1. A systems administrator needs to improve WiFi performance in a densely populated office tower and
use the latest standard. There is a mix of devices that use 2.4 GHz and 5 GHz. Which of the following
should the systems administrator select to meet this requirement?
802.11ax
2. What is the BEST to use to detect a MAC spoofing attack?
Reverse Address Resolution Protocol
3. A technician receives feedback that some users are experiencing high amounts of jitter while using
the wireless network. While troubleshooting the network, the technician uses the ping command with
the IP address of the default gateway and verifies large variations in latency. The technician thinks the
issue may be interference from other networks and non-802.11 devices. Which of the following tools
should the technician use to troubleshoot the issue?
Spectrum analyzer
4. Wireless users are reporting intermittent internet connectivity. Connectivity is restored when the
users disconnect and reconnect, utilizing the web authentication process each time. The network
administrator can see the devices connected to the APs at all times. Which of the following will MOST
likely determine the cause of the issue? Verify the session time-out config on the captive portal settings
5. A network administrator walks into a datacenter and notices an unknown person is following closely.
The administrator stops and directs the person to the security desk. Which of the following attacks did
the network administrator prevent?
Tailgating
6. A network is experiencing a number of CRC errors during normal network communication. At which of
the following layers of the OSI model will the administrator MOST likely start to troubleshoot? Layer 2
7. A client recently added 100 users who are using VMs. All users have since reported slow or
unresponsive desktops. Reports show minimal network congestion, zero packet loss, and acceptable
packet delay. Which of the following metrics will MOST accurately show the underlying performance
issues?
A. CPU usage
B. Memory
8. Client devices cannot enter a network, and the network administrator determines the DHCP scope is
exhausted. The administrator wants to avoid creating a new DHCP pool. Which of the following can the
administrator perform to resolve the issue?
D. Reduce the lease time
9. An administrator is writing a script to periodically log the IPv6 and MAC addresses of all the devices on
a network segment. Which of the following switch features will MOST likely be used to assist with this
task?
B. Neighbor Discovery Protocol
10. Which of the following DNS records works as an alias to another record?
B. CNAME
11. A company built a new building at its headquarters location. The new building is connected to the
company's LAN via fiber-optic cable. Multiple users in the new building are unable to access the
company's intranet site via their web browser, but they are able to access internet sites. Which of the
following describes how the network administrator can resolve this issue?
A. Correct the DNS server entries in the DHCP scope
12. A technician is installing a new fiber connection to a network device in a datacenter. The connection
from the device to the switch also traverses a patch panel connection. The chain of connections is in the
following order:
✑ Device
connect fiber cable
✑ LC/LC patch cable
✑ Patch panel
✑ Patch panel
✑ LC/LC patch cable
✑Cross✑ Switch
The connection is not working. The technician has changed both patch cables with known working patch
cables. The device had been tested and was working properly before being installed. Which of the
following is the MOST likely cause of the issue?
A. TX/RX is reversed
13. A tech is searching for a device that is connected to the network & has the device's physical address.
Which of the following should the tech review on the switch to locate the device's port?MAC table
14. Which of the following provides redundancy on a file server to ensure the server is still connected to
a LAN even in the event of a port failure on a switch?
A. NIC teaming
15. An IT org needs to optimize speeds for global content distro and wants to reduce latency in highdensity user locations. What’s the tech’s BEST meets the org's req’s?Content delivery network
16. A user reports being unable to access network resources after making some changes in the office.
Which of the following should a network technician do FIRST?
D. Ask what changes were
made
17. A new cabling certification is being requested every time a network technician rebuilds one end of a
Cat 6 (vendor-certified) cable to create a crossover connection that is used to connect switches. Which
of the following would address this issue by allowing the use of the original cable?
MDIX
18. A company hired a technician to find all the devices connected within a network. Which of the
following software tools would BEST assist the technician in completing this task?
IP scanner
19. A technician is installing a high-density wireless network and wants to use an available frequency
that supports the maximum number of channels to reduce interference. Which of the following
standard 802.11 frequency ranges should the technician look for while reviewing WAP specifications?
B. 5GHz
20. A tech is configuring a network switch to be used in a publicly accessible location. Which of the
following should the tech configure on the switch to prevent unintended connections?Port security
21. Which of the following is used to track and document various types of known vulnerabilities?
A. CVE
22. The network admin is informed that a user's email password is frequently hacked by brute-force
programs. Which of the following policies should the network administrator implements to BEST
mitigate this issue? Two-factor authentication Complex passwords
23. A network engineer performs the following tasks to increase server bandwidth:
✑ Connects two network cables from the server to a switch stack
✑ Configure LACP on the switchports ✑ Verifies the correct configurations on the switch interfaces
Which of the following needs to be configured on the server?
NIC teaming
24. A network tech is manually configuring the network settings for a new device and is told the network
block is 192.168.0.0/20. Which of the following subnets should the technician use? 255.255.240.0
25. Which of the following is the LARGEST MTU for a standard Ethernet frame? 1500
26. Given the following information:
Which of the following command-line tools would generate this output?
A. netstat
27. According to troubleshooting methodology, which of the following should the technician do NEXT
after determining the most likely probable cause of an issue?Test the theory to determine the cause
28. Which of the following BEST describes a network appliance that warns of unapproved devices that
are accessing the network?
IDS
29. A tech is installing a cable modem in a SOHO. Which of the following cable types will the tech MOST
likely use to connect a modem to the ISP?
Coaxial
30. A company has decided to update their usage policy to allow employees to surf the web unrestricted
from their work computers. Which of the following actions should the IT team implement to help
protect the network from attack as a result of this new policy? Install host-based anti-malware software
31. An administrator notices an unused cable behind a cabinet that is terminated with a DB-9 connector.
Which of the following protocols was MOST likely used on this cable? RS-232
32. A network tech has created a network consisting of an external internet connection, a DMZ, an
internal private network, & admin network. All routers/switches should be configured to accept SSH
connections from which of the network segments? admin private network allowing only admin access
33. During a check of the security control measures of the company network assets, a network
administrator is explaining the difference between the security controls at the company. Which of the
following would be identified as physical security controls?Man traps Biometrics
Cipher locks
34. A customer is attempting to download a file from a remote FTP server, but receives an error that a
connection cannot be opened. Which of the following should be one FIRST to resolve the problem?
Ensure that port 20 is open
35. While monitoring the network, a tech notices that the network traffic to one of the servers is
extremely high. Which of the following should the tech use to verify if this is a concern?Network
baseline
36. Which of the following integrity security mechanisms ensures that a sent message has been received
intact, by the intended receiver?
IPSEC
37. A device operating at Layer 3 of the OSI model uses which of the following protocols to determine
the path to a different network?
RIP
38. A tech needs to install a server to authenticate users before they have access to corporate network
resources when working from home. Which of the following servers should the tech implement? RAS
39. A client is concerned about a hacker compromising a network in order to gain access to confidential
research data. Which could be implemented to redirect any attackers on the network? Honeypot
40. A tech just completed a new external website & setup rules in the firewall. After some testing, only
users outside the internal network can reach the site. The website responds to a ping from the internal
network & resolves the proper public address. What could the tech do to fix this issue while causing
internal users to route to the website using an internal address?Implement a split horizon DNS
41. Users are reporting extreme slowness across the network every Friday. Which of the following
should the network technician review first to narrow down the root cause of the problem?
Utilization
42. A company has contracted outside vendor to perform a service that will provide hardware, software,
& procedures in case of a catastrophic failure of the primary datacenter. The CIO is concerned because
this contract does not include a long-term strategy for extended outages. Which of the following should
the CIO complete?
Business continuity plan
43. The RAID controller on a server failed and was replaced with a different brand. Which of the
following will be needed after the server has been rebuilt and joined to the domain? Recent backups
44. A network technician is troubleshooting a problem at a remote site. It has been determined that the
connection from router A to router B is down. The technician at the remote site re-terminates the CAT5
cable that connects the two routers as a straight through cable. The cable is then tested and is plugged
into the correct interface. Which of the following would be the result of this action?
D. The interface status will show line protocol down.
45. Multiple students within a networking lab are required to simultaneously access a single switch
remotely. The admin checks and confirms that the switch can be accessed using the console, but
currently only one student can log in at a time. Which of the following should be done to correct this
issue?
Increase the number of virtual terminals available.
46. Which of the following devices implements CSMA/CA virtually through the RTS/CTS protocols?
C. 802.11 AP
47. A network technician wants to allow HTTP traffic through a stateless firewall. The company uses the
192.168.0.0/24 network. Which of the following ACL should the technician configure? (Select TWO)
B. PERMIT SRCIP 192.168.0.0/24 SPORT:ANY DSTIP:ANY DPORT 80
48. A tech is troubleshooting a point-to-point fiber-optic connection. The tech is at a remote site and has
no connectivity to the main site. The tech confirms the switch and the send-and-receive light levels are
within acceptable range. Both fiber SFPs are confirmed as working. Which of the following should the
technician use to reveal the location of the fault?
OTDR
49. Which of the following ports is used to provide secure sessions over the web by default?22
50. A technician has punched down only the middle two pins (pins 4 and 5) on an ethernet patch panel.
The technician has cabled this port to be used with which of the following?
POTS
51. A tech is connecting a NAS device to an Ethernet network. Which of the following tech’s will be used
to encapsulate the frames?
iSCSI
52. Peter is setting up a DHCP server on a LAN segment. Which of the following options should he
configure in the DHCP scope, in order to allow hosts on that LAN segment using dynamic IP addresses, to
be able to access the Internet and company servers? Default gateway Subnet mask DNS servers
53. Which of the following PDUs is used by a connectionless protocol?
D. Datagram
54. A contractor is setting up and configuring conference rooms for a convention. He sets up each room
in the center to allow wired Internet access going to individual tables. The contractor measured the
distance between the hotel’s patch panel to the jack, and the distance is within Cat 5e spec’s. Which of
the following actions should the contractor take to ensure the cable runs meet spec’s and the network
functions properly? Place a switch at the hotel’s patch panel for connecting each room’s cables
55. A tech installs a new piece of hardware and now needs to add the device to the network
management tool database. However, when adding the device to the tool using SNMP credentials, the
tool cannot successfully interpret the results. Which of the following would need to be added to the
network management tool to allow it to interpret the new device and control it using SNMP? C. MIB
56. A client reports that half of the office is unable to access a shared resource. Which of the following
should be used to troubleshoot the issue?
Network diagrams
57. A network tech is troubleshooting a connection error, when pinging the default gateway no reply is
received. The default gateway is found to be functioning properly but cannot connect to any
workstations. At which layers could the problem exist? Data link
Physical
58. A network engineer is dispatched to an office to troubleshoot an issue with the employee’s laptop.
The employee is unable to connect to local and remote resources. The network engineer flips the
laptop’s wireless switch on to resolve the issue. At which layer was the issue resolved? Layer 1
59. Which of the following protocols is used to encapsulate other network layer protocols such as
multicast and IPX over WAN connections?
GRE
60. A network tech has heard from several users that cannot reach a particular website. What cmnd
would provide the BEST info about the path taken across the network to this website? tracert
61. A user is unable to connect to a server in another building. A technician is troubleshooting the issue
and determines the following:
1) Client PC 1 has an IP address if 192.168.10.25/25
2) PC 1 can successfully ping its gateway of 192.168.10.1/25 which is an interface of router A
3)Server A is named ‘BLDGBFILESRVR01’ and has an IP address of 192.168.10.145/25
4) PC 2 with an IP address of 192.168.10.200/25 can successfully ping server A
However, when PC 1 pings server A, it receives a destination host unreachable responds. Which of the
following is the MOST likely cause?
Link from router A to server A is down
62. A technician logs onto a system using Telnet because SSH is unavailable. SSH is enabled on the target
device, and access is allowed from all subnets. The technician discovers a critical step was missed. Which
of the following would allow SSH to function properly?
B. Generate new keys
63. A network technician was tasked to install a network printer and share it to a group of five human
resource employees. The technician plugged the device into a LAN jack, but was unable to obtain an IP
address automatically. Which of the following is the cause of the problem?
D. DHCP scope
64. Which of the following devices should a network admin configure on the outermost part of the
network?
D. Firewall
65. A company has seen an increase in ransomware across the enterprise. Which of the following should
be implemented to reduce the occurrences?
C. Web content filtering
66. Jane, has just installed a fiber switch in a datacenter. To run the fiber cabling, Jane plans the cable
route over the top of the rack using the cable trays, down to the switch, coiling up any excess cable. As
Jane configures the switch, she notices several messages in the logging buffer stating the receive signal
of the SFP is too weak. Which of the following is MOST likely the cause of the errors in the logging
buffer?
A. Bend radius exceeded
67. A technician add memory to a router, but that memory is never recognized by the router. The router
is then powered down, and the technician relocates all of the memory to different modules. On startup,
the router does not boot and displays memory errors. Which of the following is MOST likely the cause?
B. Driver update
68. When a client calls and describes a problem with a computer not being able to reach the Internet, in
which of the following places of the OSI model would a technician begin troubleshooting?
Physical
69. A company is selecting a fire suppression system for their new datacenter and wants to minimize the
IT recoveryin the event of a fire. What is the best choice for the fire suppression system? Clean Gas
70. A network technician has configured a point-to-point interface on a router, however, once the fiber
optic cables have been run, the interface will not come up. The technician has cleaned the fiber
connectors and used an optical power meter to confirm that light is passing in both directions without
excessive loss. Which of the following is the MOST likely cause?
B. Wavelength mismatch
71. After connecting a workstation directly to a small business firewall, a network admin is trying to
manage it via HTTPS without losing its stored configuration. The only two pieces of info that the network
admin knows about the firewall are the management interface MAC address, which is 01:4a:d1:fa:b1:0e,
and the admin’s password. Which of the following will allow the admin to log onto the firewall via HTTPS
if the management’s IP address is unknown and the admin’s workstation IP address is 192.168.0.10/23?
B. Run the following command on the administrator’s workstation: arp –s 192.168.1.200
01:4a:d1:fa:b1:0e
72. A network tech must create a wireless link between two bldgs in an office park utilizing the 802.11ac
standard. The antenna chosen must have a small physical footprint and min wt as it will be mounted on
the outside of the building. Which of the following antenna types is BEST suited for this solution?
Patch
73. Jane was asked to remove a virus. Issues were found several levels deep within the directory
structure. To ensure the virus has not infected the .mp4 files in the directory, she views one of the files
and believes it contains illegal material. Which of the following forensics actions should Jane perform?
Stop and escalate to the proper authorities
74. When configuring a new server, a tech requests that an MX record be created in DNS for the new
server, but the record was not entered properly. Which of the following was MOST likely installed that
required an MX record to function properly?
D. Mail server
75. A tech has finished configuring AAA on a new network device. However, the tech is unable to log
into the device with LDAP credentials but is able to do so with a local user account. Which of the
following is the MOST likely reason for the problem?
