAP authentication does not work with wireless access points. EAP-PEAP works with RADIUS servers. Cisco LEAP authentication does not work with client-side digital certificates. Both sides of the communication using Cisco LEAP share a per-session, per-user encryption key, not a digital certificate. For the Network+ exam, you also need to understand Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) and Protected Extensible Authentication Protocol (PEAP). PEAP will form an encrypted TLS tunnel using a certificate on the server. After the tunnel has been formed, PEAP will authenticate the client using EAP within the outer tunnel. EAP-FAST is Cisco’s alternative to PEAP. Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: 802.1x Offers Authentication and Key Management > 802.1x not the whole solution, http://www.wifiplanet.com/tutorials/article.php/1041171 Wireless Security, http://www.ciscopress.com/articles/article.asp?p=177383&seqNum=6 Question #186 of 200 Question ID: 1123575 You have been hired as a network technician. As part of your technician's kit, you have been issued a basic digital multimeter with no extra probes. What is the primary function of this device? A) connects RJ-45 jacks to an Ethernet cable B) measures the temperature of a chip on motherboard C) measures the light signal energy D) tests voltage https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 195/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation A digital multimeter is a tool that can test voltage. For example, you can use a digital multimeter to test the voltage output of a power supply or to test for breakage in a telephone or Ethernet cable. To use a digital multimeter to measure light signals or temperatures, you will need a light signal probe or temperature probe. A wire crimper is used to connect an RJ-45 connector to an Ethernet cable. An optical tester tool measures the amount of light signal energy being emitted from an optical cable. It is similar to a cable tester that is used for twisted-pair cable. This can also be referred to as a light meter. A digital infrared thermometer measures the temperature of a chip or motherboard system chassis. A punchdown tool is used to attach network wires to a punchdown block. A loopback adapter is used to test the functionality of a network port. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #187 of 200 Question ID: 1289264 Technicians have recently reported to you that the type of lighting in your company’s building can affect the network communication. Which of the following statements is TRUE? A) Incandescent bulbs emit high frequency electromagnetic waves that can resonate with 100 Mbps transmissions, causing them to amplify beyond the capacity of the media. B) The outer jacket of UTP and STP cable deteriorates when exposed to some types of fluorescent lighting. C) Halogen lights emit a full spectrum of light that can interfere with fiber-optic transmissions. D) Fluorescent lighting fixtures emit high levels of EMI. Explanation Fluorescent light fixtures emit high levels of electromagnetic interference (EMI). EMI is essentially noise that is picked up on the network cable. EMI from fluorescent lights can corrupt data; therefore, you should consider your choice of network cable carefully if you must place the cable near fluorescent lights. Halogen lights and incandescent bulbs do not interfere with fiber-optic transmissions. UTP and STP cable does NOT deteriorate in the presence of fluorescent lighting. EMI affects cable placement. Cable placement issues may vary depending on the type of media (twisted pair, coaxial, or fiber) used. You should avoid running https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 196/212 4/18/22, 4:08 PM N10-007 Exam Simulation cables near objects that may cause problems with the cabling. You should arrange cables to minimize interference. Ideally, Ethernet cables should not be placed close to high voltage cables, generators, motors, or radio transmitters. Often using shielded cabling will prevent this problem. You could also move the interfering device or the cable. Cross-talk is a specialized type of EMI caused by parallel runs of twisted-pair cables. The only solution to this problem is to change the path of the cables. Near-end crosstalk (NEXT) measures the ability of the cable to resist crosstalk. Most commercial cabling will give you the minimum NEXT values that are guaranteed. Far-end crosstalk (FEXT) measures interference between two pairs of a cable measured at the other end of the cable with respect to the interfering transmitter. Db loss (attenuation) in cabling occurs because the voltage decays slowly as the current travels the length of the cable. Therefore, the longer the cable run, the more Db loss occurs. The loss is predictable based on cable length. You should either decrease the cable length or install repeaters to reduce Db loss. Ensure that your cable runs do not exceed the maximum distance allowed. Repeaters could also be used to prevent this problem. Other physical connectivity problems can be caused by bad connectors, bad wiring, open or short circuits, splits in the cable, incorrect termination, incorrect use of crossover or straight-through cables (Tx/Rx reversal), split pairs in wiring, or SFP/GBIC (cable or transceiver) module failure. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Choosing an Optimal Location for Your Data Center: Electromagnetic Interference, http://www.ciscopress.com/articles/article.asp? p=417091 CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #188 of 200 Question ID: 1289297 You are troubleshooting a network problem in which users cannot connect to the Internet. The network diagram is as shown. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 197/212 4/18/22, 4:08 PM N10-007 Exam Simulation The activity lights on the hubs' ports connected to the router and the lights on the router's ports connected to the hubs are not lit. All other lights on both devices are lit. Which component is most likely to have failed? A) NICs B) modem C) hubs D) router Explanation A good troubleshooting step is to shorten the network and isolate the problem. You should first go to the middle of the network, disconnect the connections to the Internet, and start working backwards from the known good point. If the network operates, you know the problem is in the part of the network that you disconnected. This process can be repeated until the problem area is pinpointed. Once the connectivity problem is identified and corrected, re-initiate the devices so that they can update their network information. Because the activity lights are not lit on the connection between the router and hub, you can assume that the router is the problem. The hub is not the problem because the lights on the hub that connect the LAN computers are lit. Because you can see lights on the modem side of the router, you know the modem is working. If hardware failure occurs, then all the hosts that connect to the failed device will have issues. Once you isolate which device is having the problem, you should then troubleshoot that device to determine which hardware within the device has failed. For example, you might trace an issue to the switch and discover that a single GBIC module has gone bad. In this case, you would simply replace the GBIC module. Power failure is another common device issue, and can result in routers and switches being reset to the default factory settings. To prevent this problem, you should attach routers and switches to uninterruptible power supplies. In addition, you should back up the router and switch configuration to ensure that it can be easily restored if the configuration is reset to the default. Here are more common router and switch problems and their causes that you will need to be familiar with for the Network+ test: Switching loop - Because the Layer 2 header does not support a time to live (TTL) value, if a frame is sent into a looped topology, it can loop forever. You can implement the scanning tree protocol (STP) to prevent this looping. Port configuration - Each switch port is a single collision domain. If you improperly configure the ports, then communication on the appropriate domain may not be possible. VLAN assignment - This problem occurs when configuring the VLAN assignment on a client computer or device. Each VLAN is a separate collision domain. Make sure that client computers are configured with the appropriate VLAN to ensure that they can communicate within the collision domain. Bad/missing routes - This problem will cause routers to incorrectly forward packets. If bad routes are configured, the bad routes should either be reconfigured or deleted. Missing routes should be added. This is more of a problem on statically configured routers. Misconfigured DNS - If the wrong DNS information in configured, devices are unable to resolve a DNS name properly. The device or host will need to be reconfigured with the correct DNS information. For example, if an MX record is entered incorrectly, devices will be unable to access the mail server. Misconfigured DHCP - If the DHCP server in configured incorrectly, hosts will be obtaining incorrect IP information from this server. This could include incorrect IP address, subnet mask, default gateway, and even DNS server information. While a DHCP server makes it much easier to configure client's with their IP configuration information, a misconfigured component https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 198/212 4/18/22, 4:08 PM N10-007 Exam Simulation within the DHCP lease can cause communication problems from all DHCP clients. Also keep in mind that rogue DHCP servers, which are unauthorized DHCP servers, can also cause problems. If you suspect that there is an unauthorized DHCP server on the network, you will need to establish a plan to locate the rogue DHCP server. Cable placement - Cable placement issues vary depending on the type of media (twisted pair, coaxial, or fiber) used. You should avoid running cables near objects that