®
1
CompTIA Network+ N10-007 Practice Tests 2020®
Published by: Examsdigest LLC., Holzmarktstraße 73, Berlin, Germany,
www.examsdigest.com Copyright © 2020 by Examsdigest LLC.
No part of this publication may be reproduced, stored in a retrieval system or
transmitted in any form, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976
United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the
Permissions Department, Examsdigest, LLC., Holzmarktstraße 73, Berlin,
Germany or online at https://www.examsdigest.com/contact.
Trademarks: Examsdigest, examsdigest.com and related trade dress are trademarks
or registered trademarks of Examsdigest LLC. and may not be used without written
permission. Amazon is a registered trademark of Amazon, Inc. All other trademarks
are the property of their respective owners. Examsdigest, LLC. is not associated with
any product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE
AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO
THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND
SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL
PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT
THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A
CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION
DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE
INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE.
2
CONTENTS AT A GLANCE
Contents at a glance ........................................................................4
Introduction ........................................................................................5
Chapter 1 Networking Concepts ...................................................10
Questions 1-38 ...................................................................................10
Chapter 2 Infrastructure ..................................................................64
Questions 39-65 ...............................................................................64
Answers 39-65 ..................................................................................74
Chapter 3 Network Operations .....................................................102
Questions 66-86 ...............................................................................102
Answers 66-86 ..................................................................................109
Chapter 4 Network Security...........................................................129
Questions 87-110 ...............................................................................129
Answers 87-110 ..................................................................................137
Chapter 5 Network Troubleshooting and Tools........................158
Questions 111-125 ..............................................................................158
Examsdigest publishes in a variety of print and electronic formats and by print-ondemand. Some material included with standard print versions of this book may not
be included in e-books or in print-on-demand. If this book refers to media such as a
CD or DVD that is not included in the version you purchased, you may find this material at https://examsdigest.com
3
Answers 111-125 .................................................................................164
THE END .............................................................................................179
4
✓ Review a reference book: CompTIA Network+ N10-007 by
INTRODUCTION
The CompTIA Network+ N10-007 examination is intended for
helping individuals to develop a career in IT covering topics
such us infrastructure troubleshooting, configuring, and managing networks.
Examsdigest is designed to give you sample questions to help
you prepare for the style of questions you will receive on the
real certification exam. However, it is not a reference book that
teaches the concepts in detail. That said, I recommend that you
review a reference book before attacking these questions so
that the theory is fresh in your mind.
✓ Get some practical, hands-on experience: After you re-
About This Book
view the theory, I highly recommend getting your hands on us-
CompTIA Network+ N10-007 Practice Tests 2020 by Examsdigest is designed to be a practical practice exam guide that will
help you prepare for the CompTIA Network+ N10-007 exams.
As the book title says, it includes 120+ questions, organized by
exam so that you can prepare for the final exam.
This book has been designed to help you prepare for the style
of questions you will receive on the CompTIA Network+
N10-007 exams. It also helps you understand the topics you
can expect to be tested on for each exam.
In order to properly prepare for the CompTIA Network+
N10-007, I recommend that you:
ing tools such us packet tracer or GNS3. Also use the command line tools from your OS to get a better understanding
about ping, tracert, netstat and more commands. The more
hands-on experience you have, the easier the exams will be.
✓ Do practice test questions: After you review a reference
book and perform some hands-on work, attack the questions
in this book to get you “exam ready”! Also claim your free 1month access on our platform to dive into to more questions,
flashcards and much much more.
Beyond The Book
This book gives you plenty of CompTIA Network+ N10-007
questions to work on, but maybe you want to track your
5
6
progress as you tackle the questions, or maybe you’re having
a couple dozen, and whether you focus on a few types of prob-
trouble with certain types of questions and wish they were all
lems or practice every type, the online program keeps track of
presented in one place where you could methodically make
the questions you get right and wrong so that you can monitor
your way through them. You’re in luck. Your book purchase
your progress and spend time studying exactly what you need.
comes with a free one-month subscription to all practice questions online and more. You get on-the-go access any way you
You can access these online tools by sending an email to the
want it — from your computer, smartphone, or tablet. Track
info@examsdigest.com to claim access on our platform. Once
your progress and view personalized reports that show where
we confirm the purchase you can enjoy your free access.
you need to study the most. Study what, where, when, and
how you want!
CompTIA Network+ N10-007 Exam Details
What you’ll find online
The online practice that comes free with this book offers you
The online practice that comes free with this book offers you
more.
the same questions and answers that are available here and
the same questions and answers that are available here and
more.
✓ Format - Multiple choice, multiple answer and performancebased
The beauty of the online questions is that you can customize
✓ Type - Associate
your online practice to focus on the topic areas that give you
✓ Delivery Method - Testing center or online proctored exam
the most trouble.
✓ Time - 90 minutes to complete the exam
✓ Cost - $329
So if you need help with the domain Network Security, then se-
✓ Language - Available in English, Japanese, German
lect questions related to this topic online and start practicing.
Whether you practice a few hundred problems in one sitting or
7
8
CHAPTER 1
NETWORKING CONCEPTS
Exam Content
Content Outline
CompTIA Network+ N10-007 has been updated and reorga-
Questions 1-38
nized to address the current networking technologies with expanded coverage of several domains by adding:
1. Critical security concepts to helping networking professionals work with security practitioners
2. Key cloud computing best practices and typical service
models
3. Coverage of newer hardware and virtualization techniques
4. Concepts to give individuals the combination of skills to
keep the network resilient
The following topics are general guidelines for the content likely
to be included on the exam. However, other related topics may
also appear on any specific delivery of the exam. To better re-
Question 1. You are responsible to install a new wired network
that allows for network expansion with the least amount of disruption for the current network users. Which of the following
network topologies would you choose?
(A)
Star Topology
(B)
Bus Topology
(C)
Ring Topology
(D)
Wireless Mesh Topology
Question 2. Given the Decimal mask: 255.255.192.0. Which of
the following is the equivalent to Binary mask?
(A)
11111111.11111111.11111111.11100000
guidelines below may change at any time without notice.
(B)
11111111.11111111.11000000.00000000
(C)
11111111.11111111.11111000.00000000
1.0: Networking Concepts (23%)
(D)
11111111.11111111.00000000.00000000
flect the contents of the exam and for clarity purposes, the
2.0: Infrastructure (18%)
3.0: Network Operations (17%)
Question 3. Given the Decimal mask: 255.255.128.0. Which of
4.0: Network Security (20%)
the following is the equivalent to Binary mask?
5.0: Network Troubleshooting and Tools (22%)
(A)
11111111.11111111.11111111.11100000
9
10
(B)
11111111.11111111.11000000.00000000
Question 7. At which two OSI layers can a switch operate?
(C)
11111111.11111111.11111000.00000000
(Choose two)
(D)
11111111.11111111.10000000.00000000
(A)
Layer 1
(B)
Layer 2
Question 4. Given the Binary mask:
(C)
Layer 3
11111111.11111111.11111111.11110000. Which of the following is
(D)
Layer 4
the equivalent to Decimal mask?
(E)
Layer 5
(A)
255.255.255.128
(F)
Layer 6
(B)
255.255.240.0
(G)
Layer 7
(C)
255.255.255.240
(D)
255.255.255.254
Question 8. Which of the following addresses are not valid
Class A network IDs? (Choose all that apply)
Question 5. Which of the following subnet masks is the default
(A)
1.0.0.0
mask of the IP: 204.203.202.201?
(B)
5.0.0.0
(A)
255.255.255.0
(C)
140.0.0.0
(B)
255.255.255.255
(D)
127.0.0.0
(C)
255.0.0.0
(E)
195.0.0.0
(D)
255.255.0.0
(F)
9.0.0.0
Question 6. Which of the following subnet masks is the default
Question 9. Physical network topology is a higher-level idea of
mask of the IP: 55.44.22.11?
how the network is set up, including which nodes connect to
(A)
255.255.255.0
each other and in which ways, as well as how data is transmit-
(B)
255.255.255.255
ted through the network.
(C)
255.0.0.0
(A)
TRUE
(D)
255.255.0.0
(B)
FALSE
11
12
Question 13. Given the following DNS Records, which one is
Question 10. Which of the following 802.11 wireless standards
used to point a domain or subdomain to another hostname?
operate on the 5GHz frequency band? (Choose all that apply)
(A)
CNAME
AAAA
(A)
802.11
(B)
(B)
802.11a
(C)
NS
(C)
802.11b
(D)
A
(D)
802.11g
(E)
802.11n
Question 14. Which of the following wireless topology is nor-
(F)
802.11ac
mally used to extend a wired LAN to connect wireless-capable
devices?
Question 11. TCP doesn’t establish a session between the
(A)
Infrastructure wireless topology
sending and receiving hosts, which is why TCP is called a con-
(B)
Ad Hoc Wireless Topology
nectionless protocol, while UDP establishes a mutually ac-
(C)
Wireless Mesh Topology
knowledged session between two hosts before communication
(D)
Extend LAN Topology
takes place.
(A)
TRUE
Question 15. Which of the following is a computer network in
(B)
FALSE
a defined area that links buildings and consists of multiple
LANs within that limited geographical area?
Question 12. Given the following DNS Records, which one is
(A)
Local-area Network (LAN)
used to map hostnames to an IPv4 address of the host?
(B)
Wide-area Network (WAN)
(A)
CNAME
(C)
Metropolitan-area Network (MAN)
(B)
AAAA
(D)
Campus-Area Network (CAN)
(C)
NS
(D)
A
Question 16. The protocol that uses the port 68 is called
_________________.
13
14
(A)
DNS
(C)
DHCP
Question 20. Which of the following functions is the function
(C)
Telnet
of ARP?
(D)
POP3
(A)
Resolves hostnames to IP addresses
(B)
Resolves IP addresses to MAC addresses
Question 17. Which of the following protocols uses the port 22
(C)
Resolves MAC addresses to IP addresses
for its service?
(D)
Resolves IP addresses to hostnames
(A)
DNS
(B)
HTTP
Question 21. Which of the following statements are true about
(C)
SSH
Bluetooth, NFC, and Z-Wave? (Choose all that apply)
(D)
SMTP
(A)
Bluetooth is based on the IEEE 802.15.1 standard
(B)
Bluetooth uses the 3.4 to 3.485 GHz band
Question 18. Which of the following protocols uses the port
(C)
Near-field communication transmits data through elec-
53 for its service?
tromagnetic radio fields to enable two devices to communicate
(A)
DNS
with each other
(B)
HTTP
(D)
(C)
SSH
less connectivity technology that lets NFC-enabled devices
(D)
SMTP
communicate with each other
Near-field communication (NFC) is a long-range wire-
(E)
Z-Wave is a wired communication protocol
Question 19. A broadcast address is an IP address that you
(F)
Z-Wave essentially focus on connectivity within the
can use to target all systems on a subnet or network instead of
smart home
single hosts.
(A)
TRUE
Question 22. You have been tasked to create a wired topology
(B)
FALSE
so as each device in the network have to be connected to a
central device. Which of the following topologies will you im15
16
plement?
(A)
Bus topology
Question 25. You are installing a wireless network solution
(B)
Star topology
that uses a feature known as MU-MIMO. Which wireless net-
(C)
Mesh topology
working standard are you using?
(D)
Ring topology
(A)
802.11n
(B)
802.11b
Question 23. You have been tasked to create a wired topology
(C)
802.11a
so as each device have to be connected with the two devices
(D)
802.11ac
on either side of it. Which of the following topologies will you
implement?
Question 26. Which of the following IEEE 802.11 Wi-Fi stan-
(A)
Bus topology
dards use the 2.4 GHz band? (Choose all that apply)
(B)
Star topology
(A)
802.11
(C)
Mesh topology
(B)
802.11b
(D)
Ring topology
(C)
802.11g
(D)
802.11a
Question 24. Which of the following statements are consid-
(E)
802.11n
ered advantages using Virtual Local Area Networks (VLANs)?
(F)
802.11ac
(Choose all that apply)
(G)
802.11ax
(A)
With the creation of logical (virtual) boundaries, network
segments can be isolated
(B)
Question 27. Which of the following cloud services requires
VLANs reduce broadcast traffic throughout the network,
so free up bandwidth
the least amount of user management, as a service provider is
responsible for managing everything, and the end-user just
(C)
A VLAN can not pass the traffic to another VLAN
uses the software.
(D)
VLANs can be used to build broadcast domains that
(A)
Infrastructure as a service (IaaS)
(B)
Platform as a service (PaaS)
remove the need for costly routers
17
(C)
Software as a service (SaaS)
(D)
Infrastructure as a service (IaaS) and Platform as a ser-
vice (PaaS)
18
Question 31. Port __________ copies packets entering or exiting
a port or entering a VLAN and sends the copies to a local interface for local monitoring or to a VLAN for remote monitoring.
Question 28. Network Address Translation (NAT) is designed
(A)
Copying
for IP address conservation. It enables private IP networks that
(B)
Learning
use unregistered IP addresses to connect to the Internet.
(C)
Trunking
(D)
Mirroring
(A)
TRUE
(B)
FALSE
Question 32. Choose the shortest valid abbreviation for the
Question 29. Which of the following performance concepts
IPv6 address 5000:0400:0030:0006:
delays the flow of certain types of network packets in order to
8000:0800:0010:0002.
ensure network performance for higher priority applications?
(A)
5000:400:30:6:8000:800:10:2
5000:400:30:6:8000:8:10:2
(A)
Traffic shaping
(B)
(B)
QoS
(C)
5000:400::2
(C)
CoS
(D)
5:4:3:6:8:8:1:2
(D)
Diffserv
Question 33. A common use case scenario using
Question 30. Which of the following performance concepts is
______________ cloud deployment method is that web ap-
the process of managing network resources to reduce packet
plications or blog sites are deployed on hardware and resources
loss?
that are owned by a cloud provider.
(A)
Traffic shaping
(A)
Public
(B)
QoS
(B)
Private
(C)
CoS
(C)
Hybrid
(D)
Diffserv
(D)
Semipublic
19
20
(A)
RIP
Question 34. Which of the following statements are true about
(B)
OSPF
Software-Defined Networking (SDN)? (Choose all that apply)
(C)
EIGRP
SDN enables network behavior to be controlled by the
(D)
BGP
(A)
software that resides beyond the networking devices
(B)
SDN simplifies provisioning and management of net-
Question 37. Which of the following is a proprietary protocol
worked resources, everywhere from the data center to the
from Cisco used to reduce administration in the switched net-
campus or wide area network
work?
(A)
VTP
work devices from the underlying data plane that forwards
(B)
SMTP
network traffic
(C)
FTP
(D)
HTTP
(C)
(D)
SDN separates the control plane management of net-
SDN reduces the complexity of statically defined net-
works
Question 38. Which of the following protocols is used to reQuestion 35. Assuming you are working on a Windows envi-
move redundant links between switches and build loop-free
ronment. Which command will you type to discover your NIC’s
Ethernet networks?
MAC address?
(A)
Spanning Tree Protocol (STP)
(A)
ipconfig/all
(B)
Loop-Free Protocol (LFP)
(B)
netstat/all
(C)
Redundant Link Protocol (RLP)
(C)
ping/all
(D)
Redundant-Free Protocol (RFP)
(D)
route/all
Question 36. The routing protocol that does not rely on periodic advertisement of all the network prefixes in an autonomous system is called _______________.
21
Answers 1-38
Question 1. You are responsible to install a new wired network
that allows for network expansion with the least amount of disruption for the current network users. Which of the following
network topologies would you choose?
(A)
Star Topology
(B)
Bus Topology
(C)
Ring Topology
(D)
Wireless Mesh Topology
Explanation 1. Star Topology is the correct answer.
On a star topology, each of the nodes is independently connected to the central hub, should one go down, the rest of the
22
Wireless Mesh Topology is incorrect because it isn’t a wired
network topology.
Question 2. Given the Decimal mask: 255.255.192.0. Which of
the following is the equivalent to Binary mask?
(A)
11111111.11111111.11111111.11100000
(B)
11111111.11111111.11000000.00000000
(C)
11111111.11111111.11111000.00000000
(D)
11111111.11111111.00000000.00000000
Explanation 2. 11111111.11111111.11000000.00000000 is
the correct answer.