Shared secret key is mismatched
76. A user with an 802.11n WLAN card is connected to a SOHO network and is only able to connect at 11
Mbps with full signal strength. Which standard is implemented on the network? 802.11b
77. A tech is attempting to resolve an issue with users on the network not being able to access websites.
Pinging a website by URL is unsuccessful but using a known IP address is successful. Which of the
following will resolve the issue? Enable port 53 on the firewall
78. Which port should be allowed to provide access to certain VoIP applications?
D. 5060
79. A company is deploying a new wireless network and requires 800Mbps network throughput. Which
of the following is the MINIMUM configuration that would meet this need?
802.11ac with 2 spatial streams and an 80MHz bandwidth
80. A company recently upgraded all of its printers to networked multifunction devices. Users can print
to the new devices, but they would also like the ability to scan and fax files from their computers. Which
of the following should the tech update to allow this functionality?
Printer firmware
81. An admin has a server with a single NIC. The server needs to deploy two virtual machines. Each VM
needs two NIC’s, one that connects to the network, and a second that is a server to server heartbeat
connection between the two virtual machines. what should the admin do to meet these reqs?The admin
should create a virtual switch to bridge all of the connections to the network. The virtual heartbeat NICs
should be set to addresses in an unused range
82. A network topology in which all nodes have point to point connections to all other nodes is known as
which of the following?
Mesh
83. A company has added several new employees, which has caused the network traffic to increase by
200%. The network traffic increase from the new employees was only expected to be 20% to 30%. The
admin suspects that the network may have been compromised. Which of the following should the
network administrator have done previously to min the possibility of a network breach?
Provide end user awareness and training for employees
84. A network admin has a monitoring system in place that is currently polling hundreds of network
devices at regular intervals. The continuous polling is causing high CPU utilization on the server. Which
of the following tasks should the admin perform to resolve the CPU issue while maintaining full
monitoring capabilities? Remove SNMP polling & configure SNMP traps on each network device
85. A network engineer wants to segment the network into multiple broadcast domains. Which of the
following devices would allow for communication between the segments?Layer 3 switch
86. Channel bonding will improve which of the following wireless characteristics? D. Connection speed
87. A technician is diagnosing an issue with a new T1 connection. The router is configured, the cable is
connected, but the T1 is down. To verify the configuration of the router, which of the following tools
should the technician use?
A. Loopback adapter
88. The management team wants to set up a wireless network in their office but all of their phones
operate at the 2.4 GHz frequency. They need a wireless network that would be able to operate at a
higher frequency than their phones. Which of following standards should be used?
A. 802.11a
89. A company installs a new mail server. Which of the following DNS records need to be configured to
allow the organization to receive email?
B. MX
90. A tech has prolonged contact with thermal compound. What resource should be consulted? MSDS
91. Which of the following policies would Peter have to agree to when he brings in his personal tablet to
connect to the company’s guest wireless Internet?
C. BYOD
92. Which of the following 802.11g antennas broadcast an RF signal in a specific direction with narrow
path?
Unidirectional
93. A facility would like to verify each individual’s identity prior to allowing access to the datacenter. the
facility would like to ensure that users do not tailgate behind other users. What would BEST meet these
goals? Implement a biometric reader at the datacenter entrance & require passage through a mantrap
94. A malicious student is blocking mobile devices from connecting to the internet when other students
are in the classroom. Which of the following is the malicious student implementing?
C. Jamming
95. Jane is troubleshooting an issue with a DNS server. She notices that the security logs have filled up
and that they need to be cleared from the event viewer. She recalls this being a daily occurrence. Which
of the following solutions would BEST resolve this problem?Install an event management tool
96. A single mode fiber is no longer providing network connectivity to a remote site. Which of the
following would be used to identify the location of the break? OTDR
97. A company utilizes a patching server to regularly update their PC’s. After the latest round of patching
all of the older PCs with non-gigabit Ethernet cards become disconnected from the network and now
require a tech to fix the issue locally at each PC. What should be done to prevent this issue in the future?
Throttle the connection speed of the patching server to match older PCs
98. A tech needs to limit the amount of broadcast traffic on a network and allow different segments to
communicate with each other. Which of the following options would satisfy these requirements?
Add a layer 3 switch and create a VLAN.
99. A tech discovers that multiple switches require a major update. Which of the following policies
should be followed?
Change management policy
100. Two weeks after installation, a network tech is now unable to log onto any of the newly installed
company switches. The tech suspects that a malicious user may have changed the switches’ settings
before they were installed in secure areas. Which of the following is the MOST likely way in which the
malicious user gained access to the switches?Via HTTP using the default user and password
01. A customer cannot access a company’s secure website. The company’s network security is reviewing
the firewall for the server and finds the following output: Which of the following changes should be
made to allow all customers to access the company’s secure website?Allow 10.5.0.10 443 any any
102. A network admin notices that the border router is having high network capacity loads during nonworking hours which is causing web outages. Which of the following is the cause? Distributed DoS
103. When two or more links need to pass traffic as if they were one physical link, which of the following
would be used to satisfy the requirement?LACP
104. A network engineer is designing a new network for a remote site. The remote site consists of ten
desktop computers, ten VoIP phones, and two network printers. In addition, two of the desktop
computers at the remote site will be used by managers who should be on a separate network from the
other eight computers. Which of the following represents the BEST config for the remote site?
A. One router connected to one 24-port switch configured with three VLANS: one for the manager’s
computers and printer, one for the other computers and printer, and one for the VoIP phones
105. A company is experiencing very slow network speeds of 54Mbps. A tech has been hired to perform
an assessment on the existing wireless network. The tech has recommended an 802.11n network
infrastructure. Which of the following allows 802.11n to reach higher speeds?
D. MIMO
106. A tech is setting up a direct connection between two older PCs so they can communicate but not be
on the corporate network. The tech does not have access to a spare switch but does have spare Cat 6
cables, RJ-45 plugs, and a crimping tool. What should the technician do to make a crossover cable before
crimping the new plug?
Reverse the wires leading to pins 2 and 4
107. A contractor was hired to troubleshoot congestion issues on the network. After a few of the
switches have been reconfigured/upgraded, congestion worsens and collisions increase. What is the
BEST action to alleviate the situation? Downgrade firmware and restore backup configuration
108. A network topology that utilizes a central device with point-to-point connections to all other
devices is which of the following?
Star
109. Which of the following physical security controls prevents an attacker from gaining access to a
network closet?
Proximity readers
110. The ability to make access decisions based on an examination of Windows registry settings,
antivirus software, and AD membership status is an example of which of the following NAC features?
C. Posture assessment
111. QoS operates at which of the following OSI model layers?Layer 2
Layer 3
112. An admin wants to update a web-based application to the latest version. Which of the following
procedures should the admin perform FIRST? Install the software in a test environment
113. A service provider is unable to maintain connectivity to several remote sites at predetermined
speeds. The service provider could be in violation of the:
B. SLA.
114. A network tech is diagnosing a time-out issue generated from an end user’s web browser. The web
browser issues standard HTTP get and post commands to interact with the website. Given this
information, the technician would like to analyze the entire TCP handshake of the HTTP requests offline.
Which of the following tools would allow the technician to view the handshake?
Packet analyzer
115. A tech wants to update the organization’s disaster recovery plans. Which of the following will allow
network devices to be replaced quickly in the event of a device failure?
Archives/backups
116. A tech is troubleshooting a PC that is having connectivity issues. The tech notices that the STP
cables pairs are not completely twisted near the connector. What is the issue? Cross-talk
117. There is a network looping problem after installing some switches. The switch vendor suggested
the use of 802.1d. Which of the following is the MOST probable reason the vendor made this
suggestion?
A. It is a rapid version of spanning tree that uses BPDU to detect problems
118. Which of the following would be the BEST addition to a business continuity plan that would protect
business from a catastrophic event such as a fire, tornado, or earthquake?
Hot sites or cold sites
119. A network engineer is troubleshooting an issue with a computer that is unable to connect to the
Internet. The network engineer analyzes the following output from a command line utility:
Network DestinationNetmaskGatewayInterface 192.168.1.0 255.255.255.0192.168.1.254eth0
192.168.1.10255.255.255.255192.168.1.10eth0
127.0.0.1255.0.0.0On-Linlo
127.0.0.0255.0.0.0On-Linklo
255.255.255.255
255.255.255.255102.168.1.10eth0
Which of the following is the reason for the c no omputer issue?
gateway
Missing default
120. Users have reported poor network performance. A technician suspects a user may have maliciously
flooded the network with ping request. Which of the following should the technician implement to
avoid potential occurrences from happening in the future?
Block all ICMP request
121. Which of the following network infrastructure implementations would be used to support files
being transferred between Bluetooth-enabled smartphones?
PAN
122. The HR department has been moved to an area which is more than 60 meters away from the
nearest IDF. In order to comply with the SLA which requires that 10Gb speeds be provided, which of the
following media will need to utilized?
CAT6e
123. A tech has verified that a loss of network connectivity to multiple PCs is due to a bad CAT5 cable in
the server room. What tool can be used to locate its physical location within the wall? Toner probe
124. The IT manager at a small firm is in the process of renegotiating an SLA with the organization’s ISP.
Tthe organization will agree to a dynamic bandwidth plan to provide 150Mbps of bandwidth. the ISP
reserves the right to reduce available bandwidth to 1.5 Mbps. Which of the following policies is being
agreed to in the SLA? Throttling
125. A network admin is setting up a web-based application that needs to be continually accessible to
the end users. Which of the following concepts would BEST ensure this req?High availability
126. A technician needs to secure web traffic for a new e-commerce website. Which of the following will
secure traffic between a web browser and a website? SSL
127. The admin modifies a rule on the firewall, and now all the FTP users cannot access the server any
longer. The mgr calls the admin and asks what caused the extreme downtime for the server. In regards
to the manager’s inquiry, which of the following did the admin forget to do FIRST? Submit a change
request
128. A network tech has been tasked with designing a WLAN for a small office. One of the reqs of this
design is that it is capable of supporting HD video streaming to multiple devices. Which of the following
would be the appropriate wireless technology for this design?
B. 802.11ac
129. A single PRI can deliver multiple voice calls simultaneously using which of the following Layer 1
technologies?
A. Time division multiplexing
130. A network admin is using a packet analyzer to determine an issue on the local LAN. Two separate
computers are showing an error message on the screen and are unable to communicate with other
computers in the same lab. The network admin looks at the following output:
00:1D:1F:AB:10:7D192.168.1.10:200015:BE:9F:AB:10:1D192.168.1.14:1200
05:DD:1F:AB:10:27192.168.1.10:100022:C7:2F:AB:10:A2192.168.1.15:1300
which of the following layers of the OSI model is the problem occurring?
Network
131. A technician wants to implement a network for testing remote devices before allowing them to
connect to the corporate network. Which of the following could the technician implement?
Quarantine
132. A network technician is replacing security devices that protect the DMZ for a client. The client has
an application that allows external users to access the application remotely. After replacing the devices,
the external users are unable to connect remotely to the application. Which of the following is MOST
likely misconfigured?
Firewall
133. A network tech is creating a new subnet for 488 host machines. The tech is told to use a class B
address scheme when making the subnet and is told to leave as much room as possible for additional
subnets of the same size. Which of the following subnets would fulfill these reqs? 172.18.0.0/23
134. Peter is setting up three more switches in the test lab and is configuring the switches. He is
verifying the connectivity but when he pings one of the switches he receives “Destination Unreachable”.
Which of the following issues could this be?Misconfigured Split Horizon
135. A network admin recently installed a web proxy server at a customer’s site. The following week, a
system admin replaced the DNS server overnight. The next day, customers began having issues
accessing public websites. Which will resolve the issue? Update the DNS server with the proxy server
info
136. A company wants to create highly available datacenters. Which of the following will allow the
company to continue to maintain an Internet presence at all sites in the event that a WAN circuit at one
site goes down?
BGP
137. After a server outage, a technician discovers that a physically damaged fiber cable appears to be
the problem. After replacing the cable, the server will still not connect to the network. Upon inspecting
the cable at the server end, the technician discovers light can be seen through one of the two fiber
strands. Which of the following should the technician do FIRST to reconnect the server to the network?
A. Reverse the fiber strands of the cable and reconnect them to the server
138. A company is installing several APs for a new wireless system that requires users to authenticate to
the domain. The network technician would like to authenticate to a central point. Which of the following
would work BEST to achieve these results?
A RADIUS server and an access point
139. A new threat is hiding traffic by sending TLS-encrypted traffic outbound over random ports. Which
of the following technologies would be able to detect and block this traffic?
Stateful packet
inspection
140. A network admin wants to deploy a wireless network in a location that has too much RF
interference at 2.4 GHz. Which of the following standards requires the use of 5 GHz band wireless
transmissions?
802.11a
B. 802.11ac
141. A technician is trying to determine the IP address of a customer’s router. The customer has an IP
address of 192.168.1.55/24. Which of the following is the address of the customer’s router?
192.168.1.1
142. As part of a transition from a static to a dynamic routing protocol on an organization’s internal
network, the routing protocol must support IPv4 and VLSM. Based on those requirements, which of the
following should the network administrator use?
OSPF
IS-IS
143. An administrator needs to set up a space in the office where co-workers can relax. The
administrator sets up several TV’s with interconnected gaming systems in the office. Which of the
following did the administrator set up?
CAN
144. A company has changed ISPs for their office and ordered a new 250 Mbps symmetrical Internet
connection. As a result, they have been given a new IP range. The ISP has assigned the company
10.10.150.16 /28. The company gateway router has the following interface configuration facing the ISP:
Interface A:
IP address: 10.10.150.16
Subnet mask: 255.255.255.240
Default gateway: 10.10.150.32
Speed: 1000 Mbps Duplex: Auto
State: No Shutdown
None of the workstations at the company are able to access the
Internet. Which of the following are the reasons? (Select TWO).
E. The router interface is configured with the incorrect IP address.
F. The default gateway is configured incorrectly.
145. In the past, a company has experienced several network breaches as a result of end-user actions.
To help mitigate future breaches, which of the following documents should the security team ensure are
up-to-date and enforced for all employees?
Memorandum of understanding
AUP
146. Which of the following connection types is used to terminate DS3 connections in a telecomms
facility?
BNC
147. Which of the following is considered a classless routing protocol?
IS-IS
148. A network tech needs to protect IP based servers in the network DMZ from being discovered by an
intruder utilizing a ping sweep. Which of the following should the technician do to protect the network
from ping sweeps?
Block ICMP at the firewall
149. A network admin wants to ensure sensitive data is not exfiltrated from the system electronically.
Which of the following should be implemented?
DLP
150. Which of the following is a UC application?
Softphone
151. Which of the following allows a telecom company to test circuits to customers remotely?Smart Jack
152. A network administrator is noticing slow responds times from the server to hosts on the network.
After adding several new hosts, the administrator realizes that CSMA/CD results in network slowness
due to congestion at the server NIC. Which of the following should the network administrator do to
correct the issue?
C. Add additional network cards to the server
153. A telecommunications provider has just deployed a new OC-12 circuit at a customer site. While the
circuit showed no errors from the provider end to the customer’s demarcation point, a network
administrator is trying to determine the cause of dropped packets and errors on the circuit. Which of the
following should the network administrator do to rule out any problems at Layer 1? (Choose two.)
