A network technician is working on a way to set up a new branch office securely. The network manager confirms the company does not have any plans to expand to any other new sites and wants to implement the most cost-effective solution. Which of the following would be the BEST type of VPN to implement? Client-to-site VPN DMVPN Site-to-site VPN MPLS VPN.
A network administrator has noticed many systems on the network have traffic that is anomalous and may be part of a botnet. The administrator wants to implement an access control method that requires a computer to have antivirus software installed before being granted network access. Which of the following should the administrator deploy? 802.1X Captive portal Port security NAC.
A network technician is reviewing the following output from a router:
Which of the following is this an example of? A vulnerability scan A port scan A traffic log A packet capture.
A user claims to have no Internet access but can access local resources. A technician determines the issue is with a configuration because a ping to a working public website shows a response that starts with:
Ping request could not find host
Which of the following is the MOST likely misconfiguration? Incorrect netmask DNS DHCP SSL certificate.
A network engineer wants to implement a technology that allows for an all-in-one approach to incoming and outgoing traffic from the Internet. This device should be able to filter content and scan for malicious information in each packet. Which of the following types of devices would be necessary? UTM appliance IDS appliance Proxy server RADIUS server.
Which of the following technologies allows network traffic to come into the network on a certain port and go to a destination server with a different port? Spanning port Port forwarding Port mirroring Port tagging.
An attacker has inserted a hub into a trunk link on the local network in an attempt to access the management subnet to attack the networking devices. Which of the following attacks can be used on a trunk link to provide access to the management subnet? Brute force VLAN hopping Evil twin DNS poisoning.
A developer has asked a network engineer for a small network segment of five computers connected via a Layer 1 device, configured in a star topology, and segregated from the corporate network. Which of the following would BEST fulfill the developer’s request? Connect the five PCs to a hub that is not connected to the corporate network. Connect the five PCs to a switching router and assign the PCs to a separate VLAN. Connect the five PCs to a hardware firewall that is connected to the router. Connect the five PCs to a switch and configure the ports with implicit deny ACLs for outbound traffic.
A network engineer wants to change how employees authenticate to the wireless network. Rather than providing a pre-shared key, the engineer wants employees to be able to authenticate with the same unique company user ID and password they use for accessing other services, such as email and document sharing. The engineer also wants to receive daily reports of login attempts on the wireless network. Which of the following should be installed to achieve this goal? LDAP server UTM appliance Multilayer switch AAA/RADIUS server.
Which of the following provides information about how often some devices fail so the IT department can take proactive measures? MTBF MTTR SLA UPS.
Which of the following additional capabilities does a next generation firewall provide beyond a standard network firewall? (Choose two.) Application control User identification Network address translation Virtual private networking High availability Access control rules.
First thing on Monday morning, after a maintenance weekend, the help desk receives many calls that no one can access the Internet. Which of the following types of documentation should the on-call network administrator consult FIRST? Firewall configuration documentation Change management documentation Network performance baseline Logical diagram.
A network team at a large company has received funding for a WiFi refresh. One of the requirements in the RFP is the new WLAN infrastructure must provide APs that support multiple streams of information at the same time. For which of the following WiFi features is the network team looking? MU-MIMO MIMO Channel bonding TDM Automatic channel selection.
Multiple users are experiencing slow performance when downloading large files from a specific site. Which of the following should the technician do to check the connection to the external site? Check the latency by running a continuous ping to the site. Perform the ipconfig/flushdns command on the affected users’ PCs Run a speedtest from a user’s PC to a site on the Internet. Verify if there is MTU mismatch in the path to the site.
A user has reported an issue with wireless VoIP phones dropping calls during business hours. When working late or in the evenings, the user does not experience call drops. When the network technician investigates the issue, all WAPs have balanced the number of connections evenly and are not dropping off the network. The network technician connects to the wireless network in the user’s office and starts a continuous ping to an external server. The results show a drastic and varied response time for each packet. Which of the following is the MOST likely cause of the dropped calls? No QoS configured on the network Signal-to-noise ratio Interference from the microwave in the breakroom Rogue AP installed in the office.
Which of the following components can be used to manage network traffic to all nodes in a hypervisor? Virtual switch Virtual NIC Media converter Load balancer Multilayer switch.
