Network+ N10-006 Practice Exam D 2018.pdfNetwork+ N10-006 Practice Exam D Hey everyone! Here’s a...

Network+ N10-006 Practice Exam D

Hey everyone! Here’s a free 100 question Network+ practice exam for you. Enjoy!

Each question has the answer and explanation on the following page.

Begin on the next page—good luck!

Yours truly,

David L. Prowse

www.davidlprowse.com

Check out these links:

My Free Network+ Study Page:

http://www.davidlprowse.com/comptia-network-plus-n10-006-study.php

Network+ N10-006 Cert Guide:

http://amzn.to/2edeN7g

Network+ N10-006 Exam Cram:

http://amzn.to/2ebj75A

Network+ Complete Video Course:

http://click.linksynergy.com/link?id=g//2PZbywdw&offerid=163217.2255761&type=2&murl=http%3A%2F%2Fwww.pearsonitcertification.com%2Ftitle%2F9780789754721

1. On which layer of the TCP/IP model is ARP described?

A. Link layer

B. Internet layer

C. Transport layer

D. Application layer

1. Answer. A

Explanation. The Address Resolution Protocol (ARP) was developed within the TCP/IP

model framework and resides on the link layer (also known as the network interface

layer), which is similar to OSI's data link layer. ARP resolves or translates between IP

addresses and MAC addresses.

Note: ARP wasn't developed in the OSI framework but is often considered to be a network layer protocol in

OSI, or a protocol that resides between the network and data link layers, because it deals with IP addresses

(network layer) and MAC addresses (data link layer) respectively.

Note: The TCP/IP model is also known as the Internet protocol suite computer networking model.

Incorrect Answers. In the TCP/IP model the Internet layer is where protocols such as

IP, ICMP, and IGMP reside. This layer is similar to the OSI network layer. The transport

layer is where protocols such as TCP and UDP reside; it is very similar to the OSI layer

of the same name. The application layer is where protocols such as HTTP, FTP, and

POP reside; again, similar to the OSI layer of the same name, although the TCP/IP

model version combines the OSI's presentation and session layers into a single

application layer.

Be sure to know the layers within the TCP/IP model (also known as the Internet

protocol suite): from top to bottom they are the application, transport, Internet, and link

layers. (The physical layer does not necessarily have to be included as it is considered

outside of the TCP/IP group of protocols, but you might see it listed as a fifth layer.)

Links:







Memorize it!

2. Which of the following frequencies is used by 802.11b and 802.11g?

A. 900 MHz

B. 1800 MHz

C. 2.4 GHz

D. 5 GHz

2. Answer. C

Explanation. The IEEE wireless specifications 802.11b and 802.11g state that they

must run in the 2.4 GHz range. Specifically, between 2.412 and 2.484 GHz (though

many wireless access points will only go as high as channel 11 which is 2.462 GHz).

Incorrect Answers. 900 MHz is used by amateur radio, cordless phones, and was used

by obsolete wireless networking companies such as Aironet (now Cisco). 1800 MHz is

a common cellular band used by the Global System for Mobile Communications

(GSM), though GSM also uses lower frequencies as well. 5 GHz is used by wireless

technologies such as 802.11n and 802.11ac.

Links:







3. You are configuring a DHCP server and want to exclude IP addresses from being

distributed to other computers. What method should you use?

A. Leases

B. DORA

C. Relay agent

D. Reservations

3. Answer. D

Explanation. To exclude IP addresses within a DHCP scope, use reservations. (These

are often used by servers and other network devices, usually in a static fashion.) This

way, the DHCP server will hand out IP addresses from the DHCP scope normally, but

will skip over any individual reservations or ranges of reserved IPs.

Incorrect Answers. A lease is simply the amount of time that a DHCP IP address is

assigned to a computer. DORA is an acronym that stands for discovery, offering,

request, and acknowledgement: these are the four phases of DHCP operations, further

described as server discovery, IP lease offer, IP request, and IP lease

acknowledgement. A relay agent is a secondary DHCP device that can forward DHCP

messages across routed networks.

Links:







4. Which of the following is a type of network cable that includes a fire-retardant jacket?

A. Coaxial

B. Fiber

C. Plenum

D. UTP

4. Answer. C

Explanation. Plenum-rated cable is unshielded twisted pair (UTP) cable that has a fire

retardant jacket which covers the PVC jacket which surrounds the individual wires. Old-

school plenum-rated cable used Teflon, but newer versions (now also known as low-

smoke cable) use a different type of PVC that doesn't burn, or release toxic vapors as

easily.

Incorrect Answers. The rest of the answers are types of cables, but none are fire-

retardant by default—some type of plenum rated coating or modified manufacturing

process of the jacket would have to be included. By default, they all have standard PVC

jackets. Coaxial cable is used for cable TV and Internet, and in older local area

networks. Fiber optic cable is used in scenarios where high data throughput is required.

As mentioned, UTP stands for unshielded twisted pair, which is the most common type

of twisted pair cabling used in data communications networks.

Links:







5. You want to synchronize time from a Windows 7 computer to a Windows Server

2008 computer. What protocol should be used?

A. POP3

B. NTP

C. FTP

D. SNMP

5. Answer. B

Explanation. To synchronize time between the computers, the Network Time Protocol

(NTP) will ultimately be utilized. To initiate that protocol on a Windows computer, you

would use the net time command. For example:

net time \\server2008 /set

This would synchronize the local computer's time to the computer named "server2008".

Try using the net time command on one of your own Windows computers. Analyze the

different options with the net time /? command, and by accessing the following TechNet

link:

http://technet.microsoft.com/en-us/library/bb490716.aspx

Then try as many of the options as you can—given your network environment.

Incorrect Answers. POP3 is the Post Office Protocol (version 3) which is used to

receive e-mail. FTP stands for File Transfer Protocol which is used to transmit and

receive data to and from remote computers. SNMP stands for Simple Network

Management Protocol which is used to remotely monitor network devices and other

systems.

Links:







Try it!

6. Which of the following ports does syslog use?

A. 53

B. 143

C. 389

D. 514

6. Answer. D

Explanation. The syslog protocol uses port 514 by default. Syslog is a standard for

computer message logging; it allows an admin to pull the logs from a router (or other

compliant network device) and view them from a local workstation (given the router is

configured properly and syslog monitoring software is installed on the computer).

Incorrect Answers. Port 53 is used by the Domain Name System (DNS). Port 143 is

used by the Internet Message Access Protocol (IMAP). Port 389 is used by the

Lightweight Directory Access Protocol (LDAP).

Links:







7. If you were to type the following command, what would it display?

netstat -n

A. IP address

B. Ethernet statistics

C. Address and port numbers in numerical form

D. Protocol statistics

7. Answer. C

Explanation. The netstat -n command in the Windows Command Prompt is used to

view connections to remote computers numerically—meaning in IP address and port

number format. For example,

Local Address Foreign Address

10.254.254.101:49159 64.233.160.1:80

This shows the local computer IP (10.254.254.101, which is private) and the outbound

port that is being used (49159, which is dynamically assigned), and the remote

computer IP (64.233.160.1, which is public) and the inbound port of that server (80,

which is static and corresponds to HTTP). If you wanted to show these connections in

hostname and protocol name format, you could use the netstat -a command.

Incorrect Answers. To display an IP address you could use the ipconfig command.

Ethernet statistics can be displayed by using netstat -e. Protocol statistics can be

displayed by using the netstat -s command. To learn more about netstat and its

parameters type netstat /? in the Windows Command Prompt.

Try using the netstat command on one of your own Windows computers. Examine the

different parameters, and be sure to know how to use the -a, -n, and -an parameters,

and know the differences between them. Also perform commands with the -e and -s

parameters.

Links:







Try it!

8. You are setting up a SOHO computer network for a small business owner. The

owner requires a device that offers Internet access, VLANs, packet filtering, and the

translation of multiple private IP addresses into a single public IP address. Which of the

following network devices will meet all of the small business owner's requirements?

A. VPN concentrator

B. Router

C. Firewall

D. Switch

8. Answer. B

Explanation. When talking about SOHO networks, the SOHO router is the all-in-one

device. It is considered a multifunction network device. Many of them allow for NAT

(the translation of multiple private IP addresses into a single public IP address), VLANs,

packet filtering, and of course, Internet access.

Incorrect Answers. A VPN concentrator only allows for incoming connections from

remote computers. A SOHO router might even be able to do this function in addition to

everything else by utilizing PPTP. A firewall takes care of blocking unwanted packets

by closing ports, and also does packet filtering. Of course, a SOHO router normally

includes firewall functionality. A switch takes care of connecting multiple computers on

a LAN; and once again the SOHO router will normally have a four port switch built-in.

The SOHO router is a combination of all the other incorrect answers, including VPN

concentrator, firewall, switch, and more.

Consider spending a little time researching the latest SOHO routers from companies

such as D-Link, Linksys, Belkin, and so on.

Links:







9. You are troubleshooting a UTP cable that has been suspected of having EMI issues.

What type of cable should you use to fix the problem without adding new equipment to

the network?

A. STP

B. Single-mode fiber

C. Plenum

D. Multi-mode fiber

9. Answer. A

Explanation. STP stands for shielded twisted pair; a type of twisted pair cable that has

an aluminum shield which surrounds the pairs of wires. By upgrading a standard

unshielded twisted pair (UTP) cable to STP, you can effectively block most

electromagnetic interference that is occurring.

Incorrect Answers. Single-mode fiber and multi-mode fiber would both require different

hardware; for example, in the server room you would need different network switches

that can support fiber optic connections. Currently in the scenario the switches only

support copper-based twisted pair connections. Plenum cable is run in areas that

cannot be affected by a sprinkler system; it is designed to not give off toxic vapors in

the case of fire. However, plenum-rated cable does not help with EMI because it does

not incorporate shielding.

Links:







10. You have been sent to investigate intermittent connectivity problems in a recently

renovated office space. You find that the cubicles in the office were wired so that the

network cables were run inside the conduit along with electrical cabling. Which of the

following would most likely resolve the connectivity problems?

A. Test each of the network jacks using a cable certifier.

B. Re-run run the network cabling so that the cables are 12 inches or more away from

the electric lines.

C. Power cycle the computers and the switches in order to re-establish the network

connections.

D. Re-run the network cabling through the ceiling along side the lights to prevent

interference.

10. Answer. B

Explanation. The best answer is to re-route the network cabling so that the cables are

at least 12 inches away from any electric lines. The electric lines are most likely

causing intermittent EMI in this scenario, which will adversely affect network

communications. Even if they are metal enclosed BX electric cables, EMI can still

occur. The general rule is to keep network cabling at least 1 foot away from any

electrical source. How exactly that will be done within the office cubicles remains to be

seen, but will probably require some creative thinking!

Incorrect Answers. Testing the network jacks with a cable certifier is not necessary

because we already know that there are connectivity problems. You also already found

that the network cables were too close to the electric cabling, so testing with a cable

certifier does not need to be done at this point. However, once we fix the problem, we

should test with a cable certifier to be sure. Power cycling the computers and switches

would waste a lot of time, and would not allow you to find the answer to the problem

any faster. Re-routing the network cabling through the ceiling is often a good idea, but

the cabling has to go through the cubicles as well because that is where the computers

are. A common practice is to run the network cabling through its own metal conduit, or

through conduit that's built-in to the cubicles, until a building column is reached, and

then run additional metal conduit up the column into the ceiling. However, the real

problem with that answer is "running the cable alongside lights to prevent interference".

On the contrary, this will create interference. As with any other electrical sources, keep

network cabling at least 1 foot away—this includes lights, speakers, electric cables,

junction boxes, and so on.

Links:







11. You have been tasked with connecting a home office to the Internet and sharing

files with all six of the computers on the network. What are the minimum requirements if

the user doesn't want to install wireless devices, and all the computers contain wired

network adapters?

A. Hub, cables, firewall

B. Firewall, router, cables

C. Switch, firewall, cables

D. Router, switch, cables

11. Answer. D

Explanation. In order to configure what the user's home office requires, you need a

minimum of a router, a switch, and cables. Let's discuss those in reverse order. The

cables will connect all of the computers to a switch, collectively forming a LAN. The

switch takes care of the communications between computers on the LAN. Then, the

router takes care of the connection from the LAN to the Internet, and allows all clients

on the LAN to connect to Internet websites. Of course, if you have a SOHO router, this

will usually have a built-in switch with at least four ports, possibly more. In the case of a

4-port SOHO router, you would still need to daisy chain another switch because the

scenario calls for six computers on the LAN. On a side note, the switch would allow the

computers to communicate with each other, and ultimately allow for sharing—but any

data files that the user wants to be shared would have to be configured to do so within

the operating system.

Incorrect Answers. A hub is incorrect because it is antiquated. The switch has long

been the successor to the hub. A firewall is not necessary in the scenario because

there is no mention of security, port filtering, or port blocking. However, it is an

important part of most networks, and it often comes as a built-in component of a SOHO

router.

Links:







12. You are utilizing source port numbers as a way to keep track of network

connections. Which of the following protocols is best described as this?

A. NAT

B. PAT

C. TCP

D. UDP

12. Answer. B

Explanation. PAT (port address translation) permits multiple devices on a LAN to be

mapped to (and share) a single public IP address that connects to the Internet. It does

this by providing different public address port assignments for each client on the LAN.

This provides privacy for each computer on the LAN in the form of private IPs. PAT is

an extension of NAT (network address translation) and is the standard for most SOHO

routers used in small office and home networks. This is also known as single-address

NAT and IP masquerading.