A. Use a loopback at the demark and router, and check for a link light
B. Use an OTDR to validate the cable integrity
154. A network admin is tasked with building a wireless network in a new adjacent building. Wireless
clients should not have visibility to one another but should have visibility to the wired users. Users must
seamlessly migrate between the two buildings while maintaining a connection to the LAN. Which of the
following is the BEST way to configure the new wireless network in the new building?
A. Use the same SSIDs on different channels and AP isolation
155. An office user cannot access local network drives but has full access to the Internet. A technician
troubleshoots the issue and observes the following output of the ipconfig command:
Which of the following would allow the network drives to be accessed?Disable the WLAN adapter
156. OFDM, QAM and QPSK are all examples of which of the following wireless
technologies?Modulation
157. Which of the following requires the network admin to schedule a maintenance window?
B. A minor release upgrade of a production router.
158. A network tech is using telnet to connect to a router on a network that has been compromised. A
new user and password has been added to the router with full rights. The tech is concerned that the
regularly used admin account has been compromised. After changing the password on all networking
devices, which of the following should the tech perform to prevent the password for the admin account
from being sniffed on the network?only allow administrators to access routers using port 22
159. A user connects to a wireless network at the office and is able to access unfamiliar SMB shares and
printers. Which of the following has happened to the user?
The user is connected to the wrong SSID.
160. After a company rolls out updates, Jane is no longer able to use equipment connected to her PC.
The tech contacts the vendor and determines there is an incompatibility with the latest IO drivers.
Which of the following should the tech perform so that Jane can get back to work as quickly as possible?
Roll back the drivers to the previous version
161. Which of the following wireless connection types utilize MIMO on non-overlapping channels?
B. 802.11ac
E. 802.11n
162. Which of the following MUST be implemented to share metrics between routing protocols within
the same router?
Routing table
163. A NAC service has discovered a virus on a client laptop. In which of the following locations would
the NAC service place the laptop?
On the quarantine network
164. A technician is dispatched to investigate sporadic network outages. After looking at the event logs
of the network equipment, the technician finds that all of the equipment is restarting at the same time
every day. Which of the following can the technician deploy to correct this issue?
UPS
165. A network tech needs to connect two switches. The tech needs a link between them which is
capable of handling 10gb. What media would be optimal for this app? Fiber Optic cable
166. Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the
following is the cause of this issue?
RADIUS
167. A host has been assigned the address 169.254.0.1. This is an example of which of the following
address types?
APIPA
168. Which applies to data as it travels from Layer 1 to 7 of the OSI model?
De-encapsulation
169. An organization is moving to a new datacenter. During the move, several technicians raise concerns
about a system that could potentially remove oxygen from the server room and result in suffocation.
Which of the following systems are they MOST likely discussing?
Fire suppression
170. When troubleshooting a network problem, browsing through the log of a switch, it is discovered
that multiple frames contain errors. In which of the following layers does the problem reside? (Select
TWO).
A. Layer 2
E. Data link
171. What should be used to ensure a specific device always receives the same IP address?Reservation
172. Which of the following refers to a network that spans several buildings that are within walking
distance of each other? CAN
173. A technician is troubleshooting a wired device on the network. The technician notices that the link
light on the NIC does not illuminate. After testing the device on a different RJ-45 port, the device
connects successfully. Which of the following is causing this issue?
D. Bad wiring
174. A technician would like to track the improvement of the network infrastructure after upgrades.
Which of the following should the technician implement to have an accurate comparison?
Baseline
175. While implementing wireless access points into the network, one building is having connectivity
issues due to light fixtures being replaced in the ceiling, while all other buildings’ connectivity is
performing as expected. Which of the following should be exchanged on the access points installed in
the building with connectivity issues?
Antenna
176. A network technician is attempting to connect a new host to existing manufacturing equipment on
an Ethernet network. The technician is having issues trying to establish communication between the old
equipment and the new host. The technician checks the cabling for breaks and finds that the CAT3 cable
in use is in perfect condition. Which of the following should the technician check to ensure the new host
will connect?
Confirm the new host is compatible with 10BaseT Ethernet
177. A tech has been tasked with assigning two IP addresses to WAN interfaces on connected routers. In
order to conserve address space, which of the following subnet masks should be used for this subnet?
/30
178. Which of the following describes an IPv6 address of ::1?
B. Loopback
179. Which of the following is a security benefit gained from setting up a guest wireless network?
B. Isolated corporate resources
180. An administrator reassigns a laptop to a different user in the company. Upon delivering the laptop
to the new user, the administrator documents the new location, the user of the device and when the
device was reassigned. Which of the following BEST describes these actions?
Asset management
181. A technician is configuring a managed switch and needs to enable 802.3af. Which of the following
should the technician enable?
A. PoE
182. Which of the following is used to classify network data for the purpose of providing QoS?
DSCP
183. The Chief Information Officer (CIO) wants to improve the security of the company’s data. Which of
the following is a management control that should be implemented to ensure employees are using
encryption to transmit sensitive information?
Policies
184. An outside organization has completed a penetration test for a company. One of the items on the
report is reflecting the ability to read SSL traffic from the web server. Which of the following is the MOST
likely mitigation for this reported item?
Ensure patches are deployed
185. Which of the following should current network performance be compared against to determine
network anomalies?
Baseline
186. An organization is in a civil court action and needs to ensure email messages are retained. What
describes the requirement to archive & retain email traffic & other correspondence?
Legal hold
187. A network technician must allow use of HTTP from the internet to an internal resource running
HTTP. This is an example of which of the following?
Port Forwarding
188. A network technician has just configured NAC for connections using Cat 6 cables. However, none of
the Windows clients can connect to the network. Which of the following components should the
technician check on the Windows PCs?Start the Wired AutoConfig service in the Services console
C. Enable IEEE 802.1x Authentication in Network Interface Card Properties
189. The backups server connects to a NAS device using block-level storage over Ethernet. The
performance is very slow, however, and the network technician suspects the performance issues are
network related. Which of the following should the technician do to improve performance?
C. Enable jumbo frames on the NAS and server
190. Based on networks 10.8.16.0/22 and 10.8.31.0/21, which of the following is the BEST summarized
CIDR notation?
10.8.0.0/16
191. A network engineer needs to set up a topology that will not fail if there is an outage on a single
piece of the topology. However, the computers need to wait to talk on the network to avoid
congestions. Which of the following topologies would the engineer implement?
Ring
192. An engineer is reviewing the implementation requirements for an upcoming project. The basic
requirements identified by the customer include the following:
– WLAN architecture supporting speeds in excess of 150 Mbps – Clientless remote network access
– Port-based network access control. Which of the following solution sets properly addresses all
of the identified requirements?
802.11n, SSL-VPN, 802.1x
193. Users are reporting their network is slow. The tech discovers pings to external host have excessive
response times. However, internal pings to printers and other PCs have good response times. Which
steps should the tech take NEXT? Determine if any network equipment was replaced recently
194. Which of the following will negotiate standoff timers to allow multiple devices to communicate on
congested network segments?
A. CSMA/CD
195. A network tech observes multiple attempts to scan network hosts/devices. All the attempts
originate from a host on the network. Which of the following threats is involved?
Compromised
system
196. A company wants to make sure that users are required to authenticate prior to being allowed on
the network. Which of the following is the BEST way to accomplish this?
A. 802.1x
197. A system administrator has been tasked to ensure that the software team is not affecting the
production software when developing enhancements. The software that is being updated is on a very
short SDLC and enhancements must be developed rapidly. These enhancements must be approved
before being deployed. Which of the following will mitigate production outages before the
enhancements are deployed? Implement an environment to test the enhancements.
198. After repairing a computer infected with malware, a tech determines that the web browser fails to
go to the proper address for some sites. Which of the following should be checked?Local hosts file
199. A network technician is utilizing a network protocol analyzer to troubleshoot issues that a user has
been experiencing when uploading work to the internal FTP server. Which of the following default port
numbers should the technician set the analyzer to highlight when creating a report? 20 21
200. A network technician was tasked to respond to a compromised workstation. The technician
documented the scene, took the machine offline, and left the PC under a cubicle overnight. Which of the
following steps of incident handling has been incorrectly performed? Chain of custody
201. A building is equipped with light sensors that turn off the fluorescent lights when natural light is
above a certain brightness. Users report experiencing connection issues only during certain hours. The
west side of the building experiences connectivity issues in the morning hours and the east side near the
end of the day. At night the connectivity issues affect the entire building. Which of the following could
be the cause of the connectivity issues? Network wiring is run perpendicular to electrical conduit
202. Which of the following is the number of broadcast domain that are created when using an
unmanaged 12-port switch?
1
203. A network technician is diligent about maintaining all system servers’ at the most current service
pack level available. After performing upgrades, users experience issues with server-based applications.
Which of the following should be used to prevent issues in the future? Configure a test lab for
updates
206. A network tech is using a network monitoring system and notices that every device on a particular
segment has lost connectivity. Which of the following should the network tech do NEXT?
Determine if anything has changed.
204. A desktop computer is connected to the network and receives an APIPA address but is unable to
reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet are able to reach the Internet.
Which of the following is MOST likely the source of the problem?802.1q is not configured on
205. Which of the following would be the result of a user physically unplugging a VoIP phone and
connecting it into another interface with switch port security enabled as the default setting?
B. The VoIP phone would cause the switch interface, that the user plugged into, to shutdown.
206. A technician is configuring a computer lab at a school. The computers need to be able to
communicate with each other, but students using the computers should not be able to access the
internet. Which of the following rules on the firewall should the technician configure for the lab
computers?
C. Block all WAN to LAN traffic
207. Which of the following cloud infrastructure designs includes on premise servers utilizing a
centralized syslog server that is hosted at a third party organization for review?
A. Hybrid
208. The network admin is configuring a switch port for a file server with a dual NIC. The file server
needs to be configured for redundancy and both ports on the NIC need to be combined for max
throughput. Which of the following features on the switch should the network admin use?
LACP
209. A company has implemented the capability to send all log files to a central location by utilizing an
encrypted channel. The log files are sent to this location in order to be reviewed. A recent exploit has
caused the company’s encryption to become unsecure. Which of the following would be required to
resolve the exploit?
B. Install recommended updates
210. Exploiting a weakness in a user’s wireless headset to compromise the mobile device is known as
which of the following?
Bluejacking
211. A technician who is working with a junior member of the team is called away for another issue. The
junior technician orders an SC 80/125 fiber cable instead of an ST 80/125. Which of the following will
MOST likely be an issue with the new cable?
Connector mismatch
212. A network tech has just installed a TFTP server on the admin segment of the network to store
router and switch configs. After a transfer attempt to the server is made, the process errors out. Which
of the following is a cause of the error? Port 69 is blocked on a router between the network segments
213. A network technician is performing a tracert command to troubleshoot a website-related issue. The
following output is received for each hop in the tracert:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
The technician would like to see the results of the tracert command. Which of the following will allow
the technician to perform tracert on external sites but not allow outsiders to discover information from
inside the network? Configure the firewall to allow echo reply in and echo request out of the network
214. The process of attempting to exploit a weakness in a network after being given permission by the
company is known as:
penetration testing
215. What can be issued from the cmnd line to find the layer 3 hops to a remote destination?traceroute
216. A network tech is considering opening ports on the firewall for an upcoming VoIP PBX
implementation. Which of the following protocols is the tech MOST likely to consider?SIP/323/RTP
217. Which of the following would be the MOST efficient subnet mask for a point-to-point link? /31
218. A company has a network with three switches with eight ports. The switch is connected to a router
that has a hub with four PCs plugged into one of its interfaces. How many broadcast domains are
present in this company’s network
2
219. An attacker has connected to an unused VoIP phone port to gain unauthorized access to a network.
This is an example of which of the following attacks?
VLAN hopping
220. A technician is troubleshooting a newly installed WAP that is sporadically dropping connections to
devices on the network. Which of the following should the technician check FIRST?
WAP placement
221. A tech is tasked with connecting a router to a DWDM. The tech connects the router to the
multiplexer and confirms that there is a good signal level. The interface on the router will not come up.
Which of the following is the cause? The wrong wavelength was demuxed from the multiplexer.
222. A tech needs to install software onto company laptops to protect local running services, from
external threats. Which of the following should the technician install and configure on the laptops if the
threat is network based?A host-based firewall which allows all outbound communication
223. An office network consists of one two-port router connected to a 12-port switch. A four-port hub is
also connected to the switch. On this particular network, which of the following is the number of
collision domain that exist?
D. 14
224. A technician is setting up a new network and wants to create redundant paths through the
network. Which of the following should be implemented to prevent performance degradation?
Spanning tree
225. While troubleshooting a network outage, a tech finds a 100-meter fiber cable with a small service
loop and suspects it might be the cause of the outage. Which of the following is MOST likely the issue?
Bend radius exceeded
226. A network tech has detected duplicate IP addresses on the network. After testing the behavior of
rogue DHCP servers, the tech believes that the issue is related to an unauthorized home router. Which
of the following should the tech do NEXT in the t’shooting methodology?Establish a plan to locate the
rogue DHCP server.
227. A tech is setting up a computer lab. Computers on the same subnet need to communicate with
each other using P2P communication. Which would the tech MOST likely configure?
Software
firewall
228. While troubleshooting, a tech notices that some clients using FTP still work and that pings to the
local router and servers are working. The tech tries to ping all known nodes on the network and they
reply positively, except for one. The tech notices that ping works only when the host name is used but
not when FQDN is used. Which server is MOST likely down?
DNS server
229. The admin’s network has OSPF for the internal routing protocol. One port going out to the Internet
is congested. The data is going out to the Internet, but queues up before sending. Which of the following
would resolve this issue?
Fast Ethernet 0 is up, line protocol is up Int ip address is 10.20.130.5/25
MTU 1500 bytes, BW10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255
Encapsulation ospf, loopback not set
Keep alive 10
Half duplex, 100Mb/s, 100 Base Tx/Fx Received 1052993 broadcasts 0 input errors
983881
packets output, 768588 bytes 0 output errors, 0 collisions, 0 resets
Change duplex to full
230. In a service provider network, a company has an existing IP address scheme. Company A’s network
currently uses the following scheme: Company B uses the following scheme: Subnet 1: 192.168.1.50/28
The network admin cannot force the customer to update its IP scheme. Considering this, which of the
following is the BEST way for the company to connect these networks?
NAT
231. A network tech is troubleshooting an end-user connectivity problem. The network tech goes to the
appropriate IDF but is unable to identify the appropriate cable due to poor labeling. Which of the
following should the network technician use to help identify the cable?
Tone generator
232. Packet analysis reveals multiple GET and POST requests from an internal host to a URL without any
response from the server. Which of the following is the BEST explanation that describes this scenario?
Compromised system
233. Which of the following describes an area containing a rack that is used to connect customer
equipment to a ISP?