A network technician is investigating reports of blocked downloads from a firewall. Which of the following should be used to determine which protocols are being blocked? Ping Log review Vulnerability scans Alerts.
Which of the following IPv6 transition methods requires all network devices to support IPv4 and IPv6? 6to4 Teredo ISATAP Dual stack.
A network administrator is configuring a new Internet connection. The ISP provided a fiber-optic handoff, but the company’s firewall only supports copper Ethernet interfaces. The administrator wants to connect the devices as easily as possible. Which of the following would be the BEST way to provide the connectivity needed? Bridge Router Multilayer switch Media converter.
A network technician is responding to a user’s trouble ticket. After replacing the network patch cable with a longer cable, the user is no longer connecting to the network. The network administrator tests the patch cable with a tester and confirms the cable is not faulty. Which of the following is the issue with the newly installed cable? The user ordered Cat5e cable instead of Cat3. A crossover cable was installed. The total cable run exceeds the maximum distance. There is a network speed mismatch between the computer and the switch.
A brokerage firm requires high-speed network connectivity between several buildings in the financial district. Which of the following topologies would BEST meet this requirement? PAN WLAN SAN MAN.
Which of the following is a policy that communicates the guidelines for connecting personal employee devices to the corporate network? Remote access NDA SLA BYOD Incident response.
A security administrator wants to implement the ability to prevent an authorized user from tailgating into the office building. Which of the following should be implemented? Badge reader Bluetooth reader Cipher lock Mantrap.
A network manager notices several outages have occurred due to modifications that were made without being properly tested. Which of the following will the network manager MOST likely implement to prevent future occurrences? Logical diagram Change management IDF documentation Configuration baseline.
Due to an increase in wireless demand, 50 additional access points were installed as part of an expansion project. Each device was configured and managed separately, working with its own configuration. Which of the following network devices would assist the network team with reducing complexity and enforcing policies on the WLAN? Wireless controller Wireless range extender Wireless load balancer Wireless analyzer.
Joe, a user, reports intermittent connectivity issues, but a technician notices that the only time Joe has issues is when he is logged into the database. Losing connection after authenticating to a database, but still having access to network resources such as file/print services and email, would MOST likely be caused by: an incorrect DHCP gateway setting a duplicate IP address NTP synchronization ACL configuration.
A server rack was moved from one floor to another. The network engineer needs to determine what physical changes to make on the network to ensure the server rack has connectivity. Which of the following should the network engineer consult? Standard operating procedures Wiring diagram Inventory documentation Network baseline.
An email server, which is called “Frederick,†has an IPv6 address of 2001:5689:23:ABCD:6A, but most users call it “Fred†for short. Which of the following DNS entries is needed so the alias “Fred†can also be used? MX AAAA SRV CNAME TXT NS.
A network administrator needs to be able to burst datacenter capacity during peak times, but does not want to pay for on-premises hardware that is not used during off-peak times. Which of the following would aid in this scenario? Public cloud SaaS PaaS Hybrid cloud.
A user wants to secure a network closet and be able to tell if anyone makes changes in the closet. Which of the following would be the BEST detective physical security devices in this situation? (Choose two.) Anti-tampering Badges Door locks Key fob Motion detection Video surveillance.
A network technician needs to subnet the network. The marketing department has 28 devices. Which of the following private IP address spaces should be used to ensure the MINIMUM number of unused IP addresses? Gateway: 10.10.10.1 Netmask: 255.255.255.192 Gateway: 172.15.18.128 Netmask: 255.255.255.224 Gateway: 192.168.1.97 Netmask: 255.255.255.224 Gateway: 224.102.113.65 Netmask: 255.255.255.192.
A company has experienced a major security breach. Which of the following should the network administrator reference to determine the next steps? Non-disclosure policy Data loss prevention policy Acceptable use policy Incident response policy.
A technician restored network connectivity on a user’s laptop. After validating full system functionality, which of the following steps should the technician take NEXT? Duplicate the problem, if possible Determine if anything has changed Test the theory to determine the cause Document the findings, actions, and outcomes.
Which of the following is an IPv6 transition mechanism in which network devices utilize IPv4 and IPv6 at the same time? 6to4 ISATAP Teredo Dual stack.