Incorrect Answers. NAT was originally used to map each individual private IP address

to a separate public IP address. As the need to conserve IPv4 addresses grew, PAT

became very popular. While some people in the IT field might refer to PAT as NAT, it

isn't quite accurate. NAT and PAT become a side note when it comes to IPv6 networks,

but are still very important in IPv4 networks. TCP stands for the Transmission Control

Protocol, the transport layer portion protocol of its namesake—TCP/IP. It is a

guaranteed, connection-oriented protocol used by protocols such as HTTP and FTP,

where each and every packet must arrive at its destination. UDP (User Datagram

Protocol) on the other hand is a non-guaranteed, connectionless transport layer

protocol that is used in streaming media and other real-time applications where

dropped packets are not a big concern.

Links:







13. Which of the following connectors would most likely be used with RG-6 cable?

A. RJ11

B. RJ45

C. F connector

D. BNC

13. Answer. C

Explanation. An F connector is used on each end of an RG-6 coaxial cable. RG-6 cable

is used for cable TV and cable Internet connections.

Incorrect Answers. RJ11 is the connector used on each end of a basic landline-based

telephone patch cable. RJ45 is the connector used on each end of a computer

networking patch cable. Both RJ11 and RJ45 are used with twisted pair cabling. BNC is

an older type of connector used in Thinnet coaxial networks—the predecessor to

twisted pair networks.

Links:







14. The IT Manager for your organization has configured a wired network IP scheme

with the following specifications:

DHCP: 192.168.1.100—199

Gateway: 192.168.1.1

DNS: 192.168.1.1

Which of the following is being represented by this IP addressing scheme?

A. Static

B. Dynamic

C. Static reservations

D. Class A scope

14. Answer. B

Explanation. This is a dynamic IP addressing scheme, where a DHCP server is

handing out IP addresses to clients from the following scope: 192.168.1.100—

192.168.1.199. It is also telling the clients that the gateway address (router) is

192.168.1.1, and that the DNS server is at the same address.

Try creating a DHCP scope on your SOHO router or Windows Server computer.

Configure a class C scope, the associated subnet mask, gateway and DNS address,

and assign reserved addresses as well.

Incorrect Answers. A static IP addressing scheme would be a long list of computers

and their associated IP addresses. For example: Computer1 — 192.168.1.100,

Computer2 — 192.168.1.101, and so on. These would have to be configured manually

at each computer by one or more technicians. That's why we use a DHCP server—to

save time and automate the process (and to greatly reduce the chance of IP conflicts).

Remember to automate whenever possible; over the long run it will save a lot of time

for you. Static reservations are reserved IP addresses within an IP scope that are not

handed out by the DHCP server, but rather are configured by the technician. For

example, a DHCP scope might be 192.168.1.1—192.168.1.255. This leaves no room

on the 192.168.1.0 network to configure static addresses, but we could add one or

more static reservations within the scope, such as 192.168.1.250—192.168.1.255

which could then be used in a static fashion on servers, routers, and so on. A class A

scope would be one where the first octet is between 1 and 128. For example,

10.1.1.1—10.255.255.255. Because the first number of the scope in the question is

192, we know that it is a class C scope.

Links:







Try it!

15. You have been tasked with reviewing network documentation to determine proper

connectivity settings. review the following now:

Device Connection Type Distance

Server1 Cat 6e 380 ft

Laptop1 802.11g 100 ft indoor

PC1 Cat 5 300 ft

Laptop2 802.11n 150 ft indoor

Server2 Single mode 500 ft

Which of the following is out of specifications?

A. Server1

B. Laptop1

C. PC1

D. Laptop2

E. Server2

15. Answer. A

Explanation. Server1 is out of specifications because the distance is too great for Cat

6e cable. Generally, twisted pair cable types such as Cat 5, Cat 6, and so on can be

run up to 328 feet (100 meters). Because the distance listed is 380 feet, the server will

most likely have intermittent network connections or no network connection at all. The

solution would be to install fiber optic cable, most likely multi mode.

Incorrect Answers. Laptop1 is okay because the wireless standard 802.11g specifies a

maximum transmission distance of 125 feet indoor and 460 feet outdoor (38 and 140

meters respectively). PC1 is okay because Cat 5 (full name—Category 5) can be run

up to 328 feet (100 meters); at 300 feet it is within good parameters. Laptop2 is okay

because the 802.11n wireless standard specifies a maximum transmission distance of

230 ft indoor and 820 feet outdoor (70 and 250 meters respectively). But remember

that wireless distances will fluctuate greatly depending on various factors including

interference, items and walls blocking the path of the transmission, reflected and

refracted signal, and so on. Server2 is well within specification because it is using

single mode fiber optic cable which can be run from 1 to 50 kilometers depending on

the technology, cabling, and equipment used.

Links:







16. Another technician has just deployed a network switch, but cannot remotely

administer the device. The technician notices that the switch has the configuration

listed below. What is the most likely cause of the failure to remotely connect to the

device?

Management LAN: 192.168.150.0/24

Management interface: 192.168.150.3 255.255.255.0

Default Gateway: 192.168.151.1

STP is enabled

A. Switching loop

B. Wrong subnet mask

C. Wrong gateway

D. Incorrect interface IP

16. Answer. C

Explanation. The network switch has been configured with the wrong default gateway.

If the switch is on the 192.168.150.0 network, then the gateway should also be on that

network, but in the scenario it is on the 192.168.151.0 network. Remember that the

default gateway should always be on the same IP network as the device that is trying to

connect to it.

Incorrect Answers. There is no indication of a switching loop from the scenario. This

could happen if a patch cable was connected at both ends to the switch, or if multiple

switches were all cabled together each daisy chaining to the next. Regardless, even if

this was the case, the Spanning Tree Protocol (STP) is enabled on the switch, which

will look for cable loops of this nature and logically stop the traffic flowing on the link

that is causing the problem, even if the cable is still physically connected. The subnet

mask is correct. When you see /24 you might be tempted to think of CIDR (Classless

Inter-Domain Routing), or of subnetting or supernetting. But none of these apply here.

The standard default subnet mask for a class C network such as 192.168.150.0 is

exactly what is shown for the management LAN: /24. This is equivalent to

255.255.255.0 which is shown for the management interface. We don't necessarily

know if the management interface IP is correct or not. But we can assume that it is not

likely to be the cause of the problem because the address (192.168.150.3) is on the

same IP network as the management LAN, whereas the default gateway address is

not.

Links:







17. Your organization needs to implement a secure wireless network that will require

employees to authenticate to the wireless system with their domain usernames and

passwords. Which of the following should you implement in order to meet these

requirements? (Select the two best answers.)

A. MAC address filtering

B. WPA enterprise

C. WPA2 personal

D. 802.1X

E. 802.1Q

17. Answers. B and D

Explanation. Use 802.1X and WPA enterprise. 802.1X is port-based network access

control (PNAC) which provides authentication for computers that attempt to connect to

a LAN or wireless network; it is very common in wireless networks. It actually looks at

the wireless adapter of the computer and makes sure that it is allowed access, based

on previously assigned parameters. WPA enterprise means that the wireless access

point is using the Wi-Fi Protected Access (WPA) wireless encryption standard, but is

relying on an enterprise server to take care of the authentication. This usually means a

RADIUS server. The wireless access point would need to be configured with the IP

address, port, and login credentials of the RADIUS server. In this case, RADIUS would

probably be installed on a Windows server, so that it can seamlessly work with the

domain controller on the network to authenticate usernames and passwords. It could

even be installed on the same server that is acting as the domain controller, though this

is not often recommended. By the way, the question made mention of "domain

usernames and passwords", so we can safely assume that this is a Microsoft network

or "domain", which is controlled by a Windows domain controller.

Incorrect Answers. MAC address filtering will filter out computers that do not have their

MAC address listed within the WAP, but it doesn't help with actual authentication

otherwise, so it is not a best answer. WPA2 personal can be very secure (especially if

used with an encryption protocol such as AES), but cannot offer the authentication

required as far as domain-based usernames and passwords are concerned. 802.1Q

supports virtual LANs on Ethernet networks. There was no mention of a need for a

VLAN. In addition, 802.1Q does not have a default, built-in authentication scheme.

Links:







18. A technician is troubleshooting a user's connectivity issue and has just determined

a probable cause. The technician is currently at which step of the troubleshooting

process?

A. Identify the problem

B. Verify full system functionality

C. Implement the solution

D. Establish a theory

18. Answer. D

Explanation. The technician is currently at the establish a theory of probable cause step

of the Network+ troubleshooting methodology. This is the second step of the process.

Within this step, the technician will question the obvious in order to come up with a

probable cause.

Incorrect Answers. Identify the problem is the first step. In this step a technician gathers

information, identifies symptoms, questions users, and determines if anything has

changed recently. Implement the solution is the fifth step; this is when a technician

actually fixes the problem—or, escalates the problem if necessary. Verify full system

functionality is the sixth step. This is when the technician makes sure that the system

(and any connected systems or software) are functional. In this step the technician also

implements preventive measures so that the problem doesn't occur again. This might

require user training as well.

I can't stress it enough. Know the CompTIA Network+ 7-step troubleshooting process!

Step 1 Identify the problem

Step 2 Establish a theory of probable cause

Step 3 Test the theory to determine cause

Step 4 Establish a plan of action to resolve the problem and identify potential

effects

Step 5 Implement the solution or escalate as necessary

Step 6 Verify full system functionality and if applicable implement

preventative measures

Step 7 Document findings, actions and outcomes

Links:







Memorize it!

19. A technician has been tasked with installing a new wireless network for a coffee

shop. The owner wants to allow users wireless access from anywhere in the shop, but

not from outside the shop. Which of the following should be the greatest concern for the

technician?

A. Channel usage

B. Interference

C. Encryption protocols

D. WAP placement

19. Answer. D

Explanation. Wireless access point (WAP) placement is the greatest concern...at this

point. Because the owner doesn't want people outside the shop (such as people

looking for free access, wardrivers and so on) to connect to the wireless network, you

should plan placement of the WAP carefully. Most likely a ceiling-attached installation

in the center of the shop would be the best course of action. Then (and perhaps more

importantly), configure the radio level for the antennas; it might need to be lowered in

order to reduce wireless coverage to the interior of the building. Remember that today's

wireless protocols can transmit information farther and farther. It's easy to broadcast

the wireless signal too far—and into unwanted computers.

Incorrect Answers. Channel usage isn't a major concern at this point. Choose 1, 6, or

11 to be on the safe side. if interference does occur on one, try another of the three. If

multiple WAPs were in use you might be interested in putting the first WAP on channel

1, the second WAP on channel 6, and so on. We aren't concerned with interference too

much yet, but if there are other devices that run on the same wireless frequencies

(such as Bluetooth devices, microwaves, and so on) then we might need to adjust the

channel as necessary. Then there's EMI. That kind of interference can be avoided by

keeping the WAP away from lighting, speakers, HVAC equipment, and other electrical

sources. Encryption protocols are important, but they will not affect the coverage.

However, they should be selected carefully. This will depend on the typical device that

a coffee shop patron owns. Generally, WPA2 and AES is recommended, but some

people might not have that capability on their device, so you might want to select

WPA2 or WPA in the WAP's configuration screens.

Links:







20. Which of the following is the best way to prevent new users form connecting to a

wireless access point, but still allow already connected users to continue connecting?

A. Turn off the SSID broadcast

B. Create a MAC filter containing the current users

C. Change the encryption type to AES-256 for current users

D. Reduce the signal strength of the WAP

20. Answer. B

Explanation. By creating a MAC filter (that contains the current computers' MAC

addresses), you are basically making a rule which states that only those computers can

connect to the WAP, and that other computers will not be able to connect, because

their MAC addresses are not on the list. Is this foolproof? Of course not, because in

order for MAC filtering to work properly, the WAP needs to broadcast the MAC filter

table. A hacker with any experience at all will be able to scan for this, find out the

allowed MAC addresses, and change the MAC address at his or her system thus

masquerading as one of the allowed clients. But it's a good way to disallow the average

user (who doesn't have these skills) from connecting.

Incorrect Answers. Turning off the SSID broadcast signal just makes it so users cannot

connect automatically. However, if the person knows the SSID, he or she can still

connect in a manual fashion. In addition, it is still possible for attackers to scan for the

SSID in other ways, even if the SSID has been disabled at the WAP. Changing the

encryption type would mean that the users would have to reconnect and their systems

would have to negotiate a new protocol. This goes against the purpose of the scenario

which expects already connected users to continue to connect. However, it is a good

idea to use the strongest encryption possible, and AES-256 (as of the writing of this

book) is just that. But that change would require downtime, a new passphrase (which

you should always create when encryption protocols are changed), and reconnections

from all clients. Reducing the signal strength of the WAP is always a good idea when it

comes to security. But, in so doing, you might exclude users on the perimeter of the

wireless network—as that perimeter shrinks.

Links:







21. When differentiating between a switch and a hub, which of the following is false?

A. A switch has multiple collision domains

B. A hub has multiple collision domains

C. A switch has a single broadcast domain

D. A hub has a single broadcast domain

21. Answer. B

Explanation. The only answer listed that is false is "a hub has multiple collision

domains". This is not true; a hub has a single collision domain for all computers (or

nodes) that are connected to it. If you are attempting to differentiate between a hub and

a switch, there are several ways to do so. One way is to discuss broadcast domains

and collision domains. A broadcast domain is a logical division of a computer network

where all nodes (computers) can contact each other on the data link layer (layer 2).