There are only nine possible values in one octet of a subnet
mask as shown in the table below.
network will continue functioning unaffected. With such a configuration, a new device can be added to the network by at-
Binary Mask
Octet
Decimal
Equivalent
Number of
Binary 1s
0
0
0
10000000
128
1
don’t allow network expansion without disrupting the existing
11000000
192
2
users.
11100000
224
3
taching the new device to the hub or switch with its own cable.
This process does not disrupt the users who are currently on
the network.
Bus Topology and Ring Topology are incorrect because they
23
24
11110000
240
4
11111000
248
5
Binary Mask
Octet
Decimal
Equivalent
Number of
Binary 1s
11111100
252
6
0
0
0
11111110
254
7
10000000
128
1
11111111
255
8
11000000
192
2
11100000
224
3
11110000
240
4
the following is the equivalent to Binary mask?
11111000
248
5
(A)
11111111.11111111.11111111.11100000
(B)
11111111.11111111.11000000.00000000
11111100
252
6
(C)
11111111.11111111.11111000.00000000
11111110
254
7
(D)
11111111.11111111.10000000.00000000
11111111
255
8
Question 3. Given the Decimal mask: 255.255.128.0. Which of
Explanation 3. 11111111.11111111.10000000.00000000 is
the correct answer.
There are only nine possible values in one octet of a subnet
mask as shown in the table below.
Question 4. Given the Binary mask:
11111111.11111111.11111111.11110000. Which of the following is
the equivalent to Decimal mask?
(A)
255.255.255.128
(B)
255.255.240.0
(C)
255.255.255.240
(D)
255.255.255.254
(B)
255.255.255.255
Explanation 4. 255.255.255.240 is the correct answer.
(C)
255.0.0.0
There are only nine possible values in one octet of a subnet
(D)
255.255.0.0
25
26
mask as shown in the table below.
Explanation 5. 255.255.255.0 is the correct answer.
Binary Mask
Octet
Decimal
Equivalent
Number of
Binary 1s
0
0
0
10000000
128
1
11000000
192
2
11100000
224
3
11110000
240
4
11111000
248
5
11111100
252
6
11111110
254
7
11111111
255
8
Class A networks have the first octet in the range of 1–126.
The default subnet mask for the Class A networks is
255.0.0.0
Class B networks have the first octet in the range of 128–191
The default subnet mask for the Class B networks is
255.255.0.0
Class C networks have the first octet in the range of 192–223
The default subnet mask for the Class C networks is
255.255.255.0
In this case, the IP address 204.203.202.201 is a Class C
network so the default subnet mask is 255.255.255.0.
Question 6. Which of the following subnet masks is the default
mask of the IP: 55.44.22.11?
Question 5. Which of the following subnet masks is the default
mask of the IP: 204.203.202.201?
(A)
255.255.255.0
27
(A)
255.255.255.0
(B)
255.255.255.255
(C)
255.0.0.0
28
(D)
255.255.0.0
(F)
Layer 6
(G)
Layer 7
Explanation 6. 255.0.0.0 is the correct answer.
Class A networks have the first octet in the range of 1–126.
Explanation 7. Layer 2 and Layer 3 are the correct answers.
The default subnet mask for the Class A networks is
A switch uses the MAC addresses of connected devices to
255.0.0.0
make its forwarding decisions. Therefore, it is called a data link,
or Layer 2, network device. It can also operate at Layer 3 or be
Class B networks have the first octet in the range of 128–191
a multilayer switch.
The default subnet mask for the Class B networks is
Devices or components that operate at Layer 1 typically are
255.255.0.0
media-based, such as cables or connectors so switches don’t
Class C networks have the first octet in the range of 192–223
operate at this layer.
The default subnet mask for the Class C networks is
The components from Layer 4 to Layer 7 are software-based,
255.255.255.0
not hardware-based.
In this case, the IP address 55.44.22.11 is a Class A network
so the default subnet mask is 255.0.0.0.
Question 8. Which of the following addresses are not valid
Class A network IDs? (Choose all that apply)
Question 7. At which two OSI layers can a switch operate?
(A)
1.0.0.0
(Choose two)
(B)
5.0.0.0
(A)
Layer 1
(C)
140.0.0.0
(B)
Layer 2
(D)
127.0.0.0
(C)
Layer 3
(E)
195.0.0.0
(D)
Layer 4
(F)
9.0.0.0
(E)
Layer 5
29
30
Explanation 8. C, D and E are the correct answers.
Class A networks have the first octet in the range of 1–126, in-
Logical – The logical network topology is a higher-level idea of
clusive, and their network IDs have a 0 in the last three octets.
how the network is set up, including which nodes connect to
each other and in which ways, as well as how data is transmit-
Invalid Class A network IDs are:
ted through the network. Logical network topology includes
140.0.0.0
any virtual and cloud resources.
127.0.0.0
195.0.0.0
Question 10. Which of the following 802.11 wireless standards
operate on the 5GHz frequency band? (Choose all that apply)
The network 140.0.0.0 is a Class B network ID.
(A)
802.11
The network 127.0.0.0 is a Loopback address.
(B)
802.11a
The network 195.0.0.0 is a Class C network ID.
(C)
802.11b
(D)
802.11g
Question 9. Physical network topology is a higher-level idea of
(E)
802.11n
how the network is set up, including which nodes connect to
(F)
802.11ac
each other and in which ways, as well as how data is transmitted through the network.
Explanation 10. B, E and F are the correct answers.
(A)
TRUE
The table below highlights the characteristics of the various
(B)
FALSE
802.11 wireless standards.
Explanation 9. FALSE is the correct answer.
Physical – The physical network topology refers to the actual
connections (wires, cables, etc.) of how the network is
IEEE Standards
Frequency/Medium
Speed
802.11
2.4 GHz
1 to 2Mbps
arranged. Setup, maintenance, and provisioning tasks require
insight into the physical network.
31
32
802.11a
5 GHz
Up to
54Mbps
802.11b
2.4 GHz
Up to 11Mbps
802.11g
2.4 GHz
Up to
54Mbps
802.11n
2.4 GHz / 5 GHz
Up to
600Mbps
802.11ac
5 GHz
Up to
1.3Gbps
establish a connection before sending data.
TCP is slower than UDP because it has a lot more to do. TCP
has to establish a connection, error-check, and guarantee that
files are received in the order they were sent.
TCP is best suited to be used for applications that require
high reliability where timing is less of a concern.
1. World Wide Web (HTTP, HTTPS)
2. Secure Shell (SSH)
3. File Transfer Protocol (FTP)
Question 11. TCP doesn’t establish a session between the
sending and receiving hosts, which is why TCP is called a connectionless protocol, while UDP establishes a mutually acknowledged session between two hosts before communication
takes place.
(A)
TRUE
(B)
FALSE
4. Email (SMTP, IMAP/POP)
UDP is best suited for applications that require speed and
efficiency.
1. VPN tunneling
2. Streaming videos
3. Online games
Explanation 11. FALSE is the correct answer.
TCP is a connection-oriented protocol and UDP is a connection-less protocol. TCP establishes a connection between
a sender and receiver before data can be sent. UDP does not
4. Live broadcasts
5. Domain Name System (DNS)
6. Voice over Internet Protocol (VoIP)
7. Trivial File Transfer Protocol (TFTP)
33
34
Question 12. Given the following DNS Records, which one is
text files written in what is known as DNS syntax. DNS syntax is
used to map hostnames to an IPv4 address of the host?
just a string of characters used as commands which tell the
(A)
CNAME
DNS server what to do.
(B)
AAAA
(C)
NS
The most common types of DNS are:
(D)
A
A is used to map hostnames to an IPv4 address of the host.
AAAA is used to map hostnames to an IPv6 address of the
Explanation 12. A is the correct answer.
host.
The Domain Name System (DNS) is the phonebook of the In-
CNAME is used to point a domain or subdomain to another
ternet. Humans access information online through domain
hostname.
names, like examsdigest.com or youtube.com. Web browsers
SRV is used to identify computers that host specific services.
interact through Internet Protocol (IP) addresses. DNS trans-
MX is used to help route emails.
lates domain names to IP addresses so browsers can load In-
TXT is used to provide the ability to associate text with a zone.
ternet resources.
NS indicates which DNS server is authoritative for that domain.
PTR is used for the Reverse DNS (Domain Name System)
Each device connected to the Internet has a unique IP address
lookup.
that other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as
Question 13. Given the following DNS Records, which one is
192.168.1.1 (in IPv4), or more complex newer alphanumeric IP
used to point a domain or subdomain to another hostname?
addresses such as 2100:bb22:3272:1::2133:b1a4 (in IPv6).
(A)
CNAME
(B)
AAAA
DNS records are instructions that live in authoritative DNS
(C)
NS
servers and provide information about a domain including what
(D)
A
IP address is associated with that domain and how to handle
requests for that domain. These records consist of a series of
35
36
Explanation 13. CNAME is the correct answer.
wired LAN to connect wireless-capable devices. A wireless
The most common types of DNS are:
network infrastructure device called wireless Access Point
A is used to map hostnames to an IPv4 address of the host.
(AP) is used to extend wired LAN to wireless LAN.
AAAA is used to map hostnames to an IPv6 address of the
host.
The AP forms a bridge between a wireless and wired LAN, and
CNAME is used to point a domain or subdomain to another
all transmissions between wireless stations, or between a sys-
hostname.
tem and a wired network client, go through the AP. APs are not
SRV is used to identify computers that host specific services.
mobile and have to stay connected to the wired network.
MX is used to help route emails.
TXT is used to provide the ability to associate text with a zone.
Question 15. Which of the following is a computer network in
NS indicates which DNS server is authoritative for that domain.
a defined area that links buildings and consists of multiple
PTR is used for the Reverse DNS (Domain Name System)
LANs within that limited geographical area?
lookup.
(A)
Local-area Network (LAN)
(B)
Wide-area Network (WAN)
Question 14. Which of the following wireless topology is nor-
(C)
Metropolitan-area Network (MAN)
mally used to extend a wired LAN to connect wireless-capable
(D)
Campus-Area Network (CAN)
devices?
(A)
Infrastructure wireless topology
Explanation 15. Campus-Area Network (CAN) is the correct
(B)
Ad Hoc Wireless Topology
answer.
(C)
Wireless Mesh Topology
Campus-Area Network (CAN) is a computer network made
(D)
Extend LAN Topology
up of an interconnection of local area networks (LANs) within a
limited geographical area. The networking equipment (switch-
Explanation 14. Infrastructure wireless topology is the cor-
es, routers) and transmission media (optical fiber, copper plant,
rect answer.
Cat5 cabling, etc.) are almost entirely owned by the campus
Infrastructure wireless topology is normally used to extend a
tenant/owner: an enterprise, university, government, etc.
37
38
A campus area network is larger than a local area network but
With DHCP, this entire process is automated and managed
smaller than a Metropolitan-area network (MAN) or a Wide-
centrally. The DHCP server maintains a pool of IP addresses
area network (WAN).
and leases an address to any DHCP-enabled client when it
starts up on the network.
Question 16. The protocol that uses the port 68 is called
_________________.
DHCP operations fall into four phases: server discovery, IP
(A)
DNS
lease offer, IP lease request, and IP lease acknowledgment.
(B)
DHCP
These stages are often abbreviated as DORA for discovery, of-
(C)
Telnet
fer, request, and acknowledgment.
(D)
POP3
Question 17. Which of the following protocols uses the port 22
Explanation 16. DHCP is the correct answer.
for its service?
The protocol that uses port 68 is called DHCP. Dynamic
(A)
DNS
Host Configuration Protocol (DHCP) is a client/server protocol
(B)
HTTP
that automatically provides an Internet Protocol (IP) host with its
(C)
SSH
IP address and other related configuration information such as
(D)
SMTP
the subnet mask and default gateway.
Explanation 17. SSH is the correct answer.
Every device on a TCP/IP-based network must have a unique
The standard TCP port for SSH is 22. SSH or Secure Shell is a
unicast IP address to access the network and its resources.
remote administration protocol that allows users to control and
Without DHCP, IP addresses for new computers or computers
modify their remote servers over the Internet.
that are moved from one subnet to another must be configured
manually; IP addresses for computers that are removed from
Question 18. Which of the following protocols uses the port
the network must be manually reclaimed.
53 for its service?
(A)
39
DNS
40
(B)
HTTP
vices like printers and scanners without knowing their IP ad-
(C)
SSH
dresses.
(D)
SMTP
Question 20. Which of the following functions is the function
Explanation 18. DNS is the correct answer.
of ARP?
DNS uses port 53. The Domain Name System (DNS) is the
(A)
Resolves hostnames to IP addresses
phonebook of the Internet. Humans access information online
(B)
Resolves IP addresses to MAC addresses
through domain names, like examsdigest.com or youtube.com.
(C)
Resolves MAC addresses to IP addresses
Web browsers interact through Internet Protocol (IP) addresses.
(D)
Resolves IP addresses to hostnames
DNS translates domain names to IP addresses so browsers can
load Internet resources.
Explanation 20. Resolves IP addresses to MAC addresses
is the correct answer.
Question 19. A broadcast address is an IP address that you
The Address Resolution Protocol (ARP) is responsible for re-
can use to target all systems on a subnet or network instead of
solving the link-layer address, such as a MAC address, associ-
single hosts.
ated with a given internet layer address, typically an IPv4 ad-
(A)
TRUE
dress.
(B)
FALSE
RARP is responsible for resolving MAC addresses to IP ad-
Explanation 19. TRUE is the correct answer.
dresses.
A Broadcast Address is an IP address that you can use to target all systems on a subnet or network instead of single hosts.
DNS is responsible for resolving hostnames to IP addresses.
In other words, a broadcast message goes to everyone on the
network.
Reverse DNS is responsible for resolving IP addresses to hostnames.
Using broadcast, computers can also locate any network de41
42
Question 21. Which of the following statements are true about
municate with each other.
Bluetooth, NFC, and Z-Wave? (Choose all that apply)
6. Z-Wave is a wireless communication protocol.
(A)
Bluetooth is based on the IEEE 802.15.1 standard
(B)
Bluetooth uses the 3.4 to 3.485 GHz band
False statements:
(C)
Near-field communication transmits data through
1. Bluetooth uses the 3.4 to 3.485 GHz band.
electromagnetic radio fields to enable two devices to
2. Near-field communication (NFC) is a long-range wireless
communicate with each other
connectivity technology that lets NFC-enabled devices com-
(D)
municate with each other.
Near-field communication (NFC) is a long-range wire-
less connectivity technology that lets NFC-enabled devices
3. Z-Wave is a wired communication protocol.
communicate with each other
(E)
Z-Wave is a wired communication protocol
Question 22. You have been tasked to create a wired topology
(F)
Z-Wave essentially focus on connectivity within the
so as each device in the network have to be connected to a
central device. Which of the following topologies will you im-
smart home
plement?
Explanation 21. A, C and F are the correct answers.
(A)
Bus topology
True statements:
(B)
Star topology
1. Bluetooth is based on the IEEE 802.15.1 standard
(C)
Mesh topology
2. Near-field communication transmits data through electro-
(D)
Ring topology
magnetic radio fields to enable two devices to communicate
with each other.
Explanation 22. Star topology is the correct answer.
3. Z-Wave essentially focus on connectivity within the smart
In the star topology each device in the network is connected to
home.
a central device called a hub.
4. Bluetooth uses the 2.4 to 2.485 GHz band.
5. Near-field communication (NFC) is a short-range wireless
connectivity technology that lets NFC-enabled devices com43
44
on either side of it. Which of the following topologies will you
implement?
(A)
Bus topology
(B)
Star topology
(C)
Mesh topology
(D)
Ring topology
Explanation 23. Ring topology is the correct answer.
In the ring topology each device is connected with the two devices on either side of it.
Advantages:
1. Each of the nodes is independently connected to the central
hub, should one go down, the rest of the network will continue
functioning unaffected.
2. Star networks are easily expanded without disruption to the
network.
Disadvantages:
1. Requires more cable than most of the other topologies.
2. The overall bandwidth and performance of the network are
also limited by the central node’s configurations and technical
specifications.