may cause problems with the cabling. Simultaneous wired/wireless connections - Some organizations have both wired and wireless networks in use. Client computers, though, should connect to only one of these types of networks. If you want to use a wired connection, you should plug into that network. If a wireless network is in range, your computer may attempt to connect to the wireless network as well if you have enabled the connect automatically feature. Discovering neighboring devices/nodes - Most devices have the ability to discover neighboring devices or nodes by using the appropriate routing protocol. It may be necessary to enable multiple routing protocols based on the types of devices to which you must connect. NIC teaming misconfiguration - Also known as load balancing and failover (LBFO), NIC teaming allows multiple network interface cards (NICs) in the same computer to be placed into a team for bandwidth aggregation and traffic failover to prevent connectivity loss in the event of a network component failure. Active-active versus active-passive - In an active-active NIC team, both NICs work together managing network traffic. In an active-passive NIC team, one NIC is the primary NIC. The other NIC is only brought over in a failover situation when the primary NIC is down. Multicast versus broadcast - Multicast enables a single device to communicate with multiple hosts. Broadcast occurs when a single device communicates with a single host. Other issues you should consider are bad cables, bad modules, improper cable selection, interface errors, incorrectly configured interfaces, incorrectly configured subnet masks or gateways, and duplicate IP addresses. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #189 of 200 Question ID: 1289219 Which one of the following mitigation techniques reduces the attack profile of a device or network? A) Role separation B) Honeypot C) File integrity monitoring D) Penetration testing https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 199/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation Role separation involves dividing server duties amongst two or more servers to reduce an attack profile. For example, if a server running the Active Directory, DNS, and DHCP roles went down, all those services would be unavailable. If, on the other hand, Server A hosted Active Directory, Server B hosted DNS, and Server C hosted DHCP, an attack that brought Server B down would not affect the other services. Because fewer services are hosted on a single device or network, there are fewer services to attack. Attack profiles are also referred to as attack surfaces. Other ways to reduce the attack surface include disabling scripting types, closing unneeded ports, and turning off unneeded virtual servers. Penetration testing is using hacking methodologies and tools to test the security of a client’s network on behalf of the client. Penetration testing can also be provided by in-house experts. Penetration testing does not affect an attack profile. File integrity monitoring helps to identify unauthorized changes to files. The monitoring process looks at such events as if or when a file was changed, who made the change, the nature of the change and what can be done to restore the file to the pre-change state. File integrity monitoring does not affect an attack profile. Honeypots and honeynets are closely related concepts. A honeypot is a file or object on a network designed to lure in a hacker, often to divert attention from other resources. An example would be a directory called “Passwords” containing useless passwords. The hacker would spend a lot of time on unsuccessful login attempts. A honeynet is a network of honeypots. Honeypots and honeynets increase the attack surface by providing false targets for an attacker. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Best Practices for Securing Site Systems, https://technet.microsoft.com/en-us/library/bb694127.aspx Question #190 of 200 Question ID: 1289260 You are troubleshooting a connectivity problem on an Ethernet network that contains both NetWare and Windows servers. A Windows 7 client cannot connect to the Internet or any network resources. However, other computers on the same subnet as the client can access network resources and the Internet. You issue the ipconfig command at the workstation and find that the IP address is 169.254.184.25 and the subnet mask is 255.255.0.0. This IP network and subnet are different from the IP network and subnet that other computers on the same segment are using. What is the most likely problem? A) The client obtained the IP address from a NetWare server. B) The client obtained the IP address from a Windows server. C) The client selected the IP address using APIPA. D) The client obtained the IP address from a DHCP server it found on the Internet. Explanation https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 200/212 4/18/22, 4:08 PM N10-007 Exam Simulation Automatic Private IP Addressing (APIPA) is a feature of Windows operating