Generally, all computers that are connected to a switch or to a hub are part of a single

broadcast domain where they can all broadcast to each other—again, on the data link

layer. In order to divide a broadcast domain into two or more sections, you would need

a layer 3 device such as a router or a layer 3 switch. However, a collision domain is a

portion of a network where data packets sent by two computers can collide with one

another when sent on a shared medium. This was common with early implementations

of Ethernet when the central connecting device was a hub. When it comes to a hub,

there is only one collision domain, because all computers share the channel. Therefore,

any computers on a hub could cause a data collision at any time. So the answer: "a

hub has multiple collision domains" is incorrect—that is the false answer. And this is

one of the reasons that the switch is a superior solution. While all the computers

connected to a switch can broadcast to each other, normal communication is limited to

two computers at a time. Because the switch has multiple collision domains, collisions

are far less likely than with a hub.

Incorrect Answers. All of the other answers are true statements. See the previous

explanation for more information.

Links:







22. Which port is used by the DHCP client service?

A. 21

B. 53

C. 67

D. 68

22. Answer. D

Explanation. The DHCP client service uses port 68. So, for example, if you have a

Windows 7 computer that is obtaining an IP address from a DHCP server, it will use

port 68 to do so.

Incorrect Answers. Port 21 is used by FTP. Port 53 is used by DNS. Port 67 is used by

the DHCP server service. So when a client attempts to get a dynamically assigned IP

address from a DHCP server, it does this by connecting to the server's inbound port 67.

Links:







23. Which protocol uses port 143?

A. SMTP

B. POP3

C. IMAP

D. HTTPS

23. Answer. C

Explanation. The Internet Message Access Protocol (IMAP) uses port 143.

Incorrect Answers. SMTP uses port 25. POP3 uses port 110. HTTPS uses port 443.

Links:







24. Users at a remote site are unable to establish VPN connections to the main office.

In which of the following layers does the problem most likely reside?

A. Physical

B. Network

C. Session

D. Application

24. Answer. C

Explanation. If VPN connections cannot be made, the problem can often be considered

to reside on the session layer of the OSI model. This is one of the reasons that the OSI

model exists; to help a technician understand the inner workings of a particular

technology (or protocol) and troubleshoot any errors that might arise. In this scenario,

connections can not be made. This is often due to authentication and authorization

problems, which happen at the session layer, as does session restoration.

Incorrect Answers. Physical layer errors deal with tangible objects such as cabling,

ports, plugs, transceivers, and so on. Network layer issues concern things such as IP

address configuration problems. An application layer problem could mean that the VPN

is functional, but DNS does not work properly, and so name resolution over the VPN

connection fails. There are many errors that can occur with VPN connections (such as

PPTP and L2TP). These often will display error codes which, when used with the OSI

or TCP/IP models, can help you to troubleshoot the actual problem.

Links:







25. A small office has set up an addition in a nearby office space just 20 feet away

within the same building. The network administrator is assigned to provide connectivity

between the existing office and the new office. Which of the following solutions

provides the most security from third-party tampering?

A. VPN between routers located in each office space

B. Cat 5e connection between offices via the patch panel located in the buildings

communication closet

C. A WEP encrypted wireless bridge with directional antennas between offices

D. Cat 5e cable run through the ceiling in the public space between the offices

25. Answer. A

Explanation. The best answer listed is to set up a VPN between each router located in

each office space. Even though the offices are close to each other, they are not directly

next to each other, and so a secure connection such as an encrypted VPN becomes an

excellent solution to avoid eavesdropping.

Incorrect Answers. Running category 5e cable might make for a faster connection, but

there is no inherent security, and the cable is easily tapped by would-be attackers. It is

not wise to place a patch panel in a building's communication closet, unless that closet

is within the organization's office space. Similarly, it is not wise to run the cables in the

ceiling in the public space between the offices. If each office's network is properly

secured, cabling might be a good option, but that would rely on a secure VPN or other

similar technology. An encrypted wireless bridge is another possible solution. However,

WEP is deprecated and is not recommended for use. In addition, there will be multiple

walls separating the two office spaces, some of which may be firewalls (meaning actual

physical walls filled with installation or other material meant to stop fires), which will

severely weaken the wireless signal.

Links:







26. You are making an outbound TCP connection to a Windows server. Which of

following ports will your computer most likely use?

A. 88

B. 389

C. 2987

D. 3389

26. Answer. C

Explanation. Of the listed answers, the best one is port 2987. Remember that if you are

making an outbound TCP connection to a Windows server, that it will be a dynamically

assigned port, and it could be different every time. Port 2987 is just one example of

what could be. It could just as well be something like port 30184, or whatever! Just as

long as it isn't a reserved, assigned port such as FTP port 21. However, the dynamic

assignment is governed by the operating system and will not allow that to happen.

Incorrect Answers. Port 88 is the inbound port that a Windows server would utilize if it

was running Kerberos. Port 389 is the inbound port that a Windows server would utilize

if it was running the Lightweight Directory Access Protocol (LDAP). And port 3389 is

the inbound port that a server would use if running Remote Desktop Services (RDS).

Understand the difference between an inbound port and an outbound port. Inbound

ports are the ports that are used by the computer that is serving the information—these

are usually reserved ports such as 21, 80, and so on. Outbound ports are the ports

used when a client attempts to connect to a server to access information—these are

dynamically assigned by the operating system.

Links:







Memorize it!

27. At which of the following layers of the OSI model does ASCII function?

A. Transport

B. Session

C. Presentation

D. Application

27. Answer. C

Explanation. The OSI model's presentation layer is responsible for the functionality of

the American Standard Code for Information Interchange (ASCII). ASCII is a character

encoding scheme that includes English letters in uppercase and lowercase, decimal

numerals, and punctuation; it is an 8-bit system which totals 256 characters. Encoding

is something that occurs on the presentation layer of the OSI model. In the TCP/IP

model, this would be included in the application layer.

Incorrect Answers. The transport layer deals with connection oriented and

connectionless oriented protocols such as TCP and UDP respectively. The session

layer concerns the establishment and termination of network connections; this includes

the login process. The application layer deals with protocols such as HTTP, FTP, and

POP3.

Links:







28. You just finished installing a full-duplex gigabit Ethernet LAN. At what maximum

data transfer rate will each compliant computer be able to operate at?

A. 100 Mbps

B. 200 Mbps

C. 1000 Mbps

D. 2000 Mbps

28. Answer. D

Explanation. The computers will be able to run at a maximum data transfer rate (speed)

of 2000 Mbps. That is because: One—the LAN is running gigabit Ethernet; that is equal

to 1 Gbps or 1000 Mbps; and two—the network is configured for full-duplex which

means that the computers can send and receive data simultaneously, effectively

doubling the maximum data transfer rate to 2 Gbps or 2000 Mbps.

Incorrect Answers. 100 Mbps is the data transfer rate for Fast Ethernet, and 200 Mbps

would be if that network ran in full-duplex mode. 1000 Mbps is indeed gigabit Ethernet,

but does not take into account running in full-duplex mode.

Links:







29. Which of the following can use a third-party backend LDAP user database for

authentication?

A. ISAKMP

B. PKI

C. CHAP

D. TACACS+

29. Answer. D

Explanation. TACACS+ can use third-party LDAP systems (such as OpenLDAP) for

authentication.

Incorrect Answers. The Internet Security Association and Key Management Protocol

(ISAKMP) is used for authentication and key exchange; it can be used as an

authentication method by TACACS+. PKI stands for public key infrastructure, which is

the whole system of computers, protocols, users, and so on which collectively

contribute to public key connections such as SSL connections on a secure website.

CHAP is another authentication method that TACACS+ can utilize.

Links:







30. Your next job is to open the necessary ports on a firewall that will support both main

FTP transfer modes. Which of the following ports should you open? (Select the two

best answers.)

A. 20

B. 21

C. 22

D. 23

E. 25

F. 53

30. Answers. A and B

Explanation. The main FTP transfer modes use port 20 (for data transfer) and port 21

(as the control port). So these should be opened on the firewall if default standard FTP

connections need to be made into or out of the network. However, port 20 is insecure

for data transfers because it is static. A smarter solution would be to use FTP software

that allows for the dynamic assignment of data transfer ports—one per each file

transfer.

Incorrect Answers. Port 22 is used by SSH. Port 23 is used by the outdated Telnet.

Port 25 is used by SMTP. Port 53 is used by DNS.

Links:







31. Which of the following is a path vector routing protocol?

A. BGP

B. OSPF

C. RIP

D. EIGRP

31. Answer. A

Explanation. The Border Gateway Protocol (BGP) makes routing decisions based on

paths and various rules that are configured by the administrator. So it is known as a

path vector protocol, or path vector routing protocol. BGP is at the center of the Internet

and is responsible for core Internet routing decisions.

Incorrect Answers. OSPF stands for Open Shortest Path First, it is a link state routing

protocol; meaning that it watches for other routers' power and connection states. RIP is

the Routing Information Protocol, one of the original distance-vector routing protocols,

which uses an algorithm to decide on routing paths. EIGRP is the Enhanced Interior

Gateway Routing Protocol. It (and IGRP) are also distance-vector routing protocols, but

more evolved than RIP.

Links:







32. You have been tasked with ensuring that traffic within a particular department in

your organization is divided into four logical subdivisions within the main switch. Which

of the following should be configured on the switch to separate the traffic?

A. SNMP

B. STP

C. VLAN

D. Duplex settings

32. Answer. C

Explanation. To create logical subdivisions within your network you can use virtual

LANs (VLANs). These can be configured via ports or by protocols. However, the switch

must be VLAN compliant. Another option would be to incorporate subnetting. The

specific scenario would dictate which is best, but of the listed answers, VLAN is the

best one here. Keep in mind that subnets might be used in conjunction with VLANs, but

perhaps more often, each VLAN will inhabit its own separate network number.

Incorrect Answers. SNMP is the Simple Network Management Protocol, which is used

to monitor remote network devices (such as switches, routers, and so on). STP is the

Spanning Tree Protocol which is used to prevent looping on switches. Duplex settings

include half-duplex (when a computer can send or receive but not both at the same

time) and full-duplex (when a computer can send and receive simultaneously). These

settings should be configured on the switch but they won't separate traffic.

Links:







33. Which of the following WAN technologies is the fastest?

A. T3

B. ADSL

C. Fast Ethernet

D. OC3

33. Answer. D

Explanation. OC3 is an optical carrier line that specifies a maximum data transfer rate

of 155 Mbps. The fastest optical carrier line (as of the writing of this book) is OC-768,

which transfers data at a maximum rate of 40 Gbps.

Incorrect Answers. A T3 line (transmission system 3) is a twisted-pair T-carrier line

used primarily in North America that has a maximum data transfer rate of 44.736 Mbps.

ADSL (asymmetric digital subscriber line) is a small business and home consumer

Internet connection technology that can reach a maximum data transfer rate of 52

Mbps downstream and 5 Mbps upstream. Fast Ethernet is primarily used as a LAN

technology, connecting computers to a switch (or hub) at 100 Mbps.

Links:







34. A new customer has requested that you provide a solution using multiple wireless

access points. The customer is concerned that there could be problems when users

attempt to connect to one of the several WAPs. Which of the following should be

different on each WAP to prevent wireless problems of this nature?

A. Channels

B. VLANs

C. Firewalls

D. Antenna types

34. Answer. A

Explanation. Use different channels for each WAP. Specifically, remember the standard

ranges: 1-5, 6-10, and 11. Place each WAP in a separate range—this is often

configured as the following: WAP1 - Ch 1; WAP2 - Ch 6; and WAP3 - Ch 11. If there

are more WAPs, then repeat the process starting back at the first range, but move on

to the next number (Ch 2), and so on, moving outward in a physical radius as you go.

By modifying channels in this manner, you can reduce the chances of a user's device

connecting to the wrong WAP.

Incorrect Answers. Most wireless access points do not have the ability to create

VLANs. This is something done by a compatible (and usually more expensive) switch.

The WAP might also have a firewall, especially if it is part of an all-in-one SOHO router

solution, but more often than not you would use a separate firewall device or unified

threat management (UTM) solution. Normally, you can't change the antenna types on a

WAP. They should be physically adjusted to offer the best range and greatest chance

of connectivity.

Links:







35. Your office has plenty of windows, so to save on energy costs the company keeps

lights off until mid-afternoon. Every day at 3PM you get e-mails and phone calls from

users in one section of the office reporting that they are getting intermittent connectivity

to the network and the Internet. Which of the following could cause the problem?

A. Open short

B. DDoS

C. EMI

D. Crosstalk

35. Answer. C

Explanation. Most likely, some of the network cables that connect the computers in that

portion of the office are too close to the lights. Because lights generate EMI, they could

cause interference and ultimately intermittent network connectivity. A quick look above

the ceiling tiles will tell you if the network cables are too close to the lights or other

electrical sources. Often, there is not enough slack in the cables to simply move them,

and so sometimes the only recourse is to re-run the cables. If this is done, consider

STP cabling, especially if there are a lot of electrical obstacles to overcome in the drop

ceiling.

Incorrect Answers. An open short means that one of the pairs of wires is not working

properly (either because the wire is cut, not terminated properly, and so on). While this

is a possibility, it would usually occur with one computer, and not with several. DDoS

stands for distributed denial of service. These attacks are usually directed at servers

and other important points of a network, not individual client computers. Crosstalk is

when a voice conversation or a data stream bleeds from one cable to another. The

term is used loosely, but it normally would affect two systems (or cable connections),

and not several at the same time.