Question 23. You have been tasked to create a wired topology
so as each device have to be connected with the two devices
Advantages:
1. Cable faults are easily located, making troubleshooting easi-
45
46
er.
crease network security. A VLAN is a group of connected com-
2. Only one station on the network is permitted to send data at
puters that act as if they are on their own network segment,
a time, which greatly reduces the risk of packet collisions
even though they might not be.
Disadvantages:
Advantages of using VLANs:
1. All the devices on the network share bandwidth, so the addi-
1. With the creation of logical (virtual) boundaries, network
tion of more devices can contribute to overall communication
segments can be isolated, so VLANs increase security on net-
delays.
works
2. A single break in the cable can disrupt the entire network.
2. VLANs reduce broadcast traffic throughout the network, so
free up bandwidth.
Question 24. Which of the following statements are consid-
3. VLAN’s can be used to build broadcast domains that remove
ered advantages using Virtual Local Area Networks (VLANs)?
the need for costly routers.
(Choose all that apply)
(A)
With the creation of logical (virtual) boundaries,
Question 25. You are installing a wireless network solution
network segments can be isolated
that uses a feature known as MU-MIMO. Which wireless net-
(B)
working standard are you using?
VLANs reduce broadcast traffic throughout the net-
work, so free up bandwidth
(A)
802.11n
(C)
A VLAN can not pass the traffic to another VLAN
(B)
802.11b
(D)
VLANs can be used to build broadcast domains that
(C)
802.11a
remove the need for costly routers
(D)
802.11ac
Explanation 24. A, B and D are the correct answers.
Explanation 25. 802.11ac is the correct answer.
VLANs are used for network segmentation, a strategy that sig-
Multi-user, multiple-input, multiple-output technology—
nificantly increases the network’s performance capability re-
better known as MU-MIMO allows a Wi-Fi router to communi-
moves potential performance bottlenecks, and can even in-
cate with multiple devices simultaneously. This decreases the
47
48
time each device has to wait for a signal and dramatically
(D)
802.11a
speeds up your network. Considering that the average house-
(E)
802.11n
hold has upwards of eight devices battling for bandwidth si-
(F)
802.11ac
multaneously, MU-MIMO will increasingly improve your WiFi
(G)
802.11ax
experience.
Explanation 26. A, B, C, E and G are the correct answers.
For home WiFi users, annoyances such as choppy video and
The following table provides all the needed information to an-
continual buffering can really put a damper on the fun, but any-
swer any question either on the interview as a junior network
one who uses a WiFi network will benefit from the performance
engineer or for the CompTIA Network+ and CCNA exams. Make
improvements of MU-MIMO. Here are some of the ways MU-
sure to memorize it.
MIMO kicks common WiFi problems to the curb:
1. Both MU-MIMO and non-MU-MIMO (SU-MIMO) devices operate faster because all devices on the network have less time
to wait to get data from the WiFi router.
2. MU-MIMO technology increases the capacity and efficiency
of your router, allowing it to handle more WiFi-intensive activities such as streaming and gaming.
Question 26. Which of the following IEEE 802.11 Wi-Fi standards use the 2.4 GHz band? (Choose all that apply)
(A)
802.11
(B)
802.11b
(C)
802.11g
IEEE
Standard
2.4
GHz
5 GHz
Max Data Rate
802.11
Yes
No
2 Mbps
802.11b
Yes
No
11 Mbps
802.11g
Yes
No
54 Mbps
802.11a
No
Yes
54 Mbps
802.11n
Yes
Yes
600 Mbps
802.11ac
No
Yes
6.93 Gbps
802.11ax
Yes
Yes
4x higher than
802.11ac
49
Question 27. Which of the following cloud services requires
50
(A)
TRUE
(B)
FALSE
the least amount of user management, as a service provider is
responsible for managing everything, and the end-user just
Explanation 28. TRUE is the correct answer.
uses the software.
Network Address Translation (NAT) is designed for IP ad-
(A)
Infrastructure as a service (IaaS)
dress conservation. It enables private IP networks that use un-
(B)
Platform as a service (PaaS)
registered IP addresses to connect to the Internet.
(C)
Software as a service (SaaS)
(D)
Infrastructure as a service (IaaS) and Platform as a ser-
vice (PaaS)
To access the Internet, one public IP address is needed, but we
can use a private IP address in our private network. The idea of
NAT is to allow multiple devices to access the Internet through
Explanation 27. Software as a service (SaaS) is the correct
a single public address.
answer.
SaaS is software that is centrally hosted and managed for the
To achieve this, the translation of private IP address to a public
end customer. It is usually based on an architecture where one
IP address is required. Network Address Translation (NAT) is
version of the application is used for all customers, and li-
a process in which one or more local IP address is translated
censed through a monthly or annual subscription.
into one or more Global IP address and vice versa.
SaaS requires the least amount of management. The cloud
Question 29. Which of the following performance concepts
provider is responsible for managing everything, and the end-
delays the flow of certain types of network packets in order to
user just uses the software.
ensure network performance for higher priority applications?
(A)
Traffic shaping
Question 28. Network Address Translation (NAT) is designed
(B)
QoS
for IP address conservation. It enables private IP networks that
(C)
CoS
use unregistered IP addresses to connect to the Internet.
(D)
Diffserv
51
52
aging network resources to reduce packet loss as well as lower
Explanation 29. Traffic shaping is the correct answer.
network jitter and latency. QoS technology can manage re-
Traffic shaping (also known as packet shaping) is a bandwidth
sources by assigning the various types of network data differ-
management technique that delays the flow of certain types of
ent priority levels.
network packets in order to ensure network performance for
higher priority applications.
QoS is usually applied on networks that cater to traffic that carry resource-intensive data like:
Traffic shaping essentially limits the amount of bandwidth that
1. Video-on-demand
can be consumed by certain types of applications. It is primarily
2. Voice over IP (VoIP)
used to ensure a high quality of service for business-related
3. Internet Protocol television (IPTV),
network traffic.
4. Streamed media
5. Video conferencing
The most common type of traffic shaping is application-based
6. Online gaming
traffic shaping
Question 31. Port __________ copies packets entering or exiting
Question 30. Which of the following performance concepts is
a port or entering a VLAN and sends the copies to a local inter-
the process of managing network resources to reduce packet
face for local monitoring or to a VLAN for remote monitoring.
loss?
(A)
Copying
Learning
(A)
Traffic shaping
(B)
(B)
QoS
(C)
Trunking
(C)
CoS
(D)
Mirroring
(D)
Diffserv
Explanation 31. Mirroring is the correct answer.
Explanation 30. QoS is the correct answer.
Port mirroring copies packets entering or exiting a port or en-
Quality of Service (QoS) in networking is the process of man-
tering a VLAN and sends the copies to a local interface for local
53
54
monitoring or to a VLAN for remote monitoring.
Question 33. A common use case scenario using
Use port mirroring to send traffic to applications that analyze
______________ cloud deployment method is that web ap-
traffic for purposes such as monitoring compliance, enforcing
plications or blog sites are deployed on hardware and resources
policies, detecting intrusions, monitoring and predicting traffic
that are owned by a cloud provider.
patterns, correlating events, and so on.
(A)
Public
(B)
Private
Port mirroring is needed for traffic analysis on a switch because
(C)
Hybrid
a switch normally sends packets only to the port to which the
(D)
Semipublic
destination device is connected.
Explanation 33. Public is the correct answer.
Question 32. Choose the shortest valid abbreviation for the
A common use case scenario using public cloud deployment
IPv6 address 5000:0400:0030:0006:
method is that web applications or blog sites are deployed on
8000:0800:0010:0002.
hardware and resources that are owned by a cloud provider.
(A)
5000:400:30:6:8000:800:10:2
(B)
5000:400:30:6:8000:8:10:2
This is the most common deployment model. In this case, you
(C)
5000:400::2
have no local hardware to manage or keep up-to-date – every-
(D)
5:4:3:6:8:8:1:2
thing runs on your cloud provider’s hardware. In some cases,
you can save additional costs by sharing computing resources
Explanation 32. 5000:400:30:6:8000:800:10:2 is the cor-
with other cloud users.
rect answer.
To abbreviate IPv6 addresses, only leading 0s in a quartet (one
A common use case scenario is deploying a web application or
set of four hex digits) should be removed. Many of the quartets
a blog site on hardware and resources that are owned by a
have trailing 0s (0s on the right side of the quartet), so make
cloud provider. Using a public cloud in this scenario allows
sure to not remove those 0s.
cloud users to get their website or blog up quickly, and then fo55
56
cus on maintaining the site without having to worry about purchasing, managing, or maintaining the hardware on which it
There are four critical areas in which SDN technology can make
runs.
a difference for an organization.
Question 34. Which of the following statements are true about
1. Network programmability: SDN enables network behavior
Software-Defined Networking (SDN)? (Choose all that apply)
to be controlled by the software that resides beyond the net-
(A)
working devices that provide physical connectivity
SDN enables network behavior to be controlled by
the software that resides beyond the networking devices
(B)
SDN simplifies provisioning and management of
2. Logically centralize intelligence and control: SDN is built
networked resources, everywhere from the data center to
on logically centralized network topologies, which enable intel-
the campus or wide area network
ligent control and management of network resources. Tradi-
(C)
tional network control methods are distributed. Devices func-
SDN separates the control plane management of
network devices from the underlying data plane that for-
tion autonomously with limited awareness of the state of the
wards network traffic
network.
(D)
SDN reduces the complexity of statically defined
3. Abstraction of the network: Services and applications run-
networks
ning on SDN technology are abstracted from the underlying
Explanation 34. A, B, C and D are the correct answers.
technologies and hardware that provide physical connectivity
All statements are correct.
from network control.
Software-Defined Networking (SDN) is a network architecture approach that enables the network to be intelligently and
4. Openness: SDN architectures usher in a new era of open-
centrally controlled, or ‘programmed,’ using software ap-
ness—enabling multi-vendor interoperability as well as foster-
plications. This helps operators manage the entire network
ing a vendor-neutral ecosystem. Openness comes from the
consistently and holistically, regardless of the underlying net-
SDN approach itself.
work technology.
57
58
Question 35. Assuming you are working on a Windows envi-
ment of all the network prefixes in an autonomous system is
ronment. Which command will you type to discover your NIC’s
called EIGRP. The protocol advertises incremental updates only
MAC address?
as topology changes occur within a network.
(A)
ipconfig/all
(B)
netstat/all
Enhanced Interior Gateway Routing Protocol (EIGRP) over-
(C)
ping/all
comes the deficiencies of other distance vector routing proto-
(D)
route/all
cols, such as Routing Information Protocol (RIP), with features
such as unequal-cost load balancing, support for networks 255
Explanation 35. ipconfig/all is the correct answer.
hops away, and rapid convergence features.
The command to discover your NIC’s MAC address on Win-
EIGRP uses a diffusing update algorithm (DUAL) to identify
dows environment is: ipconfig /all
network paths and provides for fast convergence using precalculated loop-free backup paths.
The command to discover your NIC’s MAC address on Linux &
Mac is: ifconfig -a
Some of the many advantages of EIGRP are:
1. Very low usage of network resources during normal opera-
Question 36. The routing protocol that does not rely on peri-
tion; only hello packets are transmitted on a stable network
odic advertisement of all the network prefixes in an au-
2. When a change occurs, only routing table changes are prop-
tonomous system is called _______________.
agated, not the entire routing table; this reduces the load the
(A)
RIP
routing protocol itself places on the network
(B)
OSPF
3. Rapid convergence times for changes in the network topolo-
(C)
EIGRP
gy (in some situations convergence can be almost instanta-
(D)
BGP
neous)
Explanation 36. EIGRP is the correct answer.
EIGRP is an enhanced distance vector protocol, relying on the
The routing protocol that does not rely on periodic advertise-
Diffused Update Algorithm (DUAL) to calculate the shortest
59
60
path to a destination within a network.
The VLAN Trunking Protocol (VTP) can manage the addition,
Question 37. Which of the following is a proprietary protocol
deletion, and renaming of VLANs from a central point without
from Cisco used to reduce administration in the switched net-
manual intervention and VLAN Trunk Protocol (VTP) thus re-
work?
duces network administration in a switched network.
(A)
VTP
(B)
SMTP
Question 38. Which of the following protocols is used to re-
(C)
FTP
move redundant links between switches and build loop-free
(D)
HTTP
Ethernet networks?
(A)
Spanning Tree Protocol (STP)
Explanation 37. VTP is the correct answer.
(B)
Loop-Free Protocol (LFP)
VLAN Trunking Protocol (VTP) is a proprietary protocol from
(C)
Redundant Link Protocol (RLP)
Cisco used to reduce administration in the switched network.
(D)
Redundant-Free Protocol (RFP)
With VTP, you can synchronize VLAN information (such as
VLAN ID or VLAN name) with switches inside the same VTP
Explanation 38. Spanning Tree Protocol (STP) is the correct
domain.
answer.
Spanning Tree Protocol (STP) is used to remove redundant
A VTP domain is a set of trunked switches with the matching
links between switches and build loop-free Ethernet networks.
VTP settings (the domain name, password and VTP version).
All switches inside the same VTP domain share their VLAN in-
Spanning Tree Protocol (STP) is a Layer 2 protocol that runs
formation with each other.
on bridges and switches. The specification for STP is IEEE
802.1D. The main purpose of STP is to ensure that you do not
The VLAN Trunking Protocol (VTP) is a very useful protocol to
create loops when you have redundant paths in your
create, manage, and maintain a large network with many inter-
network. Loops are deadly to a network.
connected switches.
61
62
It actively monitors all links of the network. To finds a redundant
link, it uses an algorithm, known as the STA (spanning-tree al-
CHAPTER 2
INFRASTRUCTURE
gorithm). The STA algorithm first creates a topology database
then it finds and disables the redundant links.
Once redundant links are disabled, only the STP-chosen links
Questions 39-65
remain active. If a new link is added or an existing link is removed, the STP re-runs the STA algorithm and re-adjusts all
Question 39. Which of the following statements are true about
links to reflect the change.
NAS and SAN. (Choose all that apply)
(A)
SAN is a file-level data storage device attached to a
TCP/IP network, usually Ethernet
(B)
SAN stands for Storage Area Network
(C)
SAN is a dedicated high-performance network for con-
solidated block-level storage. The network interconnects storage devices, switches, and hosts
(D)
NAS stands for Network-Attached Storage
(E)
NAS uses SCSI protocol to communicate with servers
(F)
SAN used in enterprise environments while NAS used in
small to medium-sized businesses
Question 40. Which of the following statements is true regarding crossover cables.
63
(A)
Wires 1 and 3 and wires 2 and 6 are crossed
(B)
Wires 1 and 6 and wires 2 and 3 are crossed
(C)
Wires 1 and 2 and wires 3 and 4 are crossed
64
Wires 1 and 4 and wires 2 and 6 are crossed
(B)
Question 41. AAA stands for Authentication, Authorization,
(C)
Hub
______________________. AAA is a system for tracking user activi-
(D)
L3 Switch
(D)
L2 Switch
ties on an IP-based network and controlling their access to
network resources.
Question 45. You have been tasked to establish a WAN con-
(A)
Access
nection between two offices: one office is in Berlin and the oth-
(B)
Accounting
er one in Hamburg. The transmission speed can be no less
(C)
Auditing
than 5 Mbps. Which of the following technologies would you
(D)
Activity
choose?
(A)
ISDN
Question 42. Routers forward packets based on the MAC ad-
(B)
T1
dress.
(C)
T3
(D)
Frame Relay
(A)
TRUE
(B)
FALSE
Question 46. When an IP packet is to be forwarded, a router
Question 43. A connection between devices that requires a
uses its forwarding table to determine the next hop for the
crossover cable is: switch to _______________.
packet’s destination based on the ____________ address.
(A)
Switch
(A)
destination IP
(B)
Router
(B)
source IP
(C)
PC
(C)
destination MAC
(D)
AP
(D)
source MAC
Question 44. Which of the following devices forwards data
Question 47. One of the key differences between Baseband
packets to all connected ports?
and Broadband transmissions is that Broadband transmission
(A)
Router
uses digital signaling over a single wire.