systems that enables a system to automatically assign itself an IP address when a DHCP server is not available. APIPA acts as a DHCP failover mechanism, making support easier for small local area networks. If APIPA addresses are in use, you should discover why the DHCP server cannot be contacted. The problem could be with the connection to the DHCP server or with the DHCP server itself. APIPA uses the Address Resolution Protocol (ARP) to select a unique IP address in the reserved address range of 169.254.0.0 to 169.254.255.255 and a subnet mask of 255.255.0.0 when no DHCP server is available. Once the system has assigned itself an IP address, it can communicate with other devices on the LAN using TCP/IP, provided the devices are either configured for APIPA or manually set to the correct address range and a subnet mask. NetWare and Windows servers do not issue IP addresses to clients unless DHCP services are running on the server. If DCHP services were running and properly configured on one of the servers, the client would have obtained an IP address in the proper address range. It is unlikely that the client obtained the IP address from a DHCP server it found on the Internet because firewalls normally restrict DHCP requests to the local networks, and because the address is within a reserved IP address range. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: APIPA, http://compnetworking.about.com/cs/protocolsdhcp/g/bldef_apipa.htm How to use automatic TCP/IP addressing without a DHCP server, http://support.microsoft.com/kb/220874 CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #191 of 200 Question ID: 1289118 Your company wants to upgrade its twisted pair (TP) cable network to handle up to 10 GB data rates over the same distances (up to 90 meters) from switches to network nodes. Which TP category type must the company deploy to meet its requirements? A) Cat4 B) Cat6a C) Cat3 D) Cat6 E) Cat5e Explanation The company must deploy Cat6a to meet its requirements. Cat6a, which stands for Category 6 Augmented, makes use of better conductors and shielding to support the nominal 100 meter (90 meter cable run) distances for data rates up to 10 Gbps. Thus, it is https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 201/212 4/18/22, 4:08 PM N10-007 Exam Simulation the only correct answer to the question. Cat6 cables can support data rates of up to 10 Gbps, but only over nominal cable runs of up to 55 meters. A nominal cable run of up to 55 meters means physical cable runs of only 45 meters, with the standard holdovers for access to the patch panel on one end, and the device on the other end. Cat6 cannot accommodate the 10 Gbps data rate over distances of up to 90 physical /100 nominal meters. Cat5e stands for Category 5 Extended. Cat 5e reflects this modified version of Cat5 cable’s ability to accommodate date rate of up to 1 Gbps. By contrast, standard Cat5 supports data rates only up to 100 Mbps. Cat5e, while still very popular, cannot accommodate the 10 Gbps data rate required. Cat3 cables can deliver data rates up to 10 Mbps over nominal cables runs of up to 100 meters. Cat3 cannot support the required data rate. There is no wiring technology referred to as Cat4 cables. The increasing numbers for the twisted pair cable categories indicate increasing bandwidth handling capabilities and maximum data rates (aka data transmission speeds) for those types of wiring. Thus, a reasonably knowledgeable networker would be able to guess that given a requirement for 10 GB data rates in a new deployment, only the highest numbered TP categories – namely Cat6 and Cat7 – might be able to meet them. In fact, Cat6, Cat6a, and Cat7 all can handle 10 GB data rates, but only Cat6a and Cat7 can deliver them over wire runs of up to 100 meters. Of those 100 meters, 90 count for the cable run from the patch panel to the wall jack, plus an additional 5 meters between each jack and its attached device (there are usually two of these, so the longest cable run must be reduced accordingly). Cat7 is not offered as an option here, because its ability to deliver 10 Gbps over the required cable run lengths is contingent upon using all conductors in the Cat7 GigaGate45 (GG45) connectors it uses, which are not backwards compatible with standard RJ-45 connectors for such usage. However, the GG45 conductor works fine at 1 Gbps rates in standard RJ-45 connectors. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: Demystifying Ethernet Types—Difference Between Cat5e, Cat6, and Cat7, https://planetechusa.com/blog/ethernet-differentethernet-categories-cat3-vs-cat5e-vs-cat6-vs-cat6a-vs-cat7-vs-cat8/ Unshielded Twisted Pair (UTP) – CAT 1 to CAT5, 5E, CAT6 & CAT7, http://www.firewall.cx/networking-topics/cabling-utp-fibre/112network-cabling-utp.html Question #192 of 200 Question ID: 1123409 You have recently been hired as a network administrator. Soon after starting at the new company, you realize that not all appropriate network documentations has been created. Specifically, you need to set for the network rules, including the who, what, and when of the rules. Which configuration management documentation should you create? https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 202/212 4/18/22, 4:08 PM N10-007 Exam Simulation A) policies B) baselines C) procedures D) regulations Explanation Policies set forth the network rules, including the who, what, and when of the rules. Policies tell what the rules are, who is covered by the rule, and when the rule applies. Baselines are primarily used to identify performance issues. They are actually performance statistics used for comparative purposes. By establishing a performance baseline, you can ensure that performance issues are identified much more easily in the future. Procedures set forth the steps that must be taken to enforce the policies. Procedures tell how to achieve the desired results. Regulations are governmental guidelines that are written by federal or state agencies based on the laws passed by federal or state government. Regulations are established by entities outside the network owner. Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. References: Difference between policy and procedure, http://www.differencebetween.net/miscellaneous/difference-between-policy-andprocedure/ Question #193 of 200 Question ID: 1289163 You have recently been hired by a small company to assess its network security. You need to determine which TCP/IP ports are open on the network. Which tool should you use? A) a wardialer B) a packet analyzer C) whois D) a port scanner Explanation You can use a port scanner to determine which Transmission Control Protocol (TCP) ports are open on a private network. A port scanner is a device that automatically attempts to communicate with different protocols over all ports and records which ports are open to which protocols. For example, File Transfer Protocol (FTP) generally communicates over port 21. For security reasons, https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 203/212 4/18/22, 4:08 PM N10-007 Exam Simulation however, an administrator might close port 21 and map FTP traffic to a different port. By attempting FTP communications over all ports, a port scanner might allow a hacker to find the open FTP port and bypass the security measure. You can also use stealth scanning and port scanning to determine which operating systems are being used on a network. You can use a packet analyzer to capture packets on a network to analyze the types of messages that are being transmitted over your network. Keep in mind that a packet analyzer will allow you to obtain lots of information about your network, including IP addresses and MAC addresses. Protocol analyzers can assist in identifying top talkers (sources), top listeners (destinations), and top protocols in use. A network analyzer is similar to a packet analyzer but gathers overall information about the network, instead of individual packets. Network analyzers are useful when needing to locate possible outages when trying to reach a cloud-based system. You can use wardialing to determine the telephone numbers of the modems on a company network. Whois can be used to determine information about a Domain Name Service (DNS) domain, such as contact information for domain administrators and the DNS name servers that are used to resolve a domain name to an Internet Protocol (IP) address. Other tools that you need to be familiar with for the Network+ exam include: Interface monitoring tools - monitors interfaces on switches, routers, or other network devices to obtain statistics. Packet flow monitoring tools - monitors the flow of traffic to help you determine the types of traffic that are being transmitted over your network. This tool is particularly useful in helping you to determine when to isolate certain devices and computers on a separate network or virtual LAN (VLAN). Security Information and Event Management (SIEM) - provides real-time analysis of security alerts generated by network hardware and applications. It is a software tool, an appliance, or a managed service. It allows a company to aggregate its security logs to make analysis easier. Environmental monitoring tools - includes tools that are used to monitor temperature and humidity. These can be used in data centers or manufacturing facilities to maintain a certain temperature and humidity level for proper operation of machinery or computers. Facilities managers are most often responsible for operating and managing these tools. Power monitoring tools - monitors the power that is supplied. These tools can monitor an entire facility, an individual room or data center, or even an individual device. They can even be configured to trigger a backup generator or power supply in the event that a blackout or brownout occurs. Wireless survey tools - provides analysis of what radio frequency is currently in use. They can also identify wireless channels in use. These tools are used to carry out war-dialing attacks. These tools perform site surveys. Wireless analyzers - identifies wireless problems, including signal loss, overlapping channels, unacceptable signal to noise ratios, rogue APs, and power levels. Objective: Network Operations Sub-Objective: Explain common scanning, monitoring and patching processes and summarize their expected outputs. References: Introduction to Port Scanning, http://netsecurity.about.com/cs/hackertools/a/aa121303.htm Penetration Testing and Network Defense: Performing Host Reconnaissance, http://www.ciscopress.com/articles/article.asp? p=469623&seqNum=3 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 204/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #194 of 200 Question ID: 1289087 You need to assign a virtual IP address to an Internet server. What are valid reasons for doing so? (Choose all that apply.) A) To permit multiple servers to share the same address B) To provide a generic address for immediate access C) To permit the same address to access multiple domain names D) To permit a single network interface to service multiple incoming service requests E) To eliminate host dependencies on specific, individual network interfaces Explanation Usually abbreviated VIPA, a virtual IP address is a single IP address that may be shared among multiple domain names or servers. By assigning a virtual IP address to a host, it no longer needs to depend on specific individual network interfaces. Incoming packets target the host’s VIPA, but all are routed through to actual, specific network interfaces. VIPA thus helps to provide load balancing for incoming traffic, where switches or routers behind the scenes can distribute them evenly among a pool of available network interfaces. Although a VIPA does provide a kind of generic address for multiple domain names or servers, it does not guarantee immediate access. Access will always depend on queue depth and latency of the receiving switch or router that handles and forwards incoming service requests. A VIPA does not permit a single network interface to service multiple incoming service requests. A single network interface can only service one incoming service request at a time. The VIPA allows a device to hand off incoming service requests quickly to multiple network interfaces, thereby giving the appearance of multiplicity, but this does NOT mean a single network interface can handle more than one incoming request at a time. Fast serialization is not equivalent to parallel processing. A primary advantage of VIPA is to eliminate host dependencies on specific, individual network interfaces. Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: Virtual IP address, http://tools.ietf.org/html/rfc2373#section-2.5.1 Virtual IP address, https://www.pcmag.com/encyclopedia/term/53922/virtual-ip-address Question #195 of 200 https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 Question ID: 1289277 205/212 4/18/22, 4:08 PM N10-007 Exam Simulation You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war-driving methods. You need to protect against this type of attack. What should you do? (Choose all that apply.) A) Disable SSID broadcast. B) Configure the network to use authenticated access only. C) Change the default SSID. D) Configure the WEP protocol to use a 128-bit key. Explanation You should complete the following steps to protect against war-driving attacks: Change the default SSID. Disable SSID broadcast. Configure the network to use authenticated access only. You should not configure the WEP protocol to use a 128-bit key. In recent years, WEP has been proven to be an ineffective security protocol for wireless networks, regardless of whether you use low or high encryption. It is a protocol that is very easy to crack using a brute force attack. Some other suggested steps include the following: Implement Wi-Fi Protected Access (WPA) or WPA2 instead of WEP. Reduce the access point's signal strength. Use MAC filtering. War driving is a method of discovering 802.11 wireless networks by driving around and looking for open wireless networks. NetStumbler is a common war-driving tool. For the Network+ exam, you need to understand the following wireless security concepts and how to harden the wireless network: WEP, WPA/WPA2, TKIP, AES, 802.1x, TLS/TTLS, and MAC filtering. WEP - You should avoid this protocol because it is easy to crack. Instead you should use WPA or WPA2. WEP uses a 64-bit (low encryption mode) or 128-bit (high encryption mode) key. WPA/WPA2 - WPA uses Temporal Key Integrity Protocol (TKIP) while WPA2 is capable of using TKIP or the more Advanced Encryption Standard (AES) algorithm. WPA was created as a more secure alternative to WEP. WPA2 is stronger than WPA but requires more processing power. Use WPA2 if all the devices are capable of it because it provides the maximum protection. The only time that using WPA would be sufficient is when your access point or other devices are not capable of supporting WPA2. Enterprise - This version of WPA2 uses security certificates and requires the use of a Remote Authentication Dial-In User Service (RADIUS) authentication server. Personal - This version of WPA2 provides adequate protection for a small office or home network. 