Links:







36. Which of the following technology is explained by the IEEE 802.3af standard?

A. VLAN

B. QoS

C. PoE

D. DoS

36. Answer. C

Explanation. The IEEE 802.3af standard defines Power over Ethernet (PoE)

technology. This technology allows compatible devices to transmit and receive data on

the Ethernet cable, as well as receive power.

Incorrect Answers. A virtual LAN (VLAN) is defined by the 802.1Q standard, though it

might work outside the scope of that standard as well. QoS is somewhat defined by the

802.1p standard (and other standards) though it doesn't necessarily have to comply

with that. DoS stands for denial of service, which is a group of different attacks that can

be perpetuated on network servers and routers.

Links:







37. You have been tasked with implementing a network protection technology that will

inspect packets as they enter the network. Which of the following should you use?

A. Stateful firewall

B. Stateless firewall

C. Packet sniffer

D. Packet filter

37. Answer. A

Explanation. In an effort to protect the network in real-time, a stateful firewall will

inspect the packets that pass through it; digging into the packets to find out if they are

part of a proper sequence of packets with a correct source and destination. This is

often called SPI (stateful packet inspection) within a firewall's configuration screen.

though it will slow down the network slightly, it is a good idea for organizations and

homes that experience a lot of improperly attempted connections from the Internet.

Incorrect Answers. A stateless firewall does not dig into the packets, and instead only

allows you to close ports and so on. A packet sniffer can be used to find out what kind

of traffic is going through the network. However, it is for analytical purposes only, and

does not prevent malicious packets from entering the network. A packet filter can

remove packets that are unwanted but this is often done after the firewall within a proxy

device, UTM, or other similar solution; it usually does not happen at the firewall.

Links:







38. A technician needs to add a firewall rule to allow SSH traffic from all computers to

an FTP server with the IP address 192.168.0.15. Which of the following is the correct

rule?

A. Allow any to 192.168.0.15 port 21

B. Allow any to 192.168.0.15 port 80

C. Allow any to 192.168.0.15 port 22

D. Allow any to any port any

38. Answer. C

Explanation. The rule should allow traffic from any computer "allow any"; to the IP

address of the FTP server (192.168.0.15); on the SSH port only, which is port 22. SSH

stands for Secure Shell.

Incorrect Answers. Port 21 correlates to FTP, and though we have an FTP server, we

aren't interested in FTP traffic at this point, we are interested in SSH traffic. Port 80 is

the HTTP port, which would infer that we are dealing with a web server, not an FTP

server. We don't want to use the phrase "allow any to any port any" because that would

effectively allow all traffic through the firewall on all ports... not a good idea. In reality

this rule would probably not function due to safeguards, but regardless, you should be

very careful when using the "any" parameter when configuring firewall rules.

Links:







39. You require that your DNS server resolve IPv6 addresses to their corresponding

websites. What kind of DNS record must be queried?

A. A

B. AAAA

C. MX

D. PTR

E. CNAME

39. Answer. B

Explanation. The AAAA record is used to resolve IPv6 addresses to their

corresponding websites. It returns a 128-bit IPv6 address used to map to hostnames.

Incorrect Answers. The A record is used to resolve 32-bit IPv4 addresses to

hostnames. The MX record (mail exchange record) is used to map domain names to

message transfer agents within those domains. A PTR record (pointer record) is used

to point to a canonical name record or CNAME, but is often used for reverse lookups. A

CNAME is a record used to specify that a domain name is an alias for another domain

name.

Links:







40. Which of the following is a class B private address?

A. 128.191.150.36

B. 192.168.1.100

C. 152.150.11.172

D. 172.16.50.128

40. Answer. D

Explanation. 172.16.50.128 is a class B private address. The range for class B in

general is any IP address with a first octet that is between 128 and 191. the range for

class B private addresses is 172.16.0.0 to 172.31.255.255.

Incorrect Answers. 128.191.150.36 is a class B public address. 192.168.1.100 is a

class C private address. 152.150.11.172 is indeed class B but it is a public address.

Remember the ranges for class A, B, and C, and their private ranges. I've listed them

again below in Table 3-1.

IP

Class

First

Octet

Range

Private Address Range

Class A 1-126 10.0.0.0—10.255.255.255

Class B 128-191 172.16.0.0—172.31.255.255

Class C 192-223 192.168.0.0—192.168.255.255

Table 1 IPv4 Classes and Private Address Ranges

Links:







Memorize it!

41. An employee in the Accounting department reports a network connectivity problem.

What should you do first?


B. Determine a probable cause

C. Test the theory of the cause

D. Implement the solution of the cause

41. Answer. A

Explanation. The first thing you should do, and the first step of the Network+

troubleshooting process, is to identify the problem. You have no information about the

problem at this time, except that it exists. Identifying the problem means gathering

information, identifying symptoms, questioning users, and determining if anything has

changed. You are not actually doing anything just yet, but you are keeping your mind

open to any possibilities, and looking for common culprits.

Incorrect Answers. All of the other answers would come after you identify the problem.

Determining the probable cause (or "establish a theory of probable cause") would be

the 2nd step. Testing the theory to determine cause is the third step. The 4th step (not

listed in the answers) is to establish a plan of action. Implement the solution of the

cause is the 5th step. The process is rounded out with: verifying full system

functionality, and documenting findings; the 6th and 7th steps respectively.

Links:







42. Which of the following tools and technologies can you use to detect operating

system vulnerabilities? (Select the best answer.)

A. Netstat

B. Nessus

C. Nslookup

D. Honeypot

42. Answer. B

Explanation. Nessus is a third-party vulnerability management program that you can

download from the Internet which will scan a system and let you know the various

vulnerabilities based on the operating system you are scanning. Some people use it for

scanning ports, but it can do more than this. It is the best answer for locating

vulnerabilities to an OS.

Incorrect Answers. Netstat is used to analyze the statistics of a network connection.

While netstat can be used to find out what ports are being used (for example netstat -a

or netstat -n) it only shows those ports that are being used, and doesn't describe any

vulnerabilities that might be associated with those ports. It can be used as a limited

scanning tool, but by far, is not the best answer listed. Nslookup is a command used to

find name servers and if necessary, make configurations within those servers. A

honeypot is a system designed specifically to lure in would-be attackers so that their

methods can be studied by the network administrator.

Links:







43. Which of the following distance-vector routing protocols selects its routing paths

based upon hops?

A. OSPF

B. BGP

C. RIP

D. IGRP

43. Answer. C

Explanation. The Routing Information Protocol (RIP) is a distance-vector routing

protocol that uses the hop count as a routing metric. A hop is the jump from one router

to the next (and therefore one network to the next). RIP has a limit of 15 hops before it

hits an infinite distance and ceases to function properly. Because Internet connections

will often go beyond 15 hops, RIP is not considered suitable; but it is still used in some

organizations' routed networks. Often, it will be replaced with an interior gateway

routing protocol such as EIGRP.

Incorrect Answers. Open Shortest Path First (OSPF) is a link state routing protocol. As

compared to RIP, it is a more common protocol to use within the interior of large

enterprise networks. Border Gateway Protocol (BGP) is the most common exterior

routing protocol; it bases its routing decisions on paths and network rules. Interior

Gateway Routing Protocol (IGRP) is a distance vector routing protocol used on the

interior of networks, but it is obsolete, being succeeded by Cisco's EIGRP.

Links:







44. Several remote users have reported that they cannot securely log in to your

organization's network. According to the users, no changes have been made to their

configurations, usernames, or passwords. You establish a theory that one of the VPN

concentrators is not functioning. What should you do next?

A. Escalate the problem to your supervisor

B. Continue to speak to users, and question if any changes have been made

C. Test access to the concentrator to confirm its status

D. Reboot the concentrator as a potential solution

44. Answer. C

Explanation. The next step is to test your theory (the 3rd step of the troubleshooting

process). This can be done by actually logging into the VPN concentrator yourself. It's

not that you don't believe the users, but you always want to see for yourself exactly

what is going on.

Incorrect Answers. Escalating the problem to your supervisor wouldn't happen until

during the 5th step, and only if you couldn't find a solution to the problem. Once you

have questioned the users, you should continue on with the problem; there is usually

no reason to further question them. Rebooting the concentrator might actually be the

solution to your problems, but you haven't gotten to that point yet. In the scenario you

are currently testing your theory that the VPN concentrator is not functioning. It could

be that the VPN concentrator is simply off. If that is the case, you would quickly find

out, and could try booting it up. However, it might have failed altogether—you just don't

know until you test it (and your theory) for yourself.

Links:







45. What security control is used to reduce vulnerabilities in network devices that

require regular monitoring?

A. Documentation

B. Patch management

C. Social engineering

D. CCTV

45. Answer. B

Explanation. Patch management is one of the most important security controls to put

into place on your networks. It is meant to act as a preventive control, but can also act

as a corrective control. It's important to patch—and manage the entire patching

process of—operating systems and applications.

Incorrect Answers. Documentation is a process that is everywhere. It is important for

security purposes, and troubleshooting and forensics as well. Understanding the

documentation of your organization can aid your network security planning, and

ultimately help to prevent issues from occurring, but it is not the best answer. Social

engineering is the name given to the plethora of cons that malicious individuals will

attempt: pretexting, phishing, baiting, tailgating, and so on. CCTV stands for closed-

circuit television, and is indeed a security control, but it is known as a detective security

control. It is primarily used to analyze who did what and when, but it has a added side

benefit of potentially thwarting would-be attackers, that is if they care that you have a

CCTV system installed. Still, it is not the best answer in this particular scenario

because it won't reduce vulnerabilities of network devices that you regularly monitor.

Links:







46. You have been tasked with setting up a wireless network utilizing WPA2-Enterprise.

What will you need in addition to the wireless access point?

A. LDAP

B. SSH

C. RADIUS

D. IPsec

46. Answer. C

Explanation. WPA2-Enterprise means that the WAP will use an external source for

authentication; such as a RADIUS server. The WAP will need to be configured with the

RADIUS server's IP address, key, username, and password. This scenario might also

call for a different type of authentication server, and possibly 802.1X.

Incorrect Answers. LDAP is the Lightweight Directory Access Protocol which is used for

authentication in Microsoft domains, e-mail servers, and so on. However, it is not the

type of protocol that is used in a scenario such as this that calls for a WPA2-Enterprise

connection. SSH is Secure Shell, which is used to securely connect to, and configure

remote systems. IPsec is a security protocol that can be used in a variety of scenarios,

but is not necessary in this one. Examples of the usage of IPsec include LAN-based

IPv6 transmissions, and L2TP VPN connections.

Links:







47. You are working at a Windows 7 computer and have opened the Command

Prompt. You run the command ipconfig /all, and see the address below. What

type of address is this?

fe80::a4df:ed22:6ab:c3f0%9

A. IPv4

B. IPv6

C. APIPA

D. MAC

47. Answer. B

Explanation. The address is an IPv6 address. Though it is truncated in several ways,

you can see the tell-tale signs of an IPv6 address—hexadecimal numbering, numbers

separated by colons, and most of the time grouped in sets of four. FE80 is a common

start to a private IPv6 address.

Incorrect Answers. IPv4 addresses are decimal, and are always shorter, for example

192.168.1.1. IPv4 addresses are 32-bit whereas IPv6 addresses are 128-bit. APIPA

stands for automatic private IP addressing; a Microsoft technology that allows a client

computer to auto-assign itself an IPv4 address. The address is always on the

169.254.0.0 network. A MAC address (media access control) is the address burned

into the ROM chip of a network adapter, for example: 38-6F-77-5A-68-1D. These are

also hexadecimal, and sometimes will be displayed with colons separating the numbers

instead of hyphens. However, a couple of things differentiate them from IPv6

addresses: for example they are shorter in general, and are grouped in sets of two

numerals instead of four.

Links:







48. You are tasked with changing the IP address of a gigabit switch on the network.

What type of switch is this?

A. Layer 2

B. Layer 3

C. Shared Ethernet

D. 100 Mbps

48. Answer. B

Explanation. If the switch can be configured with an IP address then it is known as a

layer 3 switch, meaning that it resides on the network layer of the OSI model. That is

because IP (and IP addresses) also reside on the network layer.

Incorrect Answers. Switches that cannot be configured with an IP address are known

as layer 2 switches. This means that they reside on the data link layer of the OSI

model, and can transmit data via MAC address only. Switches are the core of the

technology known as switched Ethernet; this replaced shared Ethernet (which used

hubs) long ago. 100 Mbps would imply a Fast Ethernet network, but the switch in the

scenario is called a "gigabit switch" which tells you that the network is 1 Gbps,

otherwise referred to as 1000 Mbps.

Links:







49. An e-mail server that is used for POP3 access is relaying unwanted spam to other

internal e-mail servers. You suspect that the spam is originating from bots on the

network. What should you do first to prevent the spam?

A. Close port 25 on the firewall

B. Close port 110 on the firewall

C. Turn off the SMTP service on the e-mail server

D. Turn off the IMAP service on the e-mail server

49. Answer. A

Explanation. First, you should try closing port 25 on the organization's firewall. This

should block unwanted spam-based SMTP traffic coming from the bots. But be careful

on which interface, and which firewall, you close the port.

Incorrect Answers. Port 110 is the POP3 port. If you close this port the users on your

network will probably not be able to download their e-mail. Attempt to close ports on the

firewall before turning the service off at the e-mail server. If you turn off SMTP on the

server, you might block required relays of SMTP traffic. IMAP (port 143) doesn't play

into this scenario because the server utilizes POP3 and SMTP.

Links:







50. Which of the following technologies allows an 802.11g WAP to transmit data at 108

Mbps?