65
66
(A)
TRUE
(D)
VPN concentrator
(B)
FALSE
Question 51. The forwarding technology that uses labels instead of looking in a routing table to forward data is called
Question 48. Which of the following advanced networking de-
________________.
vices manages wireless network access points that allow wire-
(A)
PLSM
less devices to connect to the network?
(B)
MPLS
(A)
Proxy server
(C)
SLPM
(B)
Load balancer
(D)
LMSP
(C)
Wireless controller
(D)
VPN concentrator
Question 52. Which of the following tools is used to identify
malicious activity, record detected threats, report detected
Question 49. Which of the following advanced networking de-
threats, and take preventative action to stop a threat from doing
vices improves the overall performance of applications by de-
damage?
creasing the burden on servers?
(A)
Intrusion Prevention System
(A)
Proxy server
(B)
Content filter
(B)
Load balancer
(C)
UTM appliance
(C)
Wireless controller
(D)
VoIP gateway
(D)
VPN concentrator
Question 53. Which of the following tools is a single security
Question 50. Which of the following advanced networking de-
appliance, that provides multiple security functions such as an-
vices is an intermediary server separating end users from the
tivirus, anti-spyware, anti-spam, network firewalling, intrusion
websites they browse?
detection and prevention, content filtering and leak prevention?
(A)
Proxy server
(A)
Intrusion Prevention System
(B)
Load balancer
(B)
Content filter
(C)
Wireless controller
(C)
UTM appliance
67
68
(D)
VoIP gateway
Question 54. Given the following visual, your task is to identify
(A)
MTRJ
the fiber connector type.
(B)
SC
(C)
LC
(D)
ST
Question 56. The twisted-pair cable category 5 can transmit
data up to _________________ Mbps.
(A)
1
(B)
16
(A)
MTRJ
(C)
4
(B)
SC
(D)
100
(C)
LC
(D)
ST
Question 57. Which of the following statements are true regarding the Next-Generation Firewall (NGFW)?
Question 55. Given the following visual, your task is to identify
(A)
NGFW can't block modern threats such as advanced
the fiber connector type.
malware and application-layer attacks
(B)
NGFW filter packets based on applications
(C)
NGFW integrates intrusion prevention system
(D)
NGFW can be a low-cost option for companies looking
to improve their security
(E)
NGFW is considered a more advanced version of the
traditional firewall
Question 58. Which of the following connection types simplify
69
70
the network connectivity by unifying input/out ports and reduc-
(B)
Virtual Router
ing the number of cables and interface cards?
(C)
Virtual Switch
(D)
Virtual Firewall
(A)
FCoE
(B)
Fibre Channel
(C)
iSCSI
Question 62. It has been noticed that your co-workers spend
(D)
InfiniBand
a tremendous amount of time on social media and their productivity has been reduced dramatically. Which of the following
Question 59. Which of the following connection types is used
program would you use to mitigate this phenomenon?
for transmitting data among data centers, computer servers,
(A)
Content Filtering
switches and storage at data rates of up to 128 Gbps.
(B)
Social media Filtering
(A)
FCoE
(C)
Internet Filtering
(B)
Fibre Channel
(D)
Website Filtering
(C)
iSCSI
(D)
InfiniBand
Question 63. Which of the following networking device connects multiple switches, to form an even larger network?
Question 60. A virtual network adapter uses the host physical
(A)
Switch
network adapter to initiate and manage network communica-
(B)
Router
tions.
(C)
Wireless Access Point
(D)
Firewall
(A)
TRUE
(B)
FALSE
Question 64. Which of the following networking device con-
Question 61. Which of the following Virtual networking com-
trols data access between networks?
ponents provides network traffic filtering and monitoring for vir-
(A)
Switch
tual machines (VMs) in a virtualized environment?
(B)
Router
(C)
Wireless Access Point
(A)
Virtual NIC
71
72
(D)
Firewall
Answers 39-65
Question 65. Given the following visual, your task is to identify
Question 39. Which of the following statements are true about
the fiber connector type.
NAS and SAN. (Choose all that apply)
(A)
SAN is a file-level data storage device attached to a
TCP/IP network, usually Ethernet
(B)
SAN stands for Storage Area Network
(C)
SAN is a dedicated high-performance network for
consolidated block-level storage. The network interconnects storage devices, switches, and hosts
(D)
NAS stands for Network-Attached Storage
(E)
NAS uses SCSI protocol to communicate with servers
SAN used in enterprise environments while NAS
(A)
MTRJ
(F)
(B)
SC
used in small to medium-sized businesses
(C)
LC
(D)
ST
Explanation 39. B, C, D and F are the correct answers.
Storage Area Network (SAN) is a dedicated high-performance network for consolidated block-level storage allowing
multiple clients to access files at the same time with very high
performance. SAN uses the SCSI protocol to communicate with
servers. The network interconnects storage devices, switches,
and hosts.
SAN used in enterprise environments while.
SAN Benefits:
73
74
1. Extremely fast data access.
Question 40. Which of the following statements is true regard-
2. Dedicated network for storage relieves stress on LAN.
ing crossover cables.
3. Highly expandable.
(A)
Wires 1 and 3 and wires 2 and 6 are crossed
4. OS level (block-level) access to files.
(B)
Wires 1 and 6 and wires 2 and 3 are crossed
5. High quality-of-service for demanding applications such as
(C)
Wires 1 and 2 and wires 3 and 4 are crossed
video editing.
(D)
Wires 1 and 4 and wires 2 and 6 are crossed
Network-Attached Storage (NAS) is a file-level data storage
Explanation 40. Wires 1 and 3 and wires 2 and 6 are
device attached to a TCP/IP network, usually Ethernet. NAS
crossed is the correct answer.
used in small to medium-sized businesses.
A crossover cable is a type of twisted-pair copper wire cable
for LANs (local area network) in which the wires on the cable
The device itself is a network node, much like computers and
are crossed over so that the receive signal pins on the RJ-45
other TCP/IP devices, all of which maintain their own IP address
connector on one end are connected to the transmit signal pins
and can effectively communicate with other networked de-
on the RJ-45 connector on the other end.
vices.
Wires 1 and 3 and wires 2 and 6 are crossed.
NAS Benefits:
Crossover cables are used to connect two devices of the same
1. Relatively inexpensive.
type, e.g. two computers or two switches to each other.
2. 24/7 and remote data availability.
3. Good expandability.
Question 41. AAA stands for Authentication, Authorization,
4. Redundant storage architecture.
______________________. AAA is a system for tracking user activi-
5. Automatic backups to other devices and cloud.
ties on an IP-based network and controlling their access to
6. Flexibility.
network resources.
75
(A)
Access
(B)
Accounting
76
(C)
Auditing
rate authentication, authorization, and accounting as separate
(D)
Activity
and independent functions. This is why TACACS+ is so commonly used for device administration, even though RADIUS is
Explanation 41. Accounting is the correct answer.
still certainly capable of providing device administration AAA.
AAA stands for Authentication, Authorization, Accounting.
AAA is a system for tracking user activities on an IP-based
2. RADIUS: Radius is a network protocol that controls user
network and controlling their access to network resources.
network access via authentication and accounting. Commonly
Authentication, authorization, and accounting (AAA) man-
used by Internet Service Providers (ISPs), cellular network
age user activity to and through systems.
providers, and corporate and educational networks.
You can think of AAA in the following manner:
The RADIUS protocol serves three primary functions:
1. Authentication: Who is the user?
Authenticates users or devices before allowing them access
2. Authorization: What is the user allowed to do?
to a network.
3. Accounting: What did the user do?
Authorizes those users or devices for specific network services.
Cisco implements AAA services in its Identity Services Engine
Accounts for the usage of those services.
(ISE) platform.
Question 42. Routers forward packets based on the MAC adAAA servers support the following two protocols to com-
dress.
municate with enterprise resources:
(A)
TRUE
1. TACACS+: TACACS+ A Cisco proprietary protocol that sepa-
(B)
FALSE
rates each of the AAA functions. Communication is secure and
encrypted over TCP port 49.
Explanation 42. FALSE is the correct answer.
The main purpose of a router is to connect multiple networks
One of the key differentiators of TACACS+ is its ability to sepa-
and forward packets destined either for its own networks or
77
other networks.
78
A crossover cable is a type of twisted-pair copper wire cable for
LANs (local area network) in which the wires on the cable are
A router is considered a layer-3 device because its primary for-
crossed over so that the receive signal pins on the RJ-45 con-
warding decision is based on the information in the layer-3 IP
nector on one end are connected to the transmit signal pins on
packet, specifically the destination IP address.
the RJ-45 connector on the other end.
When a router receives a packet, it searches its routing table to
Crossover cables are used to connect two devices of the same
find the best match between the destination IP address of the
type, e.g. two computers or two switches to each other.
packet and one of the addresses in the routing table.
Question 44. Which of the following devices forwards data
Switches are responsible to forward data based on the
packets to all connected ports?
MAC address. Routers using the destination IP address for
(A)
Router
routing decisions.
(B)
L2 Switch
(C)
Hub
(D)
L3 Switch
Question 43. A connection between devices that requires a
crossover cable is: switch to _______________.
(A)
Switch
Explanation 44. Hub is the correct answer.
(B)
Router
A hub also called a network hub, is a common connection point
(C)
PC
for devices in a network. Hubs are devices commonly used to
(D)
AP
connect segments of a LAN. The hub contains multiple ports.
When a packet arrives at one port, forwards that packet to all
Explanation 43. Switch is the correct answer.
connected ports.
A connection between devices that requires a crossover cable
is: switch to switch.
Question 45. You have been tasked to establish a WAN connection between two offices: one office is in Berlin and the oth79
80
er one in Hamburg. The transmission speed can be no less
Explanation 46. destination IP is the correct answer.
than 5 Mbps. Which of the following technologies would you
When an IP packet is to be forwarded, a router uses its forward-
choose?
ing table to determine the next hop for the packet’s destination
(A)
ISDN
based on the destination IP address.
(B)
T1
(C)
T3
Question 47. One of the key differences between Baseband
(D)
Frame Relay
and Broadband transmissions is that Broadband transmission
uses digital signaling over a single wire.
Explanation 45. T3 is the correct answer.
(A)
TRUE
A T3 line is a point-to-point Internet connection capable of
(B)
FALSE
transmitting up to 44.736 Mbps.
Explanation 47. FALSE is the correct answer.
A T3 line is composed of 28 bundled T1-level circuits. Each T1
Baseband transmissions use digital signaling over a single
circuit operates at 1.544 megabits per second (Mbps), for a to-
wire. Communication on baseband transmissions is bidirec-
tal connection speed of 44.736 Mbps. A T3 line is also often
tional, allowing signals to be sent and received, but not at the
referred to as a Digital Signal 3 (DS3) connection.
same time. To send multiple signals on a single cable, baseband uses something called time-division multiplexing (TDM).
Question 46. When an IP packet is to be forwarded, a router
uses its forwarding table to determine the next hop for the
Broadband transmissions use analog transmissions. For
packet’s destination based on the ____________ address.
broadband transmissions to be sent and received, the medium
(A)
destination IP
must be split into two channels. (Alternatively, two cables can
(B)
source IP
be used: one to send and one to receive transmissions.) Multi-
(C)
destination MAC
ple channels are created using frequency-division multiplexing
(D)
source MAC
(FDM).
81
82
Question 48. Which of the following advanced networking de-
through this interface.The management interface is assigned
vices manages wireless network access points that allow wire-
an IP address and is the initial point of contact for Lightweight
less devices to connect to the network?
Access Point Protocol (LWAPP) communication and registra-
(A)
Proxy server
tion.
(B)
Load balancer
(C)
Wireless controller
3. AP-manager interface: This interface is used to control and
(D)
VPN concentrator
manage all Layer 3 communications between the WLC and
lightweight APs.
Explanation 48. Wireless controller is the correct answer.
A wireless controller manages wireless network access points
4. Virtual interface: This interface is used to support mobility
that allow wireless devices to connect to the network.
management features, such as DHCP relay and Guest Web Authentication.
Most Cisco Wireless LAN Controllers (WLCs) supports the
5. Service-port interface: This interface is used to communi-
following features:
cate to the service port and must have an IP address that be1. Distribution system ports: These ports are used to connect
longs to a different IP subnet than that of the AP-manager in-
the WLC to a network switch and act as a path for data.
terface and any other dynamic interface.
2. Service port: This port is used as a management or console
6. Dynamic interfaces: These are VLAN interfaces created by
port. This port is active during the boot mode of the WLC.
you to allow for communication to various VLANs.
3. Management interface: This interface is used for in-band
Question 49. Which of the following advanced networking de-
management and provides connectivity to network devices
vices improves the overall performance of applications by de-
(such as DHCP servers or Radius servers). If you want to con-
creasing the burden on servers?
nect to the controller’s web management interface, it would be
(A)
83
Proxy server
84
(B)
Load balancer
(A)
Proxy server
(C)
Wireless controller
(B)
Load balancer
(D)
VPN concentrator
(C)
Wireless controller
(D)
VPN concentrator
Explanation 49. Load balancer is the correct answer.
A load balancer is a device that acts as a reverse proxy and
Explanation 50. Proxy server is the correct answer.
distributes network or application traffic across a number of
The proxy server is an intermediary server separating end
servers.
users from the websites they browse.
Load balancers are used to increase capacity (concurrent
If you’re using a proxy server, internet traffic flows through
users) and reliability of applications. They improve the overall
the proxy server on its way to the address you requested.
performance of applications by decreasing the burden on
servers associated with managing and maintaining application
The request then comes back through that same proxy server
and network sessions, as well as by performing application-
(there are exceptions to this rule), and then the proxy server
specific tasks.
forwards the data received from the website to you.
Load balancers are generally grouped into two categories: Lay-
Modern proxy servers do much more than forwarding web re-
er 4 and Layer 7. Layer 4 load balancers act upon data found in
quests, all in the name of data security and network perfor-
network and transport layer protocols (IP, TCP, FTP, UDP). Lay-
mance.
er 7 load balancers distribute requests based upon data found
in application layer protocols such as HTTP.
Proxy servers act as a firewall and web filter, provide shared
network connections, and cache data to speed up common re-
Question 50. Which of the following advanced networking de-
quests.
vices is an intermediary server separating end users from the
websites they browse?
85
86
Question 51. The forwarding technology that uses labels in-
cides the LSP the packet will take until it reaches its destination
stead of looking in a routing table to forward data is called
address.
________________.
(A)
PLSM
All the subsequent label-switching routers (LSRs) perform
(B)
MPLS
packet forwarding based only on those MPLS labels — they
(C)
SLPM
never look as far as the IP header. Finally, the egress router re-
(D)
LMSP
moves the labels and forwards the original IP packet toward its
final destination.
Explanation 51. MPLS is the correct answer.
The forwarding technology that uses labels instead of looking
Question 52. Which of the following tools is used to identify
in a routing table to forward data is called MPLS.
malicious activity, record detected threats, report detected
threats, and take preventative action to stop a threat from doing
Multiprotocol Label Switching (MPLS) is a data forwarding
damage?
technology that increases the speed and controls the flow of
(A)
Intrusion Prevention System
network traffic. With MPLS, data is directed through a path via
(B)
Content filter
labels instead of requiring complex lookups in a routing table at
(C)
UTM appliance
every stop.
(D)
VoIP gateway
MPLS allows most data packets to be forwarded at Layer 2 of
Explanation 52. Intrusion Prevention System is the correct
the Open Systems Interconnection (OSI) model, rather than
answer.
having to be passed up to Layer 3.
An Intrusion Prevention System (IPS) is used to identify malicious activity, record detected threats, report detected threats,
In an MPLS network, each packet gets labeled on entry into
and take preventative action to stop a threat from doing dam-
the service provider’s network by the ingress router, also known
age. An IPS tool can be used to continually monitor a network in
as the label edge router (LER). This is also the router that de-
real-time.
87
88
routing, network address translation (NAT), and virtual private
Intrusion prevention is a threat detection method that can be
network (VPN) support.
utilized in a secure environment by system and security administrators. These tools are useful for systems as a prevention ac-
Question 54. Given the following visual, your task is to identify
tion for observed events.
the fiber connector type.
Question 53. Which of the following tools is a single security
appliance, that provides multiple security functions such as antivirus, anti-spyware, anti-spam, network firewalling, intrusion
detection and prevention, content filtering and leak prevention?