MDF
234. Which of the following protocols must be implemented in order for 2 switches to share VLAN
information? VTP
235. A technician is troubleshooting a client’s connection to a wireless network. The client is asked to
run a “getinfo” command to list information about the existing condition.
myClient$ wificard –getinfo agrCtlRSSI:-72 agrExtRSSI:0 state:running
op mode: station lastTxRate:178 MaxRate:300
802.11 auth:open link auth:wpa2-psk
BSSID:0F:33:AE:F1:02:0A
SSID:CafeWireless Channel:149,1
Given this output, which of the following has the technician learned about the wireless network? (Select
C. The WAP is using AES encryption
The WAP is using the 5GHz channel
236. A T1 line has lost connectivity to the ISP. The ISP has instructed the tech to place a loopback on a
device connecting the T1 line to their office. On which of the following devices will the tech implement
the loopback?
Channel service unit
237. A network administrator received the following email from a user:
From: user@company.com
To: abuse@company.com
Subject: Free smart phone
Dear user,
please click the following link to get your free smart phone
http://www.freesmartphone.it:8080/survey.php
Which of of the following should the administrator do to prevent all employees from accessing the link
in the above email, while still allowing Internet access to the freesmartphone.it domain?
Add http://www.freesmartphone.it:8080/survey.php to the browser group policy block list.
238. A network tech has been assigned to install an additional router on a wireless network. The router
has a different SSID and frequency. All users on the new access point and the main network can ping
each other and utilize the network printer, but all users on the new router cannot get to the Internet.
What is the MOST likely cause of this issue? gateway is misconfigured on the new router.
239. A network technician must utilize multimode fiber to uplink a new networking device. Which of the
following Ethernet standards could the technician utilize? 1000Base-SR
10GBase-SR
240. A tech needs to troubleshoot a recently installed NIC. He decides to ping the local loopback. Which
of the following is a valid IPv4 loopback address?
127.0.0.1
241. A training class is being held in an auditorium. Hard-wired connections are required for all laptops
that will be used. The network tech must add a switch to the room through which the laptops will
connect for full network access. Which of the following must the tech configure on a switch port, for
both switches, in order to create this setup?
TRUNK
242. Which of the following is a system of notation that uses base 16 rather than base 10?
243.area where access is controlled by retina scan is protected by what security measure
type?Biometric
Hex
244. A network tech is assisting the team with some traffic captures. The team wants to capture all
traffic on a single subnet between the router and the core switch. To do so, the team must ensure there
is only a single collision and broadcast domain between the router and the switch from which they will
collect traffic. What should the tech install to BEST meet the goal? Hub
245. When enabling jumbo frames on a network device, what parameter is being adjusted?MTU
246. A network tech has been tasked to configure a new network monitoring tool that will examine
interface settings throughout various network devices. Which of the following would need to be
configured on each network device to provide that information in a secure manner?
SNMPv3
247. A company finds that many desktops are being reported as missing or lost. Which of the following
would BEST assist in recovering these devices?
Computer locks
248. It has been determined by network operations that there is a severe bottleneck on the company’s
mesh topology network. The field technician has chosen to use log management and found that one
router is making routing decisions slower than others on the network. This is an example of which of the
following?
Network device CPU issues
249. An admin only has telnet access to a remote workstation. Which of the following utilities will
identify if the workstation uses DHCP?
ipconfig
250. A company has had several virus infections over the past few months. The infections were caused
by vulnerabilities in the application versions that are being used. Which of the following should an
admin implement to prevent future outbreaks? Patch management
251. Which of the protocols uses label-switching routers and label-edge routers to forward traffic?
MPLS
252. A tech needs to ensure that new systems are protected from electronic snooping of Radio
Frequency emanations. Which of the following standards should be consulted? TEMPEST
253. Network segmentation provides which of the following benefits?
Security through isolation
254. Which of the following communication technologies is used by video conferencing systems to sync
video streams, reduce bandwidth, sent by a central location to subscribed devices?
Multicast
255. An administrator's network has OSPF for the internal routing protocol and has two interfaces that
continue to flap. The administrator reviews the following output:
Fast ethernet 0 is up, line protocol is up
Int ip address is 10.20.130.5/25
MTU 1500 bytes, BW10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255
Encapsulation ospf, loopback not set
Keep alive 10
Full duplex, 100Mb/s, 100Base Tx/Fx Received 1052993 broadcasts
1258 input errors
983881 packet output, 768588 bytes 1747 output errors, 0 collisions, 423 resets
Which of the following problems would cause the interface flap?
Duplex
mismatch
256. A network tech needs to separate a web server listening on port 80 from the internal LAN and
secure the server from the public Internet. The web server should be accessible to the public Internet
over port 80 but not the private LAN. Currently, the network is segmented with a network-based firewall
using the following IP addressing scheme on each interface:
Place the web server in the DMZ with an inbound rule from eth0 interface to eth1 to accept traffic over
port 80 designated to the web server
257. A network admin configures an email server to use secure protocols. When the upgrade is
completed, which of the following ports on the firewall should be configured to allow for connectivity?
TCP 587
TCP 993
TCP 995
258. Which of the following BEST describes the process of documenting everyone who has physical
access or possession of evidenceChain of custody
259. A network tech configures a firewall’s ACL to allow outgoing traffic for several popular services such
as email and web browsing. users are still unable to retrieve their emails. Which of the following would
BEST resolve this issue?Allow the firewall to accept inbound traffic to ports 80, 110, 143, and 443
260. While troubleshooting a connectivity issue, a network tech determines the IP address of a number
of workstations is 169.254.0.0/16 and the workstations cannot access the Internet. Which of the
following should the tech check to resolve the problem? DHCP server
261. After a recent breach, the security technician decides the company needs to analyze and aggregate
its security logs. Which of the following systems should be used?
C. SIEM
262. A firewall ACL is configured as follows:
10. Deny Any Trust to Any DMZ eq to TCP port 22
11. Allow 10.200.0.0/16 to Any DMZ eq to Any
12. Allow 10.0.0.0/8 to Any DMZ eq to TCP ports 80, 443
13. Deny Any Trust to Any DMZ eq to Any
A tech notices that users in the 10.200.0.0/16 network are unable to SSH into servers in the DMZ.
Reordering the ACL in which of the following manners would meet the company’s objectives?
11, 10, 12, 13
Allow 200, Deny, Allow 10, Deny
263. A network tech needs to monitor the network to find a user that is browsing inappropriate sites.
Which of the following would the tech use to view the site and find the user browsing it?packet sniffer
264. A client is receiving certificate errors in other languages when trying to access the company’s main
intranet site. Which of the following is MOST likely the cause?
Man-in-the-middle
265. A customer has engaged a company to improve the availability of all of the customer’s services and
applications, enabling the customer to minimize downtime to a few hours per quarter. Which of the
following will document the scope of the activities the company will provide to the customer, including
the intended outcomes?
SOW
266. A tech installs a new WAP and users in the area begin to report poor performance. The technician
uses a ping and 3 of 5 packets respond. Testing from a wired connection shows 5 of 5 packets respond.
Which tool should be used to discover the cause?
Spectrum Analyzer tool
267. A network tech needs to set up 2 public facing servers & wants to ensure that if they are
compromised the intruder can’t access the intranet. What security tech’s should be used?
Place them in the demilitarized zone
268. Which of the following WAN technologies is associated with high latency?
Satellite
269. A user calls the help desk and states that he was working on a spreadsheet and was unable to print
it. However, his colleagues are able to print their documents to the same shared printer. Which should
be the FIRST question asked? Is the user able to access any network resources?
270. A network admin is following best practices to implement firewalls, patch management and policies
on the network. Which of the following should be performed to verify the security controls in place?
Penetration testing
271. A company is having a new T1 line installed. Which of the following will the connection MOST likely
terminate to?
MDF
272. A typical cell tower will have microwave and cellular antennas. Which of the following network
topologies do these represent? C. Point-to-point
D. Mesh
273. Which of the following types of network would be set up in an office so that customers could
access the Internet but not be given access to internal resources such as printers & servers?
Guest
network
274. Which of the following is a document that is used in cyber forensics that lists everywhere evidence
has been?
C. Chain of custody
275. A company has just implemented VoIP. Prior to the implementation, all of the switches were
upgraded to layer 3 capable in order to more adequately route packages. This is an example of which of
the following network segmentation techniques?
D. Performance optimization
276. Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP
using a POTS line?
C. Analog modem
277. Which of the following default ports is associated with protocols that are connectionless?
2427
278. A technician configures a firewall in the following manner in order to allow HTTP traffic.
Source IPZone: Any Untrust
Dest IPZone: Any DMZ
Port: 80
Action: Allow
The organization should upgrade to which of the following technologies to prevent unauthorized traffic
from traversing the firewall?
D. Application aware firewall
279. A client reports that half of the marketing department is unable to access network resources. The
technician determines that the switch has failed and needs to replace it. Which of the following would
be the MOST helpful in regaining connectivity?
C. Configuration backup
280. Which of the following is a connectionless protocol?ICMP UDP
281. A PC tech has installed a new network printer that was preconfigured with the correct static IP
address, subnet mask, and default gateway. The printer was installed with a new cable and appears to
have link activity, but the printer will not respond to any network communication attempts. Which of
the following is MOST likely the cause of the problem? Incorrect VLAN assignment
282. A wireless network tech for a local retail store is installing encrypted access points within the store
for real-time inventory verification, as well as remote price checking capabilities, while employees are
away from the registers. The store is in a strip mall that has neighbors allowing guest access to the
wireless. Which of the following is the BEST security method to implement on the APs?MAC filtering
283. A tech is installing a surveillance system for a home network. The tech is unsure which ports need
to be opened to allow remote access to the system. Which of the following should the tech perform?
Add the system to the DMZ
284. Upon arrival at work, an admin is informed that network users cannot access the file server. The
admin logs onto the server and sees the updates were automatically installed and the network
connection shows limited and no availability. Which of the following needs to be rolled back?
server’s NIC drivers
285. Before logging into the company network, users are required to sign a document that is to be
stored in their personnel file. This standards and policies document is usually called which of the
following? AUP
286. A network admin noticed that when one computer goes down, all the other computers in the office
will not work. Which of the following topologies is in use? Bus
287. Jane is preparing to configure a company’s network. She has installed a firewall to allow for an
internal DMZ and external network. No hosts on the internal network should be directly accessible by IP
address from the internet, but they should be able to communicate with remote networks after
receiving a proper IP address. What addressing scheme will work in this situation?
Private
288. A network engineer is designing a new IDF in an old building. The engineer determines the
equipment will fit in a two-post rack, and there is power available for this equipment. Which of the
following would be the FIRST issue to remediate?
A. Air flow and cooling
289. Which of the following broadband WAN technologies would MOST likely be used to connect several
remote branches that have no fiber or satellite connections?
B. POTS
290. An additional network segment is urgently needed for QA testing on the external network. A
software release could be impacted id this change is not immediate. The request come directly from
management, and there is no time to go through the emergency change control process. Given this
scenario, which of the following is the BEST course of action for the network administrator to take?
D. Make the change, noting the requester, and document all network changes
291. The CIO of an org is concerned that the current locally-hosted, software threat solution is not. The
CIO points to examples of 0-day threats that have recently taken a day or more to receive patches.
Which of the following solutions would have the BEST chance of meeting these goals? Stateful firewall
292. A network tech receives a spool of Cat 6a cable and is asked to build several cables for a new set of
Ethernet runs between devices. What tools are needed? Wire stripper Crimper RJ-45 connectors
293. A network admin has created a virtual machine in the cloud. The tech would like to connect to the
server remotely using RDP. Which of the following default ports needs to be opened? 3389
294. The CIO has noticed the corporate wireless signal is available in the parking lot. Management
requests that the wireless be changed so it is no longer accessible in public areas, without affecting the
availability inside the building. Which of the following should be changed on the network?Power levels
295. A network tech has detected a personal computer that has been physically connected to the
corporate network. Which of the following commands would the network technician use to locate this
unauthorized computer and determine the interface it is connected to?
show mac address-table
296. A network tech discovers an issue with spanning tree on the core switch. What troubleshooting
steps should the network tech perform NEXT to resolve the issue?Establish a theory of probable cause
297. A network tech wants to remotely and securely access the desktop of a Linux workstation. The
desktop is running remote control software without encryption. Which of the following should the
technician use to secure the connection?
SSH in tunnel mode
298. A tech has determined the most likely cause of an issue and implement a solution. Which of the
following is the NEXT step that should be taken?
Verify system functionality
299. A company is implementing enhanced user authentication for system admin accessing the
company’s confidential servers. Which of the following would be the BEST example of two-factor
authentication?
Password and key fob
300. A network tech notices the site-to-site VPN and Internet connection have not come back up at a
branch office after a recent power outage. Which of the following is an out-of-band method the tech
would utilize to check the office’s router status?
Use a modem to console into the router
301. A technician is concerned about security and is asked to set up a network management protocol.
Which of the following is the best option?
B. SNMPv3
302. A network technician is tasked with designing a firewall to improve security for an existing FTP
server that is on the company network and is accessible from the internet. The security concern is that
the FTP server is compromised it may be used as a platform to attack other company servers. Which of
the following is the BEST way to mitigate this risk?
Move the server to the DMZ of the firewall
303. A company that was previously running on a wired network is performing office-wide upgrades. A
department with older desktop PC’s that do not have wireless capabilities must be migrated to the new
network, ensuring that all computers are operating on a single network. Assuming CAT5e cables are
available, which of the following network devices should a network technician use to connect all the
devices to the wireless network?
D. Wireless router
304. Which of the following helps prevent routing loops?
D. Split horizon
305. The network install is failing redundancy testing at the MDF. The traffic being transported is a
mixture of multicast and unicast signals. Which of the following would BEST handle the rerouting caused
by the disruption of service?
A. Layer 3 switch
306. An F-connector is used on which of the following types of cabling?
D. RG6
307. A technician wants to securely manage several remote network devices. Which of the following
should be implemented to securely manage the devices?
C. SNMPv3
308. A network administrator would like to collect information from several networking devices using
SNMP. Which of the following SNMP options should a network administrator use to ensure the data
transferred is confidential?
A. authpriv
309. The security manager reports that individual systems involved in policy or security violations or
incidents cannot be located quickly. The security manager notices the hostnames all appear to be
randomly generated characters. Which of the following would BEST assist the security manager
identifying systems involved in security incidents?
B. Implement a standardized UNC
310. A network administrator receives a call asking for assistance with connecting to the network. The
user asks for the IP address, subnet class, and VLAN required to access the network. This describes
which of the following attacks?
A. Social engineering
311. A network technician has set up an FTP server for the company to distribute software updates for
their products. Each vendor is provided with a username and password for security. Several vendors
have discovered a virus in one of the security updates. The company tested all files before uploading
them but retested the file and found the virus. Which of the following could the tech do for vendors to
validate the proper security patch?
Provide an MD5 hash for each file
312. Which of the following types of equipment should be used for telecommunications equipment and
have an open design?
A. 2/4 post racks
313. Which of the following communication technologies would MOST likely be used to increase
bandwidth over an existing fiber optic network by combining multiple signals at diff
wavelengths?DWDM
314. A network tech has just received an email regarding a security issue detected on the company’s
standard web browser. Which of the following will MOST likely fix the issue?