A. Channel bonding

B. MIMO technology

C. Frequency

D. Encryption type

50. Answer. A

Explanation. Channel bonding is when multiple network interfaces are combined for

increased data throughput. When dealing with 802.11g this is known as Super G

technology; it bonds two standard 802.11g channels (each at 54 Mbps) for a total of

108 Mbps.

Incorrect Answers. MIMO (multi-input and multiple-output) makes use of multiple

antennas on the transmitting and receiving sides. It is used in 802.11n and 802.11ac

among other technologies. The frequency used will depend on the wireless standard

used. For example, 802.11g uses 2.4 GHz only, and 802.11n can use 2.4 GHz and 5

GHz. Encryption type does not change the data transfer rate, but the more powerful

encryption type can slow down the handshaking process when a user first connects to

a wireless network.

Links:







51. You just completed manually entering a route into a router. What is this referred to?

A. Dynamic

B. Static

C. Multicast

D. Unicast

51. Answer. B

Explanation. When you manually enter a route into a router it is known as a static route.

On a Cisco router you would use the ip route command (among other commands).

On a Windows computer in the Command Prompt you would use the route add

command.

Incorrect Answers. If the route was decided on automatically by the router—which is

much more common and makes use of protocols such as RIP, OSPF, and EIGRP—

then it is known as a dynamic route. Multicast and unicast refer to types of

communications that can be made on the network. A unicast communication is from

one computer to another computer; multicast is one computer to multiple systems; and

broadcast is one system to all other systems on the network. These terms also refer to

addresses that can be assigned to network interfaces, often within the realm of IPv6.

Links:







52. One of your co-workers cannot connect to the encrypted wireless network. The co-

worker is able to see the wireless network, and is using the correct passphrase. Which

of the following is most likely the problem?

A. Incorrect SSID

B. Wrong encryption type

C. Lack of signal strength

D. MAC address is not part of the MAC filter

52. Answer. B

Explanation. The most likely answer (of the listed answers) is that the co-worker is

using the wrong encryption type. It could be that the user is attempting to connect using

WPA, and the wireless access point requires WPA2. Or perhaps, the user's computer

is configured for the outdated TKIP, and should be using AES. A quick review of the

client wireless configuration should tell you the exact problem. Once you have

configured the client to use the same standards and protocols that the WAP uses, the

user should be able to "handshake", and connect with no problem.

Incorrect Answers. The answer "Incorrect SSID" is not a correct answer because the

question states that the user can "see" the wireless network; that means the user can

locate the SSID for the wireless network. In addition, if the user can see the wireless

network, then there is no apparent lack of signal strength. It is possible that the

computer's MAC address is not listed in the WAP's MAC filter, but nothing about MAC

filtering is mentioned in the question. Regardless, it is a less likely cause for the

problem.

Links:







53. You are in charge of subnetting a class C network. Your organization has six

departments, and your boss wants you to put each department on its own subnet. Each

department has no more than a dozen computers. Which of the following network

numbers would work best?

A. 192.168.1.0/24

B. 192.168.1.0/25

C. 192.168.1.0/26

D. 192.168.1.0/27

53. Answer. D

Explanation. The network number 192.168.1.0/27 would work best. The /27 tells you

that there are 27 masked bits in the subnet mask. That equates to a class C subnet

mask of 255.255.255.224. The first three octets are the same as a default class C

subnet mask, but the last octet is a 224 instead of a 0. In this case we are borrowing 3

bits from the host portion of the IP address. That last octet of the subnet mask is

11100000 in binary. When we do the math that allows for 8 subnets and 32 hosts per

subnet—mathematically. But there are only 30 hosts that are usable because we have

to omit the first and last addresses (the subnet ID and broadcast ID respectively). So,

we have enough usable subnets for the departments, and enough IP addresses per

subnet for the dozen or so computers within each department.

Incorrect Answers. 192.168.1.0/24 is not utilizing subnetting at all. It is the default

subnet mask of 255.255.255.0. 192.168.1.0/25 only allows for two subnets, it is not

commonly used. 192.168.1.0/26 only allows for four subnets, not enough for our

purposes.

Note: Take a look at this introductory video on subnetting.

http://www.davidlprowse.com/articles/?p=1128

Links:







54. Of the following answers, which supports the fastest wireless data transfer rates?

A. WiMAX

B. ISDN

C. Satellite

D. OC-3

54. Answer. A

Explanation. the Worldwide Interoperability for Microwave Access (WiMAX) standard

offers wireless connections of up to 1 Gbps (or 40 Mbps for older versions). This is

greater than the rest of the answers listed.

Incorrect Answers. ISDN is generally limited to 1.536 Mbps (Primary ISDN or PRI line).

Satellite is generally limited to 50 Mbps (for downstreams, less for upstreams). OC-3 is

an optical fiber line that can transmit approximately 150 Mbps.

Links:







55. Which of the following would you most likely use to test DNS resolution?

A. Ipconfig

B. Dig

C. Netstat

D. Nbtstat

55. Answer. B

Explanation. Dig is a command used in Linux and Unix systems that can test DNS

resolution. On a Microsoft system you would use nslookup.

Incorrect Answers. Ipconfig is used to find out the configuration parameters of a

network interface on a Windows computer. Netstat shows the network statistics of the

local computer, and nbtstat shows the network statistics of local or remote systems.

Links:







56. You suspect that a virus has been introduced to the network. Which technical

resource is the best to use to find out if this is the case?

A. SNMP

B. Network sniffer

C. Syslog

D. TDR

56. Answer. B

Explanation. Used a network sniffer (protocol analyzer) to find out if a virus has indeed

been introduced to the computer network. An example of a network sniffer is the

Wireshark program. A program such as this can be used to analyze packets that are

transferred across the network from one system to another.

Incorrect Answers. The Simple Network Management Protocol (SNMP) is used to

remotely monitor network devices. Syslog is used to remotely analyze the logs of

network devices. A time-domain reflectometer (TDR) is a tool used to find breaks and

shorts in cables. There are some expensive handheld devices that combine the

functions of a TDR and a network sniffer. However, it is much more likely that you will

use a software-based network sniffer in a scenario such as this.

Links:







57. You have installed a firewall from the Add/Remove Programs option in Windows.

What is the best word to describe this type of firewall?

A. Software

B. Hardware

C. Wireless

D. Managed

57. Answer. A

Explanation. The Windows Firewall (or Windows Firewall with Advanced Security) is an

example of a software-based firewall.

Note: This was an easier question than one might anticipate, but you need to be ready for questions such as

these—possibly surrounded by much more difficult questions.

Incorrect Answers. An example of a hardware-based firewall would be a Cisco PIX or

ASA firewall, or a device from Juniper or Checkpoint. A wireless access point might

have a built-in firewall, but this would still be considered a hardware-based firewall. A

managed firewall is a solution that a third-party offers an organization, including the

firewall, and management of that device by administrators.

Links:







58. Which of the following uses classless subnet masks across a network?

A. Supernetting

B. Subnetting

C. CIDR

D. VLAN

58. Answer. C

Explanation. Classless Inter-Domain Routing (CIDR) uses classless subnet masks. For

example, take an address such as 10.150.23.0. Normally, this would appear to be

within the class A range because the first octet is 10. But if you modify the subnet mask

to 255.255.255.0, it changes the network portion of the IP address from 10 to

10.150.23. By using what is normally a class C default subnet mask we make the

network behave the way a class C network would behave. Basically, CIDR is based on

variable-length subnet masking (VLSM).

Incorrect Answers. Subnetting is when a network is subdivided into smaller pieces

known as subnets. Supernetting occurs when two or more networks are combined

together. A VLAN is a virtual LAN; a way of dividing up the LAN—separate from

subnetting, but can be used in conjunction with it or with CIDR.

Links:







59. You have been tasked with setting up a private, class B, subnetted network that

can support up to 1000 computers per subnet. Which of the following network numbers

is the only option in this scenario?

A. 10.50.172.0/24

B. 152.36.0.0/24

C. 169.254.0.0/23

D. 172.17.0.0/22

59. Answer. D

Explanation. The only option (of the listed answers) is to use 172.17.0.0/22. This is a

class B private IP network (172.17.0.0). Remember that the private class B range of

network numbers is 172.16.0.0 through 172.31.0.0. The /22 tells us that we are using

the 255.255.252.0 subnet mask. This allows for 64 subnets with 1022 usable IP

addresses per subnet. This complies with all the requirements in the scenario. There

are other options; for example /21, /20, /19 and so on. However, you would want to

know how many subnets are required. Each step up (say from /22 to /21) cuts the

available subnets in half.

Note: To calculate the math for subnets and total possible hosts, consider using an online subnetting

calculator. (Keep in mind that these are not available on the real exam.)

Incorrect Answers. 10.50.172.0 would normally be a class A network, but the /24 either

tells us it is a subnetted class A 10 network, or more likely, that CIDR is involved, and

that the network number is 10.50.172 and that it is behaving like a class C network.

152.36.0.0/24 has two problems: one, it is not a private network; two, /24 only allows

for 254 usable addresses per subnet. 169.254.0.0/23 is private, but it is the Microsoft

implementation of a private class B network known as APIPA. This technology is meant

for small networks that self-assign their IP addresses. It is not suitable for enterprise

networks. In addition, the APIPA 169.254.0.0 network by default uses the class B

subnet mask of 255.255.0.0 (or /16). Besides that, even if /23 were possible, /23 only

allows for 510 usable IP addresses per subnet, not enough for this scenario.

Links:







60. You have been tasked with installing a WAP in a location where there is no

electrical wiring. The organization does not want to budget for the services of an

electrician. Which of the following should you implement to successfully use the WAP?

A. Fiber optic cable

B. PoE

C. QoS

D. Wireless bridge

60. Answer. B

Explanation. Power over Ethernet (PoE) is the best answer here. This allows the device

to transmit and receive data, as well as receive its power, via the Ethernet network

cable. Normally, Ethernet networks use the orange and green pairs of wires as the data

pairs. This leaves the blue and brown pairs available for sending power. However,

using another method, power can also be delivered on the data pairs. Either one of

these methods will work, but must be properly configured on both ends, and the

devices must be compliant.

Incorrect Answers. Fiber optic cable is not used in typical networks to deliver power.

QoS stands for Quality of Service which allows a person to increase performance of

various streaming services. A wireless bridge doesn't help the situation because it

would require power as well. In scenarios such as this, you don't want to move the

WAP too far away from the client computers in an attempt to find an electrical source,

because the client computers will have a more difficult time connecting to the wireless

network.

Links:







61. Which of the following connector types is most commonly associated with POTS?

A. ST

B. S/PDIF

C. RJ11

D. RJ45

61. Answer. C

Explanation. RJ11 (recommended jack 11) is the main type of connector and jack used

in plain old telephone systems (POTS). If you have a land line you would plug a phone

into an RJ11 wall jack using a patch cable with an RJ11 plug on one end (and probably

an RJ11 or RJ12 on the other end that connects to the phone).

Incorrect Answers. ST is a type of round fiber optic connector commonly used in

multimode communications. S/PDIF is a digital audio cable/connector used to output

high quality audio over short distances. It can be a coaxial cable (with BNC and RCA

connectors) or a fiber optic cable such as TOSLINK. RJ45 is the main type of jack (and

plug) used for twisted pair-based computer networks. That connector looks similar to

an RJ11, but is larger and has more pins.

Links:







62. Which of the following performance optimization techniques would be most

beneficial for a network-wide VoIP configuration? (Select the two best answers.)

A. Traffic shaping

B. Proxy server

C. Quality of service

D. Caching engines

E. Load balancing

62. Answers. A and C

Explanation. The best techniques of the listed answers are traffic shaping and quality of

service (QoS). Traffic shaping is a type of rate limiting on computer networks. It could

be used to put limits on certain types of traffic (other than VoIP) so that VoIP traffic

would have more access to bandwidth. QoS can be used to measure error rates,

bandwidth, throughput, and so on. VoIP is a type of defined quality of service. So, VoIP

is measured by QoS, its required bandwidth analyzed and defined, and if necessary,

shaped by a traffic shaping device (or program).

Incorrect Answers. A proxy server is a go-between for LAN computers and computers

on the Internet (or other networks). It might cache information, filter traffic, or act as an

IP translation device. One of the possible roles of a proxy server is that of a caching

engine, one that caches web or FTP information so that other clients can receive it

faster. Load balancing is when a system's load is divided up among multiple systems

instead of just one, or multiple sets of components (CPU, RAM, etc...) instead of just

one set.

Links:







63. The CEO of your organization decided that only a limited number of authorized

company workstations will be able to connect to the Internet. Which of the following

would best accomplish this goal?

A. Enable MAC address filtering

B. Install and configure IDS

C. Use content filtering

D. Enable RAS on the network firewall

63. Answer. A

Explanation. In this scenario we are talking about computers on the LAN that are trying

to get out of the network. The best way to limit the number of systems that can connect

to the Internet (of the listed answers) is to enable MAC filtering. This way, the router (or

WAP) will keep a list of authorized MAC addresses. Any computer that has a MAC

address that is not on the list will not be allowed access (either to the Internet, or to the

network in general, depending on the device used and the configuration implemented).

Incorrect Answers. An IDS (intrusion detection system) is used to find out if an attacker

(or malicious packets) attempts to gain access to the computer network. Content

filtering is a technique used to filter out inappropriate web pages when users are

accessing the Internet. RAS stands for remote access service. If this is enabled on the

network firewall, then remote users can attempt to authenticate into the network. This is

going in the opposite direction of the type of traffic mentioned in the scenario.