(A)
Intrusion Prevention System
(B)
Content filter
(C)
UTM appliance
(D)
VoIP gateway
(A)
MTRJ
(B)
SC
Explanation 53. UTM appliance is the correct answer.
(C)
LC
Unified threat management (UTM) is an information security
(D)
ST
term that refers to a single security solution, and usually a single security appliance, that provides multiple security functions
Explanation 54. MTRJ is the correct answer.
at a single point on the network.
Question 55. Given the following visual, your task is to identify
A UTM appliance will usually include functions such as an-
the fiber connector type.
tivirus, anti-spyware, anti-spam, network firewalling, intrusion detection and prevention, content filtering and leak
prevention. Some units also provide services such as remote
89
90
Below is a summary of the Copper cable standards with their
speeds.
Catego Maximum
ry
data rate
(A)
MTRJ
(B)
SC
(C)
LC
(D)
ST
Explanation 55. SC is the correct answer.
Question 56. The twisted-pair cable category 5 can transmit
data up to _________________ Mbps.
(A)
1
(B)
16
(C)
4
(D)
100
Usual application
CAT 1
Up to 1
Mbps (1
MHz)
analog voice (POTS)
Basic Rate Interface in ISDN
Doorbell wiring
CAT 2
4 Mbps
Mainly used in the IBM cabling
system for Token Ring
networks
CAT 3
16 Mbps
Voice (analog most popular
implementation)
10BASE-T Ethernet
CAT 4
20 Mbps
Used in 16 Mbps Token Ring,
otherwise not used much. Was
only a standard briefly and
never widely installed.
Explanation 56. 100 is the correct answer.
The twisted-pair cable category 5 can transmit data up to
100Mbps.
91
92
CAT 5
100 MHz
100 Mbps TPDDI
155 Mbps ATM
No longer supported; replaced
by 5E.
10/100BASE-T
4/16MBps Token Ring
Analog Voice
CAT 5E
100 MHz
100 Mbps TPDDI
155 Mbps ATM
Gigabit Ethernet
Offers better near-end
crosstalk than CAT 5
CAT 6
Up to 250
MHz
Minimum cabling for data
centers in TIA-942.
Quickly replacing category 5e.
CAT 6E
MHz
(fieldtested to
500 MHz)
Support for 10 Gigabit
Ethernet (10GBASE-T)
May be either shielded (STP,
ScTP, S/FTP) or unshielded
(UTP)
This standard published in
Feb. 2008.
Minimum for Data Centers in
ISO data center standard.
CAT 7
(ISO
Class
F)
600 MHz
1.2 GHz in
pairs with
Siemon
connector
Full-motion video
Teleradiology
Government and
manufacturing environments
Fully Shielded (S/FTP) system
using non-RJ45 connectors
but backwards compatible with
hybrid cords.
Until February 2008, the only
standard (published in 2002)
to support 10GBASE-T for a
full 100m.
Question 57. Which of the following statements are true regarding the Next-Generation Firewall (NGFW)?
(A)
NGFW can't block modern threats such as advanced
malware and application-layer attacks
(B)
NGFW filter packets based on applications
(C)
NGFW integrates intrusion prevention system
(D)
NGFW can be a low-cost option for companies look-
ing to improve their security
(E)
NGFW is considered a more advanced version of the
traditional firewall
Explanation 57. B, C, D and E are the correct answers.
93
Next-generation firewalls filter network traffic to protect an
94
organization from external threats. Next-generation firewalls are
Explanation 58. FCoE is the correct answer.
a more advanced version of the traditional firewall, and they of-
Fiber Channel over Ethernet (FCoE) is a storage protocol that
fer the same benefits.
ensures that Fiber Channel communications are transmitted directly over Ethernet. FCoE moves Fiber Channel traffic to exist
There are also fundamental differences between the tradition-
high-speed Ethernet infrastructures and then integrates stor-
al firewall and next-generation firewalls.
age and IP protocols into a single cable transport and interface.
The most obvious differences between the two are:
The purpose of FCoE is to unify input/output (I / O) ports,
1. NGFW can block modern threats such as advanced malware
simplify switching, and reduce counting of cables and in-
and application-layer attacks.
terface cards.
2. NGFW filter packets based on applications.
3. NGFW integrates intrusion prevention system.
With so many NICs, HBAs, switches, and cables to deal with,
4. NGFW can be a low-cost option for companies looking to
both capital and operational costs to run a data center can in-
improve their security.
crease significantly. FCoE represents a way to drastically re-
5. NGFW is considered a more advanced version of the tradi-
duce the number of cards, switches, adapters, and assorted
tional firewall.
cabling by running LANs and SANs over the same infrastructure.
Question 58. Which of the following connection types simplify
the network connectivity by unifying input/out ports and reduc-
Question 59. Which of the following connection types is used
ing the number of cables and interface cards?
for transmitting data among data centers, computer servers,
(A)
FCoE
switches and storage at data rates of up to 128 Gbps.
(B)
Fibre Channel
(A)
FCoE
(C)
iSCSI
(B)
Fibre Channel
(D)
InfiniBand
(C)
iSCSI
(D)
InfiniBand
95
96
adapter to initiate and manage network communications. A virExplanation 59. Fibre Channel is the correct answer.
tual network adapter is the logical or software instance of a
Fibre Channel is a high-speed networking technology primari-
physical network adapter that allows a physical computer, vir-
ly used for transmitting data among data centers, computer
tual machine, or another computer to simultaneously connect
servers, switches and storage at data rates of up to 128 Gbps.
to a network or the Internet.
In the switched fabric topology that requires switches, all the
Question 61. Which of the following Virtual networking com-
devices are connected and communicated via switches. A Fi-
ponents provides network traffic filtering and monitoring for vir-
bre Channel switch, namely, is a networking device that is
tual machines (VMs) in a virtualized environment?
compatible with the Fibre Channel Protocol (FCP), and features
(A)
Virtual NIC
with high-performance, low-latency, and lossless-transmission
(B)
Virtual Router
in a Fibre Channel fabric.
(C)
Virtual Switch
(D)
Virtual Firewall
Known as one of the main components used in SANs, the Fibre
Channel switch plays an important role in interconnecting mul-
Explanation 60. Virtual Firewall is the correct answer.
tiple storage ports and servers.
A virtual firewall is a firewall device or service that provides
network traffic filtering and monitoring for virtual machines
Question 60. A virtual network adapter uses the host physical
(VMs) in a virtualized environment. Like a traditional network
network adapter to initiate and manage network communica-
firewall, a virtual firewall inspects packets and uses security
tions.
policy rules to block unapproved communication between VMs.
(A)
TRUE
(B)
FALSE
A virtual firewall is often deployed as a software appliance.
Question 62. It has been noticed that your co-workers spend
Explanation 60. TRUE is the correct answer.
a tremendous amount of time on social media and their pro-
A virtual network adapter uses the host physical network
ductivity has been reduced dramatically. Which of the following
97
98
program would you use to mitigate this phenomenon?
Question 63. Which of the following networking device con-
(A)
Content Filtering
nects multiple switches, to form an even larger network?
(B)
Social media Filtering
(A)
Switch
(C)
Internet Filtering
(B)
Router
(D)
Website Filtering
(C)
Wireless Access Point
(D)
Firewall
Explanation 62. Content Filtering is the correct answer.
A content filter is any software that controls what a user is al-
Explanation 63. Router is the correct answer.
lowed to peruse and is most often associated with websites.
Router connects multiple switches, to form an even larger net-
Using a content filter, an employer can block access to social
work.
media sites to all users, some users, or even just an individual
user.
Routers work as a dispatcher, directing traffic and choosing the
most efficient route for information, in the form of data packets,
Content filtering works by specifying content patterns – such as
to travel across a network.
text strings or objects within images – that, if matched, indicate
undesirable content that is to be screened out. A content filter
A router connects your business to the world, protects informa-
will then block access to this content.
tion from security threats, and even decides which devices
have priority over others.
Content filters are often part of Internet firewalls but can be implemented as either hardware or software. In such usage, con-
Question 64. Which of the following networking device con-
tent filtering is serving a security purpose – but content filtering
trols data access between networks?
is also used to implement company policies related to informa-
(A)
Switch
tion system usage.
(B)
Router
99
(C)
Wireless Access Point
(D)
Firewall
100
CHAPTER 3
NETWORK OPERATIONS
Explanation 64. Firewall is the correct answer.
Firewall controls data access between networks. Firewalls are
either a physical device or software that monitors incoming and
outgoing network traffic and decides whether to allow or block
Questions 66-86
specific traffic based on a defined set of security rules.
Question 65. Given the following visual, your task is to identify
the fiber connector type.
Question 66. Which of the following tool is designed to reveal
the ports which are open on a network, and determine if those
open ports need to be closed to provide more network security
and fewer vulnerabilities?
(A)
Log review
(B)
Port scanner
(C)
Vulnerability scanner
(D)
Packet analyzer
Question 67. Which of the following statements are true re(A)
MTRJ
(B)
SC
(C)
LC
(D)
ST
garding Security information and event management (SIEM)?
(A)
Provide reports on security-related incidents and
events, such as successful and failed logins
(B)
Send alerts if analysis shows that an activity runs
against the rules you set up
Explanation 65. LC is the correct answer.
(C)
Can't monitor and manage networks in real-time
(D)
Analyze data to discover and detect threats
(E)
SIEM applications can distinguish between sanctioned
file activity from suspicious activity
101
102
(A)
UPS
Question 68. One of the features of SNMPv3 is called mes-
(B)
Power generators
sage integrity.
(C)
Dual power supplies
(D)
Redundant circuits
(A)
TRUE
(B)
FALSE
Question 72. Which of the following protocols uses the port 22
Question 69. Which of the following VPN related term is a
for its service?
standard security technology for establishing an encrypted link
(A)
SSH
between a server and a client?
(B)
RDP
(A)
IPsec (Internet Protocol Security)
(C)
Telnet
(B)
Secure Sockets Layer (SSL)
(D)
HTTPS
(C)
site-to-site virtual private network (VPN)
(D)
VPN client-to-site
Question 73. Which of the following protocols uses the port
443 for its service?
Question 70. Which of the following process consist of scan-
(A)
SSH
ning devices (computers, mobile) or other machines on a net-
(B)
RDP
work for missing software updates and keep the systems up-
(C)
Telnet
dated to avoid security threats?
(D)
HTTPS
(A)
Software updater
(B)
Patch management
Question 74. Which of the following terms refer to an organiza-
(C)
Patch scanning
tion’s documented rules about what is to be done, or not done
(D)
Software scanning
and who can access particular network resources?
(A)
Configurations
Question 71. Which of the following options provides only
(B)
Regulations
temporary power, when the primary power source is lost?
(C)
Policies
103
104
(D)
Procedures
Question 78. FTP uses port numbers 20 and ______ for command control and data transfer.
Question 75. _________________ is a metric that represents the
(A)
23
average amount of time required to fix a failed component or
(B)
22
device and return it to the production stage.
(C)
21
(D)
19
(A)
MTTR
(B)
TTRM
(C)
RTMR
Question 79. Which of the following backup types back up
(D)
TMRT
only the data that has changed since the previous backup?
(A)
Partial Backups
Question 76. The process of combining multiple network
(B)
Differential backups
cards is known as NIC __________________.
(C)
Incremental backups
(D)
Full backups
(A)
Binding
(B)
Teaming
(C)
Combining
Question 80. Which of the following protocols is not used pri-
(D)
Merging
marily for file transfers? (Choose all that apply)
(A)
FTP
Question 77. The ability of a system (computer, network, cloud
(B)
FTPS
cluster, etc.) to continue operating without interruption when
(C)
SFTP
one or more of its components fail is called:
(D)
TFTP
(A)
Load balancing
(E)
HTTP
(B)
Port aggregation
(F)
HTTPS
(C)
Clustering
(D)
Fault tolerance
105
106
Question 81. ______________ measures how many packets arrive
(B)
Warm site
at their destinations successfully.
(C)
Cold site
(D)
Mirror site
(A)
Bandwidth
(B)
Throughput
(C)
Error rate
Question 85. Which of the following stages of disaster recov-
(D)
Utilization
ery sites is a backup facility that has the network connectivity
and the necessary hardware equipment already pre-installed
Question 82. Out-of-band management provides a way to log
but cannot perform on the same level as the production center?
into a network device without going through the same network
(A)
Hot site
through which the data passing through.
(B)
Warm site
(A)
TRUE
(C)
Cold site
(B)
FALSE
(D)
Mirror site
Question 83. _____________ is a service that allows you to con-
Question 86. A physical diagram represents how a network
nect to the Internet via an encrypted tunnel to ensure your on-
looks, while a logical diagram represents how the traffic flows
line privacy and protect your sensitive data.
on the network.
(A)
RDP
(A)
TRUE
(B)
SSH
(B)
FALSE
(C)
VPN
(D)
VNC
Question 84. Which of the following stages of disaster recovery sites represents a mirrored copy of the primary production
center?
(A)
Hot site
107
108
Answers 66-86
(B)
Send alerts if analysis shows that an activity runs
against the rules you set up
Question 66. Which of the following tool is designed to reveal
(C)
Can't monitor and manage networks in real-time
the ports which are open on a network, and determine if those
(D)
Analyze data to discover and detect threats
open ports need to be closed to provide more network security
(E)
SIEM applications can distinguish between sanctioned
and fewer vulnerabilities?
file activity from suspicious activity
(A)
Log review
(B)
Port scanner
Explanation 67. A, B and D are the correct answers.
(C)
Vulnerability scanner
Security information and event management (SIEM) tools are
(D)
Packet analyzer
an important part of the data security ecosystem, they aggregate data from multiple systems and analyze that data to catch
Explanation 66. Port scanner is the correct answer.
Port scanner tool is designed to reveal which ports are open
on a network and determine if those open ports need to be
closed to provide more network security and fewer vulnerabilities.
SIEM tools:
1. Provide reports on security-related incidents and events,
such as successful and failed logins.
The tool is used by administrators to verify the security policies
of their networks and by attackers to identify network services
running on a host and exploit vulnerabilities.
Question 67. Which of the following statements are true regarding Security information and event management (SIEM)?
(A)
abnormal behavior or potential attacks.
Provide reports on security-related incidents and
events, such as successful and failed logins
109
(A)
TRUE
(B)
FALSE
2. Send alerts if analysis shows that an activity runs against the
rules you set up.
3. Analyze data to discover and detect threats.
4. SIEM applications can’t distinguish between sanctioned file
activity from suspicious activity.
5. Can monitor and manage networks in real-time.
Question 68. One of the features of SNMPv3 is called message integrity.
110
The following are SNMPv3 features:
Message integrity: This mechanism, applied to all SNMPv3
Explanation 68. TRUE is the correct answer.
messages, confirms whether or not each message has been
Simple Network Management Protocol (SNMP) is a way for
changed during transit.
different devices on a network to share information with one
another. It allows devices to communicate even if the devices
Authentication: This optional feature adds authentication with
are different hardware and run different software.
both a username and password, with the password never sent
as clear text. Instead, it uses a hashing method like many other
Without a protocol like SNMP, there would be no way for net-
modern authentication processes.
work management tools to identify devices, monitor network
performance, keep track of changes to the network, or deter-
Encryption (privacy): This optional feature encrypts the con-
mine the status of network devices in real-time.
tents of SNMPv3 messages so that attackers who intercept the
messages cannot read their contents.
Simple Network Management Protocol (SNMP) provides a
message format for communication between what are termed,
Question 69. Which of the following VPN related term is a
managers, and agents. An SNMP manager is a network man-
standard security technology for establishing an encrypted link
agement application running on a PC or server, with that host
between a server and a client?
typically being called a Network Management Station (NMS).
(A)
IPsec (Internet Protocol Security)
(B)
Secure Sockets Layer (SSL)
As for the SNMP protocol messages, all versions of SNMP sup-
(C)
site-to-site virtual private network (VPN)
port a basic clear-text password mechanism, although none of
(D)
VPN client-to-site
those versions refer to the mechanism as using a password.
SNMP Version 3 (SNMPv3) adds more modern security as well.
Explanation 69. Secure Sockets Layer (SSL) is the correct
answer.