Vulnerability patch
315. An attack where the potential intruder tricks a user into providing sensitive information is known as
which of the following?
A. Social engineering
316. Client PCs are unable to receive addressing information from a newly configured interface on a
router. Which of the following should be added to allow the clients to connect?
B. IP helper
317. A network technician receives a call from a use who is experiencing network connectivity issues.
The network technician questions the user and learns the user brought in a personal wired router to use
multiple computers and connect to the network. Which of the following has the user MOST likely
introduced to the network?
A. Rogue DHCP server
318. Routing prefixes which are assigned in blocks by IANA and distributed by the Regional Internet
Registry (RIR) are known as which of the following?
B. Autonomous system number
319. Company policies require that all network infrastructure devices send system level information to a
centralized server. Which of the following should be implemented to ensure the network administrator
can review device error information from one central location?
C. SYSLOG server
320. A Chief Information Officer (CIO) wants to move some IT services to a cloud service offering.
However, the network administrator still wants to be able to control some parts of the cloud service’s
networking components. Which of the following should be leveraged to complete this task? PaaS
321. A disgruntled employee executes a MitM attack on the company network. Layer 2 traffic destined
for the gateway is redirected to the employee’s computer. This type of attack is an ARP cache poisoning
322. A technician is connecting a router directly to a PC using the G1/0/1 interface. Without the use of
auto-sensing ports, which of the following cables should be used?
D. Crossover
323. Which of the following is an example of an IPv4 address?
B. 192.168.1.254
324. There has been an increased amount of successful social engineering attacks at a corporate office.
Which of the following will reduce this attack in the near future?
C. User awareness training
325. A network engineer is conducting an assessment for a customer that wants to implement an
802.11n wireless network. Before the engineer can estimate the number of WAPs needed, it is
important to reference which of the following?
B. Site survey
326. Which of the following protocols were designed to avoid loops on a Layer 2 network? (Select TWO)
D. Spanning tree
E. 802.1d
327. A network tech is asked to redesign an network before new monitoring software is added to each
host on the network. The new software will broadcast stats from each host to a monitoring host for
each of the five depts in the company. The added network traffic must be addressed. Which of the
following solutions should the tech design into the new network?Place each department in a separate
VLAN
328. A network technician receives the following alert from a network device: “High utilizations
threshold exceeded on gi1/0/24 : current value 9413587.54” Which of the following is being monitored
to trigger the alarm?
E. Interface link status
329. A company plan established to resume normal system operations following a disruption in business
would be described as which of the following?
D. Business continuity
330. Which of the following network topologies has a central, single point of failure?
B. Star
331. A network technician has been asked to make the connections necessary to add video transported
via fiber optics to the LAN within a building. Which of the following is the MOST common connector that
will be used on the switch to connect the media converter?
D. ST
332. A company owns 4 kiosks that are in close proximity within a shopping center. The owner is
concerned about someone accessing the internet via the kiosk’s wireless. Which of the following should
be implemented to provide wireless access to the employees working at kiosk?
MAC filtering
333. After the A record of a public website was updates, some visitors were unable to access the
website. Which of the following should be adjusted to address the issue?
A. TTL
334. A network technician needs to correlate security events to analyze a suspected intrusion. Which of
the following should the technician use?
D. SIEM
335. A network engineer configured new firewalls with the correct configuration to be deployed to each
remote branch. Unneeded services were disabled, and all firewall rules were applied successfully. Which
of the following should the network engineer perform NEXT to ensure all the firewalls are hardened
successfully?
C. Update the firewalls with current firmware and software
336. A network technician has multimode fiber optic cable available in an existing IDF. Which of the
following Ethernet standards should the technician use to connect the network switch to the existing
fiber?
A. 10GBaseT
337. An attacker is attempting to find the password to a network by inputting common words and
phrases in plaintext to the password prompt. Which of the following attack types BEST describes this
action?
D. Dictionary attack
338. A network technician is observing the behavior of an unmanaged switch when a new device is
added to the network and transmits data. Which of the following BEST describes how the switch
processes this information? The data is flooded out of every port but only in the VLAN where it’s
located
339. Which would MOST likely be used to review previous upgrades to a system?
management
change
340. A corporation has a critical system that would cause unrecoverable damage to the brand if it was
taken offline. Which disaster recovery solutions should the corp implement?
Hot site
341. An engineer notices some late collisions on a half-duplex link. The engineer verifies that the devices
on both ends of the connection are configured for half duplex. Which of the following is the most likely
cause of this issue?
C. The cable length is excessive
342. A network technician is investigating an issue with a desktop that is not connecting to the network.
The desktop was connecting successfully the previous day, and no changes were made to the
environment. The technician locates the switchport where the device is connected and observes the LED
status light on the switchport is not lit even though the desktop is turned on Other devices that arc
plugged into the switch are connecting to the network successfully Which of the following is MOST likely
the cause of the desktop not connecting?
C. Port security
343. A network device is configured to send critical events to a syslog server; however, the following
alerts are not being received: Severity 5 LINK-UPDOWN: Interface 1/1, changed state to down Severity
5LINK-UPDOWN: Interface 1/3, changed state to down Which of the following describes the reason why
the events are not being received? A. network device isn’t configured to log that level to syslog server
344. A lab environment hosts Internet-facing web servers and other experimental machines, which
technicians use for various tasks A technician installs software on one of the web servers to allow
communication to the company's file server, but it is unable to connect to it Other machines in the
building are able to retrieve files from the file server. Which of the following is the MOST likely reason
the web server cannot retrieve the files, and what should be done to resolve the problem?
B. The lab environment is located in the DM2, and traffic to the LAN zone is denied by default
345. A company wants to implement a large number of WAPs throughout its building and allow users to
be able to move around the building without dropping their connections Which of the following pieces
of equipment would be able to handle this requirement?
A. A VPN concentrator
356. Which of the following is MOST likely to generate significant East-West traffic in a datacenter?
B. A duplication of a hosted virtual server to another physical server for redundancy
347. A technician is troubleshooting a wireless connectivity issue in a small office located in a high-rise
building. Several APs are mounted in this office. The users report that the network connections
frequently disconnect and reconnect throughout the day. Whichof the following is the MOST likely
cause of this issue?
B. EIRP needs to be boosted
348. There are two managed legacy switches running that cannot be replaced or upgraded. These
switches do not support cryptographic functions, but they are password protected. Which of the
following should a network administrator configure to BEST prevent unauthorized access?
A. Enable a management access list
349. A small business uses a single SOHO router to provide Internet/WiFi to its employees At the start of
a new week, employees come in and find their usual WiFi network is no longer available, and there is a
new wireless network to which they can’t connect. Given that information, which of the following
should have been done to avoid this situation' The device firmware should have been kept current.
350. A tech is troubleshooting a workstation's connectivity and wants to confirm which switchport
corresponds to the wall jack the PC is using Which of the following concepts would BEST help the tech?
Consistent labeling
351. A network administrator is installing a wireless network at a client’s office. Which of the following
IEEE 802.11 standards would be BEST to use for multiple simultaneous client access?
A. CDMA
352. A technician is installing multiple UPS units in a major retail store. The technician is required to
keep track of all changes to new and old equipment. Which of the following will allow the technician to
record these changes?
A. Asset tags
353. Within the realm of network security, Zero Trust: block malicious software that is too new to be
found in virus definitions
354. Which of the following connector types would have the MOST flexibility?
A. SFP
355. A SaaS provider has decided to leave an unpatched VM available via a public DMZ port. With which
of the following concepts is this technique MOST closely associated?
D. Honeypot
356. A technician wants to install a WAP in the center of a room that provides service in a radius
surrounding a radio. Which of the following antenna types should the AP utilize?
A. Omni
357. What is used to prioritize usage /application & /user on the network? Bandwidth management
358. Several WIFI users are reporting the inability to connect to the network. WLAN users on the guest
network are able to access all network resources without any performance issues. The following table
summarizes the findings after a site survey of the area in question: Which of the following should a
wireless technician do NEXT to troubleshoot this issue? A. Reconfigure the channels to reduce overlap
359. A tech is deploying a low-density wireless network and is contending with multiple types of building
materials. Which of the following w’less frequencies would allow for the LEAST signal attenuation? 5GHz
360. A website administrator is concerned the company’s static website could be defaced by hacktivists
or used as a pivot point to attack internal systems. Which of the following should a network security
administrator recommend to assist with detecting these activities?
C. Use SSL encryption.
361. A network engineer is investigating reports of poor network performance. Upon reviewing a device
configuration, the engineer finds that duplex settings are mismatched on both ends. Which of the
following would be the MOST likely result of this finding?
A. Increased CRC errors
362. Which of the following service models would MOST likely be used to replace on-premises servers
with a cloud solution?
B. IaaS
363. A technician wants to deploy a new wireless network that comprises 30 WAPs installed throughout
a three-story office building. All the APs will broadcast the same SSID for client access. Which of the
following BEST describes this deployment?
A. Extended service set
364. A user reports a weak signal when walking 20ft (61 m) away from the WAP in one direction, but a
strong signal when walking 20ft in the opposite direction The technician has reviewed the configuration
and confirmed the channel type is correct There is no jitter or latency on the connection Which of the
following would be the MOST likely cause of the issue?
A. Antenna type
365. A network admin has been directed to present the network alerts from the past week to the
company's executive staff. Which of the following is collection and presentation of this data?
A report from the SIEM tool
366. Access to a datacenter should be individually recorded by a card reader even when multiple
employees enter the facility at the same time. Which of the following allows the enforcement of this
policy?
Access control vestibules
367. A network admin is downloading a large patch that will be uploaded to several enterprise switches
simultaneously during the day's upgrade cycle. Which of the following should the admin do to help
ensure the upgrade process will be less likely to cause problems with the switches?
C. Download each switch's current configuration before the upgrade
368. A fiber link connecting two campus networks is broken. Which of the following tools should an
engineer use to detect the exact break point of the fiber link?
A. OTDR
369. A network administrator is designing a new datacenter in a different region that will need to
communicate to the old datacenter with a secure connection. Which of the following access methods
would provide the BEST security for this new datacenter?
D. Site-to-site VPN
370. A network administrator is implementing OSPF on all of a company’s network devices. Which of the
following will MOST likely replace all the company’s hubs?
A. A Layer 3 switch
371. Which of the following can be used to centrally manage credentials for various types of
administrative privileges on configured network devices?
B. TACACS+
372. A network technician is investigating an IP phone that does not register in the VoIP system
Although it received an IP address, it did not receive the necessary DHCP options The information that is
needed for the registration is distributes by the OHCP scope All other IP phones are working properly.
Which of the following does the technician need to verify?
A. VLAN mismatch
373. A network technician is installing an analog desk phone for a new receptionist After running a new
phone line, the technician now needs to cnmp on a new connector. Which of the following connectors
would MOST likely be used in this case?
A. DB9
374. A workstation is configured with the following network details: Software on the workstation needs
to send a query to the local subnet broadcast address. To which of the following addresses should the
software be configured to send the query?
E. 10.1.2.31
375. A network engineer is designing a new secure wireless network. The engineer has been given the
following requirements: * 1 Must not use plaintext passwords * 2 Must be certificate based * 3. Must be
vendor neutral Which of the following methods should the engineer select?
C. EAP-TLS
376. Which of the following security devices would be used to provide mechanical access control to the
MDF/IDF?
B. A key fob
377. During the security audit of a financial firm the (CEO) questions why there are 3 employees who
perform very distinct functions on the server. There is an administrator for creating users another for
assigning the users lo groups & a third who is the only administrator to perform file rights assignment
Which of the following mitigation techniques is being applied'
Role separation
378. Which of the following policies is MOST commonly used for guest captive portals?
379. Which of the following devices would be used to manage a corporate WLAN?
controller
A. AUP
wireless
380. A network tech needs to ensure outside users are unable to telnet into any of the servers at the
datacenter. Which of the following ports should be blocked when checking firewall configuration? 23
382. A network technician is installing new software on a Windows-based server in a different location.
Which of the following would be BEST for the technician to use to perform this task?
RDP
383. A customer wants to segregate the traffic between guests on a hypervisor. Which of the following
does a technician need to configure to meet the requirement?
A. Virtual switches
384. A firewall admin is implementing a rule that directs HTTP traffic to an internal server listening on a
non-standard socket Which of the following types of rules is the admin implementing? D. SNAT
385. A technician is deploying a new switch model and would like to add it to the existing network
monitoring software. The technician wants to know what metrics can be gathered from a given switch.
Which of the following should the technician utilize for the switch?
A. MIB
386. An ITdirector is setting up new disaster and HA policies for a company. Limited downtime is critical
to operations. To meet corporate reqs, the director set up two different datacenters across the country
that will stay current on data & applications.In the event of an outage, the company can immediately
switch from one center to another. Which of the following does this BEST describe?
hot site
387. An IDS was installed behind the edge firewall after a network was breached. The network was then
breached again even though the IDS logged the attack. Which of the following should be used in place of
these devices to prevent future attacks?
C. A UTM appliance
388. The following configuration is applied to a DHCP server connected to a VPNconcentrator:
IP Address: 10.0.0.1
Subnet Mask: 255.255.255.0
Gateway: 10.0.0.254
There are 300 non-concurrent sales representatives who log in for one hour a day to upload reports, and
252 of these representatives are able to connect to the VPN without any Issues. The remaining sales
representatives cannot connect tothe VPN over the course of the day. Which of the following can be
done to resolve the issue without utilizing additional resources?
A. Decrease the lease duration
389. Which of the following systems would MOST likely be found in a screened subnet?
B. FTP
390. An ARP request is broadcasted & sends the following request. ''Who is 192.168.1.200? Tell
192.168.1.55'' At which of the following layers of the OSI model does this request operate?
Data link
391. A city has hired a new employee who needs to be able to work when traveling at home and at the
municipal sourcing of a neighboring city that shares services. The employee is issued a laptop, and a
technician needs to train the employee on the appropriate solutions for secure access to the network
from all the possible locations On which of the following solutions would the technician MOST likely
train the employee?
Site-to-site VPNs between the two city locations and client-to-site software on
the employee's laptop tor all other remote access
391. Which of the following DNS records works as an alias to another record?
B. CNAME
392. A network admin is setting up several loT devices on a new VLAN and wants to accomplish the
following * 1. Reduce manual configuration on each system * 2. Assign a specific IP address to each
system * 3. Allow devices to move to different switchports on the same VLAN Which of the following
should the network admin do to accomplish these reqs? Implement private VLANs for each device
393. A network technician is reviewing an upcoming project's requirements to implement laaS. Which of
the following should the technician consider?
D. Server hardware requirements
394. Which of the following is a system that is installed directly on a server's hardware and abstracts the
hardware from any guest machines?
A. Storage array
395. A network engineer is investigating reports of poor network performance. Upon reviewing a report,
the engineer finds that jitter at the office is greater than 10ms on the only WANconnection available.
Which of the following would be MOST affected by this statistic?