Links:







64. Which layer of the OSI model does HTTP work within?

A. Network layer

B. Layer 4

C. Session layer

D. Layer 7

64. Answer. D

Explanation. HTTP works on the seventh layer of the OSI model, also known as the

application layer. It is called an application-layer protocol because it works just behind

the scenes of a web browser application. Whereas Chrome is a web browsing

application, HTTP is the protocol that is initiated by the browser. In fact, you can type

the protocol directly into the browser's address bar in order to initiate it, for example,

http://www.davidlprowse.com. When you press enter, the web browsing application

invokes HTTP and attempts to connect to the remote web server.

Incorrect Answers. The network layer is layer 3 of the OSI model. That deals with

protocols such as IP. Layer 4 is the transport layer; it concerns protocols such as TCP

and UDP. The session layer is layer 5 of the OSI model; it maintains connections from

one computer to another, for example, an entire login session.

Links:







65. An application server is placed on the network and the intended application is not

working correctly. Which of the following could be used to make sure that sessions are

being opened properly?

A. IDS

B. Tone and probe kit

C. AV scanner

D. Packet sniffer

65. Answer. D

Explanation. Use a packet sniffer to track sessions and the packets involved with each

individual connection. One common type of packet sniffer is Wireshark; it can filter out

captured packets to find the exact application-specific packets you are looking for.

Incorrect Answers. An IDS is an intrusion detection system, used to monitor the

network for attacks, and alert the administrator in case one is found. A tone and probe

kit is used to find a particular telco or datacom cable within a larger group of cables. An

antivirus (AV) scanner is used to scan a system for malware.

Links:







66. Which of the following connector types would be found in a VoIP system utilizing

Cat 6 cabling?

A. RJ11

B. SC

C. RJ45

D. BNC

66. Answer. C

Explanation. The connector type used with Cat 6 cabling is RJ45. Category 6 (Cat 6)

cabling implies an Ethernet twisted-pair computer network. In this type of network, the

computers' patch cables have RJ45 plugs on each end. Those patch cables connect on

one end to the computer's network adapter, and on the other end to an RJ45 wall jack.

Incorrect Answers. RJ11 is associated with plain-old telephone systems (POTS). SC is

a type of snap-on fiber optic cabling connector used in datacom and telecom networks.

BNC was used in older 10BASE2 Thinnet computer networks with coaxial cable, and is

used with coaxial-based S/PIDF audio connectors.

Links:







67. Which of the following network topologies describes a network where packets of

data are transmitted from one computer to another in a circular fashion?

A. Mesh

B. Bus

C. Ring

D. Star

67. Answer. C

Explanation. The ring network topology is one where packets of data are transmitted

from one computer to another in a circular fashion. Though this is not common in

today's LANs, you might find this type of network topology in other larger types of

networks that use concentrators and are fiber-optic based.

Incorrect Answers. The mesh topology connects every computer on the LAN to every

other computer. The bus topology is where all computers are connected to a single bus

which is terminated on each end; if one computer fails, all computers on the network

segment fail. The star topology—the most common LAN topology—is where all

computers connect to a central connecting device such as a switch.

Links:







68. Which of the following security methods ensures that communications occur over

secured, encrypted channels, even when the data uses the Internet?

A. RAS

B. MAC filtering

C. L2TP

D. SSL VPN

68. Answer. D

Explanation. A virtual private network (VPN) that uses Secure Sockets Layer (SSL)

certificates can rely on secure, encrypted channels, regardless of whether a user VPNs

into a network locally, or if the data that is sent goes through the Internet during remote

connections.

Incorrect Answers. Layer 2 Tunneling Protocol (L2TP) is a VPN-based protocol, but

secures by default with IPsec, which is perfect for remote connections to the network,

but doesn't secure connections to the Internet. RAS stands for remote access service,

which is a generalized term for allowing remote users access to a network; it is best

accomplished by using a VPN. MAC filtering is when computers are allowed access to

a LAN (or WLAN) based on whether the computer's MAC address is listed within the

MAC table of the router or WAP.

Links:







69. Which of the following is used within a PKI?

A. Certificate services

B. Access control lists

C. RADIUS server

D. Router configuration commands

69. Answer. A

Explanation. A public key infrastructure (PKI) will make use of certificate services. In

order for users to connect securely to websites, the PKI will make use of SSL

certificates that are generated by a certificate authority. These SSL certificates will

encrypt the connection and data stream of the web session.

Incorrect Answers. Access control lists (ACLs) are used by firewalls. A RADIUS server

is used for authentication—often in conjunction with a WPA2-Enterprise configuration

of an access point. Router configuration commands (such as enable, configure

terminal, and so on) are used to set up routers such as Cisco devices.

Links:







70. You have been tasked with separating different subnets on a switch. What is the

best way to do this?

A. Use STP on the main ports

B. Create VLANs throughout the ports

C. Use VTP on each switch

D. Implement trunking on all ports

70. Answer. B

Explanation. To create the separate subnets on the switch, the best answer listed is to

create VLANs (virtual LANs) throughout the ports on the switch.

Incorrect Answers. The Spanning Tree Protocol (STP) is used to avoid looping within

the switch due to improper cabling. VLAN Trunking Protocol (VTP) is used to define

VLANs on the entire network, over multiple switches. This is overkill for this particular

scenario, as we only have one switch. Similarly, trunking is not necessary on all ports.

Links:







71. Which command will send ICMP echoes that have been increased to 1500 bytes

each?

A. arp -1500

B. ping -n 1500

C. ping -t 1500

D. ping -l 1500

71. Answer. D

Explanation. The command syntax ping -l 1500 will send a standard 4-packet ping

but instead of each ping being the default 32 bytes, each packet will be increased to

1500 bytes. This type of parameter is used to simulate real traffic. If you wanted to ping

the IP address 192.168.1.1 in this manner then the syntax would be ping -l 1500

192.168.1.1, or ping 192.168.1.1 -l 1500. The parameter -l 1500 can be

before or after the IP address.

Incorrect Answers. Arp -1500 is the throwaway answer, there is no such syntax. If this

was typed in Windows, it would simply display the help file for arp. Ping -n 1500 would

send 1500 packets, but all of them would be the default size of 32 bytes. Ping -t sends

a continuous stream of packets until it is stopped; for example by using the Ctrl + C

keyboard shortcut. Because it is continuous, no -1500 is required. An example of its

usage would be ping -t 192.168.1.1.

Work with the ping command in the Command Prompt of a Windows computer. Run

tests on another computer or your router using the -l, -n, and -t parameters.

Links:







Try it!

72. Some users have complained that they need to log on to too many applications with

different credentials, each of which are associated with different rule sets. Which of the

following should you implement to address these concerns?

A. Software solution that uses single sign-on authentication

B. Properly configured domain services for user accounts

C. Increased time between mandatory password changes

D. Domain account log on policies that reflect the most common application rule sets

72. Answer. A

Explanation. The best solution of the listed answers is to implement a software solution

that uses single sign-on authentication. This way, users will only need to log on once

and will be authenticated to multiple applications and systems. This addresses the

concern of users having to log on to many applications with different credentials—

meaning different usernames and passwords.

Incorrect Answers. Domain services need to be properly configured for users to have

access to domain resources, but if the users are logging on to multiple applications

using different credentials, configuring the domain services for the user accounts won't

help the situation. You need a third-party application that can combine the credentials

from the varying applications: federated identity management would be an excellent

solution. Increasing the time between password changes will simply push back when

users are required to change their passwords. While this might help out a little bit in the

long run, it is not a very secure concept. Passwords should be changed every month or

so (less for critical applications), but regardless of the timeframe you select, the users

still need to remember multiple credentials. Log on policies deal with when a user can

log on, what computers the user can log on to, and what applications they will have

access to, but won't change the amount of credentials for all of the various applications.

Two of the answers centered on the Microsoft domain, and when applications are

Microsoft-based, the default action is to use the same credentials of the user account in

question. But when users connect to many applications, the chances are that some of

them are third-party and perhaps do not integrate well with active directory, and

therefore require separate credentials.

Links:







73. You want to secure your web server so that it cannot be port scanned by external

sources. What is the best way to do this?

A. Use a content filter

B. Implement a proxy server

C. Utilize a firewall

D. Employ the ACL implicit allow

73. Answer. C

Explanation. The simple answer is often the best. In this case, use a firewall to block

ports and port scans. This will help to secure the web server. Of course, if the web

server needs to be accessed by external users then port 80, and possibly 443 and

other ports will need to be opened at the firewall.

Incorrect Answers. A content filter scans the websites that users access and filters out

inappropriate content. A proxy server can utilize NAT or can cache website information

for internal LAN users. An ACL is an access control list which is configured on the

firewall. The implicit allow rule would allow far too much traffic. That would not

accomplish what we desire, in fact it would have the opposite effect.

Links:







74. Which of the following layers is the presentation layer?

A. Layer 4

B. Layer 5

C. Layer 6

D. Layer 7

74. Answer. C

Explanation. In the OSI model, the presentation layer is layer 6. This layer takes care of

code conversion, encryption, and other presentation methods for data. Contrast this

with the TCP/IP model, where there is no presentation layer, and its function is

combined into the application layer.

Incorrect Answers. In the OSI model, layer 4 is the transport layer. Layer 5 is the

session layer. Layer 7 is the application layer.

Links:







75. You have been tasked with setting up an enterprise-level class A subnetted

network that contains many computers. You need to accommodate 29 subnetworks,

each of which can handle 350,000 computers. Which of the following is the correct

subnet mask to use?

A. 255.240.0.0

B. 255.248.0.0

C. 255.252.0.0

D. 255.255.248.0

75. Answer. B

Explanation. The only option (of the listed answers) is to use 255.248.0.0. This subnet

mask will provide for 32 subnets, and a maximum of 524,286 computers per subnet.

This meets our requirements (though it might not be very scalable). As an example, the

network number might be the private class A network 10.0.0.0. The 255.248.0.0 subnet

mask could also be referred to as /13. So you might see the network referred to as

10.0.0.0 /13, telling you instantly that it is a subnetted network.

Incorrect Answers. 255.240.0.0 (/12) provides enough computers, but not enough

subnets; it only offers 16 subnets. Conversely, 255.252.0.0 (/14) provides enough

subnets, but not enough computers; it only provides for 262,142 computers. Finally,

255.255.248.0 (/21) is way off the mark. it provides for plenty of subnets (8192), but not

nearly enough computers, only 2046 per subnet. This subnet mask is the kind you

might see in a CIDR-based configuration where the class A network behaves as a

class C network.

Links:







76. You ping another computer on the network to see if it is "alive". The underlying

protocol used is ICMP. What layer of the OSI model does this protocol function on?

A. Layer 2

B. Layer 3

C. Layer 4

D. Layer 7

76. Answer. B

Explanation. The Internet Control Message Protocol (ICMP) functions on layer 3, the

network layer of the OSI model. In the TCP/IP model this would be the Internet layer.

ICMP works in conjunction with IP and ARP to accomplish the ping successfully.

Incorrect Answers. Layer 2 is the data link layer; this is where technologies such as

Ethernet function. Layer 4 is the transport layer; this is where TCP and UDP reside.

Layer 7 is the application layer; this is where protocols such as HTTP and FTP

function.

Links:







77. Which layer of the OSI model do frames function at?

A. Layer 1

B. Layer 2

C. Layer 3

D. Layer 4

77. Answer. B

Explanation. Frames of information function at layer 2, the data link layer. Most

commonly, you will deal with Ethernet frames of information. The 802.3 series of

standards known as the various types of Ethernet are all layer 2 technologies. In a

nutshell, communications start as a message at the application layer (layer 7). They are

broken down into packets at the network layer (layer 3). Each packet is then

encapsulated into a frame on the data link layer. Then, those frames are broken down

into a serial bit stream and sent across the physical network (layer 1). The bits are

reassembled at the destination computer, and the process works in reverse back

through the OSI layers.

Incorrect Answers. Layer 1 is the physical layer. This is largely disregarded in the

TCP/IP model. Layer 3 is the network layer. This is where packet assembly and

disassembly occurs. Layer 4 is the transport layer. This is where messages are sent

out according to port number. it is also the layer that decides if the communication will

be connection oriented—meaning guaranteed (TCP), or connectionless—meaning non-

guaranteed (UDP).

Links:







78. Which of the following allows an administrator to reference performance and

configuration information if there is a problem on the network?

A. System baselines

B. Network diagrams

C. Wire schemes

D. Change management

78. Answer. A

Explanation. System baselines (and baselining in general) are extremely important to

the network administrator. They allow the admin to make comparisons and analyze

whether there are problems on the network that need to be taken care of.

Incorrect Answers. The rest of the answers do not allow the admin to make

comparisons—the key point in this scenario. Network diagrams are static pieces of

information that show devices, their hostnames and IP addresses, and their physical

connectivity to other devices on the network. They are quite important, and can help an

admin to troubleshoot problems, but they do not change unless updated by the

administrator, and cannot be compared to anything else. Wire schemes define what

cabling has been installed and where; it might manifest itself as a diagram, or blueprint,

of the organization's building. Change management is the process of securing

permission to make a change and documenting that change (and the authorizing

personnel) once it has been made.

Links:







79. You are a technician for your organization and are in contact with an end-user who

needs a computer repaired. To repair the end-user's computer you first need to be able

to remote into it. To do this, you require either the IP address or the hostname of the

computer. Which command should you tell the end-user to issue within the Command

Prompt?