Which of the following protocols operates at Layer 4 of the OSI model? TCP ARP IMAP POP3.
In the past, users brought personal laptops to the office to bypass some of the security protocols on their desktops. Due to new security initiatives, management has asked that users not be allowed to attach personal devices to the network. Which of the following should a technician use to BEST meet this goal? Shut down unused ports on switches Upgrade firmware on network devices Allow only secure protocols on the network Disable unnecessary services.
A technician is installing a SOHO router. Which of the following should be performed on every installation and periodically maintained to prevent unauthorized access? (Choose two.) Disable remote management Update the router firmware Disable port forwarding Use complex passwords Disable the SSID broadcast.
A network analyst is providing access to an FTP server that stores files that are needed by external contractors who are working on a project. In which of the following network locations should the FTP server be placed to achieve the MOST secure environment? DMZ network Server network External network Internal network.
A company is contracting a new third-party organization that will handle storage of the company’s critical data. Which of the following policies would ensure the data remains confidential? SLA NDA MOU BYOD.
A technician must install and configure a network device in a building with 20 classrooms. Each room must be on a separate subnet and should not be able to see traffic from other subnets. Which of the following is the MOST cost-effective solution? A switch with VLANs created for each segment A router with interfaces connected to a switch in each room A VoIP endpoint connected to a hub for each network A firewall with DHCP pools for each subnet.
Which of the following WAN transmission mediums is the fastest and can travel the longest distance? Satellite Copper Wireless Fiber.
The process of grouping network interfaces together to increase throughput is called: VLAN tagging load balancing port aggregation fault tolerance.
Which of the following is used to purposely attack a system to exploit vulnerabilities? Honeypot Vulnerability scan Device hardening Penetration testing.
A network technician is adding a 10/100 switch with RJ45 connectors to the company network to accommodate new computers being added to a network segment. There is no auto-MDIX port on the switch that needs to be connected to the existing switch on the segment. Which of the following should the technician use to make the connection? An RG-59 cable with BNC connectors A multi-mode fiber cable A straight-through Cat5 UTP cable A cable with TIA/EIA 568a and 568b on each end.
A company must create a way for partners to access a web portal to update documents for a project. This should be done only via web browser in a transparent way for the users. Which of the following should be used? Site-to-site connection SSL VPN GRE tunnel VNC.
A network technician needs to install the latest firmware on the switch to address a recently discovered vulnerability. Which of the following should the technician do to have a rollback plan in case of issues with the new firmware? (Choose two.) Label the switch with IP address and firmware version Draw the switchport diagram Create a change management document Draw the network rack logical diagram Confirm standard operating procedures documentation Create a performance baseline of the switch.
Which of the following statements about the OSI model is true? The application layer does not need to know what type of network is being used because that is dealt with by a layer below it. The network layer deals with the network cabling and network device interface compatibility. The transport layer deals with how the data is transported from one router to another based on the IP header The model consists of four layers that describe the requirements a technician follows to troubleshoot and support a network.
Which of the following storage connection types should be used to allow the consolidation of the physical connections for SAN and LAN in just one Layer 2 protocol? Fibre Channel SCSI T1/E1 FCoE.
A network administrator is securing the wireless network in a multitenant building. The network uses a passphrase for authentication so it is easy to allow guests onto the wireless network, but management would like to prevent users from outside the office space from accessing the network. Which of the following security mechanisms would BEST meet this requirement? MAC filtering WPA-PSK 802.1X Geofencing.
A technician is asked to provide centralized SSID management across the entire WAN. The BEST solution would be to: use a configuration management server configure a multilayer switch install a wireless controller use a proxy server.
A network technician is coordinating the upgrade of the company’s WAP firmware with all the remote locations. The company has occasionally experienced errors when transferring large files to some of the remote offices. Which of the following should be used to ensure files arrive without modifications? File hash Encryption FCS Compression.
A network administrator needs to implement a new IP subnet containing 29 hosts. It is possible that the number of hosts in that subnet could eventually double. The company only has a single, unused public IP network left to work with: 164.10.12.0/24. Which of the following would be the BEST way to divide this network without wasting addresses? 164.10.12.0/24 164.10.12.64/29 164.10.12.128/26 164.10.12.191/28.