A. A VoIP call with a customer
396. A network administrator wants to improve the security of the management console on the
company's switches and ensure configuration changes made can be correlated to the administrator who
conformed them Which of the following should the network administrator implement?
C. TACACS+
397. A user tries to ping 192.168.1.100 from the command prompt on the 192.168.2.101 network but
gets the following response: U.U.U.U. Which of the following needs to be configured for these networks
to reach each other?
B. Default gateway
398. The management team needs to ensure unnecessary modifications to the corporate network are
not permitted and version control is maintained. Which of the following documents would BEST support
this? a change management policy
399. A tech is troubleshooting a network switch that seems to stop responding to requests
intermittently whenever the logging level is set for debugging. Which of the following metrics should the
technician check to begin troubleshooting the issue?
CPU utilization
400. Which of the following provides redundancy on a file server to ensure the server is still connected
to a LAN even in the event of a port failure on a switch?
NIC teaming
401. The network admin is informed that a user’s email password is frequently hacked by brute-force
programs. Which of the following policies should the admin implements to BEST mitigate this issue? 2factor authentication
Complex passwords
402. Which of the following ports is commonly used by VoIP phones?
D. 5060
403. At which of the following OSI model layers would a technician find an IP header? Layer 3
404. An engineer is configuring redundant network links between switches. Which of thefollowing
should the engineer enable to prevent network stability issues?
STP
405. A tech is connecting multiple switches to create a large network for a new office. The switches are
unmanaged Layer 2 switches with multi connections between each pair. The network is experiencing an
extreme amt of latency. Which of the following is MOST likely occurring?
broadcast storm
406. A tech is writing documentation regarding a company’s server farm. The tech needs to confirm the
server name for all Linux servers. Which of the following commands should the tech run?
nslookup
407. Which of the following routing protocols is used to exchange route information between public
autonomous systems?
B. BGP
408. Which of the following types of devices can provide content filtering and threat protection, and
manage multiple IPSec site-to-site connections?
Next-generation firewall
409. An org wants to implement a method of centrally managing logins to services. Which of the
following protocols should the org use to allow for authentication, authorization and auditing? MS-CHAP
410. A company that uses VoIP telephones is experiencing intermittent issues with one-way audio and
dropped conversations The manufacturer says the system will work if ping times are less than 50ms. The
company has recorded the following ping times:
Attenuation
411. An IT organization needs to optimize speeds for global content distribution and wants to reduce
latency in high-density user locations. Which of the following technologies BEST meets the
organization’s requirements?
Content delivery network
412. A store owner would like to have secure wireless access available for both business equipment and
patron use. Which of the following features should be configured to allow different wireless access
through the same equipment?
D. SSID
413. A network tech was troubleshooting an issue for a user who was being directed to cloned websites
that were stealing creds. The URLs were correct for the sites but an incorrect IP address was revealed
when the tech used ping on the user's PC After checking the is setting, the tech found the DNS server
address was incorrect Which of the following describes the issue?
Exhausted IP scope
414. An org with one core and five distribution switches is transitioning from a star to a full-mesh
topology Which of the following is the number of addtl network connections needed? 5
415. A network admin discovers that users in an adjacent building are connecting to the company’s
guest wireless network to download inappropriate material. Which of the following can the
administrator do to MOST easily mitigate this issue?
Reduce the wireless power levels
416. Which of the following protocol types describes secure communication on port 443?
TCP
417. A network technician is reviewing the interface counters on a router interface. The technician is
attempting to confirm a cable issue. Given the following information: Which of the following metrics
confirms there is a cabling issue?
C. CRCs
418. Which of the following TCP ports is used by the Windows OS for file sharing?
445
419. Which of the following factors should be considered when evaluating a firewall to protect a
center’s east-west traffic?
Replication traffic between an on-premises server and a remote
backup facility
420. A technician needs to configure a Linux computer for network monitoring. The technician has the
following information: Linux computer details: Switch mirror port details: After connecting the Linux
computer to the mirror port on the switch, which of the following commands should the technician run
on the Linux computer?
A. ifconfig ecth0 promisc
421. A branch of a company recently switched to a new ISP. The network engineer was given a new IP
range to assign. The ISP assigned 196.26.4.0/26, and the branch gateway router now has the following
configurations on the interface that peers to the ISP: The network engineer observes that all users have
lost Internet connectivity. What describes the issue?
The incorrect subnet mask was configured
422. A technician is troubleshooting a previously encountered issue. Which of the following should the
technician reference to find what solution was implemented to resolve the issue? SOPs
423. A network field tech is installing & configuring a wireless network. The technician performs a site
survey. Which of the following docs would MOST likely be created as a result? Heat map
424. A network administrator needs to query the NSs for a remote application. Which of the following
commands would BEST help the administrator accomplish this task?
A. dig
425. A technician is assisting a user who cannot connect to a network resource. The tech first checks for
a link light. According to t’shooting methodology, this is an ex of: questioning the obvious.
426. A systems admin is running a VoIP network & is experiencing jitter and high latency. Which of the
following would help the admin determine cause of these issues? Configuring SNMP traps on network
427. After a firewall replacement, some alarms and metrics related to network availability stopped
updating on a monitoring system relying on SNMP. Which of the following should the network admin do
FIRST?
A. Modify device's MIB on monitoring system.
428. Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs
to access network shares at the other site. Which of the following will BEST provide this functionality?
Site-to-site VPN
429. OSI model layer where convos between apps are established/coordinated/terminated? Session
430. Which of the following is required when connecting an endpoint device with an RJ45 port to a
network device with an ST port?
A. a media converter
431. The management team has instituted a 48-hour RTO as part of the disaster recovery plan. Which of
the following procedures would meet the policy's reqs?
Recover all systems within 48 hours
432. A network administrator wants to analyze attacks directed toward the company's network. Which
of the following must the network administrator implement to assist in this goal? honeypot
433. Which of the following cable types would be used to provide high-speed network? Fiber
434. A (CIO) wants to improve the availability of a company's SQL database Which of the following
technologies should be utilized to achieve maximum availability? NIC teaming
435. A technician is implementing a new wireless network to serve guests at a local office. The network
needs to provide Internet access but disallow associated stations from communicating with each other.
Which of the following would BEST accomplish this requirement?
Wireless client isolation
436. Which of the following VPN configs should be used to separate Internet and corp traffic?Splittunnel
437. A network admin is required to ensure that auditors have read-only access to the system logs,
while systems administrators have read and write access to the system logs, and operators have no
access to the system logs. The network admin has configured security groups for each of these
functional categories. Which of the following security capabilities will allow the network administrator
to maintain these permissions with the LEAST administrative effort? Role-base access
438. A local firm has hired a consulting company to clean up its IT infrastructure. The consulting
company notices remote printing is accomplished by port forwarding via publicly accessible IPs through
the firm's firewall Which of the following would be the MOST appro way to enable secure remote
printing?
SSH
439. A user recently made changes to a PC that caused it to be unable to access websites by both FQDN
and IP Local resources, such as the file server remain accessible. Which of the following settings did the
user MOST likely misconfigure?
default gateway
440. A business is using the local cable co to provide Internet access. Which of the following types of
cabling will the cable co MOST likely use from the demarcation point back to the central office? RG-6
441. A network admin is talking to vendors about acquiring tech to support a new project for a large
company. Which of the following docs will need to be signed before info is shared?
SLA
442. A tech is connecting DSL for a new customer. After installing and connecting the on-premises
equipment, the technician verifies DSL synchronization. When connecting to a workstation, however,
the link LEDs on the workstation and modem do not light up. Which of the following should the
technician perform during troubleshooting?
Replace the cable connecting the modem & the
workstation
443. Which of the following is an advanced distance vector routing protocol that automates routing
tables and also uses some features of link-state routing protocols?
EIGRP
444. A tech removes an old PC from the network and replaces it with a new PC that is unable to connect
to the LAN. Which of the following is MOST likely the cause of the issue? Port security
445. An ISP is providing Internet to a retail store and has terminated its point of connection using a
standard Cat 6 pin-out Which of me following terminations should the technician use when running a
cable from the ISP's port to the front desk?
B. TIA-56S-B
446. During the troubleshooting of an E1 line, the P2P link on the core router was accidentally
unplugged and left unconnected for several hrs. However, the management team was not notified.
Which of the following could have been configured to allow early detection and possible resolution of
the issue? Traps
447. A network tech is hired to review all the devices within a network and make recommendations to
improve network efficiency. Which of the following should the technician do FIRST before reviewing and
making any recommendations?
Capture network baseline
448. Which of the following types of connections would need to be set up to provide access from the
internal network to an external network so multiple satellite offices can communicate securely using
various ports and protocols?
Site-to-site VPN
468. A network tech recently installed 35 add’l PCs. After installation, some users are unable to access
resources. Many of the original PCs that are experiencing the network access issue were offline when
the new PCs were turned on. Which of the following is the cause of this issue? Insufficient DHCP scope
449. A new office space is being designed. The network switches are up. but no services are running yet
A network engineer plugs in a laptop configured as a DHCP client to a switch Which ol the following IP
addresses should be assigned to the laptop?
B. 169.254.1.128
450. A tech is installing the Wi-Fi infrastructure for legacy industrial machinery at a warehouse. The
equipment only supports 802.11a and 802.11b standards. Speed of transmission is the top business
requirement. Which of the following is the correct maximum speed for this scenario?
54 Mbps
451. A medical building offers WiFi in the waiting room. Which of the following security features would
be the BEST solution to provide connections & keep the data protected? Isolating the guest network
452. A company is deploying a SAN at HQ and a branch 1, 000ml away that w« access small amounts of
data. Which of the types of connections would be MOST cost effective to implement? ISCSI
453. Which of the following is a valid and cost-effective solution to connect a fiber cable into a network
switch without available SFP ports?
A. Use a media converter & a UTP cable
454. A network technician needs to install security updates on several switches on company's network.
The management team wants this completed as quickly and efficiently as possible. Which of the
following should the technician do to perform the updates?
B. Configure TFTP server
455. A network tech is troubleshooting a new erver connectivity issue. The network tech discovers the
following on the support ticket
The server's IP address can be pinged from the client PCs,
• Access to the web resource works correctly when on the server's console.
• No clients can access the servers data via URL.
• The server does not have a firewall configured
• All services on the server are operating normally Which of the following actions will resolve the issue?
Configure A records for the web server
456. An admin would like to allow Windows clients from outside office to access PCs without using 3rdparty software. What access methods would meet this req?Remote desktop gateway
457. A tech is assisting a user who cannot connect to a website. The tech attempts to ping the default
gateway and DNS server of the PC. According to troubleshooting methodology, this is an example of:
bottom-up approach
458. Which of the following needs to be tested to achieve a Cat 6a certification for a company's data
cawing?
D. F-type connector
459. Users in a branch can access an ln-house server, but II is taking too long to fetch records. The
analyst does not know whether the Issue is being caused by network latency. Which of the following will
the analyst MOST likely use to retrieve the metrics that are needed to resolve this issue?
SNMP
460. A network technician receives a support ticket about an employee who has misplaced a companyowned cell phone that contains private company information. Which of the following actions should the
network technician take to prevent data loss? D. Execute remote wipe
461. A Wi-Fi network was originally configured to be able to handle interference from a microwave
oven. The microwave oven was recently removed from the office. Now the network administrator wants
to optimize the system to maximize the range of the signal. The main sources of signal degradation are
the numerous cubicles and wooden walls between the WAP and the intended destination. Which of the
following actions should the administrator take?
Change frequency
462. An admin needs to connect two laptops directly to each other using 802.11ac but does not have an
AP available. Which of the following describes this config?
Independent basic service set
463. A company wants to add a local redundant data center to its network in case of failure at its
primary location. Which of the following would give the LEAST redundancy for the company's network?
Cold site
464. A tech is troubleshooting a client's report about poor wireless performance. Using a client monitor,
the tech notes the following info: Which of the following is MOST likely the cause of the issue?
Channel overlap
465. After HVAC failures caused network outages, the support team decides to monitor the temps of all
the devices. The network administrator cannot find a command that will display this information. Which
of the following will retrieve the necessary information?
SNMP OID values
466. Which of following allows for devices within a network to share highly reliable time source? A. NTP
467. A company wants to invest in new hardware for the core network infrastructure. The management
team requires that the infrastructure be capable of being repaired in less than 60 min if any major part
fails. Which of the following metrics is MOST likely associated with this req?
MTTR
468. Which of the following options represents the participating computers in a network?
A. Nodes
469. Users are reporting intermittent Wi-Fi connectivity in specific parts of a bldg. Which of the
following should the network admin check FIRST when troubleshooting this issue? Site survey & AP
placement
470. An admin is attempting to add a new system to monitoring but is unsuccessful. The admin notices
the system is similar to another one on the network; however, the new one has an updated OS version.
Which of the following should the admin consider updating? Management information bases
471. A company is reviewing ways to cut the overall cost of Its IT budget. A network tech suggests
removing various computer programs from the IT budget and only providing these programs on an asneeded basis. Which of the following models would meet this requirement?
SaaS
472. A network tech receives a report from the server team that a server's network connection is not
working correctly. The tech checks the switchport connected to the server and reviews the following
data; Which of the following should the network tech perform to correct the issue?Replace the Cat5
patch cable with a Cat6 cable
473. A user in a branch office reports that access to all files has been lost after receiving a new PC. All
other users in the branch can access fileshares. The IT engineer who is troubleshooting this incident is
able to ping the workstation from the branch router, but the machine cannot ping the router. Which of
the following is MOST likely the cause of the incident?
A. Incorrect subnet mask
474. An IT tech successfully connects to the corporate wireless network at a hank. While performing
some tests, the tech observes that the physical address of the DHCp server has changed even though
the network connection has not been lost. What would BEST explain this change?
Rogue server
475. Which of the following is a req when certifying a network cabling as Cat 7?
Ensure the termination standard is TIA-EIA-568-A
476. Due to space constraints in an IDF, a network administrator can only a do a single switch to
accommodate three data networks. The admin needs a configuration that will allow each device to
access its expected network without additional connections. The configuration must also allow each
device to access the rest of the network. Which of the following should the administrator do to meet
these requirements? Untag the three VLANs across the uplink, Untag an individual VLAN per device port
477. ARP spoofing would normally be a part of:
A. an on-path attack
478. Which of the following protocols is widely used in large-scale enterprise networks to support
complex networks with multiple routers and balance traffic load on multiple links?
A. OSPF
479. A network admin needs to run a single command-line tool capable of displaying routing table and
multicast memberships. Which of the following would BEST help the admin achieve the reqs? ARP
480. Which of the following architectures is used for FTP?
A. Client-server
481. A user reports that a new VoIP phone works properly but the computer that is connected to the
phone cannot access any network resources. Which of the following MOST Likely needs to be configured
correctly to provide network connectivity to the computer?
D. VLAN tags
482. A network tech is troubleshooting an area where the wireless connection to devices is poor. The
technician theorizes that the signal-to-noise ratio in the area is causing the issue. Which of the following
should the tech do NEXT?