A. ipconfig

B. ping

C. traceroute

D. netstat

79. Answer. A

Explanation. Use the ipconfig command to find out the hostname of the computer, its IP

address, and the network configuration of the network adapter—specifically, the

ipconfig /all command.

Work with the ipconfig command in the Command Prompt of a Windows computer.

Incorrect Answers. Ping is used to test whether other computers on the network are

available. Traceroute is a command that traces the hops (network jumps) from the local

computer to a remote destination. But remember, the traceroute command is

Linux/Unix-based; its Windows counterpart is tracert. The scenario says to issue a

command within the Command Prompt, which means Windows, so the answer is

doubly wrong. Netstat is used to find out networking statistics of the local computer;

such as sessions opened to other systems, the status of those sessions, and the ports

being used during those sessions.

Links:







Try it!

80. Your organization just completed a disaster recovery test. It has been determined

that several of the organization's billing representatives will need to temporarily take

payments from customers over the wireless network, with security being enforced

wherever possible. Which wireless configuration should you use?

A. WPA2, SSID enabled, 802.11n

B. WPA2, SSID disabled, 802.11a

C. WEP, SSID disabled, 802.11b

D. WEP, SSID enabled, 802.11g

80. Answer. B

Explanation. The best answer listed is to use WPA2, disable the SSID, and use

802.11a. The most important component here is WPA2 encryption (probably in

conjunction with AES), but disabling the SSID is an important security precaution as

well. 802.11a is fine in this scenario, though somewhat uncommon.

Incorrect Answers. WEP is insecure and is therefore deprecated. It should be replaced

with at least WPA or better. The SSID should be disabled once all billing computers

have been connected to the wireless network. This will discourage others from

attempting to connect. If enabled, the wireless network can be more easily scanned for,

which is not secure. The type of wireless networking 802.11 standard doesn't make too

much of a difference here. It is far less important than using proper encryption, and

disabling the SSID. So, the speed of 802.11n in comparison to 802.11a is not a factor

in this scenario.

Links:







81. Which of the following layers of the OSI model does the network interface layer of

the TCP/IP model correspond to? (Select the two best answers.)

A. Physical

B. Data link

C. Network

D. Transport

E. Session

81. Answers. A and B

Explanation. The network interface layer (also known as the link layer) in the TCP/IP

model deals with network adapters, Ethernet, frames of information and so on. This

mainly corresponds to the data link layer in the OSI model, but also roughly includes

the concepts within the physical layer of the OSI such as cabling, and data transfer

rates.

Incorrect Answers. The network layer of the OSI model is equivalent to the Internet

layer in the TCP/IP model. The transport layer is the same in both models. The session

layer of the OSI model is incorporated into the application layer of the TCP/IP model.

Remember that the TCP/IP model is also known simply as the Internet Protocol Suite.

OSI Model Layer TCP/IP Model Layer

Application Application

Presentation

Session

Transport Transport

Network Internet

Data link Link (or network interface)

Physical

Table 2 OSI versus TCP/IP Models

Links:







Memorize it!

82. You are tasked with setting up a default network with a subnet mask of

255.255.255.0. How many usable IP addresses would be in that network?

A. 252

B. 254

C. 255

D. 256

82. Answer. B

Explanation. There would be 254 usable IP addresses. Mathematically, the range is

from 0 to 255, for a total of 256 values. But remember that you cannot use the first or

last IPs; they are reserved for the network ID (or subnet ID) and the broadcast. An

example based on the question's scenario would be the class C 192.168.1.0 network

using the 255.255.255.0 default subnet mask. On that network, 254 computers can be

assigned IPs. 192.168.1.0 is the network number, and 192.168.1.255 is the broadcast

IP for that network, but 192.168.1.1 through 192.168.1.254 are usable for hosts.

Note: 254 would be the correct answer regardless if the question asked about a complete network, or if it

asked about a subnetwork. For example, the class B 172.16.0.0 network that uses 255.255.255.0 would be

considered subnetted, and each subnet could have 254 usable IPs. This could also be classified as an

example of CIDR.

Incorrect Answers. 252 does not fit into the equation, but you might see subnet masks

that use that number, such as 255.255.252.0. This is a different concept altogether—

one that is most likely based on a class B network. In a class B network this subnet

mask would allow for 64 subnets, and 1022 computers per subnet. 255 is also

incorrect. Even though the mathematical range of an octet is 0-255, you have to

remember not to discount zero, and that the 0-255 range actually has 256 values. But

again, 256 is also not correct, because we have to subtract 2 from the total: one for the

network ID, and one for the broadcast, leaving us with 254 usable IPs.

Links:







83. The network administrator of your organization says that all new drops are active.

However, you take a laptop to one of the new drops to test connectivity and you get an

intermittent signal. Which of the following tools should you use to further test the line?

A. Tone and probe kit

B. Environmental monitor

C. Cable tester

D. Protocol analyzer

83. Answer. C

Explanation. You would use a cable tester (or cable certifier). The intermittent signal is

a hint that the cable drop is not terminated properly on one end. The cable tester will

tell you exactly which wires are causing problems. The best thing to do in these

situations is to re-terminate all 8 wires. This might need to be done at either the RJ45

jack or at the patch panel, you won't know until you look at the terminated wires.

Incorrect Answers. A tone and probe kit is used to locate a cable among many cables.

It is commonly used with telco and datacom connections. If one fails, you can plug the

tone device into the RJ11 (or RJ45) jack, and then probe for the other end of the wire in

the wiring closet or server room, either of which will have a lot of cables. An

environmental monitor is used to watch temperature, humidity and so on for the

building. It is an important tool to use to make sure that HVAC and SCADA systems are

working properly. A protocol analyzer is used to capture packets, and study them. It

can be used to find out if there are server-based problems on the network, or can be

used for baselining, and so on.

Links:







84. One of the users in your company has a computer with a problem accessing the

Internet. The computer's network interface card has a link light that is lit, but you can't

seem to gain access to the Internet. What is the most likely cause of the problem?

A. Faulty SFP

B. Cable is a crossover

C. Faulty GBIC

D. VLAN mismatch

84. Answer. D

Explanation. It could be that the computer is wired to the incorrect VLAN, one that is

not allowed access to the Internet. In this case, moving the patch cable in the server

room from one switch port to another (or to another switch altogether) should fix the

problem. You would need to consult your network documentation to find out exactly

where to connect the computer.

Incorrect Answers. The question doesn't make mention of a small form-factor pluggable

(SFP) transceiver; these are more commonly used in fiber-optic connections, and are

not as common in typical twisted pair connections for a computer on the LAN. In

addition, the scenario does say that the network interface card has a link light that is lit.

If the computer is using a network interface card (aka network adapter), then an SFP is

not necessary. Plus, the fact that it is lit tells you that the adapter is working and has a

connection. In this case it has a connection to the LAN's switch, but does not have a

connection to the Internet due to the VLAN mismatch. If the cable (meaning the

computer's patch cable) was a crossover then it would not connect properly to the

switch, and would not have a lit link light. Normally, a computer connects from the

network adapter to the RJ45 jack by way of a straight through cable, not a crossover

cable. A GBIC is a gigabit interface converter, another type of transceiver for network

connections. In fact, the SFP is a smaller variation of the GBIC. Like the SFP, the GBIC

is not necessary, because the scenario says that the network interface card has a lit

link light. That tells us that the physical connectivity is good, but that there is a logical

problem, in this case the VLAN mismatch.

Links:







85. You need to build a crossover patch cable so that you can connect two computers

directly to each other. You are using the 568A and B standards in a typical Ethernet

environment. Which pairs of wires need to be crossed in this cable?

A. Blue and green

B. Orange and green

C. Blue and brown

D. Orange and blue

85. Answer. B

Explanation. The orange and green pairs need to be crossed. 1 crosses to 3, and 2

crosses to 6. See Table 2-5 in Chapter 2 for more information.

Incorrect Answers. The blue and brown pairs are not used in a typical Ethernet

environment. They are reserved for other types of network standards and for other

technologies such as PoE.

Links:







86. Which of the following LAN technologies provides a maximum bandwidth of 1 Gbps

through fiber optic cable?

A. 10GBASE-LR

B. 100BASE-FX

C. 100BASE-TX

D. 1000BASE-X

86. Answer. D

Explanation. 1000BASE-X provides a maximum of 1 Gbps through fiber optic cable.

The 1000 tells you that it has a maximum data transfer rate of 1000 Mbps which is

equal to 1 Gbps. The BASE tells you that it is used in baseband LAN transmissions

(which is typical). The X is somewhat of a variable, telling you that fiber optic cable is

used, but more information is needed to know exactly which type. For example,

1000BASE-SX uses multi-mode fiber optic cable to a maximum of 550 meters. Other

variants include 1000BASE-CX, 1000BASE-LX, and 1000BASE-EX.

Incorrect Answers. 10GBASE-LR is indeed fiber optic (long reach multi-mode), but the

maximum data transfer rate is 10 Gbps, not 1 Gbps. 100BASE-FX is also fiber-based,

but only transmits at a maximum of 100 Mbps. 100BASE-TX is a copper-based twisted-

pair standard which only transmits at a maximum of 100 Mbps—not suitable for most of

today's networks.

Links:







87. Which of the following defines the length of time a computer retains its IP address

for?

A. Subnet

B. Lease

C. Scope

D. Reservation

87. Answer. B

Explanation. The lease is the amount of time a computer retains its IP address for. This

is similar to leasing an apartment or a car. The lease is for a set amount of time. For IP

addresses this could be 7 days, 30 days (both typical) or whatever the administrator

sets it to.

Incorrect Answers. A subnet is a logical (and mathematical) subdivision of an IP

network. A scope is the range of IP addresses that a DHCP server uses to assign to

clients. A reservation is an IP address within the scope that has been set aside for

special computers, to most likely be used in a static fashion.

Links:







88. One of the users within your organization has a workstation that can connect to the

network printer in the department, but cannot connect to the Internet. You run the

ipconfig command on the workstation and get the following information:

IP address: 192.168.0.124

Subnet mask: 255.255.255.128

Default gateway: 192.168.0.254

What is preventing the workstation from accessing the Internet?

A. Incorrect gateway

B. Incorrect VLAN

C. Bad switch port

D. Duplicate IP address

88. Answer. A

Explanation. The incorrect gateway address is causing the problem. the key is the

subnet mask. If a class C network such as 192.168.0 is using the 255.255.255.128

subnet mask, then subnetting has been implemented. Furthermore, it tells you that

there are 2 subnets, each of which can have 126 computers. The usable IP ranges for

those subnets would be:

Subnet ID 0: 192.168.0.1 - 192.168.0.126

Subnet ID 1: 192.168.0.129 - 192.168.0.254

Note: Subnet ID numerals always start with 0.

Note: Remember that the first and last IPs of any subnet are not usable due to the subnet ID itself and the

broadcast.

After reviewing the subnets and their IP ranges we see that the workstation in the

question is on subnet ID 0, and the gateway is on subnet ID 1. By default, computers

on different subnets cannot communicate with each other. Chances are that there is

another gateway on subnet ID 0, most likely inhabiting the IP address 192.168.0.126.

That is the last usable IP of the subnet, which is likely given the information about the

gateway of the second subnet. It all makes sense at this point, because the workstation

can access the printer (which is most likely on the same subnet) but cannot access the

Internet, which requires a connection through an acessible gateway.

Incorrect Answers. Given the information available, we have no idea if the workstation

is connecting to an incorrect VLAN, or if VLANs are even being used. It is not likely in

this scenario, plus we would need to dig further to find out information about VLANs. If

there was a bad switch port the computer would not be able to connect to the network

printer, and probably wouldn't display much information when you run an ipconfig. A

duplicate IP address would render the workstation inoperable. In that case, the

computer's IP would need to be reconfigured and the system would have to be

restarted. Use DHCP to avoid IP conflicts of this nature.

Links:







89. Which of the following protocols works on the lowest layer of the OSI model?

A. PPTP

B. ISAKMP

C. IPsec

D. L2TP

89. Answer. D

Explanation. The answer has a hint directly within the acronym. L2TP stands for Layer

2 Tunneling Protocol. That means that it resides on layer 2, the data link layer. When it

comes to TCP/IP and network communications, we aren't too concerned with the

physical layer, and so the data link layer becomes the lowest corresponding layer of the

OSI model in this question.

Note: Remember that the OSI layers are normally displayed with the physical layer on the bottom and the

application layer on the top.

Incorrect Answers. The Point-to-Point Tunneling Protocol (PPTP) resides on layer 3,

the network layer, which is higher than the data link layer. The Internet Security

Association and Key Management Protocol (ISAKMP) works between the session and

application layers of the OSI model. IPsec is a network layer protocol.

Links:







90. What class does an APIPA IP address fall into?

A. Class A

B. Class B

C. Class C

D. Class D

90. Answer. B

Explanation. Automatic private IP addressing (APIPA) IP addresses fall into class B.

APIPA uses the 169.254.0.0 network which is within the class B range. (169 falls within

128 and 191 in the first octet of the IP address range).

Incorrect Answers. The class A range is 1 - 127. The class C range is 192 - 223. The

class D range (used for multicasting) is 224 - 239.

Note: Rounding out the IPv4 class scheme, there is class E (240 - 255) which is reserved for future use.

Links:







91. A user cannot access any network resources. You go to the workstation and type

ipconfig and see the following results:

IP Address: 192.168.150.32

Subnet mask: 255.255.255.240

Default gateway: 192.168.150.46

Which of the following configuration changes would allow the user to connect to

network resources?