A network technician is reviewing the company phone system to make the necessary changes to a firewall configuration. Which of the following protocols are used in VoIP communication? (Choose two.) SIP NTP H.323 SNMP IMAP SMB CSMA.
A school is implementing a wireless network and wants to ensure there is adequate coverage. The gymnasium has thick cinder-block walls, and there are several offices adjacent to it. Which of the following should the network technician recommend to ensure full coverage while minimizing the total number of APs purchased? Deploy two APs to the gymnasium with the maximum power level transmitting to cover the adjacent offices. Deploy a single AP to each adjacent office set to transmit at maximum power. Deploy a single AP to each adjacent office set to transmit at maximum power. Use a spectrum analyzer to generate a heat map of the gymnasium to pinpoint AP placement.
Which of the following BEST describe the differences between an IDS and an IPS? (Choose two.) An IDS will detect traffic anomalies and a predefined signature pattern, alert and log them, and allow them through the network. An IDS will detect traffic anomalies, alert and log them, and block the traffic. An IDS will detect previously unknown traffic anomalies, alert and log them, and block the traffic. An IPS will detect traffic anomalies, alert and log them, and allow them through the network. An IPS will detect previously unknown traffic signatures, and alert and log them. An IPS will detect traffic anomalies and a predefined signature pattern, alert and log them, and block the traffic.
A technician is required to install a new DOCSIS-based Internet connection. Which of the following medium types does this use? Cat6a RG-6 UTP Multimode Single mode.
HOTSPOT -
Corporate headquarters provided your office a portion of their class B subnet to use at a new office location.
Range Given: 172.30.232.0/24 -
-> Sales 57 devices
-> HR 23 devices
-> IT 12 devices
-> Finance 32 devices
-> Marketing 9 devices
INSTRUCTIONS -
Allocate the minimum number of addresses (using CIDR notation) needed to accommodate each department.
After accommodating each department, identify the unused portion of the subnet by responding to the question on the graphic.
All drop downs must be filled.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Finance Network Sales Network IT Network HR Network Marketing Network Which represent the LARGEST possible contiguous block of remaining addresses .
SIMULATION -
You have been tasked with setting up a wireless network in an office. The network will consist of 3 Access Points and a single switch. The network must meet the following parameters:
-> The SSIDs need to be configured as CorpNet with a key of S3cr3t!
-> The wireless signals should not interfere with each other.
-> The subnet the Access Points and switch are on should only support 30 devices maximum.
-> The Access Points should be configured to only support TKIP clients at a maximum speed.
INSTRUCTIONS -
Click on the devices to review their information and adjust the settings of the APs to meet the given requirements.
If any time you would like to bring back the initial state of the simulation, please click the Reset All button.
AP1 AP2 AP3.
SIMULATION -
After recent changes to the pictured network, several users are unable to access the servers. Only PC1, PC2, PC3, and PC4 are clickable and will give you access to the command prompt and the adapter configuration tabs.
INSTRUCTIONS -
Verify the settings by using the command prompt, after making any system changes.
Next, restore connectivity by making the appropriate changes to the infrastructure.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
PC1 PC2 PC3 PC4.
While reviewing switch logs, a network analyst notices many failed logon attempts followed by a successful logon from an unknown IP address. Which of the following hardening techniques should be utilized to prevent unauthorized access? Avoiding common passwords File hashing Disabling unused IP ports Using secure protocols.
A small business utilizes a SOHO router and wishes to secure its existing wireless infrastructure. The business has fewer than ten devices, which are a mixture of old and new machines. Due to the varying ages of the machines, the latest wireless encryption methods may not be supported on all devices. Which of the following would be the MOST cost-effective method to add a layer of security while allowing all machines to connect? WPA2 EAP-FAST MAC filtering 802.1X.
Which of the following routing conventions is known as a link-state protocol? RIP BGP EIGRP OSPF.
A technician is making the population of routers more secure. Which of the following are the BEST options for making authentication more secure? (Choose two.) Add a login banner. Disable unused services Upgrade the firmware Disable Telnet Implement AAA. Disable SSH.
A technician is installing six PCs and six VoIP telephones on a small office LAN. The VoIP telephones require QoS to be configured for proper operation. The customer router does not have QoS capability. Which of the following network devices should the technician purchase and install at this office? Managed PoE switch Load balancer Layer 3 switch Unmanaged PoE switch.