111
112
Secure Sockets Layer (SSL) is a standard security technology
ploying those patches as soon as they become available.
for establishing an encrypted link between a server and a client
—typically a web server (website) and a browser, or a mail
Question 71. Which of the following options provides only
server and a mail client.
temporary power, when the primary power source is lost?
(A)
UPS
Question 70. Which of the following process consist of scan-
(B)
Power generators
ning devices (computers, mobile) or other machines on a net-
(C)
Dual power supplies
work for missing software updates and keep the systems up-
(D)
Redundant circuits
dated to avoid security threats?
(A)
Software updater
Explanation 71. Secure Sockets Layer (SSL) is the correct
(B)
Patch management
answer.
(C)
Patch scanning
An uninterruptible power supply (UPS) is a device that al-
(D)
Software scanning
lows a computer to keep running for at least a short time when
the primary power source is lost. UPS devices also provide pro-
Explanation 70. Patch management is the correct answer.
tection from power surges.
Patch management is the process of updating operating systems and applications to avoid security threats. Patch man-
Question 72. Which of the following protocols uses the port 22
agement helps to test and installs multiple code modifications
for its service?
on existing applications and software tools on a computer,
(A)
SSH
keeping systems updated and determines which patches are
(B)
RDP
the appropriate ones.
(C)
Telnet
(D)
HTTPS
Patch management consists of scanning computers, mobile
devices, or other machines on a network for missing software
Explanation 72. SSH is the correct answer.
updates, known as “patches” and fixing the problem by de113
Question 73. Which of the following protocols uses the port
443 for its service?
(A)
SSH
(B)
RDP
(C)
Telnet
(D)
HTTPS
to allow employees to use their personal smartphones, laptops,
and tablets for work.
Non Disclosure Agreements (NDAs)
Question 74. Which of the following terms refer to an organization’s documented rules about what is to be done, or not done
and who can access particular network resources?
Configurations
(B)
Regulations
(C)
Policies
(D)
Procedures
Bring your own device (BYOD) policy
Bring-your-own-device (BYOD) policies are set by companies
Explanation 73. HTTPS is the correct answer.
(A)
114
A non-disclosure agreement is a legally binding contract that
establishes a confidential relationship. The party or parties
signing the agreement agree that sensitive information they
may obtain will not be made available to any others.
Acceptable use policy (AUP)
An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a
corporate network or the Internet. Many businesses and edu-
Explanation 74. Policies is the correct answer.
By definition, policies refer to an organization’s documented
rules about what is to be done, or not done, and why. Policies
dictate who can and cannot access particular network resources, server rooms, backup media, and more.
cational facilities require that employees or students sign an
acceptable use policy before being granted a network ID.
Password policy
A password policy is a set of rules which were created to improve computer security by motivating users to create depend-
Although networks might have different policies depending on
able, secure passwords and then store and utilize them proper-
their needs, some common policies include the following:
ly.
115
116
(D)
International export controls
International export controls are a number of laws and regulations that govern what can and cannot be exported when it
comes to software and hardware to various countries. Employees should take every precaution to make sure they are adhering to the letter of the law.
TMRT
Explanation 75. MTTR is the correct answer.
MTTR (mean time to repair) is a metric that represents the
average amount of time required to fix a failed component or
device and return it to the production stage.
MTTR (Mean time to repair) includes the time it takes to find out
Data loss prevention
about the failure, diagnose the problem, and repair it. MTTR is a
A data loss prevention policy defines how organizations can
basic measure of how maintainable an organization’s equip-
share and protect data. It guides how data can be used in deci-
ment is and, ultimately, is a reflection of how efficiently an or-
sion making without it being exposed to anyone who should
ganization can fix a problem.
not have access to it.
Question 76. The process of combining multiple network
Remote access policies
cards is known as NIC __________________.
A remote access policy defines the conditions, remote access
permissions, and creates a profile for every remote connection
made to the corporate network.
Question 75. _________________ is a metric that represents the
average amount of time required to fix a failed component or
device and return it to the production stage.
(A)
MTTR
(B)
TTRM
(C)
RTMR
(A)
Binding
(B)
Teaming
(C)
Combining
(D)
Merging
Explanation 76. Teaming is the correct answer.
The process of combining multiple network cards is known as
NIC Teaming.
NIC Teaming allows you to group between one and 32 physi-
117
118
cal Ethernet network adapters into one or more software-based
Question 78. FTP uses port numbers 20 and ______ for com-
virtual network adapters.
mand control and data transfer.
(A)
23
These virtual network adapters provide fast performance and
(B)
22
fault tolerance in the event of a network adapter failure.
(C)
21
(D)
19
Question 77. The ability of a system (computer, network, cloud
cluster, etc.) to continue operating without interruption when
Explanation 78. 21 is the correct answer.
one or more of its components fail is called:
FTP uses port numbers 20 and 21 for command control and
(A)
Load balancing
data transfer. FTP stands for File Transfer Protocol. A proto-
(B)
Port aggregation
col is a system of rules that networked computers use to com-
(C)
Clustering
municate with one another. FTP is a client-server protocol that
(D)
Fault tolerance
may be used to transfer files between computers on the internet. The client asks for the files and the server provides them.
Explanation 77. Fault tolerance is the correct answer.
The ability of a system (computer, network, cloud cluster, etc.)
An FTP server offers access to a directory, with sub-directories.
to continue operating without interruption when one or more of
Users connect to these servers with an FTP client, a piece of
its components fail is called: Fault tolerance.
software that lets you download files from the server, as well as
upload files to it.
The goal of fault-tolerant computer systems is to ensure business continuity and high availability by preventing disruptions
Question 79. Which of the following backup types back up
arising from a single point of failure. Fault tolerance solutions,
only the data that has changed since the previous backup?
therefore, tend to focus most on mission-critical applications or
(A)
Partial Backups
systems.
(B)
Differential backups
(C)
Incremental backups
119
120
(D)
Full backups
is a client-server protocol where a client will ask for a file, and a
local or remote server will provide it the files.
Explanation 79. Incremental backups is the correct answer.
Incremental backups backups trying to decrease the amount
FTPS is also known FTP over TLS. At its core, FTPS (FTP over
of time and the storage space that it takes to do a full backup.
SSL) is a secure file transfer protocol that allows you to connect
Incremental backups only back up the data that has changed
securely with your trading partners, customers, and users.
since the previous backup.
FTPS implements strong algorithms like AES and Triple DES to
Question 80. Which of the following protocols is not used pri-
encrypt file transfers. For authentication when connecting to
marily for file transfers? (Choose all that apply)
trading partner servers and vice versa, FTPS uses a combina-
(A)
FTP
tion of user IDs, passwords, and/or certificates to verify authen-
(B)
FTPS
ticity.
(C)
SFTP
(D)
TFTP
SFTP stands for SSH File Transfer Protocol, or Secure File
(E)
HTTP
Transfer Protocol is a separate protocol packaged with SSH
(F)
HTTPS
that works in a similar way over a secure connection. The advantage is the ability to leverage a secure connection to trans-
Explanation 80. HTTP and HTTPS are the correct answers.
fer files and traverse the filesystem on both the local and re-
HTTP and HTTPS aren’t used for file transfer, they are primarily
mote systems.
used to deliver Web pages and content to browsers, not for uploading and downloading files.
Trivial File Transfer Protocol (TFTP) is a simple protocol used
for transferring files. TFTP uses the User Datagram Protocol
FTP stands for File Transfer Protocol. File Transfer Protocol
(UDP) to transport data from one end to another. TFTP is most-
(FTP) is a standard Internet protocol for transmitting files be-
ly used to read and write files/mail to or from a remote server.
tween computers or servers on the Internet, using port 21. FTP
121
122
Question 81. ______________ measures how many packets arrive
bandwidth used in the network. While high network utilization
at their destinations successfully.
indicates the network is busy, low network utilization indicates
(A)
Bandwidth
the network is idle.
(B)
Throughput
(C)
Error rate
Question 82. Out-of-band management provides a way to log
(D)
Utilization
into a network device without going through the same network
through which the data passing through.
Explanation 81. Throughput is the correct answer.
(A)
TRUE
Throughput measures how many packets arrive at their desti-
(B)
FALSE
nations successfully. For the most part, throughput capacity is
measured in bits per second, but it can also be measured in
Explanation 82. TRUE is the correct answer.
data per second.
Out-of-band management provides a way to log into a network
device without going through the same network through which
Bandwidth is measured as the amount of data that can be
the data passing through.
transferred from one point to another within a network in a specific amount of time. Typically, bandwidth is expressed as a bi-
That means the management traffic is confined to the console
trate and measured in bits per second (bps).
port (from the PC connecting with rollover cable) and AUX port
(through a modem and the phone line) and does not mix in with
Error rates refer to the frequency of errors occurred, defined as
any of the network’s data.
“the ratio of a total number of data units in error to the total
number of data units transmitted.” As the error rate increases,
Question 83. _____________ is a service that allows you to con-
the data transmission reliability decreases.
nect to the Internet via an encrypted tunnel to ensure your online privacy and protect your sensitive data.
Network utilization is the ratio of current network traffic to the
(A)
RDP
maximum traffic that the port can handle. It indicates the
(B)
SSH
123
124
(C)
VPN
the primary production center. The most important feature of-
(D)
VNC
fered from a hot site is that the production environment(s) are
running with your main datacenter at the same time.
Explanation 83. VPN is the correct answer.
is a service that allows you to connect to the Internet via an en-
This syncing allows for minimal downtime to business opera-
crypted tunnel to ensure your online privacy and protect your
tions. In the event of a significant outage event to your main
sensitive data.
data center, the hot site can take the place of the impacted site
immediately.
You can use a Virtual Private Network (VPN) to:
1. Bypass geographic restrictions on websites or streaming au-
Question 85. Which of the following stages of disaster recov-
dio and video.
ery sites is a backup facility that has the network connectivity
2. Protect yourself from snooping on untrustworthy Wi-Fi
and the necessary hardware equipment already pre-installed
hotspots.
but cannot perform on the same level as the production center?
3. Gain anonymity online by hiding your true location.
(A)
Hot site
(B)
Warm site
Question 84. Which of the following stages of disaster recov-
(C)
Cold site
ery sites represents a mirrored copy of the primary production
(D)
Mirror site
center?
(A)
Hot site
Explanation 85. Warm site is the correct answer.
(B)
Warm site
Warm Site is a backup facility that has the network connectivi-
(C)
Cold site
ty and the necessary hardware equipment already pre-installed
(D)
Mirror site
but cannot perform on the same level as the production center.
Explanation 84. Hot site is the correct answer.
The difference between a hot site and a warm site is that while
Hot Site is a backup facility that represents a mirrored copy of
the hot site provides a mirror of the production data-center and
125
its environment(s), a warm site will contain only servers ready
126
plan.
for the installation of production environments.
A logical network diagram describes the way information
Therefore, a warm site has less operational capacity than the
flows through a network. Therefore, logical network diagrams
primary site. Moreover, data synchronization between the pri-
typically show subnets (including VLAN IDs, masks, and ad-
mary and secondary sites is performed daily or weekly, which
dresses), network devices like routers and firewalls, and routing
can result in minor data loss. A warm site is perfect for organi-
protocols.
zations that operate with less critical data and can tolerate a
short period of downtime.
Question 86. A physical diagram represents how a network
looks, while a logical diagram represents how the traffic flows
on the network.
(A)
TRUE
(B)
FALSE
Explanation 86. TRUE is the correct answer.
A physical diagram represents how a network looks, while
a logical diagram represents how the traffic flows on the network.
A physical network diagram shows the actual physical
arrangement of the components that make up the network, including cables and hardware. Typically, the diagram gives a
bird’s eye view of the network in its physical space, like a floor127
128
CHAPTER 4
NETWORK SECURITY
Questions 87-110
Question 87. What is used as the authentication server in
802.1X?
(A)
RADIUS server
(B)
DHCP server
(C)
TACACS+ server
(D)
DNS server
advantage of is known as:
(B)
Penetration Testing
(C)
Attack Testing
(D)
Identify Weak Spots
(B)
netstat
(C)
ipconfig
(D)
tracert
Question 90. Multifactor authentication combines two or more
independent credentials: what the user knows (password),
metric verification).
the purpose of identifying weak spots that attackers could take
Simulated Attack
ping
what the user has (security token) and what the user is (bio-
Question 88. An authorized simulated attack on a system with
(A)
(A)
Question 89. You have been tasked to identify all connections
and listening ports on your device. Assuming you are working
on a Windows environment. Which command will you type to
complete the task?
(A)
TRUE
(B)
FALSE
Question 91. Which of the following switch port protection
techniques ensures that you do not create loops when you
have redundant paths in your network?
(A)
Flood guard
(B)
Root guard
(C)
Spanning tree
(D)
DHCP snooping
Question 92. Which of the following switch port protection
techniques protects switches against MAC flood attacks?
(A)
Flood guard
(B)
Root guard
(C)
Spanning tree
129
(D)
DHCP snooping
130
(C)
DMZ
(D)
VLAN
Question 93. You have been tasked to blacklist certain computers to connect on the Wi-Fi, based on their MAC address.
Question 96. Which of the following attacks doesn’t require
Which of the following tools will you use in order to complete
the use of technology in order to get access to sensitive data?
the task?
(A)
Social engineering
(A)
EAP
(B)
Man-in-the-middle
(B)
Preshared key
(C)
VLAN Hopping
(C)
Geofencing
(D)
Ransomware
(D)
MAC Filtering
Question 97. Which of the following attacks typically function
Question 94. What can be accomplished with a brute-force
by overwhelming or flooding a targeted machine with requests
attack?
until normal traffic is unable to be processed?
(A)
Make a server unavailable
(A)
DoS
(B)
Guess a user’s password
(B)
Spoofing
(C)
Spoof every possible IP address
(C)
Reconnaissance
(D)
Alter a routing table
(D)
Phising
Question 95. __________________ is a physical or logical subnet
Question 98. Exploits are a weakness in software systems,
aiming to separate an internal LAN from other untrusted net-
while vulnerabilities are attacks made to take advantage of ex-
works. External-facing servers, resources, and/or services are
ploits.
located in that place, so they are accessible from the internet,
(A)
TRUE
but the rest of the internal LAN remains unreachable and safe.
(B)
FALSE
(A)
ACL
(B)
Honeynet
131
132
Question 99. Which of the following networking attacks re-
(A)
Rogue Access Point
direct online traffic to a fraudulent website that resembles its in-
(B)
Logic Bomb
tended destination?
(C)
Evil Twin
(D)
Social Engineering
(A)
DNS poisoning
(B)
Phishing
(C)
War-driving
Question 103. File _____________ is used to verify that the con-
(D)
ARP poisoning
tent of files isn’t modified while transferring over the network.
Question 100. Which encryption algorithm is used by WPA2?
(A)
Checking
(B)
Hashing
(A)
DES
(C)
Altering
(B)
CCMP-AES
(D)
Modifying
(C)
3DES
(D)
RSA
Question 104. Biometrics uses a unique physical characteristic
of a person to permit access to a controlled IT resource.
Question 101. Which networking attack uses psychological
(A)
TRUE
manipulation to trick users into making security mistakes or
(B)
FALSE
giving away sensitive information
(A)
Rogue Access Point
Question 105. Which one of the following attacks requires the
(B)
Logic Bomb
attacker to be on the same network as the victim?
(C)
Evil Twin
(A)
DNS poisoning
(D)
Social Engineering
(B)
Social engineering
(C)
Logic bomb
(D)
ARP poisoning
Question 102. Which networking attack is a fake Wi-Fi network that looks like a legitimate access point to steal victims’
sensitive details
133
134
Question 106. Which of the following protocols are considered
Question 109. A Logic bomb is a malicious program that is
secure protocols? (Choose all that apply)
triggered when a logical condition is met, such as after a num-
(A)
HTTP
ber of transactions have been processed.
(B)
FTP
(A)
TRUE
(C)
SSH
(B)
FALSE
(D)
HTTPS
(E)
Telnet
Question 110. The act of locating and exploiting connections
to wireless local area networks while driving around a city is
Question 107. Given the following passwords, which of these
called:
you would choose to make your account harder to hack?