D. Remove electronics that are causing interference
483. Which of the following describes traffic going in & out of data center from internet? B. North-south
484. A network technician is planning a network scope. The web server needs to be within 12.31 69.1 to
12.31.69.29. Which of the following would meet this requirement?
A. Lease time
485. A company needs to virtualize a replica of its internal physical network without changing the logical
topology and the current setup. Which of the following technologies meets this requirement? A. NFV
486. Which of the following describes the ability of a corporate IT department to expand its cloudhosted VM environment with minimal effort? Scalability
487. A network admin is troubleshooting an issue with a new Internet connection. The ISP is asking
detailed questions about the config of the router that the network admin is troubleshooting. Which of
the following commands is the network admin using? show config, show route
488. A network administrator is adding a new switch to the network. Which of the following network
hardening techniques would be BEST to use once the switch is in production? A. Disable unneeded ports
489. At which of the following OSI model layers does an IMAP client run?
D. Layer 7
490. A network engineer receives the following when connecting to a switch to configure a port:
d. the switchport the engineer is trying to configure is down
491. A network admin is troubleshooting the comm between two Layer 2 switches that are reporting a
very high runt count. After trying multiple ports on both switches, the issue persists. Which of the
following should the network admin perform to resolve the issue? increase MTU size on both switches
492. Users within a corporate network need to connect to the Internet, but corporate network policy
does not allow direct connections. Which of the following is MOST likely to be used? proxy server
493. Two users on a LAN establish a video call. Which of the following OSI model layers ensures the
initiation coordination, and termination of the call?
Session
494. A network admin would like to purchase a device that provides access ports to endpoints ability to
route between networks. What would be BEST for the admin to purchase?Layer 3 switch
495. A tech is concerned that a client's cable issues may be causing intermittent connectivity. Which of
the following would help the tech determine the issue?run the show interface command on the switch
496. Which of the following would be the BEST way to connect branches to a main office?VPN headend
497. A network admin is investigating a performance issue on a dual-link connection—VPN and MPLS—
to a partner network. The MPLS is the primary path, and the VPN is used as a backup. While
communicating, the delay is measured at 18ms, which is higher than expected when the link is
operational but lower than expected the VPN connection. Which of the following will point to root cause
of the Issue? checking the routing tables on both sides to ensure there is no asymmetric routing
498. A company is moving to a new building designed with a guest waiting area that has existing
network ports. What would BEST secure the network?disable unneeded switchports in the area
499. A tech is troubleshooting reports that a networked printer is unavailable. The printer's IP address is
configured with a DHCP reservation, but the address cannot be pinged from the print server in the same
subnet. Which of the following is MOST likely the cause of me connectivity failure?
incorrect gateway
500. The first 244 loT sensors were able to connect to the TFTP server, download the configuration file,
and register to an loT management system. The other sensors are being shown as offline. Which of the
following should be performed to determine the MOST likely cause of the partial deployment of the
sensors?
check the dhcp network scope
501. An admin notices that after contact with several switches in an MDF they failed due to discharge.
Which sensors should the admin deploy to monitor static electricity conditions in the MDF? humidity
502. A technician is consolidating a topology with multiple SSlDs into one unique SSiD deployment.
Which of the following features will be possible after this new configuration?
A. seamless roaming
503. An ISP is unable to provide services to a user in a remote area through cable and DSL. Which of the
following is the best solution to provide services without adding infrastructure?
satellite
504. A network admin wants to check all network connections and see the output in integer form.
Which of the following commands should the admin run on the command line?
netstat
505. An engineer needs to verify the external record for SMTP traffic. The engineer logged in to the
server and entered the nslookup command. Which of the following commands should the engineer send
before entering the DNS name?
d. set querytype=Mx
506. A tech discovered that some information on the local database server was changed during a tile
transfer to a remote server. Which of the following should concern the tech the MOST? integrity
507. A Fortune 500 firm is deciding On the kind or data center equipment to install given its five-year
budget Outlook. The Chief Information comparing equipment based on the life expectancy Of different
models. Which Of the following concepts BEST represents this metric?
A. MTBF
508. During an annual review of policy documents, a company decided to adjust its recovery time
frames. The company agreed that critical applications can be down for no more than six hours, and the
acceptable amount of data loss is no more than two hours. Which of the following should be
documented as the RPO?
A. two hours
509. An attacker targeting a large company was able to inject malicious A records into internal name
resolution servers. Which of the following attack types was MOST likely used?
A. DNS poisoning
510. A network engineer is monitoring a fiber uplink to a remote office and notes the uplink has been
operating at 100% capacity for a long duration. Which of the following performance metrics is MOST
likely to be impacted with sustained link saturation?
A. Latency
511. Several employees have expressed concerns about the company monitoring their internet activity
when they are working from home. The company wants to mitigate this issue and reassure employees
that their private internet activity is not being monitored. Which of the following would satisfy company
and employee needs?
A. Split tunnel
512. Which of the following issues are present with RIPv2? Time to converge, scalability
513. A Network engineer is investigating issues on a Layer 2 Switch. The department typically snares a
Switchport during meetings for presentations, but atter the first user Shares, no Other users can
connect. Which Of the following is MOST likely related to this issue?
Port security is configured on
the switch
514. Which of the following describes the BEST device to configure as a DHCP relay?
B. Router
515. A network administrator is decommissioning a server. Which of the following will the network
administrator MOST likely consult?
D. change management documentation
516. A client utilizes mobile tablets to view high-resolution images and videos via Wi-Fi within a
corporate office building. The previous administrator installed multiple high-density APs with Wi-Fi 5,
providing maximum coverage, but the measured performance is still below expected levels. Which of
the following would provide the BEST solution?
D. directional antenna
517. Which would enable a network tech to implement dynamic routing? layer 3 switch
518. A network tech is troubleshooting an application issue. The technician is able to recreate the issue
in a virtual environment. According to the troubleshooting methodology, which of the following actions
will the technician most likely perform NEXT? Establish a theory of probable cause
519. A desktop support dept has observed slow wireless speeds for a new line of laptops using the org's
standard image. No other devices have experienced the same issue. Which of the following should the
network admin recom troubleshooting 1st to resolve this issue? updating the device wireless drivers
520. Which of the following bandwidth management techniques uses buffers at the client side to
prevent TCP retransmissions from occurring when the ISP starts to drop packets of specific types that
exceed the agreed traffic rate?
D. traffic prioritization
521. AGRE tunnel has been configured between two remote sites. Which of the following features,
when configured, ensures me GRE overhead does not affect payload? jumbo frames
522. A coffee shop owner hired a network consultant to provide recommendations for installing a new
wireless network. The coffee shop customers expect high speeds even when the network is congested.
Which of the following standards should the consultant recommend?
B. 802.11ax
523. An administrator is setting up a multicast server on a network, but the firewall seems to be
dropping the traffic. After logging in to the device, me administrator sees me following entries: Which
of the following firewall rules is MOST likely causing the issue? Rule 1
524. A network admin installed an additional IDF during a building expansion project. Which of the
following docs need to be updated to reflect the change? BYOD policy, Physical network diagram
525. A user from a remote office is reporting slow file transfers. Which of the following tools will an
engineer MOST likely use to get detailed measurement data?
B. IPerf
526. A tech was cleaning a storage closet and found a box of transceivers labeled 8Gbps. Which of the
following protocols uses those transceivers?
Fiber channel
527. Which of the following can be used to store various types of devices and provide contactless
delivery to users?
Access control vestibules
528. A false camera is installed outside a building to assist with physical security. Which of the following
is the device assisting?
Detection
529. A network technician was hired to harden the security of a network. The technician is required to
enable encryption and create a password for AP security through the web browser. Which of the
following would BEST support these requirements?
B. WPA2
530. A tech installed an 8-port switch in a user's office. The user needs to add a 2nd computer in the
office, so the tech connects both PCs to the switch & connects the switch to the wall jack. However, the
new PC cannot connect to resources. The tech then observes the following:
• The new computer does not get an IP address on the client's VLAN.
• Both computers have a link light on their NICs.
• The existing computer operates normally.
• The new PC appears to be operating normally except for the network issue.
Which of the following should the tech do NEXT to address the situation?
Contact the network team to resolve the port security issue
531. A network is experiencing extreme latency when accessing a particular website. Which of the
following commands will BEST help identify the issue? tracert
532. Which of the following protocols can be used to change device configs via encrypted and
authenticated sessions?
SSH, IPSec
533. Which of the following would be increased by adding encryption to data communication across the
network?
D. Confidentiality
534. A technician wants to monitor and provide traffic segmentation across the network. The technician
would like to assign each department a specific identifier. Which of the following will the technician
MOST likely use?
C. VLAN tagging
535. Which of the following can be used to validate domain ownership by verifying the presence of preagreed content contained in a DNS record?
D. TXT
536. While walking from the parking lot access-controlled door an employee sees an authorized user
open the door. Then the employee notices that another person catches the door before It closes and
goes inside Which of the following attacks Is taking place?
tailgating
537. Which of the following layers of the OSI model receives data from the application layer and
converts it into syntax that is readable by other devices on the network?
C. Layer 6
538. A large metro city is looking to standardize the ability for police department laptops to connect to
the city govt's VPN The city would like a wireless solution that provides the largest coverage across the
city with a min # of transmission towers Latency and overall bandwidth needs are not high priorities.
Which of the following would BEST meet the city's needs?
B. LTE
539. A network technician is attempting to increase throughput by configuring link port aggregation
between a Gigabit Ethernet distribution switch and a Fast Ethernet access switch. Which of the following
is the BEST choice concerning speed and duplex for all interfaces that are participating in the link
aggregation?
B. Full duplex and 1GB speed
540. A company rents a large event space and includes wireless internet access for each tenant. Tenants
reserve a 2-hour window from the company each week, which includes a tenant-specific SSID However,
all users share the company's network hardware. The support team is receiving complaints from tenants
that some users are unable to connect to the wireless network Upon investigation, the support teams
discovers a pattern indicating that after a tenant with a particularly large attendance ends its sessions,
tenants throughout the day are unable to connect. Which of the following actions would MOST likely
reduce this Issue? Change the DHCP scope end to 10.1.10.250, Reduce DHCP lease time to four hours.
541. A network tech reviews an entry on the syslog server and discovers the following message from a
switch: SPANNING-TREE Port 1/1 BLOCKED
Which of the following describes the issue?
A loop was discovered and the impact was mitigated
542. An org is interested in purchasing a backup solution that supports the org's goals. What concept
would specify the max duration that a given service can be down before impacting ops? MTTR
543. Switch 3 was recently added lo an existing stack to extend connectivity to various parts of the
network. After the update, new employees were not able to print to the main networked copiers from
then workstations. Following are the port configurations for the switch stack in question:
Enable the printer ports on Switch 3; Reconfigure me VLAN on the printer ports on Switch 3.
544. A network administrator is planning a WLAN for a soccer stadium and was advised to use MUMIMO to improve connection performance in high-density areas. The project requires compatibility with
clients connecting using 2.4GHz or 5GHz frequencies. Which of the following would be the BEST wireless
standard for this project?
B. 802.11ax
545. A WAN technician reviews activity and identifies newly installed hardware that is causing outages
over an 8-hour period. Which of the following should be considered FIRST? Device configuration
review
546. An engineer needs to restrict the database servers that are in the same subnet from
communicating with each other. The database servers will still need to communicate with the
application servers in a different subnet. In some cases, the database servers will be clustered, and the
servers will need to communicate with other cluster members. Which of the following technologies will
be BEST to use to implement this filtering without creating rules?
A. Private VLANs
547. A network engineer is investigating reports of poor network performance. Upon reviewing a report,
the engineer finds hundreds of CRC errors on an interface. Which of the following is the MOST likely
cause of these errors? A bad wire on the Cat5e cable
548. A network mgr is configuring switches in IDFs to ensure unauthorized client computers are not
connecting to secure network. What is the mgr MOST likely performing? Configuring DHCP snooping
549. The lack of a formal process to grant network permissions to different profiles of employees and
contractors is leading to an increasing number of security incidents Non-uniform and overly permissive
network accesses are being granted. Which of the following would be the MOST appropriate method to
improve the security of the environment?
D. Implement role-based access control
550. An admin wants to increase the availability of a server that is connected to the office network.
Which of the following allows for multiple NICs to share a single IP address and offers maximum
performance while providing fault tolerance in the event of a NIC failure? A. Multipathing
551. A tech is monitoring a network interface and notices the device is dropping packets. The cable and
interfaces are in working order. Which of the following is MOST likely the cause?
CPU usage
552. A technician is configuring a wireless network and needs to ensure users agree to an AUP before
connecting. Which of the following should be implemented to achieve this goal?
A. Captive portal
553. Which of the following is the MOST appropriate use case for the deployment of a clientless VPN?
A. Secure web access to internal corporate resources
554. While setting up a new workstation, a technician discovers that the network connection is only 100
full duplex (FD), although it is connected to a gigabit switch. While reviewing the interface information in
the switch CLI, the technician notes the port is operating at IOOFD but Shows many RX and TX errors.
The technician moves the computer to another switchport and experiences the same issues. Which of
the following is MOST likely the cause of the low data rate and port errors?
B. Duplex issues
555. A network administrator views a network pcap and sees a packet containing the following. Which
of the following are the BEST ways for the administrator to secure this type of traffic? (Select TWO).
Set a private community siring, Use SNMPv3
556. A network device needs to discover a server that can provide it with an IPv4 address. Which of the
following does the device need to send the request to? Broadcast address
557. A new global ISP needs to connect from central offices in North America to the United Kingdom.
Which of the following would be the BEST cabling solution for this project?
A. Single-mode
558. A technician is investigating packet loss to a device that has varying data bursts throughout the day.
Which of the following will the technician MOST likely configure to resolve the issue?
A. Flow control
559. Branch users are experiencing issues with videoconferencing. Which of the following will the
company MOST likely configure to improve performance for these applications?
C. Quality of service
560. An IT director is setting up new disaster and HA policies for a company. Limited downtime is critical
to operations. To meet corporate reqs, the director set up two different datacenters across the country
that will stay current on data and applications. In the event of an outage, the company can immediately
switch from one to another. Which of the following does this BEST describe? hot site
561. A network administrator is configuring a load balancer for two systems. Which of the following
must the administrator configure to ensure connectivity during a failover?
A. VIP
562. To comply with industry reqs, a security assessment on the cloud server should identify which
protocols and weaknesses are being exposed to attackers on the Internet. Which of the following tools
is the MOST appropriate to complete the assessment?Use nmap & set the servers’ public Ips as the
targets
563. A network administrator is reviewing interface errors on a switch. Which of the following indicates
that a switchport is receiving packets in excess of the configured MTU?
GIANTS
564. A network admin decided to use SLAAC in an extensive IPv6 deployment to alleviate IP address
mgnt. The devices were properly connected into the LAN but autoconfig of the IP address did not occur
as expected. What should the network admin verify?the network gateway is config’ed to send router
ads
565. A systems administrator is configuring a firewall using NAT with PAT. Which of the following would
be BEST suited for the LAN interface?