A network administrator has signed up for service with a new ISP. The administrator was given the IP address of 172.17.10.254/30 to use on the external interface of the Internet-facing router. However, the network administrator cannot reach the Internet using that address. Which of the following is the MOST likely explanation? The address provided by the ISP has a mask that is too small to be used and needs a larger mask. The address provided by the ISP is a private IP address space and is not routable on the Internet. The address provided by the ISP is the wrong one; they should be using 172.17.10.252/30. The address provided by the ISP is part of the reserved loopback address space and cannot be used.
A company deploys many workers in the field who remotely access files from a server at headquarters. Leadership is concerned about the risks posed when field workers update these files from unsecured networks. Which of the following policy changes can the company make to MOST improve the confidentiality of connections when connecting remotely? (Choose two.) Implement SSL VPN connections from the remote devices to headquarters. Change file access protocols from SFTP to FTP on the remote devices. Utilize HTTPS to access the company intranet from remote devices. Configure WPA2 on the wireless networks at headquarters. Configure IMAP over port 143 for email access on remote devices.
A manufacturing company has signed an agreement with another company to collaborate on an upcoming project. Both companies require secure and persistent access to resources on each others' networks. Which of the following remote access technologies should the companies implement to satisfy their requirements? Out-of-band management Site-to-site VPN DMZ networks SFTP site.
A security administrator wants to implement the ability to prevent an unauthorized user from tailgating into the office building. Which of the following should be implemented? Badge reader Bluetooth reader Cipher lock Mantrap.
Joe, a technician, was able to copy data at a site with no network equipment between two new laptops, featuring gigabit Ethernet ports, by using a regular straight- through patch cable. Joe then unsuccessfully tried to accomplish the same thing at a different site from his laptop with a gigabit Ethernet port to an older customer unit, which had a 10/100 network port. Which of the following is the cause of this? The customer's laptop does not support auto-MDIX. Joe's laptop does not support auto-MDIX. Straight-through patch cables are prone to crosstalk. The customer's laptop NIC does not support full duplex.
A network engineer has connected the storefront with the maintenance shed on the other side of a golf course using 802.11 wireless bridges and omnidirectional antennas. However, the signal strength is too weak. Which of the following is the MOST efficient and cost-effective solution to solve the issue? Replace the omnidirectional antennas with unidirectional antennas. Put protective enclosures around the omnidirectional antennas to prevent damage from golf balls. Replace the 802.11 wireless standard and use GSM instead. Replace the wireless bridges with wireless routers.
Which of the following would block access to an untagged port when connected to a Layer 2 device? BPDU guard Spanning tree Flood guard Root guard.
Which of the following OSI layers contains the LLC function? Network Data link Session Transport.
Which of the following BEST describes the RADIUS authentication service protocol? A protocol that sends passwords to the authentication server A protocol that sends encrypted tickets from the authentication server A protocol that sends X.500 service requests to the authentication server A protocol that sends configuration information from the authentication server.
A company needs a secure way to provide building blueprints to an engineering partner frequently. The Chief Information Officer (CIO) states that a secure protocol must be used for transfer, and the partner needs to initiate a secure connection to the company's router. Which of the following would BEST meet the requirements? (Choose two.) Site-to-site VPN Client-to-site VPN RDP SSH SFTP Captive portal.
A technician installed a new fibre optic cable to connect two sites. Although there is a link light on the port at each site, the customer reports traffic is dropping intermittently. Which of the following should the technician do NEXT to troubleshoot the issue? Check the interfaces for CRC errors Check for a VLAN mismatch Check for a TX/RX reverse on the connector Check that the pinout is correct.
A new technician has been tasked with checking the status of a switchport. The technician needs to find the information quickly without the use of command-line utilities. Which of the following remote management methods would help the technician? SSH VNC RDP HTTPS.
A network technician needs to install the last firmware on the switch to address a recently discovered vulnerability. Which of the following should the technician do to have a rollback plan in case of issues with the new firmware? Choose two Label the switch with IP address and firmware version Draw the switchport diagram Create a change management document Draw the network rack logical diagram Confirm standard operating procedures documentation Create a performance baseline of the switch.
|