(A)
Exploit WLAN
(Choose all that apply)
(B)
Social engineering
(A)
3x@m$d1g3$td0tC0m
(C)
War driving
(B)
1234567
(D)
City poisoning
(C)
Mike1978
(D)
rcfPEj43gvRGC23
(E)
admin
Question 108. AAA servers usually support the protocol
TACACS+ and _________________ to communicate with enterprise
resources.
(A)
HTTP
(B)
RADIUS
(C)
FTP
(D)
DNS
135
136
Answers 87-110
Question 87. What is used as the authentication server in
802.1X?
(A)
RADIUS server
(B)
DHCP server
(C)
TACACS+ server
(D)
DNS server
(A)
Simulated Attack
(B)
Penetration Testing
(C)
Attack Testing
(D)
Identify Weak Spots
Explanation 88. Penetration Testing is the correct answer.
An authorized simulated attack on a system with the purpose
of identifying weak spots that attackers could take advantage
of is known as Penetration Testing.
Explanation 87. RADIUS server is the correct answer.
802.1x is a network authentication protocol that opens ports for
network access when an organization authenticates a user’s
identity and authorizes them for access to the network. The
user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server.
The 802.1X standard is designed to enhance the security of
The attacks are made from security experts to find and exploit
vulnerabilities in a computer system.
Types of pen tests:
1. White box pen test – In a white box test, the hacker will be
provided with some information ahead of time regarding the
target company’s security info.
wireless local area networks (WLANs) that follow the IEEE
802.11 standard. 802.1X provides an authentication framework
for wireless LANs, allowing a user to be authenticated by a central authority.
where the hacker is given no background information besides
the name of the target company.
Question 88. An authorized simulated attack on a system with
the purpose of identifying weak spots that attackers could take
advantage of is known as:
2. Black box pen test – Also known as a ‘blind’ test, this is one
3. Covert pen test – Also known as a ‘double-blind’ pen test,
this is a situation where almost no one in the company is aware
137
138
that the pen test is happening, including the IT and security
(C)
ipconfig
professionals who will be responding to the attack. For covert
(D)
tracert
tests, it is especially important for the hacker to have the scope
and other details of the test in writing beforehand to avoid any
Explanation 89. netstat is the correct answer.
problems with law enforcement.
The command netstat identifies all connections and listening
ports on your device.
4. External pen test – In an external test, the ethical hacker
goes up against the company’s external-facing technology,
Netstat derived from the words network and statistics is a
such as their website and external network servers. In some
command line tool that delivers statistics on all network activi-
cases, the hacker may not even be allowed to enter the com-
ties and informs users on which portsand addresses the corre-
pany’s building. This can mean conducting the attack from a
sponding connections (TCP, UDP) are running and which ports
remote location or carrying out the test from a truck or van
are open for tasks.
parked nearby.
Question 90. Multifactor authentication combines two or more
5. Internal pen test – In an internal test, the ethical hacker per-
independent credentials: what the user knows (password),
forms the test from the company’s internal network. This kind
what the user has (security token) and what the user is (bio-
of test is useful in determining how much damage a disgruntled
metric verification).
employee can cause from behind the company’s firewall.
(A)
TRUE
(B)
FALSE
Question 89. You have been tasked to identify all connections
and listening ports on your device. Assuming you are working
Explanation 90. TRUE is the correct answer.
on a Windows environment. Which command will you type to
Multifactor authentication combines two or more indepen-
complete the task?
dent credentials: what the user knows (password), what the
(A)
ping
user has (security token) and what the user is (biometric verifi-
(B)
netstat
cation).
139
140
your network.
Something you know: A user name, a password, a
passphrase, or a personal identification number (PIN).
A switching loop or bridge loop occurs in computer networks
when there is more than one path between two endpoints. The
Something you have: A physical security device that authen-
loop creates broadcast storms as broadcasts and multicasts
ticates you, such as a smart card, badge, or key fob.
are forwarded by switches out every port, the switch or switches will repeatedly rebroadcast the broadcast messages flood-
Something you are: Some distinguishing, unique characteris-
ing the network.
tic, such as a biometric.
Question 92. Which of the following switch port protection
Somewhere you are: The location factor; requires you to be in
techniques protects switches against MAC flood attacks?
a space to authenticate.
(A)
Flood guard
(B)
Root guard
Question 91. Which of the following switch port protection
(C)
Spanning tree
techniques ensures that you do not create loops when you
(D)
DHCP snooping
have redundant paths in your network?
(A)
Flood guard
Explanation 92. Flood guard is the correct answer.
(B)
Root guard
Flood guard is a feature that is included in many switches that
(C)
Spanning tree
protect them against MAC flood attacks. When enabled, the
(D)
DHCP snooping
switch will limit the amount of memory used to store MAC addresses for each port.
Explanation 91. Spanning tree is the correct answer.
Spanning Tree Protocol (STP) is a Layer 2 protocol that runs
For example, the switch can limit the number of entries for any
on switches. The main purpose of STP is to ensure that you do
port to 5 entries. Then, if the switch detects an attempt to store
not create bridge loops when you have redundant paths in
more than 5 entries, it raises an alert.
141
142
(D)
Alter a routing table
Question 93. You have been tasked to blacklist certain computers to connect on the Wi-Fi, based on their MAC address.
Explanation 94. Guess a user’s password is the correct an-
Which of the following tools will you use in order to complete
swer.
the task?
A brute force attack is an attempt to crack a password or
(A)
EAP
username using a trial and error approach. In a brute-force at-
(B)
Preshared key
tack, an attacker’s software tries every combination of letters,
(C)
Geofencing
numbers, and special characters to eventually find a string that
(D)
MAC Filtering
matches a user’s password.
Explanation 93. MAC Filtering is the correct answer.
Question 95. __________________ is a physical or logical subnet
MAC filtering is a security method based on access control.
aiming to separate an internal LAN from other untrusted net-
MAC filtering helps in listing a set of allowed devices that you
works. External-facing servers, resources, and/or services are
want on your Wi-Fi and the list of denied devices that you don’t
located in that place, so they are accessible from the internet,
want on your Wi-Fi.
but the rest of the internal LAN remains unreachable and safe.
(A)
ACL
It helps in preventing unwanted access to the network. In a
(B)
Honeynet
way, we can blacklist or white list certain computers based on
(C)
DMZ
their MAC address.
(D)
VLAN
Question 94. What can be accomplished with a brute-force
Explanation 95. DMZ is the correct answer.
attack?
(Demilitarized Zone) also known as perimeter network is a
(A)
Make a server unavailable
physical or logical subnet aiming to separate an internal LAN
(B)
Guess a user’s password
from other untrusted networks.
(C)
Spoof every possible IP address
143
144
External-facing servers, resources, and/or services are located
(B)
Spoofing
in that place, so they are accessible from the internet, but the
(C)
Reconnaissance
rest of the internal LAN remains unreachable and safe.
(D)
Phising
Question 96. Which of the following attacks doesn’t require
Explanation 97. DoS is the correct answer.
the use of technology in order to get access to sensitive data?
A denial-of-service (DoS) attack is a type of cyber attack in
(A)
Social engineering
which a malicious actor aims to render a computer or other de-
(B)
Man-in-the-middle
vice unavailable to its intended users by interrupting the de-
(C)
VLAN Hopping
vice’s normal functioning.
(D)
Ransomware
DoS attacks typically function by overwhelming or flooding a
Explanation 96. Social engineering is the correct answer.
targeted machine with requests until normal traffic is unable to
Social engineering is used for a variety of malicious actions
be processed, resulting in denial-of-service to additional users.
accomplished through human interactions. It uses psychologi-
A DoS attack is characterized by using a single computer to
cal manipulation to trick users into making security mistakes or
launch the attack.
giving away sensitive information.
Question 98. Exploits are a weakness in software systems,
A perpetrator first investigates the intended victim to gather
while vulnerabilities are attacks made to take advantage of ex-
necessary information, such as potential points of entry and
ploits.
weak security protocols, needed to proceed with the attack.
(A)
TRUE
(B)
FALSE
Question 97. Which of the following attacks typically function
by overwhelming or flooding a targeted machine with requests
Explanation 98. FALSE is the correct answer.
until normal traffic is unable to be processed?
Vulnerabilities are a weakness in software systems, while ex-
(A)
ploits are attacks made to take advantage of vulnerabilities.
DoS
145
146
WPA2 uses CCMP-AES. CCMP stands for Counter Mode with
Vulnerabilities are essentially weak points in software code and
Cipher Block Chaining Message Authentication. CCMP pro-
exploits are software programs that were specifically designed
vides authentication, confidentiality, and integrity checking ser-
to attack systems with vulnerabilities.
vices to any cryptographic system in which it is used. Under
the hood of CCMP is the AES algorithm.
Question 99. Which of the following networking attacks redirect online traffic to a fraudulent website that resembles its in-
CCMP is an encryption protocol designed for Wireless LAN
tended destination?
products. It’s an enhanced data cryptographic encapsulation
(A)
DNS poisoning
mechanism designed for data confidentiality and based upon
(B)
Phishing
the Counter Mode with CBC-MAC (CCM mode) of the Ad-
(C)
War-driving
vanced Encryption Standard (AES) standard.
(D)
ARP poisoning
It was created to address the vulnerabilities presented by Wired
Explanation 99. DNS poisoning is the correct answer.
Equivalent Privacy (WEP), a dated, insecure protocol.
DNS poisoning is a networking attack in which the DNS
records are altered aiming to redirect online traffic to a fraudu-
Question 101. Which networking attack uses psychological
lent website that resembles its intended destination.
manipulation to trick users into making security mistakes or
giving away sensitive information
Question 100. Which encryption algorithm is used by WPA2?
(A)
Rogue Access Point
(A)
DES
(B)
Logic Bomb
(B)
CCMP-AES
(C)
Evil Twin
(C)
3DES
(D)
Social Engineering
(D)
RSA
Explanation 101. Social Engineering is the correct answer.
Explanation 100. CCMP-AES is the correct answer.
147
Social engineering is used for a variety of malicious actions
148
accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or
An evil twin access point can also be used in a phishing scam.
giving away sensitive information.
In this type of attack, victims will connect to the evil twin and
will be lured to a phishing site.
A perpetrator first investigates the intended victim to gather
necessary information, such as potential points of entry and
Question 103. File _____________ is used to verify that the con-
weak security protocols, needed to proceed with the attack.
tent of files isn’t modified while transferring over the network.
(A)
Checking
Question 102. Which networking attack is a fake Wi-Fi net-
(B)
Hashing
work that looks like a legitimate access point to steal victims’
(C)
Altering
sensitive details
(D)
Modifying
(A)
Rogue Access Point
(B)
Logic Bomb
Explanation 103. Hashing is the correct answer.
(C)
Evil Twin
File hashing is used to verify that the content of files isn’t mod-
(D)
Social Engineering
ified while transferring over the network.
Explanation 102. Evil Twin is the correct answer.
Question 104. Biometrics uses a unique physical characteristic
An Evil twin is a fake Wi-Fi network that looks like a legitimate
of a person to permit access to a controlled IT resource.
access point to steal victims’ sensitive details. The fake Wi-Fi
(A)
TRUE
access point is used to eavesdrop on users and steal their login
(B)
FALSE
credentials or other sensitive information.
Explanation 104. TRUE is the correct answer.
Because the hacker owns the equipment being used, the victim
Biometrics uses a unique physical characteristic of a person to
will have no idea that the hacker might be intercepting things
permit access to a controlled IT resource.
like bank transactions.
149
150
Question 105. Which one of the following attacks requires the
attacker to be on the same network as the victim?
Explanation 106. SSH and HTTPS are the correct answers.
(A)
DNS poisoning
The only difference between Hypertext Transfer Protocol
(B)
Social engineering
(HTTP) and Hypertext transfer protocol secure
(C)
Logic bomb
(HTTPS) protocols is that HTTPS uses TLS (SSL) to encrypt
(D)
ARP poisoning
normal HTTP requests and responses. As a result, HTTPS is far
more secure than HTTP.
Explanation 105. ARP poisoning is the correct answer.
Address Resolution Protocol (ARP) poisoning is when an at-
File Transfer Protocol (FTP) is a standard Internet protocol for
tacker sends falsified ARP messages over a local area network
transmitting files between computers or servers on the Internet,
(LAN) to link an attacker’s MAC address with the IP address of a
using port 21. FTP is a client-server protocol where a client will
legitimate computer or server on the network.
ask for a file, and a local or remote server will provide it the files.
Once the attacker’s MAC address is linked to an authentic IP
The secure version of the FTP is FTPS (FTP over SSL) which is
address, the attacker can receive any messages directed to the
a secure file transfer protocol that allows you to connect se-
legitimate MAC address. As a result, the attacker can intercept,
curely with your trading partners, customers, and users.
modify, or block communicates to the legitimate MAC address.
SSH, or Secure Shell, is a remote administration protocol that
Question 106. Which of the following protocols are considered
allows users to control and modify their remote servers over the
secure protocols? (Choose all that apply)
Internet. The service was created as a secure replacement for
(A)
HTTP
the unencrypted Telnet and uses cryptographic techniques to
(B)
FTP
ensure that all communication to and from the remote server
(C)
SSH
happens in an encrypted manner.
(D)
HTTPS
(E)
Telnet
Question 107. Given the following passwords, which of these
151
152
you would choose to make your account harder to hack?
TACACS+ and _________________ to communicate with enterprise
(Choose all that apply)
resources.
(A)
3x@m$d1g3$td0tC0m
(A)
HTTP
(B)
1234567
(B)
RADIUS
(C)
Mike1978
(C)
FTP
(D)
rcfPEj43gvRGC23
(D)
DNS
(E)
admin
Explanation 108. RADIUS is the correct answer.
Explanation 107. A and D are the correct answers.
AAA servers usually support the protocol TACACS+ and RA-
One of the most common ways that hackers break into com-
DIUS to communicate with enterprise resources.
puters is by guessing passwords. Simple and commonly used
passwords enable intruders to easily gain access and control of
Authentication, authorization, and accounting (AAA) manage
a computing device.
user activity to and through systems.
You can think of AAA in the following manner:
Here are some useful tips for ensuring your passwords are
1) Authentication: Who is the user?
as strong as possible:
2) Authorization: What is the user allowed to do?
3) Accounting: What did the user do?
1. The longer the password the better
2. Include numbers, symbols, lowercase and uppercase
Cisco implements AAA services in its Identity Services Engine
3. Avoid using personal information such as your name, sur-
(ISE) platform.
name, and birthday
4. Avoid using the same password across multiple sites
AAA servers support the following two protocols to com-
Change your password regularly
municate with enterprise resources:
TACACS+: TACACS+ A Cisco proprietary protocol that sepa-
Question 108. AAA servers usually support the protocol
rates each of the AAA functions. Communication is secure and
153
154
encrypted over TCP port 49.
Explanation 109. TRUE is the correct answer.
One of the key differentiators of TACACS+ is its ability to sepa-
A Logic bomb is a malicious program that is triggered when a
rate authentication, authorization, and accounting as separate
logical condition is met, such as after a number of transactions
and independent functions. This is why TACACS+ is so com-
have been processed or on a specific date (also called a time
monly used for device administration, even though RADIUS is
bomb).
still certainly capable of providing device administration AAA.
Malware such as worms often contains logic bombs, which beRADIUS: Radius is a network protocol that controls user net-
have in one manner and then change tactics on a specific date
work access via authentication and accounting. Commonly
and time.
used by Internet Service Providers (ISPs), cellular network
providers, and corporate and educational networks.
Question 110. The act of locating and exploiting connections
to wireless local area networks while driving around a city is
The RADIUS protocol serves three primary functions:
called:
1. Authenticates users or devices before allowing them access
(A)
Exploit WLAN
to a network
(B)
Social engineering
2. Authorizes those users or devices for specific network ser-
(C)
War driving
vices
(D)
City poisoning
3. Accounts for the usage of those services
Explanation 110. War driving is the correct answer.
Question 109. A Logic bomb is a malicious program that is
War driving, is the act of locating and exploiting connections to
triggered when a logical condition is met, such as after a num-
wireless local area networks while driving around a city, neigh-
ber of transactions have been processed.
borhood, or elsewhere.