A. Change the default gateway to 192.168.150.1

B. Change the default gateway to 192.168.150.254

C. Change the IP address to 192.168.150.31

D. Change the IP address to 192.168.150.33

91. Answer. D

Explanation. The only possible solution (of the listed answers) is to change the IP

address of the workstation to 192.168.150.33. That is a valid, usable IP address on the

3rd subnet of this subnetted network. As it stands in the question, 192.168.150.32 is

the configured address, but it is not usable on the network, because that is the subnet

ID address for that particular subnet, and not allowed for use by workstations. We know

this because of the subnet mask in the question—255.255.255.240. This tells us that

we can have 16 subnets with 16 addresses per subnet (14 of which are usable). The

first subnet would be 192.168.150.0 - 192.168.150.15. The second subnet would be

192.168.150.16 - 192.168.150.31. The third subnet would be 192.168.150.32 -

192.168.150.47, and so on... Remember that the first and last IPs of each subnet can

not be used because they are utilized by the subnet ID and the broadcast. So, in the

third subnet, 32 and 47 can't be used. By changing the workstation's address from .32

to .33 we give it a usable IP address. At this point, the workstation should be able to

connect to any and all network resources.

Incorrect Answers. Changing the gateway address is not necessary, because the

current address of 192.168.150.46 is on the same subnet as the workstation, and it is a

usable IP (the last usable one by the way). Changing the IP address of the workstation

to 192.168.150.31 would give it a usable address, but then the workstation would be on

the wrong subnet: the second subnet, whereas the gateway that the workstation is

pointing to is on the third subnet.

Note: See Appendix A for subnetting tables

Links:







92. A user reports that some normally accessible external sites are not responding, but

most other sites are responding normally. Which of the following is the most likely

cause?

A. Smurf attack

B. Faulty routing rule

C. Wrong subnet mask

D. VLAN mismatch

92. Answer. B

Explanation. The most likely cause in this scenario is a faulty or improperly configured

routing rule. This would cause some external websites to fail to respond (because there

is no route available), while others respond properly (because those routes are properly

configured). Routing rules should be examined. To show the routing table on a Cisco

router use the show ip route command. To show the routing table on a Windows

computer, use the route print command.

Incorrect Answers. A Smurf attack is a type of DoS attack which is used to take down a

single server or a single router at a time. In this case, only the affected external website

would be down, and probably only one. It is possible that there are multiple

simultaneous Smurf attacks being directed to more than one external website that your

users access, but it is less likely than a faulty routing rule. A wrong subnet mask would

usually mean that the users in question would not have access to any websites. A

VLAN mismatch would probably cause a problem when the workstations try to connect

through the gateway to the Internet, and therefore would most likely cause all websites

to be inaccessible.

Links:







93. Which of the following virtual devices is the best option to use when hosting a

company's website?

A. Switch

B. PBX

C. Server

D. Desktop

93. Answer. C

Explanation. A virtual server is the best option for hosting a company's website. The

actual website's web server software might be IIS or it might be Apache, but the key

here is that it is running virtually, and possibly through a cloud-based vendor. The

server might run on one of several virtual platforms including Microsoft Hyper-V, or a

product from EMC, VMware, or Cisco. This virtualized server might fall under software

as a service (SaaS) or platform as a service (PaaS) when it comes to cloud computing,

depending on its type of usage.

Incorrect Answers. A virtual switch or a virtual PBX can be created within virtualization

software locally or in the cloud; in the case of the cloud these would fall into the

category of infrastructure as a service (IaaS). However, a web server is not stored

within a switch or a PBX, it needs to be run on a computer. A desktop computer can

run some web server software (often limited versions), but it is not the best location for

a website. Websites are best stored within servers that are designed specifically for the

job.

Links:







94. Which of the following is a terminal emulator used to manage network devices?

A. IDS

B. PuTTY

C. VPN

D. RDP

94. Answer. B

Explanation. PuTTY is a third-party program that can be used to manage network

devices. It does this via the command-line and often connects to the remote device or

computer using the SSH protocol.

Incorrect Answers. An intrusion detection system (IDS) is a network device that warns if

any anomalous packets enter the network. VPN stands for virtual private network. You

might use PuTTY while connecting to remote systems over a VPN for added security.

RDP stands for Remote Desktop Protocol, used to take control of remote systems. This

manifests itself as the entire GUI of the remote operating system. While PuTTY gives

control of the other system in the command-line, RDP gives control of it through the

GUI.

Links:







95. You work for a law firm in an office building in a major city. After installing a new

wireless access point, you secure the device using WPA and then connect to it using a

laptop. Which of the following would be the next logical step in securing the device?

A. Remove the antennas

B. Change the wireless encryption type to WEP

C. Check neighboring offices for connectivity and reduce signal strength appropriately

D. Add a second SSID broadcast to the access point and name it the same as a

neighboring company's AP

95. Answer. C

Explanation. Once you have verified that you can connect to the new WAP, take the

laptop outside the perimeter of the office to see if there is a signal. If so, reduce the

transmission power of the WAP within the firmware of the device so that only users

within your building's perimeter can connect.

Incorrect Answers. Removing the antennas from the WAP or the laptop is not

recommended. This will generally reduce signal so much that the wireless connection

becomes unusable. Changing the wireless encryption type to WEP is not

recommended. WEP is insecure and should not be used. Normally, WAPs only have

one SSID broadcast. Even if a second one could be configured you would not want to

use a neighboring company's SSID. This would create an evil twin, which is at best

immoral, and at worst illegal.

Links:







96. Which of the following can send data the farthest using single-mode fiber optic

cable?

A. 10GBASE-ER

B. 10GBASE-SR

C. 10GBASE-LW

D. 10GBASE-SW

96. Answer. A

Explanation. 10GBASE-ER can transmit signals as far as 30 to 40 kilometers. The ER

stands for extended reach. Because of the long distances it strives to achieve, the

standard calls for single-mode fiber optic cable.

Incorrect Answers. 10GBASE-SR (short range) can transmit signals as far as 400

meters and uses multi-mode cabling. The two standards mentioned so far, as well as

10GBASE-LR (long reach, which can go up 25 KM), are known as LAN PHY 10 Gbps

standards. This means that they are considered to be LAN-based physical layer (PHY)

connections—regardless of the distance that 10GBASE-LR and 10GBASE-ER can

achieve. 10GBASE-SW and 10GBASE-LW however, are known as WAN PHY

standards, meant specifically for WAN connections, with included specifications for

error correction, and so on. These can send signals almost as far as their LAN PHY

counterparts. For example, 10GBASE-SW sends signals just under 400 meters, slightly

less than its LAN PHY counterpart - 10GBASE-SR. We can go on and on about 10

Gbps technologies. For now, remember that all of these are considered to be 10-gigabit

Ethernet technologies (also abbreviated as 10GE or 10GbE). Take a look at Table 3-3

for a list of 10 Gbps Ethernet standards, their cable type used, and the maximum

distance the signal can travel before attenuating (in the case of copper-based cable), or

before suffering from chromatic dispersion (as in the case of fiber-optic cable).

Try to know the different 10 Gbps Ethernet standards as shown in Table 3-3. This is not

a finite list, but provides typical examples of what you might see on the Network+ N10-

005 exam.

10 Gbps

Ethernet

Cable Type Maximum

Distance

Memorize it!

Standard

10GBASE-T Twisted pair

Category 6a or better

100 meters

10GBASE-CX4 Twisted Pair

CX4 cabling

15 meters

(uncommon)

10GBASE-SR

10GBASE-SW

Fiber optic

Multi-mode

400 meters

10GBASE-LR

10GBASE-LW

Fiber optic

Single-mode

10 kilometers

10GBASE-ER

10GBASE-EW

Fiber optic

Single-mode

40 kilometers

Table 3 10 Gbps Ethernet Standards

Note: You will find that fiber optic connections which run under 1000 meters will usually be multi-mode; over

1000 meters, single-mode.

Links:







97. One of your co-workers tells you that Windows just displayed a message stating

that a duplicate address exists. Which of the following issues has occurred?

A. Evil twin

B. IP address conflict

C. Wrong gateway

D. Wrong subnet mask

97. Answer. B

Explanation. The message stating that a duplicate address exists means that another

computer on the LAN has the same IP address as the computer that received the

message. In a DHCP-based environment this shouldn't happen; it is more likely in an

environment where the computers have their IP addresses assigned manually by the

administrator (static IP addressing). If this happens, the computer that caused the

conflict would need to have the IP address changed, and both computers involved

should then be restarted.

Incorrect Answers. An evil twin is an unpermitted wireless access point with the same

SSID as a WAP within a legitimate organization. It is usually created by an attacker or

other malicious person to fool and attract unwary users of the organization. Wrong

gateway addresses and incorrect subnet masks would most likely result in failed

network communications in one form or another. However, they don't automatically

display messages (on most OSes as of the writing of this book). The only way to tell if

there were configuration problems such as these would be to run the commands

ipconfig (in Windows), or ifconfig (in Linux and OS X).

Links:







98. Which of the following uses DUAL for determining the best path?

A. RIPv2

B. OSPF

C. EIGRP

D. RIP

98. Answer. C

Explanation. The Enhanced Interior Gateway Routing Protocol (EIGRP) uses the

diffused update algorithm (DUAL) to improve efficiency of the protocol and prevent

errors when determining the best path to a destination.

Incorrect Answers. Like EIGRP, the Routing Information Protocol (RIP) and RIPv2 are

distance-vector routing protocols, but they are older and for the most part deprecated.

One of the reasons for this is that they do not use DUAL. Another is that there is a lack

of support; for example, RIP does not support VLSM or CIDR. RIPv2 supports CIDR

but still has much higher overhead than EIGRP. Open Shortest Path First (OSPF) is a

link-state routing protocol, and though it is another widely used interior gateway

protocol, it does not make use of DUAL.

Links:







99. Your company just expanded and now also inhabits the 2nd and 3rd floors of your

building. The expansion only calls for switches and patch panels to be installed. Which

of the following would you need to locate?

A. IDF

B. Demarc

C. MDF

D. Smart jack

99. Answer. A

Explanation. You should locate the intermediate distribution frame (IDF). This is where

you will terminate cables into patch panels for the other floors, and add switches for the

computers that will exist on those floors. It is also where telephone cables from your

telecommunications provider are connected. All this usually occurs in the server room

(which is probably on the main floor which was already inhabited) or for smaller

organizations within a wiring closet.

Incorrect Answers. The demarcation point (abbreviated as demarc) is the point where

the responsibility of the network administrator ends, and a telecommunications or data

communications company begins. Often it is a high-speed network WAN jack, or the

router (and CSU/DSU) that connects to that jack. The main distribution frame (MDF) is

a termination point that exists within the local telephone company's exchange. This is

not something that the network administrator would have access to, it would be

considered far beyond the demarc. In essence, the MDF is outside of the network

administrator's responsibility, and therefore beyond the demarc; whereas the IDF is

within the realm of the network administrator's responsibility, and therefore inside (or

behind) the demarc. A smart jack is an intelligent network interface device that might

act as a demarc but also provides code conversion, signal conversion, and so on.

Links:







100. You are troubleshooting a computer that has had a reported problem accessing

the Internet. During the troubleshooting process you type the ipconfig /all

command. At which stage of the troubleshooting process might this occur? (Select the

two best answers.)


B. Establish a theory of probable cause

C. Test the theory to determine cause

D. Establish a plan of action

E. Implement the solution

F. Verify full system functionality

G. Document findings

100. Answers. A and F

Explanation. You might use the ipconfig /all command during the 1st step (identify the

problem) and the 6th step (verify full system functionality) of the CompTIA Network+

troubleshooting methodology. Because the ipconfig /all command gives you a lot of

network configuration information, it is an excellent tool to use in this scenario while you

are gathering information. It's also a great way to check if your solution has worked

properly while you are verifying full system functionality. Of course, you should also use

the ping command, and test with applications such as web browsers and e-mail clients

when verifying system functionality.

Incorrect Answers. You might use the ipconfig command during other steps of the

troubleshooting process, but the 1st and the 6th will be the most common. Step 3 (test

the theory to determine cause) might be next on the list, but at this point, you are

usually performing more action, and doing less information gathering and analysis, and

therefore it is less likely (though not improbable) that you would use the ipconfig /all

command at that time. Be sure to memorize the 7-step troubleshooting process for the

exam! I've written out the 7-step process once again for you. Study it! Use it—for the

exam, and for the real world!

The CompTIA 7-step Troubleshooting Process

Step 1. Identify the problem

♦ Gather information

♦ Identify symptoms

♦ Question users

♦ Determine if anything has changed

Step 2. Establish a theory of probable cause

♦ Question the obvious

Step 3. Test the theory to determine cause

♦ Once theory is confirmed, determine next steps to resolve the

problem

♦ If theory is not confirmed, re-establish new theories, or escalate the

problem

Step 4. Establish a plan of action to resolve the problem and identify

potential effects

Memorize it!

Step 5. Implement the solution or escalate as necessary

Step 6. Verify full system functionality and if applicable implement

preventative measures

Step 7. Document findings, actions and outcomes

That wraps up this practice exam. Good luck on your real exam!

That wraps up this practice exam. Good luck on your real exam!

Sincerely,

David L. Prowse

www.davidlprowse.com

Links:







Network+ N10-006 Practice Exam D 2018.pdfNetwork+ N10-006 Practice Exam D Hey everyone! Here’s a...

Documents

Transcript of Network+ N10-006 Practice Exam D 2018.pdfNetwork+ N10-006 Practice Exam D Hey everyone! Here’s a...