802.1x is an authentication method that can be used on both wired and wireless LANS. An 802.1x client attaches to an 802.1x supplicant (a wireless router or switch), which then forwards the request to an authenticator (a RADIUS server). Transport Layer Security (TLS) and Tunneled Transport Layer Security (TTLS) can be implemented with EAP. TLS requires a client certificate, while TTLS does not. TTLS uses a tunnel to connect the server to the client.MAC filtering allows or denies a wireless connection https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 206/212 4/18/22, 4:08 PM N10-007 Exam Simulation based on the client's Media Access Control (MAC) address. The most popular form of MAC filtering will only allow connections to devices that are contained in the list. In this case, you must add any new devices specifically to the MAC filter list on the access point to allow the devices to connect. In contrast, you can configure a deny list, which specifically denies connections to devices with the MAC addresses listed. This form of MAC filtering is not used as much. Let's look at an example regarding MAC filtering. Suppose encrypted wireless access points are used at a retail location for inventory and price verification. If the retail location is located in a mall, unauthorized access to the wireless network could be a constant problem. If a finite known number of approved mobile devices are allowed to access the store's wireless network, the best security method to implements on the access points would be MAC filtering whereby only those specifically allowed devices would be able to connect. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Securing Wireless LANs Question #196 of 200 Question ID: 1289054 You administer your company's network, which is connected to the Internet. A firewall is configured between the company network and the Internet. You want to prevent users on the Internet from using HTTP to connect to computers on the company network. Which well-known TCP port should you block to prevent Internet users from entering the company's network on that port? A) 80 B) 21 C) 23 D) 119 Explanation You should configure the firewall to block access to Transmission Control Protocol (TCP) port 80 in order to prevent Internet users from using HTTP to enter the company's network on that port. Because TCP port 80 is the well-known port number that is assigned to Hypertext Transfer Protocol (HTTP), configuring the firewall to block transmissions through port 80 will prevent HTTP communications from entering the network. Although well-known ports have been established as the standard ports for certain protocols, a protocol does not have to use the well-known port. For example, HTTP is often reconfigured to use port 8080. File Transfer Protocol (FTP) uses two TCP ports: port 20, which is used for data transmissions, and port 21, which is used for control information. If you block port 21, then FTP control information cannot be transferred to the network. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 207/212 4/18/22, 4:08 PM N10-007 Exam Simulation If you block port 23, then Internet users will not be able to connect to computers on the company's network by using the Telnet protocol. Network News Transfer Protocol (NNTP), which uses port 119, is the protocol in the TCP/IP protocol suite that enables the transfer of network news files between network news clients and network news servers. If you block port 119, then users on the Internet will not be able to use NNTP to connect to servers on the company's network. Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications What is port 80?, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212808,00.html https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 208/212 4/18/22, 4:08 PM N10-007 Exam Simulation Question #197 of 200 Question ID: 1123380 Your company has implemented a firewall that only examines the packet header information. Of which type of firewall is this an example? A) kernel proxy firewall B) stateful firewall C) packet-filtering firewall D) application-level proxy firewall Explanation A packet-filtering firewall only examines the packet header information. A stateful firewall usually examines all layers of the packet to compile all the information for the state table. A kernel proxy firewall examines every layer of the packet, including the data payload. An application-level proxy firewall examines the entire packet. Packet-filtering firewalls are based on access control lists (ACLs). They are application independent and operate at the Network layer of the OSI model. They cannot keep track of the state of the connection. A packet-filtering firewall only looks at a data packet to obtain the source and destination addresses and the protocol and port used. This information is then compared to the configured packet-filtering rules to decide if the packet will be dropped or forwarded to its destination. When implemented on a firewall, port security specifically allows or denies traffic based on which port is being used. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Firewall, http://www.topbits.com/firewall.html CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #198 of 200 Question ID: 1123390 Which of these provides the communication framework for data transfer in a storage area network (SAN) while minimizing costs? A) FCoE B) Load balancer C) InfiniBand D) iSCSI https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 209/212 4/18/22, 4:08 PM N10-007 Exam Simulation Explanation The Internet Small Computer Systems Interface (iSCSI) protocol is used in storage area networks (SANs), local area networks (LANs), wide area networks (WANs), and the Internet. It provides the communication framework, allowing SCSI commands to transmit over an IP network. Fiber Channel over Ethernet (FCoE), as the name implies, deploys Fiber Channel frames in Ethernet networks. By encapsulating the frames, Fiber Channel can utilize 10Gb Ethernet. FCoE is more expensive than iSCSI. A load balancer can be used to divert incoming web traffic, based on content, to specific servers. This will reduce the workload on the primary server. The destination server is determined by data in Transport layer or Application layer protocols. Distribution can be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest response time. InfiniBand provides high-speed, low latency, communication between CPUs and input/out devices. InfiniBand allows for 2.5 Gb/s and supports up to 64,000 addressable devices. Objective: Infrastructure Sub-Objective: Explain the purposes of virtualization and network storage technologies. References: iSCSI and FCoE: A Comparison, https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-seriesswitches/white_paper_c11-495142.html Question #199 of 200 Question ID: 1123522 Which of the following systems would be best isolated on a separate network segment? A) Kerberos B) VoIP C) RADIUS D) legacy systems Explanation Legacy systems would be best isolated on a separate network segment. Network segmentation limits the exposure of these systems and reduces the attack surface by limiting it to only specific groups of users. In addition, you could configure the legacy systems so that they can only be accessed remotely using secure shell (SSH) or some other secure remote access technology. It is not necessary to isolate any of the other listed systems on a separate network. Kerberos, Remote Authentication Dial-In User Service (RADIUS), and Voice over Internet Protocol (VoIP) are designed to be implemented on corporate networks without segmenting them from regular network traffic. https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 210/212 4/18/22, 4:08 PM N10-007 Exam Simulation Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Network Segmentation Solution Brief, https://www.paloaltonetworks.de/content/dam/paloaltonetworks-com/en_US/assets/pdf/techbriefs/network-segmentation-solution-brief.pdf Question #200 of 200 Question ID: 1289182 Which of the following computing technologies is most likely to fall under the U.S. government's export administration regulations designed to protect the sale or transfer of commodities, technology, information, or software considered of strategic importance to the U.S.? A) Web page design tools B) Encryption tools C) File compression techniques D) Deduplication software Explanation Encryption tools are most likely to fall under the U.S. government’s export administration regulations. Since the days of the Cold War, the US and western powers established a variety of export control regulations to keep cryptography out of the hands of the Soviet bloc countries. To this day, the US Commerce department maintains restrictions on cryptographic methods for applying security to data communications or storage, proofs of identity, or public/private key management and exchange. Web page design tools do not embed, include or make use of encryption technologies. They use commercially available options that are already regulated. Web page design tools are not subject to export administration regulations from the U.S. government. File compression tools are only used to make the size of files needing to be transmitted or stored. They are not subject to export administration regulations from the U.S. government. Deduplication software prevents the duplication of software. It is not subject to export administration regulations from the U.S. government. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 211/212 4/18/22, 4:08 PM N10-007 Exam Simulation Encryption and Export Administration Regulations (EAR) https://www.bis.doc.gov/index.php/policy-guidance/encryption Crytography Export Restrictions https://technet.microsoft.com/en-us/library/cc962022.aspx CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Best Practices https://www.knowledgehub.com/education/test/print/61961273?testId=205855659 212/212