4/18/22, 4:07 PM N10-007 Exam Simulation QBank Quiz April 18, 2022 Question #1 of 200 Test ID: 205855163 Question ID: 1289281 Your organization has several wireless access points located in the building. Access point usage is based on department membership. Many users report that they are able to see multiple access points. You research this issue and discover that their computers are not connecting to the appropriate access point due to an SSID mismatch. You must ensure that the computers connect to the correct access point if that access point is available. Computers should be able to connect to other access points only if their main access point is down. What should you do? A) Configure the preferred wireless network on the user's computer. B) Reduce the signal strength on the wireless access points. C) Ensure that the wireless access points in close proximity use different channels. D) Configure MAC filtering on the wireless access points. Explanation You should configure the preferred wireless network on the user's computer. After this is completed, the user's computer will automatically connect to the preferred wireless network if it is available. If a computer is connected to the wrong SSID, you need to change to the correct access point and then set that access point as the preferred network. You should not reduce the signal strength on the wireless access points. This could possible cause some users to be unable to connect to their access point. You should not configure MAC filtering on the wireless access points. Because the scenario specifically states that computers should be able to connect to other access points, you would have to ensure that the MAC address of all possible computers are configured on every access point. MAC filtering is a security mechanism that only allows connections that match the ACL. You should not ensure that the wireless access points in close proximity use different channels. This would have no effect on which access point the computers use. Each frequency has different channels that can be used. If the client attempts to connect to an access point using an incorrect channel, the connection will be unsuccessful. The channel used by the clients and the access point must be the same. Keep in mind that you should not user overlapping channels when implementing access points that use the same frequency. For each frequency, there is a certain number of non-overlapping channels that you should use. If you implement wireless networks, you may want to include a wireless analyzer as part of your toolkit. A wireless analyzer can identify problems such as signal loss, overlapping or mismatched channels, unacceptable signal to noise ratios, rogue APs, and power levels. For the Network+ exam, you also need to understand the following wireless issues: Untested updates - Any updates to wireless network devices should be thoroughly tested before deployment on the network. This includes any firmware updates. Open networks - Open networks are commonly deployed in public areas, such as libraries, coffee shops, and retail establishments, to provide a service to customers. However, you should use extreme caution when using open, unsecured networks as any communication can be intercepted and read. Companies should adopt a policy that clearly states whether personnel can connect to open networks using company-issued devices, including laptops, cell phones, and other mobile devices. Wrong antenna type - Antenna types can affect the area that a wireless signal will cover. Unidirectional antennas only transmit in a single direction, while omnidirectional antennas transmit in a defined radius from the antenna placement. In both cases, you should ensure that the wireless access point is placed in an area where the antenna type will be most effective. Incompatibilities - Incompatibilities usually occur when you deploy a device, update, or application that is incompatible with the clients on your wireless network. It may be necessary to roll back the update, remove the application, or reconfigure the device. If you deploy devices, updates, or applications in a testing environment first, you should be able to discover these issues before live deployment. Multiple in, multiple out (MIMO) - MIMO is deployed in 802.11n wireless networks. It uses separate antennas for outgoing and incoming transmissions. MIMO increases reliability and throughput. Access point (AP) configurations Lightweight Access Point Protocol (LWAPP) - LWAPP is a protocol that allows a wireless LAN controller (WAC) to manage and control multiple wireless access points. Control And Provisioning of Wireless Access Points (CAPWAP) is a newer alternative to LWAPP. Thin vs thick - Thick access points handle a wide array of tasks in software, each a separate IP address wired directly into Ethernet switches, If WLAN controller is deployed, the access points no longer have to handle as many tasks because they can be handed off to the WLAN controller. When a WLAN controller is used, the APs are referred to as thin APs. Objective: Network Troubleshooting and Tools https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 1/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: Unified Wireless Network: Troubleshoot Client Issues, http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809d45a2.shtml#c1 Question #2 of 200 Question ID: 1289119 You need to deploy a fiber distribution panel offer for datacenter, remote office, or local area networking use. Which of the following features are NOT important for such uses? (Choose all that apply.) A) Cable storage B) Cable termination C) Support for GBIC connectors D) Cable splices E) Support for SFP+ F) Bulkhead adapters and receptacles Explanation Support for SFP+ and for GBIC connectors is not important for such uses. These two options represent connectors used at endpoints, such as routers, switches, and network interfaces, not connectors or functions present in FDPs themselves. GBIC connectors are used for end-point termination at a device interface of some kind. They are neither typically used nor necessary on a fiber distribution panel. SFP+ stands for the enhanced, or plus, version of the small form-factor (hot) pluggable (or SFP) fiber optic connector. Such connectors are used for endpoint connections, not in FDPs where no optical-to-digital or digital-to-optical conversion need necessarily occur. A fiber distribution panel (FDP), also known as a fiber optic distribution panel, offers the following for datacenter, remote office, or local area networking use: Cable termination - FDPs usually provide a common point for terminating fiber optic cables so that they may be connected to fiber optic terminal equipment, such as switches, routers, and network interfaces of all kinds. Bulkhead adapters and receptacles - In an FDP, distribution pigtails with their single connectors (the other end will be spliced to another fiber optic cable coming either from off or on the current premises) are routed through cable distribution trays or cable management trays and will be terminated in bulkhead adapters and attendant receptacles. Cable splices - FDPs provide facilities for mounting and protecting fiber optic cable splices, including clamps and mounts to secure spliced cables. They may also include one or more splice trays, where spliced cross- or pass-through fiber optic connections may be stored. Splice trays also usually house the splice chips used to create necessary fiber optic cable splices on location. Cable storage - FDPs usually include cable reels for storing pigtails and patch cables, and may include other cable storage space and options as well. Often, splice tray(s) and extra cable storage is provided at the bottom of an FDP chassis. FDPs offer fiber optic cable management, cable routing, and cable control for high-density fiber optic deployments. In particular, FDPs generally provide space for fiber optic cable termination, fiber optic cable storage (for pigtails and patch cables), fiber optic cable splices (up into the hundreds, depending on the specific FDP under consideration or in use), and access to bulkhead adapters and receptacles for fiber optic cables. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: ADC Fiber Optic Panel FL2000 Series User Manual, https://www.manualsdir.com/manuals/32543/adc-fiber-optic-panel-fl2000-series.html Question #3 of 200 Question ID: 1289081 You have been hired as a network administrator for a large corporation. This network includes a large number of switches that must be identically configured. In the past, this information has been configured manually. You want to automatically propagate the VLAN information to all switches on the LAN. What should you use? (Choose two.) A) VTP https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 2/142 4/18/22, 4:07 PM N10-007 Exam Simulation B) STP C) 802.1q D) link aggregation Explanation To automatically propagate VLAN information to all switches on the LAN, you should use VLAN Trunking Protocol (VTP), which is also referred to as 802.1q. VTP configuration will prevent the VLAN information from having to be manually configured on all of the switches. VTP allows two switches to share VLAN information. One of the VLANs is called a native VLAN, also referred to a default VLAN. Frames belonging to the native VLAN are sent unaltered over the trunk with no tags. However, to distinguish other VLANs from one another, the remaining VLANs are tagged. The native VLAN will default to VLAN 1. To separate out any of your user traffic from your network management traffic, you may want to change the native VLAN number to be some other value. Changing your native VLAN is a common mitigation technique. The VTP information is carried over a trunk connection that is implemented based on the 802.1q standard. This allows traffic for multiple VLANs to travel over a single connection. Link aggregation combines multiple physical connections into a single logical connection, thereby alleviating congestion on the physical connections. Spanning Tree Protocol (STP) is used to prevent loops by blocking data from flowing over one or more switch ports. There are two types of STP: spanning tree (802.1d) and rapid spanning tree (802.1w). 802.1d is an older standard that was designed when a minute or more of lost connectivity was considered acceptable downtime. In Layer 3 switching, switching now competes with routed solutions where protocols such as Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) provide an alternate path in less time. A layer 3 switch is the best option when you need to re-route multicast and unicast communication caused by a disruption of service when a network is failing redundancy at the main distribution frame (MDF). The 802.1w protocol was developed to improve performance. 802.1w bridges are fully distributed while 802.1d switches agree on a root port. This root port acts differently than the other switches and is responsible for the network's connectivity. 802.1w defines roles for the ports and a new bridge protocol data unit (BPDU) format, which introduces the proposal/agreement mechanism. BPDU's handling and convergence is different in each protocol. 802.1w introduces these new features: Rapid Transition To Forwarding State - includes new Edge Ports and Link Types variables. Uplink Fast - distinguishes between port roles and uses alternate ports. By default, unknown unicast and multicast traffic is flooded to all Layer 2 ports in a VLAN. This unknown traffic flooding can be prevented by blocking unicast or multicast traffic on the switch ports. However, keep in mind that there may be cases in which you need to use unicast or multicast traffic. You can also configure forwarding and blocking on a switch port. If you configure forwarding, certain types of traffic based on the rules you configure will be forwarded to a certain port. If you configure blocking, certain types of traffic can be blocked from a switch port. For the Network+ exam, you also need to understand Link Aggregation Control Protocol (LACP), also referred to as 802.3ad. LACP supports automatic link configuration and prevents an individual link from becoming a single point of failure. With this protocol, traffic is forwarded to a different link if a link fails. You can manually or automatically assign the IP address for the switch. Automatic configuration uses a DHCP server to obtain the IP address and all other information that you have configured the DHCP server to assign. The DHCP server does not have to be on the same subnetwork as the switch. If you manually configure the IP address, you need to ensure that all settings are correct. Switches should be given their own IP address and default gateway to use so that they can be remotely managed. For IP address assignment for devices attached to the switch, some switches can also be configured to act as a DHCP server and assign IP addresses to attached devices. However, you must ensure that the DHCP ranges that are configured on the switch do not overlap the ranges on other DHCP servers. Otherwise, you may have a single IP address assigned to multiple hosts on the network, thereby affecting communication. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features Question #4 of 200 Question ID: 1289126 You are working on several wiring projects. You have multiple connectors but must ensure that you have enough of each type to support the projects. Match the connectors on the left to the cable types on the right. Move the correct items from the left column to the column on the right to match the connector with the correct cable type. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 3/142 4/18/22, 4:07 PM N10-007 Exam Simulation {UCMS id=5077518904197120 type=Activity} Explanation The following is the correct matching for connectors and cable types: BNC - coaxial cable SC - fiber-optic cable RJ-45 - twisted-pair cable Coaxial cable can also use an F-connector. Fiber-optic cable can also use an ST or LC connector. Twisted-pair cable can also use an RJ-11 connector. For twisted pair cable, an RJ-11 connector is used in telephone deployments and an RJ-45 connector is used in network deployments. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #5 of 200 Question ID: 1289292 You are troubleshooting a connectivity problem with a computer named Computer1 on a network that has a router with the IP address 192.168.10.1. The network uses a nonsubnetted Class C IP address range. Computer1 is configured with an IP address of 192.168.10.255 and a default gateway address of 192.168.10.1. The computers on the network are configured with the subnet mask 255.255.255.0. Computer1 cannot connect to the other nodes on the network. The link lights on Computer1's network interface card (NIC) are lit. What is most likely causing the connectivity problem? A) Computer1's IP address B) the subnet mask used on the network C) the router's IP address D) Computer1's default gateway address E) Computer1's NIC Explanation Of the choices listed, Computer1's IP address is most likely causing its connectivity problem. Computer1 is configured with the broadcast address for the network, and thus cannot communicate on the network. The network address 192.168.10.1 with a subnet mask of 255.255.255.0 can also be represented as 192.168.10.1/24. The slash (/) character and the number that follows it represent the network prefix, which indicates the number of bits in an IP address that are used for the network address. In this scenario, the first three octets are used as the network address and the last octet is used for host addresses because it is a class C address range. Therefore, the router's network address is 192.168.10 and its host address is 1. IP addresses from 192.168.10.1 through 192.168.10.254 are valid host addresses on the network. In this scenario, the address 192.168.10.0 is the network ID for the network. The following example illustrates the use of the network prefix. On a network with a host address of 192.168.100.1/24, IP addresses from 192.168.100.1 through 192.168.100.254 are valid host address on the network, and the address 192.168.100.0 is the network ID. The IP address 192.168.100.255/24 is the broadcast address for this network. In an IP address with the network prefix /8, the first eight bits of the IP address are used as the network address. For example, in the host address 10.11.1.1/8, the address 10.0.0.0/8 is the network ID and the address 10.11.1.1 is the host address. In an IP address with the network prefix /16, the first 16 bits of the IP address are used as the network address. For example, the network ID for the IP address 140.10.20.21 is 140.10.0.0, and the host address is 20.21. Because the link lights on Computer1's NIC are lit, the NIC is not likely to be causing the connectivity problem in this scenario. Computer1's default gateway address is the IP address for the router on the network, which indicates that Computer1's default gateway address is correctly configured. The router's IP address is a valid address on the network, and the computers on the network are configured with the subnet mask 255.255.255.0, which is the correct subnet mask for a non-subnetted Class C IP address range. Objective: Network Troubleshooting and Tools https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 4/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, troubleshoot common network service issues. References: What is a Broadcast Address?, http://www.tech-faq.com/broadcast-address.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #6 of 200 Question ID: 1123374 Users on your network have access to the Internet. As more users access the Internet, bandwidth starts to diminish, causing Web pages to load slowly. After looking at the Web server logs, you have noticed that many of the same Web sites are being accessed by multiple users. What should you do to improve your company's Internet bandwidth? A) Implement an HTTP proxy server. B) Implement a WINS server. C) Implement an IP proxy server. D) Implement a DNS server. Explanation Proxy servers fulfill requests on the behalf of others. There are several kinds of proxy servers, including HTTP proxy, IP proxy, and FTP proxy. An HTTP proxy server is placed between the clients and the Internet. Frequently accessed files are placed in the cache on this server. When a client requests a file that is in the proxy cache, it will be downloaded from the proxy server rather than from the source, potentially lowering bandwidth usage. A proxy server can be configured to retrieve the originals of frequently requested files during low Internet usage hours so that content does not become outdated. A DNS server provides a centralized database of domain name-to-IP address resolutions on a server or servers that other computers on a network can use for name resolution. A WINS server is used to resolve NetBIOS names to IP addresses on Microsoft Windows networks. An IP proxy server hides the local IP addresses of the private network, using one global IP address instead. All communication directed outside the local network is done using this one IP address. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Working with Proxy Servers, https://technet.microsoft.com/en-us/library/cc939852.aspx CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices, Proxy Servers Question #7 of 200 Question ID: 1289284 A user has just returned from a week-long conference. While attending the conference, the user connected their work laptop to both the hotel Wi-Fi and the conference Wi-Fi. Now the user cannot connect to the company's Wi-Fi. What is most likely the issue? A) Wrong SSID B) Frequency mismatch C) Latency D) Jitter Explanation The most likely issue is an incorrect Service Set Identifier (SSID). Most wireless devices remember the previous SSID, even if you move to a new network, so you should always check the SSID when troubleshooting. Also, it is very easy for a user to select the wrong SSID. They may not have the correct password or passphrase, and they may type in https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 5/142 4/18/22, 4:07 PM N10-007 Exam Simulation the SSID name incorrectly. Checking for the correct SSID is often the first step to wireless troubleshooting. On most devices, you can set the device to remember an SSID and its credentials. However, if the SSID or the credentials change, the device will be unable to automatically log in to the wireless network. Jitter is the variance in latency rates. In a wireless network, jitter is commonly the result of diffraction, reflection or absorption. Different network segments may have different factors that affect latency. When the rate of latency is inconsistent, it can cause service issues in latency-sensitive applications such as banking, e-commerce, and gaming. The symptom of jitter is fluctuating transmission speeds. Latency is the time it takes for network data to travel between the sender and the recipient. As wireless networks are slower than wired networks, latency is an inherent issue in wireless networks. You can test and compare the latency of your wired and wireless connections network by using the ping command. The time= notation in the result tells you the latency of that connection. Frequency mismatch occurs when one device is operating at 2.4GHz and another device is operating at 5GHz. Both (or all) devices must be on the same frequency to communicate. One solution to ensure coverage for all devices is to have one access point operating at 2.4 GHz and another operating at 5 GHz. You could differentiate the access points by including the frequency in the SSID, such as MyNetwork2.4 and MyNetwork5. If you must operate two wireless access points in close proximity on the same frequency, you can configure the wireless access points to use different channels. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: Should You Change the Default Name (SSID) of a Wireless Router?, https://www.lifewire.com/changing-default-name-ssid-wireless-router-816568 Question #8 of 200 Question ID: 1289199 To segregate employee traffic and guest traffic on your wireless network, you have decided to implement a plan whereby guest traffic is quarantined in a separate part of the network. All employees have company-issued devices. What can you implement to ensure that only employees have access to the non-quarantined areas of the wireless network? A) TKIP-RC4 B) Shared or open authentication C) MAC filtering D) WPA Explanation Media Access Control (MAC) filtering allows the administrator to restrict device access to the network based on the MAC address associated with the Network Interface Card (NIC) on that device. The administrator can set up a permission list (filter) on the router where only devices with specific MAC addresses are allowed on the network. A MAC address is uniquely associated with a NIC, and is analogous to a Vehicle Identification Number (VIN) on an automobile. In essence, the MAC address is the serial number of the NIC. Shared authentication and open authentication were the two insecure methods of authentication utilized under Wired Equivalent Privacy (WEP). Neither of these allows you to limit access to certain areas of the network. Authentication for wireless can be configured to OSA or open system authentication (no authentication), shared key authentication (SKA), pre-shared key (PSK), or 802.1x/EAP. An open wireless network does not require any form of authentication. Wireless OSA does not use an encryption key. Under SKA, all of the clients used the same key, making the key very vulnerable to being cracked. Temporal Key Integrity Protocol-Rivest Cipher 4 (TKIP-RC4) is an encryption method that was designed to provide security enhancements to wireless networks using WEP. WEP was an extremely weak encryption standard. TKIP added a key distribution method whereby each transmission had its own encryption key, an authentication method to verify message integrity, and an encryption method called RC4 (Rivest Cipher 4). WEP is based on RC4, but was poorly designed and used a too-short IV of only 24 bits instead of the standard 64 bits used by RC4. Wi-Fi Protected Access (WPA) was an interim security improvement over WEP. WPA was later replaced by Wi-Fi Protected Access version 2 (WPA2), which is the most secure option for encrypting wireless. Objective: Network Security https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 6/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, secure a basic wireless network. References: https://www.linksys.com/us/support-article?articleNum=140065 Question #9 of 200 Question ID: 1123494 Which condition might indicate that a network is undergoing a DoS attack? A) a significant decrease in network traffic B) a significant increase in network traffic C) a slight decrease in network traffic D) a slight increase in network traffic Explanation A significant increase in network traffic, often referred to as a traffic spike, might indicate that a network is undergoing a denial-of-service (DoS) attack, which occurs when a hacker floods a network with requests. Virtualization can help to prevent DoS attacks. Performance baselines can help to determine if you are undergoing a DoS attack. A DoS attack prevents authorized users from accessing resources they are authorized to use. An example of a DoS attack is one that brings down an e-commerce Web site to prevent or deny usage to legitimate customers. A significant decrease in traffic might indicate a problem with network connectivity or network hardware, or it might indicate a non-DoS hacker attack. Networks with slightly fluctuating traffic levels are probably operating normally. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: Denial of service, http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci213591,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #10 of 200 Question ID: 1289267 You have been hired as a network consultant by a company. You discover that the network's signal strength greatly weakens as traffic travels over the network medium due to absorption and scattering. What is the term for this tendency? A) Harmonic distortion B) EMI C) Refraction D) Intermodulation distortion E) Attenuation Explanation In networking, attenuation is the term for a loss of signal strength as data travels over the network medium (cable). The attenuation rate is often the deciding factor when selecting the medium to use for a particular length of network cable. Attenuation is also referred to a decibel (Db) loss. For example, unshielded twisted-pair (UTP) cable has the greatest susceptibility to attenuation. This is why the maximum recommended segment length for UTP is limited to 100 meters (328 feet). ThinNet cable, on the other hand, has less susceptibility to attenuation; the signal can travel a distance of 185 meters (607 feet) before being adversely affected by attenuation. The opposite of attenuation is amplification. If you want to create a network that extends beyond the normally acceptable length of a particular cable type, you would need to install a signal amplifier. In networking terms, this amplifier is called a "repeater." https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 7/142 4/18/22, 4:07 PM N10-007 Exam Simulation All networks have a distance limitation based on the type of cable or wireless frequency that is used. If you attempt to go over this limitation is a single cable run without using a repeater, signal attenuation will occur. Use repeaters to increase the distance for wired networks. For wireless networks, you should move the connecting device closer to the wireless access point. Electromagnetic interference (EMI) occurs when objects, such as fluorescent lighting, interfere with transmission over copper cabling. Radio frequency interference (RFI) occurs when objects, such as cordless phones, interfere with transmission over wireless radio frequencies. Crosstalk is a specialized type of EMI caused by parallel runs of twisted-pair cables. The only solution to this problem is to change the path of the cables. Near end - Near-end crosstalk (NEXT) measures the ability of the cable to resist crosstalk. Most commercial cabling will give you the minimum NEXT values that are guaranteed. Far end - Far-end crosstalk (FEXT) measures interference between two pairs of a cable measured at the other end of the cable with respect to the interfering transmitter. EMI affects cable placement. You should arrange cables to minimize interference. Ideally, Ethernet cables should not be placed close to high voltage cables, generators, motors, or radio transmitters. Refraction is the bending of waves as they pass from one medium to another, due to a change in their speed. Harmonic distortion is the distortion of a wave by unwanted multiples of an original frequency, causing interruptions to the way the wave form behaves in electrical circuits, or sounds. Intermodulation distortion occurs when two different frequencies are simultaneously passed through an amplifier Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Attenuation, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci211613,00.html Question #11 of 200 Question ID: 1289253 As a new network technician, you have been given a flash drive that contains several commands that you will use on a regular basis. You need to match the command to their purpose. Move the correct items from the left column to the column on the right to match the commands to their purpose. {UCMS id=5175882110992384 type=Activity} Explanation The following commands have the following purposes ping - tests connectivity to a remote host ipconfig - displays network configuration settings for the local computer nslookup - verifies entries on a DNS server nbtstat - diagnoses problems with NetBIOS name resolution You should understand the purpose of these common troubleshooting tools. You should also familiarize yourself with the proper command syntax for these commands. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Using the ping command, http://technet.microsoft.com/en-us/library/cc737478(v=ws.10).aspx Ipconfig, https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig Nbtstat, http://technet.microsoft.com/en-us/library/cc940106.aspx Using nslookup.exe, http://support.microsoft.com/kb/200525 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 8/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #12 of 200 Question ID: 1289306 A new user is reporting a “Destination Host Unreachable” message. What is the most likely culprit? A) Incorrect gateway B) Rogue DHCP server C) Incorrect time D) Untrusted SSL certificate Explanation If you get a “Destination Host Unreachable” message, the most likely culprit is an incorrect gateway. Make sure the local machine and the default gateway are on the same subnet. If what is entered as the gateway IP address is actually the IP address of the LAN side of the router, you will see a “Request timed out” message. Incorrect time is not the issue in this scenario. The Network Time Protocol (NTP) uses UDP port 123 and is subject to a Denial of Service (DoS) attack. When the time is not properly synchronized throughout the network, a multitude of issues can occur, including files and transactions with the incorrect time stamp. You can correct time issue by selecting the Google time server time.google.com An untrusted SSL certificate message can occur when the SSL certificate was not signed or issued by an organization that is trusted by the browser. The most common of these errors is caused by a website using a trusted certificate, but it is missing one or more intermediate certificates. A rogue DHCP server can be placed on the network through malicious intent or inadvertently through a virtual machine whose NIC is bridged with the physical machine’s NIC. Rogue DHCP servers play a big role in man-in-the-middle attacks. However, DHCP servers do not affect communication with remote hosts, which is the issue in the scenario. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Troubleshooting IP Default Gateway issues, https://community.extremenetworks.com/extreme/topics/troubleshooting_ip_default_gateway_issues-4aikf Question #13 of 200 Question ID: 1289176 Your company has decided to implement an acceptable use policy (AUP) that must be distributed to all users. You have been asked to write the preliminary policy to submit for management approval. What is defined in this policy? A) which users require access to certain company data B) which method administrators should use to back up network data C) how users are allowed to employ company hardware D) the sensitivity of company data Explanation An acceptable use policy (AUP) defines how users are allowed to employ company hardware. For example, an acceptable use policy, which is sometimes referred to as a use policy, might answer the following questions: Are employees allowed to store personal files on company computers? Are employees allowed to play network games on breaks? Are employees allowed to "surf the Web" after hours? An information policy defines the sensitivity of a company's data. In part, a security policy defines separation of duties, which determines who needs access to certain company information. Other security policies may be implemented to protect specific resources and define minimum security requirements for specific devices. A backup policy defines the procedure that administrators should use to back up company information. While companies are able to monitor personnel activities, it is always best if the employer obtains a consent to monitoring. If you do not ask personnel to consent to monitoring, you need to implement a no expectation of privacy policy that is prominently displayed on the company intranet, email, and other areas. A network policy outlines rules for computer network access, explains how policies are enforced, and lays out some of the basic architecture of the network. Objective: Network Operations https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 9/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Identify policies and best practices. References: Acceptable Use Policy, http://www.sans.org/resources/policies/Acceptable_Use_Policy.pdf CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Policies Question #14 of 200 Question ID: 1289248 You are issued a network technician toolkit that contains several tools. Match the tools on the left to the descriptions on the right. Move the correct items from the left column to the column on the right to match the tools with the descriptions. {UCMS id=6216343172939776 type=Activity} Explanation The tools and descriptions are as follows: Cable tester - Verifies that a cable is good Crimper - Attaches media connectors to the ends of the cable Loopback plug - Echoes signals over a port to ensure it is working properly Multimeter - Includes a voltmeter, an ohmmeter, and an ammeter to measure voltage, current, and resistance, respectively Punchdown tool - Attaches cable to a patch panel Toner probe - Includes a tone generator and a tone locater to locate the ends of a cable Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Network+ Hardware Tools, http://blogs.getcertifiedgetahead.com/network-hardware-tools/ Question #15 of 200 Question ID: 1289246 You need to determine the length of a network cable. Which device should you use? A) a tone generator B) a crossover cable C) a TDR D) a hardware loopback Explanation You can use a time domain reflectometer (TDR) to determine the length of a network cable. A TDR sends an electric pulse through a cable and measures the time required for the pulse to return. The TDR can then use this information to calculate the length of the cable. If the cable length calculated by the TDR is shorter than the expected length, then you can reasonably deduce that there is a break in the cable. TDRs can detect a variety of cable problems, including short circuits, open circuits, splices, cable breaks, and taps. You can use a crossover cable to connect the sending pins in one device directly to the receiving pins in another device. Crossover cables can be used to connect the network interface cards (NICs) of two computers directly into a two-computer network. Crossover cables are also used to connect two hubs. You cannot use a crossover cable to determine the length of a network cable. A hardware loopback is a plug that connects the sending and receiving pins on a connector for troubleshooting purposes. It is often referred to as a loopback plug. For example, you can use a hardware loopback in conjunction with diagnostic software to determine whether a NIC is properly transferring data signals. You can use a tone generator and a tone locator to trace network cables. You connect the tone generator to one end of a network cable, and then you use the tone locator to determine where the other end of the network cable is located. A tone generator is sometimes referred to as a fox, and a tone locator is sometimes referred to as a hound. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 10/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: What is a TDR?, http://www.tessco.com/yts/resourcecenter/pdfs/whatisatdr.pdf TDR Tutorial - Introduction to Time Domain Reflectometry, http://tscm.com/riprcop.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #16 of 200 Question ID: 1289299 You administer a network for your company that has three subnets. The network is configured as depicted in the following exhibit: You recently installed a computer named Unit1 on the network, and you configured Unit1 with the IP address 200.10.1.2/24. The user on Unit1 reports that he cannot use Domain Name System (DNS) names to contact any computers on the network. The user also reports that he can only contact other computers on the 200.10.1.0/24 subnet; he cannot connect to computers on the 200.10.2.0/24 subnet or the 200.10.3.0/24 subnet. You review the TCP/IP settings on Unit1 and discover that a default gateway address is not configured. You want to configure a default gateway address on Unit1 so that the user can connect to the DNS server and to computers on the other subnets in the network. Which address should you configure as the default gateway address? A) 200.10.1.0/24 B) 200.10.3.1/24 C) 200.10.2.0/24 D) 200.10.2.2/24 E) 200.10.1.1/24 F) 200.10.3.3/24 G) 200.10.2.1/24 Explanation You should configure the IP address 200.10.1.1/24 as the default gateway address. The default gateway address is the IP address of the side of RouterA nearest the client device. Note that some computers do not support the /24 network prefix notation. In these cases, you would specify the default gateway of 200.10.1.1 and the subnet mask that corresponds to the /24 network prefix, which is 255.255.255.0. An incorrect IP configuration or default gateway address will cause communication problems. Wrong subnet mask - If a client computer's subnet mask is configured incorrectly, the client will be unable to communicate with devices outside the local network. You should configure the appropriate subnet mask on the client device to fix this problem. Wrong gateway - If a client computer's default gateway is configuration incorrectly, the client will be unable to communicate with devices outside the local network. You should configure the appropriate default gateway on the client device to fix this problem. Duplicate IP address - If a duplicate IP address is used on a network, both devices using that IP address will have trouble communicating. If the devices are configured with static IP addresses, you will need to reconfigure one of the devices with another IP address. If the devices are configured with dynamic IP addresses, you can use the ipconfig or ifconfig commands to release the IP address. A router is a multi-homed device that accepts data packets from local subnets and forwards those data packets to other subnets. In this scenario, RouterA is connected to subnet 200.10.1.0/24 and 200.10.2.0/24. Unit1 is on the 200.10.1.0/24 network, and Router A's interface 200.10.1.1/24 is also on the 200.10.1.0/24 subnet. The default gateway for a computer is usually the local interface address for a router connected to the computer's subnet. The Unit1 computer should therefore be configured with the default https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 11/142 4/18/22, 4:07 PM N10-007 Exam Simulation gateway address 200.10.1.1/24. If a computer cannot find a host on a local subnet, or if the destination host address is not in a local routing table on the computer, then the computer will send data to the default gateway. The IP address 200.10.1.0/24 is the network ID for SubnetA on the network. The IP address 200.10.2.0/24 is the network ID for SubnetB on the network. These addresses are the subnet masks for their respective subnets, rather than default gateway addresses. The IP address 200.10.2.1/24 is the address of RouterA's SubnetB adapter. The IP address 200.10.2.2/24 is the address of RouterB's SubnetB adapter, and the IP address 200.10.3.1/24 is the address for RouterB's SubnetC adapter. The first two addresses can be used as default gateway addresses for SubnetB, and the third address can be used as the default gateway for SubnetC. The IP address 200.10.3.3/24 is the IP address of the DNS server. You should configure Unit1 to contact the DNS server at its IP address of 200.10.3.3/24 after the default gateway address is properly configured. The DNS server will enable the user on Unit1 to use DNS names rather than IP addresses to contact computers on the network because the DNS server will resolve DNS names to IP addresses. If you configured Unit1 with a default gateway address other than 200.10.1.1/24, then Unit1 would not be able to connect to the DNS server or computers on the other subnets because Unit1 would not be able to locate RouterA to forward data. The DNS server can be placed anywhere on the network to service the requests of the computers on the network. For example, you could move the DNS server to the 200.10.2.0 subnet. If you move the DNS server to this subnet, then you must change the IP address to a valid, unused IP address on the subnet, such as 200.10.2.5/24. You also need to change the DNS server's IP address configured for all the computers on the network that use the DNS server for domain name-to-IP address resolution. For example, you should change the DNS server's IP address that is configured on the Unit1 computer to the DNS server's new address, so that Unit1 will be able to use the DNS server for name resolution. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.htmlb Question #17 of 200 Question ID: 1123329 You need to perform some administrative maintenance on a Cisco router. You decide to connect your notebook computer to the console port on the router. Which type of cable should you use? A) crossover cable B) rollover cable C) patch cable D) straight-through cable Explanation You should use a rollover cable to connect to the console port on any Cisco device. The pin configuration for a rollover cable is easy to remember because of the cable name. The cable pin configuration is "rolled over" so that pin 1 on end 1 matches pin 8 on end 2, pin 2 on end 1 matches pin 7 on end 2, and so on, until a complete reversal is made. In other words, the wires are in reverse order on opposite ends. A crossover cable connects two legacy or non-MDIX compliant devices, such as two computers, two hubs, or two switches. A patch cable and a straight-through cable are the same thing. This is the standard cable used to connect networking devices. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: Roll-over Cables, http://www.2000trainers.com/cisco-ccna-06/create-rollover-cable/ How to Identify an RJ-45 Rollover Cable, http://www.cisco.com/en/US/docs/cable/cmts/ubr10012/installation/guide/u10kcbl.html#wp1006093 CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 12/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #18 of 200 Question ID: 1123509 What is the difference between an exploit and a vulnerability? A) The two terms are interchangeable B) An exploit is a flaw, and a vulnerability takes advantage of that flaw C) A vulnerability is a flaw, and an exploit takes advantage of that flaw D) An exploit is a threat, and a vulnerability is a flaw. Explanation When comparing exploits vs. vulnerabilities, a vulnerability is a flaw or weakness, and an exploit takes advantage of that flaw. As examples, a vulnerability could be a section of code in an application that fails to validate user input against a range of acceptable values. The exploit would be the active use of that failure to validate to introduce malicious data, such as an SQL injection attack. A threat is the likelihood that an event is going to occur. The terms exploit and vulnerability are not interchangeable. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: The difference between an exploit and vulnerability, http://www.livehacking.com/2012/11/20/the-difference-between-an-expoit-and-vulnerability/ Question #19 of 200 Question ID: 1289108 You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do? A) Disable SSID broadcast for the two wireless networks. B) Change the two wireless networks to WEP. C) Periodically complete a site survey. D) Change the two wireless networks to WPA2. Explanation You should periodically complete a site survey to ensure that no unauthorized wireless access points are established. Site surveys generally produce information on the types of systems in use, the protocols in use, and other critical information. You need to ensure that hackers cannot use site surveys to obtain this information. To protect against unauthorized site surveys, you should change the default Service Set Identifier (SSID) and disable SSID broadcast. Immediately upon discovering an unauthorized wireless access point using a site survey, you should physically locate the device and disconnect it. An unauthorized wireless access point is often referred to as a rogue access point (AP). You should not change the two wireless networks to WPA2 to ensure that no unauthorized wireless access points are established. This would increase the security for the two networks and prevent hackers from accessing the networks. However, it would not prevent an attacker from setting up a new wireless access point. You should not change the two wireless networks to WEP. WEP is less secure than WPA or WPA2. You should not disable SSID broadcast for the two wireless networks to ensure that no unauthorized wireless access points are established. The reason you disable SSID broadcast is to protect a wireless network from hackers and to prevent unauthorized site surveys. Disabling the SSID broadcast on your existing networks CANNOT prevent the establishment of new wireless access points. The only way to prevent unauthorized wireless access point from being established is to periodically perform a site survey. For the Network+ exam, you need to protect against the following wireless attacks or issues: Evil twin - occurs when a wireless access point that is not under your control is used to perform a hijacking attack. It is set up to look just like a valid network, including the same Set Service Identifier (SSID) and other settings. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 13/142 4/18/22, 4:07 PM N10-007 Exam Simulation Rogue access point (AP) - occurs when a wireless attack that is not under your control is connected to your network. With these devices, they are not set up to look just like your network. This attack preys on users' failure to ensure that an access point is valid. You can perform a site survey to detect rogue APs. War driving - occurs when attackers seek out a Wi-Fi network with a mobile device or laptop while driving a vehicle. You can lower the signal strength to help protect against this attack. You should also turn off the broadcasting of the SSID and use WPA or WPA2 authentication. War chalking - occurs when attackers place Wi-Fi network information on the outside walls of buildings. Keep an eye out for this type of information by periodically inspecting the outside of your facilities. Bluejacking - the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Turning off Bluetooth when not in use is the best protection against this. Bluesnarfing - the unauthorized access of information from a wireless device through a Bluetooth connection. Once again, turning off Bluetooth when not in use is the best protection against this. WPA/WEP/WPS attacks - Any attacks against wireless protocols can usually be prevented by using a higher level of encryption or incorporating RADIUS authentication. Wired Equivalent Privacy (WEP) should be avoided because even its highest level of encryption has been successfully broken. Wi-Fi Protected Setup (WPS) allow users to easily secure a wireless home network but is susceptible to brute force attacks. Wi-Fi Protected Access (WPA) is more secure than WEP and WPS. WPA2 provides better security than WPA. Objective: Networking Concepts Sub-Objective: Given a scenario, implement the appropriate wireless technologies and configurations. References: Six Steps to a Wireless Site Survey, http://www.computerworld.com/s/article/9004641/Six_steps_to_a_wireless_site_survey Wireless Site Survey FAQ, http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Securing Wireless LANs Question #20 of 200 Question ID: 1123464 Which of the following restrictions or requirements for a privileged user agreement does NOT adhere to best practices by clearly delineating the role and responsibility of those who manage computers, systems, networks, or accounts and other information resources? A) All privileged access shall be monitored and logged, and such access explained when needed. B) Privileged access may only be used to perform assigned job duties. C) Only those who sign the agreement will be granted privileged access. D) Privileged access may only be used to grant, change, or deny access, privilege, or resources to other users for authorized actions. E) A user with privileged access may obtain account and password information from another user at will. F) Those granted privileged access must complete security awareness training Explanation With the greatest powers to create, configure and manage systems and security, privileged users make the rules and set the conditions that all other users must follow on systems and networks. This calls for extreme care, constant vigilance, and respect for ethics, confidentiality, and the responsibilities of the role. Not even privileged users should be able to obtain account and password information from another user at will. Personnel must be trained to never give their credentials to anyone. All of the other options are appropriate regarding privileged accounts. The basic rule of privileged access is that only those who take responsibility for their actions and agree to the privileged user agreement, referred to as a Privileged User Agreement (PUA), will be granted such access. Privileged access may only be used to perform assigned job duties. This statement enunciates the principal that privileged access is a duty to be carried out in strict accordance with the requirements of the job at hand, as well as in compliance with best security practice, ethics, and good governance. By documenting all actions that privileged users undertake, they may be held to account for their privileged actions at any time. Transparency is the key to proper security. Use of privilege to establish, alter, or deny access, privileges, or resources for others should occur in keeping with the dictates of the job and one's employer's instructions, in keeping with best security practice, ethics, and good governance. Privileged users should understand and accept the consequences of their uses of privilege and fully understand the potential for loss, damage, or harm that can follow in the wake of errors or mistakes. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 14/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Network Operations Sub-Objective: Identify policies and best practices. References: Security for Privileged Users https://security.arizona.edu/elevprivtraining Model Privileged Access Agreement https://security.berkeley.edu/model-privileged-access-agreement CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Best Practices Question #21 of 200 Question ID: 1289304 You originally configured a redundant server with a static IP address, and it has been offline for some time. When you power the server up to performs some tests, what might be an unexpected consequence? A) Names not resolving B) Incorrect host-based firewall settings C) Duplicate IP addresses D) Blocked TCP/UDP ports Explanation The consequence may be duplicate IP addresses. Duplicate IP addresses can occur when a DHCP server “thinks” an IP address is available. For example, a client machine requests an IP address, and the DHCP server issues an address listed as available from the pool of addresses. A conflict may occur if a dormant machine comes back online with an IP address that the DHCP server thought was expired and added back into the pool. Names not resolving occurs when you enter a URL that you know to be valid, and the Domain Name System (DNS) does not provide the corresponding IP address for that server. IP addresses, not the URLs we enter into the browser, are used to locate machines throughout a LAN or over the Internet. DNS provides the translation of URLs to IP addresses and vice versa, known as name resolution. This would not be an issue because the server should still be able to communicate with the DNS server. Incorrect host-based firewall settings present security risks. Host-based firewalls are often configured by untrained users, and only protect a single machine. Once that hostbased firewall has been breached, the device on which the host-based firewall is installed is at risk. The configuration of the firewall should be fine as it is a host-based firewall, meaning it is installed on the server. Blocked TCP/UDP ports are often necessary to protect the network from insecure protocols that are easily exploited by hackers. Ports that are often blocked include TCP port 23 (Telnet), TCP port 21 (FTP), TCP/UDP port 53 (DNS, as a post-attack exit port), and UDP port 161 (SNMP). Blocked TCP/UDP ports were likely configured based on security policies and should not be changed unless you are authorized to do so. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Detect and Avoid IP Address Conflicts, https://technet.microsoft.com/en-us/library/ff606371.aspx Question #22 of 200 Question ID: 1123290 Your company has decided to implement a wireless network. The wireless network users must be able to connect to resources on your internal network, including file, print, and DHCP services. All wireless clients will run the Windows operating system. What should you implement? (Choose all that apply.) A) APIPA B) Static IP addresses C) A wireless access point https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 15/142 4/18/22, 4:07 PM N10-007 Exam Simulation D) Infrastructure mode E) Ad hoc mode Explanation Infrastructure mode allows wireless computers to connect to a LAN, WAN, or the Internet. This means that infrastructure mode wireless computers can access all computers on the LAN, WAN, and Internet. Infrastructure mode is much more expensive to implement than ad hoc mode because you must configure wireless access points. While infrastructure mode is harder to set up and configure, it is much easier to manage than ad hoc mode. Ad hoc mode allows wireless computers to be configured much more quickly than infrastructure mode. Ad hoc mode wireless computers all participate in the same network. This means that the ad hoc wireless computers can access each other, but cannot access network resources on a LAN, WAN, or Internet. Ad hoc mode is much cheaper than infrastructure mode to implement. In addition, it is easy to set up and configure and can provide better performance than infrastructure mode. However, it is difficult to manage an ad hoc mode wireless network. Static IP addresses should not be implemented because the corporate network contains a DHCP server. APIPA should not be used for the same reason. In addition, APIPA is utilized only if a DHCP server is not found. Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. References: A Guide to Ad-Hoc Mode in Networking, https://www.lifewire.com/ad-hoc-mode-in-wireless-networking-816560 Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=4 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #23 of 200 Question ID: 1289144 You connect a home computer to a BRI ISDN line. The Bandwidth On Demand Interoperability Group (BONDING) protocol is used to combine the channels. What is the maximum data transfer rate of the B channels? A) 44.736 Mbps B) 1.544 Mbps C) 128 Kbps D) 56 Kbps Explanation Each B channel in a Basic Rate Interface (BRI) Integrated Services Digital Network (ISDN) connection can provide a maximum data transfer rate of 64 kilobits per second (Kbps). A BRI ISDN line provides a total of two bearer (B) channels, which can be combined by the bonding protocol to provide a total maximum data transfer rate of 128 Kbps. A BRI ISDN line also provides a single delta (D) channel, which is used to transfer connection control data. A BRI ISDN D channel operates at a data transfer rate of 16 Kbps. BRI ISDN is sometimes referred to as 2B+D ISDN because BRI ISDN provides two B channels and one D channel. The V.90 analog modem standard is a modem standard that is accepted worldwide. This technology is often referred to as dial-up access. In theory, a V.90 analog modem can provide a maximum data transfer rate of 56 Kbps. However, an analog modem rarely achieves the maximum data transfer rate due to factors such as line noise and the distance between the modem and the telephone company's Point of Presence (POP). T1 connections and Primary Rate Interface (PRI) ISDN connections provide a data transfer rate of 1.544 megabits per second (Mbps). PRI ISDN, which is sometimes referred to as 23B+D ISDN, provides twenty-three 64-Kbps B channels and a 64-Kbps D channel for a total data transfer rate of 1.544 Mbps. A T3 connection provides a data transfer rate of 44.736 Mbps. Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: Integrated Digital Services Network Primer, http://www.ciscopress.com/articles/article.asp?p=29737 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 16/142 4/18/22, 4:07 PM N10-007 Exam Simulation CompTIA Network+ N10-007 Cert Guide, Chapter 7: Wide Area Networks (WANs), WAN Technologies Question #24 of 200 Question ID: 1289270 You need to solve a traffic problem occurring on a large Ethernet network. Within this large segment, the accounting department is flooding the network with a high volume of data, which causes the entire network to slow down. Which device is a quick and low-cost solution to isolating the accounting department? A) bridge B) router C) gateway D) repeater Explanation A bridge provides a quick and low-cost solution for dividing a network into different segments for the purposes of reducing network traffic. Bridges work by building routing tables based on MAC addresses. These routing tables enable bridges to determine which packets need to pass through the bridge to another segment, versus which packets should stay on the local segment. In this scenario, the Accounting department is currently sharing the bandwidth of the entire segment. Using a bridge to place this department on its own segment means the traffic of this segment will stay on the local segment, thus reducing the overall traffic of the network. Only packets destined for other segments will pass through the bridge. A bridge is not an optimal choice for reducing intersegment traffic. In such a case, a router or gateway would be a better choice. A router is used to connect networks that are dissimilar in either topology or Internet Protocol (IP) address. It could be used in this scenario, but it would not be a low-cost solution. A gateway is used to connect networks that use different protocols. A repeater is used to extend the length of network beyond the cable's maximum segment distance. It takes a received frame's signal and regenerates it to all other ports on the repeater. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Router vs. Switch, http://compnetworking.about.com/od/homenetworkhardware/f/routervsswitch.htm CompTIA Network+ N10-007 Cert Guide, Chapter 43: Network Troubleshooting Question #25 of 200 Question ID: 1289083 Which media-access method does the 802.11 standard specify for wireless networks? A) Token-passing B) Demand priority C) CSMA/CD D) CSMA/CA Explanation The IEEE 802.11 standard, which is the main standard for wireless LANs, specifies using Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) for its media access method. Like an Ethernet network, which uses Carrier Sense Multiple Access/Collision Detection (CSMA/CD), wireless adapter cards "sense," or listen, for network traffic before transmitting. If the network is free of traffic, the station will send its data. However, unlike an Ethernet network, wireless network cards cannot send and receive transmissions at the same time, which means that they cannot detect a collision. Instead, the sending station will wait for an acknowledgement packet (ACK) to be sent by the destination computer, verifying that the data was received. If, after a random amount of time, an acknowledgement has not been received, the sending station will retransmit the data. The 802.11 standard also refers to CSMA/CA as Distributed Coordination Function (DCF). https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 17/142 4/18/22, 4:07 PM N10-007 Exam Simulation Carrier Sense Multiple Access/Collision Detection (CSMA/CD) computers compete for the right to send data. In CSMA/CD, when a collision occurs, the computers sending the data wait a random amount of time before attempting to retransmit the data. Token-passing access methods allow only the one computer that has the token to transmit data, meaning there is no contention for media access. Demand priority is an 802.12 standard known as 100VG-AnyLAN. It operates at 100 Mbps. In the event of contention on the network, the higher-priority data is given access first. Other network theories and concepts you must understand for the Network+ exam include modulation techniques and numbering systems: Modulation techniques - Modulation is the process of encoding source data onto a continuous carrier signal frequency. Multiplexing - Multiplexing allows multiple communications sessions to share the same physical medium. De-multiplexing - De-multiplexing separates 2 or more multiplexing channels. Analog and digital techniques - With analog, transmission of data is done in the form of continuous waveforms. With digital, the transmission of discrete data uses two distinct electric states: '1' for "on" and '0' for "off". Time-division multiplexing (TDM) - TDM supports different communication sessions (for example, different telephone conversations in a telephony network) on the same physical medium by causing the sessions to take turns. Numbering systems - Binary, hexadecimal, and octal refer to different number systems. In the decimal system, you use ten different symbols: 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9. In a binary number system, you use only two symbols to represent numbers: 0 and 1. The hexadecimal system uses sixteen symbols to represent numbers: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. Octal uses eight symbols to represent all the quantities: 0, 1, 2, 3, 4, 5, 6, and 7. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: 802.11 Medium Access Methods, http://www.wi-fiplanet.com/tutorials/article.php/1548381 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Introducing Wireless LANs Question #26 of 200 Question ID: 1123359 You are setting up your company's VoIP infrastructure. One remote office location has audio problems when placing or receiving calls. At times, speech quality is poor, or there is a noticeable and distinct echo for call audio. In troubleshooting a possible system configuration issue, which of the following possibilities do you want to eliminate first? A) Echo cancellation has been misconfigured or has not been applied. B) Check to make sure system updates have been applied. C) The call terminates on an analog endpoint. D) Compression mode setting differs between caller and receiver devices. E) H.323 protocol support has not been selected. Explanation You should first determine whether the call terminates on an analog endpoint. Dealing with audio quality issues on Voice over Internet Protocol (VoIP) is an occasional necessity. But before digging into the usual troubleshooting routine, it is essential to establish if the problem call or connection terminates on VoIP equipment on both sides. If one end of a call terminates on an analog endpoint, occasional audio problems are inevitable. Non-VoIP equipment cannot provide routine compression, echo cancellation, and sound quality enhancements. When a call terminates on an analog endpoint, this is really nothing to troubleshoot (aside from replacing the analog endpoint). So that possibility should be eliminated first before troubleshooting commences. All of the other steps should be verified after you ensure that both endpoints are VoIP, not analog. If echo cancellation is misconfigured or not enabled, echoes are far more likely on VoIP calls. But these two steps apply only if the call is VoIP from end-to-end. Ideally, both ends of a VoIP call should use the same compression mode settings, because that offers the best assurance for the highest possible signal quality. The H.323 protocol is the most widely used protocol for packet voice communications. Its selection versus other voice protocols, such as SIP, does not significantly affect call quality and echo one way or other. On any kind of software system, checking to make sure updates have been applied is a time-honored best practice for system management. However, such updates may have nothing to do with call quality if one end of the call terminates on an analog endpoint. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 18/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Avaya IP Office Troubleshooting: VoIP Calls Echo or Have Poor Speech Quality, http://www.carrollcommunications.com/ipoffice_troubleshoot/8.html H.323 and SIP Integration, https://www.cisco.com/en/US/tech/tk652/tk701/technologies_white_paper09186a0080092947.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features Question #27 of 200 Question ID: 1289217 Your organization has several VLANs implemented on its network. The VLANs operate across several switches. What do all users on a VLAN have in common? A) Collision domain B) Broadcast domain C) TCP/IP subnet D) Cable segment Explanation VLANs place users from many locations into the same broadcast domain. A single VLAN can span multiple physical LAN segments, collision domains, and TCP/IP segments. VLANs can be based on work function, common applications or protocols, department, or other logical groupings. VLAN assignment is configured at the switch for each device that is connected to the switch. VLANs enable many users at many locations to be in the same broadcast domain. Remember, routers define broadcast domains, and because switches are Layer 2 devices, they do not segment broadcast domains; instead, they segment collision domains. VLANs span multiple collision domains, subnets, and cable segments, so users would not have these aspects of the network in common. IEEE 802.1Q is the networking standard that supports VLANs on an Ethernet network. Broadcast domains can be created using switches or routers. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: VLANs Defined, http://docwiki.cisco.com/wiki/LAN_Switching_and_VLANs#VLANs_Defined CompTIA Network+ N10-007 Cert Guide, Chapter 4 Ethernet Technology, Ethernet Switch Features Question #28 of 200 Question ID: 1123575 You have been hired as a network technician. As part of your technician's kit, you have been issued a basic digital multimeter with no extra probes. What is the primary function of this device? A) connects RJ-45 jacks to an Ethernet cable B) measures the light signal energy C) measures the temperature of a chip on motherboard D) tests voltage Explanation A digital multimeter is a tool that can test voltage. For example, you can use a digital multimeter to test the voltage output of a power supply or to test for breakage in a telephone or Ethernet cable. To use a digital multimeter to measure light signals or temperatures, you will need a light signal probe or temperature probe. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 19/142 4/18/22, 4:07 PM N10-007 Exam Simulation A wire crimper is used to connect an RJ-45 connector to an Ethernet cable. An optical tester tool measures the amount of light signal energy being emitted from an optical cable. It is similar to a cable tester that is used for twisted-pair cable. This can also be referred to as a light meter. A digital infrared thermometer measures the temperature of a chip or motherboard system chassis. A punchdown tool is used to attach network wires to a punchdown block. A loopback adapter is used to test the functionality of a network port. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #29 of 200 Question ID: 1289271 You need to create a cable that will allow you to get a link light on your network interface card (NIC) when the NIC is not plugged into a hub or switch. Which type of cable should you use? A) crossover cable B) straight-through cable C) loopback cable D) rollover cable Explanation You should use a loopback cable. A loopback cable is used to test the network function of the NIC by allowing it to send and receive network communication with itself. A crossover cable connects two legacy or non-MDIX compliant devices, such as two computers, two hubs, or two switches. A patch cable and a straight-through cable are the same thing. This is the standard cable used to connect networking devices. You should not use a rollover cable. A rollover cable connects the console port on any Cisco device. The pin configuration for a rollover cable is easy to remember because of the cable name. The cable pin configuration is "rolled over" so that pin 1 on end 1 is pin 8 on the other, pin 2 on end 1 is pin 7 on the other, and so on until a complete reversal is made. The wires are in reverse order on opposite ends. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Loopback cable, http://www.ortizonline.com/publications/april2004/loopback.htm CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #30 of 200 Question ID: 1289302 A network contains 150 Windows client computers that all receive their IP configuration from a DHCP server. The network is divided into two subnets. The network administrator decides to move a client computer from one subnet to another. After moving the client, the computer is having trouble communicating on the network. You suspect that the client computer is using an IP address from the old subnet. You need to run the appropriate commands to ensure that the client computer receives a new IP address. Select the appropriate command(s) from the left and place them in the appropriate order on the left. Only select commands that are necessary for the scenario. The scenario may include one or more commands. Order is important. {UCMS id=5166797584072704 type=Activity} Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 20/142 4/18/22, 4:07 PM N10-007 Exam Simulation For this scenario, you need to release and renew the DHCP lease for the client computer. You do this by running the following commands: ipconfig /release ipconfig /renew The ipconfig /all command will display all the TCP/IP settings for the computers. The ipconfig /flushdns command removes the contents of the computer's DNS cache. The ipconfig /registerdns command registers the computer's DNS host name with the DNS server. The ipconfig /displaydns command displays the contents of the computer's DNS cache. The ipconfig /showclassid command will display the DHCP class ID assigned to the client computer. The ipconfig /setclassid command will configure the DHCP class ID for the client computer. You should only select commands needed for the scenario. In some cases, only a single command may be necessary. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Ipconfig, https://technet.microsoft.com/en-us/library/bb490921.aspx Question #31 of 200 Question ID: 1123376 Your company has decided to implement unified communication. You have been asked to implement a VoIP network. You need to connect the VoIP network to your company's PBX. What should you implement? A) UC server B) DSCP C) multicast D) QoS E) unicast F) UC gateway Explanation You should implement a unified communication (UC) gateway to connect the VoIP network to your company's PBX. Unified communications include VoIP, video, real-time services, quality of service (QoS), and UC devices. VoIP allows you to transmit voice communications over an IP network. Real-time services include instant messaging, presence information, voice, mobility features, conferencing services, desktop sharing, data sharing, call control, and speech recognition. Real-time services support both multicast and unicast communications. In unicast, one packet is transmitted to only one destination at a time. On the other hand, multicast sends packets to multiple destinations which is represented by a group address. QoS allows you to give priority to communications based on different factors, including IP address, protocol, and so on. It includes Differentiated Services Code Point (DCSP) and Class of Service (COS). DCSP is a field in an IP packet that enables different levels of service to be assigned to network traffic. COS manages traffic in a network by grouping similar types of traffic together and treating each type as a class with its own level of service priority. UC devices include UC servers, UC devices, and UC gateways. UC servers are responsible for managing the UC communications. UC devices help transport and monitor UC. UC gateways connect VoIP networks to other types of networks, such as PBX networks. For VoIP implementations, you also need to understand VoIP private branch exchange (PBX) and VoIP gateway. A VoIP PBX is a device where voice traffic is encapsulated inside data packets for transmission across a data network. A VoIP PBX operates between a VoIP network and a traditional telephone network. A VoIP gateway is a device that converts telephony traffic into IP for transmission over a data network. Objective: Infrastructure https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 21/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Voice over IP Protocols and Components Question #32 of 200 Question ID: 1123240 Which of the following indicates the largest number of bytes allowed in a frame? A) CSMA/CD B) MTU C) CSMA/CA D) PDU Explanation Maximum transmission units (MTUs) indicate the largest number of bytes allowed in a frame. If the MTU size is reduced, network performance is affected. Also, if the MTU is too large, a packet may be rejected by the device receiving the packet. Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is a feature of Ethernet switches that slows down the traffic on wired networks when bottlenecks occur. It uses rules to determine how network devices should respond when two devices attempt to use a data channel simultaneously and a collision occurs. Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) is a feature that creates a collision-free communication channel between the transmitting device and the receiver. A protocol data unit (PDU) is the term for a package of data (encapsulated data) as it travels through the OSI layers. Depending on the layer, the PDU will have a different name, such as "frame" and "packet." The name of the PDU indicates the layer and the type of information in the encapsulation. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: MTU Size Issues, https://www.networkworld.com/article/2224654/cisco-subnet/mtu-size-issues.html Question #33 of 200 Question ID: 1289225 You installed a network in a company executive's home office to allow her to securely access the corporate network and work from home. It has worked properly for three months, but now she says that it is broken. What should you do first to troubleshoot this problem? A) Establish a plan of action. B) Identify the problem. C) Establish a theory of probable cause. D) Test the theory to determine cause. Explanation According to the general troubleshooting strategy, the first thing you should do when troubleshooting a problem is to identify the problem. This includes gathering information, duplicating the problem, questioning users, identifying symptoms, determining if anything has changed, and approaching multiple problems individually. The user's statement that the network is "broken" does not clarify whether there is an issue with hardware or software, with user error, or with an external vendor such as the network service provider. If a user complains that he is unable to access a server or printer resource on the network, you should first ask if the user is able to access any network resources. This will perhaps help to narrow your search from the entire network to a single device. The troubleshooting order according to the CompTIA Network+ blueprint is as follows: 1. Identify the problem. Gather information. Duplicate the problem, if possible. Question users. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 22/142 4/18/22, 4:07 PM N10-007 Exam Simulation Identify symptoms. Determine if anything has changed. Approach multiple problems individually. 1. Establish a theory of probable cause. Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model Divide and conquer 1. Test the theory to determine cause. Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, re-establish new theory or escalate. 1. Establish a plan of action to resolve the problem and identify potential effects, 2. Implement the solution or escalate as necessary, 3. Verify full system functionality and if applicable implement preventive measures. 4. Document findings, actions, and outcomes. Objective: Network Troubleshooting and Tools Sub-Objective: Explain the network troubleshooting methodology. References: CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1) Question #34 of 200 Question ID: 1123399 You are a network administrator for a company that maintains LANs in Los Angeles and Paris. You want to use PPTP to create a VPN connection between the LAN in Paris and the LAN in Los Angeles. A PPTP server has been configured on each LAN. Which protocol should you use to establish a connection between the PPTP servers? A) PPP B) HTTP C) SLIP D) Telnet Explanation Of the choices presented, you should use Point-to-Point Protocol (PPP) to establish a connection between the Point-to-Point Tunneling Protocol (PPTP) server in Los Angeles and the PPTP server in Paris. You can use PPP to transmit TCP/IP network communications over point-to-point connections. PPP can also be used to transmit other network protocols, such as Network Basic Input/Output System Extended User Interface (NetBEUI) and Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX). PPP supports error checking and automatic configuration of network protocol parameters. Multilink PPP is a communications protocol that enables a computer to use two PPP ports to provide greater bandwidth. PPTP is an extension of PPP that was created by Microsoft to establish virtual private network (VPN) connections. To create a VPN connection between the two computers in this scenario, you should first establish a PPP connection between the PPTP server in Los Angeles and the PPTP server in Paris. Then, you should establish a PPTP connection through the PPP connection. Note that PPP is not used to establish a VPN connection. PPP acts as a carrier for PPTP, which is used to establish a VPN connection. Serial Line Internet Protocol (SLIP) is an older point-to-point protocol that enables the transmission of TCP/IP communications over a serial connection. SLIP only supports TCP/IP, and SLIP does not support error checking or automatic configuration of network protocol parameters. You cannot use SLIP to establish a VPN connection. Hypertext Transfer Protocol (HTTP) is used to transmit Web pages. Telnet is used to establish a console session with a remote host on a TCP/IP network. You cannot use HTTP or Telnet to establish a VPN connection. Objective: Infrastructure https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 23/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Compare and contrast WAN technologies. References: PPP, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214311,00.html Question #35 of 200 Question ID: 1123507 Which of the following attacks directs user traffic to a malicious web site without any outside communication from an attacker? A) DNS poisoning B) Ransomware C) Phishing D) ARP poisoning Explanation DNS poisoning, also known as DNS cache poisoning, can direct user traffic to a malicious web site. The attack is accomplished by inserting a bogus record in the DNS server cache, redirecting traffic from the "good" web site to the malicious web site. Phishing is the action of sending out an email that is designed to trick the user into giving up their personal information. That information is then exploited by criminal. Phishing emails appear to come from legitimate companies, and when the user clicks on a link in the email, the user is directed to a website that appears authentic. The user then fills in account information, which is captured by the criminal. However, this attacks requires outside communication from the attacker of some sort. Address Resolution Protocol (ARP) poisoning occurs when an attacker sends counterfeit messages on the network, resulting in the replacement of a legitimate user's MAC address with the attacker's MAC address. Once that happens, the attacker will begin receiving traffic destined for the legitimate user. Ransomware is an attack that holds a computer hostage until the user pays a fee. The attacks often begin as an urgent email, where the user is directed to click a link or open a document to resolve the issue. Once the user completes the action, malicious software is installed on the user's computer, often locking the user out of the system until a fee is paid. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: 3 Common DNS Attacks and How to Fight Them, https://www.calyptix.com/top-threats/3-common-dns-attacks-and-how-to-fight-them/ CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #36 of 200 Question ID: 1289158 Which of the following types of backups would back up data that has NOT been changed since the last backup? A) System snapshot B) Full backup C) Incremental backup D) Differential backup Explanation Full backups backup all of the files on a system, regardless of whether the data has been changed or not. While full backups provide the protection in case of a failure, they take the most time and require the most storage resources to accomplish. A full backup resets the archive bit, which is the indicator in file attributes that tells the OS whether or not the file needs to be backed up. When a file is created or modified, the archive bit is “set” or turned on. Differential backups look at the archive bit and back up all data whose archive bit is set. Differential backups do not reset the archive bit. If, for example, a full back up is performed on Sunday, a differential backup performed on Monday night will back up all of Monday’s new files and modifications, without resetting the archive bit. A differential https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 24/142 4/18/22, 4:07 PM N10-007 Exam Simulation backup performed on Tuesday night will back up all of Monday’s new/modified files as well as all of Tuesday’s new/modified files. Wednesday night’s backup will process changes from Monday, Tuesday and Wednesday. To restore data, the administrator would restore the full backup and the most recent differential backup. Incremental backups look at the archive bit and back up all data whose archive bit is set. Unlike differential backups, however, incremental backups reset the archive bit. If, for example, a full back up is performed on Sunday, an incremental backup performed on Monday night will back up all of Monday’s new files and modifications, while resetting the archive bit. An incremental backup performed on Tuesday night will only backup all of Tuesday’s new/modified files and reset the archive bit. Wednesday night’s backup will process Wednesday’s changes and reset the archive bit. To restore data, the administrator would restore the full backup and each of the incremental backups. Snapshots create a system image at a given point in time. While they can be considered a form of backup, snapshots are not concerned with archive bits and capture the entire system state. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: Tips & Tricks for Better Business Backup and Recovery for World Backup Day, https://www.acronis.com/en-us/blog/posts/tips-tricks-better-business-backup-and-recovery-worldbackup-day CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability Question #37 of 200 Question ID: 1289141 What should you implement to isolate two of the devices that are located on a storage area network (SAN) fabric containing eight devices? A) virtual SAN B) HBA allocation C) VLAN D) SAN snapshots Explanation You should implement a virtual storage area network (vSAN) to isolate two of the devices that are located on a SAN fabric containing eight devices. A vSAN is a collection of ports from a set of connected Fibre Channel switches that form a virtual fabric. You can partition ports within a single switch into multiple VSANs, despite sharing hardware resources. Do not confuse a vSAN with virtual storage. In recent years, virtual storage solutions like Microsoft's SkyDrive and Amazon's CloudDrive have been developed to provide online storage and sharing of data. SAN snapshots are a type of SAN backup. SAN snapshots do not use typical backup methods. Host bus adapter (HBA) allocation is a method for allocating resources in a SAN. HBA allocation uses either soft zoning or persistent binding. Soft zoning allows resources to be moved. Persistent bonding links resources with a specific logical unit number (LUN). A virtual LAN (VLAN) is created using switches. Device isolation on a SAN fabric does not require a VLAN. Your SAN may need to include redundant storage solutions to ensure that data is always available. For the Network+ exam, you need to understand the following concepts: iSCSI - allows you to send SCSI commands over an IP-based network. It also can be used to connect a networked attached storage (NAS) device to an Ethernet network. To improve the performance of data transfers over iSCSI switches, you should set the maximum transmission unit (MTU) to 9000 on the each of the participants in the vSAN. Jumbo Frame - an Ethernet frame with a payload greater than the standard MTU of 1,500 bytes. It supports at least 1 Gbps and can be as large as 9,000 bytes. Fibre Channel - transmits data between computer devices at data rates of up to 4 Gbps (with 10 Gbps coming in the future). While it can use fiber optic or coaxial cabling, it provides the best distance (approximately 10 km) using fiber optic cabling. Network attached storage (NAS) - provides both storage and a file system. This is often contrasted with SAN (Storage Area Network), which provides only block-based storage and leaves file system concerns with the client. It uses file-based protocols such as UNIX's NFS, Microsoft's Server Message Block/Common Internet File System (SMB/CIFS), Apple's AFP, or Novell Netware's NCP. This would be the most cost efficient solution for a SQL server that needs several terabytes of disk space available to do an uncompressed backup of a database. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 25/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Infrastructure Sub-Objective: Explain the purposes of virtualization and network storage technologies. References: Virtual storage area network (VSAN), http://searchstorage.techtarget.com/definition/virtual-storage-area-network Question #38 of 200 Question ID: 1289057 You use a computer on a TCP/IP network to transfer data through well-known TCP port 80. Which protocol is most likely being used to transfer data? A) FTP B) HTTP C) SMTP D) POP3 Explanation Hypertext Transfer Protocol (HTTP) is assigned to the well-known Transmission Control Protocol (TCP) port 80, so you are most likely using HTTP to transfer data. HTTP is used to transfer data between Web browsers and Web servers on a TCP/IP network. HTTP is a stateless protocol, which means that neither the server nor the client collect or maintain information about one another. HTTP works at the Application layer (Layer 7) of the OSI model. HTTP 1.1 improved the performance of HTTP by adding persistent connections and Web browser caching. With HTTP 1.0, a Web client had to establish a connection to a Web server for each object on a Web page. Under HTTP 1.0, if a Web page named index.htm had 100 objects, then a Web client would need to establish 100 connections with a Web browser to download the index.htm Web page. Under HTTP 1.1, a Web client only needs to establish a single connection to download index.htm. HTTP 1.1 also provides Web page caching, which enables Web browsers to locally store frequently viewed Web pages. HTTP 1.1 performs approximately 50 percent more efficiently because of connection persistence and Web page caching. File Transfer Protocol (FTP) uses the well-known TCP ports 20 and 21. FTP is used to transfer data between FTP clients and FTP servers on a TCP/IP network. FTP works at the Application layer of the OSI model. Post Office Protocol 3 (POP3) uses well-known TCP port 110. POP3 is used to transfer e-mail messages from e-mail servers to e-mail clients. POP3 works at the Application layer of the ISO model. Simple Mail Transfer Protocol (SMTP) uses well-known TCP port 25. SMTP is used to transfer e-mail messages among e-mail servers and to transfer e-mail messages from email clients to e-mail servers. SMTP works at the Application layer of the OSI model. Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 26/142 4/18/22, 4:07 PM N10-007 Exam Simulation MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications Computer Network Glossary - Port Number: Ports 50-99, http://compnetworking.about.com/od/tcpip/l/blports_gl50.htm Question #39 of 200 Question ID: 1289273 You are connecting a switch to a router. You just made a cable with each end configured differently, one 568A and the other 568B. When you plug in the cable, the devices cannot communicate. What is the most likely cause? A) Incorrect cable type B) Open/short C) Jitter D) Bent pins Explanation You have an incorrect cable type. You made a crossover cable when you needed a straight-through cable. In general, a straight-through cable is used when you are connecting two different pieces of equipment, as in a computer and a switch or a router and a switch. The straight-through cable has matching 568A or 568B connectors, but not both. A crossover cable is used when you are connecting two like pieces of equipment, such as two routers. A crossover cable will have one end configured as 568A and the other as 568B. A rollover cable is wired differently from either a crossover cable or a straight-through cable. A rollover cable connects a computer to console port of a router or switch. The cable pin configuration is "rolled over" so that pin 1 on end 1 matches pin 8 on end 2, pin 2 on end 1 matches pin 7 on end 2, and so on, until a complete reversal is made. In other words, the wires are in reverse order on opposite ends. Some newer routers and switches have an auto-sense connection type that will allow you to use either type of cable. However, it is always better to use the appropriate cable just in case you are dealing with legacy devices that do not auto-sense. Jitter is the variance in latency rates. Different network segments may have different factors that affect latency. When the rate of latency is inconsistent, it can cause service issues in latency-sensitive applications like banking, e-commerce, and gaming. Bent pins can occur when someone tries to “jam” an RJ-45 jack (or other cable, like a USB cable) into a port. If the damaged pins are on the jack, it is easier to cut off the damaged jack and replace it. If the damaged pins are in a wall port or NIC, you should replace the wall port or NIC. If the damaged pins are in a switch or router port, you are most likely out of luck. You can no longer use the port. If you do not have extra unused ports, it will be necessary to purchase a new router or switch. If you are having network connectivity issues on your LAN, you should check the cables for open/short conditions. An open condition would indicate that there is a break in the cable somewhere. A short means that the wires are connecting at some point where they are not supposed to connect. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: The Difference Between Straight Through, Crossover, And Rollover Cables, http://learn-networking.com/network-design/the-difference-between-straight-through-crossover-androllover-cables https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 27/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #40 of 200 Question ID: 1289286 You are shopping for a new wireless access point. The access point will be mounted to the wall. With which one of these should you be concerned during the selection process? A) Incorrect antenna type B) Wrong passphrase C) Security type mismatch D) Incorrect antenna placement Explanation You should be concerned with incorrect antenna placement during the selection process. Antenna placement can cause issues with Wi-Fi performance. Check the manufacturer’s placement recommendation – some wireless access points are designed for wall mounting, while others are designed for ceiling mounts. Also, placing a wireless access point near metal ductwork, larger metallic lamps, on top of a ceiling panel, or next to a thick wall can cause performance issues. It is important to verify that you do not have a security type mismatch. To connect to a wireless network, the client device must be set to use the same security type as the access point. Access point security types include open and WEP (both to be avoided if at all possible), WPA/TKIP, WPA/AES, and WPA2/AES. This is not the first concern you should have when mounting an access point to a wall, as this is a access point configuration issue, not a setup issue. Choosing the incorrect antenna type can cause many performance issues. A parabolic or dish antenna is best for longer distance site-to-site transmissions, as it is a unidirectional antenna. A Yagi antenna is similar to, but less powerful than, a parabolic antenna. Like a parabolic antenna, it is also unidirectional. A dipole antenna will have dishes pointed in opposite directions, and is bidirectional. A vertical antenna is omnidirectional, and loses power in relation to the distance between the receiver and the transmitter. The antenna type should be fine if you mount the antenna in the appropriate location. It is very easy for the user to enter the wrong passphrase. Passwords and passphrases are case sensitive, and the number/letter/symbol combinations are easy to miskey. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: 10 Huge Wi-Fi Antenna Mistake, https://7signal.com/10-wi-fi-antenna-placement-mistakes/ Question #41 of 200 Question ID: 1123401 Which type of Internet connection is NOT limited by proximity to an ISP, and consequently has the highest latency? A) Wireless B) Satellite C) Copper D) Fiber-optic Explanation Satellite Internet connections are available anywhere you can place a satellite dish, and are not limited by how close the subscriber is to an ISP. Satellite speeds are slower compared to other delivery media, and satellite transmissions are affected by latency due to the distance the signals must travel. Copper wire can be found as a transmission medium in unshielded twisted pair (UTP), shielded twisted pair (STP), or coaxial cable. While coaxial cables can have segment lengths up 1 km, UTP and STP are limited to 100 meters. Copper remains the primary transmission medium for last-mile connections in the US. Fiber-optic cable is available as a transmission media in two main types: single-mode fiber (SMF) and multi-mode fiber (MMF). MMF segments can be up to 600 meters, while SMF segments (10GBASE-ER) can be 40KM. Longer distances for SMF are underdevelopment at this writing. Wireless broadband requires you to be within a certain range of a provider's point of presence, such as a cell tower or antenna. Wireless broadband is currently classified as 4G, or 4th Generation. 4G speeds, currently 16-17 Mbps, are 10 times faster than 3G. 3G and 4G have speed limitations, but they do not suffer from the latency issues one experiences with satellite. Objective: Infrastructure https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 28/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Compare and contrast WAN technologies. References: Understanding Fixed Wireless vs. Satellite, http://www.highspeedlink.net/understanding-fixed-wireless-vs-satellite/ Question #42 of 200 Question ID: 1123396 Your company consists of 75 employees. Your company has entered into a partnership with another company that is located across the country. Your company's users must be able to connect to the partner's network quickly and reliably. Support for voice, data, and imaging transmissions and a dedicated 24-hour link are required. Your solution must be as inexpensive as possible while providing enough bandwidth for your company's employees. What should you implement? A) FDDI B) T1 C) ATM D) POTS E) ISDN Explanation T1 lines can provide fast, digital connections of up to 1.544 Mbps, transmitting voice, data, and video. A T1 line also provides a dedicated connection, which means that it provides a 24-hour link. A T1 line is more expensive than a dial-up connection using Plain Old Telephone Service (POTS) or an Integrated Services Digital Network (ISDN) connection, but this company needs enough bandwidth to accommodate its 75 users, which justifies the additional cost. If the full bandwidth of the T1 proves too costly or unnecessary, fractional T1 is available. With a fractional T1, you can subscribe to one or more of the 24 available channels at a lower cost than T1. Asynchronous Transfer Mode (ATM) is a high-speed, cell-switching link type transmitting up to 2,488 Mbps. ATM requires expensive equipment to implement. Therefore, it is a costly alternative and is typically used by Internet backbones. The size of a cell in ATM is 53 bytes: a 48-byte payload and a 5-byte header. Fiber Distributed Data Interface (FDDI) is a high-speed, Token Ring network that uses fiber-optic cable transmitting up to 100 Mbps. Although it does offer speed, it is limited to a ring distance of 100 kilometers, or 62 miles. Even if distance were not a factor, the fiber medium makes this alternative too costly. Integrated Services Digital Network (ISDN) provides a direct, point-to-point digital connection at a speed of up to 2 Mbps. Usually, speeds of 128 Kbps are seen with ISDN. However, because it is a dial-up connection, it would not provide a dedicated 24-hour link. Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: CompTIA Network+ N10-007 Cert Guide, Chapter 7: Wide Area Networks (WANs), WAN Technologies Question #43 of 200 Question ID: 1289148 You upgrade the operating system on several servers on your network. Which change management documentation should you revise? (Choose all that apply.) A) physical network diagram B) wiring schematic C) network baseline D) logical network diagram Explanation You should revise the physical network diagram and the network baseline when you upgrade the operating system on several servers on your network. The physical network diagram includes cable lengths and types, server names, IP addresses, server roles, network equipment locations, server operating system versions, and number of network https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 29/142 4/18/22, 4:07 PM N10-007 Exam Simulation users. A network baseline includes performance statistics for your network. Both of these documents are affected when the operating system on a server is changed. Network diagrams are also referred to as network maps. You should not revise the logical network diagram. The logical network diagram includes server roles, domain architecture, protocols used, and trust relationships. Upgrading a server's operating system does not affect the logical network diagram. You should not revise the wiring schematic. The wiring schematic emphasizes the flow of the network. It includes equipment symbols and lines that indicate the flow. Upgrading the server's operating system will not affect the wiring schematic. Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. References: Configuration Management Documentation, http://www.examcollection.com/certification-training/network-plus-configuration-management-documentation.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation Question #44 of 200 Question ID: 1123370 What is the main purpose of a VPN concentrator? A) to provide dynamic IP addresses B) to terminate the VPN tunnels C) to manage Internet requests and cache Web content D) to resolve host names and IP addresses Explanation The main purpose of a VPN concentrator is to terminate the VPN tunnels. The main purpose of a DNS server is to resolve host names and IP addresses. The main purpose of a DHCP server is to provide dynamic IP addresses. The main purpose of a proxy server is to manage Internet requests and cache Web content. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices Question #45 of 200 Question ID: 1289172 You need to create an encrypted remote terminal connection with a UNIX computer. Which protocol should you use? A) FTP B) SSH C) Telnet D) SCP Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 30/142 4/18/22, 4:07 PM N10-007 Exam Simulation Secure Shell (SSH) is used to create an encrypted remote terminal connection with a UNIX computer. File Transfer Protocol (FTP) is used to transfer files on a TCP/IP network. FTP transmits data in clear text. Secure Copy (SCP) enables users to transfer files over a secure connection. Telnet is a protocol that enables a user to establish terminal connections with UNIX computers. Telnet transmits data in clear text. To fully harden your network, you should use the following secure protocols: SSH - secure alternative to Telnet. SNMPv3 - secure alternative to SNMPv1 and v2. TLS/SSL - used with different protocols, including FTP and HTTP, to secure transactions. SFTP - secure alternative to FTP. It uses TLS/SSL. HTTPS - secure alternative to HTTP, It uses TLS/SSL. IPsec - used on virtual private networks (VPNs) to encrypt traffic. For the Network+ exam, you also need to understand the following anti-malware software: Host-based - Host-based anti-malware software is installed at the local host, although its updates may be managed from a central location. Host-based anti-malware protects only the device on which it is installed. Cloud/server-based - Cloud- or server-based anti-malware protects all components located on the cloud or server. Network-based - Network-based anti-malware protects the entire network. In some case, a small client component will need to be installed on the network hosts to ensure that the network-based software can communicate with all hosts on the network. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models Question #46 of 200 Question ID: 1289169 You have decided to implement ISAKMP. What is provided by this technology? A) a Citrix protocol used in application server environments B) a Microsoft protocol that establishes sessions with other computers C) a protocol that encapsulates PPP within Ethernet frames D) a protocol that works with IPSec to establish a secure session Explanation Internet Security Association and Key Management Protocol (ISAKMP) is a protocol that works with IPSec to establish a secure session. Remote Desktop Protocol (RDP) is a Microsoft protocol that establishes sessions with other computers. Point-to-Point Protocol over Ethernet (PPPoE) is a protocol that encapsulates PPP within Ethernet frames. Independent Computing Architecture (ICA) is a Citrix protocol used in application server environments. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: Internet Security Association and Key Management Protocol, http://en.wikipedia.org/wiki/ISAKMP Question #47 of 200 Question ID: 1289114 You have been asked to implement a protocol that will manage the fully qualified domain name (FQDN) to IP address mappings. Which protocol should you implement? A) DNS https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 31/142 4/18/22, 4:07 PM N10-007 Exam Simulation B) WINS C) SSH D) DHCP Explanation Domain Name System (DNS) is the protocol that will manage the FQDN to IP address mappings. DNS works at the Application layer of the OSI model. The DNS database will include the following record types: Host (A) record for IPv4 Host (AAAA) record for IPv6 Pointer (PTR) record Canonical name (CNAME) record Mail exchanger (MX) record Name server (NS) record Dynamic Host Configuration Protocol (DHCP) is the protocol that dynamically assigns IP addresses to clients on a network. DHCP works at the Application layer of the OSI model. Windows Internet Name Services (WINS) is the protocol that manages NetBIOS name to IP address mappings. WINS is used only on Windows networks. WINS uses the BOOTP protocol and operates at the Application layer of the OSI model. Secure Shell (SSH) is a protocol that allows data to be securely exchanged between two devices. SSH works at the Presentation layer of the OSI model. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices Cisco Support: Understanding the Domain Name System, http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800c5e03.shtml Question #48 of 200 Question ID: 1123569 You administer a LAN that uses TCP/IP as its network communications protocol. You want to view the number of UDP packets that will be sent to SERVER_1 from CLIENT_A. Which tool should you use to view this information? A) Monitor.nlm B) a hardware loopback C) Performance Monitor D) a protocol analyzer Explanation You should use a protocol analyzer to view the number of User Datagram Protocol (UDP) packets sent from CLIENT_A to SERVER_1. A protocol analyzer is software that enables you to view information about the network communications protocols that are used on a network. You can also use a protocol analyzer to determine the Web sites that are being visited by network users and to alert you if network interface cards (NICs) are jabbering. A jabbering NIC should be replaced because it continually sends data and saturates the network with data packets. A hardware loopback is required to determine whether a NIC is sending and receiving data. You connect the hardware loopback to the external port of the NIC. Then, you use diagnostic software to evaluate whether the NIC is functioning. Performance Monitor is a tool provided by Windows that allows you to view software and operating system (OS) performance metrics. Monitor.nlm, which is analogous to Performance Monitor, is used on Novell NetWare networks. Objective: Network Troubleshooting and Tools https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 32/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #49 of 200 Question ID: 1289181 Which of the following statements is UNLIKELY to appear in an organization's safety policies and procedures for its networking equipment? A) Exercise caution when working around electrical equipment. B) Look for simpler, more approachable alternatives to technician's manuals online. C) Arrange for assistance or lifts when moving heavy equipment. D) Always use insulated tools. E) Wear appropriate safety equipment. F) Keep all work areas clean, uncluttered, and organized. Explanation The essence of stating and practicing proper safety procedures and policies is doing things by the book. Because looking for simpler, more approachable alternatives to technician’s manuals online encourages readers to skip the book quite literally, it is completely at odds with this approach. Keeping work areas clean, uncluttered and organized not only minimizes the potential for accident or mishaps, it also promotes productivity. It also ensures that confidential information is not left out in the open for prying eyes. This makes it a cornerstone for best safety practice and policy. Wearing appropriate safety equipment means exercising due diligence in the workplace. It is another best safety practice when working with and around electrical equipment. Using insulated tools minimizes the risk of shock or injury when working around electrical equipment. It should be automatic for those who work in such environs, but an explicit policy/requirement simply emphasizes how important this is for safety. Moving heavy equipment always carries a risk of damage to the gear or injury to those who work with it. That is why arranging for assistance, mechanical or from a sufficient number of co-workers is an absolute must. Electricity is dangerous and can be life-threatening (or -ending). It is absolutely essential to exercise caution when working in or around electrical gear. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: OSHA Electrical Safety in the Workplace (PDF) https://www.osha.gov/dte/grant_materials/fy09/sh-18794-09/electrical_safety_manual.pdf Electrical Safety Program (DOCX) EMC Insurance https://www.emcins.com/assets/docs/lossControl/Electrical%20Safety%20Program.docx CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Policies Question #50 of 200 Question ID: 1123310 Which of the following is a security implication if your company uses a public cloud deployment? A) Surges in demand require that company resources will need to be adjusted accordingly. B) Other tenants can gain physical access to the resources that store your company's data. C) Security issues are the sole responsibility of the company's personnel. D) The local ISP and power grid can impact the availability of resources stored on the cloud. Explanation When using a public cloud deployment, other tenants can gain physical access to the resources that store your company's data. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 33/142 4/18/22, 4:07 PM N10-007 Exam Simulation All of the other statements are security implications of implementing a private cloud, not a public cloud. For the Network+ exam, you need to understand the different security methods and considerations for each cloud deployment. In most cases, a private cloud will have the opposite security implications and considerations from public cloud. For example, with a private cloud, you retain complete physical control of the data. But with public cloud, the physical control of the data rests with the cloud provider. The relationship between the local and cloud resources is also important. Personnel will need to understand the transfer of data between local and cloud resources and how the availability of local resources can affect the cloud deployment. Objective: Networking Concepts Sub-Objective: Summarize cloud concepts and their purposes. References: Security implications of public vs. private clouds, https://www.zdnet.com/article/security-implications-of-public-vs-private-clouds/ Question #51 of 200 Question ID: 1289235 You administer computers on an Ethernet 100BaseTX network, which uses the TCP/IP network communications protocol. The network uses an unsubnetted Class A IP address range. A computer on the network named Admin1 has the IP address 12.10.100.3, and a computer on the network named Marketing1 is configured with the IP address 12.10.100.4. Both computers are configured with the subnet mask 255.0.0.0 and the default gateway address 12.10.100.5. The network is connected to the Internet. RemoteWkst is a computer on a remote network that is connected to the Internet. Normally, Marketing1 and Admin1 can connect to RemoteWkst. You recently discovered that Marketing1 can connect to Admin1 and Admin1 can connect to Marketing1, but neither of these computers can connect to RemoteWkst. You suspect that there is a problem with one of the routers between RemoteWkst and the network you administer. Which TCP/IP utility should you use to troubleshoot this connectivity problem? A) the arp utility B) the ipconfig utility C) the nslookup utility D) the tracert utility Explanation To test the routers between your network and RemoteWkst, you should use the tracert utility. To use the tracert utility, you should type the tracert command at a command prompt and either an IP address or a Domain Name System (DNS) name variable after the command, as in the following example: tracert dnsname or tracert ipaddress. The tracert utility will then display the IP address and DNS name of every node that a data packet passes through on its way to the remote computer. The tracert command will also display the time required for a data packet to travel through each node, and an error message if a router on the path is experiencing problems. In this scenario, the tracert command will display an error message if a router is experiencing a problem between either Admin1 or Marketing1 and RemoteWkst. If you receive a Request Timed Out message from tracert when you trace the route to external resources, it is possible that the firewall is blocking echo reply in and echo request out messages. You would need to reconfigure the firewall to allow these messages. The traceroute command is the Linux equivalent of the tracert command. The Address Resolution Protocol (ARP) is used in TCP/IP to resolve media access control (MAC) addresses to IP addresses. MAC addresses are configured on each NIC on an Ethernet network so that the nodes can be identified on the network. ARP enables the MAC addressing that Ethernet requires to interoperate with the IP addressing that TCP/IP requires. You can use the arp utility to view and manage the ARP cache on a computer. The ARP cache contains the IP address-to-MAC address resolutions on a computer. To use the arp utility, you can issue the arp command with various switches at a command prompt. An example of the output of the arp -a command is shown in the following exhibit: You can use the ipconfig utility to view IP configurations, such as IP address, subnet mask and default gateway. You can also use the ipconfig utility to release and renew DHCP leases. You can issue the ipconfig command with various switches at a command prompt. The ipconfig utility will show that Admin1 and Marketing1 are configured with valid IP addresses on the network and a valid subnet mask. The ifconfig command is the Linux equivalent of the ipconfig command. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 34/142 4/18/22, 4:07 PM N10-007 Exam Simulation You can use the nslookup utility to troubleshoot problems with DNS on computers that support the utility, such as Windows Server computers. You can issue the nslookup command with various switches and variables, shown in the following exhibit: For example, suppose you can connect to a remote computer by using the remote computer's IP address, but you cannot connect to the same remote computer by using its host name. In this situation, you can use the nslookup utility to troubleshoot the DNS name resolution problem. The dig utility is the UNIX equivalent to the nslookup utility. Both these tools can be used to resolve the FQDN of a Web server. For the Network+ exam, you also need to understand the show mac address-table command that is used to display information about the MAC address table on a Cisco device. The parameters that can be used with this command are as follows: You will only be able to run this command on a Cisco device. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #52 of 200 Question ID: 1289165 You are a network administrator for a Windows Server 2012 domain. Recently, you have noticed network performance issues when Microsoft operating systems and applications release new service packs or updates. All server and client computers are configured to automatically download and install any updates. You need to deploy a solution that will reduce the network performance issues when these updates are released. What should you do? A) Deploy a centralized Windows Software Update Services server that will download and deploy the updates, and deploy a group policy that ensures that all servers and clients obtain their updates from the centralized server. B) Change the configuration of all computers to check for updates but wait for the user to download and install them. C) Change the configuration of all computers to never check for updates. D) Change the configuration of all computers to download updates but wait for the user to install. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 35/142 4/18/22, 4:07 PM N10-007 Exam Simulation Explanation You should deploy a centralized Windows Software Update Services (WSUS) server that will download and deploy the updates and deploy a group policy that ensures that all servers and clients obtain their updates from the centralized server. The WSUS server will download all the updates needed for clients and servers. This means that an update will only need to be downloaded once from the Internet. By using a group policy, you can configure the server and client computers to obtain the updates from the centralized server. This will allow you to configure the day and time that servers and clients will check for updates. Therefore, you can deploy the updates during off-peak times and minimize network performance issues due to updates. Changing the configuration of the computers to never check for updates will cause security and performance issues for your computers. You need to deploy any updates from operating system and application vendors. Changing the configuration of all computers to download updates but wait for the user to install will not reduce network performance issues because all the computers will still be downloading the updates from the Internet. All of the clients and servers downloading their updates separately is probably what is causing the network performance issues. In addition, it is never good to leave update installation in the hands of users. Changing the configuration of all computers to check for updates but wait for the user to download and install them will not reduce network performance issues when released. In this solution, all the computers would still be separately downloading the updates. Also, this solution relies on the users to approve the download and installation of the updates. For the Network+ exam, you need to understand the following issues as they relate to applying patches and updates: OS updates - Operating system (OS) updates come in many forms. Service packs are usually fully tested by the vendor and contain all updates and hotfixes since the last service pack. Hotfixes are released to fix an urgent issue and are not tested as stringently as service packs. Other updates can be released periodically to fix minor issues and are usually tested a bit more than hotfixes, but not as much as service packs. However, you should still test any OS updates in a lab environment BEFORE you deploy them in the live server and client computers. Firmware updates - Firmware updates involve updates to the firmware running on ROM chips in devices, including routers, switches, mobile phones, and computers. Driver updates - Driver updates are released by device or component vendors, including video cards and network cards. Make sure to install the driver that is appropriate for your OS version. Feature changes/updates - Feature changes or updates are released by OS and application vendors to provide users with additional functionality. Only deploy those features that your users need, because the features will require storage space. Major vs minor updates - While both major and minor updates should be deployed, you should read the documentation that comes with the update to see if your organization considers it to be major or minor. What the vendor may consider major, the vendor may only consider minor. Deploy any major updates as quickly as possible. Vulnerability patches - A vulnerability patch is usually a security patch. These patches are usually very important to prevent security breaches or exploitation of the vulnerability. Upgrading vs downgrading - Upgrading is the process is installing the next version of an OS or application. Downgrading is the process of reverting to a previous version of an OS or application. If available with your operating system, you should implement some sort of system restore program to create a savepoint before you install a new OS or application version. This will allow you to easily revert back to the previous version using the savepoint you created. Configuration backup - A full backup is suggested before you install any patches, hotfixes, service packs, new OS versions, or any other update. However, many OSs now offer a system restore program that will create savepoints. This process is usually much faster than a full backup. Also, restoring a savepoint is much quicker when compared to the restore time of a backup. Objective: Network Operations Sub-Objective: Explain common scanning, monitoring and patching processes and summarize their expected outputs. References: Windows Server Update Services, https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx Question #53 of 200 Question ID: 1289192 Which of the following relies on credentials stored and authenticated on the device being used? A) Local authentication B) RADIUS C) Certificates D) Kerberos Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 36/142 4/18/22, 4:07 PM N10-007 Exam Simulation In the case of local authentication, the credentials are stored on the device being used (a local device), not on a remote server. Local authentication is accomplished by the user providing credentials (typically a user name and password) and verifying those credentials against a local database. Certificates are issued by a certificate authority (CA) and are used to validate the owner’s identity. Normally, the certificate contains the owner’s name, public key, and the certificate expiration date, as well as additional information about the owner. Kerberos is an authentication protocol that uses a third-party server (a key distribution center or KDC) to provide authentication between a client and a server. A client sends an authentication request to the KDC. The KDC contacts the Active Directory server, which authenticates the user and the user’s authorized groups. The KDC replies to the client with a ticket granting ticket (TGT) containing a session key and the groups authorized for the user. The TGT basically is a “proof of identity”. The client caches that TGT. If the client wants access to a server, the client sends the name of the server, the TGT, and an authentication key to the Active Directory server. The Active Directory server checks with the KDC to ensure the key’s validity and sends the client a service ticket to share with the server. The server validates the service ticket and grants access to the client. Again, this scenario first requires full network authentication. Remote Authentication Dial-In User Service (RADIUS) servers handle both authentication and authorization. RADIUS was originally designed for dial-up networking and validates the credentials of a remote user against a stored database. If the validation is successful, the user is granted access (authorization) to network resources. RADIUS servers are not local devices. Objective: Network Security Sub-Objective: Explain authentication and access controls. References: Authentication, http://searchsecurity.techtarget.com/definition/authentication CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Remote-Access Security Question #54 of 200 Question ID: 1123589 While reviewing recent performance reports from your network devices, you notice that there are a high number of corrupt packets reaching a router named Router34. What is most likely happening to them? A) The packets are being forwarded to the next router upstream. B) The packets are causing the duplexing method to change. C) The packets are causing the interface to reset. D) The packets are being dropped. Explanation Corrupt packets are being dropped. Packet drops occur for a variety of reasons, including packet corruption, speed mismatch, and duplex mismatch. Corrupt packets are not forwarded by network devices. An interface only resets when a power outage occurs or when an administrator initiates a reset. Packets cannot change the duplexing method. However, a packet that uses a different duplexing than is the network supports is usually dropped. As a network technician, you should perform interface monitoring. This includes being able to read errors and determine their cause, understand network utilization reports, determine discards and packet drops and their cause, perform interface resets, and ensure speed and duplex settings are appropriately configured. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Troubleshooting packet drops, https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10191.html Question #55 of 200 Question ID: 1123549 You instruct a user to issues the ipconfig command with the /release and /renew options. In which two situations would it be appropriate to ask a user to do this? (Choose two.) https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 37/142 4/18/22, 4:07 PM N10-007 Exam Simulation A) when no IP helper address has been configured on the router between the client and the DHCP server B) when the result of running the ipconfig /all command indicates a 169.254.163.6 address C) when the no ip directed-broadcast command has been issued in the router interface local to the client, and no IP helper address has been configured on the router between the client and the DHCP server D) when recent scope changes have been made on the DHCP server Explanation It would it be appropriate to issue the ipconfig command with the /release and /renew options when the result of running the ipconfig /all command indicates a 169.254.163.6 address, or when recent scope changes have been made on the DHCP server. When a computer has an address in the 169.254.0.0 network, it indicates that the computer has not been issued an address from the DHCP server. Instead, the computer has utilized Automatic Private IP Addressing (APIPA) to issue itself an address. If the reason for this assignment is a temporary problem with the DHCP server or some other transitory network problem, issuing the ipconfig /release command followed by the ipconfig /renew command could allow the computer to receive the address from the DHCP sever. Similarly, if changes have been made to the settings on the DHCP server, such as a change in the scope options (such as gateway or DNS server), issuing this pair of commands would update the DHCP client with the new settings when this address is renewed. These commands will have no effect if no IP helper address has been configured on the router between the client and the DHCP server. An IP helper address can be configured on the local interface of a router when no DHCP server exists on that subnet and you would like to allow the router to forward DHCP DISCOVER packets to the DHCP server on a remote subnet. DHCP DISCOVER packets are broadcast, and routers do not pass on broadcast traffic by default. These commands will have no effect if the no ip directedbroadcast command has been issued in the router interface that is local to the client, and no IP helper address has been configured on the router between the client and the DHCP server. The no ip directed-broadcast command instructs the router to deny broadcast traffic, which is the default behavior. Under those conditions, the command will not result in finding the DHCP server or receiving an address. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Cisco IOS IP Application Command Reference: ip directed-broadcast, http://www.cisco.com/en/US/docs/ios/ipapp/command/reference/iap_i1.html#wp1052696http://www.cisco.com/en/US/docs/ios/ipapp/command/reference/iap_i1.html#wp1053151 Cisco IOS IP Application Command Reference: ip helper-address, CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #56 of 200 Question ID: 1289216 What is another term for a demilitarized zone (DMZ)? A) dual-homed firewall B) screened host C) screened subnet D) virtual private network (VPN) Explanation A screened subnet is another term for a demilitarized zone (DMZ). Two firewalls are used in this configuration: one firewall resides between the public network and DMZ, and the other resides between the DMZ and private network. A DMZ is a separate network segment that contains Internet-accessible servers, which is separated from the Internet and the rest of the private network by a firewall. A system administrator would deploy a Web server on a DMZ if the Web server needed to be separated from other networked servers. The general standpoint behind a DMZ is that all the systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. An e-mail server and FTP server could also be located on a DMZ. If you locate the e-mail server on the private network, you could place an e-mail proxy on the DMZ. An extranet is similar to a DMZ, but is only accessible to partners or clients. Firewall architectures include bastion hosts, dual-homed firewalls, screened hosts, and screened subnets. A screened host is a firewall that resides between the router that connects a network to the Internet and the private network. The router acts as a screening device, and the firewall is the screen host. A dual-homed firewall is one that has two network interfaces: one interface connects to the Internet, and the other connects to the private network. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 38/142 4/18/22, 4:07 PM N10-007 Exam Simulation A virtual private network (VPN) is not a physical network. As its name implies, it is a virtual network that allows users connecting over the Internet to access private network resources while providing the maximum level of security. An encrypted VPN connection should be used to ensure the privacy and integrity of data that is transmitted between entities over a public network, whether those entities are clients, servers, firewalls, or other network hardware. A VPN can use a tunneling protocol, such as IPSec. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Demilitarized Zone in Computer Networking, http://compnetworking.about.com/cs/networksecurity/g/bldef_dmz.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #57 of 200 Question ID: 1123555 You need to obtain the current protocol statistics and port connections for Windows and UNIX/Linux computers. Which tool should you use? A) netstat B) ping C) tracert D) nbtstat Explanation Netstat is a TCP/IP utility that you can use to determine the computer's inbound and outbound TCP/IP connections. It displays current connections and their listening ports. Ping is a Windows and UNIX/Linux command that is used to test a connection between two computers. Issuing nbtstat at a Windows command prompt will show NetBIOS information. Issuing tracert at a Windows command prompt will trace the route a packet takes from the source computer to the destination host. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Netstat, http://searchnetworking.techtarget.com/sDefinition/0,sid7_gci1270289,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #58 of 200 Question ID: 1123321 You manage a network for your organization. The network contains one DNS server and three routers. You are setting up a new DHCP server. You configure separate scopes for each subnet on your network. The routers are configured to forward DHCP requests. You need to ensure that DHCP clients receive the appropriate settings using the least administrative effort. What else should you do? (Choose all that apply.) A) Configure the DNS server as a scope option for each scope. B) Configure each router as a server option. C) Configure the DNS server as a server option. D) Configure each router as a scope option for its appropriate scope. Explanation You should configure the DNS server as a server option. This will ensure that all DHCP clients receive the DNS server settings. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 39/142 4/18/22, 4:07 PM N10-007 Exam Simulation You should also configure each router as a scope option for its appropriate scope. Each scope will have a different router or default gateway. For this reason, router or default gateway information must be configured at the scope level. If you configure this option at the server level, all the clients would receive the same router configuration, which would not work because you have three different subnets. You should not configure the DNS server as a scope options for each scope. This would require more administrative effort than is necessary. You should not configure each router as a server option. This would cause all the devices to receive the same router or default gateway information. Because the network has three subnets, the clients could use any of the three routers, depending on their location in the network. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices Question #59 of 200 Question ID: 1289305 Users are unable to log in to the network. When you examine the authentication server, you see that CPU usage is almost 100%. What is most likely the issue? A) Names not resolving B) Incorrect gateway C) Unresponsive service D) Expired IP addresses Explanation Most likely, you have an unresponsive service that is tying up resources. In Services on a Windows computer, find the unresponsive service and note the name of the service. In an elevated command prompt, enter "sc queryex servicename" and get the process ID (PID). Then, kill the process using "taskkill /f /pid" followed by the PID in question. If the PID were 1687, for example, the command would be taskkill /f /pid 1687. Expired IP addresses occur when a client computer has been offline for a period of time, is brought back on line, and uses an IP address whose lease has expired. To resolve the problem on a Windows computer, issue an “ipconfig /release” command, followed by “ipconfig /renew”. This will unbind the IP address from the client machine, and the DHCP server will issue a new IP address. Expired IP addresses would cause connectivity issues but not resource usage issues. Names not resolving occurs when you enter a URL that you know to be valid, and the Domain Name System (DNS) server is not providing the corresponding IP address for that server. IP addresses, not the URLs we enter into the browser, are used to locate machines throughout a LAN or over the Internet. DNS provides the translation from URL to IP address, known as name resolution. Names not resolving would cause connectivity issues but not resource usage issues. If you get a “Destination Host Unreachable” message, the most likely culprit is an incorrect gateway. Make sure the local machine and the default gateway are on the same subnet. If the gateway IP address is actually the IP address of the LAN side of the router, you will see a “Request timed out” message. This would result in connectivity issues but not resource usage issues. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: How To Kill A Windows Service Which Is Stuck At Stopping, https://support.4it.com.au/article/how-to-kill-a-windows-service-which-is-stuck-at-stopping/ Question #60 of 200 Question ID: 1289252 You have been hired as an IT technician. You have been given a kit that contains the tools shown in the exhibit. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 40/142 4/18/22, 4:07 PM N10-007 Exam Simulation You need to identify the tools shown. Match each tool name on the left with the appropriate exhibit name on the right. {UCMS id=5681585384849408 type=Activity} Explanation The tool names are matched as follows: Exhibit A - wire crimper Exhibit B - cable stripper Exhibit C - tone generator and probe Exhibit D - multimeter Exhibit E - cable tester Exhibit F - loopback plug Exhibit G - punchdown tool A wire crimper is used to terminate the ends of a cable and attach the connector. A cable stripper is used to remove the outer plastic from the wiring. A tone generator and probe is used to locate the ends of a cable. A multimeter is used to measure electric current, voltage, and usually resistance, typically over several ranges of value. A cable tester is used to test the wiring of a cable. A loopback plug is used to test a computer port. A punchdown tool is used to connect a cable into a punch down block or patch panel. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Network+ Hardware Tools, http://blogs.getcertifiedgetahead.com/network-hardware-tools/ Question #61 of 200 Question ID: 1289213 Your company implements a honeypot as intrusion prevention. Management is concerned that this honeypot would be considered entrapment and has asked you to ensure that entrapment does not occur. Which situation should you prevent? A) downloads on a honeypot https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 41/142 4/18/22, 4:07 PM N10-007 Exam Simulation B) open services on a honeypot C) open ports on a honeypot D) Web browsing on a honeypot Explanation You should prevent downloads on a honeypot. Allowing downloads on a honeypot is a possible example of entrapment if it is used to make formal trespassing charges. Entrapment occurs when a hacker is tricked into performing an illegal activity. Entrapment is illegal. Opening port and services and allowing Web browsing on a honeypot are not examples of entrapments. They are enticements. Enticement allows the administrator to monitor activity to increase security and perhaps trace the attack. Enticement is legal. A honeynet is a group of honeypots that work together. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Honeypot (computing), https://en.wikipedia.org/wiki/Honeypot_(computing) CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks Question #62 of 200 Question ID: 1123288 Your company's WAN connects networks in New York, Atlanta, Dallas, and Boston. Each city is directly connected to every other city. Which physical topology is used for your WAN? A) Mesh B) Ring C) Star D) Bus Explanation In a mesh topology, every device has a dedicated connection to every other device using a series of point-to-point connections. In the case of a WAN, a mesh topology connects each individual network to each other network in an intranetwork. This type of topology is very expensive because of its redundant links, but it provides a high level of fault tolerance. Therefore, it is typically seen in a WAN environment where fault tolerance is a major concern. The following table lists the advantages and disadvantages of the different network topologies: Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 42/142 4/18/22, 4:07 PM N10-007 Exam Simulation References: Novell's Networking Primer, http://www.novell.com/info/primer/prim08.html CompTIA Network+ N10-007 Cert Guide, Chapter 1: Computer Network Fundamentals, Networks Defined by Topology Question #63 of 200 Question ID: 1123299 Your company is researching different wireless antennas. Antennas that you research are high-gain antennas. Which statement describes a property of high-gain antennas? A) High-gain antennas provide a wide coverage area. B) High-gain antennas avoid multipath distortion. C) High-gain antennas provide a small vertical beamwidth. D) High-gain antennas are best suited for point-to-multipoint bridging. Explanation A high-gain antenna has a small vertical beamwidth. The beamwidth parameter of the antenna defines the angle of the radio signal radiated. The angle of radiation of the signal is defined in degrees. The antenna properties include the gain, beamwidth, and transmission angle. Antennas with higher gain have less beamwidth than antennas with lower gain. The high-gain antennas have very narrow beamwidth. For example, typical 6-dBi patch antenna has a 65-degree beamwidth, but the 21-dBi parabolic dish antenna has a 12-degree radiation pattern. Objective: Networking Concepts Sub-Objective: Given a scenario, implement the appropriate wireless technologies and configurations. References: Cisco Aironet Antennas and Accessories Reference Guide, https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennasaccessories/product_data_sheet09186a008008883b.html Deploying License-Free Wireless Wide-Area Networks, http://www.ciscopress.com/articles/article.asp?p=31731&seqNum=4 Question #64 of 200 Question ID: 1289294 The network diagram is shown in the following image: The workstations on the network cannot connect to the Internet. You can ping the router from the Internet. The workstations and server can connect to each other. Where is the problem most likely to exist? https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 43/142 4/18/22, 4:07 PM N10-007 Exam Simulation A) between the server and the workstations B) between the router and the server C) between the server and the network D) between the router and the Internet Explanation Because the workstations and the server can connect to each other, you know that all the configurations are correct within the local area network (LAN). Because you can ping the router from the Internet, you know that one side of the router is functioning properly. This leaves the connection between the router and the server as the most likely source of the problem. The problem could be either on the server side of the router or on the server itself. It will require more troubleshooting to locate the exact source of the problem. Some of the potential connectivity issues you should be able to identify for the Network+ exam include the following: Incorrect interface/interface misconfiguration - If the interface is incorrectly configured, then traffic will not pass through that interface properly. Often the easiest way to test and interface is to use the ping command or a loopback tester. If you connect a router to a multiplexer but cannot access the router's interface even though the signal level is good, it is most likely that the wrong wavelength as demuxed from the multiplexer. Interface errors - Interface errors are usually dependent upon the device and vendor. You should consult the device's operation manual to determine what the interface error means. In most cases, vendors have an online knowledge base that you can search. Simultaneous wired/wireless connections - Some organizations have both wired and wireless networks in use. Client computers, though, should connect to only one of these types of networks. If you want to use a wired connection, you should plug into that network. If a wireless network is in range, your computer may attempt to connect to the wireless network as well if you have enabled the connect automatically feature. Discovering neighboring devices/nodes - Most devices have the ability to discover neighboring devices or nodes by using the appropriate routing protocol. It may be necessary to enable multiple routing protocols based on the types of devices to which you must connect. Port configuration - Each switch port is a single collision domain. If you improperly configure the ports, then communication on the appropriate domain may not be possible. VLAN assignment - This problem occurs when configuring the VLAN assignment on a client computer or device. Each VLAN is a separate collision domain. Make sure that client computers are configured with the appropriate VLAN to ensure that they can communicate within the collision domain. If a device is attached to an incorrect VLAN, it will not respond to network communication even through the link activity light is on. End-to-end connectivity is a process whereby you troubleshoot connectivity issues from the host experiencing the connection problem all the way through the network. You should always start at the local host and proceed through the network, through routers and other devices, to the destination. Any connectivity problem could be at the host, the remote host, or anywhere in between. Following a logical process will ensure that the exact issue will be located. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #65 of 200 Question ID: 1289215 Which term is most commonly used to describe equipment that creates a demilitarized zone (DMZ)? A) firewall B) router C) passive hub D) active hub Explanation A firewall is used to create a demilitarized zone (DMZ). A DMZ is a zone located between a company's internal network and the Internet that usually contains servers that the public will be accessing. The DMZ implementation provides an extra security precaution to protect the resources on the company's internal network. Usually two firewalls are used to create a DMZ. One firewall resides between the public network and DMZ, and another firewall resides between the DMZ and private network. All publicly accessible servers should be placed on the DMZ, including servers that personnel must remotely access. A router is used to create individual subnetworks on an Ethernet network. Routers operate at the Network layer of the OSI model. While a firewall can also be a router, it is referred to as a firewall when it functions to create a DMZ. An active hub is used to connect devices in a star topology. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 44/142 4/18/22, 4:07 PM N10-007 Exam Simulation An active hub has circuitry that allows signal regeneration. A passive hub connects devices in a star topology, but it does not provide any signal regeneration. A firewall is classified as a rule-based access control device. Rules are configured on the firewall to allow or deny packet passage from one network to another. In most cases, the access control list (ACL) for a firewall will include an implicit deny rule at the end that will deny all connections that do not meet the requirements of the other configured rules. An allow rule grants users access. A block rule denies users access. An implicit deny rule should be placed after the allow and block rules. The configuration of the rules is one of the biggest concerns for a firewall, because the rules can be very complex. Misconfiguration can easily lead to security breaches. Filters are created according to the company's security policy. To provide maximum file security, firewalls should not run the Network Information System (NIS) file system. Compilers should be deleted from firewalls. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Demilitarized Zone, http://compnetworking.about.com/cs/networksecurity/g/bldef_dmz.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #66 of 200 Question ID: 1123363 You need to connect wireless devices to a wired local area network. Which device should you implement? A) Gateway B) Wireless NIC C) Access Point D) CSU/DSU Explanation An access point is either a software or hardware component that acts as a transceiver for wireless devices, connecting them to a wired local area network (LAN). It serves a similar function as a distribution center sending and receiving signals to and from computers on the network. Stations, or computers, placed too far from the access point will be unable to communicate with the network. A wireless network that employs access points is said to be operating in infrastructure mode. However, wireless networks can also be set up with just a few stations and wireless network cards. This is known as ad-hoc mode. Ad-hoc mode networks can be set up quickly; however, all of the stations must be within a 300-foot radius to communicate. A mesh network may use a combination of wireless access points while allowing some devices to connect using ad-hoc mode. Organizational wireless access points usually provide more connections and a wider range of transmission than small office/home office wireless routers. A gateway is used to connect networks that use different protocols. A Channel Service Unit/Digital Service Unit (CSU/DSU) is a device typically required by leased lines, such as T1 lines, to terminate their media connection to your LAN. A wireless network interface card (NIC) is designed specifically for wireless networks. It is the piece of hardware that enables wireless communication for a computer. Keep in mind that wireless access point (WAP) placement is very important. WAP placement varies based on the environment in which the WAP is placed. WAPs should be centrally placed to ensure that the maximum number of devices can use it. Also, you should consider the other devices in the area, such as cordless telephones, that can cause interference. Placement is particularly important if more than one WAP is implemented in the same area. It may be necessary to configure WAPs that are in close proximity to use different channels. For the Network+ exam, you also need to understand device density, roaming, and wireless controllers. Device density is the ratio of users to access points. The performance of the network could be adversely affected if too many users are connected to a single wireless access point. An overlap of coverage between access points is advisable to allow uninterrupted roaming from one wireless network coverage area to another. However, those overlapping coverage areas should not use overlapping frequencies. A wireless controller is a centralized device that can be used to manage multiple wireless access points. You need to understand VLAN pooling and Light Weight Access Point Protocol (LWAPP). VLAN pooling assigns IP addresses to wireless clients from a pool of IP subnets and their associated VLANs. The protocols used to communicate between an access point and a wireless control is either the older Lightweight Access Point Protocol (LWAPP) or the more current Control And Provisioning of Wireless Access Points (CAPWAP). A wireless bridge is a wireless access point that allows wireless devices to connect to a wired network. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 45/142 4/18/22, 4:07 PM N10-007 Exam Simulation Multi-user MIMO (MU-MIMO) is a set of advanced multiple in, multiple out (MIMO) technologies where the available antennas are spread over a multitude of independent access points and independent radio terminals. Each has one or multiple antennas. In contrast, single-user MIMO considers a single multi-antenna transmitter communicating with a single multi-antenna receiver. MIMO is used in 802.11n to allow the wireless network to reach higher speeds. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Wireless Access Point, http://compnetworking.about.com/cs/wireless/g/bldef_ap.htm CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Deploying Wireless LANs Question #67 of 200 Question ID: 1289177 Which suppression methods are recommended for a fire in a facility that involves paper, laminates, and wooden furniture? (Choose two.) A) Water B) Soda acid C) Halon D) Dry powder Explanation Water or soda acid should be used to suppress a fire that has wood products, laminates, and paper as its elements. The suppression method should be based on the type of fire in the facility. The suppression substance should interfere with the elements of the fire. For example, soda acid removed the fuel, while water reduces the temperature. Water or soda acid are used to extinguish class A fires. Electrical wiring and distribution boxes are the most probable cause of fires in data centers. Class C fire suppression agents, such as halon or carbon dioxide, are used when the fire involves electrical equipment and wires. They can also be used to suppress Class B fires that include liquids, such as petroleum products and coolants. Never use water on a Class B fire. The production of halon gas was banned in 1987. Halon causes damage to the ozone layer and is harmful to humans. Halocarbon agents or inert gas agents can be replacements for halon in gas-discharge fire extinguishing systems. Carbon dioxide, which is used to extinguish class B and class C fires, eliminates oxygen. It is harmful to humans and should be used in unattended facilities. Dry powder is a suppression method for a fire that has magnesium, sodium, or potassium as its elements. Dry powder extinguishes class D fires and is the only suppression method for combustible metals. It is important to select the appropriate fire suppression system. Some systems will remove oxygen from a room. Therefore, they are harmful to humans. For the Network+ exam, you also need to understand the importance of heating, ventilation, and air conditioning (HVAC) systems. Because computer and network equipment generates a lot of heat, you need to ensure that you implement an HVAC solution that can keep rooms and equipment properly cooled. Equipment rooms and data centers need their own HVAC system that is separate from the rest of the building. You also need to understand emergency procedures. The building layout should be documented with all safety/emergency exits noted. A fire escape plan should be written, with appropriate personnel training occurring at least annually. Entrances/exits should be configured appropriately as fail open in the event of a fire. Fail close should only be used when a physical security breach has occurred. An emergency alert system should be implemented to ensure that personnel are appropriately alerted when an emergency occurs. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: Classes of fires: A, B, C, D, K, http://www.falckproductions.com/resources/fire-safety-and-firewatch/classes-of-fire-a-b-c-d-and-k/ Question #68 of 200 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 Question ID: 1289266 46/142 4/18/22, 4:07 PM N10-007 Exam Simulation The network you administer is a Fast Ethernet network. Wall outlets are connected to patch panels by 90-meter cables. Patch panels are connected to switches by 5-meter cables. The network uses Category 5 unshielded twisted-pair (CAT 5 UTP) cable. You use a 15-meter patch cable to connect a server named Shipping to a wall outlet. You connect the Shipping computer to the network, start the computer, and properly configure it. However, clients cannot connect to the Shipping server. Clients can connect to other servers on the network. What will most likely solve the connection problem? A) replacing the CAT 5 UTP with CAT 1 UTP B) replacing the CAT 5 UTP with CAT 3 UTP C) replacing the 15-meter patch cable with a 3-meter patch cable D) replacing the 15-meter patch cable with a 10-meter patch cable Explanation On a Fast Ethernet network that uses unshielded twisted-pair (UTP) cables, such as a 100BaseTX Ethernet network, the maximum length of the cable between a computer and a switch or hub is 100 meters. In this scenario, the total length of cable between the Shipping server and the switch is 110 meters. You can solve the connection problem in this scenario by replacing the 15-meter patch cable that connects the Shipping server to the wall outlet with a patch cable that is no more than 5 meters in length. Db loss in cabling (also called attenuation) occurs because the voltage decays slowly as the current travels the length of the cable. If you replace the 15-meter patch cable with a 10-meter patch cable, then the connectivity problem will still occur because the overall cable length between the server and the switch will still exceed 100 meters. The following diagram illustrates the recommended cabling lengths for twisted-pair Ethernet. The switch and patch panel are usually located within a telecommunications closet. A basic patch panel does not normally contribute any networking services; it simply serves as a junction box between the switch and the various nodes on the network. A patch panel provides a convenient interface from which you can arrange and rearrange connections between the switch and the nodes. Distance issues are caused when cable lengths exceed the maximum distance allowed by a particular media type. Ensure that your cable runs do not exceed the maximum distance allowed. Repeaters could also be used to prevent this problem. A 100BaseTX Ethernet network requires at least CAT 5 UTP cable. CAT 1 and CAT 3 UTP cannot support signaling on a 100BaseTX network. If you replaced all of the cable on the network with lower-grade cable, then none of the computers would be able to connect to the network. Physical connectivity problems include the following: Bad connectors Bad wiring Open circuits or short circuits Split cables Transmit (TX)/Receive (RX) ends reversed Cable placement EMI/Interference Cross-talk Db loss and attenuation Distance limitations Incorrect termination (mismatched standards) Split pairs Bad SFP/GBIC (cable or transceiver) Often network cable testers can identify any of the above problems. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 47/142 4/18/22, 4:07 PM N10-007 Exam Simulation References: CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #69 of 200 Question ID: 1123469 What is a physical barrier that acts as the first line of defense against an intruder? A) a lock B) a fence C) a mantrap D) a turnstile Explanation Fencing acts as the first line of defense against casual trespassers and potential intruders, but fencing should be complemented with other physical security controls, such as guards and dogs, to maintain the security of the facility. A fence height of 6 to 7 feet is considered ideal for preventing intruders from climbing over the fence. In addition to being a barrier to trespassers, the fence can also control crowds. A fence height of 3 to 4 feet acts as a protection against casual trespassers. For critical areas, the fence should be at least 8 feet high with three strands of barbed wire. Locks are an example of physical security controls. An organization can use locks to prevent unauthorized access or to induce a delay in the process of a security breach. Locks should be used in combination with other security controls to guard the facility infrastructure and its critical resources. Locks usually do not serve as the first line of defense against intruders. Keypads and cipher locks are steadily increasing in use because the code to unlock can be changed whenever needed. In some cases, you can also customize the codes that will work so that individual users can be issued their own code. This allows you to track who enters a building or area of a building. Turnstiles and mantraps do not serve as the first line of defense against an intruder. A turnstile is a type of gate that allows movement in a single direction at a time. A mantrap refers to a set of double doors usually monitored by a security guard. Another type of physical barrier is a bollard, which restricts vehicle traffic from entering an area, but does not prevent physical intrusion by people. Objective: Network Security Sub-Objective: Summarize the purposes of physical security devices. References: Fence, http://en.wikipedia.org/wiki/Fence CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #70 of 200 Question ID: 1289139 You are explaining the function of a multi-layer switch to several junior administrators. On which data can multi-layer switches make routing decisions? (Choose all that apply.) A) IP address B) protocol C) port number D) MAC address Explanation A multi-layer switch, which operates at Layers 2, 3, and 4 of the OSI model, can make routing decisions based on the following criteria: MAC address - a Data Link layer (Layer 2) function IP address - a Network layer (Layer 3) function Protocol - a Network layer (Layer 3) function Port number - a Transport layer (Layer 4) function A multi-layer switch has 24 collision domains. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 48/142 4/18/22, 4:07 PM N10-007 Exam Simulation You can also purchase switches that offer services at only one layer of the OSI model. Layer 2 switches only route based on the MAC address. Layer 3 switches route based on the IP address or protocol. Layer 4 switches only route based on the port number. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: LAN Switching and Switch Types, http://www.tech-faq.com/lan-switching-and-switch-types.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Network Infrastructure Devices Question #71 of 200 Question ID: 1289113 An administrator would like to integrate DNS and DHCP so that each is aware of changes in the other. Which of the following would be the best method for him to do this? A) MAC reservations B) ARP table C) IPAM D) DHCP relay Explanation IP Address Management (IPAM) allows integration of DNS and DHCP so that each is aware of the changes in the other. IPAM allows for the discovery of servers associated with an IP address infrastructure responsibilities on the network and the ability to manage those servers from a central point. Some things that IPAM can allow a network administrator to manage include: IP address availability - how many unassigned IP addresses exists Subnet identification, subnet size, and which subnet is associated with which segment Static/dynamic status for each subnet address Default routers that the various network devices use. IP address host name IP address and associated hardware ARP tables show the relationship of IP address to MAC address. But they cannot be used for DNS and DHCP integration. MAC reservations allow you to permanently assign an IP address to the MAC address of a specific device. Web servers, mail servers, copiers, printers, wireless access points, and projectors are all examples of devices that can benefit from having a permanently-assigned IP address. For each such device, a reservation (exclusion) would be made so that the IP address is removed from (reserved) the pool of available IP addresses. A DHCP relay agent is installed on routers to ensure that DHCP packets can be forwarded to different subnets. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: What is a DDI solution and why do you need one?, https://www.nokia.com/en_int/blog/what-ddi-solution-and-why-do-you-need-one Question #72 of 200 Question ID: 1289063 A network technician contacts you regarding what he believes is suspicious behavior on the network. He has noticed communication over TCP port 123 between his computer and a server on the Internet. Which protocol is causing this communication? A) SSH https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 49/142 4/18/22, 4:07 PM N10-007 Exam Simulation B) NTP C) FTP D) SMTP Explanation Network Time Protocol (NTP) communicates over TCP port 123. It is responsible for synchronizing the clock settings on a computer. Proper clock synchronization is vital for many directory service applications. Communication over TCP port 123 is not a reason to be alarmed. NTP works at the Application layers of the OSI model. File Transfer Protocol (FTP) communicates over TCP ports 20 and 21 to transfer files. Secure Shell (SSH) communicates over TCP port 22 to allow secure data transfer. Simple Mail Transfer Protocol (SMTP) communicates over TCP port 25 to transfer e-mail messages. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications Computer Network Glossary - Port Number: Ports 100-149, http://compnetworking.about.com/od/tcpip/l/blports_gl100.htm Network Time Protocol, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci283988,00.html Question #73 of 200 Question ID: 1289247 Your company has recently replaced all the shielded twisted pair (STP) and unshielded twisted pair (UTP) cable with fiber optic cable. You need to purchase a device to determine the length of the cables used on your network. Which tool do you need? A) butt set B) toner probe C) TDR D) OTDR Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 50/142 4/18/22, 4:07 PM N10-007 Exam Simulation An optical time domain reflectometer (OTDR) can be used to determine the length of the cables used on a fiber optic network. A time domain reflectometer (TDR) determines the length of shielded twisted-pair (STP), unshielded twisted-pair (UTP), or coaxial cables. A butt set is used to test telephone lines. A toner probe is used to identify a single cable on the network. It is the best tool to use to locate a bad CAT5 cable. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: TDR vs. OTDR, http://www.zostrich.com/Monitoring_PDF/tdrvsotdr.pdf CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #74 of 200 Question ID: 1123233 You have several switches and routers on your company's network. The switches are not experiencing any problems. However, one of the routers is not correctly routing packets based on IP addresses. At which layer of the OSI model does the problem device operate? A) Data Link B) Session C) Transport D) Network E) Physical Explanation Routers operate at the Network layer (Layer 3) of the OSI networking model. They use source and destination addresses, which are located at the Network layer, to route packets. On the other hand, switches use MAC addresses, which are located at the Data Link layer (Layer 2), to forward frames. An example of an issue that occurs at the Network layer is when computers are connected to the same switch but receive error messages and cannot communicate. The Session layer (Layer 5) starts, maintains, and stops sessions between applications on different network devices. The Physical layer (Layer 1) provides the functions to establish and maintain the physical link between network devices. The Transport layer (Layer 4) of the OSI model segments and reassembles data into a data stream and provides reliable and unreliable end-to-end data transmission. Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: Network router, http://www.tech-faq.com/network-router.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models, Layer 3: The Network Layer Question #75 of 200 Question ID: 1289288 You are moving several wireless access points to an outdoor location for a special event. What should be the primary concern to ensure a positive experience for attendees? A) Signal-to-noise ratio B) Power levels C) Incorrect antenna placement D) Overcapacity https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 51/142 4/18/22, 4:07 PM N10-007 Exam Simulation Explanation The primary concern should be the power levels. You may need to boost the power levels. By nature, wireless access points have greater coverage areas outdoors. Boosting the power level will provide a better experience for the event attendees. Power levels can affect wireless network performance. Overcapacity is an issue in wireless performance but usually is not the primary concern. The proliferation of wireless devices will put an enormous drain on a wireless network originally designed for a few devices. In today’s environment, the network may need to provide service to tablet computers, smartphones, personal performance monitors, and smart watches in addition to the few laptops the network was originally designed to support. Always determine the number of expected devices to ensure that you provide adequate connections. The signal-to-noise ratio (SNR) is the relationship between the strength of the wireless signal compared to the amount of background interference (noise). SNR is measured in decibels (dB). Devices such as microwaves, cordless phones, wireless cameras, and fluorescent lights are all contributors. When using a Wi-Fi analyzer, any SNR below 25dB is considered poor, while a reading above 41db is considered excellent. In outside spaces, SNR is not usually an issue. Incorrect antenna placement can cause issues with Wi-Fi performance. Placing a wireless access point near metal ductwork, larger metallic lamps, on top of a ceiling panel, or next to a thick wall can cause performance issues. Also, check the manufacturer’s placement recommendation – some wireless access points are designed for wall mounting, while others are designed for ceiling mounts. Antenna placement is not an issue in outdoor spaces as it is indoors. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: How to Fix Wi-Fi Range Issues in Windows 10, https://windowsreport.com/wi-fi-range-windows-10/ Question #76 of 200 Question ID: 1289140 You have decided to implement a firewall between your company's network and the Internet. What does a firewall software solution typically provide? (Choose three.) A) L2 cache B) IP proxy services C) HTTP proxy services D) packet filtering E) L1 cache Explanation Of the listed services, a firewall software solution typically provides packet filtering, Hypertext Transfer Protocol (HTTP) proxy services, and Internet Protocol (IP) proxy services. These three services can also be obtained as separate products. With packet filtering, data packets can either be allowed or denied entry into a network based on certain specified factors, such as the TCP port number or the IP address of the sending host. HTTP proxy services typically include Web page caching, which enables Web pages to be stored on an HTTP proxy server and retrieved from the proxy server rather than from the Internet; thus, HTTP proxy services can improve Web browsing performance. IP proxy services typically include the ability to present a single IP address to the Internet on behalf of all hosts on a private network. IP proxy services enable private IP addresses to be used on the private network, and IP proxy services protect the internal network-addressing scheme from malicious users on the Internet. Firewall software solutions do not involve Level 1 (L1) or Level 2 (L2) cache. L1 cache is cache memory that resides on a central processing unit (CPU). L2 cache is cache memory that resides on a system board near the CPU. Cache memory is a small amount of memory that is very fast and interfaces with the slower RAM on a system board to help increase the rate at which data flows between RAM and the CPU. For the Network+ exam, you must understand the following firewall types: Host-based - This firewall is installed on a specific host and only protects the host on which it is installed. This is the best solution if you need to protect laptops or desktop computers from external threats. Network-based - This firewall is installed on the network and protects all devices that are on the network that it controls. Application aware/context aware - This firewall is designed to manage application and Web 2.0 traffic. This type allows fine-tuning the rules rather than just configuring allow or deny rules. Small office/home office firewall - This firewall is easier to configure than most enterprise firewalls and often only involves a software component that you install on a network host. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 52/142 4/18/22, 4:07 PM N10-007 Exam Simulation Unified Threat Management (UTM) - This device bundles multiple security functions into a single physical or logical device. Features included could be IPS, IDS, anti-virus, anti-malware, anti-spam, NAT, and other functions. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Introduction to Firewalls, http://netsecurity.about.com/od/hackertools/a/aa072004.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #77 of 200 Question ID: 1289244 You have decided to implement a network protocol analyzer on your company's network. Which job is NOT performed by this tool? A) identify source and destination of communication B) detect active viruses or malware on the network C) provide network activity statistics D) identify the types of traffic on the network Explanation A network protocol analyzer does not detect active viruses or malware on the network. Most network protocol analyzers provide the following functions: Provide network activity statistics. Identify source and destination of communication. Identify the types of traffic on the network. Detect unusual level of traffic. Detect specific pattern characteristics. A network protocol analyzer can determine if passwords are being transmitted over the network in clear text. It can also be used to read the contents of any File Transfer Protocol (FTP) packet, including an FTP GET request. WireShark is a commercial network protocol analyzer. For the Network+ exam, you also need to understand the following troubleshooting tools: Speed test sites - These sites are used to determine the speed of your Internet connection. They are a great method to help you see if you are getting the speed promised by your Internet service provider (ISP). For a list of possible sites to use, please see http://pcsupport.about.com/od/toolsofthetrade/tp/internet-speed-test.htm, Looking glass sites - These sites view routing information from a server's perspective using Border Gateway Protocol (BGP) routes. For a list of possible looking glass servers, please see http://www.bgp4.as/looking-glasses. Wi-Fi analyzer - These tools are used to analyze the signal strength of your wireless access points. For a list of possible FREE Wi-Fi analyzers for laptops or mobile devices, please see http://open-tube.com/free-wifi-analyzers-for-laptops-mobile-devices/ Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Network analyzer, http://searchnetworking.techtarget.com/sDefinition/0,sid7_gci1196637,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #78 of 200 Question ID: 1289066 You administer a 100BaseTX Ethernet network that is configured to use the TCP/IP network communications protocol. You have installed a firewall between the network and the Internet. Currently ports 80, 20, and 21 are open on the firewall. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 53/142 4/18/22, 4:07 PM N10-007 Exam Simulation You want to allow only SMTP and POP3 communications between the network and the Internet. Which configurations should you make on the firewall? A) Close port 80 only. B) Close ports 20, 21, and 80, and open ports 25 and 110. C) Close ports 21 and 80, and open port 110. D) Close ports 20 and 21, and open port 25. Explanation Currently, ports 80, 20, and 21 are open in the firewall. Port 80 is the port that is used to transfer Hypertext Transfer Protocol (HTTP) messages. HTTP is the protocol that is used to transport Web pages on the Internet. Ports 20 and 21 are used by File Transfer Protocol (FTP), a protocol that can transfer data files on the Internet. An FTP server listens for requests on port 21 and establishes connections with FTP clients on port 20. In this scenario, you should close ports 20, 21, and 80 to prevent HTTP and FTP traffic. Simple Mail Transfer Protocol (SMTP) is used to transfer e-mail messages between e-mail servers on the Internet. SMTP uses port 25. Post Office Protocol 3 (POP3) is used by e-mail clients to retrieve messages from e-mail servers. POP3 uses port 110. In this scenario, you should open ports 25 and 110. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications Computer Network Glossary - Port Number: Ports 50-99, http://compnetworking.about.com/od/tcpip/l/blports_gl50.htm Computer Network Glossary - Port Number: Ports 10-49, http://compnetworking.about.com/od/tcpip/l/blports_gl10.htm Computer Network Glossary - Port Number: Ports 100-149, http://compnetworking.about.com/od/tcpip/l/blports_gl100.htm Question #79 of 200 Question ID: 1123284 Which of these would a hospital group use to connect its various neighborhood offices to the main facility when all are located within the same city or region? https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 54/142 4/18/22, 4:07 PM N10-007 Exam Simulation A) LAN B) WAN C) MAN D) WLAN Explanation A metropolitan area network (MAN) would be used by the hospital to connect its various neighborhood offices to the main facility when all are located within the same city or region. MANs connect several LANS together in an area roughly the size of a city. A local area network (LAN) covers a small geographic area. Typically, a LAN is confined to a campus, a single building, a floor of a building, or an area with in a building. A wireless local area network (WLAN) is limited in size by the area(s) served by the access point(s). A wide area network (WAN) uses routers (or a collection of routers) to connect LANs that are dispersed over a large geographic area. An example would be a company with office locations in Boston, Miami, Chicago, Dallas, Denver, and San Francisco. Each office has its own LAN, and routers are used to provide connections between the offices. By building the WAN, the offices can share resources and data. Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. References: Difference Between LAN, WAN and MAN, http://blog.systoolsgroup.com/types-of-networks/ Question #80 of 200 Question ID: 1289201 Which malicious software relies on other applications to execute and infect the system? A) a logic bomb B) a Trojan horse C) a virus D) a worm Explanation A virus is malicious software (malware) that relies upon other application programs to execute and infect a system. The main criterion for classifying a piece of executable code as a virus is whether it spreads itself by means of hosts. The host could be any application or file on the system. A virus infects a system by replicating itself through application hosts. Viruses usually include a replication mechanism and an activation mechanism designed with a particular objective in mind. Some of the different types of viruses are: Stealth virus: It hides the changes it makes as it replicates. Stealth viruses often intercept disk access requests. Self-garbling virus: It formats its own code to prevent antivirus software from detecting it. Polymorphic virus: It can produce multiple operational copies of itself. Multipart virus: It can infect system files and boot sectors of a computer system. Macro virus: It generally infects the system by attaching itself to MS-Office applications. Boot sector virus: It infects the master boot record of the system and is spread via infected floppy disks Compression virus: It decompresses itself on execution but otherwise resides normally in a system. Viruses usually spread via infected disks (such as floppy disks, CDs, and removable disks), through e-mail, or via infected programs. Executable files should be filtered from email to prevent virus propagation. If you receive an e-mail regarding the transmission of a virus, you should contact your system administrator to see if the e-mail is valid and find out any steps you should take. The systems administrator should investigate the validity of the e-mail. Virus hoaxes can create as much damage as real viruses because the hoaxes result in forwarded e-mails that clog systems, and can result in confidential information being disclosed. The standard security best practices for mitigating risks from malicious programs, such as viruses, worms and Trojans, include implementing antivirus software, using hostbased intrusion detection system, and setting limits on application sharing and execution. A worm does not require the support of application programs to be executed and is a self-contained program capable of executing and replicating on its own. Typically, a worm is spread by e-mails, transmission control protocols (TCP's), and disk drives. Worms replicate on their own. A worm can distribute itself without having to attach to a host file. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 55/142 4/18/22, 4:07 PM N10-007 Exam Simulation A logic bomb implies a dormant program that is triggered following a specific action by the user or after a certain interval of time. The primary difference between logic bombs, viruses, and worms is that a logic bomb is triggered when specific conditions are met. An example of a logic bomb is a program that starts deleting files when a certain user ID is deleted. A Trojan horse is malware that is disguised as a useful utility, but has malicious code embedded. When the disguised utility is run, the Trojan horse performs malicious activities in the background and provides a useful utility at the front end. Trojan horses use covert channels to perform malicious activities, such as deleting system files and planting a back door into a system. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: Virus, http://compnetworking.about.com/cs/worldwideweb/g/bldef_virus.htm Question #81 of 200 Question ID: 1289101 Which wireless communications mode enables wireless devices to communicate directly with each other? A) ad hoc B) tunnel C) infrastructure D) transport Explanation Ad hoc is a wireless communications mode that enables wireless devices to communicate directly with each other. The wireless networking technology is sometimes referred to as Wi-Fi. In infrastructure mode, wireless devices must communicate through wireless access points. Transport and tunnel modes are provided by Internet Protocol Security (IPSec) to securely transmit Internet Protocol (IP) packets. Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. References: Ad-hoc mode, http://compnetworking.about.com/cs/wirelessfaqs/f/adhocwireless.htm Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=4 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #82 of 200 Question ID: 1289245 Your manager suspects that your network is under attack. You have been asked to provide information regarding traffic flow and statistical information for your network. Which tool should you use? A) port scanner B) protocol analyzer C) vulnerability test D) penetration test Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 56/142 4/18/22, 4:07 PM N10-007 Exam Simulation A protocol analyzer provides information regarding traffic flow and statistical information for your network. A protocol analyzer is also referred to as a network analyzer or packet sniffer. None of the other tools can provide this information. A port scanner provides a list of open ports and services on your network. A penetration test determines whether network security is properly configured to rebuff hacker attacks. A vulnerability test checks your network for known vulnerabilities and provides methods for protection against the vulnerabilities. For the Network+ exam, you also need to understand the following troubleshooting tools: Speed test sites - These sites are used to determine the speed of your Internet connection. They are a great method to help you see if you are getting the speed promised by your Internet service provider (ISP). For a list of possible sites to use, please see http://pcsupport.about.com/od/toolsofthetrade/tp/internet-speed-test.htm, Looking glass sites - These sites view routing information from a server's perspective using Border Gateway Protocol (BGP) routes. For a list of possible looking glass servers, please see http://www.bgp4.as/looking-glasses. Wi-Fi analyzer - These tools are used to analyze the signal strength of your wireless access points. For a list of possible FREE Wi-Fi analyzers for laptops or mobile devices, please see http://open-tube.com/free-wifi-analyzers-for-laptops-mobile-devices/ Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Network Analysis and Optimization Techniques: Physical health analysis, http://technet.microsoft.com/en-us/library/bb726961.aspx#EKAA CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #83 of 200 Question ID: 1289084 While designing an IPv6 addressing scheme for your network, you decide to use EUI for the host portion of each node’s address. You need to derive a 64-bit EUI address for the hosts on your network as part of the overall IPv6 address for each node. What should you do? A) Use the host’s MAC address preceded by 16 zero bits at the beginning. B) Use the host’s MAC address with FFFE inserted in the middle, and invert the seventh most significant bit in the MAC address. C) Use the host’s MAC address with all 1s (FFFF) inserted in the middle. D) Use the host’s MAC address, and repeat the first two bytes of that address at the end. E) Use the host’s MAC address with FFFE inserted in the middle. Explanation To derive a 64-bit Extended Unique Identifier (EUI) address, also referred to as EUI64, you need to use the host's MAC address with FFFE inserted in the middle and the seventh most significant bit inverted in the MAC address. EUI-64 is defined in RFC2373. It allows a host to assign itself a unique 64-bit IPv6 interface identifier. This uniquely identifies individual IPv6 hosts on a network and eliminates the need for manual address configuration or use of DHCP. The EUI-64 method is comprised of the final half an IPv6 network address. The full address is 128 bits, split into a 64-bit network address, and a 64-bit host address. Because a MAC address is 48 bits long, it must first be transformed into a 64-bit string for IPv6 use. The proper formula for creating an EUI-64 host address involves splitting the MAC address in half, inserting the hexadecimal value FFFE in the middle, and inverting the 7th most significant bit of the MAC address. The rationale for this bit inversion is fully explained in section 2.5.1 of RFC 2373. If you began with a network address of 2012:ABCD::/64 and a MAC address 1111:2222:3333, you would split the MAC address into 1111:22 and 22:3333 and put FFFE in the middle, which makes the initial value 1111:22FF:FE22:3333. Next, you must invert the seventh most significant bit in the MAC address. The seventh bit occurs in the left-most two numbers of the MAC address 0x11. In binary, this translates to 00010001 (the seventh bit is bolded for easy visual identification). Inverting that bit produces the value 00010011, which equals 0x13. Thus, the combined string 1111:22FF:FE22:3333 would be changed to 1311:22FF:FE22:3333 to produce the EUI-64 host ID. Finally, you would precede that value with the network ID, producing 2012:ABCD::1311:22FF:FE22:3333. This is the complete network address for this example node. EUI-64 is also known as IPv6 autoconfiguration. Given a known network address and a MAC address, it permits a node to generate its own unique IPv6 address without using DHCPv6. Like its IPv4 counterpart DHCP, DHCPv6 provides network nodes that request IP addresses with such addresses, identifies, groups. It also manages IPv6 addresses within specific ranges under its control, including granting, renewing, and revoking address leases and managing IPv6 configuration data for DNS/DNSv6 and other network https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 57/142 4/18/22, 4:07 PM N10-007 Exam Simulation services. When you are using EUI-64 for automatic address generation, all subnets must be /64 (the least significant half of the total IPv6 address). EUI-64 works equally well to create the host portion for link local (reachable within a local segment) or global unicast (reached on the Internet) IPv6 network addresses. Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: RFC 2373, http://tools.ietf.org/html/rfc2373#section-2.5.1 Cisco Learning Network Modified EUI-64, https://learningnetwork.cisco.com/thread/61508 Question #84 of 200 Question ID: 1289122 The cable used on your network is shown in the exhibit. Which transmission medium is shown in the exhibit? A) STP B) UTP C) Coaxial D) Fiber-optic Explanation Coaxial cable has two conductors. These two conductors share the same axis, providing the derivation of the name "coaxial." The inner conductor is covered by foam insulation. This insulation is covered by a braided metal shielding that protects the signal from crosstalk. A second conductor covers the shielding, which is covered by a non-conducting plastic encasement, providing protection for the cable. Coaxial cable comes in two varieties: ThinNet and ThickNet. ThinNet cable is .64 centimeters (.25 inches) thick and carries signals up to 185 meters (607 feet). ThickNet is 1.27 centimeters (.5 inches) thick and carries signals up to 500 meters (1,640 feet). Shielded twisted pair (STP) cable is shown in the following exhibit: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 58/142 4/18/22, 4:07 PM N10-007 Exam Simulation Note the layer of shielding in the exhibit. This is the key to distinguishing between UTP and STP cable. Due to the shielding, STP can support higher transmission rates over longer distances than UTP. STP is typically used in a Token Ring network. The following is a table of network media comparisons: Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #85 of 200 Question ID: 1289120 You are deploying fiber optic links and connections on a local area network. You need to ensure proper and efficient data communications. Which of the following transceiver or fiber optics characteristics are essential? (Choose all that apply.) A) duplex cables B) full duplex C) simplex cables D) multimode E) single-mode F) half duplex Explanation The following transceiver or fiber optics characteristics are essential: Multimode - Multimode cable makes use of thicker, graded light-conducting fibers that are cheaper to make and terminate, and that use cheaper and less precise light emitting and receiving elements in their transceivers. They are more limited in the distances such cables can span (but can still cover hundreds of meters) and are wellsuited for LAN applications. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 59/142 4/18/22, 4:07 PM N10-007 Exam Simulation Full duplex - Full-duplex communications means that both parties may transmit and receive simultaneously over a communications link. Because LAN applications require simultaneous, two-way communications, full duplex is needed. Duplex cables - Duplex cables incorporate two fibers, so that one may be used to send data for receipt by another party, while that other party may use the other fiber to send data for receipt by the first party. Thus, this supports simultaneous, two-way communications and is well-suited for LAN applications. In general, data communications for networking requires rapid, simultaneous two-way communications between a pair of nodes. Among other things, this means that fiber optic transceivers must be bidirectional (that is, able to both send and receive signals, though not necessarily on the same fiber optic cable strand). The best way to think about choosing necessary characteristics is to consider how various options do or do not support such capabilities. The only outlier for this rubric is the distinction between single-mode and multimode fiber optic cable. This is a case where single-mode is uniquely suited for long-haul (10 km or more) cable runs, and because of cost and complexity factors, is unlikely to be used for LAN applications. Half-duplex mode permits communication in only one direction at a time. For this reason, full-duplex mode, which permits simultaneous communication for both send and receive in a fiber optic transceiver, is always the right choice for network applications. Because simplex cables can only support half-duplex communications at best (if not one-way per cable only), duplex cables are also the right choice for network communications. Single-mode cable makes use of very thin, very pure light-conducting fibers that are more expensive to make and much more expensive to terminate than multimode cables. For that added expense and complexity, they provide the ability to run cables for 10 – 100 km per segment without difficulty. This makes them unlikely to be used for LAN applications, where cost is a major factor. Half-duplex communications means that while one party is transmitting, the other party to a connection can only receive until that transmission ends. Then the line may be idle, or either party can commence further transmission (but only one at a time). LAN applications require simultaneous, two-way communications Simplex cables are best used for one-way transmission of data from a sender to a receiver. Because this precludes simultaneous transmission and reception by two parties, simplex cables do not work well for LAN applications. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: An Introduction to Simplex and Duplex Fiber Optic Cable, https://medium.com/@bilby_yang/an-introduction-to-simplex-and-duplex-fiber-optic-cable-5b4a0ebca940 Introduction about Fiber Optic Transceivers, http://www.sopto.com/st/module-knowledge/introduction-about-fiber-optic-transceivers Question #86 of 200 Question ID: 1123372 Which system or device detects network intrusion attempts and controls access to the network for the intruders? A) IPS B) IDS C) VPN D) firewall Explanation An intrusion prevention system (IPS) detects network intrusion attempts and controls access to the network for the intruders. An IPS is an improvement over an intrusion detection system (IDS) because an IPS actually prevents intrusion. A firewall is a device that is configured to allow or prevent certain communication based on preconfigured filters. A firewall can protect a computer or network from unwanted intrusion using these filters. However, any communication not specifically defined in the filters is either allowed or denied. Firewalls are not used to detect and prevent network intrusion. Firewalls are used to keep a private network secure from intruders trying to access it from the public network. Firewalls control the flow of traffic into a network by filtering packets based on their type or their destination addresses. Only legitimate packets pass through the firewall. For example, a firewall can be configured to deny access based on TCP port number or the IP address of the sender. A firewall can be hardware-based, software-based, or a combination of both. Scanning services are used to verify updates on a firewall. A firewall provides packet filtering. A firewall can admit packets to a network or deny a packet admission to a network based on several criteria, including the domain name and the IP address of the host that sent the data packets to the network. The packet-filtering functionality of a firewall and the HTTP proxy server functionality of an HTTP proxy server, as well as other functionality, is often bundled into a single product that is referred to as either a firewall or a proxy server. In its simplest form, however, a firewall only provides packet-filtering services. Packet filtering is also referred to as content filtering. A packet or content filter can be configured based on IP address, MAC address, port number, protocol used, and other factors. An IDS only detects the intrusion and logs the intrusion or notifies the appropriate personnel. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 60/142 4/18/22, 4:07 PM N10-007 Exam Simulation A virtual private network (VPN) is a private network that users can connect to over a public network. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: What are the Different Types of Intrusion Prevention?, http://www.wisegeek.com/what-are-the-different-types-of-intrusion-prevention.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Intrusion Detection and Prevention Question #87 of 200 Question ID: 1123262 Host A wants to communicate with Host B as shown in the following network exhibit: Which three statements are true? (Choose three. Each answer is part of the solution.) A) Host A will send a frame with the destination MAC address of the router. B) Host A will send an ARP request for the router's MAC address. C) The switch will forward the frame to the router. D) The switch will forward the frame to Host B. E) Host A will send an ARP request for Host B's MAC address. F) Host A will send a frame with the destination MAC address of Host B. Explanation Host A will send out an ARP request for the MAC address of Host B. Host A will then send a data frame to the switch with a destination MAC address of Host B. Finally, the switch will forward the frame to Host B. Host A and Host B are connected to the same subnet, 192.168.1.32 /27, and are thus within the same VLAN. For this reason, traffic between the two hosts does not need to be sent to their default gateway to be routed. Hosts are able to ARP and build unicast frames for hosts on the same subnet. The switch will receive the frame and forward it to the appropriate host based on a MAC address table lookup. The router is not involved in this scenario. Host A will not send an ARP request for the router's MAC address because routing is not required between hosts on the same subnet. Host A will not send a frame with the destination MAC address of the router because routing is not required between hosts on the same subnet. The switch will not forward the frame to the router because routing is not required between hosts on the same subnet. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 61/142 4/18/22, 4:07 PM N10-007 Exam Simulation Routing Basics, http://docwiki.cisco.com/wiki/Routing_Basics Question #88 of 200 Question ID: 1289098 You have been hired as a contractor to implement a small office home office (SOHO) network for a small business. While gathering the requirements and constraints regarding the network, you decide to implement two subnets on the network. What are valid reasons for implementing subnets on an IP network? (Choose two.) A) to reduce congestion by increasing network media bandwidth B) to reduce congestion by decreasing network traffic C) to configure a greater number of hosts D) to increase network security E) to use more than one server on each segment of an IP LAN Explanation The subnet mask enables TCP/IP to find the destination host's location on either the local network or a remote location. Subnets are used for the following reasons: to expand the network to reduce congestion to reduce CPU use to isolate network problems to improve security to allow combinations of media, because each subnet can support a different medium Keep in mind that the first step in designing any network, including a SOHO network, is to gather the requirements and constraints of the network. These requirements and constraints will then guide you in how to design the network and in what hardware and software must be purchased. Make sure to fully document all requirements, as these are vital to proper design. In addition, you should document the size of the area to be networked, including possible cable lengths. This will ensure that you will select the appropriate network medium. The documentation will affect the device requirements and may limit the device types that you can implement. Compatibility requirements with existing hardware, software, and business needs should be documented to ensure interoperability. Equipment limitations should also be noted as these may affect purchase decisions. Finally, you should document any environment limitations. This includes heating/air-conditioning, humidity, and power considerations. Computer and network hardware can generate a lot of heat, resulting in problems for current HVAC systems. Also, this hardware may require more power than the electricity system is capable of providing. SOHO networks do not generally use any specialized hardware that is not implemented in LANs or WANs. It is important that you understand all hardware limitations, including maximum cable lengths and other limiting factors. When implementing SOHO networks, you need to have a clear understanding of the following concepts: List of requirements - This list will guide you to select the appropriate network media, devices, and services. The best way to ensure that this list is comprehensive is to interview different personnel for their opinions. Also, you need to assess the facility that will contain the network. The facility itself may cause certain requirements or restrictions to be in place. Device types/requirements - Once you document the network requirements, these requirements will help you to determine which devices you need on your network. If you need to divide your network into areas of traffic isolation, you may want to implement a switch. Otherwise, you may simply need a router. Keep in mind that you should document availability and speed needs so that you can ensure that the network you implement can support them. Environment limitations - Record any environment limitations. Is the location dusty? Is it dry or humid? What about the HVAC considerations? Also, you should check for electrical outlets and any electromagnetic or radio interference that exists. When determining where to install a server, you should first consider environmental limitations because servers will have definite cooling needs. Equipment limitations - Does any of the current or planned equipment have connection limitations, performance limitations, or any other limiting factor? For example, routers only support a certain number of connections. It may be better to purchase a router with more connections just to ensure that the network is capable of growth, even if this means increasing the budget. Compatibility requirements - You must ensure that any devices, equipment, or media are compatible with the network and its hosts. You should analyze all of the computers and devices currently in use, no matter how insignificant they are. Wired/wireless considerations - You need to determine if you want to use a wired network, a wireless network, or both. Perform a site survey to determine if there are other wireless networks in the area, which will affect your choice of wireless frequency and channel. You should also document any objects that will cause electromagnetic and radio frequency interference. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 62/142 4/18/22, 4:07 PM N10-007 Exam Simulation Security considerations - Document any security issues that you expect. Of course, this includes virus and malware issues, but it goes so much further than that. Will you allow guest access to the network? Will you allow personnel to use personal mobile devices or flash drives? Can closets that will contain network devices be locked? Is there a secure room to contain the servers? Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: Cisco Support: IP Addressing and Subnetting for New Users, http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml Question #89 of 200 Question ID: 1123438 You need to configure IPSec to digitally sign and encapsulate each packet within another packet. Which of the following should you implement? A) ESP protocol in transport mode B) AH protocol in transport mode C) AH protocol in tunnel mode D) ESP protocol in tunnel mode Explanation Internet Protocol Security (IPSec) can be used in tunnel mode with the Authentication Header (AH) protocol to digitally sign and encapsulate each packet sent from the network within another packet. A tunnel is a network communications construct that transports encapsulated packets. AH does not really protect the packet information. Therefore, a simple packet sniffer can still read the packet contents. IPSec can be used in transport mode with AH to digitally sign and encrypt packets sent between two hosts. AH provides an authentication security mechanism. Transport mode does not encapsulate packets within other packets. Encapsulating Security Payload (ESP) can be used with IPSec to encrypt IPSec packets. ESP is not used to digitally sign packet headers. ESP works in tunnel mode and transport mode. ESP protects the packet information using encryption. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks Question #90 of 200 Question ID: 1289171 You administer a LAN. You want to encrypt TCP/IP communications on the LAN. The protocol that you use for encryption should be able to encrypt entire data packets, and the protocol should be able to operate in both tunnel mode and transport mode. Which protocol should you use to encrypt data on the network? A) Kerberos B) IPSec C) L2TP D) IPX Explanation You should use Internet Protocol Security (IPSec) to encrypt the data packets on the network that you administer. IPSec can encrypt data packets transported on a TCP/IP network by using either tunnel mode or transport mode. In transport mode, IPSec encrypts only the part of an IP data packet used by the Transport layer. In tunnel mode, IPSec encrypts entire IP packets. IPSec uses several technologies to encrypt data, including the following: Diffie-Hellman key exchange, Data Encryption Standard (DES), bulk encryption, and digital certificates. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 63/142 4/18/22, 4:07 PM N10-007 Exam Simulation Internetwork Packet Exchange (IPX) is a routing and addressing protocol that is native to Novell NetWare operating systems before NetWare 5. Layer 2 Tunneling Protocol (L2TP) is a virtual private network (VPN) protocol that is used to establish a secure tunnel between two LANs through a published network such as the Internet. The L2TP VPN protocol can carry several network communications protocols on a tunnel, including TCP/IP and IPX/SPX. The L2TP protocol can create a tunnel through several different kinds of networks, including TCP/IP, Frame Relay, and X.25.Kerberos is an authentication protocol that is used to determine whether users should be allowed to gain access to a network or network resources. Windows 2000 operating systems and above support Kerberos and the NT LAN Manager (NTLM) authentication protocols; NTLM is also known as Windows NT Challenge/Response. On a Windows 2000 or above network, Kerberos is used for authentication between Windows computers. The NTLM authentication protocol is used for authentication between a down-level computer, such as a Windows 9x or Windows NT computer, and more current versions of the Windows operating system. Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks Question #91 of 200 Question ID: 1123602 A user named Luther reports that he cannot log on to the network from his workstation. You attempt to use your administrator credentials to log on to the network from Luther's computer, but you cannot. Both you and Luther can log on to the network from your workstation. Your workstation and Luther's workstation are connected to the same hub. What is most likely causing the connectivity problem on Luther's workstation? A) Luther is typing an incorrect password when he attempts to log on to the network from his workstation. B) Luther is typing an incorrect user name when he attempts to log on to the network from his workstation. C) The hub that connects Luther's workstation to the network is defective. D) The NIC in Luther's workstation is defective. Explanation In this scenario, neither you nor Luther can log on to the network from his computer. However, both of you can log on to the network from your computer. Thus, you can assume that the network interface card (NIC) in Luther's computer is defective. If Luther were unable to log on to the network from his computer, but you were able to log on to the network from his computer, then you could assume that Luther was supplying either an incorrect user name or password or both. One of the most common logon problems can be attributed to the caps lock feature. When the caps lock feature is enabled, then all alphabetical characters typed without the shift key being pressed appear in upper case. Most network operating systems require case-sensitive passwords. Therefore, the password system and the password SYSTEM are considered different passwords by the operating system. Both your computer and Luther's computer are connected to the same hub. If the hub were defective, then neither you nor Luther would be able to log on to the network from either computer. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #92 of 200 Question ID: 1123561 Your network is experiencing a problem that a technician suspects is concerning a Cisco router. The technician provides you the following command results: 1 14.0.0.2 4 msec 4 msec 4 msec 2 63.0.0.3 20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 64/142 4/18/22, 4:07 PM N10-007 Exam Simulation Which Cisco command produced the results you were given? A) ping B) extended ping C) traceroute D) tracert Explanation The output displayed is a part of the output from executing the traceroute command on a Cisco router. The traceroute command finds the path a packet takes while being transmitted to a remote destination. It is also used to track down routing loops or errors in a network. Each of the following numbered sections represents a router being traversed and the time the packet took to go through the router: 1 14.0.0.2 4 msec 4 msec 4 msec 2 63.0.0.3 20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec The output would not be displayed by the ping command. This command is used to test connectivity to a remote IP address. The output from the ping command is as follows: router1# ping 10.201.1.11Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.201.1.11, timeout is 2 seconds:.....Success rate is 0 percent (0/5)The ping in this output was unsuccessful, as indicated by the message Success rate is 0 percent. The output would not be displayed by the tracert command. The tracert command is used by Windows operating systems, not the Cisco command-line interface. However, the purpose of the tracert command is similar to the Cisco traceroute utility, which is to test the connectivity or "reachability" of a network device or host. The tracert command uses Internet Control Message Protocol (ICMP). The output would not be displayed by the extended version of the ping command. This command can be issued on the router to test connectivity between two remote routers. A remote execution means that you are not executing the command from either of the two routers you are interested in testing, but from a third router. To execute an extended ping, enter the ping command from the privileged EXEC command line without specifying the target IP address. The command takes the router into configuration mode, where you can define various parameters, including the destination and target IP addresses, for example: Protocol [ip]:Target IP address: 10.10.10.1Repeat count [5]:Datagram size [100]:Timeout in seconds [2]:Extended commands [n]: ySource address or interface: 12.1.10.2 Type of service [0]:Set DF bit in IP header? [no]:Validate reply data? [no]:Data pattern [0xABCD]:Loose, Strict, Record, Timestamp, Verbose[none]:Sweep range of sizes [n]:Type escape sequence to abort. Each line is a menu question allowing you to either accept the default setting (in parenthesis) of the ping, or to apply a different setting. The real value of this command is that you can test connectivity between two remote routers without being physically present at those routers, as would be required with the standard version of the ping command. For the Network+ exam, you also need to understand the pathping command. The parameters that can be used with this command are as follows: This command produces results that are similar to the ping and tracert commands. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Cisco IOS Command Fundamentals Reference, Release 12.4: ping, http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_m1.html#wp1013837 Using the Extended ping and Extended traceroute Commands, http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f22.shtml CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #93 of 200 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 Question ID: 1289277 65/142 4/18/22, 4:07 PM N10-007 Exam Simulation You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war-driving methods. You need to protect against this type of attack. What should you do? (Choose all that apply.) A) Configure the network to use authenticated access only. B) Change the default SSID. C) Configure the WEP protocol to use a 128-bit key. D) Disable SSID broadcast. Explanation You should complete the following steps to protect against war-driving attacks: Change the default SSID. Disable SSID broadcast. Configure the network to use authenticated access only. You should not configure the WEP protocol to use a 128-bit key. In recent years, WEP has been proven to be an ineffective security protocol for wireless networks, regardless of whether you use low or high encryption. It is a protocol that is very easy to crack using a brute force attack. Some other suggested steps include the following: Implement Wi-Fi Protected Access (WPA) or WPA2 instead of WEP. Reduce the access point's signal strength. Use MAC filtering. War driving is a method of discovering 802.11 wireless networks by driving around and looking for open wireless networks. NetStumbler is a common war-driving tool. For the Network+ exam, you need to understand the following wireless security concepts and how to harden the wireless network: WEP, WPA/WPA2, TKIP, AES, 802.1x, TLS/TTLS, and MAC filtering. WEP - You should avoid this protocol because it is easy to crack. Instead you should use WPA or WPA2. WEP uses a 64-bit (low encryption mode) or 128-bit (high encryption mode) key. WPA/WPA2 - WPA uses Temporal Key Integrity Protocol (TKIP) while WPA2 is capable of using TKIP or the more Advanced Encryption Standard (AES) algorithm. WPA was created as a more secure alternative to WEP. WPA2 is stronger than WPA but requires more processing power. Use WPA2 if all the devices are capable of it because it provides the maximum protection. The only time that using WPA would be sufficient is when your access point or other devices are not capable of supporting WPA2. Enterprise - This version of WPA2 uses security certificates and requires the use of a Remote Authentication Dial-In User Service (RADIUS) authentication server. Personal - This version of WPA2 provides adequate protection for a small office or home network. 802.1x is an authentication method that can be used on both wired and wireless LANS. An 802.1x client attaches to an 802.1x supplicant (a wireless router or switch), which then forwards the request to an authenticator (a RADIUS server). Transport Layer Security (TLS) and Tunneled Transport Layer Security (TTLS) can be implemented with EAP. TLS requires a client certificate, while TTLS does not. TTLS uses a tunnel to connect the server to the client.MAC filtering allows or denies a wireless connection based on the client's Media Access Control (MAC) address. The most popular form of MAC filtering will only allow connections to devices that are contained in the list. In this case, you must add any new devices specifically to the MAC filter list on the access point to allow the devices to connect. In contrast, you can configure a deny list, which specifically denies connections to devices with the MAC addresses listed. This form of MAC filtering is not used as much. Let's look at an example regarding MAC filtering. Suppose encrypted wireless access points are used at a retail location for inventory and price verification. If the retail location is located in a mall, unauthorized access to the wireless network could be a constant problem. If a finite known number of approved mobile devices are allowed to access the store's wireless network, the best security method to implements on the access points would be MAC filtering whereby only those specifically allowed devices would be able to connect. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Securing Wireless LANs Question #94 of 200 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 Question ID: 1289193 66/142 4/18/22, 4:07 PM N10-007 Exam Simulation Which of these is NOT an example of multifactor authentication? A) Username and password B) Smart card and password C) PIN and iris scan D) Signature dynamics and geolocation Explanation Username and password is not an example of multifactor authentication. Because both of these factors are something you know, a single factor of authentication is used here. All of the other options are considered multifactor authentication because they include authentication factors of two different types. Multifactor authentication combines two or more of the following: Something you know is the most common type of authentication. Passwords, personal identification numbers (PINs), mother’s maiden name, color of your first car, the name of your first boss, and the name of your favorite teacher are all examples of something you know. Authentication by something you have would be implemented using an item that you have in your possession, such as a smart card, key fob, or USB dongle. Something you are would be biometric authentication. Fingerprints, iris and retina scans, and even voice-prints can be used to authenticate your identity. Somewhere you are provides location-based authentication. There are several ways to do this, including getting the GPS coordinates of a cell phone, the location of a cell tower, or an IP address. For example, a company can examine an incoming IP address. If it is identified as originating in a foreign country, authentication fails. Something you do is based on the way you perform a particular action. One example is keyboard cadence or the way you type a word or phrase. Signature dynamics is another example of something you do. Even if an attacker guesses your password, he or she will not be able to type or write it in the exact same manner that you do. Objective: Network Security Sub-Objective: Explain authentication and access controls. References: Multifactor authentication (MFA), http://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Remote-Access Security Question #95 of 200 Question ID: 1289152 You have been handed a document that details the steps to take to update the network drivers. Which type of change management document do you have? A) policies B) procedures C) baselines D) regulations Explanation Procedures set forth the steps that must be taken to enforce the network owner's policies, including updating the network drivers. Procedures tell how to achieve the desired results. Baselines are primarily used to identify performance issues. They are actually performance statistics gathered for comparative purposes. By establishing a performance baseline, you can ensure that performance issues are identified much easier in the future. Policies set forth the network rules, including the who, what, and when of the rules. Policies tell what the rules are, who is covered by the rule, and when the rule applies. Regulations are governmental guidelines that are written by federal or state agencies based on the laws passed by federal or state government. Regulations are established by entities outside the network owner. For the Network+ exam, you also need to understand the following standard business documents: Service level agreement (SLA) - defines the minimum level of service that will be provided. An SLA is often implemented between an Internet service provider (ISP) and the company obtaining services from the ISP. Memorandum of Understanding (MOU) - defines the roles and parameters of an agreement between two parties. It is often not a legally binding document. Some companies will use MOUs to define services within the organization, such as the services that will be provided by the IT department. Master Service Agreement (MSA) - specifies payment terms, product warranties, intellectual property ownership, dispute resolution, and other aspects between two parties. It will be used to govern all future statements of work (SOWs) between the two parties. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 67/142 4/18/22, 4:07 PM N10-007 Exam Simulation Statement of work (SOW) - defines the activities, deliverables, and timeline that a vendor must provide for the specified work for a client. For example, an SOW would be used if a company contracts with a third party to improve the availability of the customer's services and applications, enabling the customer to minimize downtime to a few hours per quarter. Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. References: The Key Difference Between a Policy, Process, & Procedure (and Why it Matters For Your Business!), https://www.sweetprocess.com/what-are-the-differences-between-apolicy-a-process-and-a-procedure-why-knowing-this-is-the-key-to-scaling-and-automating-your-business/ Question #96 of 200 Question ID: 1289067 You need to provide terminal emulation and remote login capability for one of the servers on your network. Which Process/Application layer protocol should you use? A) SMTP B) TFTP C) Tracert D) FTP E) Telnet Explanation Telnet is a user command and an underlying TCP/IP protocol for accessing remote hosts. The HTTP and FTP protocols allow you to request specific files from remote hosts without having to log on as a user of that host computer. The Telnet protocol, however, allows you to log on as a regular user with the associated privileges that you have been granted to the specific application and data on that host. In other words, you appear to be locally attached to the remote system. The Telnet command syntax is as follows: telnet abcdef.com [port #] This results in a logon screen with user ID and password prompts. Telnet is most likely to be used by program developers and anyone who has a need to use specific applications or data located on a particular host computer. A subset of the Telnet protocol is also used in other application protocols, such as FTP and SMTP. File Transfer Protocol (FTP) is a useful and powerful tool for the general user. FTP allows a user to upload and download files between local and remote hosts. Anonymous FTP access is commonly available at many sites to allow users access to public files without establishing an account. Users will often be required to enter their e-mail address as a password. Trivial File Transfer Protocol (TFTP) is a simple protocol used to transfer files. It is used to move files between machines on different networks implementing UDP. It lacks most of the features of FTP and only provides the services of reading and writing files and sending mail to and from a remote server. Simple Mail Transport Protocol (SMTP) is an application protocol, so it operates at the top layer of the OSI model (Layer 7). SMTP is the default protocol for sending e-mail in Microsoft operating systems. POP3 and IMAP are the most popular protocols for receiving e-mail protocols. SMTP provides client and server functions and works with the Internet and UNIX. It is used to send and receive messages. Traceroute or Tracert identifies the route that packets take between your computer and a host. Traceroute is a utility that records the route across the Internet that the packets take to reach the specified host. It also calculates and displays the amount of time each hop took. You should keep in mind that TCP connections provide large data size manageability using segmentation and error recovery for all application-layer protocols. The following protocols are considered unsecure: TELNET HTTP SLIP FTP TFTP SNMPv1 and SNMPv2 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 68/142 4/18/22, 4:07 PM N10-007 Exam Simulation If you use any of these protocols, you should use a version that includes SSL or some other cryptography. For example, secure shell (SSH) is a secure alternative to Telnet. For the Network+ exam, you must understand the following vulnerabilities: Unnecessary running services - Disable all unnecessary services on every device. Hackers will search for all used services and attempt to employ known vulnerabilities for those services. Open ports - Close all ports that are not used. Hackers can also use these open ports to break into your network. Unpatched/legacy systems - Older systems provide an easy target to hackers, especially those with unsupported operating systems or applications. For example, Windows XP is no longer supported by Microsoft. Service packs and updates are no longer issued for this operating system. You should get rid of legacy systems that run software that is no longer supported by the vendor or else you should find a way to isolate them from the rest of the network. Unencrypted channels - Unencrypted channels are paths along which data can be intercepted. While it would adversely affect the performance of the network to encrypt every single channel, you should encrypt every single channel through which confidential or private data is sent. Clear text credentials - Some protocols send credentials over the network in clear text. This allows an attacker to intercept the communications to obtain the credential information. You should eliminate the use of any protocols that use clear text credentials by replacing them with more secure protocols. TEMPEST/RF emanation - Tempest studied the susceptibility of some devices to emit electromagnetic radiation (EMR) in a manner that can be used to reconstruct intelligible data. Radio frequency information can be captured in a similar manner. You should use shielding to protect against these vulnerabilities. Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications What is Telnet?, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213116,00.html Question #97 of 200 Question ID: 1123289 Your company needs to deploy a wireless network to allow users to connect to the network using mobile devices. You are concerned that the radio signal will not cover the amount of area you need. Another technician instructs you to research the angle of radiation of the wireless access point's antenna. Which term is used to refer to this? A) bandwidth B) beamwidth C) sensitivity D) gain Explanation The term used to refer to the angle of radiation of an antenna is beamwidth. There are many differences between the types of antennas that you can use, including beamwidth, gain, transmission angle, and frequency. The beamwidth parameter of the antenna defines the angle of the radio signal radiated. The angle of radiation of the signal is defined in degrees. Antenna properties include the gain, beamwidth, and transmission angle. The gain is a measure of how much of the input power is concentrated in a particular direction. Antennas with higher gain have less beamwidth than antennas with lower gain. The high-gain antennas have a very narrow beamwidth. For example, typical 6-dBi patch antenna has a 65-degree beamwidth, but the 21-dBi parabolic dish antenna has a 12-degree radiation pattern. You also need to understand signal strength. In most wireless access points, you can adjust the signal strength. This feature is particularly useful if you want to prevent the signal from reaching outside a building. Then you would adjust (lower) the signal strength and possibly change the access point placement to prevent the signal from reaching there. The coverage of the signal depends on the type of access point you are deploying, the location where it is deployed, and the frequency used. Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. References: Cisco Aironet Antennas and Accessories, https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/product_data_sheet09186a008008883b.html https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 69/142 4/18/22, 4:07 PM N10-007 Exam Simulation Deploying License-Free Wireless Wide-Area Networks, http://www.ciscopress.com/articles/article.asp?p=31731&seqNum=4 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #98 of 200 Question ID: 1123348 You need to implement a data center for your company. In this data center, you plan to implement inter-rack connections that are limited to 25 meters (82 feet). Which Ethernet standard should you implement? A) 1000Base-CX B) 100Base-FX C) 1000Base-TX D) 100Base-T4 Explanation 1000Base-CX is designed for wiring closets. It has a transmission rate of 1,000 Mbps and a maximum segment length of 25 meters (82 feet). 100Base-FX is the IEEE standard for a fiber-optic Fast Ethernet network topology. This standard transmits at 100 Mbps over a baseband connection, and uses fiber-optic cable as the transferring medium. It has a maximum segment distance of 2 kilometers (1.24 miles). 10BaseF is the 10 Mbps version for Ethernet over fiber-optic cable. 100Base-T4 is one of the Fast Ethernet standards. It consists of four pairs of unshielded twisted-pair (UTP) Category 3, 4 or 5 copper wiring. It has a maximum segment length of 100 meters (328 feet) and a maximum transmission rate of 100 Mbps. 1000Base-TX is one of the Fast Ethernet topologies. It transmits 500 Mbps on each of four wire pairs. It requires more expensive Category 6 copper cabling. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: 1000BaseCX, http://www.thenetworkencyclopedia.com/d2.asp?ref=2157 Question #99 of 200 Question ID: 1123443 Your company periodically exchanges confidential information with a third party via a single server at each company. Management has recently become concerned that communications between the two servers have been intercepted and read. You have been asked to ensure that messages between the two authenticated computers are encrypted to prevent attackers from reading the messages. Which protocol should you use? A) DNS B) TFTP C) TLS D) UDP Explanation Transport Layer Security (TLS) encrypts the messages transmitted between two authenticated computers, preventing third parties from reading the messages. TLS is the protocol being used when Secure Sockets Layer (SSL) is implemented. TLS works at the Transport layer of the OSI model. Domain Name System (DNS) is a database that translates a computer's fully qualified domain name (FQDN) to its IP address. DNS works at the Application layer of the OSI model. A DNS database stores canonical records. Trivial File Transfer Protocol (TFTP) is a connectionless version of the File Transfer Protocol (FTP). TFTP transfers files between a client and a server. TFTP works at the Application layer of the OSI model. User Datagram Protocol (UDP) is part of the TCP/IP protocol suite. UDP provides connectionless communication. UDP works at Transport layer of the OSI model. It uses datagrams for communication. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 70/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Network Operations Sub-Objective: Given a scenario, use remote access methods. References: What is Transport Layer Security?, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci557332,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks Question #100 of 200 Question ID: 1123617 You are installing a second wireless access point in your office. When you place the second wireless access point, you notice it is experiencing interference intermittently. You want to prevent the interference. Which method would NOT prevent interference? A) Move the new wireless access point. B) Decrease the signal strength of the new wireless access point. C) Change the channel used on the new wireless access point. D) Increase the signal strength of the new wireless access point. Explanation You should NOT increase the signal strength of the new wireless access point. This would probably increase the interference. Decreasing the signal or power strength can ensure that the wireless LAN does not extend beyond a certain area. You could move the new wireless access point, change the channel used on the new wireless access point, or decrease the signal strength of the new wireless access point. One other method for preventing wireless interference is changing the wireless telephone used. The scenario only stated that intermittent interference was occurring. It did not state what was causing the interference. Another potential wireless issue is the wrong antenna type. Antenna types can affect the area that a wireless signal will cover. Unidirectional antennas only transmit in a single direction, while omnidirectional antennas transmit in a defined radius from the antenna placement. In both cases, you should ensure that the wireless access point is placed in an area where the antenna type will be most effective. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: HowTo: Prevent Wireless Interference, http://www.networkwebcams.com/ip-camera-learning-center/2008/05/09/howto-prevent-wireless-interference/ CompTIA Network+ N10-006 Cert Guide, Chapter 8: Wireless Technologies, Deploying Wireless LANs Question #101 of 200 Question ID: 1289136 Your network contains four segments. You need to connect two or more of the LAN segments together. Which network devices can you use? (Choose four.) A) Hub B) Switch C) Repeater D) Bridge E) Router F) Wireless Access Point Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 71/142 4/18/22, 4:07 PM N10-007 Exam Simulation Bridges, switches, and routers can be used to connect multiple LAN segments. For the Network+ exam, you need to understand the placement of these devices. Bridges, switches, and routers are implemented on the perimeters of segments or subnetworks and are used to connect those segments together. Bridges and switches operate at the Data Link layer, using the Media Access Control (MAC) address for sending packets to their destination. Routers operate at the Network layer by using IP addresses to route packets to their destination along the most efficient path. Backbone routers are the open shortest path first (OSPF) routers that are in Area zero. Area zero is considered the backbone of an OSPF network. Internal routers are located in a single area within a single OSPF autonomous system. Area border routers (ABRs) are located in more than one area within a single OSPF autonomous system. Autonomous system border routers (ASBRs) connect multiple OSPF autonomous systems. A load balancer can be used to balance the workload between routers if more than one router is connected to a subnetwork. Load balancers can also be used with other devices to perform the same function. A Wireless Access Point (WAP) is essentially a translational bridge. One side is commonly connected to the wired LAN and the other side communicates using IEEE 802.11b with a wireless connection. WAPs are not Physical layer devices like hubs or repeaters. They selectively transmit traffic based upon MAC addresses. A WAP can also function as a repeater. WAPs are placed in the center of an area to which you want to provide wireless access. Hubs act as a central connection point for network devices on one network segment. They work at the Physical layer. The primary reason for choosing a switch over a hub is bandwidth needs. Switches can greatly improve network performance because switches do not broadcast the packets they receive. Hubs broadcast the packets they receive to all available ports on the hub, thereby increasing network traffic. Hubs, like routers and switches, are placed on the perimeter of a single segment and only control the traffic on that segment. Both switches and hubs support the same protocols. Hubs are cheaper than switches, but can result in higher costs over time when you consider the potential for issues with lower bandwidth. Both switches and hubs support different types of nodes. Repeaters are used to extend the length of network beyond the cable's maximum segment distance. They take a received frame's signal and regenerate it to all other ports on the repeater. They also work at the Physical layer. A repeater regenerates the signal to all other ports on the device, thereby extending the length of the network beyond the maximum cable segment. Repeaters are placed on a network at the point where the cable segment will exceed the maximum segment distance. You may also need to understand network bridges, which operate at the OSI Data Link layer. They divide a network into segments, keeping the appearance of one segment to the upper-layer protocols. Using MAC addresses, bridges determine which traffic should pass through the bridge and which traffic should remain on the local segment. Keeping local traffic local can increase network performance. Bridges can be used to perform the following functions: Expand the length of a segment Provide for an increased number of computers on the network Reduce traffic bottlenecks resulting from an excessive number of attached computers Split an overloaded network into two separate networks, reducing the amount of traffic on each segment and making each network more efficient Link different types of physical media, such as twisted-pair and coaxial Ethernet Another device that you may need to understand is a Multistation Access Unit (MAU), which is also abbreviated as MSAU. This term is synonymous with a passive "hub" in a Token Ring network. A MAU is a multiport device that connects the computers in a physical star topology that functions as a logical ring. Gateways allow two computers with no protocols in common to communicate. An analog modem converts analog signals transmitted over telephone cabling into digital signals used by computers and computer networks. A concept that you need to understand is traffic shaping, also known as packet shaping. A packet shaper delays data packets to bring them into compliance with a desired traffic profile. Packet shaping optimizes or guarantees performance and improves latency. The most common type of packet shaping is application-based traffic shaping. An example of this is P2P bandwidth throttling. Many application protocols use encryption to circumvent application-based traffic shaping. Another type of packet shaping is route-based traffic shaping that is conducted based on previous-hop or next-hop information. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Router, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212924,00.html Router vs. Switch, http://compnetworking.about.com/od/homenetworkhardware/f/routervsswitch.htm Switch, http://searchtelecom.techtarget.com/sDefinition/0,,sid103_gci213079,00.html Bridge, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211705,00.html Wireless access points, http://compnetworking.about.com/cs/wireless/g/bldef_ap.htm CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Network Infrastructure Devices https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 72/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #102 of 200 Question ID: 1123314 Which of the following can be manipulated to reduce network traffic? A) increased lease time B) NTP C) MAC reservations D) lower TTL Explanation Lease time can be manipulated to reduce network traffic. Lease time is the amount of time a device maintains the IP address assigned by the DHCP server. With Windows, the default lease time is 8 days. Lease times may be adjusted. As an example, if the network configuration seldom changes and you have a large number of IP addresses, you might consider increasing the lease time. The justification for doing so is that every lease must be renewed, and those renewals increase network traffic. Increasing the duration of the lease reduces the amount of network traffic required for lease renewal. MAC reservations allow you to permanently assign an IP address to the MAC address of a specific device. Web servers, mail servers, copiers, printers, wireless access points, and projectors are all examples of devices that can benefit from having a permanently assigned IP address. For each such device, a reservation (exclusion) would be made so that the IP address is removed from (reserved) the pool of available IP addresses. Once a reservation is made, that device always uses that same address. But configuring MA reservations will not affect network traffic as much as increasing the lease time. Time To Live (TTL) specifies the length of time that a DNS name server must cache the name. By default, the TTL is 60 minutes, but it may be modified in the DNS Management Console. Longer TTLs are best for more permanent records, such as MX records, DKIM/SPF records, and TXT records. A lower TTL would mean additional network traffic. Network Time Protocol (NTP) is used to synchronize the clocks of computers on the network. Synchronization of time is important in areas such as event logs, billing services, ecommerce, banking, and HIPAA Security Rules. Implementing NTP would actually increase network traffic. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: What is DHCP Lease Time & What Should I Set it To?, http://homenetworkadmin.com/dhcp-lease-time/ Question #103 of 200 Question ID: 1289180 Which four of the following statements explains why training employees about proper licensing and use of an organization's software and hardware is important? (Choose four.) A) To avoid liability from violating license rules or restrictions B) To prevent unauthorized or improper consumption of licenses C) To make effective use of automated license management D) To comply with license restrictions or limitations E) To practice good organizational ethics and governance F) To promote minimal consumption of licenses Explanation Training employees about proper licensing and use of an organization’s software and hardware includes the following: To prevent unauthorized or improper consumption of licenses To avoid liability from violating license rules or restrictions To comply with license restrictions or limitations To practice good organizational ethics and governance While promoting minimal consumption of licenses can be good for the bottom line, it has nothing to do with honoring or disregarding licensing restrictions. Minimal licensing consumption is usually an IT department issue, not an issue for other employees. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 73/142 4/18/22, 4:07 PM N10-007 Exam Simulation Making effective use of automated license management can check to ensure that licensing restrictions are observed and complied with, but has nothing to do with honoring or disregarding them. Automated licensing is usually an IT department issue. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: Making Sense of Software Licensing https://www.techsoup.org/support/articles-and-how-tos/making-sense-of-software-licensing TLDRLegal-Software Licenses Explained in Plain English https://tldrlegal.com/ A simple guide to understanding software licensing (Microsoft, PDF) http://download.microsoft.com/documents/australia/licensing/licenseguide.pdf CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Best Practices Question #104 of 200 Question ID: 1123241 Which of the following options are relevant to network segmentation when using switches? (Choose all that apply.) A) ARP tables B) Tagging and untagging ports C) VLANs D) MAC address tables Explanation Virtual local area networks (VLANs) allow you to segment a network and isolate traffic to different segments. Each segment (such as Sales, Administration, Manufacturing, or Accounting) can become its own VLAN. VLANs are created by tagging and untagging ports on a switch. A trunk port, which serves as the connection between switches, tags the VLAN traffic. An access port, which is the connection to an end device, does not tag. Port tagging and VLANs are not used in unsegmented networks. MAC address tables contain the MAC address of any device on the network and the corresponding port on the switch to which it is attached. In instances where a VLAN is implemented, the MAC address table will also have the associated VLAN for that port. However, MAC address tables alone do not provide the network segmentation. ARP tables show the relationship of IP addresses to MAC addresses and are located on most devices. While they help the devices may routing decisions, they do not provide network segmentation. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: Fundamentals of 802.1Q VLAN Tagging, https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Fundamentals_of_802.1Q_VLAN_Tagging Question #105 of 200 Question ID: 1289055 You are analyzing communication over your network. You have captured all the packets sent to and from a server on your network. You need to filter the packet capture to only IMAP4 protocol communications. Which port does this protocol use? A) UDP port 143 B) UDP port 25 C) TCP port 143 D) UDP port 110 E) TCP port 25 F) TCP port 110 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 74/142 4/18/22, 4:07 PM N10-007 Exam Simulation Explanation Internet Message Access Protocol version 4 (IMAP4) is an Internet protocol for e-mail retrieval that uses TCP port 143. IMAP4 works at the Application layer of the OSI model. Post Office Protocol version 3 (POP3) is an e-mail message retrieval protocol that uses TCP port 110. Simple Mail Transfer Protocol (SMTP) is an e-mail message protocol that uses TCP port 25. POP3 and SMTP work at the Application layer of the OSI model. These protocols are connection-oriented protocols, and therefore require the use of TCP. UDP is a connectionless protocol. The TCP header implements flags, while the UDP header does not. The Internet Protocol (IP) is the communications protocol for relaying data across networks. Its routing function enables internetworking, and essentially establishes the Internet. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 SIP – 5060/5061 Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications Computer Network Glossary - Port Number: Ports 100-149, http://compnetworking.about.com/od/tcpip/l/blports_gl100.htm Question #106 of 200 Question ID: 1123461 Which four of the following objectives best describe the kinds of protection that data loss prevention systems seek to provide or deliver? (Choose four.) A) Blocking unauthorized data transit B) Encrypting of data in motion C) Promoting data breaches D) Encrypting of data at rest E) Establishing identity or role-based access controls F) Preserving competitive advantage Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 75/142 4/18/22, 4:07 PM N10-007 Exam Simulation Data loss prevention (DLP), often called data leak protection, focuses on ways to prevent sensitive, proprietary, private, or confidential information from unauthorized disclosure. DLP concentrates on identity management and authentication to establish who is trying to access what, or uses role-based access controls (RBAC) to limit access to data. DLP also depends on keeping sensitive information inaccessible to all but authorized parties, which means encrypting data both in motion (being transmitted) or at rest (in storage anywhere). Finally, DLP's mission is to block any kind of unauthorized data transit, including in email, on a USB drive, and as a file copy. While preserving competitive advantage may be a benefit of data leak protection, it is not an objective or stated purpose for this technology. Promoting data breaches means making it easier for data to leak or for unauthorized access and disclosure to occur. It is directly contrary to data loss prevention. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: Understanding Data Loss Prevention (DLP) http://www.tomsitpro.com/articles/what-is-data-loss-prevention-dlp,2-473.html Understanding DLP http://www.infosectoday.com/Articles/DLP/Understanding_DLP.htm CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Policies Question #107 of 200 Question ID: 1289159 Which option is a critical metric in preventive maintenance that would allow you to schedule the replacement of a component at a convenient time, as opposed to waiting for the component to fail at an inopportune time? A) MTTR B) SLA requirements C) MTBF D) Load balancer Explanation Mean Time Between Failures (MTBF) is the average, or mean, time between failures on a device or system. It is an expression of reliability. Generally speaking, it the average length of time that something will work before it is likely to fail. Good preventive maintenance policies would replace a device, such as a power supply, as the time in service approaches MTBF. Mean Time To Recover (MTTR) is the average, or mean, time that it takes to recover, or restore, a system. In terms of a backup, for example, the term would refer to the time needed to restore a system from a full, full + incremental, or full + differential backup. The term can also be applied to full system failure, or hardware component failure such as a hard drive, RAM or power supply. Service level agreement (SLA) requirements determine what the vendor who provides technology services is obligated to provide to the customer. Items that are outlined in the SLA can include response time, repair time, network reliability expectations, escalation protocols, dispute resolution and more. Often the terms MTBF and MTTR may be included in an SLA. A load balancer can be used to divert incoming web traffic, based on content, to specific servers. This will reduce the workload on the primary server. The destination server is determined by data in transport layer or application layer protocols. Distribution can be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest response time. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: Mean Time Between Failures and Mean Time To Repair, https://www.opservices.com/mttr-and-mtbf/ CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 76/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #108 of 200 Question ID: 1123634 You are nearing the completion of a project that involves implementing a new network infrastructure and upgrading the operating systems running on your network servers. Currently, static IP addresses and HOSTS files are used. The upgrade has included implementing DNS, implementing DHCP, and moving servers and other resources to a new location with new IP addresses. However, now you cannot access the resources that were moved using their host names from any of the client workstations. You can access them by their IP addresses. What should you do first? A) Delete the HOSTS file on each workstation. B) Import the workstations' names and address mappings to DNS. C) Configure DHCP to supply a different range of IP addresses to the workstations. D) Enable NetBIOS over TCP/IP. Explanation Workstations read entries in their HOSTS files before making requests to DNS. In this scenario, this behavior would cause the workstation to use the incorrect IP address when attempting to access a server by its host name. For example, suppose an FTP server with an original IP address of 172.35.2.100 and the host name ftp.domain.com was moved and its address changed to 172.25.2.300. When a user typed in the URL for the server in a browser, the client would search its HOSTS file and find an entry for ftp.domain.com at IP address 172.35.2.100. It would then attempt to contact the server using IP address 172.35.2.100, which is the wrong IP address. However, if you delete the HOSTS file, or remove the entry for the server, the workstation will search DNS to resolve the server's host name when it does not find an entry for the server the local HOSTS file. Enabling NetBIOS over TCP/IP would not allow you to access hosts using their host names. NetBIOS allows you to browse for resources using Windows machine names. Importing the workstations' names and address mappings to DNS is not necessary for clients to connect to the servers. However, if the wrong DNS information in configured, devices will be unable to properly resolve a DNS name. The device or host will need to be reconfigured with the correct DNS information. Configuring DHCP to supply a different range of IP addresses to the workstations is also not necessary. DHCP seems to be configured properly given that the clients have connectivity and can access resources using IP addresses. If the DHCP server in configured incorrectly, hosts will be obtaining incorrect IP information from this server. This could include incorrect IP address, subnet mask, default gateway, and even DNS server information. While a DHCP server makes it much easier to configure client's with their IP configuration information, a misconfigured component within the DHCP lease can cause communication problems from all DHCP clients. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: LMHOSTS or HOSTS file: What is the difference?, http://www.tek-tips.com/faqs.cfm?fid=807 CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #109 of 200 Question ID: 1123498 Which hacker attack can be perpetrated by hijacking a communications session between a Web browser and a Web server? A) brute force B) MITM C) SYN Attack D) Ping of Death Explanation A man-in-the-middle (MITM) attack can be perpetrated by hijacking a communications session between a Web browser and a Web server. When a Web browser submits information to a Web server through a form, a hacker might be able to gain sensitive information, such as credit card numbers. A brute force attack occurs when a hacker tries every possible combination to break a code such as an encryption key or a password. A brute force attack can be used to break into a system that is secured with discretionary access lists (DACs). If a hacker identifies a valid user name and password on a DAC network, then the hacker can log in by using those credentials and can be assigned access to resources based on DAC settings. A Ping of Death is a denial-of-service (DoS) attack that occurs when a hacker sends multiple Internet Control Message Protocol (ICMP) messages to a network to attempt to overwhelm servers. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 77/142 4/18/22, 4:07 PM N10-007 Exam Simulation A SYN attack occurs when a hacker exploits the Transmission Control Protocol (TCP) triple handshake. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #110 of 200 Question ID: 1289218 You have been hired as the network administrator. The company's network consists of several subnetworks located in various locations across the southeast United States. You want to deploy switches across the different locations so that you can implement virtual local area networks (VLANs). What is the primary benefit of this implementation? A) Users can be grouped by their work functions, by shared applications or protocols, or by department, regardless of their geographical location. B) Users in a single geographical location can be micro-segmented. C) Users are grouped by their geographical locations. D) VLANs provide switchless networking using virtual addresses. Explanation VLANs place users from many locations into the same broadcast domain. A single VLAN can span multiple physical LAN segments. VLANs can be based on work function, common applications or protocols, departments, or other logical groupings. An example of a work function VLAN would be grouping all executives into the same broadcast domain. The three main benefits of VLANs are security, segmentation, and flexibility. Flexibility and segmentation are important because today's networking environment is no longer limited to a single location. With multiple district, branch, and home offices, traditional LANs are very inefficient. VLANs address these issues by allowing users to be grouped by functions, common applications, departments, and various other logical groupings. However, whichever criterion you use to group VLANs, you should be consistent throughout the network. VLANs improve security by controlling broadcasts and forcing upper-layer security checks so that all devices cannot communicate using Layer 2 alone. A VLAN's primary purpose is not to provide micro-segmentation for a single geographic location. VLANs do not provide switchless networking using virtual addresses, and VLANs can be grouped by multiple criteria, not just by their physical location. Note that each switch port is assigned to a single VLAN. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: VLANs Defined, http://docwiki.cisco.com/wiki/LAN_Switching_and_VLANs#VLANs_Defined CompTIA Network+ N10-007 Cert Guide, Chapter 4 Ethernet Technology, Ethernet Switch Features Question #111 of 200 Question ID: 1289259 You are using the ipconfig tool to troubleshoot a problem with a wireless host. The results are shown below: Adapter address: 00-10-4B-DE-F5-D8IP address: 192.168.1.40Subnet mask: 255.255.255.0Default gateway: 0.0.0.0You can access services on the local network from the host, but you cannot access the Internet. What is the most likely cause of the problem? A) incorrect IP address B) incorrect subnet mask C) missing default gateway D) invalid Ethernet adapter https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 78/142 4/18/22, 4:07 PM N10-007 Exam Simulation Explanation A default gateway must be specified for a host for it to connect to hosts outside the local network. This address is the address of the router interface on the local segment that forwards data to other networks. On small networks, the default gateway is the address of the router that connects the local network to the Internet. You should ensure that the default gateway is correctly configured for the interface that is on the local subnet. A wrong default gateway will have the same result as a missing default gateway: packets will not be able to leave the local subnet. From the output of the ipconfig utility, you can see that no default gateway is configured for the host. You must configure the proper default gateway for the host. This can be done manually or using DHCP to automatically assign the appropriate addressing information. The IP address, subnet mask, and Ethernet adapter are all valid in this scenario. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Chapter 12: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #112 of 200 Question ID: 1289095 You are the network administrator for your company. Recently, the company has decided to locate a small branch office in another state. You have decided to allocate a portion of the private IP address range to use at the new branch office. You assign the branch office the 192.168.103.0/24 IP address range. When you set up the new network, you need to configure separate subnets for each department in the branch office. You should allocate the addresses using CIDR notation such that each department has the minimum number of IP addresses. The departments require the following numbers of hosts on their subnets: Administrative - 4 Sales - 54 Marketing - 27 Research - 12 After you select the appropriate CIDR notation for each department, you must identify the unused portion of the subnet (identified as "Remainder"). Select the appropriate CIDR from the left, and drag it to the network on the right to which it applies. Then select the appropriate CIDR from the left for the unused portion of the network, and drag it to the Remainder field on the right. Not all CIDR notation options will be used. {UCMS id=5741983630884864 type=Activity} Explanation The following allocations should be made for the networks: Administrative - /29 Sales - /26 Marketing - /27 Research - /28 Remainder - /25 For the Administrative network, the /29 designation will support up to 6 hosts. For the Sales network, the /26 designation will support up to 62 hosts. For the Marketing network, the /27 designation will support up to 30 hosts. For the Research network, the /28 designation will support up to 14 hosts. A total of 112 IP addresses will be used by the departments. The Remainder group uses a /25 notation, which supports up to 126 hosts. Objective: Networking Concepts https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 79/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: CIDR Notation Explained Simply, http://phpfunk.com/uncategorized/cidr-notation-explained-simply/ Understanding IP Addresses, Subnets, and CIDR Notation for Networking, https://www.digitalocean.com/community/tutorials/understanding-ip-addresses-subnets-and-cidrnotation-for-networking CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IPv4 Addressing Question #113 of 200 Question ID: 1149625 Which of the following attacks tricks the user in to giving up personal information? A) Brute force B) Ransomware C) Deauthentication D) Phishing Explanation Phishing is the action of sending out an email that is designed to trick the user into giving up personal information. That information is then exploited by criminal. Phishing emails appear to come from legitimate companies, and when the user clicks on a link in the email, the user is directed to a website that appears authentic. The user then fills in account information, which is captured by the criminal. All of the other attacks can take place without the user's knowledge, and therefore do not rely on tricking the user into taking an action that reveals personal information. Deauthentication attacks disassociate a user with a wireless access point, forcing them to retransmit their login credentials. A brute force attack attempts to guess the user's password. This attack differs from a dictionary attack by using additional (random) character combinations, often numbering in the millions. This attack takes significantly more time than a dictionary attack. Ransomware holds a computer hostage until the user pays a fee. The attacks often begin as an urgent email, where the user is directed to click a link or open a document to resolve the issue. Once the user completes the action, malicious software is installed on the user's computer, often locking the user out of the system until a fee is paid. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: What Is Phishing?, http://www.phishing.org/what-is-phishing CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #114 of 200 Question ID: 1289128 You are setting up a 10-Mbps SOHO network at a residence. What is the lowest category or level of UTP cable that you should use as transmission medium for a small LAN communicating in the 10-Mbps range? A) Category 3 B) Category 1 C) Category 5 D) Category 4 E) Category 2 Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 80/142 4/18/22, 4:07 PM N10-007 Exam Simulation Although you could use Category 3 or Category 5 cable for the LAN, Category 3 is the lowest category cable that you could use for the LAN. Category 1 and Category 2 cable have maximum transmission rates of only 4 Mbps, so they would not be suitable for a 10-Mbps network. UTP transmission rates are listed below: Category 1 - up to 4 Mbps Category 2 - up to 4 Mbps Category 3 - up to 10 Mbps Category 4 - up to 16 Mbps Category 5 - up to 100 Mbps Category 5e - up to 1000 Mbps Category 6 - up to 1000 Mbps or 1 Gbps Category 6a – up to 10 Gbps Category 7 – up to 10 Gbps Category 1 wiring consists of two pairs of twisted copper wire. It is rated for voice grade, not data communication. It is the oldest UTP wiring and is used for communication on the Public Switched Telephone Network (PSTN). Category 2 wiring consists of four pairs of twisted copper wire and is suitable for data communications of up to 4 Mbps. Category 3 wiring consists of four pairs of twisted copper wire with three twists per foot. It is suitable for 10-Mbps data communication, and has been used widely in 10-Mbps Ethernet networks. Category 4 wiring consists of four pairs of twisted copper wire, and is rated for 16 Mbps. It was designed with 16-Mbps Token Ring networks in mind. Category 5 wiring consists of four twisted pairs of copper wire terminated by RJ-45 connectors. Category 5 cabling can support frequencies of up to 100 MHz and speeds of up to 1,000 Mbps. It can be used for ATM, Token Ring, 1000Base-T, 100Base-T, and 10Base-T networking. Category 6 wiring consists of four twisted pairs of copper wire terminated by RJ-45 connectors. It can supports speed of up to 1 Gbps or 1,000 Mbps. Category 6a wiring supports speed of up to 10 Gbps or 10,000 Mbps. Category 7 wiring consists of four twisted pairs of copper wire terminated by RJ-45 connectors. It supports speed of up to 10 Gbps or 10,000 Mbps. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #115 of 200 Question ID: 1289232 You install a network analyzer to capture your network's traffic as part of your company's security policy. Later, you examine the captured packets and discover that the only packets that were captured are from Subnet 1. You need to capture packets from all four subnets on your network. Two routers are used on your network. What could you do? (Choose two. Each answer is a complete solution.) A) Install a port scanner. B) Install the network analyzer on a router. C) Install the network analyzer on the firewall. D) Install the network analyzer on all four subnets. E) Install a distributed network analyzer. Explanation You could either install the network analyzer on all four subnets, or install a distributed network analyzer. Standard network analyzers only capture packets on the local subnet. To capture packets on a multi-subnet network, you could install the network analyzer on all four subnets. Alternatively, you could purchase a network analyzer that can capture all packets across the subnets. Typically, a distributed network analyzer consists of a dedicated workstation network analyzer installed on one subnets and software probes installed on the other subnets. You should not install a port scanner. A port scanner reports which ports and services are being used on your network. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 81/142 4/18/22, 4:07 PM N10-007 Exam Simulation You should not install the network analyzer on a router. This will only allow you to capture packets on the subnets connected to the router. The scenario indicates that there are two routers on your network. You would need to install the network analyzer on both routers. You should not install the network analyzer on the firewall. This will only allow you to capture packets on the subnets connected to the firewall. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Network Monitoring Tools, http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #116 of 200 Question ID: 1123379 You have been asked to research the different firewall types and make recommendations on which type(s) to implement on your company's network. You need to document how the firewalls affect network performance. Which type of firewall most detrimentally affects network performance? A) packet-filtering firewall B) stateful firewall C) application-level proxy firewall D) circuit-level proxy firewall Explanation An application-level proxy firewall most detrimentally affects network performance because it requires more processing per packet. The packet-filtering firewall provides high performance. Stateful and circuit-level proxy firewalls, while slower than packet-filtering firewalls, offer better performance than application-level firewalls. Kernel proxy firewalls offer better performance than application-level firewalls. An application-level firewall, or Layer 7 firewall, creates a virtual circuit between the firewall clients. Each protocol has its own dedicated portion of the firewall that is concerned only with how to properly filter that protocol's data. Unlike a circuit-level firewall, an application-level firewall does not examine the IP address and port of the data packet. Often, these types of firewalls are implemented as a proxy server. A proxy-based firewall provides greater network isolation than a stateful firewall. A stateful firewall provides greater throughput and performance than a proxy-based firewall. In addition, a stateful firewall provides some dynamic rule configuration with the use of the state table. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Firewall Q&A, http://www.vicomsoft.com/knowledge/reference/firewalls1.html Types of firewalls, http://searchnetworking.techtarget.com/generic/0,295582,sid7_gci1282044,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #117 of 200 Question ID: 1123352 You are implementing a SOHO network for a small business. The business owner has asked that you implement a 1 gigabit per second (Gbps) network. Which Ethernet standard specifies a data transfer rate of 1 Gbps? https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 82/142 4/18/22, 4:07 PM N10-007 Exam Simulation A) 10BaseT B) 10Base2 C) 100BaseFX D) 1000BaseT Explanation The 1000BaseT Gigabit Ethernet standard specifies a maximum data transfer rate of 1 Gbps. Category 5 unshielded twisted-pair (CAT5 UTP) cable and RJ-45 connectors are typically used on 1000BaseT Ethernet networks. The 10Base2 Ethernet standard specifies a data transfer rate of 10 megabits per second (Mbps), RG-58 coaxial cable, and BNC connectors. The 10BaseT Ethernet standard specifies a data transfer rate of 10 Mbps. CAT3 UTP cable or better is required on 10BaseT Ethernet networks, and RJ-45 connectors are used to connect devices to a 10BaseT Ethernet network. 100BaseT is the 100-Mbps version of 10BaseT and requires CAT5 or higher UTP cabling. 10GBaseT is the 10-Gbps version of this specification and requires CAT6a or higher UTP cabling. The 100BaseFX Fast Ethernet standard specifies a data transfer rate of 100 Mbps, fiber-optic cable, and fiber-optic cable connectors, such as ST or SC connectors. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: 1000BaseT, http://docwiki.cisco.com/wiki/Ethernet_Technologies#1000Base-T Question #118 of 200 Question ID: 1289129 You need to connect a computer to a 100BaseTX Fast Ethernet network. Which of the two following elements are required? (Choose two.) A) BNC T connectors B) RJ-11 connectors C) CAT5 UTP cable D) fiber-optic cable E) RJ-45 connectors F) RG-59 cable Explanation Among the available choices, you should use Category 5 unshielded twisted-pair (CAT5 UTP) cable and RJ-45 connectors to connect a computer to a 100BaseTX Ethernet network. On a 100BaseTX network, you can use two pairs of either CAT5 UTP or Type 1 shielded twisted-pair (STP) cable. RJ-45 connectors are typically used to connect computers to a 100BaseTX network. Although an RJ-45 connector is similar in appearance to a standard RJ-11 telephone connector, an RJ-45 connector is wider than an RJ-11 connector. Additionally, an RJ-45 connector supports eight wires, whereas an RJ-11 connector supports up to six wires. An RJ-11 connector is used to connect an analog modem to a regular phone line. RG-59 coaxial cable and BNC connectors, including BNC barrel connectors and BNC T connectors, are used on 10Base2 Ethernet networks. BNC terminating resistors are also required on both ends of the 10Base2 bus to prevent signals from bouncing back into the cable and corrupting data. RG-6 is also a possible coaxial cable option. RG-6 has a wider core and can be used for longer distances than RG-58. RG-6 can handle runs up to 1,000 feet, while RG-59 is limited to 750 feet. The other main difference between the two cable types is loss of signal, and RG-6 provides a lower signal loss than rg-59. Fiber-optic cable, such as 62.5/125 multimode cable and 8/125 single-mode cable, is used on some types of Ethernet networks, such as 10BaseFB Ethernet and 100BaseFX Fast Ethernet networks. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 83/142 4/18/22, 4:07 PM N10-007 Exam Simulation References: 802.3 Ethernet Standards, https://www.informit.com/articles/article.aspx?p=1358404&seqNum=4 Question #119 of 200 Question ID: 1289301 Users are reporting Internet connectivity issues. After researching, you discover that the routing protocols in use on your network are experiencing routing loops. You must prevent this from happening. What should you do? A) Test all of the routing interfaces to determine which is experiencing problems. B) Reconfigure your routers so that only a single routing protocol is used throughout the network. C) Replace the routers on your network. D) Implement split horizon. Explanation You should implement split horizon to prevent routing loops. Split-horizon route advertisement prevents routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. None of the other options would solve the routing loop issue. For the Network+ exam, you must understand the following common WAN issues: Loss of internet connectivity - Before you contact your Internet service provider (ISP), you need to troubleshoot the problem to determine if the problem is with internal devices or cabling. Once you have tested all internal equipment, you should contact your ISP if you are still having problems. Interface errors - Interface errors occur when a single interface has trouble communicating over the network. An interface error could be due to a bad cable or bad interface. Always try using a known good cable first to see if the error is resolved. If not, you probably have a bad or misconfigured interface. You may need to consult logs and vendor documentation to fix the issue. DNS issues - DNS is used to resolve DNS names to IP addresses so that resources can be accessed by their DNS host name rather than their IP address. If a new external Web site is configured and only external users can access it, you may need to implement split horizon DNS. DNSSEC is a suite of security extensions that can be implemented in DNS. If you implement a proxy server, the proxy server information needs to be entered properly in the DNS zone. Interference - If you discover WAN interference, you need to determine what is causing the interference. Once that is determined, you should take measures to prevent the interference. Router configurations - Routers must be configured properly to successfully route packets through the network. For example, if a technician improperly configures the autonomous system (AS) number of the device, you will experience Border Gateway Protocol (BGP) routing issues. Customer premise equipment - Equipment that is considered to be the customer's responsibility includes the smart jack/NIU, demarc, local loop, CSU/DSU, and copper line drivers/repeaters. You can use standard testing equipment and command-line tools to troubleshoot the network to determine which equipment is causing the problem so that it can be replaced. Company security policy - Throttling sets the upload and download data transfer rates. Blocking blocks certain types of traffic. Fair access policy/utilization limits ensure that any one resource, user, or group does not utilize more than their fair share of the Internet access. Satellite issues - The main issues with satellite connections is latency. If satellite does not offer the bandwidth needed, you need to research other possible WAN connections that you can implement. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Split horizon, http://www.webopedia.com/TERM/S/split_horizon.html Question #120 of 200 Question ID: 1289262 During a recent troubleshooting incident, you discovered a problem with some network transmission media. The communication over the media was distorted. Which issue most likely caused this problem? A) ESD B) Attenuation C) EMI https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 84/142 4/18/22, 4:07 PM N10-007 Exam Simulation D) Crosstalk Explanation Electromagnetic interference (EMI) is interference in the operation of other electrical devices caused by electromagnets, which distorts the signal. Electromagnetic fields can be found in large industrial equipment or smaller equipment such as air conditioners and heaters. If you move network devices to new locations and then start experiencing performance problems, you should examine the new location to see if EMI is causing the problem. EMI can affect network communications through the network cabling. The source of the EMI is often difficult to find. One simple method you can use to locate an EMI source is to place a compass close to the suspected EMI source, looking for unusual needle movements. Once the source of the EMI is found, there are two possible solutions. The first is to move the existing cable away from the EMI source. The second is to replace the existing cabling with shielded cabling or fiber-optic cabling, which are resistant to EMI. Cross-talk is a specialized type of EMI caused by parallel runs of twisted-pair cables. The only solution to this problem is to change the path of the cables. Near-end crosstalk (NEXT) measures the ability of the cable to resist crosstalk. Most commercial cabling will give you the minimum NEXT values that are guaranteed. Far-end crosstalk (FEXT) measures interference between two pairs of a cable measured at the other end of the cable with respect to the interfering transmitter. Db loss in cabling, or attenuation, occurs because the voltage decays slowly as the current travels the length of the cable. Therefore, the longer the cable run, the more Db loss occurs. The loss is predictable based on cable length. You should either decrease the cable length or install repeaters to reduce Db loss. To avoid distance problems, ensure that your cable runs do not exceed the maximum distance allowed. Repeaters could also be used to prevent this problem. Other physical connectivity problems include the following: Bad connectors - If you suspect that a connector is damaged or nonfunctional, you should replace the connector. Often it is much easier to replace the entire cable rather than the connector. However, for long cable runs that extend over a long distance, you should replace the connector so that the cable will not have to be re-routed. Bad wiring - If you suspect that a cable is damaged or nonfunctional, you should replace the cable. Always ensure that the new cable is functional before using it to replace the known-bad cable. For example, if you notice that the link light on a wired device's NIC does not illuminate but it works if you connect to a different RJ-45 port, the problem is probably with the wiring. Open or short circuits - An open circuit is usually the result of a broken cable or improper termination. This causes an incomplete connection and complete failure of the electric current. A short circuit occurs when there is unwanted contact with the cabling. This results in the current following an unwanted path, which could cause overheating or burning. Split cables - This is similar to bad wiring but is much easier to diagnose because the cable is actually cut. An open circuit can be the direct result of this issue. TX/RX reversed - A straight-through cable has the same transmit (Tx) or receive (Rx) leads at each end, while they are reversed at one end in a crossover cable. A straightthrough cable connects dissimilar devices, while a crossover cable connects like devices. If you use a crossover cable in the wrong location on the network, the device will be unable to connect to the network. You should replace the cable with the correct type. Some switches support medium dependent interface crossover (MDIX), which allows a switch port to properly configure its leads as Tx or Rx. However, if a network device does not support MDIX, you must use the appropriate cable (that is, a crossover cable). If loss of connection occurs, you are using the wrong cable or have the switch leads configured incorrectly. Incorrect termination (mismatched standards) - Incorrect termination occurs when the cabling connectors are configured with the wrong individual pin in the connector sockets on crossover or straight-through cables. Split pairs - A split pair is a wiring error where two wires of a twisted pair are instead connected using two wires from different pairs. It most commonly occurs when a punchdown block is wired incorrectly or when RJ-45 connectors are crimped onto the wrong wires. In both of these situations, you will need to rewrite the block or connector. Bad SFP/GBIC (cable or transceiver) - Switches can include gigabit interface converter (GBIC) and small form-factor pluggable (SFP) modules. If one of these modules goes bad, you can either replace it if possible. Otherwise, the switch will have to be replaced. To determine if the module has failed, you need to use an LC loopback tester. Often network cable testers can identify any of the above problems. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: What is Electromagnetic interference?, http://www.wisegeek.com/what-is-electromagnetic-interference.htm CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #121 of 200 Question ID: 1123382 Which of these devices can perform router functions? A) Wireless controller B) IDS https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 85/142 4/18/22, 4:07 PM N10-007 Exam Simulation C) Multi-layer switch D) Proxy server Explanation A multi-layer switch, in addition to working at the Data Link layer (Layer 2), also performs many Layer 3 router functions. When ports on a multi-layer switch are configured as Layer 2 ports, traffic will be routed based on the MAC address. When ports are configured as Layer 3 ports, traffic will be routed based on IP addresses. Multi-layer switches have the ability to route packets between virtual local area networks (VLANs). Wireless controllers provide centralized management of wireless access points. Without wireless controllers, each access point must be configured individually. An intrusion detection system (IDS) contrasts with an intrusion prevention system (IPS). When comparing IDS/IPS, IDS is essentially a warning system that provides notification of an intrusion, while IPS is more active and can stop an attack while it is taking place. An IDS does not route traffic. A proxy server can provide caching services to reduce the amount of internet traffic from the gateway. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: What is the difference between a router and a Layer 3 switch?, http://searchnetworking.techtarget.com/answer/What-is-the-difference-between-a-router-and-a-Layer-3-switch Question #122 of 200 Question ID: 1123318 What is the purpose of a pointer (PTR) DNS record? A) It maps a domain name to an e-mail server. B) It contains an alias for an existing A record. C) It maps a hostname to an IPv6 address. D) It maps a hostname to an IPv4 address. E) It maps an IP address to a hostname. F) It contains information regarding a particular DNS zone's start of authority. Explanation A pointer (PTR) record maps an IP address to a hostname. A host or address (A) record maps a hostname to an IPv4 address. An AAAA record maps a hostname to an IPv6 address. A mail exchange (MX) record maps a domain name to an e-mail server. A canonical name (CNAME) record contains an alias for an existing A record. A start of authority (SOA) record contains information regarding a particular DNS zone's start of authority. A Domain Name System (DNS) server is the authority for a DNS zone, which contains DNS records. DNS servers allow users to request access to devices using either the devices' hostname or IP address. A DNS server stores fully qualified domain name (FQDN) to IP address mappings. This server allows clients to use the easier-to-remember FQDNs to access remote devices. Dynamic DNS is an implementation of DNS that allows real-time updates to DNS records. With Dynamic DNS (DDNS), devices can automatically update their DNS records or allow a DHCP server to implement the updates on behalf of the DNS client. Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 86/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #123 of 200 Question ID: 1289137 Your company has recently leased the office next door to the one currently being used. Both offices will be used. The current office has a Cat 6 network installed. The new office has a fiber network installed. You need to connect the networks of the two offices. Which device should you use? A) CSU/DSU B) gateway C) modem D) media converter Explanation A media converter should be used to connect the networks of the two offices because they use two different types of media. Media converters work on the Physical layer of the OSI model. A gateway allows two computers with no protocols in common to communicate. A Channel Service Unit/Digital Service Unit (CSU/DSU) is a device typically required by leased lines, such as T1 lines, to terminate their media connection to your LAN. A modem converts computer signals to travel over telephone and cable lines. Types of media converters include the following: Single-mode fiber to Ethernet Multi-mode fiber to Ethernet Fiber to coaxial Single-mode fiber to multi-mode fiber You should understand the placement of these devices for the Network+ exam. Media converters are placed where two different types of media meet. A gateway is placed where two different types of computers meet. A CSU/DSU is placed where the leased line meets your local network. An internal modem is installed in the device that needs the ability to make calls, while an external modem is installed near the device needing that ability and connected to it and the telephone line. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Ether Fiber Media Converter, http://www.tech-faq.com/ethernet-fiber-media-converter.html CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #124 of 200 Question ID: 1289079 You need to implement Spanning Tree Protocol (STP) to prevent network loops when more than one path can be used. Which two devices could you deploy? (Choose two.) A) hubs B) bridges C) routers D) switches Explanation You could deploy bridges or switches, which use STP to prevent loops in the network when more than one path can be used. STP uses the Spanning Tree Algorithm (STA) to help a switch or bridge by allowing only one active path at a time. STP can prevent network congestion and broadcast storms. Routers and hubs do not use STP. There are two types of STP: spanning tree (802.1d) and rapid spanning tree (802.1w). 802.1d is an older standard that was designed when a minute or more of lost connectivity was considered acceptable downtime. In Layer 3 switching, switching now competes with routed solutions where protocols such as Open Shortest Path First (OSPF) and https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 87/142 4/18/22, 4:07 PM N10-007 Exam Simulation Enhanced Interior Gateway Routing Protocol (EIGRP) provide an alternate path in less time. You can implement a layer 3 switch and virtual LANs (VLANs) to limit the amount of broadcast traffic on a network and allow different segments to communicate with each other. The 802.1w protocol was developed to improve performance. 802.1w bridges are fully distributed, while 802.1d switches agree on a root port. This root port acts differently than the other switches and is responsible for the network's connectivity. 802.1w defines roles for the ports and a new bridge protocol data unit (BPDU) format, which introduces the proposal/agreement mechanism. BPDU's handling and convergence is different in each protocol. 802.1w introduces these new features: Rapid Transition To Forwarding State - includes new Edge Ports and Link Types variables. Uplink Fast - distinguishes between port roles and uses alternate ports. By default, unknown unicast and multicast traffic is flooded to all Layer 2 ports in a VLAN. This unknown traffic flooding can be prevented by blocking unicast or multicast traffic on the switch ports. However, keep in mind that there may be times when you need to use unicast or multicast traffic. You can also configure forwarding and blocking on a switch port. If you configure forwarding, certain types of traffic based on the rules you configure will be forwarded to a certain port. If you configure blocking, certain types of traffic can be blocked from a switch port. For the Network+ exam, you also need to understand Link Aggregation Control Protocol (LACP), also referred to as 802.3ad. LACP supports automatic link configuration and prevents an individual link from becoming a single point of failure. With this protocol, traffic is forwarded to a different link if a link fails. You can manually or automatically assign the IP address for the switch. Automatic configuration uses a DHCP server to obtain the IP address and all other information that you have configured the DHCP server to assign. The DHCP server does not have to be on the same subnetwork as the switch. If you manually configure the IP address, you need to ensure that all settings are correct. Switches should be given their own IP address and default gateway to use so that they can be remotely managed. For IP address assignment for devices attached to the switch, some switches can also be configured to act as a DHCP server and assign IP addresses to attached devices. However, you must ensure that the DHCP ranges configured on the switch do not overlap the ranges configured on other DHCP servers. Otherwise, you may have a single IP address assigned to multiple hosts on the network, thereby affecting communication. For switches, you also need to understand Power over Ethernet (PoE), Defined by the IEEE 802.3af and 802.3at standards. PoE allows an Ethernet switch to provide power to an attached device by applying power to the same wires in a UTP cable that are used to transmit and receive data. PoE+ is an enhanced version of PoE that provides more power and better reliability. PoE+ is most commonly deployed in enterprise networks, while PoE is usually sufficient for small business or home networks. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features Preventing Network Loops with Spanning-Tree Protocol, http://www.petri.co.il/csc_preventing_network_loops_with_stp_8021d.htm Question #125 of 200 Question ID: 1289198 You need to deploy 802.1x authentication that supports client-side digital certificates for authentication with access points. Which technology should you deploy? A) Cisco LEAP B) EAP-TLS C) EAP-PEAP D) WEP Explanation Extensible Authentication Protocol with Transport Layer Security (EAP-TLS) authentication supports client-side digital certificates for authentication with access points. You can configure Cisco Aironet wireless clients with digital certificates for authentication with EAP-TLS authentication. The Cisco EAP-TLS authentication type can be configured on wireless clients that run Windows. If the wireless clients are working with other operating systems, a third-party software package must be installed to support EAP-TLS authentication. The EAP-TLS authentication type operates with a dynamic session-based WEP key. The dynamic session-based WEP key encrypts data with the key that is generated from the RADIUS authentication server or the client adapter. EAP-TLS uses Public Key Infrastructure (PKI) for encryption of data over the RF channel. You integrate the EAP-TLS authentication type with the use of Lightweight Directory Access Protocol (LDAP) for server-based authentication. WEP authentication does not work with client-side digital certificates. In WEP authentication, the client must be authenticated using the WEP key. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 88/142 4/18/22, 4:07 PM N10-007 Exam Simulation EAP-PEAP authentication does not work with wireless access points. EAP-PEAP works with RADIUS servers. Cisco LEAP authentication does not work with client-side digital certificates. Both sides of the communication using Cisco LEAP share a per-session, per-user encryption key, not a digital certificate. For the Network+ exam, you also need to understand Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) and Protected Extensible Authentication Protocol (PEAP). PEAP will form an encrypted TLS tunnel using a certificate on the server. After the tunnel has been formed, PEAP will authenticate the client using EAP within the outer tunnel. EAP-FAST is Cisco’s alternative to PEAP. Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: 802.1x Offers Authentication and Key Management > 802.1x not the whole solution, http://www.wi-fiplanet.com/tutorials/article.php/1041171 Wireless Security, http://www.ciscopress.com/articles/article.asp?p=177383&seqNum=6 Question #126 of 200 Question ID: 1289060 Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column on the right to match the protocol with the correct default port. {UCMS id=5689560602247168 type=Activity} Explanation The protocols given use these default ports: Port 20 - FTP Port 23 - Telnet Port 25 - SMTP Port 53 - DNS Port 80 - HTTP FTP also uses port 21, but it was not listed in this scenario. Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented. For the Network+ exam, you need to know the following protocols and their default ports: FTP – 20, 21 SSH, SFTP – 22 TELNET – 23 SMTP – 25 DNS – 53 DHCP – 67, 68 TFTP – 69 HTTP – 80 POP3 – 110 NTP – 123 NetBIOS – 137–139 IMAP – 143 SNMP – 161 LDAP – 389 HTTPS – 443 SMB – 445 LDAPS – 636 H.323 – 1720 MGCP – 2427/2727 RDP – 3389 RTP – 5004/5005 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 89/142 4/18/22, 4:07 PM N10-007 Exam Simulation SIP – 5060/5061 Objective: Networking Concepts Sub-Objective: Explain the purposes and uses of ports and protocols. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications List of TCP and UDP Port Numbers, http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Question #127 of 200 Question ID: 1123520 You have recently moved several servers that contain confidential information onto a DMZ. What is the most likely valid reason for doing this? A) bandwidth improvement for all confidential information transactions B) isolation of all confidential transactions C) encryption of all confidential transaction D) compliance with federal and state regulations Explanation The most likely valid reason for moving servers that contain confidential information onto a demilitarized zone (DMZ) is compliance with federal and state regulations. Placing the servers that contain confidential information onto a DMZ will not isolate all confidential transactions because all users on the other subnets will still need to access the confidential information. Placing the servers that contain confidential information onto a DMZ will not encrypt all the confidential transactions. This would require that you employ data encryption while data is at rest and as it is transmitted. Placing servers that contain confidential information onto a DMZ will not improve bandwidth for all confidential information transactions. As a matter of fact, because the servers will be isolated on a separate network, transactions with those assets may actually cause performance to degrade. Any transactions would need to cross the firewall into the DMZ, thereby slowing does the transaction speed. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices Question #128 of 200 Question ID: 1123650 You recently built a virtual network for testing purposes that is parallel to your existing network. When users attempt to log on to the existing network, they get a different IP address than expected. In addition, some users report receiving a duplicate IP address error. What could be the issue? A) Incorrect netmask B) Rogue DHCP server C) Incorrect host-based firewall settings D) Exhausted DHCP scope Explanation A Dynamic Host Configuration Protocol (DHCP) server is used to distribute IP addresses. DHCP is the network service used to assign IP address, subnet mask, default gateway, and DNS server addresses to devices as the boot onto the network. Because users are getting different IP addresses than expected and some have received a https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 90/142 4/18/22, 4:07 PM N10-007 Exam Simulation duplication IP address, the issue is probably a rogue DHCP server. A rogue DHCP server can be placed on the network through malicious intent or inadvertently through a virtual machine. Rogue DHCP servers play a big role in man-in-the-middle attacks. Exhausted DHCP scope occurs when the DHCP server no longer has any available IP addresses to issue. This may occur as the result of a DHCP starvation attack, a type of Denial of Service (DoS) attack. If the available IP addresses in the DHCP pool are all assigned, a legitimate user will be denied access to the network. If the DHCP is exhausted, computers will be unable to lease an IP address. Symptoms of exhausted DHCP scope includes error messages on DHCP leases and computers using APIPA addresses. An incorrect netmask can cause routing and performance issues, but will not cause duplicate IP address errors. In classless interdomain routing (CIDR) notation, the netmask follows the IP address, beginning with the slash. As an example, in the IP address 172.16.0.0/16, the netmask is /16. The netmask determines the subnet to which the IP address belongs, and the size of the subnet. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: How a Rogue DHCP Server Works, https://www.plixer.com/blog/detect-network-threats/how-a-rogue-dhcp-server-works/ Question #129 of 200 Question ID: 1289196 You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security to protect against wireless attack. However, you must provide support for older wireless clients. Which protocol should you choose? A) WPA B) WPA2 C) WAP D) WEP Explanation You should implement Wi-Fi Protected Access (WPA). WPA was created to fix core problems with WEP. WPA is designed to work with older wireless clients while implementing the 802.11i standard. Wireless Application Protocol (WAP) is the default protocol used by most wireless networks and devices. However, because WAP can access Web pages and scripts, there is great opportunity for malicious code to damage a system. WAP is considered the weakest wireless protocol. Wired Equivalent Privacy (WEP) is the security standard for wireless networks and devices that uses encryption to protect data. However, WEP does have weaknesses and is not as secure as WPA or WPA2. Wired Equivalent Privacy (WEP) should be avoided because even its highest level of encryption has been successfully broken. Wi-Fi Protected Access 2 (WPA2) completely implements the 802.11i standard. Therefore, it does not support the use of older wireless cards. Identification and WPA2 are considered the best combination for securing a wireless network. WPA2 is much stronger than WPA. In addition, you can implement WPA2 with Temporal Key Integrity Protocol (TKIP), also referred to as TKIP-RC4, or Advanced Encryption Standard (AES), also referred to as CCMP-AES, to provide greater security. WPA2-AES is stronger than WPA2TKIP. For the Network+ exam, you need to protect against the following wireless attacks or issues: Evil twin - occurs when a wireless access point that is not under your control is used to perform a hijacking attack. It is set up to look just like a valid network, including the same Set Service Identifier (SSID) and other settings. Rogue access point (AP) - occurs when a wireless attack that is not under your control is connected to your network. With these devices, they are not set up to look just like your network. This attack preys on users' failure to ensure that an access point is valid. You can perform a site survey to detect rogue APs. War driving - occurs when attackers seek out a Wi-Fi network with a mobile device or laptop while driving a vehicle. You can lower the signal strength to help protect against this attack. You should also turn off the broadcasting of the SSID and use WPA or WPA2 authentication. War chalking - occurs when attackers place Wi-Fi network information on the outside walls of buildings. Keep an eye out for this type of information by periodically inspecting the outside of your facilities. Bluejacking - the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Turning off Bluetooth when not in use is the best protection against this. Bluesnarfing - the unauthorized access of information from a wireless device through a Bluetooth connection. Once again, turning off Bluetooth when not in use is the best protection against this. WPA/WEP/WPS attacks - Any attacks against wireless protocols can usually be prevented by using a higher level of encryption or incorporating RADIUS authentication. Wired Equivalent Privacy (WEP) should be avoided. Wi-Fi Protected Setup (WPS) allow users to easily secure a wireless home network but is susceptible to brute force attacks. Wi-Fi Protected Access (WPA) is more secure than WEP and WPS. WPA2 provides better security than WPA. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 91/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: HTG Explains: The Difference Between WEP, WPA, and WPA2 Wireless Encryption (and Why It Matters), http://www.howtogeek.com/167783/htg-explains-the-differencebetween-wep-wpa-and-wpa2-wireless-encryption-and-why-it-matters/ WAP: Broken Promises or Wrong Expectations?, http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/wap.html Wireless Security, http://www.ciscopress.com/articles/article.asp?p=177383&seqNum=6 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Securing Wireless LANs Question #130 of 200 Question ID: 1289109 Your company wants to implement a WLAN. You are researching the different wireless options and want to implement the WLAN technologies that are least affected by multipath distortion. Which WLAN transmission technologies are least affected by multipath distortion? (Choose two.) A) 802.11b B) 802.11g C) 802.11a D) Wi-Fi Explanation The 802.11a and 802.11g Wireless Local Area Network (WLAN) transmission technologies are least affected by multipart distortion. Multipath distortion is caused by the reflection of radio frequency (RF) signal on surfaces while traveling between the transmitter and the receiver. These reflected signals reach the receiver with delay. This is also known as inter-symbol interference. This delayed signal adds distortion to the original signal that is directly sent to the antenna system of the receiver. 802.11a and 802.11g WLAN devices use Orthogonal Frequency Division Multiplexing (OFDM) modulation for transmission. Each 802.11a channel utilizes an RF bandwidth of 20 MHz in OFDM modulation. This 20-MHz channel is split into 52 channels with 300-KHz smaller sub-carriers, of which 48 are used for data transmission. The access point transmits the same data in the different frequency channels. When the data is sent on multiple frequencies instead of single frequency, the RF signal is less susceptible to the inter-symbol interference. This is because there is less probability that two signals will use the same sub-carrier frequency channel for transmission. Objective: Networking Concepts Sub-Objective: Given a scenario, implement the appropriate wireless technologies and configurations. References: 802.11 IEEE wireless LAN standards, https://www.webopedia.com/TERM/8/802_11.html CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs Question #131 of 200 Question ID: 1123490 You want to ensure that the sender of the message or network transmission is authenticated, and not an imposter or a phishing attempt. Which method will provide the highest level of origin authentication? A) WPA B) CCMP-AES C) TKIP-RC4 D) Preshared key Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 92/142 4/18/22, 4:07 PM N10-007 Exam Simulation Counter Mode with Cypher Block Chaining (CBC) Media Access Control Protocol - Advanced Encryption Standard (CCMP-AES) provides greater security over wireless networks through CBC MAC, ensuring that incoming packets are indeed coming from the stated source. It also provides fast encryption using AES, which encrypts blocks of data instead of individual bits. In a wireless network, a preshared key (PSK) is an encryption method used with WPA Personal or WPA2 personal. PSK is appropriate for small office-home office (SOHO) networks. A user will request access to the wireless network, supply a passphrase, which is then used with the Service Set Identifier (SSID) to generate a unique encryption key. PSK is not as secure as CCMP-AES. Temporal Key Integrity Protocol-Rivest Cipher 4 (TKIP-RC4) is an encryption method that was designed to provide security enhancements to wireless networks using Wired Equivalent Protocol (WEP). WEP was an extremely weak encryption standard. TKIP added a key distribution method whereby each transmission had its own encryption key, an authentication method to verify message integrity, and an encryption method called RC4. However, TKIP-RC4 is not as secure as CCMP-AES. Wi-Fi Protected Access (WPA) was an interim security improvement over WEP. WPA was later replaced by Wi-Fi Protected Access version 2 (WPA2). WPA-2 uses AES to encrypt wireless communications. Using complex authentication will prevent unauthorized entities from guessing credentials easily. Objective: Network Security Sub-Objective: Given a scenario, secure a basic wireless network. References: AES-CCMP, https://docs.microsoft.com/en-us/windows-hardware/drivers/network/aes-ccmp Question #132 of 200 Question ID: 1123587 You are a desktop administrator for Nutex Corporation. Your organization uses Ethernet cable to connect network resources. A user reports that he is unable to access network resources on his portable computer. The portable computer is connected to the company's network using an Ethernet cable. When you test the cable using a time domain reflectometer (TDR), the signal returns too soon. What should you do? A) Re-route the network cable. B) Replace the network adapter. C) Reinstall the network adapter. D) Replace the network cable. Explanation You should replace the network cable. As stated in the scenario, the TDR shows that signal returns too early, which implies that there is a breakage in the network cable. Therefore, you should replace the cable to fix the problem. You should not reinstall the network adapter. The TDR shows that the signal returns too early which implies that there is a breakage in the network cable. Reinstalling the network adapter will not fix the problem. You should only reinstall the network adapter if you discover an issue with the adapter's driver. You should not replace the network adapter. This is required if Device Manager cannot detect a network adapter plugged in the computer or if the network adapter is faulty. You should not re-route the network cable. This would be a problem if interference were occurring. Re-routing cable further from the interference source usually can fix the problem. Cables can also be enclosed in a protective shield to prevent interference. It is also necessary to re-route a network cable if it lies across the floor. Routing network cable across the floor can cause tripping hazards and can result in cable breakage from the constant pressure of being walked on. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: TDR circuit, http://www.epanorama.net/circuits/tdr.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 93/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #133 of 200 Question ID: 1123387 Your company owns a single physical server. You need to ensure that Web services are hosted in a Linux environment while Active Directory services are hosted in a Windows environment. In addition, you need to ensure that these services are hosted on different broadcast domains. What should you do? A) Implement virtual desktops and switches. B) Implement virtual desktops and servers. C) Implement virtual servers and switches. D) Implement virtual servers and PBXs. Explanation You should implement virtual servers and switches. Implementing virtual servers would allow you to host a Linux environment for Web services and a Windows environment for Active Directory services on the same physical server. Implementing virtual switches will allow you to host the services on different broadcast domains. You should not implement virtual desktops. Virtual desktops allow you to implement a uniform user environment. You should not implement virtual PBXs. A virtual PBX allows you to outsource your telephony service to a service provider. This is an example of software as a service (SaaS). A virtual PBX is usually a Voice over IP (VoIP) solution. When considering virtualization solutions, keep in mind that onsite services reside at your organization's corporate location or branch facility. Offsite services are provided by service providers usually in cases where the leasing organization does not have the means to implement its own data center. When a service provider provides these networking services, it is referred to as Network as a Service (NaaS). Objective: Infrastructure Sub-Objective: Explain the purposes of virtualization and network storage technologies. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3 Network Components, Virtual Network Devices Question #134 of 200 Question ID: 1123247 Which protocol is categorized as an Exterior Gateway Protocol (EGP)? A) BGP B) RIP C) IS-IS D) OSPF Explanation Border Gateway Protocol (BGP) is categorized as an EGP. An EGP is used between autonomous networks. BGP uses an algorithm to determine the quickest route between networks. When a company needs to implement highly available data centers, BGP allows a company to continue to maintain an Internet presence at all data center sites in the event that a WAN circuit at one site goes down. Routing Information Protocol (RIP), Intermediate System to Intermediate System (IS-IS), and Open Shortest Path First (OSPF) are categorized as Interior Gateway Protocols (IGPs). RIPv2 was developed to address the deficiencies of RIP and includes support for Classless Inter-Domain Routing (CIDR). RIP is considered a distance-vector protocol. OSPF is a link-state protocol. BGP is a hybrid protocol. Enhanced Interior Gateway Routing Protocol (EIGRP) is an IGP. EIGRP is a distance-vector protocol. All of the routing protocols mentioned can be used in IPv4/IPv6 networks. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 94/142 4/18/22, 4:07 PM N10-007 Exam Simulation References: CompTIA Network+ N10-007 Cert Guide, Chapter 6: Routing IP Packets, Routing Protocol Examples Question #135 of 200 Question ID: 1123234 You suspect that there is a problem with addressing that allows data to be sent throughout your network. Which addressing method is used at the OSI Network layer to allow this? A) Physical device addressing B) Link-state addressing C) Distance vector addressing D) Logical network addressing Explanation Although the OSI Data Link layer (Layer 2) uses MAC, or physical device, addressing, the Network layer (Layer 3) uses logical network addressing. This logical address is defined by the protocol's addressing scheme. For example, an IPv4 TCP/IP address is composed of 32 bits, divided into four sets of decimal numbers divided by periods. An IPX address is a combination of an 8-digit hexadecimal number, which is assigned by the network administrator, and a 12-digit MAC address, separated by a colon. Service addressing is the other addressing method used by the OSI Network layer. It is used to identify a specific upper-layer process or protocol. A service address is also known as a port or socket. Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: The OSI Model's Seven Layers Defined and Functions Explained, http://support.microsoft.com/default.aspx/kb/103884 CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models, Layer 2: The Data Link Layer Question #136 of 200 Question ID: 1289123 You must propose a cabling scheme for your company's new location. Several departments are located on the same floor with a maximum distance of 61 meters (200 feet) between departments. You want a relatively easy, low-cost installation with simple connections. Which type of cabling would you propose? A) Twisted-pair B) ThickNet C) Fiber-optic D) ThinNet Explanation Twisted-pair cabling is the least expensive cabling media. Because unshielded twisted-pair (UTP) is commonly used in telephone systems, it is mass-produced, making it inexpensive and widely available. In addition, twisted-pair cabling is very easy to work with, meaning that very little training is required for its installation. As in telephone systems, twisted-pair cabling uses Registered Jack (RJ) connectors to connect cables to components. Computer networks use the larger RJ-45 connectors, which are very similar to the commonly known RJ-11 connectors used in telephone systems; this adds to the simplicity of installing twisted-pair. Twisted-pair has a maximum length of 100 meters (328 feet), which will work for the company in the scenario because the offices are located within 61 meters (200 feet) of each other. It is important to note that twisted-pair is the networking-cable type most susceptible to attenuation, which is why its maximum distance is 100 meters (328 feet). The following is a table of network media comparisons: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 95/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: CCNA: Network Media Types > Twisted-Pair Cable, http://www.ciscopress.com/articles/article.asp?p=31276 CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #137 of 200 Question ID: 1289103 For a new office space, you have been asked to choose a best cost solution for providing wireless network access for up to 60 employees. Your boss has informed you that there will be mix of 802.11n and 802.11ac devices in use. The maximum distance from the WAP to any user is 150 ft (~46M). Which kind of wireless access point should you buy? A) 802.11b B) 802.11ac C) 802.11g D) 802.11a E) 802.11n Explanation You should buy a 802.11n wireless access point (WAP). The critical factors at work here are compatibility and maximum distance (indoor range). 802.11ac is backward compatible with 802.11n, so 802.11ac and 802.11n devices may communicate with a WAP of either kind. The maximum indoor range for 802.11n is 70m or 230ft, while that for 802.11ac is 35m or 115 ft. Thus, only 802.11n will work. 802.11a's indoor range is identical to that for 802.11ac (35 m or 115 ft). 802.11b is not compatible with 802.11n or 802.11ac. Also its indoor range is identical to that for 802.11ac (35 m or 115 ft). 802.11g is not compatible with 802.11n or 802.11ac. Its indoor range is also too short at 38 m or 125 ft. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 96/142 4/18/22, 4:07 PM N10-007 Exam Simulation 802.11ac would ordinarily be the best choice for deployment because of its ability to support multiple simultaneous users, wide data channels, and higher data rates. But the distance and cost limitations preclude its use (802.11ac's indoor range is 35m or 115 ft). Objective: Networking Concepts Sub-Objective: Given a scenario, implement the appropriate wireless technologies and configurations. References: Wireless Wi-Fi 802.11 a, b, g, n, ac …, https://www.geckoandfly.com/10041/wireless-wifi-802-11-abgn-router-range-and-distance-comparison/ Question #138 of 200 Question ID: 1289070 Recently, you have noticed that segments of data are arriving at their destination with errors. You need to examine the appropriate OSI layer for the reliable delivery of segments without error. Which OSI layer is responsible for this? A) Transport B) Application C) Data Link D) Network Explanation The Transport layer is responsible for the reliable delivery of segments without error. This means that the Transport layer is not only responsible for making sure that segments of data are delivered, but also for ensuring that segments of data arrive without error. The Transport layer uses segment sequencing to put any incorrectly ordered segments into the correct sequence. The layers of the OSI model, along with their layer numbers, are shown below: Layer 1 – Physical layer Layer 2 – Data Link layer Layer 3 – Network layer Layer 4 – Transport layer Layer 5 – Session layer Layer 6 – Presentation layer Layer 7 – Application layer Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: The OSI Models Seven Layers Defined and Functions Explained, http://support.microsoft.com/default.aspx/kb/103884 CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models, Layer 4: The Transport Layer Question #139 of 200 Question ID: 1123460 Which four of the following elements are most likely to appear in a well-designed password policy that explains requirements for formulating secure passwords? (Choose four.) A) one or more special characters B) spouse's birthday C) 12 characters or longer D) pet's name E) one or more numbers https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 97/142 4/18/22, 4:07 PM N10-007 Exam Simulation F) mix of upper and lower case characters Explanation The strongest passwords are long, and include a mix of upper and lower case alphabetic characters, along with one or more numbers and special characters (such as !@#$% and so forth). For this scenario, the following options are correct: 12 characters or longer mix of upper and lower case characters one or more numbers one or more special characters A pet's name is one of the most frequently cited elements of personal information that turns up on bad or weak password lists. Like a pet's name, a spouse's birthday is another frequently cited element of personal information that turns up on bad or weak password lists. Modern technology and ubiquitous Internet access make it easy for users to be equipped with and use an online password generator and secure password safe. Such tools randomly generate passwords of any length desired, chock-full of numbers and special characters and filtered to avoid including dictionary terms or substrings. Best security practice is to recommend their use, and to set a good example by using them yourself. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: The Importance of Using Strong Passwords MSDN https://msdn.microsoft.com/en-us/library/ms851492(v=winembedded.11).aspx Password Protection Policy (SANS) https://www.sans.org/security-resources/policies/general/pdf/password-protection-policy CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Policies Question #140 of 200 Question ID: 1289289 You are the network admin at a small college. For most of the day, your school's wireless network performs as it should. Between classes, however, performance is abysmally slow. What is the most likely cause? A) Channel overlap B) Overcapacity C) Signal-to-noise ratio D) Refraction Explanation You should look at overcapacity. Overcapacity is an issue in wireless performance. The proliferation of wireless devices will put an enormous drain on a wireless network originally designed for a few devices. In today’s environment, the network may need to provide service to tablet computers, smartphones, personal performance monitors, and smart watches, in addition to the few laptops the network was originally designed to support. From the symptoms being described, more students are connecting their devices between classes, causing the performance of the network to degrade. Refraction “bends” the signal as it passes through, or the signal curves as it tries to go around the object. Think of a stick where part of the stick is in the water and part of the stick is out of the water. The stick appears ‘‘bent” because the water causes refraction of the image. If refraction were the issue, the problem would be throughout the day, not just at certain times. Channel overlap can cause performance issues. Even though 11 channels are available in the US, there is a high degree of overlap. When using multiple wireless access points in 2.4 GHz mode, set the channels at 1, 6, and 11 to provide the best coverage. If this were the issue, the problem would be throughout the day, not just at certain times. The signal-to-noise ratio (SNR) is the relationship between the strength of the wireless signal compared to the amount of background interference (noise). SNR is measured in decibels (dB). Devices such as microwaves, cordless phones, wireless cameras, and fluorescent lights are all contributors. When using a Wi-Fi analyzer, any SNR below 25dB is considered poor, while a reading above 41db is considered excellent. If this were the issue, the problem would be throughout the day, not just at certain times. Objective: Network Troubleshooting and Tools https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 98/142 4/18/22, 4:07 PM N10-007 Exam Simulation Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: 4 More Incredibly Common Reasons Your Wifi Performance is Awful, https://www.securedgenetworks.com/blog/4-more-incredibly-common-reasons-your-wifi-performance-isawful Question #141 of 200 Question ID: 1289085 A company procedure calls for using the IPv4 and IPv6 loopback addresses as part of the troubleshooting process. Which of the following explanations best represents the purpose of this tool? A) To provide an IP address that is always available even in the absence of a network B) To provide an IP address for testing the local IP stack without a physical network connection C) To provide an IP address for testing the local IP stack through the network interface D) To provide an IP address to determine minimum round-trip performance for packets E) To provide an IP address to check interface drivers and hardware Explanation Though using the loopback address invariably returns PING round-trip times of 0, its purpose is to test the local IP stack, not to demonstrate or deliver minimum or best-possible round-trip performance. The following graphic shows the output from pinging the loopback: The loopback address can also be pinged using the address 127.0.0.1. Note the zero values throughout for both IPv4 and IPv6 PINGs. That's because there's no networking hardware involved, and the round trip times are usually too short to measure. The loopback address is defined for both IPv4, where it applies to any address of the form 127.x.x.x, and to IPv6, where it takes the form ::1 (all zeroes with a 1 in the final bit position). The purpose of the loopback address is to provide a mechanism for testing the functionality of IP stack software, independent of hardware. That is, despite its formal designation as “the loopback interface,” the loopback address has no hardware associated with it nor is it physically connected to any network. Using the loopback address simulates sending and receiving packets up and down the IP stack without accessing anything external outside of that software. The purpose of the loopback address is NOT to provide an IP address that is always available. This is because the IP stack might be faulty, corrupt, or malfunctioning. The purpose of the loopback address is NOT to provide an IP address for testing the location IP stack through the network interface because loopback does not interact with any physical hardware. Loopback works completely independent of any hardware or network connection. The purpose of the loopback address is NOT to provide an IP address to determine minimum round-trip performance for packets because the loopback address does not interact with the network in any way. The purpose of the loopback address is NOT to provide an IP address to check interface drivers and hardware because it does not interact with physical hardware in any way. Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: loopback address, https://www.webopedia.com/TERM/L/loopback_address.html Loopback Address, https://www.techopedia.com/definition/2440/loopback-address Question #142 of 200 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 Question ID: 1123357 99/142 4/18/22, 4:07 PM N10-007 Exam Simulation One of your branch offices is located on two non-adjacent floors in an office building. You have been given permission to route a communications link between the two floors using existing conduit in the building's elevator shaft. Your current cabling plan calls for TP wiring on each of the two floors, but the distance between them is more than 90 meters. You need to interconnect the two floors using fiber optic cable in the cheapest manner possible. Which of the following should you deploy between the wiring centers on each floor? A) Modems B) Hubs C) Media converters D) Firewalls E) Routers F) Switches Explanation You should deploy media converters between the wiring centers on each floor. By definition, a media converter maintains network characteristics, but permits dissimilar media to be linked together. A pair of media converters that can interlink TP (RJ-45) cables and some kind of standard fiber-optic interface would be a good solution for this scenario. They would permit you to use a single- or multi-mode duplex fiber optic cable to bridge the gap between floors in your office building. Multi-mode makes the most sense here because it is cheaper to purchase and install. A router is a device that examines the contents of data packets transmitted within or across networks. Routers determine if a source and destination are on the same network, or whether data must be transferred from one network to another, either between locally available network segments, or across a wide-area link to access other, more distant networks. Routers usually handle multiple sets of network connections, and can interconnect TP and fiber media. Routers are often expensive and complex devices. For this reason, a pair of fiber interfaces for two routers (one on each floor) could easily cost twice as much as a pair of media converters. A router would be overkill for a persistent floorto-floor interconnect like the one described in the scenario. A firewall is a software-based service that is used to maintain security on a private network by blocking unauthorized access to or from private networks. Firewalls generally work to prevent unauthorized users or software from gaining access to private networks connected to the Internet, and to enforce an organization's acceptable use policies when users on the private network access the Internet. A firewall is not used to interlink dissimilar networking media. A switch is a high-speed networking device that receives incoming data packets from one of its ports and directs them to a destination port for local area network access. A switch will redirect traffic bound outside the local area to a router for forward through an appropriate WAN interface. A switch can interlink TP and fiber-optic ports, but such connections add significant costs to those devices. Like the router, a switch would be overkill for a persistent floor-to-floor interconnect like the one described in the scenario. Likewise, a pair of fiber-optic interfaces for two switches (one for each floor) could also cost twice as much as a pair of media converters. A hub is like a simple-minded switch in that it relays communication data. But instead of directing incoming traffic out of one targeted port (like a switch does) a hub copies data packets to all of its ports. Because hubs do not typically permit TP ports to communicate with fiber-optic ports, and vice-versa, a hub is an unlikely choice for tying the two floors of the building together. A modem is a network device that modulates and demodulates (its name comes from the first letters of each of those two words: "mo" from modulate and "dem" from demodulate) analog carrier signals for sending and receiving digital information. In the early days of networking, modems were used to provide remote communications across the public telephone network. These days, they are most commonly used over broadband networks like those for CATV. A modem cannot be used to interlink TP and fiber-optic network links. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Media Converter https://www.techopedia.com/definition/20651/media-converter-network-hardware Router https://www.techopedia.com/definition/2277/router Firewall https://www.techopedia.com/definition/5355/firewall Networking switch https://www.techopedia.com/definition/2306/switch-networking Hub https://www.techopedia.com/definition/26350/hub-networking Modem https://www.techopedia.com/definition/24118/modem https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 100/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #143 of 200 Question ID: 1123471 Which of the following controls can be used as a deterrent, an authentication method, or documentation? A) Biometrics B) Key fob C) Video surveillance D) Badges Explanation Video surveillance can serve as a deterrent, an authentication method, or documentation. It is important to choose the right type of equipment for the business environment. For example, do you need infra-red cameras for low-light situations? Do you need motion detection that would only activate recording when there is movement? How many cameras do you need? How would you place them to provide sufficient coverage and eliminate blind spots? Video surveillance is usually considered a detective physical security control. By saving and storing the information recorded, it acts as documentation. Requirements that personnel wear badges can be a deterrent against breaches of physical security and can also provide authentication, but badges do not assist with documentation. A key fob can assist with authentication by being a "something you have" authentication factor. Credentials are embedded in the key fob. When the key fob is placed next to a sensor, access is either granted or denied based on the credentials. Other items similar in function to a key fob are smart cards and USB dongles. Key fobs do not really act as a deterrent, nor do they provide any documentation. In some key fob implementations, documentation is provided using access logs that record all transactions. Biometrics is an authentication method, but it would not provide documentation of an event. Biometrics is a "something you are" authentication factor. Fingerprints, iris and retina scans, and voice prints can be used to authenticate your identity. Objective: Network Security Sub-Objective: Summarize the purposes of physical security devices. References: Physical security, access control and surveillance moving into 2017, http://www.securitynewsdesk.com/physical-security-access-control-and-surveillance-moving-into-2017/ CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks Question #144 of 200 Question ID: 1123259 You have decided to implement frame tagging in a port-based switching network. What does this technique ensure? A) that the VLANs are implemented based on port B) that the VLANs are implemented based on protocol C) that the VLANs are implemented based on subnet D) that a single VLAN can be distributed across multiple switches Explanation Frame tagging in a port-based switching network will ensure that a single VLAN can be distributed across multiple switches. Frame tagging in a port-based switching network does not ensure that the VLANS are implemented based on protocol. To do this, you should implement protocol-based switches. Frame tagging in a port-based switching network does not ensure that the VLANs are implemented based on subnet. To do this, you should implement subnet-based switches. Frame tagging in a port-based switching network does not ensure that the VLANS are implemented based on port. Port-based switches do this without frame tagging. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 101/142 4/18/22, 4:07 PM N10-007 Exam Simulation References: CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features Question #145 of 200 Question ID: 1123229 You are responsible for ensuring that unnecessary protocols are not running on your network. You need to determine which protocols operate at the Transport layer of the OSI model. Which of the following protocols should you list? (Choose two.) A) HTTP B) TCP C) IPX D) UDP E) IP Explanation Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) both operate at the Transport layer of the Open Systems Interconnection (OSI) model. Because the Transport layer is the fourth layer in the OSI model, it is sometimes referred to as Layer 4. Protocols that operate at the Transport layer provide transport services to higher-layer protocols, such as Hypertext Transfer Protocol (HTTP) and Trivial File Transfer Protocol (TFTP). TCP reliably delivers a stream of bytes in order from a program on one computer to another program on another computer. TCP is the protocol that major Internet applications rely on, such as the World Wide Web, email, remote administration and file transfer. TCP is a connection-oriented protocol. UDP, on the other hand, is a connectionless protocol. HTTP is an Application layer (Layer 7) protocol that uses the connection-oriented services of TCP, and TFTP is an Application layer protocol that uses the connectionless services of UDP. HTTP is the primary service used on the World Wide Web. HTTPS is a secure version of the HTTP protocol. Internet Protocol (IP) is a connectionless protocol in the TCP/IP protocol suite. Internetwork Packet Exchange (IPX) is a connectionless protocol in the IPX/SPX protocol suite. IP and IPX operate at the Network layer of the OSI model (Layer 3) and provide routing and addressing services for nodes on a network. Internet Control Message Protocol (ICMP) is an error-reporting protocol that also operates at the Network layer. Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models, Layer 1: The Physical Layer TCP/IP and OSI Network Models, http://www.speedguide.net/read_articles.php?id=120 Question #146 of 200 Question ID: 1289072 You are the network administrator for your company. As part of your job, you must understand how data is transmitted through the different OSI layers. Move the OSI layers from the left column to the right column, and place them in the correct order, starting with Layer 1 at the top. {UCMS id=5110048852279296 type=Activity} Explanation The correct order for the layers in the OSI model is as follows: Layer 1 - Physical Layer 2 - Data Link Layer 3 - Network Layer 4 - Transport Layer 5 - Session Layer 6 - Presentation Layer 7 - Application https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 102/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: OSI Model, http://en.wikipedia.org/wiki/OSI_model CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model Question #147 of 200 Question ID: 1302414 You want to configure a firewall and filter packets on a Linux system. Which command would you use? A) nslookup B) iptables C) tcpdump D) ifconfig Explanation The iptables Linux command allows you to control a firewall and filter packets. Filtering can be performed using packet type, packet source/destination, or target. The tcpdump command allows you to analyze wired or wireless network traffic on a Linux system. For example, to examine POP3 traffic on the wired NIC, you would use this command: sudo tcpdump -I eth0 -nn -s0 -v port 110 The nslookup command is used to query the DNS server. The nslookup command with a domain name will return the A record. The nslookup with an IP address will return the ptr record. Ifconfig is the counterpart to the Windows ipconfig command, and provides information about the network interface card. Ifconfig functions much the same way as ipconfig, but it does not provide information on wireless adapters. To retrieve information about wireless adapters on a non-Windows system, use the iwconfig command. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Chapter 17: iptables, https://www.centos.org/docs/rhel-rg-en-3/s1-iptables-options.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #148 of 200 Question ID: 1123502 Which social engineering attack is typically considered the most dangerous? A) dumpster diving B) Trojan horse C) social engineering D) physical penetration Explanation Physical penetration is a social engineering attack that is typically considered the most dangerous attack that a targeted hacker can use. A targeted hacker chooses a specific organization or target to attack. In a physical penetration attack, a targeted hacker enters the premises of an organization and gains access to computer systems or plugs a https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 103/142 4/18/22, 4:07 PM N10-007 Exam Simulation laptop computer into an organization's internal network. A physical penetration attack is considered the most dangerous type of targeted hacker attack because computer network equipment is typically not well protected inside an organization's physical location. In a dumpster diving attack, a hacker searches through an organization's trash for sensitive information, such as user names, passwords, and documents that were intended to be kept secret. A social engineering attack occurs when a hacker pretends to be a member of an organization in an attempt to gain sensitive information about an organization's network or operations. A hacker can perform social engineering by using methods such as instant messaging, the telephone, and face-to-face communications. Employees should be trained to require some form of identification before giving sensitive information about a company to a stranger. To protect your network against social engineering attacks, you should enforce the security policy, provide user education, and limit available information. A Trojan horse is a malicious program typically sent as an e-mail attachment that appears to the end user as a benign application. A Trojan horse can be programmed to send sensitive information to a hacker. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: Two methodologies for physical penetration testing using social engineering, http://doc.utwente.nl/69064/1/Pentesting_methodology.pdf Question #149 of 200 Question ID: 1289156 You have two Web servers, named WebSrv1 and WebSrv2. You need to configure the Web servers so that they share the Web request load equally. What should you do? A) Implement an active/passive cluster. B) Implement an active/active cluster. C) Implement Quality of Service (QoS). D) Implement traffic shaping. Explanation You should implement an active/active cluster. This will ensure that the two Web servers share the Web request load equally. An active/active cluster is also known as a loadbalancing cluster. You should not implement traffic shaping. Traffic shaping is a specialized type of Quality of Service (QoS) feature where traffic from each host is monitored. When traffic from the host is too high, packets are then queued. Traffic shaping can also define how much bandwidth can be used by different protocols on the network. You should not implement QoS. QoS provides varying levels of network bandwidth based on the traffic type. Each traffic type has its own queue. Each traffic type queue is given its own priority. Traffic types with a higher priority are preferred over lower priority traffic types. You should not implement an active/passive cluster. This will ensure that one of the Web servers handled the Web request load. If the active server fails, then the passive server will take over the Web request load. An active/passive cluster is also known as a failover cluster. Active/passive clusters provide better performance, availability, and scalability. All of these technologies help with performance optimization. High availability is an important concern regarding Web servers. Operating Web servers in a cluster environment could improve availability. Providing two identical Web servers would improve availability and provide redundancy. High availability is designed to keep system running in the event of a disaster. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: Server Cluster Overview, https://technet.microsoft.com/en-us/library/cc759183.aspx CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 104/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #150 of 200 Question ID: 1123270 Management has decided to implement a small private network for guests. The network will consist of Windows 7 computers that will only be able to access the other computers on the private network. You recommend that the small private network use APIPA addresses. Which is the following is a valid APIPA address? A) 172.16.4.36 B) 10.1.1.131 C) 192.168.16.45 D) 169.254.2.120 Explanation The 169.254.2.120 address is a valid Automatic Private IP Addressing (APIPA) address. By default, Windows XP and Windows 7 client computers are configured to use an APIPA address if the DHCP server does down. The addresses in the APIPA range are 169.254.0.0 through 169.254.255.255. These addresses are not routable and are therefore only usable on the local subnet. The other addresses are all part of the three private IP address ranges, as shown below: 10.0.0.0 through 10.255.255.255 172.16.0.0 through 172.31.255.255 192.168.0.0 through 192.168.255.255 To prevent the use of APIPA addresses, you should change the default settings on the Alternate Configuration tab of the Internet Protocol Version 4 Properties dialog box. On this tab, you can specifically configure a static IP address that the computer can use. Private IP addresses can only be used on the private network. To connect to the Internet, computers that use private IP addresses with need some sort of Network Address Translation (NAT) service. Public IP addresses allow computers to communicate on the Internet without t using the single public address of the NAT server. A challenge with basic NAT, however, is that it provides a one-to-one mapping of inside local addresses to inside global addresses, meaning that a company would need as many publicly routable IP addresses as it had internal devices needing IP addresses. Many routers support Port Address Translation (PAT), which allows multiple inside local addresses to share a single inside global address (a single publicly routable IP address). Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, Assigning IPv4 Addresses Advanced IP Addressing, http://www.ciscopress.com/articles/article.asp?p=174107&seqNum=5 Question #151 of 200 Question ID: 1123252 You are configuring a new small office home office (SOHO) at a small insurance office. After documenting the network requirements, you decide to use Network Address Translation (NAT) so that only one public address will be needed. You want to use the IANA-designated private IP address range that provides host IP addresses with a maximum of 16 bits. What is a valid host IP address in this range? A) 11.0.1.0 B) 192.168.0.1 C) 172.30.250.10 D) 10.251.250.100 Explanation Of the IP addresses listed, 192.168.0.1 is a valid host address within the range of IANA-designated private IP addresses that provide a maximum of 16 bits per host address. The IP address 11.0.1.0 is a public, or external, IP address. The Internet Engineering Task Force (IETF) is a working group that creates standards for the Internet. The IETF is divided into a number of smaller committees, including the Internet Assigned Numbers Association (IANA), which decides how the IP address space is used. The IANA has reserved three address spaces for private or internal IP https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 105/142 4/18/22, 4:07 PM N10-007 Exam Simulation addressing. Internal IP addresses are never assigned by the IANA for use on the public Internet. The private IP address ranges are as follows: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Note that the number after the slash (/) character is referred to as the network address prefix, which indicates the number of bits in the network address. Private IP addresses in the range 192.168.0.0/16 can be used as a Class B address space with a 16-bit network address and a 16-bit host address, or they can be subnetted into Class C addresses. Valid host IP addresses in this address space range from 192.168.0.1 through 192.168.255.254. The first 16 bits in the address correspond to the network address and the last 16 bits in the address correspond to the host address. The internal IP address range 10.0.0.0/8 provides IP addresses with an 8-bit network address and a 24-bit host address. The first 8 bits of a 10.0.0.0/8 internal IP address correspond to the network address, and the last 24 bits correspond to the host address. Valid host IP addresses in this address space range from 10.0.0.1 through 10.255.255.254. The address 10.251.250.100 is a valid host IP address in this range. The 172.16.0.0/12 private IP address range provides a 12-bit network address and a 20-bit host address. IP addresses in the range of 172.16.0.1 through 172.31.255.254 are valid host IP addresses for this address space; the first 12 bits correspond to the network address, and the last 20 bits correspond to the host address. The IP address 172.30.250.10 is a valid host IP address in the range 172.16.0.0/12. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IPv4 Addressing What is a Private IP Address?, http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm Question #152 of 200 Question ID: 1123385 Which of these devices or functions works at Layer 7? A) Content filter B) NGFW C) VoIP gateway D) VoIP PBX Explanation A Next Generation Firewall (NGFW) works at Layer 7, the Application layer. It includes traditional firewall functionality with an Application layer firewall. It enforces security policies at the port, protocol, and application levels. A traditional firewall that allows HTTP traffic on port 80 may also permit an SQL injection attack embedded in a properly formed HTTP request. An Application-layer firewall would perform a more intensive examination of the traffic instead of just allowing traffic on a given port. In this example, even though HTTP traffic on port 80 is allowed on a traditional firewall, the Application layer firewall would look for an SQL injection attack and block the data. A Voice over IP Private Branch Exchange (VoIP PBX) allows a company to use a single public-facing telephone number while having individual "extensions" for employees in a VoIP phone system. A VoIP PBX could be considered analogous to Network Address Translation (NAT) on a router. A VoIP gateway provides the interface between an IP network and the Public Switched Telephone Network (PSTN). As an example, for inbound calls, the VoIP gateway would convert telephony traffic into packets for routing over an IP network. Content filters are typically part of firewalls and allow the administrator to block objectionable content or content that may be deemed inappropriate for the situation. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Next-generation firewall (NGFW), http://searchsecurity.techtarget.com/definition/next-generation-firewall-NGFW Question #153 of 200 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 Question ID: 1123550 106/142 4/18/22, 4:07 PM N10-007 Exam Simulation You need to verify a network's transmission speed. Which tool should you use? A) throughput tester B) bit-error rate tester C) connectivity software D) loopback plug Explanation A throughput tester is best used to verify a network's transmission speed. Connectivity software is any type of software that allows you to remotely connect to a network. Microsoft's proprietary Remote Desktop Protocol (RDP) and Remote Desktop Connection (RDC) are both types of connectivity software. Bit-error rate tester is a tool that contains a pattern generator and error detector to determine the bit-error rate. A loopback plug is a device that is plugged into a network port to determine if the port is functional. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #154 of 200 Question ID: 1123236 As a network administrator, you understand that there are many types of addresses used in networks, including Data Link layer addresses and network addresses. You need to explain to a new network technician the difference between these two types of addresses. What is the most significant difference? A) Data Link layer addresses refer to logical devices, whereas network addresses refer to physical devices. B) Data Link layer addresses use fewer bytes of memory than network addresses. C) The Data Link layer address of a device is configured by the network administrator, whereas the network address is set by the IEEE. D) Data Link layer addresses are MAC addresses for unique identification, whereas network addresses are a Network layer component. Explanation The most significant difference between Data Link layer addresses and network addresses is that network addresses are a Network layer component (Layer 3), and Data Link addresses are MAC addresses (Layer 2) used for unique identification. Network addresses refer to logical networks, whereas Data Link addresses define an actual physical address assigned to a network interface card (NIC). Data Link layer addresses define the physical device, and network addresses define the logical device. Data Link layer addresses (MAC addresses) are 48 bits, and a TCP/IP network address is 32 bits (IPv4) or 128 bits (IPv6). This is not a significant difference. The network address is configured by the network administrator. The first six hexadecimal digits of the Data Link (MAC) address are specified by the IEEE according to the NIC's vendor ID; this is known as the Organizationally Unique Identifier (OUI). Objective: Networking Concepts Sub-Objective: Explain devices, applications, protocols and services at their appropriate OSI layers. References: TCP/IP and OSI Network Models, http://www.speedguide.net/read_articles.php?id=120 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 107/142 4/18/22, 4:07 PM N10-007 Exam Simulation CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models, Layer 2: The Data Link Layer Question #155 of 200 Question ID: 1289227 You are a system administrator. A user calls you complaining that every time she tries to log on to the network, she gets an error message. Other users are not having any problems. Which question is best to ask first when attempting to troubleshoot the problem? A) Which error message do you receive? B) How much memory is installed in your computer? C) What is your username and password? D) Have you rebooted your computer? Explanation Knowing the exact error message would be the best first step in solving this problem. The message itself may point to the cause of the problem. Information pertaining to the amount of memory, the user name and password, and whether the computer has been rebooted could be useful in other scenarios. This type of information would not enable you to determine the problem in this scenario. The troubleshooting order according to the CompTIA Network+ blueprint is as follows: 1. Identify the problem. Gather information. Duplicate the problem, if possible. Question users. Identify symptoms. Determine if anything has changed. Approach multiple problems individually. 1. Establish a theory of probable cause. Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model Divide and conquer 1. Test the theory to determine cause. Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, re-establish new theory or escalate. 1. Establish a plan of action to resolve the problem and identify potential effects, 2. Implement the solution or escalate as necessary, 3. Verify full system functionality and if applicable implement preventive measures. 4. Document findings, actions, and outcomes. Objective: Network Troubleshooting and Tools Sub-Objective: Explain the network troubleshooting methodology. References: CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1) Question #156 of 200 Question ID: 1289272 A user is complaining about poor network connectivity. Upon examining the workstation, you notice it is connected to a patch cable that your new network technician made earlier in the week. You suspect there is interference between two pairs in the cable. What is the most likely culprit for the connectivity issue? A) EMI https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 108/142 4/18/22, 4:07 PM N10-007 Exam Simulation B) Crosstalk C) Latency D) Damaged cables Explanation Because you suspect interference between two pairs in the cable, the most likely culprit for the issue is crosstalk. Crosstalk occurs when the data signal on one cable “hops” to another cable. This issue is most often found in unshielded twisted pair (UTP) cabling, particularly when the ends of the cable that feed into the RJ-45 jack are too long. Those types of connection issues are common with cables made by new employees. Solutions include purchasing professionally assembled cables, rerouting cables, adding new RJ45 connections, and upgrading to a higher grade of cable, such as CAT6 or CAT7. Latency is the time it takes for network data to travel between the sender and the recipient. Different network media have different latency rates. For example, fiber has a latency of 18ms, cable (coax) connections have 26ms latency, DSL has 44ms latency, and satellite Internet has 638ms latency. In addition, the network load on specific equipment, such as routers and switches, can impact data transmission and increase the latency. Electromagnetic interference (EMI) is most often caused by running unshielded twisted pair (UTP) network cables too close to devices that cause interference, like microwaves, elevators, and fluorescent lights. If you cannot reroute cables, consider using shielded twisted pair (STP) or fiber-optic cable. EMI is not likely because you suspect the interference is within the cable, which is crosstalk not EMI. Damaged cables can present several different symptoms. When you plug a damaged cable into a switch or a NIC, you should get a connectivity light. If you plug a cable into a Windows computer and you get a “No Connection” message, the cable is most likely damaged. Damaged cables can also cause dropped, intermittent, or slow connections. A cable where the wires are broken somewhere, or the jack is failing might work if you move the cable around, indicating a damaged cable. If any of these issues occur, you should replace the cable. Damaged cables is not the likely problem because you state in the scenario that you suspect interference between two pairs in the cable. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Crosstalk, http://sourcedaddy.com/networking/crosstalk.html Question #157 of 200 Question ID: 1123384 Which would be the best device to provide multiple security functions in a central location? A) Multi-layer switch B) UTM appliance C) Load balancer D) Layer 7 firewall Explanation A Unified Threat Management (UTM) appliance would be the best device to provide multiple security functions in a central location. UTM appliances incorporate multiple security and performance functions in one device. Some of those services can include load balancing, email security, URL filtration, and wireless security. A multi-layer switch, in addition to working at the Data Link layer (Layer 2), also performs many Layer 3 router functions. When ports on a multi-layer switch are configured as Layer 2 ports, traffic is routed based on the MAC address. When ports are configured as Layer 3 ports, traffic is routed based on IP addresses. Multi-layer switches have the ability to route packets between VLANs. A load balancer can be used to divert incoming web traffic to specific servers based on its content, reducing the workload on the primary server. The destination server is determined by data in Transport layer or Application layer protocols. Traffic distribution can be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest response time. A Layer 7 firewall or Next Generation Firewall (NGFW) combines traditional firewall functionality with an Application layer firewall. A traditional firewall that allows HTTP traffic on port 80 may also permit an SQL injection attack embedded in a properly formed HTTP request. An Application layer firewall would perform a more intensive examination of the traffic instead of just allowing the traffic on a given port. In this example, even though HTTP traffic on port 80 is allowed on a traditional firewall, the Application layer firewall would look for an SQL injection attack, and block the data. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 109/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: The Difference Between a Next Generation Firewall and a UTM Appliance, https://www.volico.com/the-difference-between-a-next-generation-firewall-and-a-utm-appliance Question #158 of 200 Question ID: 1123547 A user is complaining that she cannot log on to the network server. What specific steps should you take to locate the problem? (Choose three.) A) Ask the user reporting the problem to reboot her workstation. B) Ping the server. C) Reboot the network server. D) Have a user on a remote segment try to log on to the server. E) Have a user on the local segment try to log on to the server. Explanation A logical first place to start troubleshooting would be to determine if the condition is network-wide or workstation specific. Have other similar users both on local segments and remote segments attempt to perform the same actions. You should also verify that connectivity with the server can be established. You can do this by pinging the server. Rebooting the network server or the user's workstation are not good first steps in attempting to resolve the problem. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: Chapter 12: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #159 of 200 Question ID: 1289200 Which attack involves the use of multiple computers with the purpose of denying legitimate access to a critical server? A) distributed denial-of-service (DDoS) attack B) denial-of-service (DoS) attack C) land attack D) Ping of Death attack Explanation Distributed denial-of-service (DDoS) attacks are an extension of the denial-of-service (DoS) attack. In DDoS, the attacker uses multiple computers to target a critical server and deny access to the legitimate users. The primary components of a DDoS attack are the client, the masters or handlers, the slaves, and the target system. The initial phase of the DDoS attack involves using numerous computers referred to as slaves and planting backdoors in the slaves that are controlled by master controllers. Handlers are the systems that instruct the slaves to launch an attack against a target host. Slaves are typically systems that have been compromised through backdoors, such as Trojans, and are not aware of their participation in the attack. Masters or handlers are systems on which the attacker has been able to gain administrative access. The primary problem with DDoS is that it addresses the issues related to the availability of critical resources instead of confidentiality and integrity issues. Therefore, it is difficult to detect DDoS attacks by using security technologies such as SSL and PKI. To detect the use of zombies in a DDoS attack, you should examine the firewall logs. Both zombies and botnets can be used in a DDoS attack. Launching a traditional DoS attack might not disrupt a critical server operation. Launching a DDoS attack can bring down the critical server because the server is being overwhelmed by processing multiple requests until it ceases to be functional. Trinoo and tribal flow network (TFN) are examples of DDoS tools. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 110/142 4/18/22, 4:07 PM N10-007 Exam Simulation A land attack involves sending a spoofed TCP SYN packet with the target host's IP address and an open port as both the source and the destination to the target host on an open port. The land attack causes the system to either freeze or crash because the computer continuously replies to itself. A Ping of Death is another type of DoS attack that involves flooding target computers with oversized packets, exceeding the acceptable size during the process of reassembly, and causing the target computer to either freeze or crash. Other denial-of-service attacks, referred to as smurf and fraggle, deny access to legitimate users by causing a system to either freeze or crash. A denial-of-service (DoS) attack is an attack on a computer system or network that causes loss of service to users. The DoS attack floods the target system with unwanted requests. It causes the loss of network connectivity and services by consuming the bandwidth of the target network or overloading the computational resources of the target system. The primary difference between DoS and DDoS is that in DoS, a particular port or service is targeted by a single system and in DDoS, the same process is accomplished by multiple computers. There are other types of denial-of-service attacks such as buffer overflows, where a process attempts to store more data in a buffer than amount of memory allocated for it, causing the system to freeze or crash. For the Network+ exam, you need to understand the following about DoS attacks: Distributed DoS - carried out using multiple computers that are referred to as botnets. This attack will cause a traffic spike and is a coordinated attack so that all the botnets participate in the attack. Reflective/amplified - uses potentially legitimate third-party component to send the attack traffic to a victim, hiding the attackers' identity. The attackers send packets to the reflector servers with a source IP address set to their victim's IP, indirectly overwhelming the victim with the response packets. Domain Name System (DNS) and Network Time Protocol (NTP) servers are particularly susceptible to this attack. Smurfing - a DDoS attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address. The target of the attack is flooded with packets, causing performance to decline. Friendly/unintentional DoS - a DoS attack that is carried out by devices that have legitimate access to the attacked server. This can occur as part of a DDoS where the legitimate device is a botnet. It could also occur when a user inadvertently causes a DoS attack due to initializing multiple requests that hang up the server. Physical attack - an attack where an attacker attacks a device in such a way as to permanently put it out of commission. Also referred to as permanent DoS, this attack may involve affecting the firmware or infecting the device with malware. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #160 of 200 Question ID: 1289261 Your network is shown in the following image: Workstations A4 and A5 were recently added to the network. Since the clients have been added, the network has been running very slowly. Which two conditions could be causing this problem? (Choose two.) A) You have exceeded your network server access limits. B) You exceeded the maximum number of computers allowed on the network. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 111/142 4/18/22, 4:07 PM N10-007 Exam Simulation C) A connector is loose. D) The bus network might be missing a terminator. Explanation The exhibit shows a bus network, which must be properly terminated. If it is not properly terminated, the entire network segment will run slowly due to signal reflection. A loose connector will also cause signal reflection. The server access limits and the maximum number of computers have not been exceeded. Incorrect termination (mismatched standards) can occur when the cabling connectors are configured with the wrong individual pin in the connector sockets. Straight-through - With this type of cable, each pin connects to the same pin on the opposite side. This cabling is used when connecting unlike devices, such as connecting a router to a hub, connecting a computer to a switch, or connecting a LAN port to a switch, hub, or computer. Crossover - With this type of cable, some of the internal wires cross over each other by switching the orange-white and green-white wires, and then the orange and green wires. This cabling is used when connecting like devices, such as connecting a computer to a router, connecting a computer to a computer, or connecting a router to a router. For the Network+ exam, you must also understand these common copper cable issues: Shorts - Shorts occur when two copper connectors touch each other, resulting in current flowing through that short because the short has lower resistance. Use a cable tester to determine if a short has occurred. Opens - Opens occur when there is a break or improper termination in the cabling that prevent current from flowing through a circuit. Use a cable tester to determine if an open has occurred. Bad connector - A bad connector will cause a connection to be unsuccessful. You can either replace the entire cable or replace the connector, depending on the length of run. For example, it is often easier to replace the connection on a longer cable (over 25 feet or so). But for smaller, more common cables, it can be easier to replace the cable and then replace its connector later. Bad wiring - Bad wiring, like a bad connector, will cause a connection to be unsuccessful. If the wiring is the problem, it is best to just replace the cable. Split pairs - A split pair is a wiring error where two wires of a twisted pair are instead connected using two wires from different pairs. It most commonly occurs when a punchdown block is wired incorrectly or when RJ-45 connectors are crimped onto the wrong wires. In both of these situations, you will need to rewrite the block or connector. Tx/Rx reversed - A straight-through cable has the same transmit (Tx) or receive (Rx) leads at each end, while they are reversed at one end in a crossover cable. A straightthrough cable connects dissimilar devices, while a crossover cable connects like devices. If you use a crossover cable in the wrong location on the network, the device will be unable to connect to the network. You should replace the cable with the correct type. Some switches support medium dependent interface crossover (MDIX), which allows a switch port to properly configure its leads as Tx or Rx. However, if a network device does not support MDIX, you must use the appropriate cable (that is, a crossover cable). If loss of connection occurs, you are using the wrong cable or have the switch leads configured incorrectly. Bad SFP/GBIC module (cable or transceiver) - Switches can include gigabit interface converter (GBIC) and small form-factor pluggable (SFP) modules. If one of these modules goes bad, you can either replace it if possible. Otherwise, the switch will have to be replaced. To determine if the module has failed, you need to use an LC loopback tester. Copper cabling can also be affected by EMI/RFI, cross-talk, cable mis-placement, signal attenuation, and distance limitations. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #161 of 200 Question ID: 1289211 You have expanded the number of nodes on your network and have added a second 24-port switch. The new switch is in place and has sufficient port capacity for another six nodes in the future. What should you do to increase the security of the switch? A) Use secure protocols B) Upgrade firmware C) Install patches and updates D) Disable unused ports https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 112/142 4/18/22, 4:07 PM N10-007 Exam Simulation Explanation Disabling unused ports is an excellent way to secure a switch. You should only enable designated active ports needed for network connections. As an example, if you have a 24port switch, but only 18 of those are needed for connected hosts, you should set the status of the other six ports to “disabled.” Upgrading firmware is one way to ensure that the network component is performing properly, or to the current standard. Firmware differs from a driver. A driver allows the hardware communicate with an operating system, such as Windows 10, Linux, or OSX. Firmware is the software that allows the hardware device to operate. A simplified example of one aspect of firmware would be the line of instruction on the NIC that causes the green light to blink when network traffic is present. Using secure protocols is paramount to network security. In SOHO networks, routers (as an example) are shipped with insecure protocols, such as WEP, enabled. While WEP is the easiest for consumer or novice to use while getting the network up and running, it is inherently insecure and should be disabled in favor of a more secure protocol such as WPA2. Installing patches and updates to the network hardware will ensure that the firmware is up to date and that any remedies to known security issues will be corrected. Objective: Network Security Sub-Objective: Given a scenario, implement network device hardening. References: Cisco Networking Academy's Introduction to Basic Switching Concepts and Configuration, http://www.ciscopress.com/articles/article.asp?p=2181836&seqNum=7 Question #162 of 200 Question ID: 1289096 Your company’s network has recently switched to using only IPv6 addresses. You need to understand the types of addresses used on the network. Match the IPv6 addresses on the left with the IPv6 address type to which each belongs. Each address will only match to a single address type, and each address type will only have a single address. {UCMS id=5709141895020544 type=Activity} Explanation The IPv6 address types should be matched with the given IPv6 addresses as follows: APIPA - fe80::/10 Private - fc00::/7 Loopback - ::1/128 Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: IPv6 address, https://en.wikipedia.org/wiki/IPv6_address CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IP Version 6 Question #163 of 200 Question ID: 1289265 The network you administer is organized according to the following image: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 113/142 4/18/22, 4:07 PM N10-007 Exam Simulation ElliotA, KateB, and PayR are workstations. FileSrv is a file server, and WebSrv is a Web server. FRW1 and FRW2 are firewalls. WebSrv is on a demilitarized zone (DMZ) that is maintained between the two firewalls. Router1 connects the network to the Internet. Remote users on the Internet connect to WebSrv, and some remote users on the Internet are allowed to gain access to files on FileSrv. Users report a network connectivity problem, so you test network connectivity. ElliotA can connect to KateB and FileSrv. KateB can connect to WebSrv. WebSrv can connect to PayR and FileSrv. FileSrv cannot connect to Router1, but FileSrv can connect to FRW1 and FRW2. Internet users can connect to Router1, but they cannot connect to WebSrv. What is most likely causing the connectivity problem on the network? A) Router1 is overloaded with network traffic. B) The port on Hub1 that connects FileSrv to the hub is not able to send or receive data. C) The cable that connects Router1 to FRW2 is not properly connected to FRW2. D) Router1's connection to the Internet is down. E) FRW1 is configured with an invalid IP address. Explanation The most likely cause of the network connectivity problem in this scenario is that the cable that connects Router1 to FRW2 is not properly connected to FRW2. If the cable is not properly connected, then users on the Internet will be able to contact Router1, but they will not be able to gain access to resources on WebSrv. Also, computers on the network will be able contact one another and the firewalls, but they will not be able to contact Router1 or connect to the Internet. Potential issues with the cable are a bad connector, bad internal wiring, a split (a physical cut in the cable), or a termination problem. Bad connector - If you suspect that a connector is bad on a short cable, it may be easier to replace the entire cable than one connector. However, for long cable runs that extend over a long distance, you should replace the connector so that the cable will not have to be re-routed. Bad wiring - If you suspect that the cable itself is damaged or nonfunctional, you should always replace the cable. Split cables - This is similar to bad wiring but is much easier to diagnose because the cable is actually cut. An open circuit can be the direct result of this issue. Incorrect termination - This occurs when the cabling connectors are configured with the wrong individual pin in the connector sockets, or when a twisted pair cable is wired as a split pair. Straight-through - With this type of cable, each pin should connect to the same pin on the opposite side. This cabling is used when connecting unlike devices, such as connecting a router to a hub, a computer to a switch, or a LAN port to a switch, hub, or computer. Crossover - With this type of cable, some of the internal wires should cross over each other by switching the orange-white and green-white wires, and then the orange and green wires. This cabling is used when connecting like devices, such as connecting a computer to a router, a computer to a computer, or a router to a router. TX/RX reversal is another kind of cabling error. A straight-through cable has the same transmit (Tx) or receive (Rx) leads at each end, while they are reversed at one end in a crossover cable. A straight-through cable connects dissimilar devices, while a crossover cable connects like devices. If you use a crossover cable in the wrong location on the network, the device will be unable to connect to the network. You should replace the cable with the correct type. Some switches support medium dependent interface crossover (MDIX). This allows a switch port to match its leads to the cable you have used. However, if a network device does not support MDIX, you must use an appropriate cable (that is, a crossover cable) to allow its Tx leads to connect to the Rx leads on a connected device. If loss of connection occurs, you are using the wrong cable or have the switch leads configured incorrectly. A split pair is a wiring error where two wires of a twisted pair are instead connected using two wires from different pairs. It most commonly occurs when a punch-down block is wired incorrectly or when RJ-45 connectors are crimped onto the wrong wires. In both of these situations, you will need to rewrite the block or connector. Open circuits or short circuits could also cause loss of connection. An open circuit is usually the result of a broken cable or improper termination. This causes an incomplete connection and complete failure of the electric current. A short circuit occurs when there is unwanted contact with the cabling. This results in the current following an unwanted path, which could cause overheating or burning. If the network connectivity problem were caused by an invalid IP address on FRW1, then users on the Internet would be able to gain access to WebSrv, but FileSrv would not be able to connect to FRW1, FRW2, WebSrv, or the Internet. If the port on Hub1 that connects FileSrv were not able to send or receive data, then Internet users would be able to gain access to WebSrv, but KateB would not be able to contact WebSrv, and ElliotA would not be able to contact FileSrv. If Router1 were not connected to the Internet, then Internet users would not be able to connect to Router1 and users on the network would not be able to connect to the Internet. If Router1 were overloaded with network traffic, https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 114/142 4/18/22, 4:07 PM N10-007 Exam Simulation then Router1 would probably be slower than usual. However, users on the Internet would be able to connect to WebSrv and computers on the network would be able to connect to WebSrv and the Internet. Other common issues with cabling include a bad SFP/GBIC module, cable placement issues, attenuation, distance limitations, EMI and RMI, and cross-talk. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #164 of 200 Question ID: 1289142 Which WAN technology offers the highest potential bandwidth? A) E3 B) T3 C) OC-3 D) Frame Relay E) FDDI Explanation OC stands for optical carrier. OCx levels are a set of transmission rates as specified by Synchronous Optical Network (SONET) for implementations over fiber-optic cable. The base rate is OC-1, which has a maximum throughput of 51.84 Mbps. OC-3 has a bandwidth potential of 155.52 Mbps. The following are transmission rates of other common WAN technologies: BRI ISDN - up to 128 Kbps PRI ISDN - up to 1.544 Mbps (over T1) T1 - up to 1.544 Mbps Frame Relay - up to 1.544 Mbps E1 - up to 2.048 Mbps E3 - up to 34.368 Mbps T3 - up to 44.736 Mbps OC-1 - up to 51.84 Mbps FDDI - up to 100 Mbps OC-3 - up to 155.52 Mbps ATM - up to 622 Mbps OC-12 - up to 622.08 Mbps OC-24 - up to 1244.16 Mbps OC-192 - up to 9953.28 Mbps You need to understand the following WAN technologies for the Network+ exam: OCX - includes speeds up to 51.84 Mbps for OC-1, 155.52 Mbps for OC-3, and 622.08 Mbps for OC-12. This network uses fiber optic cabling. All OCX networks are packetswitched networks. ATM - allows speeds up to 622 Mbps. This network uses UTP or STP. ATM is a packet-switched network. Frame relay - allows speed up to 1.544 Mbps. This network uses UTP/STP, coaxial, or fiber-optic cabling. All frame relay networks are packet-switched networks. Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 115/142 4/18/22, 4:07 PM N10-007 Exam Simulation OC3 Explained, http://ezinearticles.com/?OC3-Explained&id=328879 CompTIA Network+ N10-007 Cert Guide, Chapter 7: Wide Area Networks (WANs), WAN Technologies Question #165 of 200 Question ID: 1123433 Which action would you perform to look for candidates for exploitation across an information system? A) Patch management B) Vulnerability scanning C) Log reviewing D) Port scanning Explanation Vulnerability scanning looks for areas that are candidates for exploitation (weak spots) in networks, operating systems, applications, and equipment. Vulnerability scans can also identify the effectiveness of in-place systems designed to prevent those exploits. Log reviewing is the process of studying the event logs and looking for patterns or key triggers (such as a failed logon) that would indicate a potential problem. As an example, in the Windows OS you could look for event codes 525-537 or 539, which are indicative of a failed login attempt. Patches are updates to operating systems and applications. Patch management is the process of applying those updates, auditing for installation, and verifying that the most current patch has been applied. While some patches address performance features, they are more often associated with correcting security issues. Port scanning examines ports (0-65535) to determine if they are available for traffic (open) or blocked (closed). A company may want to enable port 80 for HTTP traffic, but disable ports 20/21 to block FTP traffic. While open ports may be candidates for exploitation, port scanning does not provide the level of information that vulnerability scanning does. Objective: Network Operations Sub-Objective: Explain common scanning, monitoring and patching processes and summarize their expected outputs. References: Vulnerability Scanning vs. Penetration Testing, https://www.secureworks.com/blog/vulnerability-scanning-vs-penetration-testing CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks Question #166 of 200 Question ID: 1123557 You are the network administrator for your company's network. All servers run Windows Server 2008. All workstations run Windows 7. The network diagram is shown in the following exhibit: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 116/142 4/18/22, 4:07 PM N10-007 Exam Simulation Workstation A2 cannot connect to Server B. Workstation B2 can connect to Server B. Workstation A2 can connect to Server A. Which command should you run from Workstation A2 to test the connection from Workstation A2 to Server B? A) ping 137.17.0.2 B) ping 137.17.0.1 C) ipconfig 137.17.0.1 D) tracert 137.17.0.2 Explanation The IP address for Server B is 137.17.0.1; therefore, the ping 137.17.0.1 command will test the communication between Workstation A2 and Server B. The ping 137.17.0.2 command will not test the communication between Workstation A2 and Server B because 137.17.0.2 is Workstation B1's IP address. The tracert 137.17.0.2 command will trace the number of router hops between Workstation A2 and Workstation B1. Using the tracert command is more resource-intensive than using the ping command. The ipconfig 137.17.0.1 command has an invalid command-line argument. The ipconfig command cannot be used to test communications between computers. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #167 of 200 Question ID: 1289089 Currently, your company uses IPv4 across its enterprise. Your company is considering using IPv6 instead of IPv4. Which improvements does IPv6 provide over IPv4? (Choose two.) A) The IP header options allow more efficient forwarding and less rigid length limits. B) The IP address size is increased from 64 bits to 128 bits with simpler auto-configuration of addresses. C) Some header fields have been dropped or made optional. D) Header fields have been made mandatory to reduce processing requirements. E) A new type of address is used to deliver a packet to a specific address node. F) The IP address size increased from 128 bits to 156 bits with simpler auto-configuration of addresses. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 117/142 4/18/22, 4:07 PM N10-007 Exam Simulation Explanation IPv6 (version 6), or IPng (next generation), offers the following improvements over IPv4: The IP address size increases from 32 bits to 128 bits. Some of the header fields have been dropped. Version 6 has less rigid length limits and the ability to introduce new options. Packets will indicate particular traffic type. Support will be provided for data integrity and confidentiality. The IPv6 header is 40 fixed bytes and has eight fields of information. Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: IPv4 or IPv6 - Myths and Realities, http://www.ciscopress.com/articles/article.asp?p=1215643 Cisco Press article: Internet Addressing and Routing First Step, http://www.ciscopress.com/articles/article.asp?p=348253&seqNum=7 CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IP Version 6 Question #168 of 200 Question ID: 1123249 Which metric is used by the Routing Information Protocol (RIP) Version 2 protocol to determine the network path? A) delay B) hop count C) convergence D) bandwidth Explanation Both Versions 1 and 2 of RIP use hop count as the primary metric to determine the most desirable network path. A metric is a variable value assigned to routes and is a mechanism used by routers to choose the best path when there are multiple routes to the same destination. Each router traversed by a packet from the source to the destination constitutes one hop. The lower the hop count, the higher the preference given to that path. Using RIP, the hop count is limited to 15 hops. Any router beyond this number of hops is marked as unreachable. RIP does not use delay as its primary metric. Delay refers to the time an Internet Protocol (IP) packet takes to travel from source to destination. Some dynamic protocols, such as Interior Gateway Routing Protocol (IGRP), use delay in combination with other parameters to determine the best path to the destination. RIP does not use bandwidth as its primary metric. Bandwidth refers to the maximum attainable throughput on a link. This metric is used as a part of the metric calculation by some routing protocols, such as IGRP and Enhanced IGRP (EIGRP). RIP does not use convergence as its primary metric. Convergence ensures that the status of a set of routers has the same knowledge of the surrounding network topology. The goal of convergence is to ensure that data is transmitted at a steady state. Link-state protocols provide faster convergence than distance-vector protocols. EIGRP provides faster convergence than OSPF, but OSPF provides faster convergence than RIP. When convergence on a routed network occurs, all routers learn the route to all connected networks. RIP v1, RIP v2, and IGRP are considered distance vector protocols. Open Shortest Path First (OSPF) is a link-state protocol. EIGRP is a balanced hybrid routing protocol, also referred to as an advanced distance vector protocol. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: CompTIA Network+ N10-007 Cert Guide, Chapter 6: Routing IP Packets, Routing Protocol Examples https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 118/142 4/18/22, 4:07 PM N10-007 Exam Simulation TCP/IP Routing Information Protocol, http://www.tcpipguide.com/free/t_TCPIPRoutingInformationProtocolRIPRIP2andRIPng.htm Question #169 of 200 Question ID: 1123331 Your organization has both UTP and STP cabling available for wiring a new building. What is the main difference in the physical composition of these cables? A) Number of twists in the wires B) Separators between the wire pairs C) Shielding D) Wire gauge Explanation Shielded twisted-pair (STP) cable is identical to unshielded twisted-pair (UTP) cable except for the shielding that encloses the twisted pairs in STP. This metallic shield protects the cable from interference caused by fluorescent light fixtures, motors, and other electromagnetic interference (EMI) sources. STP cable can be used in any implementation where UTP is used, but it is generally only used when shielding from EMI is required because it is more expensive than UTP cable. Fiber-optic cable is also NOT affected by EMI. Either STP or fiber-optic cable should be used around light fixtures. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: CCNA: Network Media Types, http://www.ciscopress.com/articles/article.asp?p=31276&seqNum=1 CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #170 of 200 Question ID: 1289112 Your company needs to be able to provide employees access to a suite of applications. However, you do not want the employees to install a local copy of the applications. Which method should you use to deploy the suite of applications? A) PaaS B) IaaS C) SaaS D) virtualization Explanation You should use Software as a Service (SaaS) to deploy the suite of applications. This will ensure on-demand, online access to the suite without the need for local installation. Another example of this type of cloud computing deployment is when a company needs to give employees access to a database but cannot invest in any more servers. WebMail is an example of this cloud computing type. Virtualization hosts one or more operating systems (OSs) within the memory of a single physical host computer. This mechanism allows virtually any OS to operate on any hardware and allows multiple OSs to work simultaneously on the same hardware. Virtualization would not be the best choice here because it would limit the number of users who could access the application suite. In addition, the performance of the virtual machine would decline as more users simultaneously access the application suite. Platform as a Service (PaaS) is not the best choice here. PaaS is a platform that provides not only a deployment platform but also a value added solution stack and an application development platform. It provides customers with an operating system that is easy to configure. It is on-demand computing for customers. Infrastructure as a Service (IaaS) is not the best choice in this situation. IaaS is a platform that provides computer and server infrastructure typically provided as a virtualization environment. The platform would provide the ability for consumers to scale their infrastructure up or down by domain and pay for the resources consumed. This cloud computing model provides the greatest flexibility but requires a greater setup and maintenance overhead than the other cloud computing models. A part of the Network+ exam, CompTIA cover three main cloud models: SaaS, PaaS, and IaaS. The security control that is lost when using cloud computing is physical control of the data. The main difference between virtualization and cloud computing is location and ownership of the physical components. When virtualization is used, a computer uses its own devices to set up a virtual machine. When cloud computing is used, a company pays for access to another company's devices. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 119/142 4/18/22, 4:07 PM N10-007 Exam Simulation Other cloud technologies that you need to be familiar with include: Private cloud - a cloud infrastructure operated solely for a single organization that can be managed internally or by a third party and host internally or externally. Public cloud - when the cloud is rendered over a network that is open for public use. Community cloud - shares infrastructure between several organizations from a specific community that can be managed internally or by a third party and hosted internally or externally. Hybrid cloud - two or more clouds (private, public, or community) that retain unique names but are bound together, offering the benefits of multiple deployment models. You also need to understand the following virtualization technologies: virtual switches, virtual routers, virtual firewall, virtual versus physical NICs, and software defined networking. Virtual devices perform the same functions as their physical counterparts. However, keep in mind that virtual devices share the resources of the physical device on which they are deployed. Therefore, with each new virtual device deployed, the performance of all the virtual devices deployed on that physical device degrades. While virtual NICs can make it appear that a machine has multiple NICs, each virtual device will still share only a single physical NIC, possibly causing performance issues. If you have a single physical computer configured with multiple virtual machines, you may want to install separate physical NICs for each virtual machine for increased throughput and load balancing. Objective: Networking Concepts Sub-Objective: Summarize cloud concepts and their purposes. References: Could Computing Basic, http://cloudcomputingtechnologybasics.blogspot.com/2011/05/cloud-computing-comparing-saas-paas-and.html CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Virtual Network Devices Question #171 of 200 Question ID: 1123614 You have implemented a new 802.11b 2.4-GHz WLAN. Which of the following devices can cause interference with this network? (Choose all that apply.) A) electrical wiring B) cable TV cabling C) cordless phones D) microwave ovens Explanation Microwave ovens can cause interference for 802.11b wireless local area networks (WLANs) that operate in the 2.4-GHz frequency band. Microwave ovens operate at the 2.45GHz frequency band, and can cause interference when used in areas where 802.11b WLANs are deployed. Cordless phones can also cause interference. Typically these cordless phones use a higher transmitting power than the access points and can create a lot of noise in 802.11b WLANs. To avoid the interference from cordless phones, you can change either the location of access points or the location of the cordless phones. You can use the cordless phones that operate at 900MHz frequency band to avoid interference with 802.11b WLANs. Most medical equipment that uses radio frequencies operates in the 2.4-GHz ISM frequency band. Therefore, when doing a site survey, you must consider the interference by microwave ovens, cordless phones, and other devices that operate in the 2.4-GHz ISM frequency band, and you should plan the positions of the access points according to these devices to avoid interference. Pools of water, trees, and construction materials, such as steel and wood, may absorb the radio frequency signals from 802.11b 2.4-GHz WLANs. Objects with water content should be avoided to prevent signal absorption problems. Cable TV cabling and electrical wiring do not cause interference with 802.11b WLANs. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wireless connectivity and performance issues. References: Introduction to Wireless LANs, http://www.ciscopress.com/articles/article.asp?p=791594&seqNum=3 CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Deploying Wireless LANs https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 120/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #172 of 200 Question ID: 1289135 Your company is deploying a VoIP system on its premises at three locations. The internal VoIP system must communicate with the existing PSTN network. Which device will be necessary to permit network-based calls to access the PSTN, and for PSTN-based calls to access the network? A) IP-ISDN adapter B) IP-PBX adapter gateway C) VoIP-PSTN gateway D) PBX system E) Internet modem Explanation The company must deploy one or more VoIP-PSTN gateways. These devices establish the routing of calls to the existing PSTN network. Such gateways connect to the PSTN network through T1/E1/J1, ISDN, or FXO interfaces. IP-PBX adapters permit VoIP devices to interact with PBX-based devices for calling. They do not support communications with the existing PSTN network. IP-ISDN adapters permit VoIP devices to interact with ISDN-based PBX systems. Like IP-PBX adapters, IP-ISDN adapters do not support communications with the existing PSTN network. An Internet modem permits local Wi-Fi or Ethernet devices to communicate with devices on other IP networks across a WAN or broadband link. Internet modems do not support communications with the existing PSTN network. A PBX or private branch exchange system provides support for private, in-house telephony. Such systems can (and usually do) connect to the existing PSTN, but they do not in and of themselves support communications with a PSTN. PBX systems are closely linked with the PSDN network, but existing PBX systems can also be migrated to VoIP using suitable adapters. A VoIP adapter used in combination with a PBX system constitutes an IP-PBX adapter that may be used to interface a PBX with an IP network and its VoIP devices. IP-ISDN fills the same role for ISDN-based PBX systems, where and IP-ISDN adapter may be used to interface an ISDN-PBX with an IP network and its VoIP devices. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Typical VoIP Deployment Example http://what-when-how.com/voip/typical-voip-deployment-example/ Question #173 of 200 Question ID: 1289127 You will have a very small wiring closet for your routers. While the company will use fiber-optic cabling, you would like to use the smallest form connector to conserve space. The connector you plan to use should be roughly half the size of the other connectors. Which fiber-optic connector should you use? A) ST B) BNC C) LC D) SC Explanation A Lucent Connector (LC) fiber-optic connector is roughly half the size of other fiber-optic connectors. Its smaller form allows for more space in the wiring closet. An LC connector resembles the following exhibit: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 121/142 4/18/22, 4:07 PM N10-007 Exam Simulation The SC connector is a square, plug-in connector used with fiber-optic cable. It is a popular choice in 100Base-FX implementations. SC stands for square connector. The SC connector uses a push to snap on and a push to snap off technology. It is larger than an LC connector. An SC connector resembles the following exhibit: There are two types of SC connectors: ultra physical contact (UPC) and angled physical contact (APC). APC connectors feature an 8-degree angle, while UPC connectors have no angle. UPC adapters are blue, while APC adapters are green. The ST connector is a round, bayonet type of connector used with fiber-optic cable, which uses a twist on-twist off technology. The ST stands for straight tip, which refers to the white tip at the end of the connector. It is larger than an LC connector. An ST connector resembles the following exhibit: A BNC connector is used to connect a 10Base2 (ThinNet) cable to a computer or network device. It is also used to terminate DS3 connections in a telecommunications facility. It is not used by fiber-optic cable. A BNC connector resembles the following exhibit: Another connector that is used with fiber-optic cabling is the Mechanical Transfer Registered Jack (MTRJ) connector. It more closely resembles the RJ-45 connector used in UTP and STP cabling. An MTRJ connector resembles the following exhibit: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 122/142 4/18/22, 4:07 PM N10-007 Exam Simulation RJ-45 connectors are used to connect unshielded twisted-pair (UTP) and shielded twisted-pair (STP) cable to hubs, network interface cards (NICs), and various other twistedpair networking devices. RJ-45 connectors are shaped like RJ-11 connectors, only larger. They use an 8-pin connector that house eight (four pair) wires. Registered Jack (RJ) connectors use a small tab to lock the connector in place. An RJ-45 connector resembles the following exhibit: An RJ-11 connector is typically used to connect two pairs of UTP wiring to a voice-grade telephone system. They are smaller than RJ-45 connectors. An RJ-11 connector resembles the following exhibit: An RJ-48C connector at first glance will look exactly like an RJ-45 connector. However, on close examination, a technician will notice that the wires are in a different order. It is mostly commonly used for T1 data lines for longer distances and when exposed to the environment. To protect the integrity of the signal, RJ48 wirings use STP cabling. A DB-9 connector, also referred to as an RS-232 connector, is a serial connector. A DB-9 connector resembles the following exhibit: Another serial connector is a DB-25 connector. A DB-25 cable resembles the following exhibit: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 123/142 4/18/22, 4:07 PM N10-007 Exam Simulation A UTP coupler is a small block for connecting two UTP cables to form a longer one. An RJ-45 UTP coupler is shown in the following exhibit: A BNC coupler works like a UTP coupler, only for BNC cables not UTP cables. A BNC couple is shown in the following exhibit: An F connector, also referred to as F-type connector, is a connector for coaxial cable. An F connector is shown in the following exhibit: An FC connector is used in fiber-optic networks. It has a threaded body that is useful in environments where vibrations occur. An FC connector is shown in the following exhibit: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 124/142 4/18/22, 4:07 PM N10-007 Exam Simulation A fiber coupler, like a UTP and BNC coupler, is used to attach two separate fiber optic cables. Fiber couplers match the particular type of fiber-optic connector that you use. Objective: Infrastructure Sub-Objective: Given a scenario, deploy the appropriate cabling solution. References: LC Connector, http://encyclopedia2.thefreedictionary.com/LC+connector CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media Question #174 of 200 Question ID: 1289075 Which option allows you to define which protocols are allowed to traverse the router, whether the traffic is inbound or outbound? A) Software-defined networking B) Distributed switching C) Access control lists D) Packet switching Explanation An access control list (ACL) allows you to define which types of traffic are allowed into or out of the network on a protocol-by-protocol basis. ACLs can also be configured based on port number, MAC address, IP address, and other criteria. Distributed switching allows a host to select from a pool of switches. It is critical that you know the difference between packet-switched and circuit-switched networks. Packet-switched networks break the traffic into small parcels. Depending on the layer at which they reside, those parcels are called packets. Each packet contains, among other things, the destination address. The receiving router uses that destination address to forward the packet to the next router. Circuit-switched networks require that a connection be established between the sender and the receiver. Once a connection is made (meaning that a circuit is formed), the data is routed from the sender to the receiver. Software-defined networks (SDNs) allow a network administrator to direct and prioritize traffic, and connections, over virtual switches, from a centralized console. SDNs can control the access to switches and routers but do not have anything to do with allowing traffic to traverse a switch or router. Objective: Networking Concepts Sub-Objective: Explain the concepts and characteristics of routing and switching. References: Access Control Lists: Overview and Guidelines, https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfacls.html https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 125/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #175 of 200 Question ID: 1289087 You need to assign a virtual IP address to an Internet server. What are valid reasons for doing so? (Choose all that apply.) A) To provide a generic address for immediate access B) To permit the same address to access multiple domain names C) To permit multiple servers to share the same address D) To permit a single network interface to service multiple incoming service requests E) To eliminate host dependencies on specific, individual network interfaces Explanation Usually abbreviated VIPA, a virtual IP address is a single IP address that may be shared among multiple domain names or servers. By assigning a virtual IP address to a host, it no longer needs to depend on specific individual network interfaces. Incoming packets target the host’s VIPA, but all are routed through to actual, specific network interfaces. VIPA thus helps to provide load balancing for incoming traffic, where switches or routers behind the scenes can distribute them evenly among a pool of available network interfaces. Although a VIPA does provide a kind of generic address for multiple domain names or servers, it does not guarantee immediate access. Access will always depend on queue depth and latency of the receiving switch or router that handles and forwards incoming service requests. A VIPA does not permit a single network interface to service multiple incoming service requests. A single network interface can only service one incoming service request at a time. The VIPA allows a device to hand off incoming service requests quickly to multiple network interfaces, thereby giving the appearance of multiplicity, but this does NOT mean a single network interface can handle more than one incoming request at a time. Fast serialization is not equivalent to parallel processing. A primary advantage of VIPA is to eliminate host dependencies on specific, individual network interfaces. Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: Virtual IP address, http://tools.ietf.org/html/rfc2373#section-2.5.1 Virtual IP address, https://www.pcmag.com/encyclopedia/term/53922/virtual-ip-address Question #176 of 200 Question ID: 1289307 A new file server is configured to allow personnel within the company to store files. Users are reporting that they cannot upload files to the file server. What might be the areas you should examine? (Choose two.) A) Blocked TCP/UDP ports B) Incorrect ACL settings C) Hardware failure D) Duplicate IP addresses Explanation The areas you should examine are blocked TCP/UDP ports and incorrect ACL settings. Blocked TCP/UDP ports are often necessary to protect the network from insecure protocols that are easily exploited by hackers. Ports that are often blocked include TCP port 23 (Telnet), TCP port 21 (FTP), TCP/UDP port 53 (DNS, as a post-attack exit port) and UDP port 161 (SNMP). For ACLs on routers and firewalls, incorrect ACL settings would allow or prevent transmission of network traffic (inbound or outbound). ACL settings on file servers can allow or deny access to the folders. Duplicate IP addresses can occur when a DHCP server “thinks” an IP address is available. For example, a client machine requests an IP address, and the DHCP server issues an address listed as available from the pool of addresses. A conflict may occur if a dormant machine comes back online, with an IP address that the DHCP server thought was expired and added back into the pool. Hardware failure could be the NIC, cable, port on a switch, the switch itself, a port on the router of the router itself, to name a few. You would first ping 127.0.0.1 to determine if the client machine is communicating with the NIC. Ping the default gateway, then the router, and then a tracert to a website to identify the faulty piece of equipment. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 126/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Securing risky network ports, https://www.csoonline.com/article/3191531/network-security/securing-risky-network-ports.html Access Control List Explained with Examples, https://www.computernetworkingnotes.com/ccna-study-guide/access-control-list-explained-with-examples.html Question #177 of 200 Question ID: 1123529 You are implementing several switches on your network. The network contains client computers that run both Internet Protocol (IP) and Internetwork Packet Exchange (IPX). To increase network efficiency, you need to configure the switches so that the two different types of traffic are isolated. Which type of virtual local area network (VLAN) should you implement? A) frame-tagging VLAN B) port-based VLAN C) subnet-based VLAN D) protocol-based VLAN Explanation You should implement a protocol-based VLAN. This will allow you to isolate the IP and IPX traffic. With protocol-based VLANs, each VLAN is configured to support a single protocol. A port-based VLAN is not used to isolate IP and IPX traffic. With this type of VLAN, each port on the switch is assigned to a VLAN. Devices attached to that port automatically becomes members of that VLAN. A subnet-based VLAN is not used to isolate IP and IPX traffic. With this type of VLAN, each subnet on your network is assigned to a VLAN. Devices are part of a subnet based on the subnet to which the device's IP address belongs. A frame-tagging VLAN is not used to isolate IP and IPX traffic. A frame-tagging VLAN is a type of port-based VLAN that uses frame tagging to allow VLANs to be spread across multiple switches. Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Overview of VLANs (Virtual LANs), https://www.alliedtelesis.com/sites/default/files/overview_vlans.pdf CompTIA Network+ N10-007 Cert Guide, Chapter 4 Ethernet Technology, Ethernet Switch Features Question #178 of 200 Question ID: 1123504 What attack is also considered to be a social engineering attack? A) a Trojan horse B) an e-mail hoax C) a logic bomb D) a backdoor Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 127/142 4/18/22, 4:07 PM N10-007 Exam Simulation An e-mail hoax is also referred to as a social engineering attack. An e-mail hoax is an e-mail message that contains a false warning about a potential virus infection. As wellmeaning users forward an e-mail hoax to other users, resulting in increased e-mail traffic that can seriously deplete the amount of bandwidth available on a network. Most network-bound viruses are spread by e-mail. Social engineering attacks are those attacks that rely on personnel to reveal information that will allow an attack to be carried out. The best defense against social engineering attacks is security training. A logic bomb is a program that is designed to destroy network resources when a specified event occurs. A backdoor is an unguarded pathway into a network. A Trojan horse is a program that seems innocuous but contains malicious code that can damage network resources or provide hackers with a pathway into a network. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: Social engineering, https://www.incapsula.com/web-application-security/social-engineering-attack.html Question #179 of 200 Question ID: 1289269 You are a network administrator. A user named Wendy uses a computer named Client1. Wendy reports that she cannot connect to other computers on the 100BaseTX Ethernet network that is depicted in the following exhibit: You test Client1 and the other computers connected to Hub A and Hub B, and you determine that only Wendy cannot connect to the network. What is most likely causing the connectivity problem in this scenario? A) A broadcast storm is emanating from the NIC in Client4. B) The NIC in Client1 is defective. C) Hub A is defective. D) Hub B is defective. Explanation The most likely cause of the connectivity problem described in this scenario is that the network interface card (NIC) in Client1 is defective. Wendy uses Client1, and Wendy is the only employee who cannot connect to the network. When Wendy reported her problem with network connectivity, you tested her computer. Then, you determined the scope of the problem by testing the other computers on the network. That test revealed that the problem was most likely related only to Wendy's computer. If HubA were defective, then the computers connected to HubA would probably not be able to connect to the network. If HubB were defective, then the computers connected to HubB would probably not be able to connect to the network. A NIC produces a broadcast storm when it becomes defective and sends a continuous stream of data packets on the network, which can cause network performance to degrade. A broadcast storm can also cause a network to stop responding. If the NIC in Client4 were producing a broadcast storm, then network performance would deteriorate or none of the computers on the network would be able to connect to the network. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 128/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #180 of 200 Question ID: 1289094 Your company’s enterprise includes multiple subnets, each of them using a different addressing class. Match the IP addresses on the left with the IP Address Class/Type on the right. {UCMS id=5631435736088576 type=Activity} Explanation The IP addresses should be matched with the IP address classes in the following manner: Class A Public - 77.24.16.74 Class A Private - 10.6.55.44 Class B Public - 143.91.63.19 Class B Private - 172.20.5.5 Class C Public - 204.29.83.91 Class C Private - 192.168.103.213 APIPA - 169.254.43.31 Class A addresses are in the 0.0.0.0 through 126.255.255.255 range. Class B addresses are in the 128.0.0.0 through 191.255.255.255 range. Class C addresses are in the 192.0.0.0 through 223.255.255.255 range. There are three reserved private IP address ranges: Class A - 10.0.0.0 through 10.255.255.255 Class B - 172.16.0.0 through 172.31.255.255 Class C - 192.168.0.0 through 192.168.255.255 Automatic Private IP Addressing (APIPA) addresses are in the 169.254.0.0 through 169.254.255.255 range Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: IP4 Address Classes, http://compnetworking.about.com/od/workingwithipaddresses/l/aa042400b.htm Question #181 of 200 Question ID: 1289154 Your client is experiencing what appears to be a decrease in network throughput. However, the symptoms the client is reporting to you are not detailed enough for you to diagnose the issue and make a recommendation. What will best assist you in pinpointing the bottleneck the next time it occurs? A) Network configuration and performance baselines B) Wiring and port locations C) Standard operating procedures/work instructions D) Rack diagrams Explanation https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 129/142 4/18/22, 4:07 PM N10-007 Exam Simulation Network configuration and performance baselines are parts of the network documentation that assist with troubleshooting. In particular, performance baselines show how the network performs under typical loads, in terms of bandwidth used, packets dropped, throughput, or other metrics, for a given period of time. Later, when network issues occur, such as a perceived drop in network speed, the administrator can compare current conditions to the previously recorded baseline. Standard operating procedures/work instructions represent key documents used to manage the network. While the two documents are related, they each have a different purpose. Standard operating procedures (SOPs) indicate what is to be done, as well as the responsible party. The work instructions describe how to execute the task identified in the SOP, but would not identify an active issue with throughput. Rack diagrams depict the placement of network equipment, such as routers, switches, hubs, patch panels, and servers, in a standard 19” rack. Rack diagrams are particularly useful when planning server rooms and networking closets as the diagrams allow the engineer to determine the proper placement of equipment prior to the physical buildout. They also serve as a tool to help locate equipment for maintenance or repair, but not to identify an active issue with throughput. Wiring and port locations should be a critical component of the network documentation. This documentation facilitates troubleshooting connectivity by not only identifying the IP or MAC address where the problem is located, but also the physical location of the problem. Wiring and port locations will not help you research performance issues until after the network configuration and performance baselines examined and compared to current performance. Objective: Network Operations Sub-Objective: Given a scenario, use appropriate documentation and diagrams to manage the network. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation How to set a network performance baseline for network monitoring, https://searchnetworking.techtarget.com/How-to-set-a-network-performance-baseline-for-network-monitoring Question #182 of 200 Question ID: 1289097 Your company’s enterprise includes multiple subnets, each of which uses a different addressing class. Match the IPv4 addresses on the left with the IPv4 address type that describes it. Each address will only match to a single address type, and each address type will only match a single address. {UCMS id=5718560221429760 type=Activity} Explanation The IPv4 address types should be matched with the given IPv4 addresses as follows: Class A - 12.174.25.98 Class B - 162.58.123.84 Class C - 219.214.211.167 APIPA - 169.254.1.1 Private - 172.16.2.3 Loopback - 127.0.0.1 Multicast - 225.47.72.63 Objective: Networking Concepts Sub-Objective: Given a scenario, configure the appropriate IP addressing components. References: IPv4 Addressing, https://technet.microsoft.com/en-us/library/dd379547(v=ws.10).aspx CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses Question #183 of 200 Question ID: 1289263 You have been called to troubleshoot a workstation problem in the oldest building on your company's corporate campus. The network workstations in that building are unreliable. When the room lights are on, connectivity is lost, but when the room lights are off, the network is functional. Upon arrival, you quickly survey the work environment. You observe https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 130/142 4/18/22, 4:07 PM N10-007 Exam Simulation the following conditions: Lighting consists mainly of fluorescent lights. Temperature is 65 degrees Fahrenheit (18 degrees Celsius). Humidity is 75%. Employees own space heaters, but they are not using them. Electrical outlets appear outdated. What is most likely causing the loss of connectivity? A) Fluorescent lighting in the room B) Low temperature C) Voltage fluctuation in the outlets D) Defective network hubs Explanation Because the loss of connectivity is only occurring when the fluorescent lights are turned on, it points to electromagnetic interference (EMI) being emitted by fluorescent lighting. EMI is essentially electrical noise that is picked up on the network cable. EMI from fluorescent lights can corrupt data; therefore, you should consider your choice of network cable carefully if you must place the cable near fluorescent lights. Ideally, network equipment should be maintained at a room temperature of 70 degrees Fahrenheit (21 degrees Celsius). However, even lower-than-ideal temperatures would not affect equipment. Defective network hubs would not cause fluctuating connectivity problems. Rather, connectivity would be permanently lost until the problem hub is replaced. A bad switch module would also cause loss of connection. Switches can include gigabit interface converter (GBIC) and small form-factor pluggable (SFP) modules. If one of these modules goes bad, you can either replace it if possible. Otherwise, the switch will have to be replaced. To determine if the module has failed, you need to use an LC loopback tester. Voltage fluctuation in the outlets would not affect network connectivity. Instead, computers rebooting, computer power supply failures, or temporary loss of power could result from voltage fluctuation. EMI affects cable placement. Cable placement issues may vary depending on the type of media (twisted pair, coaxial, or fiber) used. You should avoid running cables near objects that may cause problems with the cabling. You should arrange cables to minimize interference. Ideally, Ethernet cables should not be placed close to high voltage cables, generators, motors, or radio transmitters. Often using shielded cabling will prevent this problem. You could also move the interfering device or the cable. Cross-talk is a specialized type of EMI caused by parallel runs of twisted-pair cables. The only solution to this problem is to change the path of the cables. Near-end crosstalk (NEXT) measures the ability of the cable to resist crosstalk. Most commercial cabling will give you the minimum NEXT values that are guaranteed. Far-end crosstalk (FEXT) measures interference between two pairs of a cable measured at the other end of the cable with respect to the interfering transmitter. Other physical connectivity problems include the following: Bad connectors - If you suspect that a connector is damaged or nonfunctional, you should replace the connector. Often it is much easier to replace the entire cable rather than the connector. However, for long cable runs that extend over a long distance, you should replace the connector so that the cable will not have to be re-routed. Bad wiring - If you suspect that a cable is damaged or nonfunctional, you should replace the cable. Always ensure that the new cable is functional before using it to replace the known-bad cable. Open or short circuits - An open circuit is usually the result of a broken cable or improper termination. This causes an incomplete connection and complete failure of the electric current. A short circuit occurs when there is unwanted contact with the cabling. This results in the current following an unwanted path, which could cause overheating or burning. Split cables - The cable is actually cut. An open circuit can be the direct result of this issue. Db loss - Db loss in cabling occurs because the voltage decays slowly as the current travels the length of the cable. Therefore, the longer the cable run, the more Db loss occurs. The loss is predictable based on cable length. You should either decrease the cable length or install repeaters to reduce Db loss. TX/RX reversed - A straight-through cable has the same transmit (Tx) or receive (Rx) leads at each end, while they are reversed at one end in a crossover cable. A straightthrough cable connects dissimilar devices, while a crossover cable connects like devices. If you use a crossover cable in the wrong location on the network, the device will be unable to connect to the network. You should replace the cable with the correct type. Some switches support medium dependent interface crossover (MDIX), which allows a switch port to properly configure its leads as Tx or Rx. However, if a network device does not support MDIX, you must use the appropriate cable (that is, a crossover cable). If loss of connection occurs, you are using the wrong cable or have the switch leads configured incorrectly. Distance - This issue is caused when cable lengths exceed the maximum distance allowed by a particular media type. Ensure that your cable runs do not exceed the maximum distance allowed. Repeaters could also be used to prevent this problem. Incorrect termination (mismatched standards) - Incorrect termination occurs when the cabling connectors are configured with the wrong individual pin in the connector sockets. Straight-through - With this type of cable, each pin connects to the same pin on the opposite side. This cabling is used when connecting unlike devices, such as connecting a router to a hub, connecting a computer to a switch, or connecting a LAN port to a switch, hub, or computer. Crossover - With this type of cable, some of the internal wires cross over each other by switching the orange-white and green-white wires, and then the orange and green wires. This cabling is used when connecting like devices, such as connecting a computer to a router, connecting a computer to a computer, or connecting a router to a router. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 131/142 4/18/22, 4:07 PM N10-007 Exam Simulation Split pairs - A split pair is a wiring error where two wires of a twisted pair are instead connected using two wires from different pairs. It most commonly occurs when a punchdown block is wired incorrectly or when RJ-45 connectors are crimped onto the wrong wires. In both of these situations, you will need to rewrite the block or connector. Often network cable testers can identify any of the above problems. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common wired connectivity and performance issues. References: Choosing an Optimal Location for Your Data Center: Electromagnetic Interference, http://www.ciscopress.com/articles/article.asp?p=417091 CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #184 of 200 Question ID: 1289293 You are the network administrator for your company. One of your trainees configured the company's network. However, the network is not working. You ran the ipconfig command on Host A and found that the subnet mask on Host A is not properly configured. The network is shown in the following image: Which subnet mask should you configure on Host A to solve the problem? A) 255.255.0.0 B) 255.255.192.0 C) 255.255.240.0 D) 255.255.254.0 Explanation According to the diagram in this scenario, the IP address configured on Host A is 172.32.2.3 and the broadcast address is 172.32.3.255. If the broadcast address for this network is 172.32.3.255, then the network ID of the next subnet in the series of subnets created by the mask is 172.32.4.0. Because the gateway address (which must be in the same subnet as the hosts) is 172.32.2.1, it indicates that the subnet that contains the three addresses (IP address, gateway and broadcast address) has a network ID of 172.32.2.0. The mask must be 255.255.254.0. It would yield the following subnet IDs: 172.32.0.0 172.32.2.0 172.32.4.0 172.32.6.0 …and so on. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 132/142 4/18/22, 4:07 PM N10-007 Exam Simulation The mask could not be 255.255.0.0. This is a standard class B mask, and when used the broadcast address would be 172.32.255.255, not 172.32.3.255. The mask could not be 255.255.240.0. This would create an interval of 16 between subnets in the third octet, which would yield the following subnet IDs: 172.32.0.0 172.32.16.0 172.32.32.0 …and so on. If this were the case, the broadcast address for these addresses' subnet would be 172.32.15.255, not 172.32.3.255. The mask could not be 255.255.192.0. This would create an interval between subnets of 64 in the third octet, which would yield the following subnet IDs: 172.32.0.0 172.32.64.0 172.32.128.0 …and so on. If this were the case, the broadcast address for the subnet hosting these addresses would be 172.32.63.255, not 172.32.3.255. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, troubleshoot common network service issues. References: Understanding IP Addresses, http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ustand_ip_add CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting Question #185 of 200 Question ID: 1289185 In the context of physical security, which statement related to security guard personnel is most appropriate? A) Security guard personnel act as the last line of defense in securing the facility infrastructure. B) Security guard personnel are a cost effective countermeasure to reduce physical security risk. C) Security guard personnel are one of the administrative controls in a layered security architecture. D) Security guard personnel are the most expensive countermeasure for reducing the physical security risk. Explanation Security guard personnel are the most expensive countermeasure used to reduce physical security risks. The cost of hiring, training, and maintaining them can easily outweigh the benefits. Security guard personnel, in combination with other physical security controls and technical controls such as fences, gates, lighting, dogs, CCTVs, alarms, and intrusion detection systems, act as the first line of defense in maintaining the security of a facility infrastructure . Security guards are the best protection against piggybacking. Mantraps also provide protection against piggybacking. The last line of defense is the remaining workforce of the company, excluding the security guards, in a layered security architecture. Personnel are an example of physical security controls and not administrative controls. Objective: Network Security Sub-Objective: Summarize the purposes of physical security devices. References: Security Guards, http://homesecurity.about.com/od/homesecurity/a/Security-Guards.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks Question #186 of 200 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 Question ID: 1123378 133/142 4/18/22, 4:07 PM N10-007 Exam Simulation A consultant recommends that your company implements an appliance firewall. To which type of firewall is this referring? A) hardware B) software C) embedded D) application Explanation A hardware firewall is also referred to as an appliance firewall. Appliance firewalls are often designed as stand-alone black box solutions that can be plugged in to a network and operated with minimal configuration and maintenance. An application firewall is typically integrated into another type of firewall to filter traffic that is traveling at the Application layer of the Open Systems Interconnection (OSI) model. An embedded firewall is typically implemented as a component of a hardware device, such as a switch or a router. A software firewall is a program that runs within an operating system, such as Linux, Unix, or Windows 2000. If you set up a subnet with computers that use peer-to-peer communication, a software firewall is probably the best firewall solution. Firewalls can be used to create demilitarized zones (DMZs). A DMZ is a network segment placed between an internal network and a public network, such as the Internet. Typically, either one or two firewalls are used to create a DMZ. A DMZ with a firewall on each end is typically more secure than a single-firewall DMZ. However, a DMZ implemented with one firewall connected to a public network, a private network and a DMZ segment is cheaper to implement than a DMZ implemented with two firewalls. Objective: Infrastructure Sub-Objective: Explain the purposes and use cases for advanced networking devices. References: Chapter 6: Firewalls, http://service.real.com/help/library/guides/helixuniversalproxy/htmfiles/firewall.htm Introduction to firewalls: Types of firewalls, http://searchnetworking.techtarget.com/generic/0,295582,sid7_gci1282044,00.html CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #187 of 200 Question ID: 1123389 Which device or feature provides a bridge between the physical environment and the virtual environment? A) Virtual firewall B) Virtual router C) Hypervisor D) Virtual NIC Explanation A virtual network interface card (NIC) operates within the virtual environment. In common practice, it is bridged to the physical NIC on the host system so the virtual machine can communicate with another network segment or the Internet. A hypervisor (or virtual machine monitor) provides supervisory and management functions on a machine (host) on which one or more virtual machines are deployed. Hypervisors are categorized as Type 1, which installed on the "bare metal," or Type 2, which are installed on top of the operating system as an application. Examples of Type 1 include KVM for Linux and Microsoft's Hyper-V Server 2012. Examples of Type 2 hypervisors include VMware Workstation and OracleBox. Virtual firewalls provide the same function as regular firewalls, but provide them in a virtual environment. Virtual routers provide the same router functions as physical routers, but a virtual environment. Virtual routers are software based and do not require physical hardware. Objective: Infrastructure Sub-Objective: Explain the purposes of virtualization and network storage technologies. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 134/142 4/18/22, 4:07 PM N10-007 Exam Simulation References: Virtualizing a Network Card, https://www.usenix.org/legacy/publications/library/proceedings/usenix01/sugerman/sugerman_html/node5.html Question #188 of 200 Question ID: 1289145 Which of the following uses cells that are equally sized at 53 bytes each? A) PPPoE B) DMVPN C) SIP trunk D) ATM Explanation Asynchronous Transfer Mode (ATM) is a network transmission model used in voice, video, and data communications that uses equally sized cells that are all 53 bytes long. The equal length of the data packets supports very high data rates. ATM is deployed in Optical Carrier (OC) backbone network segments. Point-to-Point Protocol over Ethernet (PPPoE) encapsulates Point-to-Point Protocol (PPP) frames over Ethernet. It is typically used in DSL to allow subscribers on Ethernet networks to connect over DSL modems. Dynamic Multiport Virtual Private Network (DMVPN) allows an organization to exchange data over a secure network of VPNs, without having to route the data through the organization’s primary VPN router. In essence, a DMVPN creates a mesh VPN topology. Session Initialization Protocol (SIP) trunking is used in Voice over IP telephony. The SIP trunk connects the incoming gateway with the customer’s Private Branch Exchange (PBX). Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: ATM In Computer Networks: History And Basic Concepts, https://fossbytes.com/atm-asynchronous-transfer-mode-history-basic-concepts/ Question #189 of 200 Question ID: 1289178 Management has decided to renovate a portion of the office. You have been asked to relocate several computers and other network devices in the renovation area to another part of the building. After relocating the computers and devices, you document the new location. What is the term used to describe the actions you took? A) SLA B) NAC C) asset management D) baseline Explanation Asset management involves documenting information regarding the company assets, including location, user, IP address, and other information. Asset management is part of the network documentation that must be maintained. A service level agreement (SLA) is an agreement from a service provider that details the level of service that will be maintained. Network access control (NAC) is a method whereby an organization implements rules for security for devices that connect to the network. The rules include all requirements for any device to connect to the network. If a device is compliant, it is given access to the network. If it is not, it will be quarantined from the rest of the network. A baseline is a performance measurement against which all future measurements are compared. Without a baseline, you have no way of knowing if performance is improving or degrading. For the Network+ exam, you also need to understand the following documentation: IP address utilization - You should always track your IP usage, particularly if you implement a network with multiple subnets. Two devices on the same network cannot use the same IP address, even if you implement private IP addresses. Carefully document your IP address usage to ensure communication. Implementing a DHCP server on your network is the best way to do this. At any time, you will be able to view IP address utilization from the DHCP server. Vendor documentation - Retain all vendor documentation for all devices, including computers. When it comes to configuration management, vendor documentation can aid you in ensuring that you purchase hardware that is compatible with the device or computer. In many cases, vendor documentation can be found online. But this isn't always https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 135/142 4/18/22, 4:07 PM N10-007 Exam Simulation the case, especially with older, legacy hardware. For the Network+ exam, you also need to understand the on-boarding and off-boarding of mobile devices. Mobile devices are increasingly being used on corporate networks. Companies must consider the impact of these devices and create the appropriate policies for their use. Formal on-boarding procedures should be developed and should include minimum security requirements for the devices. Companies should implement some sort of mobile device management (MDM), which would allow you to manage mobile devices from a central management console. MDM would allow you to on-board and off-board mobile devices quickly and easily. Objective: Network Operations Sub-Objective: Identify policies and best practices. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation Question #190 of 200 Question ID: 1289146 Which of these is NOT associated with data conversion between the ISP and the customer premise equipment? A) ATM B) Smart jack C) Demarcation point D) CSU/DSU Explanation Asynchronous Transfer Mode (ATM) is NOT associated with data conversion between the ISP and the customer premise equipment. It is a network transmission model used in voice, video, and data communications. ATM uses equally sized cells that are all 53 bytes long. The equal length of the data packets supports very high data rates. ATM is deployed in Optical Carrier (OC) backbone network segments. All of the other options are associated with data conversion between the ISP and the customer's on-premises equipment. A demarcation point is where the division is made between the service responsibilities of the ISP and the service responsibilities of the customer. It is often located at the CSU/DSU or smart jack. When a network problem occurs, the demarcation point will determine which party is responsible for fixing it, such as the customer or the ISP. A Channel Service Unit/Data Service Unit (CSU/DSU) is a device that connects a router to a digital circuit, such as a T1 line. The CSU/DSU converts the signal from a wide area network into frames for a local area network. A smart jack typically provides the conversion between a telecommunications T1 line and the customer’s network. Smart jacks can also provide an alarm if the communications link is broken, diagnostic services such as loopback, or even act as a repeater. Objective: Infrastructure Sub-Objective: Compare and contrast WAN technologies. References: ATM In Computer Networks: History And Basic Concepts, https://fossbytes.com/atm-asynchronous-transfer-mode-history-basic-concepts/ Question #191 of 200 Question ID: 1123556 You are the network administrator for your company's network. All servers run Windows Server 2008. All workstations run Windows 7. The network diagram is shown in the following exhibit: https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 136/142 4/18/22, 4:07 PM N10-007 Exam Simulation Workstation A2 is experiencing delays accessing Server B. Which utility should you run from Workstation A2 to determine the source of the slowdown? A) ping B) netstat C) ipconfig D) tracert Explanation The tracert utility will provide a listing of all routers through which data from Workstation A2 must pass on its way to Server B. If there are any problems along the way, they will show up in the output from the tracert command. The ping utility is used to determine whether a specific IP address is accessible. It works by sending a packet to the specified address and waiting for a reply. The ping utility is used primarily to troubleshoot Internet connections. It would not be useful in determining the source of the slowdown in this scenario. However, it can be used to troubleshoot connectivity to specific devices. Netstat is a TCP/IP utility that you can use to determine the computer's inbound and outbound TCP/IP connections. It displays current connections and their listening ports. It cannot be used to troubleshoot this problem. The ipconfig utility is used to display currently assigned TCP/IP network settings, such as IP address, subnet mask, and default gateway, on Windows computers. It can be run from a command prompt. When issued with the /all switch, ipconfig displays detailed information. It cannot be used to troubleshoot this problem. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #192 of 200 Question ID: 1123367 You are setting up an 802.11a wireless network in an office environment that includes three wireless access points. The wireless access points are at least 15 meters apart and are configured for automatic channel setting. Each time you turn the wireless access points on, they all choose the same channel. You need to ensure that the access points choose separate channels to prevent interference, using the least amount of administrative effort. What should you do? A) Start each wireless access point at a separate time. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 137/142 4/18/22, 4:07 PM N10-007 Exam Simulation B) Increase the distance between the wireless access points to at least 20 meters. C) Manually configure each of the access points to use channels 1, 6, and 11, respectively. D) Reduce the signal strength on each access point. Explanation You should start each wireless access point at a separate time. This will allow each access point to select a channel. Then, when the next access point is booted, it will detect the other access points' channels and use another channel besides the ones detected. 802.11a wireless access points have eight available non-overlapping channels: 36, 40, 44, 48, 52, 56, 60, and 64. 802.11a products need to be configured for automatic channel selection. Therefore, you cannot manually configure the channel. With the automatic channel selection feature, 802.11a wireless access points can detect other access points and configure their channel accordingly. This is the reason that it is important to start 802.11a wireless access points at a separate time. The suggested range for 802.11a wireless access points is 30 meters in an open space, and 10 meters in an office environment. You should not increase the distance between the wireless access points to at least 20 meters. For 802.11a wireless access points, the suggested distance in an office environment is 10 meters. You should not manually configure each of the access points to use channels 1, 6, and 11, respectively. These are the non-overlapping channels used by 802.11b and 802.11g devices. You should alternate between these three channels when using 802.11b or 802.11g wireless access points. The suggested range for 802.11b and 802.11g wireless access points is 120 meters in an open space and 30 meters in an office environment. You should not reduce the signal strength on each access point. This would require more administrative effort than is necessary to fix your problem. In addition, reducing the signal strength could cause problems for some wireless clients that are now outside the new range. It is much simpler to turn the wireless access points on at different times. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Introducing Wireless LANs Question #193 of 200 Question ID: 1289203 What typically enables a social engineering attack to occur? (Choose two.) A) believable language B) encryption C) gullibility D) the deletion of key files Explanation Gullibility, believable language, and the good intentions of users typically enable a social engineering attack to occur. An example of a social engineering attack is an e-mail hoax, which is an e-mail message that indicates the possibility of virus infection. An e-mail hoax contains a message that uses believable language to trick users into believing the hoax. In the text of an e-mail hoax, users are typically instructed to forward the message to as many others as possible, which is how an e-mail hoax replicates. Sometimes, an e-mail hoax will direct users to delete key system files, an action that can seriously damage an operating system installation. Another bomb caused by an e-mail hoax is increased use of bandwidth, which results when users on a network forward a hoax to other users. Social engineering attacks do not typically use encryption. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: Hacker tactics prey on gullible, curious, https://searchsecurity.techtarget.com/news/537875/Hacker-tactics-prey-on-gullible-curious https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 138/142 4/18/22, 4:07 PM N10-007 Exam Simulation Question #194 of 200 Question ID: 1123499 What can be used by a hacker to implement a social engineering attack on a network? A) a remote control package B) a telephone C) a multimeter D) a packet sniffer Explanation A telephone can be used by a hacker to implement a social engineering attack in which the hacker attempts to gain critical network information through social interaction with company employees. For example, a hacker might call a user on a network and ask for a user name and password. If the user is not properly trained, then the user might provide his or her user name and password to the hacker. Dumpster diving is another social engineering method that is carried out by stealing information from a company's trash disposal. To prevent dumpster diving, destroy all paper and other media that are not required. A multimeter is a device that can be used to test electrical circuits. A remote control package is a software package that enables a remote user to control a computer. Back Orifice and PCAnywhere are examples of remote control packages. A packet sniffer is a computer or device that can gather all of the network traffic from a network medium. A hacker can then analyze any captured clear text packets in an attempt to obtain critical network information. Objective: Network Security Sub-Objective: Summarize common networking attacks. References: How to Defend your Network Against Social Engineers, http://www.windowsecurity.com/articles/social_engineers.html Question #195 of 200 Question ID: 1123531 Which of the following would be used to help defend against a man-in-the-middle attack? A) Flood guard B) Root guard C) BPDU guard D) DHCP snooping Explanation DHCP snooping prevents an unauthorized DHCP server from issuing IP addresses to clients. The unauthorized or rogue DHCP server is often used in man-in-the-middle attacks. A trusted server is identified on a specific switch port by configuring the DHCP Snooping Trust State. This allows DHCP traffic to flow through the port. A DHCP server attached to a port that does not have a properly configured trust state will have its traffic blocked. Current Web communications can also be secured against eavesdropping, hijacking, and man-in-the-middle (MitM) attacks through mutual certificate authentication via Transport Layer Security (TLS). The encryption negotiated by TLS between a Web client and Web server provides protection against eavesdropping and hijacking, and the mutual authentication using certificates that provides protection against MitM attacks. Bridge Protocol Data Unit (BPDU) guard works with Spanning Tree Protocol (STP) and PortFast. When a switch receives a BPDU, the BPDU guard disables the port on which PortFast has been configured. It prevents looping, not man-in-the-middle attacks. Flood guard establishes the maximum number of MAC addresses that can be seen by an interface. The switch monitors the traffic on the interface. If the network gets flooded with MAC addresses, the flood monitor can intervene by disabling ports and filtering out traffic. Denial of Service (DoS) attacks may use traffic flooding to deny valid users the ability to interact with resources at an acceptable level, pace, or throughput. It prevents DoS flooding attacks, not man-in-the-middle attacks. Root guard protects the integrity of the root bridge in a spanning-tree environment. Root guard ensures that the switch you designate as the root bridge remains in that role until changed by an administrator. It is the same thing as a BPDU guard, which prevents looping. https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 139/142 4/18/22, 4:07 PM N10-007 Exam Simulation Objective: Network Security Sub-Objective: Explain common mitigation techniques and their purposes. References: Five Things To Know About DHCP Snooping, http://packetpushers.net/five-things-to-know-about-dhcp-snooping/ CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defense Against Attacks Question #196 of 200 Question ID: 1123285 Which of these has helped reduce wiring, weight, and cost in industrial applications? A) PAN B) SAN C) CAN D) MAN Explanation A controller area network (CAN) is used in industrial applications, originally in automotive systems. It replaces bulky wiring systems, reducing weight and cost. A CAN builds a network between controllers, allowing them to share information. A railway application, for example, might be a sensor that detects whether or not a door is closed, and locks the brakes until the sensor indicates the door is closed. A storage area network (SAN) creates a network among a pool of storage devices. It may be thought of as a RAID array that uses network connections as opposed to data cables. The SAN pool appears as a single drive letter to the client. A personal area network (PAN) is a network of devices that are in close proximity to a person, no more than a couple of meters away. Devices that can be part of PANs include wireless headphones, wearable technology, and printers. A metropolitan area network (MAN) connects several LANS together in an area roughly the size of a city. An example of a MAN might be a large hospital with several satellite offices in various neighborhoods around the city. CAN can also mean campus area network. This type of network encompasses a large campus that is usually located within a several block radius. This type of CAN connects several LANs into a single CAN. Then multiple CANs can be connected using a MAN or WAN. Objective: Networking Concepts Sub-Objective: Compare and contrast the characteristics of network topologies, types and technologies. References: Controller Area Network (CAN) Overview, http://www.ni.com/white-paper/2732/en/es Question #197 of 200 Question ID: 1123365 You want to install a device between your company's private network and the Internet that will prevent users on the Internet from transferring HTTP messages into the company's network. Which device should you install? A) a hub B) a router C) a bridge D) a firewall https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 140/142 4/18/22, 4:07 PM N10-007 Exam Simulation Explanation You should install a firewall between the Internet and your company's private network. A firewall can provide packet-filtering services for a network. Data packets can be allowed or denied entry to or from a network based on several criteria, including the Transmission Control Protocol (TCP) port number and the IP address of the sending host. In this scenario, you can configure the firewall to deny access to packets from the Internet that are sent through TCP port 80, which is the well-known TCP port for Hypertext Transfer Protocol (HTTP) messages. A bridge is a device that can divide a network into two segments. A network divided by a bridge appears to be a single network to devices and applications that operate at a higher level than the bridge. You normally use a bridge to divide a network to optimize network traffic. A hub, which is often referred to as a repeater or a repeating hub, acts as a concentration point for network connections on networks that use the star physical topology. A router connects two or more subnets and enables computers on a subnet to send data to remote subnets; although some routers provide packet-filtering capabilities, packet filtering is not a guaranteed capability with a router. Objective: Infrastructure Sub-Objective: Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them. References: Introduction to Firewalls, http://netsecurity.about.com/od/hackertools/a/aa072004.htm CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls Question #198 of 200 Question ID: 1123422 Which of the following would be the best recovery solution in the event that a network segment is unavailable? A) Dual power supplies B) Power generators C) Battery backup/UPS D) Redundant circuits Explanation Redundant circuits would be the best recovery solution in the event that a network segment becomes unavailable. The redundant circuit can provide a backup route if a NIC, cable, router, or switch fails. You can create a redundant circuit buy installing an additional NIC in a computer and connecting the second NIC to a different port on another switch. Battery backups or uninterruptable power supplies (UPSs) provide temporary power to a limited number of systems. UPSs are designed to provide enough power to allow an orderly shutdown of a system in the event of a power failure. Power generators activate when there is a loss of power. Power generators are usually gasoline or diesel engines, and will run as long as they have fuel and do not break down. They provide power for much longer periods of time than a battery backup or UPS. Dual power supplies provide redundancy in the event of a failure of one of the power supply units internally within a computer. The failure of the power supply on a missioncritical server can be catastrophic. Equipping such a server with a dual power supply will provide redundancy and increase uptime. Objective: Network Operations Sub-Objective: Compare and contrast business continuity and disaster recovery concepts. References: Build Redundancy into Your LAN/WAN, http://www.itprotoday.com/management-mobility/build-redundancy-your-lanwan CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability Question #199 of 200 https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 Question ID: 1289233 141/142 4/18/22, 4:07 PM N10-007 Exam Simulation Your Windows 7 computer is located on a TCP/IP network that uses DHCP. You want your computer to release its lease on the TCP/IP configuration that it received from the DHCP server. Which command should you issue to release the configurations? A) the tracert command B) the arp command C) the ping command D) the ipconfig command Explanation You should issue the ipconfig command with the /release switch to release your computer's lease on the TCP/IP configuration that it received from the Dynamic Host Configuration Protocol (DHCP) server. If other computers cannot locate your computer on the network, then you might need to renew the DHCP lease for your TCP/IP configuration. You can renew the lease by issuing the ipconfig /renew command at a command prompt. You can use the ping command to determine whether another computer is connected to a TCP/IP network. You can ping a computer by IP address or by DNS host name. You can use the arp command to view the Address Resolution Protocol (ARP) cache and to view and configure other information about ARP on your computer. You can use the tracert command on a Microsoft Windows computer to determine the route that a data packet takes as it travels through the network. The traceroute command is the Linux equivalent of the tracert command. Objective: Network Troubleshooting and Tools Sub-Objective: Given a scenario, use the appropriate tool. References: CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools Question #200 of 200 Question ID: 1289117 Match the description on the left with the DNS resource record on the right. {UCMS id=4880775042301952 type=Activity} Explanation The DNS resource record types are as follows: A - Maps a host name to an IPv4 address AAAA - Maps a host name to an IPv6 address CNAME - Maps an additional host name to an existing host record MX - Maps a mail server name to a domain PTR - Maps an IP address to a host name Objective: Networking Concepts Sub-Objective: Explain the functions of network services. References: List of DNS Record Types, http://en.wikipedia.org/wiki/List_of_DNS_record_types CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices https://www.knowledgehub.com/education/test/print/61961268?testId=205855163 142/142