C. 172.23.0.0/16
566. A rogue AP was found plugged in and providing Internet access to employees in the break room.
Which of the following would be BEST to use to stop this from happening without physically removing
the WAP?
Port security
567. What technology allows traffic to be sent through two different ISPs to increase performance?
Fault tolerance
568. At the destination host, what OSI model layer will discard a segment with a bad checksum in the
UDP header? Transport
569. A network tech is investigating an issue with handheld devices in a warehouse. Devices have not
been connecting to the nearest APs, but they have been connecting to an AP on the far side of the
warehouse. What is the MOST likely cause of this issue? The nearest Aps are configured for 802.11g
570. A company requires a disaster recovery site to have equipment ready to go in the event of a
disaster at its main datacenter. The company does not have the budget to mirror all the live data to the
disaster recovery site. Which of the following concepts should the company select?
Warm site
571. Which of the following uses the destination IP address to forward packets? Router
572. A user is having difficulty with video conferencing and is looking for assistance. Which of the
following would BEST improve performance?Quality of service
573. A voice engineer is troubleshooting a phone issue. When a call is placed, the caller hears echoes of
the receiver's voice. Which are the causes of this issue? Jitter, QoS misconfiguration
574. A network tech is configuring a new firewall for a company with the necessary access reqs to be
allowed through the firewall. What would normally be applied as the LAST rule in firewall?Implicit deny
575. Which of the following would be used to expedite MX record updates to authoritative NSs?
D. Time to live
576. A client moving into a new office wants the IP network set up to accommodate 412 network
devices that are all on the same subnet. The subnet needs to be as small as possible. Which of the
following subnet masks should be used to achieve the required result?
255.255.254.0
577. A packet is assigned a value to ensure it does not traverse a network indefinitely. Which of the
following BEST represents this value?
C. Time to live
578. Which of the following attacks is this MOST likely an example of?
A. ARP poisoning
579. Which of the following attacks encrypts user data and requires a proper backup implementation to
recover?
C. Ransomware
580. Which of the following services can provide data storage, hardware options, and scalability to a
third-party company that cannot afford new devices?
B. IaaS
581. Which of the following is used to provide networking capability for VMs at Layer 2 of the OSI
model?
vSwitch
582. An IT tech suspects a break in one of the uplinks that provides connectivity to the core switch.
Which of the following command-line tools should the tech use to determine where the incident is
occurring?
show interface
583. Which of the following compromises internet-connected devices and makes them vulnerable to
becoming part of a botnet?
Malware infection, dictionary attack
584. A company is utilizing MFA for data center access. Which of the following is the MOST effective
security mechanism against physical intrusions due to stolen credentials?
Access control vestibule
585. A network tech needs to ensure the company's external mail server can pass reverse lookup
checks. Which of the following records would the tech MOST likely configure? PTR – pointer record
586. Which of the following BEST describes a North-South traffic flow?
d. management application connecting to managed devices
587. A network admin Is looking at switch features and is unsure whether to purchase a model with PoE
Which of the following devices that commonly utilize PoE should the admin consider? VoIP phones,
cams
588. Which of the following topologies requires MOST connections when designing a network?
Mesh
589. When accessing corporate network resources, users are required to authenticate to each
application they try to access. Which of the following concepts does this BEST represent?
Zero trust
590. During a recent security audit, a contracted penetration tester discovered the organization uses a
number of insecure protocols. Which of the following ports should be disallowed so only encrypted
protocols are allowed?
23, 69
591. The power company notifies a network admin that it will be turning off the power to the building
over the weekend. What is the BEST solution to prevent the servers from going down?Redundant PSUs
592. An international company is transferring its IT assets including a number of WAPs from the United
States to an office in Europe for deployment. Which of the following considerations should the company
research before Implementing the wireless hardware? B. regulatory impacts
593. After a critical power issue, the network team was not receiving UPS status notifications. The
network team would like to be alerted on these status changes. Which of the following would be BEST
to use tor these notifications?
A. traps
594. A company streams video to multiple devices across a campus. When this happens, several users
report a degradation of network performance. Which of the following would MOST likely address this
issue?
A. enable IGMP snooping on the switches
595. Users are reporting poor wireless performance in some areas of an industrial plant The wireless
controller is measuring a tow EIRP value compared to me recommendations noted on me most recent
site survey. Which of the following should be verified or replaced for the EIRP value to meet the site
survey's specifications?
AP transmit power, AP association time
596. Which of the following will reduce routing table lookups by performing packet forwarding decisions
independently of the network layer header?
A. MPLS
597. Users in a branch can access an ln-house database server, but II is taking too long to fetch records.
The analyst does not know whether the Issue is being caused by network latency. Which of the following
will the analyst MOST likely use to retrieve the metrics that are needed to resolve this issue? A. SNMP
598. A network engineer needs to reduce the overhead of file transfers. Which of the following
configuration changes would accomplish that goal?
A Link aggregation
599. A newly installed VoIP phone is not getting the IP address it needs to connect to the phone system.
Which of the following tasks needs to be completed to allow the phone to operate correctly?
A. Assign the phone’s switchport to the correct VLAN
600. An admin would like to have two servers at different geo locations provide fault tolerance and high
performance while appearing as one URL to users. Which of the following should the admin implement?
Load balancing
601. All packets arriving at an interface need to be fully analyzed. Which of the following features should
be used to enable monitoring of the packets?
C. port mirroring
602. A operator is granted access to a monitoring app, configuration app, and timekeeping app. The
operator is denied access to the financial and project management app by the system's security config.
Which of the following BEST describes the security principle in use?
eparation of duties
603. Which of the following ports should be used to securely receive mail that is synchronized across
multiple devices?
D. 993
604. A computer engineer needs to ensure that only a specific PC can connect to port 1 on a switch.
Which of the following features should the engineer configure on the switch interface? port security
605. A network tech troubleshooting a specific port on a switch. Which of the following commands
should the technician use to see the port configuration?
show interface
606. Which of the following describes when an active exploit is used to gain access to a network?
Penetration test
607. A network admin is investigating a network event that is causing all communication to stop. The
network admin is unable to use SSH to connect to the switch but is able to gain access using the serial
console port. While monitoring port statistics, the admin sees the following:
high collisions
608. Which of the following is used to elect an STP root?
Bridge protocol data unit
609. A company is considering shifting its business to the cloud. The management team is concerned at
the availability of the third-party cloud service. Which of the following should the management team
consult to determine the promised availability of the cloud provider?
service level agreement
610. Which of the following connectors and terminations are required to make a Cat 6 cable that
connects from a PC to a non-capable MDIX switch?
T1A-568-A, T1A-568, RJ-45
611. To access production apps and data, developers must first connect remotely to a different server
From there, the developers are able to access production data What does this BEST represent?jump box
612. technician is connecting a Cat 6 Ethernet cable to a device mat only has LC poos. Which of the
following win the technician MOST likely use to accomplish this task?
A media converter
613. A network tech is having issues connecting an loT sensor to the internet The WLAN settings were
enabled via a custom command line, and a proper IP address assignment was received on the wireless
interlace. However, when trying to connect to the internet, only HTTP redirections are being received
when data Is requested. Which of the following will point to the root cause of the Issue? C. verifying
the minimum RSSI for operation in the device’s documentation
614. Which of the following types of datacenter architectures will MOST likely be used in a large SDN
and can be extended beyond the datacenter? three-tiered network, spine & leaf
615. Which of the following must be functioning properly in order for a network admin to create an
accurate timeline during a troubleshooting process?
A. NTP
616. A corporate client is experiencing global system outages. The IT team has identified multiple
potential underlying causes throughout the enterprise Each team member has been assigned an area to
trouble shoot. Which of the following approaches is being used?
Divide-and-conquer
617. A technician is configuring a static IP address on a new device in a newly created subnet. The work
order specifies the following reqs:
The IP address should use the highest address available.
• The default gateway needs to be set to 172.28.85.94. The subnet mask needs to be
255.255.255.224.
Which of the following addresses should the engineer apply to the device?
172.28.85.93
618. new student is given creds to log on to the campus Wi-Fi. The student stores the password in a
laptop and is able to connect; however, the student is not able to connect with a phone when only a
short distance from the laptop. Given the following information:..causing this connection failure?
incorrect passphrase
619. A company has multiple offices around the world. The computer rooms in some office locations are
too warm Dedicated sensors are in each room, but the process of checking each sensor takes a long
time. Which of the following options can the company put In place to automate temperature readings
with internal resources?
Use SNMP with an existing collector server
620. What is conducted frequently to maintain updated list of a system's weaknesses?Vulnerability scan
621. A network client is trying to connect to the wrong TCP port. Which of the following responses
would the client MOST likely receive?
RST
622. Troubleshooting process, the admin performs a traceout from the client to the server, and also
from the server to the client. While comparing the outputs, the admin notes they show different hops
between the hosts. Which of the following BEST explains these findings?
switch loop
623. A tech notices that equipment is being moved around/misplaced in the server room, even though
the room is locked. What would be the BEST solution to identify who is responsible?Install cameras
624. A network attack caused a network outage by wiping the configuration and logs of the border
firewall. Which of the following sources, in an investigation to determine how the firewall was
compromised, can provide the MOST detailed data?
Syslog server messages
625. network admin is setting up a new phone system and needs to define the location where VoIP
phones can download configuration files. Which of the following DHCP services can be used to
accomplish this task?
scope options
626. A network admin is installing a new server in the data center. The admin is concerned the amount
of traffic generated will exceed 1GB. and higher throughput NiCs are not available for installation. Which
of the following is the BEST solution for this issue?
Install an additional NIC and configure LACP
627. A company just migrated its email service to a cloud solution. After the migration, two-thirds of the
internal users were able to connect to their mailboxes, but the connection fails for the other one-third
of internal users. Users working externally are not reporting any issues. The network administrator
identifies the following output collected from an internal host:
c:\user> nslookup newmail.company.com
Non-Authoritative answer:
Name: newmail.company.com
IPs: 3.219.13.186, 64.58.225.184, 184.168.131.243
Which of the following verification tasks should the network admin perform NEXT?
Check the firewall ACL to verify all required IP addresses are included
628. An auditor assessing network best practices was able to connect a rogue switch into a network Jack
and get network connectivity. Which of the following controls would BEST address this risk?
Activate port security on the switchports providing end user access
629. A network admin installed a new VoIP network. Users are now experiencing poor call quality when
making calls. What should the admin do to increase VoIP performance?Configure a voice VLAN
630. Which of the following OSI model layers is where a tech would view UDP information?
Transport
632. Which of the following OSI model layers contains IP headers?
Network
633. A tech is investigating an issue with connectivity at customer's location. The tech confirms that
users can access resources locally only. The tech theorizes that the local router has failed and
investigates further. The tech's testing results show that the route is functional: however, users still are
unable to reach resources on the internal. What should the tech should do NEXT? Identify the symptoms
634. An engineer recently decided to upgrade the firmware on a router. During the upgrade, the help
desk received calls about a network outage. The network manager would like to create a policy to
prevent this from happening in the future. What documents should the manager create?
change
mgnt
635. During a risk assessment which of the following should be considered when planning to mitigate
high CPU utilization of a firewall?
load balancing
636. An IT officer is installing a new WAP. Which of the following must the officer change to connect
users securely to the WAP?
AES encryption
637. Which of the following provides guidance to an employee about restricting non-business access to
the company's video conferencing solution?
Acceptable use policy
638. Which of the following would be to install to find/block any malicious users within a network? IPS
639. Which of the following would be the MOST cost-effective recovery solution for a company's lowerpriority applications?
C. Hot site
640. network admin responds to a support ticket that was submitted by a customer who is having issues
connecting to a website inside of the company network The admin verifies that the customer could not
connect to a website using a URL Which of the following troubleshooting steps would be BEST for the
admin to take?
Attempt to connect to the site via IP address
641. Which of the following BEST describes a spirt-tunnel client-to-server VPN connection?
The client sends some network traffic down the VPN tunnel and other traffic to the local gateway.
642. A security engineer is installing a new IDS on the network. The engineer has asked a network admin
to ensure all traffic entering and leaving the router interface is available for the IDS. Which of the
following should the network admin do?
Install a network tap for the IDS
643. A client who shares office space and an IT closet with another company recently reported
connectivity issues throughout the network. Multiple third-party vendors regularly perform on-site
maintenance in the shared IT closet. Which of the following security techniques would BEST secure the
physical networking equipment?
Disabling unneeded switchports
644. A network administrator needs to provide evidence to confirm that recent network outages were
caused by increased traffic generated by a recently released application. Which of the following actions
will BEST support the administrator's response?
C. collect the router’s NetFlow data
645. An admin is investigating reports of network slowness in a building. While looking at the uplink
interface statistics In the switch's CLI, the admin discovers the uplink Is at 100% utilization However, the
admin is unsure how to ID what traffic is causing the saturation. Which of the following tools should the
admin utilize to identify the source and destination addresses of the traffic?
NetFlow
646. A network engineer locates an unapproved AP connected to the corporate LAN that is broadcasting
a hidden SSID, providing unauthenticated access to internal resources. Which of the following types of
attacks BEST describes this finding?
Rogue access point
647. A small office is running WiFi 4 APs, and neighboring offices do not want to increase the throughput
to associated devices. Which of the following is the MOST cost-efficient way for the office to increase
network performance?
Enable channel bonding
648. A tech needs to configure a routing protocol for an internet-facing edge router. Which of the
following routing protocols will the tech MOST likely use?
A BGP
649. A tech knows the MAC address of a device and is attempting to find the device's IP address. Which
of the following should the tech look at to find the IP address?
DHCP leases, MAC address
table
650. A network tech receives a report about a performance issue on a client PC that is connected to port
1/3 on a network switch. The tech observes the following configuration output from the switch: Speed
651. Which of the following is used to provide disaster recovery capabilities to spin up an critical devices
using internet resources?
Cloud site
652. An IT admin received an assignment with the following objectives
• Conduct a total scan within the company's network tor all connected hosts
• Detect all the types of operating systems running on all devices
• Discover all services offered by hosts on the network
• Find open ports and detect security risks.
Which of the following command-line tools can be used to achieve these objectives?
nmap
653. Which of the following records can be used to track the number of changes on a DNS zone?
SOA
654. A network admin is designing a wireless network. The admin must ensure a rented office space has
a sufficient signal. Reducing exposure to the wireless network is important. Which of the following
would MOST likely facilitate the correct accessibility to the Wi-Fi network?
Channel utilization
655. Which of the following is the MOST cost-effective alternative that provides proper cabling and
supports gigabit Ethernet devices?
Twisted cable with a minimum Cat 5e cert
656. An employee reports to a network administrator that internet access is not working. Which of the
following should the administrator do FIRST? determine if anything has changed
657. Due to a surge in business, a company is onboarding an unusually high number of salespeople. The
salespeople are assigned desktops that are wired to the network. The last few salespeople to be
onboarded are able to access corporate materials on the network but not sales-specific resources.
Which of the following is MOST likely the cause? Recently added users were assigned to the wrong VLAN