(A)
TRUE
(B)
FALSE
To do war driving, you need a vehicle (car), a computer, a wire155
156
less Ethernet card set to work in promiscuous mode, and some
kind of an antenna that can be mounted on top of or positioned
inside the car.
CHAPTER 5
NETWORK TROUBLESHOOTING
AND TOOLS
Because a wireless LAN may have a range that extends beyond
Questions 111-125
an office building, an outside user may be able to intrude into
the network, obtain a free Internet connection, and possibly
gain access to company records and other resources.
Question 111. You have been tasked to label the cables in a
wiring closet. Which of the following tools are you most likely to
use to locate the physical ends of the cable?
(A)
Light meter
(B)
Tone generator
(C)
Loopback adapter
(D)
Spectrum analyzer
Question 112. Identify the hardware tool from the photo below:
157
158
(A)
Cable tester
Question 115. Assuming you are working on a Windows envi-
(B)
Crimper tool
ronment. Type the missing command to discover your IP infor-
(C)
Tone generator
mation, including DHCP and DNS server addresses.
(D)
Punch down tool
(A)
ipconfig/stats
(B)
ipconfig/info
Question 113. Users complain that they can’t reach the site
(C)
ipconfig/all
www.examsdigest.com but they can reach other sites. You try
(D)
ipconfig/address
to access the site and discover you can’t connect either, but
you can ping the site with its IP address. Which of the following
Question 116. Any device that uses the same frequency range
is the most possible cause?
as the wireless device can cause interference.
(A)
Users have wrong IP settings
(A)
TRUE
(B)
The router is doesn't work
(B)
FALSE
(C)
The site www.examsdigest.com
(D)
The DNS server is down
Question 117. Switch 1 port 1 is configured for native VLAN: 1,
allowed VLANs: all. This port connects to switch 2 port 10
Question 114. Assuming you are on a Windows environment,
which is configured for native VLAN: 1, allowed VLANs: 1, 2,
what command will you type to check if a networked device is
and 4 only. In this scenario, a host in VLAN 3 on switch 1 would
reachable?
not be able to communicate with a host on switch 2 in the
(A)
ping
same VLAN.
(B)
nslookup
The above issue is known as a VLAN ________________.
(C)
ipconfig
(A)
error
(D)
route
(B)
mismatch
(C)
misconfiguration
(D)
conflict
159
160
Question 118. Which of the following describes the loss of
signal strength as a signal travels through a particular medium?
(A)
Fake
(A)
Crosstalk
(B)
Untrust
(B)
Jitter
(C)
Clone
(C)
Attenuation
(D)
Rogue
(D)
Latency
Question 121. Which of the following options can’t affect the
Question 119. PC1 can ping the printer device on the Market-
wireless signal in the network?
ing team network but can’t ping the printer on the Sales team
(A)
Refraction
network. Assuming you are working on a Windows environ-
(B)
Reflection
ment, what command will you type to get details about the
(C)
Crosstalk
route that packets go through from the PC1 to the printer on the
(D)
Absorption
Sales team network?
(A)
ping
Question 122. Which of the following tools aids in monitoring
(B)
tracert
network traffic and troubleshooting a network by capturing and
(C)
nslookup
analyzing packets that flow through that network?
(D)
route
(A)
Port scanner
(B)
Packet sniffer
Question 120. A/an _______________ DHCP server is a DHCP
(C)
Protocol analyzer
server set up on a network by an unauthorized user, usually an
(D)
Bandwidth speed tester
attacker. The unauthorized device is commonly a modem with
DHCP capabilities which a user has attached to the network
Question 123. Your co-worker tells you that he is having a
aiming to use it for network attacks such as man in the middle.
problem accessing his email. What is the first step in the troubleshooting process?
(A)
Establish a theory of probable cause
161
(B)
Document the issue
(C)
Establish a plan of action to resolve the problem
(D)
Gather information by asking questions
162
Answers 111-125
Question 111. You have been tasked to label the cables in a
wiring closet. Which of the following tools are you most likely to
Question 124. Which of the following tools can you use to per-
use to locate the physical ends of the cable?
form manual DNS lookups? Assuming you are working on a
(A)
Light meter
Linux environment. (Choose all that apply)
(B)
Tone generator
(A)
route
(C)
Loopback adapter
(B)
pathping
(D)
Spectrum analyzer
(C)
dig
(D)
nslookup
Explanation 111. Tone generator is the correct answer.
(E)
ifconfig
Tone generator. A tone generator applies a tone signal to a
wire pair or single conductor, and trace with an amplifier probe.
Question 125. Which of the following steps is the final step in
When used with the amplifier probe, the tone generator allows
the network troubleshooting process?
technicians to identify a wire within a bundle, at a cross-con-
(A)
Verify full system functionality and, if applicable, imple-
nect or at a remote end.
ment preventive measures
(B)
Implement the solution or escalate as necessary
(C)
Document findings, actions, and outcomes
(D)
Establish a plan of action to resolve the problem and
identify potential effects
163
164
Question 112. Identify the hardware tool from the photo below:
to access the site and discover you can’t connect either, but
you can ping the site with its IP address. Which of the following
is the most possible cause?
(A)
Users have wrong IP settings
(B)
The router is doesn't work
(C)
The site www.examsdigest.com
(D)
The DNS server is down
Explanation 113. The DNS server is down is the correct answer.
(A)
Cable tester
(B)
Crimper tool
(C)
Tone generator
(D)
Punch down tool
The above scenario describes a DNS issue, so the DNS server
is down. By pinging the site with its IP address, you have established that the site is up and running.
Also, users have correct IP settings, and the router works fine,
Explanation 112. Crimper tool is the correct answer.
The crimping tool is a special device used to attach a connector to the end of a phone or network cable. RJ-11 and RJ-45
connectors are the most common connectors used for cables
and they can be attached to the end of a cable only with a
crimping tool.
Question 113. Users complain that they can’t reach the site
www.examsdigest.com but they can reach other sites. You try
as the users can access other sites.
Question 114. Assuming you are on a Windows environment,
what command will you type to check if a networked device is
reachable?
(A)
ping
(B)
nslookup
(C)
ipconfig
(D)
route
165
166
Explanation 114. ping is the correct answer.
(A)
TRUE
In order to check if a networked device is reachable you should
(B)
FALSE
type the command ping in the command line.
Explanation 116. TRUE is the correct answer.
Question 115. Assuming you are working on a Windows envi-
Your wireless network is most probably affected by wireless in-
ronment. Type the missing command to discover your IP infor-
terference when the following symptoms occur: intermittent
mation, including DHCP and DNS server addresses.
connectivity or unexpected disconnections, delays in connec-
(A)
ipconfig/stats
tion and data transfer, slow network speeds, and poor signal
(B)
ipconfig/info
strength.
(C)
ipconfig/all
(D)
ipconfig/address
The usual source for Wi-Fi interference is something that causes radio frequency interference:
Explanation 115. ipconfig/all is the correct answer.
1. The way wireless router is positioned
The command ipconfig/all displays full configuration informa-
2. Physical obstacles, like walls, floors, trees and buildings
tion.
3. Any other wireless appliances that uses the same frequency
range (baby monitors, garage door openers, etc.)
You can discover your IP address, subnet mask, Default gate-
4. Kitchen appliances, such as microwave or fridge
way, DHCP, and DNS IP addresses.The command ipconfig/all
5. Other Wi-Fi networks in the same space
displays full configuration information.
6. Weather conditions can have an impact on wireless signal
You can discover your IP address, subnet mask, Default gate-
Question 117. Switch 1 port 1 is configured for native VLAN: 1,
way, DHCP, and DNS IP addresses.
allowed VLANs: all. This port connects to switch 2 port 10
which is configured for native VLAN: 1, allowed VLANs: 1, 2,
Question 116. Any device that uses the same frequency range
and 4 only. In this scenario, a host in VLAN 3 on switch 1 would
as the wireless device can cause interference.
not be able to communicate with a host on switch 2 in the
167
168
same VLAN.
network.
The above issue is known as a VLAN ________________.
(A)
error
This issue is known as a VLAN mismatch.
(B)
mismatch
(C)
misconfiguration
Question 118. Which of the following describes the loss of
(D)
conflict
signal strength as a signal travels through a particular medium?
(A)
Crosstalk
Explanation 117. mismatch is the correct answer.
(B)
Jitter
VLANs provide a method to segment and organize the net-
(C)
Attenuation
work. Segmenting the network offers some advantages. It pro-
(D)
Latency
vides increased security because devices can communicate
only with other systems in the VLAN.
Explanation 118. Attenuation is the correct answer.
VLANs provide a method to segment and organize the net
Users can see only the systems in their VLAN segment. This
Attenuation refers to any reduction in signal loss, calculated as
can help control broadcast traffic and makes it easier to move
a ratio of the power input signal to the output signal.
end systems around the network.
Network media vary in their resistance to attenuation. Coaxial
Problems can arise when users are moved or otherwise con-
cable generally is more resistant than unshielded twisted-pair
nected to the wrong VLAN. Administrators have to ensure that
(UTP); shielded twisted- pair (STP) is slightly more resistant
the user system is plugged into the correct VLAN port.
than UTP; and fiber-optic cable does not suffer from attenuation.
For example, suppose a network is using port-based VLANs to
assign ports 1 through 4 to the marketing department and ports
Attenuation occurs on computer networks for several rea-
5 through 10 to the sales department. Plugging a sales client
sons including:
into port 2 would make that sales client part of the marketing
1. Range for wireless or length of run for wired networks
169
170
2. Interference from other networks or physical obstructions for
To use tracert, type the tracert command followed by the host-
wireless systems
name of the computer to which you want to trace the route.
3. Wire size, thicker wires are better
For example, suppose that the printer on the Sales team netReducing attenuation in an electrical system and improving
work has an IP of 123.123.123.123 then you can use the com-
performance can be achieved by increasing the power of a sig-
mand tracert 123.123.123.123
nal through a signal amplifier or repeaters.
Question 120. A/an _______________ DHCP server is a DHCP
Question 119. PC1 can ping the printer device on the Market-
server set up on a network by an unauthorized user, usually an
ing team network but can’t ping the printer on the Sales team
attacker. The unauthorized device is commonly a modem with
network. Assuming you are working on a Windows environ-
DHCP capabilities which a user has attached to the network
ment, what command will you type to get details about the
aiming to use it for network attacks such as man in the middle.
route that packets go through from the PC1 to the printer on the
(A)
Fake
Sales team network?
(B)
Untrust
(A)
ping
(C)
Clone
(B)
tracert
(D)
Rogue
(C)
nslookup
(D)
route
Explanation 120. Rogue is the correct answer.
A Rogue DHCP server is a DHCP server set up on a network by
Explanation 119. tracert is the correct answer.
an unauthorized user, usually an attacker. The unauthorized
The tracert command is one of the key diagnostic tools for
device is commonly a modem with DHCP capabilities which a
TCP/IP. It displays a list of all the routers that a packet must go
user has attached to the network aiming to use it for network
through to get from the computer where tracert is run to any
attacks such as man in the middle.
other computer on the Internet.
171
172
Question 121. Which of the following options can’t affect the
causes multipath propagation of signals. This makes the sig-
wireless signal in the network?
nals vulnerable to interference and even fading. Furthermore,
(A)
Refraction
wireless access points (WAPs) get overworked when a signal
(B)
Reflection
sent by one device takes many different paths to get to the re-
(C)
Crosstalk
ceiving systems.
(D)
Absorption
Absorption happens when an RF signal passes into a material
Explanation 121. Crosstalk is the correct answer.
that can absorb some of its energy, then the signal will be at-
Crosstalk is a form of interference in which signals in one cable
tenuated. The more dense the material, the more the signal will
induce electromagnetic interference (EMI) in an adjacent cable.
be attenuated.
The twisting in twisted-pair cabling reduces the amount of
crosstalk that occurs, and crosstalk can be further reduced by
Question 122. Which of the following tools aids in monitoring
shielding cables or physically separating them. Crosstalk is a
network traffic and troubleshooting a network by capturing and
feature of copper cables only – fiber-optic cables do not expe-
analyzing packets that flow through that network?
rience crosstalk.
(A)
Port scanner
(B)
Packet sniffer
Crosstalk is the only option that involves cables so it can’t
(C)
Protocol analyzer
affect a wireless signal.
(D)
Bandwidth speed tester
Refraction is the bending of signals as it passes from one
Explanation 122. Packet sniffer is the correct answer.
medium to another. Refraction causes degradation in signal
A packet sniffer is essentially a tool that aids in monitoring
strength and sometimes loss of communication in Point to
network traffic and troubleshooting a network.
Point links.
It works by capturing and analyzing packets of data that flow
Reflection is caused by light bouncing off of objects, which
through a particular network. Some sniffers come as programs
173
174
you run on a computer, while others manifest as dedicated
Bandwidth speed tester is a way to measure the data flow in
hardware devices.
a network. It’s an indication of how fast the data are transferred
through a network.
A Port scanner is a method for determining which ports on a
network are open. As ports on a computer are the place where
Question 123. Your co-worker tells you that he is having a
information is sent and received. Ports are points at which in-
problem accessing his email. What is the first step in the trou-
formation comes and goes from a computer, so by scanning for
bleshooting process?
open ports, attackers can find weakened pathways with which
(A)
Establish a theory of probable cause
to enter your computer
(B)
Document the issue
(C)
Establish a plan of action to resolve the problem
(D)
Gather information by asking questions
Port scanning is one of the most popular techniques attackers
use to discover services they can exploit to break into your
computer system.
Explanation 123. Gather information by asking questions is
the correct answer.
A Protocol analyzer protocol analyzer captures and analyzes
The information you have at hand is not sufficient to come up
signals and data traffic over a communication channel (not a
with a solution. In this case, the first troubleshooting step would
network).
be to talk to your co-worker and gather more information
about the problem
The difference between a protocol analyzer and packet sniffer
are:
All the other answers are valid troubleshooting steps but only
1. A packet sniffer records packets observed on a network in-
after the information gathering has been completed.
terface.
2. A packet analyzer looks at packets and tries to make some
Question 124. Which of the following tools can you use to per-
inferences about what they contain.
form manual DNS lookups? Assuming you are working on a
Linux environment. (Choose all that apply)
175
176
(A)
route
(A)
Verify full system functionality and, if applicable, imple-
(B)
pathping
ment preventive measures
(C)
dig
(B)
Implement the solution or escalate as necessary
(D)
nslookup
(C)
Document findings, actions, and outcomes
(E)
ifconfig
(D)
Establish a plan of action to resolve the problem and
identify potential effects
Explanation 124. dig and nslookup are the correct answers.
The commands dig and nslookup can be used to perform
Explanation 125. Document findings, actions, and out-
manual DNS lookups on a Linux system.
comes is the correct answer.
The steps you need to follow in order to troubleshoot any net-
The command route displays or modifies the computer’s rout-
work is as follow:
ing table.
1. Identify the problem
2. Establish a theory of probable cause
The command pathping provides useful information about
3. Test the theory to determine the cause
network latency and network loss at intermediate hops be-
4. Establish a plan of action to resolve the problem and identify
tween a source address and a destination address. The com-
potential effects
mand pathping combines the functionality of ping with that of
5. Implement the solution or escalate as necessary
tracert.
6. Verify full system functionality and, if applicable, implement
preventive measures
The command ifconfig displays your IP address in Linux sys-
7. Document findings, actions, and outcomes
tems. The command ifconfig can also be used to configure,
disable and enable a network interface.
Question 125. Which of the following steps is the final step in
the network troubleshooting process?
177
178
Enrich your online experience with Examsdigest.
Your purchase of this product includes free access to all 100+
practice questions online and much more at examsdigest.com.
You will have access for one (1) month. You may also access
our full library of Practice exams and share with other learners.
Send us an email to info@examsdigest.com now and start your
online practice experience!
Examsdigest includes:
✓ Access to 1000+ Questions
THE END
✓ Access to 150+ Quizzes
✓ 6+ Certification Paths
✓ 24/7 Support
✓ Interactive Interview Questions
✓ Access on the go
About examsdigest.
Examsdigest started in 2019 and haven’t stopped smashing it
since. Examsdigest is a global, education tech-oriented company that doesn’t sleep. Their mission is to be a part of your life
transformation by providing you the necessary training to hit
your career goals.
179
180